VeraCrypt
aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMounir IDRASSI <mounir.idrassi@idrix.fr>2019-10-20 14:33:34 (GMT)
committerMounir IDRASSI <mounir.idrassi@idrix.fr>2019-10-20 20:16:57 (GMT)
commitcca08e1ed5fc70cd56a262b7782d970663c8208a (patch)
treeba71a375b26b234916ca357b3f86c8151ea6a543
parent7c020c23ce1b6b645985f5fa75f7928570e62d09 (diff)
downloadVeraCrypt-cca08e1ed5fc70cd56a262b7782d970663c8208a.zip
VeraCrypt-cca08e1ed5fc70cd56a262b7782d970663c8208a.tar.gz
Windows: Add checks that the System Favorites service is running. Warn user if he enabled option to clear RAM encryption keys and the service is stopped.
-rw-r--r--src/Common/BootEncryption.cpp40
-rw-r--r--src/Common/BootEncryption.h1
-rw-r--r--src/Common/Dlgcode.c2
-rw-r--r--src/Common/Dlgcode.h2
-rw-r--r--src/Mount/Favorites.cpp7
-rw-r--r--src/Mount/Mount.c32
6 files changed, 80 insertions, 4 deletions
diff --git a/src/Common/BootEncryption.cpp b/src/Common/BootEncryption.cpp
index 597a567..e93415a 100644
--- a/src/Common/BootEncryption.cpp
+++ b/src/Common/BootEncryption.cpp
@@ -4628,6 +4628,16 @@ namespace VeraCrypt
if (registerService)
{
+ // check if service already exists.
+ // If yes then start it immediatly after reinstalling it
+ bool bAlreadyExists = false;
+ SC_HANDLE service = OpenService (scm, TC_SYSTEM_FAVORITES_SERVICE_NAME, GENERIC_READ);
+ if (service)
+ {
+ bAlreadyExists = true;
+ CloseServiceHandle (service);
+ }
+
try
{
RegisterSystemFavoritesService (FALSE, noFileHandling);
@@ -4650,7 +4660,7 @@ namespace VeraCrypt
throw_sys_if (!CopyFile (appPath, servicePath.c_str(), FALSE));
}
- SC_HANDLE service = CreateService (scm,
+ service = CreateService (scm,
TC_SYSTEM_FAVORITES_SERVICE_NAME,
_T(TC_APP_NAME) L" System Favorites",
SERVICE_ALL_ACCESS,
@@ -4670,6 +4680,10 @@ namespace VeraCrypt
description.lpDescription = L"Mounts VeraCrypt system favorite volumes.";
ChangeServiceConfig2 (service, SERVICE_CONFIG_DESCRIPTION, &description);
+ // start the service immediatly if it already existed before
+ if (bAlreadyExists)
+ StartService (service, 0, NULL);
+
CloseServiceHandle (service);
try
@@ -4711,6 +4725,30 @@ namespace VeraCrypt
}
}
+ bool BootEncryption::IsSystemFavoritesServiceRunning ()
+ {
+ bool bRet = false;
+ SC_HANDLE scm = OpenSCManager (NULL, NULL, SC_MANAGER_CONNECT);
+ if (scm)
+ {
+ SC_HANDLE service = OpenService(scm, TC_SYSTEM_FAVORITES_SERVICE_NAME, GENERIC_READ);
+ if (service)
+ {
+ SERVICE_STATUS status;
+ if (QueryServiceStatus(service, &status))
+ {
+ bRet = (status.dwCurrentState == SERVICE_RUNNING);
+ }
+
+ CloseServiceHandle(service);
+ }
+
+ CloseServiceHandle (scm);
+ }
+
+ return bRet;
+ }
+
void BootEncryption::UpdateSystemFavoritesService ()
{
SC_HANDLE scm = OpenSCManager (NULL, NULL, SC_MANAGER_ALL_ACCESS);
diff --git a/src/Common/BootEncryption.h b/src/Common/BootEncryption.h
index de4f748..cc78296 100644
--- a/src/Common/BootEncryption.h
+++ b/src/Common/BootEncryption.h
@@ -287,6 +287,7 @@ namespace VeraCrypt
void RegisterFilterDriver (bool registerDriver, FilterType filterType);
void RegisterSystemFavoritesService (BOOL registerService);
void RegisterSystemFavoritesService (BOOL registerService, BOOL noFileHandling);
+ bool IsSystemFavoritesServiceRunning ();
void UpdateSystemFavoritesService ();
void RenameDeprecatedSystemLoaderBackup ();
bool RestartComputer (BOOL bShutdown = FALSE);
diff --git a/src/Common/Dlgcode.c b/src/Common/Dlgcode.c
index 08e2499..2439c10 100644
--- a/src/Common/Dlgcode.c
+++ b/src/Common/Dlgcode.c
@@ -11142,7 +11142,7 @@ void InconsistencyResolved (char *techInfo)
}
-void ReportUnexpectedState (char *techInfo)
+void ReportUnexpectedState (const char *techInfo)
{
wchar_t finalMsg[8024];
diff --git a/src/Common/Dlgcode.h b/src/Common/Dlgcode.h
index 3df6822..f17ce22 100644
--- a/src/Common/Dlgcode.h
+++ b/src/Common/Dlgcode.h
@@ -473,7 +473,7 @@ BOOL CALLBACK CloseTCWindowsEnum( HWND hwnd, LPARAM lParam);
BOOL CALLBACK FindTCWindowEnum (HWND hwnd, LPARAM lParam);
BYTE *MapResource (wchar_t *resourceType, int resourceId, PDWORD size);
void InconsistencyResolved (char *msg);
-void ReportUnexpectedState (char *techInfo);
+void ReportUnexpectedState (const char *techInfo);
BOOL SelectMultipleFiles (HWND hwndDlg, const char *stringId, wchar_t *lpszFileName, size_t cbFileName, BOOL keepHistory);
BOOL SelectMultipleFilesNext (wchar_t *lpszFileName, size_t cbFileName);
void OpenOnlineHelp ();
diff --git a/src/Mount/Favorites.cpp b/src/Mount/Favorites.cpp
index eafc473..e93b920 100644
--- a/src/Mount/Favorites.cpp
+++ b/src/Mount/Favorites.cpp
@@ -260,6 +260,13 @@ namespace VeraCrypt
if (reqConfig != (ReadDriverConfigurationFlags() & TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD_FOR_SYS_FAVORITES))
BootEncObj.SetDriverConfigurationFlag (TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD_FOR_SYS_FAVORITES, reqConfig ? true : false);
+ if (!BootEncObj.IsSystemFavoritesServiceRunning())
+ {
+ // The system favorites service should be always running
+ // If it is stopped for some reason, we reconfigure it
+ BootEncObj.RegisterSystemFavoritesService (TRUE);
+ }
+
SetDriverConfigurationFlag (TC_DRIVER_CONFIG_DISABLE_NONADMIN_SYS_FAVORITES_ACCESS, IsDlgButtonChecked (hwndDlg, IDC_FAVORITE_DISABLE_HOTKEY));
}
catch (Exception &e)
diff --git a/src/Mount/Mount.c b/src/Mount/Mount.c
index ed57a61..4ee32df 100644
--- a/src/Mount/Mount.c
+++ b/src/Mount/Mount.c
@@ -11626,6 +11626,14 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
BOOL bClearKeysEnabled = (driverConfig & VC_DRIVER_CONFIG_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION)? TRUE : FALSE;
BOOL bIsHiddenOS = IsHiddenOSRunning ();
+ if (bClearKeysEnabled)
+ {
+ // the clear keys option works only if the service is running
+ if (!BootEncObj->IsSystemFavoritesServiceRunning())
+ bClearKeysEnabled = false;
+ }
+
+
if (!BootEncObj->ReadBootSectorConfig (nullptr, 0, &userConfig, &customUserMessage, &bootLoaderVersion))
{
// operations canceled
@@ -11789,6 +11797,17 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
BOOL bPimCacheEnabled = IsDlgButtonChecked (hwndDlg, IDC_BOOT_LOADER_CACHE_PIM);
BOOL bBlockSysEncTrimEnabled = IsDlgButtonChecked (hwndDlg, IDC_BLOCK_SYSENC_TRIM);
BOOL bClearKeysEnabled = IsDlgButtonChecked (hwndDlg, IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION);
+
+ if (bClearKeysEnabled && !BootEncObj->IsSystemFavoritesServiceRunning())
+ {
+ // the system favorite service service should be running
+ // if it is not the case, report a failure and quit
+ std::string techInfo = SRC_POS;
+ techInfo += "\nIsSystemFavoritesServiceRunning = False.";
+ ReportUnexpectedState (techInfo.c_str());
+ return 1;
+ }
+
BootEncObj->WriteBootSectorUserConfig (userConfig, customUserMessage, prop.volumePim, prop.pkcs5);
SetDriverConfigurationFlag (TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD, bPasswordCacheEnabled);
SetDriverConfigurationFlag (TC_DRIVER_CONFIG_CACHE_BOOT_PIM, (bPasswordCacheEnabled && bPimCacheEnabled)? TRUE : FALSE);
@@ -11841,7 +11860,18 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
case IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION:
if (IsDlgButtonChecked (hwndDlg, IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION))
{
- Warning ("CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING", hwndDlg);
+ if (!BootEncObj->IsSystemFavoritesServiceRunning())
+ {
+ // the system favorite service service should be running
+ // if it is not the case, report a failure
+ std::string techInfo = SRC_POS;
+ techInfo += "\nIsSystemFavoritesServiceRunning = False.";
+ ReportUnexpectedState (techInfo.c_str());
+
+ CheckDlgButton (hwndDlg, IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION, BST_UNCHECKED);
+ }
+ else
+ Warning ("CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING", hwndDlg);
}
break;