static int _open_plain( const char * device,const char * mapper,const char * mode,const char * pass,size_t pass_size ) { int flags ; struct crypt_device * cd ; struct crypt_params_plain params ; memset( ¶ms,'\0',sizeof( struct crypt_params_plain ) ) ; params.hash = "ripemd160"; params.skip = 0; params.offset = 0; if( zuluCryptPathIsNotValid( device ) ){ return 3 ; } if( StringHasComponent( mode,"ro" ) ){ flags = 1 ; }else{ flags = 0 ; } if( crypt_init( &cd,device ) != 0 ){ return 2 ; } if( crypt_format( cd,CRYPT_PLAIN,"aes","cbc-essiv:sha256",NULL,NULL,32,¶ms ) != 0 ){ return zuluExit( 2,cd ) ; } if( crypt_activate_by_passphrase( cd,mapper,CRYPT_ANY_SLOT,pass,pass_size,flags ) < 0 ){ return zuluExit( 2,cd ) ; }else{ return zuluExit( 0,cd ) ; } }
int zuluCryptOpenPlain( const char * device,const char * mapper,const char * mode,const char * pass,size_t pass_size ) { int lmode ; string_t st ; int fd ; int r ; if( StringPrefixMatch( device,"/dev/",5 ) ){ return _open_plain( device,mapper,mode,pass,pass_size ) ; }else{ if( StringHasComponent( mode,"ro" ) ){ lmode = O_RDONLY ; }else{ lmode = O_RDWR ; } /* * zuluCryptAttachLoopDeviceToFile() is defined in ./create_loop.c */ if( zuluCryptAttachLoopDeviceToFile( device,lmode,&fd,&st ) ){ r = _open_plain( device,mapper,mode,pass,pass_size ) ; StringDelete( &st ) ; close( fd ) ; return r ; }else{ return 2 ; } } }
int zuluCryptOpenPlain_1( const open_struct_t * opt ) { int mode ; string_t st ; int fd ; int r ; if( StringPrefixEqual( opt->device,"/dev/" ) ){ return _open_plain( opt->device,opt ) ; }else{ if( StringHasComponent( opt->m_opts,"ro" ) ){ mode = O_RDONLY ; }else{ mode = O_RDWR ; } /* * zuluCryptAttachLoopDeviceToFile() is defined in ./create_loop.c */ if( zuluCryptAttachLoopDeviceToFile( opt->device,mode,&fd,&st ) ){ r = _open_plain( StringContent( st ),opt ) ; StringDelete( &st ) ; close( fd ) ; return r ; }else{ return 2 ; } } }
static int _open_plain( const char * device,const open_struct_t * opt ) { uint32_t flags ; struct crypt_device * cd ; struct crypt_params_plain params ; memset( ¶ms,'\0',sizeof( struct crypt_params_plain ) ) ; params.hash = "ripemd160" ; if( zuluCryptPathIsNotValid( device ) ){ return 3 ; } if( crypt_init( &cd,device ) != 0 ){ return 2 ; } params.offset = _offset( opt->offset ) ; if( StringHasComponent( opt->m_opts,"ro" ) ){ flags = CRYPT_ACTIVATE_READONLY ; }else{ flags = CRYPT_ACTIVATE_ALLOW_DISCARDS ; } if( crypt_format( cd,CRYPT_PLAIN,"aes","cbc-essiv:sha256",NULL,NULL,32,¶ms ) != 0 ){ return zuluExit( 2,cd ) ; } if( crypt_activate_by_passphrase( cd,opt->mapper_name,CRYPT_ANY_SLOT, opt->key,opt->key_len,flags ) < 0 ){ return zuluExit( 2,cd ) ; }else{ return zuluExit( 0,cd ) ; } }
static int mount_FUSEfs_0( m_struct * mst ) { int status ; const char * opts ; process_t p = Process( ZULUCRYPTmount ) ; string_t st = set_mount_options( mst ) ; opts = _mount_options( mst->m_flags,st ) ; if( StringsAreEqual( mst->fs,"ntfs" ) ){ if( StringHasComponent( opts,"ignore_case" ) ){ ProcessSetArgumentList( p,"-n","-t","lowntfs-3g","-o",opts,mst->device,mst->m_point,ENDLIST ) ; }else{ ProcessSetArgumentList( p,"-n","-t","ntfs-3g","-o",opts,mst->device,mst->m_point,ENDLIST ) ; } }else{ ProcessSetArgumentList( p,"-t",mst->fs,"-o",opts,mst->device,mst->m_point,ENDLIST ) ; } ProcessStart( p ) ; status = ProcessExitStatus( p ) ; ProcessDelete( &p ) ; StringDelete( &st ) ; return status ; }
/* * An assumption is made here that the path is an LVM path if "path" * is in /dev/mapper/abc-def format and there exist a path at /dev/abc/def. * * Info in lvm path structures can be found here: * https://www.redhat.com/archives/linux-lvm/2014-January/msg00014.html */ string_t zuluCryptConvertIfPathIsLVM( const char * path ) { const char * e ; const char ** z ; struct stat st ; StringIterator a ; StringIterator b ; StringIterator c ; StringIterator d ; string_t q = String( path ) ; StringGetIterators( q,&c,&d ) ; for( c = c + 3 ; c < d ; c++ ){ a = c - 2 ; b = c - 1 ; if( *a != '-' && *b == '-' && *c != '-' ){ /* * found a place with a single dash,replace the dash with a slash */ *b = '/' ; /* * replace double dashes if present. */ z = StringPointer( q ) ; while( StringHasComponent( *z,"--" ) ){ StringReplaceString( q,"--","-" ) ; } e = StringReplaceString( q,"/dev/mapper/","/dev/" ) ; if( stat( e,&st ) == 0 ){ /* * The path appear to be an LVM path since * "/dev/mapper/ABC-DEF" input path has a corresponding * "/dev/ABC/DEF" path */ }else{ /* * Not an LVM volume,replace the string to its original */ StringReplace( q,path ) ; } break ; } } return q ; }
static const char * _remove_duplicates( string_t st ) { const char ** z = StringPointer( st ) ; while( StringHasComponent( *z,",," ) ){ StringReplaceString( st,",,","," ) ; } if( StringEndsWithChar( st,',' ) ){ return StringRemoveRight( st,1 ) ; }else{ return StringContent( st ) ; } }
char * zuluCryptGetVolumeTypeFromMapperPath( const char * mapper ) { struct crypt_device * cd ; const char * type ; char * r ; string_t st ; if( StringPrefixNotEqual( mapper,crypt_get_dir() ) ){ return StringCopy_2( "Nil" ) ; } if( crypt_init_by_name( &cd,mapper ) < 0 ){ return StringCopy_2( "Nil" ) ; } type = crypt_get_type( cd ) ; if( type == NULL ){ if( StringHasComponent( mapper,"veracrypt" ) ){ r = StringCopy_2( "crypto_VCRYPT" ) ; }else if( StringHasComponent( mapper,"truecrypt" ) ){ r = StringCopy_2( "crypto_TCRYPT" ) ; }else{ r = _get_type_from_udev( mapper ) ; } }else{ st = String_1( "crypto_",type,NULL ) ; r = StringDeleteHandle( &st ) ; } crypt_free( cd ) ; return r ; }
static void _printResult( const char * device,const char * m_point ) { char * e ; zuluCryptSecurityGainElevatedPrivileges() ; /* * zuluCryptGetVolumeTypeFromMapperPath() is defined in ../lib/status.c */ e = zuluCryptGetVolumeTypeFromMapperPath( device ) ; zuluCryptSecurityDropElevatedPrivileges() ; if( StringHasComponent( e,"LUKS" ) ){ printf( gettext( "SUCCESS: %s volume opened successfully\n" ),"luks" ) ; }else if( StringHasComponent( e,"PLAIN" ) ){ printf( gettext( "SUCCESS: %s volume opened successfully\n" ),"plain" ) ; }else if( StringHasComponent( e,"TCRYPT" ) ){ printf( gettext( "SUCCESS: %s volume opened successfully\n" ),"tcrypt" ) ; }else if( StringHasComponent( e,"VCRYPT" ) ){ printf( gettext( "SUCCESS: %s volume opened successfully\n" ),"vcrypt" ) ; }else{ printf( gettext( "SUCCESS: volume opened successfully\n" ) ) ; } StringFree( e ) ; if( m_point != NULL ){ printf( gettext( "volume mounted at: %s\n" ),m_point ) ; } }
string_t zuluCryptCreateMountPoint( const char * device,const char * label,const char * m_opts,uid_t uid ) { if( home_mount_prefix() ){ return create_home_mount_point( device,label,uid ) ; }else{ if( StringHasComponent( m_opts,"mount-prefix=home" ) ){ if( zuluCryptUserIsAMemberOfAGroup( uid,"zulumount" ) ){ return create_home_mount_point( device,label,uid ) ; }else{ return StringVoid ; } }else{ return create_mount_point( device,label,uid ) ; } } }
int zuluCryptResolveDevicePath_0( int( *function )( const char *,const resolve_path_t * ), const open_struct_t * opt,int error ) { /* * resolve_path_t is defined in includes.h */ resolve_path_t opts ; memset( &opts,'\0',sizeof( opts ) ) ; opts.args = opt ; opts.device = opt->device ; if( StringHasComponent( opt->m_opts,"ro" ) ){ opts.open_mode = O_RDONLY ; }else{ opts.open_mode = O_RDWR ; } return _get_result_1( function,&opts,error ) ; }
int zuluCryptMountFlagsAreNotCorrect( const char * mode,uid_t uid,unsigned long * flags ) { unsigned long flg = 0 ; if( mode == NULL ){ flg |= MS_NODEV | MS_NOSUID | MS_NOEXEC | MS_RELATIME ; *flags = flg ; return 0 ; } if( StringHasComponent( mode,"ro" ) ){ flg |= MS_RDONLY ; } if( StringHasComponent( mode,"dev" ) ){ if( _user_has_no_access( uid ) ){ return 1 ; } }else{ flg |= MS_NODEV ; } #if MOUNT_WITH_NOEXEC_BY_DEFAULT if( zuluCryptUserIsAMemberOfAGroup( uid,"zulumount-exec" ) ){ /* * user is a member of a group,mount volume with exec option by default */ if( StringHasComponent( mode,"noexec" ) ){ /* * user with access wish to mount a volume without it */ flg |= MS_NOEXEC ; } }else{ if( StringHasComponent( mode,"exec" ) ){ if( _user_has_no_access( uid ) ){ return 1 ; } }else{ flg |= MS_NOEXEC ; } } #else if( StringHasComponent( mode,"noexec" ) ){ /* * user with access wish to mount a volume without it */ flg |= MS_NOEXEC ; } #endif if( StringHasComponent( mode,"suid" ) ){ if( _user_has_no_access( uid ) ){ return 1 ; } }else{ flg |= MS_NOSUID ; } if( StringHasComponent( mode,"bind" ) ){ if( _user_has_no_access( uid ) ){ return 1 ; } flg |= MS_BIND ; } if( StringHasComponent( mode,"mandlock" ) ){ if( _user_has_no_access( uid ) ){ return 1 ; } flg |= MS_MANDLOCK ; } if( StringHasComponent( mode,"move" ) ){ if( _user_has_no_access( uid ) ){ return 1 ; } flg |= MS_MOVE ; } if( StringHasComponent( mode,"noatime" ) ){ if( _user_has_no_access( uid ) ){ return 1 ; } flg |= MS_NOATIME ; } if( StringHasComponent( mode,"strictatime" ) ){ if( _user_has_no_access( uid ) ){ return 1 ; } flg |= MS_STRICTATIME ; } if( flg & MS_NOATIME ){ /* * MS_NOATIME flag is set by user,use it instead of MS_RELATIME */ ; }else if( flg & MS_STRICTATIME ){ /* * MS_STRICTATIME flag is set by user,use it instead of MS_RELATIME */ ; }else{ /* * MS_NOATIME flag not set,autoset MS_RELATIME flag as the default flag */ flg |= MS_RELATIME ; } #if 0 /* * done check for this one since its a default option set above */ if( StringHasComponent( mode,"relatime" ) ){ if( _user_has_no_access( uid ) ){ return 1 ; } flg |= MS_RELATIME ; } #endif if( StringHasComponent( mode,"nodiratime" ) ){ if( _user_has_no_access( uid ) ){ return 1 ; } flg |= MS_NODIRATIME ; } if( StringHasComponent( mode,"remount" ) ){ if( _user_has_no_access( uid ) ){ return 1 ; } flg |= MS_REMOUNT ; } if( StringHasComponent( mode,"silent" ) ){ if( _user_has_no_access( uid ) ){ return 1 ; } flg |= MS_SILENT ; } if( StringHasComponent( mode,"synchronous" ) ){ if( _user_has_no_access( uid ) ){ return 1 ; } flg |= MS_SYNCHRONOUS ; } *flags = flg ; return 0 ; }
static int _modify_tcrypt( info_t * info,const struct_opts * opts ) { int k = 4 ; int r ; string_t st = StringVoid ; string_t xt = StringVoid ; if( StringsAreEqual( opts->key_source,"-p" ) ){ info->header_key = opts->key ; info->header_key_source = "passphrase" ; info->header_new_key_source = "new_passphrase" ; }else if( opts->key == NULL && StringsAreNotEqual( opts->key_source,"-f" ) ){ st = info->getKey( &r ) ; if( r ){ info->key = StringContent( st ) ; info->header_key = info->key ; info->header_key_source = "passphrase" ; info->header_new_key_source = "new_passphrase" ; }else{ return zuluExit_1( k,st,xt ) ; } }else{ /* * function is defined at "path_access.c" */ zuluCryptGetPassFromFile( opts->key,info->uid,&st ) ; zuluCryptSecurityGainElevatedPrivileges() ; if( st == StringVoid ){ return zuluExit_1( k,st,xt ) ; }else{ if( StringHasComponent( opts->key,".zuluCrypt-socket" ) ){ info->key = StringContent( st ) ; info->header_key = info->key ; info->header_key_source = "passphrase" ; info->header_new_key_source = "new_passphrase" ; }else{ xt = zuluCryptCreateKeyFile( StringContent( st ),StringLength( st ),"tcrypt-bk-" ) ; if( xt == StringVoid ){ return zuluExit_1( k,st,xt ) ; }else{ info->key = StringContent( xt ) ; info->header_key = info->key ; info->header_key_source = "keyfiles" ; info->header_new_key_source = "new_keyfiles" ; } } } } /* * zuluCryptModifyTcryptHeader() is defined in ../lib/create_tcrypt.c */ k = zuluCryptModifyTcryptHeader( info ) ; if( xt != StringVoid ){ /* * zuluCryptDeleteFile() is defined in ../lib/file_path_security.c */ zuluCryptDeleteFile( StringContent( xt ) ) ; } return zuluExit_1( k,st,xt ) ; }
static int _open_tcrypt_volume( const char * device,const open_struct_t * opts ) { tc_api_task task ; int r = !TC_OK ; size_t i ; size_t k ; const char * const * z ; const char * e ; string_t st = StringVoid ; if( tc_api_initialize() ){ task = tc_api_task_init( "map" ) ; if( tc_api_task_initialized( task ) ){ tc_api_task_set( task,"veracrypt_mode",opts->veraCrypt_volume ) ; tc_api_task_set( task,"map_name",opts->mapper_name ) ; if( StringHasComponent( opts->m_opts,"ro" ) ){ tc_api_task_set( task,"read_only" ) ; } if( opts->tcrypt_system ){ if( StringPrefixEqual( device,"/dev/sd" ) || StringPrefixEqual( device,"/dev/hd" ) ){ st = String( device ) ; e = StringRemoveDigits( st ) ; tc_api_task_set( task,"dev",e ) ; tc_api_task_set( task,"sys",e ) ; }else{ tc_api_task_set( task,"dev",device ) ; tc_api_task_set( task,"sys",device ) ; } }else{ tc_api_task_set( task,"dev",device ) ; } k = opts->tcrypt_keyfiles_count ; z = opts->tcrypt_keyfiles ; tc_api_task_set( task,"passphrase",opts->key ) ; for( i = 0 ; i < k ; i++ ){ tc_api_task_set( task,"keyfiles",*( z + i ) ) ; } r = tc_api_task_do( task ) ; tc_api_task_uninit( task ) ; StringDelete( &st ) ; } tc_api_uninit() ; } return r ; }
stringList_t zuluCryptOpenedVolumesList( uid_t uid ) { const char * e ; const char * c ; const char * d ; const char * t ; char * f ; char * g ; StringListIterator it ; StringListIterator end ; ssize_t k ; string_t q ; string_t z ; string_t j ; stringList_t stx ; stringList_t list = StringListVoid ; stringList_t stl = zuluCryptGetMoutedList() ; if( uid ) { ; } /* * zuluCryptMapperPrefix() is defined in create_mapper_name.c */ j = String_1( zuluCryptMapperPrefix(),"/zuluCrypt-",NULL ) ; /* * t will probably contain "/dev/mapper/zuluCrypt-" */ t = StringContent( j ) ; StringListGetIterators( stl,&it,&end ) ; while( it != end ) { c = StringContent( *it ) ; it++ ; if( StringPrefixNotEqual( c,t ) ) { /* * we only care about zuluCrypt volumes and these volumes that we care about starts with * "/dev/mapper/zuluCrypt-" */ continue ; } if( StringHasComponent( c,"/run/media/public/" ) ) { /* * dont show mirror images due to bind mounts */ continue ; } stx = StringListSplit( c,' ' ) ; e = StringListContentAtFirstPlace( stx ) ; k = StringHasComponent_1( e,"-UUID-" ) ; if( k != -1 ) { q = StringListStringAtFirstPlace( stx ) ; /* * zuluCryptDecodeMountEntry() is defined in mount_volume.c */ d = zuluCryptDecodeMountEntry( StringListStringAtSecondPlace( stx ) ) ; /* * zuluCryptGetVolumeTypeFromMapperPath() is defined in status.c */ f = zuluCryptGetVolumeTypeFromMapperPath( StringContent( q ) ) ; e = StringSubChar( q,StringLastIndexOfChar( q,'-' ),'\0' ) + k + 6 ; z = String_1( "UUID=\"",e,"\"\t",d,"\t",f,NULL ) ; list = StringListAppendString_1( list,&z ) ; StringFree( f ) ; } else { /* * zuluCryptVolumeDeviceName() is defined in status.c */ g = zuluCryptVolumeDeviceName( e ) ; if( g != NULL ) { d = zuluCryptDecodeMountEntry( StringListStringAtSecondPlace( stx ) ) ; /* * zuluCryptGetVolumeTypeFromMapperPath() is defined in status.c */ f = zuluCryptGetVolumeTypeFromMapperPath( StringListContentAtFirstPlace( stx ) ) ; z = String_1( g,"\t",d,"\t",f,NULL ) ; list = StringListAppendString_1( list,&z ) ; StringFree( f ) ; StringFree( g ) ; } } StringListDelete( &stx ) ; } StringListDelete( &stl ) ; StringDelete( &j ) ; return list ; }
int zuluCryptEXEOpenVolume( const struct_opts * opts,const char * mapping_name,uid_t uid ) { int share = opts->share ; int open_mount = opts->open_mount ; const char * device = opts->device ; const char * mount_point = opts->mount_point ; const char * m_opts = opts->m_opts ; const char * source = opts->key_source ; const char * pass = opts->key ; const char * plugin_path = opts->plugin_path ; const char * fs_opts = opts->fs_opts ; const char * offset = opts->offset ; const char * const * tcrypt_keyfiles = opts->tcrypt_multiple_keyfiles ; /* * Below is a form of memory management.All strings are collected in a stringlist object to easily delete them * when the function returns.This allows for the function to have multiple exit points without risks of leaking * memory from manually examining each exit point to make sure all strings are deleted or go with multiple goto * code deleting blocks to take into account different exit points. */ stringList_t stl ; string_t * stringArray = StringListArray( &stl,6 ) ; string_t * passphrase = &stringArray[ 0 ] ; string_t * m_name = &stringArray[ 1 ] ; string_t * data = &stringArray[ 2 ] ; string_t * m_point = &stringArray[ 3 ] ; string_t * mapper = &stringArray[ 4 ] ; string_t * mapper_path = &stringArray[ 5 ] ; const char * key = NULL ; const char * mapper_name ; const char * e ; size_t key_len = 0 ; int st = 0 ; stringList_t stz ; tvcrypt v_info ; unsigned long m_flags ; int tcrypt_keyfile = 0 ; const char * uuid ; char * device_path ; /* * open_struct_t is declared in ../lib/include.h */ open_struct_t volume ; struct stat statstr ; /* * zuluCryptVolumeIsInSystemVolumeList() is defined in volumes.c */ if( zuluCryptVolumeIsInSystemVolumeList( device ) ){ /* * check permissions only if volume is explicity mentioned as system. * This is an exception to avoid some udev bad behaviors on udev enabled build */ if( !zuluCryptUserIsAMemberOfAGroup( uid,"zulucrypt" ) ){ return zuluExit( 22,device,mount_point,stl ) ; } } if( m_opts == NULL ){ m_opts = "rw" ; } /* * zuluCryptMountFlagsAreNotCorrect() is defined in ./mount_flags.c */ if( zuluCryptMountFlagsAreNotCorrect( m_opts,uid,&m_flags ) ){ return zuluExit( 5,device,mount_point,stl ) ; } if( StringHasComponent( m_opts,"rw" ) ){ /* * zuluCryptSecurityDeviceIsWritable() is defined in path_access.c */ st = zuluCryptCanOpenPathForWriting( device,uid ) ; }else{ /* * zuluCryptSecurityDeviceIsReadable() is defined in path_access.c */ st = zuluCryptCanOpenPathForReading( device,uid ) ; } /* * 1-permissions denied * 2-invalid path * 3-shenanigans * 4-common error */ switch( st ){ case 0 : break ; case 1 : return zuluExit( 6,device,mount_point,stl ) ; case 2 : return zuluExit( 6,device,mount_point,stl ) ; case 3 : return zuluExit( 6,device,mount_point,stl ) ; case 4 : return zuluExit( 6,device,mount_point,stl ) ; default: return zuluExit( 6,device,mount_point,stl ) ; } if( open_mount ){ /* * zuluCryptCreateMountPoint() is defined in create_mount_point.c */ *m_point = zuluCryptCreateMountPoint( device,mount_point,m_opts,uid ) ; mount_point = StringContent( *m_point ) ; if( mount_point == NULL ){ return zuluExit( 9,device,mount_point,stl ) ; } }else{ if( uid != 0 ){ return zuluExit( 7,device,mount_point,stl ) ; } if( mount_point != NULL ){ return zuluExit( 8,device,mount_point,stl ) ; } } if( share ){ /* * zuluCryptBindSharedMountPointPathTaken() is defined in bind.c */ if( zuluCryptBindSharedMountPointPathTaken( *m_point ) ){ return zuluExit_1( 10,opts,device,mount_point,stl ) ; } } /* * zuluCryptCreateMapperName() is defined in ../lib/create_mapper_name.c */ *m_name = zuluCryptCreateMapperName( device,mapping_name,uid,ZULUCRYPTshortMapperPath ) ; *mapper = StringCopy( *m_name ) ; mapper_name = StringContent( *m_name ) ; *mapper_path = String( zuluCryptMapperPrefix() ) ; e = StringMultipleAppend( *mapper_path,"/",mapper_name,NULL ) ; if( stat( e,&statstr ) == 0 ){ return zuluExit_1( 11,opts,device,mount_point,stl ) ; } if( plugin_path != NULL ){ /* * zuluCryptUUIDFromPath() is defined in path_access.c */ uuid = zuluCryptUUIDFromPath( device ) ; device_path = _device_path( device ) ; /* * zuluCryptPluginManagerGetKeyFromModule is defined in ../pluginManager/zuluCryptPluginManager.c */ *passphrase = zuluCryptPluginManagerGetKeyFromModule( device_path,plugin_path,uuid,uid,opts,&st ) ; StringFree( device_path ) ; StringFree( uuid ) ; if( st != 0 || *passphrase == StringVoid ){ return zuluExit_1( 12,opts,device,mount_point,stl ) ; } key_len = StringLength( *passphrase ) ; key = StringContent( *passphrase ) ; zuluCryptSecurityLockMemory_1( *passphrase ) ; }else if( source == NULL && tcrypt_keyfiles[ 0 ] == NULL ){ printf( gettext( "Enter passphrase: " ) ) ; /* * ZULUCRYPT_KEY_MAX_SIZE is set in ../constants.h */ switch( StringSilentlyGetFromTerminal_1( passphrase,ZULUCRYPT_KEY_MAX_SIZE ) ){ case 1 : return zuluExit_1( 13,opts,device,mount_point,stl ) ; case 2 : return zuluExit_1( 14,opts,device,mount_point,stl ) ; } printf( "\n" ) ; key = StringContent( *passphrase ) ; key_len = StringLength( *passphrase ) ; zuluCryptSecurityLockMemory_1( *passphrase ) ; }else{ if( source == NULL || pass == NULL ){ if( tcrypt_keyfiles == NULL ){ return zuluExit_1( 15,opts,device,mount_point,stl ) ; } } if( StringsAreEqual( source,"-p" ) ){ key = pass ; key_len = StringSize( pass ) ; }else if( StringsAreEqual( source,"-f" ) ){ if( StringHasNoComponent( pass,"/.zuluCrypt-socket" ) ){ tcrypt_keyfile = 1 ; } /* * function is defined at "path_access.c" */ switch( zuluCryptGetPassFromFile( pass,uid,data ) ){ case 1 : return zuluExit_1( 16,opts,device,mount_point,stl ) ; case 2 : return zuluExit_1( 17,opts,device,mount_point,stl ) ; case 4 : return zuluExit_1( 18,opts,device,mount_point,stl ) ; case 5 : return zuluExit_1( 19,opts,device,mount_point,stl ) ; } key = StringContent( *data ) ; key_len = StringLength( *data ) ; zuluCryptSecurityLockMemory_1( *data ) ; } } memset( &volume,'\0',sizeof( open_struct_t ) ) ; if( key != NULL ){ volume.key = key ; volume.key_len = key_len ; }else{ volume.key = "" ; volume.key_len = 0 ; } volume.device = device ; volume.offset = offset ; volume.mapper_name = mapper_name ; volume.m_point = mount_point ; volume.fs_opts = fs_opts ; volume.uid = uid ; volume.m_opts = m_opts ; volume.m_flags = m_flags ; /* * zuluCryptTrueCryptVeraCryptVolumeInfo() is defined in this source file. */ zuluCryptTrueCryptVeraCryptVolumeInfo( opts->type,&v_info ) ; volume.iteration_count = v_info.iteration_count ; volume.veraCrypt_volume = StringAtLeastOneMatch( v_info.type,"vcrypt","veracrypt","vera",NULL ) ; StringDelete( &v_info.type ) ; plugin_path = plugin_path + StringLastIndexOfChar_1( plugin_path,'/' ) + 1 ; volume.luks_detached_header = StringHasComponent( plugin_path,"luks" ) ; volume.general_detached_header = StringHasComponent( plugin_path,"generic_header" ) ; if( tcrypt_keyfile ){ volume.key_source = TCRYPT_KEYFILE ; } if( tcrypt_keyfiles[ 0 ] != NULL ){ /* * Here, we take a list of keyfiles supplied by the user and then copy them to a safe * location at "/run/zuluCrypt" and then we pass these safe copies to cryptsetup. * * The idea is not to let cryptsetup, a privileged process handle user managed files. */ stz = zuluCryptCreateKeyFiles( tcrypt_keyfiles,0 ) ; volume.tcrypt_keyfiles_count = StringListSize( stz ) ; volume.tcrypt_keyfiles = StringListStringArray_0( stz ) ; st = _open_volume( &volume ) ; zuluCryptDeleteKeyFiles( stz ) ; StringFree( volume.tcrypt_keyfiles ) ; StringListDelete( &stz ) ; }else{ st = _open_volume( &volume ) ; } /* * below two return values comes from ../lib/mount_volume.c */ if( st == -1 ){ st = 20 ; } if( st == 12 ){ st = 21 ; } if( st == 8 || st == 3 ){ st = 3 ; } device = StringMultiplePrepend( *mapper,"/",zuluCryptMapperPrefix(),NULL ) ; if( st == 0 && share ){ /* * user wish to share the mount point bind the mount point to a publicly accessed path at /run/media/public/ */ /* * zuluCryptBindMountVolume() is defined in ../zuluCrypt-cli/bin/bind.c */ zuluCryptBindMountVolume( device,*m_point,m_flags ) ; } /* * zuluCryptCheckInvalidKey() is defined in check_invalid_key.c */ zuluCryptCheckInvalidKey( opts->device ) ; return zuluExit_1( st,opts,device,mount_point,stl ) ; }