zuluCrypt  5.7.1
About: zuluCrypt is a simple but feature rich solution for hard drives encryption. It can manage PLAIN dm-crypt, LUKS, TrueCrypt and VeraCrypt encrypted volumes.
  Fossies Dox: zuluCrypt-5.7.1.tar.xz  ("unofficial" and yet experimental doxygen-generated source code documentation)  

path_access.c
Go to the documentation of this file.
1 /*
2  *
3  * Copyright (c) 2013-2015
4  * name : Francis Banyikwa
5  * email: mhogomchungu@gmail.com
6  * This program is free software: you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License as published by
8  * the Free Software Foundation, either version 2 of the License, or
9  * (at your option) any later version.
10  *
11  * This program is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14  * GNU General Public License for more details.
15  *
16  * You should have received a copy of the GNU General Public License
17  * along with this program. If not, see <http://www.gnu.org/licenses/>.
18  */
19 
20 #include <sys/stat.h>
21 #include <fcntl.h>
22 #include "../constants.h"
23 #include "../lib/includes.h"
24 #include "includes.h"
25 #include <errno.h>
26 #include <unistd.h>
27 
28 static int has_device_access( const char * path,int c )
29 {
30  int f ;
31 
32  if( c == ZULUCRYPTread ){
33 
34  f = open( path,O_RDONLY ) ;
35  }else{
36  f = open( path,O_WRONLY ) ;
37  }
38 
39  if( f == -1 ){
40 
41  switch( errno ){
42 
43  case EACCES : return 1 ; /* permission denied */
44  case ENOENT : return 2 ; /* invalid path*/
45  default : return 4 ; /* common error */
46  }
47  }else{
48  close( f ) ;
49  return 0 ;
50  }
51 }
52 
53 /*
54  * 1-permissions denied
55  * 2-invalid path
56  * 3-shenanigans
57  * 4-common error
58  */
59 static int path_is_accessible( const char * path,uid_t uid,int action )
60 {
61  int st ;
62  char * e ;
63 
64  if( uid ){;}
65 
66  if( StringPrefixEqual( path,"/dev/shm/" ) ){
67 
68  return 4 ;
69  }
70  if( StringPrefixEqual( path,"/dev/" ) ){
71 
72  if( StringPrefixEqual( path,"/dev/loop" ) ){
73 
74  /*
75  * zuluCryptLoopDeviceAddress_1() is defined in ../zuluCrypt-cli/create_loop_device.c
76  */
78 
79  if( e != NULL ){
80 
81  st = has_device_access( e,action ) ;
82  StringFree( e ) ;
83  }else{
84  return 4 ;
85  }
86  }else{
88  st = has_device_access( path,action ) ;
90  }
91  return st ;
92  }else{
94  return has_device_access( path,action ) ;
95  }
96 }
97 
98 int zuluCryptCanOpenPathForReading( const char * path,uid_t uid )
99 {
100  return path_is_accessible( path,uid,ZULUCRYPTread ) ;
101 }
102 
103 int zuluCryptCanOpenPathForWriting( const char * path,uid_t uid )
104 {
105  return path_is_accessible( path,uid,ZULUCRYPTwrite ) ;
106 }
107 
108 void zuluCryptPrepareSocketPath( uid_t uid )
109 {
110  if( uid ){}
111 }
112 
113 /*
114  * return values:
115  * 5 - couldnt get key from the socket
116  * 4 -permission denied
117  * 1 invalid path
118  * 2 insufficient memory to open file
119  * 0 success
120  */
121 int zuluCryptGetPassFromFile( int * socket_path,const char * path,uid_t uid,string_t * st )
122 {
124  const char * z = StringContent( p ) ;
125  size_t s = StringLength( p ) ;
126  int m = StringPrefixMatch( path,z,s ) ;
127 
128  StringDelete( &p ) ;
129 
130  if( socket_path ){
131 
132  *socket_path = m ;
133  }
134 
135  if( m ){
136  /*
137  * zuluCryptPrepareSocketPath() is defined in path_access.c
138  */
140 
142 
143  /*
144  * path that starts with $/tmp/zuluCrypt-$UID is treated not as a path to key file but as path
145  * to a local socket to get a passphrase
146  */
147  /*
148  * zuluCryptGetKeyFromSocket() is defined in ../pluginManager/zuluCryptPluginManager.c
149  */
150  zuluCryptGetKeyFromSocket( path,st,uid ) ;
151 
152  return 0 ;
153  }else{
154 
156 
157  /*
158  * 8192000 bytes is the default cryptsetup maximum keyfile size
159  */
160  m = StringGetFromFileMemoryLocked( st,path,0,8192000 ) ;
161 
162  switch( m ){
163 
164  case 0 : return 0 ;
165  case 1 : return 4 ;
166  case 2 : return 2 ;
167  }
168  /*
169  * not supposed to get here
170  */
171  return -1 ;
172  }
173 }
174 
175 char * zuluCryptEvaluateDeviceTags( const char * tag,const char * path )
176 {
177  char * r ;
178 
180 
181  /*
182  * zuluCryptDeviceFromUUID() is defined in ../lib/blkid_evaluate_tag.c
183  * zuluCryptDeviceFromLabel() is defined in ../lib/blkid_evaluate_tag.c
184  */
185  if( StringsAreEqual( tag,"UUID" ) ){
186 
187  r = zuluCryptDeviceFromUUID( path ) ;
188  }else{
189  r = zuluCryptDeviceFromLabel( path ) ;
190  }
191 
193 
194  return r ;
195 }
196 
197 char * zuluCryptUUIDFromPath( const char * device )
198 {
199  char * c ;
200 
202 
203  /*
204  * zuluCryptUUIDFromPath_1() is defined in ../lib/blkid_evaluate_tag.c
205  */
206  c = zuluCryptUUIDFromPath_1( device ) ;
207 
209  return c ;
210 }
zuluCryptCanOpenPathForReading
int zuluCryptCanOpenPathForReading(const char *path, uid_t uid)
Definition: path_access.c:98
zuluCryptDeviceFromUUID
char * zuluCryptDeviceFromUUID(const char *uuid)
Definition: blkid_evaluate_tag.c:42
zuluCryptGetPassFromFile
int zuluCryptGetPassFromFile(int *socket_path, const char *path, uid_t uid, string_t *st)
Definition: path_access.c:121
StringLength
size_t StringLength(string_t st)
Definition: String.c:678
zuluCryptDeviceFromLabel
char * zuluCryptDeviceFromLabel(const char *label)
Definition: blkid_evaluate_tag.c:47
zuluCryptEvaluateDeviceTags
char * zuluCryptEvaluateDeviceTags(const char *tag, const char *path)
Definition: path_access.c:175
zuluCryptLoopDeviceAddress_1
char * zuluCryptLoopDeviceAddress_1(const char *device)
Definition: create_loop_device.c:140
zuluCryptCanOpenPathForWriting
int zuluCryptCanOpenPathForWriting(const char *path, uid_t uid)
Definition: path_access.c:103
has_device_access
static int has_device_access(const char *path, int c)
Definition: path_access.c:28
StringsAreEqual
#define StringsAreEqual(x, y)
Definition: zuluSafe.c:46
zuluCryptUUIDFromPath_1
char * zuluCryptUUIDFromPath_1(const char *device)
Definition: blkid_evaluate_tag.c:62
zuluCryptRunTimePath
const char * zuluCryptRunTimePath()
Definition: security.c:49
StringContent
static const __inline__ char * StringContent(string_t st)
Definition: String.h:1011
StringType
Definition: String.c:49
zuluCryptSecurityDropElevatedPrivileges
int zuluCryptSecurityDropElevatedPrivileges(void)
Definition: security.c:109
String
string_t String(const char *cstring)
Definition: String.c:318
StringPrefixMatch
static __inline__ int StringPrefixMatch(const char *x, const char *y, size_t z)
Definition: String.h:878
zuluCryptUUIDFromPath
char * zuluCryptUUIDFromPath(const char *device)
Definition: path_access.c:197
zuluCryptSecurityGainElevatedPrivileges
int zuluCryptSecurityGainElevatedPrivileges(void)
Definition: security.c:64
e
static QString e
Definition: about.cpp:31
StringDelete
void StringDelete(string_t *st)
Definition: String.c:162
zuluCryptGetKeyFromSocket
void zuluCryptGetKeyFromSocket(const char *path, string_t *, uid_t uid)
Definition: zuluCryptPluginManager.c:74
StringGetFromFileMemoryLocked
int StringGetFromFileMemoryLocked(string_t *str, const char *path, size_t offset, ssize_t length)
Definition: String.c:1921
ZULUCRYPTwrite
#define ZULUCRYPTwrite
Definition: constants.h:39
includes.h
ZULUCRYPTread
#define ZULUCRYPTread
Definition: constants.h:38
zuluCryptPrepareSocketPath
void zuluCryptPrepareSocketPath(uid_t uid)
Definition: path_access.c:108
path_is_accessible
static int path_is_accessible(const char *path, uid_t uid, int action)
Definition: path_access.c:59
StringPrefixEqual
static __inline__ int StringPrefixEqual(const char *x, const char *y)
Definition: String.h:905
StringFree
static __inline__ void StringFree(const void *str)
Definition: String.h:823