/* * this function will parse /etc/crypttab to see if it has any entries to be used as system partition. * * sample example of the file content this function was build on. * * secret /dev/sda15 none * secret_1 UUID=d2d210b8-0b1f-419f-9172-9d509ea9af0c none * */ stringList_t zuluCryptGetPartitionFromCrypttab( void ) { stringList_t stl = StringListVoid ; stringList_t stl_1 = StringListVoid ; stringList_t stz ; string_t st ; StringListIterator it ; StringListIterator end ; st = StringGetFromFile( "/etc/crypttab" ) ; stl = StringListStringSplit( st,'\n' ) ; StringDelete( &st ) ; StringListGetIterators( stl,&it,&end ) ; while( it != end ){ st = *it ; it++ ; if( !StringStartsWith( st,"#" ) ){ stz = StringListStringSplit( st,' ' ) ; st = StringListStringAtSecondPlace( stz ) ; stl_1 = _eval_path( st,stl_1 ) ; StringListDelete( &stz ) ; } } StringListDelete( &stl ) ; return stl_1 ; }
static char * _zuluCryptResolveDevRoot( void ) { const char * e ; char * dev ; string_t st = StringGetFromVirtualFile( "/proc/cmdline" ) ; stringList_t stl = StringListStringSplit( st,' ' ) ; StringDelete( &st ) ; st = StringListHasSequence_1( stl,"root=/dev/" ) ; if( st != StringVoid ){ e = StringContent( st ) + 5 ; dev = zuluCryptResolvePath( e ) ; }else{ st = StringListHasSequence_1( stl,"root=UUID=" ) ; if( st != StringVoid ){ /* * zuluCryptDeviceFromUUID() is defined in ./blkid_evaluate_tag.c */ e = StringContent( st ) + 10 ; dev = zuluCryptDeviceFromUUID( e ) ; }else{ dev = NULL ; } } StringListDelete( &stl ) ; return dev ; }
static int _fileSystemIsSupported( const char * fs ) { string_t st = StringGetFromVirtualFile( "/proc/filesystems" ) ; stringList_t stl = StringListStringSplit( st,'\n' ) ; StringListIterator it = StringListBegin( stl ) ; StringListIterator end = StringListEnd( stl ) ; string_t xt ; int r = 0 ; while( it != end ){ xt = *it ; it++ ; if( !StringStartsWith( xt,"nodev" ) ){ if( StringContains( xt,fs ) ){ r = 1 ; break ; } } } StringDelete( &st ) ; StringListDelete( &stl ) ; return r ; }
static int _zuluCryptUnmountVolume_0( string_t st,char ** m_point ) { int h ; stringList_t stl = StringListStringSplit( st,' ' ) ; StringListIterator it = StringListBegin( stl ) ; /* * zuluCryptDecodeMountEntry() is defined in mount_volume.c */ const char * mout_point = zuluCryptDecodeMountEntry( *( it + 1 ) ) ; if( StringContains( *( it + 2 ),"fuse" ) ){ /* * Dont know whats going on but FUSE based file systems do not seem to work with umount() */ h = _unmount( _unmount_fuse,mout_point ) ; }else{ h = _unmount( _unmount_rest,mout_point ) ; } if( h == 0 && m_point != NULL ){ *m_point = StringCopy_2( mout_point ) ; } StringListDelete( &stl ) ; return h ; }
stringList_t zuluCryptGetPartitionFromConfigFile( const char * path ) { StringListIterator it ; StringListIterator end ; stringList_t stl ; stringList_t stl_1 = StringListVoid ; string_t st = StringVoid ; zuluCryptSecurityGainElevatedPrivileges() ; st = StringGetFromFile( path ) ; zuluCryptSecurityDropElevatedPrivileges() ; stl = StringListStringSplit( st,'\n' ) ; StringDelete( &st ) ; StringListGetIterators( stl,&it,&end ) ; while( it != end ){ stl_1 = _eval_path( *it,stl_1 ) ; it++ ; } StringListDelete( &stl ) ; return stl_1 ; }
static stringList_t _volumeList( string_t ( *function )( const vInfo * ) ) { char * const * entry = NULL ; size_t entry_len = 0 ; stringList_t tmp ; stringList_t stx = StringListVoid ; stringList_t stl ; StringListIterator it ; StringListIterator end ; string_t st = StringGetFromVirtualFile( "/proc/self/mountinfo" ) ; stl = StringListStringSplit( st,'\n' ) ; StringDelete( &st ) ; StringListGetIterators( stl,&it,&end ) ; while( it != end ) { tmp = StringListStringSplit( *it,' ' ) ; it++ ; stx = _add_entry( stx,tmp,function,&entry,&entry_len ) ; StringListDelete( &tmp ) ; } StringFree( entry ) ; StringListDelete( &stl ) ; return stx ; }
char * zuluCryptGetMountPointFromPath( const char * path ) { string_t st = zuluCryptGetMountEntry( path ) ; stringList_t stl ; if( st == StringVoid ) { return NULL ; } else { stl = StringListStringSplit( st,' ' ) ; StringDelete( &st ) ; if( stl == StringListVoid ) { return NULL ; } else { st = StringListCopyStringAtSecondPlace( stl ) ; StringListDelete( &stl ) ; zuluCryptDecodeMountEntry( st ) ; return StringDeleteHandle( &st ) ; } } }
static void _get_file_system_options_from_config_file( const char * device,string_t st ) { char * f ; const char * e ; StringListIterator it ; StringListIterator end ; string_t xt = StringGetFromFile( "/etc/zuluCrypt/fs_options" ) ; stringList_t stl = StringListStringSplit( xt,'\n' ) ; stringList_t stz ; StringDelete( &xt ) ; f = _get_uuid_from_device( device ) ; StringListGetIterators( stl,&it,&end ) ; while( it != end ){ e = StringRemoveString( *it,"\"" ) ; it++ ; if( StringPrefixMatch( e,"UUID=",5 ) ){ if( StringPrefixEqual( e + 5,f ) ){ stz = StringListSplit( e,' ' ) ; e = StringListContentAtSecondPlace( stz ) ; StringMultipleAppend( st,",",e,NULL ) ; StringListDelete( &stz ) ; break ; } } } StringListDelete( &stl ) ; StringFree( f ) ; }
int zuluCryptBindUnmountVolume( stringList_t stx,const char * device,uid_t uid ) { stringList_t stl ; string_t xt ; string_t st ; string_t zt ; ssize_t index = -1 ; const char * f ; const char * g ; char * h = NULL ; int r = 1 ; int k ; int delete_stx = 0 ; /* * zuluCryptUserIsAMemberOfAGroup() is defined in security.c */ /* * root user is a member of all groups and hence is allowed */ int allowedUser = zuluCryptUserIsAMemberOfAGroup( uid,"zulumount" ) ; zuluCryptSecurityGainElevatedPrivileges() ; if( stx == StringListVoid ){ /* * zuluCryptGetMoutedListFromMountInfo() is defined in ../lib/process_mountinfo.c */ stx = zuluCryptGetMoutedListFromMountInfo() ; delete_stx = 1 ; } if( StringPrefixEqual( device,"/dev/loop" ) ){ /* * zuluCryptLoopDeviceAddress_2() is defined in ../lib/create_loop_device.c */ st = zuluCryptLoopDeviceAddress_2( device ) ; /* * Add a space at the end of the device name to make sure we check the full device name to avoid possible collisions * that may exist if one device is named "/home/abc" and another "/home/abcdef" */ zt = StringListHasStartSequence_1( stx,StringAppend( st," " ) ) ; StringRemoveRight( st,1 ) ; device = h = StringDeleteHandle( &st ) ; }else{ /* * Add a space at the end of the device name to make sure we check the full device name to avoid possible collisions * that may exist if one device is named "/dev/sdc1" and another "/dev/sdc12" */ st = String( device ) ; zt = StringListHasStartSequence_1( stx,StringAppend( st," " ) ) ; StringDelete( &st ) ; } if( zt == StringVoid ){ /* * The volume does not appear to be mounted */ r = 1 ; }else{ stl = StringListStringSplit( zt,' ' ) ; xt = StringListCopyStringAtSecondPlace( stl ) ; StringListDelete( &stl ) ; st = StringCopy( xt ) ; /* * zuluCryptDecodeMountEntry() is defined in ../lib/mount_volume.c * g will contain something like "/run/media/private/$USER/sdc1" */ g = zuluCryptDecodeMountEntry( st ) ; if( allowedUser ){ /* * a privileged user is attempting to unmount a shared mount point,allow them */ k = 1 ; }else{ /* * a non privileged user is attempting to unmount a shared mount point,allow them only if * they are the one that created it */ /* * zuluCryptSecurityMountPointPrefixMatch() is defined in ./security.c */ k = zuluCryptMountPointPrefixMatch( g,uid,NULL ) ; } StringDelete( &st ) ; if( k != 1 ){ /* * One none privileged user is attempting to unmount a bind mount from another use,disallow it */ r = 4 ; }else{ index = StringLastIndexOfChar( xt,'/' ) + 1 ; StringRemoveLeft( xt,index ) ; StringPrepend( xt,"/run/media/public/" ) ; /* * f will now contain something like "/run/media/public/sdc1" * space character is added before checking to avoid possible collisions * as explained in above comments */ f = StringAppend( xt," " ) ; zt = StringListHasSequence_1( stx,f ) ; f = StringRemoveRight( xt,1 ) ; if( zt == StringVoid ){ /* * volume is not shared */ }else{ /* * volume is shared,try to unmount it * a volume is assumed to be shared if its device path in mountinfo has two mount points,one * in /run/media/private/$USER and the other in /run/media/public/ */ if( StringStartsWith( zt,device ) ){ f = zuluCryptDecodeMountEntry( xt ) ; /* * good,the device associated with the shared mount is the same as that of the * private mount,try to unmount it. */ r = 3 ; for( k = 0 ; k < 3 ; k++ ){ /* * try to unmount 3 times before giving up */ if( umount( f ) == 0 ){ rmdir( f ) ; r = 0 ; break ; }else{ sleep( 1 ) ; } } }else{ /* * i dont see how we will get here,we shouldnt */ r = 0 ; } } } StringDelete( &xt ) ; } if( delete_stx ){ StringListDelete( &stx ) ; } StringFree( h ) ; zuluCryptSecurityDropElevatedPrivileges() ; return r ; }
static stringList_t _zuluCryptVolumeList_0( int resolve_loop_devices ) { const char * device ; const char * e ; ssize_t index ; StringListIterator it ; StringListIterator end ; stringList_t stz = StringListVoid ; stringList_t stl = StringListVoid ; stringList_t stl_1 = StringListVoid ; string_t st = StringGetFromVirtualFile( "/proc/partitions" ) ; string_t st_1 = String( "/dev/" ) ; stl = StringListStringSplit( st,'\n' ) ; StringDelete( &st ) ; if( stl == StringListVoid ){ return StringListVoid ; } StringListGetIterators( stl,&it,&end ) ; /* * skip the first entry */ it++ ; zuluCryptSecurityGainElevatedPrivileges() ; while( it != end ){ st = *it ; it++ ; index = StringLastIndexOfChar( st,' ' ) ; if( index != -1 ){ e = StringContent( st ) + index + 1 ; device = StringAppendAt( st_1,5,e ) ; if( _supported_device( device ) ){ if( StringPrefixEqual( device,"/dev/loop" ) ){ /* * zuluCryptLoopDeviceAddress_1() id defined in ../lib/create_loop_device.c */ e = zuluCryptLoopDeviceAddress_1( device ) ; if( StringListHasNoEntry( stz,e ) ){ /* * Here we only keep one loop device if the volume file has * more than one loop device */ if( resolve_loop_devices ){ stl_1 = StringListAppend( stl_1,e ) ; }else{ stl_1 = StringListAppend( stl_1,device ) ; } stz = StringListAppend( stz,e ) ; } StringFree( e ) ; }else{ stl_1 = StringListAppendIfAbsent( stl_1,device ) ; } } } } zuluCryptSecurityDropElevatedPrivileges() ; StringListMultipleDelete( &stl,&stz,NULL ) ; StringDelete( &st_1 ) ; return _zuluCryptAddLVMVolumes( _zuluCryptAddMDRAIDVolumes( _remove_root_devices( stl_1 ) ) ) ; }