VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src/Core/Unix
diff options
context:
space:
mode:
Diffstat (limited to 'src/Core/Unix')
-rw-r--r--src/Core/Unix/CoreService.cpp16
-rw-r--r--src/Core/Unix/CoreServiceProxy.h6
-rw-r--r--src/Core/Unix/CoreUnix.cpp70
-rw-r--r--src/Core/Unix/FreeBSD/CoreFreeBSD.cpp47
-rw-r--r--src/Core/Unix/Linux/CoreLinux.cpp14
-rw-r--r--src/Core/Unix/MacOSX/CoreMacOSX.cpp11
-rw-r--r--src/Core/Unix/OpenBSD/CoreOpenBSD.cpp2
7 files changed, 131 insertions, 35 deletions
diff --git a/src/Core/Unix/CoreService.cpp b/src/Core/Unix/CoreService.cpp
index f05d8569..6d0f05e5 100644
--- a/src/Core/Unix/CoreService.cpp
+++ b/src/Core/Unix/CoreService.cpp
@@ -57,7 +57,7 @@ namespace VeraCrypt
// Wait for sync code
while (true)
{
- byte b;
+ uint8 b;
throw_sys_if (read (STDIN_FILENO, &b, 1) != 1);
if (b != 0x00)
continue;
@@ -303,14 +303,13 @@ namespace VeraCrypt
// We also use the old way if the user is forcing the use of dummy password for sudo
#if defined(TC_LINUX ) || defined (TC_FREEBSD)
-
+ bool authCheckDone = false;
if (!Core->GetUseDummySudoPassword ())
{
std::vector<char> buffer(128, 0);
std::string result;
- bool authCheckDone = false;
- FILE* pipe = popen("sudo -n uptime 2>&1 | grep 'load average' | wc -l", "r"); // We redirect stderr to stdout (2>&1) to be able to catch the result of the command
+ FILE* pipe = popen("sudo -n uptime 2>&1 | grep 'load average' | wc -l | tr -d '[:blank:]'", "r"); // We redirect stderr to stdout (2>&1) to be able to catch the result of the command
if (pipe)
{
while (!feof(pipe))
@@ -354,7 +353,10 @@ namespace VeraCrypt
}
request.FastElevation = false;
- (*AdminPasswordCallback) (request.AdminPassword);
+#if defined(TC_LINUX ) || defined (TC_FREEBSD)
+ if(!authCheckDone)
+#endif
+ (*AdminPasswordCallback) (request.AdminPassword);
}
}
}
@@ -541,7 +543,7 @@ namespace VeraCrypt
try
{
- shared_ptr <Stream> stream (new MemoryStream (ConstBufferPtr ((byte *) &errOutput[0], errOutput.size())));
+ shared_ptr <Stream> stream (new MemoryStream (ConstBufferPtr ((uint8 *) &errOutput[0], errOutput.size())));
deserializedObject.reset (Serializable::DeserializeNew (stream));
deserializedException = dynamic_cast <Exception*> (deserializedObject.get());
}
@@ -573,7 +575,7 @@ namespace VeraCrypt
ServiceOutputStream = shared_ptr <Stream> (new FileStream (outPipe->GetReadFD()));
// Send sync code
- byte sync[] = { 0, 0x11, 0x22 };
+ uint8 sync[] = { 0, 0x11, 0x22 };
ServiceInputStream->Write (ConstBufferPtr (sync, array_capacity (sync)));
AdminInputPipe = move_ptr(inPipe);
diff --git a/src/Core/Unix/CoreServiceProxy.h b/src/Core/Unix/CoreServiceProxy.h
index f5bbae3d..d57d8163 100644
--- a/src/Core/Unix/CoreServiceProxy.h
+++ b/src/Core/Unix/CoreServiceProxy.h
@@ -98,11 +98,11 @@ namespace VeraCrypt
{
MountOptions newOptions = options;
- newOptions.Password = Keyfile::ApplyListToPassword (options.Keyfiles, options.Password);
+ newOptions.Password = Keyfile::ApplyListToPassword (options.Keyfiles, options.Password, options.EMVSupportEnabled);
if (newOptions.Keyfiles)
newOptions.Keyfiles->clear();
- newOptions.ProtectionPassword = Keyfile::ApplyListToPassword (options.ProtectionKeyfiles, options.ProtectionPassword);
+ newOptions.ProtectionPassword = Keyfile::ApplyListToPassword (options.ProtectionKeyfiles, options.ProtectionPassword, options.EMVSupportEnabled);
if (newOptions.ProtectionKeyfiles)
newOptions.ProtectionKeyfiles->clear();
@@ -126,7 +126,7 @@ namespace VeraCrypt
if (options.CachePassword
&& ((options.Password && !options.Password->IsEmpty()) || (options.Keyfiles && !options.Keyfiles->empty())))
{
- VolumePasswordCache::Store (*Keyfile::ApplyListToPassword (options.Keyfiles, options.Password));
+ VolumePasswordCache::Store (*Keyfile::ApplyListToPassword (options.Keyfiles, options.Password, options.EMVSupportEnabled));
}
}
diff --git a/src/Core/Unix/CoreUnix.cpp b/src/Core/Unix/CoreUnix.cpp
index 2dac4cb5..1868eb6d 100644
--- a/src/Core/Unix/CoreUnix.cpp
+++ b/src/Core/Unix/CoreUnix.cpp
@@ -78,10 +78,8 @@ namespace VeraCrypt
if (stat("/usr/bin/konsole", &sb) == 0)
{
args.clear ();
- args.push_back ("--title");
- args.push_back ("fsck");
- args.push_back ("--caption");
- args.push_back ("fsck");
+ args.push_back ("-p");
+ args.push_back ("tabtitle=fsck");
args.push_back ("-e");
args.push_back ("sh");
args.push_back ("-c");
@@ -91,8 +89,22 @@ namespace VeraCrypt
Process::Execute ("konsole", args, 1000);
} catch (TimeOut&) { }
}
+ else if (stat("/usr/bin/gnome-terminal", &sb) == 0 && stat("/usr/bin/dbus-launch", &sb) == 0)
+ {
+ args.clear ();
+ args.push_back ("--title");
+ args.push_back ("fsck");
+ args.push_back ("--");
+ args.push_back ("sh");
+ args.push_back ("-c");
+ args.push_back (xargs);
+ try
+ {
+ Process::Execute ("gnome-terminal", args, 1000);
+ } catch (TimeOut&) { }
+ }
else
- throw;
+ throw TerminalNotFound();
}
#endif
}
@@ -229,7 +241,7 @@ namespace VeraCrypt
device.SeekAt (0);
device.ReadCompleteBuffer (bootSector);
- byte *b = bootSector.Ptr();
+ uint8 *b = bootSector.Ptr();
return memcmp (b + 3, "NTFS", 4) != 0
&& memcmp (b + 54, "FAT", 3) != 0
@@ -291,17 +303,45 @@ namespace VeraCrypt
continue;
shared_ptr <VolumeInfo> mountedVol;
- try
+ // Introduce a retry mechanism with a timeout for control file access
+ // This workaround is limited to FUSE-T mounted volume under macOS for
+ // which md.Device starts with "fuse-t:"
+#ifdef VC_MACOSX_FUSET
+ bool isFuseT = wstring(mf.Device).find(L"fuse-t:") == 0;
+ int controlFileRetries = 10; // 10 retries with 500ms sleep each, total 5 seconds
+ while (!mountedVol && (controlFileRetries-- > 0))
+#endif
{
- shared_ptr <File> controlFile (new File);
- controlFile->Open (string (mf.MountPoint) + FuseService::GetControlPath());
+ try
+ {
+ shared_ptr <File> controlFile (new File);
+ controlFile->Open (string (mf.MountPoint) + FuseService::GetControlPath());
- shared_ptr <Stream> controlFileStream (new FileStream (controlFile));
- mountedVol = Serializable::DeserializeNew <VolumeInfo> (controlFileStream);
+ shared_ptr <Stream> controlFileStream (new FileStream (controlFile));
+ mountedVol = Serializable::DeserializeNew <VolumeInfo> (controlFileStream);
+ }
+ catch (const std::exception& e)
+ {
+#ifdef VC_MACOSX_FUSET
+ // if exception starts with "VeraCrypt::Serializer::ValidateName", then
+ // serialization is not ready yet and we need to wait before retrying
+ // this happens when FUSE-T is used under macOS and if it is the first time
+ // the volume is mounted
+ if (isFuseT && string (e.what()).find ("VeraCrypt::Serializer::ValidateName") != string::npos)
+ {
+ Thread::Sleep(500); // Wait before retrying
+ }
+ else
+ {
+ break; // Control file not found or other error
+ }
+#endif
+ }
}
- catch (...)
+
+ if (!mountedVol)
{
- continue;
+ continue; // Skip to the next mounted filesystem
}
if (!volumePath.IsEmpty() && wstring (mountedVol->Path).compare (volumePath) != 0)
@@ -534,8 +574,8 @@ namespace VeraCrypt
options.Password,
options.Pim,
options.Kdf,
- options.TrueCryptMode,
options.Keyfiles,
+ options.EMVSupportEnabled,
options.Protection,
options.ProtectionPassword,
options.ProtectionPim,
@@ -679,7 +719,7 @@ namespace VeraCrypt
{
try
{
- chown (mountPoint.c_str(), GetRealUserId(), GetRealGroupId());
+ throw_sys_sub_if (chown (mountPoint.c_str(), GetRealUserId(), GetRealGroupId()) == -1, mountPoint);
} catch (...) { }
}
}
diff --git a/src/Core/Unix/FreeBSD/CoreFreeBSD.cpp b/src/Core/Unix/FreeBSD/CoreFreeBSD.cpp
index 01463c35..05520274 100644
--- a/src/Core/Unix/FreeBSD/CoreFreeBSD.cpp
+++ b/src/Core/Unix/FreeBSD/CoreFreeBSD.cpp
@@ -83,7 +83,7 @@ namespace VeraCrypt
#ifdef TC_MACOSX
const string busType = "rdisk";
#else
- foreach (const string &busType, StringConverter::Split ("ad da"))
+ foreach (const string &busType, StringConverter::Split ("ad da vtbd"))
#endif
{
for (int devNumber = 0; devNumber < 64; devNumber++)
@@ -185,10 +185,51 @@ namespace VeraCrypt
void CoreFreeBSD::MountFilesystem (const DevicePath &devicePath, const DirectoryPath &mountPoint, const string &filesystemType, bool readOnly, const string &systemMountOptions) const
{
+ std::string chosenFilesystem = "msdos";
+ std::string modifiedMountOptions = systemMountOptions;
+
+ if (filesystemType.empty() && modifiedMountOptions.find("mountprog") == string::npos) {
+ // No filesystem type specified through CLI, attempt to identify with blkid
+ // as mount is unable to probe filesystem type on BSD
+ // Make sure we don't override user defined mountprog
+ std::vector<char> buffer(128,0);
+ std::string cmd = "blkid -o value -s TYPE " + static_cast<std::string>(devicePath) + " 2>/dev/null";
+ std::string result;
+
+ FILE* pipe = popen(cmd.c_str(), "r");
+ if (pipe) {
+ while (!feof(pipe)) {
+ if (fgets(buffer.data(), 128, pipe) != nullptr)
+ result += buffer.data();
+ }
+ fflush(pipe);
+ pclose(pipe);
+ pipe = nullptr;
+ }
+
+ if (result.find("ext") == 0 || StringConverter::ToLower(filesystemType).find("ext") == 0) {
+ chosenFilesystem = "ext2fs";
+ }
+ else if (result.find("exfat") == 0 || StringConverter::ToLower(filesystemType) == "exfat") {
+ chosenFilesystem = "exfat";
+ modifiedMountOptions += string(!systemMountOptions.empty() ? "," : "")
+ + "mountprog=/usr/local/sbin/mount.exfat";
+ }
+ else if (result.find("ntfs") == 0 || StringConverter::ToLower(filesystemType) == "ntfs") {
+ chosenFilesystem = "ntfs";
+ modifiedMountOptions += string(!systemMountOptions.empty() ? "," : "")
+ + "mountprog=/usr/local/bin/ntfs-3g";
+ }
+ else if (!filesystemType.empty()) {
+ // Filesystem is specified but is none of the above, then supply as is
+ chosenFilesystem = filesystemType;
+ }
+ } else
+ chosenFilesystem = filesystemType;
+
try
{
- // Try to mount FAT by default as mount is unable to probe filesystem type on BSD
- CoreUnix::MountFilesystem (devicePath, mountPoint, filesystemType.empty() ? "msdos" : filesystemType, readOnly, systemMountOptions);
+ CoreUnix::MountFilesystem (devicePath, mountPoint, chosenFilesystem, readOnly, modifiedMountOptions);
}
catch (ExecutedProcessFailed&)
{
diff --git a/src/Core/Unix/Linux/CoreLinux.cpp b/src/Core/Unix/Linux/CoreLinux.cpp
index e1da6dff..cd4be80f 100644
--- a/src/Core/Unix/Linux/CoreLinux.cpp
+++ b/src/Core/Unix/Linux/CoreLinux.cpp
@@ -22,6 +22,9 @@
#include "Platform/SystemInfo.h"
#include "Platform/TextReader.h"
#include "Volume/EncryptionModeXTS.h"
+#ifdef WOLFCRYPT_BACKEND
+#include "Volume/EncryptionModeWolfCryptXTS.h"
+#endif
#include "Driver/Fuse/FuseService.h"
#include "Core/Unix/CoreServiceProxy.h"
@@ -302,8 +305,13 @@ namespace VeraCrypt
void CoreLinux::MountVolumeNative (shared_ptr <Volume> volume, MountOptions &options, const DirectoryPath &auxMountPoint) const
{
- bool xts = (typeid (*volume->GetEncryptionMode()) == typeid (EncryptionModeXTS));
- bool algoNotSupported = (typeid (*volume->GetEncryptionAlgorithm()) == typeid (Kuznyechik))
+ bool xts = (typeid (*volume->GetEncryptionMode()) ==
+ #ifdef WOLFCRYPT_BACKEND
+ typeid (EncryptionModeWolfCryptXTS));
+ #else
+ typeid (EncryptionModeXTS));
+ #endif
+ bool algoNotSupported = (typeid (*volume->GetEncryptionAlgorithm()) == typeid (Kuznyechik))
|| (typeid (*volume->GetEncryptionAlgorithm()) == typeid (CamelliaKuznyechik))
|| (typeid (*volume->GetEncryptionAlgorithm()) == typeid (KuznyechikTwofish))
|| (typeid (*volume->GetEncryptionAlgorithm()) == typeid (KuznyechikAES))
@@ -378,7 +386,7 @@ namespace VeraCrypt
dmCreateArgs << nativeDevPath << " 0";
SecureBuffer dmCreateArgsBuf (dmCreateArgs.str().size());
- dmCreateArgsBuf.CopyFrom (ConstBufferPtr ((byte *) dmCreateArgs.str().c_str(), dmCreateArgs.str().size()));
+ dmCreateArgsBuf.CopyFrom (ConstBufferPtr ((uint8 *) dmCreateArgs.str().c_str(), dmCreateArgs.str().size()));
// Keys
const SecureBuffer &cipherKey = cipher.GetKey();
diff --git a/src/Core/Unix/MacOSX/CoreMacOSX.cpp b/src/Core/Unix/MacOSX/CoreMacOSX.cpp
index b596e6e8..cfd34072 100644
--- a/src/Core/Unix/MacOSX/CoreMacOSX.cpp
+++ b/src/Core/Unix/MacOSX/CoreMacOSX.cpp
@@ -107,12 +107,19 @@ namespace VeraCrypt
void CoreMacOSX::CheckFilesystem (shared_ptr <VolumeInfo> mountedVolume, bool repair) const
{
list <string> args;
- args.push_back ("/Applications/Utilities/Disk Utility.app");
+ struct stat sb;
+
+ if (stat("/Applications/Utilities/Disk Utility.app", &sb) == 0)
+ args.push_back ("/Applications/Utilities/Disk Utility.app");
+ else
+ args.push_back ("/System/Applications/Utilities/Disk Utility.app");
+
Process::Execute ("open", args);
}
void CoreMacOSX::MountAuxVolumeImage (const DirectoryPath &auxMountPoint, const MountOptions &options) const
{
+#ifndef VC_MACOSX_FUSET
// Check FUSE version
char fuseVersionString[MAXHOSTNAMELEN + 1] = { 0 };
size_t fuseVersionStringLength = MAXHOSTNAMELEN;
@@ -147,7 +154,7 @@ namespace VeraCrypt
if (fuseVersionMajor < 2 || (fuseVersionMajor == 2 && fuseVersionMinor < 5))
throw HigherFuseVersionRequired (SRC_POS);
-
+#endif
// Mount volume image
string volImage = string (auxMountPoint) + FuseService::GetVolumeImagePath();
diff --git a/src/Core/Unix/OpenBSD/CoreOpenBSD.cpp b/src/Core/Unix/OpenBSD/CoreOpenBSD.cpp
index 0b55b401..3064103b 100644
--- a/src/Core/Unix/OpenBSD/CoreOpenBSD.cpp
+++ b/src/Core/Unix/OpenBSD/CoreOpenBSD.cpp
@@ -69,8 +69,6 @@ namespace VeraCrypt
if (freeVnd == -1)
throw "couldn't find free vnd";
- args.push_back ("-c");
-
stringstream freePath;
freePath << "vnd" << freeVnd;
args.push_back (freePath.str());