Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

locations: Ask again for password on encryption failures #2217

Merged
merged 1 commit into from
May 28, 2024
Merged

locations: Ask again for password on encryption failures #2217

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
39 changes: 39 additions & 0 deletions locations.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -656,6 +656,12 @@ class MountableVolumeAppInfo extends LocationAppInfo {
if (e.matches(Gio.IOErrorEnum, Gio.IOErrorEnum.FAILED))
this._notifyActionError(action, e.message);

if (action === 'mount' && this._isEncryptedMountError(e)) {
delete this._currentAction;
operation.close();
return this.launchAction(action);
}

if (!e.matches(Gio.IOErrorEnum, Gio.IOErrorEnum.CANCELLED)) {
logError(e, 'Impossible to %s removable %s'.format(action,
removable.get_name()));
Expand All @@ -669,6 +675,39 @@ class MountableVolumeAppInfo extends LocationAppInfo {
operation.close();
}
}

_isEncryptedMountError(error) {
// FIXME: we will always get G_IO_ERROR_FAILED from the gvfs udisks
// backend, see https://bugs.freedesktop.org/show_bug.cgi?id=51271

if (!error.matches(Gio.IOErrorEnum, Gio.IOErrorEnum.FAILED))
return false;

// cryptsetup
if (error.message.includes('No key available with this passphrase'))
return true;

// udisks (no password)
if (error.message.includes('No key available to unlock device'))
return true;

// libblockdev wrong password opening LUKS device
if (error.message.includes('Failed to activate device: Incorrect passphrase'))
return true;

// cryptsetup returns EINVAL in many cases, including wrong TCRYPT password/parameters
if (error.message.includes('Failed to load device\'s parameters: Invalid argument') ||
error.message.includes(`Failed to load device's parameters: ${GLib.strerror(22 /* EINVAL */)}`))
return true;

// cryptsetup returns EPERM when the TCRYPT header can't be decrypted
// with the provided password/parameters.
if (error.message.includes('Failed to load device\'s parameters: Operation not permitted') ||
error.message.includes(`Failed to load device's parameters: ${GLib.strerror(1 /* EPERM */)}`))
return true;

return false;
}
});

const TrashAppInfo = GObject.registerClass({
Expand Down