|
|
|
@ -11,6 +11,7 @@ import subprocess
|
|
|
|
|
import os
|
|
|
|
|
import re
|
|
|
|
|
import logging
|
|
|
|
|
from CryptoBoxExceptions import *
|
|
|
|
|
|
|
|
|
|
"""exceptions:
|
|
|
|
|
VolumeIsActive
|
|
|
|
@ -55,15 +56,15 @@ class CryptoBoxContainer:
|
|
|
|
|
def setName(self, new_name):
|
|
|
|
|
if new_name == self.name: return
|
|
|
|
|
if self.isMounted():
|
|
|
|
|
raise "VolumeIsActive", "the container must be inactive during renaming"
|
|
|
|
|
raise CBVolumeIsActive("the container must be inactive during renaming")
|
|
|
|
|
if not re.search(r'^[a-zA-Z0-9_\.\- ]+$', new_name):
|
|
|
|
|
raise "InvalidName", "the supplied new name contains illegal characters"
|
|
|
|
|
raise CBInvalidName("the supplied new name contains illegal characters")
|
|
|
|
|
"check for active partitions with the same name"
|
|
|
|
|
prev_name_owner = self.cbox.getContainerList(filterName=new_name)
|
|
|
|
|
if prev_name_owner:
|
|
|
|
|
for a in prev_name_owner:
|
|
|
|
|
if a.isMounted():
|
|
|
|
|
raise "NameActivelyUsed", "the supplied new name is already in use for an active partition"
|
|
|
|
|
raise CBNameActivelyUsed("the supplied new name is already in use for an active partition")
|
|
|
|
|
self.cbox.setNameForUUID(self.uuid, new_name)
|
|
|
|
|
self.name = new_name
|
|
|
|
|
|
|
|
|
@ -116,21 +117,20 @@ class CryptoBoxContainer:
|
|
|
|
|
self.__createPlain()
|
|
|
|
|
self.resetObject()
|
|
|
|
|
return
|
|
|
|
|
raise "InvalidType", "invalid container type (%d) supplied" % (type, )
|
|
|
|
|
raise CBInvalidType("invalid container type (%d) supplied" % (type, ))
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def changePassword(self, oldpw, newpw):
|
|
|
|
|
if self.type != self.Types["luks"]:
|
|
|
|
|
raise "InvalidType", \
|
|
|
|
|
"changing of password is possible only for luks containers"
|
|
|
|
|
raise CBInvalidType("changing of password is possible only for luks containers")
|
|
|
|
|
if not oldpw:
|
|
|
|
|
raise "InvalidPassword", "no old password supplied for password change"
|
|
|
|
|
raise CBInvalidPassword("no old password supplied for password change")
|
|
|
|
|
if not newpw:
|
|
|
|
|
raise "InvalidPassword", "no new password supplied for password change"
|
|
|
|
|
raise CBInvalidPassword("no new password supplied for password change")
|
|
|
|
|
"return if new and old passwords are the same"
|
|
|
|
|
if oldpw == newpw: return
|
|
|
|
|
if self.isMounted():
|
|
|
|
|
raise "VolumeIsActive", "this container is currently active"
|
|
|
|
|
raise CBVolumeIsActive("this container is currently active")
|
|
|
|
|
devnull = None
|
|
|
|
|
try:
|
|
|
|
|
devnull = open(os.devnull, "w")
|
|
|
|
@ -156,13 +156,13 @@ class CryptoBoxContainer:
|
|
|
|
|
if proc.returncode != 0:
|
|
|
|
|
errorMsg = "Could not add a new luks key: %s - %s" % (output.strip(), errout.strip(), )
|
|
|
|
|
self.log.error(errorMsg)
|
|
|
|
|
raise "ChangePasswordError", errorMsg
|
|
|
|
|
raise CBChangePasswordError(errorMsg)
|
|
|
|
|
## retrieve the key slot we used for unlocking
|
|
|
|
|
keys_found = re.search(r'key slot (\d{1,3}) unlocked', output).groups()
|
|
|
|
|
if keys_found:
|
|
|
|
|
keyslot = int(keys_found[0])
|
|
|
|
|
else:
|
|
|
|
|
raise "ChangePasswordError", "could not get the old key slot"
|
|
|
|
|
raise CBChangePasswordError("could not get the old key slot")
|
|
|
|
|
"remove the old key"
|
|
|
|
|
proc = subprocess.Popen(
|
|
|
|
|
shell = False,
|
|
|
|
@ -179,7 +179,7 @@ class CryptoBoxContainer:
|
|
|
|
|
if proc.returncode != 0:
|
|
|
|
|
errorMsg = "Could not remove the old luks key: %s" % (proc.stderr.read().strip(), )
|
|
|
|
|
self.log.error(errorMsg)
|
|
|
|
|
raise "ChangePasswordError", errorMsg
|
|
|
|
|
raise CBChangePasswordError(errorMsg)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@ -300,8 +300,8 @@ class CryptoBoxContainer:
|
|
|
|
|
def __mountLuks(self, password):
|
|
|
|
|
"mount a luks partition"
|
|
|
|
|
if not password:
|
|
|
|
|
raise "InvalidPassword", "no password supplied for luksOpen"
|
|
|
|
|
if self.isMounted(): raise "VolumeIsActive", "this container is already active"
|
|
|
|
|
raise CBInvalidPassword("no password supplied for luksOpen")
|
|
|
|
|
if self.isMounted(): raise CBVolumeIsActive("this container is already active")
|
|
|
|
|
self.__umountLuks()
|
|
|
|
|
try:
|
|
|
|
|
devnull = open(os.devnull, "w")
|
|
|
|
@ -313,7 +313,7 @@ class CryptoBoxContainer:
|
|
|
|
|
if not os.path.exists(self.__getMountPoint()):
|
|
|
|
|
errorMsg = "Could not create mountpoint (%s)" % (self.__getMountPoint(), )
|
|
|
|
|
self.log.error(errorMsg)
|
|
|
|
|
raise "MountError", errorMsg
|
|
|
|
|
raise CBMountError(errorMsg)
|
|
|
|
|
proc = subprocess.Popen(
|
|
|
|
|
shell = False,
|
|
|
|
|
stdin = subprocess.PIPE,
|
|
|
|
@ -332,7 +332,7 @@ class CryptoBoxContainer:
|
|
|
|
|
if proc.returncode != 0:
|
|
|
|
|
errorMsg = "Could not open the luks mapping: %s" % (errout.strip(), )
|
|
|
|
|
self.log.warn(errorMsg)
|
|
|
|
|
raise "MountError", errorMsg
|
|
|
|
|
raise CBMountError(errorMsg)
|
|
|
|
|
proc = subprocess.Popen(
|
|
|
|
|
shell = False,
|
|
|
|
|
stdin = None,
|
|
|
|
@ -348,7 +348,7 @@ class CryptoBoxContainer:
|
|
|
|
|
if proc.returncode != 0:
|
|
|
|
|
errorMsg = "Could not mount the filesystem: %s" % (proc.stderr.read().strip(), )
|
|
|
|
|
self.log.warn(errorMsg)
|
|
|
|
|
raise "MountError", errorMsg
|
|
|
|
|
raise CBMountError(errorMsg)
|
|
|
|
|
devnull.close()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@ -374,7 +374,7 @@ class CryptoBoxContainer:
|
|
|
|
|
if proc.returncode != 0:
|
|
|
|
|
errorMsg = "Could not umount the filesystem: %s" % (proc.stderr.read().strip(), )
|
|
|
|
|
self.log.warn(errorMsg)
|
|
|
|
|
raise "MountError", errorMsg
|
|
|
|
|
raise CBMountError(errorMsg)
|
|
|
|
|
if os.path.exists(os.path.join(self.__dmDir, self.name)):
|
|
|
|
|
proc = subprocess.Popen(
|
|
|
|
|
shell = False,
|
|
|
|
@ -392,13 +392,13 @@ class CryptoBoxContainer:
|
|
|
|
|
if proc.returncode != 0:
|
|
|
|
|
errorMsg = "Could not remove the luks mapping: %s" % (proc.stderr.read().strip(), )
|
|
|
|
|
self.log.warn(errorMsg)
|
|
|
|
|
raise "MountError", errorMsg
|
|
|
|
|
raise CBMountError(errorMsg)
|
|
|
|
|
devnull.close()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def __mountPlain(self):
|
|
|
|
|
"mount a plaintext partition"
|
|
|
|
|
if self.isMounted(): raise "VolumeIsActive", "this container is already active"
|
|
|
|
|
if self.isMounted(): raise CBVolumeIsActive("this container is already active")
|
|
|
|
|
devnull = None
|
|
|
|
|
try:
|
|
|
|
|
devnull = open(os.devnull, "w")
|
|
|
|
@ -410,7 +410,7 @@ class CryptoBoxContainer:
|
|
|
|
|
if not os.path.exists(self.__getMountPoint()):
|
|
|
|
|
errorMsg = "Could not create mountpoint (%s)" % (self.__getMountPoint(), )
|
|
|
|
|
self.log.error(errorMsg)
|
|
|
|
|
raise "MountError", errorMsg
|
|
|
|
|
raise CBMountError(errorMsg)
|
|
|
|
|
proc = subprocess.Popen(
|
|
|
|
|
shell = False,
|
|
|
|
|
stdin = None,
|
|
|
|
@ -426,7 +426,7 @@ class CryptoBoxContainer:
|
|
|
|
|
if proc.returncode != 0:
|
|
|
|
|
errorMsg = "Could not mount the filesystem: %s" % (proc.stderr.read().strip(), )
|
|
|
|
|
self.log.warn(errorMsg)
|
|
|
|
|
raise "MountError", errorMsg
|
|
|
|
|
raise CBMountError(errorMsg)
|
|
|
|
|
devnull.close()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@ -452,15 +452,14 @@ class CryptoBoxContainer:
|
|
|
|
|
if proc.returncode != 0:
|
|
|
|
|
errorMsg = "Could not umount the filesystem: %s" % (proc.stderr.read().strip(), )
|
|
|
|
|
self.log.warn(errorMsg)
|
|
|
|
|
raise "MountError", errorMsg
|
|
|
|
|
raise CBMountError(errorMsg)
|
|
|
|
|
devnull.close()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def __createPlain(self):
|
|
|
|
|
"make a plaintext partition"
|
|
|
|
|
if self.isMounted():
|
|
|
|
|
raise "VolumeIsActive", \
|
|
|
|
|
"deactivate the partition before filesystem initialization"
|
|
|
|
|
raise CBVolumeIsActive("deactivate the partition before filesystem initialization")
|
|
|
|
|
devnull = None
|
|
|
|
|
try:
|
|
|
|
|
devnull = open(os.devnull, "w")
|
|
|
|
@ -478,17 +477,16 @@ class CryptoBoxContainer:
|
|
|
|
|
if proc.returncode != 0:
|
|
|
|
|
errorMsg = "Could not create the filesystem: %s" % (proc.stderr.read().strip(), )
|
|
|
|
|
self.log.error(errorMsg)
|
|
|
|
|
raise "CreateError", errorMsg
|
|
|
|
|
raise CBCreateError(errorMsg)
|
|
|
|
|
devnull.close()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def __createLuks(self, password):
|
|
|
|
|
"make a luks partition"
|
|
|
|
|
if not password:
|
|
|
|
|
raise "InvalidPassword", "no password supplied for new luks mapping"
|
|
|
|
|
raise CBInvalidPassword("no password supplied for new luks mapping")
|
|
|
|
|
if self.isMounted():
|
|
|
|
|
raise "VolumeIsActive", \
|
|
|
|
|
"deactivate the partition before filesystem initialization"
|
|
|
|
|
raise CBVolumeIsActive("deactivate the partition before filesystem initialization")
|
|
|
|
|
devnull = None
|
|
|
|
|
try:
|
|
|
|
|
devnull = open(os.devnull, "w")
|
|
|
|
@ -516,7 +514,7 @@ class CryptoBoxContainer:
|
|
|
|
|
if proc.returncode != 0:
|
|
|
|
|
errorMsg = "Could not create the luks header: %s" % (errout.strip(), )
|
|
|
|
|
self.log.error(errorMsg)
|
|
|
|
|
raise "CreateError", errorMsg
|
|
|
|
|
raise CBCreateError(errorMsg)
|
|
|
|
|
"open the luks container for mkfs"
|
|
|
|
|
proc = subprocess.Popen(
|
|
|
|
|
shell = False,
|
|
|
|
@ -536,7 +534,7 @@ class CryptoBoxContainer:
|
|
|
|
|
if proc.returncode != 0:
|
|
|
|
|
errorMsg = "Could not open the new luks mapping: %s" % (errout.strip(), )
|
|
|
|
|
self.log.error(errorMsg)
|
|
|
|
|
raise "CreateError", errorMsg
|
|
|
|
|
raise CBCreateError(errorMsg)
|
|
|
|
|
"make the filesystem"
|
|
|
|
|
proc = subprocess.Popen(
|
|
|
|
|
shell = False,
|
|
|
|
@ -553,7 +551,7 @@ class CryptoBoxContainer:
|
|
|
|
|
errorMsg = "Could not create the filesystem: %s" % (proc.stderr.read().strip(), )
|
|
|
|
|
self.log.error(errorMsg)
|
|
|
|
|
"remove the luks mapping"
|
|
|
|
|
raise "CreateError", errorMsg
|
|
|
|
|
raise CBCreateError(errorMsg)
|
|
|
|
|
devnull.close()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|