/* * Below function copies a secured file from secured location to a user owned and managed location. * The source file will be deleted when the copy is done. */ static int _secure_copy_file( const char * source,const char * dest,uid_t uid ) { int st = 4 ; int fd_source ; int fd_dest ; size_t len ; char buffer[ SIZE ] ; zuluCryptSecurityDropElevatedPrivileges() ; fd_dest = open( dest,O_WRONLY | O_CREAT,S_IRUSR | S_IWUSR | S_IRGRP |S_IROTH ) ; if( fd_dest == -1 ){ zuluCryptSecurityGainElevatedPrivileges() ; zuluCryptDeleteFile( source ) ; zuluCryptSecurityDropElevatedPrivileges() ; return 6 ; } zuluCryptSecurityGainElevatedPrivileges() ; fd_source = open( source,O_RDONLY ) ; if( fd_source != -1 ){ while( 1 ){ len = read( fd_source,buffer,SIZE ) ; if( len < SIZE ){ ignore_result( write( fd_dest,buffer,len ) ) ; break ; }else{ ignore_result( write( fd_dest,buffer,len ) ) ; } } ignore_result( chmod( dest,S_IRUSR ) ) ; ignore_result( chown( dest,uid,uid ) ) ; st = 0 ; } /* * zuluCryptDeleteFile() is defined in ../lib/file_path_security.c */ zuluCryptDeleteFile( source ) ; zuluCryptSecurityDropElevatedPrivileges() ; return st ; }
int zuluCryptOpenTcrypt( const char * device,const char * mapper,const char * key,size_t key_len, int key_source,int volume_type,const char * m_point, uid_t uid,unsigned long m_flags,const char * fs_opts ) { open_struct_t opts ; string_t st ; int r ; const char * keyfile ; memset( &opts,'\0',sizeof( open_struct_t ) ) ; opts.device = device ; opts.mapper_name = mapper ; opts.volume_type = volume_type ; opts.m_point = m_point ; opts.uid = uid ; opts.m_flags = m_flags ; opts.fs_opts = fs_opts ; if( m_flags & MS_RDONLY ){ opts.m_opts = "ro" ; }else{ opts.m_opts = "rw" ; } if( key_source == TCRYPT_KEYFILE ){ st = zuluCryptCreateKeyFile( key,key_len,"open_tcrypt-" ) ; if( st != StringVoid ){ keyfile = StringContent( st ) ; opts.tcrypt_keyfiles_count = 1 ; opts.tcrypt_keyfiles = &keyfile ; r = zuluCryptOpenTcrypt_1( &opts ) ; /* * zuluCryptDeleteFile() is defined in open_path_security.c */ zuluCryptDeleteFile( keyfile ) ; StringDelete( &st ) ; }else{ r = 1 ; } }else if( key_source == TCRYPT_KEYFILE_FILE ){ opts.tcrypt_keyfiles_count = 1 ; opts.tcrypt_keyfiles = &key ; r = zuluCryptOpenTcrypt_1( &opts ) ; }else{ opts.key_len = key_len ; opts.key = key ; r = zuluCryptOpenTcrypt_1( &opts ) ; } return r ; }
void zuluCryptDeleteFile_1( string_t st ) { zuluCryptDeleteFile( StringContent( st ) ) ; }
static int _modify_tcrypt( info_t * info,const struct_opts * opts ) { int k = 4 ; int r ; string_t st = StringVoid ; string_t xt = StringVoid ; if( StringsAreEqual( opts->key_source,"-p" ) ){ info->header_key = opts->key ; info->header_key_source = "passphrase" ; info->header_new_key_source = "new_passphrase" ; }else if( opts->key == NULL && StringsAreNotEqual( opts->key_source,"-f" ) ){ st = info->getKey( &r ) ; if( r ){ info->key = StringContent( st ) ; info->header_key = info->key ; info->header_key_source = "passphrase" ; info->header_new_key_source = "new_passphrase" ; }else{ return zuluExit_1( k,st,xt ) ; } }else{ /* * function is defined at "path_access.c" */ zuluCryptGetPassFromFile( opts->key,info->uid,&st ) ; zuluCryptSecurityGainElevatedPrivileges() ; if( st == StringVoid ){ return zuluExit_1( k,st,xt ) ; }else{ if( StringHasComponent( opts->key,".zuluCrypt-socket" ) ){ info->key = StringContent( st ) ; info->header_key = info->key ; info->header_key_source = "passphrase" ; info->header_new_key_source = "new_passphrase" ; }else{ xt = zuluCryptCreateKeyFile( StringContent( st ),StringLength( st ),"tcrypt-bk-" ) ; if( xt == StringVoid ){ return zuluExit_1( k,st,xt ) ; }else{ info->key = StringContent( xt ) ; info->header_key = info->key ; info->header_key_source = "keyfiles" ; info->header_new_key_source = "new_keyfiles" ; } } } } /* * zuluCryptModifyTcryptHeader() is defined in ../lib/create_tcrypt.c */ k = zuluCryptModifyTcryptHeader( info ) ; if( xt != StringVoid ){ /* * zuluCryptDeleteFile() is defined in ../lib/file_path_security.c */ zuluCryptDeleteFile( StringContent( xt ) ) ; } return zuluExit_1( k,st,xt ) ; }
static int _create_tcrypt_volume( const char * device,const char * file_system, const char * rng,const char * key,size_t key_len, int key_source,u_int64_t hidden_volume_size, const char * file_system_h,const char * key_h,size_t key_len_h,int key_source_h ) { string_t st = StringVoid ; string_t xt = StringVoid ; tcrypt_t info ; int r = 3 ; if( zuluCryptPathIsNotValid( device ) ){ return 1 ; } memset( &info,'\0',sizeof( tcrypt_t ) ) ; info.device = device ; info.key_source = key_source ; info.key_source_h = key_source_h ; info.hidden_volume_size = hidden_volume_size ; if( StringPrefixMatch( rng,"/dev/urandom",12 ) ){ info.weak_keys_and_salt = 1 ; } if( info.key_source == TCRYPT_PASSPHRASE ){ info.key = key ; info.key_source_1 = "passphrase" ; }else{ /* * zuluCryptCreateKeyFile() is defined in open_tcrypt.c */ st = zuluCryptCreateKeyFile( key,key_len,"create_tcrypt-1-" ) ; info.key = StringContent( st ) ; info.key_source = TCRYPT_KEYFILE_FILE ; info.key_source_1 = "keyfiles" ; } if( info.hidden_volume_size > 0 ){ if( info.key_source_h == TCRYPT_PASSPHRASE ){ info.key_h = key_h ; info.key_source_h_1 = "h_passphrase" ; }else{ xt = zuluCryptCreateKeyFile( key_h,key_len_h,"create_tcrypt-2-" ) ; info.key_h = StringContent( xt ) ; info.key_source_h = TCRYPT_KEYFILE_FILE ; info.key_source_h_1 = "h_keyfiles" ; } } if( _create_volume( &info ) == TC_OK ){ r = _create_file_system( device,file_system,info.key_source,info.key,key_len,TCRYPT_NORMAL ) ; if( info.hidden_volume_size > 0 && r == 0 ){ r = _create_file_system( device,file_system_h,info.key_source_h,info.key_h,key_len_h,TCRYPT_HIDDEN ) ; } } /* * zuluCryptDeleteFile() is defined in file_path_security.c */ if( st != StringVoid ){ zuluCryptDeleteFile( StringContent( st ) ) ; StringDelete( &st ) ; } if( xt != StringVoid ){ zuluCryptDeleteFile( StringContent( xt ) ) ; StringDelete( &xt ) ; } return r ; }