static int _user_has_no_access( uid_t uid )
{
if( uid == 0 ) {
return 0 ;
} else {
/*
* zuluCryptUserIsAMemberOfAGroup() is defined in security.c
*/
return !zuluCryptUserIsAMemberOfAGroup( uid,"zulumount" ) ;
}
}
string_t zuluCryptCreateMountPoint( const char * device,const char * label,const char * m_opts,uid_t uid )
{
if( home_mount_prefix() ){
return create_home_mount_point( device,label,uid ) ;
}else{
if( StringHasComponent( m_opts,"mount-prefix=home" ) ){
if( zuluCryptUserIsAMemberOfAGroup( uid,"zulumount" ) ){
return create_home_mount_point( device,label,uid ) ;
}else{
return StringVoid ;
}
}else{
return create_mount_point( device,label,uid ) ;
}
}
}
static inline int _userIsAllowed( uid_t uid,const char * fs )
{
if( fs ){;}
if( uid == 0 ){
/*
* cant say No to root
*/
return 1 ;
}else{
/*
* user is attempting to use not supported file system options.Allow them only if
* they are a member of a supported group
*/
return zuluCryptUserIsAMemberOfAGroup( uid,"zulumount" ) ;
}
}
int zuluCryptDeviceIsSupported( const char * device,uid_t uid )
{
stringList_t stl ;
int r ;
if( StringPrefixEqual( device,"/dev/loop" ) ){
return 1 ;
}else{
stl = zuluCryptPartitions( ZULUCRYPTallPartitions,uid ) ;
r = StringListHasEntry( stl,device ) ;
StringListDelete( &stl ) ;
if( r == 1 ){
return 1 ;
}else{
/*
* zuluCryptUserIsAMemberOfAGroup() is defined in security.c
*/
return zuluCryptUserIsAMemberOfAGroup( uid,"zulucrypt" ) ;
}
}
}
int zuluMountUMount( ARGS * args )
{
const char * device = args->device ;
uid_t uid = args->uid ;
char * loop_device ;
char * m_point = NULL ;
int status ;
string_t st = StringVoid ;
const char * dev = NULL ;
const char * errorMsg = gettext( "\
ERROR: You can not umount volumes out of \"%s\" since you are not root and do not belong to group \"zulumount\"\n" ) ;
string_t xt ;
if( StringPrefixEqual( device,"/dev/loop" ) ){
/*
* zuluCryptLoopDeviceAddress() is defined in ../zuluCrypt-cli/lib/create_loop_devices.c
*/
loop_device = zuluCryptLoopDeviceAddress( device ) ;
if( loop_device == NULL ){
/*
* the error msg is a lie,but its harmless since the user will most likely never see it as
* this code path will not be passed.
*/
return _zuluExit( 100,StringVoid,m_point,gettext( "ERROR: Device does not appear to be mounted" ) ) ;
}else{
st = StringInherit( &loop_device ) ;
dev = StringContent( st ) ;
/*
* zuluCryptGetMountPointFromPath() is defined in defined in ../zuluCrypt-cli/lib/process_mountinfo.c
*/
m_point = zuluCryptGetMountPointFromPath( dev ) ;
if( m_point == NULL ){
return _zuluExit( 100,st,m_point,gettext( "ERROR: Device does not appear to be mounted" ) ) ;
}
}
}else{
/*
* zuluCryptGetMountPointFromPath() is defined in defined in ../zuluCrypt-cli/lib/process_mountinfo.c
*/
m_point = zuluCryptGetMountPointFromPath( device ) ;
if( m_point == NULL ){
return _zuluExit( 100,st,m_point,gettext( "ERROR: Device does not appear to be mounted" ) ) ;
}
}
/*
* zuluCryptMountPointPrefixMatch() is defined in ../zuluCrypt-cli/bin/create_mount_point.c
*/
if( zuluCryptMountPointPrefixMatch( m_point,uid,&xt ) ){
StringDelete( &xt ) ;
}else{
/*
* zuluCryptUserIsAMemberOfAGroup() is defined in ../zuluCrypt-cli/bin/security.c
*/
if( zuluCryptUserIsAMemberOfAGroup( uid,"zulumount" ) ){
StringDelete( &xt ) ;
}else{
printf( errorMsg,StringContent( xt ) ) ;
StringDelete( &xt ) ;
return _zuluExit( 101,st,m_point,NULL ) ;
}
}
StringFree( m_point ) ;
m_point = NULL ;
/*
* zuluCryptBindUnmountVolume() is defined in ../zuluCrypt-cli/bin/bind.c
*/
switch( zuluCryptBindUnmountVolume( StringListVoid,device,uid ) ){
case 3 : return _zuluExit( 107,st,m_point,gettext( "ERROR: Shared mount point appear to be busy" ) ) ;
case 4 : return _zuluExit( 108,st,m_point,gettext( "ERROR: Shared mount point appear to belong to a different user" ) ) ;
case 5 : return _zuluExit( 109,st,m_point,gettext( "ERROR: Shared mount point appear to be in an ambiguous state,advice to unmount manually" ) ) ;
default: ;
}
/*
* zuluCryptSecurityGainElevatedPrivileges() is defined in ../zuluCrypt-cli/bin/security.c
*/
zuluCryptSecurityGainElevatedPrivileges() ;
/*
* zuluCryptUnmountVolume() is defined in ../zuluCrypt-cli/lib/unmount_volume.c
*/
status = zuluCryptUnmountVolume( device,&m_point ) ;
/*
* zuluCryptSecurityDropElevatedPrivileges() is defined in ../zuluCrypt-cli/bin/security.c
*/
zuluCryptSecurityDropElevatedPrivileges() ;
if( status == 0 ){
if( m_point != NULL ){
/*
* zuluCryptReuseMountPoint() is defined in ../zuluCrypt-cli/bin/create_mount_point.c
*/
if( !zuluCryptReuseMountPoint() ){
zuluCryptSecurityGainElevatedPrivileges() ;
rmdir( m_point ) ;
zuluCryptSecurityDropElevatedPrivileges() ;
}
}
return _zuluExit( 0,st,m_point,gettext( "SUCCESS: umount complete successfully" ) ) ;
}else{
switch( status ) {
case 1 : return _zuluExit( 103,st,m_point,gettext( "ERROR: Device does not exist" ) ) ;
case 2 : return _zuluExit( 104,st,m_point,gettext( "ERROR: Failed to unmount,the mount point and/or one or more files are in use" ) ) ;
case 4 : return _zuluExit( 105,st,m_point,gettext( "ERROR: Failed to unmount,could not get a lock on /etc/mtab~" ) ) ;
case 10: return _zuluExit( 107,st,m_point,gettext( "ERROR: Failed to unmount,multiple mount points for the volume detected" ) ) ; break ;
default: return _zuluExit( 106,st,m_point,gettext( "ERROR: Failed to unmount the partition" ) ) ;
}
}
}
int zuluCryptMountFlagsAreNotCorrect( const char * mode,uid_t uid,unsigned long * flags )
{
unsigned long flg = 0 ;
if( mode == NULL ){
flg |= MS_NODEV | MS_NOSUID | MS_NOEXEC | MS_RELATIME ;
*flags = flg ;
return 0 ;
}
if( StringHasComponent( mode,"ro" ) ){
flg |= MS_RDONLY ;
}
if( StringHasComponent( mode,"dev" ) ){
if( _user_has_no_access( uid ) ){
return 1 ;
}
}else{
flg |= MS_NODEV ;
}
#if MOUNT_WITH_NOEXEC_BY_DEFAULT
if( zuluCryptUserIsAMemberOfAGroup( uid,"zulumount-exec" ) ){
/*
* user is a member of a group,mount volume with exec option by default
*/
if( StringHasComponent( mode,"noexec" ) ){
/*
* user with access wish to mount a volume without it
*/
flg |= MS_NOEXEC ;
}
}else{
if( StringHasComponent( mode,"exec" ) ){
if( _user_has_no_access( uid ) ){
return 1 ;
}
}else{
flg |= MS_NOEXEC ;
}
}
#else
if( StringHasComponent( mode,"noexec" ) ){
/*
* user with access wish to mount a volume without it
*/
flg |= MS_NOEXEC ;
}
#endif
if( StringHasComponent( mode,"suid" ) ){
if( _user_has_no_access( uid ) ){
return 1 ;
}
}else{
flg |= MS_NOSUID ;
}
if( StringHasComponent( mode,"bind" ) ){
if( _user_has_no_access( uid ) ){
return 1 ;
}
flg |= MS_BIND ;
}
if( StringHasComponent( mode,"mandlock" ) ){
if( _user_has_no_access( uid ) ){
return 1 ;
}
flg |= MS_MANDLOCK ;
}
if( StringHasComponent( mode,"move" ) ){
if( _user_has_no_access( uid ) ){
return 1 ;
}
flg |= MS_MOVE ;
}
if( StringHasComponent( mode,"noatime" ) ){
if( _user_has_no_access( uid ) ){
return 1 ;
}
flg |= MS_NOATIME ;
}
if( StringHasComponent( mode,"strictatime" ) ){
if( _user_has_no_access( uid ) ){
return 1 ;
}
flg |= MS_STRICTATIME ;
}
if( flg & MS_NOATIME ){
/*
* MS_NOATIME flag is set by user,use it instead of MS_RELATIME
*/
;
}else if( flg & MS_STRICTATIME ){
/*
* MS_STRICTATIME flag is set by user,use it instead of MS_RELATIME
*/
;
}else{
/*
* MS_NOATIME flag not set,autoset MS_RELATIME flag as the default flag
*/
flg |= MS_RELATIME ;
}
#if 0
/*
* done check for this one since its a default option set above
*/
if( StringHasComponent( mode,"relatime" ) ){
if( _user_has_no_access( uid ) ){
return 1 ;
}
flg |= MS_RELATIME ;
}
#endif
if( StringHasComponent( mode,"nodiratime" ) ){
if( _user_has_no_access( uid ) ){
return 1 ;
}
flg |= MS_NODIRATIME ;
}
if( StringHasComponent( mode,"remount" ) ){
if( _user_has_no_access( uid ) ){
return 1 ;
}
flg |= MS_REMOUNT ;
}
if( StringHasComponent( mode,"silent" ) ){
if( _user_has_no_access( uid ) ){
return 1 ;
}
flg |= MS_SILENT ;
}
if( StringHasComponent( mode,"synchronous" ) ){
if( _user_has_no_access( uid ) ){
return 1 ;
}
flg |= MS_SYNCHRONOUS ;
}
*flags = flg ;
return 0 ;
}
/*
* get_pass_from_file function is defined at get_pass_from_file.c *
*/
int zuluCryptEXEAddKey( const struct_opts * opts,uid_t uid )
{
const char * device = opts->device ;
const char * keyType1 = opts->existing_key_source ;
const char * existingKey = opts->existing_key ;
const char * keyType2 = opts->new_key_source ;
const char * newKey = opts->new_key ;
/*
* Below is a form of memory management.All strings are collected in a stringlist object to easily delete them
* when the function returns.This allows for the function to have multiple exit points without risks of leaking
* memory from manually examining each exit point to make sure all strings are deleted or go with multiple goto
* code deleting blocks to take into account different exit points.
*/
stringList_t stl ;
string_t * stringArray = StringListArray( &stl,5 ) ;
string_t * presentKey = &stringArray[ 0 ] ;
string_t * newKey_1 = &stringArray[ 1 ] ;
string_t * newKey_2 = &stringArray[ 2 ] ;
string_t * ek = &stringArray[ 3 ] ;
string_t * nk = &stringArray[ 4 ] ;
const char * key1 = NULL ;
const char * key2 = NULL ;
size_t len1 = 0 ;
size_t len2 = 0 ;
int status = 0 ;
tcrypt_opts tcrypt ;
memset( &tcrypt,'\0',sizeof( tcrypt_opts ) ) ;
/*
* zuluCryptPartitionIsSystemPartition() is defined in ./partitions.c
*/
if( zuluCryptPartitionIsSystemPartition( device,uid ) ){
if( !zuluCryptUserIsAMemberOfAGroup( uid,"zulucrypt" ) ){
return zuluExit( 4,stl ) ;
}
}
/*
* zuluCryptSecurityDeviceIsWritable() is defined in path_access.c
*/
status = zuluCryptCanOpenPathForWriting( device,uid ) ;
/*
* 1-permissions denied
* 2-invalid path
* 3-shenanigans
* 4-common error
*/
switch( status ){
case 0 : break ;
case 1 : return zuluExit( 5,stl ) ;
case 2 : return zuluExit( 5,stl ) ;
case 3 : return zuluExit( 5,stl ) ;
case 4 : return zuluExit( 5,stl ) ;
default: return zuluExit( 5,stl ) ;
}
switch( _zuluCryptCheckEmptySlots( device ) ){
case 0 : return zuluExit( 6,stl ) ;
case 1 : return zuluExit( 2,stl ) ;
case 2 : /* no complains,continue */ ;
}
if( keyType1 == NULL && keyType2 == NULL ){
switch( zuluGetKeys( presentKey,newKey_1,newKey_2 ) ){
case 1 : return zuluExit( 7,stl ) ;
case 2 : return zuluExit( 8,stl ) ;
}
if( StringEqualString( *newKey_1,*newKey_2 ) ){
key1 = StringContent( *presentKey ) ;
len1 = StringLength ( *presentKey ) ;
key2 = StringContent( *newKey_1 ) ;
len2 = StringLength ( *newKey_1 ) ;
}else{
return zuluExit( 9,stl ) ;
}
}else{
if( newKey == NULL || existingKey == NULL ){
return zuluExit( 10,stl ) ;
}
if( StringsAreEqual( keyType1,"-f" ) ){
/*
* this function is defined at "path_access.c"
*/
switch( zuluCryptGetPassFromFile( existingKey,uid,ek ) ){
case 1 : return zuluExit( 11,stl ) ;
case 4 : return zuluExit( 12,stl ) ;
case 2 : return zuluExit( 13,stl ) ;
case 5 : return zuluExit( 14,stl ) ;
}
key1 = StringContent( *ek ) ;
len1 = StringLength( *ek ) ;
if( StringHasNoComponent( existingKey,"/.zuluCrypt-socket" ) ){
tcrypt.existing_key_is_keyfile = 1 ;
}
}
if( StringsAreEqual( keyType2,"-f" ) ){
/*
* this function is defined at "path_access.c"
*/
switch( zuluCryptGetPassFromFile( newKey,uid,nk ) ){
case 1 : return zuluExit( 11,stl ) ;
case 4 : return zuluExit( 12,stl ) ;
case 2 : return zuluExit( 13,stl ) ;
case 5 : return zuluExit( 14,stl ) ;
}
key2 = StringContent( *nk ) ;
len2 = StringLength( *nk ) ;
if( StringHasNoComponent( newKey,"/.zuluCrypt-socket" ) ){
tcrypt.new_key_is_keyfile = 1 ;
}
}
if( StringsAreEqual( keyType1,"-f" ) && StringsAreEqual( keyType2,"-f" ) ){
;
}else if( StringsAreEqual( keyType1,"-p" ) && StringsAreEqual( keyType2,"-p" ) ){
key1 = existingKey ;
len1 = StringSize( existingKey ) ;
key2 = newKey ;
len2 = StringSize( newKey ) ;
}else if( StringsAreEqual( keyType1,"-p" ) && StringsAreEqual( keyType2,"-f" ) ){
key1 = existingKey ;
len1 = StringSize( existingKey ) ;
}else if( StringsAreEqual( keyType1,"-f" ) && StringsAreEqual( keyType2,"-p" ) ){
key2 = newKey ;
len2 = StringSize( newKey ) ;
}else{
return zuluExit( 10,stl ) ;
}
}
zuluCryptSecurityLockMemory( stl ) ;
zuluCryptSecurityGainElevatedPrivileges() ;
/*
* zuluCryptVolumeIsLuks() is defined in ../lib/is_luks.c
*/
if( zuluCryptVolumeIsLuks( device ) ){
/*
* zuluCryptAddKey() is defined in ../lib/add_key.c
*/
status = zuluCryptAddKey( device,key1,len1,key2,len2 ) ;
}else{
tcrypt.device = device ;
tcrypt.existing_key = key1 ;
tcrypt.existing_key_size = len1 ;
tcrypt.new_key = key2 ;
tcrypt.new_key_size = len2 ;
status = _replace_truecrypt_key( &tcrypt ) ;
}
zuluCryptSecurityDropElevatedPrivileges() ;
return zuluExit( status,stl ) ;
}
int zuluCryptBindUnmountVolume( stringList_t stx,const char * device,uid_t uid )
{
stringList_t stl ;
string_t xt ;
string_t st ;
string_t zt ;
ssize_t index = -1 ;
const char * f ;
const char * g ;
char * h = NULL ;
int r = 1 ;
int k ;
int delete_stx = 0 ;
/*
* zuluCryptUserIsAMemberOfAGroup() is defined in security.c
*/
/*
* root user is a member of all groups and hence is allowed
*/
int allowedUser = zuluCryptUserIsAMemberOfAGroup( uid,"zulumount" ) ;
zuluCryptSecurityGainElevatedPrivileges() ;
if( stx == StringListVoid ){
/*
* zuluCryptGetMoutedListFromMountInfo() is defined in ../lib/process_mountinfo.c
*/
stx = zuluCryptGetMoutedListFromMountInfo() ;
delete_stx = 1 ;
}
if( StringPrefixEqual( device,"/dev/loop" ) ){
/*
* zuluCryptLoopDeviceAddress_2() is defined in ../lib/create_loop_device.c
*/
st = zuluCryptLoopDeviceAddress_2( device ) ;
/*
* Add a space at the end of the device name to make sure we check the full device name to avoid possible collisions
* that may exist if one device is named "/home/abc" and another "/home/abcdef"
*/
zt = StringListHasStartSequence_1( stx,StringAppend( st," " ) ) ;
StringRemoveRight( st,1 ) ;
device = h = StringDeleteHandle( &st ) ;
}else{
/*
* Add a space at the end of the device name to make sure we check the full device name to avoid possible collisions
* that may exist if one device is named "/dev/sdc1" and another "/dev/sdc12"
*/
st = String( device ) ;
zt = StringListHasStartSequence_1( stx,StringAppend( st," " ) ) ;
StringDelete( &st ) ;
}
if( zt == StringVoid ){
/*
* The volume does not appear to be mounted
*/
r = 1 ;
}else{
stl = StringListStringSplit( zt,' ' ) ;
xt = StringListCopyStringAtSecondPlace( stl ) ;
StringListDelete( &stl ) ;
st = StringCopy( xt ) ;
/*
* zuluCryptDecodeMountEntry() is defined in ../lib/mount_volume.c
* g will contain something like "/run/media/private/$USER/sdc1"
*/
g = zuluCryptDecodeMountEntry( st ) ;
if( allowedUser ){
/*
* a privileged user is attempting to unmount a shared mount point,allow them
*/
k = 1 ;
}else{
/*
* a non privileged user is attempting to unmount a shared mount point,allow them only if
* they are the one that created it
*/
/*
* zuluCryptSecurityMountPointPrefixMatch() is defined in ./security.c
*/
k = zuluCryptMountPointPrefixMatch( g,uid,NULL ) ;
}
StringDelete( &st ) ;
if( k != 1 ){
/*
* One none privileged user is attempting to unmount a bind mount from another use,disallow it
*/
r = 4 ;
}else{
index = StringLastIndexOfChar( xt,'/' ) + 1 ;
StringRemoveLeft( xt,index ) ;
StringPrepend( xt,"/run/media/public/" ) ;
/*
* f will now contain something like "/run/media/public/sdc1"
* space character is added before checking to avoid possible collisions
* as explained in above comments
*/
f = StringAppend( xt," " ) ;
zt = StringListHasSequence_1( stx,f ) ;
f = StringRemoveRight( xt,1 ) ;
if( zt == StringVoid ){
/*
* volume is not shared
*/
}else{
/*
* volume is shared,try to unmount it
* a volume is assumed to be shared if its device path in mountinfo has two mount points,one
* in /run/media/private/$USER and the other in /run/media/public/
*/
if( StringStartsWith( zt,device ) ){
f = zuluCryptDecodeMountEntry( xt ) ;
/*
* good,the device associated with the shared mount is the same as that of the
* private mount,try to unmount it.
*/
r = 3 ;
for( k = 0 ; k < 3 ; k++ ){
/*
* try to unmount 3 times before giving up
*/
if( umount( f ) == 0 ){
rmdir( f ) ;
r = 0 ;
break ;
}else{
sleep( 1 ) ;
}
}
}else{
/*
* i dont see how we will get here,we shouldnt
*/
r = 0 ;
}
}
}
StringDelete( &xt ) ;
}
if( delete_stx ){
StringListDelete( &stx ) ;
}
StringFree( h ) ;
zuluCryptSecurityDropElevatedPrivileges() ;
return r ;
}
int zuluCryptEXEOpenVolume( const struct_opts * opts,const char * mapping_name,uid_t uid )
{
int share = opts->share ;
int open_mount = opts->open_mount ;
const char * device = opts->device ;
const char * mount_point = opts->mount_point ;
const char * m_opts = opts->m_opts ;
const char * source = opts->key_source ;
const char * pass = opts->key ;
const char * plugin_path = opts->plugin_path ;
const char * fs_opts = opts->fs_opts ;
const char * offset = opts->offset ;
const char * const * tcrypt_keyfiles = opts->tcrypt_multiple_keyfiles ;
/*
* Below is a form of memory management.All strings are collected in a stringlist object to easily delete them
* when the function returns.This allows for the function to have multiple exit points without risks of leaking
* memory from manually examining each exit point to make sure all strings are deleted or go with multiple goto
* code deleting blocks to take into account different exit points.
*/
stringList_t stl ;
string_t * stringArray = StringListArray( &stl,6 ) ;
string_t * passphrase = &stringArray[ 0 ] ;
string_t * m_name = &stringArray[ 1 ] ;
string_t * data = &stringArray[ 2 ] ;
string_t * m_point = &stringArray[ 3 ] ;
string_t * mapper = &stringArray[ 4 ] ;
string_t * mapper_path = &stringArray[ 5 ] ;
const char * key = NULL ;
const char * mapper_name ;
const char * e ;
size_t key_len = 0 ;
int st = 0 ;
stringList_t stz ;
tvcrypt v_info ;
unsigned long m_flags ;
int tcrypt_keyfile = 0 ;
const char * uuid ;
char * device_path ;
/*
* open_struct_t is declared in ../lib/include.h
*/
open_struct_t volume ;
struct stat statstr ;
/*
* zuluCryptVolumeIsInSystemVolumeList() is defined in volumes.c
*/
if( zuluCryptVolumeIsInSystemVolumeList( device ) ){
/*
* check permissions only if volume is explicity mentioned as system.
* This is an exception to avoid some udev bad behaviors on udev enabled build
*/
if( !zuluCryptUserIsAMemberOfAGroup( uid,"zulucrypt" ) ){
return zuluExit( 22,device,mount_point,stl ) ;
}
}
if( m_opts == NULL ){
m_opts = "rw" ;
}
/*
* zuluCryptMountFlagsAreNotCorrect() is defined in ./mount_flags.c
*/
if( zuluCryptMountFlagsAreNotCorrect( m_opts,uid,&m_flags ) ){
return zuluExit( 5,device,mount_point,stl ) ;
}
if( StringHasComponent( m_opts,"rw" ) ){
/*
* zuluCryptSecurityDeviceIsWritable() is defined in path_access.c
*/
st = zuluCryptCanOpenPathForWriting( device,uid ) ;
}else{
/*
* zuluCryptSecurityDeviceIsReadable() is defined in path_access.c
*/
st = zuluCryptCanOpenPathForReading( device,uid ) ;
}
/*
* 1-permissions denied
* 2-invalid path
* 3-shenanigans
* 4-common error
*/
switch( st ){
case 0 : break ;
case 1 : return zuluExit( 6,device,mount_point,stl ) ;
case 2 : return zuluExit( 6,device,mount_point,stl ) ;
case 3 : return zuluExit( 6,device,mount_point,stl ) ;
case 4 : return zuluExit( 6,device,mount_point,stl ) ;
default: return zuluExit( 6,device,mount_point,stl ) ;
}
if( open_mount ){
/*
* zuluCryptCreateMountPoint() is defined in create_mount_point.c
*/
*m_point = zuluCryptCreateMountPoint( device,mount_point,m_opts,uid ) ;
mount_point = StringContent( *m_point ) ;
if( mount_point == NULL ){
return zuluExit( 9,device,mount_point,stl ) ;
}
}else{
if( uid != 0 ){
return zuluExit( 7,device,mount_point,stl ) ;
}
if( mount_point != NULL ){
return zuluExit( 8,device,mount_point,stl ) ;
}
}
if( share ){
/*
* zuluCryptBindSharedMountPointPathTaken() is defined in bind.c
*/
if( zuluCryptBindSharedMountPointPathTaken( *m_point ) ){
return zuluExit_1( 10,opts,device,mount_point,stl ) ;
}
}
/*
* zuluCryptCreateMapperName() is defined in ../lib/create_mapper_name.c
*/
*m_name = zuluCryptCreateMapperName( device,mapping_name,uid,ZULUCRYPTshortMapperPath ) ;
*mapper = StringCopy( *m_name ) ;
mapper_name = StringContent( *m_name ) ;
*mapper_path = String( zuluCryptMapperPrefix() ) ;
e = StringMultipleAppend( *mapper_path,"/",mapper_name,NULL ) ;
if( stat( e,&statstr ) == 0 ){
return zuluExit_1( 11,opts,device,mount_point,stl ) ;
}
if( plugin_path != NULL ){
/*
* zuluCryptUUIDFromPath() is defined in path_access.c
*/
uuid = zuluCryptUUIDFromPath( device ) ;
device_path = _device_path( device ) ;
/*
* zuluCryptPluginManagerGetKeyFromModule is defined in ../pluginManager/zuluCryptPluginManager.c
*/
*passphrase = zuluCryptPluginManagerGetKeyFromModule( device_path,plugin_path,uuid,uid,opts,&st ) ;
StringFree( device_path ) ;
StringFree( uuid ) ;
if( st != 0 || *passphrase == StringVoid ){
return zuluExit_1( 12,opts,device,mount_point,stl ) ;
}
key_len = StringLength( *passphrase ) ;
key = StringContent( *passphrase ) ;
zuluCryptSecurityLockMemory_1( *passphrase ) ;
}else if( source == NULL && tcrypt_keyfiles[ 0 ] == NULL ){
printf( gettext( "Enter passphrase: " ) ) ;
/*
* ZULUCRYPT_KEY_MAX_SIZE is set in ../constants.h
*/
switch( StringSilentlyGetFromTerminal_1( passphrase,ZULUCRYPT_KEY_MAX_SIZE ) ){
case 1 : return zuluExit_1( 13,opts,device,mount_point,stl ) ;
case 2 : return zuluExit_1( 14,opts,device,mount_point,stl ) ;
}
printf( "\n" ) ;
key = StringContent( *passphrase ) ;
key_len = StringLength( *passphrase ) ;
zuluCryptSecurityLockMemory_1( *passphrase ) ;
}else{
if( source == NULL || pass == NULL ){
if( tcrypt_keyfiles == NULL ){
return zuluExit_1( 15,opts,device,mount_point,stl ) ;
}
}
if( StringsAreEqual( source,"-p" ) ){
key = pass ;
key_len = StringSize( pass ) ;
}else if( StringsAreEqual( source,"-f" ) ){
if( StringHasNoComponent( pass,"/.zuluCrypt-socket" ) ){
tcrypt_keyfile = 1 ;
}
/*
* function is defined at "path_access.c"
*/
switch( zuluCryptGetPassFromFile( pass,uid,data ) ){
case 1 : return zuluExit_1( 16,opts,device,mount_point,stl ) ;
case 2 : return zuluExit_1( 17,opts,device,mount_point,stl ) ;
case 4 : return zuluExit_1( 18,opts,device,mount_point,stl ) ;
case 5 : return zuluExit_1( 19,opts,device,mount_point,stl ) ;
}
key = StringContent( *data ) ;
key_len = StringLength( *data ) ;
zuluCryptSecurityLockMemory_1( *data ) ;
}
}
memset( &volume,'\0',sizeof( open_struct_t ) ) ;
if( key != NULL ){
volume.key = key ;
volume.key_len = key_len ;
}else{
volume.key = "" ;
volume.key_len = 0 ;
}
volume.device = device ;
volume.offset = offset ;
volume.mapper_name = mapper_name ;
volume.m_point = mount_point ;
volume.fs_opts = fs_opts ;
volume.uid = uid ;
volume.m_opts = m_opts ;
volume.m_flags = m_flags ;
/*
* zuluCryptTrueCryptVeraCryptVolumeInfo() is defined in this source file.
*/
zuluCryptTrueCryptVeraCryptVolumeInfo( opts->type,&v_info ) ;
volume.iteration_count = v_info.iteration_count ;
volume.veraCrypt_volume = StringAtLeastOneMatch( v_info.type,"vcrypt","veracrypt","vera",NULL ) ;
StringDelete( &v_info.type ) ;
plugin_path = plugin_path + StringLastIndexOfChar_1( plugin_path,'/' ) + 1 ;
volume.luks_detached_header = StringHasComponent( plugin_path,"luks" ) ;
volume.general_detached_header = StringHasComponent( plugin_path,"generic_header" ) ;
if( tcrypt_keyfile ){
volume.key_source = TCRYPT_KEYFILE ;
}
if( tcrypt_keyfiles[ 0 ] != NULL ){
/*
* Here, we take a list of keyfiles supplied by the user and then copy them to a safe
* location at "/run/zuluCrypt" and then we pass these safe copies to cryptsetup.
*
* The idea is not to let cryptsetup, a privileged process handle user managed files.
*/
stz = zuluCryptCreateKeyFiles( tcrypt_keyfiles,0 ) ;
volume.tcrypt_keyfiles_count = StringListSize( stz ) ;
volume.tcrypt_keyfiles = StringListStringArray_0( stz ) ;
st = _open_volume( &volume ) ;
zuluCryptDeleteKeyFiles( stz ) ;
StringFree( volume.tcrypt_keyfiles ) ;
StringListDelete( &stz ) ;
}else{
st = _open_volume( &volume ) ;
}
/*
* below two return values comes from ../lib/mount_volume.c
*/
if( st == -1 ){
st = 20 ;
}
if( st == 12 ){
st = 21 ;
}
if( st == 8 || st == 3 ){
st = 3 ;
}
device = StringMultiplePrepend( *mapper,"/",zuluCryptMapperPrefix(),NULL ) ;
if( st == 0 && share ){
/*
* user wish to share the mount point bind the mount point to a publicly accessed path at /run/media/public/
*/
/*
* zuluCryptBindMountVolume() is defined in ../zuluCrypt-cli/bin/bind.c
*/
zuluCryptBindMountVolume( device,*m_point,m_flags ) ;
}
/*
* zuluCryptCheckInvalidKey() is defined in check_invalid_key.c
*/
zuluCryptCheckInvalidKey( opts->device ) ;
return zuluExit_1( st,opts,device,mount_point,stl ) ;
}
int zuluCryptEXERemoveKey( const struct_opts * opts,uid_t uid )
{
int ask_confirmation = opts->ask_confirmation ;
const char * device = opts->device ;
const char * keyType = opts->key_source ;
const char * keytoremove = opts->key ;
stringList_t stl = StringListInit() ;
string_t * pass = StringListAssign( stl ) ;
string_t * confirm = StringListAssign( stl ) ;
int status = 0 ;
const char * key ;
size_t key_size ;
/*
* zuluCryptPartitionIsSystemPartition() is defined in ./partitions.c
*/
if( zuluCryptPartitionIsSystemPartition( device,uid ) ){
if( !zuluCryptUserIsAMemberOfAGroup( uid,"zulucrypt" ) ){
return zuluExit( 4,stl ) ;
}
}
/*
* zuluCryptCanOpenPathForWriting is defined in path_access.c
*/
status = zuluCryptCanOpenPathForWriting( device,uid ) ;
/*
* 1-permissions denied
* 2-invalid path
* 3-shenanigans
* 4-common error
*/
switch( status ){
case 0 : break ;
case 1 : return zuluExit( 5,stl ) ;
case 2 : return zuluExit( 5,stl ) ;
case 3 : return zuluExit( 5,stl ) ;
case 4 : return zuluExit( 5,stl ) ;
default: return zuluExit( 5,stl ) ;
}
if( _zuluCryptExECheckEmptySlots( device ) == 3 ){
if( ask_confirmation ){
printf( gettext( "WARNING: There is only one key in the volume and all data in it will be lost if you continue.\n" ) ) ;
printf( gettext( "Do you still want to continue? Type \"YES\" if you do: " ) ) ;
*confirm = StringGetFromTerminal_1( 3 ) ;
if( *confirm == StringVoid ){
return zuluExit( 6,stl ) ;
}
if( !StringEqual( *confirm,gettext( "YES" ) ) ){
return zuluExit( 7,stl ) ;
}
}
}
if( keyType == NULL ){
printf( gettext( "Enter a key to be removed: " ) ) ;
/*
* ZULUCRYPT_KEY_MAX_SIZE is set in ../constants.h
*/
switch( StringSilentlyGetFromTerminal_1( pass,ZULUCRYPT_KEY_MAX_SIZE ) ){
case 1 : return zuluExit( 8,stl ) ;
case 2 : return zuluExit( 9,stl ) ;
}
printf( "\n" ) ;
key = StringContent( *pass ) ;
key_size = StringLength( *pass ) ;
zuluCryptSecurityLockMemory_1( *pass ) ;
}else{
if( keyType == NULL || keytoremove == NULL ){
return zuluExit( 10,stl ) ;
}
if( StringsAreEqual( keyType,"-f" ) ){
/*
* zuluCryptGetPassFromFile() is defined at path_access.c"
*/
switch( zuluCryptGetPassFromFile( keytoremove,uid,pass ) ){
case 1 : return zuluExit( 11,stl ) ;
case 2 : return zuluExit( 12,stl ) ;
case 4 : return zuluExit( 13,stl ) ;
case 5 : return zuluExit( 14,stl ) ;
}
key = StringContent( *pass ) ;
key_size = StringLength( *pass ) ;
zuluCryptSecurityLockMemory_1( *pass ) ;
}else if( StringsAreEqual( keyType, "-p" ) ){
key = keytoremove ;
key_size = StringSize( keytoremove ) ;
}else{
return zuluExit( 10,stl ) ;
}
}
zuluCryptSecurityGainElevatedPrivileges() ;
/*
* zuluCryptRemoveKey() is defined in ../lib/remove_key.c
*/
status = zuluCryptRemoveKey( device,key,key_size ) ;
zuluCryptSecurityDropElevatedPrivileges() ;
if( status == 1 ){
status = zuluExit_1( status,device,stl ) ;
}else{
status = zuluExit( status,stl ) ;
}
/*
* zuluCryptCheckInvalidKey() is defined in check_invalid_key.c
*/
zuluCryptCheckInvalidKey( opts->device ) ;
return status ;
}
