From: David Zeuthen Date: Wed, 7 Dec 2011 16:59:35 +0000 (-0500) Subject: Add Encrypted.ChangePassphrase() method X-Git-Tag: upstream/2.1.2~379 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=7a7af583bf6e5b7e57451c1ce2e5280ae764215e;p=platform%2Fupstream%2Fudisks2.git Add Encrypted.ChangePassphrase() method Signed-off-by: David Zeuthen --- diff --git a/data/org.freedesktop.UDisks2.xml b/data/org.freedesktop.UDisks2.xml index e2e48cc..b4ed330 100644 --- a/data/org.freedesktop.UDisks2.xml +++ b/data/org.freedesktop.UDisks2.xml @@ -1231,6 +1231,27 @@ + + + + + + + + diff --git a/doc/udisks2-sections.txt b/doc/udisks2-sections.txt index 6e00805..d753871 100644 --- a/doc/udisks2-sections.txt +++ b/doc/udisks2-sections.txt @@ -853,6 +853,10 @@ udisks_encrypted_call_lock udisks_encrypted_call_lock_finish udisks_encrypted_call_lock_sync udisks_encrypted_complete_lock +udisks_encrypted_call_change_passphrase +udisks_encrypted_call_change_passphrase_finish +udisks_encrypted_call_change_passphrase_sync +udisks_encrypted_complete_change_passphrase UDisksEncryptedProxy UDisksEncryptedProxyClass udisks_encrypted_proxy_new diff --git a/policy/org.freedesktop.udisks2.policy.in b/policy/org.freedesktop.udisks2.policy.in index e95115a..4a30884 100644 --- a/policy/org.freedesktop.udisks2.policy.in +++ b/policy/org.freedesktop.udisks2.policy.in @@ -91,6 +91,26 @@ + + <_description>Change passphrase for an encrypted device + <_message>Authentication is required to change the passphrase for an encrypted device + + auth_admin + auth_admin + yes + + + + + <_description>Change passphrase for an encrypted device + <_message>Authentication is required to change the passphrase for an encrypted device + + auth_admin + auth_admin + auth_admin_keep + + + <_description>Manage loop devices diff --git a/src/udiskslinuxencrypted.c b/src/udiskslinuxencrypted.c index 58177c6..574bfba 100644 --- a/src/udiskslinuxencrypted.c +++ b/src/udiskslinuxencrypted.c @@ -538,9 +538,104 @@ handle_lock (UDisksEncrypted *encrypted, /* ---------------------------------------------------------------------------------------------------- */ +/* runs in thread dedicated to handling @invocation */ +static gboolean +handle_change_passphrase (UDisksEncrypted *encrypted, + GDBusMethodInvocation *invocation, + const gchar *passphrase, + const gchar *new_passphrase, + GVariant *options) +{ + UDisksObject *object = NULL; + UDisksBlock *block; + UDisksDaemon *daemon; + gchar *error_message = NULL; + uid_t caller_uid; + const gchar *action_id; + gchar *passphrases = NULL; + GError *error; + + object = UDISKS_OBJECT (g_dbus_interface_get_object (G_DBUS_INTERFACE (encrypted))); + block = udisks_object_peek_block (object); + daemon = udisks_linux_block_object_get_daemon (UDISKS_LINUX_BLOCK_OBJECT (object)); + + /* TODO: check if the device is mentioned in /etc/crypttab (see crypttab(5)) - if so use that + * + * Of course cryptsetup(8) don't support that, see https://bugzilla.redhat.com/show_bug.cgi?id=692258 + */ + + /* Fail if the device is not a LUKS device */ + if (!(g_strcmp0 (udisks_block_get_id_usage (block), "crypto") == 0 && + g_strcmp0 (udisks_block_get_id_type (block), "crypto_LUKS") == 0)) + { + g_dbus_method_invocation_return_error (invocation, + UDISKS_ERROR, + UDISKS_ERROR_FAILED, + "Device %s does not appear to be a LUKS device", + udisks_block_get_device (block)); + goto out; + } + + error = NULL; + if (!udisks_daemon_util_get_caller_uid_sync (daemon, invocation, NULL /* GCancellable */, &caller_uid, NULL, &error)) + { + g_dbus_method_invocation_return_gerror (invocation, error); + g_error_free (error); + goto out; + } + + /* Now, check that the user is actually authorized to unlock the device. + */ + action_id = "org.freedesktop.udisks2.encrypted-change-passphrase"; + if (udisks_block_get_hint_system (block) && + !(udisks_daemon_util_setup_by_user (daemon, object, caller_uid))) + action_id = "org.freedesktop.udisks2.encrypted-change-passphrase-system"; + //if (is_in_crypttab) + // action_id = "org.freedesktop.udisks2.encrypted-unlock-crypttab"; + if (!udisks_daemon_util_check_authorization_sync (daemon, + object, + action_id, + options, + N_("Authentication is required to unlock the encrypted device $(udisks2.device)"), + invocation)) + goto out; + + passphrases = g_strdup_printf ("%s\n%s", passphrase, new_passphrase); + if (!udisks_daemon_launch_spawned_job_sync (daemon, + object, + NULL, /* GCancellable */ + 0, /* uid_t run_as_uid */ + 0, /* uid_t run_as_euid */ + NULL, /* gint *out_status */ + &error_message, + passphrases, /* input_string */ + "cryptsetup luksChangeKey \"%s\"", + udisks_block_get_device (block))) + { + g_dbus_method_invocation_return_error (invocation, + UDISKS_ERROR, + UDISKS_ERROR_FAILED, + "Error changing passphrase on device %s: %s", + udisks_block_get_device (block), + error_message); + goto out; + } + + udisks_encrypted_complete_change_passphrase (encrypted, invocation); + + out: + g_free (passphrases); + g_free (error_message); + + return TRUE; /* returning TRUE means that we handled the method invocation */ +} + +/* ---------------------------------------------------------------------------------------------------- */ + static void encrypted_iface_init (UDisksEncryptedIface *iface) { - iface->handle_unlock = handle_unlock; - iface->handle_lock = handle_lock; + iface->handle_unlock = handle_unlock; + iface->handle_lock = handle_lock; + iface->handle_change_passphrase = handle_change_passphrase; }