pid_t ProcessStart( process_t p ) { char * const env[] = { "PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin",NULL } ; if( pipe( p->fd_0 ) == -1 ){ return -1 ; } if( pipe( p->fd_1 ) == -1 ){ return -1 ; } if( pipe( p->fd_2 ) == -1 ){ return -1 ; } p->pid = fork() ; if( p->pid == -1 ){ return -1 ; } if( p->pid == 0 ){ if( p->str.user_id != ( uid_t )-1 ){ /* * drop privileges permanently */ _ignore_result( seteuid( 0 ) ) ; _ignore_result( setgid( p->str.user_id ) ) ; _ignore_result( setgroups( 1,&p->str.user_id ) ) ; _ignore_result( setegid( p->str.user_id ) ) ; _ignore_result( setuid( p->str.user_id ) ) ; } dup2( p->fd_0[ 1 ],0 ) ; dup2( p->fd_1[ 1 ],1 ) ; dup2( p->fd_2[ 1 ],2 ) ; close( p->fd_1[ 0 ] ) ; close( p->fd_0[ 0 ] ) ; close( p->fd_2[ 0 ] ) ; if( p->str.priority != 0 ){ setpriority( PRIO_PROCESS,0,p->str.priority ) ; } if( p->str.env == NULL || p->str.env[ 0 ] == NULL ){ if( environ[ 0 ] == NULL ){ _execve( p,env ) ; }else{ _execve( p,environ ) ; } }else{ _execve( p,p->str.env ) ; } /* * execv has failed :-( */ _Exit( 1 ) ; /* * child process block ends here */ } /* * parent process continues from here */ close( p->fd_0[ 0 ] ) ; close( p->fd_1[ 1 ] ) ; close( p->fd_2[ 1 ] ) ; p->state = ProcessIsStillRunning ; if( p->str.timeout != -1 ){ __ProcessStartTimer( p ) ; } return p->pid ; }
static int open_plain_as_me_1(const struct_opts * opts,const char * mapping_name,uid_t uid,int op ) { /* * Below is a form of memory management.All strings are collected in a stringlist object to easily delete them * when the function returns.This allows for the function to have multiple exit points without risks of leaking * memory from manually examining each exit point to make sure all strings are deleted or go with multiple goto * code deleting blocks to take into account different exit points. */ stringList_t stl ; string_t * stringArray = StringListArray( &stl,5 ) ; string_t * mapper = &stringArray[ 0 ] ; string_t * passphrase = &stringArray[ 1 ] ; string_t * p = &stringArray[ 2 ] ; string_t * dev_st = &stringArray[ 3 ] ; string_t * dev_1 = &stringArray[ 4 ] ; size_t len = 0 ; const char * source = opts->key_source ; const char * pass = opts->key ; int k = opts->ask_confirmation ; const char * cpass = NULL ; char * d ; const char * device = opts->device ; const char * dev = opts->device ; int j ; int n ; const char * cmapper ; if( StringPrefixEqual( device,"/dev/loop" ) ){ /* * zuluCryptLoopDeviceAddress() is defined in ../lib/create_loop_device.c */ d = zuluCryptLoopDeviceAddress( device ) ; *dev_st = StringInherit( &d ) ; dev = StringContent( *dev_st ) ; *dev_1 = StringCopy( *dev_st ) ; device = StringReplaceString( * dev_1,"\\040"," " ) ; } /* * zuluCryptPartitionIsSystemPartition() is defined in ./partition.c */ if( zuluCryptPartitionIsSystemPartition( device,uid ) ){ if( uid != 0 ){ return zuluExit( stl,8 ) ; } } /* * ZULUCRYPTlongMapperPath and ZULUCRYPTshortMapperPath are in ../constants.h * zuluCryptCreateMapperName() is defined at ../lib/create_mapper_name.c */ *mapper = zuluCryptCreateMapperName( device,mapping_name,uid,ZULUCRYPTshortMapperPath ) ; *p = zuluCryptCreateMapperName( device,mapping_name,uid,ZULUCRYPTlongMapperPath ) ; j = zuluCryptCheckOpenedMapper( StringContent( *p ) ) ; /* * zuluCryptPartitionIsMounted() is defined in ../lib/process_mountinfo.c */ n = zuluCryptPartitionIsMounted( dev ) ; if( j == 1 ){ return zuluExit( stl,13 ) ; } if( n == 1 ){ return zuluExit( stl,14 ) ; } if( k == 0 ){ *passphrase = StringRandomString( 64 ) ; cpass = StringContent( *passphrase ) ; len = StringLength( *passphrase ) ; }else if( source == NULL ){ printf( gettext( "Enter passphrase: " ) ) ; /* * ZULUCRYPT_KEY_MAX_SIZE is set in ../constants.h */ switch( StringSilentlyGetFromTerminal_1( passphrase,ZULUCRYPT_KEY_MAX_SIZE ) ){ case 1 : return zuluExit( stl,16 ) ; case 2 : return zuluExit( stl,17 ) ; } printf( "\n" ) ; cpass = StringContent( *passphrase ) ; len = StringLength( *passphrase ) ; }else{ if( strcmp( source,"-p" ) == 0 ){ *passphrase = String( pass ) ; cpass = StringContent( *passphrase ) ; len = StringLength( *passphrase ) ; }else if( strcmp( source,"-f" ) == 0 ){ /* * zuluCryptGetPassFromFile() is defined at "path_access.c" */ switch( zuluCryptGetPassFromFile( pass,uid,passphrase ) ){ case 1 : return zuluExit( stl,10 ) ; case 2 : return zuluExit( stl,11 ) ; case 4 : return zuluExit( stl,12 ) ; } cpass = StringContent( *passphrase ) ; len = StringLength( *passphrase ) ; } } if( zuluCryptSecurityGainElevatedPrivileges() ){ /* * zuluCryptOpenPlain() is defined in ../lib/open_plain.c */ if( zuluCryptOpenPlain( device,StringContent( *mapper ),"rw",cpass,len ) != 0 ){ zuluCryptSecurityDropElevatedPrivileges() ; return zuluExit( stl,1 ) ; } } zuluCryptSecurityDropElevatedPrivileges() ; /* * Create a mapper path(usually at /dev/mapper) associated with opened plain mapper above. */ cmapper = StringMultiplePrepend( *mapper,"/",crypt_get_dir(),NULL ) ; /* * mapper path is usually a soft link to /dev/dm-X * resolve the mapper path to its respective /dev/dm-X and set permission on it. * * We set permission of /dev/dm-X pointing to the device to "u+rw" because we want notmal user to be able * to write to the device through the mapper. * * Useful when a normal user want to delete content of the device by writing random data to it. */ d = zuluCryptRealPath( cmapper ) ; if( zuluCryptSecurityGainElevatedPrivileges() ){ if( d != NULL ){ _ignore_result( chown( d,uid,0 ) ) ; _ignore_result( chmod( d,S_IRWXU ) ) ; StringFree( d ) ; } zuluCryptSecurityDropElevatedPrivileges() ; }else{ return zuluExit( stl,1 ) ; } if( op == 1 ){ return zuluExit( stl,0 ) ; }else{ StringListClearDelete( &stl ) ; return 0 ; } }
static int crypt_opt( const struct_opts * opts,uid_t uid,int opt ) { string_t q = StringVoid ; string_t p = StringVoid ; int st ; const char * source = opts->device ; const char * dest = opts->m_opts ; const char * passphrase = opts->key ; const char * type = opts->key_source ; return zuluExit( 16 ) ; if( dest == NULL ){ return zuluExit( 9 ) ; } if( source == NULL ){ return zuluExit( 14 ) ; } /* * zuluCryptPathStartsWith() is defined in real_path.c */ if( zuluCryptPathStartsWith( dest,"/dev/" ) ){ return zuluExit( 10 ) ; } if( zuluCryptPathStartsWith( source,"/dev/" ) ){ return zuluExit( 15 ) ; } /* * zuluCryptPathIsValid() is defined in ../lib/is_path_valid.c */ if( zuluCryptPathIsValid( dest ) ){ return zuluExit( 5 ) ; } /* * zuluCryptPathIsNotValid() is defined in ../lib/is_path_valid.c */ if( zuluCryptPathIsNotValid( source ) ){ return zuluExit( 6 ) ; } /* * below two functions are defined in path_access.c */ if( zuluCryptCanOpenPathForWriting( dest,uid ) == 1 ){ return zuluExit( 10 ) ; } if( zuluCryptCanOpenPathForReading( source,uid ) == 1 ){ return zuluExit( 15 ) ; } if( type == NULL ){ printf( gettext( "Enter passphrase: " ) ) ; /* * ZULUCRYPT_KEY_MAX_SIZE is set in ../constants.h */ switch( StringSilentlyGetFromTerminal_1( &p,ZULUCRYPT_KEY_MAX_SIZE ) ){ case 1 : return zuluExit( 12 ) ; case 2 : return zuluExit( 13 ) ; } printf( gettext( "\nRe enter passphrase: " ) ) ; switch( StringSilentlyGetFromTerminal_1( &q,ZULUCRYPT_KEY_MAX_SIZE ) ){ case 1 : StringClearDelete( &p ) ; return zuluExit( 12 ) ; case 2 : StringClearDelete( &p ) ; return zuluExit( 13 ) ; } printf( "\n" ) ; if( !StringEqualString( p,q ) ){ StringClearDelete( &p ) ; StringClearDelete( &q ) ; return zuluExit( 8 ) ; }else{ StringDelete( &q ) ; } }else{ if( type == NULL ){ return zuluExit( 9 ) ; } if( StringsAreEqual( type,"-p" ) ){ p = String( passphrase ) ; }else if( StringsAreEqual( type,"-f" ) ){ p = StringGetFromFile( passphrase ) ; if( p == NULL ){ return zuluExit( 2 ) ; } }else{ return zuluExit( 3 ) ; } } if( opt == ENCRYPT ){ /* * zuluCryptEncryptFile() is defined in ./crypt_file.c */ st = zuluCryptEncryptFile( source,dest,StringContent( p ),StringLength( p ) ) ; }else{ /* * zuluCryptDecryptFile() is defined in ./crypt_file.c */ st = zuluCryptDecryptFile( source,dest,StringContent( p ),StringLength( p ) ) ; } StringClearDelete( &p ) ; switch( st ){ case 1 : return zuluExit( 4 ) ; case 2 : return zuluExit( 11 ) ; } _ignore_result( chmod( dest,S_IRUSR | S_IWUSR ) ) ; _ignore_result( chown( dest,uid,uid ) ) ; if( opt == 1 ){ return zuluExit( 1 ) ; }else{ return zuluExit( 0 ) ; } }