From f583f0cf35fc227db5f73ecd04daf7702735b740 Mon Sep 17 00:00:00 2001 From: Samuel Mendoza-Jonas Date: Fri, 15 Feb 2019 10:40:14 +1100 Subject: discover: Recognise and open LUKS encrypted partitions Handle devices encrypted with LUKS and call cryptsetup to open them if a client sends the associated password. If a new device has the "crypto_LUKS" filesystem type it is marked as a LUKS device and sent to clients but further discovery is not performed. Once a client sends the device's password cryptsetup is called to open it. The opened device will appear separately, so the source device is "forgotten" at this point and then the newly opened device is treated as a normal partition. On destruction the device is "closed" with cryptsetup so that discovery can start from the beginning. Signed-off-by: Samuel Mendoza-Jonas --- discover/discover-server.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) (limited to 'discover/discover-server.c') diff --git a/discover/discover-server.c b/discover/discover-server.c index 23d6113..1a332cb 100644 --- a/discover/discover-server.c +++ b/discover/discover-server.c @@ -365,13 +365,29 @@ static int discover_server_handle_auth_message(struct client *client, _("Password updated successfully")); } break; + case AUTH_MSG_DECRYPT: + if (!client->can_modify) { + pb_log("Unauthenticated client tried to open encrypted device %s\n", + auth_msg->decrypt_dev.device_id); + rc = -1; + status->type = STATUS_ERROR; + status->message = talloc_asprintf(status, + _("Must authenticate before opening encrypted device")); + break; + } + + device_handler_open_encrypted_dev(client->server->device_handler, + auth_msg->decrypt_dev.password, + auth_msg->decrypt_dev.device_id); + break; default: pb_log("%s: unknown op\n", __func__); rc = -1; break; } - write_boot_status_message(client->server, client, status); + if (status->message) + write_boot_status_message(client->server, client, status); talloc_free(status); return rc; -- cgit v1.2.1