diff options
Diffstat (limited to 'src/Core/Unix')
-rw-r--r-- | src/Core/Unix/CoreService.cpp | 16 | ||||
-rw-r--r-- | src/Core/Unix/CoreServiceProxy.h | 6 | ||||
-rw-r--r-- | src/Core/Unix/CoreUnix.cpp | 70 | ||||
-rw-r--r-- | src/Core/Unix/FreeBSD/CoreFreeBSD.cpp | 47 | ||||
-rw-r--r-- | src/Core/Unix/Linux/CoreLinux.cpp | 14 | ||||
-rw-r--r-- | src/Core/Unix/MacOSX/CoreMacOSX.cpp | 11 | ||||
-rw-r--r-- | src/Core/Unix/OpenBSD/CoreOpenBSD.cpp | 2 |
7 files changed, 131 insertions, 35 deletions
diff --git a/src/Core/Unix/CoreService.cpp b/src/Core/Unix/CoreService.cpp index f05d8569..6d0f05e5 100644 --- a/src/Core/Unix/CoreService.cpp +++ b/src/Core/Unix/CoreService.cpp @@ -57,7 +57,7 @@ namespace VeraCrypt // Wait for sync code while (true) { - byte b; + uint8 b; throw_sys_if (read (STDIN_FILENO, &b, 1) != 1); if (b != 0x00) continue; @@ -303,14 +303,13 @@ namespace VeraCrypt // We also use the old way if the user is forcing the use of dummy password for sudo #if defined(TC_LINUX ) || defined (TC_FREEBSD) - + bool authCheckDone = false; if (!Core->GetUseDummySudoPassword ()) { std::vector<char> buffer(128, 0); std::string result; - bool authCheckDone = false; - FILE* pipe = popen("sudo -n uptime 2>&1 | grep 'load average' | wc -l", "r"); // We redirect stderr to stdout (2>&1) to be able to catch the result of the command + FILE* pipe = popen("sudo -n uptime 2>&1 | grep 'load average' | wc -l | tr -d '[:blank:]'", "r"); // We redirect stderr to stdout (2>&1) to be able to catch the result of the command if (pipe) { while (!feof(pipe)) @@ -354,7 +353,10 @@ namespace VeraCrypt } request.FastElevation = false; - (*AdminPasswordCallback) (request.AdminPassword); +#if defined(TC_LINUX ) || defined (TC_FREEBSD) + if(!authCheckDone) +#endif + (*AdminPasswordCallback) (request.AdminPassword); } } } @@ -541,7 +543,7 @@ namespace VeraCrypt try { - shared_ptr <Stream> stream (new MemoryStream (ConstBufferPtr ((byte *) &errOutput[0], errOutput.size()))); + shared_ptr <Stream> stream (new MemoryStream (ConstBufferPtr ((uint8 *) &errOutput[0], errOutput.size()))); deserializedObject.reset (Serializable::DeserializeNew (stream)); deserializedException = dynamic_cast <Exception*> (deserializedObject.get()); } @@ -573,7 +575,7 @@ namespace VeraCrypt ServiceOutputStream = shared_ptr <Stream> (new FileStream (outPipe->GetReadFD())); // Send sync code - byte sync[] = { 0, 0x11, 0x22 }; + uint8 sync[] = { 0, 0x11, 0x22 }; ServiceInputStream->Write (ConstBufferPtr (sync, array_capacity (sync))); AdminInputPipe = move_ptr(inPipe); diff --git a/src/Core/Unix/CoreServiceProxy.h b/src/Core/Unix/CoreServiceProxy.h index f5bbae3d..d57d8163 100644 --- a/src/Core/Unix/CoreServiceProxy.h +++ b/src/Core/Unix/CoreServiceProxy.h @@ -98,11 +98,11 @@ namespace VeraCrypt { MountOptions newOptions = options; - newOptions.Password = Keyfile::ApplyListToPassword (options.Keyfiles, options.Password); + newOptions.Password = Keyfile::ApplyListToPassword (options.Keyfiles, options.Password, options.EMVSupportEnabled); if (newOptions.Keyfiles) newOptions.Keyfiles->clear(); - newOptions.ProtectionPassword = Keyfile::ApplyListToPassword (options.ProtectionKeyfiles, options.ProtectionPassword); + newOptions.ProtectionPassword = Keyfile::ApplyListToPassword (options.ProtectionKeyfiles, options.ProtectionPassword, options.EMVSupportEnabled); if (newOptions.ProtectionKeyfiles) newOptions.ProtectionKeyfiles->clear(); @@ -126,7 +126,7 @@ namespace VeraCrypt if (options.CachePassword && ((options.Password && !options.Password->IsEmpty()) || (options.Keyfiles && !options.Keyfiles->empty()))) { - VolumePasswordCache::Store (*Keyfile::ApplyListToPassword (options.Keyfiles, options.Password)); + VolumePasswordCache::Store (*Keyfile::ApplyListToPassword (options.Keyfiles, options.Password, options.EMVSupportEnabled)); } } diff --git a/src/Core/Unix/CoreUnix.cpp b/src/Core/Unix/CoreUnix.cpp index 2dac4cb5..1868eb6d 100644 --- a/src/Core/Unix/CoreUnix.cpp +++ b/src/Core/Unix/CoreUnix.cpp @@ -78,10 +78,8 @@ namespace VeraCrypt if (stat("/usr/bin/konsole", &sb) == 0) { args.clear (); - args.push_back ("--title"); - args.push_back ("fsck"); - args.push_back ("--caption"); - args.push_back ("fsck"); + args.push_back ("-p"); + args.push_back ("tabtitle=fsck"); args.push_back ("-e"); args.push_back ("sh"); args.push_back ("-c"); @@ -91,8 +89,22 @@ namespace VeraCrypt Process::Execute ("konsole", args, 1000); } catch (TimeOut&) { } } + else if (stat("/usr/bin/gnome-terminal", &sb) == 0 && stat("/usr/bin/dbus-launch", &sb) == 0) + { + args.clear (); + args.push_back ("--title"); + args.push_back ("fsck"); + args.push_back ("--"); + args.push_back ("sh"); + args.push_back ("-c"); + args.push_back (xargs); + try + { + Process::Execute ("gnome-terminal", args, 1000); + } catch (TimeOut&) { } + } else - throw; + throw TerminalNotFound(); } #endif } @@ -229,7 +241,7 @@ namespace VeraCrypt device.SeekAt (0); device.ReadCompleteBuffer (bootSector); - byte *b = bootSector.Ptr(); + uint8 *b = bootSector.Ptr(); return memcmp (b + 3, "NTFS", 4) != 0 && memcmp (b + 54, "FAT", 3) != 0 @@ -291,17 +303,45 @@ namespace VeraCrypt continue; shared_ptr <VolumeInfo> mountedVol; - try + // Introduce a retry mechanism with a timeout for control file access + // This workaround is limited to FUSE-T mounted volume under macOS for + // which md.Device starts with "fuse-t:" +#ifdef VC_MACOSX_FUSET + bool isFuseT = wstring(mf.Device).find(L"fuse-t:") == 0; + int controlFileRetries = 10; // 10 retries with 500ms sleep each, total 5 seconds + while (!mountedVol && (controlFileRetries-- > 0)) +#endif { - shared_ptr <File> controlFile (new File); - controlFile->Open (string (mf.MountPoint) + FuseService::GetControlPath()); + try + { + shared_ptr <File> controlFile (new File); + controlFile->Open (string (mf.MountPoint) + FuseService::GetControlPath()); - shared_ptr <Stream> controlFileStream (new FileStream (controlFile)); - mountedVol = Serializable::DeserializeNew <VolumeInfo> (controlFileStream); + shared_ptr <Stream> controlFileStream (new FileStream (controlFile)); + mountedVol = Serializable::DeserializeNew <VolumeInfo> (controlFileStream); + } + catch (const std::exception& e) + { +#ifdef VC_MACOSX_FUSET + // if exception starts with "VeraCrypt::Serializer::ValidateName", then + // serialization is not ready yet and we need to wait before retrying + // this happens when FUSE-T is used under macOS and if it is the first time + // the volume is mounted + if (isFuseT && string (e.what()).find ("VeraCrypt::Serializer::ValidateName") != string::npos) + { + Thread::Sleep(500); // Wait before retrying + } + else + { + break; // Control file not found or other error + } +#endif + } } - catch (...) + + if (!mountedVol) { - continue; + continue; // Skip to the next mounted filesystem } if (!volumePath.IsEmpty() && wstring (mountedVol->Path).compare (volumePath) != 0) @@ -534,8 +574,8 @@ namespace VeraCrypt options.Password, options.Pim, options.Kdf, - options.TrueCryptMode, options.Keyfiles, + options.EMVSupportEnabled, options.Protection, options.ProtectionPassword, options.ProtectionPim, @@ -679,7 +719,7 @@ namespace VeraCrypt { try { - chown (mountPoint.c_str(), GetRealUserId(), GetRealGroupId()); + throw_sys_sub_if (chown (mountPoint.c_str(), GetRealUserId(), GetRealGroupId()) == -1, mountPoint); } catch (...) { } } } diff --git a/src/Core/Unix/FreeBSD/CoreFreeBSD.cpp b/src/Core/Unix/FreeBSD/CoreFreeBSD.cpp index 01463c35..05520274 100644 --- a/src/Core/Unix/FreeBSD/CoreFreeBSD.cpp +++ b/src/Core/Unix/FreeBSD/CoreFreeBSD.cpp @@ -83,7 +83,7 @@ namespace VeraCrypt #ifdef TC_MACOSX const string busType = "rdisk"; #else - foreach (const string &busType, StringConverter::Split ("ad da")) + foreach (const string &busType, StringConverter::Split ("ad da vtbd")) #endif { for (int devNumber = 0; devNumber < 64; devNumber++) @@ -185,10 +185,51 @@ namespace VeraCrypt void CoreFreeBSD::MountFilesystem (const DevicePath &devicePath, const DirectoryPath &mountPoint, const string &filesystemType, bool readOnly, const string &systemMountOptions) const { + std::string chosenFilesystem = "msdos"; + std::string modifiedMountOptions = systemMountOptions; + + if (filesystemType.empty() && modifiedMountOptions.find("mountprog") == string::npos) { + // No filesystem type specified through CLI, attempt to identify with blkid + // as mount is unable to probe filesystem type on BSD + // Make sure we don't override user defined mountprog + std::vector<char> buffer(128,0); + std::string cmd = "blkid -o value -s TYPE " + static_cast<std::string>(devicePath) + " 2>/dev/null"; + std::string result; + + FILE* pipe = popen(cmd.c_str(), "r"); + if (pipe) { + while (!feof(pipe)) { + if (fgets(buffer.data(), 128, pipe) != nullptr) + result += buffer.data(); + } + fflush(pipe); + pclose(pipe); + pipe = nullptr; + } + + if (result.find("ext") == 0 || StringConverter::ToLower(filesystemType).find("ext") == 0) { + chosenFilesystem = "ext2fs"; + } + else if (result.find("exfat") == 0 || StringConverter::ToLower(filesystemType) == "exfat") { + chosenFilesystem = "exfat"; + modifiedMountOptions += string(!systemMountOptions.empty() ? "," : "") + + "mountprog=/usr/local/sbin/mount.exfat"; + } + else if (result.find("ntfs") == 0 || StringConverter::ToLower(filesystemType) == "ntfs") { + chosenFilesystem = "ntfs"; + modifiedMountOptions += string(!systemMountOptions.empty() ? "," : "") + + "mountprog=/usr/local/bin/ntfs-3g"; + } + else if (!filesystemType.empty()) { + // Filesystem is specified but is none of the above, then supply as is + chosenFilesystem = filesystemType; + } + } else + chosenFilesystem = filesystemType; + try { - // Try to mount FAT by default as mount is unable to probe filesystem type on BSD - CoreUnix::MountFilesystem (devicePath, mountPoint, filesystemType.empty() ? "msdos" : filesystemType, readOnly, systemMountOptions); + CoreUnix::MountFilesystem (devicePath, mountPoint, chosenFilesystem, readOnly, modifiedMountOptions); } catch (ExecutedProcessFailed&) { diff --git a/src/Core/Unix/Linux/CoreLinux.cpp b/src/Core/Unix/Linux/CoreLinux.cpp index e1da6dff..cd4be80f 100644 --- a/src/Core/Unix/Linux/CoreLinux.cpp +++ b/src/Core/Unix/Linux/CoreLinux.cpp @@ -22,6 +22,9 @@ #include "Platform/SystemInfo.h" #include "Platform/TextReader.h" #include "Volume/EncryptionModeXTS.h" +#ifdef WOLFCRYPT_BACKEND +#include "Volume/EncryptionModeWolfCryptXTS.h" +#endif #include "Driver/Fuse/FuseService.h" #include "Core/Unix/CoreServiceProxy.h" @@ -302,8 +305,13 @@ namespace VeraCrypt void CoreLinux::MountVolumeNative (shared_ptr <Volume> volume, MountOptions &options, const DirectoryPath &auxMountPoint) const { - bool xts = (typeid (*volume->GetEncryptionMode()) == typeid (EncryptionModeXTS)); - bool algoNotSupported = (typeid (*volume->GetEncryptionAlgorithm()) == typeid (Kuznyechik)) + bool xts = (typeid (*volume->GetEncryptionMode()) == + #ifdef WOLFCRYPT_BACKEND + typeid (EncryptionModeWolfCryptXTS)); + #else + typeid (EncryptionModeXTS)); + #endif + bool algoNotSupported = (typeid (*volume->GetEncryptionAlgorithm()) == typeid (Kuznyechik)) || (typeid (*volume->GetEncryptionAlgorithm()) == typeid (CamelliaKuznyechik)) || (typeid (*volume->GetEncryptionAlgorithm()) == typeid (KuznyechikTwofish)) || (typeid (*volume->GetEncryptionAlgorithm()) == typeid (KuznyechikAES)) @@ -378,7 +386,7 @@ namespace VeraCrypt dmCreateArgs << nativeDevPath << " 0"; SecureBuffer dmCreateArgsBuf (dmCreateArgs.str().size()); - dmCreateArgsBuf.CopyFrom (ConstBufferPtr ((byte *) dmCreateArgs.str().c_str(), dmCreateArgs.str().size())); + dmCreateArgsBuf.CopyFrom (ConstBufferPtr ((uint8 *) dmCreateArgs.str().c_str(), dmCreateArgs.str().size())); // Keys const SecureBuffer &cipherKey = cipher.GetKey(); diff --git a/src/Core/Unix/MacOSX/CoreMacOSX.cpp b/src/Core/Unix/MacOSX/CoreMacOSX.cpp index b596e6e8..cfd34072 100644 --- a/src/Core/Unix/MacOSX/CoreMacOSX.cpp +++ b/src/Core/Unix/MacOSX/CoreMacOSX.cpp @@ -107,12 +107,19 @@ namespace VeraCrypt void CoreMacOSX::CheckFilesystem (shared_ptr <VolumeInfo> mountedVolume, bool repair) const { list <string> args; - args.push_back ("/Applications/Utilities/Disk Utility.app"); + struct stat sb; + + if (stat("/Applications/Utilities/Disk Utility.app", &sb) == 0) + args.push_back ("/Applications/Utilities/Disk Utility.app"); + else + args.push_back ("/System/Applications/Utilities/Disk Utility.app"); + Process::Execute ("open", args); } void CoreMacOSX::MountAuxVolumeImage (const DirectoryPath &auxMountPoint, const MountOptions &options) const { +#ifndef VC_MACOSX_FUSET // Check FUSE version char fuseVersionString[MAXHOSTNAMELEN + 1] = { 0 }; size_t fuseVersionStringLength = MAXHOSTNAMELEN; @@ -147,7 +154,7 @@ namespace VeraCrypt if (fuseVersionMajor < 2 || (fuseVersionMajor == 2 && fuseVersionMinor < 5)) throw HigherFuseVersionRequired (SRC_POS); - +#endif // Mount volume image string volImage = string (auxMountPoint) + FuseService::GetVolumeImagePath(); diff --git a/src/Core/Unix/OpenBSD/CoreOpenBSD.cpp b/src/Core/Unix/OpenBSD/CoreOpenBSD.cpp index 0b55b401..3064103b 100644 --- a/src/Core/Unix/OpenBSD/CoreOpenBSD.cpp +++ b/src/Core/Unix/OpenBSD/CoreOpenBSD.cpp @@ -69,8 +69,6 @@ namespace VeraCrypt if (freeVnd == -1) throw "couldn't find free vnd"; - args.push_back ("-c"); - stringstream freePath; freePath << "vnd" << freeVnd; args.push_back (freePath.str()); |