static int _create_volume( const char * dev,const char * fs,const char * type,const char * pass,size_t pass_size,const char * rng ) { size_t len ; int status ; string_t m = StringVoid ; const char * device_mapper ; const char * mapper ; if ( zuluCryptPathIsNotValid( dev ) ){ return 1 ; } m = String( crypt_get_dir() ) ; len = StringLength( m ) ; StringAppend( m,"/zuluCrypt-" ) ; device_mapper = StringAppendInt( m,syscall( SYS_gettid ) ) ; mapper = device_mapper + len + 1 ; if( StringsAreEqual( type,"luks" ) ){ if( StringsAreNotEqual( rng,"/dev/random" ) ){ if( StringsAreNotEqual( rng,"/dev/urandom" ) ){ return zuluExit( 2,m ) ; } } if( zuluCryptCreateLuks( dev,pass,pass_size,rng ) != 0 ){ return zuluExit( 3,m ) ; } if( zuluCryptOpenLuks( dev,mapper,"rw",pass,pass_size ) != 0 ){ return zuluExit( 3,m ) ; } }else if( StringsAreEqual( type,"plain") ){ if( zuluCryptOpenPlain( dev,mapper,"rw",pass,pass_size ) != 0 ){ return zuluExit( 3,m ) ; } }else{ return zuluExit( 2,m ) ; } status = zuluCryptCreateFileSystemInAVolume( fs,device_mapper ) ; /* * zuluCryptCloseMapper() is defined in close_mapper.c */ zuluCryptCloseMapper( device_mapper ); if( status == 0 ){ return zuluExit( 0,m ) ; }else{ return zuluExit( 3,m ) ; } }
static int _restore_truecrypt_header( const struct_opts * opts,const char * temp_path,uid_t uid ) { int r ; /* * info_t structure is declared in ../lib/include.h */ info_t info ; memset( &info,'\0',sizeof( info_t ) ) ; info.device = opts->device ; info.header_source = "header_from_file" ; info.getKey = _get_password_0 ; info.tmp_path = temp_path ; info.uid = uid ; info.rng = opts->rng ; info.opt = opts->m_opts ; r = _modify_tcrypt( &info,opts ) ; if( opts->key == NULL && StringsAreNotEqual( opts->key_source,"-f" ) ){ printf( "\n" ) ; } if( r == TC_OK ){ return 1 ; }else{ return 20 ; } }
/* * Here,we check if the path we sent to open() is the path open() used. This check is necessary to * guard against some known hypothetical exploits */ static int _paths_are_not_sane( int fd,const char * path ) { char * c = zuluCryptGetFileNameFromFileDescriptor( fd ) ; int st = StringsAreNotEqual( c,path ) ; StringFree( c ) ; return st ; }
char * zuluCryptGetLoopDeviceAddress( const char * device ) { char * z = NULL ; const char * e ; string_t st = StringVoid ; string_t xt = StringVoid ; int i ; int r ; z = zuluCryptLoopDeviceAddress_1( device ) ; if( z == NULL ){ return NULL ; }else{ st = String( "" ) ; for( i = 0 ; i < 255 ; i++ ){ StringReplace( st,"/sys/block/loop" ) ; StringAppendInt( st,i ) ; xt = StringGetFromVirtualFile( StringAppend( st,"/loop/backing_file" ) ) ; e = StringRemoveRight( xt,1 ) ; r = StringsAreEqual( e,z ) ; StringDelete( &xt ) ; if( r ){ StringReplace( st,"/dev/loop" ) ; e = StringAppendInt( st,i ) ; if( StringsAreNotEqual( device,e ) ){ break ; } }else{ StringReset( st ) ; } } StringFree( z ) ; if( StringIsEmpty( st ) ){ StringDelete( &st ) ; return NULL ; }else{ return StringDeleteHandle( &st ) ; } } }
static int _modify_tcrypt( info_t * info,const struct_opts * opts ) { int k = 4 ; int r ; string_t st = StringVoid ; string_t xt = StringVoid ; if( StringsAreEqual( opts->key_source,"-p" ) ){ info->header_key = opts->key ; info->header_key_source = "passphrase" ; info->header_new_key_source = "new_passphrase" ; }else if( opts->key == NULL && StringsAreNotEqual( opts->key_source,"-f" ) ){ st = info->getKey( &r ) ; if( r ){ info->key = StringContent( st ) ; info->header_key = info->key ; info->header_key_source = "passphrase" ; info->header_new_key_source = "new_passphrase" ; }else{ return zuluExit_1( k,st,xt ) ; } }else{ /* * function is defined at "path_access.c" */ zuluCryptGetPassFromFile( opts->key,info->uid,&st ) ; zuluCryptSecurityGainElevatedPrivileges() ; if( st == StringVoid ){ return zuluExit_1( k,st,xt ) ; }else{ if( StringHasComponent( opts->key,".zuluCrypt-socket" ) ){ info->key = StringContent( st ) ; info->header_key = info->key ; info->header_key_source = "passphrase" ; info->header_new_key_source = "new_passphrase" ; }else{ xt = zuluCryptCreateKeyFile( StringContent( st ),StringLength( st ),"tcrypt-bk-" ) ; if( xt == StringVoid ){ return zuluExit_1( k,st,xt ) ; }else{ info->key = StringContent( xt ) ; info->header_key = info->key ; info->header_key_source = "keyfiles" ; info->header_new_key_source = "new_keyfiles" ; } } } } /* * zuluCryptModifyTcryptHeader() is defined in ../lib/create_tcrypt.c */ k = zuluCryptModifyTcryptHeader( info ) ; if( xt != StringVoid ){ /* * zuluCryptDeleteFile() is defined in ../lib/file_path_security.c */ zuluCryptDeleteFile( StringContent( xt ) ) ; } return zuluExit_1( k,st,xt ) ; }
u_int64_t zuluCryptGetVolumeSize( const char * device ) { stringList_t stl = StringListVoid ; StringListIterator it ; StringListIterator end ; string_t xt ; const char * e ; u_int64_t r = 0 ; blkid_probe blkid = blkid_new_probe_from_filename( device ) ; if( blkid == NULL ){ return 0 ; } e = NULL ; blkid_do_probe( blkid ) ; blkid_probe_lookup_value( blkid,"TYPE",&e,NULL ) ; if( StringsAreNotEqual( e,"btrfs" ) ){ r = blkid_probe_get_size( blkid ) ; blkid_free_probe( blkid ) ; return r ; }else{ /* * we got a btrfs volume,this device could be one among a bunch of devices that makes the btfs volume. * iterate through all known devices and add their sizes to this device if they are a part of the same * btrfs volume. */ e = NULL ; if( blkid_probe_lookup_value( blkid,"UUID",&e,NULL ) == 0 ){ xt = String( e ) ; }else{ xt = StringVoid ; } blkid_free_probe( blkid ) ; if( xt == StringVoid ){ return 0 ; }else{ /* * zuluCryptVolumeList() is defined in this source file */ stl = zuluCryptVolumeList() ; zuluCryptSecurityGainElevatedPrivileges() ; StringListGetIterators( stl,&it,&end ) ; while( it != end ){ blkid = blkid_new_probe_from_filename( StringContent( *it ) ) ; it++ ; if( blkid != NULL ){ blkid_do_probe( blkid ) ; e = NULL ; if( blkid_probe_lookup_value( blkid,"UUID",&e,NULL ) == 0 ){ if( StringEqual( xt,e ) ){ r += blkid_probe_get_size( blkid ) ; } } blkid_free_probe( blkid ) ; } } StringDelete( &xt ) ; StringListDelete( &stl ) ; return r ; } } }