Skip to content
This repository has been archived by the owner on Jan 5, 2024. It is now read-only.

Commit

Permalink
check if already unlocked and mounted
Browse files Browse the repository at this point in the history
  • Loading branch information
Allie Crevier committed Dec 13, 2019
1 parent ae8e16f commit 10f3674
Showing 1 changed file with 43 additions and 28 deletions.
71 changes: 43 additions & 28 deletions securedrop_export/export.py
Original file line number Diff line number Diff line change
Expand Up @@ -135,6 +135,7 @@ def __init__(self, archive, config_path):
datetime.datetime.now().strftime("%Y%m%d-%H%M%S")
)
self.tmpdir = tempfile.mkdtemp()
self.device_unlocked_externally = False

def safe_check_call(self, command, error_message):
"""
Expand Down Expand Up @@ -274,31 +275,42 @@ def unlock_luks_volume(self, encryption_key):
if 'UUID' in items[0]:
self.encrypted_device = 'luks-' + items[1]

# the luks device is not already unlocked
if not os.path.exists(os.path.join("/dev/mapper/", self.encrypted_device)):
logging.debug('Unlocking luks volume {}'.format(self.encrypted_device))
p = subprocess.Popen(
["sudo", "cryptsetup", "luksOpen", self.device, self.encrypted_device],
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE
)
logging.debug('Passing key')
p.communicate(input=str.encode(encryption_key, "utf-8"))
rc = p.returncode
if rc != 0:
logging.error('Bad phassphrase for {}'.format(self.encrypted_device))
self.exit_gracefully(ExportStatus.USB_BAD_PASSPHRASE.value)
# the luks device is already unlocked
if os.path.exists(os.path.join('/dev/mapper/', self.encrypted_device)):
logging.debug('Device already unlocked')
return

logging.debug('Unlocking luks volume {}'.format(self.encrypted_device))
p = subprocess.Popen(
["sudo", "cryptsetup", "luksOpen", self.device, self.encrypted_device],
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE
)
logging.debug('Passing key')
p.communicate(input=str.encode(encryption_key, "utf-8"))
rc = p.returncode
if rc != 0:
logging.error('Bad phassphrase for {}'.format(self.encrypted_device))
self.exit_gracefully(ExportStatus.USB_BAD_PASSPHRASE.value)
except subprocess.CalledProcessError:
self.exit_gracefully(ExportStatus.USB_ENCRYPTION_NOT_SUPPORTED)

def mount_volume(self):
# If the drive is already mounted then we don't need to mount it again
output = subprocess.check_output(
["lsblk", "-o", "MOUNTPOINT", "--noheadings", self.device])
mountpoint = output.decode('utf-8').rstrip()
if mountpoint:
logging.debug('The device is already mounted')
self.mountpoint = mountpoint
return

# mount target not created, create folder
if not os.path.exists(self.mountpoint):
self.safe_check_call(
command=["sudo", "mkdir", self.mountpoint],
error_message=ExportStatus.ERROR_USB_MOUNT
)
self.safe_check_call(
command=["sudo", "mkdir", self.mountpoint],
error_message=ExportStatus.ERROR_USB_MOUNT
)

mapped_device_path = os.path.join("/dev/mapper/", self.encrypted_device)
logging.info('Mounting {}'.format(mapped_device_path))
Expand Down Expand Up @@ -326,16 +338,19 @@ def copy_submission(self):
except (subprocess.CalledProcessError, OSError):
self.exit_gracefully(ExportStatus.ERROR_USB_WRITE.value)
finally:
# Finally, we sync the filesystem, unmount the drive and lock the
# luks volume, and exit 0
logging.info('Syncing filesystems')
subprocess.check_call(["sync"])
logging.info('Unmounting drive from {}'.format(self.mountpoint))
subprocess.check_call(["sudo", "umount", self.mountpoint])
logging.info('Locking luks volume {}'.format(self.encrypted_device))
subprocess.check_call(
["sudo", "cryptsetup", "luksClose", self.encrypted_device]
)

if os.path.exists(self.mountpoint):
logging.info('Unmounting drive from {}'.format(self.mountpoint))
subprocess.check_call(["sudo", "umount", self.mountpoint])

if os.path.exists(os.path.join('/dev/mapper', self.encrypted_device)):
logging.info('Locking luks volume {}'.format(self.encrypted_device))
subprocess.check_call(
["sudo", "cryptsetup", "luksClose", self.encrypted_device]
)

logging.info('Deleting temporary directory {}'.format(self.tmpdir))
subprocess.check_call(["rm", "-rf", self.tmpdir])
sys.exit(0)
Expand Down

0 comments on commit 10f3674

Please sign in to comment.