From cca08e1ed5fc70cd56a262b7782d970663c8208a Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Sun, 20 Oct 2019 16:33:34 +0200 Subject: Windows: Add checks that the System Favorites service is running. Warn user if he enabled option to clear RAM encryption keys and the service is stopped. --- src/Common/BootEncryption.cpp | 40 +++++++++++++++++++++++++++++++++++++++- src/Common/BootEncryption.h | 1 + src/Common/Dlgcode.c | 2 +- src/Common/Dlgcode.h | 2 +- src/Mount/Favorites.cpp | 7 +++++++ src/Mount/Mount.c | 32 +++++++++++++++++++++++++++++++- 6 files changed, 80 insertions(+), 4 deletions(-) diff --git a/src/Common/BootEncryption.cpp b/src/Common/BootEncryption.cpp index 597a567d..e93415aa 100644 --- a/src/Common/BootEncryption.cpp +++ b/src/Common/BootEncryption.cpp @@ -4628,6 +4628,16 @@ namespace VeraCrypt if (registerService) { + // check if service already exists. + // If yes then start it immediatly after reinstalling it + bool bAlreadyExists = false; + SC_HANDLE service = OpenService (scm, TC_SYSTEM_FAVORITES_SERVICE_NAME, GENERIC_READ); + if (service) + { + bAlreadyExists = true; + CloseServiceHandle (service); + } + try { RegisterSystemFavoritesService (FALSE, noFileHandling); @@ -4650,7 +4660,7 @@ namespace VeraCrypt throw_sys_if (!CopyFile (appPath, servicePath.c_str(), FALSE)); } - SC_HANDLE service = CreateService (scm, + service = CreateService (scm, TC_SYSTEM_FAVORITES_SERVICE_NAME, _T(TC_APP_NAME) L" System Favorites", SERVICE_ALL_ACCESS, @@ -4670,6 +4680,10 @@ namespace VeraCrypt description.lpDescription = L"Mounts VeraCrypt system favorite volumes."; ChangeServiceConfig2 (service, SERVICE_CONFIG_DESCRIPTION, &description); + // start the service immediatly if it already existed before + if (bAlreadyExists) + StartService (service, 0, NULL); + CloseServiceHandle (service); try @@ -4711,6 +4725,30 @@ namespace VeraCrypt } } + bool BootEncryption::IsSystemFavoritesServiceRunning () + { + bool bRet = false; + SC_HANDLE scm = OpenSCManager (NULL, NULL, SC_MANAGER_CONNECT); + if (scm) + { + SC_HANDLE service = OpenService(scm, TC_SYSTEM_FAVORITES_SERVICE_NAME, GENERIC_READ); + if (service) + { + SERVICE_STATUS status; + if (QueryServiceStatus(service, &status)) + { + bRet = (status.dwCurrentState == SERVICE_RUNNING); + } + + CloseServiceHandle(service); + } + + CloseServiceHandle (scm); + } + + return bRet; + } + void BootEncryption::UpdateSystemFavoritesService () { SC_HANDLE scm = OpenSCManager (NULL, NULL, SC_MANAGER_ALL_ACCESS); diff --git a/src/Common/BootEncryption.h b/src/Common/BootEncryption.h index de4f7489..cc782966 100644 --- a/src/Common/BootEncryption.h +++ b/src/Common/BootEncryption.h @@ -287,6 +287,7 @@ namespace VeraCrypt void RegisterFilterDriver (bool registerDriver, FilterType filterType); void RegisterSystemFavoritesService (BOOL registerService); void RegisterSystemFavoritesService (BOOL registerService, BOOL noFileHandling); + bool IsSystemFavoritesServiceRunning (); void UpdateSystemFavoritesService (); void RenameDeprecatedSystemLoaderBackup (); bool RestartComputer (BOOL bShutdown = FALSE); diff --git a/src/Common/Dlgcode.c b/src/Common/Dlgcode.c index 08e24997..2439c106 100644 --- a/src/Common/Dlgcode.c +++ b/src/Common/Dlgcode.c @@ -11142,7 +11142,7 @@ void InconsistencyResolved (char *techInfo) } -void ReportUnexpectedState (char *techInfo) +void ReportUnexpectedState (const char *techInfo) { wchar_t finalMsg[8024]; diff --git a/src/Common/Dlgcode.h b/src/Common/Dlgcode.h index 3df68227..f17ce22e 100644 --- a/src/Common/Dlgcode.h +++ b/src/Common/Dlgcode.h @@ -473,7 +473,7 @@ BOOL CALLBACK CloseTCWindowsEnum( HWND hwnd, LPARAM lParam); BOOL CALLBACK FindTCWindowEnum (HWND hwnd, LPARAM lParam); BYTE *MapResource (wchar_t *resourceType, int resourceId, PDWORD size); void InconsistencyResolved (char *msg); -void ReportUnexpectedState (char *techInfo); +void ReportUnexpectedState (const char *techInfo); BOOL SelectMultipleFiles (HWND hwndDlg, const char *stringId, wchar_t *lpszFileName, size_t cbFileName, BOOL keepHistory); BOOL SelectMultipleFilesNext (wchar_t *lpszFileName, size_t cbFileName); void OpenOnlineHelp (); diff --git a/src/Mount/Favorites.cpp b/src/Mount/Favorites.cpp index eafc4734..e93b9203 100644 --- a/src/Mount/Favorites.cpp +++ b/src/Mount/Favorites.cpp @@ -260,6 +260,13 @@ namespace VeraCrypt if (reqConfig != (ReadDriverConfigurationFlags() & TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD_FOR_SYS_FAVORITES)) BootEncObj.SetDriverConfigurationFlag (TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD_FOR_SYS_FAVORITES, reqConfig ? true : false); + if (!BootEncObj.IsSystemFavoritesServiceRunning()) + { + // The system favorites service should be always running + // If it is stopped for some reason, we reconfigure it + BootEncObj.RegisterSystemFavoritesService (TRUE); + } + SetDriverConfigurationFlag (TC_DRIVER_CONFIG_DISABLE_NONADMIN_SYS_FAVORITES_ACCESS, IsDlgButtonChecked (hwndDlg, IDC_FAVORITE_DISABLE_HOTKEY)); } catch (Exception &e) diff --git a/src/Mount/Mount.c b/src/Mount/Mount.c index ed57a617..4ee32dfb 100644 --- a/src/Mount/Mount.c +++ b/src/Mount/Mount.c @@ -11626,6 +11626,14 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA BOOL bClearKeysEnabled = (driverConfig & VC_DRIVER_CONFIG_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION)? TRUE : FALSE; BOOL bIsHiddenOS = IsHiddenOSRunning (); + if (bClearKeysEnabled) + { + // the clear keys option works only if the service is running + if (!BootEncObj->IsSystemFavoritesServiceRunning()) + bClearKeysEnabled = false; + } + + if (!BootEncObj->ReadBootSectorConfig (nullptr, 0, &userConfig, &customUserMessage, &bootLoaderVersion)) { // operations canceled @@ -11789,6 +11797,17 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA BOOL bPimCacheEnabled = IsDlgButtonChecked (hwndDlg, IDC_BOOT_LOADER_CACHE_PIM); BOOL bBlockSysEncTrimEnabled = IsDlgButtonChecked (hwndDlg, IDC_BLOCK_SYSENC_TRIM); BOOL bClearKeysEnabled = IsDlgButtonChecked (hwndDlg, IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION); + + if (bClearKeysEnabled && !BootEncObj->IsSystemFavoritesServiceRunning()) + { + // the system favorite service service should be running + // if it is not the case, report a failure and quit + std::string techInfo = SRC_POS; + techInfo += "\nIsSystemFavoritesServiceRunning = False."; + ReportUnexpectedState (techInfo.c_str()); + return 1; + } + BootEncObj->WriteBootSectorUserConfig (userConfig, customUserMessage, prop.volumePim, prop.pkcs5); SetDriverConfigurationFlag (TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD, bPasswordCacheEnabled); SetDriverConfigurationFlag (TC_DRIVER_CONFIG_CACHE_BOOT_PIM, (bPasswordCacheEnabled && bPimCacheEnabled)? TRUE : FALSE); @@ -11841,7 +11860,18 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA case IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION: if (IsDlgButtonChecked (hwndDlg, IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION)) { - Warning ("CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING", hwndDlg); + if (!BootEncObj->IsSystemFavoritesServiceRunning()) + { + // the system favorite service service should be running + // if it is not the case, report a failure + std::string techInfo = SRC_POS; + techInfo += "\nIsSystemFavoritesServiceRunning = False."; + ReportUnexpectedState (techInfo.c_str()); + + CheckDlgButton (hwndDlg, IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION, BST_UNCHECKED); + } + else + Warning ("CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING", hwndDlg); } break; -- cgit v1.2.3