diff options
Diffstat (limited to 'src/Core')
-rw-r--r-- | src/Core/Unix/CoreService.cpp | 3 | ||||
-rw-r--r-- | src/Core/Unix/CoreUnix.cpp | 98 | ||||
-rw-r--r-- | src/Core/Unix/OpenBSD/CoreOpenBSD.cpp | 166 | ||||
-rw-r--r-- | src/Core/Unix/OpenBSD/CoreOpenBSD.h | 44 | ||||
-rw-r--r-- | src/Core/Unix/OpenBSD/System.h | 19 |
5 files changed, 328 insertions, 2 deletions
diff --git a/src/Core/Unix/CoreService.cpp b/src/Core/Unix/CoreService.cpp index 44389612..f05d8569 100644 --- a/src/Core/Unix/CoreService.cpp +++ b/src/Core/Unix/CoreService.cpp @@ -458,6 +458,9 @@ namespace VeraCrypt adminPassword[request.AdminPassword.size()] = '\n'; } +#if defined(TC_LINUX ) + Thread::Sleep (1000); // wait 1 second for the forked sudo to start +#endif if (write (inPipe->GetWriteFD(), &adminPassword.front(), adminPassword.size())) { } // Errors ignored burn (&adminPassword.front(), adminPassword.size()); diff --git a/src/Core/Unix/CoreUnix.cpp b/src/Core/Unix/CoreUnix.cpp index a6485208..2dac4cb5 100644 --- a/src/Core/Unix/CoreUnix.cpp +++ b/src/Core/Unix/CoreUnix.cpp @@ -24,6 +24,11 @@ namespace VeraCrypt { +#ifdef TC_LINUX + static string GetTmpUser (); + static bool SamePath (const string& path1, const string& path2); +#endif + CoreUnix::CoreUnix () { signal (SIGPIPE, SIG_IGN); @@ -355,9 +360,98 @@ namespace VeraCrypt string CoreUnix::GetTempDirectory () const { - char *envDir = getenv ("TMPDIR"); - return envDir ? envDir : "/tmp"; + const char *tmpdir = getenv ("TMPDIR"); + string envDir = tmpdir ? tmpdir : "/tmp"; + +#ifdef TC_LINUX + /* + * If pam_tmpdir.so is in use, a different temporary directory is + * allocated for each user ID. We need to mount to the directory used + * by the non-root user. + */ + if (getuid () == 0 && envDir.size () >= 2 + && envDir.substr (envDir.size () - 2) == "/0") { + string tmpuser = GetTmpUser (); + if (SamePath (envDir, tmpuser + "/0")) { + /* Substitute the sudo'ing user for 0 */ + char uid[40]; + FILE *fp = fopen ("/proc/self/loginuid", "r"); + if (fp != NULL) { + if (fgets (uid, sizeof (uid), fp) != nullptr) { + envDir = tmpuser + "/" + uid; + } + fclose (fp); + } + } + } +#endif + + return envDir; + } + +#ifdef TC_LINUX + static string GetTmpUser () + { + string tmpuser = "/tmp/user"; + FILE *fp = fopen ("/etc/security/tmpdir.conf", "r"); + if (fp == NULL) { + return tmpuser; + } + while (true) { + /* Parses the same way as pam_tmpdir */ + char line[1024]; + if (fgets (line, sizeof (line), fp) == nullptr) { + break; + } + if (line[0] == '#') { + continue; + } + size_t len = strlen (line); + if (len > 0 && line[len-1] == '\n') { + line[len-1] = '\0'; + } + char *eq = strchr (line, '='); + if (eq == nullptr) { + continue; + } + *eq = '\0'; + const char *key = line; + const char *value = eq + 1; + if (strcmp (key, "tmpdir") == 0) { + tmpuser = value; + break; + } + } + fclose (fp); + return tmpuser; + } + + static bool SamePath (const string& path1, const string& path2) + { + size_t i1 = 0; + size_t i2 = 0; + while (i1 < path1.size () && i2 < path2.size ()) { + if (path1[i1] != path2[i2]) { + return false; + } + /* Any two substrings consisting entirely of slashes compare equal */ + if (path1[i1] == '/') { + while (i1 < path1.size () && path1[i1] == '/') { + ++i1; + } + while (i2 < path2.size () && path2[i2] == '/') { + ++i2; + } + } + else + { + ++i1; + ++i2; + } + } + return (i1 == path1.size () && i2 == path2.size ()); } +#endif bool CoreUnix::IsMountPointAvailable (const DirectoryPath &mountPoint) const { diff --git a/src/Core/Unix/OpenBSD/CoreOpenBSD.cpp b/src/Core/Unix/OpenBSD/CoreOpenBSD.cpp new file mode 100644 index 00000000..0b55b401 --- /dev/null +++ b/src/Core/Unix/OpenBSD/CoreOpenBSD.cpp @@ -0,0 +1,166 @@ +/* $OpenBSD$ */ +/* + Based on FreeBSD/CoreFreeBSD.cpp + + Derived from source code of TrueCrypt 7.1a, which is + Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed + by the TrueCrypt License 3.0. + + Modifications and additions to the original source code (contained in this file) + and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and are governed by the Apache License 2.0 the full text of which is + contained in the file License.txt included in VeraCrypt binary and source + code distribution packages. +*/ + +#include <fstream> +#include <iostream> +#include <stdio.h> +#include <unistd.h> +#include <sys/param.h> +#include <sys/ucred.h> +#include <sys/mount.h> +#include <sys/wait.h> +#include "CoreOpenBSD.h" +#include "Core/Unix/CoreServiceProxy.h" + +namespace VeraCrypt +{ + CoreOpenBSD::CoreOpenBSD () + { + } + + CoreOpenBSD::~CoreOpenBSD () + { + } + + DevicePath CoreOpenBSD::AttachFileToLoopDevice (const FilePath &filePath, bool readOnly) const + { + list <string> args; + + if (readOnly) + { + throw; + } + + // find an available vnd + int freeVnd = -1; + for (int vnd = 0; vnd <= 3; vnd++) + { + stringstream devPath; + devPath << "/dev/vnd" << vnd << "c"; + + if (FilesystemPath (devPath.str()).IsBlockDevice() || FilesystemPath (devPath.str()).IsCharacterDevice()) + { + make_shared_auto (HostDevice, device); + device->Path = devPath.str(); + try + { + GetDeviceSize (device->Path); + } + catch (...) + { + freeVnd = vnd; + break; + } + } + } + + if (freeVnd == -1) + throw "couldn't find free vnd"; + + args.push_back ("-c"); + + stringstream freePath; + freePath << "vnd" << freeVnd; + args.push_back (freePath.str()); + + args.push_back (filePath); + + Process::Execute ("vnconfig", args); + + return "/dev/" + freePath.str() + "c"; + } + + void CoreOpenBSD::DetachLoopDevice (const DevicePath &devicePath) const + { + list <string> args; + args.push_back ("-u"); + args.push_back (devicePath); + + for (int t = 0; true; t++) + { + try + { + Process::Execute ("vnconfig", args); + break; + } + catch (ExecutedProcessFailed&) + { + if (t > 5) + throw; + Thread::Sleep (200); + } + } + } + + // not sure what this is used for + HostDeviceList CoreOpenBSD::GetHostDevices (bool pathListOnly) const + { + throw; + } + + MountedFilesystemList CoreOpenBSD::GetMountedFilesystems (const DevicePath &devicePath, const DirectoryPath &mountPoint) const + { + + static Mutex mutex; + ScopeLock sl (mutex); + + struct statfs *sysMountList; + int count = getmntinfo (&sysMountList, MNT_NOWAIT); + throw_sys_if (count == 0); + + MountedFilesystemList mountedFilesystems; + + for (int i = 0; i < count; i++) + { + make_shared_auto (MountedFilesystem, mf); + + if (sysMountList[i].f_mntfromname[0]) + mf->Device = DevicePath (sysMountList[i].f_mntfromname); + else + continue; + + if (sysMountList[i].f_mntonname[0]) + mf->MountPoint = DirectoryPath (sysMountList[i].f_mntonname); + + mf->Type = sysMountList[i].f_fstypename; + + if ((devicePath.IsEmpty() || devicePath == mf->Device) && (mountPoint.IsEmpty() || mountPoint == mf->MountPoint)) + mountedFilesystems.push_back (mf); + } + + return mountedFilesystems; + } + + void CoreOpenBSD::MountFilesystem (const DevicePath &devicePath, const DirectoryPath &mountPoint, const string &filesystemType, bool readOnly, const string &systemMountOptions) const + { + try + { + // Try to mount FAT by default as mount is unable to probe filesystem type on BSD + CoreUnix::MountFilesystem (devicePath, mountPoint, filesystemType.empty() ? "msdos" : filesystemType, readOnly, systemMountOptions); + } + catch (ExecutedProcessFailed&) + { + if (!filesystemType.empty()) + throw; + + CoreUnix::MountFilesystem (devicePath, mountPoint, filesystemType, readOnly, systemMountOptions); + } + } + +#ifdef TC_OPENBSD + unique_ptr <CoreBase> Core (new CoreServiceProxy <CoreOpenBSD>); + unique_ptr <CoreBase> CoreDirect (new CoreOpenBSD); +#endif +} diff --git a/src/Core/Unix/OpenBSD/CoreOpenBSD.h b/src/Core/Unix/OpenBSD/CoreOpenBSD.h new file mode 100644 index 00000000..3f6c48b5 --- /dev/null +++ b/src/Core/Unix/OpenBSD/CoreOpenBSD.h @@ -0,0 +1,44 @@ +/* $OpenBSD$ */ +/* + Based on FreeBSD/CoreFreeBSD.h + + Derived from source code of TrueCrypt 7.1a, which is + Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed + by the TrueCrypt License 3.0. + + Modifications and additions to the original source code (contained in this file) + and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and are governed by the Apache License 2.0 the full text of which is + contained in the file License.txt included in VeraCrypt binary and source + code distribution packages. +*/ + +#ifndef TC_HEADER_Core_CoreOpenBSD +#define TC_HEADER_Core_CoreOpenBSD + +#include "System.h" +#include "Core/Unix/CoreUnix.h" + +namespace VeraCrypt +{ + class CoreOpenBSD : public CoreUnix + { + public: + CoreOpenBSD (); + virtual ~CoreOpenBSD (); + + virtual HostDeviceList GetHostDevices (bool pathListOnly = false) const; + + protected: + virtual DevicePath AttachFileToLoopDevice (const FilePath &filePath, bool readOnly) const; + virtual void DetachLoopDevice (const DevicePath &devicePath) const; + virtual MountedFilesystemList GetMountedFilesystems (const DevicePath &devicePath = DevicePath(), const DirectoryPath &mountPoint = DirectoryPath()) const; + virtual void MountFilesystem (const DevicePath &devicePath, const DirectoryPath &mountPoint, const string &filesystemType, bool readOnly, const string &systemMountOptions) const; + + private: + CoreOpenBSD (const CoreOpenBSD &); + CoreOpenBSD &operator= (const CoreOpenBSD &); + }; +} + +#endif // TC_HEADER_Core_CoreOpenBSD diff --git a/src/Core/Unix/OpenBSD/System.h b/src/Core/Unix/OpenBSD/System.h new file mode 100644 index 00000000..90b24b2a --- /dev/null +++ b/src/Core/Unix/OpenBSD/System.h @@ -0,0 +1,19 @@ +/* $OpenBSD$ */ +/* + Based on FreeBSD/System.h + + Derived from source code of TrueCrypt 7.1a, which is + Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed + by the TrueCrypt License 3.0. + + Modifications and additions to the original source code (contained in this file) + and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and are governed by the Apache License 2.0 the full text of which is + contained in the file License.txt included in VeraCrypt binary and source + code distribution packages. +*/ + +#ifndef TC_HEADER_Platform_OpenBSD_System +#define TC_HEADER_Platform_OpenBSD_System + +#endif // TC_HEADER_Platform_OpenBSD_System |