cli-tests: add helper functions to get protector descriptors

diff --git a/cli-tests/common.sh b/cli-tests/common.sh
index 0ace2b9150a386596f70b24a973d32603c46d5ab..1d7b17b2e9e9f49787857da8f07bb9e0c3dc9588 100644 (file)
--- a/cli-tests/common.sh
+++ b/cli-tests/common.sh
@@ -72,6 +72,40 @@ _get_enabled_fs_count()
        echo "$count"
 }
 
+# Gets the descriptor of the given protector.
+_get_protector_descriptor()
+{
+       local mnt=$1
+       local source=$2
+
+       case $source in
+       custom)
+               local name=$3
+               local description="custom protector \\\"$name\\\""
+               ;;
+       login)
+               local user=$3
+               local description="login protector for $user"
+               ;;
+       *)
+               _fail "Unknown protector source $source"
+       esac
+
+       local descriptor
+       descriptor=$(fscrypt status "$mnt" |
+                    awk -F '   *' '{ if ($3 == "'"$description"'") print $1 }')
+       if [ -z "$descriptor" ]; then
+               _fail "Can't find $description on $mnt"
+       fi
+       echo "$descriptor"
+}
+
+# Gets the descriptor of the login protector for $TEST_USER.
+_get_login_descriptor()
+{
+       _get_protector_descriptor "$MNT_ROOT" login "$TEST_USER"
+}
+
 # Prints the number of filesystems that have fscrypt metadata.
 _get_setup_fs_count()
 {

diff --git a/cli-tests/t_change_passphrase.sh b/cli-tests/t_change_passphrase.sh
index 204512d17fdb1c3c465200b574d53e4bcfb73392..1360bc2bbc2393280c47bf4ab24c44c498e15771 100755 (executable)
--- a/cli-tests/t_change_passphrase.sh
+++ b/cli-tests/t_change_passphrase.sh
@@ -14,7 +14,7 @@ echo pass1 | fscrypt encrypt --quiet --name=prot --skip-unlock "$dir"
 _print_header "Try to unlock with wrong passphrase"
 _expect_failure "echo pass2 | fscrypt unlock --quiet '$dir'"
 _expect_failure "mkdir '$dir/subdir'"
-protector=$(fscrypt status "$dir" | awk '/custom protector/{print $1}')
+protector=$(_get_protector_descriptor "$dir" custom prot)
 
 _print_header "Change passphrase"
 echo $'pass1\npass2' | \

diff --git a/cli-tests/t_encrypt_login.sh b/cli-tests/t_encrypt_login.sh
index e03122dc57c7b4b0b584fc756148ded6d40e3952..c42fec77736239e4a06fbbe02fd44a41314cc8be 100755 (executable)
--- a/cli-tests/t_encrypt_login.sh
+++ b/cli-tests/t_encrypt_login.sh
@@ -27,18 +27,13 @@ show_status()
        fi
 }
 
-get_login_protector()
-{
-       fscrypt status "$dir" | awk '/login protector/{print $1}'
-}
-
 begin "Encrypt with login protector"
 chown "$TEST_USER" "$dir"
 _user_do "echo TEST_USER_PASS | fscrypt encrypt --quiet --source=pam_passphrase '$dir'"
 show_status true
 recovery_passphrase=$(grep -E '^ +[a-z]{20}$' "$dir/fscrypt_recovery_readme.txt" | sed 's/^ +//')
-recovery_protector=$(fscrypt status "$dir" | awk '/Recovery passphrase/{print $1}')
-login_protector=$(get_login_protector)
+recovery_protector=$(_get_protector_descriptor "$MNT" custom 'Recovery passphrase for dir')
+login_protector=$(_get_login_descriptor)
 _print_header "=> Lock, then unlock with login passphrase"
 _user_do "fscrypt lock '$dir'"
 # FIXME: should we be able to use $MNT:$login_protector here?
@@ -63,7 +58,7 @@ begin "Encrypt with login protector as root"
 echo TEST_USER_PASS | fscrypt encrypt --quiet --source=pam_passphrase --user="$TEST_USER" "$dir"
 show_status true
 # The newly-created login protector should be owned by the user, not root.
-login_protector=$(get_login_protector)
+login_protector=$(_get_login_descriptor)
 owner=$(stat -c "%U:%G" "$MNT_ROOT/.fscrypt/protectors/$login_protector")
 echo -e "\nProtector is owned by $owner"