/*
* Below function creates a secured folder path,ie a folder path a normal user has no access to
*/
static string_t _create_work_directory( void )
{
/*
* ZULUCRYPTtempFolder and ZULUCRYPtmountMiniPath are set in ../constants.h
*/
const char * temp_path = "/run/zuluCrypt/" ;
struct stat xt ;
mode_t mode = S_IRWXU | S_IRGRP | S_IXGRP | S_IXOTH | S_IROTH ;
zuluCryptSecurityGainElevatedPrivileges() ;
#define path_does_not_exist( x ) stat( x,&xt ) != 0
if( path_does_not_exist( "/run" ) ){
mkdir( "/run",mode ) ;
chown( "/run",0,0 ) ;
}
if( path_does_not_exist( temp_path ) ){
mkdir( temp_path,S_IRWXU ) ;
chown( temp_path,0,0 ) ;
}
zuluCryptSecurityDropElevatedPrivileges() ;
return String( temp_path ) ;
}
static string_t create_mount_point( const char * device,const char * label,uid_t uid )
{
const char * m_point ;
string_t path ;
struct stat st ;
mode_t mode = S_IRWXU | S_IRGRP | S_IXGRP | S_IXOTH | S_IROTH ;
zuluCryptSecurityGainElevatedPrivileges() ;
path = zuluCryptGetUserName( uid ) ;
#define path_does_not_exist( x ) stat( x,&st ) != 0
#define path_does_exist( x ) stat( x,&st ) == 0
if( path_does_not_exist( "/run" ) ){
mkdir( "/run/",mode ) ;
}else{
_chmod( "/run",st.st_mode | S_IXOTH | S_IROTH ) ;
}
_chown( "/run",0,0 ) ;
if( path_does_not_exist( "/run/media" ) ){
mkdir( "/run/media",mode ) ;
}else{
_chmod( "/run/media",st.st_mode | S_IXOTH | S_IROTH ) ;
}
_chown( "/run/media",0,0 ) ;
if( path_does_not_exist( "/run/media/private" ) ){
mkdir( "/run/media/private",mode ) ;
}else{
_chmod( "/run/media/private",st.st_mode | S_IXOTH | S_IROTH ) ;
}
_chown( "/run/media/private",0,0 ) ;
m_point = StringPrepend( path,"/run/media/private/" ) ;
if( path_does_not_exist( m_point ) ){
mkdir( m_point,S_IRUSR | S_IXUSR ) ;
_chown( m_point,uid,uid ) ;
}else{
_chown( m_point,uid,uid ) ;
_chmod( m_point,S_IRUSR | S_IXUSR ) ;
}
zuluCryptSecurityDropElevatedPrivileges() ;
StringAppendChar( path,'/' ) ;
if( label == NULL ){
return _create_default_mount_point( device,uid,path ) ;
}else{
return _create_custom_mount_point( label,uid,path ) ;
}
}
string_t zuluCryptCreateKeyFile( const char * key,size_t key_len,const char * fileName )
{
string_t st = StringVoid ;
int fd ;
const char * file ;
struct stat statstr ;
if( key == NULL || key_len == 0 || fileName == NULL ){
return StringVoid ;
}
#define path_does_not_exist( x ) stat( x,&statstr ) != 0
if( path_does_not_exist( "/run" ) ){
mkdir( "/run",S_IRWXU | S_IRGRP | S_IXGRP | S_IXOTH | S_IROTH ) ;
chown( "/run",0,0 ) ;
}
if( path_does_not_exist( "/run/zuluCrypt" ) ){
mkdir( "/run/zuluCrypt",S_IRWXU ) ;
chown( "/run/zuluCrypt",0,0 ) ;
}
st = String_1( "/run/zuluCrypt/",fileName,NULL ) ;
file = StringAppendInt( st,syscall( SYS_gettid ) ) ;
fd = open( file,O_WRONLY | O_CREAT,S_IRUSR | S_IWUSR | S_IRGRP |S_IROTH ) ;
if( fd == -1 ){
StringDelete( &st ) ;
}else{
write( fd,key,key_len ) ;
close( fd ) ;
chown( file,0,0 ) ;
chmod( file,S_IRWXU ) ;
}
return st ;
}
int zuluCryptBindMountVolume( const char * device,string_t z_path,unsigned long flags )
{
struct stat st ;
string_t path ;
string_t tmp ;
ssize_t index = StringLastIndexOfChar( z_path,'/' ) ;
const char * o_path = StringContent( z_path ) ;
const char * m_path ;
const char * e ;
int xt ;
stringList_t stl ;
mode_t mode = S_IRWXU | S_IRGRP | S_IXGRP | S_IXOTH | S_IROTH ;
if( index == -1 ){
return 1 ;
}
if( device ){;}
zuluCryptSecurityGainElevatedPrivileges() ;
/*
* zuluCryptGetMoutedListFromMountInfo() is defined in ../lib/process_mountinfo.c
*/
stl = zuluCryptGetMoutedListFromMountInfo() ;
path = String( "/run/media/public/" ) ;
m_path = StringAppend( path,o_path + index + 1 ) ;
#define path_does_not_exist( x ) stat( x,&st ) != 0
#define path_does_exist( x ) stat( x,&st ) == 0
if( path_does_not_exist( "/run" ) ){
mkdir( "/run",mode ) ;
_chown( "/run",0,0 ) ;
}
if( path_does_not_exist( "/run/media" ) ){
mkdir( "/run/media",mode ) ;
_chown( "/run/media",0,0 ) ;
}
if( path_does_not_exist( "/run/media/public" ) ){
mkdir( "/run/media/public",mode ) ;
_chown( "/run/media/public",0,0 ) ;
}
if( path_does_exist( m_path ) ){
/*
* bind mount point exists,this will happen if the mount point is already taken or a mount point folder
* was not autodeleted for some reason
*/
tmp = StringCopy( path ) ;
e = StringAppend( tmp," " ) ;
if( StringListHasSequence( stl,e ) != -1 ){
/*
* An attempt is made to bind mount on a path already bind mounted path,dont attempt to mount
*/
xt = 1 ;
}else{
/*
* the mount point folder is there for some reason but is not being used.
*/
xt = mount( o_path,m_path,"",flags|MS_BIND,"" ) ;
}
StringDelete( &tmp ) ;
}else{
mkdir( m_path,S_IRWXU | S_IRWXG | S_IRWXG ) ;
_chown( m_path,0,0 ) ;
xt = mount( o_path,m_path,"",flags|MS_BIND,"" ) ;
if( xt != 0 ){
rmdir( m_path ) ;
}
}
StringListDelete( &stl ) ;
StringDelete( &path ) ;
zuluCryptSecurityDropElevatedPrivileges() ;
return xt ;
}