Example #1
0
static int _create_volume( const char * dev,const char * fs,const char * type,const char * pass,size_t pass_size,const char * rng )
{
	size_t len ;
	int status ;
	
	string_t m = StringVoid ;
	
	const char * device_mapper ;
	const char * mapper ;
	
	if ( zuluCryptPathIsNotValid( dev ) ){
		return 1 ;
	}
		
	m = String( crypt_get_dir() ) ;
	len = StringLength( m )   ;
	
	StringAppend( m,"/zuluCrypt-" ) ;
	device_mapper = StringAppendInt( m,syscall( SYS_gettid ) ) ;
	mapper = device_mapper + len + 1 ;
		
	if( StringsAreEqual( type,"luks" ) ){
		if( StringsAreNotEqual( rng,"/dev/random" ) ){
			if( StringsAreNotEqual( rng,"/dev/urandom" ) ){
				return zuluExit( 2,m ) ; 
			}
		}
		if( zuluCryptCreateLuks( dev,pass,pass_size,rng ) != 0 ){
			return zuluExit( 3,m ) ;
		}
		if( zuluCryptOpenLuks( dev,mapper,"rw",pass,pass_size ) != 0 ){
			return zuluExit( 3,m ) ; 
		}
	}else if( StringsAreEqual( type,"plain") ){
		if( zuluCryptOpenPlain( dev,mapper,"rw",pass,pass_size ) != 0 ){
			return zuluExit( 3,m ) ; 
		}
	}else{
		return zuluExit( 2,m ) ;
	}
	
	status = zuluCryptCreateFileSystemInAVolume( fs,device_mapper ) ;
	/*
	 * zuluCryptCloseMapper() is defined in close_mapper.c
	 */
	zuluCryptCloseMapper( device_mapper );
	
	if( status == 0 ){
		return zuluExit( 0,m ) ;
	}else{
		return zuluExit( 3,m ) ;
	}
}
Example #2
0
static int _restore_truecrypt_header( const struct_opts * opts,const char * temp_path,uid_t uid )
{
	int r ;
	/*
	 * info_t structure is declared in ../lib/include.h
	 */
	info_t info ;

	memset( &info,'\0',sizeof( info_t ) ) ;

	info.device        = opts->device ;
	info.header_source = "header_from_file" ;
	info.getKey        = _get_password_0 ;
	info.tmp_path      = temp_path ;
	info.uid           = uid ;
	info.rng           = opts->rng ;
	info.opt           = opts->m_opts ;

	r = _modify_tcrypt( &info,opts ) ;

	if( opts->key == NULL && StringsAreNotEqual( opts->key_source,"-f" ) ){
		printf( "\n" ) ;
	}
	if( r == TC_OK ){
		return 1 ;
	}else{
		return 20 ;
	}
}
Example #3
0
/*
 * Here,we check if the path we sent to open() is the path open() used. This check is necessary to
 * guard against some known hypothetical exploits
 */
static int _paths_are_not_sane( int fd,const char * path )
{
	char * c = zuluCryptGetFileNameFromFileDescriptor( fd ) ;
	int st = StringsAreNotEqual( c,path ) ;
	StringFree( c ) ;
	return st ;
}
Example #4
0
char * zuluCryptGetLoopDeviceAddress( const char * device )
{
	char * z = NULL ;
	const char * e ;

	string_t st = StringVoid ;
	string_t xt = StringVoid ;

	int i ;
	int r ;

	z = zuluCryptLoopDeviceAddress_1( device ) ;

	if( z == NULL ){
		return NULL ;
	}else{
		st = String( "" ) ;

		for( i = 0 ; i < 255 ; i++ ){

			StringReplace( st,"/sys/block/loop" ) ;
			StringAppendInt( st,i ) ;

			xt = StringGetFromVirtualFile( StringAppend( st,"/loop/backing_file" ) ) ;

			e = StringRemoveRight( xt,1 ) ;
			r = StringsAreEqual( e,z ) ;

			StringDelete( &xt ) ;

			if( r ){

				StringReplace( st,"/dev/loop" ) ;
				e = StringAppendInt( st,i ) ;

				if( StringsAreNotEqual( device,e ) ){

					break ;
				}
			}else{
				StringReset( st ) ;
			}
		}

		StringFree( z ) ;

		if( StringIsEmpty( st ) ){

			StringDelete( &st ) ;
			return NULL ;
		}else{
			return StringDeleteHandle( &st ) ;
		}
	}
}
Example #5
0
static int _modify_tcrypt( info_t * info,const struct_opts * opts )
{
	int k = 4 ;
	int r ;

	string_t st = StringVoid ;
	string_t xt = StringVoid ;

	if( StringsAreEqual( opts->key_source,"-p" ) ){
		info->header_key            = opts->key ;
		info->header_key_source     = "passphrase" ;
		info->header_new_key_source = "new_passphrase" ;
	}else if( opts->key == NULL && StringsAreNotEqual( opts->key_source,"-f" ) ){
		st = info->getKey( &r ) ;
		if( r ){
			info->key = StringContent( st ) ;
			info->header_key            = info->key ;
			info->header_key_source     = "passphrase" ;
			info->header_new_key_source = "new_passphrase" ;
		}else{
			return zuluExit_1( k,st,xt ) ;
		}
	}else{
		/*
		 * function is defined at "path_access.c"
		 */
		zuluCryptGetPassFromFile( opts->key,info->uid,&st ) ;

		zuluCryptSecurityGainElevatedPrivileges() ;

		if( st == StringVoid ){
			return zuluExit_1( k,st,xt ) ;
		}else{
			if( StringHasComponent( opts->key,".zuluCrypt-socket" ) ){
				info->key = StringContent( st ) ;
				info->header_key            = info->key ;
				info->header_key_source     = "passphrase" ;
				info->header_new_key_source = "new_passphrase" ;
			}else{
				xt = zuluCryptCreateKeyFile( StringContent( st ),StringLength( st ),"tcrypt-bk-" ) ;
				if( xt == StringVoid ){
					return zuluExit_1( k,st,xt ) ;
				}else{
					info->key = StringContent( xt ) ;
					info->header_key            = info->key ;
					info->header_key_source     = "keyfiles" ;
					info->header_new_key_source = "new_keyfiles" ;
				}
			}
		}
	}

	/*
	 * zuluCryptModifyTcryptHeader() is defined in ../lib/create_tcrypt.c
	 */
	k = zuluCryptModifyTcryptHeader( info ) ;

	if( xt != StringVoid ){
		/*
		 * zuluCryptDeleteFile() is defined in ../lib/file_path_security.c
		 */
		zuluCryptDeleteFile( StringContent( xt ) ) ;
	}

	return zuluExit_1( k,st,xt ) ;
}
Example #6
0
u_int64_t zuluCryptGetVolumeSize( const char * device )
{
	stringList_t stl = StringListVoid ;

	StringListIterator it  ;
	StringListIterator end ;

	string_t xt ;

	const char * e ;

	u_int64_t r = 0 ;

	blkid_probe blkid = blkid_new_probe_from_filename( device ) ;

	if( blkid == NULL ){
		return 0 ;
	}

	e = NULL ;
	blkid_do_probe( blkid ) ;
	blkid_probe_lookup_value( blkid,"TYPE",&e,NULL ) ;

	if( StringsAreNotEqual( e,"btrfs" ) ){
		r = blkid_probe_get_size( blkid ) ;
		blkid_free_probe( blkid ) ;
		return r ;
	}else{
		/*
		 * we got a btrfs volume,this device could be one among a bunch of devices that makes the btfs volume.
		 * iterate through all known devices and add their sizes to this device if they are a part of the same
		 * btrfs volume.
		 */
		e = NULL ;

		if( blkid_probe_lookup_value( blkid,"UUID",&e,NULL ) == 0 ){
			xt = String( e ) ;
		}else{
			xt = StringVoid ;
		}

		blkid_free_probe( blkid ) ;

		if( xt == StringVoid ){
			return 0 ;
		}else{
			/*
			 * zuluCryptVolumeList() is defined in this source file
			 */
			stl = zuluCryptVolumeList() ;
			zuluCryptSecurityGainElevatedPrivileges() ;

			StringListGetIterators( stl,&it,&end ) ;

			while( it != end ){
				blkid = blkid_new_probe_from_filename( StringContent( *it ) ) ;
				it++ ;
				if( blkid != NULL ){
					blkid_do_probe( blkid ) ;
					e = NULL ;
					if( blkid_probe_lookup_value( blkid,"UUID",&e,NULL ) == 0 ){
						if( StringEqual( xt,e ) ){
							r += blkid_probe_get_size( blkid ) ;
						}
					}
					blkid_free_probe( blkid ) ;
				}
			}
			StringDelete( &xt ) ;
			StringListDelete( &stl ) ;
			return r ;
		}
	}
}