[PATCH] hald+LUKS v3
W. Michael Petullo
mike at flyn.org
Tue Mar 1 21:33:25 PST 2005
Attached you should find a more patch to add LUKS[1] support to hald.
This patch differs from v2 in that it is against the CVS code as of
03/01/05.
This should eventually provide an easy means to mount encrypted
filesystems. Currently, hald only detects that a disk contains a LUKS
header and sets some relevant parameters.
The previous patch only enabled hald to recognize a partition encrypted
using LUKS. This patch adds the detection of a dm-crypt device and the
proper identification of its filesystem. This is based on the work
David Z. did for a previous version of hald. This special code is
required because the kernel does not quite consider a dm-crypt device
as a first-class citizen in sysfs.
Here is a rough example of the using this code with a USB disk:
1. Format the usb disk to contain an encrypted filesystem using LUKS.
2. Attach the disk to the computer running hald.
3. Hald should identify the disk as a LUKS disk. One may confirm this
with "lshal | grep LUKS."
4. Use the sesame-setup tool I am working on to create a dm-crypt
plaintext device node for the device: "sesame-setup /dev/sda1."
5. Hald should identify the plaintext device node. One may confirm
this with "lshal | grep dm."
Step 4 will be performed automatically in a GNOME session once
gnome-volume-manager is modified to recognize these volumes and prompt
for a passphrase.
Thanks.
--
Mike
:wq
-------------- next part --------------
diff -u --recursive --new-file hal-cvs-vanilla/ChangeLog hal-cvs/ChangeLog
--- hal-cvs-vanilla/ChangeLog 2005-02-28 14:56:50.000000000 -0600
+++ hal-cvs/ChangeLog 2005-03-01 21:50:18.000000000 -0600
@@ -1,3 +1,21 @@
+2005-03-01 W. Michael Petullo <mike at flyn.org>
+
+ * hald/linux2/blockdev.c: Add ability to identify volumes in
+ /dev/mapper as the counterpart to a LUKS+encrypted device.
+
+ * volume_id/luks.c: (volume_id_probe_luks) Use new
+ UUID_DCE_UNPARSED format for volume_id_set_uuid call.
+
+ volume_id/util.c: (volume_id_set_uuid) Add UUID_DCE_UNPARSED
+ format.
+
+ volume_id/util.h: Add UUID_DCE_UNPARSED format.
+
+ volume_id/volume_id.c: Only #include "luks.h" once.
+
+ volume_id/Makefile.am: Add support for volumes encrypted using
+ LUKS.
+
2005-02-28 David Zeuthen <davidz at redhat.com>
* hald/linux2/ids.c: Added TOS6200, TOS6202, TOS6207 entries from
diff -u --recursive --new-file hal-cvs-vanilla/hald/linux2/blockdev.c hal-cvs/hald/linux2/blockdev.c
--- hal-cvs-vanilla/hald/linux2/blockdev.c 2005-02-28 13:43:29.000000000 -0600
+++ hal-cvs/hald/linux2/blockdev.c 2005-03-01 21:30:24.000000000 -0600
@@ -41,6 +41,7 @@
#include <unistd.h>
#include <ctype.h>
#include <unistd.h>
+#include <linux/kdev_t.h>
#include <limits.h>
#include <errno.h>
@@ -432,6 +433,87 @@
;
}
+const gchar *blockdev_get_luks_uuid(const gchar *device_file)
+{
+ const gchar *luks_uuid = NULL;
+ unsigned int major;
+ unsigned int minor;
+ const char *last_elem;
+
+ HAL_INFO (("get_luks_uuid: device_file=%s", device_file));
+
+ major = 253; /* FIXME: replace by devmapper constant */
+ last_elem = hal_util_get_last_element (device_file);
+ if (sscanf (last_elem, "dm-%d", &minor) == 1) {
+ GDir *dir;
+ HAL_INFO (("path=%s is a device mapper dev, major/minor=%d/%d", device_file, major, minor));
+ /* Ugly hack to see if we're a LUKS crypto device; should
+ * be replaced by some ioctl or libdevmapper stuff by where
+ * we can ask about the name for /dev/dm-0; as e.g. given by
+ * 'dmsetup info'
+ *
+ * Our assumption is that sesame-setup have invoked
+ * dmsetup; e.g. the naming convention is
+ *
+ * sesame_crypto_<luks_uuid>
+ *
+ * where <luks_uuid> is the UUID encoded in the luks
+ * metadata.
+ */
+ /* Ugly sleep of 0.5s here as well to allow dmsetup to do the mknod */
+ usleep (1000 * 1000 * 5 / 10);
+ if ((dir = g_dir_open ("/dev/mapper", 0, NULL)) != NULL) {
+ const gchar *f;
+ char devpath[256];
+ struct stat statbuf;
+ while ((f = g_dir_read_name (dir)) != NULL) {
+ char sesame_prefix[] = "sesame_crypto_";
+ HAL_INFO (("looking at /dev/mapper/%s", f));
+ g_snprintf (devpath, sizeof (devpath), "/dev/mapper/%s", f);
+ if (stat (devpath, &statbuf) == 0) {
+ if (S_ISBLK (statbuf.st_mode) &&
+ MAJOR(statbuf.st_rdev) == major &&
+ MINOR(statbuf.st_rdev) == minor &&
+ strncmp (f, sesame_prefix, sizeof (sesame_prefix) - 1) == 0) {
+ luks_uuid = f + sizeof (sesame_prefix) - 1;
+ HAL_INFO (("found %s; luks_uuid='%s'!", devpath, luks_uuid));
+ break;
+ }
+ }
+ }
+ g_dir_close (dir);
+ }
+ }
+ return luks_uuid;
+}
+
+HalDevice *blockdev_get_luks_parent(const gchar *luks_uuid, HalDevice *device)
+{
+ HalDevice *parent = NULL;
+ HalDevice *backing_volume;
+
+ HAL_INFO (("get_luks_parent: luks_uuid=%s device=0x%08x",
+ luks_uuid, device));
+
+ backing_volume = hal_device_store_match_key_value_string (hald_get_gdl (),
+ "volume.uuid",
+ /* FIXME: was "volume.crypto_sesame.uuid", */
+ luks_uuid);
+ if (backing_volume != NULL) {
+ const char *backing_volume_stordev_udi;
+ HAL_INFO (("backing_volume udi='%s'!", backing_volume->udi));
+ backing_volume_stordev_udi = hal_device_property_get_string (backing_volume, "block.storage_device");
+ if (backing_volume_stordev_udi != NULL) {
+ HAL_INFO (("backing_volume_stordev_udi='%s'!", backing_volume_stordev_udi));
+ parent = hal_device_store_find (hald_get_gdl (), backing_volume_stordev_udi);
+ if (parent != NULL) {
+ HAL_INFO (("parent='%s'!", parent->udi));
+ hal_device_property_set_string (device, "volume.crypto_sesame.clear.backing_volume", backing_volume->udi);
+ }
+ }
+ }
+ return parent;
+}
void
hotplug_event_begin_add_blockdev (const gchar *sysfs_path, const gchar *device_file, gboolean is_partition,
@@ -470,6 +552,8 @@
goto out;
}
+ d = hal_device_new ();
+
/* lip service for PC floppy drives */
if (parent == NULL && sscanf (hal_util_get_last_element (sysfs_path), "fd%d", &floppy_num) == 1) {
;
@@ -477,7 +561,17 @@
floppy_num = -1;
if (parent == NULL) {
+ const gchar *luks_uuid = blockdev_get_luks_uuid(device_file);
+ if (luks_uuid != NULL) {
+ is_partition = TRUE;
+ parent = blockdev_get_luks_parent(luks_uuid, d);
+ }
+ }
+
+ if (parent == NULL) {
HAL_INFO (("Ignoring hotplug event - no parent"));
+ hal_device_store_remove (hald_get_tdl (), d);
+ d = NULL;
goto error;
}
@@ -488,8 +582,6 @@
}
}
-
- d = hal_device_new ();
hal_device_property_set_string (d, "linux.sysfs_path", sysfs_path);
hal_device_property_set_string (d, "linux.sysfs_path_device", sysfs_path);
if (parent != NULL)
Binary files hal-cvs-vanilla/po/da.gmo and hal-cvs/po/da.gmo differ
Binary files hal-cvs-vanilla/po/de.gmo and hal-cvs/po/de.gmo differ
Binary files hal-cvs-vanilla/po/fr.gmo and hal-cvs/po/fr.gmo differ
Binary files hal-cvs-vanilla/po/hu.gmo and hal-cvs/po/hu.gmo differ
Binary files hal-cvs-vanilla/po/it.gmo and hal-cvs/po/it.gmo differ
Binary files hal-cvs-vanilla/po/nl.gmo and hal-cvs/po/nl.gmo differ
Binary files hal-cvs-vanilla/po/pt.gmo and hal-cvs/po/pt.gmo differ
Binary files hal-cvs-vanilla/po/ru.gmo and hal-cvs/po/ru.gmo differ
diff -u --recursive --new-file hal-cvs-vanilla/volume_id/luks.c hal-cvs/volume_id/luks.c
--- hal-cvs-vanilla/volume_id/luks.c 2005-02-25 11:21:48.000000000 -0600
+++ hal-cvs/volume_id/luks.c 2005-03-01 21:41:19.000000000 -0600
@@ -40,6 +40,10 @@
#include "logging.h"
#include "luks.h"
+/* FIXME: this contains a lot of copy and pasted code. One alternative
+ * would be to fork/exec cryptsetup isLuks and cryptsetup luksUUID. Another
+ * would be to write a LUKS library */
+
/* from cryptsetup-luks internal.h */
#define SECTOR_SHIFT 9
#define SECTOR_SIZE (1 << SECTOR_SHIFT)
@@ -64,6 +68,8 @@
int volume_id_probe_luks(struct volume_id *id, __u64 off)
{
+ int i;
+
/* from cryptsetup-luks luks.h */
struct luks_phdr {
char magic[LUKS_MAGIC_L];
@@ -99,7 +105,8 @@
return -1;
volume_id_set_usage(id, VOLUME_ID_CRYPTO);
- volume_id_set_uuid(id, header->uuid, UUID_DCE);
+ volume_id_set_uuid(id, header->uuid, UUID_DCE_UNPARSED);
+
id->type = "crypto_LUKS";
return 0;
diff -u --recursive --new-file hal-cvs-vanilla/volume_id/Makefile.am hal-cvs/volume_id/Makefile.am
--- hal-cvs-vanilla/volume_id/Makefile.am 2005-02-16 16:40:47.000000000 -0600
+++ hal-cvs/volume_id/Makefile.am 2005-03-01 11:42:11.000000000 -0600
@@ -14,6 +14,7 @@
linux_raid.h linux_raid.c \
linux_swap.h linux_swap.c \
lvm.h lvm.c \
+ luks.h luks.c \
luks.h luks.c \
mac.h mac.c \
msdos.h msdos.c \
diff -u --recursive --new-file hal-cvs-vanilla/volume_id/util.c hal-cvs/volume_id/util.c
--- hal-cvs-vanilla/volume_id/util.c 2005-02-16 14:16:55.000000000 -0600
+++ hal-cvs/volume_id/util.c 2005-03-01 11:43:37.000000000 -0600
@@ -138,6 +138,10 @@
break;
case UUID_DCE:
count = 16;
+ break;
+ case UUID_DCE_UNPARSED:
+ count = 36;
+ break;
}
memcpy(id->uuid_raw, buf, count);
@@ -172,6 +176,10 @@
buf[8], buf[9],
buf[10], buf[11], buf[12], buf[13], buf[14],buf[15]);
break;
+ case UUID_DCE_UNPARSED:
+ memcpy(id->uuid, buf, count);
+ id->uuid[count] = 0x00;
+ break;
}
}
diff -u --recursive --new-file hal-cvs-vanilla/volume_id/util.h hal-cvs/volume_id/util.h
--- hal-cvs-vanilla/volume_id/util.h 2005-02-16 16:40:47.000000000 -0600
+++ hal-cvs/volume_id/util.h 2005-03-01 11:46:42.000000000 -0600
@@ -71,6 +71,7 @@
#endif
enum uuid_format {
+ UUID_DCE_UNPARSED,
UUID_DCE,
UUID_DOS,
UUID_NTFS,
diff -u --recursive --new-file hal-cvs-vanilla/volume_id/volume_id.c hal-cvs/volume_id/volume_id.c
--- hal-cvs-vanilla/volume_id/volume_id.c 2005-02-25 11:21:48.000000000 -0600
+++ hal-cvs/volume_id/volume_id.c 2005-03-01 21:49:53.000000000 -0600
@@ -51,8 +51,8 @@
#include "ntfs.h"
#include "iso9660.h"
#include "udf.h"
-#include "luks.h"
#include "highpoint.h"
+#include "luks.h"
#include "linux_swap.h"
#include "linux_raid.h"
#include "lvm.h"
@@ -60,7 +60,6 @@
#include "hpfs.h"
#include "romfs.h"
#include "sysv.h"
-#include "luks.h"
#include "mac.h"
#include "msdos.h"
-------------- next part --------------
_______________________________________________
hal mailing list
hal at lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/hal
More information about the Hal
mailing list