diff --git a/align/Makefile.am b/align/Makefile.am index 1eccf2832..eb4426352 100644 --- a/align/Makefile.am +++ b/align/Makefile.am @@ -33,6 +33,7 @@ SHARED_SOURCE_FILES = \ ../df/parallel.c \ ../df/parallel.h \ ../fish/config.c \ + ../fish/decrypt.c \ ../fish/display-options.h \ ../fish/display-options.c \ ../fish/domain.c \ diff --git a/cat/Makefile.am b/cat/Makefile.am index 38faa9442..5e557426b 100644 --- a/cat/Makefile.am +++ b/cat/Makefile.am @@ -31,6 +31,7 @@ EXTRA_DIST = \ bin_PROGRAMS = virt-cat virt-filesystems virt-log virt-ls SHARED_SOURCE_FILES = \ + ../fish/decrypt.c \ ../fish/display-options.h \ ../fish/display-options.c \ ../fish/domain.c \ diff --git a/df/Makefile.am b/df/Makefile.am index ce1686ae3..6efc1dcf0 100644 --- a/df/Makefile.am +++ b/df/Makefile.am @@ -28,6 +28,7 @@ bin_PROGRAMS = virt-df SHARED_SOURCE_FILES = \ ../fish/config.c \ + ../fish/decrypt.c \ ../fish/display-options.h \ ../fish/display-options.c \ ../fish/domain.c \ diff --git a/diff/Makefile.am b/diff/Makefile.am index cdbe05c6c..7dfe2cdad 100644 --- a/diff/Makefile.am +++ b/diff/Makefile.am @@ -27,6 +27,7 @@ bin_PROGRAMS = virt-diff SHARED_SOURCE_FILES = \ ../cat/visit.h \ ../cat/visit.c \ + ../fish/decrypt.c \ ../fish/display-options.h \ ../fish/display-options.c \ ../fish/domain.c \ diff --git a/edit/Makefile.am b/edit/Makefile.am index 4ac4f08e9..dc9fbb083 100644 --- a/edit/Makefile.am +++ b/edit/Makefile.am @@ -26,6 +26,7 @@ bin_PROGRAMS = virt-edit SHARED_SOURCE_FILES = \ ../fish/config.c \ + ../fish/decrypt.c \ ../fish/display-options.h \ ../fish/display-options.c \ ../fish/domain.c \ diff --git a/fish/Makefile.am b/fish/Makefile.am index e1bc210fe..8fdcd27bd 100644 --- a/fish/Makefile.am +++ b/fish/Makefile.am @@ -73,6 +73,7 @@ EXTRA_DIST = \ # files must not include other guestfish files. SHARED_SOURCE_FILES = \ config.c \ + decrypt.c \ display-options.h \ display-options.c \ domain.c \ diff --git a/fish/decrypt.c b/fish/decrypt.c new file mode 100644 index 000000000..d6e041db6 --- /dev/null +++ b/fish/decrypt.c @@ -0,0 +1,102 @@ +/* libguestfs - shared disk decryption + * Copyright (C) 2010 Red Hat Inc. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +/** + * This file implements the decryption of disk images, usually done + * before mounting their partitions. + */ + +#include + +#include +#include +#include + +#include "c-ctype.h" + +#include "guestfs.h" + +#include "options.h" + +/** + * Make a LUKS map name from the partition name, + * eg. C<"/dev/vda2" =E "luksvda2"> + */ +static void +make_mapname (const char *device, char *mapname, size_t len) +{ + size_t i = 0; + + if (len < 5) + abort (); + strcpy (mapname, "luks"); + mapname += 4; + len -= 4; + + if (STRPREFIX (device, "/dev/")) + i = 5; + + for (; device[i] != '\0' && len >= 1; ++i) { + if (c_isalnum (device[i])) { + *mapname++ = device[i]; + len--; + } + } + + *mapname = '\0'; +} + +/** + * Simple implementation of decryption: look for any C + * partitions and decrypt them, then rescan for VGs. This only works + * for Fedora whole-disk encryption. WIP to make this work for other + * encryption schemes. + */ +void +inspect_do_decrypt (guestfs_h *g) +{ + CLEANUP_FREE_STRING_LIST char **partitions = guestfs_list_partitions (g); + if (partitions == NULL) + exit (EXIT_FAILURE); + + int need_rescan = 0; + size_t i; + for (i = 0; partitions[i] != NULL; ++i) { + CLEANUP_FREE char *type = guestfs_vfs_type (g, partitions[i]); + if (type && STREQ (type, "crypto_LUKS")) { + char mapname[32]; + make_mapname (partitions[i], mapname, sizeof mapname); + + CLEANUP_FREE char *key = read_key (partitions[i]); + /* XXX Should we call guestfs_luks_open_ro if readonly flag + * is set? This might break 'mount_ro'. + */ + if (guestfs_luks_open (g, partitions[i], key, mapname) == -1) + exit (EXIT_FAILURE); + + need_rescan = 1; + } + } + + if (need_rescan) { + if (guestfs_vgscan (g) == -1) + exit (EXIT_FAILURE); + if (guestfs_vg_activate_all (g, 1) == -1) + exit (EXIT_FAILURE); + } +} diff --git a/fish/inspect.c b/fish/inspect.c index 952d4f710..4a5b3c36c 100644 --- a/fish/inspect.c +++ b/fish/inspect.c @@ -202,71 +202,3 @@ print_inspect_prompt (void) dev ? dev : mountpoints[i+1], mountpoints[i]); } } - -/** - * Make a LUKS map name from the partition name, - * eg. C<"/dev/vda2" =E "luksvda2"> - */ -static void -make_mapname (const char *device, char *mapname, size_t len) -{ - size_t i = 0; - - if (len < 5) - abort (); - strcpy (mapname, "luks"); - mapname += 4; - len -= 4; - - if (STRPREFIX (device, "/dev/")) - i = 5; - - for (; device[i] != '\0' && len >= 1; ++i) { - if (c_isalnum (device[i])) { - *mapname++ = device[i]; - len--; - } - } - - *mapname = '\0'; -} - -/** - * Simple implementation of decryption: look for any C - * partitions and decrypt them, then rescan for VGs. This only works - * for Fedora whole-disk encryption. WIP to make this work for other - * encryption schemes. - */ -void -inspect_do_decrypt (guestfs_h *g) -{ - CLEANUP_FREE_STRING_LIST char **partitions = guestfs_list_partitions (g); - if (partitions == NULL) - exit (EXIT_FAILURE); - - int need_rescan = 0; - size_t i; - for (i = 0; partitions[i] != NULL; ++i) { - CLEANUP_FREE char *type = guestfs_vfs_type (g, partitions[i]); - if (type && STREQ (type, "crypto_LUKS")) { - char mapname[32]; - make_mapname (partitions[i], mapname, sizeof mapname); - - CLEANUP_FREE char *key = read_key (partitions[i]); - /* XXX Should we call guestfs_luks_open_ro if readonly flag - * is set? This might break 'mount_ro'. - */ - if (guestfs_luks_open (g, partitions[i], key, mapname) == -1) - exit (EXIT_FAILURE); - - need_rescan = 1; - } - } - - if (need_rescan) { - if (guestfs_vgscan (g) == -1) - exit (EXIT_FAILURE); - if (guestfs_vg_activate_all (g, 1) == -1) - exit (EXIT_FAILURE); - } -} diff --git a/fish/options.h b/fish/options.h index 061b41f95..e8a4ebcc3 100644 --- a/fish/options.h +++ b/fish/options.h @@ -111,6 +111,9 @@ struct mp { /* in config.c */ extern void parse_config (void); +/* in decrypt.c */ +extern void inspect_do_decrypt (guestfs_h *g); + /* in domain.c */ extern int add_libvirt_drives (guestfs_h *g, const char *guest); @@ -124,7 +127,6 @@ extern void print_inspect_prompt (void); #if COMPILING_VIRT_INSPECTOR /* (low-level inspection functions, used by virt-inspector only) */ -extern void inspect_do_decrypt (guestfs_h *g); extern void inspect_mount_root (guestfs_h *g, const char *root); #endif diff --git a/format/Makefile.am b/format/Makefile.am index d1969100f..0e881a5ab 100644 --- a/format/Makefile.am +++ b/format/Makefile.am @@ -26,6 +26,7 @@ bin_PROGRAMS = virt-format SHARED_SOURCE_FILES = \ ../fish/config.c \ + ../fish/decrypt.c \ ../fish/display-options.h \ ../fish/display-options.c \ ../fish/domain.c \ diff --git a/fuse/Makefile.am b/fuse/Makefile.am index d76647955..b8f5ad6a9 100644 --- a/fuse/Makefile.am +++ b/fuse/Makefile.am @@ -34,6 +34,7 @@ bin_PROGRAMS = \ # between guestfish and guestmount. SHARED_SOURCE_FILES = \ ../fish/config.c \ + ../fish/decrypt.c \ ../fish/display-options.h \ ../fish/display-options.c \ ../fish/domain.c \ diff --git a/inspector/Makefile.am b/inspector/Makefile.am index 00ca5d564..760e8106d 100644 --- a/inspector/Makefile.am +++ b/inspector/Makefile.am @@ -54,6 +54,7 @@ bin_PROGRAMS = virt-inspector SHARED_SOURCE_FILES = \ ../fish/config.c \ + ../fish/decrypt.c \ ../fish/display-options.h \ ../fish/display-options.c \ ../fish/domain.c \ diff --git a/rescue/Makefile.am b/rescue/Makefile.am index c2545bd4a..f2a3c39e3 100644 --- a/rescue/Makefile.am +++ b/rescue/Makefile.am @@ -27,6 +27,7 @@ bin_PROGRAMS = virt-rescue SHARED_SOURCE_FILES = \ ../fish/config.c \ + ../fish/decrypt.c \ ../fish/display-options.h \ ../fish/display-options.c \ ../fish/domain.c \