From ce78f890174b107cec69d7388b9279b84f2b0a39 Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Mon, 4 Nov 2019 00:06:16 +0100 Subject: Linux/FreeBSD: Add CLI switch to force use of old sudo behavior of sending a dummy password The new switch is --use-dummy-sudo-password --- src/Core/CoreBase.cpp | 3 +++ src/Core/CoreBase.h | 7 ++++++ src/Core/Unix/CoreService.cpp | 50 +++++++++++++++++++++++-------------------- 3 files changed, 37 insertions(+), 23 deletions(-) (limited to 'src/Core') diff --git a/src/Core/CoreBase.cpp b/src/Core/CoreBase.cpp index c22a50c0..01d3981a 100644 --- a/src/Core/CoreBase.cpp +++ b/src/Core/CoreBase.cpp @@ -20,6 +20,9 @@ namespace VeraCrypt { CoreBase::CoreBase () : DeviceChangeInProgress (false) +#if defined(TC_LINUX ) || defined (TC_FREEBSD) + , UseDummySudoPassword (false) +#endif { } diff --git a/src/Core/CoreBase.h b/src/Core/CoreBase.h index eb830ba3..8f41ddd8 100644 --- a/src/Core/CoreBase.h +++ b/src/Core/CoreBase.h @@ -77,6 +77,10 @@ namespace VeraCrypt virtual void SetFileOwner (const FilesystemPath &path, const UserId &owner) const = 0; virtual DirectoryPath SlotNumberToMountPoint (VolumeSlotNumber slotNumber) const = 0; virtual void WipePasswordCache () const = 0; +#if defined(TC_LINUX ) || defined (TC_FREEBSD) + virtual void ForceUseDummySudoPassword (bool useDummySudoPassword) { UseDummySudoPassword = useDummySudoPassword;} + virtual bool GetUseDummySudoPassword () const { return UseDummySudoPassword;} +#endif Event VolumeDismountedEvent; Event VolumeMountedEvent; @@ -87,6 +91,9 @@ namespace VeraCrypt bool DeviceChangeInProgress; FilePath ApplicationExecutablePath; +#if defined(TC_LINUX ) || defined (TC_FREEBSD) + bool UseDummySudoPassword; +#endif private: CoreBase (const CoreBase &); diff --git a/src/Core/Unix/CoreService.cpp b/src/Core/Unix/CoreService.cpp index b02bd211..2a77c90a 100644 --- a/src/Core/Unix/CoreService.cpp +++ b/src/Core/Unix/CoreService.cpp @@ -300,39 +300,43 @@ namespace VeraCrypt // See : https://superuser.com/questions/902826/why-does-sudo-n-on-mac-os-x-always-return-0 // // If for some reason we are getting empty output from pipe, we revert to old behavior + // We also use the old way if the user is forcing the use of dummy password for sudo #if defined(TC_LINUX ) || defined (TC_FREEBSD) - std::vector buffer(128, 0); - std::string result; - bool authCheckDone = false; - - FILE* pipe = popen("sudo -n uptime 2>&1 | grep 'load average' | wc -l", "r"); // We redirect stderr to stdout (2>&1) to be able to catch the result of the command - if (pipe) + if (!Core->GetUseDummySudoPassword ()) { - while (!feof(pipe)) + std::vector buffer(128, 0); + std::string result; + bool authCheckDone = false; + + FILE* pipe = popen("sudo -n uptime 2>&1 | grep 'load average' | wc -l", "r"); // We redirect stderr to stdout (2>&1) to be able to catch the result of the command + if (pipe) { - if (fgets(buffer.data(), 128, pipe) != nullptr) - result += buffer.data(); + while (!feof(pipe)) + { + if (fgets(buffer.data(), 128, pipe) != nullptr) + result += buffer.data(); + } + + fflush(pipe); + pclose(pipe); + pipe = NULL; + + if (!result.empty() && strlen(result.c_str()) != 0) + { + authCheckDone = true; + if (result[0] == '0') // no line found with "load average" text, rerquest admin password + (*AdminPasswordCallback) (request.AdminPassword); + } } - fflush(pipe); - pclose(pipe); - pipe = NULL; - - if (!result.empty() && strlen(result.c_str()) != 0) + if (authCheckDone) { - authCheckDone = true; - if (result[0] == '0') // no line found with "load average" text, rerquest admin password - (*AdminPasswordCallback) (request.AdminPassword); + // Set to false to force the 'WarningEvent' to be raised in case of and elevation exception. + request.FastElevation = false; } } - - if (authCheckDone) - { - // Set to false to force the 'WarningEvent' to be raised in case of and elevation exception. - request.FastElevation = false; - } #endif try { -- cgit v1.2.3