/*
* this function will parse /etc/crypttab to see if it has any entries to be used as system partition.
*
* sample example of the file content this function was build on.
*
* secret /dev/sda15 none
* secret_1 UUID=d2d210b8-0b1f-419f-9172-9d509ea9af0c none
*
*/
stringList_t zuluCryptGetPartitionFromCrypttab( void )
{
stringList_t stl = StringListVoid ;
stringList_t stl_1 = StringListVoid ;
stringList_t stz ;
string_t st ;
StringListIterator it ;
StringListIterator end ;
st = StringGetFromFile( "/etc/crypttab" ) ;
stl = StringListStringSplit( st,'\n' ) ;
StringDelete( &st ) ;
StringListGetIterators( stl,&it,&end ) ;
while( it != end ){
st = *it ;
it++ ;
if( !StringStartsWith( st,"#" ) ){
stz = StringListStringSplit( st,' ' ) ;
st = StringListStringAtSecondPlace( stz ) ;
stl_1 = _eval_path( st,stl_1 ) ;
StringListDelete( &stz ) ;
}
}
StringListDelete( &stl ) ;
return stl_1 ;
}
static char * _zuluCryptResolveDevRoot( void )
{
const char * e ;
char * dev ;
string_t st = StringGetFromVirtualFile( "/proc/cmdline" ) ;
stringList_t stl = StringListStringSplit( st,' ' ) ;
StringDelete( &st ) ;
st = StringListHasSequence_1( stl,"root=/dev/" ) ;
if( st != StringVoid ){
e = StringContent( st ) + 5 ;
dev = zuluCryptResolvePath( e ) ;
}else{
st = StringListHasSequence_1( stl,"root=UUID=" ) ;
if( st != StringVoid ){
/*
* zuluCryptDeviceFromUUID() is defined in ./blkid_evaluate_tag.c
*/
e = StringContent( st ) + 10 ;
dev = zuluCryptDeviceFromUUID( e ) ;
}else{
dev = NULL ;
}
}
StringListDelete( &stl ) ;
return dev ;
}
static int _fileSystemIsSupported( const char * fs )
{
string_t st = StringGetFromVirtualFile( "/proc/filesystems" ) ;
stringList_t stl = StringListStringSplit( st,'\n' ) ;
StringListIterator it = StringListBegin( stl ) ;
StringListIterator end = StringListEnd( stl ) ;
string_t xt ;
int r = 0 ;
while( it != end ){
xt = *it ;
it++ ;
if( !StringStartsWith( xt,"nodev" ) ){
if( StringContains( xt,fs ) ){
r = 1 ;
break ;
}
}
}
StringDelete( &st ) ;
StringListDelete( &stl ) ;
return r ;
}
static int _zuluCryptUnmountVolume_0( string_t st,char ** m_point )
{
int h ;
stringList_t stl = StringListStringSplit( st,' ' ) ;
StringListIterator it = StringListBegin( stl ) ;
/*
* zuluCryptDecodeMountEntry() is defined in mount_volume.c
*/
const char * mout_point = zuluCryptDecodeMountEntry( *( it + 1 ) ) ;
if( StringContains( *( it + 2 ),"fuse" ) ){
/*
* Dont know whats going on but FUSE based file systems do not seem to work with umount()
*/
h = _unmount( _unmount_fuse,mout_point ) ;
}else{
h = _unmount( _unmount_rest,mout_point ) ;
}
if( h == 0 && m_point != NULL ){
*m_point = StringCopy_2( mout_point ) ;
}
StringListDelete( &stl ) ;
return h ;
}
stringList_t zuluCryptGetPartitionFromConfigFile( const char * path )
{
StringListIterator it ;
StringListIterator end ;
stringList_t stl ;
stringList_t stl_1 = StringListVoid ;
string_t st = StringVoid ;
zuluCryptSecurityGainElevatedPrivileges() ;
st = StringGetFromFile( path ) ;
zuluCryptSecurityDropElevatedPrivileges() ;
stl = StringListStringSplit( st,'\n' ) ;
StringDelete( &st ) ;
StringListGetIterators( stl,&it,&end ) ;
while( it != end ){
stl_1 = _eval_path( *it,stl_1 ) ;
it++ ;
}
StringListDelete( &stl ) ;
return stl_1 ;
}
static stringList_t _volumeList( string_t ( *function )( const vInfo * ) )
{
char * const * entry = NULL ;
size_t entry_len = 0 ;
stringList_t tmp ;
stringList_t stx = StringListVoid ;
stringList_t stl ;
StringListIterator it ;
StringListIterator end ;
string_t st = StringGetFromVirtualFile( "/proc/self/mountinfo" ) ;
stl = StringListStringSplit( st,'\n' ) ;
StringDelete( &st ) ;
StringListGetIterators( stl,&it,&end ) ;
while( it != end ) {
tmp = StringListStringSplit( *it,' ' ) ;
it++ ;
stx = _add_entry( stx,tmp,function,&entry,&entry_len ) ;
StringListDelete( &tmp ) ;
}
StringFree( entry ) ;
StringListDelete( &stl ) ;
return stx ;
}
char * zuluCryptGetMountPointFromPath( const char * path )
{
string_t st = zuluCryptGetMountEntry( path ) ;
stringList_t stl ;
if( st == StringVoid ) {
return NULL ;
} else {
stl = StringListStringSplit( st,' ' ) ;
StringDelete( &st ) ;
if( stl == StringListVoid ) {
return NULL ;
} else {
st = StringListCopyStringAtSecondPlace( stl ) ;
StringListDelete( &stl ) ;
zuluCryptDecodeMountEntry( st ) ;
return StringDeleteHandle( &st ) ;
}
}
}
static void _get_file_system_options_from_config_file( const char * device,string_t st )
{
char * f ;
const char * e ;
StringListIterator it ;
StringListIterator end ;
string_t xt = StringGetFromFile( "/etc/zuluCrypt/fs_options" ) ;
stringList_t stl = StringListStringSplit( xt,'\n' ) ;
stringList_t stz ;
StringDelete( &xt ) ;
f = _get_uuid_from_device( device ) ;
StringListGetIterators( stl,&it,&end ) ;
while( it != end ){
e = StringRemoveString( *it,"\"" ) ;
it++ ;
if( StringPrefixMatch( e,"UUID=",5 ) ){
if( StringPrefixEqual( e + 5,f ) ){
stz = StringListSplit( e,' ' ) ;
e = StringListContentAtSecondPlace( stz ) ;
StringMultipleAppend( st,",",e,NULL ) ;
StringListDelete( &stz ) ;
break ;
}
}
}
StringListDelete( &stl ) ;
StringFree( f ) ;
}
int zuluCryptBindUnmountVolume( stringList_t stx,const char * device,uid_t uid )
{
stringList_t stl ;
string_t xt ;
string_t st ;
string_t zt ;
ssize_t index = -1 ;
const char * f ;
const char * g ;
char * h = NULL ;
int r = 1 ;
int k ;
int delete_stx = 0 ;
/*
* zuluCryptUserIsAMemberOfAGroup() is defined in security.c
*/
/*
* root user is a member of all groups and hence is allowed
*/
int allowedUser = zuluCryptUserIsAMemberOfAGroup( uid,"zulumount" ) ;
zuluCryptSecurityGainElevatedPrivileges() ;
if( stx == StringListVoid ){
/*
* zuluCryptGetMoutedListFromMountInfo() is defined in ../lib/process_mountinfo.c
*/
stx = zuluCryptGetMoutedListFromMountInfo() ;
delete_stx = 1 ;
}
if( StringPrefixEqual( device,"/dev/loop" ) ){
/*
* zuluCryptLoopDeviceAddress_2() is defined in ../lib/create_loop_device.c
*/
st = zuluCryptLoopDeviceAddress_2( device ) ;
/*
* Add a space at the end of the device name to make sure we check the full device name to avoid possible collisions
* that may exist if one device is named "/home/abc" and another "/home/abcdef"
*/
zt = StringListHasStartSequence_1( stx,StringAppend( st," " ) ) ;
StringRemoveRight( st,1 ) ;
device = h = StringDeleteHandle( &st ) ;
}else{
/*
* Add a space at the end of the device name to make sure we check the full device name to avoid possible collisions
* that may exist if one device is named "/dev/sdc1" and another "/dev/sdc12"
*/
st = String( device ) ;
zt = StringListHasStartSequence_1( stx,StringAppend( st," " ) ) ;
StringDelete( &st ) ;
}
if( zt == StringVoid ){
/*
* The volume does not appear to be mounted
*/
r = 1 ;
}else{
stl = StringListStringSplit( zt,' ' ) ;
xt = StringListCopyStringAtSecondPlace( stl ) ;
StringListDelete( &stl ) ;
st = StringCopy( xt ) ;
/*
* zuluCryptDecodeMountEntry() is defined in ../lib/mount_volume.c
* g will contain something like "/run/media/private/$USER/sdc1"
*/
g = zuluCryptDecodeMountEntry( st ) ;
if( allowedUser ){
/*
* a privileged user is attempting to unmount a shared mount point,allow them
*/
k = 1 ;
}else{
/*
* a non privileged user is attempting to unmount a shared mount point,allow them only if
* they are the one that created it
*/
/*
* zuluCryptSecurityMountPointPrefixMatch() is defined in ./security.c
*/
k = zuluCryptMountPointPrefixMatch( g,uid,NULL ) ;
}
StringDelete( &st ) ;
if( k != 1 ){
/*
* One none privileged user is attempting to unmount a bind mount from another use,disallow it
*/
r = 4 ;
}else{
index = StringLastIndexOfChar( xt,'/' ) + 1 ;
StringRemoveLeft( xt,index ) ;
StringPrepend( xt,"/run/media/public/" ) ;
/*
* f will now contain something like "/run/media/public/sdc1"
* space character is added before checking to avoid possible collisions
* as explained in above comments
*/
f = StringAppend( xt," " ) ;
zt = StringListHasSequence_1( stx,f ) ;
f = StringRemoveRight( xt,1 ) ;
if( zt == StringVoid ){
/*
* volume is not shared
*/
}else{
/*
* volume is shared,try to unmount it
* a volume is assumed to be shared if its device path in mountinfo has two mount points,one
* in /run/media/private/$USER and the other in /run/media/public/
*/
if( StringStartsWith( zt,device ) ){
f = zuluCryptDecodeMountEntry( xt ) ;
/*
* good,the device associated with the shared mount is the same as that of the
* private mount,try to unmount it.
*/
r = 3 ;
for( k = 0 ; k < 3 ; k++ ){
/*
* try to unmount 3 times before giving up
*/
if( umount( f ) == 0 ){
rmdir( f ) ;
r = 0 ;
break ;
}else{
sleep( 1 ) ;
}
}
}else{
/*
* i dont see how we will get here,we shouldnt
*/
r = 0 ;
}
}
}
StringDelete( &xt ) ;
}
if( delete_stx ){
StringListDelete( &stx ) ;
}
StringFree( h ) ;
zuluCryptSecurityDropElevatedPrivileges() ;
return r ;
}
static stringList_t _zuluCryptVolumeList_0( int resolve_loop_devices )
{
const char * device ;
const char * e ;
ssize_t index ;
StringListIterator it ;
StringListIterator end ;
stringList_t stz = StringListVoid ;
stringList_t stl = StringListVoid ;
stringList_t stl_1 = StringListVoid ;
string_t st = StringGetFromVirtualFile( "/proc/partitions" ) ;
string_t st_1 = String( "/dev/" ) ;
stl = StringListStringSplit( st,'\n' ) ;
StringDelete( &st ) ;
if( stl == StringListVoid ){
return StringListVoid ;
}
StringListGetIterators( stl,&it,&end ) ;
/*
* skip the first entry
*/
it++ ;
zuluCryptSecurityGainElevatedPrivileges() ;
while( it != end ){
st = *it ;
it++ ;
index = StringLastIndexOfChar( st,' ' ) ;
if( index != -1 ){
e = StringContent( st ) + index + 1 ;
device = StringAppendAt( st_1,5,e ) ;
if( _supported_device( device ) ){
if( StringPrefixEqual( device,"/dev/loop" ) ){
/*
* zuluCryptLoopDeviceAddress_1() id defined in ../lib/create_loop_device.c
*/
e = zuluCryptLoopDeviceAddress_1( device ) ;
if( StringListHasNoEntry( stz,e ) ){
/*
* Here we only keep one loop device if the volume file has
* more than one loop device
*/
if( resolve_loop_devices ){
stl_1 = StringListAppend( stl_1,e ) ;
}else{
stl_1 = StringListAppend( stl_1,device ) ;
}
stz = StringListAppend( stz,e ) ;
}
StringFree( e ) ;
}else{
stl_1 = StringListAppendIfAbsent( stl_1,device ) ;
}
}
}
}
zuluCryptSecurityDropElevatedPrivileges() ;
StringListMultipleDelete( &stl,&stz,NULL ) ;
StringDelete( &st_1 ) ;
return _zuluCryptAddLVMVolumes( _zuluCryptAddMDRAIDVolumes( _remove_root_devices( stl_1 ) ) ) ;
}
