/*
* Here,we check if the path we sent to open() is the path open() used. This check is necessary to
* guard against some known hypothetical exploits
*/
static int _paths_are_not_sane( int fd,const char * path )
{
char * c = zuluCryptGetFileNameFromFileDescriptor( fd ) ;
int st = StringsAreNotEqual( c,path ) ;
StringFree( c ) ;
return st ;
}
int zuluCryptSecureOpenFile( const char * path,int * fd,string_t * file,uid_t uid )
{
int st ;
int f = -1 ;
uid_t org = geteuid() ;
char * dev ;
seteuid( uid ) ;
f = open( path,O_RDONLY ) ;
if( f != -1 ){
dev = zuluCryptGetFileNameFromFileDescriptor( f ) ;
*file = StringInherit( &dev ) ;
*fd = f ;
st = 1 ;
}else{
st = 0 ;
}
seteuid( org ) ;
return st ;
}
static int attach_device_to_loop( int fd_path,int * fd_loop,
string_t loop_device,int mode )
{
char * path ;
size_t size ;
struct loop_info64 l_info ;
*fd_loop = open( StringContent( loop_device ),mode ) ;
memset( &l_info,'\0',sizeof( struct loop_info64 ) ) ;
if( *fd_loop == -1 ){
return 0 ;
}
if( ioctl( *fd_loop,LOOP_SET_FD,fd_path ) == -1 ){
return 0 ;
}
if( ioctl( *fd_loop,LOOP_GET_STATUS64,&l_info ) == -1 ){
return 0;
}
l_info.lo_flags |= LO_FLAGS_AUTOCLEAR;
path = zuluCryptGetFileNameFromFileDescriptor( fd_path ) ;
if( path == NULL ){
return 0 ;
}else{
size = sizeof( l_info.lo_file_name ) ;
strncpy( ( char * )l_info.lo_file_name,path,size ) ;
l_info.lo_file_name[ size - 1 ] = '\0' ;
free( path ) ;
if( ioctl( *fd_loop,LOOP_SET_STATUS64,&l_info ) == -1 ){
return 0 ;
}else{
return 1 ;
}
}
}
int zuluCryptGetDeviceFileProperties( const char * file,int * fd_path,int * fd_loop,char ** dev,uid_t uid )
{
int st = 100 ;
int xt = 0 ;
int lfd ;
const char * dev_1 = NULL ;
string_t st_dev = StringVoid ;
struct stat stat_st ;
struct stat stat_st_1 ;
/*
* try to open the device with user privileges
*/
seteuid( uid ) ;
*dev = NULL ;
*fd_path = open( file,O_RDONLY ) ;
if( *fd_path != -1 ){
fstat( *fd_path,&stat_st ) ;
fcntl( *fd_path,F_SETFD,FD_CLOEXEC ) ;
/*
* A user has access to the device.They should get here only with paths to files they have access to.
* Allow access to files only
*/
if( S_ISREG( stat_st.st_mode ) ){
/*
* we can open file in read mode,let see if we can in write mode too
*/
lfd = open( file,O_RDWR ) ;
if( lfd != -1 ){
/*
* we can open the file in read write mode
*/
fstat( lfd,&stat_st_1 ) ;
fcntl( lfd,F_SETFD,FD_CLOEXEC ) ;
/*
* check to make sure the file we got earlier is the same one we got now.
* ie check to make sure the file wasnt changed btw calls.
*/
if( stat_st.st_dev == stat_st_1.st_dev && stat_st.st_ino == stat_st_1.st_ino ){
close( *fd_path ) ;
*fd_path = lfd ;
seteuid( 0 ) ;
/*
* zuluCryptAttachLoopDeviceToFileUsingFileDescriptor() is defined in ./create_loop_device.c
*/
xt = zuluCryptAttachLoopDeviceToFileUsingFileDescriptor( *fd_path,fd_loop,O_RDWR,&st_dev ) ;
seteuid( uid ) ;
*dev = StringDeleteHandle( &st_dev ) ;
}
}else{
/*
* we can not open the file in write mode,continue with read only access
*/
seteuid( 0 ) ;
/*
* zuluCryptAttachLoopDeviceToFileUsingFileDescriptor() is defined in ./create_loop_device.c
*/
xt = zuluCryptAttachLoopDeviceToFileUsingFileDescriptor( *fd_path,fd_loop,O_RDONLY,&st_dev ) ;
seteuid( uid ) ;
*dev = StringDeleteHandle( &st_dev ) ;
}
if( xt != 1 ){
st = 100 ;
close( *fd_path ) ;
*fd_path = -1 ;
}else{
dev_1 = zuluCryptGetFileNameFromFileDescriptor( *fd_path ) ;
if( StringPrefixEqual( dev_1,"/dev/shm/" ) ){
st =1 ;
close( *fd_path ) ;
*fd_path = -1 ;
}else{
st = 0 ;
}
StringFree( dev_1 ) ;
}
}else{
if( S_ISBLK( stat_st.st_mode ) ){
if( uid == 0 ) {
/*
* we got a block device and we are root,accept it
*/
*dev = zuluCryptGetFileNameFromFileDescriptor( *fd_path ) ;
st = 0 ;
}else{
/*
* odd,normal user has access to a block device,allow it only if the
* device is in "/dev/" but not in "/dev/shm"
*/
*dev = zuluCryptGetFileNameFromFileDescriptor( *fd_path ) ;
if( StringPrefixEqual( *dev,"/dev/shm/" ) ){
st = 1 ;
}else if( StringPrefixEqual( *dev,"/dev/" ) ){
st = 0 ;
}
}
}else if( S_ISDIR( stat_st.st_mode ) ){
st = 2 ;
}else{
/*
* whatever it is,it cant be good,reject it
*/
st = 100 ;
}
close( *fd_path ) ;
*fd_path = -1 ;
}
}else{
/*
* failed to open above with users privileges,try to open the device with root's privileges.
* We should only accept block devices in "/dev/" but not in "/dev/shm".
*/
seteuid( 0 ) ;
*fd_path = open( file,O_RDONLY ) ;
if( *fd_path != -1 ){
fstat( *fd_path,&stat_st ) ;
/*
* zuluCryptGetFileNameFromFileDescriptor() is defined in ./create_loop_device.c
*/
*dev = zuluCryptGetFileNameFromFileDescriptor( *fd_path ) ;
if( S_ISBLK( stat_st.st_mode ) ){
if( StringPrefixEqual( *dev,"/dev/shm/" ) ){
/*
* we do not support this path
*/
st = 1 ;
}else if( StringPrefixEqual( *dev,"/dev/" ) ){
/*
* got a block device,accept it
*/
st = 0 ;
}else{
/*
* reject others
*/
st = 100 ;
}
}else{
/*
* whatever it is,it cant be good,reject it
*/
st = 100 ;
}
/*
* We are closing the file because we dont need to hold on to it as paths in "/dev/" can not be moved under us by
* normal users.
*/
close( *fd_path ) ;
*fd_path = -1 ;
}else{
/*
* invalid path or something i dont know,reject
*/
st = 100 ;
}
seteuid( uid ) ;
}
return _check_if_device_is_supported( st,uid,dev ) ;
}
