VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorMounir IDRASSI <mounir.idrassi@idrix.fr>2019-11-04 00:06:16 +0100
committerMounir IDRASSI <mounir.idrassi@idrix.fr>2019-11-04 00:10:08 +0100
commitce78f890174b107cec69d7388b9279b84f2b0a39 (patch)
treedf901bc5868604f484d6f79e00861d55a3185744 /src
parent54c7e1cfd3a98368352028def5faaedc017edc17 (diff)
downloadVeraCrypt-ce78f890174b107cec69d7388b9279b84f2b0a39.tar.gz
VeraCrypt-ce78f890174b107cec69d7388b9279b84f2b0a39.zip
Linux/FreeBSD: Add CLI switch to force use of old sudo behavior of sending a dummy password
The new switch is --use-dummy-sudo-password
Diffstat (limited to 'src')
-rw-r--r--src/Core/CoreBase.cpp3
-rw-r--r--src/Core/CoreBase.h7
-rw-r--r--src/Core/Unix/CoreService.cpp50
-rw-r--r--src/Main/CommandLineInterface.cpp10
-rw-r--r--src/Main/CommandLineInterface.h3
-rw-r--r--src/Main/UserInterface.cpp4
6 files changed, 53 insertions, 24 deletions
diff --git a/src/Core/CoreBase.cpp b/src/Core/CoreBase.cpp
index c22a50c0..01d3981a 100644
--- a/src/Core/CoreBase.cpp
+++ b/src/Core/CoreBase.cpp
@@ -20,6 +20,9 @@ namespace VeraCrypt
{
CoreBase::CoreBase ()
: DeviceChangeInProgress (false)
+#if defined(TC_LINUX ) || defined (TC_FREEBSD)
+ , UseDummySudoPassword (false)
+#endif
{
}
diff --git a/src/Core/CoreBase.h b/src/Core/CoreBase.h
index eb830ba3..8f41ddd8 100644
--- a/src/Core/CoreBase.h
+++ b/src/Core/CoreBase.h
@@ -77,6 +77,10 @@ namespace VeraCrypt
virtual void SetFileOwner (const FilesystemPath &path, const UserId &owner) const = 0;
virtual DirectoryPath SlotNumberToMountPoint (VolumeSlotNumber slotNumber) const = 0;
virtual void WipePasswordCache () const = 0;
+#if defined(TC_LINUX ) || defined (TC_FREEBSD)
+ virtual void ForceUseDummySudoPassword (bool useDummySudoPassword) { UseDummySudoPassword = useDummySudoPassword;}
+ virtual bool GetUseDummySudoPassword () const { return UseDummySudoPassword;}
+#endif
Event VolumeDismountedEvent;
Event VolumeMountedEvent;
@@ -87,6 +91,9 @@ namespace VeraCrypt
bool DeviceChangeInProgress;
FilePath ApplicationExecutablePath;
+#if defined(TC_LINUX ) || defined (TC_FREEBSD)
+ bool UseDummySudoPassword;
+#endif
private:
CoreBase (const CoreBase &);
diff --git a/src/Core/Unix/CoreService.cpp b/src/Core/Unix/CoreService.cpp
index b02bd211..2a77c90a 100644
--- a/src/Core/Unix/CoreService.cpp
+++ b/src/Core/Unix/CoreService.cpp
@@ -300,39 +300,43 @@ namespace VeraCrypt
// See : https://superuser.com/questions/902826/why-does-sudo-n-on-mac-os-x-always-return-0
//
// If for some reason we are getting empty output from pipe, we revert to old behavior
+ // We also use the old way if the user is forcing the use of dummy password for sudo
#if defined(TC_LINUX ) || defined (TC_FREEBSD)
- std::vector<char> buffer(128, 0);
- std::string result;
- bool authCheckDone = false;
-
- FILE* pipe = popen("sudo -n uptime 2>&1 | grep 'load average' | wc -l", "r"); // We redirect stderr to stdout (2>&1) to be able to catch the result of the command
- if (pipe)
+ if (!Core->GetUseDummySudoPassword ())
{
- while (!feof(pipe))
+ std::vector<char> buffer(128, 0);
+ std::string result;
+ bool authCheckDone = false;
+
+ FILE* pipe = popen("sudo -n uptime 2>&1 | grep 'load average' | wc -l", "r"); // We redirect stderr to stdout (2>&1) to be able to catch the result of the command
+ if (pipe)
{
- if (fgets(buffer.data(), 128, pipe) != nullptr)
- result += buffer.data();
+ while (!feof(pipe))
+ {
+ if (fgets(buffer.data(), 128, pipe) != nullptr)
+ result += buffer.data();
+ }
+
+ fflush(pipe);
+ pclose(pipe);
+ pipe = NULL;
+
+ if (!result.empty() && strlen(result.c_str()) != 0)
+ {
+ authCheckDone = true;
+ if (result[0] == '0') // no line found with "load average" text, rerquest admin password
+ (*AdminPasswordCallback) (request.AdminPassword);
+ }
}
- fflush(pipe);
- pclose(pipe);
- pipe = NULL;
-
- if (!result.empty() && strlen(result.c_str()) != 0)
+ if (authCheckDone)
{
- authCheckDone = true;
- if (result[0] == '0') // no line found with "load average" text, rerquest admin password
- (*AdminPasswordCallback) (request.AdminPassword);
+ // Set to false to force the 'WarningEvent' to be raised in case of and elevation exception.
+ request.FastElevation = false;
}
}
-
- if (authCheckDone)
- {
- // Set to false to force the 'WarningEvent' to be raised in case of and elevation exception.
- request.FastElevation = false;
- }
#endif
try
{
diff --git a/src/Main/CommandLineInterface.cpp b/src/Main/CommandLineInterface.cpp
index 0360921b..b5f18dd3 100644
--- a/src/Main/CommandLineInterface.cpp
+++ b/src/Main/CommandLineInterface.cpp
@@ -32,6 +32,9 @@ namespace VeraCrypt
ArgTrueCryptMode (false),
ArgDisableFileSizeCheck (false),
ArgUseLegacyPassword (false),
+#if defined(TC_LINUX ) || defined (TC_FREEBSD)
+ ArgUseDummySudoPassword (false),
+#endif
StartBackgroundTask (false)
{
wxCmdLineParser parser;
@@ -100,7 +103,9 @@ namespace VeraCrypt
parser.AddParam ( _("Mount point"), wxCMD_LINE_VAL_STRING, wxCMD_LINE_PARAM_OPTIONAL);
parser.AddSwitch (L"", L"no-size-check", _("Disable check of container size against disk free space."));
parser.AddSwitch (L"", L"legacy-password-maxlength", _("Use legacy maximum password length (64 UTF-8 bytes)"));
-
+#if defined(TC_LINUX ) || defined (TC_FREEBSD)
+ parser.AddSwitch (L"", L"use-dummy-sudo-password", _("Use dummy password in sudo to detect if it is already authenticated"));
+#endif
wxString str;
bool param1IsVolume = false;
bool param1IsMountedVolumeSpec = false;
@@ -339,6 +344,9 @@ namespace VeraCrypt
ArgTrueCryptMode = parser.Found (L"truecrypt");
ArgDisableFileSizeCheck = parser.Found (L"no-size-check");
ArgUseLegacyPassword = parser.Found (L"legacy-password-maxlength") || ArgTrueCryptMode;
+#if defined(TC_LINUX ) || defined (TC_FREEBSD)
+ ArgUseDummySudoPassword = parser.Found (L"use-dummy-sudo-password");
+#endif
#if !defined(TC_WINDOWS) && !defined(TC_MACOSX)
if (parser.Found (L"fs-options", &str))
diff --git a/src/Main/CommandLineInterface.h b/src/Main/CommandLineInterface.h
index ef4836e6..00dabfd6 100644
--- a/src/Main/CommandLineInterface.h
+++ b/src/Main/CommandLineInterface.h
@@ -85,6 +85,9 @@ namespace VeraCrypt
shared_ptr<SecureBuffer> ArgTokenPin;
bool ArgDisableFileSizeCheck;
bool ArgUseLegacyPassword;
+#if defined(TC_LINUX ) || defined (TC_FREEBSD)
+ bool ArgUseDummySudoPassword;
+#endif
bool StartBackgroundTask;
UserPreferences Preferences;
diff --git a/src/Main/UserInterface.cpp b/src/Main/UserInterface.cpp
index 7c29bbe0..c124d18a 100644
--- a/src/Main/UserInterface.cpp
+++ b/src/Main/UserInterface.cpp
@@ -534,6 +534,10 @@ namespace VeraCrypt
Core->SetAdminPasswordCallback (shared_ptr <GetStringFunctor> (new AdminPasswordRequestHandler));
}
+#if defined(TC_LINUX ) || defined (TC_FREEBSD)
+ Core->ForceUseDummySudoPassword (CmdLine->ArgUseDummySudoPassword);
+#endif
+
Core->WarningEvent.Connect (EventConnector <UserInterface> (this, &UserInterface::OnWarning));
Core->VolumeMountedEvent.Connect (EventConnector <UserInterface> (this, &UserInterface::OnVolumeMounted));