diff options
author | Samuel Mendoza-Jonas <sam@mendozajonas.com> | 2019-02-15 10:40:14 +1100 |
---|---|---|
committer | Samuel Mendoza-Jonas <sam@mendozajonas.com> | 2019-03-26 16:46:38 +1100 |
commit | f583f0cf35fc227db5f73ecd04daf7702735b740 (patch) | |
tree | a53121f28618766c0b79dc322897bb08f695fada /discover/discover-server.c | |
parent | 5f8fa2c151b8f0e568dc4015b7d307250b354a04 (diff) | |
download | talos-petitboot-f583f0cf35fc227db5f73ecd04daf7702735b740.tar.gz talos-petitboot-f583f0cf35fc227db5f73ecd04daf7702735b740.zip |
discover: Recognise and open LUKS encrypted partitions
Handle devices encrypted with LUKS and call cryptsetup to open them if a
client sends the associated password.
If a new device has the "crypto_LUKS" filesystem type it is marked as a
LUKS device and sent to clients but further discovery is not performed.
Once a client sends the device's password cryptsetup is called to open
it. The opened device will appear separately, so the source device is
"forgotten" at this point and then the newly opened device is treated as
a normal partition. On destruction the device is "closed" with
cryptsetup so that discovery can start from the beginning.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Diffstat (limited to 'discover/discover-server.c')
-rw-r--r-- | discover/discover-server.c | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/discover/discover-server.c b/discover/discover-server.c index 23d6113..1a332cb 100644 --- a/discover/discover-server.c +++ b/discover/discover-server.c @@ -365,13 +365,29 @@ static int discover_server_handle_auth_message(struct client *client, _("Password updated successfully")); } break; + case AUTH_MSG_DECRYPT: + if (!client->can_modify) { + pb_log("Unauthenticated client tried to open encrypted device %s\n", + auth_msg->decrypt_dev.device_id); + rc = -1; + status->type = STATUS_ERROR; + status->message = talloc_asprintf(status, + _("Must authenticate before opening encrypted device")); + break; + } + + device_handler_open_encrypted_dev(client->server->device_handler, + auth_msg->decrypt_dev.password, + auth_msg->decrypt_dev.device_id); + break; default: pb_log("%s: unknown op\n", __func__); rc = -1; break; } - write_boot_status_message(client->server, client, status); + if (status->message) + write_boot_status_message(client->server, client, status); talloc_free(status); return rc; |