g13: Second chunk of code to support dm-crypt.

* g13/be-dmcrypt.c, g13/be-dmcrypt.h: New.
* g13/Makefile.am (g13_SOURCES): Add them.
* g13/backend.c: Include be-dmcrypt.h and call-syshelp.h.
(no_such_backend): Rename to _no_such_backend and provide replacement
macro.
(be_is_supported_conttype): Support DM-Crypt.
(be_take_lock_for_create): Call set_segvice for DM-Crypt.
(be_create_new_keys): Make it a dummy for DM-Crypt.
(be_create_container): Call be_dmcrypt_create_container.
(be_mount_container): call be_dmcrypt_mount_container.
* g13/g13-syshelp.c (main): Enable verbose mode.
* g13/g13tuple.c (get_tupledesc_data): New.
* g13/g13tuple.h (unref_tupledesc): New.
* g13/g13.h (server_control_): Add field "recipients".
* g13/g13.c (main): Fix setting of recipients via cmdline.
(g13_deinit_default_ctrl): Release recipients list.
(g13_request_shutdown): New.  Replace all direct update of
shutdown_pending by calls this function.
* g13/server.c (server_local_s): Remove field recipients which is now
part of CTRL.
(reset_notify, cmd_recipient, cmd_create): Adjust for this change.
* g13/create.c (encrypt_keyblob): Rename to g13_encrypt_keyblob.
(g13_create_container): Support DM-Crypt.
* g13/mount.c (parse_header): Allow for meta data copies.
(g13_mount_container): Support DM-Crypt.
* g13/sh-cmd.c (cmd_create): Make it work.
(cmd_mount): New.
* g13/sh-dmcrypt.c (sh_dmcrypt_create_container): Make it work.
(sh_dmcrypt_mount_container): New.
--

With this patch we can now create an encrypted partition and partly
mount it (i.e. setup keys and create the mapped device). We do not yet
create a file system or mount that file system

Signed-off-by: Werner Koch <wk@gnupg.org>

1 files changed, 35 insertions, 18 deletions

diff --git a/g13/mount.c b/g13/mount.c
index bc54020eb..c5c8f22b4 100644
--- a/g13/mount.c
+++ b/g13/mount.c
@@ -70,11 +70,8 @@ parse_header (const char *filename,
     log_info ("WARNING: unknown meta information in '%s'\n", filename);
   if (packet[19])
     log_info ("WARNING: OS flag is not supported in '%s'\n", filename);
-  if (packet[24] != 1 || packet[25] != 0)
-    {
-      log_error ("meta data copies in '%s' are not supported\n", filename);
-      return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
-    }
+  if (packet[24] > 1 )
+    log_info ("Note: meta data copies in '%s' are ignored\n", filename);
 
   len = buf32_to_uint (packet+20);
 
@@ -216,6 +213,7 @@ g13_mount_container (ctrl_t ctrl, const char *filename, const char *mountpoint)
 {
   gpg_error_t err;
   dotlock_t lock;
+  int needs_syshelp;
   void *enckeyblob = NULL;
   size_t enckeybloblen;
   void *keyblob = NULL;
@@ -231,6 +229,12 @@ g13_mount_container (ctrl_t ctrl, const char *filename, const char *mountpoint)
   if (access (filename, R_OK))
     return gpg_error_from_syserror ();
 
+  /* Decide whether we need to use the g13-syshelp because we can't
+     use lock files for them.  This is most likely the case for device
+     files; thus we test for this.  FIXME: The correct solution would
+     be to call g13-syshelp to match the file against the g13tab.  */
+  needs_syshelp = !strncmp (filename, "/dev/", 5);
+
   if (!mountpoint)
     {
       mountpoint_buffer = xtrystrdup ("/tmp/g13-XXXXXX");
@@ -247,21 +251,25 @@ g13_mount_container (ctrl_t ctrl, const char *filename, const char *mountpoint)
       mountpoint = mountpoint_buffer;
     }
 
-  /* Try to take a lock.  */
-  lock = dotlock_create (filename, 0);
-  if (!lock)
+  err = 0;
+  if (needs_syshelp)
+    lock = NULL;
+  else
     {
-      xfree (mountpoint_buffer);
-      return gpg_error_from_syserror ();
-    }
+      /* Try to take a lock.  */
+      lock = dotlock_create (filename, 0);
+      if (!lock)
+        {
+          xfree (mountpoint_buffer);
+          return gpg_error_from_syserror ();
+        }
 
-  if (dotlock_take (lock, 0))
-    {
-      err = gpg_error_from_syserror ();
-      goto leave;
+      if (dotlock_take (lock, 0))
+        {
+          err = gpg_error_from_syserror ();
+          goto leave;
+        }
     }
-  else
-    err = 0;
 
   /* Check again that the file exists.  */
   {
@@ -275,6 +283,8 @@ g13_mount_container (ctrl_t ctrl, const char *filename, const char *mountpoint)
   }
 
   /* Read the encrypted keyblob.  */
+  /* Fixme: Should we move this to syshelp for dm-crypt or do we
+     assume that the encrypted device is world readable?  */
   err = read_keyblob (filename, &enckeyblob, &enckeybloblen);
   if (err)
     goto leave;
@@ -311,8 +321,15 @@ g13_mount_container (ctrl_t ctrl, const char *filename, const char *mountpoint)
       goto leave;
     }
   err = be_mount_container (ctrl, conttype, filename, mountpoint, tuples, &rid);
-  if (!err)
+  if (err)
+    ;
+  else if (conttype == CONTTYPE_DM_CRYPT)
+    g13_request_shutdown ();
+  else
     {
+      /* Unless this is a DM-CRYPT mount we put it into our mounttable
+         so that we can manage the mounts ourselves.  For dm-crypt we
+         do not keep a process to monitor he mounts (for now).  */
       err = mountinfo_add_mount (filename, mountpoint, conttype, rid,
                                  !!mountpoint_buffer);
       /* Fixme: What shall we do if this fails?  Add a provisional