static inline int _option_contain_not_allowed( const char * fs,const char * fs_opts ) { stringList_t stl = StringListSplit( fs_opts,',' ) ; int r = 1 ; if( stl != StringListVoid ){ if( StringHasAtLeastOneComponent_1( fs,"fat","dos",NULL ) ){ r = allowed_vfat( stl ) ; }else if( StringsAreEqual( fs,"ntfs" ) ){ r = allowed_ntfs( stl ) ; }else if( StringsAreEqual( fs,"udf" ) ){ r = allowed_udf( stl ) ; }else if( StringsAreEqual( fs,"iso9660" ) ){ r = allowed_iso9660( stl ) ; }else if( StringsAreEqual( fs,"btrfs" ) ){ r = allowed_btrfs( stl ) ; }else{ r = 1 ; } StringListDelete( &stl ) ; }else{ r = 1 ; } return r ; }
int zuluCryptTrueCryptOrVeraCryptVolume( const char * mapper ) { char buffer[ 1024 ] ; mapper = mapper + StringLastIndexOfChar_1( mapper,'/' ) + 1 ; tc_api_get_volume_type( buffer,sizeof( buffer ),mapper ) ; return StringsAreEqual( buffer,"TCRYPT" ) || StringsAreEqual( buffer,"VCRYPT" ) ; }
int zuluCryptModifyTcryptHeader( const info_t * info ) { tc_api_task task ; int r = !TC_OK ; const char * sys_device = NULL ; string_t st = StringVoid ; if( tc_api_init( 0 ) == TC_OK ){ task = tc_api_task_init( "modify" ) ; if( task != 0 ){ if( StringsAreEqual( info->opt,"sys" ) ){ tc_api_task_set( task,"dev",info->device ) ; st = _root_device( info->device,&sys_device ) ; tc_api_task_set( task,"sys",sys_device ) ; }else if( StringsAreEqual( info->opt,"fde" ) ){ st = _root_device( info->device,&sys_device ) ; tc_api_task_set( task,"dev",sys_device ) ; tc_api_task_set( task,"fde",TRUE ) ; }else{ tc_api_task_set( task,"dev",info->device ) ; } tc_api_task_set( task,"hidden_size_bytes",( u_int64_t )0 ) ; /* * below line may look like one of the following two lines: * tc_api_task_set( task,"header_from_file","/home/ink/tc.headerbackup" ) ; * tc_api_task_set( task,"save_header_to_file","/home/ink/tc.headerbackup" ) ; */ tc_api_task_set( task,info->header_source,info->tmp_path ) ; /* * below line may look like one of the following two lines: * tc_api_task_set( task,"passphrase","xxx" ) ; * tc_api_task_set( task,"keyfiles","/home/ink/keyfile" ) ; */ tc_api_task_set( task,info->header_key_source,info->header_key ) ; /* * below line may look like one of the following two lines: * tc_api_task_set( task,"new_passphrase","xxx" ) ; * tc_api_task_set( task,"new_keyfiles","/home/ink/keyfile" ) ; */ tc_api_task_set( task,info->header_new_key_source,info->header_key ) ; if( StringsAreEqual( info->rng,"/dev/urandom" ) ){ tc_api_task_set( task,"weak_keys_and_salt",TRUE ) ; }else{ tc_api_task_set( task,"weak_keys_and_salt",FALSE ) ; } r = tc_api_task_do( task ) ; tc_api_task_uninit( task ) ; } tc_api_uninit() ; } StringDelete( &st ) ; return r ; }
int zuluCryptCreateFileSystemInAVolume( const char * fs,const char * device_mapper ) { int status ; char * e = NULL ; process_t p = Process( ZULUCRYPTmkfs ) ; if( StringAtLeastOneMatch_1( fs,"ext2","ext3","ext4",NULL ) ){ ProcessSetArgumentList( p,"-t",fs,"-m","1",device_mapper,ENDLIST ) ; }else if( StringsAreEqual( fs,"reiserfs" ) ){ ProcessSetArgumentList( p,"-t",fs,"-f","-f","-q",device_mapper,ENDLIST ) ; }else if( StringsAreEqual( fs,"jfs" ) ){ ProcessSetArgumentList( p,"-t",fs,"-q",device_mapper,ENDLIST ) ; }else if( StringsAreEqual( fs,"ntfs" ) ){ ProcessSetArgumentList( p,"-t",fs,"-f",device_mapper,ENDLIST ) ; }else if( StringsAreEqual( fs,"xfs" ) ){ ProcessSetArgumentList( p,"-t",fs,"-f",device_mapper,ENDLIST ) ; }else{ ProcessSetArgumentList( p,"-t",fs,device_mapper,ENDLIST ) ; /* * unhandled fs are processed here.They are given 60 seconds to accomplish their task * and are assumed to be running in interactive more and are blocked waiting for user input * when they fail to return in time and hence are killed since we cant get to them from GUI */ ProcessSetOptionTimeout( p,60,SIGKILL ) ; } ProcessStart( p ) ; status = ProcessExitStatus( p ) ; if( status ){ ProcessGetOutPut( p,&e,STDERROR ) ; if( e ){ puts( e ) ; free( e ) ; } } ProcessDelete( &p ) ; return status ; }
static int _create_volume( const char * dev,const char * fs,const char * type,const char * pass,size_t pass_size,const char * rng ) { size_t len ; int status ; string_t m = StringVoid ; const char * device_mapper ; const char * mapper ; if ( zuluCryptPathIsNotValid( dev ) ){ return 1 ; } m = String( crypt_get_dir() ) ; len = StringLength( m ) ; StringAppend( m,"/zuluCrypt-" ) ; device_mapper = StringAppendInt( m,syscall( SYS_gettid ) ) ; mapper = device_mapper + len + 1 ; if( StringsAreEqual( type,"luks" ) ){ if( StringsAreNotEqual( rng,"/dev/random" ) ){ if( StringsAreNotEqual( rng,"/dev/urandom" ) ){ return zuluExit( 2,m ) ; } } if( zuluCryptCreateLuks( dev,pass,pass_size,rng ) != 0 ){ return zuluExit( 3,m ) ; } if( zuluCryptOpenLuks( dev,mapper,"rw",pass,pass_size ) != 0 ){ return zuluExit( 3,m ) ; } }else if( StringsAreEqual( type,"plain") ){ if( zuluCryptOpenPlain( dev,mapper,"rw",pass,pass_size ) != 0 ){ return zuluExit( 3,m ) ; } }else{ return zuluExit( 2,m ) ; } status = zuluCryptCreateFileSystemInAVolume( fs,device_mapper ) ; /* * zuluCryptCloseMapper() is defined in close_mapper.c */ zuluCryptCloseMapper( device_mapper ); if( status == 0 ){ return zuluExit( 0,m ) ; }else{ return zuluExit( 3,m ) ; } }
char * zuluCryptGetALoopDeviceAssociatedWithAnImageFile( const char * path ) { int i ; string_t st = String( "" ) ; const char * e ; char * f ; for( i = 0 ; i < 255 ; i++ ){ StringReplace( st,"/dev/loop" ) ; e = StringAppendInt( st,i ) ; f = zuluCryptLoopDeviceAddress_1( e ) ; if( StringsAreEqual( path,f ) ){ StringFree( f ) ; return StringDeleteHandle( &st ) ; }else{ StringFree( f ) ; } } StringDelete( &st ) ; return NULL ; }
int zulucryptFileSystemIsSupported( const char * fs ) { const char * f[] = { "xfs","ntfs","vfat","exfat","msdos","umsdos","affs","hfs","iso9660","jfs","jfs", "romfs","udf","ext2","ext3","ext4","reiserfs","reiser4","btrfs","squashfs",NULL } ; const char ** e = f ; if( fs == NULL ){ return 0 ; }else{ while( 1 ){ if( *e == NULL ){ return _fileSystemIsSupported( fs ) ; }else if( StringsAreEqual( fs,*e ) ){ return 1 ; }else{ e++ ; } } } }
static int mount_FUSEfs_0( m_struct * mst ) { int status ; const char * opts ; process_t p = Process( ZULUCRYPTmount ) ; string_t st = set_mount_options( mst ) ; opts = _mount_options( mst->m_flags,st ) ; if( StringsAreEqual( mst->fs,"ntfs" ) ){ if( StringHasComponent( opts,"ignore_case" ) ){ ProcessSetArgumentList( p,"-n","-t","lowntfs-3g","-o",opts,mst->device,mst->m_point,ENDLIST ) ; }else{ ProcessSetArgumentList( p,"-n","-t","ntfs-3g","-o",opts,mst->device,mst->m_point,ENDLIST ) ; } }else{ ProcessSetArgumentList( p,"-t",mst->fs,"-o",opts,mst->device,mst->m_point,ENDLIST ) ; } ProcessStart( p ) ; status = ProcessExitStatus( p ) ; ProcessDelete( &p ) ; StringDelete( &st ) ; return status ; }
char * zuluCryptResolvePath( const char * path ) { char * e ; char * f ; if( StringsAreEqual( path,"/dev/root" ) ){ e = _zuluCryptResolveDevRoot() ; if( e == NULL ){ return StringCopy_2( path ) ; }else{ return e ; } }else if( StringPrefixEqual( path,"/dev/disk/by-" ) ){ /* * zuluCryptRealPath() is defined in real_path.c */ e = zuluCryptRealPath( path ) ; if( e == NULL ){ return StringCopy_2( path ) ; }else{ if( StringPrefixEqual( e,"/dev/mapper/" ) ){ f = _convert_if_path_is_lvm( e ) ; StringFree( e ) ; return f ; }else{ return e ; } } }else if( StringPrefixEqual( path,"/dev/mapper/" ) ){ return _convert_if_path_is_lvm( path ) ; }else if( StringPrefixEqual( path,"/dev/md" ) ){ return zuluCryptResolveMDPath( path ) ; }else if( StringPrefixEqual( path,"/dev/dm-" ) ){ return zuluCryptResolveDMPath( path ) ; }else if( StringPrefixEqual( path,"/dev/loop" ) ){ /* * zuluCryptLoopDeviceAddress() is defined in create_loop_device.c */ return zuluCryptLoopDeviceAddress( path ) ; }else{ return StringCopy_2( path ) ; } }
int zuluCryptPathDidNotChange( const char * path ) { char * p = canonicalize_path( path ) ; int st = 0 ; if( p != NULL ){ st = StringsAreEqual( path,p ) ; free( p ) ; } return st ; }
char * zuluCryptGetLoopDeviceAddress( const char * device ) { char * z = NULL ; const char * e ; string_t st = StringVoid ; string_t xt = StringVoid ; int i ; int r ; z = zuluCryptLoopDeviceAddress_1( device ) ; if( z == NULL ){ return NULL ; }else{ st = String( "" ) ; for( i = 0 ; i < 255 ; i++ ){ StringReplace( st,"/sys/block/loop" ) ; StringAppendInt( st,i ) ; xt = StringGetFromVirtualFile( StringAppend( st,"/loop/backing_file" ) ) ; e = StringRemoveRight( xt,1 ) ; r = StringsAreEqual( e,z ) ; StringDelete( &xt ) ; if( r ){ StringReplace( st,"/dev/loop" ) ; e = StringAppendInt( st,i ) ; if( StringsAreNotEqual( device,e ) ){ break ; } }else{ StringReset( st ) ; } } StringFree( z ) ; if( StringIsEmpty( st ) ){ StringDelete( &st ) ; return NULL ; }else{ return StringDeleteHandle( &st ) ; } } }
static int _valid_entry( const vInfo * e ) { if( StringAtLeastOnePrefixMatch( e->mountPoint,"/var/run/media/public", "/var/run/media/private",NULL ) ) { /* * some distributions auto generate these extra mount points and we * ignore them as they confuse us. */ return 0 ; } if( StringsAreEqual( e->rootPath,"/" ) || StringsAreEqual( e->fileSystem,"btrfs" ) ) { /* * we only support bind mount on btrfs. */ return 1 ; } return 0 ; }
int zuluCryptUserIsAMemberOfAGroup( uid_t uid,const char * groupname ) { int i ; struct group * grp ; struct passwd * pass ; const char * e ; if( groupname == NULL ){ return 0 ; }else if( uid == 0 ){ return 1 ; }else{ pass = getpwuid( uid ) ; if( pass == NULL ){ return 0 ; }else{ grp = getgrnam( groupname ) ; if( grp == NULL ){ return 0 ; }else{ for( i = 0 ; ; i++ ){ e = *( grp->gr_mem + i ) ; if( e == NULL ){ return 0 ; }else{ if( StringsAreEqual( e,pass->pw_name ) ){ return 1 ; } } } return 0 ; } } } }
char * zuluCryptEvaluateDeviceTags( const char * tag,const char * path ) { char * r ; zuluCryptSecurityGainElevatedPrivileges() ; /* * zuluCryptDeviceFromUUID() is defined in ../lib/blkid_evaluate_tag.c * zuluCryptDeviceFromLabel() is defined in ../lib/blkid_evaluate_tag.c */ if( StringsAreEqual( tag,"UUID" ) ){ r = zuluCryptDeviceFromUUID( path ) ; }else{ r = zuluCryptDeviceFromLabel( path ) ; } zuluCryptSecurityDropElevatedPrivileges() ; return r ; }
/* * raid path can be in format /dev/mdX or /dev/md/X. * We prefer the latter and if given the former,convert it to the latter if possible */ string_t zuluCryptResolveMDPath_1( const char * path ) { struct dirent * entry ; char * e ; const char * f = "/dev/md/" ; DIR * dir = opendir( f ) ; string_t st = String( f ) ; if( dir != NULL ){ while( ( entry = readdir( dir ) ) != NULL ){ f = entry->d_name ; if( !StringAtLeastOneMatch_1( f,".","..",NULL ) ){ e = zuluCryptRealPath( StringAppendAt( st,8,f ) ) ; if( StringsAreEqual( path,e ) ){ StringFree( e ) ; return zuluExit( dir,st ) ; }else{ StringFree( e ) ; } } } } StringReplace( st,path ) ; return zuluExit( dir,st ) ; }
static stringList_t _add_entry( stringList_t stx,stringList_t tmp,string_t ( *function )( const vInfo * ), char * const ** entry,size_t * entry_len ) { string_t st ; u_int64_t e ; vInfo volumeInfo ; StringListStringArray_1( entry,entry_len,tmp ) ; volumeInfo.device = *( *entry + *entry_len - 2 ) ; volumeInfo.mountPoint = *( *entry + 4 ) ; volumeInfo.fileSystem = *( *entry + *entry_len - 3 ) ; volumeInfo.mountOptions = *( *entry + 5 ) ; volumeInfo.rootPath = *( *entry + 3 ) ; if( StringsAreEqual( volumeInfo.fileSystem,"fuse.encfs" ) ) { st = StringListStringAt( tmp,*entry_len - 2 ) ; StringReset( st ) ; e = StringJenkinsOneAtATimeHash( volumeInfo.mountPoint ) ; volumeInfo.device = StringAppendInt( st,e ) ; } if( _valid_entry( &volumeInfo ) ) { st = function( &volumeInfo ) ; stx = StringListAppendString_1( stx,&st ) ; } return stx ; }
int zuluCryptEXEOpenVolume( const struct_opts * opts,const char * mapping_name,uid_t uid ) { int share = opts->share ; int open_mount = opts->open_mount ; const char * device = opts->device ; const char * mount_point = opts->mount_point ; const char * m_opts = opts->m_opts ; const char * source = opts->key_source ; const char * pass = opts->key ; const char * plugin_path = opts->plugin_path ; const char * fs_opts = opts->fs_opts ; const char * offset = opts->offset ; const char * const * tcrypt_keyfiles = opts->tcrypt_multiple_keyfiles ; /* * Below is a form of memory management.All strings are collected in a stringlist object to easily delete them * when the function returns.This allows for the function to have multiple exit points without risks of leaking * memory from manually examining each exit point to make sure all strings are deleted or go with multiple goto * code deleting blocks to take into account different exit points. */ stringList_t stl ; string_t * stringArray = StringListArray( &stl,6 ) ; string_t * passphrase = &stringArray[ 0 ] ; string_t * m_name = &stringArray[ 1 ] ; string_t * data = &stringArray[ 2 ] ; string_t * m_point = &stringArray[ 3 ] ; string_t * mapper = &stringArray[ 4 ] ; string_t * mapper_path = &stringArray[ 5 ] ; const char * key = NULL ; const char * mapper_name ; const char * e ; size_t key_len = 0 ; int st = 0 ; stringList_t stz ; tvcrypt v_info ; unsigned long m_flags ; int tcrypt_keyfile = 0 ; const char * uuid ; char * device_path ; /* * open_struct_t is declared in ../lib/include.h */ open_struct_t volume ; struct stat statstr ; /* * zuluCryptVolumeIsInSystemVolumeList() is defined in volumes.c */ if( zuluCryptVolumeIsInSystemVolumeList( device ) ){ /* * check permissions only if volume is explicity mentioned as system. * This is an exception to avoid some udev bad behaviors on udev enabled build */ if( !zuluCryptUserIsAMemberOfAGroup( uid,"zulucrypt" ) ){ return zuluExit( 22,device,mount_point,stl ) ; } } if( m_opts == NULL ){ m_opts = "rw" ; } /* * zuluCryptMountFlagsAreNotCorrect() is defined in ./mount_flags.c */ if( zuluCryptMountFlagsAreNotCorrect( m_opts,uid,&m_flags ) ){ return zuluExit( 5,device,mount_point,stl ) ; } if( StringHasComponent( m_opts,"rw" ) ){ /* * zuluCryptSecurityDeviceIsWritable() is defined in path_access.c */ st = zuluCryptCanOpenPathForWriting( device,uid ) ; }else{ /* * zuluCryptSecurityDeviceIsReadable() is defined in path_access.c */ st = zuluCryptCanOpenPathForReading( device,uid ) ; } /* * 1-permissions denied * 2-invalid path * 3-shenanigans * 4-common error */ switch( st ){ case 0 : break ; case 1 : return zuluExit( 6,device,mount_point,stl ) ; case 2 : return zuluExit( 6,device,mount_point,stl ) ; case 3 : return zuluExit( 6,device,mount_point,stl ) ; case 4 : return zuluExit( 6,device,mount_point,stl ) ; default: return zuluExit( 6,device,mount_point,stl ) ; } if( open_mount ){ /* * zuluCryptCreateMountPoint() is defined in create_mount_point.c */ *m_point = zuluCryptCreateMountPoint( device,mount_point,m_opts,uid ) ; mount_point = StringContent( *m_point ) ; if( mount_point == NULL ){ return zuluExit( 9,device,mount_point,stl ) ; } }else{ if( uid != 0 ){ return zuluExit( 7,device,mount_point,stl ) ; } if( mount_point != NULL ){ return zuluExit( 8,device,mount_point,stl ) ; } } if( share ){ /* * zuluCryptBindSharedMountPointPathTaken() is defined in bind.c */ if( zuluCryptBindSharedMountPointPathTaken( *m_point ) ){ return zuluExit_1( 10,opts,device,mount_point,stl ) ; } } /* * zuluCryptCreateMapperName() is defined in ../lib/create_mapper_name.c */ *m_name = zuluCryptCreateMapperName( device,mapping_name,uid,ZULUCRYPTshortMapperPath ) ; *mapper = StringCopy( *m_name ) ; mapper_name = StringContent( *m_name ) ; *mapper_path = String( zuluCryptMapperPrefix() ) ; e = StringMultipleAppend( *mapper_path,"/",mapper_name,NULL ) ; if( stat( e,&statstr ) == 0 ){ return zuluExit_1( 11,opts,device,mount_point,stl ) ; } if( plugin_path != NULL ){ /* * zuluCryptUUIDFromPath() is defined in path_access.c */ uuid = zuluCryptUUIDFromPath( device ) ; device_path = _device_path( device ) ; /* * zuluCryptPluginManagerGetKeyFromModule is defined in ../pluginManager/zuluCryptPluginManager.c */ *passphrase = zuluCryptPluginManagerGetKeyFromModule( device_path,plugin_path,uuid,uid,opts,&st ) ; StringFree( device_path ) ; StringFree( uuid ) ; if( st != 0 || *passphrase == StringVoid ){ return zuluExit_1( 12,opts,device,mount_point,stl ) ; } key_len = StringLength( *passphrase ) ; key = StringContent( *passphrase ) ; zuluCryptSecurityLockMemory_1( *passphrase ) ; }else if( source == NULL && tcrypt_keyfiles[ 0 ] == NULL ){ printf( gettext( "Enter passphrase: " ) ) ; /* * ZULUCRYPT_KEY_MAX_SIZE is set in ../constants.h */ switch( StringSilentlyGetFromTerminal_1( passphrase,ZULUCRYPT_KEY_MAX_SIZE ) ){ case 1 : return zuluExit_1( 13,opts,device,mount_point,stl ) ; case 2 : return zuluExit_1( 14,opts,device,mount_point,stl ) ; } printf( "\n" ) ; key = StringContent( *passphrase ) ; key_len = StringLength( *passphrase ) ; zuluCryptSecurityLockMemory_1( *passphrase ) ; }else{ if( source == NULL || pass == NULL ){ if( tcrypt_keyfiles == NULL ){ return zuluExit_1( 15,opts,device,mount_point,stl ) ; } } if( StringsAreEqual( source,"-p" ) ){ key = pass ; key_len = StringSize( pass ) ; }else if( StringsAreEqual( source,"-f" ) ){ if( StringHasNoComponent( pass,"/.zuluCrypt-socket" ) ){ tcrypt_keyfile = 1 ; } /* * function is defined at "path_access.c" */ switch( zuluCryptGetPassFromFile( pass,uid,data ) ){ case 1 : return zuluExit_1( 16,opts,device,mount_point,stl ) ; case 2 : return zuluExit_1( 17,opts,device,mount_point,stl ) ; case 4 : return zuluExit_1( 18,opts,device,mount_point,stl ) ; case 5 : return zuluExit_1( 19,opts,device,mount_point,stl ) ; } key = StringContent( *data ) ; key_len = StringLength( *data ) ; zuluCryptSecurityLockMemory_1( *data ) ; } } memset( &volume,'\0',sizeof( open_struct_t ) ) ; if( key != NULL ){ volume.key = key ; volume.key_len = key_len ; }else{ volume.key = "" ; volume.key_len = 0 ; } volume.device = device ; volume.offset = offset ; volume.mapper_name = mapper_name ; volume.m_point = mount_point ; volume.fs_opts = fs_opts ; volume.uid = uid ; volume.m_opts = m_opts ; volume.m_flags = m_flags ; /* * zuluCryptTrueCryptVeraCryptVolumeInfo() is defined in this source file. */ zuluCryptTrueCryptVeraCryptVolumeInfo( opts->type,&v_info ) ; volume.iteration_count = v_info.iteration_count ; volume.veraCrypt_volume = StringAtLeastOneMatch( v_info.type,"vcrypt","veracrypt","vera",NULL ) ; StringDelete( &v_info.type ) ; plugin_path = plugin_path + StringLastIndexOfChar_1( plugin_path,'/' ) + 1 ; volume.luks_detached_header = StringHasComponent( plugin_path,"luks" ) ; volume.general_detached_header = StringHasComponent( plugin_path,"generic_header" ) ; if( tcrypt_keyfile ){ volume.key_source = TCRYPT_KEYFILE ; } if( tcrypt_keyfiles[ 0 ] != NULL ){ /* * Here, we take a list of keyfiles supplied by the user and then copy them to a safe * location at "/run/zuluCrypt" and then we pass these safe copies to cryptsetup. * * The idea is not to let cryptsetup, a privileged process handle user managed files. */ stz = zuluCryptCreateKeyFiles( tcrypt_keyfiles,0 ) ; volume.tcrypt_keyfiles_count = StringListSize( stz ) ; volume.tcrypt_keyfiles = StringListStringArray_0( stz ) ; st = _open_volume( &volume ) ; zuluCryptDeleteKeyFiles( stz ) ; StringFree( volume.tcrypt_keyfiles ) ; StringListDelete( &stz ) ; }else{ st = _open_volume( &volume ) ; } /* * below two return values comes from ../lib/mount_volume.c */ if( st == -1 ){ st = 20 ; } if( st == 12 ){ st = 21 ; } if( st == 8 || st == 3 ){ st = 3 ; } device = StringMultiplePrepend( *mapper,"/",zuluCryptMapperPrefix(),NULL ) ; if( st == 0 && share ){ /* * user wish to share the mount point bind the mount point to a publicly accessed path at /run/media/public/ */ /* * zuluCryptBindMountVolume() is defined in ../zuluCrypt-cli/bin/bind.c */ zuluCryptBindMountVolume( device,*m_point,m_flags ) ; } /* * zuluCryptCheckInvalidKey() is defined in check_invalid_key.c */ zuluCryptCheckInvalidKey( opts->device ) ; return zuluExit_1( st,opts,device,mount_point,stl ) ; }
static string_t set_mount_options( m_struct * mst ) { /* * zuluCryptGetMountOptionsFromFstab() is defined in parse_fstab.c */ string_t opt = zuluCryptGetMountOptionsFromFstab( mst->device,MOUNTOPTIONS,mst->uid ) ; int fsFamily = fs_family( mst->fs ) ; const char * f[] = { "nouser","users","user","defaults","noauto","auto","nodev","dev", "noexec","exec","nosuid","suid","bind","mandlock","move","noatime","nodiratime","remount","silent", "synchronous",NULL } ; const char ** z = f ; const char * e ; if( opt == StringVoid ){ opt = String( "" ) ; StringAppend( opt,mst->fs_flags ) ; }else{ if( StringContains( opt,"ro" ) ){ mst->m_flags |= MS_RDONLY ; } StringMultipleAppend( opt,",",mst->fs_flags,END ) ; } _get_file_system_options_from_config_file( mst->device,opt ) ; if( fsFamily == 1 ){ if( !StringContains( opt,"dmask=" ) ){ StringAppend( opt,",dmask=0000" ) ; } if( !StringContains( opt,"umask=" ) ){ StringAppend( opt,",umask=0000" ) ; } if( !StringContains( opt,"uid=" ) ){ StringAppend( opt,",uid=" ) ; StringAppendInt( opt,mst->uid ) ; } if( !StringContains( opt,"gid=" ) ){ StringAppend( opt,",gid=" ) ; StringAppendInt( opt,mst->uid ) ; } if( !StringContains( opt,"fmask=" ) ){ StringAppend( opt,",fmask=0111" ) ; } if( StringsAreEqual( mst->fs,"vfat" ) ){ if( !StringContains( opt,"flush" ) ){ StringAppend( opt,",flush" ) ; } if( !StringContains( opt,"shortname=" ) ){ StringAppend( opt,",shortname=mixed" ) ; } } }else if( fsFamily == 2 ){ if( !StringContains( opt,"uid=" ) ){ StringAppend( opt,",uid=" ) ; StringAppendInt( opt,mst->uid ) ; } if( !StringContains( opt,"gid=" ) ){ StringAppend( opt,",gid=" ) ; StringAppendInt( opt,mst->uid ) ; } }else if( fsFamily == 3 ){ mst->m_flags |= MS_RDONLY ; }else{ /* * ext file systems and raiserfs among others go here * we dont set any options for them. */ ; } /* * remove mount options to leave only file system options */ while( 1 ){ e = *z ; z++ ; if( e == NULL ){ break ; }else{ StringRemoveString( opt,e ) ; } } /* * remove below two now because we are going to add them below,reason for removing them * and readding them is because we want to make sure they are at the beginning of the string */ StringRemoveString( opt,"ro" ) ; StringRemoveString( opt,"rw" ) ; if( mst->m_flags & MS_RDONLY ){ StringPrepend( opt,"ro," ) ; }else{ StringPrepend( opt,"rw," ) ; } mst->opts = _remove_duplicates( opt ) ; return opt; }
int zuluCryptEXERemoveKey( const struct_opts * opts,uid_t uid ) { int ask_confirmation = opts->ask_confirmation ; const char * device = opts->device ; const char * keyType = opts->key_source ; const char * keytoremove = opts->key ; stringList_t stl = StringListInit() ; string_t * pass = StringListAssign( stl ) ; string_t * confirm = StringListAssign( stl ) ; int status = 0 ; const char * key ; size_t key_size ; /* * zuluCryptPartitionIsSystemPartition() is defined in ./partitions.c */ if( zuluCryptPartitionIsSystemPartition( device,uid ) ){ if( !zuluCryptUserIsAMemberOfAGroup( uid,"zulucrypt" ) ){ return zuluExit( 4,stl ) ; } } /* * zuluCryptCanOpenPathForWriting is defined in path_access.c */ status = zuluCryptCanOpenPathForWriting( device,uid ) ; /* * 1-permissions denied * 2-invalid path * 3-shenanigans * 4-common error */ switch( status ){ case 0 : break ; case 1 : return zuluExit( 5,stl ) ; case 2 : return zuluExit( 5,stl ) ; case 3 : return zuluExit( 5,stl ) ; case 4 : return zuluExit( 5,stl ) ; default: return zuluExit( 5,stl ) ; } if( _zuluCryptExECheckEmptySlots( device ) == 3 ){ if( ask_confirmation ){ printf( gettext( "WARNING: There is only one key in the volume and all data in it will be lost if you continue.\n" ) ) ; printf( gettext( "Do you still want to continue? Type \"YES\" if you do: " ) ) ; *confirm = StringGetFromTerminal_1( 3 ) ; if( *confirm == StringVoid ){ return zuluExit( 6,stl ) ; } if( !StringEqual( *confirm,gettext( "YES" ) ) ){ return zuluExit( 7,stl ) ; } } } if( keyType == NULL ){ printf( gettext( "Enter a key to be removed: " ) ) ; /* * ZULUCRYPT_KEY_MAX_SIZE is set in ../constants.h */ switch( StringSilentlyGetFromTerminal_1( pass,ZULUCRYPT_KEY_MAX_SIZE ) ){ case 1 : return zuluExit( 8,stl ) ; case 2 : return zuluExit( 9,stl ) ; } printf( "\n" ) ; key = StringContent( *pass ) ; key_size = StringLength( *pass ) ; zuluCryptSecurityLockMemory_1( *pass ) ; }else{ if( keyType == NULL || keytoremove == NULL ){ return zuluExit( 10,stl ) ; } if( StringsAreEqual( keyType,"-f" ) ){ /* * zuluCryptGetPassFromFile() is defined at path_access.c" */ switch( zuluCryptGetPassFromFile( keytoremove,uid,pass ) ){ case 1 : return zuluExit( 11,stl ) ; case 2 : return zuluExit( 12,stl ) ; case 4 : return zuluExit( 13,stl ) ; case 5 : return zuluExit( 14,stl ) ; } key = StringContent( *pass ) ; key_size = StringLength( *pass ) ; zuluCryptSecurityLockMemory_1( *pass ) ; }else if( StringsAreEqual( keyType, "-p" ) ){ key = keytoremove ; key_size = StringSize( keytoremove ) ; }else{ return zuluExit( 10,stl ) ; } } zuluCryptSecurityGainElevatedPrivileges() ; /* * zuluCryptRemoveKey() is defined in ../lib/remove_key.c */ status = zuluCryptRemoveKey( device,key,key_size ) ; zuluCryptSecurityDropElevatedPrivileges() ; if( status == 1 ){ status = zuluExit_1( status,device,stl ) ; }else{ status = zuluExit( status,stl ) ; } /* * zuluCryptCheckInvalidKey() is defined in check_invalid_key.c */ zuluCryptCheckInvalidKey( opts->device ) ; return status ; }
static int crypt_opt( const struct_opts * opts,uid_t uid,int opt ) { string_t q = StringVoid ; string_t p = StringVoid ; int st ; const char * source = opts->device ; const char * dest = opts->m_opts ; const char * passphrase = opts->key ; const char * type = opts->key_source ; return zuluExit( 16 ) ; if( dest == NULL ){ return zuluExit( 9 ) ; } if( source == NULL ){ return zuluExit( 14 ) ; } /* * zuluCryptPathStartsWith() is defined in real_path.c */ if( zuluCryptPathStartsWith( dest,"/dev/" ) ){ return zuluExit( 10 ) ; } if( zuluCryptPathStartsWith( source,"/dev/" ) ){ return zuluExit( 15 ) ; } /* * zuluCryptPathIsValid() is defined in ../lib/is_path_valid.c */ if( zuluCryptPathIsValid( dest ) ){ return zuluExit( 5 ) ; } /* * zuluCryptPathIsNotValid() is defined in ../lib/is_path_valid.c */ if( zuluCryptPathIsNotValid( source ) ){ return zuluExit( 6 ) ; } /* * below two functions are defined in path_access.c */ if( zuluCryptCanOpenPathForWriting( dest,uid ) == 1 ){ return zuluExit( 10 ) ; } if( zuluCryptCanOpenPathForReading( source,uid ) == 1 ){ return zuluExit( 15 ) ; } if( type == NULL ){ printf( gettext( "Enter passphrase: " ) ) ; /* * ZULUCRYPT_KEY_MAX_SIZE is set in ../constants.h */ switch( StringSilentlyGetFromTerminal_1( &p,ZULUCRYPT_KEY_MAX_SIZE ) ){ case 1 : return zuluExit( 12 ) ; case 2 : return zuluExit( 13 ) ; } printf( gettext( "\nRe enter passphrase: " ) ) ; switch( StringSilentlyGetFromTerminal_1( &q,ZULUCRYPT_KEY_MAX_SIZE ) ){ case 1 : StringClearDelete( &p ) ; return zuluExit( 12 ) ; case 2 : StringClearDelete( &p ) ; return zuluExit( 13 ) ; } printf( "\n" ) ; if( !StringEqualString( p,q ) ){ StringClearDelete( &p ) ; StringClearDelete( &q ) ; return zuluExit( 8 ) ; }else{ StringDelete( &q ) ; } }else{ if( type == NULL ){ return zuluExit( 9 ) ; } if( StringsAreEqual( type,"-p" ) ){ p = String( passphrase ) ; }else if( StringsAreEqual( type,"-f" ) ){ p = StringGetFromFile( passphrase ) ; if( p == NULL ){ return zuluExit( 2 ) ; } }else{ return zuluExit( 3 ) ; } } if( opt == ENCRYPT ){ /* * zuluCryptEncryptFile() is defined in ./crypt_file.c */ st = zuluCryptEncryptFile( source,dest,StringContent( p ),StringLength( p ) ) ; }else{ /* * zuluCryptDecryptFile() is defined in ./crypt_file.c */ st = zuluCryptDecryptFile( source,dest,StringContent( p ),StringLength( p ) ) ; } StringClearDelete( &p ) ; switch( st ){ case 1 : return zuluExit( 4 ) ; case 2 : return zuluExit( 11 ) ; } chmod( dest,S_IRUSR | S_IWUSR ) ; chown( dest,uid,uid ) ; if( opt == 1 ){ return zuluExit( 1 ) ; }else{ return zuluExit( 0 ) ; } }
static int _modify_tcrypt( info_t * info,const struct_opts * opts ) { int k = 4 ; int r ; string_t st = StringVoid ; string_t xt = StringVoid ; if( StringsAreEqual( opts->key_source,"-p" ) ){ info->header_key = opts->key ; info->header_key_source = "passphrase" ; info->header_new_key_source = "new_passphrase" ; }else if( opts->key == NULL && StringsAreNotEqual( opts->key_source,"-f" ) ){ st = info->getKey( &r ) ; if( r ){ info->key = StringContent( st ) ; info->header_key = info->key ; info->header_key_source = "passphrase" ; info->header_new_key_source = "new_passphrase" ; }else{ return zuluExit_1( k,st,xt ) ; } }else{ /* * function is defined at "path_access.c" */ zuluCryptGetPassFromFile( opts->key,info->uid,&st ) ; zuluCryptSecurityGainElevatedPrivileges() ; if( st == StringVoid ){ return zuluExit_1( k,st,xt ) ; }else{ if( StringHasComponent( opts->key,".zuluCrypt-socket" ) ){ info->key = StringContent( st ) ; info->header_key = info->key ; info->header_key_source = "passphrase" ; info->header_new_key_source = "new_passphrase" ; }else{ xt = zuluCryptCreateKeyFile( StringContent( st ),StringLength( st ),"tcrypt-bk-" ) ; if( xt == StringVoid ){ return zuluExit_1( k,st,xt ) ; }else{ info->key = StringContent( xt ) ; info->header_key = info->key ; info->header_key_source = "keyfiles" ; info->header_new_key_source = "new_keyfiles" ; } } } } /* * zuluCryptModifyTcryptHeader() is defined in ../lib/create_tcrypt.c */ k = zuluCryptModifyTcryptHeader( info ) ; if( xt != StringVoid ){ /* * zuluCryptDeleteFile() is defined in ../lib/file_path_security.c */ zuluCryptDeleteFile( StringContent( xt ) ) ; } return zuluExit_1( k,st,xt ) ; }
/* * It is possible for a btrfs volume to cover multiple volumes and this routine * keeps only the first one seen and removes the rest. */ static stringList_t _remove_btfs_multiple_devices( stringList_t stl ) { stringList_t stx = StringListVoid ; stringList_t stz = StringListVoid ; StringListIterator it ; StringListIterator end ; string_t st ; const char * e ; blkid_probe blkid ; StringListGetIterators( stl,&it,&end ) ; zuluCryptSecurityGainElevatedPrivileges() ; while( it != end ){ st = *it ; it++ ; blkid = blkid_new_probe_from_filename( StringContent( st ) ) ; if( blkid != NULL ){ e = NULL ; blkid_do_probe( blkid ) ; blkid_probe_lookup_value( blkid,"TYPE",&e,NULL ) ; if( StringsAreEqual( e,"btrfs" ) ){ e = NULL ; blkid_probe_lookup_value( blkid,"UUID",&e,NULL ) ; if( StringListHasNoEntry( stx,e ) ){ /* * we got a btrfs volume with UUID we do not know about, * This will be the only device with this btrfs UUID we support and * all device operations must happen through this device and this device only. */ stz = StringListAppendString( stz,st ) ; stx = StringListAppend( stx,e ) ; }else{ /* * we already know this UUID and this device is not supported.Any operation on this * device should fail. */ } }else{ /* * not a btrfs volume */ stz = StringListAppendString( stz,st ) ; } blkid_free_probe( blkid ) ; }else{ stz = StringListAppendString( stz,st ) ; } } zuluCryptSecurityDropElevatedPrivileges() ; StringListMultipleDelete( &stl,&stx,NULL ) ; return stz ; }
/* * get_pass_from_file function is defined at get_pass_from_file.c * */ int zuluCryptEXEAddKey( const struct_opts * opts,uid_t uid ) { const char * device = opts->device ; const char * keyType1 = opts->existing_key_source ; const char * existingKey = opts->existing_key ; const char * keyType2 = opts->new_key_source ; const char * newKey = opts->new_key ; /* * Below is a form of memory management.All strings are collected in a stringlist object to easily delete them * when the function returns.This allows for the function to have multiple exit points without risks of leaking * memory from manually examining each exit point to make sure all strings are deleted or go with multiple goto * code deleting blocks to take into account different exit points. */ stringList_t stl ; string_t * stringArray = StringListArray( &stl,5 ) ; string_t * presentKey = &stringArray[ 0 ] ; string_t * newKey_1 = &stringArray[ 1 ] ; string_t * newKey_2 = &stringArray[ 2 ] ; string_t * ek = &stringArray[ 3 ] ; string_t * nk = &stringArray[ 4 ] ; const char * key1 = NULL ; const char * key2 = NULL ; size_t len1 = 0 ; size_t len2 = 0 ; int status = 0 ; tcrypt_opts tcrypt ; memset( &tcrypt,'\0',sizeof( tcrypt_opts ) ) ; /* * zuluCryptPartitionIsSystemPartition() is defined in ./partitions.c */ if( zuluCryptPartitionIsSystemPartition( device,uid ) ){ if( !zuluCryptUserIsAMemberOfAGroup( uid,"zulucrypt" ) ){ return zuluExit( 4,stl ) ; } } /* * zuluCryptSecurityDeviceIsWritable() is defined in path_access.c */ status = zuluCryptCanOpenPathForWriting( device,uid ) ; /* * 1-permissions denied * 2-invalid path * 3-shenanigans * 4-common error */ switch( status ){ case 0 : break ; case 1 : return zuluExit( 5,stl ) ; case 2 : return zuluExit( 5,stl ) ; case 3 : return zuluExit( 5,stl ) ; case 4 : return zuluExit( 5,stl ) ; default: return zuluExit( 5,stl ) ; } switch( _zuluCryptCheckEmptySlots( device ) ){ case 0 : return zuluExit( 6,stl ) ; case 1 : return zuluExit( 2,stl ) ; case 2 : /* no complains,continue */ ; } if( keyType1 == NULL && keyType2 == NULL ){ switch( zuluGetKeys( presentKey,newKey_1,newKey_2 ) ){ case 1 : return zuluExit( 7,stl ) ; case 2 : return zuluExit( 8,stl ) ; } if( StringEqualString( *newKey_1,*newKey_2 ) ){ key1 = StringContent( *presentKey ) ; len1 = StringLength ( *presentKey ) ; key2 = StringContent( *newKey_1 ) ; len2 = StringLength ( *newKey_1 ) ; }else{ return zuluExit( 9,stl ) ; } }else{ if( newKey == NULL || existingKey == NULL ){ return zuluExit( 10,stl ) ; } if( StringsAreEqual( keyType1,"-f" ) ){ /* * this function is defined at "path_access.c" */ switch( zuluCryptGetPassFromFile( existingKey,uid,ek ) ){ case 1 : return zuluExit( 11,stl ) ; case 4 : return zuluExit( 12,stl ) ; case 2 : return zuluExit( 13,stl ) ; case 5 : return zuluExit( 14,stl ) ; } key1 = StringContent( *ek ) ; len1 = StringLength( *ek ) ; if( StringHasNoComponent( existingKey,"/.zuluCrypt-socket" ) ){ tcrypt.existing_key_is_keyfile = 1 ; } } if( StringsAreEqual( keyType2,"-f" ) ){ /* * this function is defined at "path_access.c" */ switch( zuluCryptGetPassFromFile( newKey,uid,nk ) ){ case 1 : return zuluExit( 11,stl ) ; case 4 : return zuluExit( 12,stl ) ; case 2 : return zuluExit( 13,stl ) ; case 5 : return zuluExit( 14,stl ) ; } key2 = StringContent( *nk ) ; len2 = StringLength( *nk ) ; if( StringHasNoComponent( newKey,"/.zuluCrypt-socket" ) ){ tcrypt.new_key_is_keyfile = 1 ; } } if( StringsAreEqual( keyType1,"-f" ) && StringsAreEqual( keyType2,"-f" ) ){ ; }else if( StringsAreEqual( keyType1,"-p" ) && StringsAreEqual( keyType2,"-p" ) ){ key1 = existingKey ; len1 = StringSize( existingKey ) ; key2 = newKey ; len2 = StringSize( newKey ) ; }else if( StringsAreEqual( keyType1,"-p" ) && StringsAreEqual( keyType2,"-f" ) ){ key1 = existingKey ; len1 = StringSize( existingKey ) ; }else if( StringsAreEqual( keyType1,"-f" ) && StringsAreEqual( keyType2,"-p" ) ){ key2 = newKey ; len2 = StringSize( newKey ) ; }else{ return zuluExit( 10,stl ) ; } } zuluCryptSecurityLockMemory( stl ) ; zuluCryptSecurityGainElevatedPrivileges() ; /* * zuluCryptVolumeIsLuks() is defined in ../lib/is_luks.c */ if( zuluCryptVolumeIsLuks( device ) ){ /* * zuluCryptAddKey() is defined in ../lib/add_key.c */ status = zuluCryptAddKey( device,key1,len1,key2,len2 ) ; }else{ tcrypt.device = device ; tcrypt.existing_key = key1 ; tcrypt.existing_key_size = len1 ; tcrypt.new_key = key2 ; tcrypt.new_key_size = len2 ; status = _replace_truecrypt_key( &tcrypt ) ; } zuluCryptSecurityDropElevatedPrivileges() ; return zuluExit( status,stl ) ; }