+#include <stdio.h>

+ unique_ptr <T> CoreService::GetResponse ()

+ unique_ptr <Serializable> deserializedObject (Serializable::DeserializeNew (ServiceOutputStream));

+ return unique_ptr <T> (dynamic_cast <T *> (deserializedObject.release()));

+ uint8 b;

+ Core = move_ptr(CoreDirect);

+ unique_ptr <T> CoreService::SendRequest (CoreServiceRequest &request)

+ // Test if the user has an active "sudo" session.

+ // This is only done under Linux / FreeBSD by executing the command 'sudo -n uptime'.

+ // In case a "sudo" session is active, the result of the command contains the string 'load average'.

+ // Otherwise, the result contains "sudo: a password is required".

+ // This may not work on all OSX versions because of a bug in sudo in its version 1.7.10,

+ // therefore we keep the old behaviour of sending a 'dummy' password under OSX.

+ // See : https://superuser.com/questions/902826/why-does-sudo-n-on-mac-os-x-always-return-0

+ //

+ // If for some reason we are getting empty output from pipe, we revert to old behavior

+ // We also use the old way if the user is forcing the use of dummy password for sudo

+

+#if defined(TC_LINUX ) || defined (TC_FREEBSD)

+ bool authCheckDone = false;

+ if (!Core->GetUseDummySudoPassword ())

+ {

+ std::vector<char> buffer(128, 0);

+ std::string result;

+

+ FILE* pipe = popen("sudo -n uptime 2>&1 | grep 'load average' | wc -l | tr -d '[:blank:]'", "r"); // We redirect stderr to stdout (2>&1) to be able to catch the result of the command

+ if (pipe)

+ {

+ while (!feof(pipe))

+ {

+ if (fgets(buffer.data(), 128, pipe) != nullptr)

+ result += buffer.data();

+ }

+

+ fflush(pipe);

+ pclose(pipe);

+ pipe = NULL;

+

+ if (!result.empty() && strlen(result.c_str()) != 0)

+ {

+ authCheckDone = true;

+ if (result[0] == '0') // no line found with "load average" text, rerquest admin password

+ (*AdminPasswordCallback) (request.AdminPassword);

+ }

+ }

+

+ if (authCheckDone)

+ {

+ // Set to false to force the 'WarningEvent' to be raised in case of and elevation exception.

+ request.FastElevation = false;

+ }

+ }

+#endif

+ unique_ptr <T> response (GetResponse <T>());

+#if defined(TC_LINUX ) || defined (TC_FREEBSD)

+ if(!authCheckDone)

+#endif

+ (*AdminPasswordCallback) (request.AdminPassword);

+ unique_ptr <Pipe> inPipe (new Pipe());

+ unique_ptr <Pipe> outPipe (new Pipe());

+ // 'request.FastElevation' is always false under Linux / FreeBSD when "sudo -n" works properly

+#if defined(TC_LINUX )

+ Thread::Sleep (1000); // wait 1 second for the forked sudo to start

+#endif

+ burn (&adminPassword.front(), adminPassword.size());

+ // 'request.FastElevation' is always false under Linux / FreeBSD

+ unique_ptr <Serializable> deserializedObject;

+ shared_ptr <Stream> stream (new MemoryStream (ConstBufferPtr ((uint8 *) &errOutput[0], errOutput.size())));

+ uint8 sync[] = { 0, 0x11, 0x22 };

+ AdminInputPipe = move_ptr(inPipe);

+ AdminOutputPipe = move_ptr(outPipe);

+ unique_ptr <Pipe> CoreService::AdminInputPipe;

+ unique_ptr <Pipe> CoreService::AdminOutputPipe;

+ unique_ptr <Pipe> CoreService::InputPipe;

+ unique_ptr <Pipe> CoreService::OutputPipe;

+ template <class T> static unique_ptr <T> GetResponse ();

+ template <class T> static unique_ptr <T> SendRequest (CoreServiceRequest &request);

+ static unique_ptr <Pipe> AdminInputPipe;

+ static unique_ptr <Pipe> AdminOutputPipe;

+ static unique_ptr <Pipe> InputPipe;

+ static unique_ptr <Pipe> OutputPipe;

+ newOptions.Password = Keyfile::ApplyListToPassword (options.Keyfiles, options.Password, options.EMVSupportEnabled);

+ newOptions.ProtectionPassword = Keyfile::ApplyListToPassword (options.ProtectionKeyfiles, options.ProtectionPassword, options.EMVSupportEnabled);

+ VolumePasswordCache::Store (*Keyfile::ApplyListToPassword (options.Keyfiles, options.Password, options.EMVSupportEnabled));

+#ifdef TC_LINUX

+ static string GetTmpUser ();

+ static bool SamePath (const string& path1, const string& path2);

+#endif

+

+ args.push_back ("-p");

+ args.push_back ("tabtitle=fsck");

+ else if (stat("/usr/bin/gnome-terminal", &sb) == 0 && stat("/usr/bin/dbus-launch", &sb) == 0)

+ {

+ args.clear ();

+ args.push_back ("--title");

+ args.push_back ("fsck");

+ args.push_back ("--");

+ args.push_back ("sh");

+ args.push_back ("-c");

+ args.push_back (xargs);

+ try

+ {

+ Process::Execute ("gnome-terminal", args, 1000);

+ } catch (TimeOut&) { }

+ }

+ throw TerminalNotFound();

+ uint8 *b = bootSector.Ptr();

+ // Introduce a retry mechanism with a timeout for control file access

+ // This workaround is limited to FUSE-T mounted volume under macOS for

+ // which md.Device starts with "fuse-t:"

+#ifdef VC_MACOSX_FUSET

+ bool isFuseT = wstring(mf.Device).find(L"fuse-t:") == 0;

+ int controlFileRetries = 10; // 10 retries with 500ms sleep each, total 5 seconds

+ while (!mountedVol && (controlFileRetries-- > 0))

+#endif

+ try

+ {

+ shared_ptr <File> controlFile (new File);

+ controlFile->Open (string (mf.MountPoint) + FuseService::GetControlPath());

+ shared_ptr <Stream> controlFileStream (new FileStream (controlFile));

+ mountedVol = Serializable::DeserializeNew <VolumeInfo> (controlFileStream);

+ }

+ catch (const std::exception& e)

+ {

+#ifdef VC_MACOSX_FUSET

+ // if exception starts with "VeraCrypt::Serializer::ValidateName", then

+ // serialization is not ready yet and we need to wait before retrying

+ // this happens when FUSE-T is used under macOS and if it is the first time

+ // the volume is mounted

+ if (isFuseT && string (e.what()).find ("VeraCrypt::Serializer::ValidateName") != string::npos)

+ {

+ Thread::Sleep(500); // Wait before retrying

+ }

+ else

+ {

+ break; // Control file not found or other error

+ }

+#endif

+ }

+

+ if (!mountedVol)

+ continue; // Skip to the next mounted filesystem

+ const char *tmpdir = getenv ("TMPDIR");

+ string envDir = tmpdir ? tmpdir : "/tmp";

+

+#ifdef TC_LINUX

+ /*

+ * If pam_tmpdir.so is in use, a different temporary directory is

+ * allocated for each user ID. We need to mount to the directory used

+ * by the non-root user.

+ */

+ if (getuid () == 0 && envDir.size () >= 2

+ && envDir.substr (envDir.size () - 2) == "/0") {

+ string tmpuser = GetTmpUser ();

+ if (SamePath (envDir, tmpuser + "/0")) {

+ /* Substitute the sudo'ing user for 0 */

+ char uid[40];

+ FILE *fp = fopen ("/proc/self/loginuid", "r");

+ if (fp != NULL) {

+ if (fgets (uid, sizeof (uid), fp) != nullptr) {

+ envDir = tmpuser + "/" + uid;

+ }

+ fclose (fp);

+ }

+ }

+ }

+#endif

+

+ return envDir;

+ }

+

+#ifdef TC_LINUX

+ static string GetTmpUser ()

+ {

+ string tmpuser = "/tmp/user";

+ FILE *fp = fopen ("/etc/security/tmpdir.conf", "r");

+ if (fp == NULL) {

+ return tmpuser;

+ }

+ while (true) {

+ /* Parses the same way as pam_tmpdir */

+ char line[1024];

+ if (fgets (line, sizeof (line), fp) == nullptr) {

+ break;

+ }

+ if (line[0] == '#') {

+ continue;

+ }

+ size_t len = strlen (line);

+ if (len > 0 && line[len-1] == '\n') {

+ line[len-1] = '\0';

+ }

+ char *eq = strchr (line, '=');

+ if (eq == nullptr) {

+ continue;

+ }

+ *eq = '\0';

+ const char *key = line;

+ const char *value = eq + 1;

+ if (strcmp (key, "tmpdir") == 0) {

+ tmpuser = value;

+ break;

+ }

+ }

+ fclose (fp);

+ return tmpuser;

+ static bool SamePath (const string& path1, const string& path2)

+ {

+ size_t i1 = 0;

+ size_t i2 = 0;

+ while (i1 < path1.size () && i2 < path2.size ()) {

+ if (path1[i1] != path2[i2]) {

+ return false;

+ }

+ /* Any two substrings consisting entirely of slashes compare equal */

+ if (path1[i1] == '/') {

+ while (i1 < path1.size () && path1[i1] == '/') {

+ ++i1;

+ }

+ while (i2 < path2.size () && path2[i2] == '/') {

+ ++i2;

+ }

+ }

+ else

+ {

+ ++i1;

+ ++i2;

+ }

+ }

+ return (i1 == path1.size () && i2 == path2.size ());

+ }

+#endif

+

+ options.EMVSupportEnabled,

+ options.Password.reset();

+ const uint32 devSectorSize = volume->GetFile()->GetDeviceSectorSize();

+ const size_t volSectorSize = volume->GetSectorSize();

+ if (devSectorSize != volSectorSize)

+ throw DeviceSectorSizeMismatch (SRC_POS, StringConverter::ToWide(devSectorSize) + L" != " + StringConverter::ToWide((uint32) volSectorSize));

+ throw_sys_sub_if (chown (mountPoint.c_str(), GetRealUserId(), GetRealGroupId()) == -1, mountPoint);

+ foreach (const string &busType, StringConverter::Split ("ad da vtbd"))

+ std::string chosenFilesystem = "msdos";

+ std::string modifiedMountOptions = systemMountOptions;

+

+ if (filesystemType.empty() && modifiedMountOptions.find("mountprog") == string::npos) {

+ // No filesystem type specified through CLI, attempt to identify with blkid

+ // as mount is unable to probe filesystem type on BSD

+ // Make sure we don't override user defined mountprog

+ std::vector<char> buffer(128,0);

+ std::string cmd = "blkid -o value -s TYPE " + static_cast<std::string>(devicePath) + " 2>/dev/null";

+ std::string result;

+

+ FILE* pipe = popen(cmd.c_str(), "r");

+ if (pipe) {

+ while (!feof(pipe)) {

+ if (fgets(buffer.data(), 128, pipe) != nullptr)

+ result += buffer.data();

+ }

+ fflush(pipe);

+ pclose(pipe);

+ pipe = nullptr;

+ }

+

+ if (result.find("ext") == 0 || StringConverter::ToLower(filesystemType).find("ext") == 0) {

+ chosenFilesystem = "ext2fs";

+ }

+ else if (result.find("exfat") == 0 || StringConverter::ToLower(filesystemType) == "exfat") {

+ chosenFilesystem = "exfat";

+ modifiedMountOptions += string(!systemMountOptions.empty() ? "," : "")

+ + "mountprog=/usr/local/sbin/mount.exfat";

+ }

+ else if (result.find("ntfs") == 0 || StringConverter::ToLower(filesystemType) == "ntfs") {

+ chosenFilesystem = "ntfs";

+ modifiedMountOptions += string(!systemMountOptions.empty() ? "," : "")

+ + "mountprog=/usr/local/bin/ntfs-3g";

+ }

+ else if (!filesystemType.empty()) {

+ // Filesystem is specified but is none of the above, then supply as is

+ chosenFilesystem = filesystemType;

+ }

+ } else

+ chosenFilesystem = filesystemType;

+

+ CoreUnix::MountFilesystem (devicePath, mountPoint, chosenFilesystem, readOnly, modifiedMountOptions);

+ unique_ptr <CoreBase> Core (new CoreServiceProxy <CoreFreeBSD>);

+ unique_ptr <CoreBase> CoreDirect (new CoreFreeBSD);

+#ifdef WOLFCRYPT_BACKEND

+#include "Volume/EncryptionModeWolfCryptXTS.h"

+#endif

+ bool xts = (typeid (*volume->GetEncryptionMode()) ==

+ #ifdef WOLFCRYPT_BACKEND

+ typeid (EncryptionModeWolfCryptXTS));

+ #else

+ typeid (EncryptionModeXTS));

+ #endif

+ bool algoNotSupported = (typeid (*volume->GetEncryptionAlgorithm()) == typeid (Kuznyechik))

+ || (typeid (*volume->GetEncryptionAlgorithm()) == typeid (CamelliaKuznyechik))

+ || (typeid (*volume->GetEncryptionAlgorithm()) == typeid (KuznyechikTwofish))

+ || (typeid (*volume->GetEncryptionAlgorithm()) == typeid (KuznyechikAES))

+ || (typeid (*volume->GetEncryptionAlgorithm()) == typeid (KuznyechikSerpentCamellia));

+ || volume->IsEncryptionNotCompleted ()

+ dmCreateArgsBuf.CopyFrom (ConstBufferPtr ((uint8 *) dmCreateArgs.str().c_str(), dmCreateArgs.str().size()));

+ unique_ptr <CoreBase> Core (new CoreServiceProxy <CoreLinux>);

+ unique_ptr <CoreBase> CoreDirect (new CoreLinux);

+ struct stat sb;

+

+ if (stat("/Applications/Utilities/Disk Utility.app", &sb) == 0)

+ args.push_back ("/Applications/Utilities/Disk Utility.app");

+ else

+ args.push_back ("/System/Applications/Utilities/Disk Utility.app");

+

+#ifndef VC_MACOSX_FUSET

+ fuseVersionStringLength = MAXHOSTNAMELEN;

+ if ((status = sysctlbyname ("vfs.generic.macfuse.version.number", fuseVersionString, &fuseVersionStringLength, NULL, 0)) != 0)

+ {

+ throw HigherFuseVersionRequired (SRC_POS);

+ }

+ if (0 != stat("/usr/local/lib/libosxfuse_i64.2.dylib", &sb) && 0 != stat("/usr/local/lib/libfuse.dylib", &sb))

+#endif

+ unique_ptr <CoreBase> Core (new CoreServiceProxy <CoreMacOSX>);

+ unique_ptr <CoreBase> CoreDirect (new CoreMacOSX);

+/* $OpenBSD$ */

+/*

+ Based on FreeBSD/CoreFreeBSD.cpp

+

+ Derived from source code of TrueCrypt 7.1a, which is

+ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

+ by the TrueCrypt License 3.0.

+

+ Modifications and additions to the original source code (contained in this file)

+ and all other portions of this file are Copyright (c) 2013-2017 IDRIX

+ and are governed by the Apache License 2.0 the full text of which is

+ contained in the file License.txt included in VeraCrypt binary and source

+ code distribution packages.

+*/

+

+#include <fstream>

+#include <iostream>

+#include <stdio.h>

+#include <unistd.h>

+#include <sys/param.h>

+#include <sys/ucred.h>

+#include <sys/mount.h>

+#include <sys/wait.h>

+#include "CoreOpenBSD.h"

+#include "Core/Unix/CoreServiceProxy.h"

+

+namespace VeraCrypt

+{

+ CoreOpenBSD::CoreOpenBSD ()

+ {

+ }

+

+ CoreOpenBSD::~CoreOpenBSD ()

+ {

+ }

+

+ DevicePath CoreOpenBSD::AttachFileToLoopDevice (const FilePath &filePath, bool readOnly) const

+ {

+ list <string> args;

+

+ if (readOnly)

+ {

+ throw;

+ }

+

+ // find an available vnd

+ int freeVnd = -1;

+ for (int vnd = 0; vnd <= 3; vnd++)

+ {

+ stringstream devPath;

+ devPath << "/dev/vnd" << vnd << "c";

+

+ if (FilesystemPath (devPath.str()).IsBlockDevice() || FilesystemPath (devPath.str()).IsCharacterDevice())

+ {

+ make_shared_auto (HostDevice, device);

+ device->Path = devPath.str();

+ try

+ {

+ GetDeviceSize (device->Path);

+ }

+ catch (...)

+ {

+ freeVnd = vnd;

+ break;

+ }

+ }

+ }

+

+ if (freeVnd == -1)

+ throw "couldn't find free vnd";

+

+ stringstream freePath;

+ freePath << "vnd" << freeVnd;

+ args.push_back (freePath.str());

+

+ args.push_back (filePath);

+

+ Process::Execute ("vnconfig", args);

+

+ return "/dev/" + freePath.str() + "c";

+ }

+

+ void CoreOpenBSD::DetachLoopDevice (const DevicePath &devicePath) const

+ {

+ list <string> args;

+ args.push_back ("-u");

+ args.push_back (devicePath);

+

+ for (int t = 0; true; t++)

+ {

+ try

+ {

+ Process::Execute ("vnconfig", args);

+ break;

+ }

+ catch (ExecutedProcessFailed&)

+ {

+ if (t > 5)

+ throw;

+ Thread::Sleep (200);

+ }

+ }

+ }

+

+ // not sure what this is used for

+ HostDeviceList CoreOpenBSD::GetHostDevices (bool pathListOnly) const

+ {

+ throw;

+ }

+

+ MountedFilesystemList CoreOpenBSD::GetMountedFilesystems (const DevicePath &devicePath, const DirectoryPath &mountPoint) const

+ {

+

+ static Mutex mutex;

+ ScopeLock sl (mutex);

+

+ struct statfs *sysMountList;

+ int count = getmntinfo (&sysMountList, MNT_NOWAIT);

+ throw_sys_if (count == 0);

+

+ MountedFilesystemList mountedFilesystems;

+

+ for (int i = 0; i < count; i++)

+ {

+ make_shared_auto (MountedFilesystem, mf);

+

+ if (sysMountList[i].f_mntfromname[0])

+ mf->Device = DevicePath (sysMountList[i].f_mntfromname);

+ else

+ continue;

+

+ if (sysMountList[i].f_mntonname[0])

+ mf->MountPoint = DirectoryPath (sysMountList[i].f_mntonname);

+

+ mf->Type = sysMountList[i].f_fstypename;

+

+ if ((devicePath.IsEmpty() || devicePath == mf->Device) && (mountPoint.IsEmpty() || mountPoint == mf->MountPoint))

+ mountedFilesystems.push_back (mf);

+ }

+

+ return mountedFilesystems;

+ }

+

+ void CoreOpenBSD::MountFilesystem (const DevicePath &devicePath, const DirectoryPath &mountPoint, const string &filesystemType, bool readOnly, const string &systemMountOptions) const

+ {

+ try

+ {

+ // Try to mount FAT by default as mount is unable to probe filesystem type on BSD

+ CoreUnix::MountFilesystem (devicePath, mountPoint, filesystemType.empty() ? "msdos" : filesystemType, readOnly, systemMountOptions);

+ }

+ catch (ExecutedProcessFailed&)

+ {

+ if (!filesystemType.empty())

+ throw;

+

+ CoreUnix::MountFilesystem (devicePath, mountPoint, filesystemType, readOnly, systemMountOptions);

+ }

+ }

+

+#ifdef TC_OPENBSD

+ unique_ptr <CoreBase> Core (new CoreServiceProxy <CoreOpenBSD>);

+ unique_ptr <CoreBase> CoreDirect (new CoreOpenBSD);

+#endif

+}

+/* $OpenBSD$ */

+/*

+ Based on FreeBSD/CoreFreeBSD.h

+

+ Derived from source code of TrueCrypt 7.1a, which is

+ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

+ by the TrueCrypt License 3.0.

+

+ Modifications and additions to the original source code (contained in this file)

+ and all other portions of this file are Copyright (c) 2013-2017 IDRIX

+ and are governed by the Apache License 2.0 the full text of which is

+ contained in the file License.txt included in VeraCrypt binary and source

+ code distribution packages.

+*/

+

+#ifndef TC_HEADER_Core_CoreOpenBSD

+#define TC_HEADER_Core_CoreOpenBSD

+

+#include "System.h"

+#include "Core/Unix/CoreUnix.h"

+

+namespace VeraCrypt

+{

+ class CoreOpenBSD : public CoreUnix

+ {

+ public:

+ CoreOpenBSD ();

+ virtual ~CoreOpenBSD ();

+

+ virtual HostDeviceList GetHostDevices (bool pathListOnly = false) const;

+

+ protected:

+ virtual DevicePath AttachFileToLoopDevice (const FilePath &filePath, bool readOnly) const;

+ virtual void DetachLoopDevice (const DevicePath &devicePath) const;

+ virtual MountedFilesystemList GetMountedFilesystems (const DevicePath &devicePath = DevicePath(), const DirectoryPath &mountPoint = DirectoryPath()) const;

+ virtual void MountFilesystem (const DevicePath &devicePath, const DirectoryPath &mountPoint, const string &filesystemType, bool readOnly, const string &systemMountOptions) const;

+

+ private:

+ CoreOpenBSD (const CoreOpenBSD &);

+ CoreOpenBSD &operator= (const CoreOpenBSD &);

+ };

+}

+

+#endif // TC_HEADER_Core_CoreOpenBSD

+/* $OpenBSD$ */

+/*

+ Based on FreeBSD/System.h

+

+ Derived from source code of TrueCrypt 7.1a, which is

+ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

+ by the TrueCrypt License 3.0.

+

+ Modifications and additions to the original source code (contained in this file)

+ and all other portions of this file are Copyright (c) 2013-2017 IDRIX

+ and are governed by the Apache License 2.0 the full text of which is

+ contained in the file License.txt included in VeraCrypt binary and source

+ code distribution packages.

+*/

+

+#ifndef TC_HEADER_Platform_OpenBSD_System

+#define TC_HEADER_Platform_OpenBSD_System

+

+#endif // TC_HEADER_Platform_OpenBSD_System

+ unique_ptr <CoreBase> Core (new CoreServiceProxy <CoreSolaris>);

+ unique_ptr <CoreBase> CoreDirect (new CoreSolaris);