pid_t ProcessStart( process_t p )
{
char * const env[] = { "PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin",NULL } ;
if( pipe( p->fd_0 ) == -1 ){
return -1 ;
}
if( pipe( p->fd_1 ) == -1 ){
return -1 ;
}
if( pipe( p->fd_2 ) == -1 ){
return -1 ;
}
p->pid = fork() ;
if( p->pid == -1 ){
return -1 ;
}
if( p->pid == 0 ){
if( p->str.user_id != ( uid_t )-1 ){
/*
* drop privileges permanently
*/
_ignore_result( seteuid( 0 ) ) ;
_ignore_result( setgid( p->str.user_id ) ) ;
_ignore_result( setgroups( 1,&p->str.user_id ) ) ;
_ignore_result( setegid( p->str.user_id ) ) ;
_ignore_result( setuid( p->str.user_id ) ) ;
}
dup2( p->fd_0[ 1 ],0 ) ;
dup2( p->fd_1[ 1 ],1 ) ;
dup2( p->fd_2[ 1 ],2 ) ;
close( p->fd_1[ 0 ] ) ;
close( p->fd_0[ 0 ] ) ;
close( p->fd_2[ 0 ] ) ;
if( p->str.priority != 0 ){
setpriority( PRIO_PROCESS,0,p->str.priority ) ;
}
if( p->str.env == NULL || p->str.env[ 0 ] == NULL ){
if( environ[ 0 ] == NULL ){
_execve( p,env ) ;
}else{
_execve( p,environ ) ;
}
}else{
_execve( p,p->str.env ) ;
}
/*
* execv has failed :-(
*/
_Exit( 1 ) ;
/*
* child process block ends here
*/
}
/*
* parent process continues from here
*/
close( p->fd_0[ 0 ] ) ;
close( p->fd_1[ 1 ] ) ;
close( p->fd_2[ 1 ] ) ;
p->state = ProcessIsStillRunning ;
if( p->str.timeout != -1 ){
__ProcessStartTimer( p ) ;
}
return p->pid ;
}
static int open_plain_as_me_1(const struct_opts * opts,const char * mapping_name,uid_t uid,int op )
{
/*
* Below is a form of memory management.All strings are collected in a stringlist object to easily delete them
* when the function returns.This allows for the function to have multiple exit points without risks of leaking
* memory from manually examining each exit point to make sure all strings are deleted or go with multiple goto
* code deleting blocks to take into account different exit points.
*/
stringList_t stl ;
string_t * stringArray = StringListArray( &stl,5 ) ;
string_t * mapper = &stringArray[ 0 ] ;
string_t * passphrase = &stringArray[ 1 ] ;
string_t * p = &stringArray[ 2 ] ;
string_t * dev_st = &stringArray[ 3 ] ;
string_t * dev_1 = &stringArray[ 4 ] ;
size_t len = 0 ;
const char * source = opts->key_source ;
const char * pass = opts->key ;
int k = opts->ask_confirmation ;
const char * cpass = NULL ;
char * d ;
const char * device = opts->device ;
const char * dev = opts->device ;
int j ;
int n ;
const char * cmapper ;
if( StringPrefixEqual( device,"/dev/loop" ) ){
/*
* zuluCryptLoopDeviceAddress() is defined in ../lib/create_loop_device.c
*/
d = zuluCryptLoopDeviceAddress( device ) ;
*dev_st = StringInherit( &d ) ;
dev = StringContent( *dev_st ) ;
*dev_1 = StringCopy( *dev_st ) ;
device = StringReplaceString( * dev_1,"\\040"," " ) ;
}
/*
* zuluCryptPartitionIsSystemPartition() is defined in ./partition.c
*/
if( zuluCryptPartitionIsSystemPartition( device,uid ) ){
if( uid != 0 ){
return zuluExit( stl,8 ) ;
}
}
/*
* ZULUCRYPTlongMapperPath and ZULUCRYPTshortMapperPath are in ../constants.h
* zuluCryptCreateMapperName() is defined at ../lib/create_mapper_name.c
*/
*mapper = zuluCryptCreateMapperName( device,mapping_name,uid,ZULUCRYPTshortMapperPath ) ;
*p = zuluCryptCreateMapperName( device,mapping_name,uid,ZULUCRYPTlongMapperPath ) ;
j = zuluCryptCheckOpenedMapper( StringContent( *p ) ) ;
/*
* zuluCryptPartitionIsMounted() is defined in ../lib/process_mountinfo.c
*/
n = zuluCryptPartitionIsMounted( dev ) ;
if( j == 1 ){
return zuluExit( stl,13 ) ;
}
if( n == 1 ){
return zuluExit( stl,14 ) ;
}
if( k == 0 ){
*passphrase = StringRandomString( 64 ) ;
cpass = StringContent( *passphrase ) ;
len = StringLength( *passphrase ) ;
}else if( source == NULL ){
printf( gettext( "Enter passphrase: " ) ) ;
/*
* ZULUCRYPT_KEY_MAX_SIZE is set in ../constants.h
*/
switch( StringSilentlyGetFromTerminal_1( passphrase,ZULUCRYPT_KEY_MAX_SIZE ) ){
case 1 : return zuluExit( stl,16 ) ;
case 2 : return zuluExit( stl,17 ) ;
}
printf( "\n" ) ;
cpass = StringContent( *passphrase ) ;
len = StringLength( *passphrase ) ;
}else{
if( strcmp( source,"-p" ) == 0 ){
*passphrase = String( pass ) ;
cpass = StringContent( *passphrase ) ;
len = StringLength( *passphrase ) ;
}else if( strcmp( source,"-f" ) == 0 ){
/*
* zuluCryptGetPassFromFile() is defined at "path_access.c"
*/
switch( zuluCryptGetPassFromFile( pass,uid,passphrase ) ){
case 1 : return zuluExit( stl,10 ) ;
case 2 : return zuluExit( stl,11 ) ;
case 4 : return zuluExit( stl,12 ) ;
}
cpass = StringContent( *passphrase ) ;
len = StringLength( *passphrase ) ;
}
}
if( zuluCryptSecurityGainElevatedPrivileges() ){
/*
* zuluCryptOpenPlain() is defined in ../lib/open_plain.c
*/
if( zuluCryptOpenPlain( device,StringContent( *mapper ),"rw",cpass,len ) != 0 ){
zuluCryptSecurityDropElevatedPrivileges() ;
return zuluExit( stl,1 ) ;
}
}
zuluCryptSecurityDropElevatedPrivileges() ;
/*
* Create a mapper path(usually at /dev/mapper) associated with opened plain mapper above.
*/
cmapper = StringMultiplePrepend( *mapper,"/",crypt_get_dir(),NULL ) ;
/*
* mapper path is usually a soft link to /dev/dm-X
* resolve the mapper path to its respective /dev/dm-X and set permission on it.
*
* We set permission of /dev/dm-X pointing to the device to "u+rw" because we want notmal user to be able
* to write to the device through the mapper.
*
* Useful when a normal user want to delete content of the device by writing random data to it.
*/
d = zuluCryptRealPath( cmapper ) ;
if( zuluCryptSecurityGainElevatedPrivileges() ){
if( d != NULL ){
_ignore_result( chown( d,uid,0 ) ) ;
_ignore_result( chmod( d,S_IRWXU ) ) ;
StringFree( d ) ;
}
zuluCryptSecurityDropElevatedPrivileges() ;
}else{
return zuluExit( stl,1 ) ;
}
if( op == 1 ){
return zuluExit( stl,0 ) ;
}else{
StringListClearDelete( &stl ) ;
return 0 ;
}
}
static int crypt_opt( const struct_opts * opts,uid_t uid,int opt )
{
string_t q = StringVoid ;
string_t p = StringVoid ;
int st ;
const char * source = opts->device ;
const char * dest = opts->m_opts ;
const char * passphrase = opts->key ;
const char * type = opts->key_source ;
return zuluExit( 16 ) ;
if( dest == NULL ){
return zuluExit( 9 ) ;
}
if( source == NULL ){
return zuluExit( 14 ) ;
}
/*
* zuluCryptPathStartsWith() is defined in real_path.c
*/
if( zuluCryptPathStartsWith( dest,"/dev/" ) ){
return zuluExit( 10 ) ;
}
if( zuluCryptPathStartsWith( source,"/dev/" ) ){
return zuluExit( 15 ) ;
}
/*
* zuluCryptPathIsValid() is defined in ../lib/is_path_valid.c
*/
if( zuluCryptPathIsValid( dest ) ){
return zuluExit( 5 ) ;
}
/*
* zuluCryptPathIsNotValid() is defined in ../lib/is_path_valid.c
*/
if( zuluCryptPathIsNotValid( source ) ){
return zuluExit( 6 ) ;
}
/*
* below two functions are defined in path_access.c
*/
if( zuluCryptCanOpenPathForWriting( dest,uid ) == 1 ){
return zuluExit( 10 ) ;
}
if( zuluCryptCanOpenPathForReading( source,uid ) == 1 ){
return zuluExit( 15 ) ;
}
if( type == NULL ){
printf( gettext( "Enter passphrase: " ) ) ;
/*
* ZULUCRYPT_KEY_MAX_SIZE is set in ../constants.h
*/
switch( StringSilentlyGetFromTerminal_1( &p,ZULUCRYPT_KEY_MAX_SIZE ) ){
case 1 : return zuluExit( 12 ) ;
case 2 : return zuluExit( 13 ) ;
}
printf( gettext( "\nRe enter passphrase: " ) ) ;
switch( StringSilentlyGetFromTerminal_1( &q,ZULUCRYPT_KEY_MAX_SIZE ) ){
case 1 : StringClearDelete( &p ) ;
return zuluExit( 12 ) ;
case 2 : StringClearDelete( &p ) ;
return zuluExit( 13 ) ;
}
printf( "\n" ) ;
if( !StringEqualString( p,q ) ){
StringClearDelete( &p ) ;
StringClearDelete( &q ) ;
return zuluExit( 8 ) ;
}else{
StringDelete( &q ) ;
}
}else{
if( type == NULL ){
return zuluExit( 9 ) ;
}
if( StringsAreEqual( type,"-p" ) ){
p = String( passphrase ) ;
}else if( StringsAreEqual( type,"-f" ) ){
p = StringGetFromFile( passphrase ) ;
if( p == NULL ){
return zuluExit( 2 ) ;
}
}else{
return zuluExit( 3 ) ;
}
}
if( opt == ENCRYPT ){
/*
* zuluCryptEncryptFile() is defined in ./crypt_file.c
*/
st = zuluCryptEncryptFile( source,dest,StringContent( p ),StringLength( p ) ) ;
}else{
/*
* zuluCryptDecryptFile() is defined in ./crypt_file.c
*/
st = zuluCryptDecryptFile( source,dest,StringContent( p ),StringLength( p ) ) ;
}
StringClearDelete( &p ) ;
switch( st ){
case 1 : return zuluExit( 4 ) ;
case 2 : return zuluExit( 11 ) ;
}
_ignore_result( chmod( dest,S_IRUSR | S_IWUSR ) ) ;
_ignore_result( chown( dest,uid,uid ) ) ;
if( opt == 1 ){
return zuluExit( 1 ) ;
}else{
return zuluExit( 0 ) ;
}
}
