/*
* Below function copies a secured file from secured location to a user owned and managed location.
* The source file will be deleted when the copy is done.
*/
static int _secure_copy_file( const char * source,const char * dest,uid_t uid )
{
int st = 4 ;
int fd_source ;
int fd_dest ;
size_t len ;
char buffer[ SIZE ] ;
zuluCryptSecurityDropElevatedPrivileges() ;
fd_dest = open( dest,O_WRONLY | O_CREAT,S_IRUSR | S_IWUSR | S_IRGRP |S_IROTH ) ;
if( fd_dest == -1 ){
zuluCryptSecurityGainElevatedPrivileges() ;
zuluCryptDeleteFile( source ) ;
zuluCryptSecurityDropElevatedPrivileges() ;
return 6 ;
}
zuluCryptSecurityGainElevatedPrivileges() ;
fd_source = open( source,O_RDONLY ) ;
if( fd_source != -1 ){
while( 1 ){
len = read( fd_source,buffer,SIZE ) ;
if( len < SIZE ){
ignore_result( write( fd_dest,buffer,len ) ) ;
break ;
}else{
ignore_result( write( fd_dest,buffer,len ) ) ;
}
}
ignore_result( chmod( dest,S_IRUSR ) ) ;
ignore_result( chown( dest,uid,uid ) ) ;
st = 0 ;
}
/*
* zuluCryptDeleteFile() is defined in ../lib/file_path_security.c
*/
zuluCryptDeleteFile( source ) ;
zuluCryptSecurityDropElevatedPrivileges() ;
return st ;
}
int zuluCryptOpenTcrypt( const char * device,const char * mapper,const char * key,size_t key_len,
int key_source,int volume_type,const char * m_point,
uid_t uid,unsigned long m_flags,const char * fs_opts )
{
open_struct_t opts ;
string_t st ;
int r ;
const char * keyfile ;
memset( &opts,'\0',sizeof( open_struct_t ) ) ;
opts.device = device ;
opts.mapper_name = mapper ;
opts.volume_type = volume_type ;
opts.m_point = m_point ;
opts.uid = uid ;
opts.m_flags = m_flags ;
opts.fs_opts = fs_opts ;
if( m_flags & MS_RDONLY ){
opts.m_opts = "ro" ;
}else{
opts.m_opts = "rw" ;
}
if( key_source == TCRYPT_KEYFILE ){
st = zuluCryptCreateKeyFile( key,key_len,"open_tcrypt-" ) ;
if( st != StringVoid ){
keyfile = StringContent( st ) ;
opts.tcrypt_keyfiles_count = 1 ;
opts.tcrypt_keyfiles = &keyfile ;
r = zuluCryptOpenTcrypt_1( &opts ) ;
/*
* zuluCryptDeleteFile() is defined in open_path_security.c
*/
zuluCryptDeleteFile( keyfile ) ;
StringDelete( &st ) ;
}else{
r = 1 ;
}
}else if( key_source == TCRYPT_KEYFILE_FILE ){
opts.tcrypt_keyfiles_count = 1 ;
opts.tcrypt_keyfiles = &key ;
r = zuluCryptOpenTcrypt_1( &opts ) ;
}else{
opts.key_len = key_len ;
opts.key = key ;
r = zuluCryptOpenTcrypt_1( &opts ) ;
}
return r ;
}
void zuluCryptDeleteFile_1( string_t st )
{
zuluCryptDeleteFile( StringContent( st ) ) ;
}
static int _modify_tcrypt( info_t * info,const struct_opts * opts )
{
int k = 4 ;
int r ;
string_t st = StringVoid ;
string_t xt = StringVoid ;
if( StringsAreEqual( opts->key_source,"-p" ) ){
info->header_key = opts->key ;
info->header_key_source = "passphrase" ;
info->header_new_key_source = "new_passphrase" ;
}else if( opts->key == NULL && StringsAreNotEqual( opts->key_source,"-f" ) ){
st = info->getKey( &r ) ;
if( r ){
info->key = StringContent( st ) ;
info->header_key = info->key ;
info->header_key_source = "passphrase" ;
info->header_new_key_source = "new_passphrase" ;
}else{
return zuluExit_1( k,st,xt ) ;
}
}else{
/*
* function is defined at "path_access.c"
*/
zuluCryptGetPassFromFile( opts->key,info->uid,&st ) ;
zuluCryptSecurityGainElevatedPrivileges() ;
if( st == StringVoid ){
return zuluExit_1( k,st,xt ) ;
}else{
if( StringHasComponent( opts->key,".zuluCrypt-socket" ) ){
info->key = StringContent( st ) ;
info->header_key = info->key ;
info->header_key_source = "passphrase" ;
info->header_new_key_source = "new_passphrase" ;
}else{
xt = zuluCryptCreateKeyFile( StringContent( st ),StringLength( st ),"tcrypt-bk-" ) ;
if( xt == StringVoid ){
return zuluExit_1( k,st,xt ) ;
}else{
info->key = StringContent( xt ) ;
info->header_key = info->key ;
info->header_key_source = "keyfiles" ;
info->header_new_key_source = "new_keyfiles" ;
}
}
}
}
/*
* zuluCryptModifyTcryptHeader() is defined in ../lib/create_tcrypt.c
*/
k = zuluCryptModifyTcryptHeader( info ) ;
if( xt != StringVoid ){
/*
* zuluCryptDeleteFile() is defined in ../lib/file_path_security.c
*/
zuluCryptDeleteFile( StringContent( xt ) ) ;
}
return zuluExit_1( k,st,xt ) ;
}
static int _create_tcrypt_volume( const char * device,const char * file_system,
const char * rng,const char * key,size_t key_len,
int key_source,u_int64_t hidden_volume_size,
const char * file_system_h,const char * key_h,size_t key_len_h,int key_source_h )
{
string_t st = StringVoid ;
string_t xt = StringVoid ;
tcrypt_t info ;
int r = 3 ;
if( zuluCryptPathIsNotValid( device ) ){
return 1 ;
}
memset( &info,'\0',sizeof( tcrypt_t ) ) ;
info.device = device ;
info.key_source = key_source ;
info.key_source_h = key_source_h ;
info.hidden_volume_size = hidden_volume_size ;
if( StringPrefixMatch( rng,"/dev/urandom",12 ) ){
info.weak_keys_and_salt = 1 ;
}
if( info.key_source == TCRYPT_PASSPHRASE ){
info.key = key ;
info.key_source_1 = "passphrase" ;
}else{
/*
* zuluCryptCreateKeyFile() is defined in open_tcrypt.c
*/
st = zuluCryptCreateKeyFile( key,key_len,"create_tcrypt-1-" ) ;
info.key = StringContent( st ) ;
info.key_source = TCRYPT_KEYFILE_FILE ;
info.key_source_1 = "keyfiles" ;
}
if( info.hidden_volume_size > 0 ){
if( info.key_source_h == TCRYPT_PASSPHRASE ){
info.key_h = key_h ;
info.key_source_h_1 = "h_passphrase" ;
}else{
xt = zuluCryptCreateKeyFile( key_h,key_len_h,"create_tcrypt-2-" ) ;
info.key_h = StringContent( xt ) ;
info.key_source_h = TCRYPT_KEYFILE_FILE ;
info.key_source_h_1 = "h_keyfiles" ;
}
}
if( _create_volume( &info ) == TC_OK ){
r = _create_file_system( device,file_system,info.key_source,info.key,key_len,TCRYPT_NORMAL ) ;
if( info.hidden_volume_size > 0 && r == 0 ){
r = _create_file_system( device,file_system_h,info.key_source_h,info.key_h,key_len_h,TCRYPT_HIDDEN ) ;
}
}
/*
* zuluCryptDeleteFile() is defined in file_path_security.c
*/
if( st != StringVoid ){
zuluCryptDeleteFile( StringContent( st ) ) ;
StringDelete( &st ) ;
}
if( xt != StringVoid ){
zuluCryptDeleteFile( StringContent( xt ) ) ;
StringDelete( &xt ) ;
}
return r ;
}
