def encrypt(self, passwd, cipher="", keysize=0, mount=False): cipher = cipher or config.get("filesystems", "cipher") or "aes-xts-plain64" keysize = keysize or config.get("filesystems", "keysize") or 256 os.rename(self.path, os.path.join(config.get("filesystems", "vdisk_dir"), self.id+".crypt")) self.path = os.path.join(config.get("filesystems", "vdisk_dir"), self.id+".crypt") # Find an open loopback device and mount loop = losetup.find_unused_loop_device() loop.mount(str(self.path), offset=1048576) # Encrypt the file inside the loopback and mount s = crypto.luks_format(loop.device, passwd, cipher, int(keysize)) if s != 0: loop.unmount() os.rename(self.path, os.path.join(config.get("filesystems", "vdisk_dir"), self.id+".img")) raise Exception("Failed to encrypt %s with errno %s"%(self.id, str(s))) s = crypto.luks_open(loop.device, self.id, passwd) if s != 0: loop.unmount() raise Exception("Failed to decrypt %s with errno %s"%(self.id, str(s))) # Create a filesystem inside the encrypted device s = shell("mkfs.ext4 /dev/mapper/%s" % self.id) crypto.luks_close(self.id) loop.unmount() if s["code"] != 0: raise Exception("Failed to format loop device: %s" % s["stderr"]) self.crypt = True if mount: self.mount(passwd)
def mount(self, passwd=None): if self.mountpoint and os.path.ismount(self.mountpoint): raise Exception("Disk partition already mounted") elif self.fstype == "Unknown": raise Exception("Cannot mount a partition of unknown type") signals.emit("filesystems", "pre_mount", self) mount_point = self.mountpoint if self.mountpoint else os.path.join("/media", self.id) if self.crypt and passwd: # Decrypt the disk first if it's an encrypted disk s = crypto.luks_open(self.path, self.id, passwd) if s != 0: raise Exception("Failed to decrypt %s with errno %s" % (self.id, str(s))) s = libc.mount(ctypes.c_char_p(os.path.join("/dev/mapper", self.id)), ctypes.c_char_p(mount_point), ctypes.c_char_p(self.fstype), 0, ctypes.c_char_p("")) if s == -1: crypto.luks_close(self.id) raise Exception("Failed to mount %s: %s" % (self.id, os.strerror(ctypes.get_errno()))) elif self.crypt and not passwd: raise Exception("Must provide password to decrypt encrypted disk") else: s = libc.mount(ctypes.c_char_p(self.path), ctypes.c_char_p(mount_point), ctypes.c_char_p(self.fstype), 0, ctypes.c_char_p("")) if s == -1: raise Exception("Failed to mount %s: %s"%(self.id, os.strerror(ctypes.get_errno()))) signals.emit("filesystems", "post_mount", self) self.mountpoint = mount_point
def mount(self, passwd=None): if self.mountpoint and os.path.ismount(self.mountpoint): raise Exception("Virtual disk already mounted") signals.emit("filesystems", "pre_mount", self) if not os.path.isdir(os.path.join("/media", self.id)): os.makedirs(os.path.join("/media", self.id)) mount_point = self.mountpoint if self.mountpoint else os.path.join("/media", self.id) # Find a free loopback device and mount loop = losetup.find_unused_loop_device() loop.mount(str(self.path), offset=1048576) if self.crypt and passwd: # If it's an encrypted virtual disk, decrypt first then mount s = crypto.luks_open(loop.device, self.id, passwd) if s != 0: loop.unmount() raise Exception("Failed to decrypt %s with errno %s" % (self.id, str(s))) s = libc.mount(ctypes.c_char_p(os.path.join("/dev/mapper", self.id)), ctypes.c_char_p(mount_point), ctypes.c_char_p(self.fstype), 0, ctypes.c_char_p("")) if s == -1: crypto.luks_close(self.id) loop.unmount() raise Exception("Failed to mount %s: %s" % (self.id, os.strerror(ctypes.get_errno()))) elif self.crypt and not passwd: raise Exception("Must provide password to decrypt encrypted container") else: s = libc.mount(ctypes.c_char_p(loop.device), ctypes.c_char_p(mount_point), ctypes.c_char_p(self.fstype), 0, ctypes.c_char_p("")) if s == -1: loop.unmount() raise Exception("Failed to mount %s: %s" % (self.id, os.strerror(ctypes.get_errno()))) signals.emit("filesystems", "post_mount", self) self.mountpoint = mount_point