static int _user_has_no_access( uid_t uid ) { if( uid == 0 ) { return 0 ; } else { /* * zuluCryptUserIsAMemberOfAGroup() is defined in security.c */ return !zuluCryptUserIsAMemberOfAGroup( uid,"zulumount" ) ; } }
string_t zuluCryptCreateMountPoint( const char * device,const char * label,const char * m_opts,uid_t uid ) { if( home_mount_prefix() ){ return create_home_mount_point( device,label,uid ) ; }else{ if( StringHasComponent( m_opts,"mount-prefix=home" ) ){ if( zuluCryptUserIsAMemberOfAGroup( uid,"zulumount" ) ){ return create_home_mount_point( device,label,uid ) ; }else{ return StringVoid ; } }else{ return create_mount_point( device,label,uid ) ; } } }
static inline int _userIsAllowed( uid_t uid,const char * fs ) { if( fs ){;} if( uid == 0 ){ /* * cant say No to root */ return 1 ; }else{ /* * user is attempting to use not supported file system options.Allow them only if * they are a member of a supported group */ return zuluCryptUserIsAMemberOfAGroup( uid,"zulumount" ) ; } }
int zuluCryptDeviceIsSupported( const char * device,uid_t uid ) { stringList_t stl ; int r ; if( StringPrefixEqual( device,"/dev/loop" ) ){ return 1 ; }else{ stl = zuluCryptPartitions( ZULUCRYPTallPartitions,uid ) ; r = StringListHasEntry( stl,device ) ; StringListDelete( &stl ) ; if( r == 1 ){ return 1 ; }else{ /* * zuluCryptUserIsAMemberOfAGroup() is defined in security.c */ return zuluCryptUserIsAMemberOfAGroup( uid,"zulucrypt" ) ; } } }
int zuluMountUMount( ARGS * args ) { const char * device = args->device ; uid_t uid = args->uid ; char * loop_device ; char * m_point = NULL ; int status ; string_t st = StringVoid ; const char * dev = NULL ; const char * errorMsg = gettext( "\ ERROR: You can not umount volumes out of \"%s\" since you are not root and do not belong to group \"zulumount\"\n" ) ; string_t xt ; if( StringPrefixEqual( device,"/dev/loop" ) ){ /* * zuluCryptLoopDeviceAddress() is defined in ../zuluCrypt-cli/lib/create_loop_devices.c */ loop_device = zuluCryptLoopDeviceAddress( device ) ; if( loop_device == NULL ){ /* * the error msg is a lie,but its harmless since the user will most likely never see it as * this code path will not be passed. */ return _zuluExit( 100,StringVoid,m_point,gettext( "ERROR: Device does not appear to be mounted" ) ) ; }else{ st = StringInherit( &loop_device ) ; dev = StringContent( st ) ; /* * zuluCryptGetMountPointFromPath() is defined in defined in ../zuluCrypt-cli/lib/process_mountinfo.c */ m_point = zuluCryptGetMountPointFromPath( dev ) ; if( m_point == NULL ){ return _zuluExit( 100,st,m_point,gettext( "ERROR: Device does not appear to be mounted" ) ) ; } } }else{ /* * zuluCryptGetMountPointFromPath() is defined in defined in ../zuluCrypt-cli/lib/process_mountinfo.c */ m_point = zuluCryptGetMountPointFromPath( device ) ; if( m_point == NULL ){ return _zuluExit( 100,st,m_point,gettext( "ERROR: Device does not appear to be mounted" ) ) ; } } /* * zuluCryptMountPointPrefixMatch() is defined in ../zuluCrypt-cli/bin/create_mount_point.c */ if( zuluCryptMountPointPrefixMatch( m_point,uid,&xt ) ){ StringDelete( &xt ) ; }else{ /* * zuluCryptUserIsAMemberOfAGroup() is defined in ../zuluCrypt-cli/bin/security.c */ if( zuluCryptUserIsAMemberOfAGroup( uid,"zulumount" ) ){ StringDelete( &xt ) ; }else{ printf( errorMsg,StringContent( xt ) ) ; StringDelete( &xt ) ; return _zuluExit( 101,st,m_point,NULL ) ; } } StringFree( m_point ) ; m_point = NULL ; /* * zuluCryptBindUnmountVolume() is defined in ../zuluCrypt-cli/bin/bind.c */ switch( zuluCryptBindUnmountVolume( StringListVoid,device,uid ) ){ case 3 : return _zuluExit( 107,st,m_point,gettext( "ERROR: Shared mount point appear to be busy" ) ) ; case 4 : return _zuluExit( 108,st,m_point,gettext( "ERROR: Shared mount point appear to belong to a different user" ) ) ; case 5 : return _zuluExit( 109,st,m_point,gettext( "ERROR: Shared mount point appear to be in an ambiguous state,advice to unmount manually" ) ) ; default: ; } /* * zuluCryptSecurityGainElevatedPrivileges() is defined in ../zuluCrypt-cli/bin/security.c */ zuluCryptSecurityGainElevatedPrivileges() ; /* * zuluCryptUnmountVolume() is defined in ../zuluCrypt-cli/lib/unmount_volume.c */ status = zuluCryptUnmountVolume( device,&m_point ) ; /* * zuluCryptSecurityDropElevatedPrivileges() is defined in ../zuluCrypt-cli/bin/security.c */ zuluCryptSecurityDropElevatedPrivileges() ; if( status == 0 ){ if( m_point != NULL ){ /* * zuluCryptReuseMountPoint() is defined in ../zuluCrypt-cli/bin/create_mount_point.c */ if( !zuluCryptReuseMountPoint() ){ zuluCryptSecurityGainElevatedPrivileges() ; rmdir( m_point ) ; zuluCryptSecurityDropElevatedPrivileges() ; } } return _zuluExit( 0,st,m_point,gettext( "SUCCESS: umount complete successfully" ) ) ; }else{ switch( status ) { case 1 : return _zuluExit( 103,st,m_point,gettext( "ERROR: Device does not exist" ) ) ; case 2 : return _zuluExit( 104,st,m_point,gettext( "ERROR: Failed to unmount,the mount point and/or one or more files are in use" ) ) ; case 4 : return _zuluExit( 105,st,m_point,gettext( "ERROR: Failed to unmount,could not get a lock on /etc/mtab~" ) ) ; case 10: return _zuluExit( 107,st,m_point,gettext( "ERROR: Failed to unmount,multiple mount points for the volume detected" ) ) ; break ; default: return _zuluExit( 106,st,m_point,gettext( "ERROR: Failed to unmount the partition" ) ) ; } } }
int zuluCryptMountFlagsAreNotCorrect( const char * mode,uid_t uid,unsigned long * flags ) { unsigned long flg = 0 ; if( mode == NULL ){ flg |= MS_NODEV | MS_NOSUID | MS_NOEXEC | MS_RELATIME ; *flags = flg ; return 0 ; } if( StringHasComponent( mode,"ro" ) ){ flg |= MS_RDONLY ; } if( StringHasComponent( mode,"dev" ) ){ if( _user_has_no_access( uid ) ){ return 1 ; } }else{ flg |= MS_NODEV ; } #if MOUNT_WITH_NOEXEC_BY_DEFAULT if( zuluCryptUserIsAMemberOfAGroup( uid,"zulumount-exec" ) ){ /* * user is a member of a group,mount volume with exec option by default */ if( StringHasComponent( mode,"noexec" ) ){ /* * user with access wish to mount a volume without it */ flg |= MS_NOEXEC ; } }else{ if( StringHasComponent( mode,"exec" ) ){ if( _user_has_no_access( uid ) ){ return 1 ; } }else{ flg |= MS_NOEXEC ; } } #else if( StringHasComponent( mode,"noexec" ) ){ /* * user with access wish to mount a volume without it */ flg |= MS_NOEXEC ; } #endif if( StringHasComponent( mode,"suid" ) ){ if( _user_has_no_access( uid ) ){ return 1 ; } }else{ flg |= MS_NOSUID ; } if( StringHasComponent( mode,"bind" ) ){ if( _user_has_no_access( uid ) ){ return 1 ; } flg |= MS_BIND ; } if( StringHasComponent( mode,"mandlock" ) ){ if( _user_has_no_access( uid ) ){ return 1 ; } flg |= MS_MANDLOCK ; } if( StringHasComponent( mode,"move" ) ){ if( _user_has_no_access( uid ) ){ return 1 ; } flg |= MS_MOVE ; } if( StringHasComponent( mode,"noatime" ) ){ if( _user_has_no_access( uid ) ){ return 1 ; } flg |= MS_NOATIME ; } if( StringHasComponent( mode,"strictatime" ) ){ if( _user_has_no_access( uid ) ){ return 1 ; } flg |= MS_STRICTATIME ; } if( flg & MS_NOATIME ){ /* * MS_NOATIME flag is set by user,use it instead of MS_RELATIME */ ; }else if( flg & MS_STRICTATIME ){ /* * MS_STRICTATIME flag is set by user,use it instead of MS_RELATIME */ ; }else{ /* * MS_NOATIME flag not set,autoset MS_RELATIME flag as the default flag */ flg |= MS_RELATIME ; } #if 0 /* * done check for this one since its a default option set above */ if( StringHasComponent( mode,"relatime" ) ){ if( _user_has_no_access( uid ) ){ return 1 ; } flg |= MS_RELATIME ; } #endif if( StringHasComponent( mode,"nodiratime" ) ){ if( _user_has_no_access( uid ) ){ return 1 ; } flg |= MS_NODIRATIME ; } if( StringHasComponent( mode,"remount" ) ){ if( _user_has_no_access( uid ) ){ return 1 ; } flg |= MS_REMOUNT ; } if( StringHasComponent( mode,"silent" ) ){ if( _user_has_no_access( uid ) ){ return 1 ; } flg |= MS_SILENT ; } if( StringHasComponent( mode,"synchronous" ) ){ if( _user_has_no_access( uid ) ){ return 1 ; } flg |= MS_SYNCHRONOUS ; } *flags = flg ; return 0 ; }
/* * get_pass_from_file function is defined at get_pass_from_file.c * */ int zuluCryptEXEAddKey( const struct_opts * opts,uid_t uid ) { const char * device = opts->device ; const char * keyType1 = opts->existing_key_source ; const char * existingKey = opts->existing_key ; const char * keyType2 = opts->new_key_source ; const char * newKey = opts->new_key ; /* * Below is a form of memory management.All strings are collected in a stringlist object to easily delete them * when the function returns.This allows for the function to have multiple exit points without risks of leaking * memory from manually examining each exit point to make sure all strings are deleted or go with multiple goto * code deleting blocks to take into account different exit points. */ stringList_t stl ; string_t * stringArray = StringListArray( &stl,5 ) ; string_t * presentKey = &stringArray[ 0 ] ; string_t * newKey_1 = &stringArray[ 1 ] ; string_t * newKey_2 = &stringArray[ 2 ] ; string_t * ek = &stringArray[ 3 ] ; string_t * nk = &stringArray[ 4 ] ; const char * key1 = NULL ; const char * key2 = NULL ; size_t len1 = 0 ; size_t len2 = 0 ; int status = 0 ; tcrypt_opts tcrypt ; memset( &tcrypt,'\0',sizeof( tcrypt_opts ) ) ; /* * zuluCryptPartitionIsSystemPartition() is defined in ./partitions.c */ if( zuluCryptPartitionIsSystemPartition( device,uid ) ){ if( !zuluCryptUserIsAMemberOfAGroup( uid,"zulucrypt" ) ){ return zuluExit( 4,stl ) ; } } /* * zuluCryptSecurityDeviceIsWritable() is defined in path_access.c */ status = zuluCryptCanOpenPathForWriting( device,uid ) ; /* * 1-permissions denied * 2-invalid path * 3-shenanigans * 4-common error */ switch( status ){ case 0 : break ; case 1 : return zuluExit( 5,stl ) ; case 2 : return zuluExit( 5,stl ) ; case 3 : return zuluExit( 5,stl ) ; case 4 : return zuluExit( 5,stl ) ; default: return zuluExit( 5,stl ) ; } switch( _zuluCryptCheckEmptySlots( device ) ){ case 0 : return zuluExit( 6,stl ) ; case 1 : return zuluExit( 2,stl ) ; case 2 : /* no complains,continue */ ; } if( keyType1 == NULL && keyType2 == NULL ){ switch( zuluGetKeys( presentKey,newKey_1,newKey_2 ) ){ case 1 : return zuluExit( 7,stl ) ; case 2 : return zuluExit( 8,stl ) ; } if( StringEqualString( *newKey_1,*newKey_2 ) ){ key1 = StringContent( *presentKey ) ; len1 = StringLength ( *presentKey ) ; key2 = StringContent( *newKey_1 ) ; len2 = StringLength ( *newKey_1 ) ; }else{ return zuluExit( 9,stl ) ; } }else{ if( newKey == NULL || existingKey == NULL ){ return zuluExit( 10,stl ) ; } if( StringsAreEqual( keyType1,"-f" ) ){ /* * this function is defined at "path_access.c" */ switch( zuluCryptGetPassFromFile( existingKey,uid,ek ) ){ case 1 : return zuluExit( 11,stl ) ; case 4 : return zuluExit( 12,stl ) ; case 2 : return zuluExit( 13,stl ) ; case 5 : return zuluExit( 14,stl ) ; } key1 = StringContent( *ek ) ; len1 = StringLength( *ek ) ; if( StringHasNoComponent( existingKey,"/.zuluCrypt-socket" ) ){ tcrypt.existing_key_is_keyfile = 1 ; } } if( StringsAreEqual( keyType2,"-f" ) ){ /* * this function is defined at "path_access.c" */ switch( zuluCryptGetPassFromFile( newKey,uid,nk ) ){ case 1 : return zuluExit( 11,stl ) ; case 4 : return zuluExit( 12,stl ) ; case 2 : return zuluExit( 13,stl ) ; case 5 : return zuluExit( 14,stl ) ; } key2 = StringContent( *nk ) ; len2 = StringLength( *nk ) ; if( StringHasNoComponent( newKey,"/.zuluCrypt-socket" ) ){ tcrypt.new_key_is_keyfile = 1 ; } } if( StringsAreEqual( keyType1,"-f" ) && StringsAreEqual( keyType2,"-f" ) ){ ; }else if( StringsAreEqual( keyType1,"-p" ) && StringsAreEqual( keyType2,"-p" ) ){ key1 = existingKey ; len1 = StringSize( existingKey ) ; key2 = newKey ; len2 = StringSize( newKey ) ; }else if( StringsAreEqual( keyType1,"-p" ) && StringsAreEqual( keyType2,"-f" ) ){ key1 = existingKey ; len1 = StringSize( existingKey ) ; }else if( StringsAreEqual( keyType1,"-f" ) && StringsAreEqual( keyType2,"-p" ) ){ key2 = newKey ; len2 = StringSize( newKey ) ; }else{ return zuluExit( 10,stl ) ; } } zuluCryptSecurityLockMemory( stl ) ; zuluCryptSecurityGainElevatedPrivileges() ; /* * zuluCryptVolumeIsLuks() is defined in ../lib/is_luks.c */ if( zuluCryptVolumeIsLuks( device ) ){ /* * zuluCryptAddKey() is defined in ../lib/add_key.c */ status = zuluCryptAddKey( device,key1,len1,key2,len2 ) ; }else{ tcrypt.device = device ; tcrypt.existing_key = key1 ; tcrypt.existing_key_size = len1 ; tcrypt.new_key = key2 ; tcrypt.new_key_size = len2 ; status = _replace_truecrypt_key( &tcrypt ) ; } zuluCryptSecurityDropElevatedPrivileges() ; return zuluExit( status,stl ) ; }
int zuluCryptBindUnmountVolume( stringList_t stx,const char * device,uid_t uid ) { stringList_t stl ; string_t xt ; string_t st ; string_t zt ; ssize_t index = -1 ; const char * f ; const char * g ; char * h = NULL ; int r = 1 ; int k ; int delete_stx = 0 ; /* * zuluCryptUserIsAMemberOfAGroup() is defined in security.c */ /* * root user is a member of all groups and hence is allowed */ int allowedUser = zuluCryptUserIsAMemberOfAGroup( uid,"zulumount" ) ; zuluCryptSecurityGainElevatedPrivileges() ; if( stx == StringListVoid ){ /* * zuluCryptGetMoutedListFromMountInfo() is defined in ../lib/process_mountinfo.c */ stx = zuluCryptGetMoutedListFromMountInfo() ; delete_stx = 1 ; } if( StringPrefixEqual( device,"/dev/loop" ) ){ /* * zuluCryptLoopDeviceAddress_2() is defined in ../lib/create_loop_device.c */ st = zuluCryptLoopDeviceAddress_2( device ) ; /* * Add a space at the end of the device name to make sure we check the full device name to avoid possible collisions * that may exist if one device is named "/home/abc" and another "/home/abcdef" */ zt = StringListHasStartSequence_1( stx,StringAppend( st," " ) ) ; StringRemoveRight( st,1 ) ; device = h = StringDeleteHandle( &st ) ; }else{ /* * Add a space at the end of the device name to make sure we check the full device name to avoid possible collisions * that may exist if one device is named "/dev/sdc1" and another "/dev/sdc12" */ st = String( device ) ; zt = StringListHasStartSequence_1( stx,StringAppend( st," " ) ) ; StringDelete( &st ) ; } if( zt == StringVoid ){ /* * The volume does not appear to be mounted */ r = 1 ; }else{ stl = StringListStringSplit( zt,' ' ) ; xt = StringListCopyStringAtSecondPlace( stl ) ; StringListDelete( &stl ) ; st = StringCopy( xt ) ; /* * zuluCryptDecodeMountEntry() is defined in ../lib/mount_volume.c * g will contain something like "/run/media/private/$USER/sdc1" */ g = zuluCryptDecodeMountEntry( st ) ; if( allowedUser ){ /* * a privileged user is attempting to unmount a shared mount point,allow them */ k = 1 ; }else{ /* * a non privileged user is attempting to unmount a shared mount point,allow them only if * they are the one that created it */ /* * zuluCryptSecurityMountPointPrefixMatch() is defined in ./security.c */ k = zuluCryptMountPointPrefixMatch( g,uid,NULL ) ; } StringDelete( &st ) ; if( k != 1 ){ /* * One none privileged user is attempting to unmount a bind mount from another use,disallow it */ r = 4 ; }else{ index = StringLastIndexOfChar( xt,'/' ) + 1 ; StringRemoveLeft( xt,index ) ; StringPrepend( xt,"/run/media/public/" ) ; /* * f will now contain something like "/run/media/public/sdc1" * space character is added before checking to avoid possible collisions * as explained in above comments */ f = StringAppend( xt," " ) ; zt = StringListHasSequence_1( stx,f ) ; f = StringRemoveRight( xt,1 ) ; if( zt == StringVoid ){ /* * volume is not shared */ }else{ /* * volume is shared,try to unmount it * a volume is assumed to be shared if its device path in mountinfo has two mount points,one * in /run/media/private/$USER and the other in /run/media/public/ */ if( StringStartsWith( zt,device ) ){ f = zuluCryptDecodeMountEntry( xt ) ; /* * good,the device associated with the shared mount is the same as that of the * private mount,try to unmount it. */ r = 3 ; for( k = 0 ; k < 3 ; k++ ){ /* * try to unmount 3 times before giving up */ if( umount( f ) == 0 ){ rmdir( f ) ; r = 0 ; break ; }else{ sleep( 1 ) ; } } }else{ /* * i dont see how we will get here,we shouldnt */ r = 0 ; } } } StringDelete( &xt ) ; } if( delete_stx ){ StringListDelete( &stx ) ; } StringFree( h ) ; zuluCryptSecurityDropElevatedPrivileges() ; return r ; }
int zuluCryptEXEOpenVolume( const struct_opts * opts,const char * mapping_name,uid_t uid ) { int share = opts->share ; int open_mount = opts->open_mount ; const char * device = opts->device ; const char * mount_point = opts->mount_point ; const char * m_opts = opts->m_opts ; const char * source = opts->key_source ; const char * pass = opts->key ; const char * plugin_path = opts->plugin_path ; const char * fs_opts = opts->fs_opts ; const char * offset = opts->offset ; const char * const * tcrypt_keyfiles = opts->tcrypt_multiple_keyfiles ; /* * Below is a form of memory management.All strings are collected in a stringlist object to easily delete them * when the function returns.This allows for the function to have multiple exit points without risks of leaking * memory from manually examining each exit point to make sure all strings are deleted or go with multiple goto * code deleting blocks to take into account different exit points. */ stringList_t stl ; string_t * stringArray = StringListArray( &stl,6 ) ; string_t * passphrase = &stringArray[ 0 ] ; string_t * m_name = &stringArray[ 1 ] ; string_t * data = &stringArray[ 2 ] ; string_t * m_point = &stringArray[ 3 ] ; string_t * mapper = &stringArray[ 4 ] ; string_t * mapper_path = &stringArray[ 5 ] ; const char * key = NULL ; const char * mapper_name ; const char * e ; size_t key_len = 0 ; int st = 0 ; stringList_t stz ; tvcrypt v_info ; unsigned long m_flags ; int tcrypt_keyfile = 0 ; const char * uuid ; char * device_path ; /* * open_struct_t is declared in ../lib/include.h */ open_struct_t volume ; struct stat statstr ; /* * zuluCryptVolumeIsInSystemVolumeList() is defined in volumes.c */ if( zuluCryptVolumeIsInSystemVolumeList( device ) ){ /* * check permissions only if volume is explicity mentioned as system. * This is an exception to avoid some udev bad behaviors on udev enabled build */ if( !zuluCryptUserIsAMemberOfAGroup( uid,"zulucrypt" ) ){ return zuluExit( 22,device,mount_point,stl ) ; } } if( m_opts == NULL ){ m_opts = "rw" ; } /* * zuluCryptMountFlagsAreNotCorrect() is defined in ./mount_flags.c */ if( zuluCryptMountFlagsAreNotCorrect( m_opts,uid,&m_flags ) ){ return zuluExit( 5,device,mount_point,stl ) ; } if( StringHasComponent( m_opts,"rw" ) ){ /* * zuluCryptSecurityDeviceIsWritable() is defined in path_access.c */ st = zuluCryptCanOpenPathForWriting( device,uid ) ; }else{ /* * zuluCryptSecurityDeviceIsReadable() is defined in path_access.c */ st = zuluCryptCanOpenPathForReading( device,uid ) ; } /* * 1-permissions denied * 2-invalid path * 3-shenanigans * 4-common error */ switch( st ){ case 0 : break ; case 1 : return zuluExit( 6,device,mount_point,stl ) ; case 2 : return zuluExit( 6,device,mount_point,stl ) ; case 3 : return zuluExit( 6,device,mount_point,stl ) ; case 4 : return zuluExit( 6,device,mount_point,stl ) ; default: return zuluExit( 6,device,mount_point,stl ) ; } if( open_mount ){ /* * zuluCryptCreateMountPoint() is defined in create_mount_point.c */ *m_point = zuluCryptCreateMountPoint( device,mount_point,m_opts,uid ) ; mount_point = StringContent( *m_point ) ; if( mount_point == NULL ){ return zuluExit( 9,device,mount_point,stl ) ; } }else{ if( uid != 0 ){ return zuluExit( 7,device,mount_point,stl ) ; } if( mount_point != NULL ){ return zuluExit( 8,device,mount_point,stl ) ; } } if( share ){ /* * zuluCryptBindSharedMountPointPathTaken() is defined in bind.c */ if( zuluCryptBindSharedMountPointPathTaken( *m_point ) ){ return zuluExit_1( 10,opts,device,mount_point,stl ) ; } } /* * zuluCryptCreateMapperName() is defined in ../lib/create_mapper_name.c */ *m_name = zuluCryptCreateMapperName( device,mapping_name,uid,ZULUCRYPTshortMapperPath ) ; *mapper = StringCopy( *m_name ) ; mapper_name = StringContent( *m_name ) ; *mapper_path = String( zuluCryptMapperPrefix() ) ; e = StringMultipleAppend( *mapper_path,"/",mapper_name,NULL ) ; if( stat( e,&statstr ) == 0 ){ return zuluExit_1( 11,opts,device,mount_point,stl ) ; } if( plugin_path != NULL ){ /* * zuluCryptUUIDFromPath() is defined in path_access.c */ uuid = zuluCryptUUIDFromPath( device ) ; device_path = _device_path( device ) ; /* * zuluCryptPluginManagerGetKeyFromModule is defined in ../pluginManager/zuluCryptPluginManager.c */ *passphrase = zuluCryptPluginManagerGetKeyFromModule( device_path,plugin_path,uuid,uid,opts,&st ) ; StringFree( device_path ) ; StringFree( uuid ) ; if( st != 0 || *passphrase == StringVoid ){ return zuluExit_1( 12,opts,device,mount_point,stl ) ; } key_len = StringLength( *passphrase ) ; key = StringContent( *passphrase ) ; zuluCryptSecurityLockMemory_1( *passphrase ) ; }else if( source == NULL && tcrypt_keyfiles[ 0 ] == NULL ){ printf( gettext( "Enter passphrase: " ) ) ; /* * ZULUCRYPT_KEY_MAX_SIZE is set in ../constants.h */ switch( StringSilentlyGetFromTerminal_1( passphrase,ZULUCRYPT_KEY_MAX_SIZE ) ){ case 1 : return zuluExit_1( 13,opts,device,mount_point,stl ) ; case 2 : return zuluExit_1( 14,opts,device,mount_point,stl ) ; } printf( "\n" ) ; key = StringContent( *passphrase ) ; key_len = StringLength( *passphrase ) ; zuluCryptSecurityLockMemory_1( *passphrase ) ; }else{ if( source == NULL || pass == NULL ){ if( tcrypt_keyfiles == NULL ){ return zuluExit_1( 15,opts,device,mount_point,stl ) ; } } if( StringsAreEqual( source,"-p" ) ){ key = pass ; key_len = StringSize( pass ) ; }else if( StringsAreEqual( source,"-f" ) ){ if( StringHasNoComponent( pass,"/.zuluCrypt-socket" ) ){ tcrypt_keyfile = 1 ; } /* * function is defined at "path_access.c" */ switch( zuluCryptGetPassFromFile( pass,uid,data ) ){ case 1 : return zuluExit_1( 16,opts,device,mount_point,stl ) ; case 2 : return zuluExit_1( 17,opts,device,mount_point,stl ) ; case 4 : return zuluExit_1( 18,opts,device,mount_point,stl ) ; case 5 : return zuluExit_1( 19,opts,device,mount_point,stl ) ; } key = StringContent( *data ) ; key_len = StringLength( *data ) ; zuluCryptSecurityLockMemory_1( *data ) ; } } memset( &volume,'\0',sizeof( open_struct_t ) ) ; if( key != NULL ){ volume.key = key ; volume.key_len = key_len ; }else{ volume.key = "" ; volume.key_len = 0 ; } volume.device = device ; volume.offset = offset ; volume.mapper_name = mapper_name ; volume.m_point = mount_point ; volume.fs_opts = fs_opts ; volume.uid = uid ; volume.m_opts = m_opts ; volume.m_flags = m_flags ; /* * zuluCryptTrueCryptVeraCryptVolumeInfo() is defined in this source file. */ zuluCryptTrueCryptVeraCryptVolumeInfo( opts->type,&v_info ) ; volume.iteration_count = v_info.iteration_count ; volume.veraCrypt_volume = StringAtLeastOneMatch( v_info.type,"vcrypt","veracrypt","vera",NULL ) ; StringDelete( &v_info.type ) ; plugin_path = plugin_path + StringLastIndexOfChar_1( plugin_path,'/' ) + 1 ; volume.luks_detached_header = StringHasComponent( plugin_path,"luks" ) ; volume.general_detached_header = StringHasComponent( plugin_path,"generic_header" ) ; if( tcrypt_keyfile ){ volume.key_source = TCRYPT_KEYFILE ; } if( tcrypt_keyfiles[ 0 ] != NULL ){ /* * Here, we take a list of keyfiles supplied by the user and then copy them to a safe * location at "/run/zuluCrypt" and then we pass these safe copies to cryptsetup. * * The idea is not to let cryptsetup, a privileged process handle user managed files. */ stz = zuluCryptCreateKeyFiles( tcrypt_keyfiles,0 ) ; volume.tcrypt_keyfiles_count = StringListSize( stz ) ; volume.tcrypt_keyfiles = StringListStringArray_0( stz ) ; st = _open_volume( &volume ) ; zuluCryptDeleteKeyFiles( stz ) ; StringFree( volume.tcrypt_keyfiles ) ; StringListDelete( &stz ) ; }else{ st = _open_volume( &volume ) ; } /* * below two return values comes from ../lib/mount_volume.c */ if( st == -1 ){ st = 20 ; } if( st == 12 ){ st = 21 ; } if( st == 8 || st == 3 ){ st = 3 ; } device = StringMultiplePrepend( *mapper,"/",zuluCryptMapperPrefix(),NULL ) ; if( st == 0 && share ){ /* * user wish to share the mount point bind the mount point to a publicly accessed path at /run/media/public/ */ /* * zuluCryptBindMountVolume() is defined in ../zuluCrypt-cli/bin/bind.c */ zuluCryptBindMountVolume( device,*m_point,m_flags ) ; } /* * zuluCryptCheckInvalidKey() is defined in check_invalid_key.c */ zuluCryptCheckInvalidKey( opts->device ) ; return zuluExit_1( st,opts,device,mount_point,stl ) ; }
int zuluCryptEXERemoveKey( const struct_opts * opts,uid_t uid ) { int ask_confirmation = opts->ask_confirmation ; const char * device = opts->device ; const char * keyType = opts->key_source ; const char * keytoremove = opts->key ; stringList_t stl = StringListInit() ; string_t * pass = StringListAssign( stl ) ; string_t * confirm = StringListAssign( stl ) ; int status = 0 ; const char * key ; size_t key_size ; /* * zuluCryptPartitionIsSystemPartition() is defined in ./partitions.c */ if( zuluCryptPartitionIsSystemPartition( device,uid ) ){ if( !zuluCryptUserIsAMemberOfAGroup( uid,"zulucrypt" ) ){ return zuluExit( 4,stl ) ; } } /* * zuluCryptCanOpenPathForWriting is defined in path_access.c */ status = zuluCryptCanOpenPathForWriting( device,uid ) ; /* * 1-permissions denied * 2-invalid path * 3-shenanigans * 4-common error */ switch( status ){ case 0 : break ; case 1 : return zuluExit( 5,stl ) ; case 2 : return zuluExit( 5,stl ) ; case 3 : return zuluExit( 5,stl ) ; case 4 : return zuluExit( 5,stl ) ; default: return zuluExit( 5,stl ) ; } if( _zuluCryptExECheckEmptySlots( device ) == 3 ){ if( ask_confirmation ){ printf( gettext( "WARNING: There is only one key in the volume and all data in it will be lost if you continue.\n" ) ) ; printf( gettext( "Do you still want to continue? Type \"YES\" if you do: " ) ) ; *confirm = StringGetFromTerminal_1( 3 ) ; if( *confirm == StringVoid ){ return zuluExit( 6,stl ) ; } if( !StringEqual( *confirm,gettext( "YES" ) ) ){ return zuluExit( 7,stl ) ; } } } if( keyType == NULL ){ printf( gettext( "Enter a key to be removed: " ) ) ; /* * ZULUCRYPT_KEY_MAX_SIZE is set in ../constants.h */ switch( StringSilentlyGetFromTerminal_1( pass,ZULUCRYPT_KEY_MAX_SIZE ) ){ case 1 : return zuluExit( 8,stl ) ; case 2 : return zuluExit( 9,stl ) ; } printf( "\n" ) ; key = StringContent( *pass ) ; key_size = StringLength( *pass ) ; zuluCryptSecurityLockMemory_1( *pass ) ; }else{ if( keyType == NULL || keytoremove == NULL ){ return zuluExit( 10,stl ) ; } if( StringsAreEqual( keyType,"-f" ) ){ /* * zuluCryptGetPassFromFile() is defined at path_access.c" */ switch( zuluCryptGetPassFromFile( keytoremove,uid,pass ) ){ case 1 : return zuluExit( 11,stl ) ; case 2 : return zuluExit( 12,stl ) ; case 4 : return zuluExit( 13,stl ) ; case 5 : return zuluExit( 14,stl ) ; } key = StringContent( *pass ) ; key_size = StringLength( *pass ) ; zuluCryptSecurityLockMemory_1( *pass ) ; }else if( StringsAreEqual( keyType, "-p" ) ){ key = keytoremove ; key_size = StringSize( keytoremove ) ; }else{ return zuluExit( 10,stl ) ; } } zuluCryptSecurityGainElevatedPrivileges() ; /* * zuluCryptRemoveKey() is defined in ../lib/remove_key.c */ status = zuluCryptRemoveKey( device,key,key_size ) ; zuluCryptSecurityDropElevatedPrivileges() ; if( status == 1 ){ status = zuluExit_1( status,device,stl ) ; }else{ status = zuluExit( status,stl ) ; } /* * zuluCryptCheckInvalidKey() is defined in check_invalid_key.c */ zuluCryptCheckInvalidKey( opts->device ) ; return status ; }