예제 #1
0
static int _remove_key( const char * device,const resolve_path_t * opts )
{
	int slot ;

	struct crypt_device * cd ;

	const arguments * args = opts->args ;

	if( zuluCryptVolumeIsNotLuks( device ) ){
		return 1 ;
	}
	if( crypt_init( &cd,device ) != 0 ){
		return 3 ;
	}
	if( crypt_load( cd,NULL,NULL ) != 0 ){
		return zuluExit( 3,cd ) ;
	}

	slot = crypt_activate_by_passphrase( cd,NULL,CRYPT_ANY_SLOT,args->key,args->key_len,0 ) ;

	if( slot < 0 ){
		return zuluExit( 2,cd ) ;
	}
	if( crypt_keyslot_destroy( cd,slot ) < 0 ){
		return zuluExit( 2,cd ) ;
	}else{
		return zuluExit( 0,cd ) ;
	}
}
예제 #2
0
static int _attach_loop_device_to_file( const char * path,int mode,
					int * loop_fd,string_t * loop_device )
{
	string_t loopd = StringVoid ;

	int fd_loop = -1 ;
	int fd_path = -1 ;

	if( !open_loop_device( &loopd ) ){
		return zuluExit( 0,loopd,fd_loop,fd_path ) ;
	}

	fd_path = open( path,mode ) ;

	if( fd_path == -1 ){
		return zuluExit( 0,loopd,fd_loop,fd_path ) ;
	}

	fcntl( fd_path,F_SETFD,FD_CLOEXEC ) ;

	if( _paths_are_not_sane( fd_path,path ) ){
		return zuluExit( 0,loopd,fd_loop,fd_path ) ;
	}
	if( attach_device_to_loop( fd_path,&fd_loop,loopd,mode ) ){
		*loop_device = loopd ;
		*loop_fd = fd_loop ;
		return zuluExit( 1,loopd,fd_loop,fd_path ) ;
	}else{
		return zuluExit( 0,loopd,fd_loop,fd_path ) ;
	}
}
예제 #3
0
static int _open_plain( const char * device,const open_struct_t * opt )
{
	uint32_t flags ;

	struct crypt_device * cd ;
	struct crypt_params_plain params ;

	memset( &params,'\0',sizeof( struct crypt_params_plain ) ) ;

	params.hash = "ripemd160" ;

	if( zuluCryptPathIsNotValid( device ) ){
		return 3 ;
	}
	if( crypt_init( &cd,device ) != 0 ){
		return 2 ;
	}

	params.offset = _offset( opt->offset ) ;

	if( StringHasComponent( opt->m_opts,"ro" ) ){
		flags = CRYPT_ACTIVATE_READONLY ;
	}else{
		flags = CRYPT_ACTIVATE_ALLOW_DISCARDS ;
	}
	if( crypt_format( cd,CRYPT_PLAIN,"aes","cbc-essiv:sha256",NULL,NULL,32,&params ) != 0 ){
		return zuluExit( 2,cd ) ;
	}
	if( crypt_activate_by_passphrase( cd,opt->mapper_name,CRYPT_ANY_SLOT,
		opt->key,opt->key_len,flags ) < 0 ){
		return zuluExit( 2,cd ) ;
	}else{
		return zuluExit( 0,cd ) ;
	}
}
예제 #4
0
static int _open_plain( const char * device,const char * mapper,const char * mode,const char * pass,size_t pass_size )
{
	int flags ;
	
	struct crypt_device * cd ;
	struct crypt_params_plain params ;
	
	memset( &params,'\0',sizeof( struct crypt_params_plain ) ) ;
	
	params.hash = "ripemd160";
	params.skip = 0;
	params.offset = 0;
	
	if( zuluCryptPathIsNotValid( device ) ){
		return 3 ;
	}
	if( StringHasComponent( mode,"ro" ) ){
		flags = 1 ;
	}else{
		flags = 0 ;
	}
	if( crypt_init( &cd,device ) != 0 ){
		return 2 ;
	}
	if( crypt_format( cd,CRYPT_PLAIN,"aes","cbc-essiv:sha256",NULL,NULL,32,&params ) != 0 ){
		return zuluExit( 2,cd ) ;
	}
	if( crypt_activate_by_passphrase( cd,mapper,CRYPT_ANY_SLOT,pass,pass_size,flags ) < 0 ){
		return zuluExit( 2,cd ) ;
	}else{
		return zuluExit( 0,cd ) ;
	}
}
예제 #5
0
static int _remove_key( const char * device ,const char * pass,size_t pass_size )
{
	int slot ;
	struct crypt_device * cd ;

	if( zuluCryptVolumeIsNotLuks( device ) ){
		return 1 ;
	}
	if( crypt_init( &cd,device ) != 0 ){
		return 3 ;
	}
	if( crypt_load( cd,NULL,NULL ) != 0 ){
		return zuluExit( 3,cd ) ;
	}

	slot = crypt_activate_by_passphrase( cd,NULL,CRYPT_ANY_SLOT,pass,pass_size,0 );

	if ( slot < 0 ){
		return zuluExit( 2,cd ) ;
	}
	if( crypt_keyslot_destroy( cd,slot ) < 0 ){
		return zuluExit( 2,cd ) ;
	}else{
		return zuluExit( 0,cd ) ;
	}
}
예제 #6
0
int zuluCryptEXECloseVolume( const char * dev,const char * mapping_name,uid_t uid )
{
	 int st ;
	 int i ;
	 string_t p = StringVoid ;
	 char * m_point = NULL ;
	 struct stat xt ;
	 const char * mapper ;

	 /*
	  * ZULUCRYPTlongMapperPath is set in ../constants.h
	  * zuluCryptCreateMapperName() defined in ../lib/create_mapper_name.c
	  */
	 p = zuluCryptCreateMapperName( dev,mapping_name,uid,ZULUCRYPTlongMapperPath ) ;

	 mapper = StringContent( p ) ;

	 if( stat( mapper,&xt ) != 0 ){

		 return zuluExit( 1,p ) ;
	 }

	 /*
	  * zuluCryptBindUnmountVolume() is defined in ./bind.c
	  */
	 switch( zuluCryptBindUnmountVolume( StringListVoid,mapper,uid ) ){
		 case 3 : return zuluExit( 7,p ) ;
		 case 4 : return zuluExit( 8,p ) ;
		 case 5 : return zuluExit( 9,p ) ;
		 default: ;
	 }

	 zuluCryptSecurityGainElevatedPrivileges() ;

	 /*
	  * zuluCryptCloseVolume() is defined in ../lib/close_volume.c
	  */
	 st = zuluCryptCloseVolume( mapper,&m_point ) ;

	 if( st == 0 && m_point != NULL ){

		for( i = 0 ; i < 2 ; i++ ){

			if( rmdir( m_point ) == 0 ){

				break ;
			}else{
				sleep( 1 ) ;
			}
		}

		StringFree( m_point ) ;
	 }

	 zuluCryptSecurityDropElevatedPrivileges() ;
	 return zuluExit( st,p ) ;
}
예제 #7
0
static int _open_plain( const char * device,const resolve_path_t * opts )
{
	uint32_t flags ;

	struct crypt_device * cd ;
	struct crypt_params_plain params ;

	size_t size ;
	/*
	 * open_struct_t is defined in includes.h
	 */
	const open_struct_t * opt = opts->args ;

	const args * e = opt->variables ;

	memset( &params,'\0',sizeof( struct crypt_params_plain ) ) ;

	params.hash = e->hash ;

	if( zuluCryptPathIsNotValid( device ) ){

		return 3 ;
	}
	if( crypt_init( &cd,device ) != 0 ){

		return 2 ;
	}

	params.offset = _offset( e->offset ) ;

	if( opts->open_mode == O_RDONLY ){

		flags = CRYPT_ACTIVATE_READONLY ;
	}else{
		flags = CRYPT_ACTIVATE_ALLOW_DISCARDS ;
	}

	size = ( size_t ) StringConvertToInt( e->keySize ) / 8 ;

	if( crypt_format( cd,CRYPT_PLAIN,e->algo,e->cipher,NULL,NULL,size,&params ) != 0 ){

		return zuluExit( 2,cd ) ;
	}
	if( crypt_activate_by_passphrase( cd,opt->mapper_name,CRYPT_ANY_SLOT,
		opt->key,opt->key_len,flags ) < 0 ){

		return zuluExit( 2,cd ) ;
	}else{
		return zuluExit( 0,cd ) ;
	}
}
예제 #8
0
static char * _empty_slots( const char * device,const resolve_path_t * opts )
{
	struct crypt_device * cd;

	int j ;
	int k ;
	const char * type ;

	string_t p ;

	if( opts ){;}

	if( crypt_init( &cd,device ) != 0 ){
		return zuluExit( NULL,NULL ) ;
	}
	if( crypt_load( cd,NULL,NULL ) != 0 ){
		return zuluExit( NULL,cd ) ;
	}

	type = crypt_get_type( cd ) ;

	if( type == NULL ){
		return zuluExit( NULL,cd ) ;
	}

	k = crypt_keyslot_max( type ) ;

	if( k < 0 ){
		return zuluExit( NULL,cd ) ;
	}

	p = StringEmpty() ;

	for( j = 0 ; j < k ; j++ ){
		switch( crypt_keyslot_status( cd,j ) ){
			case CRYPT_SLOT_INACTIVE   : StringAppend( p,"0" ) ; break ;
			case CRYPT_SLOT_ACTIVE     : StringAppend( p,"1" ) ; break ;
			case CRYPT_SLOT_INVALID    : StringAppend( p,"2" ) ; break ;
			case CRYPT_SLOT_ACTIVE_LAST: StringAppend( p,"3" ) ; break ;
			default : ;
		}
	}

	return zuluExit( StringDeleteHandle( &p ),cd ) ;
}
예제 #9
0
static int _add_key( const char * device,const char * existingkey,size_t existingkey_size,const char * newkey,size_t newkey_size )
{
	struct crypt_device * cd ;

	if( zuluCryptVolumeIsNotLuks( device ) ){
		return 3 ;
	}
	if( crypt_init( &cd,device ) != 0 ){
		return 2 ;
	}
	if( crypt_load( cd,NULL,NULL ) != 0 ){
		return zuluExit( 2,cd ) ;
	}
	if( crypt_keyslot_add_by_passphrase( cd,CRYPT_ANY_SLOT,existingkey,existingkey_size,newkey,newkey_size ) < 0 ){
		return zuluExit( 1,cd ) ;
	}else{
		return zuluExit( 0,cd ) ;
	}
}
예제 #10
0
/*
 * open_volume function below can be devided into two, the first part is before the mount point folder is created and the
 * other part is after. This function is called after the mount point is created to see if it the mount point folder
 * should be removed first before calling the above function.The above function is called directly when "open_volume"
 * function is to be exited before the mount point is created. *
 */
static int zuluExit_1( int st,const struct_opts * opts,const char * device,const char * m_point,stringList_t stl )
{
	if( opts->open_mount && st != 0 ){

		zuluCryptSecurityGainElevatedPrivileges() ;

		rmdir( m_point ) ;

		zuluCryptSecurityDropElevatedPrivileges() ;
	}
	return zuluExit( st,device,m_point,stl ) ;
}
예제 #11
0
static int _create_volume( const char * dev,const char * fs,const char * type,const char * pass,size_t pass_size,const char * rng )
{
	size_t len ;
	int status ;
	
	string_t m = StringVoid ;
	
	const char * device_mapper ;
	const char * mapper ;
	
	if ( zuluCryptPathIsNotValid( dev ) ){
		return 1 ;
	}
		
	m = String( crypt_get_dir() ) ;
	len = StringLength( m )   ;
	
	StringAppend( m,"/zuluCrypt-" ) ;
	device_mapper = StringAppendInt( m,syscall( SYS_gettid ) ) ;
	mapper = device_mapper + len + 1 ;
		
	if( StringsAreEqual( type,"luks" ) ){
		if( StringsAreNotEqual( rng,"/dev/random" ) ){
			if( StringsAreNotEqual( rng,"/dev/urandom" ) ){
				return zuluExit( 2,m ) ; 
			}
		}
		if( zuluCryptCreateLuks( dev,pass,pass_size,rng ) != 0 ){
			return zuluExit( 3,m ) ;
		}
		if( zuluCryptOpenLuks( dev,mapper,"rw",pass,pass_size ) != 0 ){
			return zuluExit( 3,m ) ; 
		}
	}else if( StringsAreEqual( type,"plain") ){
		if( zuluCryptOpenPlain( dev,mapper,"rw",pass,pass_size ) != 0 ){
			return zuluExit( 3,m ) ; 
		}
	}else{
		return zuluExit( 2,m ) ;
	}
	
	status = zuluCryptCreateFileSystemInAVolume( fs,device_mapper ) ;
	/*
	 * zuluCryptCloseMapper() is defined in close_mapper.c
	 */
	zuluCryptCloseMapper( device_mapper );
	
	if( status == 0 ){
		return zuluExit( 0,m ) ;
	}else{
		return zuluExit( 3,m ) ;
	}
}
예제 #12
0
/*
 * raid path can be in format /dev/mdX or /dev/md/X.
 * We prefer the latter and if given the former,convert it to the latter if possible
 */
string_t zuluCryptResolveMDPath_1( const char * path )
{
	struct dirent * entry ;

	char * e ;

	const char * f = "/dev/md/" ;

	DIR * dir = opendir( f ) ;

	string_t st = String( f ) ;

	if( dir != NULL ){

		while( ( entry = readdir( dir ) ) != NULL ){

			f = entry->d_name ;

			if( !StringAtLeastOneMatch_1( f,".","..",NULL ) ){

				e = zuluCryptRealPath( StringAppendAt( st,8,f ) ) ;

				if( StringsAreEqual( path,e ) ){

					StringFree( e ) ;

					return zuluExit( dir,st ) ;
				}else{
					StringFree( e ) ;
				}
			}
		}
	}

	StringReplace( st,path ) ;

	return zuluExit( dir,st ) ;
}
예제 #13
0
/*
 * 1 is returned if a volume is a truecrypt volume.
 * 0 is returned if a volume is not a truecrypt volume or functionality is not supported
 */
int zuluCryptVolumeIsTcrypt( const char * device,const char * key,int key_source )
{
	struct crypt_device * cd = NULL;
	struct crypt_params_tcrypt params ;

	memset( &params,'\0',sizeof( struct crypt_params_tcrypt ) ) ;

	if( key_source ){;}

	if( crypt_init( &cd,device ) < 0 ){
		return 0 ;
	}else{
		params.passphrase      = key ;
		params.passphrase_size = StringSize( key ) ;
		params.flags           = CRYPT_TCRYPT_LEGACY_MODES ;

		if( crypt_load( cd,CRYPT_TCRYPT,&params ) == 0 ){
			return zuluExit( 1,cd ) ;
		}else{
			return zuluExit( 0,cd ) ;
		}
	}
}
예제 #14
0
static int _open_luks_2( const char * device,const resolve_path_t * opt )
{
	struct crypt_device * cd ;
	uint32_t flags ;
	int st ;

	/*
	 * open_struct_t is defined in includes.h
	 */
	const open_struct_t * opts = opt->args ;

	if( zuluCryptPathIsNotValid( device ) ){
		return 3 ;
	}
	if( crypt_init( &cd,device ) != 0 ){
		return 2 ;
	}
	if( crypt_load( cd,NULL,NULL ) != 0 ){
		return zuluExit( 2,cd ) ;
	}
	if( opt->open_mode == O_RDONLY ){
		flags = CRYPT_ACTIVATE_READONLY ;
	}else{
		flags = CRYPT_ACTIVATE_ALLOW_DISCARDS ;
	}

	st = crypt_activate_by_passphrase( cd,opts->mapper_name,CRYPT_ANY_SLOT,
					   opts->key,opts->key_len,flags ) ;

	if( st >= 0 ){
		return zuluExit( 0,cd ) ;
	}else if( st == -1 ){
		return zuluExit( 1,cd ) ;
	}else{
		return zuluExit( 2,cd ) ;
	}
}
예제 #15
0
int zuluCryptMountVolume( const char * path,const char * m_point,unsigned long mount_opts,const char * fs_opts,uid_t uid )
{
	int h ;

	string_t opts = StringVoid ;
	string_t fs   = StringVoid ;
	string_t loop = StringVoid ;

	int fd = -1 ;

	m_struct mst ;
	mst.device = path ;
	mst.m_point = m_point ;
	mst.uid = uid ;
	mst.m_flags = mount_opts ;

	/*
	 * zuluCryptGetFileSystemFromDevice() is defined in this source file
	 */
	fs = zuluCryptGetFileSystemFromDevice( path ) ;

	if( fs == StringVoid ){
		/*
		 * failed to read file system,probably because the volume does have any or
		 * a plain volume was opened with a wrong key
		 */
		return zuluExit( 4,fd,opts,fs,loop ) ;
	}

	if( StringStartsWith( fs,"crypto" ) ){
		/*
		 * we cant mount an encrypted volume, exiting
		 */
		return zuluExit( 4,fd,opts,fs,loop ) ;
	}

	/*
	 * zuluCryptMountHasNotAllowedFileSystemOptions() is defined in ./mount_fs_options.c
	 */
	if( zuluCryptMountHasNotAllowedFileSystemOptions( uid,fs_opts,fs ) ){
		return zuluExit( -1,fd,opts,fs,loop ) ;
	}

	mst.fs_flags = fs_opts ;
	mst.fs = StringContent( fs ) ;
	opts = set_mount_options( &mst ) ;

	if( StringPrefixNotEqual( path,"/dev/" ) ){
		/*
		 * zuluCryptAttachLoopDeviceToFile() is defined in ./create_loop_device.c
		 */
		if( zuluCryptAttachLoopDeviceToFile( mst.device,O_RDWR,&fd,&loop ) ){
			mst.device = StringContent( loop ) ;
		}else{
			return zuluExit( -1,fd,opts,fs,loop ) ;
		}
	}

	if( zuluCryptFileSystemIsFUSEbased( path ) ){
		/*
		 * These file systems dont see to work with mount() command for some reason.
		 * Them being FUSE based could be a reason.
		 */
		switch( mount_FUSEfs( &mst ) ){
			case 0  : return zuluExit( 0,fd,opts,fs,loop )  ;
			case 16 : return zuluExit( 12,fd,opts,fs,loop ) ;
			default : return zuluExit( 1,fd,opts,fs,loop )  ;
		}
	}else{
		h = mount_volume( &mst ) ;
	}

	return zuluExit( h,fd,opts,fs,loop ) ;
}
예제 #16
0
static int crypt_opt( const struct_opts * opts,uid_t uid,int opt )
{
	string_t q = StringVoid ;
	string_t p = StringVoid ;

	int st ;
	
	const char * source	= opts->device ;
	const char * dest  	= opts->m_opts ;
	const char * passphrase = opts->key ;
	const char * type 	= opts->key_source ;
	
	return zuluExit( 16 ) ;
	
	if( dest == NULL ){
		return zuluExit( 9 ) ;
	}
	if( source == NULL ){
		return zuluExit( 14 ) ;
	}
	/*
	 * zuluCryptPathStartsWith() is defined in real_path.c
	 */
	if( zuluCryptPathStartsWith( dest,"/dev/" ) ){
		return zuluExit( 10 ) ;
	}
	if( zuluCryptPathStartsWith( source,"/dev/" ) ){
		return zuluExit( 15 ) ;
	}
	/*
	 * zuluCryptPathIsValid() is defined in ../lib/is_path_valid.c
	 */
	if( zuluCryptPathIsValid( dest ) ){
		return zuluExit( 5 ) ;
	}
	/*
	 * zuluCryptPathIsNotValid() is defined in ../lib/is_path_valid.c
	 */
	if( zuluCryptPathIsNotValid( source ) ){
		return zuluExit( 6 ) ;
	}
	
	/*
	 * below two functions are defined in path_access.c
	 */
	if( zuluCryptCanOpenPathForWriting( dest,uid ) == 1 ){
		return zuluExit( 10 ) ;		
	}
	if( zuluCryptCanOpenPathForReading( source,uid ) == 1 ){
		return zuluExit( 15 ) ;
	}
	if( type == NULL ){

		printf( gettext( "Enter passphrase: " ) ) ;
		/*
		 * ZULUCRYPT_KEY_MAX_SIZE is set in ../constants.h
		 */
		switch( StringSilentlyGetFromTerminal_1( &p,ZULUCRYPT_KEY_MAX_SIZE ) ){
			case 1 : return zuluExit( 12 ) ;
			case 2 : return zuluExit( 13 ) ;
		}
		
		printf( gettext( "\nRe enter passphrase: " ) ) ;
		switch( StringSilentlyGetFromTerminal_1( &q,ZULUCRYPT_KEY_MAX_SIZE ) ){
			case 1 : StringClearDelete( &p ) ;
				 return zuluExit( 12 ) ;
			case 2 : StringClearDelete( &p ) ;
				 return zuluExit( 13 ) ;
		}
		
		printf( "\n" ) ;
		
		if( !StringEqualString( p,q ) ){
			StringClearDelete( &p ) ;
			StringClearDelete( &q ) ;
			return zuluExit( 8 ) ; 
		}else{
			StringDelete( &q ) ;
		}
	}else{
		if( type == NULL ){
			return zuluExit( 9 ) ;
		}
		if( StringsAreEqual( type,"-p" ) ){
			p = String( passphrase ) ;
		}else if( StringsAreEqual( type,"-f" ) ){
			p = StringGetFromFile( passphrase ) ;
			if( p == NULL ){
				return zuluExit( 2 ) ;
			}
		}else{
			return zuluExit( 3 ) ;
		}
	}
	
	if( opt == ENCRYPT ){
		/*
		 * zuluCryptEncryptFile() is defined in ./crypt_file.c
		 */
		st = zuluCryptEncryptFile( source,dest,StringContent( p ),StringLength( p ) ) ;
	}else{
		/*
		 * zuluCryptDecryptFile() is defined in ./crypt_file.c
		 */
		st = zuluCryptDecryptFile( source,dest,StringContent( p ),StringLength( p ) ) ;
	}
	
	StringClearDelete( &p ) ;
	
	switch( st ){
		case 1 : return zuluExit( 4 ) ;
		case 2 : return zuluExit( 11 ) ;
	}
	
	chmod( dest,S_IRUSR | S_IWUSR ) ;
	chown( dest,uid,uid ) ;
	
	if( opt == 1 ){
		return zuluExit( 1 ) ;
	}else{
		return zuluExit( 0 ) ;
	}
}
예제 #17
0
int zuluCryptEXEOpenVolume( const struct_opts * opts,const char * mapping_name,uid_t uid )
{
	int share                = opts->share ;
	int open_mount           = opts->open_mount ;
	const char * device      = opts->device ;
	const char * mount_point = opts->mount_point ;
	const char * m_opts      = opts->m_opts ;
	const char * source      = opts->key_source ;
	const char * pass        = opts->key ;
	const char * plugin_path = opts->plugin_path ;
	const char * fs_opts     = opts->fs_opts ;
	const char * offset      = opts->offset ;
	const char * const * tcrypt_keyfiles = opts->tcrypt_multiple_keyfiles ;
	/*
	 * Below is a form of memory management.All strings are collected in a stringlist object to easily delete them
	 * when the function returns.This allows for the function to have multiple exit points without risks of leaking
	 * memory from manually examining each exit point to make sure all strings are deleted or go with multiple goto
	 * code deleting blocks to take into account different exit points.
	 */
	stringList_t stl ;
	string_t * stringArray = StringListArray( &stl,6 ) ;
	string_t * passphrase  =  &stringArray[ 0 ] ;
	string_t * m_name      =  &stringArray[ 1 ] ;
	string_t * data        =  &stringArray[ 2 ] ;
	string_t * m_point     =  &stringArray[ 3 ] ;
	string_t * mapper      =  &stringArray[ 4 ] ;
	string_t * mapper_path =  &stringArray[ 5 ] ;

	const char * key = NULL ;
	const char * mapper_name ;
	const char * e ;

	size_t key_len = 0 ;
	int st = 0 ;

	stringList_t stz ;
	tvcrypt v_info ;

	unsigned long m_flags ;

	int tcrypt_keyfile  = 0 ;

	const char * uuid ;
	char * device_path ;

	/*
	 * open_struct_t is declared in ../lib/include.h
	 */
	open_struct_t volume ;

	struct stat statstr ;

	/*
	 * zuluCryptVolumeIsInSystemVolumeList() is defined in volumes.c
	 */
	if( zuluCryptVolumeIsInSystemVolumeList( device ) ){
		/*
		 * check permissions only if volume is explicity mentioned as system.
		 * This is an exception to avoid some udev bad behaviors on udev enabled build
		 */
		if( !zuluCryptUserIsAMemberOfAGroup( uid,"zulucrypt" ) ){
			return zuluExit( 22,device,mount_point,stl ) ;
		}
	}
	if( m_opts == NULL ){

		m_opts = "rw" ;
	}
	/*
	 * zuluCryptMountFlagsAreNotCorrect() is defined in ./mount_flags.c
	 */
	if( zuluCryptMountFlagsAreNotCorrect( m_opts,uid,&m_flags ) ){

		return zuluExit( 5,device,mount_point,stl ) ;
	}
	if( StringHasComponent( m_opts,"rw" ) ){
		/*
		 * zuluCryptSecurityDeviceIsWritable() is defined in path_access.c
		 */
		st = zuluCryptCanOpenPathForWriting( device,uid ) ;
	}else{
		/*
		 * zuluCryptSecurityDeviceIsReadable() is defined in path_access.c
		 */
		st = zuluCryptCanOpenPathForReading( device,uid ) ;
	}

	/*
	 * 1-permissions denied
	 * 2-invalid path
	 * 3-shenanigans
	 * 4-common error
	 */
	switch( st ){

		case 0 :  break ;
		case 1 :  return zuluExit( 6,device,mount_point,stl ) ;
		case 2 :  return zuluExit( 6,device,mount_point,stl ) ;
		case 3 :  return zuluExit( 6,device,mount_point,stl ) ;
		case 4 :  return zuluExit( 6,device,mount_point,stl ) ;
		default:  return zuluExit( 6,device,mount_point,stl ) ;
	}

	if( open_mount ){
		/*
		* zuluCryptCreateMountPoint() is defined in create_mount_point.c
		*/
		*m_point = zuluCryptCreateMountPoint( device,mount_point,m_opts,uid ) ;

		mount_point = StringContent( *m_point ) ;

		if( mount_point == NULL ){

			return zuluExit( 9,device,mount_point,stl ) ;
		}
	}else{
		if( uid != 0 ){

			return zuluExit( 7,device,mount_point,stl ) ;
		}
		if( mount_point != NULL ){

			return zuluExit( 8,device,mount_point,stl ) ;
		}
	}

	if( share ){
		/*
		 * zuluCryptBindSharedMountPointPathTaken() is defined in bind.c
		 */
		if( zuluCryptBindSharedMountPointPathTaken( *m_point ) ){

			return zuluExit_1( 10,opts,device,mount_point,stl ) ;
		}
	}

	/*
	 * zuluCryptCreateMapperName() is defined in ../lib/create_mapper_name.c
	 */
	*m_name = zuluCryptCreateMapperName( device,mapping_name,uid,ZULUCRYPTshortMapperPath ) ;

	*mapper = StringCopy( *m_name ) ;
	mapper_name = StringContent( *m_name ) ;

	*mapper_path = String( zuluCryptMapperPrefix() ) ;
	e = StringMultipleAppend( *mapper_path,"/",mapper_name,NULL ) ;

	if( stat( e,&statstr ) == 0 ){

		return zuluExit_1( 11,opts,device,mount_point,stl ) ;
	}

	if( plugin_path != NULL ){
		/*
		 * zuluCryptUUIDFromPath() is defined in path_access.c
		 */
		uuid = zuluCryptUUIDFromPath( device ) ;

		device_path = _device_path( device ) ;
		/*
		 * zuluCryptPluginManagerGetKeyFromModule is defined in ../pluginManager/zuluCryptPluginManager.c
		 */
		*passphrase = zuluCryptPluginManagerGetKeyFromModule( device_path,plugin_path,uuid,uid,opts,&st ) ;

		StringFree( device_path ) ;
		StringFree( uuid ) ;

		if( st != 0 || *passphrase == StringVoid ){

			return zuluExit_1( 12,opts,device,mount_point,stl ) ;
		}

		key_len = StringLength( *passphrase ) ;
		key = StringContent( *passphrase ) ;

		zuluCryptSecurityLockMemory_1( *passphrase ) ;

	}else if( source == NULL && tcrypt_keyfiles[ 0 ] == NULL ){

		printf( gettext( "Enter passphrase: " ) ) ;
		/*
		 * ZULUCRYPT_KEY_MAX_SIZE is set in ../constants.h
		 */
		switch( StringSilentlyGetFromTerminal_1( passphrase,ZULUCRYPT_KEY_MAX_SIZE ) ){

			case 1 : return zuluExit_1( 13,opts,device,mount_point,stl ) ;
			case 2 : return zuluExit_1( 14,opts,device,mount_point,stl ) ;
		}

		printf( "\n" ) ;
		key = StringContent( *passphrase ) ;
		key_len = StringLength( *passphrase ) ;

		zuluCryptSecurityLockMemory_1( *passphrase ) ;
	}else{
		if( source == NULL || pass == NULL ){

			if( tcrypt_keyfiles == NULL ){

				return zuluExit_1( 15,opts,device,mount_point,stl ) ;
			}
		}
		if( StringsAreEqual( source,"-p" ) ){

			key = pass ;
			key_len = StringSize( pass ) ;

		}else if( StringsAreEqual( source,"-f" ) ){

			if( StringHasNoComponent( pass,"/.zuluCrypt-socket" ) ){

				tcrypt_keyfile = 1 ;
			}
			/*
			 * function is defined at "path_access.c"
			 */
			switch( zuluCryptGetPassFromFile( pass,uid,data ) ){

				case 1 : return zuluExit_1( 16,opts,device,mount_point,stl ) ;
				case 2 : return zuluExit_1( 17,opts,device,mount_point,stl ) ;
				case 4 : return zuluExit_1( 18,opts,device,mount_point,stl ) ;
				case 5 : return zuluExit_1( 19,opts,device,mount_point,stl ) ;
			}
			key = StringContent( *data ) ;
			key_len = StringLength( *data ) ;

			zuluCryptSecurityLockMemory_1( *data ) ;
		}
	}

	memset( &volume,'\0',sizeof( open_struct_t ) ) ;

	if( key != NULL ){

		volume.key     = key ;
		volume.key_len = key_len ;
	}else{
		volume.key     = "" ;
		volume.key_len = 0 ;
	}

	volume.device      = device ;
	volume.offset      = offset ;
	volume.mapper_name = mapper_name ;
	volume.m_point     = mount_point ;
	volume.fs_opts     = fs_opts ;
	volume.uid         = uid ;
	volume.m_opts      = m_opts ;
	volume.m_flags     = m_flags ;

	/*
	 * zuluCryptTrueCryptVeraCryptVolumeInfo() is defined in this source file.
	 */
	zuluCryptTrueCryptVeraCryptVolumeInfo( opts->type,&v_info ) ;

	volume.iteration_count = v_info.iteration_count ;

	volume.veraCrypt_volume = StringAtLeastOneMatch( v_info.type,"vcrypt","veracrypt","vera",NULL ) ;

	StringDelete( &v_info.type ) ;

	plugin_path = plugin_path + StringLastIndexOfChar_1( plugin_path,'/' ) + 1 ;

	volume.luks_detached_header = StringHasComponent( plugin_path,"luks" ) ;

	volume.general_detached_header = StringHasComponent( plugin_path,"generic_header" ) ;

	if( tcrypt_keyfile ){

		volume.key_source = TCRYPT_KEYFILE ;
	}

	if( tcrypt_keyfiles[ 0 ] != NULL ){

		/*
		 * Here, we take a list of keyfiles supplied by the user and then copy them to a safe
		 * location at "/run/zuluCrypt" and then we pass these safe copies to cryptsetup.
		 *
		 * The idea is not to let cryptsetup, a privileged process handle user managed files.
		 */

		stz = zuluCryptCreateKeyFiles( tcrypt_keyfiles,0 ) ;

		volume.tcrypt_keyfiles_count = StringListSize( stz ) ;
		volume.tcrypt_keyfiles       = StringListStringArray_0( stz ) ;

		st = _open_volume( &volume ) ;

		zuluCryptDeleteKeyFiles( stz ) ;

		StringFree( volume.tcrypt_keyfiles ) ;
		StringListDelete( &stz ) ;
	}else{
		st = _open_volume( &volume ) ;
	}

	/*
	 * below two return values comes from ../lib/mount_volume.c
	 */
	if( st == -1 ){
		st = 20 ;
	}
	if( st == 12 ){
		st = 21 ;
	}
	if( st == 8 || st == 3 ){
		st = 3 ;
	}

	device = StringMultiplePrepend( *mapper,"/",zuluCryptMapperPrefix(),NULL ) ;

	if( st == 0 && share ){

		/*
		 * user wish to share the mount point bind the mount point to a publicly accessed path at /run/media/public/
		 */
		/*
		 * zuluCryptBindMountVolume() is defined in ../zuluCrypt-cli/bin/bind.c
		 */
		zuluCryptBindMountVolume( device,*m_point,m_flags ) ;
	}

	/*
	 * zuluCryptCheckInvalidKey() is defined in check_invalid_key.c
	 */
	zuluCryptCheckInvalidKey( opts->device ) ;
	return zuluExit_1( st,opts,device,mount_point,stl ) ;
}
예제 #18
0
int zuluCryptOpenVolume( const char * dev,const char * mapper,
			 const char * m_point,uid_t id,unsigned long m_opts,
			 const char * fs_opts,const char * pass,size_t pass_size ) 
{
	int h ;
	string_t p = StringVoid ;
	string_t q = StringVoid ;
	int lmode ;
	int fd ;
	const char * mode ;
	const char * mapper_1 ;
	/*
	 * zuluCryptPathIsNotValid() is defined in is_path_valid.c
	 */
	if( zuluCryptPathIsNotValid( dev ) ){
		return 3 ;
	}
	
	/*
	 * zuluCryptMapperPrefix() is defined in create_mapper_name.c
	 */
	p = String( zuluCryptMapperPrefix() ) ;
	
	mapper_1 = StringMultipleAppend( p,"/",mapper,END ) ;

	/*
	 * zuluCryptPathIsValid() is defined in is_path_valid.c
	 */
	if( zuluCryptPathIsValid( mapper_1 ) ){
		return zuluExit( 2,p ) ;
	}
	if( m_opts & MS_RDONLY ){
		lmode = O_RDONLY ;
		mode = "ro" ;
	}else{
		lmode = O_RDWR ;
		mode = "rw" ;
	}
	
	if( StringPrefixMatch( dev,"/dev/",5 ) ){
		h = _open_mapper( dev,mapper,mode,pass,pass_size ) ;
	}else{
		/*
		 * zuluCryptAttachLoopDeviceToFile() is defined in create_loop_device.c
		 */
		if( zuluCryptAttachLoopDeviceToFile( dev,lmode,&fd,&q ) ){
			dev = StringContent( q ) ;
			h = _open_mapper( dev,mapper,mode,pass,pass_size ) ;
			close( fd ) ;
			StringDelete( &q ) ;
		}else{
			h = 1 ;
		}
	}

	switch( h ){
		case 1 : return zuluExit( 4,p ) ;
		case 2 : return zuluExit( 8,p ) ; 
		case 3 : return zuluExit( 3,p ) ;
	}
		
	if( m_point != NULL ){
		/*
		 * zuluCryptMountVolume() is defined in mount_volume.c
		 */
		h = zuluCryptMountVolume( mapper_1,m_point,m_opts,fs_opts,id ) ;
	
		if( h != 0 ){
			/*
			 * zuluCryptCloseMapper() is defined in close_mapper.c
			 */
			if( zuluCryptCloseMapper( mapper_1 ) != 0 ){
				h = 15 ;
			}
		}
	}
	
	return zuluExit( h,p ) ;
}
예제 #19
0
/*
 * get_pass_from_file function is defined at get_pass_from_file.c *
 */
int zuluCryptEXEAddKey( const struct_opts * opts,uid_t uid )
{
	const char * device      = opts->device ;
	const char * keyType1    = opts->existing_key_source ;
	const char * existingKey = opts->existing_key ;
	const char * keyType2    = opts->new_key_source ;
	const char * newKey      = opts->new_key ;

	/*
	 * Below is a form of memory management.All strings are collected in a stringlist object to easily delete them
	 * when the function returns.This allows for the function to have multiple exit points without risks of leaking
	 * memory from manually examining each exit point to make sure all strings are deleted or go with multiple goto
	 * code deleting blocks to take into account different exit points.
	 */
	stringList_t stl ;
	string_t * stringArray  = StringListArray( &stl,5 ) ;
	string_t * presentKey	= &stringArray[ 0 ] ;
	string_t * newKey_1  	= &stringArray[ 1 ] ;
	string_t * newKey_2    	= &stringArray[ 2 ] ;
	string_t * ek          	= &stringArray[ 3 ] ;
	string_t * nk          	= &stringArray[ 4 ] ;

	const char * key1 = NULL ;
	const char * key2 = NULL ;

	size_t len1 = 0 ;
	size_t len2 = 0 ;

	int status = 0 ;

	tcrypt_opts tcrypt ;

	memset( &tcrypt,'\0',sizeof( tcrypt_opts ) ) ;

	/*
	 * zuluCryptPartitionIsSystemPartition() is defined in ./partitions.c
	 */
	if( zuluCryptPartitionIsSystemPartition( device,uid ) ){

		if( !zuluCryptUserIsAMemberOfAGroup( uid,"zulucrypt" ) ){

			return zuluExit( 4,stl ) ;
		}
	}
	/*
	 * zuluCryptSecurityDeviceIsWritable() is defined in path_access.c
	 */
	status = zuluCryptCanOpenPathForWriting( device,uid ) ;
	/*
	 * 1-permissions denied
	 * 2-invalid path
	 * 3-shenanigans
	 * 4-common error
	 */
	switch( status ){

		case 0 :  break ;
		case 1 :  return zuluExit( 5,stl ) ;
		case 2 :  return zuluExit( 5,stl ) ;
		case 3 :  return zuluExit( 5,stl ) ;
		case 4 :  return zuluExit( 5,stl ) ;
		default:  return zuluExit( 5,stl ) ;
	}

	switch( _zuluCryptCheckEmptySlots( device ) ){

		case 0 : return zuluExit( 6,stl ) ;
		case 1 : return zuluExit( 2,stl ) ;
		case 2 : /* no complains,continue */ ;
	}

	if( keyType1 == NULL && keyType2 == NULL ){

		switch( zuluGetKeys( presentKey,newKey_1,newKey_2 ) ){

			case 1 : return zuluExit( 7,stl ) ;
			case 2 : return zuluExit( 8,stl ) ;
		}

		if( StringEqualString( *newKey_1,*newKey_2 ) ){

			key1 = StringContent( *presentKey ) ;
			len1 = StringLength ( *presentKey ) ;
			key2 = StringContent( *newKey_1   ) ;
			len2 = StringLength ( *newKey_1   ) ;
		}else{
			return zuluExit( 9,stl ) ;
		}
	}else{
		if( newKey == NULL || existingKey == NULL ){

			return zuluExit( 10,stl ) ;
		}
		if( StringsAreEqual( keyType1,"-f" ) ){

			/*
			 * this function is defined at "path_access.c"
			 */

			switch( zuluCryptGetPassFromFile( existingKey,uid,ek ) ){

				case 1 : return zuluExit( 11,stl ) ;
				case 4 : return zuluExit( 12,stl ) ;
				case 2 : return zuluExit( 13,stl ) ;
				case 5 : return zuluExit( 14,stl ) ;
			}

			key1 = StringContent( *ek ) ;
			len1 = StringLength( *ek ) ;

			if( StringHasNoComponent( existingKey,"/.zuluCrypt-socket" ) ){

				tcrypt.existing_key_is_keyfile = 1 ;
			}
		}
		if( StringsAreEqual( keyType2,"-f" ) ){

			/*
			 * this function is defined at "path_access.c"
			 */

			switch( zuluCryptGetPassFromFile( newKey,uid,nk ) ){

				case 1 : return zuluExit( 11,stl ) ;
				case 4 : return zuluExit( 12,stl ) ;
				case 2 : return zuluExit( 13,stl ) ;
				case 5 : return zuluExit( 14,stl ) ;
			}

			key2 = StringContent( *nk ) ;
			len2 = StringLength( *nk ) ;

			if( StringHasNoComponent( newKey,"/.zuluCrypt-socket" ) ){

				tcrypt.new_key_is_keyfile = 1 ;
			}
		}
		if( StringsAreEqual( keyType1,"-f" ) && StringsAreEqual( keyType2,"-f" ) ){

			;

		}else if( StringsAreEqual( keyType1,"-p" ) && StringsAreEqual( keyType2,"-p" ) ){

			key1 = existingKey ;
			len1 = StringSize( existingKey ) ;
			key2 = newKey ;
			len2 = StringSize( newKey ) ;

		}else if( StringsAreEqual( keyType1,"-p" ) && StringsAreEqual( keyType2,"-f" ) ){

			key1 = existingKey ;
			len1 = StringSize( existingKey ) ;

		}else if( StringsAreEqual( keyType1,"-f" ) && StringsAreEqual( keyType2,"-p" ) ){

			key2 = newKey ;
			len2 = StringSize( newKey ) ;
		}else{
			return zuluExit( 10,stl ) ;
		}
	}

	zuluCryptSecurityLockMemory( stl ) ;

	zuluCryptSecurityGainElevatedPrivileges() ;

	/*
	 * zuluCryptVolumeIsLuks() is defined in ../lib/is_luks.c
	 */
	if( zuluCryptVolumeIsLuks( device ) ){

		/*
		* zuluCryptAddKey() is defined in ../lib/add_key.c
		*/
		status = zuluCryptAddKey( device,key1,len1,key2,len2 ) ;
	}else{
		tcrypt.device = device ;

		tcrypt.existing_key      = key1 ;
		tcrypt.existing_key_size = len1 ;

		tcrypt.new_key           = key2 ;
		tcrypt.new_key_size      = len2 ;

		status = _replace_truecrypt_key( &tcrypt ) ;
	}

	zuluCryptSecurityDropElevatedPrivileges() ;

	return zuluExit( status,stl ) ;
}
예제 #20
0
int zuluCryptEXECloseVolume( const char * dev,const char * mapping_name,uid_t uid )
{
	 int st ;
	 int i ;
	 string_t p = StringVoid ;
	 char * m_point = NULL ;
	 struct stat xt ;
	 const char * mapper ;

	 int r ;

	 zuluCryptSecurityGainElevatedPrivileges() ;

	 r = zuluCryptDeviceHasAgivenFileSystem( dev,zuluCryptBitLockerType() ) ;

	 if( r == 1 ){

		 p = zuluCryptBitLockerFullMapperPath( uid,dev ) ;

		 mapper = StringContent( p ) ;

		 i = stat( mapper,&xt ) ;

		 zuluCryptSecurityDropElevatedPrivileges() ;

		if( i != 0 ){

			 return zuluExit( 1,p ) ;
		}
	 }else{
		 zuluCryptSecurityDropElevatedPrivileges() ;

		 /*
		  * ZULUCRYPTlongMapperPath is set in ../constants.h
		  * zuluCryptCreateMapperName() defined in ../lib/create_mapper_name.c
		  */
		 p = zuluCryptCreateMapperName( dev,mapping_name,uid,ZULUCRYPTlongMapperPath ) ;

		 mapper = StringContent( p ) ;

		 if( stat( mapper,&xt ) != 0 ){

			 return zuluExit( 1,p ) ;
		 }
	 }

	 /*
	  * zuluCryptBindUnmountVolume() is defined in ./bind.c
	  */
	 switch( zuluCryptBindUnmountVolume( StringListVoid,mapper,uid ) ){

		 case 3 : return zuluExit( 7,p ) ;
		 case 4 : return zuluExit( 8,p ) ;
		 case 5 : return zuluExit( 9,p ) ;
		 default: ;
	 }

	 zuluCryptSecurityGainElevatedPrivileges() ;

	 /*
	  * zuluCryptCloseVolume() is defined in ../lib/close_volume.c
	  *
	  * zuluCryptReuseMountPoint() is defined in create_mount_point.c
	  */

	 if( r == 1 ){
		 if( zuluCryptReuseMountPoint() ){

			 st = zuluCryptBitLockerlock( p,NULL ) ;
		 }else{
			 st = zuluCryptBitLockerlock( p,&m_point ) ;
		 }
	 }else{
		 if( zuluCryptReuseMountPoint() ){

			 st = zuluCryptCloseVolume( mapper,NULL ) ;
		 }else{
			 st = zuluCryptCloseVolume( mapper,&m_point ) ;
		 }
	 }

	 if( st == 0 && m_point != NULL ){

		 for( i = 0 ; i < 2 ; i++ ){

			if( rmdir( m_point ) == 0 ){

				break ;
			}else{
				sleep( 1 ) ;
			}
		 }
	 }

	 StringFree( m_point ) ;

	 zuluCryptSecurityDropElevatedPrivileges() ;
	 return zuluExit( st,p ) ;
}
예제 #21
0
/*
 * Purpose of this function is to open a device and write random data to it as a way of hiding information on the disk.
 *
 * The above is accomplished by opening a plain mapper against the device and then write to the device through the mapper
 *
 */
int zuluCryptEXEWriteDeviceWithJunk( const struct_opts * opts,const char * mapping_name,uid_t uid )
{
	stringList_t stl   = StringListInit() ;
	string_t * mapper  = StringListAssign( stl ) ;
	string_t * confirm = StringListAssign( stl );

	double size ;
	double size_written ;

	const char * device =  opts->device ;

	char buffer[ SIZE ] ;

	int ratio ;
	int prev_ratio ;
	int k ;

	struct sigaction sigac;

	memset( &sigac,'\0',sizeof( struct sigaction ) ) ;

	sigac.sa_handler = &sigTERMhandler ;

	sigaction( SIGINT,&sigac,NULL ) ;
	sigaction( SIGTERM,&sigac,NULL ) ;
	sigaction( SIGHUP,&sigac,NULL ) ;

	__exit_as_requested = 0 ;

	if( ( k = open_plain_as_me_1( opts,mapping_name,uid,0 ) ) != 0 ){
		return k ;
	}
	*mapper = zuluCryptCreateMapperName( device,mapping_name,uid,ZULUCRYPTshortMapperPath ) ;

	StringMultiplePrepend( *mapper,"/",crypt_get_dir(),NULL ) ;

	if( opts->ask_confirmation ){
		printf( gettext( "\nWARNING, device \"%s\" will be overwritten with random data destroying all present data.\n" ),device ) ;
		printf( gettext( "Are you sure you want to proceed? Type \"YES\" and press enter if you are sure: " ) ) ;

		*confirm = StringGetFromTerminal_1( 3 ) ;
		if( *confirm == StringVoid ){
			return zuluExit( stl,17 ) ;
		}else{
			k = StringEqual( *confirm,gettext( "YES" ) ) ;

			if( k == 0 ){
				if( zuluCryptSecurityGainElevatedPrivileges() ){
					zuluCryptCloseMapper( StringContent( *mapper ) ) ;
					zuluCryptSecurityDropElevatedPrivileges() ;
				}
				return zuluExit( stl,5 ) ;
			}
		}
	}

	k = open( StringContent( *mapper ),O_WRONLY ) ;

	size = ( double ) blkid_get_dev_size( k ) ;

	memset( buffer,0,SIZE ) ;

	size_written = 0 ;
	prev_ratio = -1 ;

	while( write( k,buffer,SIZE ) > 0 ){

		if( __exit_as_requested == 1 ){
			break ;
		}
		size_written += SIZE ;

		ratio = ( int ) ( ( size_written / size ) * 100 ) ;

		if( ratio > prev_ratio ){
			printf( "\r%s %d%%",gettext( "percentage complete: " ),ratio ) ;
			fflush( stdout );
			prev_ratio = ratio ;
		}
	}

	close( k ) ;
	if( zuluCryptSecurityGainElevatedPrivileges() ){
		zuluCryptCloseMapper( StringContent( *mapper ) ) ;
		zuluCryptSecurityDropElevatedPrivileges() ;
	}

	if( __exit_as_requested == 1 ){
		return zuluExit( stl,15 ) ;
	}else{
		return zuluExit( stl,3 ) ;
	}
}
예제 #22
0
static int open_plain_as_me_1(const struct_opts * opts,const char * mapping_name,uid_t uid,int op )
{
	/*
	 * Below is a form of memory management.All strings are collected in a stringlist object to easily delete them
	 * when the function returns.This allows for the function to have multiple exit points without risks of leaking
	 * memory from manually examining each exit point to make sure all strings are deleted or go with multiple goto
	 * code deleting blocks to take into account different exit points.
	 */
	stringList_t stl ;
	string_t * stringArray  = StringListArray( &stl,5 ) ;
	string_t * mapper     = &stringArray[ 0 ] ;
	string_t * passphrase = &stringArray[ 1 ] ;
	string_t * p          = &stringArray[ 2 ] ;
	string_t * dev_st     = &stringArray[ 3 ] ;
	string_t * dev_1      = &stringArray[ 4 ] ;

	size_t len = 0 ;

	const char * source      = opts->key_source ;
	const char * pass        = opts->key ;

	int k = opts->ask_confirmation ;

	const char * cpass = NULL ;

	char * d ;

	const char * device = opts->device ;
	const char * dev = opts->device ;

	int j ;
	int n ;

	const char * cmapper ;

	if( StringPrefixEqual( device,"/dev/loop" ) ){
		/*
		 * zuluCryptLoopDeviceAddress() is defined in ../lib/create_loop_device.c
		 */
		d = zuluCryptLoopDeviceAddress( device ) ;
		*dev_st = StringInherit( &d ) ;
		dev = StringContent( *dev_st ) ;
		*dev_1 = StringCopy( *dev_st ) ;
		device = StringReplaceString( * dev_1,"\\040"," " ) ;
	}

	/*
	 * zuluCryptPartitionIsSystemPartition() is defined in ./partition.c
	 */
	if( zuluCryptPartitionIsSystemPartition( device,uid ) ){
		if( uid != 0 ){
			return zuluExit( stl,8 ) ;
		}
	}
	/*
	 * ZULUCRYPTlongMapperPath and ZULUCRYPTshortMapperPath are in ../constants.h
	 * zuluCryptCreateMapperName() is defined at ../lib/create_mapper_name.c
	 */
	*mapper = zuluCryptCreateMapperName( device,mapping_name,uid,ZULUCRYPTshortMapperPath ) ;

	*p = zuluCryptCreateMapperName( device,mapping_name,uid,ZULUCRYPTlongMapperPath ) ;

	j = zuluCryptCheckOpenedMapper( StringContent( *p ) ) ;

	/*
	 * zuluCryptPartitionIsMounted() is defined in ../lib/process_mountinfo.c
	 */
	n = zuluCryptPartitionIsMounted( dev ) ;

	if( j == 1 ){
		return zuluExit( stl,13 ) ;
	}
	if( n == 1 ){
		return zuluExit( stl,14 ) ;
	}
	if( k == 0 ){
		*passphrase = StringRandomString( 64 ) ;
		cpass = StringContent( *passphrase ) ;
		len = StringLength( *passphrase ) ;
	}else if( source == NULL ){
		printf( gettext( "Enter passphrase: " ) ) ;
		/*
		 * ZULUCRYPT_KEY_MAX_SIZE is set in ../constants.h
		 */
		switch( StringSilentlyGetFromTerminal_1( passphrase,ZULUCRYPT_KEY_MAX_SIZE ) ){
			case 1 : return zuluExit( stl,16 ) ;
			case 2 : return zuluExit( stl,17 ) ;
		}
		printf( "\n" ) ;
		cpass = StringContent( *passphrase ) ;
		len = StringLength( *passphrase ) ;
	}else{
		if( strcmp( source,"-p" ) == 0 ){
			*passphrase = String( pass ) ;
			cpass = StringContent( *passphrase ) ;
			len = StringLength( *passphrase ) ;
		}else if( strcmp( source,"-f" ) == 0 ){
			/*
			 * zuluCryptGetPassFromFile() is defined at "path_access.c"
			 */
			switch( zuluCryptGetPassFromFile( pass,uid,passphrase ) ){
				case 1 : return zuluExit( stl,10 ) ;
				case 2 : return zuluExit( stl,11 ) ;
				case 4 : return zuluExit( stl,12 ) ;
			}
			cpass = StringContent( *passphrase ) ;
			len = StringLength( *passphrase ) ;
		}
	}

	if( zuluCryptSecurityGainElevatedPrivileges() ){
		/*
		 * zuluCryptOpenPlain() is defined in ../lib/open_plain.c
		 */
		if( zuluCryptOpenPlain( device,StringContent( *mapper ),"rw",cpass,len ) != 0 ){
			zuluCryptSecurityDropElevatedPrivileges() ;
			return zuluExit( stl,1 ) ;
		}
	}

	zuluCryptSecurityDropElevatedPrivileges() ;

	/*
	 * Create a mapper path(usually at /dev/mapper) associated with opened plain mapper above.
	 */
	cmapper = StringMultiplePrepend( *mapper,"/",crypt_get_dir(),NULL ) ;

	/*
	 *  mapper path is usually a soft link to /dev/dm-X
	 *  resolve the mapper path to its respective /dev/dm-X and set permission on it.
	 *
	 * We set permission of /dev/dm-X pointing to the device to "u+rw" because we want notmal user to be able
	 * to write to the device through the mapper.
	 *
	 * Useful when a normal user want to delete content of the device by writing random data to it.
	 */
	d = zuluCryptRealPath( cmapper ) ;
	if( zuluCryptSecurityGainElevatedPrivileges() ){
		if( d != NULL ){
			_ignore_result( chown( d,uid,0 ) ) ;
			_ignore_result( chmod( d,S_IRWXU ) ) ;
			StringFree( d ) ;
		}
		zuluCryptSecurityDropElevatedPrivileges() ;
	}else{
		return zuluExit( stl,1 ) ;
	}

	if( op == 1 ){
		return zuluExit( stl,0 ) ;
	}else{
		StringListClearDelete( &stl ) ;
		return 0 ;
	}
}
예제 #23
0
int zuluCryptEXERemoveKey( const struct_opts * opts,uid_t uid )
{
	int ask_confirmation     = opts->ask_confirmation ;
	const char * device      = opts->device ;
	const char * keyType     = opts->key_source ;
	const char * keytoremove = opts->key ;

	stringList_t stl = StringListInit() ;

	string_t * pass    =  StringListAssign( stl ) ;
	string_t * confirm =  StringListAssign( stl ) ;

	int status = 0 ;

	const char * key ;
	size_t       key_size ;

	/*
	 * zuluCryptPartitionIsSystemPartition() is defined in ./partitions.c
	 */
	if( zuluCryptPartitionIsSystemPartition( device,uid ) ){

		if( !zuluCryptUserIsAMemberOfAGroup( uid,"zulucrypt" ) ){

			return zuluExit( 4,stl ) ;
		}
	}

	/*
	 * zuluCryptCanOpenPathForWriting is defined in path_access.c
	 */
	status = zuluCryptCanOpenPathForWriting( device,uid ) ;
	/*
	 * 1-permissions denied
	 * 2-invalid path
	 * 3-shenanigans
	 * 4-common error
	 */
	switch( status ){

		case 0 : break ;
		case 1 : return zuluExit( 5,stl ) ;
		case 2 : return zuluExit( 5,stl ) ;
		case 3 : return zuluExit( 5,stl ) ;
		case 4 : return zuluExit( 5,stl ) ;
		default: return zuluExit( 5,stl ) ;
	}

	if( _zuluCryptExECheckEmptySlots( device ) == 3 ){

		if( ask_confirmation ){

			printf( gettext( "WARNING: There is only one key in the volume and all data in it will be lost if you continue.\n" ) ) ;
			printf( gettext( "Do you still want to continue? Type \"YES\" if you do: " ) ) ;

			*confirm = StringGetFromTerminal_1( 3 ) ;

			if( *confirm == StringVoid ){

				return zuluExit( 6,stl ) ;
			}
			if( !StringEqual( *confirm,gettext( "YES" ) ) ){

				return zuluExit( 7,stl ) ;
			}
		}
	}

	if( keyType == NULL ){

		printf( gettext( "Enter a key to be removed: " ) ) ;
		/*
		 * ZULUCRYPT_KEY_MAX_SIZE is set in ../constants.h
		 */
		switch( StringSilentlyGetFromTerminal_1( pass,ZULUCRYPT_KEY_MAX_SIZE ) ){

			case 1 : return zuluExit( 8,stl ) ;
			case 2 : return zuluExit( 9,stl ) ;
		}

		printf( "\n" ) ;

		key = StringContent( *pass ) ;
		key_size = StringLength( *pass ) ;

		zuluCryptSecurityLockMemory_1( *pass ) ;
	}else{
		if( keyType == NULL || keytoremove == NULL ){

			return zuluExit( 10,stl ) ;
		}
		if( StringsAreEqual( keyType,"-f" ) ){
			/*
			 * zuluCryptGetPassFromFile() is defined at path_access.c"
			 */
			switch( zuluCryptGetPassFromFile( keytoremove,uid,pass ) ){

				case 1 : return zuluExit( 11,stl )  ;
				case 2 : return zuluExit( 12,stl )  ;
				case 4 : return zuluExit( 13,stl ) ;
				case 5 : return zuluExit( 14,stl ) ;
			}

			key = StringContent( *pass ) ;
			key_size = StringLength( *pass ) ;

			zuluCryptSecurityLockMemory_1( *pass ) ;
		}else if( StringsAreEqual( keyType, "-p" ) ){

			key = keytoremove ;
			key_size = StringSize( keytoremove ) ;
		}else{
			return zuluExit( 10,stl ) ;
		}
	}

	zuluCryptSecurityGainElevatedPrivileges() ;
	/*
	 * zuluCryptRemoveKey() is defined in ../lib/remove_key.c
	 */
	status = zuluCryptRemoveKey( device,key,key_size ) ;
	zuluCryptSecurityDropElevatedPrivileges() ;

	if( status == 1 ){

		status = zuluExit_1( status,device,stl ) ;
	}else{
		status = zuluExit( status,stl ) ;
	}

	/*
	 * zuluCryptCheckInvalidKey() is defined in check_invalid_key.c
	 */
	zuluCryptCheckInvalidKey( opts->device ) ;
	return status ;
}