[patch] show crypto volumes



Hi,

Attached is a small patch that enables gnome-vfs to show volumes that
hal has identified as containing encrypted data. Currently this works
with LUKS but one should only need to change hal to support other
encryption schemes. 

Basically the patch allows the user to invoke a mount helper and it is
the task of the mount helper to query for the password, setup the device
and so forth. Currently this works for at least gnome-mount (I just
implemented it yesterday and today). I've uploaded a screenshot here 

 http://freedesktop.org/~david/gnome-vfs-crypto-1.png

To use this you need CVS HEAD of hal and gnome-mount (will release both
soon as 0.5.7 resp. 0.4) as well as media prepared for LUKS. And CVS
HEAD of gnome-vfs with this patch of course. See the man page for
cryptsetup(1) on how to prepare media. 

Btw, in the future I hope to provide PartitionDisk() and Format()
methods in hal so it's relatively easy to prepare media (partition and
format it) including setting up encrypted partitions.

See also http://bugzilla.gnome.org/show_bug.cgi?id=326553 for more
information and details.

There are no changes to any strings. OK to commit?

Cheers,
David

 $ diffstat gnome-vfs-show-crypto-drives.patch
 ChangeLog                                      |   16 +++
 libgnomevfs/gnome-vfs-drive.c                  |    1
 libgnomevfs/gnome-vfs-hal-mounts.c             |  116 +++++++++++++++++++++++-- 
 libgnomevfs/gnome-vfs-volume-monitor-private.h |    1
 4 files changed, 127 insertions(+), 7 deletions(-)


Index: ChangeLog
===================================================================
RCS file: /cvs/gnome/gnome-vfs/ChangeLog,v
retrieving revision 1.2361
diff -u -p -r1.2361 ChangeLog
--- ChangeLog	13 Feb 2006 10:58:10 -0000	1.2361
+++ ChangeLog	14 Feb 2006 09:28:52 -0000
@@ -1,3 +1,19 @@
+2006-02-14  David Zeuthen  <davidz redhat com>
+
+	* libgnomevfs/gnome-vfs-volume-monitor-private.h: 
+	(GnomeVFSDrivePrivate): Add hal_backing_crypto_volume_udi
+
+	* libgnomevfs/gnome-vfs-hal-mounts.c (_hal_volume_policy_check):
+	Show crypto volumes if they have no cleartext columes associated
+	with them
+	(_hal_add_volume): Remove GnomeVFSDrive for crypto drive if we are
+	the corresponding cleartext volume
+	(_hal_device_removed): Add back GnomeVFSDrive for crypto drive if
+	the cleartext volume is going away
+
+	* libgnomevfs/gnome-vfs-drive.c (gnome_vfs_drive_finalize): Free
+	hal_backing_crypto_volume_udi
+
 2006-02-13  Alexander Larsson  <alexl redhat com>
 
 	* configure.in:
Index: libgnomevfs/gnome-vfs-drive.c
===================================================================
RCS file: /cvs/gnome/gnome-vfs/libgnomevfs/gnome-vfs-drive.c,v
retrieving revision 1.13
diff -u -p -r1.13 gnome-vfs-drive.c
--- libgnomevfs/gnome-vfs-drive.c	14 Nov 2005 11:41:13 -0000	1.13
+++ libgnomevfs/gnome-vfs-drive.c	14 Feb 2006 09:28:53 -0000
@@ -196,6 +196,7 @@ gnome_vfs_drive_finalize (GObject *objec
 	g_free (priv->icon);
 	g_free (priv->hal_udi);
 	g_free (priv->hal_drive_udi);
+	g_free (priv->hal_backing_crypto_volume_udi);
 	g_free (priv);
 	drive->priv = NULL;
 	
Index: libgnomevfs/gnome-vfs-hal-mounts.c
===================================================================
RCS file: /cvs/gnome/gnome-vfs/libgnomevfs/gnome-vfs-hal-mounts.c,v
retrieving revision 1.25
diff -u -p -r1.25 gnome-vfs-hal-mounts.c
--- libgnomevfs/gnome-vfs-hal-mounts.c	24 Jan 2006 12:43:57 -0000	1.25
+++ libgnomevfs/gnome-vfs-hal-mounts.c	14 Feb 2006 09:28:55 -0000
@@ -689,12 +689,32 @@ _hal_volume_policy_check (GnomeVFSVolume
 	if (!_hal_drive_policy_check (volume_monitor_daemon, hal_drive, hal_volume))
 		goto out;
 
-	/* needs to be a mountable filesystem OR audio disc OR blank disc */
+	/* needs to be a mountable filesystem OR contain crypto bits OR audio disc OR blank disc */
 	if (! ((libhal_volume_get_fsusage (hal_volume) == LIBHAL_VOLUME_USAGE_MOUNTABLE_FILESYSTEM) ||
+	       (libhal_volume_get_fsusage (hal_volume) == LIBHAL_VOLUME_USAGE_CRYPTO) ||
 	       libhal_volume_disc_has_audio (hal_volume) ||
 	       libhal_volume_disc_is_blank (hal_volume)))
 		goto out;
 
+	/* if we contain crypto bits, only show if our cleartext volume is not yet setup */
+	if (libhal_volume_get_fsusage (hal_volume) == LIBHAL_VOLUME_USAGE_CRYPTO) {
+		DBusError error;
+		char **clear_devices;
+		int num_clear_devices;
+
+		dbus_error_init (&error);
+		clear_devices = libhal_manager_find_device_string_match (volume_monitor_daemon->hal_ctx,
+									 "volume.crypto_luks.clear.backing_volume",
+									 libhal_volume_get_udi (hal_volume),
+									 &num_clear_devices,
+									 &error);
+		if (clear_devices != NULL && num_clear_devices > 0) {
+			libhal_free_string_array (clear_devices);
+			goto out;
+		}
+	}
+
+
 	/* for volumes the vendor and/or sysadmin wants to be ignore (e.g. bootstrap HFS
 	 * partitions on the Mac, HP_RECOVERY partitions on HP systems etc.)
 	 */
@@ -845,12 +865,14 @@ _hal_add_drive_without_volumes (GnomeVFS
 
 	/* don't add if it's already there */
 	drive = _gnome_vfs_volume_monitor_find_drive_by_hal_udi (volume_monitor, libhal_drive_get_udi (hal_drive));
-	if (drive != NULL)
+	if (drive != NULL) {
 		goto out;
+	}
 
 	/* doesn't make sense for devices without removable storage */
-	if (!libhal_drive_uses_removable_media (hal_drive))
+	if (!libhal_drive_uses_removable_media (hal_drive)) {
 		goto out;
+	}
 	
 	drive = g_object_new (GNOME_VFS_TYPE_DRIVE, NULL);
 	drive->priv->activation_uri = g_strdup ("");
@@ -888,17 +910,29 @@ _hal_add_volume (GnomeVFSVolumeMonitorDa
 	GnomeVFSHalUserData *hal_userdata;
 	char *name;
 	gboolean allowed_by_policy;
+	DBusError error;
+	char *backing_udi;
 
 	g_return_val_if_fail (hal_drive != NULL, FALSE);
 	g_return_val_if_fail (hal_volume != NULL, FALSE);
 
 	ret = FALSE;
+	backing_udi = NULL;
 
 	volume_monitor = GNOME_VFS_VOLUME_MONITOR (volume_monitor_daemon);
 	hal_userdata = (GnomeVFSHalUserData *) libhal_ctx_get_user_data (volume_monitor_daemon->hal_ctx);
 
 	allowed_by_policy = _hal_volume_policy_check (volume_monitor_daemon, hal_drive, hal_volume);
 
+#ifdef HAL_SHOW_DEBUG
+	g_debug ("entering _hal_add_volume for\n"
+		 "  drive udi '%s'\n"
+		 "  volume udi '%s'\n"
+		 "  allowd_by_policy %s",
+		 libhal_drive_get_udi (hal_drive), libhal_volume_get_udi (hal_volume),
+		 allowed_by_policy ? "yes" : "no");
+#endif
+
 	if (!allowed_by_policy) {
 		/* make sure to completey delete any existing drive/volume for policy changes if the 
 		 * user_visible flag differs... */
@@ -934,10 +968,6 @@ _hal_add_volume (GnomeVFSVolumeMonitorDa
 	if ( _hal_volume_temp_udi (volume_monitor_daemon, hal_drive, hal_volume))
 		goto out;
 
-#ifdef HAL_SHOW_DEBUG
-	g_debug ("entering _hal_add_volume for\n  drive udi '%s'\n  volume udi '%s'\n",
-		 libhal_drive_get_udi (hal_drive), libhal_volume_get_udi (hal_volume));
-#endif
 
 	/* OK, check if we got a drive_without_volumes drive and delete that since we're going to add a
 	 * drive for added partitions */
@@ -949,6 +979,36 @@ _hal_add_volume (GnomeVFSVolumeMonitorDa
 		_gnome_vfs_volume_monitor_disconnected (volume_monitor, drive);
 	}
 
+	if (!allowed_by_policy && 
+	    libhal_volume_get_fsusage (hal_volume) != LIBHAL_VOLUME_USAGE_MOUNTABLE_FILESYSTEM)
+		goto out;
+
+	/* If we're stemming from a crypto volume... then remove the
+	 * GnomeVFSDrive we added so users had a way to invoke
+	 * gnome-mount for asking for the pass-phrase...
+	 */
+	dbus_error_init (&error);
+	backing_udi = libhal_device_get_property_string (
+		volume_monitor_daemon->hal_ctx,
+		libhal_volume_get_udi (hal_volume),
+		"volume.crypto_luks.clear.backing_volume",
+		&error);
+	if (backing_udi != NULL) {
+		GnomeVFSDrive *backing_drive;
+		
+		backing_drive = _gnome_vfs_volume_monitor_find_drive_by_hal_udi (volume_monitor, backing_udi);
+		if (backing_drive != NULL) {
+#ifdef HAL_SHOW_DEBUG
+			g_debug ("Removing GnomeVFSDrive for crypto device with path %s "
+				 "(got cleartext device at path %s)", 
+				 backing_drive->priv->device_path,
+				 libhal_volume_get_device_file (hal_volume));
+#endif
+			_gnome_vfs_volume_monitor_disconnected (volume_monitor, backing_drive);
+		}
+		
+	}
+
 	/* if we had a drive from here but where we weren't mounted, just use that drive since nothing actually
 	 * changed 
 	 */
@@ -984,6 +1044,7 @@ _hal_add_volume (GnomeVFSVolumeMonitorDa
 		drive->priv->volumes = NULL;
 		drive->priv->hal_udi = g_strdup (libhal_volume_get_udi (hal_volume));
 		drive->priv->hal_drive_udi = g_strdup (libhal_drive_get_udi (hal_drive));
+		drive->priv->hal_backing_crypto_volume_udi = g_strdup (backing_udi);
                 drive->priv->must_eject_at_unmount = libhal_drive_requires_eject (hal_drive);
 
 #ifdef HAL_SHOW_DEBUG
@@ -1046,6 +1107,10 @@ _hal_add_volume (GnomeVFSVolumeMonitorDa
 	
 	ret = TRUE;
 out:
+
+	if (backing_udi != NULL)
+		libhal_free_string (backing_udi);
+	
 	return ret;
 }
 
@@ -1105,6 +1170,10 @@ _hal_update_all (GnomeVFSVolumeMonitorDa
 
 				}
 
+#ifdef HAL_SHOW_DEBUG
+				g_debug ("  added %d volumes", num_volumes_added);
+#endif
+
 				if (num_volumes_added == 0) {
 					/* if we didn't add any volumes show the drive_without_volumes drive */
 					_hal_add_drive_without_volumes (volume_monitor_daemon, drive);
@@ -1242,12 +1311,45 @@ _hal_device_removed (LibHalContext *hal_
 	}
 
 	if (drive != NULL) {
+		char *backing_udi;
+
 		if (hal_drive_udi == NULL)
 			hal_drive_udi = g_strdup (drive->priv->hal_drive_udi);
 #ifdef HAL_SHOW_DEBUG
 		g_debug ("Removing GnomeVFSDrive for device path %s", drive->priv->device_path);
 #endif
+
+		if (drive->priv->hal_backing_crypto_volume_udi != NULL)
+			backing_udi = g_strdup (drive->priv->hal_backing_crypto_volume_udi);
+		else
+			backing_udi = NULL;
+
+
 		_gnome_vfs_volume_monitor_disconnected (GNOME_VFS_VOLUME_MONITOR (volume_monitor_daemon), drive);
+
+		if (backing_udi != NULL) {
+			LibHalVolume *crypto_volume;
+
+#ifdef HAL_SHOW_DEBUG
+			g_debug ("Adding back GnomeVFSDrive for crypto volume");
+#endif
+			crypto_volume = libhal_volume_from_udi (volume_monitor_daemon->hal_ctx, backing_udi);
+			if (crypto_volume != NULL) {
+				LibHalDrive *crypto_drive;
+				
+				crypto_drive = libhal_drive_from_udi (
+					volume_monitor_daemon->hal_ctx,
+					libhal_volume_get_storage_device_udi (crypto_volume));
+				if (crypto_drive != NULL) {
+					_hal_add_volume (volume_monitor_daemon, crypto_drive, crypto_volume);
+					libhal_drive_free (crypto_drive);
+				}
+				libhal_volume_free (crypto_volume);
+			}
+			
+			g_free (backing_udi);
+		}
+
 	}
 
 #ifdef HAL_SHOW_DEBUG
Index: libgnomevfs/gnome-vfs-volume-monitor-private.h
===================================================================
RCS file: /cvs/gnome/gnome-vfs/libgnomevfs/gnome-vfs-volume-monitor-private.h,v
retrieving revision 1.10
diff -u -p -r1.10 gnome-vfs-volume-monitor-private.h
--- libgnomevfs/gnome-vfs-volume-monitor-private.h	14 Nov 2005 11:11:24 -0000	1.10
+++ libgnomevfs/gnome-vfs-volume-monitor-private.h	14 Feb 2006 09:28:55 -0000
@@ -87,6 +87,7 @@ struct _GnomeVFSDrivePrivate {
 	/* Only for HAL devices: */
 	char *hal_udi;
 	char *hal_drive_udi; /* only available to daemon; not exported */
+	char *hal_backing_crypto_volume_udi; /* only available to daemon; not exported */
 
 	gboolean must_eject_at_unmount;
 };


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]