static int _remove_key( const char * device,const resolve_path_t * opts )
{
int slot ;
struct crypt_device * cd ;
const arguments * args = opts->args ;
if( zuluCryptVolumeIsNotLuks( device ) ){
return 1 ;
}
if( crypt_init( &cd,device ) != 0 ){
return 3 ;
}
if( crypt_load( cd,NULL,NULL ) != 0 ){
return zuluExit( 3,cd ) ;
}
slot = crypt_activate_by_passphrase( cd,NULL,CRYPT_ANY_SLOT,args->key,args->key_len,0 ) ;
if( slot < 0 ){
return zuluExit( 2,cd ) ;
}
if( crypt_keyslot_destroy( cd,slot ) < 0 ){
return zuluExit( 2,cd ) ;
}else{
return zuluExit( 0,cd ) ;
}
}
static int _attach_loop_device_to_file( const char * path,int mode,
int * loop_fd,string_t * loop_device )
{
string_t loopd = StringVoid ;
int fd_loop = -1 ;
int fd_path = -1 ;
if( !open_loop_device( &loopd ) ){
return zuluExit( 0,loopd,fd_loop,fd_path ) ;
}
fd_path = open( path,mode ) ;
if( fd_path == -1 ){
return zuluExit( 0,loopd,fd_loop,fd_path ) ;
}
fcntl( fd_path,F_SETFD,FD_CLOEXEC ) ;
if( _paths_are_not_sane( fd_path,path ) ){
return zuluExit( 0,loopd,fd_loop,fd_path ) ;
}
if( attach_device_to_loop( fd_path,&fd_loop,loopd,mode ) ){
*loop_device = loopd ;
*loop_fd = fd_loop ;
return zuluExit( 1,loopd,fd_loop,fd_path ) ;
}else{
return zuluExit( 0,loopd,fd_loop,fd_path ) ;
}
}
static int _open_plain( const char * device,const open_struct_t * opt )
{
uint32_t flags ;
struct crypt_device * cd ;
struct crypt_params_plain params ;
memset( ¶ms,'\0',sizeof( struct crypt_params_plain ) ) ;
params.hash = "ripemd160" ;
if( zuluCryptPathIsNotValid( device ) ){
return 3 ;
}
if( crypt_init( &cd,device ) != 0 ){
return 2 ;
}
params.offset = _offset( opt->offset ) ;
if( StringHasComponent( opt->m_opts,"ro" ) ){
flags = CRYPT_ACTIVATE_READONLY ;
}else{
flags = CRYPT_ACTIVATE_ALLOW_DISCARDS ;
}
if( crypt_format( cd,CRYPT_PLAIN,"aes","cbc-essiv:sha256",NULL,NULL,32,¶ms ) != 0 ){
return zuluExit( 2,cd ) ;
}
if( crypt_activate_by_passphrase( cd,opt->mapper_name,CRYPT_ANY_SLOT,
opt->key,opt->key_len,flags ) < 0 ){
return zuluExit( 2,cd ) ;
}else{
return zuluExit( 0,cd ) ;
}
}
static int _open_plain( const char * device,const char * mapper,const char * mode,const char * pass,size_t pass_size )
{
int flags ;
struct crypt_device * cd ;
struct crypt_params_plain params ;
memset( ¶ms,'\0',sizeof( struct crypt_params_plain ) ) ;
params.hash = "ripemd160";
params.skip = 0;
params.offset = 0;
if( zuluCryptPathIsNotValid( device ) ){
return 3 ;
}
if( StringHasComponent( mode,"ro" ) ){
flags = 1 ;
}else{
flags = 0 ;
}
if( crypt_init( &cd,device ) != 0 ){
return 2 ;
}
if( crypt_format( cd,CRYPT_PLAIN,"aes","cbc-essiv:sha256",NULL,NULL,32,¶ms ) != 0 ){
return zuluExit( 2,cd ) ;
}
if( crypt_activate_by_passphrase( cd,mapper,CRYPT_ANY_SLOT,pass,pass_size,flags ) < 0 ){
return zuluExit( 2,cd ) ;
}else{
return zuluExit( 0,cd ) ;
}
}
static int _remove_key( const char * device ,const char * pass,size_t pass_size )
{
int slot ;
struct crypt_device * cd ;
if( zuluCryptVolumeIsNotLuks( device ) ){
return 1 ;
}
if( crypt_init( &cd,device ) != 0 ){
return 3 ;
}
if( crypt_load( cd,NULL,NULL ) != 0 ){
return zuluExit( 3,cd ) ;
}
slot = crypt_activate_by_passphrase( cd,NULL,CRYPT_ANY_SLOT,pass,pass_size,0 );
if ( slot < 0 ){
return zuluExit( 2,cd ) ;
}
if( crypt_keyslot_destroy( cd,slot ) < 0 ){
return zuluExit( 2,cd ) ;
}else{
return zuluExit( 0,cd ) ;
}
}
int zuluCryptEXECloseVolume( const char * dev,const char * mapping_name,uid_t uid )
{
int st ;
int i ;
string_t p = StringVoid ;
char * m_point = NULL ;
struct stat xt ;
const char * mapper ;
/*
* ZULUCRYPTlongMapperPath is set in ../constants.h
* zuluCryptCreateMapperName() defined in ../lib/create_mapper_name.c
*/
p = zuluCryptCreateMapperName( dev,mapping_name,uid,ZULUCRYPTlongMapperPath ) ;
mapper = StringContent( p ) ;
if( stat( mapper,&xt ) != 0 ){
return zuluExit( 1,p ) ;
}
/*
* zuluCryptBindUnmountVolume() is defined in ./bind.c
*/
switch( zuluCryptBindUnmountVolume( StringListVoid,mapper,uid ) ){
case 3 : return zuluExit( 7,p ) ;
case 4 : return zuluExit( 8,p ) ;
case 5 : return zuluExit( 9,p ) ;
default: ;
}
zuluCryptSecurityGainElevatedPrivileges() ;
/*
* zuluCryptCloseVolume() is defined in ../lib/close_volume.c
*/
st = zuluCryptCloseVolume( mapper,&m_point ) ;
if( st == 0 && m_point != NULL ){
for( i = 0 ; i < 2 ; i++ ){
if( rmdir( m_point ) == 0 ){
break ;
}else{
sleep( 1 ) ;
}
}
StringFree( m_point ) ;
}
zuluCryptSecurityDropElevatedPrivileges() ;
return zuluExit( st,p ) ;
}
static int _open_plain( const char * device,const resolve_path_t * opts )
{
uint32_t flags ;
struct crypt_device * cd ;
struct crypt_params_plain params ;
size_t size ;
/*
* open_struct_t is defined in includes.h
*/
const open_struct_t * opt = opts->args ;
const args * e = opt->variables ;
memset( ¶ms,'\0',sizeof( struct crypt_params_plain ) ) ;
params.hash = e->hash ;
if( zuluCryptPathIsNotValid( device ) ){
return 3 ;
}
if( crypt_init( &cd,device ) != 0 ){
return 2 ;
}
params.offset = _offset( e->offset ) ;
if( opts->open_mode == O_RDONLY ){
flags = CRYPT_ACTIVATE_READONLY ;
}else{
flags = CRYPT_ACTIVATE_ALLOW_DISCARDS ;
}
size = ( size_t ) StringConvertToInt( e->keySize ) / 8 ;
if( crypt_format( cd,CRYPT_PLAIN,e->algo,e->cipher,NULL,NULL,size,¶ms ) != 0 ){
return zuluExit( 2,cd ) ;
}
if( crypt_activate_by_passphrase( cd,opt->mapper_name,CRYPT_ANY_SLOT,
opt->key,opt->key_len,flags ) < 0 ){
return zuluExit( 2,cd ) ;
}else{
return zuluExit( 0,cd ) ;
}
}
static char * _empty_slots( const char * device,const resolve_path_t * opts )
{
struct crypt_device * cd;
int j ;
int k ;
const char * type ;
string_t p ;
if( opts ){;}
if( crypt_init( &cd,device ) != 0 ){
return zuluExit( NULL,NULL ) ;
}
if( crypt_load( cd,NULL,NULL ) != 0 ){
return zuluExit( NULL,cd ) ;
}
type = crypt_get_type( cd ) ;
if( type == NULL ){
return zuluExit( NULL,cd ) ;
}
k = crypt_keyslot_max( type ) ;
if( k < 0 ){
return zuluExit( NULL,cd ) ;
}
p = StringEmpty() ;
for( j = 0 ; j < k ; j++ ){
switch( crypt_keyslot_status( cd,j ) ){
case CRYPT_SLOT_INACTIVE : StringAppend( p,"0" ) ; break ;
case CRYPT_SLOT_ACTIVE : StringAppend( p,"1" ) ; break ;
case CRYPT_SLOT_INVALID : StringAppend( p,"2" ) ; break ;
case CRYPT_SLOT_ACTIVE_LAST: StringAppend( p,"3" ) ; break ;
default : ;
}
}
return zuluExit( StringDeleteHandle( &p ),cd ) ;
}
static int _add_key( const char * device,const char * existingkey,size_t existingkey_size,const char * newkey,size_t newkey_size )
{
struct crypt_device * cd ;
if( zuluCryptVolumeIsNotLuks( device ) ){
return 3 ;
}
if( crypt_init( &cd,device ) != 0 ){
return 2 ;
}
if( crypt_load( cd,NULL,NULL ) != 0 ){
return zuluExit( 2,cd ) ;
}
if( crypt_keyslot_add_by_passphrase( cd,CRYPT_ANY_SLOT,existingkey,existingkey_size,newkey,newkey_size ) < 0 ){
return zuluExit( 1,cd ) ;
}else{
return zuluExit( 0,cd ) ;
}
}
/*
* open_volume function below can be devided into two, the first part is before the mount point folder is created and the
* other part is after. This function is called after the mount point is created to see if it the mount point folder
* should be removed first before calling the above function.The above function is called directly when "open_volume"
* function is to be exited before the mount point is created. *
*/
static int zuluExit_1( int st,const struct_opts * opts,const char * device,const char * m_point,stringList_t stl )
{
if( opts->open_mount && st != 0 ){
zuluCryptSecurityGainElevatedPrivileges() ;
rmdir( m_point ) ;
zuluCryptSecurityDropElevatedPrivileges() ;
}
return zuluExit( st,device,m_point,stl ) ;
}
static int _create_volume( const char * dev,const char * fs,const char * type,const char * pass,size_t pass_size,const char * rng )
{
size_t len ;
int status ;
string_t m = StringVoid ;
const char * device_mapper ;
const char * mapper ;
if ( zuluCryptPathIsNotValid( dev ) ){
return 1 ;
}
m = String( crypt_get_dir() ) ;
len = StringLength( m ) ;
StringAppend( m,"/zuluCrypt-" ) ;
device_mapper = StringAppendInt( m,syscall( SYS_gettid ) ) ;
mapper = device_mapper + len + 1 ;
if( StringsAreEqual( type,"luks" ) ){
if( StringsAreNotEqual( rng,"/dev/random" ) ){
if( StringsAreNotEqual( rng,"/dev/urandom" ) ){
return zuluExit( 2,m ) ;
}
}
if( zuluCryptCreateLuks( dev,pass,pass_size,rng ) != 0 ){
return zuluExit( 3,m ) ;
}
if( zuluCryptOpenLuks( dev,mapper,"rw",pass,pass_size ) != 0 ){
return zuluExit( 3,m ) ;
}
}else if( StringsAreEqual( type,"plain") ){
if( zuluCryptOpenPlain( dev,mapper,"rw",pass,pass_size ) != 0 ){
return zuluExit( 3,m ) ;
}
}else{
return zuluExit( 2,m ) ;
}
status = zuluCryptCreateFileSystemInAVolume( fs,device_mapper ) ;
/*
* zuluCryptCloseMapper() is defined in close_mapper.c
*/
zuluCryptCloseMapper( device_mapper );
if( status == 0 ){
return zuluExit( 0,m ) ;
}else{
return zuluExit( 3,m ) ;
}
}
/*
* raid path can be in format /dev/mdX or /dev/md/X.
* We prefer the latter and if given the former,convert it to the latter if possible
*/
string_t zuluCryptResolveMDPath_1( const char * path )
{
struct dirent * entry ;
char * e ;
const char * f = "/dev/md/" ;
DIR * dir = opendir( f ) ;
string_t st = String( f ) ;
if( dir != NULL ){
while( ( entry = readdir( dir ) ) != NULL ){
f = entry->d_name ;
if( !StringAtLeastOneMatch_1( f,".","..",NULL ) ){
e = zuluCryptRealPath( StringAppendAt( st,8,f ) ) ;
if( StringsAreEqual( path,e ) ){
StringFree( e ) ;
return zuluExit( dir,st ) ;
}else{
StringFree( e ) ;
}
}
}
}
StringReplace( st,path ) ;
return zuluExit( dir,st ) ;
}
/*
* 1 is returned if a volume is a truecrypt volume.
* 0 is returned if a volume is not a truecrypt volume or functionality is not supported
*/
int zuluCryptVolumeIsTcrypt( const char * device,const char * key,int key_source )
{
struct crypt_device * cd = NULL;
struct crypt_params_tcrypt params ;
memset( ¶ms,'\0',sizeof( struct crypt_params_tcrypt ) ) ;
if( key_source ){;}
if( crypt_init( &cd,device ) < 0 ){
return 0 ;
}else{
params.passphrase = key ;
params.passphrase_size = StringSize( key ) ;
params.flags = CRYPT_TCRYPT_LEGACY_MODES ;
if( crypt_load( cd,CRYPT_TCRYPT,¶ms ) == 0 ){
return zuluExit( 1,cd ) ;
}else{
return zuluExit( 0,cd ) ;
}
}
}
static int _open_luks_2( const char * device,const resolve_path_t * opt )
{
struct crypt_device * cd ;
uint32_t flags ;
int st ;
/*
* open_struct_t is defined in includes.h
*/
const open_struct_t * opts = opt->args ;
if( zuluCryptPathIsNotValid( device ) ){
return 3 ;
}
if( crypt_init( &cd,device ) != 0 ){
return 2 ;
}
if( crypt_load( cd,NULL,NULL ) != 0 ){
return zuluExit( 2,cd ) ;
}
if( opt->open_mode == O_RDONLY ){
flags = CRYPT_ACTIVATE_READONLY ;
}else{
flags = CRYPT_ACTIVATE_ALLOW_DISCARDS ;
}
st = crypt_activate_by_passphrase( cd,opts->mapper_name,CRYPT_ANY_SLOT,
opts->key,opts->key_len,flags ) ;
if( st >= 0 ){
return zuluExit( 0,cd ) ;
}else if( st == -1 ){
return zuluExit( 1,cd ) ;
}else{
return zuluExit( 2,cd ) ;
}
}
int zuluCryptMountVolume( const char * path,const char * m_point,unsigned long mount_opts,const char * fs_opts,uid_t uid )
{
int h ;
string_t opts = StringVoid ;
string_t fs = StringVoid ;
string_t loop = StringVoid ;
int fd = -1 ;
m_struct mst ;
mst.device = path ;
mst.m_point = m_point ;
mst.uid = uid ;
mst.m_flags = mount_opts ;
/*
* zuluCryptGetFileSystemFromDevice() is defined in this source file
*/
fs = zuluCryptGetFileSystemFromDevice( path ) ;
if( fs == StringVoid ){
/*
* failed to read file system,probably because the volume does have any or
* a plain volume was opened with a wrong key
*/
return zuluExit( 4,fd,opts,fs,loop ) ;
}
if( StringStartsWith( fs,"crypto" ) ){
/*
* we cant mount an encrypted volume, exiting
*/
return zuluExit( 4,fd,opts,fs,loop ) ;
}
/*
* zuluCryptMountHasNotAllowedFileSystemOptions() is defined in ./mount_fs_options.c
*/
if( zuluCryptMountHasNotAllowedFileSystemOptions( uid,fs_opts,fs ) ){
return zuluExit( -1,fd,opts,fs,loop ) ;
}
mst.fs_flags = fs_opts ;
mst.fs = StringContent( fs ) ;
opts = set_mount_options( &mst ) ;
if( StringPrefixNotEqual( path,"/dev/" ) ){
/*
* zuluCryptAttachLoopDeviceToFile() is defined in ./create_loop_device.c
*/
if( zuluCryptAttachLoopDeviceToFile( mst.device,O_RDWR,&fd,&loop ) ){
mst.device = StringContent( loop ) ;
}else{
return zuluExit( -1,fd,opts,fs,loop ) ;
}
}
if( zuluCryptFileSystemIsFUSEbased( path ) ){
/*
* These file systems dont see to work with mount() command for some reason.
* Them being FUSE based could be a reason.
*/
switch( mount_FUSEfs( &mst ) ){
case 0 : return zuluExit( 0,fd,opts,fs,loop ) ;
case 16 : return zuluExit( 12,fd,opts,fs,loop ) ;
default : return zuluExit( 1,fd,opts,fs,loop ) ;
}
}else{
h = mount_volume( &mst ) ;
}
return zuluExit( h,fd,opts,fs,loop ) ;
}
static int crypt_opt( const struct_opts * opts,uid_t uid,int opt )
{
string_t q = StringVoid ;
string_t p = StringVoid ;
int st ;
const char * source = opts->device ;
const char * dest = opts->m_opts ;
const char * passphrase = opts->key ;
const char * type = opts->key_source ;
return zuluExit( 16 ) ;
if( dest == NULL ){
return zuluExit( 9 ) ;
}
if( source == NULL ){
return zuluExit( 14 ) ;
}
/*
* zuluCryptPathStartsWith() is defined in real_path.c
*/
if( zuluCryptPathStartsWith( dest,"/dev/" ) ){
return zuluExit( 10 ) ;
}
if( zuluCryptPathStartsWith( source,"/dev/" ) ){
return zuluExit( 15 ) ;
}
/*
* zuluCryptPathIsValid() is defined in ../lib/is_path_valid.c
*/
if( zuluCryptPathIsValid( dest ) ){
return zuluExit( 5 ) ;
}
/*
* zuluCryptPathIsNotValid() is defined in ../lib/is_path_valid.c
*/
if( zuluCryptPathIsNotValid( source ) ){
return zuluExit( 6 ) ;
}
/*
* below two functions are defined in path_access.c
*/
if( zuluCryptCanOpenPathForWriting( dest,uid ) == 1 ){
return zuluExit( 10 ) ;
}
if( zuluCryptCanOpenPathForReading( source,uid ) == 1 ){
return zuluExit( 15 ) ;
}
if( type == NULL ){
printf( gettext( "Enter passphrase: " ) ) ;
/*
* ZULUCRYPT_KEY_MAX_SIZE is set in ../constants.h
*/
switch( StringSilentlyGetFromTerminal_1( &p,ZULUCRYPT_KEY_MAX_SIZE ) ){
case 1 : return zuluExit( 12 ) ;
case 2 : return zuluExit( 13 ) ;
}
printf( gettext( "\nRe enter passphrase: " ) ) ;
switch( StringSilentlyGetFromTerminal_1( &q,ZULUCRYPT_KEY_MAX_SIZE ) ){
case 1 : StringClearDelete( &p ) ;
return zuluExit( 12 ) ;
case 2 : StringClearDelete( &p ) ;
return zuluExit( 13 ) ;
}
printf( "\n" ) ;
if( !StringEqualString( p,q ) ){
StringClearDelete( &p ) ;
StringClearDelete( &q ) ;
return zuluExit( 8 ) ;
}else{
StringDelete( &q ) ;
}
}else{
if( type == NULL ){
return zuluExit( 9 ) ;
}
if( StringsAreEqual( type,"-p" ) ){
p = String( passphrase ) ;
}else if( StringsAreEqual( type,"-f" ) ){
p = StringGetFromFile( passphrase ) ;
if( p == NULL ){
return zuluExit( 2 ) ;
}
}else{
return zuluExit( 3 ) ;
}
}
if( opt == ENCRYPT ){
/*
* zuluCryptEncryptFile() is defined in ./crypt_file.c
*/
st = zuluCryptEncryptFile( source,dest,StringContent( p ),StringLength( p ) ) ;
}else{
/*
* zuluCryptDecryptFile() is defined in ./crypt_file.c
*/
st = zuluCryptDecryptFile( source,dest,StringContent( p ),StringLength( p ) ) ;
}
StringClearDelete( &p ) ;
switch( st ){
case 1 : return zuluExit( 4 ) ;
case 2 : return zuluExit( 11 ) ;
}
chmod( dest,S_IRUSR | S_IWUSR ) ;
chown( dest,uid,uid ) ;
if( opt == 1 ){
return zuluExit( 1 ) ;
}else{
return zuluExit( 0 ) ;
}
}
int zuluCryptEXEOpenVolume( const struct_opts * opts,const char * mapping_name,uid_t uid )
{
int share = opts->share ;
int open_mount = opts->open_mount ;
const char * device = opts->device ;
const char * mount_point = opts->mount_point ;
const char * m_opts = opts->m_opts ;
const char * source = opts->key_source ;
const char * pass = opts->key ;
const char * plugin_path = opts->plugin_path ;
const char * fs_opts = opts->fs_opts ;
const char * offset = opts->offset ;
const char * const * tcrypt_keyfiles = opts->tcrypt_multiple_keyfiles ;
/*
* Below is a form of memory management.All strings are collected in a stringlist object to easily delete them
* when the function returns.This allows for the function to have multiple exit points without risks of leaking
* memory from manually examining each exit point to make sure all strings are deleted or go with multiple goto
* code deleting blocks to take into account different exit points.
*/
stringList_t stl ;
string_t * stringArray = StringListArray( &stl,6 ) ;
string_t * passphrase = &stringArray[ 0 ] ;
string_t * m_name = &stringArray[ 1 ] ;
string_t * data = &stringArray[ 2 ] ;
string_t * m_point = &stringArray[ 3 ] ;
string_t * mapper = &stringArray[ 4 ] ;
string_t * mapper_path = &stringArray[ 5 ] ;
const char * key = NULL ;
const char * mapper_name ;
const char * e ;
size_t key_len = 0 ;
int st = 0 ;
stringList_t stz ;
tvcrypt v_info ;
unsigned long m_flags ;
int tcrypt_keyfile = 0 ;
const char * uuid ;
char * device_path ;
/*
* open_struct_t is declared in ../lib/include.h
*/
open_struct_t volume ;
struct stat statstr ;
/*
* zuluCryptVolumeIsInSystemVolumeList() is defined in volumes.c
*/
if( zuluCryptVolumeIsInSystemVolumeList( device ) ){
/*
* check permissions only if volume is explicity mentioned as system.
* This is an exception to avoid some udev bad behaviors on udev enabled build
*/
if( !zuluCryptUserIsAMemberOfAGroup( uid,"zulucrypt" ) ){
return zuluExit( 22,device,mount_point,stl ) ;
}
}
if( m_opts == NULL ){
m_opts = "rw" ;
}
/*
* zuluCryptMountFlagsAreNotCorrect() is defined in ./mount_flags.c
*/
if( zuluCryptMountFlagsAreNotCorrect( m_opts,uid,&m_flags ) ){
return zuluExit( 5,device,mount_point,stl ) ;
}
if( StringHasComponent( m_opts,"rw" ) ){
/*
* zuluCryptSecurityDeviceIsWritable() is defined in path_access.c
*/
st = zuluCryptCanOpenPathForWriting( device,uid ) ;
}else{
/*
* zuluCryptSecurityDeviceIsReadable() is defined in path_access.c
*/
st = zuluCryptCanOpenPathForReading( device,uid ) ;
}
/*
* 1-permissions denied
* 2-invalid path
* 3-shenanigans
* 4-common error
*/
switch( st ){
case 0 : break ;
case 1 : return zuluExit( 6,device,mount_point,stl ) ;
case 2 : return zuluExit( 6,device,mount_point,stl ) ;
case 3 : return zuluExit( 6,device,mount_point,stl ) ;
case 4 : return zuluExit( 6,device,mount_point,stl ) ;
default: return zuluExit( 6,device,mount_point,stl ) ;
}
if( open_mount ){
/*
* zuluCryptCreateMountPoint() is defined in create_mount_point.c
*/
*m_point = zuluCryptCreateMountPoint( device,mount_point,m_opts,uid ) ;
mount_point = StringContent( *m_point ) ;
if( mount_point == NULL ){
return zuluExit( 9,device,mount_point,stl ) ;
}
}else{
if( uid != 0 ){
return zuluExit( 7,device,mount_point,stl ) ;
}
if( mount_point != NULL ){
return zuluExit( 8,device,mount_point,stl ) ;
}
}
if( share ){
/*
* zuluCryptBindSharedMountPointPathTaken() is defined in bind.c
*/
if( zuluCryptBindSharedMountPointPathTaken( *m_point ) ){
return zuluExit_1( 10,opts,device,mount_point,stl ) ;
}
}
/*
* zuluCryptCreateMapperName() is defined in ../lib/create_mapper_name.c
*/
*m_name = zuluCryptCreateMapperName( device,mapping_name,uid,ZULUCRYPTshortMapperPath ) ;
*mapper = StringCopy( *m_name ) ;
mapper_name = StringContent( *m_name ) ;
*mapper_path = String( zuluCryptMapperPrefix() ) ;
e = StringMultipleAppend( *mapper_path,"/",mapper_name,NULL ) ;
if( stat( e,&statstr ) == 0 ){
return zuluExit_1( 11,opts,device,mount_point,stl ) ;
}
if( plugin_path != NULL ){
/*
* zuluCryptUUIDFromPath() is defined in path_access.c
*/
uuid = zuluCryptUUIDFromPath( device ) ;
device_path = _device_path( device ) ;
/*
* zuluCryptPluginManagerGetKeyFromModule is defined in ../pluginManager/zuluCryptPluginManager.c
*/
*passphrase = zuluCryptPluginManagerGetKeyFromModule( device_path,plugin_path,uuid,uid,opts,&st ) ;
StringFree( device_path ) ;
StringFree( uuid ) ;
if( st != 0 || *passphrase == StringVoid ){
return zuluExit_1( 12,opts,device,mount_point,stl ) ;
}
key_len = StringLength( *passphrase ) ;
key = StringContent( *passphrase ) ;
zuluCryptSecurityLockMemory_1( *passphrase ) ;
}else if( source == NULL && tcrypt_keyfiles[ 0 ] == NULL ){
printf( gettext( "Enter passphrase: " ) ) ;
/*
* ZULUCRYPT_KEY_MAX_SIZE is set in ../constants.h
*/
switch( StringSilentlyGetFromTerminal_1( passphrase,ZULUCRYPT_KEY_MAX_SIZE ) ){
case 1 : return zuluExit_1( 13,opts,device,mount_point,stl ) ;
case 2 : return zuluExit_1( 14,opts,device,mount_point,stl ) ;
}
printf( "\n" ) ;
key = StringContent( *passphrase ) ;
key_len = StringLength( *passphrase ) ;
zuluCryptSecurityLockMemory_1( *passphrase ) ;
}else{
if( source == NULL || pass == NULL ){
if( tcrypt_keyfiles == NULL ){
return zuluExit_1( 15,opts,device,mount_point,stl ) ;
}
}
if( StringsAreEqual( source,"-p" ) ){
key = pass ;
key_len = StringSize( pass ) ;
}else if( StringsAreEqual( source,"-f" ) ){
if( StringHasNoComponent( pass,"/.zuluCrypt-socket" ) ){
tcrypt_keyfile = 1 ;
}
/*
* function is defined at "path_access.c"
*/
switch( zuluCryptGetPassFromFile( pass,uid,data ) ){
case 1 : return zuluExit_1( 16,opts,device,mount_point,stl ) ;
case 2 : return zuluExit_1( 17,opts,device,mount_point,stl ) ;
case 4 : return zuluExit_1( 18,opts,device,mount_point,stl ) ;
case 5 : return zuluExit_1( 19,opts,device,mount_point,stl ) ;
}
key = StringContent( *data ) ;
key_len = StringLength( *data ) ;
zuluCryptSecurityLockMemory_1( *data ) ;
}
}
memset( &volume,'\0',sizeof( open_struct_t ) ) ;
if( key != NULL ){
volume.key = key ;
volume.key_len = key_len ;
}else{
volume.key = "" ;
volume.key_len = 0 ;
}
volume.device = device ;
volume.offset = offset ;
volume.mapper_name = mapper_name ;
volume.m_point = mount_point ;
volume.fs_opts = fs_opts ;
volume.uid = uid ;
volume.m_opts = m_opts ;
volume.m_flags = m_flags ;
/*
* zuluCryptTrueCryptVeraCryptVolumeInfo() is defined in this source file.
*/
zuluCryptTrueCryptVeraCryptVolumeInfo( opts->type,&v_info ) ;
volume.iteration_count = v_info.iteration_count ;
volume.veraCrypt_volume = StringAtLeastOneMatch( v_info.type,"vcrypt","veracrypt","vera",NULL ) ;
StringDelete( &v_info.type ) ;
plugin_path = plugin_path + StringLastIndexOfChar_1( plugin_path,'/' ) + 1 ;
volume.luks_detached_header = StringHasComponent( plugin_path,"luks" ) ;
volume.general_detached_header = StringHasComponent( plugin_path,"generic_header" ) ;
if( tcrypt_keyfile ){
volume.key_source = TCRYPT_KEYFILE ;
}
if( tcrypt_keyfiles[ 0 ] != NULL ){
/*
* Here, we take a list of keyfiles supplied by the user and then copy them to a safe
* location at "/run/zuluCrypt" and then we pass these safe copies to cryptsetup.
*
* The idea is not to let cryptsetup, a privileged process handle user managed files.
*/
stz = zuluCryptCreateKeyFiles( tcrypt_keyfiles,0 ) ;
volume.tcrypt_keyfiles_count = StringListSize( stz ) ;
volume.tcrypt_keyfiles = StringListStringArray_0( stz ) ;
st = _open_volume( &volume ) ;
zuluCryptDeleteKeyFiles( stz ) ;
StringFree( volume.tcrypt_keyfiles ) ;
StringListDelete( &stz ) ;
}else{
st = _open_volume( &volume ) ;
}
/*
* below two return values comes from ../lib/mount_volume.c
*/
if( st == -1 ){
st = 20 ;
}
if( st == 12 ){
st = 21 ;
}
if( st == 8 || st == 3 ){
st = 3 ;
}
device = StringMultiplePrepend( *mapper,"/",zuluCryptMapperPrefix(),NULL ) ;
if( st == 0 && share ){
/*
* user wish to share the mount point bind the mount point to a publicly accessed path at /run/media/public/
*/
/*
* zuluCryptBindMountVolume() is defined in ../zuluCrypt-cli/bin/bind.c
*/
zuluCryptBindMountVolume( device,*m_point,m_flags ) ;
}
/*
* zuluCryptCheckInvalidKey() is defined in check_invalid_key.c
*/
zuluCryptCheckInvalidKey( opts->device ) ;
return zuluExit_1( st,opts,device,mount_point,stl ) ;
}
int zuluCryptOpenVolume( const char * dev,const char * mapper,
const char * m_point,uid_t id,unsigned long m_opts,
const char * fs_opts,const char * pass,size_t pass_size )
{
int h ;
string_t p = StringVoid ;
string_t q = StringVoid ;
int lmode ;
int fd ;
const char * mode ;
const char * mapper_1 ;
/*
* zuluCryptPathIsNotValid() is defined in is_path_valid.c
*/
if( zuluCryptPathIsNotValid( dev ) ){
return 3 ;
}
/*
* zuluCryptMapperPrefix() is defined in create_mapper_name.c
*/
p = String( zuluCryptMapperPrefix() ) ;
mapper_1 = StringMultipleAppend( p,"/",mapper,END ) ;
/*
* zuluCryptPathIsValid() is defined in is_path_valid.c
*/
if( zuluCryptPathIsValid( mapper_1 ) ){
return zuluExit( 2,p ) ;
}
if( m_opts & MS_RDONLY ){
lmode = O_RDONLY ;
mode = "ro" ;
}else{
lmode = O_RDWR ;
mode = "rw" ;
}
if( StringPrefixMatch( dev,"/dev/",5 ) ){
h = _open_mapper( dev,mapper,mode,pass,pass_size ) ;
}else{
/*
* zuluCryptAttachLoopDeviceToFile() is defined in create_loop_device.c
*/
if( zuluCryptAttachLoopDeviceToFile( dev,lmode,&fd,&q ) ){
dev = StringContent( q ) ;
h = _open_mapper( dev,mapper,mode,pass,pass_size ) ;
close( fd ) ;
StringDelete( &q ) ;
}else{
h = 1 ;
}
}
switch( h ){
case 1 : return zuluExit( 4,p ) ;
case 2 : return zuluExit( 8,p ) ;
case 3 : return zuluExit( 3,p ) ;
}
if( m_point != NULL ){
/*
* zuluCryptMountVolume() is defined in mount_volume.c
*/
h = zuluCryptMountVolume( mapper_1,m_point,m_opts,fs_opts,id ) ;
if( h != 0 ){
/*
* zuluCryptCloseMapper() is defined in close_mapper.c
*/
if( zuluCryptCloseMapper( mapper_1 ) != 0 ){
h = 15 ;
}
}
}
return zuluExit( h,p ) ;
}
/*
* get_pass_from_file function is defined at get_pass_from_file.c *
*/
int zuluCryptEXEAddKey( const struct_opts * opts,uid_t uid )
{
const char * device = opts->device ;
const char * keyType1 = opts->existing_key_source ;
const char * existingKey = opts->existing_key ;
const char * keyType2 = opts->new_key_source ;
const char * newKey = opts->new_key ;
/*
* Below is a form of memory management.All strings are collected in a stringlist object to easily delete them
* when the function returns.This allows for the function to have multiple exit points without risks of leaking
* memory from manually examining each exit point to make sure all strings are deleted or go with multiple goto
* code deleting blocks to take into account different exit points.
*/
stringList_t stl ;
string_t * stringArray = StringListArray( &stl,5 ) ;
string_t * presentKey = &stringArray[ 0 ] ;
string_t * newKey_1 = &stringArray[ 1 ] ;
string_t * newKey_2 = &stringArray[ 2 ] ;
string_t * ek = &stringArray[ 3 ] ;
string_t * nk = &stringArray[ 4 ] ;
const char * key1 = NULL ;
const char * key2 = NULL ;
size_t len1 = 0 ;
size_t len2 = 0 ;
int status = 0 ;
tcrypt_opts tcrypt ;
memset( &tcrypt,'\0',sizeof( tcrypt_opts ) ) ;
/*
* zuluCryptPartitionIsSystemPartition() is defined in ./partitions.c
*/
if( zuluCryptPartitionIsSystemPartition( device,uid ) ){
if( !zuluCryptUserIsAMemberOfAGroup( uid,"zulucrypt" ) ){
return zuluExit( 4,stl ) ;
}
}
/*
* zuluCryptSecurityDeviceIsWritable() is defined in path_access.c
*/
status = zuluCryptCanOpenPathForWriting( device,uid ) ;
/*
* 1-permissions denied
* 2-invalid path
* 3-shenanigans
* 4-common error
*/
switch( status ){
case 0 : break ;
case 1 : return zuluExit( 5,stl ) ;
case 2 : return zuluExit( 5,stl ) ;
case 3 : return zuluExit( 5,stl ) ;
case 4 : return zuluExit( 5,stl ) ;
default: return zuluExit( 5,stl ) ;
}
switch( _zuluCryptCheckEmptySlots( device ) ){
case 0 : return zuluExit( 6,stl ) ;
case 1 : return zuluExit( 2,stl ) ;
case 2 : /* no complains,continue */ ;
}
if( keyType1 == NULL && keyType2 == NULL ){
switch( zuluGetKeys( presentKey,newKey_1,newKey_2 ) ){
case 1 : return zuluExit( 7,stl ) ;
case 2 : return zuluExit( 8,stl ) ;
}
if( StringEqualString( *newKey_1,*newKey_2 ) ){
key1 = StringContent( *presentKey ) ;
len1 = StringLength ( *presentKey ) ;
key2 = StringContent( *newKey_1 ) ;
len2 = StringLength ( *newKey_1 ) ;
}else{
return zuluExit( 9,stl ) ;
}
}else{
if( newKey == NULL || existingKey == NULL ){
return zuluExit( 10,stl ) ;
}
if( StringsAreEqual( keyType1,"-f" ) ){
/*
* this function is defined at "path_access.c"
*/
switch( zuluCryptGetPassFromFile( existingKey,uid,ek ) ){
case 1 : return zuluExit( 11,stl ) ;
case 4 : return zuluExit( 12,stl ) ;
case 2 : return zuluExit( 13,stl ) ;
case 5 : return zuluExit( 14,stl ) ;
}
key1 = StringContent( *ek ) ;
len1 = StringLength( *ek ) ;
if( StringHasNoComponent( existingKey,"/.zuluCrypt-socket" ) ){
tcrypt.existing_key_is_keyfile = 1 ;
}
}
if( StringsAreEqual( keyType2,"-f" ) ){
/*
* this function is defined at "path_access.c"
*/
switch( zuluCryptGetPassFromFile( newKey,uid,nk ) ){
case 1 : return zuluExit( 11,stl ) ;
case 4 : return zuluExit( 12,stl ) ;
case 2 : return zuluExit( 13,stl ) ;
case 5 : return zuluExit( 14,stl ) ;
}
key2 = StringContent( *nk ) ;
len2 = StringLength( *nk ) ;
if( StringHasNoComponent( newKey,"/.zuluCrypt-socket" ) ){
tcrypt.new_key_is_keyfile = 1 ;
}
}
if( StringsAreEqual( keyType1,"-f" ) && StringsAreEqual( keyType2,"-f" ) ){
;
}else if( StringsAreEqual( keyType1,"-p" ) && StringsAreEqual( keyType2,"-p" ) ){
key1 = existingKey ;
len1 = StringSize( existingKey ) ;
key2 = newKey ;
len2 = StringSize( newKey ) ;
}else if( StringsAreEqual( keyType1,"-p" ) && StringsAreEqual( keyType2,"-f" ) ){
key1 = existingKey ;
len1 = StringSize( existingKey ) ;
}else if( StringsAreEqual( keyType1,"-f" ) && StringsAreEqual( keyType2,"-p" ) ){
key2 = newKey ;
len2 = StringSize( newKey ) ;
}else{
return zuluExit( 10,stl ) ;
}
}
zuluCryptSecurityLockMemory( stl ) ;
zuluCryptSecurityGainElevatedPrivileges() ;
/*
* zuluCryptVolumeIsLuks() is defined in ../lib/is_luks.c
*/
if( zuluCryptVolumeIsLuks( device ) ){
/*
* zuluCryptAddKey() is defined in ../lib/add_key.c
*/
status = zuluCryptAddKey( device,key1,len1,key2,len2 ) ;
}else{
tcrypt.device = device ;
tcrypt.existing_key = key1 ;
tcrypt.existing_key_size = len1 ;
tcrypt.new_key = key2 ;
tcrypt.new_key_size = len2 ;
status = _replace_truecrypt_key( &tcrypt ) ;
}
zuluCryptSecurityDropElevatedPrivileges() ;
return zuluExit( status,stl ) ;
}
int zuluCryptEXECloseVolume( const char * dev,const char * mapping_name,uid_t uid )
{
int st ;
int i ;
string_t p = StringVoid ;
char * m_point = NULL ;
struct stat xt ;
const char * mapper ;
int r ;
zuluCryptSecurityGainElevatedPrivileges() ;
r = zuluCryptDeviceHasAgivenFileSystem( dev,zuluCryptBitLockerType() ) ;
if( r == 1 ){
p = zuluCryptBitLockerFullMapperPath( uid,dev ) ;
mapper = StringContent( p ) ;
i = stat( mapper,&xt ) ;
zuluCryptSecurityDropElevatedPrivileges() ;
if( i != 0 ){
return zuluExit( 1,p ) ;
}
}else{
zuluCryptSecurityDropElevatedPrivileges() ;
/*
* ZULUCRYPTlongMapperPath is set in ../constants.h
* zuluCryptCreateMapperName() defined in ../lib/create_mapper_name.c
*/
p = zuluCryptCreateMapperName( dev,mapping_name,uid,ZULUCRYPTlongMapperPath ) ;
mapper = StringContent( p ) ;
if( stat( mapper,&xt ) != 0 ){
return zuluExit( 1,p ) ;
}
}
/*
* zuluCryptBindUnmountVolume() is defined in ./bind.c
*/
switch( zuluCryptBindUnmountVolume( StringListVoid,mapper,uid ) ){
case 3 : return zuluExit( 7,p ) ;
case 4 : return zuluExit( 8,p ) ;
case 5 : return zuluExit( 9,p ) ;
default: ;
}
zuluCryptSecurityGainElevatedPrivileges() ;
/*
* zuluCryptCloseVolume() is defined in ../lib/close_volume.c
*
* zuluCryptReuseMountPoint() is defined in create_mount_point.c
*/
if( r == 1 ){
if( zuluCryptReuseMountPoint() ){
st = zuluCryptBitLockerlock( p,NULL ) ;
}else{
st = zuluCryptBitLockerlock( p,&m_point ) ;
}
}else{
if( zuluCryptReuseMountPoint() ){
st = zuluCryptCloseVolume( mapper,NULL ) ;
}else{
st = zuluCryptCloseVolume( mapper,&m_point ) ;
}
}
if( st == 0 && m_point != NULL ){
for( i = 0 ; i < 2 ; i++ ){
if( rmdir( m_point ) == 0 ){
break ;
}else{
sleep( 1 ) ;
}
}
}
StringFree( m_point ) ;
zuluCryptSecurityDropElevatedPrivileges() ;
return zuluExit( st,p ) ;
}
/*
* Purpose of this function is to open a device and write random data to it as a way of hiding information on the disk.
*
* The above is accomplished by opening a plain mapper against the device and then write to the device through the mapper
*
*/
int zuluCryptEXEWriteDeviceWithJunk( const struct_opts * opts,const char * mapping_name,uid_t uid )
{
stringList_t stl = StringListInit() ;
string_t * mapper = StringListAssign( stl ) ;
string_t * confirm = StringListAssign( stl );
double size ;
double size_written ;
const char * device = opts->device ;
char buffer[ SIZE ] ;
int ratio ;
int prev_ratio ;
int k ;
struct sigaction sigac;
memset( &sigac,'\0',sizeof( struct sigaction ) ) ;
sigac.sa_handler = &sigTERMhandler ;
sigaction( SIGINT,&sigac,NULL ) ;
sigaction( SIGTERM,&sigac,NULL ) ;
sigaction( SIGHUP,&sigac,NULL ) ;
__exit_as_requested = 0 ;
if( ( k = open_plain_as_me_1( opts,mapping_name,uid,0 ) ) != 0 ){
return k ;
}
*mapper = zuluCryptCreateMapperName( device,mapping_name,uid,ZULUCRYPTshortMapperPath ) ;
StringMultiplePrepend( *mapper,"/",crypt_get_dir(),NULL ) ;
if( opts->ask_confirmation ){
printf( gettext( "\nWARNING, device \"%s\" will be overwritten with random data destroying all present data.\n" ),device ) ;
printf( gettext( "Are you sure you want to proceed? Type \"YES\" and press enter if you are sure: " ) ) ;
*confirm = StringGetFromTerminal_1( 3 ) ;
if( *confirm == StringVoid ){
return zuluExit( stl,17 ) ;
}else{
k = StringEqual( *confirm,gettext( "YES" ) ) ;
if( k == 0 ){
if( zuluCryptSecurityGainElevatedPrivileges() ){
zuluCryptCloseMapper( StringContent( *mapper ) ) ;
zuluCryptSecurityDropElevatedPrivileges() ;
}
return zuluExit( stl,5 ) ;
}
}
}
k = open( StringContent( *mapper ),O_WRONLY ) ;
size = ( double ) blkid_get_dev_size( k ) ;
memset( buffer,0,SIZE ) ;
size_written = 0 ;
prev_ratio = -1 ;
while( write( k,buffer,SIZE ) > 0 ){
if( __exit_as_requested == 1 ){
break ;
}
size_written += SIZE ;
ratio = ( int ) ( ( size_written / size ) * 100 ) ;
if( ratio > prev_ratio ){
printf( "\r%s %d%%",gettext( "percentage complete: " ),ratio ) ;
fflush( stdout );
prev_ratio = ratio ;
}
}
close( k ) ;
if( zuluCryptSecurityGainElevatedPrivileges() ){
zuluCryptCloseMapper( StringContent( *mapper ) ) ;
zuluCryptSecurityDropElevatedPrivileges() ;
}
if( __exit_as_requested == 1 ){
return zuluExit( stl,15 ) ;
}else{
return zuluExit( stl,3 ) ;
}
}
static int open_plain_as_me_1(const struct_opts * opts,const char * mapping_name,uid_t uid,int op )
{
/*
* Below is a form of memory management.All strings are collected in a stringlist object to easily delete them
* when the function returns.This allows for the function to have multiple exit points without risks of leaking
* memory from manually examining each exit point to make sure all strings are deleted or go with multiple goto
* code deleting blocks to take into account different exit points.
*/
stringList_t stl ;
string_t * stringArray = StringListArray( &stl,5 ) ;
string_t * mapper = &stringArray[ 0 ] ;
string_t * passphrase = &stringArray[ 1 ] ;
string_t * p = &stringArray[ 2 ] ;
string_t * dev_st = &stringArray[ 3 ] ;
string_t * dev_1 = &stringArray[ 4 ] ;
size_t len = 0 ;
const char * source = opts->key_source ;
const char * pass = opts->key ;
int k = opts->ask_confirmation ;
const char * cpass = NULL ;
char * d ;
const char * device = opts->device ;
const char * dev = opts->device ;
int j ;
int n ;
const char * cmapper ;
if( StringPrefixEqual( device,"/dev/loop" ) ){
/*
* zuluCryptLoopDeviceAddress() is defined in ../lib/create_loop_device.c
*/
d = zuluCryptLoopDeviceAddress( device ) ;
*dev_st = StringInherit( &d ) ;
dev = StringContent( *dev_st ) ;
*dev_1 = StringCopy( *dev_st ) ;
device = StringReplaceString( * dev_1,"\\040"," " ) ;
}
/*
* zuluCryptPartitionIsSystemPartition() is defined in ./partition.c
*/
if( zuluCryptPartitionIsSystemPartition( device,uid ) ){
if( uid != 0 ){
return zuluExit( stl,8 ) ;
}
}
/*
* ZULUCRYPTlongMapperPath and ZULUCRYPTshortMapperPath are in ../constants.h
* zuluCryptCreateMapperName() is defined at ../lib/create_mapper_name.c
*/
*mapper = zuluCryptCreateMapperName( device,mapping_name,uid,ZULUCRYPTshortMapperPath ) ;
*p = zuluCryptCreateMapperName( device,mapping_name,uid,ZULUCRYPTlongMapperPath ) ;
j = zuluCryptCheckOpenedMapper( StringContent( *p ) ) ;
/*
* zuluCryptPartitionIsMounted() is defined in ../lib/process_mountinfo.c
*/
n = zuluCryptPartitionIsMounted( dev ) ;
if( j == 1 ){
return zuluExit( stl,13 ) ;
}
if( n == 1 ){
return zuluExit( stl,14 ) ;
}
if( k == 0 ){
*passphrase = StringRandomString( 64 ) ;
cpass = StringContent( *passphrase ) ;
len = StringLength( *passphrase ) ;
}else if( source == NULL ){
printf( gettext( "Enter passphrase: " ) ) ;
/*
* ZULUCRYPT_KEY_MAX_SIZE is set in ../constants.h
*/
switch( StringSilentlyGetFromTerminal_1( passphrase,ZULUCRYPT_KEY_MAX_SIZE ) ){
case 1 : return zuluExit( stl,16 ) ;
case 2 : return zuluExit( stl,17 ) ;
}
printf( "\n" ) ;
cpass = StringContent( *passphrase ) ;
len = StringLength( *passphrase ) ;
}else{
if( strcmp( source,"-p" ) == 0 ){
*passphrase = String( pass ) ;
cpass = StringContent( *passphrase ) ;
len = StringLength( *passphrase ) ;
}else if( strcmp( source,"-f" ) == 0 ){
/*
* zuluCryptGetPassFromFile() is defined at "path_access.c"
*/
switch( zuluCryptGetPassFromFile( pass,uid,passphrase ) ){
case 1 : return zuluExit( stl,10 ) ;
case 2 : return zuluExit( stl,11 ) ;
case 4 : return zuluExit( stl,12 ) ;
}
cpass = StringContent( *passphrase ) ;
len = StringLength( *passphrase ) ;
}
}
if( zuluCryptSecurityGainElevatedPrivileges() ){
/*
* zuluCryptOpenPlain() is defined in ../lib/open_plain.c
*/
if( zuluCryptOpenPlain( device,StringContent( *mapper ),"rw",cpass,len ) != 0 ){
zuluCryptSecurityDropElevatedPrivileges() ;
return zuluExit( stl,1 ) ;
}
}
zuluCryptSecurityDropElevatedPrivileges() ;
/*
* Create a mapper path(usually at /dev/mapper) associated with opened plain mapper above.
*/
cmapper = StringMultiplePrepend( *mapper,"/",crypt_get_dir(),NULL ) ;
/*
* mapper path is usually a soft link to /dev/dm-X
* resolve the mapper path to its respective /dev/dm-X and set permission on it.
*
* We set permission of /dev/dm-X pointing to the device to "u+rw" because we want notmal user to be able
* to write to the device through the mapper.
*
* Useful when a normal user want to delete content of the device by writing random data to it.
*/
d = zuluCryptRealPath( cmapper ) ;
if( zuluCryptSecurityGainElevatedPrivileges() ){
if( d != NULL ){
_ignore_result( chown( d,uid,0 ) ) ;
_ignore_result( chmod( d,S_IRWXU ) ) ;
StringFree( d ) ;
}
zuluCryptSecurityDropElevatedPrivileges() ;
}else{
return zuluExit( stl,1 ) ;
}
if( op == 1 ){
return zuluExit( stl,0 ) ;
}else{
StringListClearDelete( &stl ) ;
return 0 ;
}
}
int zuluCryptEXERemoveKey( const struct_opts * opts,uid_t uid )
{
int ask_confirmation = opts->ask_confirmation ;
const char * device = opts->device ;
const char * keyType = opts->key_source ;
const char * keytoremove = opts->key ;
stringList_t stl = StringListInit() ;
string_t * pass = StringListAssign( stl ) ;
string_t * confirm = StringListAssign( stl ) ;
int status = 0 ;
const char * key ;
size_t key_size ;
/*
* zuluCryptPartitionIsSystemPartition() is defined in ./partitions.c
*/
if( zuluCryptPartitionIsSystemPartition( device,uid ) ){
if( !zuluCryptUserIsAMemberOfAGroup( uid,"zulucrypt" ) ){
return zuluExit( 4,stl ) ;
}
}
/*
* zuluCryptCanOpenPathForWriting is defined in path_access.c
*/
status = zuluCryptCanOpenPathForWriting( device,uid ) ;
/*
* 1-permissions denied
* 2-invalid path
* 3-shenanigans
* 4-common error
*/
switch( status ){
case 0 : break ;
case 1 : return zuluExit( 5,stl ) ;
case 2 : return zuluExit( 5,stl ) ;
case 3 : return zuluExit( 5,stl ) ;
case 4 : return zuluExit( 5,stl ) ;
default: return zuluExit( 5,stl ) ;
}
if( _zuluCryptExECheckEmptySlots( device ) == 3 ){
if( ask_confirmation ){
printf( gettext( "WARNING: There is only one key in the volume and all data in it will be lost if you continue.\n" ) ) ;
printf( gettext( "Do you still want to continue? Type \"YES\" if you do: " ) ) ;
*confirm = StringGetFromTerminal_1( 3 ) ;
if( *confirm == StringVoid ){
return zuluExit( 6,stl ) ;
}
if( !StringEqual( *confirm,gettext( "YES" ) ) ){
return zuluExit( 7,stl ) ;
}
}
}
if( keyType == NULL ){
printf( gettext( "Enter a key to be removed: " ) ) ;
/*
* ZULUCRYPT_KEY_MAX_SIZE is set in ../constants.h
*/
switch( StringSilentlyGetFromTerminal_1( pass,ZULUCRYPT_KEY_MAX_SIZE ) ){
case 1 : return zuluExit( 8,stl ) ;
case 2 : return zuluExit( 9,stl ) ;
}
printf( "\n" ) ;
key = StringContent( *pass ) ;
key_size = StringLength( *pass ) ;
zuluCryptSecurityLockMemory_1( *pass ) ;
}else{
if( keyType == NULL || keytoremove == NULL ){
return zuluExit( 10,stl ) ;
}
if( StringsAreEqual( keyType,"-f" ) ){
/*
* zuluCryptGetPassFromFile() is defined at path_access.c"
*/
switch( zuluCryptGetPassFromFile( keytoremove,uid,pass ) ){
case 1 : return zuluExit( 11,stl ) ;
case 2 : return zuluExit( 12,stl ) ;
case 4 : return zuluExit( 13,stl ) ;
case 5 : return zuluExit( 14,stl ) ;
}
key = StringContent( *pass ) ;
key_size = StringLength( *pass ) ;
zuluCryptSecurityLockMemory_1( *pass ) ;
}else if( StringsAreEqual( keyType, "-p" ) ){
key = keytoremove ;
key_size = StringSize( keytoremove ) ;
}else{
return zuluExit( 10,stl ) ;
}
}
zuluCryptSecurityGainElevatedPrivileges() ;
/*
* zuluCryptRemoveKey() is defined in ../lib/remove_key.c
*/
status = zuluCryptRemoveKey( device,key,key_size ) ;
zuluCryptSecurityDropElevatedPrivileges() ;
if( status == 1 ){
status = zuluExit_1( status,device,stl ) ;
}else{
status = zuluExit( status,stl ) ;
}
/*
* zuluCryptCheckInvalidKey() is defined in check_invalid_key.c
*/
zuluCryptCheckInvalidKey( opts->device ) ;
return status ;
}
