From da7cf3670fe60301beeb175ff6c284b737d5b7f4 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Tue, 23 Jun 2009 15:53:21 +0100
Subject: [PATCH] Added 'scrub-*' commands for securely scrubbing filesystems.

---
 appliance/packagelist.in |   1 +
 daemon/Makefile.am       |   1 +
 daemon/scrub.c           | 114 +++++++++++++++++++++++++++++++++++++++++++++++
 src/generator.ml         |  42 ++++++++++++++++-
 4 files changed, 157 insertions(+), 1 deletion(-)
 create mode 100644 daemon/scrub.c

diff --git a/appliance/packagelist.in b/appliance/packagelist.in
index 68270f0..1d1f63a 100644
--- a/appliance/packagelist.in
+++ b/appliance/packagelist.in
@@ -24,6 +24,7 @@ net-tools
 ntfs-3g
 ntfsprogs
 procps
+scrub
 strace
 util-linux-ng
 zerofree
diff --git a/daemon/Makefile.am b/daemon/Makefile.am
index 7ef2a6b..c84a563 100644
--- a/daemon/Makefile.am
+++ b/daemon/Makefile.am
@@ -46,6 +46,7 @@ guestfsd_SOURCES = \
 	ntfs.c \
 	pingdaemon.c \
 	proto.c \
+	scrub.c \
 	sfdisk.c \
 	sleep.c \
 	stat.c \
diff --git a/daemon/scrub.c b/daemon/scrub.c
new file mode 100644
index 0000000..9b6d49d
--- /dev/null
+++ b/daemon/scrub.c
@@ -0,0 +1,114 @@
+/* libguestfs - the guestfsd daemon
+ * Copyright (C) 2009 Red Hat Inc. 
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include <config.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <fcntl.h>
+#include <unistd.h>
+
+#include "daemon.h"
+#include "actions.h"
+
+int
+do_scrub_device (char *device)
+{
+  char *err;
+  int r;
+
+  IS_DEVICE (device, -1);
+
+  r = command (NULL, &err, "scrub", device, NULL);
+  if (r == -1) {
+    reply_with_error ("scrub_device: %s: %s", device, err);
+    free (err);
+    return -1;
+  }
+
+  free (err);
+
+  return 0;
+}
+
+int
+do_scrub_file (char *file)
+{
+  char *buf;
+  int len;
+  char *err;
+  int r;
+
+  NEED_ROOT (-1);
+  ABS_PATH (file, -1);
+
+  /* Make the path relative to /sysroot. */
+  len = strlen (file) + 9;
+  buf = malloc (len);
+  if (!buf) {
+    reply_with_perror ("malloc");
+    return -1;
+  }
+  snprintf (buf, len, "/sysroot%s", file);
+
+  r = command (NULL, &err, "scrub", "-r", buf, NULL);
+  free (buf);
+  if (r == -1) {
+    reply_with_error ("scrub_file: %s: %s", file, err);
+    free (err);
+    return -1;
+  }
+
+  free (err);
+
+  return 0;
+}
+
+int
+do_scrub_freespace (char *dir)
+{
+  char *buf;
+  int len;
+  char *err;
+  int r;
+
+  NEED_ROOT (-1);
+  ABS_PATH (dir, -1);
+
+  /* Make the path relative to /sysroot. */
+  len = strlen (dir) + 9;
+  buf = malloc (len);
+  if (!buf) {
+    reply_with_perror ("malloc");
+    return -1;
+  }
+  snprintf (buf, len, "/sysroot%s", dir);
+
+  r = command (NULL, &err, "scrub", "-X", buf, NULL);
+  free (buf);
+  if (r == -1) {
+    reply_with_error ("scrub_freespace: %s: %s", dir, err);
+    free (err);
+    return -1;
+  }
+
+  free (err);
+
+  return 0;
+}
diff --git a/src/generator.ml b/src/generator.ml
index f8e3934..f1a9a45 100755
--- a/src/generator.ml
+++ b/src/generator.ml
@@ -1982,7 +1982,9 @@ This command writes zeroes over the first few blocks of C<device>.
 
 How many blocks are zeroed isn't specified (but it's I<not> enough
 to securely wipe the device).  It should be sufficient to remove
-any partition tables, filesystem superblocks and so on.");
+any partition tables, filesystem superblocks and so on.
+
+See also: C<guestfs_scrub_device>.");
 
   ("grub_install", (RErr, [String "root"; String "device"]), 86, [],
    [InitBasicFS, Always, TestOutputTrue (
@@ -2402,6 +2404,44 @@ It is just a wrapper around the C L<glob(3)> function
 with flags C<GLOB_MARK|GLOB_BRACE>.
 See that manual page for more details.");
 
+  ("scrub_device", (RErr, [String "device"]), 114, [DangerWillRobinson],
+   [InitNone, Always, TestRun (	(* use /dev/sdc because it's smaller *)
+      [["scrub_device"; "/dev/sdc"]])],
+   "scrub (securely wipe) a device",
+   "\
+This command writes patterns over C<device> to make data retrieval
+more difficult.
+
+It is an interface to the L<scrub(1)> program.  See that
+manual page for more details.");
+
+  ("scrub_file", (RErr, [String "file"]), 115, [],
+   [InitBasicFS, Always, TestRun (
+      [["write_file"; "/file"; "content"; "0"];
+       ["scrub_file"; "/file"]])],
+   "scrub (securely wipe) a file",
+   "\
+This command writes patterns over a file to make data retrieval
+more difficult.
+
+The file is I<removed> after scrubbing.
+
+It is an interface to the L<scrub(1)> program.  See that
+manual page for more details.");
+
+  ("scrub_freespace", (RErr, [String "dir"]), 116, [],
+   [], (* XXX needs testing *)
+   "scrub (securely wipe) free space",
+   "\
+This command creates the directory C<dir> and then fills it
+with files until the filesystem is full, and scrubs the files
+as for C<guestfs_scrub_file>, and deletes them.
+The intention is to scrub any free space on the partition
+containing C<dir>.
+
+It is an interface to the L<scrub(1)> program.  See that
+manual page for more details.");
+
 ]
 
 let all_functions = non_daemon_functions @ daemon_functions
-- 
1.8.3.1