[git] GnuPG - branch, master, updated. gnupg-2.1.14-82-gf02ceb6
by Werner Koch
cvs at cvs.gnupg.org
Sun Aug 14 22:15:38 CEST 2016
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via f02ceb6c6e94c6fbfaeeafe728397be38107de4d (commit)
via b781113cf1391926dedf8dc943624d3bb9726318 (commit)
via c9a0bccc77c93c08d6980a1718dfaf238a559eb9 (commit)
via 700920640211168ae1c97d0adef74ba8615d90bb (commit)
via 37e932658cbd873ac96ff7e2067a97dffc2e0507 (commit)
from b57f55321295846d47144bd6b39fbbcac0127421 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit f02ceb6c6e94c6fbfaeeafe728397be38107de4d
Author: Werner Koch <wk at gnupg.org>
Date: Sun Aug 14 20:23:12 2016 +0200
g13: Allow the use of a g13tab label for --mount.
* g13/mount.c (g13_mount_container): Do not run the first access check
if syshelp is required.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/g13/mount.c b/g13/mount.c
index f4371cc..b46c8d0 100644
--- a/g13/mount.c
+++ b/g13/mount.c
@@ -60,10 +60,6 @@ g13_mount_container (ctrl_t ctrl, const char *filename, const char *mountpoint)
char *mountpoint_buffer = NULL;
char *blockdev_buffer = NULL;
- /* A quick check to see whether the container exists. */
- if (access (filename, F_OK))
- return gpg_error_from_syserror ();
-
/* Decide whether we need to use the g13-syshelp. */
err = call_syshelp_find_device (ctrl, filename, &blockdev_buffer);
if (!err)
@@ -77,6 +73,12 @@ g13_mount_container (ctrl_t ctrl, const char *filename, const char *mountpoint)
filename, gpg_strerror (err), gpg_strsource (err));
return err;
}
+ else
+ {
+ /* A quick check to see whether we can the container exists. */
+ if (access (filename, R_OK))
+ return gpg_error_from_syserror ();
+ }
if (!mountpoint)
{
commit b781113cf1391926dedf8dc943624d3bb9726318
Author: Werner Koch <wk at gnupg.org>
Date: Sun Aug 14 20:17:51 2016 +0200
g13: Implement --umount for dm-crypt.
* g13/g13.c (main): Implement command --umount.
* g13/mount.c (g13_umount_container): use the syshelper if needed.
* g13/backend.c (be_umount_container): New.
* g13/be-dmcrypt.c (be_dmcrypt_umount_container): New.
* g13/call-syshelp.c (call_syshelp_run_umount): New.
* g13/sh-cmd.c (cmd_umount): New.
(register_commands): Register UMOUNT.
* g13/sh-dmcrypt.c (sh_dmcrypt_umount_container): New.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/g13/backend.c b/g13/backend.c
index dd21768..659c6b7 100644
--- a/g13/backend.c
+++ b/g13/backend.c
@@ -240,6 +240,24 @@ be_mount_container (ctrl_t ctrl, int conttype,
}
+/* Dispatcher to the backend's umount function. */
+gpg_error_t
+be_umount_container (ctrl_t ctrl, int conttype, const char *fname)
+{
+ switch (conttype)
+ {
+ case CONTTYPE_ENCFS:
+ return gpg_error (GPG_ERR_NOT_SUPPORTED);
+
+ case CONTTYPE_DM_CRYPT:
+ return be_dmcrypt_umount_container (ctrl, fname);
+
+ default:
+ return no_such_backend (conttype);
+ }
+}
+
+
/* Dispatcher to the backend's suspend function. */
gpg_error_t
be_suspend_container (ctrl_t ctrl, int conttype, const char *fname)
diff --git a/g13/backend.h b/g13/backend.h
index 66d9cd5..d1cedb3 100644
--- a/g13/backend.h
+++ b/g13/backend.h
@@ -39,6 +39,7 @@ gpg_error_t be_mount_container (ctrl_t ctrl, int conttype,
const char *fname, const char *mountpoint,
tupledesc_t tuples,
unsigned int *r_id);
+gpg_error_t be_umount_container (ctrl_t ctrl, int conttype, const char *fname);
gpg_error_t be_suspend_container (ctrl_t ctrl, int conttype,
const char *fname);
gpg_error_t be_resume_container (ctrl_t ctrl, int conttype,
diff --git a/g13/be-dmcrypt.c b/g13/be-dmcrypt.c
index e5e9b33..c65be08 100644
--- a/g13/be-dmcrypt.c
+++ b/g13/be-dmcrypt.c
@@ -64,6 +64,23 @@ be_dmcrypt_mount_container (ctrl_t ctrl,
}
+/* Unmount the container described by the filename FNAME. */
+gpg_error_t
+be_dmcrypt_umount_container (ctrl_t ctrl, const char *fname)
+{
+ gpg_error_t err;
+
+ err = call_syshelp_set_device (ctrl, fname);
+ if (err)
+ goto leave;
+
+ err = call_syshelp_run_umount (ctrl, CONTTYPE_DM_CRYPT);
+
+ leave:
+ return err;
+}
+
+
/* Suspend the container described by the filename FNAME. */
gpg_error_t
be_dmcrypt_suspend_container (ctrl_t ctrl, const char *fname)
diff --git a/g13/be-dmcrypt.h b/g13/be-dmcrypt.h
index d74e09f..189bfee 100644
--- a/g13/be-dmcrypt.h
+++ b/g13/be-dmcrypt.h
@@ -27,6 +27,7 @@ gpg_error_t be_dmcrypt_mount_container (ctrl_t ctrl,
const char *fname,
const char *mountpoint,
tupledesc_t tuples);
+gpg_error_t be_dmcrypt_umount_container (ctrl_t ctrl, const char *fname);
gpg_error_t be_dmcrypt_suspend_container (ctrl_t ctrl, const char *fname);
gpg_error_t be_dmcrypt_resume_container (ctrl_t ctrl, const char *fname,
tupledesc_t tuples);
diff --git a/g13/call-syshelp.c b/g13/call-syshelp.c
index 952d8de..76d181b 100644
--- a/g13/call-syshelp.c
+++ b/g13/call-syshelp.c
@@ -522,6 +522,40 @@ call_syshelp_run_mount (ctrl_t ctrl, int conttype, const char *mountpoint,
/*
+ * Run the UMOUNT command on the current device. CONTTYPES gives the
+ * content type of the container (fixme: Do we really need this?).
+ */
+gpg_error_t
+call_syshelp_run_umount (ctrl_t ctrl, int conttype)
+{
+ gpg_error_t err;
+ assuan_context_t ctx;
+
+ err = start_syshelp (ctrl, &ctx);
+ if (err)
+ goto leave;
+
+ if (conttype == CONTTYPE_DM_CRYPT)
+ {
+ err = assuan_transact (ctx, "UMOUNT dm-crypt",
+ NULL, NULL,
+ NULL, NULL,
+ NULL, NULL);
+ }
+ else
+ {
+ log_error ("invalid backend type %d given\n", conttype);
+ err = GPG_ERR_INTERNAL;
+ goto leave;
+ }
+
+ leave:
+ return err;
+}
+
+
+
+/*
* Run the SUSPEND command on the current device. CONTTYPES gives the
* requested content type for the new container.
*/
diff --git a/g13/call-syshelp.h b/g13/call-syshelp.h
index aa4b692..0e110c9 100644
--- a/g13/call-syshelp.h
+++ b/g13/call-syshelp.h
@@ -33,6 +33,7 @@ gpg_error_t call_syshelp_run_create (ctrl_t ctrl, int conttype);
gpg_error_t call_syshelp_run_mount (ctrl_t ctrl, int conttype,
const char *mountpoint,
tupledesc_t tuples);
+gpg_error_t call_syshelp_run_umount (ctrl_t ctrl, int conttype);
gpg_error_t call_syshelp_run_suspend (ctrl_t ctrl, int conttype);
gpg_error_t call_syshelp_run_resume (ctrl_t ctrl, int conttype,
tupledesc_t tuples);
diff --git a/g13/g13-syshelp.h b/g13/g13-syshelp.h
index dae2bd0..618b41d 100644
--- a/g13/g13-syshelp.h
+++ b/g13/g13-syshelp.h
@@ -86,6 +86,7 @@ gpg_error_t sh_dmcrypt_create_container (ctrl_t ctrl, const char *devname,
estream_t devfp);
gpg_error_t sh_dmcrypt_mount_container (ctrl_t ctrl, const char *devname,
tupledesc_t keyblob);
+gpg_error_t sh_dmcrypt_umount_container (ctrl_t ctrl, const char *devname);
gpg_error_t sh_dmcrypt_suspend_container (ctrl_t ctrl, const char *devname);
gpg_error_t sh_dmcrypt_resume_container (ctrl_t ctrl, const char *devname,
tupledesc_t keyblob);
diff --git a/g13/g13.c b/g13/g13.c
index 799fd66..7744855 100644
--- a/g13/g13.c
+++ b/g13/g13.c
@@ -793,9 +793,10 @@ main ( int argc, char **argv)
{
if (argc != 1)
wrong_args ("--umount filename");
- err = GPG_ERR_NOT_IMPLEMENTED;
- log_error ("error unmounting container '%s': %s <%s>\n",
- *argv, gpg_strerror (err), gpg_strsource (err));
+ err = g13_umount_container (&ctrl, argv[0], NULL);
+ if (err)
+ log_error ("error unmounting container '%s': %s <%s>\n",
+ *argv, gpg_strerror (err), gpg_strsource (err));
}
break;
diff --git a/g13/mount.c b/g13/mount.c
index d682585..f4371cc 100644
--- a/g13/mount.c
+++ b/g13/mount.c
@@ -64,10 +64,7 @@ g13_mount_container (ctrl_t ctrl, const char *filename, const char *mountpoint)
if (access (filename, F_OK))
return gpg_error_from_syserror ();
- /* Decide whether we need to use the g13-syshelp because we can't
- use lock files for them. This is most likely the case for device
- files; thus we test for this. FIXME: The correct solution would
- be to call g13-syshelp to match the file against the g13tab. */
+ /* Decide whether we need to use the g13-syshelp. */
err = call_syshelp_find_device (ctrl, filename, &blockdev_buffer);
if (!err)
{
@@ -217,27 +214,50 @@ gpg_error_t
g13_umount_container (ctrl_t ctrl, const char *filename, const char *mountpoint)
{
gpg_error_t err;
- unsigned int rid;
- runner_t runner;
-
- (void)ctrl;
+ char *blockdev;
if (!filename && !mountpoint)
return gpg_error (GPG_ERR_ENOENT);
- err = mountinfo_find_mount (filename, mountpoint, &rid);
- if (err)
- return err;
-
- runner = runner_find_by_rid (rid);
- if (!runner)
+ /* Decide whether we need to use the g13-syshelp. */
+ err = call_syshelp_find_device (ctrl, filename, &blockdev);
+ if (!err)
+ {
+ /* Need to employ the syshelper to umount the file system. */
+ /* FIXME: We should get the CONTTYPE from the blockdev. */
+ err = be_umount_container (ctrl, CONTTYPE_DM_CRYPT, blockdev);
+ if (!err)
+ {
+ /* if (conttype == CONTTYPE_DM_CRYPT) */
+ g13_request_shutdown ();
+ }
+ }
+ else if (gpg_err_code (err) != GPG_ERR_NOT_FOUND)
{
- log_error ("runner %u not found\n", rid);
- return gpg_error (GPG_ERR_NOT_FOUND);
+ log_error ("error finding device '%s': %s <%s>\n",
+ filename, gpg_strerror (err), gpg_strsource (err));
}
+ else
+ {
+ /* Not in g13tab - kill the runner process for this mount. */
+ unsigned int rid;
+ runner_t runner;
- runner_cancel (runner);
- runner_release (runner);
+ err = mountinfo_find_mount (filename, mountpoint, &rid);
+ if (err)
+ return err;
- return 0;
+ runner = runner_find_by_rid (rid);
+ if (!runner)
+ {
+ log_error ("runner %u not found\n", rid);
+ return gpg_error (GPG_ERR_NOT_FOUND);
+ }
+
+ runner_cancel (runner);
+ runner_release (runner);
+ }
+
+ xfree (blockdev);
+ return err;
}
diff --git a/g13/sh-cmd.c b/g13/sh-cmd.c
index 20db8dc..8214919 100644
--- a/g13/sh-cmd.c
+++ b/g13/sh-cmd.c
@@ -500,6 +500,40 @@ cmd_mount (assuan_context_t ctx, char *line)
}
+static const char hlp_umount[] =
+ "UMOUNT <type>\n"
+ "\n"
+ "Unmount an encrypted partition and wipe the key.\n"
+ "<type> must be \"dm-crypt\" for now.";
+static gpg_error_t
+cmd_umount (assuan_context_t ctx, char *line)
+{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+ gpg_error_t err = 0;
+
+ line = skip_options (line);
+
+ if (strcmp (line, "dm-crypt"))
+ {
+ err = set_error (GPG_ERR_INV_ARG, "Type must be \"dm-crypt\"");
+ goto leave;
+ }
+
+ if (!ctrl->server_local->devicename
+ || !ctrl->server_local->devicefp
+ || !ctrl->devti)
+ {
+ err = set_error (GPG_ERR_ENOENT, "No device has been set");
+ goto leave;
+ }
+
+ err = sh_dmcrypt_umount_container (ctrl, ctrl->server_local->devicename);
+
+ leave:
+ return leave_cmd (ctx, err);
+}
+
+
static const char hlp_suspend[] =
"SUSPEND <type>\n"
"\n"
@@ -713,6 +747,7 @@ register_commands (assuan_context_t ctx, int fail_all)
{ "CREATE", cmd_create, hlp_create },
{ "GETKEYBLOB", cmd_getkeyblob, hlp_getkeyblob },
{ "MOUNT", cmd_mount, hlp_mount },
+ { "UMOUNT", cmd_umount, hlp_umount },
{ "SUSPEND", cmd_suspend,hlp_suspend},
{ "RESUME", cmd_resume, hlp_resume },
{ "INPUT", NULL },
diff --git a/g13/sh-dmcrypt.c b/g13/sh-dmcrypt.c
index e0cd2e1..201f856 100644
--- a/g13/sh-dmcrypt.c
+++ b/g13/sh-dmcrypt.c
@@ -723,6 +723,99 @@ sh_dmcrypt_mount_container (ctrl_t ctrl, const char *devname,
}
+/* Unmount a DM-Crypt container on device DEVNAME and wipe the keys. */
+gpg_error_t
+sh_dmcrypt_umount_container (ctrl_t ctrl, const char *devname)
+{
+ gpg_error_t err;
+ char *targetname_abs = NULL;
+ char *result = NULL;
+
+ if (!ctrl->devti)
+ return gpg_error (GPG_ERR_INV_ARG);
+
+ g13_syshelp_i_know_what_i_am_doing ();
+
+ /* Check that the device is used by device mapper. */
+ err = check_blockdev (devname, 1);
+ if (gpg_err_code (err) != GPG_ERR_EBUSY)
+ {
+ log_error ("device '%s' is not used by the device mapper: %s\n",
+ devname, gpg_strerror (err));
+ goto leave;
+ }
+
+ /* Fixme: Check that this is really a g13 partition. */
+
+ /* Device mapper needs a name for the device: Take it from the label
+ or use "0". */
+ targetname_abs = strconcat ("/dev/mapper/",
+ "g13-", ctrl->client.uname, "-",
+ ctrl->devti->label? ctrl->devti->label : "0",
+ NULL);
+ if (!targetname_abs)
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
+
+ /* Run the regular umount command. */
+ {
+ const char *argv[2];
+
+ argv[0] = targetname_abs;
+ argv[1] = NULL;
+ log_debug ("now running \"umount %s\"\n", targetname_abs);
+ err = gnupg_exec_tool ("/bin/umount", argv, NULL, &result, NULL);
+ }
+ if (err)
+ {
+ log_error ("error running umount: %s\n", gpg_strerror (err));
+ if (1)
+ {
+ /* Try to show some info about processes using the partition. */
+ const char *argv[3];
+
+ argv[0] = "-mv";
+ argv[1] = targetname_abs;
+ argv[2] = NULL;
+ gnupg_exec_tool ("/bin/fuser", argv, NULL, &result, NULL);
+ }
+ goto leave;
+ }
+ if (result && *result) /* (We should not see output to stdout). */
+ log_info ("WARNING: umount returned data on stdout! (%s)\n", result);
+ xfree (result);
+ result = NULL;
+
+ /* Run the dmsetup remove command. */
+ {
+ const char *argv[3];
+
+ argv[0] = "remove";
+ argv[1] = targetname_abs;
+ argv[2] = NULL;
+ log_debug ("now running \"dmsetup remove %s\"\n", targetname_abs);
+ err = gnupg_exec_tool ("/sbin/dmsetup", argv, NULL, &result, NULL);
+ }
+ if (err)
+ {
+ log_error ("error running \"dmsetup remove %s\": %s\n",
+ targetname_abs, gpg_strerror (err));
+ goto leave;
+ }
+ if (result && *result)
+ log_debug ("dmsetup result: %s\n", result);
+ xfree (result);
+ result = NULL;
+
+ leave:
+ xfree (targetname_abs);
+ xfree (result);
+ return err;
+}
+
+
/* Suspend a DM-Crypt container on device DEVNAME and wipe the keys. */
gpg_error_t
sh_dmcrypt_suspend_container (ctrl_t ctrl, const char *devname)
commit c9a0bccc77c93c08d6980a1718dfaf238a559eb9
Author: Werner Koch <wk at gnupg.org>
Date: Sat Aug 13 19:42:18 2016 +0200
g13: Fix double free bug.
* g13/sh-cmd.c (cmd_mount, cmd_resume): Do not xfree TIUPLES.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/g13/sh-cmd.c b/g13/sh-cmd.c
index 10b1ba9..20db8dc 100644
--- a/g13/sh-cmd.c
+++ b/g13/sh-cmd.c
@@ -495,7 +495,6 @@ cmd_mount (assuan_context_t ctx, char *line)
tuples);
leave:
- xfree (tuples);
destroy_tupledesc (tuples);
return leave_cmd (ctx, err);
}
@@ -610,7 +609,6 @@ cmd_resume (assuan_context_t ctx, char *line)
tuples);
leave:
- xfree (tuples);
destroy_tupledesc (tuples);
return leave_cmd (ctx, err);
}
commit 700920640211168ae1c97d0adef74ba8615d90bb
Author: Werner Koch <wk at gnupg.org>
Date: Sat Aug 13 19:27:28 2016 +0200
g13: Consider g13tab for a mount command.
* g13/sh-cmd.c (cmd_getkeyblob): New.
(register_commands): Register it.
* g13/call-syshelp.c (getkeyblob_data_cb): New.
(call_syshelp_get_keyblob): New.
* g13/mount.c: Include callsyshelp.h.
(g13_mount_container): Ask syshelp whether the filename is managed by
g13tab. Call syshelp to get the encrypted keyblob in this case.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/g13/call-syshelp.c b/g13/call-syshelp.c
index d0f1b00..952d8de 100644
--- a/g13/call-syshelp.c
+++ b/g13/call-syshelp.c
@@ -235,6 +235,52 @@ call_syshelp_find_device (ctrl_t ctrl, const char *name, char **r_blockdev)
+static gpg_error_t
+getkeyblob_data_cb (void *opaque, const void *data, size_t datalen)
+{
+ membuf_t *mb = opaque;
+
+ if (data)
+ put_membuf (mb, data, datalen);
+
+ return 0;
+}
+
+
+/* Send the GTEKEYBLOB command to the syshelper. On success the
+ * encrypted keyblpob is stored at (R_ENCKEYBLOB,R_ENCKEYBLOBLEN). */
+gpg_error_t
+call_syshelp_get_keyblob (ctrl_t ctrl,
+ void **r_enckeyblob, size_t *r_enckeybloblen)
+{
+ gpg_error_t err;
+ assuan_context_t ctx;
+ membuf_t mb;
+
+ *r_enckeyblob = NULL;
+ *r_enckeybloblen = 0;
+ init_membuf (&mb, 512);
+
+ err = start_syshelp (ctrl, &ctx);
+ if (err)
+ goto leave;
+
+ err = assuan_transact (ctx, "GETKEYBLOB",
+ getkeyblob_data_cb, &mb,
+ NULL, NULL, NULL, NULL);
+ if (err)
+ goto leave;
+ *r_enckeyblob = get_membuf (&mb, r_enckeybloblen);
+ if (!*r_enckeyblob)
+ err = gpg_error_from_syserror ();
+
+ leave:
+ xfree (get_membuf (&mb, NULL));
+ return err;
+}
+
+
+
/* Send the DEVICE command to the syshelper. FNAME is the name of the
device. */
gpg_error_t
diff --git a/g13/call-syshelp.h b/g13/call-syshelp.h
index 14deb7d..aa4b692 100644
--- a/g13/call-syshelp.h
+++ b/g13/call-syshelp.h
@@ -25,6 +25,9 @@
void call_syshelp_release (ctrl_t ctrl);
gpg_error_t call_syshelp_find_device (ctrl_t ctrl,
const char *name, char **r_blockdev);
+gpg_error_t call_syshelp_get_keyblob (ctrl_t ctrl,
+ void **r_enckeyblob,
+ size_t *r_enckeybloblen);
gpg_error_t call_syshelp_set_device (ctrl_t ctrl, const char *fname);
gpg_error_t call_syshelp_run_create (ctrl_t ctrl, int conttype);
gpg_error_t call_syshelp_run_mount (ctrl_t ctrl, int conttype,
diff --git a/g13/mount.c b/g13/mount.c
index 951a859..d682585 100644
--- a/g13/mount.c
+++ b/g13/mount.c
@@ -38,6 +38,7 @@
#include "host2net.h"
#include "server.h" /*(g13_keyblob_decrypt)*/
#include "../common/sysutils.h"
+#include "call-syshelp.h"
/* Mount the container with name FILENAME at MOUNTPOINT. */
@@ -46,7 +47,7 @@ g13_mount_container (ctrl_t ctrl, const char *filename, const char *mountpoint)
{
gpg_error_t err;
dotlock_t lock;
- int needs_syshelp;
+ int needs_syshelp = 0;
void *enckeyblob = NULL;
size_t enckeybloblen;
void *keyblob = NULL;
@@ -57,16 +58,28 @@ g13_mount_container (ctrl_t ctrl, const char *filename, const char *mountpoint)
int conttype;
unsigned int rid;
char *mountpoint_buffer = NULL;
+ char *blockdev_buffer = NULL;
/* A quick check to see whether the container exists. */
- if (access (filename, R_OK))
+ if (access (filename, F_OK))
return gpg_error_from_syserror ();
/* Decide whether we need to use the g13-syshelp because we can't
use lock files for them. This is most likely the case for device
files; thus we test for this. FIXME: The correct solution would
be to call g13-syshelp to match the file against the g13tab. */
- needs_syshelp = !strncmp (filename, "/dev/", 5);
+ err = call_syshelp_find_device (ctrl, filename, &blockdev_buffer);
+ if (!err)
+ {
+ needs_syshelp = 1;
+ filename = blockdev_buffer;
+ }
+ else if (gpg_err_code (err) != GPG_ERR_NOT_FOUND)
+ {
+ log_error ("error finding device '%s': %s <%s>\n",
+ filename, gpg_strerror (err), gpg_strsource (err));
+ return err;
+ }
if (!mountpoint)
{
@@ -105,20 +118,27 @@ g13_mount_container (ctrl_t ctrl, const char *filename, const char *mountpoint)
}
/* Check again that the file exists. */
- {
- struct stat sb;
+ if (!needs_syshelp)
+ {
+ struct stat sb;
- if (stat (filename, &sb))
- {
- err = gpg_error_from_syserror ();
- goto leave;
- }
- }
+ if (stat (filename, &sb))
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
+ }
/* Read the encrypted keyblob. */
- /* Fixme: Should we move this to syshelp for dm-crypt or do we
- assume that the encrypted device is world readable? */
- err = g13_keyblob_read (filename, &enckeyblob, &enckeybloblen);
+ if (needs_syshelp)
+ {
+ err = call_syshelp_set_device (ctrl, filename);
+ if (err)
+ goto leave;
+ err = call_syshelp_get_keyblob (ctrl, &enckeyblob, &enckeybloblen);
+ }
+ else
+ err = g13_keyblob_read (filename, &enckeyblob, &enckeybloblen);
if (err)
goto leave;
@@ -186,6 +206,7 @@ g13_mount_container (ctrl_t ctrl, const char *filename, const char *mountpoint)
xfree (enckeyblob);
dotlock_destroy (lock);
xfree (mountpoint_buffer);
+ xfree (blockdev_buffer);
return err;
}
@@ -203,6 +224,7 @@ g13_umount_container (ctrl_t ctrl, const char *filename, const char *mountpoint)
if (!filename && !mountpoint)
return gpg_error (GPG_ERR_ENOENT);
+
err = mountinfo_find_mount (filename, mountpoint, &rid);
if (err)
return err;
diff --git a/g13/sh-cmd.c b/g13/sh-cmd.c
index e00bb77..10b1ba9 100644
--- a/g13/sh-cmd.c
+++ b/g13/sh-cmd.c
@@ -383,6 +383,52 @@ cmd_create (assuan_context_t ctx, char *line)
}
+static const char hlp_getkeyblob[] =
+ "GETKEYBLOB\n"
+ "\n"
+ "Return the encrypted keyblob of the current device.";
+static gpg_error_t
+cmd_getkeyblob (assuan_context_t ctx, char *line)
+{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+ gpg_error_t err;
+ void *enckeyblob = NULL;
+ size_t enckeybloblen;
+
+ line = skip_options (line);
+
+ if (!ctrl->server_local->devicename
+ || !ctrl->server_local->devicefp
+ || !ctrl->devti)
+ {
+ err = set_error (GPG_ERR_ENOENT, "No device has been set");
+ goto leave;
+ }
+
+ err = sh_is_empty_partition (ctrl->server_local->devicename);
+ if (!err)
+ {
+ err = gpg_error (GPG_ERR_ENODEV);
+ assuan_set_error (ctx, err, "Partition is empty");
+ goto leave;
+ }
+ err = 0;
+
+ err = g13_keyblob_read (ctrl->server_local->devicename,
+ &enckeyblob, &enckeybloblen);
+ if (err)
+ goto leave;
+
+ err = assuan_send_data (ctx, enckeyblob, enckeybloblen);
+ if (!err)
+ err = assuan_send_data (ctx, NULL, 0); /* Flush */
+
+ leave:
+ xfree (enckeyblob);
+ return leave_cmd (ctx, err);
+}
+
+
static const char hlp_mount[] =
"MOUNT <type>\n"
"\n"
@@ -667,6 +713,7 @@ register_commands (assuan_context_t ctx, int fail_all)
{ "FINDDEVICE", cmd_finddevice, hlp_finddevice },
{ "DEVICE", cmd_device, hlp_device },
{ "CREATE", cmd_create, hlp_create },
+ { "GETKEYBLOB", cmd_getkeyblob, hlp_getkeyblob },
{ "MOUNT", cmd_mount, hlp_mount },
{ "SUSPEND", cmd_suspend,hlp_suspend},
{ "RESUME", cmd_resume, hlp_resume },
commit 37e932658cbd873ac96ff7e2067a97dffc2e0507
Author: Werner Koch <wk at gnupg.org>
Date: Sat Aug 13 17:39:28 2016 +0200
g13: Move some function around.
* g13/keyblob.c (g13_keyblob_decrypt): Move to ...
* g13/server.c: to here.
* g13/suspend.c, g13/mount.c: Include server.h.
* g13/Makefile.am (g13_syshelp_SOURCES): Add keyblob.c
--
This is done to be able to use keyblob read code in syshelp w/o
requiring linking to call-gpg.c
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/g13/Makefile.am b/g13/Makefile.am
index 05963c8..90dd471 100644
--- a/g13/Makefile.am
+++ b/g13/Makefile.am
@@ -57,7 +57,7 @@ g13_LDADD = $(libcommonpth) \
g13_syshelp_SOURCES = \
g13-syshelp.c g13-syshelp.h \
g13-common.c g13-common.h \
- keyblob.h \
+ keyblob.c keyblob.h \
g13tuple.c g13tuple.h \
sh-cmd.c \
sh-blockdev.c \
diff --git a/g13/keyblob.c b/g13/keyblob.c
index cad0c4f..8a5b622 100644
--- a/g13/keyblob.c
+++ b/g13/keyblob.c
@@ -28,12 +28,10 @@
#include <assert.h>
#include "g13.h"
-#include "i18n.h"
#include "mount.h"
#include "keyblob.h"
#include "../common/sysutils.h"
-#include "../common/call-gpg.h"
#include "host2net.h"
@@ -207,23 +205,3 @@ g13_keyblob_read (const char *filename,
return err;
}
-
-
-/*
- * Decrypt the keyblob (ENCKEYBLOB,ENCKEYBLOBLEN) and store the result
- * at (R_KEYBLOB, R_KEYBLOBLEN). Returns 0 on success or an error
- * code. On error R_KEYBLOB is set to NULL.
- */
-gpg_error_t
-g13_keyblob_decrypt (ctrl_t ctrl, const void *enckeyblob, size_t enckeybloblen,
- void **r_keyblob, size_t *r_keybloblen)
-{
- gpg_error_t err;
-
- /* FIXME: For now we only implement OpenPGP. */
- err = gpg_decrypt_blob (ctrl, opt.gpg_program, opt.gpg_arguments,
- enckeyblob, enckeybloblen,
- r_keyblob, r_keybloblen);
-
- return err;
-}
diff --git a/g13/keyblob.h b/g13/keyblob.h
index 3415e9a..48f0b9c 100644
--- a/g13/keyblob.h
+++ b/g13/keyblob.h
@@ -157,9 +157,6 @@
gpg_error_t g13_is_container (ctrl_t ctrl, const char *filename);
gpg_error_t g13_keyblob_read (const char *filename,
void **r_enckeyblob, size_t *r_enckeybloblen);
-gpg_error_t g13_keyblob_decrypt (ctrl_t ctrl,
- const void *enckeyblob, size_t enckeybloblen,
- void **r_keyblob, size_t *r_keybloblen);
#endif /*G13_KEYBLOB_H*/
diff --git a/g13/mount.c b/g13/mount.c
index 272cd77..951a859 100644
--- a/g13/mount.c
+++ b/g13/mount.c
@@ -36,6 +36,7 @@
#include "mountinfo.h"
#include "runner.h"
#include "host2net.h"
+#include "server.h" /*(g13_keyblob_decrypt)*/
#include "../common/sysutils.h"
diff --git a/g13/server.c b/g13/server.c
index a96ec6e..5a273c2 100644
--- a/g13/server.c
+++ b/g13/server.c
@@ -34,6 +34,8 @@
#include "mount.h"
#include "suspend.h"
#include "../common/server-help.h"
+#include "../common/call-gpg.h"
+
/* The filepointer for status message used in non-server mode */
static FILE *statusfp;
@@ -769,3 +771,28 @@ g13_proxy_pinentry_notify (ctrl_t ctrl, const unsigned char *line)
return 0;
return assuan_inquire (ctrl->server_local->assuan_ctx, line, NULL, NULL, 0);
}
+
+
+/*
+ * Decrypt the keyblob (ENCKEYBLOB,ENCKEYBLOBLEN) and store the result
+ * at (R_KEYBLOB, R_KEYBLOBLEN). Returns 0 on success or an error
+ * code. On error R_KEYBLOB is set to NULL.
+ *
+ * This actually does not belong here but for that simple wrapper it
+ * does not make sense to add another source file. Note that we do
+ * not want to have this in keyblob.c, because that code is also used
+ * by the syshelp.
+ */
+gpg_error_t
+g13_keyblob_decrypt (ctrl_t ctrl, const void *enckeyblob, size_t enckeybloblen,
+ void **r_keyblob, size_t *r_keybloblen)
+{
+ gpg_error_t err;
+
+ /* FIXME: For now we only implement OpenPGP. */
+ err = gpg_decrypt_blob (ctrl, opt.gpg_program, opt.gpg_arguments,
+ enckeyblob, enckeybloblen,
+ r_keyblob, r_keybloblen);
+
+ return err;
+}
diff --git a/g13/server.h b/g13/server.h
index af8494a..41636c8 100644
--- a/g13/server.h
+++ b/g13/server.h
@@ -25,4 +25,8 @@ gpg_error_t g13_server (ctrl_t ctrl);
gpg_error_t g13_proxy_pinentry_notify (ctrl_t ctrl, const unsigned char *line);
+gpg_error_t g13_keyblob_decrypt (ctrl_t ctrl,
+ const void *enckeyblob, size_t enckeybloblen,
+ void **r_keyblob, size_t *r_keybloblen);
+
#endif /*G13_SERVER_H*/
diff --git a/g13/suspend.c b/g13/suspend.c
index 0532c8b..39aeaeb 100644
--- a/g13/suspend.c
+++ b/g13/suspend.c
@@ -33,6 +33,7 @@
#include "keyblob.h"
#include "backend.h"
#include "g13tuple.h"
+#include "server.h" /*(g13_keyblob_decrypt)*/
-----------------------------------------------------------------------
Summary of changes:
g13/Makefile.am | 2 +-
g13/backend.c | 18 +++++++++
g13/backend.h | 1 +
g13/be-dmcrypt.c | 17 ++++++++
g13/be-dmcrypt.h | 1 +
g13/call-syshelp.c | 80 +++++++++++++++++++++++++++++++++++++
g13/call-syshelp.h | 4 ++
g13/g13-syshelp.h | 1 +
g13/g13.c | 7 ++--
g13/keyblob.c | 22 ----------
g13/keyblob.h | 3 --
g13/mount.c | 115 +++++++++++++++++++++++++++++++++++++----------------
g13/server.c | 27 +++++++++++++
g13/server.h | 4 ++
g13/sh-cmd.c | 84 +++++++++++++++++++++++++++++++++++++-
g13/sh-dmcrypt.c | 93 +++++++++++++++++++++++++++++++++++++++++++
g13/suspend.c | 1 +
17 files changed, 414 insertions(+), 66 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list