static char * _device_name( const char * mapper,char * ( *function )( const char * ) )
{
tc_api_task task ;
char * e = NULL ;
char device[ PATH_MAX + 1 ] = { '\0' } ;
mapper = mapper + StringLastIndexOfChar_1( mapper,'/' ) + 1 ;
if( tc_api_initialize() ){
if( tc_api_task_initialize( &task,"info_mapped" ) ){
tc_api_task_set( task,"map_name",mapper ) ;
tc_api_task_do( task ) ;
tc_api_task_info_get( task,"device",sizeof( device ),device ) ;
tc_api_task_uninit( task ) ;
e = function( device ) ;
}
tc_api_uninit() ;
}
return e ;
}
int zuluCryptTrueCryptOrVeraCryptVolume( const char * mapper )
{
char buffer[ 1024 ] ;
mapper = mapper + StringLastIndexOfChar_1( mapper,'/' ) + 1 ;
tc_api_get_volume_type( buffer,sizeof( buffer ),mapper ) ;
return StringsAreEqual( buffer,"TCRYPT" ) || StringsAreEqual( buffer,"VCRYPT" ) ;
}
int zuluMountCryptoUMount( ARGS * args )
{
const char * device = args->device ;
const char * UUID = args->uuid ;
uid_t uid = args->uid ;
const char * mapping_name ;
char * path = NULL ;
int st ;
string_t str = StringVoid ;
if( UUID == NULL ){
if( StringPrefixEqual( device,"/dev/loop" ) ){
/*
* zuluCryptLoopDeviceAddress_1() is defined in ../zuluCrypt-cli/create_loop_device.c
*/
path = zuluCryptLoopDeviceAddress_1( device ) ;
if( path == NULL ){
return 20 ;
}else{
device = path ;
}
}
mapping_name = device + StringLastIndexOfChar_1( device,'/' ) + 1 ;
}else{
str = String( UUID ) ;
StringRemoveString( str,"\"" ) ;
mapping_name = StringSubChar( str,4,'-' ) ;
}
/*
* zuluCryptEXECloseVolume() is defined in ../zuluCrypt-cli/bin/close_volume.c
*/
st = zuluCryptEXECloseVolume( device,mapping_name,uid ) ;
StringDelete( &str ) ;
StringFree( path ) ;
return st ;
}
static string_t _create_mount_point_1( const char * device,uid_t uid,string_t path,int need_privileges )
{
string_t st ;
char * loop_path = NULL ;
if( StringPrefixEqual( device,"/dev/loop" ) ){
/*
* zuluCryptLoopDeviceAddress_1() is defined in ../lib/create_loop_device.c
*/
device = loop_path = zuluCryptLoopDeviceAddress_1( device ) ;
}
StringMultipleAppend( path,device + StringLastIndexOfChar_1( device,'/' ) + 1,NULL ) ;
st = _create_path( uid,path,need_privileges ) ;
StringFree( loop_path ) ;
return st ;
}
static string_t _get_crypto_info_from_tcplay( const char * mapper )
{
int key_size ;
int ro ;
int64_t offset ;
tc_api_task task ;
char buff[ SIZE ] ;
char * buffer = buff ;
const char * z ;
string_t p = StringVoid ;
string_t q ;
if( tc_api_initialize() ){
if( tc_api_task_initialize( &task,"info_mapped" ) ){
p = String( mapper ) ;
mapper = mapper + StringLastIndexOfChar_1( mapper,'/' ) + 1 ;
tc_api_task_set( task,"map_name",mapper ) ;
tc_api_task_do( task ) ;
tc_api_task_info_get( task,"status",sizeof( buff ),buff ) ;
StringMultipleAppend( p," is ",buff,".",NULL ) ;
if( StringAtLeastOneMatch_1( buff,"active","active and is in use",NULL ) ){
tc_api_task_info_get( task,"type",sizeof( buff ),buff ) ;
q = String( buff ) ;
StringMultipleAppend( p," \n type: \t",StringToLowerCase( q ),NULL ) ;
StringDelete( &q ) ;
tc_api_task_info_get( task,"cipher",sizeof( buff ),buff ) ;
/*
* zuluCryptConvertCipher() is defined in create_tcrypt.c
*/
StringMultipleAppend( p,"\n cipher:\t",zuluCryptConvertCipher( buff ),"-xts-plain64",NULL ) ;
tc_api_task_info_get( task,"key_bits",sizeof( key_size ),&key_size ) ;
z = StringIntToString_1( buffer,SIZE,key_size ) ;
StringMultipleAppend( p,"\n keysize:\t",z," bits",NULL ) ;
tc_api_task_info_get( task,"iv_offset",sizeof( offset ),&offset ) ;
z = StringIntToString_1( buffer,SIZE,offset / 512 ) ;
StringMultipleAppend( p,"\n offset:\t",z," sectors",NULL ) ;
zuluCryptFormatSize( offset,buffer,SIZE ) ;
StringMultipleAppend( p," / ",buffer,NULL ) ;
tc_api_task_info_get( task,"device",sizeof( buff ),buff ) ;
_device_info( p,buff ) ;
tc_api_task_info_get( task,"mode",sizeof( ro ),&ro ) ;
if( ro ){
StringAppend( p,"\n mode: \tread only" ) ;
}else{
StringAppend( p,"\n mode: \tread and write" ) ;
}
StringAppend( p,"\n active slots:\tNil" ) ;
}
tc_api_task_uninit( task ) ;
}
tc_api_uninit() ;
}
return p ;
}
int zuluMountCryptoMount( ARGS * args )
{
const char * type = args->type ;
const char * offset = args->offset ;
const char * device = args->device ;
const char * UUID = args->uuid ;
const char * mode = args->m_opts ;
uid_t uid = args->uid ;
const char * key = args->key ;
const char * key_source = args->key_source ;
const char * m_point = args->m_point ;
const char * fs_opts = args->fs_opts ;
int mount_point_option = args->mpo ;
int share = args->share ;
int st ;
/*
* the struct is declared in ../zuluCrypt-cli/bin/libzuluCrypt-exe.h
*/
struct_opts opts ;
const char * mapping_name ;
char * path = NULL ;
string_t str = StringVoid ;
if( UUID == NULL ){
if( StringPrefixEqual( device,"/dev/loop" ) ){
/*
* zuluCryptLoopDeviceAddress_1() is defined in ../zuluCrypt-cli/create_loop_device.c
*/
path = zuluCryptLoopDeviceAddress_1( device ) ;
if( path == NULL ){
return 20 ;
}else{
mapping_name = path + StringLastIndexOfChar_1( path,'/' ) + 1 ;
}
}else{
mapping_name = device + StringLastIndexOfChar_1( device,'/' ) + 1 ;
}
}else{
str = String( UUID ) ;
StringRemoveString( str,"\"" ) ;
mapping_name = StringReplaceString( str,"UUID=","UUID-" ) ;
}
/*
* zuluCryptEXEGetOptsSetDefault() is defined in ../zuluCrypt-cli/bin/get_opts.c
*/
zuluCryptEXEGetOptsSetDefault( &opts ) ;
if( StringPrefixEqual( key_source,"-G" ) ){
opts.plugin_path = key ;
}
opts.mount_point = m_point ;
opts.device = device ;
opts.m_opts = mode ;
opts.key = key ;
opts.key_source = key_source ;
opts.mount_point_option = mount_point_option ;
opts.share = share ;
opts.fs_opts = fs_opts ;
opts.env = StringListStringArray( args->env ) ;
opts.offset = offset ;
opts.type = type ;
memcpy( opts.tcrypt_multiple_keyfiles,args->tcrypt_multiple_keyfiles,
sizeof( args->tcrypt_multiple_keyfiles ) ) ;
/*
* zuluCryptEXEOpenVolume() is defined in ../zuluCrypt-cli/bin/open_volume.c
*/
st = zuluCryptEXEOpenVolume( &opts,mapping_name,uid ) ;
StringDelete( &str ) ;
StringFree( opts.env ) ;
StringFree( path ) ;
return st ;
}
int zuluCryptEXEOpenVolume( const struct_opts * opts,const char * mapping_name,uid_t uid )
{
int share = opts->share ;
int open_mount = opts->open_mount ;
const char * device = opts->device ;
const char * mount_point = opts->mount_point ;
const char * m_opts = opts->m_opts ;
const char * source = opts->key_source ;
const char * pass = opts->key ;
const char * plugin_path = opts->plugin_path ;
const char * fs_opts = opts->fs_opts ;
const char * offset = opts->offset ;
const char * const * tcrypt_keyfiles = opts->tcrypt_multiple_keyfiles ;
/*
* Below is a form of memory management.All strings are collected in a stringlist object to easily delete them
* when the function returns.This allows for the function to have multiple exit points without risks of leaking
* memory from manually examining each exit point to make sure all strings are deleted or go with multiple goto
* code deleting blocks to take into account different exit points.
*/
stringList_t stl ;
string_t * stringArray = StringListArray( &stl,6 ) ;
string_t * passphrase = &stringArray[ 0 ] ;
string_t * m_name = &stringArray[ 1 ] ;
string_t * data = &stringArray[ 2 ] ;
string_t * m_point = &stringArray[ 3 ] ;
string_t * mapper = &stringArray[ 4 ] ;
string_t * mapper_path = &stringArray[ 5 ] ;
const char * key = NULL ;
const char * mapper_name ;
const char * e ;
size_t key_len = 0 ;
int st = 0 ;
stringList_t stz ;
tvcrypt v_info ;
unsigned long m_flags ;
int tcrypt_keyfile = 0 ;
const char * uuid ;
char * device_path ;
/*
* open_struct_t is declared in ../lib/include.h
*/
open_struct_t volume ;
struct stat statstr ;
/*
* zuluCryptVolumeIsInSystemVolumeList() is defined in volumes.c
*/
if( zuluCryptVolumeIsInSystemVolumeList( device ) ){
/*
* check permissions only if volume is explicity mentioned as system.
* This is an exception to avoid some udev bad behaviors on udev enabled build
*/
if( !zuluCryptUserIsAMemberOfAGroup( uid,"zulucrypt" ) ){
return zuluExit( 22,device,mount_point,stl ) ;
}
}
if( m_opts == NULL ){
m_opts = "rw" ;
}
/*
* zuluCryptMountFlagsAreNotCorrect() is defined in ./mount_flags.c
*/
if( zuluCryptMountFlagsAreNotCorrect( m_opts,uid,&m_flags ) ){
return zuluExit( 5,device,mount_point,stl ) ;
}
if( StringHasComponent( m_opts,"rw" ) ){
/*
* zuluCryptSecurityDeviceIsWritable() is defined in path_access.c
*/
st = zuluCryptCanOpenPathForWriting( device,uid ) ;
}else{
/*
* zuluCryptSecurityDeviceIsReadable() is defined in path_access.c
*/
st = zuluCryptCanOpenPathForReading( device,uid ) ;
}
/*
* 1-permissions denied
* 2-invalid path
* 3-shenanigans
* 4-common error
*/
switch( st ){
case 0 : break ;
case 1 : return zuluExit( 6,device,mount_point,stl ) ;
case 2 : return zuluExit( 6,device,mount_point,stl ) ;
case 3 : return zuluExit( 6,device,mount_point,stl ) ;
case 4 : return zuluExit( 6,device,mount_point,stl ) ;
default: return zuluExit( 6,device,mount_point,stl ) ;
}
if( open_mount ){
/*
* zuluCryptCreateMountPoint() is defined in create_mount_point.c
*/
*m_point = zuluCryptCreateMountPoint( device,mount_point,m_opts,uid ) ;
mount_point = StringContent( *m_point ) ;
if( mount_point == NULL ){
return zuluExit( 9,device,mount_point,stl ) ;
}
}else{
if( uid != 0 ){
return zuluExit( 7,device,mount_point,stl ) ;
}
if( mount_point != NULL ){
return zuluExit( 8,device,mount_point,stl ) ;
}
}
if( share ){
/*
* zuluCryptBindSharedMountPointPathTaken() is defined in bind.c
*/
if( zuluCryptBindSharedMountPointPathTaken( *m_point ) ){
return zuluExit_1( 10,opts,device,mount_point,stl ) ;
}
}
/*
* zuluCryptCreateMapperName() is defined in ../lib/create_mapper_name.c
*/
*m_name = zuluCryptCreateMapperName( device,mapping_name,uid,ZULUCRYPTshortMapperPath ) ;
*mapper = StringCopy( *m_name ) ;
mapper_name = StringContent( *m_name ) ;
*mapper_path = String( zuluCryptMapperPrefix() ) ;
e = StringMultipleAppend( *mapper_path,"/",mapper_name,NULL ) ;
if( stat( e,&statstr ) == 0 ){
return zuluExit_1( 11,opts,device,mount_point,stl ) ;
}
if( plugin_path != NULL ){
/*
* zuluCryptUUIDFromPath() is defined in path_access.c
*/
uuid = zuluCryptUUIDFromPath( device ) ;
device_path = _device_path( device ) ;
/*
* zuluCryptPluginManagerGetKeyFromModule is defined in ../pluginManager/zuluCryptPluginManager.c
*/
*passphrase = zuluCryptPluginManagerGetKeyFromModule( device_path,plugin_path,uuid,uid,opts,&st ) ;
StringFree( device_path ) ;
StringFree( uuid ) ;
if( st != 0 || *passphrase == StringVoid ){
return zuluExit_1( 12,opts,device,mount_point,stl ) ;
}
key_len = StringLength( *passphrase ) ;
key = StringContent( *passphrase ) ;
zuluCryptSecurityLockMemory_1( *passphrase ) ;
}else if( source == NULL && tcrypt_keyfiles[ 0 ] == NULL ){
printf( gettext( "Enter passphrase: " ) ) ;
/*
* ZULUCRYPT_KEY_MAX_SIZE is set in ../constants.h
*/
switch( StringSilentlyGetFromTerminal_1( passphrase,ZULUCRYPT_KEY_MAX_SIZE ) ){
case 1 : return zuluExit_1( 13,opts,device,mount_point,stl ) ;
case 2 : return zuluExit_1( 14,opts,device,mount_point,stl ) ;
}
printf( "\n" ) ;
key = StringContent( *passphrase ) ;
key_len = StringLength( *passphrase ) ;
zuluCryptSecurityLockMemory_1( *passphrase ) ;
}else{
if( source == NULL || pass == NULL ){
if( tcrypt_keyfiles == NULL ){
return zuluExit_1( 15,opts,device,mount_point,stl ) ;
}
}
if( StringsAreEqual( source,"-p" ) ){
key = pass ;
key_len = StringSize( pass ) ;
}else if( StringsAreEqual( source,"-f" ) ){
if( StringHasNoComponent( pass,"/.zuluCrypt-socket" ) ){
tcrypt_keyfile = 1 ;
}
/*
* function is defined at "path_access.c"
*/
switch( zuluCryptGetPassFromFile( pass,uid,data ) ){
case 1 : return zuluExit_1( 16,opts,device,mount_point,stl ) ;
case 2 : return zuluExit_1( 17,opts,device,mount_point,stl ) ;
case 4 : return zuluExit_1( 18,opts,device,mount_point,stl ) ;
case 5 : return zuluExit_1( 19,opts,device,mount_point,stl ) ;
}
key = StringContent( *data ) ;
key_len = StringLength( *data ) ;
zuluCryptSecurityLockMemory_1( *data ) ;
}
}
memset( &volume,'\0',sizeof( open_struct_t ) ) ;
if( key != NULL ){
volume.key = key ;
volume.key_len = key_len ;
}else{
volume.key = "" ;
volume.key_len = 0 ;
}
volume.device = device ;
volume.offset = offset ;
volume.mapper_name = mapper_name ;
volume.m_point = mount_point ;
volume.fs_opts = fs_opts ;
volume.uid = uid ;
volume.m_opts = m_opts ;
volume.m_flags = m_flags ;
/*
* zuluCryptTrueCryptVeraCryptVolumeInfo() is defined in this source file.
*/
zuluCryptTrueCryptVeraCryptVolumeInfo( opts->type,&v_info ) ;
volume.iteration_count = v_info.iteration_count ;
volume.veraCrypt_volume = StringAtLeastOneMatch( v_info.type,"vcrypt","veracrypt","vera",NULL ) ;
StringDelete( &v_info.type ) ;
plugin_path = plugin_path + StringLastIndexOfChar_1( plugin_path,'/' ) + 1 ;
volume.luks_detached_header = StringHasComponent( plugin_path,"luks" ) ;
volume.general_detached_header = StringHasComponent( plugin_path,"generic_header" ) ;
if( tcrypt_keyfile ){
volume.key_source = TCRYPT_KEYFILE ;
}
if( tcrypt_keyfiles[ 0 ] != NULL ){
/*
* Here, we take a list of keyfiles supplied by the user and then copy them to a safe
* location at "/run/zuluCrypt" and then we pass these safe copies to cryptsetup.
*
* The idea is not to let cryptsetup, a privileged process handle user managed files.
*/
stz = zuluCryptCreateKeyFiles( tcrypt_keyfiles,0 ) ;
volume.tcrypt_keyfiles_count = StringListSize( stz ) ;
volume.tcrypt_keyfiles = StringListStringArray_0( stz ) ;
st = _open_volume( &volume ) ;
zuluCryptDeleteKeyFiles( stz ) ;
StringFree( volume.tcrypt_keyfiles ) ;
StringListDelete( &stz ) ;
}else{
st = _open_volume( &volume ) ;
}
/*
* below two return values comes from ../lib/mount_volume.c
*/
if( st == -1 ){
st = 20 ;
}
if( st == 12 ){
st = 21 ;
}
if( st == 8 || st == 3 ){
st = 3 ;
}
device = StringMultiplePrepend( *mapper,"/",zuluCryptMapperPrefix(),NULL ) ;
if( st == 0 && share ){
/*
* user wish to share the mount point bind the mount point to a publicly accessed path at /run/media/public/
*/
/*
* zuluCryptBindMountVolume() is defined in ../zuluCrypt-cli/bin/bind.c
*/
zuluCryptBindMountVolume( device,*m_point,m_flags ) ;
}
/*
* zuluCryptCheckInvalidKey() is defined in check_invalid_key.c
*/
zuluCryptCheckInvalidKey( opts->device ) ;
return zuluExit_1( st,opts,device,mount_point,stl ) ;
}
