From ce78f890174b107cec69d7388b9279b84f2b0a39 Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Mon, 4 Nov 2019 00:06:16 +0100 Subject: Linux/FreeBSD: Add CLI switch to force use of old sudo behavior of sending a dummy password The new switch is --use-dummy-sudo-password --- src/Core/CoreBase.cpp | 3 +++ src/Core/CoreBase.h | 7 ++++++ src/Core/Unix/CoreService.cpp | 50 +++++++++++++++++++++------------------ src/Main/CommandLineInterface.cpp | 10 +++++++- src/Main/CommandLineInterface.h | 3 +++ src/Main/UserInterface.cpp | 4 ++++ 6 files changed, 53 insertions(+), 24 deletions(-) diff --git a/src/Core/CoreBase.cpp b/src/Core/CoreBase.cpp index c22a50c0..01d3981a 100644 --- a/src/Core/CoreBase.cpp +++ b/src/Core/CoreBase.cpp @@ -20,6 +20,9 @@ namespace VeraCrypt { CoreBase::CoreBase () : DeviceChangeInProgress (false) +#if defined(TC_LINUX ) || defined (TC_FREEBSD) + , UseDummySudoPassword (false) +#endif { } diff --git a/src/Core/CoreBase.h b/src/Core/CoreBase.h index eb830ba3..8f41ddd8 100644 --- a/src/Core/CoreBase.h +++ b/src/Core/CoreBase.h @@ -77,6 +77,10 @@ namespace VeraCrypt virtual void SetFileOwner (const FilesystemPath &path, const UserId &owner) const = 0; virtual DirectoryPath SlotNumberToMountPoint (VolumeSlotNumber slotNumber) const = 0; virtual void WipePasswordCache () const = 0; +#if defined(TC_LINUX ) || defined (TC_FREEBSD) + virtual void ForceUseDummySudoPassword (bool useDummySudoPassword) { UseDummySudoPassword = useDummySudoPassword;} + virtual bool GetUseDummySudoPassword () const { return UseDummySudoPassword;} +#endif Event VolumeDismountedEvent; Event VolumeMountedEvent; @@ -87,6 +91,9 @@ namespace VeraCrypt bool DeviceChangeInProgress; FilePath ApplicationExecutablePath; +#if defined(TC_LINUX ) || defined (TC_FREEBSD) + bool UseDummySudoPassword; +#endif private: CoreBase (const CoreBase &); diff --git a/src/Core/Unix/CoreService.cpp b/src/Core/Unix/CoreService.cpp index b02bd211..2a77c90a 100644 --- a/src/Core/Unix/CoreService.cpp +++ b/src/Core/Unix/CoreService.cpp @@ -300,39 +300,43 @@ namespace VeraCrypt // See : https://superuser.com/questions/902826/why-does-sudo-n-on-mac-os-x-always-return-0 // // If for some reason we are getting empty output from pipe, we revert to old behavior + // We also use the old way if the user is forcing the use of dummy password for sudo #if defined(TC_LINUX ) || defined (TC_FREEBSD) - std::vector buffer(128, 0); - std::string result; - bool authCheckDone = false; - - FILE* pipe = popen("sudo -n uptime 2>&1 | grep 'load average' | wc -l", "r"); // We redirect stderr to stdout (2>&1) to be able to catch the result of the command - if (pipe) + if (!Core->GetUseDummySudoPassword ()) { - while (!feof(pipe)) + std::vector buffer(128, 0); + std::string result; + bool authCheckDone = false; + + FILE* pipe = popen("sudo -n uptime 2>&1 | grep 'load average' | wc -l", "r"); // We redirect stderr to stdout (2>&1) to be able to catch the result of the command + if (pipe) { - if (fgets(buffer.data(), 128, pipe) != nullptr) - result += buffer.data(); + while (!feof(pipe)) + { + if (fgets(buffer.data(), 128, pipe) != nullptr) + result += buffer.data(); + } + + fflush(pipe); + pclose(pipe); + pipe = NULL; + + if (!result.empty() && strlen(result.c_str()) != 0) + { + authCheckDone = true; + if (result[0] == '0') // no line found with "load average" text, rerquest admin password + (*AdminPasswordCallback) (request.AdminPassword); + } } - fflush(pipe); - pclose(pipe); - pipe = NULL; - - if (!result.empty() && strlen(result.c_str()) != 0) + if (authCheckDone) { - authCheckDone = true; - if (result[0] == '0') // no line found with "load average" text, rerquest admin password - (*AdminPasswordCallback) (request.AdminPassword); + // Set to false to force the 'WarningEvent' to be raised in case of and elevation exception. + request.FastElevation = false; } } - - if (authCheckDone) - { - // Set to false to force the 'WarningEvent' to be raised in case of and elevation exception. - request.FastElevation = false; - } #endif try { diff --git a/src/Main/CommandLineInterface.cpp b/src/Main/CommandLineInterface.cpp index 0360921b..b5f18dd3 100644 --- a/src/Main/CommandLineInterface.cpp +++ b/src/Main/CommandLineInterface.cpp @@ -32,6 +32,9 @@ namespace VeraCrypt ArgTrueCryptMode (false), ArgDisableFileSizeCheck (false), ArgUseLegacyPassword (false), +#if defined(TC_LINUX ) || defined (TC_FREEBSD) + ArgUseDummySudoPassword (false), +#endif StartBackgroundTask (false) { wxCmdLineParser parser; @@ -100,7 +103,9 @@ namespace VeraCrypt parser.AddParam ( _("Mount point"), wxCMD_LINE_VAL_STRING, wxCMD_LINE_PARAM_OPTIONAL); parser.AddSwitch (L"", L"no-size-check", _("Disable check of container size against disk free space.")); parser.AddSwitch (L"", L"legacy-password-maxlength", _("Use legacy maximum password length (64 UTF-8 bytes)")); - +#if defined(TC_LINUX ) || defined (TC_FREEBSD) + parser.AddSwitch (L"", L"use-dummy-sudo-password", _("Use dummy password in sudo to detect if it is already authenticated")); +#endif wxString str; bool param1IsVolume = false; bool param1IsMountedVolumeSpec = false; @@ -339,6 +344,9 @@ namespace VeraCrypt ArgTrueCryptMode = parser.Found (L"truecrypt"); ArgDisableFileSizeCheck = parser.Found (L"no-size-check"); ArgUseLegacyPassword = parser.Found (L"legacy-password-maxlength") || ArgTrueCryptMode; +#if defined(TC_LINUX ) || defined (TC_FREEBSD) + ArgUseDummySudoPassword = parser.Found (L"use-dummy-sudo-password"); +#endif #if !defined(TC_WINDOWS) && !defined(TC_MACOSX) if (parser.Found (L"fs-options", &str)) diff --git a/src/Main/CommandLineInterface.h b/src/Main/CommandLineInterface.h index ef4836e6..00dabfd6 100644 --- a/src/Main/CommandLineInterface.h +++ b/src/Main/CommandLineInterface.h @@ -85,6 +85,9 @@ namespace VeraCrypt shared_ptr ArgTokenPin; bool ArgDisableFileSizeCheck; bool ArgUseLegacyPassword; +#if defined(TC_LINUX ) || defined (TC_FREEBSD) + bool ArgUseDummySudoPassword; +#endif bool StartBackgroundTask; UserPreferences Preferences; diff --git a/src/Main/UserInterface.cpp b/src/Main/UserInterface.cpp index 7c29bbe0..c124d18a 100644 --- a/src/Main/UserInterface.cpp +++ b/src/Main/UserInterface.cpp @@ -534,6 +534,10 @@ namespace VeraCrypt Core->SetAdminPasswordCallback (shared_ptr (new AdminPasswordRequestHandler)); } +#if defined(TC_LINUX ) || defined (TC_FREEBSD) + Core->ForceUseDummySudoPassword (CmdLine->ArgUseDummySudoPassword); +#endif + Core->WarningEvent.Connect (EventConnector (this, &UserInterface::OnWarning)); Core->VolumeMountedEvent.Connect (EventConnector (this, &UserInterface::OnVolumeMounted)); -- cgit v1.2.3