char * zuluCryptResolvePath( const char * path )
{
char * e ;
char * f ;
if( StringsAreEqual( path,"/dev/root" ) ){
e = _zuluCryptResolveDevRoot() ;
if( e == NULL ){
return StringCopy_2( path ) ;
}else{
return e ;
}
}else if( StringPrefixEqual( path,"/dev/disk/by-" ) ){
/*
* zuluCryptRealPath() is defined in real_path.c
*/
e = zuluCryptRealPath( path ) ;
if( e == NULL ){
return StringCopy_2( path ) ;
}else{
if( StringPrefixEqual( e,"/dev/mapper/" ) ){
f = _convert_if_path_is_lvm( e ) ;
StringFree( e ) ;
return f ;
}else{
return e ;
}
}
}else if( StringPrefixEqual( path,"/dev/mapper/" ) ){
return _convert_if_path_is_lvm( path ) ;
}else if( StringPrefixEqual( path,"/dev/md" ) ){
return zuluCryptResolveMDPath( path ) ;
}else if( StringPrefixEqual( path,"/dev/dm-" ) ){
return zuluCryptResolveDMPath( path ) ;
}else if( StringPrefixEqual( path,"/dev/loop" ) ){
/*
* zuluCryptLoopDeviceAddress() is defined in create_loop_device.c
*/
return zuluCryptLoopDeviceAddress( path ) ;
}else{
return StringCopy_2( path ) ;
}
}
int zuluCryptUnmountVolume( const char * device,char ** m_point )
{
char * m ;
int h = 3 ;
char * loop_path = NULL ;
if( StringPrefixMatch( device,"/dev/loop",9 ) ){
/*
* zuluCryptLoopDeviceAddress() is defined in ./create_loop_device.c
*/
loop_path = zuluCryptLoopDeviceAddress( device ) ;
if( loop_path != NULL ){
device = loop_path ;
}
}
/*
* zuluCryptGetMountPointFromPath() is defined in ./process_mountinfo.c
*/
m = zuluCryptGetMountPointFromPath( device ) ;
if( m != NULL ){
h = _unmount_volume( m ) ;
if( h == 0 ){
/*
*zuluCryptMtabIsAtEtc() is defined in ./mount_volume.c
*/
if( zuluCryptMtabIsAtEtc() ){
h = zuluCrypRemoveEntryFromMtab( m ) ;
}
if( m_point != NULL ){
*m_point = m ;
}else{
StringFree( m ) ;
}
}else{
StringFree( m ) ;
}
}
if( h != 0 && h != 3 && h != 4 ){
h = 2 ;
}
StringFree( loop_path ) ;
return h ;
}
int zuluMountUMount( ARGS * args )
{
const char * device = args->device ;
uid_t uid = args->uid ;
char * loop_device ;
char * m_point = NULL ;
int status ;
string_t st = StringVoid ;
const char * dev = NULL ;
const char * errorMsg = gettext( "\
ERROR: You can not umount volumes out of \"%s\" since you are not root and do not belong to group \"zulumount\"\n" ) ;
string_t xt ;
if( StringPrefixEqual( device,"/dev/loop" ) ){
/*
* zuluCryptLoopDeviceAddress() is defined in ../zuluCrypt-cli/lib/create_loop_devices.c
*/
loop_device = zuluCryptLoopDeviceAddress( device ) ;
if( loop_device == NULL ){
/*
* the error msg is a lie,but its harmless since the user will most likely never see it as
* this code path will not be passed.
*/
return _zuluExit( 100,StringVoid,m_point,gettext( "ERROR: Device does not appear to be mounted" ) ) ;
}else{
st = StringInherit( &loop_device ) ;
dev = StringContent( st ) ;
/*
* zuluCryptGetMountPointFromPath() is defined in defined in ../zuluCrypt-cli/lib/process_mountinfo.c
*/
m_point = zuluCryptGetMountPointFromPath( dev ) ;
if( m_point == NULL ){
return _zuluExit( 100,st,m_point,gettext( "ERROR: Device does not appear to be mounted" ) ) ;
}
}
}else{
/*
* zuluCryptGetMountPointFromPath() is defined in defined in ../zuluCrypt-cli/lib/process_mountinfo.c
*/
m_point = zuluCryptGetMountPointFromPath( device ) ;
if( m_point == NULL ){
return _zuluExit( 100,st,m_point,gettext( "ERROR: Device does not appear to be mounted" ) ) ;
}
}
/*
* zuluCryptMountPointPrefixMatch() is defined in ../zuluCrypt-cli/bin/create_mount_point.c
*/
if( zuluCryptMountPointPrefixMatch( m_point,uid,&xt ) ){
StringDelete( &xt ) ;
}else{
/*
* zuluCryptUserIsAMemberOfAGroup() is defined in ../zuluCrypt-cli/bin/security.c
*/
if( zuluCryptUserIsAMemberOfAGroup( uid,"zulumount" ) ){
StringDelete( &xt ) ;
}else{
printf( errorMsg,StringContent( xt ) ) ;
StringDelete( &xt ) ;
return _zuluExit( 101,st,m_point,NULL ) ;
}
}
StringFree( m_point ) ;
m_point = NULL ;
/*
* zuluCryptBindUnmountVolume() is defined in ../zuluCrypt-cli/bin/bind.c
*/
switch( zuluCryptBindUnmountVolume( StringListVoid,device,uid ) ){
case 3 : return _zuluExit( 107,st,m_point,gettext( "ERROR: Shared mount point appear to be busy" ) ) ;
case 4 : return _zuluExit( 108,st,m_point,gettext( "ERROR: Shared mount point appear to belong to a different user" ) ) ;
case 5 : return _zuluExit( 109,st,m_point,gettext( "ERROR: Shared mount point appear to be in an ambiguous state,advice to unmount manually" ) ) ;
default: ;
}
/*
* zuluCryptSecurityGainElevatedPrivileges() is defined in ../zuluCrypt-cli/bin/security.c
*/
zuluCryptSecurityGainElevatedPrivileges() ;
/*
* zuluCryptUnmountVolume() is defined in ../zuluCrypt-cli/lib/unmount_volume.c
*/
status = zuluCryptUnmountVolume( device,&m_point ) ;
/*
* zuluCryptSecurityDropElevatedPrivileges() is defined in ../zuluCrypt-cli/bin/security.c
*/
zuluCryptSecurityDropElevatedPrivileges() ;
if( status == 0 ){
if( m_point != NULL ){
/*
* zuluCryptReuseMountPoint() is defined in ../zuluCrypt-cli/bin/create_mount_point.c
*/
if( !zuluCryptReuseMountPoint() ){
zuluCryptSecurityGainElevatedPrivileges() ;
rmdir( m_point ) ;
zuluCryptSecurityDropElevatedPrivileges() ;
}
}
return _zuluExit( 0,st,m_point,gettext( "SUCCESS: umount complete successfully" ) ) ;
}else{
switch( status ) {
case 1 : return _zuluExit( 103,st,m_point,gettext( "ERROR: Device does not exist" ) ) ;
case 2 : return _zuluExit( 104,st,m_point,gettext( "ERROR: Failed to unmount,the mount point and/or one or more files are in use" ) ) ;
case 4 : return _zuluExit( 105,st,m_point,gettext( "ERROR: Failed to unmount,could not get a lock on /etc/mtab~" ) ) ;
case 10: return _zuluExit( 107,st,m_point,gettext( "ERROR: Failed to unmount,multiple mount points for the volume detected" ) ) ; break ;
default: return _zuluExit( 106,st,m_point,gettext( "ERROR: Failed to unmount the partition" ) ) ;
}
}
}
int zuluCryptUnmountVolume( const char * device,char ** m_point )
{
int h = 3 ;
char * e ;
size_t s ;
stringList_t stl ;
StringListIterator it ;
StringListIterator end ;
ssize_t r ;
string_t st ;
string_t xt ;
if( StringPrefixEqual( device,"/dev/loop" ) ){
/*
* zuluCryptLoopDeviceAddress() is defined in create_loop_device.c
*/
e = zuluCryptLoopDeviceAddress( device ) ;
if( e == NULL ){
return h ;
}else{
stl = _get_mount_entries( e ) ;
StringFree( e ) ;
}
}else{
stl = _get_mount_entries( device ) ;
}
s = StringListSize( stl ) ;
if( s == 0 ){
/*
* volume appear to not be mounted.
*/
}else if( s == 1 ){
/*
* there is only one mount point for the volume,unmount it normally
*/
h = _zuluCryptUnmountVolume_0( StringListStringAtFirstPlace( stl ),m_point ) ;
}else{
/*
* There are multiple mount points for the same volume.
*
* Try to figure out which one among the mount points is ours and then try
* first to unmount the rest of them.
*/
r = StringListHasSequence( stl," /run/media/private/" ) ;
if( r == -1 ){
/*
* Probable reason for getting here is if a user use a home mount point path,
* we dont know the path because we dont know the user we are serving
* and hence we bail out with an error.
*/
h = 10 ;
}else{
/*
* We got our mount point,take it out of the list to use it last
*/
st = StringListDetachAt( stl,r ) ;
StringListGetIterators( stl,&it,&end ) ;
while( it != end ){
xt = *it ;
it++ ;
if( _zuluCryptUnmountVolume_0( xt,NULL ) != 0 ){
/*
* Failed to unmount one of the extra mount points,
* bail out with an error.
*/
h = 10 ;
break ;
}
}
if( h != 10 ){
/*
* Attempt to unmount our mount point last.
*/
h = _zuluCryptUnmountVolume_0( st,m_point ) ;
}
StringDelete( &st ) ;
}
}
if( h != 0 && h != 3 && h != 4 && h != 1 && h != 10 ){
h = 2 ;
}
StringListDelete( &stl ) ;
return h ;
}
static int open_plain_as_me_1(const struct_opts * opts,const char * mapping_name,uid_t uid,int op )
{
/*
* Below is a form of memory management.All strings are collected in a stringlist object to easily delete them
* when the function returns.This allows for the function to have multiple exit points without risks of leaking
* memory from manually examining each exit point to make sure all strings are deleted or go with multiple goto
* code deleting blocks to take into account different exit points.
*/
stringList_t stl ;
string_t * stringArray = StringListArray( &stl,5 ) ;
string_t * mapper = &stringArray[ 0 ] ;
string_t * passphrase = &stringArray[ 1 ] ;
string_t * p = &stringArray[ 2 ] ;
string_t * dev_st = &stringArray[ 3 ] ;
string_t * dev_1 = &stringArray[ 4 ] ;
size_t len = 0 ;
const char * source = opts->key_source ;
const char * pass = opts->key ;
int k = opts->ask_confirmation ;
const char * cpass = NULL ;
char * d ;
const char * device = opts->device ;
const char * dev = opts->device ;
int j ;
int n ;
const char * cmapper ;
if( StringPrefixEqual( device,"/dev/loop" ) ){
/*
* zuluCryptLoopDeviceAddress() is defined in ../lib/create_loop_device.c
*/
d = zuluCryptLoopDeviceAddress( device ) ;
*dev_st = StringInherit( &d ) ;
dev = StringContent( *dev_st ) ;
*dev_1 = StringCopy( *dev_st ) ;
device = StringReplaceString( * dev_1,"\\040"," " ) ;
}
/*
* zuluCryptPartitionIsSystemPartition() is defined in ./partition.c
*/
if( zuluCryptPartitionIsSystemPartition( device,uid ) ){
if( uid != 0 ){
return zuluExit( stl,8 ) ;
}
}
/*
* ZULUCRYPTlongMapperPath and ZULUCRYPTshortMapperPath are in ../constants.h
* zuluCryptCreateMapperName() is defined at ../lib/create_mapper_name.c
*/
*mapper = zuluCryptCreateMapperName( device,mapping_name,uid,ZULUCRYPTshortMapperPath ) ;
*p = zuluCryptCreateMapperName( device,mapping_name,uid,ZULUCRYPTlongMapperPath ) ;
j = zuluCryptCheckOpenedMapper( StringContent( *p ) ) ;
/*
* zuluCryptPartitionIsMounted() is defined in ../lib/process_mountinfo.c
*/
n = zuluCryptPartitionIsMounted( dev ) ;
if( j == 1 ){
return zuluExit( stl,13 ) ;
}
if( n == 1 ){
return zuluExit( stl,14 ) ;
}
if( k == 0 ){
*passphrase = StringRandomString( 64 ) ;
cpass = StringContent( *passphrase ) ;
len = StringLength( *passphrase ) ;
}else if( source == NULL ){
printf( gettext( "Enter passphrase: " ) ) ;
/*
* ZULUCRYPT_KEY_MAX_SIZE is set in ../constants.h
*/
switch( StringSilentlyGetFromTerminal_1( passphrase,ZULUCRYPT_KEY_MAX_SIZE ) ){
case 1 : return zuluExit( stl,16 ) ;
case 2 : return zuluExit( stl,17 ) ;
}
printf( "\n" ) ;
cpass = StringContent( *passphrase ) ;
len = StringLength( *passphrase ) ;
}else{
if( strcmp( source,"-p" ) == 0 ){
*passphrase = String( pass ) ;
cpass = StringContent( *passphrase ) ;
len = StringLength( *passphrase ) ;
}else if( strcmp( source,"-f" ) == 0 ){
/*
* zuluCryptGetPassFromFile() is defined at "path_access.c"
*/
switch( zuluCryptGetPassFromFile( pass,uid,passphrase ) ){
case 1 : return zuluExit( stl,10 ) ;
case 2 : return zuluExit( stl,11 ) ;
case 4 : return zuluExit( stl,12 ) ;
}
cpass = StringContent( *passphrase ) ;
len = StringLength( *passphrase ) ;
}
}
if( zuluCryptSecurityGainElevatedPrivileges() ){
/*
* zuluCryptOpenPlain() is defined in ../lib/open_plain.c
*/
if( zuluCryptOpenPlain( device,StringContent( *mapper ),"rw",cpass,len ) != 0 ){
zuluCryptSecurityDropElevatedPrivileges() ;
return zuluExit( stl,1 ) ;
}
}
zuluCryptSecurityDropElevatedPrivileges() ;
/*
* Create a mapper path(usually at /dev/mapper) associated with opened plain mapper above.
*/
cmapper = StringMultiplePrepend( *mapper,"/",crypt_get_dir(),NULL ) ;
/*
* mapper path is usually a soft link to /dev/dm-X
* resolve the mapper path to its respective /dev/dm-X and set permission on it.
*
* We set permission of /dev/dm-X pointing to the device to "u+rw" because we want notmal user to be able
* to write to the device through the mapper.
*
* Useful when a normal user want to delete content of the device by writing random data to it.
*/
d = zuluCryptRealPath( cmapper ) ;
if( zuluCryptSecurityGainElevatedPrivileges() ){
if( d != NULL ){
_ignore_result( chown( d,uid,0 ) ) ;
_ignore_result( chmod( d,S_IRWXU ) ) ;
StringFree( d ) ;
}
zuluCryptSecurityDropElevatedPrivileges() ;
}else{
return zuluExit( stl,1 ) ;
}
if( op == 1 ){
return zuluExit( stl,0 ) ;
}else{
StringListClearDelete( &stl ) ;
return 0 ;
}
}
