VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src/Core
diff options
context:
space:
mode:
authorMounir IDRASSI <mounir.idrassi@idrix.fr>2019-11-03 23:06:16 (GMT)
committerMounir IDRASSI <mounir.idrassi@idrix.fr>2019-11-03 23:10:08 (GMT)
commitce78f890174b107cec69d7388b9279b84f2b0a39 (patch)
treedf901bc5868604f484d6f79e00861d55a3185744 /src/Core
parent54c7e1cfd3a98368352028def5faaedc017edc17 (diff)
downloadVeraCrypt-ce78f890174b107cec69d7388b9279b84f2b0a39.zip
VeraCrypt-ce78f890174b107cec69d7388b9279b84f2b0a39.tar.gz
Linux/FreeBSD: Add CLI switch to force use of old sudo behavior of sending a dummy password
The new switch is --use-dummy-sudo-password
Diffstat (limited to 'src/Core')
-rw-r--r--src/Core/CoreBase.cpp3
-rw-r--r--src/Core/CoreBase.h7
-rw-r--r--src/Core/Unix/CoreService.cpp50
3 files changed, 37 insertions, 23 deletions
diff --git a/src/Core/CoreBase.cpp b/src/Core/CoreBase.cpp
index c22a50c..01d3981 100644
--- a/src/Core/CoreBase.cpp
+++ b/src/Core/CoreBase.cpp
@@ -20,6 +20,9 @@ namespace VeraCrypt
{
CoreBase::CoreBase ()
: DeviceChangeInProgress (false)
+#if defined(TC_LINUX ) || defined (TC_FREEBSD)
+ , UseDummySudoPassword (false)
+#endif
{
}
diff --git a/src/Core/CoreBase.h b/src/Core/CoreBase.h
index eb830ba..8f41ddd 100644
--- a/src/Core/CoreBase.h
+++ b/src/Core/CoreBase.h
@@ -77,6 +77,10 @@ namespace VeraCrypt
virtual void SetFileOwner (const FilesystemPath &path, const UserId &owner) const = 0;
virtual DirectoryPath SlotNumberToMountPoint (VolumeSlotNumber slotNumber) const = 0;
virtual void WipePasswordCache () const = 0;
+#if defined(TC_LINUX ) || defined (TC_FREEBSD)
+ virtual void ForceUseDummySudoPassword (bool useDummySudoPassword) { UseDummySudoPassword = useDummySudoPassword;}
+ virtual bool GetUseDummySudoPassword () const { return UseDummySudoPassword;}
+#endif
Event VolumeDismountedEvent;
Event VolumeMountedEvent;
@@ -87,6 +91,9 @@ namespace VeraCrypt
bool DeviceChangeInProgress;
FilePath ApplicationExecutablePath;
+#if defined(TC_LINUX ) || defined (TC_FREEBSD)
+ bool UseDummySudoPassword;
+#endif
private:
CoreBase (const CoreBase &);
diff --git a/src/Core/Unix/CoreService.cpp b/src/Core/Unix/CoreService.cpp
index b02bd21..2a77c90 100644
--- a/src/Core/Unix/CoreService.cpp
+++ b/src/Core/Unix/CoreService.cpp
@@ -300,39 +300,43 @@ namespace VeraCrypt
// See : https://superuser.com/questions/902826/why-does-sudo-n-on-mac-os-x-always-return-0
//
// If for some reason we are getting empty output from pipe, we revert to old behavior
+ // We also use the old way if the user is forcing the use of dummy password for sudo
#if defined(TC_LINUX ) || defined (TC_FREEBSD)
- std::vector<char> buffer(128, 0);
- std::string result;
- bool authCheckDone = false;
-
- FILE* pipe = popen("sudo -n uptime 2>&1 | grep 'load average' | wc -l", "r"); // We redirect stderr to stdout (2>&1) to be able to catch the result of the command
- if (pipe)
+ if (!Core->GetUseDummySudoPassword ())
{
- while (!feof(pipe))
+ std::vector<char> buffer(128, 0);
+ std::string result;
+ bool authCheckDone = false;
+
+ FILE* pipe = popen("sudo -n uptime 2>&1 | grep 'load average' | wc -l", "r"); // We redirect stderr to stdout (2>&1) to be able to catch the result of the command
+ if (pipe)
{
- if (fgets(buffer.data(), 128, pipe) != nullptr)
- result += buffer.data();
+ while (!feof(pipe))
+ {
+ if (fgets(buffer.data(), 128, pipe) != nullptr)
+ result += buffer.data();
+ }
+
+ fflush(pipe);
+ pclose(pipe);
+ pipe = NULL;
+
+ if (!result.empty() && strlen(result.c_str()) != 0)
+ {
+ authCheckDone = true;
+ if (result[0] == '0') // no line found with "load average" text, rerquest admin password
+ (*AdminPasswordCallback) (request.AdminPassword);
+ }
}
- fflush(pipe);
- pclose(pipe);
- pipe = NULL;
-
- if (!result.empty() && strlen(result.c_str()) != 0)
+ if (authCheckDone)
{
- authCheckDone = true;
- if (result[0] == '0') // no line found with "load average" text, rerquest admin password
- (*AdminPasswordCallback) (request.AdminPassword);
+ // Set to false to force the 'WarningEvent' to be raised in case of and elevation exception.
+ request.FastElevation = false;
}
}
-
- if (authCheckDone)
- {
- // Set to false to force the 'WarningEvent' to be raised in case of and elevation exception.
- request.FastElevation = false;
- }
#endif
try
{