diff options
| author | qkzk <qu3nt1n@gmail.com> | 2023-01-19 21:16:22 +0100 |
|---|---|---|
| committer | qkzk <qu3nt1n@gmail.com> | 2023-01-19 21:16:22 +0100 |
| commit | 8ac8b045416b14dcb5c7b578a2179df8dd2370af (patch) | |
| tree | 1c00e95a40e8bb98b4cb2c0cdd674ebccf96a9fe /src | |
| parent | ff8fc67e27ceadf7e1214ca29c1492efa2bfec5b (diff) | |
encrypted devices: menu, navigate, mount, unmount. Documentation.luks
Diffstat (limited to 'src')
| -rw-r--r-- | src/cryptsetup.rs | 139 | ||||
| -rw-r--r-- | src/event_exec.rs | 12 |
2 files changed, 98 insertions, 53 deletions
diff --git a/src/cryptsetup.rs b/src/cryptsetup.rs index ef80628..2c306ed 100644 --- a/src/cryptsetup.rs +++ b/src/cryptsetup.rs @@ -153,6 +153,7 @@ pub struct CryptoDevice { uuid: String, fs_ver: String, mountpoints: Option<String>, + device_name: Option<String>, } impl CryptoDevice { @@ -198,7 +199,13 @@ impl CryptoDevice { [ "mkdir".to_owned(), "-p".to_owned(), - format!("/run/media/{}/{}", username, self.uuid), + format!( + "/run/media/{}/{}", + username, + self.device_name + .clone() + .unwrap_or_else(|| self.uuid.clone()) + ), ] } @@ -206,14 +213,26 @@ impl CryptoDevice { [ "mount".to_owned(), format!("/dev/mapper/{}", self.uuid), - format!("/run/media/{}/{}", username, self.uuid), + format!( + "/run/media/{}/{}", + username, + self.device_name + .clone() + .unwrap_or_else(|| self.uuid.clone()) + ), ] } fn format_umount_parameters(&self, username: &str) -> [String; 2] { [ "umount".to_owned(), - format!("/run/media/{}/{}", username, self.uuid), + format!( + "/run/media/{}/{}", + username, + self.device_name + .clone() + .unwrap_or_else(|| self.uuid.clone()) + ), ] } @@ -221,11 +240,71 @@ impl CryptoDevice { [ "cryptsetup".to_owned(), "luksClose".to_owned(), - self.uuid.to_owned(), + self.device_name + .clone() + .unwrap_or_else(|| self.uuid.clone()), ] } + fn mount_point(&self) -> Option<String> { + let system_info = System::new_all(); + system_info + .disks() + .iter() + .map(|d| d.mount_point()) + .map(|p| p.to_str()) + .filter(|s| s.is_some()) + .map(|s| s.unwrap().to_owned()) + .find(|s| s.contains(&self.uuid)) + } + + /// True if there's a mount point for this drive. + /// It's only valid if we mounted the device since it requires + /// the uuid to be in the mount point. + pub fn is_mounted(&self) -> bool { + self.mount_point().is_some() + } + + fn set_device_name(&mut self) -> FmResult<()> { + let child = Command::new("lsblk") + .arg("-l") + .arg("-n") + .arg(self.path.clone()) + .stdin(Stdio::piped()) + .stdout(Stdio::piped()) + .stderr(Stdio::piped()) + .spawn()?; + let output = child.wait_with_output()?; + info!( + "is opened ? output of lsblk\nstdout: {}\nstderr{}", + String::from_utf8(output.stdout.clone())?, + String::from_utf8(output.stderr)? + ); + let output = String::from_utf8(output.stdout)?; + if let Some(s) = output.lines().nth(1) { + self.device_name = Some( + s.split_whitespace() + .next() + .ok_or_else(|| FmError::custom("mapped point", "shouldn't be empty"))? + .to_owned(), + ); + } else { + self.device_name = None; + } + Ok(()) + } + + /// String representation of the device. + pub fn as_string(&self) -> FmResult<String> { + Ok(if let Some(mount_point) = self.mount_point() { + format!("{} -> {}", self.path, mount_point) + } else { + format!("{} - not mounted", self.path) + }) + } + fn open_mount(&mut self, username: &str, passwords: &mut PasswordHolder) -> FmResult<bool> { + self.set_device_name()?; if self.is_mounted() { Err(FmError::custom( "luks open mount", @@ -247,6 +326,7 @@ impl CryptoDevice { if !success { return Ok(false); } + self.set_device_name()?; // mkdir let (success, stdout, stderr) = sudo(&self.format_mkdir_parameters(username))?; info!("stdout: {}\nstderr: {}", stdout, stderr); @@ -266,6 +346,7 @@ impl CryptoDevice { } fn umount_close(&mut self, username: &str, passwords: &mut PasswordHolder) -> FmResult<bool> { + self.set_device_name()?; // sudo let (success, _, _) = sudo_password( &["-S".to_owned(), "ls".to_owned(), "/root".to_owned()], @@ -288,52 +369,6 @@ impl CryptoDevice { info!("stdout: {}\nstderr: {}", stdout, stderr); Ok(success) } - - fn mount_point(&self) -> Option<String> { - let system_info = System::new_all(); - system_info - .disks() - .iter() - .map(|d| d.mount_point()) - .map(|p| p.to_str()) - .filter(|s| s.is_some()) - .map(|s| s.unwrap().to_owned()) - .find(|s| s.contains(&self.uuid)) - } - - /// True if there's a mount point for this drive. - /// It's only valid if we mounted the device since it requires - /// the uuid to be in the mount point. - pub fn is_mounted(&self) -> bool { - self.mount_point().is_some() - } - - pub fn is_open(&self) -> FmResult<bool> { - let child = Command::new("lsblk") - .arg("-l") - .arg("-n") - .arg(self.path.clone()) - .stdin(Stdio::null()) - .stderr(Stdio::null()) - .spawn()?; - let output = child.wait_with_output()?; - info!( - "is opened ? output of lsblk\nstdout: {}\nstderr{}", - String::from_utf8(output.stdout.clone())?, - String::from_utf8(output.stderr)? - ); - let output = String::from_utf8(output.stdout)?; - Ok(output.lines().count() > 1) - } - - /// String representation of the device. - pub fn as_string(&self) -> FmResult<String> { - Ok(if let Some(mount_point) = self.mount_point() { - format!("{} -> {}", self.path, mount_point) - } else { - format!("{} - not mounted", self.path) - }) - } } /// Holds the device itself and its passwords. @@ -392,9 +427,9 @@ impl DeviceOpener { .cryptdevice .open_mount(&username, &mut passwords)?; if !success { - self.content[self.index].password_holder.reset(); Self::reset_faillock()? } + self.content[self.index].password_holder.reset(); Self::drop_sudo()?; Ok(()) } @@ -407,9 +442,9 @@ impl DeviceOpener { .cryptdevice .umount_close(&username, &mut passwords)?; if !success { - self.content[self.index].password_holder.reset(); Self::reset_faillock()? } + self.content[self.index].password_holder.reset(); Self::drop_sudo()?; Ok(()) } diff --git a/src/event_exec.rs b/src/event_exec.rs index 0cd1497..d41de69 100644 --- a/src/event_exec.rs +++ b/src/event_exec.rs @@ -1563,6 +1563,8 @@ impl EventExec { } } + /// Enter the encrypted device menu, allowing the user to mount/umount + /// a luks encrypted device. pub fn event_encrypted_drive(status: &mut Status) -> FmResult<()> { if status.encrypted_devices.is_empty() { status.encrypted_devices.update()?; @@ -1573,6 +1575,9 @@ impl EventExec { Ok(()) } + /// Mount the selected encrypted device. Will ask first for sudo password and + /// passphrase. + /// Those passwords are always dropped immediatly after the commands are run. pub fn event_mount_encrypted_drive(status: &mut Status) -> FmResult<()> { if !status.encrypted_devices.has_sudo() { Self::event_ask_password(status, PasswordKind::SUDO, EncryptedAction::MOUNT) @@ -1583,6 +1588,8 @@ impl EventExec { } } + /// Unmount the selected device. + /// Will ask first for a sudo password which is immediatly forgotten. pub fn event_umount_encrypted_drive(status: &mut Status) -> FmResult<()> { if !status.encrypted_devices.has_sudo() { Self::event_ask_password(status, PasswordKind::SUDO, EncryptedAction::UMOUNT) @@ -1591,6 +1598,7 @@ impl EventExec { } } + /// Ask for a password of some kind (sudo or device passphrase). pub fn event_ask_password( status: &mut Status, password_kind: PasswordKind, @@ -1605,20 +1613,22 @@ impl EventExec { Ok(()) } + /// Store a password of some kind (sudo or device passphrase). pub fn exec_store_password(status: &mut Status, password_kind: PasswordKind) -> FmResult<()> { let password = status.selected_non_mut().input.string(); status .encrypted_devices .set_password(password_kind, password); - info!("encrypted_devices {:?}", status.encrypted_devices); status.selected().reset_mode(); Ok(()) } + /// Select the next encrypted device pub fn event_encrypted_drive_next(status: &mut Status) { status.encrypted_devices.next() } + /// Select the previous encrypted device. pub fn event_encrypted_drive_prev(status: &mut Status) { status.encrypted_devices.prev() } |