static inline int _option_contain_not_allowed( const char * fs,const char * fs_opts )
{
stringList_t stl = StringListSplit( fs_opts,',' ) ;
int r = 1 ;
if( stl != StringListVoid ){
if( StringHasAtLeastOneComponent_1( fs,"fat","dos",NULL ) ){
r = allowed_vfat( stl ) ;
}else if( StringsAreEqual( fs,"ntfs" ) ){
r = allowed_ntfs( stl ) ;
}else if( StringsAreEqual( fs,"udf" ) ){
r = allowed_udf( stl ) ;
}else if( StringsAreEqual( fs,"iso9660" ) ){
r = allowed_iso9660( stl ) ;
}else if( StringsAreEqual( fs,"btrfs" ) ){
r = allowed_btrfs( stl ) ;
}else{
r = 1 ;
}
StringListDelete( &stl ) ;
}else{
r = 1 ;
}
return r ;
}
int zuluCryptTrueCryptOrVeraCryptVolume( const char * mapper )
{
char buffer[ 1024 ] ;
mapper = mapper + StringLastIndexOfChar_1( mapper,'/' ) + 1 ;
tc_api_get_volume_type( buffer,sizeof( buffer ),mapper ) ;
return StringsAreEqual( buffer,"TCRYPT" ) || StringsAreEqual( buffer,"VCRYPT" ) ;
}
int zuluCryptModifyTcryptHeader( const info_t * info )
{
tc_api_task task ;
int r = !TC_OK ;
const char * sys_device = NULL ;
string_t st = StringVoid ;
if( tc_api_init( 0 ) == TC_OK ){
task = tc_api_task_init( "modify" ) ;
if( task != 0 ){
if( StringsAreEqual( info->opt,"sys" ) ){
tc_api_task_set( task,"dev",info->device ) ;
st = _root_device( info->device,&sys_device ) ;
tc_api_task_set( task,"sys",sys_device ) ;
}else if( StringsAreEqual( info->opt,"fde" ) ){
st = _root_device( info->device,&sys_device ) ;
tc_api_task_set( task,"dev",sys_device ) ;
tc_api_task_set( task,"fde",TRUE ) ;
}else{
tc_api_task_set( task,"dev",info->device ) ;
}
tc_api_task_set( task,"hidden_size_bytes",( u_int64_t )0 ) ;
/*
* below line may look like one of the following two lines:
* tc_api_task_set( task,"header_from_file","/home/ink/tc.headerbackup" ) ;
* tc_api_task_set( task,"save_header_to_file","/home/ink/tc.headerbackup" ) ;
*/
tc_api_task_set( task,info->header_source,info->tmp_path ) ;
/*
* below line may look like one of the following two lines:
* tc_api_task_set( task,"passphrase","xxx" ) ;
* tc_api_task_set( task,"keyfiles","/home/ink/keyfile" ) ;
*/
tc_api_task_set( task,info->header_key_source,info->header_key ) ;
/*
* below line may look like one of the following two lines:
* tc_api_task_set( task,"new_passphrase","xxx" ) ;
* tc_api_task_set( task,"new_keyfiles","/home/ink/keyfile" ) ;
*/
tc_api_task_set( task,info->header_new_key_source,info->header_key ) ;
if( StringsAreEqual( info->rng,"/dev/urandom" ) ){
tc_api_task_set( task,"weak_keys_and_salt",TRUE ) ;
}else{
tc_api_task_set( task,"weak_keys_and_salt",FALSE ) ;
}
r = tc_api_task_do( task ) ;
tc_api_task_uninit( task ) ;
}
tc_api_uninit() ;
}
StringDelete( &st ) ;
return r ;
}
int zuluCryptCreateFileSystemInAVolume( const char * fs,const char * device_mapper )
{
int status ;
char * e = NULL ;
process_t p = Process( ZULUCRYPTmkfs ) ;
if( StringAtLeastOneMatch_1( fs,"ext2","ext3","ext4",NULL ) ){
ProcessSetArgumentList( p,"-t",fs,"-m","1",device_mapper,ENDLIST ) ;
}else if( StringsAreEqual( fs,"reiserfs" ) ){
ProcessSetArgumentList( p,"-t",fs,"-f","-f","-q",device_mapper,ENDLIST ) ;
}else if( StringsAreEqual( fs,"jfs" ) ){
ProcessSetArgumentList( p,"-t",fs,"-q",device_mapper,ENDLIST ) ;
}else if( StringsAreEqual( fs,"ntfs" ) ){
ProcessSetArgumentList( p,"-t",fs,"-f",device_mapper,ENDLIST ) ;
}else if( StringsAreEqual( fs,"xfs" ) ){
ProcessSetArgumentList( p,"-t",fs,"-f",device_mapper,ENDLIST ) ;
}else{
ProcessSetArgumentList( p,"-t",fs,device_mapper,ENDLIST ) ;
/*
* unhandled fs are processed here.They are given 60 seconds to accomplish their task
* and are assumed to be running in interactive more and are blocked waiting for user input
* when they fail to return in time and hence are killed since we cant get to them from GUI
*/
ProcessSetOptionTimeout( p,60,SIGKILL ) ;
}
ProcessStart( p ) ;
status = ProcessExitStatus( p ) ;
if( status ){
ProcessGetOutPut( p,&e,STDERROR ) ;
if( e ){
puts( e ) ;
free( e ) ;
}
}
ProcessDelete( &p ) ;
return status ;
}
static int _create_volume( const char * dev,const char * fs,const char * type,const char * pass,size_t pass_size,const char * rng )
{
size_t len ;
int status ;
string_t m = StringVoid ;
const char * device_mapper ;
const char * mapper ;
if ( zuluCryptPathIsNotValid( dev ) ){
return 1 ;
}
m = String( crypt_get_dir() ) ;
len = StringLength( m ) ;
StringAppend( m,"/zuluCrypt-" ) ;
device_mapper = StringAppendInt( m,syscall( SYS_gettid ) ) ;
mapper = device_mapper + len + 1 ;
if( StringsAreEqual( type,"luks" ) ){
if( StringsAreNotEqual( rng,"/dev/random" ) ){
if( StringsAreNotEqual( rng,"/dev/urandom" ) ){
return zuluExit( 2,m ) ;
}
}
if( zuluCryptCreateLuks( dev,pass,pass_size,rng ) != 0 ){
return zuluExit( 3,m ) ;
}
if( zuluCryptOpenLuks( dev,mapper,"rw",pass,pass_size ) != 0 ){
return zuluExit( 3,m ) ;
}
}else if( StringsAreEqual( type,"plain") ){
if( zuluCryptOpenPlain( dev,mapper,"rw",pass,pass_size ) != 0 ){
return zuluExit( 3,m ) ;
}
}else{
return zuluExit( 2,m ) ;
}
status = zuluCryptCreateFileSystemInAVolume( fs,device_mapper ) ;
/*
* zuluCryptCloseMapper() is defined in close_mapper.c
*/
zuluCryptCloseMapper( device_mapper );
if( status == 0 ){
return zuluExit( 0,m ) ;
}else{
return zuluExit( 3,m ) ;
}
}
char * zuluCryptGetALoopDeviceAssociatedWithAnImageFile( const char * path )
{
int i ;
string_t st = String( "" ) ;
const char * e ;
char * f ;
for( i = 0 ; i < 255 ; i++ ){
StringReplace( st,"/dev/loop" ) ;
e = StringAppendInt( st,i ) ;
f = zuluCryptLoopDeviceAddress_1( e ) ;
if( StringsAreEqual( path,f ) ){
StringFree( f ) ;
return StringDeleteHandle( &st ) ;
}else{
StringFree( f ) ;
}
}
StringDelete( &st ) ;
return NULL ;
}
int zulucryptFileSystemIsSupported( const char * fs )
{
const char * f[] = { "xfs","ntfs","vfat","exfat","msdos","umsdos","affs","hfs","iso9660","jfs","jfs",
"romfs","udf","ext2","ext3","ext4","reiserfs","reiser4","btrfs","squashfs",NULL } ;
const char ** e = f ;
if( fs == NULL ){
return 0 ;
}else{
while( 1 ){
if( *e == NULL ){
return _fileSystemIsSupported( fs ) ;
}else if( StringsAreEqual( fs,*e ) ){
return 1 ;
}else{
e++ ;
}
}
}
}
static int mount_FUSEfs_0( m_struct * mst )
{
int status ;
const char * opts ;
process_t p = Process( ZULUCRYPTmount ) ;
string_t st = set_mount_options( mst ) ;
opts = _mount_options( mst->m_flags,st ) ;
if( StringsAreEqual( mst->fs,"ntfs" ) ){
if( StringHasComponent( opts,"ignore_case" ) ){
ProcessSetArgumentList( p,"-n","-t","lowntfs-3g","-o",opts,mst->device,mst->m_point,ENDLIST ) ;
}else{
ProcessSetArgumentList( p,"-n","-t","ntfs-3g","-o",opts,mst->device,mst->m_point,ENDLIST ) ;
}
}else{
ProcessSetArgumentList( p,"-t",mst->fs,"-o",opts,mst->device,mst->m_point,ENDLIST ) ;
}
ProcessStart( p ) ;
status = ProcessExitStatus( p ) ;
ProcessDelete( &p ) ;
StringDelete( &st ) ;
return status ;
}
char * zuluCryptResolvePath( const char * path )
{
char * e ;
char * f ;
if( StringsAreEqual( path,"/dev/root" ) ){
e = _zuluCryptResolveDevRoot() ;
if( e == NULL ){
return StringCopy_2( path ) ;
}else{
return e ;
}
}else if( StringPrefixEqual( path,"/dev/disk/by-" ) ){
/*
* zuluCryptRealPath() is defined in real_path.c
*/
e = zuluCryptRealPath( path ) ;
if( e == NULL ){
return StringCopy_2( path ) ;
}else{
if( StringPrefixEqual( e,"/dev/mapper/" ) ){
f = _convert_if_path_is_lvm( e ) ;
StringFree( e ) ;
return f ;
}else{
return e ;
}
}
}else if( StringPrefixEqual( path,"/dev/mapper/" ) ){
return _convert_if_path_is_lvm( path ) ;
}else if( StringPrefixEqual( path,"/dev/md" ) ){
return zuluCryptResolveMDPath( path ) ;
}else if( StringPrefixEqual( path,"/dev/dm-" ) ){
return zuluCryptResolveDMPath( path ) ;
}else if( StringPrefixEqual( path,"/dev/loop" ) ){
/*
* zuluCryptLoopDeviceAddress() is defined in create_loop_device.c
*/
return zuluCryptLoopDeviceAddress( path ) ;
}else{
return StringCopy_2( path ) ;
}
}
int zuluCryptPathDidNotChange( const char * path )
{
char * p = canonicalize_path( path ) ;
int st = 0 ;
if( p != NULL ){
st = StringsAreEqual( path,p ) ;
free( p ) ;
}
return st ;
}
char * zuluCryptGetLoopDeviceAddress( const char * device )
{
char * z = NULL ;
const char * e ;
string_t st = StringVoid ;
string_t xt = StringVoid ;
int i ;
int r ;
z = zuluCryptLoopDeviceAddress_1( device ) ;
if( z == NULL ){
return NULL ;
}else{
st = String( "" ) ;
for( i = 0 ; i < 255 ; i++ ){
StringReplace( st,"/sys/block/loop" ) ;
StringAppendInt( st,i ) ;
xt = StringGetFromVirtualFile( StringAppend( st,"/loop/backing_file" ) ) ;
e = StringRemoveRight( xt,1 ) ;
r = StringsAreEqual( e,z ) ;
StringDelete( &xt ) ;
if( r ){
StringReplace( st,"/dev/loop" ) ;
e = StringAppendInt( st,i ) ;
if( StringsAreNotEqual( device,e ) ){
break ;
}
}else{
StringReset( st ) ;
}
}
StringFree( z ) ;
if( StringIsEmpty( st ) ){
StringDelete( &st ) ;
return NULL ;
}else{
return StringDeleteHandle( &st ) ;
}
}
}
static int _valid_entry( const vInfo * e )
{
if( StringAtLeastOnePrefixMatch( e->mountPoint,"/var/run/media/public",
"/var/run/media/private",NULL ) ) {
/*
* some distributions auto generate these extra mount points and we
* ignore them as they confuse us.
*/
return 0 ;
}
if( StringsAreEqual( e->rootPath,"/" ) || StringsAreEqual( e->fileSystem,"btrfs" ) ) {
/*
* we only support bind mount on btrfs.
*/
return 1 ;
}
return 0 ;
}
int zuluCryptUserIsAMemberOfAGroup( uid_t uid,const char * groupname )
{
int i ;
struct group * grp ;
struct passwd * pass ;
const char * e ;
if( groupname == NULL ){
return 0 ;
}else if( uid == 0 ){
return 1 ;
}else{
pass = getpwuid( uid ) ;
if( pass == NULL ){
return 0 ;
}else{
grp = getgrnam( groupname ) ;
if( grp == NULL ){
return 0 ;
}else{
for( i = 0 ; ; i++ ){
e = *( grp->gr_mem + i ) ;
if( e == NULL ){
return 0 ;
}else{
if( StringsAreEqual( e,pass->pw_name ) ){
return 1 ;
}
}
}
return 0 ;
}
}
}
}
char * zuluCryptEvaluateDeviceTags( const char * tag,const char * path )
{
char * r ;
zuluCryptSecurityGainElevatedPrivileges() ;
/*
* zuluCryptDeviceFromUUID() is defined in ../lib/blkid_evaluate_tag.c
* zuluCryptDeviceFromLabel() is defined in ../lib/blkid_evaluate_tag.c
*/
if( StringsAreEqual( tag,"UUID" ) ){
r = zuluCryptDeviceFromUUID( path ) ;
}else{
r = zuluCryptDeviceFromLabel( path ) ;
}
zuluCryptSecurityDropElevatedPrivileges() ;
return r ;
}
/*
* raid path can be in format /dev/mdX or /dev/md/X.
* We prefer the latter and if given the former,convert it to the latter if possible
*/
string_t zuluCryptResolveMDPath_1( const char * path )
{
struct dirent * entry ;
char * e ;
const char * f = "/dev/md/" ;
DIR * dir = opendir( f ) ;
string_t st = String( f ) ;
if( dir != NULL ){
while( ( entry = readdir( dir ) ) != NULL ){
f = entry->d_name ;
if( !StringAtLeastOneMatch_1( f,".","..",NULL ) ){
e = zuluCryptRealPath( StringAppendAt( st,8,f ) ) ;
if( StringsAreEqual( path,e ) ){
StringFree( e ) ;
return zuluExit( dir,st ) ;
}else{
StringFree( e ) ;
}
}
}
}
StringReplace( st,path ) ;
return zuluExit( dir,st ) ;
}
static stringList_t _add_entry( stringList_t stx,stringList_t tmp,string_t ( *function )( const vInfo * ),
char * const ** entry,size_t * entry_len )
{
string_t st ;
u_int64_t e ;
vInfo volumeInfo ;
StringListStringArray_1( entry,entry_len,tmp ) ;
volumeInfo.device = *( *entry + *entry_len - 2 ) ;
volumeInfo.mountPoint = *( *entry + 4 ) ;
volumeInfo.fileSystem = *( *entry + *entry_len - 3 ) ;
volumeInfo.mountOptions = *( *entry + 5 ) ;
volumeInfo.rootPath = *( *entry + 3 ) ;
if( StringsAreEqual( volumeInfo.fileSystem,"fuse.encfs" ) ) {
st = StringListStringAt( tmp,*entry_len - 2 ) ;
StringReset( st ) ;
e = StringJenkinsOneAtATimeHash( volumeInfo.mountPoint ) ;
volumeInfo.device = StringAppendInt( st,e ) ;
}
if( _valid_entry( &volumeInfo ) ) {
st = function( &volumeInfo ) ;
stx = StringListAppendString_1( stx,&st ) ;
}
return stx ;
}
int zuluCryptEXEOpenVolume( const struct_opts * opts,const char * mapping_name,uid_t uid )
{
int share = opts->share ;
int open_mount = opts->open_mount ;
const char * device = opts->device ;
const char * mount_point = opts->mount_point ;
const char * m_opts = opts->m_opts ;
const char * source = opts->key_source ;
const char * pass = opts->key ;
const char * plugin_path = opts->plugin_path ;
const char * fs_opts = opts->fs_opts ;
const char * offset = opts->offset ;
const char * const * tcrypt_keyfiles = opts->tcrypt_multiple_keyfiles ;
/*
* Below is a form of memory management.All strings are collected in a stringlist object to easily delete them
* when the function returns.This allows for the function to have multiple exit points without risks of leaking
* memory from manually examining each exit point to make sure all strings are deleted or go with multiple goto
* code deleting blocks to take into account different exit points.
*/
stringList_t stl ;
string_t * stringArray = StringListArray( &stl,6 ) ;
string_t * passphrase = &stringArray[ 0 ] ;
string_t * m_name = &stringArray[ 1 ] ;
string_t * data = &stringArray[ 2 ] ;
string_t * m_point = &stringArray[ 3 ] ;
string_t * mapper = &stringArray[ 4 ] ;
string_t * mapper_path = &stringArray[ 5 ] ;
const char * key = NULL ;
const char * mapper_name ;
const char * e ;
size_t key_len = 0 ;
int st = 0 ;
stringList_t stz ;
tvcrypt v_info ;
unsigned long m_flags ;
int tcrypt_keyfile = 0 ;
const char * uuid ;
char * device_path ;
/*
* open_struct_t is declared in ../lib/include.h
*/
open_struct_t volume ;
struct stat statstr ;
/*
* zuluCryptVolumeIsInSystemVolumeList() is defined in volumes.c
*/
if( zuluCryptVolumeIsInSystemVolumeList( device ) ){
/*
* check permissions only if volume is explicity mentioned as system.
* This is an exception to avoid some udev bad behaviors on udev enabled build
*/
if( !zuluCryptUserIsAMemberOfAGroup( uid,"zulucrypt" ) ){
return zuluExit( 22,device,mount_point,stl ) ;
}
}
if( m_opts == NULL ){
m_opts = "rw" ;
}
/*
* zuluCryptMountFlagsAreNotCorrect() is defined in ./mount_flags.c
*/
if( zuluCryptMountFlagsAreNotCorrect( m_opts,uid,&m_flags ) ){
return zuluExit( 5,device,mount_point,stl ) ;
}
if( StringHasComponent( m_opts,"rw" ) ){
/*
* zuluCryptSecurityDeviceIsWritable() is defined in path_access.c
*/
st = zuluCryptCanOpenPathForWriting( device,uid ) ;
}else{
/*
* zuluCryptSecurityDeviceIsReadable() is defined in path_access.c
*/
st = zuluCryptCanOpenPathForReading( device,uid ) ;
}
/*
* 1-permissions denied
* 2-invalid path
* 3-shenanigans
* 4-common error
*/
switch( st ){
case 0 : break ;
case 1 : return zuluExit( 6,device,mount_point,stl ) ;
case 2 : return zuluExit( 6,device,mount_point,stl ) ;
case 3 : return zuluExit( 6,device,mount_point,stl ) ;
case 4 : return zuluExit( 6,device,mount_point,stl ) ;
default: return zuluExit( 6,device,mount_point,stl ) ;
}
if( open_mount ){
/*
* zuluCryptCreateMountPoint() is defined in create_mount_point.c
*/
*m_point = zuluCryptCreateMountPoint( device,mount_point,m_opts,uid ) ;
mount_point = StringContent( *m_point ) ;
if( mount_point == NULL ){
return zuluExit( 9,device,mount_point,stl ) ;
}
}else{
if( uid != 0 ){
return zuluExit( 7,device,mount_point,stl ) ;
}
if( mount_point != NULL ){
return zuluExit( 8,device,mount_point,stl ) ;
}
}
if( share ){
/*
* zuluCryptBindSharedMountPointPathTaken() is defined in bind.c
*/
if( zuluCryptBindSharedMountPointPathTaken( *m_point ) ){
return zuluExit_1( 10,opts,device,mount_point,stl ) ;
}
}
/*
* zuluCryptCreateMapperName() is defined in ../lib/create_mapper_name.c
*/
*m_name = zuluCryptCreateMapperName( device,mapping_name,uid,ZULUCRYPTshortMapperPath ) ;
*mapper = StringCopy( *m_name ) ;
mapper_name = StringContent( *m_name ) ;
*mapper_path = String( zuluCryptMapperPrefix() ) ;
e = StringMultipleAppend( *mapper_path,"/",mapper_name,NULL ) ;
if( stat( e,&statstr ) == 0 ){
return zuluExit_1( 11,opts,device,mount_point,stl ) ;
}
if( plugin_path != NULL ){
/*
* zuluCryptUUIDFromPath() is defined in path_access.c
*/
uuid = zuluCryptUUIDFromPath( device ) ;
device_path = _device_path( device ) ;
/*
* zuluCryptPluginManagerGetKeyFromModule is defined in ../pluginManager/zuluCryptPluginManager.c
*/
*passphrase = zuluCryptPluginManagerGetKeyFromModule( device_path,plugin_path,uuid,uid,opts,&st ) ;
StringFree( device_path ) ;
StringFree( uuid ) ;
if( st != 0 || *passphrase == StringVoid ){
return zuluExit_1( 12,opts,device,mount_point,stl ) ;
}
key_len = StringLength( *passphrase ) ;
key = StringContent( *passphrase ) ;
zuluCryptSecurityLockMemory_1( *passphrase ) ;
}else if( source == NULL && tcrypt_keyfiles[ 0 ] == NULL ){
printf( gettext( "Enter passphrase: " ) ) ;
/*
* ZULUCRYPT_KEY_MAX_SIZE is set in ../constants.h
*/
switch( StringSilentlyGetFromTerminal_1( passphrase,ZULUCRYPT_KEY_MAX_SIZE ) ){
case 1 : return zuluExit_1( 13,opts,device,mount_point,stl ) ;
case 2 : return zuluExit_1( 14,opts,device,mount_point,stl ) ;
}
printf( "\n" ) ;
key = StringContent( *passphrase ) ;
key_len = StringLength( *passphrase ) ;
zuluCryptSecurityLockMemory_1( *passphrase ) ;
}else{
if( source == NULL || pass == NULL ){
if( tcrypt_keyfiles == NULL ){
return zuluExit_1( 15,opts,device,mount_point,stl ) ;
}
}
if( StringsAreEqual( source,"-p" ) ){
key = pass ;
key_len = StringSize( pass ) ;
}else if( StringsAreEqual( source,"-f" ) ){
if( StringHasNoComponent( pass,"/.zuluCrypt-socket" ) ){
tcrypt_keyfile = 1 ;
}
/*
* function is defined at "path_access.c"
*/
switch( zuluCryptGetPassFromFile( pass,uid,data ) ){
case 1 : return zuluExit_1( 16,opts,device,mount_point,stl ) ;
case 2 : return zuluExit_1( 17,opts,device,mount_point,stl ) ;
case 4 : return zuluExit_1( 18,opts,device,mount_point,stl ) ;
case 5 : return zuluExit_1( 19,opts,device,mount_point,stl ) ;
}
key = StringContent( *data ) ;
key_len = StringLength( *data ) ;
zuluCryptSecurityLockMemory_1( *data ) ;
}
}
memset( &volume,'\0',sizeof( open_struct_t ) ) ;
if( key != NULL ){
volume.key = key ;
volume.key_len = key_len ;
}else{
volume.key = "" ;
volume.key_len = 0 ;
}
volume.device = device ;
volume.offset = offset ;
volume.mapper_name = mapper_name ;
volume.m_point = mount_point ;
volume.fs_opts = fs_opts ;
volume.uid = uid ;
volume.m_opts = m_opts ;
volume.m_flags = m_flags ;
/*
* zuluCryptTrueCryptVeraCryptVolumeInfo() is defined in this source file.
*/
zuluCryptTrueCryptVeraCryptVolumeInfo( opts->type,&v_info ) ;
volume.iteration_count = v_info.iteration_count ;
volume.veraCrypt_volume = StringAtLeastOneMatch( v_info.type,"vcrypt","veracrypt","vera",NULL ) ;
StringDelete( &v_info.type ) ;
plugin_path = plugin_path + StringLastIndexOfChar_1( plugin_path,'/' ) + 1 ;
volume.luks_detached_header = StringHasComponent( plugin_path,"luks" ) ;
volume.general_detached_header = StringHasComponent( plugin_path,"generic_header" ) ;
if( tcrypt_keyfile ){
volume.key_source = TCRYPT_KEYFILE ;
}
if( tcrypt_keyfiles[ 0 ] != NULL ){
/*
* Here, we take a list of keyfiles supplied by the user and then copy them to a safe
* location at "/run/zuluCrypt" and then we pass these safe copies to cryptsetup.
*
* The idea is not to let cryptsetup, a privileged process handle user managed files.
*/
stz = zuluCryptCreateKeyFiles( tcrypt_keyfiles,0 ) ;
volume.tcrypt_keyfiles_count = StringListSize( stz ) ;
volume.tcrypt_keyfiles = StringListStringArray_0( stz ) ;
st = _open_volume( &volume ) ;
zuluCryptDeleteKeyFiles( stz ) ;
StringFree( volume.tcrypt_keyfiles ) ;
StringListDelete( &stz ) ;
}else{
st = _open_volume( &volume ) ;
}
/*
* below two return values comes from ../lib/mount_volume.c
*/
if( st == -1 ){
st = 20 ;
}
if( st == 12 ){
st = 21 ;
}
if( st == 8 || st == 3 ){
st = 3 ;
}
device = StringMultiplePrepend( *mapper,"/",zuluCryptMapperPrefix(),NULL ) ;
if( st == 0 && share ){
/*
* user wish to share the mount point bind the mount point to a publicly accessed path at /run/media/public/
*/
/*
* zuluCryptBindMountVolume() is defined in ../zuluCrypt-cli/bin/bind.c
*/
zuluCryptBindMountVolume( device,*m_point,m_flags ) ;
}
/*
* zuluCryptCheckInvalidKey() is defined in check_invalid_key.c
*/
zuluCryptCheckInvalidKey( opts->device ) ;
return zuluExit_1( st,opts,device,mount_point,stl ) ;
}
static string_t set_mount_options( m_struct * mst )
{
/*
* zuluCryptGetMountOptionsFromFstab() is defined in parse_fstab.c
*/
string_t opt = zuluCryptGetMountOptionsFromFstab( mst->device,MOUNTOPTIONS,mst->uid ) ;
int fsFamily = fs_family( mst->fs ) ;
const char * f[] = { "nouser","users","user","defaults","noauto","auto","nodev","dev",
"noexec","exec","nosuid","suid","bind","mandlock","move","noatime","nodiratime","remount","silent",
"synchronous",NULL } ;
const char ** z = f ;
const char * e ;
if( opt == StringVoid ){
opt = String( "" ) ;
StringAppend( opt,mst->fs_flags ) ;
}else{
if( StringContains( opt,"ro" ) ){
mst->m_flags |= MS_RDONLY ;
}
StringMultipleAppend( opt,",",mst->fs_flags,END ) ;
}
_get_file_system_options_from_config_file( mst->device,opt ) ;
if( fsFamily == 1 ){
if( !StringContains( opt,"dmask=" ) ){
StringAppend( opt,",dmask=0000" ) ;
}
if( !StringContains( opt,"umask=" ) ){
StringAppend( opt,",umask=0000" ) ;
}
if( !StringContains( opt,"uid=" ) ){
StringAppend( opt,",uid=" ) ;
StringAppendInt( opt,mst->uid ) ;
}
if( !StringContains( opt,"gid=" ) ){
StringAppend( opt,",gid=" ) ;
StringAppendInt( opt,mst->uid ) ;
}
if( !StringContains( opt,"fmask=" ) ){
StringAppend( opt,",fmask=0111" ) ;
}
if( StringsAreEqual( mst->fs,"vfat" ) ){
if( !StringContains( opt,"flush" ) ){
StringAppend( opt,",flush" ) ;
}
if( !StringContains( opt,"shortname=" ) ){
StringAppend( opt,",shortname=mixed" ) ;
}
}
}else if( fsFamily == 2 ){
if( !StringContains( opt,"uid=" ) ){
StringAppend( opt,",uid=" ) ;
StringAppendInt( opt,mst->uid ) ;
}
if( !StringContains( opt,"gid=" ) ){
StringAppend( opt,",gid=" ) ;
StringAppendInt( opt,mst->uid ) ;
}
}else if( fsFamily == 3 ){
mst->m_flags |= MS_RDONLY ;
}else{
/*
* ext file systems and raiserfs among others go here
* we dont set any options for them.
*/
;
}
/*
* remove mount options to leave only file system options
*/
while( 1 ){
e = *z ;
z++ ;
if( e == NULL ){
break ;
}else{
StringRemoveString( opt,e ) ;
}
}
/*
* remove below two now because we are going to add them below,reason for removing them
* and readding them is because we want to make sure they are at the beginning of the string
*/
StringRemoveString( opt,"ro" ) ;
StringRemoveString( opt,"rw" ) ;
if( mst->m_flags & MS_RDONLY ){
StringPrepend( opt,"ro," ) ;
}else{
StringPrepend( opt,"rw," ) ;
}
mst->opts = _remove_duplicates( opt ) ;
return opt;
}
int zuluCryptEXERemoveKey( const struct_opts * opts,uid_t uid )
{
int ask_confirmation = opts->ask_confirmation ;
const char * device = opts->device ;
const char * keyType = opts->key_source ;
const char * keytoremove = opts->key ;
stringList_t stl = StringListInit() ;
string_t * pass = StringListAssign( stl ) ;
string_t * confirm = StringListAssign( stl ) ;
int status = 0 ;
const char * key ;
size_t key_size ;
/*
* zuluCryptPartitionIsSystemPartition() is defined in ./partitions.c
*/
if( zuluCryptPartitionIsSystemPartition( device,uid ) ){
if( !zuluCryptUserIsAMemberOfAGroup( uid,"zulucrypt" ) ){
return zuluExit( 4,stl ) ;
}
}
/*
* zuluCryptCanOpenPathForWriting is defined in path_access.c
*/
status = zuluCryptCanOpenPathForWriting( device,uid ) ;
/*
* 1-permissions denied
* 2-invalid path
* 3-shenanigans
* 4-common error
*/
switch( status ){
case 0 : break ;
case 1 : return zuluExit( 5,stl ) ;
case 2 : return zuluExit( 5,stl ) ;
case 3 : return zuluExit( 5,stl ) ;
case 4 : return zuluExit( 5,stl ) ;
default: return zuluExit( 5,stl ) ;
}
if( _zuluCryptExECheckEmptySlots( device ) == 3 ){
if( ask_confirmation ){
printf( gettext( "WARNING: There is only one key in the volume and all data in it will be lost if you continue.\n" ) ) ;
printf( gettext( "Do you still want to continue? Type \"YES\" if you do: " ) ) ;
*confirm = StringGetFromTerminal_1( 3 ) ;
if( *confirm == StringVoid ){
return zuluExit( 6,stl ) ;
}
if( !StringEqual( *confirm,gettext( "YES" ) ) ){
return zuluExit( 7,stl ) ;
}
}
}
if( keyType == NULL ){
printf( gettext( "Enter a key to be removed: " ) ) ;
/*
* ZULUCRYPT_KEY_MAX_SIZE is set in ../constants.h
*/
switch( StringSilentlyGetFromTerminal_1( pass,ZULUCRYPT_KEY_MAX_SIZE ) ){
case 1 : return zuluExit( 8,stl ) ;
case 2 : return zuluExit( 9,stl ) ;
}
printf( "\n" ) ;
key = StringContent( *pass ) ;
key_size = StringLength( *pass ) ;
zuluCryptSecurityLockMemory_1( *pass ) ;
}else{
if( keyType == NULL || keytoremove == NULL ){
return zuluExit( 10,stl ) ;
}
if( StringsAreEqual( keyType,"-f" ) ){
/*
* zuluCryptGetPassFromFile() is defined at path_access.c"
*/
switch( zuluCryptGetPassFromFile( keytoremove,uid,pass ) ){
case 1 : return zuluExit( 11,stl ) ;
case 2 : return zuluExit( 12,stl ) ;
case 4 : return zuluExit( 13,stl ) ;
case 5 : return zuluExit( 14,stl ) ;
}
key = StringContent( *pass ) ;
key_size = StringLength( *pass ) ;
zuluCryptSecurityLockMemory_1( *pass ) ;
}else if( StringsAreEqual( keyType, "-p" ) ){
key = keytoremove ;
key_size = StringSize( keytoremove ) ;
}else{
return zuluExit( 10,stl ) ;
}
}
zuluCryptSecurityGainElevatedPrivileges() ;
/*
* zuluCryptRemoveKey() is defined in ../lib/remove_key.c
*/
status = zuluCryptRemoveKey( device,key,key_size ) ;
zuluCryptSecurityDropElevatedPrivileges() ;
if( status == 1 ){
status = zuluExit_1( status,device,stl ) ;
}else{
status = zuluExit( status,stl ) ;
}
/*
* zuluCryptCheckInvalidKey() is defined in check_invalid_key.c
*/
zuluCryptCheckInvalidKey( opts->device ) ;
return status ;
}
static int crypt_opt( const struct_opts * opts,uid_t uid,int opt )
{
string_t q = StringVoid ;
string_t p = StringVoid ;
int st ;
const char * source = opts->device ;
const char * dest = opts->m_opts ;
const char * passphrase = opts->key ;
const char * type = opts->key_source ;
return zuluExit( 16 ) ;
if( dest == NULL ){
return zuluExit( 9 ) ;
}
if( source == NULL ){
return zuluExit( 14 ) ;
}
/*
* zuluCryptPathStartsWith() is defined in real_path.c
*/
if( zuluCryptPathStartsWith( dest,"/dev/" ) ){
return zuluExit( 10 ) ;
}
if( zuluCryptPathStartsWith( source,"/dev/" ) ){
return zuluExit( 15 ) ;
}
/*
* zuluCryptPathIsValid() is defined in ../lib/is_path_valid.c
*/
if( zuluCryptPathIsValid( dest ) ){
return zuluExit( 5 ) ;
}
/*
* zuluCryptPathIsNotValid() is defined in ../lib/is_path_valid.c
*/
if( zuluCryptPathIsNotValid( source ) ){
return zuluExit( 6 ) ;
}
/*
* below two functions are defined in path_access.c
*/
if( zuluCryptCanOpenPathForWriting( dest,uid ) == 1 ){
return zuluExit( 10 ) ;
}
if( zuluCryptCanOpenPathForReading( source,uid ) == 1 ){
return zuluExit( 15 ) ;
}
if( type == NULL ){
printf( gettext( "Enter passphrase: " ) ) ;
/*
* ZULUCRYPT_KEY_MAX_SIZE is set in ../constants.h
*/
switch( StringSilentlyGetFromTerminal_1( &p,ZULUCRYPT_KEY_MAX_SIZE ) ){
case 1 : return zuluExit( 12 ) ;
case 2 : return zuluExit( 13 ) ;
}
printf( gettext( "\nRe enter passphrase: " ) ) ;
switch( StringSilentlyGetFromTerminal_1( &q,ZULUCRYPT_KEY_MAX_SIZE ) ){
case 1 : StringClearDelete( &p ) ;
return zuluExit( 12 ) ;
case 2 : StringClearDelete( &p ) ;
return zuluExit( 13 ) ;
}
printf( "\n" ) ;
if( !StringEqualString( p,q ) ){
StringClearDelete( &p ) ;
StringClearDelete( &q ) ;
return zuluExit( 8 ) ;
}else{
StringDelete( &q ) ;
}
}else{
if( type == NULL ){
return zuluExit( 9 ) ;
}
if( StringsAreEqual( type,"-p" ) ){
p = String( passphrase ) ;
}else if( StringsAreEqual( type,"-f" ) ){
p = StringGetFromFile( passphrase ) ;
if( p == NULL ){
return zuluExit( 2 ) ;
}
}else{
return zuluExit( 3 ) ;
}
}
if( opt == ENCRYPT ){
/*
* zuluCryptEncryptFile() is defined in ./crypt_file.c
*/
st = zuluCryptEncryptFile( source,dest,StringContent( p ),StringLength( p ) ) ;
}else{
/*
* zuluCryptDecryptFile() is defined in ./crypt_file.c
*/
st = zuluCryptDecryptFile( source,dest,StringContent( p ),StringLength( p ) ) ;
}
StringClearDelete( &p ) ;
switch( st ){
case 1 : return zuluExit( 4 ) ;
case 2 : return zuluExit( 11 ) ;
}
chmod( dest,S_IRUSR | S_IWUSR ) ;
chown( dest,uid,uid ) ;
if( opt == 1 ){
return zuluExit( 1 ) ;
}else{
return zuluExit( 0 ) ;
}
}
static int _modify_tcrypt( info_t * info,const struct_opts * opts )
{
int k = 4 ;
int r ;
string_t st = StringVoid ;
string_t xt = StringVoid ;
if( StringsAreEqual( opts->key_source,"-p" ) ){
info->header_key = opts->key ;
info->header_key_source = "passphrase" ;
info->header_new_key_source = "new_passphrase" ;
}else if( opts->key == NULL && StringsAreNotEqual( opts->key_source,"-f" ) ){
st = info->getKey( &r ) ;
if( r ){
info->key = StringContent( st ) ;
info->header_key = info->key ;
info->header_key_source = "passphrase" ;
info->header_new_key_source = "new_passphrase" ;
}else{
return zuluExit_1( k,st,xt ) ;
}
}else{
/*
* function is defined at "path_access.c"
*/
zuluCryptGetPassFromFile( opts->key,info->uid,&st ) ;
zuluCryptSecurityGainElevatedPrivileges() ;
if( st == StringVoid ){
return zuluExit_1( k,st,xt ) ;
}else{
if( StringHasComponent( opts->key,".zuluCrypt-socket" ) ){
info->key = StringContent( st ) ;
info->header_key = info->key ;
info->header_key_source = "passphrase" ;
info->header_new_key_source = "new_passphrase" ;
}else{
xt = zuluCryptCreateKeyFile( StringContent( st ),StringLength( st ),"tcrypt-bk-" ) ;
if( xt == StringVoid ){
return zuluExit_1( k,st,xt ) ;
}else{
info->key = StringContent( xt ) ;
info->header_key = info->key ;
info->header_key_source = "keyfiles" ;
info->header_new_key_source = "new_keyfiles" ;
}
}
}
}
/*
* zuluCryptModifyTcryptHeader() is defined in ../lib/create_tcrypt.c
*/
k = zuluCryptModifyTcryptHeader( info ) ;
if( xt != StringVoid ){
/*
* zuluCryptDeleteFile() is defined in ../lib/file_path_security.c
*/
zuluCryptDeleteFile( StringContent( xt ) ) ;
}
return zuluExit_1( k,st,xt ) ;
}
/*
* It is possible for a btrfs volume to cover multiple volumes and this routine
* keeps only the first one seen and removes the rest.
*/
static stringList_t _remove_btfs_multiple_devices( stringList_t stl )
{
stringList_t stx = StringListVoid ;
stringList_t stz = StringListVoid ;
StringListIterator it ;
StringListIterator end ;
string_t st ;
const char * e ;
blkid_probe blkid ;
StringListGetIterators( stl,&it,&end ) ;
zuluCryptSecurityGainElevatedPrivileges() ;
while( it != end ){
st = *it ;
it++ ;
blkid = blkid_new_probe_from_filename( StringContent( st ) ) ;
if( blkid != NULL ){
e = NULL ;
blkid_do_probe( blkid ) ;
blkid_probe_lookup_value( blkid,"TYPE",&e,NULL ) ;
if( StringsAreEqual( e,"btrfs" ) ){
e = NULL ;
blkid_probe_lookup_value( blkid,"UUID",&e,NULL ) ;
if( StringListHasNoEntry( stx,e ) ){
/*
* we got a btrfs volume with UUID we do not know about,
* This will be the only device with this btrfs UUID we support and
* all device operations must happen through this device and this device only.
*/
stz = StringListAppendString( stz,st ) ;
stx = StringListAppend( stx,e ) ;
}else{
/*
* we already know this UUID and this device is not supported.Any operation on this
* device should fail.
*/
}
}else{
/*
* not a btrfs volume
*/
stz = StringListAppendString( stz,st ) ;
}
blkid_free_probe( blkid ) ;
}else{
stz = StringListAppendString( stz,st ) ;
}
}
zuluCryptSecurityDropElevatedPrivileges() ;
StringListMultipleDelete( &stl,&stx,NULL ) ;
return stz ;
}
/*
* get_pass_from_file function is defined at get_pass_from_file.c *
*/
int zuluCryptEXEAddKey( const struct_opts * opts,uid_t uid )
{
const char * device = opts->device ;
const char * keyType1 = opts->existing_key_source ;
const char * existingKey = opts->existing_key ;
const char * keyType2 = opts->new_key_source ;
const char * newKey = opts->new_key ;
/*
* Below is a form of memory management.All strings are collected in a stringlist object to easily delete them
* when the function returns.This allows for the function to have multiple exit points without risks of leaking
* memory from manually examining each exit point to make sure all strings are deleted or go with multiple goto
* code deleting blocks to take into account different exit points.
*/
stringList_t stl ;
string_t * stringArray = StringListArray( &stl,5 ) ;
string_t * presentKey = &stringArray[ 0 ] ;
string_t * newKey_1 = &stringArray[ 1 ] ;
string_t * newKey_2 = &stringArray[ 2 ] ;
string_t * ek = &stringArray[ 3 ] ;
string_t * nk = &stringArray[ 4 ] ;
const char * key1 = NULL ;
const char * key2 = NULL ;
size_t len1 = 0 ;
size_t len2 = 0 ;
int status = 0 ;
tcrypt_opts tcrypt ;
memset( &tcrypt,'\0',sizeof( tcrypt_opts ) ) ;
/*
* zuluCryptPartitionIsSystemPartition() is defined in ./partitions.c
*/
if( zuluCryptPartitionIsSystemPartition( device,uid ) ){
if( !zuluCryptUserIsAMemberOfAGroup( uid,"zulucrypt" ) ){
return zuluExit( 4,stl ) ;
}
}
/*
* zuluCryptSecurityDeviceIsWritable() is defined in path_access.c
*/
status = zuluCryptCanOpenPathForWriting( device,uid ) ;
/*
* 1-permissions denied
* 2-invalid path
* 3-shenanigans
* 4-common error
*/
switch( status ){
case 0 : break ;
case 1 : return zuluExit( 5,stl ) ;
case 2 : return zuluExit( 5,stl ) ;
case 3 : return zuluExit( 5,stl ) ;
case 4 : return zuluExit( 5,stl ) ;
default: return zuluExit( 5,stl ) ;
}
switch( _zuluCryptCheckEmptySlots( device ) ){
case 0 : return zuluExit( 6,stl ) ;
case 1 : return zuluExit( 2,stl ) ;
case 2 : /* no complains,continue */ ;
}
if( keyType1 == NULL && keyType2 == NULL ){
switch( zuluGetKeys( presentKey,newKey_1,newKey_2 ) ){
case 1 : return zuluExit( 7,stl ) ;
case 2 : return zuluExit( 8,stl ) ;
}
if( StringEqualString( *newKey_1,*newKey_2 ) ){
key1 = StringContent( *presentKey ) ;
len1 = StringLength ( *presentKey ) ;
key2 = StringContent( *newKey_1 ) ;
len2 = StringLength ( *newKey_1 ) ;
}else{
return zuluExit( 9,stl ) ;
}
}else{
if( newKey == NULL || existingKey == NULL ){
return zuluExit( 10,stl ) ;
}
if( StringsAreEqual( keyType1,"-f" ) ){
/*
* this function is defined at "path_access.c"
*/
switch( zuluCryptGetPassFromFile( existingKey,uid,ek ) ){
case 1 : return zuluExit( 11,stl ) ;
case 4 : return zuluExit( 12,stl ) ;
case 2 : return zuluExit( 13,stl ) ;
case 5 : return zuluExit( 14,stl ) ;
}
key1 = StringContent( *ek ) ;
len1 = StringLength( *ek ) ;
if( StringHasNoComponent( existingKey,"/.zuluCrypt-socket" ) ){
tcrypt.existing_key_is_keyfile = 1 ;
}
}
if( StringsAreEqual( keyType2,"-f" ) ){
/*
* this function is defined at "path_access.c"
*/
switch( zuluCryptGetPassFromFile( newKey,uid,nk ) ){
case 1 : return zuluExit( 11,stl ) ;
case 4 : return zuluExit( 12,stl ) ;
case 2 : return zuluExit( 13,stl ) ;
case 5 : return zuluExit( 14,stl ) ;
}
key2 = StringContent( *nk ) ;
len2 = StringLength( *nk ) ;
if( StringHasNoComponent( newKey,"/.zuluCrypt-socket" ) ){
tcrypt.new_key_is_keyfile = 1 ;
}
}
if( StringsAreEqual( keyType1,"-f" ) && StringsAreEqual( keyType2,"-f" ) ){
;
}else if( StringsAreEqual( keyType1,"-p" ) && StringsAreEqual( keyType2,"-p" ) ){
key1 = existingKey ;
len1 = StringSize( existingKey ) ;
key2 = newKey ;
len2 = StringSize( newKey ) ;
}else if( StringsAreEqual( keyType1,"-p" ) && StringsAreEqual( keyType2,"-f" ) ){
key1 = existingKey ;
len1 = StringSize( existingKey ) ;
}else if( StringsAreEqual( keyType1,"-f" ) && StringsAreEqual( keyType2,"-p" ) ){
key2 = newKey ;
len2 = StringSize( newKey ) ;
}else{
return zuluExit( 10,stl ) ;
}
}
zuluCryptSecurityLockMemory( stl ) ;
zuluCryptSecurityGainElevatedPrivileges() ;
/*
* zuluCryptVolumeIsLuks() is defined in ../lib/is_luks.c
*/
if( zuluCryptVolumeIsLuks( device ) ){
/*
* zuluCryptAddKey() is defined in ../lib/add_key.c
*/
status = zuluCryptAddKey( device,key1,len1,key2,len2 ) ;
}else{
tcrypt.device = device ;
tcrypt.existing_key = key1 ;
tcrypt.existing_key_size = len1 ;
tcrypt.new_key = key2 ;
tcrypt.new_key_size = len2 ;
status = _replace_truecrypt_key( &tcrypt ) ;
}
zuluCryptSecurityDropElevatedPrivileges() ;
return zuluExit( status,stl ) ;
}
