diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 16:14:06 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 16:14:06 +0000 |
commit | eee068778cb28ecf3c14e1bf843a95547d72c42d (patch) | |
tree | 0e07b30ddc5ea579d682d5dbe57998200d1c9ab7 /g13/mount.c | |
parent | Initial commit. (diff) | |
download | gnupg2-eee068778cb28ecf3c14e1bf843a95547d72c42d.tar.xz gnupg2-eee068778cb28ecf3c14e1bf843a95547d72c42d.zip |
Adding upstream version 2.2.40.upstream/2.2.40upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r-- | g13/mount.c | 265 |
1 files changed, 265 insertions, 0 deletions
diff --git a/g13/mount.c b/g13/mount.c new file mode 100644 index 0000000..45b6080 --- /dev/null +++ b/g13/mount.c @@ -0,0 +1,265 @@ +/* mount.c - Mount a crypto container + * Copyright (C) 2009 Free Software Foundation, Inc. + * + * This file is part of GnuPG. + * + * GnuPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuPG is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see <https://www.gnu.org/licenses/>. + */ + +#include <config.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <errno.h> +#include <unistd.h> +#include <sys/stat.h> +#include <assert.h> + +#include "g13.h" +#include "../common/i18n.h" +#include "mount.h" + +#include "keyblob.h" +#include "backend.h" +#include "g13tuple.h" +#include "mountinfo.h" +#include "runner.h" +#include "../common/host2net.h" +#include "server.h" /*(g13_keyblob_decrypt)*/ +#include "../common/sysutils.h" +#include "call-syshelp.h" + + +/* Mount the container with name FILENAME at MOUNTPOINT. */ +gpg_error_t +g13_mount_container (ctrl_t ctrl, const char *filename, const char *mountpoint) +{ + gpg_error_t err; + dotlock_t lock; + int needs_syshelp = 0; + void *enckeyblob = NULL; + size_t enckeybloblen; + void *keyblob = NULL; + size_t keybloblen; + tupledesc_t tuples = NULL; + size_t n; + const unsigned char *value; + int conttype; + unsigned int rid; + char *mountpoint_buffer = NULL; + char *blockdev_buffer = NULL; + + /* Decide whether we need to use the g13-syshelp. */ + err = call_syshelp_find_device (ctrl, filename, &blockdev_buffer); + if (!err) + { + needs_syshelp = 1; + filename = blockdev_buffer; + } + else if (gpg_err_code (err) != GPG_ERR_NOT_FOUND) + { + log_error ("error finding device '%s': %s <%s>\n", + filename, gpg_strerror (err), gpg_strsource (err)); + return err; + } + else + { + /* A quick check to see whether we can the container exists. */ + if (gnupg_access (filename, R_OK)) + return gpg_error_from_syserror (); + } + + if (!mountpoint) + { + mountpoint_buffer = xtrystrdup ("/tmp/g13-XXXXXX"); + if (!mountpoint_buffer) + return gpg_error_from_syserror (); + if (!gnupg_mkdtemp (mountpoint_buffer)) + { + err = gpg_error_from_syserror (); + log_error (_("can't create directory '%s': %s\n"), + "/tmp/g13-XXXXXX", gpg_strerror (err)); + xfree (mountpoint_buffer); + return err; + } + mountpoint = mountpoint_buffer; + } + + err = 0; + if (needs_syshelp) + lock = NULL; + else + { + /* Try to take a lock. */ + lock = dotlock_create (filename, 0); + if (!lock) + { + xfree (mountpoint_buffer); + return gpg_error_from_syserror (); + } + + if (dotlock_take (lock, 0)) + { + err = gpg_error_from_syserror (); + goto leave; + } + } + + /* Check again that the file exists. */ + if (!needs_syshelp) + { + struct stat sb; + + if (gnupg_stat (filename, &sb)) + { + err = gpg_error_from_syserror (); + goto leave; + } + } + + /* Read the encrypted keyblob. */ + if (needs_syshelp) + { + err = call_syshelp_set_device (ctrl, filename); + if (err) + goto leave; + err = call_syshelp_get_keyblob (ctrl, &enckeyblob, &enckeybloblen); + } + else + err = g13_keyblob_read (filename, &enckeyblob, &enckeybloblen); + if (err) + goto leave; + + /* Decrypt that keyblob and store it in a tuple descriptor. */ + err = g13_keyblob_decrypt (ctrl, enckeyblob, enckeybloblen, + &keyblob, &keybloblen); + if (err) + goto leave; + xfree (enckeyblob); + enckeyblob = NULL; + + err = create_tupledesc (&tuples, keyblob, keybloblen); + if (!err) + keyblob = NULL; + else + { + if (gpg_err_code (err) == GPG_ERR_NOT_SUPPORTED) + log_error ("unknown keyblob version\n"); + goto leave; + } + if (opt.verbose) + dump_tupledesc (tuples); + + value = find_tuple (tuples, KEYBLOB_TAG_CONTTYPE, &n); + if (!value || n != 2) + conttype = 0; + else + conttype = (value[0] << 8 | value[1]); + if (!be_is_supported_conttype (conttype)) + { + log_error ("content type %d is not supported\n", conttype); + err = gpg_error (GPG_ERR_NOT_SUPPORTED); + goto leave; + } + err = be_mount_container (ctrl, conttype, filename, mountpoint, tuples, &rid); + if (err) + ; + else if (conttype == CONTTYPE_DM_CRYPT) + g13_request_shutdown (); + else + { + /* Unless this is a DM-CRYPT mount we put it into our mounttable + so that we can manage the mounts ourselves. For dm-crypt we + do not keep a process to monitor he mounts (for now). */ + err = mountinfo_add_mount (filename, mountpoint, conttype, rid, + !!mountpoint_buffer); + /* Fixme: What shall we do if this fails? Add a provisional + mountinfo entry first and remove it on error? */ + if (!err) + { + char *tmp = percent_plus_escape (mountpoint); + if (!tmp) + err = gpg_error_from_syserror (); + else + { + g13_status (ctrl, STATUS_MOUNTPOINT, tmp, NULL); + xfree (tmp); + } + } + } + + leave: + destroy_tupledesc (tuples); + xfree (keyblob); + xfree (enckeyblob); + dotlock_destroy (lock); + xfree (mountpoint_buffer); + xfree (blockdev_buffer); + return err; +} + + +/* Unmount the container with name FILENAME or the one mounted at + MOUNTPOINT. If both are given the FILENAME takes precedence. */ +gpg_error_t +g13_umount_container (ctrl_t ctrl, const char *filename, const char *mountpoint) +{ + gpg_error_t err; + char *blockdev; + + if (!filename && !mountpoint) + return gpg_error (GPG_ERR_ENOENT); + + /* Decide whether we need to use the g13-syshelp. */ + err = call_syshelp_find_device (ctrl, filename, &blockdev); + if (!err) + { + /* Need to employ the syshelper to umount the file system. */ + /* FIXME: We should get the CONTTYPE from the blockdev. */ + err = be_umount_container (ctrl, CONTTYPE_DM_CRYPT, blockdev); + if (!err) + { + /* if (conttype == CONTTYPE_DM_CRYPT) */ + g13_request_shutdown (); + } + } + else if (gpg_err_code (err) != GPG_ERR_NOT_FOUND) + { + log_error ("error finding device '%s': %s <%s>\n", + filename, gpg_strerror (err), gpg_strsource (err)); + } + else + { + /* Not in g13tab - kill the runner process for this mount. */ + unsigned int rid; + runner_t runner; + + err = mountinfo_find_mount (filename, mountpoint, &rid); + if (err) + return err; + + runner = runner_find_by_rid (rid); + if (!runner) + { + log_error ("runner %u not found\n", rid); + return gpg_error (GPG_ERR_NOT_FOUND); + } + + runner_cancel (runner); + runner_release (runner); + } + + xfree (blockdev); + return err; +} |