zuluCrypt  5.7.1
About: zuluCrypt is a simple but feature rich solution for hard drives encryption. It can manage PLAIN dm-crypt, LUKS, TrueCrypt and VeraCrypt encrypted volumes.
  Fossies Dox: zuluCrypt-5.7.1.tar.xz  ("unofficial" and yet experimental doxygen-generated source code documentation)  

file_path_security.c
Go to the documentation of this file.
1 /*
2  *
3  * Copyright ( c ) 2012-2015
4  * name : Francis Banyikwa
5  * email: mhogomchungu@gmail.com
6  * This program is free software: you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License as published by
8  * the Free Software Foundation, either version 2 of the License, or
9  * ( at your option ) any later version.
10  *
11  * This program is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14  * GNU General Public License for more details.
15  *
16  * You should have received a copy of the GNU General Public License
17  * along with this program. If not, see <http://www.gnu.org/licenses/>.
18  */
19 
20 #include "includes.h"
21 #include <errno.h>
22 #include <sys/types.h>
23 #include <unistd.h>
24 #include <fcntl.h>
25 #include <unistd.h>
26 #include <sys/mount.h>
27 #include <sys/types.h>
28 #include <sys/stat.h>
29 #include <sys/mman.h>
30 
31 #define _ignore_result( x ) if( x ){;}
32 
33 int zuluCryptSecureOpenFile( const char * path,int * fd,string_t * file,uid_t uid )
34 {
35  int st ;
36  int f = -1 ;
37  uid_t org = geteuid() ;
38  char * dev ;
39 
40  _ignore_result( seteuid( uid ) ) ;
41 
42  f = open( path,O_RDONLY ) ;
43 
44  if( f != -1 ){
45 
47  *file = StringInherit( &dev ) ;
48  *fd = f ;
49  st = 1 ;
50  }else{
51  st = 0 ;
52  }
53  _ignore_result( seteuid( org ) ) ;
54  return st ;
55 }
56 
57 void zuluCryptDeleteFile( const char * file )
58 {
59  int fd ;
60  void * map ;
61  struct stat st ;
62 
63  if( file != NULL ){
64 
65  fd = open( file,O_WRONLY ) ;
66 
67  if( fd != -1 ){
68 
69  fstat( fd,&st ) ;
70  map = mmap( 0,st.st_size,PROT_WRITE,MAP_PRIVATE,fd,0 ) ;
71 
72  if( map != MAP_FAILED ){
73 
74  memset( map,'\0',st.st_size ) ;
75  munmap( map,st.st_size ) ;
76  }
77  close( fd ) ;
78  }
79  unlink( file ) ;
80  }
81 }
82 
84 {
86 }
87 
88 static int _check_if_device_is_supported( int st,uid_t uid,char ** dev )
89 {
90  string_t fs ;
91  if( st == 0 ){
92  _ignore_result( seteuid( 0 ) ) ;
93  /*
94  * zuluCryptGetFileSystemFromDevice() is defined in blkid_evaluate_tag.c
95  */
97 
98  _ignore_result( seteuid( uid ) ) ;
99 
100  if( fs != StringVoid ){
101  if( StringHasAtLeastOneComponent( fs,"member","swap",NULL ) ){
102  st = 100 ;
103  }
104  StringDelete( &fs ) ;
105  }
106  }else{
107  /*
108  * safely do free( *dev ) followed by *dev = NULL
109  */
110  StringFree_1( dev ) ;
111  }
112 
113  return st ;
114 }
115 
116 int zuluCryptGetDeviceFileProperties( const char * file,int * fd_path,int * fd_loop,char ** dev,uid_t uid )
117 {
118  int st = 100 ;
119  int xt = 0 ;
120  int lfd ;
121 
122  const char * dev_1 = NULL ;
123  string_t st_dev = StringVoid ;
124 
125  struct stat stat_st ;
126  struct stat stat_st_1 ;
127  /*
128  * try to open the device with user privileges
129  */
130  _ignore_result( seteuid( uid ) ) ;
131 
132  *dev = NULL ;
133 
134  *fd_path = open( file,O_RDONLY ) ;
135 
136  if( *fd_path != -1 ){
137 
138  fstat( *fd_path,&stat_st ) ;
139  fcntl( *fd_path,F_SETFD,FD_CLOEXEC ) ;
140  /*
141  * A user has access to the device.They should get here only with paths to files they have access to.
142  * Allow access to files only
143  */
144  if( S_ISREG( stat_st.st_mode ) ){
145  /*
146  * we can open file in read mode,let see if we can in write mode too
147  */
148  lfd = open( file,O_RDWR ) ;
149  if( lfd != -1 ){
150  /*
151  * we can open the file in read write mode
152  */
153  fstat( lfd,&stat_st_1 ) ;
154  fcntl( lfd,F_SETFD,FD_CLOEXEC ) ;
155 
156  /*
157  * check to make sure the file we got earlier is the same one we got now.
158  * ie check to make sure the file wasnt changed btw calls.
159  */
160  if( stat_st.st_dev == stat_st_1.st_dev && stat_st.st_ino == stat_st_1.st_ino ){
161  close( *fd_path ) ;
162  *fd_path = lfd ;
163  _ignore_result( seteuid( 0 ) ) ;
164  /*
165  * zuluCryptAttachLoopDeviceToFileUsingFileDescriptor() is defined in ./create_loop_device.c
166  */
167  xt = zuluCryptAttachLoopDeviceToFileUsingFileDescriptor( *fd_path,fd_loop,O_RDWR,&st_dev ) ;
168  _ignore_result( seteuid( uid ) ) ;
169  *dev = StringDeleteHandle( &st_dev ) ;
170  }
171  }else{
172  /*
173  * we can not open the file in write mode,continue with read only access
174  */
175  _ignore_result( seteuid( 0 ) ) ;
176  /*
177  * zuluCryptAttachLoopDeviceToFileUsingFileDescriptor() is defined in ./create_loop_device.c
178  */
179  xt = zuluCryptAttachLoopDeviceToFileUsingFileDescriptor( *fd_path,fd_loop,O_RDONLY,&st_dev ) ;
180  _ignore_result( seteuid( uid ) ) ;
181  *dev = StringDeleteHandle( &st_dev ) ;
182  }
183  if( xt != 1 ){
184  st = 100 ;
185  _ignore_result( close( *fd_path ) ) ;
186  *fd_path = -1 ;
187  }else{
188  dev_1 = zuluCryptGetFileNameFromFileDescriptor( *fd_path ) ;
189  if( StringPrefixEqual( dev_1,"/dev/shm/" ) ){
190  st =1 ;
191  _ignore_result( close( *fd_path ) ) ;
192  *fd_path = -1 ;
193  }else{
194  st = 0 ;
195  }
196  StringFree( dev_1 ) ;
197  }
198  }else{
199  if( S_ISBLK( stat_st.st_mode ) ){
200 
201  if( uid == 0 ){
202  /*
203  * we got a block device and we are root,accept it
204  */
205  *dev = zuluCryptGetFileNameFromFileDescriptor( *fd_path ) ;
206  st = 0 ;
207  }else{
208  /*
209  * odd,normal user has access to a block device,allow it only if the
210  * device is in "/dev/" but not in "/dev/shm"
211  */
212  *dev = zuluCryptGetFileNameFromFileDescriptor( *fd_path ) ;
213  if( StringPrefixEqual( *dev,"/dev/shm/" ) ){
214  st = 1 ;
215  }else if( StringPrefixEqual( *dev,"/dev/" ) ){
216  st = 0 ;
217  }
218  }
219 
220  }else if( S_ISDIR( stat_st.st_mode ) ){
221 
222  st = 2 ;
223  }else{
224  /*
225  * whatever it is,it cant be good,reject it
226  */
227  st = 100 ;
228  }
229  _ignore_result( close( *fd_path ) ) ;
230  *fd_path = -1 ;
231  }
232  }else{
233  /*
234  * failed to open above with users privileges,try to open the device with root's privileges.
235  * We should only accept block devices in "/dev/" but not in "/dev/shm".
236  */
237  _ignore_result( seteuid( 0 ) ) ;
238 
239  *fd_path = open( file,O_RDONLY ) ;
240 
241  if( *fd_path != -1 ){
242 
243  fstat( *fd_path,&stat_st ) ;
244  /*
245  * zuluCryptGetFileNameFromFileDescriptor() is defined in ./create_loop_device.c
246  */
247  *dev = zuluCryptGetFileNameFromFileDescriptor( *fd_path ) ;
248 
249  if( S_ISBLK( stat_st.st_mode ) ){
250 
251  if( StringPrefixEqual( *dev,"/dev/shm/" ) ){
252  /*
253  * we do not support this path
254  */
255  st = 1 ;
256 
257  }else if( StringPrefixEqual( *dev,"/dev/" ) ){
258  /*
259  * got a block device,accept it
260  */
261  st = 0 ;
262  }else{
263  /*
264  * reject others
265  */
266  st = 100 ;
267  }
268  }else{
269  /*
270  * whatever it is,it cant be good,reject it
271  */
272  st = 100 ;
273  }
274  /*
275  * We are closing the file because we dont need to hold on to it as paths in "/dev/" can not be moved under us by
276  * normal users.
277  */
278  _ignore_result( close( *fd_path ) ) ;
279  *fd_path = -1 ;
280  }else{
281  /*
282  * invalid path or something i dont know,reject
283  */
284  st = 100 ;
285  }
286 
287  _ignore_result( seteuid( uid ) ) ;
288  }
289 
290  return _check_if_device_is_supported( st,uid,dev ) ;
291 }
zuluCryptDeleteFile
void zuluCryptDeleteFile(const char *file)
Definition: file_path_security.c:57
StringHasAtLeastOneComponent
int StringHasAtLeastOneComponent(string_t st,...)
Definition: String.c:1552
StringDeleteHandle
char * StringDeleteHandle(string_t *xt)
Definition: String.c:233
StringInherit
string_t StringInherit(char **data)
Definition: String.c:391
StringContent
static const __inline__ char * StringContent(string_t st)
Definition: String.h:1011
StringType
Definition: String.c:49
zuluCryptGetFileNameFromFileDescriptor
char * zuluCryptGetFileNameFromFileDescriptor(int fd)
Definition: create_loop_device.c:259
StringFree_1
static __inline__ void StringFree_1(const void *str)
Definition: String.h:836
_ignore_result
#define _ignore_result(x)
Definition: file_path_security.c:31
zuluCryptDeleteFile_1
void zuluCryptDeleteFile_1(string_t st)
Definition: file_path_security.c:83
includes.h
zuluCryptGetFileSystemFromDevice
string_t zuluCryptGetFileSystemFromDevice(const char *device)
Definition: blkid_evaluate_tag.c:137
StringDelete
void StringDelete(string_t *st)
Definition: String.c:162
zuluCryptAttachLoopDeviceToFileUsingFileDescriptor
int zuluCryptAttachLoopDeviceToFileUsingFileDescriptor(int fd_path, int *fd_loop, int mode, string_t *loop_device)
Definition: create_loop_device.c:460
_check_if_device_is_supported
static int _check_if_device_is_supported(int st, uid_t uid, char **dev)
Definition: file_path_security.c:88
zuluCryptGetDeviceFileProperties
int zuluCryptGetDeviceFileProperties(const char *file, int *fd_path, int *fd_loop, char **dev, uid_t uid)
Definition: file_path_security.c:116
StringPrefixEqual
static __inline__ int StringPrefixEqual(const char *x, const char *y)
Definition: String.h:905
StringFree
static __inline__ void StringFree(const void *str)
Definition: String.h:823
zuluCryptSecureOpenFile
int zuluCryptSecureOpenFile(const char *path, int *fd, string_t *file, uid_t uid)
Definition: file_path_security.c:33
StringVoid
#define StringVoid
Definition: String.h:47