Add support for TCRYPT volumes to GMountOperation

Add G_ASK_PASSWORD_TCRYPT flag to GAskPasswordFlags and add the
following properties to GMountOperation:

- hidden_volume [1]
- system_volume [2]
- pim [3]

[1] https://www.veracrypt.fr/en/Hidden%20Volume.html
[2] https://www.veracrypt.fr/en/System%20Encryption.html
[3] https://www.veracrypt.fr/en/Personal%20Iterations%20Multiplier%20(PIM).html
This commit is contained in:
segfault 2018-03-09 00:40:17 +01:00
parent 1c673535fe
commit 76b4d0ab3f
7 changed files with 298 additions and 6 deletions

View File

@ -1497,6 +1497,12 @@ g_mount_operation_get_password_save
g_mount_operation_set_password_save g_mount_operation_set_password_save
g_mount_operation_get_choice g_mount_operation_get_choice
g_mount_operation_set_choice g_mount_operation_set_choice
g_mount_operation_get_is_tcrypt_hidden_volume
g_mount_operation_set_is_tcrypt_hidden_volume
g_mount_operation_get_is_tcrypt_system_volume
g_mount_operation_set_is_tcrypt_system_volume
g_mount_operation_get_pim
g_mount_operation_set_pim
g_mount_operation_reply g_mount_operation_reply
<SUBSECTION Standard> <SUBSECTION Standard>
GMountOperationClass GMountOperationClass

View File

@ -455,6 +455,21 @@
<listitem><para>Show extra information.</para> <listitem><para>Show extra information.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term><option>--tcrypt-pim</option></term>
<listitem><para>The numeric PIM when unlocking a VeraCrypt volume.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>--tcrypt-hidden</option></term>
<listitem><para>Mount a TCRYPT hidden volume.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>--tcrypt-system</option></term>
<listitem><para>Mount a TCRYPT system volume.</para>
</listitem>
</varlistentry>
</variablelist> </variablelist>
</refsect3> </refsect3>
</listitem> </listitem>

View File

@ -48,6 +48,9 @@ static gboolean anonymous = FALSE;
static gboolean mount_list = FALSE; static gboolean mount_list = FALSE;
static gboolean extra_detail = FALSE; static gboolean extra_detail = FALSE;
static gboolean mount_monitor = FALSE; static gboolean mount_monitor = FALSE;
static gboolean tcrypt_hidden = FALSE;
static gboolean tcrypt_system = FALSE;
static guint tcrypt_pim = 0;
static const char *unmount_scheme = NULL; static const char *unmount_scheme = NULL;
static const char *mount_device_file = NULL; static const char *mount_device_file = NULL;
static const char *stop_device_file = NULL; static const char *stop_device_file = NULL;
@ -68,6 +71,9 @@ static const GOptionEntry entries[] =
{ "list", 'l', 0, G_OPTION_ARG_NONE, &mount_list, N_("List"), NULL}, { "list", 'l', 0, G_OPTION_ARG_NONE, &mount_list, N_("List"), NULL},
{ "monitor", 'o', 0, G_OPTION_ARG_NONE, &mount_monitor, N_("Monitor events"), NULL}, { "monitor", 'o', 0, G_OPTION_ARG_NONE, &mount_monitor, N_("Monitor events"), NULL},
{ "detail", 'i', 0, G_OPTION_ARG_NONE, &extra_detail, N_("Show extra information"), NULL}, { "detail", 'i', 0, G_OPTION_ARG_NONE, &extra_detail, N_("Show extra information"), NULL},
{ "tcrypt-pim", 0, 0, G_OPTION_ARG_INT, &tcrypt_pim, N_("The numeric PIM when unlocking a VeraCrypt volume"), N_("PIM")},
{ "tcrypt-hidden", 0, 0, G_OPTION_ARG_NONE, &tcrypt_hidden, N_("Mount a TCRYPT hidden volume"), NULL},
{ "tcrypt-system", 0, 0, G_OPTION_ARG_NONE, &tcrypt_system, N_("Mount a TCRYPT system volume"), NULL},
{ NULL } { NULL }
}; };
@ -174,6 +180,16 @@ ask_password_cb (GMountOperation *op,
} }
} }
if (flags & G_ASK_PASSWORD_TCRYPT)
{
if (tcrypt_pim)
g_mount_operation_set_pim (op, tcrypt_pim);
if (tcrypt_hidden)
g_mount_operation_set_is_tcrypt_hidden_volume (op, TRUE);
if (tcrypt_system)
g_mount_operation_set_is_tcrypt_system_volume (op, TRUE);
}
/* Only try anonymous access once. */ /* Only try anonymous access once. */
if (anonymous && if (anonymous &&
GPOINTER_TO_INT (g_object_get_data (G_OBJECT (op), "state")) == MOUNT_OP_ASKED) GPOINTER_TO_INT (g_object_get_data (G_OBJECT (op), "state")) == MOUNT_OP_ASKED)

View File

@ -572,6 +572,7 @@ typedef enum {
* @G_ASK_PASSWORD_NEED_DOMAIN: operation requires a domain. * @G_ASK_PASSWORD_NEED_DOMAIN: operation requires a domain.
* @G_ASK_PASSWORD_SAVING_SUPPORTED: operation supports saving settings. * @G_ASK_PASSWORD_SAVING_SUPPORTED: operation supports saving settings.
* @G_ASK_PASSWORD_ANONYMOUS_SUPPORTED: operation supports anonymous users. * @G_ASK_PASSWORD_ANONYMOUS_SUPPORTED: operation supports anonymous users.
* @G_ASK_PASSWORD_TCRYPT: operation takes TCRYPT parameters (Since: 2.58)
* *
* #GAskPasswordFlags are used to request specific information from the * #GAskPasswordFlags are used to request specific information from the
* user, or to notify the user of their choices in an authentication * user, or to notify the user of their choices in an authentication
@ -582,7 +583,8 @@ typedef enum {
G_ASK_PASSWORD_NEED_USERNAME = (1 << 1), G_ASK_PASSWORD_NEED_USERNAME = (1 << 1),
G_ASK_PASSWORD_NEED_DOMAIN = (1 << 2), G_ASK_PASSWORD_NEED_DOMAIN = (1 << 2),
G_ASK_PASSWORD_SAVING_SUPPORTED = (1 << 3), G_ASK_PASSWORD_SAVING_SUPPORTED = (1 << 3),
G_ASK_PASSWORD_ANONYMOUS_SUPPORTED = (1 << 4) G_ASK_PASSWORD_ANONYMOUS_SUPPORTED = (1 << 4),
G_ASK_PASSWORD_TCRYPT = (1 << 5),
} GAskPasswordFlags; } GAskPasswordFlags;

View File

@ -47,6 +47,12 @@
* #GtkMountOperation. If no user interaction is desired (for example * #GtkMountOperation. If no user interaction is desired (for example
* when automounting filesystems at login time), usually %NULL can be * when automounting filesystems at login time), usually %NULL can be
* passed, see each method taking a #GMountOperation for details. * passed, see each method taking a #GMountOperation for details.
*
* The term TCRYPT is used to mean compatible with TrueCrypt and VeraCrypt.
* [TrueCrypt](https://en.wikipedia.org/wiki/TrueCrypt) is a discontinued system for
* encrypting file containers, partitions or whole disks, typically used with Windows.
* [VeraCrypt](https://www.veracrypt.fr/) is a maintained fork of TrueCrypt with various
* improvements and auditing fixes.
*/ */
enum { enum {
@ -68,6 +74,9 @@ struct _GMountOperationPrivate {
gboolean anonymous; gboolean anonymous;
GPasswordSave password_save; GPasswordSave password_save;
int choice; int choice;
gboolean hidden_volume;
gboolean system_volume;
guint pim;
}; };
enum { enum {
@ -77,7 +86,10 @@ enum {
PROP_ANONYMOUS, PROP_ANONYMOUS,
PROP_DOMAIN, PROP_DOMAIN,
PROP_PASSWORD_SAVE, PROP_PASSWORD_SAVE,
PROP_CHOICE PROP_CHOICE,
PROP_IS_TCRYPT_HIDDEN_VOLUME,
PROP_IS_TCRYPT_SYSTEM_VOLUME,
PROP_PIM
}; };
G_DEFINE_TYPE_WITH_PRIVATE (GMountOperation, g_mount_operation, G_TYPE_OBJECT) G_DEFINE_TYPE_WITH_PRIVATE (GMountOperation, g_mount_operation, G_TYPE_OBJECT)
@ -124,6 +136,21 @@ g_mount_operation_set_property (GObject *object,
g_value_get_int (value)); g_value_get_int (value));
break; break;
case PROP_IS_TCRYPT_HIDDEN_VOLUME:
g_mount_operation_set_is_tcrypt_hidden_volume (operation,
g_value_get_boolean (value));
break;
case PROP_IS_TCRYPT_SYSTEM_VOLUME:
g_mount_operation_set_is_tcrypt_system_volume (operation,
g_value_get_boolean (value));
break;
case PROP_PIM:
g_mount_operation_set_pim (operation,
g_value_get_uint (value));
break;
default: default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
break; break;
@ -169,6 +196,18 @@ g_mount_operation_get_property (GObject *object,
g_value_set_int (value, priv->choice); g_value_set_int (value, priv->choice);
break; break;
case PROP_IS_TCRYPT_HIDDEN_VOLUME:
g_value_set_boolean (value, priv->hidden_volume);
break;
case PROP_IS_TCRYPT_SYSTEM_VOLUME:
g_value_set_boolean (value, priv->system_volume);
break;
case PROP_PIM:
g_value_set_uint (value, priv->pim);
break;
default: default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
break; break;
@ -504,6 +543,60 @@ g_mount_operation_class_init (GMountOperationClass *klass)
0, G_MAXINT, 0, 0, G_MAXINT, 0,
G_PARAM_READWRITE| G_PARAM_READWRITE|
G_PARAM_STATIC_NAME|G_PARAM_STATIC_NICK|G_PARAM_STATIC_BLURB)); G_PARAM_STATIC_NAME|G_PARAM_STATIC_NICK|G_PARAM_STATIC_BLURB));
/**
* GMountOperation:is-tcrypt-hidden-volume:
*
* Whether the device to be unlocked is a TCRYPT hidden volume.
* See https://www.veracrypt.fr/en/Hidden%20Volume.html.
*
* Since: 2.58
*/
g_object_class_install_property (object_class,
PROP_IS_TCRYPT_HIDDEN_VOLUME,
g_param_spec_boolean ("is-tcrypt-hidden-volume",
P_("TCRYPT Hidden Volume"),
P_("Whether to unlock a TCRYPT hidden volume. See https://www.veracrypt.fr/en/Hidden%20Volume.html."),
FALSE,
G_PARAM_READWRITE|
G_PARAM_STATIC_NAME|G_PARAM_STATIC_NICK|G_PARAM_STATIC_BLURB));
/**
* GMountOperation:is-tcrypt-system-volume:
*
* Whether the device to be unlocked is a TCRYPT system volume.
* In this context, a system volume is a volume with a bootloader
* and operating system installed. This is only supported for Windows
* operating systems. For further documentation, see
* https://www.veracrypt.fr/en/System%20Encryption.html.
*
* Since: 2.58
*/
g_object_class_install_property (object_class,
PROP_IS_TCRYPT_SYSTEM_VOLUME,
g_param_spec_boolean ("is-tcrypt-system-volume",
P_("TCRYPT System Volume"),
P_("Whether to unlock a TCRYPT system volume. Only supported for unlocking Windows system volumes. See https://www.veracrypt.fr/en/System%20Encryption.html."),
FALSE,
G_PARAM_READWRITE|
G_PARAM_STATIC_NAME|G_PARAM_STATIC_NICK|G_PARAM_STATIC_BLURB));
/**
* GMountOperation:pim:
*
* The VeraCrypt PIM value, when unlocking a VeraCrypt volume. See
* https://www.veracrypt.fr/en/Personal%20Iterations%20Multiplier%20(PIM).html.
*
* Since: 2.58
*/
g_object_class_install_property (object_class,
PROP_PIM,
g_param_spec_uint ("pim",
P_("PIM"),
P_("The VeraCrypt PIM value"),
0, G_MAXUINT, 0,
G_PARAM_READWRITE|
G_PARAM_STATIC_NAME|G_PARAM_STATIC_NICK|G_PARAM_STATIC_BLURB));
} }
static void static void
@ -736,6 +829,130 @@ g_mount_operation_set_choice (GMountOperation *op,
} }
} }
/**
* g_mount_operation_get_is_tcrypt_hidden_volume:
* @op: a #GMountOperation.
*
* Check to see whether the mount operation is being used
* for a TCRYPT hidden volume.
*
* Returns: %TRUE if mount operation is for hidden volume.
*
* Since: 2.58
**/
gboolean
g_mount_operation_get_is_tcrypt_hidden_volume (GMountOperation *op)
{
g_return_val_if_fail (G_IS_MOUNT_OPERATION (op), FALSE);
return op->priv->hidden_volume;
}
/**
* g_mount_operation_set_is_tcrypt_hidden_volume:
* @op: a #GMountOperation.
* @hidden_volume: boolean value.
*
* Sets the mount operation to use a hidden volume if @hidden_volume is %TRUE.
*
* Since: 2.58
**/
void
g_mount_operation_set_is_tcrypt_hidden_volume (GMountOperation *op,
gboolean hidden_volume)
{
GMountOperationPrivate *priv;
g_return_if_fail (G_IS_MOUNT_OPERATION (op));
priv = op->priv;
if (priv->hidden_volume != hidden_volume)
{
priv->hidden_volume = hidden_volume;
g_object_notify (G_OBJECT (op), "is-tcrypt-hidden-volume");
}
}
/**
* g_mount_operation_get_is_tcrypt_system_volume:
* @op: a #GMountOperation.
*
* Check to see whether the mount operation is being used
* for a TCRYPT system volume.
*
* Returns: %TRUE if mount operation is for system volume.
*
* Since: 2.58
**/
gboolean
g_mount_operation_get_is_tcrypt_system_volume (GMountOperation *op)
{
g_return_val_if_fail (G_IS_MOUNT_OPERATION (op), FALSE);
return op->priv->system_volume;
}
/**
* g_mount_operation_set_is_tcrypt_system_volume:
* @op: a #GMountOperation.
* @system_volume: boolean value.
*
* Sets the mount operation to use a system volume if @system_volume is %TRUE.
*
* Since: 2.58
**/
void
g_mount_operation_set_is_tcrypt_system_volume (GMountOperation *op,
gboolean system_volume)
{
GMountOperationPrivate *priv;
g_return_if_fail (G_IS_MOUNT_OPERATION (op));
priv = op->priv;
if (priv->system_volume != system_volume)
{
priv->system_volume = system_volume;
g_object_notify (G_OBJECT (op), "is-tcrypt-system-volume");
}
}
/**
* g_mount_operation_get_pim:
* @op: a #GMountOperation.
*
* Gets a PIM from the mount operation.
*
* Returns: The VeraCrypt PIM within @op.
*
* Since: 2.58
**/
guint
g_mount_operation_get_pim (GMountOperation *op)
{
g_return_val_if_fail (G_IS_MOUNT_OPERATION (op), 0);
return op->priv->pim;
}
/**
* g_mount_operation_set_pim:
* @op: a #GMountOperation.
* @pim: an unsigned integer.
*
* Sets the mount operation's PIM to @pim.
*
* Since: 2.58
**/
void
g_mount_operation_set_pim (GMountOperation *op,
guint pim)
{
GMountOperationPrivate *priv;
g_return_if_fail (G_IS_MOUNT_OPERATION (op));
priv = op->priv;
if (priv->pim != pim)
{
priv->pim = pim;
g_object_notify (G_OBJECT (op), "pim");
}
}
/** /**
* g_mount_operation_reply: * g_mount_operation_reply:
* @op: a #GMountOperation * @op: a #GMountOperation

View File

@ -149,6 +149,21 @@ void g_mount_operation_set_choice (GMountOperation *op,
GLIB_AVAILABLE_IN_ALL GLIB_AVAILABLE_IN_ALL
void g_mount_operation_reply (GMountOperation *op, void g_mount_operation_reply (GMountOperation *op,
GMountOperationResult result); GMountOperationResult result);
GLIB_AVAILABLE_IN_2_58
gboolean g_mount_operation_get_is_tcrypt_hidden_volume (GMountOperation *op);
GLIB_AVAILABLE_IN_2_58
void g_mount_operation_set_is_tcrypt_hidden_volume (GMountOperation *op,
gboolean hidden_volume);
GLIB_AVAILABLE_IN_2_58
gboolean g_mount_operation_get_is_tcrypt_system_volume (GMountOperation *op);
GLIB_AVAILABLE_IN_2_58
void g_mount_operation_set_is_tcrypt_system_volume (GMountOperation *op,
gboolean system_volume);
GLIB_AVAILABLE_IN_2_58
guint g_mount_operation_get_pim (GMountOperation *op);
GLIB_AVAILABLE_IN_2_58
void g_mount_operation_set_pim (GMountOperation *op,
guint pim);
G_END_DECLS G_END_DECLS

View File

@ -45,6 +45,9 @@ test_properties (void)
gchar *domain = NULL; gchar *domain = NULL;
GPasswordSave password_save; GPasswordSave password_save;
int choice; int choice;
gboolean hidden_volume;
gboolean system_volume;
guint pim;
op = g_mount_operation_new (); op = g_mount_operation_new ();
@ -55,6 +58,9 @@ test_properties (void)
"domain", &domain, "domain", &domain,
"password-save", &password_save, "password-save", &password_save,
"choice", &choice, "choice", &choice,
"is-tcrypt-hidden-volume", &hidden_volume,
"is-tcrypt-system-volume", &system_volume,
"pim", &pim,
NULL); NULL);
g_assert_cmpstr (username, ==, g_mount_operation_get_username (op)); g_assert_cmpstr (username, ==, g_mount_operation_get_username (op));
@ -63,6 +69,9 @@ test_properties (void)
g_assert_cmpstr (domain, ==, g_mount_operation_get_domain (op)); g_assert_cmpstr (domain, ==, g_mount_operation_get_domain (op));
g_assert_cmpint (password_save, ==, g_mount_operation_get_password_save (op)); g_assert_cmpint (password_save, ==, g_mount_operation_get_password_save (op));
g_assert_cmpint (choice, ==, g_mount_operation_get_choice (op)); g_assert_cmpint (choice, ==, g_mount_operation_get_choice (op));
g_assert_cmpint (hidden_volume, ==, g_mount_operation_get_is_tcrypt_hidden_volume (op));
g_assert_cmpint (system_volume, ==, g_mount_operation_get_is_tcrypt_system_volume (op));
g_assert_cmpuint (pim, ==, g_mount_operation_get_pim (op));
g_mount_operation_set_username (op, "username"); g_mount_operation_set_username (op, "username");
g_assert_cmpstr (g_mount_operation_get_username (op), ==, "username"); g_assert_cmpstr (g_mount_operation_get_username (op), ==, "username");
@ -82,6 +91,15 @@ test_properties (void)
g_mount_operation_set_choice (op, 5); g_mount_operation_set_choice (op, 5);
g_assert_cmpint (g_mount_operation_get_choice (op), ==, 5); g_assert_cmpint (g_mount_operation_get_choice (op), ==, 5);
g_mount_operation_set_is_tcrypt_hidden_volume (op, !hidden_volume);
g_assert_cmpint (g_mount_operation_get_is_tcrypt_hidden_volume (op), ==, !hidden_volume);
g_mount_operation_set_is_tcrypt_system_volume (op, !system_volume);
g_assert_cmpint (g_mount_operation_get_is_tcrypt_system_volume (op), ==, !system_volume);
g_mount_operation_set_pim (op, 5);
g_assert_cmpuint (g_mount_operation_get_pim (op), ==, 5);
g_object_set (op, g_object_set (op,
"username", "other-username", "username", "other-username",
"password", "other-password", "password", "other-password",
@ -89,6 +107,9 @@ test_properties (void)
"domain", "other-domain", "domain", "other-domain",
"password-save", G_PASSWORD_SAVE_PERMANENTLY, "password-save", G_PASSWORD_SAVE_PERMANENTLY,
"choice", 4, "choice", 4,
"is-tcrypt-hidden-volume", FALSE,
"is-tcrypt-system-volume", FALSE,
"pim", 4,
NULL); NULL);
g_free (domain); g_free (domain);