Linux/FreeBSD: Add CLI switch to force use of old sudo behavior of sending a dummy password

The new switch is --use-dummy-sudo-password
author: Mounir IDRASSI <mounir.idrassi@idrix.fr> 2019-11-04 00:06:16 +0100
committer: Mounir IDRASSI <mounir.idrassi@idrix.fr> 2019-11-04 00:10:08 +0100
commit: ce78f890174b107cec69d7388b9279b84f2b0a39 (patch)
tree: df901bc5868604f484d6f79e00861d55a3185744 /src/Core
parent: 54c7e1cfd3a98368352028def5faaedc017edc17 (diff)
download: VeraCrypt-ce78f890174b107cec69d7388b9279b84f2b0a39.tar.gz
VeraCrypt-ce78f890174b107cec69d7388b9279b84f2b0a39.zip
3 files changed, 37 insertions, 23 deletions
diff --git a/src/Core/CoreBase.cpp b/src/Core/CoreBase.cpp
index c22a50c0..01d3981a 100644
--- a/src/Core/CoreBase.cpp
+++ b/src/Core/CoreBase.cpp
@@ -20,6 +20,9 @@ namespace VeraCrypt
 {
 	CoreBase::CoreBase ()
 		: DeviceChangeInProgress (false)
+#if defined(TC_LINUX ) || defined (TC_FREEBSD)
+		, UseDummySudoPassword (false)
+#endif
 	{
 	}
 
diff --git a/src/Core/CoreBase.h b/src/Core/CoreBase.h
index eb830ba3..8f41ddd8 100644
--- a/src/Core/CoreBase.h
+++ b/src/Core/CoreBase.h
@@ -77,6 +77,10 @@ namespace VeraCrypt
 		virtual void SetFileOwner (const FilesystemPath &path, const UserId &owner) const = 0;
 		virtual DirectoryPath SlotNumberToMountPoint (VolumeSlotNumber slotNumber) const = 0;
 		virtual void WipePasswordCache () const = 0;
+#if defined(TC_LINUX ) || defined (TC_FREEBSD)
+		virtual void ForceUseDummySudoPassword (bool useDummySudoPassword) { UseDummySudoPassword = useDummySudoPassword;}
+		virtual bool GetUseDummySudoPassword () const { return UseDummySudoPassword;}
+#endif
 
 		Event VolumeDismountedEvent;
 		Event VolumeMountedEvent;
@@ -87,6 +91,9 @@ namespace VeraCrypt
 
 		bool DeviceChangeInProgress;
 		FilePath ApplicationExecutablePath;
+#if defined(TC_LINUX ) || defined (TC_FREEBSD)
+		bool UseDummySudoPassword;
+#endif
 
 	private:
 		CoreBase (const CoreBase &);
diff --git a/src/Core/Unix/CoreService.cpp b/src/Core/Unix/CoreService.cpp
index b02bd211..2a77c90a 100644
--- a/src/Core/Unix/CoreService.cpp
+++ b/src/Core/Unix/CoreService.cpp
@@ -300,39 +300,43 @@ namespace VeraCrypt
 				//	See : https://superuser.com/questions/902826/why-does-sudo-n-on-mac-os-x-always-return-0
 				//
 				//	If for some reason we are getting empty output from pipe, we revert to old behavior
+				//	We also use the old way if the user is forcing the use of dummy password for sudo
 				
 #if defined(TC_LINUX ) || defined (TC_FREEBSD)
 				
-				std::vector<char> buffer(128, 0);
-				std::string result;
-				bool authCheckDone = false;
-				
-				FILE* pipe = popen("sudo -n uptime 2>&1 | grep 'load average' | wc -l", "r");	//	We redirect stderr to stdout (2>&1) to be able to catch the result of the command
-				if (pipe)
+				if (!Core->GetUseDummySudoPassword ())
 				{
-					while (!feof(pipe))
+					std::vector<char> buffer(128, 0);
+					std::string result;
+					bool authCheckDone = false;
+					
+					FILE* pipe = popen("sudo -n uptime 2>&1 | grep 'load average' | wc -l", "r");	//	We redirect stderr to stdout (2>&1) to be able to catch the result of the command
+					if (pipe)
 					{
-						if (fgets(buffer.data(), 128, pipe) != nullptr)
-							result += buffer.data();
+						while (!feof(pipe))
+						{
+							if (fgets(buffer.data(), 128, pipe) != nullptr)
+								result += buffer.data();
+						}
+						
+						fflush(pipe);
+						pclose(pipe);
+						pipe = NULL;
+						
+						if (!result.empty() && strlen(result.c_str()) != 0)
+						{
+							authCheckDone = true;
+							if (result[0] == '0') // no line found with "load average" text, rerquest admin password
+								(*AdminPasswordCallback) (request.AdminPassword);
+						}
 					}
 					
-					fflush(pipe);
-					pclose(pipe);
-					pipe = NULL;
-					
-					if (!result.empty() && strlen(result.c_str()) != 0)
+					if (authCheckDone)
 					{
-						authCheckDone = true;
-						if (result[0] == '0') // no line found with "load average" text, rerquest admin password
-							(*AdminPasswordCallback) (request.AdminPassword);
+						//	Set to false to force the 'WarningEvent' to be raised in case of and elevation exception.
+						request.FastElevation = false;
 					}
 				}
-				
-				if (authCheckDone)
-				{
-					//	Set to false to force the 'WarningEvent' to be raised in case of and elevation exception.
-					request.FastElevation = false;
-				}
 #endif				
 				try
 				{
author	Mounir IDRASSI <mounir.idrassi@idrix.fr>	2019-11-04 00:06:16 +0100
committer	Mounir IDRASSI <mounir.idrassi@idrix.fr>	2019-11-04 00:10:08 +0100
commit	ce78f890174b107cec69d7388b9279b84f2b0a39 (patch)
tree	df901bc5868604f484d6f79e00861d55a3185744 /src/Core
parent	54c7e1cfd3a98368352028def5faaedc017edc17 (diff)
download	VeraCrypt-ce78f890174b107cec69d7388b9279b84f2b0a39.tar.gz VeraCrypt-ce78f890174b107cec69d7388b9279b84f2b0a39.zip