struct list_item list;
};
+struct crypt_info {
+ struct discover_device *source_device;
+ char *dm_name;
+
+ struct list_item list;
+};
+
struct device_handler {
struct discover_server *server;
int dry_run;
struct plugin_option **plugins;
unsigned int n_plugins;
bool plugin_installing;
+
+ struct list crypt_devices;
};
static int mount_device(struct discover_device *dev);
static int destroy_device(void *arg)
{
struct discover_device *dev = arg;
+ struct process *p;
umount_device(dev);
+ devmapper_destroy_snapshot(dev);
+
+ if (dev->crypt_device) {
+ const char *argv[] = {
+ pb_system_apps.cryptsetup,
+ "luksClose",
+ dev->device->id,
+ NULL
+ };
+
+ p = process_create(dev);
+ p->path = pb_system_apps.cryptsetup;
+ p->argv = argv;
+
+ if (process_run_async(p)) {
+ pb_log("Failed to run cryptsetup\n");
+ return -1;
+ }
+ }
+
return 0;
}
list_init(&handler->unresolved_boot_options);
list_init(&handler->progress);
+ list_init(&handler->crypt_devices);
/* set up our mount point base */
pb_mkdir_recursive(mount_base());
void device_handler_reinit(struct device_handler *handler)
{
struct discover_boot_option *opt, *tmp;
+ struct crypt_info *crypt, *c;
struct ramdisk_device *ramdisk;
struct config *config;
unsigned int i;
discover_server_notify_plugins_remove(handler->server);
+ /* forget encrypted devices */
+ list_for_each_entry_safe(&handler->crypt_devices, crypt, c, list)
+ talloc_free(crypt);
+ list_init(&handler->crypt_devices);
+
set_env_variables(config_get());
/* If the safe mode warning was active disable it now */
device->ramdisk = NULL;
}
+/*
+ * Check if a device name matches the name of an encrypted device that has been
+ * opened. If it matches remove it from the list and remove the original crypt
+ * discover device.
+ */
+bool device_handler_found_crypt_device(struct device_handler *handler,
+ const char *name)
+{
+ struct crypt_info *crypt, *c;
+
+ list_for_each_entry_safe(&handler->crypt_devices, crypt, c, list) {
+ if (!strncmp(crypt->dm_name, name, strlen(crypt->dm_name))) {
+ device_handler_remove(handler, crypt->source_device);
+ list_remove(&crypt->list);
+ talloc_free(crypt);
+ return true;
+ }
+ }
+
+ return false;
+}
+
+static void cryptsetup_cb(struct process *process)
+{
+ struct device_handler *handler = process->data;
+ struct crypt_info *crypt, *c;
+
+ if (process->exit_status == 0)
+ return;
+ device_handler_status_err(handler,
+ _("Failed to open encrypted device %s"),
+ process->argv[2]);
+
+ /*
+ * Failed to open the device; stop tracking it, but don't remove
+ * the source device.
+ */
+ list_for_each_entry_safe(&handler->crypt_devices, crypt, c, list) {
+ if (!strncmp(crypt->dm_name, process->argv[3],
+ strlen(crypt->dm_name))) {
+ list_remove(&crypt->list);
+ talloc_free(crypt);
+ break;
+ }
+ }
+}
+
+void device_handler_open_encrypted_dev(struct device_handler *handler,
+ char *password, char *device_id)
+{
+ struct discover_device *dev;
+ struct crypt_info *crypt;
+ const char *device_path, **argv;
+ struct process *p;
+ char *name;
+ int result;
+
+ dev = device_lookup_by_id(handler, device_id);
+ if (!dev) {
+ pb_log_fn("Can't find device %s\n", device_id);
+ device_handler_status_err(handler,
+ _("Encrypted device %s does not exist"),
+ device_id);
+ return;
+ }
+
+ device_path = dev->device_path;
+ name = talloc_asprintf(handler, "luks_%s", device_id);
+
+ p = process_create(handler);
+ /* talloc argv under the process so we can access it in cryptsetup_cb */
+ argv = talloc_zero_array(p, const char *, 6);
+ argv[0] = talloc_strdup(argv, pb_system_apps.cryptsetup);
+ argv[1] = talloc_asprintf(argv, "luksOpen");
+ argv[2] = talloc_strdup(argv, device_path);
+ argv[3] = talloc_strdup(argv, name);
+ argv[4] = talloc_asprintf(argv, "-");
+ argv[5] = NULL;
+
+ p->path = pb_system_apps.cryptsetup;
+ p->argv = (const char **)argv;
+ p->exit_cb = cryptsetup_cb;
+ p->data = handler;
+ p->keep_stdout = true;
+ p->pipe_stdin = talloc_asprintf(p, "%s\n", password);
+
+ result = process_run_async(p);
+ if (result) {
+ pb_log("Failed to run cryptsetup\n");
+ return;
+ }
+
+ crypt = talloc(handler, struct crypt_info);
+ crypt->source_device = dev;
+ crypt->dm_name = name;
+ talloc_steal(crypt, name);
+ list_add(&handler->crypt_devices, &crypt->list);
+}
+
+void device_handler_add_encrypted_dev(struct device_handler *handler,
+ struct discover_device *dev)
+{
+ system_info_register_blockdev(dev->device->id, dev->uuid, "");
+ discover_server_notify_device_add(handler->server,
+ dev->device);
+ dev->notified = true;
+ if (!device_lookup_by_uuid(handler, dev->uuid))
+ device_handler_add_device(handler, dev);
+}
+
/* Start discovery on a hotplugged device. The device will be in our devices
* array, but has only just been initialised by the hotplug source.
*/
return -1;
dev->mounted = false;
- devmapper_destroy_snapshot(dev);
pb_rmdir_recursive(mount_base(), dev->mount_path);
"swap",
NULL,
};
- bool cdrom, usb;
+ bool cdrom, usb, luks = false;
typestr = udev_device_get_devtype(dev);
if (!typestr) {
}
}
- /* Ignore any device mapper devices that aren't logical volumes */
+ /*
+ * Ignore any device mapper devices that aren't logical volumes or
+ * opened encrypted devices
+ */
devname = udev_device_get_property_value(dev, "DM_NAME");
- if (devname && ! udev_device_get_property_value(dev, "DM_LV_NAME")) {
- pb_debug("SKIP: dm-device %s\n", devname);
- return 0;
+ if (devname) {
+ if (device_handler_found_crypt_device(udev->handler, devname)) {
+ luks = true;
+ } else if (!udev_device_get_property_value(dev, "DM_LV_NAME")) {
+ pb_debug("SKIP: dm-device %s\n", devname);
+ return 0;
+ }
}
type = udev_device_get_property_value(dev, "ID_FS_TYPE");
usb = !!udev_device_get_property_value(dev, "ID_USB_DRIVER");
if (cdrom)
ddev->device->type = DEVICE_TYPE_OPTICAL;
+ else if (strncmp(type, "crypto_LUKS", strlen("crypto_LUKS")) == 0)
+ ddev->device->type = DEVICE_TYPE_LUKS;
else
ddev->device->type = usb ? DEVICE_TYPE_USB : DEVICE_TYPE_DISK;
udev_setup_device_params(dev, ddev);
+ /*
+ * Don't perform discovery on encrypted devices, just register and
+ * notify clients.
+ */
+ if (ddev->device->type == DEVICE_TYPE_LUKS) {
+ pb_log("Notifying clients about encrypted device %s\n",
+ name);
+ device_handler_add_encrypted_dev(udev->handler, ddev);
+ return 0;
+ }
+
/* Create a snapshot for all disk devices */
if ((ddev->device->type == DEVICE_TYPE_DISK ||
ddev->device->type == DEVICE_TYPE_USB))
devmapper_init_snapshot(udev->handler, ddev);
+ /* Note if this is an opened LUKS device */
+ ddev->crypt_device = luks;
+
device_handler_discover(udev->handler, ddev);
return 0;
projects / petitboot / commitdiff