#

# Derived from source code of TrueCrypt 7.1a, which is

# Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

# by the TrueCrypt License 3.0.

#

# Modifications and additions to the original source code (contained in this file)

# and all other portions of this file are Copyright (c) 2013-2017 IDRIX

# and are governed by the Apache License 2.0 the full text of which is

# contained in the file License.txt included in VeraCrypt binary and source

# code distribution packages.

#

NAME := Driver

OBJS :=

OBJS += FuseService.o

include $(BUILD_INC)/Makefile.inc

static int fuse_service_read (const char *path, char *buf, size_t size, off_t offset, struct fuse_file_info *fi)

{

try

{

if (!FuseService::CheckAccessRights())

return -EACCES;

if (strcmp (path, FuseService::GetVolumeImagePath()) == 0)

{

try

{

// Test for read beyond the end of the volume

if ((uint64) offset + size > FuseService::GetVolumeSize())

size = FuseService::GetVolumeSize() - offset;

size_t sectorSize = FuseService::GetVolumeSectorSize();

if (size % sectorSize != 0 || offset % sectorSize != 0)

{

// Support for non-sector-aligned read operations is required by some loop device tools

// which may analyze the volume image before attaching it as a device

uint64 alignedOffset = offset - (offset % sectorSize);

uint64 alignedSize = size + (offset % sectorSize);

if (alignedSize % sectorSize != 0)

alignedSize += sectorSize - (alignedSize % sectorSize);

SecureBuffer alignedBuffer (alignedSize);

FuseService::ReadVolumeSectors (alignedBuffer, alignedOffset);

}

else

{

}

}

catch (MissingVolumeData&)

{

return 0;

}

return size;

}

if (strcmp (path, FuseService::GetControlPath()) == 0)

{

shared_ptr <Buffer> infoBuf = FuseService::GetVolumeInfo();

if (offset >= (off_t) infoBuf->Size())

return 0;

if (offset + size > infoBuf->Size())

size = infoBuf->Size () - offset;

outBuf.CopyFrom (infoBuf->GetRange (offset, size));

return size;

}

}

catch (...)

{

return FuseService::ExceptionToErrorCode();

}

return -ENOENT;

}

static int fuse_service_readdir (const char *path, void *buf, fuse_fill_dir_t filler, off_t offset, struct fuse_file_info *fi)

{

try

{

if (!FuseService::CheckAccessRights())

return -EACCES;

if (strcmp (path, "/") != 0)

return -ENOENT;

filler (buf, ".", NULL, 0);

filler (buf, "..", NULL, 0);

filler (buf, FuseService::GetVolumeImagePath() + 1, NULL, 0);

filler (buf, FuseService::GetControlPath() + 1, NULL, 0);

}

catch (...)

{

return FuseService::ExceptionToErrorCode();

}

return 0;

}

static int fuse_service_write (const char *path, const char *buf, size_t size, off_t offset, struct fuse_file_info *fi)

{

try

{

if (!FuseService::CheckAccessRights())

return -EACCES;

if (strcmp (path, FuseService::GetVolumeImagePath()) == 0)

{

return size;

}

if (strcmp (path, FuseService::GetControlPath()) == 0)

{

if (FuseService::AuxDeviceInfoReceived())

return -EACCES;

return size;

}

}

#ifdef TC_FREEBSD

// FreeBSD apparently retries failed write operations forever, which may lead to a system crash.

catch (VolumeReadOnly&)

{

return size;

}

catch (VolumeProtected&)

{

return size;

}

#endif

catch (...)

{

return FuseService::ExceptionToErrorCode();

}

return -ENOENT;

}

bool FuseService::CheckAccessRights ()

{

return fuse_get_context()->uid == 0 || fuse_get_context()->uid == UserId;

}

void FuseService::CloseMountedVolume ()

{

if (MountedVolume)

fuse_service_oper.getattr = fuse_service_getattr;

fuse_service_oper.init = fuse_service_init;

fuse_service_oper.open = fuse_service_open;

fuse_service_oper.opendir = fuse_service_opendir;

fuse_service_oper.read = fuse_service_read;

fuse_service_oper.readdir = fuse_service_readdir;

fuse_service_oper.write = fuse_service_write;

// Create a new session

setsid ();

// Fork handler of termination signals

SignalHandlerPipe.reset (new Pipe);

int forkedPid = fork();

throw_sys_if (forkedPid == -1);

if (forkedPid == 0)

{

CloseMountedVolume();

struct sigaction action;

Memory::Zero (&action, sizeof (action));

action.sa_handler = OnSignal;

sigaction (SIGINT, &action, nullptr);

sigaction (SIGQUIT, &action, nullptr);

sigaction (SIGTERM, &action, nullptr);

// Wait for the exit of the main service

if (read (SignalHandlerPipe->GetReadFD(), buf, sizeof (buf))) { } // Errors ignored

_exit (0);

}

SignalHandlerPipe->GetWriteFD();

#ifdef TC_OPENBSD

_exit (fuse_main (argc, argv, &fuse_service_oper, NULL));

#else

_exit (fuse_main (argc, argv, &fuse_service_oper));

#endif

}

VolumeInfo FuseService::OpenVolumeInfo;

Mutex FuseService::OpenVolumeInfoMutex;

shared_ptr <Volume> FuseService::MountedVolume;

VolumeSlotNumber FuseService::SlotNumber;

uid_t FuseService::UserId;

gid_t FuseService::GroupId;

unique_ptr <Pipe> FuseService::SignalHandlerPipe;

}

*/

#ifndef TC_HEADER_Driver_Fuse_FuseService

#define TC_HEADER_Driver_Fuse_FuseService

#include "Platform/Platform.h"

#include "Platform/Unix/Pipe.h"

#include "Platform/Unix/Process.h"

#include "Volume/VolumeInfo.h"

#include "Volume/Volume.h"

namespace VeraCrypt

{

class FuseService

{

protected:

struct ExecFunctor : public ProcessExecFunctor

{

ExecFunctor (shared_ptr <Volume> openVolume, VolumeSlotNumber slotNumber)

: MountedVolume (openVolume), SlotNumber (slotNumber)

{

}

virtual void operator() (int argc, char *argv[]);

protected:

shared_ptr <Volume> MountedVolume;

VolumeSlotNumber SlotNumber;

};

public:

static bool AuxDeviceInfoReceived () { return !OpenVolumeInfo.VirtualDevice.IsEmpty(); }

static bool CheckAccessRights ();

static void Dismount ();

static int ExceptionToErrorCode ();

static const char *GetControlPath () { return "/control"; }

static const char *GetVolumeImagePath ();

static string GetDeviceType () { return "veracrypt"; }

static uid_t GetGroupId () { return GroupId; }

static uid_t GetUserId () { return UserId; }

static shared_ptr <Buffer> GetVolumeInfo ();

static uint64 GetVolumeSize ();

static uint64 GetVolumeSectorSize () { return MountedVolume->GetSectorSize(); }

static void Mount (shared_ptr <Volume> openVolume, VolumeSlotNumber slotNumber, const string &fuseMountPoint);

static void ReadVolumeSectors (const BufferPtr &buffer, uint64 byteOffset);

static void ReceiveAuxDeviceInfo (const ConstBufferPtr &buffer);

static void SendAuxDeviceInfo (const DirectoryPath &fuseMountPoint, const DevicePath &virtualDevice, const DevicePath &loopDevice = DevicePath());

static void WriteVolumeSectors (const ConstBufferPtr &buffer, uint64 byteOffset);

protected:

FuseService ();

static void CloseMountedVolume ();

static void OnSignal (int signal);

static VolumeInfo OpenVolumeInfo;

static Mutex OpenVolumeInfoMutex;

static shared_ptr <Volume> MountedVolume;

static VolumeSlotNumber SlotNumber;

static uid_t UserId;