zuluCrypt  5.7.1
About: zuluCrypt is a simple but feature rich solution for hard drives encryption. It can manage PLAIN dm-crypt, LUKS, TrueCrypt and VeraCrypt encrypted volumes.
  Fossies Dox: zuluCrypt-5.7.1.tar.xz  ("unofficial" and yet experimental doxygen-generated source code documentation)  

security.c
Go to the documentation of this file.
1 /*
2  *
3  * Copyright (c) 2012-2015
4  * name : Francis Banyikwa
5  * email: mhogomchungu@gmail.com
6  * This program is free software: you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License as published by
8  * the Free Software Foundation, either version 2 of the License, or
9  * (at your option) any later version.
10  *
11  * This program is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14  * GNU General Public License for more details.
15  *
16  * You should have received a copy of the GNU General Public License
17  * along with this program. If not, see <http://www.gnu.org/licenses/>.
18  */
19 
20 #include "includes.h"
21 #include "../lib/includes.h"
22 #include <errno.h>
23 #include <unistd.h>
24 #include <grp.h>
25 #include "../constants.h"
26 #include <sys/types.h>
27 #include <pwd.h>
28 #include <sys/mman.h>
29 #include <sys/stat.h>
30 #include <fcntl.h>
31 #include <stdio.h>
32 
33 /*
34  * This source file makes sure the user who started the tool( usually non root user ) has permission
35  * to perform operations they want on paths they presented.
36  *
37  * This feature allows tradition unix permissions to be set on a paths to control non user access to volumes
38  */
39 
40 /*
41  * zuluCryptUserIsAMemberOfAGroup() was moved to ../lib/mount_fs_options.c
42  */
43 
44 #define ZULUDEBUG 0
45 
46 static uid_t _original_UID ;
47 static const char * _run_time_path ;
48 
49 const char * zuluCryptRunTimePath()
50 {
51  return _run_time_path ;
52 }
53 
55 {
56  _original_UID = s ;
57 }
58 
60 {
61  return _original_UID != 0 ;
62 }
63 
65 {
66  /*
67  * printf( "GAINING:uid=%d:euid=%d\n",getuid(),geteuid() ) ;
68  */
69  if( seteuid( 0 ) == 0 ){
70 
71  return 1 ;
72  }else{
74 
75  zuluCryptSecurityPrivilegeElevationError( "WARNING: failed to seteuid root" ) ;
76  }
77  }
78  return 0 ;
79 }
80 
81 int zuluCryptSecurityConvertUID( uid_t uid,const char * u_id )
82 {
83  if( u_id != NULL ){
84 
85  if( uid == 0 ){
86 
87  return StringConvertToInt( u_id ) ;
88  }else{
89  return -1 ;
90  }
91  }else{
92  return uid ;
93  }
94 }
95 
98 {
100 }
101 
102 void ( *zuluCryptSecurityPrivilegeElevationError )( const char * ) = NULL ;
103 
104 void zuluCryptSecuritySetPrivilegeElevationErrorFunction( void ( *f ) ( const char * ) )
105 {
107 }
108 
110 {
111  /*
112  printf( "DROPPING:uid=%d:euid=%d\n",getuid(),geteuid() ) ;
113  */
114  if( seteuid( global_variable_user_uid ) != 0 ){
115 
117 
118  zuluCryptSecurityPrivilegeElevationError( "ERROR: seteuid() failed" ) ;
119  }
120  }
121  return 1 ;
122 }
123 
125 {
126  extern char ** environ ;
127  const char ** env = ( const char ** ) environ ;
128  ssize_t index ;
129 
130  string_t xt ;
131 
133 
134  string_t st ;
135 
136  StringListIterator it ;
137  StringListIterator end ;
138 
139  /*
140  * First,we make a copy of the enviromental varibales
141  * Second,we clear the enviromental variable because we dont want it
142  * Third,we return a copy of the enviromental variable because we want to pass it along
143  * the plugins
144  */
145  while( *env ){
146 
147  stl = StringListAppend( stl,*env ) ;
148  env++ ;
149  }
150 
151  StringListGetIterators( stl,&it,&end ) ;
152 
153  while( it != end ){
154 
155  st = *it ;
156 
157  it++ ;
158 
159  index = StringIndexOfChar( st,0,'=' ) ;
160 
161  if( index >= 0 ){
162 
163  unsetenv( StringSubChar( st,index,'\0' ) ) ;
164  StringSubChar( st,index,'=' ) ;
165  }
166  }
167 
168  xt = String( "/tmp/zuluCrypt-" ) ;
169 
170  StringAppendInt( xt,uid ) ;
171 
172  StringListAppendString_1( &stl,&xt ) ;
173 
175 
176  *stx = stl ;
177 }
178 
179 int zuluCryptSecurityUserOwnTheFile( const char * device,uid_t uid )
180 {
181  if( device && uid ){ ; }
182  return 0 ;
183 }
184 
186 {
187  if( st != StringVoid ){
188 
189  mlock( StringContent( st ),StringLength( st ) ) ;
190  }
191 }
192 
194 {
195  void * e ;
196  size_t f ;
197 
198  if( st != StringVoid ){
199 
200  e = ( void * )StringContent( st ) ;
201 
202  f = StringLength( st ) ;
203 
204  memset( e,'\0',f ) ;
205 
206  munlock( e,f ) ;
207  }
208 }
209 
211 {
212  StringListIterator it ;
213  StringListIterator end ;
214 
215  string_t st ;
216 
217  StringListGetIterators( stl,&it,&end ) ;
218 
219  while( it != end ){
220 
221  st = *it ;
222 
223  it++ ;
224 
225  mlock( StringContent( st ),StringLength( st ) ) ;
226  }
227 }
228 
230 {
231  StringListIterator it ;
232  StringListIterator end ;
233 
234  string_t st ;
235 
236  void * e ;
237  size_t f ;
238 
239  StringListGetIterators( stl,&it,&end ) ;
240 
241  while( it != end ){
242 
243  st = *it ;
244 
245  it++ ;
246 
247  if( st != StringVoid ){
248 
249  e = ( void * )StringContent( st ) ;
250 
251  f = StringLength( st ) ;
252 
253  memset( e,'\0',f ) ;
254 
255  munlock( e,f ) ;
256  }
257  }
258 }
259 
261 {
262  puts( "----------------------" ) ;
263  printf( "uid:%d\neuid:%d\n",(int)getuid(),(int)geteuid() ) ;
264  puts( "----------------------" ) ;
265 }
StringListVoid
#define StringListVoid
Definition: StringList.h:41
StringAppendInt
const char * StringAppendInt(string_t st, u_int64_t z)
Definition: String.c:1410
StringSubChar
const char * StringSubChar(string_t st, size_t x, char s)
Definition: String.c:881
zuluCryptSecurityPrivilegeElevationError
void(* zuluCryptSecurityPrivilegeElevationError)(const char *)
Definition: security.c:102
StringLength
size_t StringLength(string_t st)
Definition: String.c:678
zuluCryptSecurityPrintPermissions
void zuluCryptSecurityPrintPermissions(void)
Definition: security.c:260
StringListAppendString_1
void StringListAppendString_1(stringList_t *stl, string_t *st)
Definition: StringList.c:659
zuluCryptSecurityGainElevatedPrivileges
int zuluCryptSecurityGainElevatedPrivileges(void)
Definition: security.c:64
StringListGetIterators
void StringListGetIterators(stringList_t stl, StringListIterator *begin, StringListIterator *end)
Definition: StringList.c:210
_run_time_path
static const char * _run_time_path
Definition: security.c:47
zuluCryptSecurityUserOwnTheFile
int zuluCryptSecurityUserOwnTheFile(const char *device, uid_t uid)
Definition: security.c:179
StringListContentAtLast
const char * StringListContentAtLast(stringList_t stl)
Definition: StringList.c:527
zuluCryptSecurityConvertUID
int zuluCryptSecurityConvertUID(uid_t uid, const char *u_id)
Definition: security.c:81
zuluCryptRunTimePath
const char * zuluCryptRunTimePath()
Definition: security.c:49
StringContent
static const __inline__ char * StringContent(string_t st)
Definition: String.h:1011
StringType
Definition: String.c:49
zuluCryptExeOriginalUserIsNotRoot
int zuluCryptExeOriginalUserIsNotRoot()
Definition: security.c:59
zuluCryptSecurityUnlockMemory_1
void zuluCryptSecurityUnlockMemory_1(string_t st)
Definition: security.c:193
zuluCryptSecurityDropElevatedPrivileges
int zuluCryptSecurityDropElevatedPrivileges(void)
Definition: security.c:109
String
string_t String(const char *cstring)
Definition: String.c:318
zuluCryptSecurityUnlockMemory
void zuluCryptSecurityUnlockMemory(stringList_t stl)
Definition: security.c:229
zuluCryptSetUserUIDForPrivilegeManagement
void zuluCryptSetUserUIDForPrivilegeManagement(uid_t uid)
Definition: security.c:97
StringIndexOfChar
ssize_t StringIndexOfChar(string_t st, size_t p, char s)
Definition: String.c:548
zuluCryptSecuritySanitizeTheEnvironment
void zuluCryptSecuritySanitizeTheEnvironment(uid_t uid, stringList_t *stx)
Definition: security.c:124
StringListType
Definition: StringList.c:33
e
static QString e
Definition: about.cpp:31
zuluCryptExeSetOriginalUID
void zuluCryptExeSetOriginalUID(uid_t s)
Definition: security.c:54
zuluCryptSecurityLockMemory
void zuluCryptSecurityLockMemory(stringList_t stl)
Definition: security.c:210
zuluCryptSecurityLockMemory_1
void zuluCryptSecurityLockMemory_1(string_t st)
Definition: security.c:185
zuluCryptSecuritySetPrivilegeElevationErrorFunction
void zuluCryptSecuritySetPrivilegeElevationErrorFunction(void(*f)(const char *))
Definition: security.c:104
_original_UID
static uid_t _original_UID
Definition: security.c:46
StringConvertToInt
u_int64_t StringConvertToInt(const char *s)
Definition: String.c:1416
StringListAppend
stringList_t StringListAppend(stringList_t stl, const char *cstring)
Definition: StringList.c:763
includes.h
global_variable_user_uid
uid_t global_variable_user_uid
Definition: security.c:96
StringVoid
#define StringVoid
Definition: String.h:47