static string_t _get_mapper_property_from_udev( const char * mapper,const char * prefix,size_t position ) { DIR * dir = opendir( "/dev/disk/by-id/" ) ; struct dirent * e ; const char * f = mapper + StringSize( crypt_get_dir() ) + 1 ; stringList_t stl ; string_t st = StringVoid ; if( dir != NULL ){ while( ( e = readdir( dir ) ) != NULL ){ if( StringStartsAndEndsWith( e->d_name,prefix,f ) ){ stl = StringListSplit( e->d_name,'-' ) ; st = StringListCopyStringAt( stl,position ) ; StringListDelete( &stl ) ; break ; } } closedir( dir ) ; } return st ; }
static int zuluExit( stringList_t stl, int status ) { ssize_t index ; switch( status ){ case 0 : printf( gettext( "SUCCESS: Mapper created successfully\n" ) ) ; index = StringListHasStartSequence( stl,crypt_get_dir() ) ; if( index >= 0 ){ printf( gettext( "Opened mapper path: " ) ) ; StringListPrintLineAt( stl,index ) ; } break ; case 1 : printf( gettext( "ERROR: Could not create mapper\n" ) ) ;break ; case 2 : printf( gettext( "ERROR: Could not resolve device path\n" ) ) ;break ; case 3 : printf( gettext( "\nSUCCESS: Random data successfully written\n" ) ) ;break ; case 5 : printf( gettext( "INFO: User chose not to proceed\n" ) ) ;break ; case 8 : printf( gettext( "ERROR: Insufficitied privilege to oped device \n" ) ) ;break ; case 9 : printf( gettext( "ERROR: Device path is invalid\n" ) ) ;break ; case 10: printf( gettext( "ERROR: Passphrase file does not exist\n" ) ) ;break ; case 11: printf( gettext( "ERROR: Could not get enought memory to hold the key file\n" ) ) ;break ; case 12: printf( gettext( "ERROR: Insufficient privilege to open key file for reading\n" ) ) ;break ; case 13: printf( gettext( "ERROR: Can not open a mapper on a device with an opened mapper\n" ) ) ;break ; case 14: printf( gettext( "ERROR: Can not open a mapper on a mounted device\n" ) ) ;break ; case 15: printf( gettext( "INFO: Signal caught,exiting prematurely\n" ) ) ;break ; case 16: printf( gettext( "ERROR: Can not get passphrase in silent mode\n" ) ) ;break ; case 17: printf( gettext( "ERROR: Insufficient memory to hold passphrase\n" ) ) ;break ; case 18: printf( gettext( "ERROR: Insufficient memory to hold 3 characters?really?\n" ) ) ;break ; case 19: printf( gettext( "ERROR: Insufficient privilege to open the file with your privileges?\n" ) ) ;break ; } StringListClearDelete( &stl ) ; return status ; }
static char * _volume_device_name( const char * mapper,char * ( *function )( const char * ) ) { struct crypt_device * cd ; const char * e = crypt_get_dir() ; char * f = NULL ; if( zuluCryptTrueCryptOrVeraCryptVolume( mapper ) ){ return _device_name( mapper,function ) ; }else{ if( crypt_init_by_name( &cd,mapper ) == 0 ){ e = crypt_get_device_name( cd ) ; if( e != NULL ){ f = function( e ) ; } crypt_free( cd ) ; } return f ; } }
static int _wipe_data_device(struct crypt_device *cd, const char *integrity_key) { char tmp_name[64], tmp_path[128], tmp_uuid[40]; uuid_t tmp_uuid_bin; int r; if (!opt_batch_mode) log_std(_("Wiping device to initialize integrity checksum.\n" "You can interrupt this by pressing CTRL+c " "(rest of not wiped device will contain invalid checksum).\n")); /* Activate the device a temporary one */ uuid_generate(tmp_uuid_bin); uuid_unparse(tmp_uuid_bin, tmp_uuid); if (snprintf(tmp_name, sizeof(tmp_name), "temporary-cryptsetup-%s", tmp_uuid) < 0) return -EINVAL; if (snprintf(tmp_path, sizeof(tmp_path), "%s/%s", crypt_get_dir(), tmp_name) < 0) return -EINVAL; r = crypt_activate_by_volume_key(cd, tmp_name, integrity_key, opt_integrity_key_size, CRYPT_ACTIVATE_PRIVATE | CRYPT_ACTIVATE_NO_JOURNAL); if (r < 0) return r; /* Wipe the device */ set_int_handler(0); r = crypt_wipe(cd, tmp_path, CRYPT_WIPE_ZERO, 0, 0, DEFAULT_WIPE_BLOCK, 0, &tools_wipe_progress, NULL); if (crypt_deactivate(cd, tmp_name)) log_err(_("Cannot deactivate temporary device %s."), tmp_path); set_int_block(0); return r; }
static int _create_volume( const char * dev,const char * fs,const char * type,const char * pass,size_t pass_size,const char * rng ) { size_t len ; int status ; string_t m = StringVoid ; const char * device_mapper ; const char * mapper ; if ( zuluCryptPathIsNotValid( dev ) ){ return 1 ; } m = String( crypt_get_dir() ) ; len = StringLength( m ) ; StringAppend( m,"/zuluCrypt-" ) ; device_mapper = StringAppendInt( m,syscall( SYS_gettid ) ) ; mapper = device_mapper + len + 1 ; if( StringsAreEqual( type,"luks" ) ){ if( StringsAreNotEqual( rng,"/dev/random" ) ){ if( StringsAreNotEqual( rng,"/dev/urandom" ) ){ return zuluExit( 2,m ) ; } } if( zuluCryptCreateLuks( dev,pass,pass_size,rng ) != 0 ){ return zuluExit( 3,m ) ; } if( zuluCryptOpenLuks( dev,mapper,"rw",pass,pass_size ) != 0 ){ return zuluExit( 3,m ) ; } }else if( StringsAreEqual( type,"plain") ){ if( zuluCryptOpenPlain( dev,mapper,"rw",pass,pass_size ) != 0 ){ return zuluExit( 3,m ) ; } }else{ return zuluExit( 2,m ) ; } status = zuluCryptCreateFileSystemInAVolume( fs,device_mapper ) ; /* * zuluCryptCloseMapper() is defined in close_mapper.c */ zuluCryptCloseMapper( device_mapper ); if( status == 0 ){ return zuluExit( 0,m ) ; }else{ return zuluExit( 3,m ) ; } }
static int _create_file_system( const char * device,const char * fs,int key_source, const char * key,size_t key_len,int volume_type ) { string_t m = StringVoid ; int r ; const char * device_mapper ; const char * mapper ; size_t len ; m = String( crypt_get_dir() ) ; len = StringLength( m ) ; StringAppend( m,"/zuluCrypt-" ) ; device_mapper = StringAppendInt( m,syscall( SYS_gettid ) ) ; mapper = device_mapper + len + 1 ; /* * zuluCryptOpenTcrypt() is defined in open_tcrypt.c */ if( zuluCryptOpenTcrypt( device,mapper,key,key_len,key_source,volume_type,NULL,0,0,NULL ) == 0 ){ /* * zuluCryptCreateFileSystemInAVolume() is defined in create_volume.c */ if( zuluCryptCreateFileSystemInAVolume( fs,device_mapper ) == 0 ){ r = 0 ; }else{ r = 3 ; } /* * zuluCryptCloseMapper() is defined in close_mapper.c */ zuluCryptCloseMapper( device_mapper ) ; }else{ r = 3 ; } StringDelete( &m ) ; return r ; }
char * zuluCryptGetVolumeTypeFromMapperPath( const char * mapper ) { struct crypt_device * cd ; const char * type ; char * r ; string_t st ; if( StringPrefixNotEqual( mapper,crypt_get_dir() ) ){ return StringCopy_2( "Nil" ) ; } if( crypt_init_by_name( &cd,mapper ) < 0 ){ return StringCopy_2( "Nil" ) ; } type = crypt_get_type( cd ) ; if( type == NULL ){ if( StringHasComponent( mapper,"veracrypt" ) ){ r = StringCopy_2( "crypto_VCRYPT" ) ; }else if( StringHasComponent( mapper,"truecrypt" ) ){ r = StringCopy_2( "crypto_TCRYPT" ) ; }else{ r = _get_type_from_udev( mapper ) ; } }else{ st = String_1( "crypto_",type,NULL ) ; r = StringDeleteHandle( &st ) ; } crypt_free( cd ) ; return r ; }
void checkForOpenedMappers( void ) { char * d ; int st = 1 ; struct dirent * entry ; DIR * dir = opendir( crypt_get_dir() ) ; printf( "check if there are no opened mappers: " ) ; if( dir == NULL ){ printf( "failed to complete the test\n" ) ; EXIT( 1,NULL ) ; } while( ( entry = readdir( dir ) ) != NULL ){ d = strstr( entry->d_name,"zuluCrypt-" ) ; if( d != NULL ){ if( st ){ printf( "FAILED\n" ) ; st = 0 ; } st = 0 ; printf( "found opened mapper: /dev/mapper/%s\n",entry->d_name ) ; } } closedir( dir ) ; if( st ){ printf( "PASSED\n" ) ; } }
static int activate_and_check_status(const char *path, const char *device_name) { struct crypt_device *cd; struct crypt_active_device cad; int r; /* * LUKS device activation example. * It's sequence of sub-steps: device initialization, LUKS header load * and the device activation itself. */ r = crypt_init(&cd, path); if (r < 0 ) { printf("crypt_init() failed for %s.\n", path); return r; } /* * crypt_load() is used to load the LUKS header from block device * into crypt_device context. */ r = crypt_load(cd, /* crypt context */ CRYPT_LUKS1, /* requested type */ NULL); /* additional parameters (not used) */ if (r < 0) { printf("crypt_load() failed on device %s.\n", crypt_get_device_name(cd)); crypt_free(cd); return r; } /* * Device activation creates device-mapper devie mapping with name device_name. */ r = crypt_activate_by_passphrase(cd, /* crypt context */ device_name, /* device name to activate */ CRYPT_ANY_SLOT,/* which slot use (ANY - try all) */ "foo", 3, /* passphrase */ CRYPT_ACTIVATE_READONLY); /* flags */ if (r < 0) { printf("Device %s activation failed.\n", device_name); crypt_free(cd); return r; } printf("LUKS device %s/%s is active.\n", crypt_get_dir(), device_name); printf("\tcipher used: %s\n", crypt_get_cipher(cd)); printf("\tcipher mode: %s\n", crypt_get_cipher_mode(cd)); printf("\tdevice UUID: %s\n", crypt_get_uuid(cd)); /* * Get info about active device (query DM backend) */ r = crypt_get_active_device(cd, device_name, &cad); if (r < 0) { printf("Get info about active device %s failed.\n", device_name); crypt_deactivate(cd, device_name); crypt_free(cd); return r; } printf("Active device parameters for %s:\n" "\tDevice offset (in sectors): %" PRIu64 "\n" "\tIV offset (in sectors) : %" PRIu64 "\n" "\tdevice size (in sectors) : %" PRIu64 "\n" "\tread-only flag : %s\n", device_name, cad.offset, cad.iv_offset, cad.size, cad.flags & CRYPT_ACTIVATE_READONLY ? "1" : "0"); crypt_free(cd); return 0; }
static int action_format(int arg) { struct crypt_device *cd = NULL; struct crypt_params_integrity params = { .journal_size = opt_journal_size, .interleave_sectors = opt_interleave_sectors, /* in bitmap mode we have to overload these values... */ .journal_watermark = opt_integrity_bitmap ? opt_bitmap_sectors_per_bit : opt_journal_watermark, .journal_commit_time = opt_integrity_bitmap ? opt_bitmap_flush_time : opt_journal_commit_time, .buffer_sectors = opt_buffer_sectors, .tag_size = opt_tag_size, .sector_size = opt_sector_size ?: SECTOR_SIZE, }; char integrity[MAX_CIPHER_LEN], journal_integrity[MAX_CIPHER_LEN], journal_crypt[MAX_CIPHER_LEN]; char *integrity_key = NULL, *msg = NULL; int r; size_t signatures; if (opt_integrity) { r = crypt_parse_hash_integrity_mode(opt_integrity, integrity); if (r < 0) { log_err(_("No known integrity specification pattern detected.")); return r; } params.integrity = integrity; } if (opt_journal_integrity) { r = crypt_parse_hash_integrity_mode(opt_journal_integrity, journal_integrity); if (r < 0) { log_err(_("No known integrity specification pattern detected.")); return r; } params.journal_integrity = journal_integrity; } if (opt_journal_crypt) { r = crypt_parse_hash_integrity_mode(opt_journal_crypt, journal_crypt); if (r < 0) { log_err(_("No known integrity specification pattern detected.")); return r; } params.journal_crypt = journal_crypt; } r = _read_keys(&integrity_key, ¶ms); if (r) goto out; r = crypt_init_data_device(&cd, action_argv[0], opt_data_device); if (r < 0) goto out; r = asprintf(&msg, _("This will overwrite data on %s irrevocably."), action_argv[0]); if (r == -1) { r = -ENOMEM; goto out; } r = yesDialog(msg, _("Operation aborted.\n")) ? 0 : -EINVAL; free(msg); if (r < 0) goto out; r = tools_detect_signatures(action_argv[0], 0, &signatures); if (r < 0) goto out; /* Signature candidates found */ if (signatures && ((r = tools_wipe_all_signatures(action_argv[0])) < 0)) goto out; r = crypt_format(cd, CRYPT_INTEGRITY, NULL, NULL, NULL, NULL, 0, ¶ms); if (r < 0) /* FIXME: call wipe signatures again */ goto out; if (!opt_batch_mode) log_std(_("Formatted with tag size %u, internal integrity %s.\n"), opt_tag_size, opt_integrity); if (!opt_no_wipe) r = _wipe_data_device(cd, integrity_key); out: crypt_safe_free(integrity_key); crypt_safe_free(CONST_CAST(void*)params.journal_integrity_key); crypt_safe_free(CONST_CAST(void*)params.journal_crypt_key); crypt_free(cd); return r; } static int action_open(int arg) { struct crypt_device *cd = NULL; struct crypt_params_integrity params = { /* in bitmap mode we have to overload these values... */ .journal_watermark = opt_integrity_bitmap ? opt_bitmap_sectors_per_bit : opt_journal_watermark, .journal_commit_time = opt_integrity_bitmap ? opt_bitmap_flush_time : opt_journal_commit_time, .buffer_sectors = opt_buffer_sectors, }; uint32_t activate_flags = 0; char integrity[MAX_CIPHER_LEN], journal_integrity[MAX_CIPHER_LEN], journal_crypt[MAX_CIPHER_LEN]; char *integrity_key = NULL; int r; if (opt_integrity) { r = crypt_parse_hash_integrity_mode(opt_integrity, integrity); if (r < 0) { log_err(_("No known integrity specification pattern detected.")); return r; } params.integrity = integrity; } if (opt_journal_integrity) { r = crypt_parse_hash_integrity_mode(opt_journal_integrity, journal_integrity); if (r < 0) { log_err(_("No known integrity specification pattern detected.")); return r; } params.journal_integrity = journal_integrity; } if (opt_journal_crypt) { r = crypt_parse_hash_integrity_mode(opt_journal_crypt, journal_crypt); if (r < 0) { log_err(_("No known integrity specification pattern detected.")); return r; } params.journal_crypt = journal_crypt; } if (opt_integrity_nojournal || opt_integrity_bitmap) activate_flags |= CRYPT_ACTIVATE_NO_JOURNAL; if (opt_integrity_recovery) activate_flags |= CRYPT_ACTIVATE_RECOVERY; if (opt_integrity_bitmap) activate_flags |= CRYPT_ACTIVATE_NO_JOURNAL_BITMAP; if (opt_integrity_recalculate) activate_flags |= CRYPT_ACTIVATE_RECALCULATE; r = _read_keys(&integrity_key, ¶ms); if (r) goto out; if ((r = crypt_init_data_device(&cd, action_argv[0], opt_data_device))) goto out; r = crypt_load(cd, CRYPT_INTEGRITY, ¶ms); if (r) goto out; r = crypt_activate_by_volume_key(cd, action_argv[1], integrity_key, opt_integrity_key_size, activate_flags); out: crypt_safe_free(integrity_key); crypt_safe_free(CONST_CAST(void*)params.journal_integrity_key); crypt_safe_free(CONST_CAST(void*)params.journal_crypt_key); crypt_free(cd); return r; } static int action_close(int arg) { struct crypt_device *cd = NULL; int r; r = crypt_init_by_name(&cd, action_argv[0]); if (r == 0) r = crypt_deactivate(cd, action_argv[0]); crypt_free(cd); return r; } static int action_status(int arg) { crypt_status_info ci; struct crypt_active_device cad; struct crypt_params_integrity ip = {}; struct crypt_device *cd = NULL; char *backing_file; const char *device, *metadata_device; int path = 0, r = 0; /* perhaps a path, not a dm device name */ if (strchr(action_argv[0], '/')) path = 1; ci = crypt_status(NULL, action_argv[0]); switch (ci) { case CRYPT_INVALID: r = -EINVAL; break; case CRYPT_INACTIVE: if (path) log_std("%s is inactive.\n", action_argv[0]); else log_std("%s/%s is inactive.\n", crypt_get_dir(), action_argv[0]); r = -ENODEV; break; case CRYPT_ACTIVE: case CRYPT_BUSY: if (path) log_std("%s is active%s.\n", action_argv[0], ci == CRYPT_BUSY ? " and is in use" : ""); else log_std("%s/%s is active%s.\n", crypt_get_dir(), action_argv[0], ci == CRYPT_BUSY ? " and is in use" : ""); r = crypt_init_by_name_and_header(&cd, action_argv[0], NULL); if (r < 0) goto out; log_std(" type: %s\n", crypt_get_type(cd) ?: "n/a"); r = crypt_get_active_device(cd, action_argv[0], &cad); if (r < 0) goto out; r = crypt_get_integrity_info(cd, &ip); if (r < 0) goto out; log_std(" tag size: %u\n", ip.tag_size); log_std(" integrity: %s\n", ip.integrity ?: "(none)"); device = crypt_get_device_name(cd); metadata_device = crypt_get_metadata_device_name(cd); log_std(" device: %s%s\n", device, metadata_device ? " (detached)" : ""); if (crypt_loop_device(device)) { backing_file = crypt_loop_backing_file(device); log_std(" loop: %s\n", backing_file); free(backing_file); } if (metadata_device) { log_std(" metadata device: %s\n", metadata_device); if (crypt_loop_device(metadata_device)) { backing_file = crypt_loop_backing_file(metadata_device); log_std(" loop: %s\n", backing_file); free(backing_file); } } log_std(" sector size: %u bytes\n", crypt_get_sector_size(cd)); log_std(" interleave sectors: %u\n", ip.interleave_sectors); log_std(" size: %" PRIu64 " sectors\n", cad.size); log_std(" mode: %s%s\n", cad.flags & CRYPT_ACTIVATE_READONLY ? "readonly" : "read/write", cad.flags & CRYPT_ACTIVATE_RECOVERY ? " recovery" : ""); log_std(" failures: %" PRIu64 "\n", crypt_get_active_integrity_failures(cd, action_argv[0])); if (cad.flags & CRYPT_ACTIVATE_NO_JOURNAL_BITMAP) { log_std(" bitmap 512-byte sectors per bit: %u\n", ip.journal_watermark); log_std(" bitmap flush interval: %u ms\n", ip.journal_commit_time); } if (cad.flags & CRYPT_ACTIVATE_NO_JOURNAL) { log_std(" journal: not active\n"); } else { log_std(" journal size: %" PRIu64 " bytes\n", ip.journal_size); log_std(" journal watermark: %u%%\n", ip.journal_watermark); log_std(" journal commit time: %u ms\n", ip.journal_commit_time); if (ip.journal_integrity) log_std(" journal integrity MAC: %s\n", ip.journal_integrity); if (ip.journal_crypt) log_std(" journal encryption: %s\n", ip.journal_crypt); } } out: crypt_free(cd); if (r == -ENOTSUP) r = 0; return r; return -EINVAL; } static int action_dump(int arg) { struct crypt_device *cd = NULL; struct crypt_params_integrity params = {}; int r; if ((r = crypt_init(&cd, action_argv[0]))) return r; r = crypt_load(cd, CRYPT_INTEGRITY, ¶ms); if (!r) crypt_dump(cd); crypt_free(cd); return r; } static struct action_type { const char *type; int (*handler)(int); int required_action_argc; const char *arg_desc; const char *desc; } action_types[] = { { "format", action_format, 1, N_("<integrity_device>"),N_("format device") }, { "open", action_open, 2, N_("<integrity_device> <name>"),N_("open device as <name>") }, { "close", action_close, 1, N_("<name>"),N_("close device (deactivate and remove mapping)") }, { "status", action_status, 1, N_("<name>"),N_("show active device status") }, { "dump", action_dump, 1, N_("<integrity_device>"),N_("show on-disk information") }, { NULL, NULL, 0, NULL, NULL } }; static void help(poptContext popt_context, enum poptCallbackReason reason __attribute__((unused)), struct poptOption *key, const char *arg __attribute__((unused)), void *data __attribute__((unused))) { struct action_type *action; if (key->shortName == '?') { log_std("%s %s\n", PACKAGE_INTEGRITY, PACKAGE_VERSION); poptPrintHelp(popt_context, stdout, 0); log_std(_("\n" "<action> is one of:\n")); for(action = action_types; action->type; action++) log_std("\t%s %s - %s\n", action->type, _(action->arg_desc), _(action->desc)); log_std(_("\n" "<name> is the device to create under %s\n" "<integrity_device> is the device containing data with integrity tags\n"), crypt_get_dir()); log_std(_("\nDefault compiled-in dm-integrity parameters:\n" "\tTag size: %u bytes, Checksum algorithm: %s\n"), DEFAULT_TAG_SIZE, DEFAULT_ALG_NAME); exit(EXIT_SUCCESS); } else usage(popt_context, EXIT_SUCCESS, NULL, NULL); } static int run_action(struct action_type *action) { int r; log_dbg("Running command %s.", action->type); r = action->handler(0); show_status(r); return translate_errno(r); }
static int open_plain_as_me_1(const struct_opts * opts,const char * mapping_name,uid_t uid,int op ) { /* * Below is a form of memory management.All strings are collected in a stringlist object to easily delete them * when the function returns.This allows for the function to have multiple exit points without risks of leaking * memory from manually examining each exit point to make sure all strings are deleted or go with multiple goto * code deleting blocks to take into account different exit points. */ stringList_t stl ; string_t * stringArray = StringListArray( &stl,5 ) ; string_t * mapper = &stringArray[ 0 ] ; string_t * passphrase = &stringArray[ 1 ] ; string_t * p = &stringArray[ 2 ] ; string_t * dev_st = &stringArray[ 3 ] ; string_t * dev_1 = &stringArray[ 4 ] ; size_t len = 0 ; const char * source = opts->key_source ; const char * pass = opts->key ; int k = opts->ask_confirmation ; const char * cpass = NULL ; char * d ; const char * device = opts->device ; const char * dev = opts->device ; int j ; int n ; const char * cmapper ; if( StringPrefixEqual( device,"/dev/loop" ) ){ /* * zuluCryptLoopDeviceAddress() is defined in ../lib/create_loop_device.c */ d = zuluCryptLoopDeviceAddress( device ) ; *dev_st = StringInherit( &d ) ; dev = StringContent( *dev_st ) ; *dev_1 = StringCopy( *dev_st ) ; device = StringReplaceString( * dev_1,"\\040"," " ) ; } /* * zuluCryptPartitionIsSystemPartition() is defined in ./partition.c */ if( zuluCryptPartitionIsSystemPartition( device,uid ) ){ if( uid != 0 ){ return zuluExit( stl,8 ) ; } } /* * ZULUCRYPTlongMapperPath and ZULUCRYPTshortMapperPath are in ../constants.h * zuluCryptCreateMapperName() is defined at ../lib/create_mapper_name.c */ *mapper = zuluCryptCreateMapperName( device,mapping_name,uid,ZULUCRYPTshortMapperPath ) ; *p = zuluCryptCreateMapperName( device,mapping_name,uid,ZULUCRYPTlongMapperPath ) ; j = zuluCryptCheckOpenedMapper( StringContent( *p ) ) ; /* * zuluCryptPartitionIsMounted() is defined in ../lib/process_mountinfo.c */ n = zuluCryptPartitionIsMounted( dev ) ; if( j == 1 ){ return zuluExit( stl,13 ) ; } if( n == 1 ){ return zuluExit( stl,14 ) ; } if( k == 0 ){ *passphrase = StringRandomString( 64 ) ; cpass = StringContent( *passphrase ) ; len = StringLength( *passphrase ) ; }else if( source == NULL ){ printf( gettext( "Enter passphrase: " ) ) ; /* * ZULUCRYPT_KEY_MAX_SIZE is set in ../constants.h */ switch( StringSilentlyGetFromTerminal_1( passphrase,ZULUCRYPT_KEY_MAX_SIZE ) ){ case 1 : return zuluExit( stl,16 ) ; case 2 : return zuluExit( stl,17 ) ; } printf( "\n" ) ; cpass = StringContent( *passphrase ) ; len = StringLength( *passphrase ) ; }else{ if( strcmp( source,"-p" ) == 0 ){ *passphrase = String( pass ) ; cpass = StringContent( *passphrase ) ; len = StringLength( *passphrase ) ; }else if( strcmp( source,"-f" ) == 0 ){ /* * zuluCryptGetPassFromFile() is defined at "path_access.c" */ switch( zuluCryptGetPassFromFile( pass,uid,passphrase ) ){ case 1 : return zuluExit( stl,10 ) ; case 2 : return zuluExit( stl,11 ) ; case 4 : return zuluExit( stl,12 ) ; } cpass = StringContent( *passphrase ) ; len = StringLength( *passphrase ) ; } } if( zuluCryptSecurityGainElevatedPrivileges() ){ /* * zuluCryptOpenPlain() is defined in ../lib/open_plain.c */ if( zuluCryptOpenPlain( device,StringContent( *mapper ),"rw",cpass,len ) != 0 ){ zuluCryptSecurityDropElevatedPrivileges() ; return zuluExit( stl,1 ) ; } } zuluCryptSecurityDropElevatedPrivileges() ; /* * Create a mapper path(usually at /dev/mapper) associated with opened plain mapper above. */ cmapper = StringMultiplePrepend( *mapper,"/",crypt_get_dir(),NULL ) ; /* * mapper path is usually a soft link to /dev/dm-X * resolve the mapper path to its respective /dev/dm-X and set permission on it. * * We set permission of /dev/dm-X pointing to the device to "u+rw" because we want notmal user to be able * to write to the device through the mapper. * * Useful when a normal user want to delete content of the device by writing random data to it. */ d = zuluCryptRealPath( cmapper ) ; if( zuluCryptSecurityGainElevatedPrivileges() ){ if( d != NULL ){ _ignore_result( chown( d,uid,0 ) ) ; _ignore_result( chmod( d,S_IRWXU ) ) ; StringFree( d ) ; } zuluCryptSecurityDropElevatedPrivileges() ; }else{ return zuluExit( stl,1 ) ; } if( op == 1 ){ return zuluExit( stl,0 ) ; }else{ StringListClearDelete( &stl ) ; return 0 ; } }
/* * Purpose of this function is to open a device and write random data to it as a way of hiding information on the disk. * * The above is accomplished by opening a plain mapper against the device and then write to the device through the mapper * */ int zuluCryptEXEWriteDeviceWithJunk( const struct_opts * opts,const char * mapping_name,uid_t uid ) { stringList_t stl = StringListInit() ; string_t * mapper = StringListAssign( stl ) ; string_t * confirm = StringListAssign( stl ); double size ; double size_written ; const char * device = opts->device ; char buffer[ SIZE ] ; int ratio ; int prev_ratio ; int k ; struct sigaction sigac; memset( &sigac,'\0',sizeof( struct sigaction ) ) ; sigac.sa_handler = &sigTERMhandler ; sigaction( SIGINT,&sigac,NULL ) ; sigaction( SIGTERM,&sigac,NULL ) ; sigaction( SIGHUP,&sigac,NULL ) ; __exit_as_requested = 0 ; if( ( k = open_plain_as_me_1( opts,mapping_name,uid,0 ) ) != 0 ){ return k ; } *mapper = zuluCryptCreateMapperName( device,mapping_name,uid,ZULUCRYPTshortMapperPath ) ; StringMultiplePrepend( *mapper,"/",crypt_get_dir(),NULL ) ; if( opts->ask_confirmation ){ printf( gettext( "\nWARNING, device \"%s\" will be overwritten with random data destroying all present data.\n" ),device ) ; printf( gettext( "Are you sure you want to proceed? Type \"YES\" and press enter if you are sure: " ) ) ; *confirm = StringGetFromTerminal_1( 3 ) ; if( *confirm == StringVoid ){ return zuluExit( stl,17 ) ; }else{ k = StringEqual( *confirm,gettext( "YES" ) ) ; if( k == 0 ){ if( zuluCryptSecurityGainElevatedPrivileges() ){ zuluCryptCloseMapper( StringContent( *mapper ) ) ; zuluCryptSecurityDropElevatedPrivileges() ; } return zuluExit( stl,5 ) ; } } } k = open( StringContent( *mapper ),O_WRONLY ) ; size = ( double ) blkid_get_dev_size( k ) ; memset( buffer,0,SIZE ) ; size_written = 0 ; prev_ratio = -1 ; while( write( k,buffer,SIZE ) > 0 ){ if( __exit_as_requested == 1 ){ break ; } size_written += SIZE ; ratio = ( int ) ( ( size_written / size ) * 100 ) ; if( ratio > prev_ratio ){ printf( "\r%s %d%%",gettext( "percentage complete: " ),ratio ) ; fflush( stdout ); prev_ratio = ratio ; } } close( k ) ; if( zuluCryptSecurityGainElevatedPrivileges() ){ zuluCryptCloseMapper( StringContent( *mapper ) ) ; zuluCryptSecurityDropElevatedPrivileges() ; } if( __exit_as_requested == 1 ){ return zuluExit( stl,15 ) ; }else{ return zuluExit( stl,3 ) ; } }