diff options
Diffstat (limited to 'src/Core/Unix')
-rw-r--r-- | src/Core/Unix/CoreService.cpp | 11 | ||||
-rw-r--r-- | src/Core/Unix/CoreServiceProxy.h | 6 | ||||
-rw-r--r-- | src/Core/Unix/CoreUnix.cpp | 124 | ||||
-rw-r--r-- | src/Core/Unix/Linux/CoreLinux.cpp | 13 | ||||
-rw-r--r-- | src/Core/Unix/MacOSX/CoreMacOSX.cpp | 16 | ||||
-rw-r--r-- | src/Core/Unix/OpenBSD/CoreOpenBSD.cpp | 164 | ||||
-rw-r--r-- | src/Core/Unix/OpenBSD/CoreOpenBSD.h | 44 | ||||
-rw-r--r-- | src/Core/Unix/OpenBSD/System.h | 19 |
8 files changed, 376 insertions, 21 deletions
diff --git a/src/Core/Unix/CoreService.cpp b/src/Core/Unix/CoreService.cpp index 44389612..e543652a 100644 --- a/src/Core/Unix/CoreService.cpp +++ b/src/Core/Unix/CoreService.cpp @@ -303,12 +303,11 @@ namespace VeraCrypt // We also use the old way if the user is forcing the use of dummy password for sudo #if defined(TC_LINUX ) || defined (TC_FREEBSD) - + bool authCheckDone = false; if (!Core->GetUseDummySudoPassword ()) { std::vector<char> buffer(128, 0); std::string result; - bool authCheckDone = false; FILE* pipe = popen("sudo -n uptime 2>&1 | grep 'load average' | wc -l", "r"); // We redirect stderr to stdout (2>&1) to be able to catch the result of the command if (pipe) @@ -354,7 +353,10 @@ namespace VeraCrypt } request.FastElevation = false; - (*AdminPasswordCallback) (request.AdminPassword); +#if defined(TC_LINUX ) || defined (TC_FREEBSD) + if(!authCheckDone) +#endif + (*AdminPasswordCallback) (request.AdminPassword); } } } @@ -458,6 +460,9 @@ namespace VeraCrypt adminPassword[request.AdminPassword.size()] = '\n'; } +#if defined(TC_LINUX ) + Thread::Sleep (1000); // wait 1 second for the forked sudo to start +#endif if (write (inPipe->GetWriteFD(), &adminPassword.front(), adminPassword.size())) { } // Errors ignored burn (&adminPassword.front(), adminPassword.size()); diff --git a/src/Core/Unix/CoreServiceProxy.h b/src/Core/Unix/CoreServiceProxy.h index f5bbae3d..d57d8163 100644 --- a/src/Core/Unix/CoreServiceProxy.h +++ b/src/Core/Unix/CoreServiceProxy.h @@ -98,11 +98,11 @@ namespace VeraCrypt { MountOptions newOptions = options; - newOptions.Password = Keyfile::ApplyListToPassword (options.Keyfiles, options.Password); + newOptions.Password = Keyfile::ApplyListToPassword (options.Keyfiles, options.Password, options.EMVSupportEnabled); if (newOptions.Keyfiles) newOptions.Keyfiles->clear(); - newOptions.ProtectionPassword = Keyfile::ApplyListToPassword (options.ProtectionKeyfiles, options.ProtectionPassword); + newOptions.ProtectionPassword = Keyfile::ApplyListToPassword (options.ProtectionKeyfiles, options.ProtectionPassword, options.EMVSupportEnabled); if (newOptions.ProtectionKeyfiles) newOptions.ProtectionKeyfiles->clear(); @@ -126,7 +126,7 @@ namespace VeraCrypt if (options.CachePassword && ((options.Password && !options.Password->IsEmpty()) || (options.Keyfiles && !options.Keyfiles->empty()))) { - VolumePasswordCache::Store (*Keyfile::ApplyListToPassword (options.Keyfiles, options.Password)); + VolumePasswordCache::Store (*Keyfile::ApplyListToPassword (options.Keyfiles, options.Password, options.EMVSupportEnabled)); } } diff --git a/src/Core/Unix/CoreUnix.cpp b/src/Core/Unix/CoreUnix.cpp index a6485208..258979b9 100644 --- a/src/Core/Unix/CoreUnix.cpp +++ b/src/Core/Unix/CoreUnix.cpp @@ -24,6 +24,11 @@ namespace VeraCrypt { +#ifdef TC_LINUX + static string GetTmpUser (); + static bool SamePath (const string& path1, const string& path2); +#endif + CoreUnix::CoreUnix () { signal (SIGPIPE, SIG_IGN); @@ -73,10 +78,8 @@ namespace VeraCrypt if (stat("/usr/bin/konsole", &sb) == 0) { args.clear (); - args.push_back ("--title"); - args.push_back ("fsck"); - args.push_back ("--caption"); - args.push_back ("fsck"); + args.push_back ("-p"); + args.push_back ("tabtitle=fsck"); args.push_back ("-e"); args.push_back ("sh"); args.push_back ("-c"); @@ -86,8 +89,22 @@ namespace VeraCrypt Process::Execute ("konsole", args, 1000); } catch (TimeOut&) { } } + else if (stat("/usr/bin/gnome-terminal", &sb) == 0 && stat("/usr/bin/dbus-launch", &sb) == 0) + { + args.clear (); + args.push_back ("--title"); + args.push_back ("fsck"); + args.push_back ("--"); + args.push_back ("sh"); + args.push_back ("-c"); + args.push_back (xargs); + try + { + Process::Execute ("gnome-terminal", args, 1000); + } catch (TimeOut&) { } + } else - throw; + throw TerminalNotFound(); } #endif } @@ -355,10 +372,99 @@ namespace VeraCrypt string CoreUnix::GetTempDirectory () const { - char *envDir = getenv ("TMPDIR"); - return envDir ? envDir : "/tmp"; + const char *tmpdir = getenv ("TMPDIR"); + string envDir = tmpdir ? tmpdir : "/tmp"; + +#ifdef TC_LINUX + /* + * If pam_tmpdir.so is in use, a different temporary directory is + * allocated for each user ID. We need to mount to the directory used + * by the non-root user. + */ + if (getuid () == 0 && envDir.size () >= 2 + && envDir.substr (envDir.size () - 2) == "/0") { + string tmpuser = GetTmpUser (); + if (SamePath (envDir, tmpuser + "/0")) { + /* Substitute the sudo'ing user for 0 */ + char uid[40]; + FILE *fp = fopen ("/proc/self/loginuid", "r"); + if (fp != NULL) { + if (fgets (uid, sizeof (uid), fp) != nullptr) { + envDir = tmpuser + "/" + uid; + } + fclose (fp); + } + } + } +#endif + + return envDir; + } + +#ifdef TC_LINUX + static string GetTmpUser () + { + string tmpuser = "/tmp/user"; + FILE *fp = fopen ("/etc/security/tmpdir.conf", "r"); + if (fp == NULL) { + return tmpuser; + } + while (true) { + /* Parses the same way as pam_tmpdir */ + char line[1024]; + if (fgets (line, sizeof (line), fp) == nullptr) { + break; + } + if (line[0] == '#') { + continue; + } + size_t len = strlen (line); + if (len > 0 && line[len-1] == '\n') { + line[len-1] = '\0'; + } + char *eq = strchr (line, '='); + if (eq == nullptr) { + continue; + } + *eq = '\0'; + const char *key = line; + const char *value = eq + 1; + if (strcmp (key, "tmpdir") == 0) { + tmpuser = value; + break; + } + } + fclose (fp); + return tmpuser; } + static bool SamePath (const string& path1, const string& path2) + { + size_t i1 = 0; + size_t i2 = 0; + while (i1 < path1.size () && i2 < path2.size ()) { + if (path1[i1] != path2[i2]) { + return false; + } + /* Any two substrings consisting entirely of slashes compare equal */ + if (path1[i1] == '/') { + while (i1 < path1.size () && path1[i1] == '/') { + ++i1; + } + while (i2 < path2.size () && path2[i2] == '/') { + ++i2; + } + } + else + { + ++i1; + ++i2; + } + } + return (i1 == path1.size () && i2 == path2.size ()); + } +#endif + bool CoreUnix::IsMountPointAvailable (const DirectoryPath &mountPoint) const { return GetMountedFilesystems (DevicePath(), mountPoint).size() == 0; @@ -440,8 +546,8 @@ namespace VeraCrypt options.Password, options.Pim, options.Kdf, - options.TrueCryptMode, options.Keyfiles, + options.EMVSupportEnabled, options.Protection, options.ProtectionPassword, options.ProtectionPim, @@ -585,7 +691,7 @@ namespace VeraCrypt { try { - chown (mountPoint.c_str(), GetRealUserId(), GetRealGroupId()); + throw_sys_sub_if (chown (mountPoint.c_str(), GetRealUserId(), GetRealGroupId()) == -1, mountPoint); } catch (...) { } } } diff --git a/src/Core/Unix/Linux/CoreLinux.cpp b/src/Core/Unix/Linux/CoreLinux.cpp index 47ec8fb8..5d5ba38f 100644 --- a/src/Core/Unix/Linux/CoreLinux.cpp +++ b/src/Core/Unix/Linux/CoreLinux.cpp @@ -22,6 +22,9 @@ #include "Platform/SystemInfo.h" #include "Platform/TextReader.h" #include "Volume/EncryptionModeXTS.h" +#ifdef WOLFCRYPT_BACKEND +#include "Volume/EncryptionModeWolfCryptXTS.h" +#endif #include "Driver/Fuse/FuseService.h" #include "Core/Unix/CoreServiceProxy.h" @@ -302,9 +305,13 @@ namespace VeraCrypt void CoreLinux::MountVolumeNative (shared_ptr <Volume> volume, MountOptions &options, const DirectoryPath &auxMountPoint) const { - bool xts = (typeid (*volume->GetEncryptionMode()) == typeid (EncryptionModeXTS)); - bool algoNotSupported = (typeid (*volume->GetEncryptionAlgorithm()) == typeid (GOST89)) - || (typeid (*volume->GetEncryptionAlgorithm()) == typeid (Kuznyechik)) + bool xts = (typeid (*volume->GetEncryptionMode()) == + #ifdef WOLFCRYPT_BACKEND + typeid (EncryptionModeWolfCryptXTS)); + #else + typeid (EncryptionModeXTS)); + #endif + bool algoNotSupported = (typeid (*volume->GetEncryptionAlgorithm()) == typeid (Kuznyechik)) || (typeid (*volume->GetEncryptionAlgorithm()) == typeid (CamelliaKuznyechik)) || (typeid (*volume->GetEncryptionAlgorithm()) == typeid (KuznyechikTwofish)) || (typeid (*volume->GetEncryptionAlgorithm()) == typeid (KuznyechikAES)) diff --git a/src/Core/Unix/MacOSX/CoreMacOSX.cpp b/src/Core/Unix/MacOSX/CoreMacOSX.cpp index c3809ef3..dde0d949 100644 --- a/src/Core/Unix/MacOSX/CoreMacOSX.cpp +++ b/src/Core/Unix/MacOSX/CoreMacOSX.cpp @@ -107,7 +107,13 @@ namespace VeraCrypt void CoreMacOSX::CheckFilesystem (shared_ptr <VolumeInfo> mountedVolume, bool repair) const { list <string> args; - args.push_back ("/Applications/Utilities/Disk Utility.app"); + struct stat sb; + + if (stat("/Applications/Utilities/Disk Utility.app", &sb) == 0) + args.push_back ("/Applications/Utilities/Disk Utility.app"); + else + args.push_back ("/System/Applications/Utilities/Disk Utility.app"); + Process::Execute ("open", args); } @@ -123,13 +129,17 @@ namespace VeraCrypt fuseVersionStringLength = MAXHOSTNAMELEN; if ((status = sysctlbyname ("vfs.generic.osxfuse.version.number", fuseVersionString, &fuseVersionStringLength, NULL, 0)) != 0) { - throw HigherFuseVersionRequired (SRC_POS); + fuseVersionStringLength = MAXHOSTNAMELEN; + if ((status = sysctlbyname ("vfs.generic.macfuse.version.number", fuseVersionString, &fuseVersionStringLength, NULL, 0)) != 0) + { + throw HigherFuseVersionRequired (SRC_POS); + } } } // look for OSXFuse dynamic library struct stat sb; - if (0 != stat("/usr/local/lib/libosxfuse_i64.2.dylib", &sb)) + if (0 != stat("/usr/local/lib/libosxfuse_i64.2.dylib", &sb) && 0 != stat("/usr/local/lib/libfuse.dylib", &sb)) { throw HigherFuseVersionRequired (SRC_POS); } diff --git a/src/Core/Unix/OpenBSD/CoreOpenBSD.cpp b/src/Core/Unix/OpenBSD/CoreOpenBSD.cpp new file mode 100644 index 00000000..3064103b --- /dev/null +++ b/src/Core/Unix/OpenBSD/CoreOpenBSD.cpp @@ -0,0 +1,164 @@ +/* $OpenBSD$ */ +/* + Based on FreeBSD/CoreFreeBSD.cpp + + Derived from source code of TrueCrypt 7.1a, which is + Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed + by the TrueCrypt License 3.0. + + Modifications and additions to the original source code (contained in this file) + and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and are governed by the Apache License 2.0 the full text of which is + contained in the file License.txt included in VeraCrypt binary and source + code distribution packages. +*/ + +#include <fstream> +#include <iostream> +#include <stdio.h> +#include <unistd.h> +#include <sys/param.h> +#include <sys/ucred.h> +#include <sys/mount.h> +#include <sys/wait.h> +#include "CoreOpenBSD.h" +#include "Core/Unix/CoreServiceProxy.h" + +namespace VeraCrypt +{ + CoreOpenBSD::CoreOpenBSD () + { + } + + CoreOpenBSD::~CoreOpenBSD () + { + } + + DevicePath CoreOpenBSD::AttachFileToLoopDevice (const FilePath &filePath, bool readOnly) const + { + list <string> args; + + if (readOnly) + { + throw; + } + + // find an available vnd + int freeVnd = -1; + for (int vnd = 0; vnd <= 3; vnd++) + { + stringstream devPath; + devPath << "/dev/vnd" << vnd << "c"; + + if (FilesystemPath (devPath.str()).IsBlockDevice() || FilesystemPath (devPath.str()).IsCharacterDevice()) + { + make_shared_auto (HostDevice, device); + device->Path = devPath.str(); + try + { + GetDeviceSize (device->Path); + } + catch (...) + { + freeVnd = vnd; + break; + } + } + } + + if (freeVnd == -1) + throw "couldn't find free vnd"; + + stringstream freePath; + freePath << "vnd" << freeVnd; + args.push_back (freePath.str()); + + args.push_back (filePath); + + Process::Execute ("vnconfig", args); + + return "/dev/" + freePath.str() + "c"; + } + + void CoreOpenBSD::DetachLoopDevice (const DevicePath &devicePath) const + { + list <string> args; + args.push_back ("-u"); + args.push_back (devicePath); + + for (int t = 0; true; t++) + { + try + { + Process::Execute ("vnconfig", args); + break; + } + catch (ExecutedProcessFailed&) + { + if (t > 5) + throw; + Thread::Sleep (200); + } + } + } + + // not sure what this is used for + HostDeviceList CoreOpenBSD::GetHostDevices (bool pathListOnly) const + { + throw; + } + + MountedFilesystemList CoreOpenBSD::GetMountedFilesystems (const DevicePath &devicePath, const DirectoryPath &mountPoint) const + { + + static Mutex mutex; + ScopeLock sl (mutex); + + struct statfs *sysMountList; + int count = getmntinfo (&sysMountList, MNT_NOWAIT); + throw_sys_if (count == 0); + + MountedFilesystemList mountedFilesystems; + + for (int i = 0; i < count; i++) + { + make_shared_auto (MountedFilesystem, mf); + + if (sysMountList[i].f_mntfromname[0]) + mf->Device = DevicePath (sysMountList[i].f_mntfromname); + else + continue; + + if (sysMountList[i].f_mntonname[0]) + mf->MountPoint = DirectoryPath (sysMountList[i].f_mntonname); + + mf->Type = sysMountList[i].f_fstypename; + + if ((devicePath.IsEmpty() || devicePath == mf->Device) && (mountPoint.IsEmpty() || mountPoint == mf->MountPoint)) + mountedFilesystems.push_back (mf); + } + + return mountedFilesystems; + } + + void CoreOpenBSD::MountFilesystem (const DevicePath &devicePath, const DirectoryPath &mountPoint, const string &filesystemType, bool readOnly, const string &systemMountOptions) const + { + try + { + // Try to mount FAT by default as mount is unable to probe filesystem type on BSD + CoreUnix::MountFilesystem (devicePath, mountPoint, filesystemType.empty() ? "msdos" : filesystemType, readOnly, systemMountOptions); + } + catch (ExecutedProcessFailed&) + { + if (!filesystemType.empty()) + throw; + + CoreUnix::MountFilesystem (devicePath, mountPoint, filesystemType, readOnly, systemMountOptions); + } + } + +#ifdef TC_OPENBSD + unique_ptr <CoreBase> Core (new CoreServiceProxy <CoreOpenBSD>); + unique_ptr <CoreBase> CoreDirect (new CoreOpenBSD); +#endif +} diff --git a/src/Core/Unix/OpenBSD/CoreOpenBSD.h b/src/Core/Unix/OpenBSD/CoreOpenBSD.h new file mode 100644 index 00000000..3f6c48b5 --- /dev/null +++ b/src/Core/Unix/OpenBSD/CoreOpenBSD.h @@ -0,0 +1,44 @@ +/* $OpenBSD$ */ +/* + Based on FreeBSD/CoreFreeBSD.h + + Derived from source code of TrueCrypt 7.1a, which is + Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed + by the TrueCrypt License 3.0. + + Modifications and additions to the original source code (contained in this file) + and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and are governed by the Apache License 2.0 the full text of which is + contained in the file License.txt included in VeraCrypt binary and source + code distribution packages. +*/ + +#ifndef TC_HEADER_Core_CoreOpenBSD +#define TC_HEADER_Core_CoreOpenBSD + +#include "System.h" +#include "Core/Unix/CoreUnix.h" + +namespace VeraCrypt +{ + class CoreOpenBSD : public CoreUnix + { + public: + CoreOpenBSD (); + virtual ~CoreOpenBSD (); + + virtual HostDeviceList GetHostDevices (bool pathListOnly = false) const; + + protected: + virtual DevicePath AttachFileToLoopDevice (const FilePath &filePath, bool readOnly) const; + virtual void DetachLoopDevice (const DevicePath &devicePath) const; + virtual MountedFilesystemList GetMountedFilesystems (const DevicePath &devicePath = DevicePath(), const DirectoryPath &mountPoint = DirectoryPath()) const; + virtual void MountFilesystem (const DevicePath &devicePath, const DirectoryPath &mountPoint, const string &filesystemType, bool readOnly, const string &systemMountOptions) const; + + private: + CoreOpenBSD (const CoreOpenBSD &); + CoreOpenBSD &operator= (const CoreOpenBSD &); + }; +} + +#endif // TC_HEADER_Core_CoreOpenBSD diff --git a/src/Core/Unix/OpenBSD/System.h b/src/Core/Unix/OpenBSD/System.h new file mode 100644 index 00000000..90b24b2a --- /dev/null +++ b/src/Core/Unix/OpenBSD/System.h @@ -0,0 +1,19 @@ +/* $OpenBSD$ */ +/* + Based on FreeBSD/System.h + + Derived from source code of TrueCrypt 7.1a, which is + Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed + by the TrueCrypt License 3.0. + + Modifications and additions to the original source code (contained in this file) + and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and are governed by the Apache License 2.0 the full text of which is + contained in the file License.txt included in VeraCrypt binary and source + code distribution packages. +*/ + +#ifndef TC_HEADER_Platform_OpenBSD_System +#define TC_HEADER_Platform_OpenBSD_System + +#endif // TC_HEADER_Platform_OpenBSD_System |