diff options
author | Samuel Mendoza-Jonas <sam@mendozajonas.com> | 2019-02-15 10:40:56 +1100 |
---|---|---|
committer | Samuel Mendoza-Jonas <sam@mendozajonas.com> | 2019-03-26 16:46:38 +1100 |
commit | 1ad18bf128c4edfae76adaffd9c7801355f29b91 (patch) | |
tree | 40808aac6ec04d42c62eb445f99c286372a29b06 /ui/common | |
parent | f583f0cf35fc227db5f73ecd04daf7702735b740 (diff) | |
download | talos-petitboot-1ad18bf128c4edfae76adaffd9c7801355f29b91.tar.gz talos-petitboot-1ad18bf128c4edfae76adaffd9c7801355f29b91.zip |
ui/ncurses: Add prompt for LUKS device password
Implement device_add() in cui_client_ops and use this interface to
recognise when the server notifies the client of an encrypted device. A
"device header" will be created for this device and added to the menu
with no associated boot options.
The nc-auth prompt is extended to ask for a disk password when the device
header for an encrypted device is selected.
Assuming the password is correct pb-discover will remove the original
device and notify the client about the newly opened device, which will
be reflected in the menu.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Diffstat (limited to 'ui/common')
-rw-r--r-- | ui/common/discover-client.c | 25 | ||||
-rw-r--r-- | ui/common/discover-client.h | 3 |
2 files changed, 28 insertions, 0 deletions
diff --git a/ui/common/discover-client.c b/ui/common/discover-client.c index e7dfb83..6dda2d3 100644 --- a/ui/common/discover-client.c +++ b/ui/common/discover-client.c @@ -552,3 +552,28 @@ int discover_client_send_set_password(struct discover_client *client, pb_log("sending auth message..\n"); return pb_protocol_write_message(client->fd, message); } + +int discover_client_send_open_luks_device(struct discover_client *client, + char *password, char *device_id) +{ + struct pb_protocol_message *message; + struct auth_message auth_msg; + int len; + + auth_msg.op = AUTH_MSG_DECRYPT; + auth_msg.decrypt_dev.password = password; + auth_msg.decrypt_dev.device_id = device_id; + + len = pb_protocol_authenticate_len(&auth_msg); + + message = pb_protocol_create_message(client, + PB_PROTOCOL_ACTION_AUTHENTICATE, len); + if (!message) + return -1; + + pb_log("serialising auth message..\n"); + pb_protocol_serialise_authenticate(&auth_msg, message->payload, len); + + pb_log("sending auth message..\n"); + return pb_protocol_write_message(client->fd, message); +} diff --git a/ui/common/discover-client.h b/ui/common/discover-client.h index 9b56dcb..183d193 100644 --- a/ui/common/discover-client.h +++ b/ui/common/discover-client.h @@ -113,6 +113,9 @@ int discover_client_send_authenticate(struct discover_client *client, /* Set a new system password, authenticating with the current password */ int discover_client_send_set_password(struct discover_client *client, char *password, char *new_password); +/* Send a password to open an encrypted device */ +int discover_client_send_open_luks_device(struct discover_client *client, + char *password, char *device_id); /* send a temporary autoboot override */ int discover_client_send_temp_autoboot(struct discover_client *client, |