"Fossies" - the Fresh Open Source Software Archive

Member "zuluCrypt-5.7.0/zuluCrypt-cli/bin/path_access.c" (12 Sep 2019, 4617 Bytes) of package /linux/misc/zuluCrypt-5.7.0.tar.xz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "path_access.c" see the Fossies "Dox" file reference documentation and the last Fossies "Diffs" side-by-side code changes report: 5.4.0_vs_5.5.0.

    1 /*
    2  *
    3  *  Copyright (c) 2013-2015
    4  *  name : Francis Banyikwa
    5  *  email: mhogomchungu@gmail.com
    6  *  This program is free software: you can redistribute it and/or modify
    7  *  it under the terms of the GNU General Public License as published by
    8  *  the Free Software Foundation, either version 2 of the License, or
    9  *  (at your option) any later version.
   10  *
   11  *  This program is distributed in the hope that it will be useful,
   12  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
   13  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   14  *  GNU General Public License for more details.
   15  *
   16  *  You should have received a copy of the GNU General Public License
   17  *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
   18  */
   19 
   20 #include <sys/stat.h>
   21 #include <fcntl.h>
   22 #include "../constants.h"
   23 #include "../lib/includes.h"
   24 #include "includes.h"
   25 #include <errno.h>
   26 #include <unistd.h>
   27 
   28 static int has_device_access( const char * path,int c )
   29 {
   30     int f ;
   31 
   32     if( c == ZULUCRYPTread ){
   33 
   34         f = open( path,O_RDONLY ) ;
   35     }else{
   36         f = open( path,O_WRONLY ) ;
   37     }
   38 
   39     if( f == -1 ){
   40 
   41         switch( errno ){
   42 
   43             case EACCES : return 1 ; /* permission denied */
   44             case ENOENT : return 2 ; /* invalid path*/
   45             default     : return 4 ; /* common error */
   46         }
   47     }else{
   48         close( f ) ;
   49         return 0 ;
   50     }
   51 }
   52 
   53 /*
   54  * 1-permissions denied
   55  * 2-invalid path
   56  * 3-shenanigans
   57  * 4-common error
   58  */
   59 static int path_is_accessible( const char * path,uid_t uid,int action )
   60 {
   61     int st ;
   62     char * e ;
   63 
   64     if( uid ){;}
   65 
   66     if( StringPrefixEqual( path,"/dev/shm/" ) ){
   67 
   68         return 4 ;
   69     }
   70     if( StringPrefixEqual( path,"/dev/" ) ){
   71 
   72         if( StringPrefixEqual( path,"/dev/loop" ) ){
   73 
   74             /*
   75              * zuluCryptLoopDeviceAddress_1() is defined in ../zuluCrypt-cli/create_loop_device.c
   76              */
   77             e = zuluCryptLoopDeviceAddress_1( path ) ;
   78 
   79             if( e != NULL ){
   80 
   81                 st = has_device_access( e,action ) ;
   82                 StringFree( e ) ;
   83             }else{
   84                 return 4 ;
   85             }
   86         }else{
   87             zuluCryptSecurityGainElevatedPrivileges() ;
   88             st = has_device_access( path,action ) ;
   89             zuluCryptSecurityDropElevatedPrivileges() ;
   90         }
   91         return st ;
   92     }else{
   93         zuluCryptSecurityDropElevatedPrivileges() ;
   94         return has_device_access( path,action ) ;
   95     }
   96 }
   97 
   98 int zuluCryptCanOpenPathForReading( const char * path,uid_t uid )
   99 {
  100     return path_is_accessible( path,uid,ZULUCRYPTread ) ;
  101 }
  102 
  103 int zuluCryptCanOpenPathForWriting( const char * path,uid_t uid )
  104 {
  105     return path_is_accessible( path,uid,ZULUCRYPTwrite ) ;
  106 }
  107 
  108 void zuluCryptPrepareSocketPath( uid_t uid )
  109 {
  110     if( uid ){}
  111 }
  112 
  113 /*
  114  *  return values:
  115  *  5 - couldnt get key from the socket
  116  *  4 -permission denied
  117  *  1  invalid path
  118  *  2  insufficient memory to open file
  119  *  0  success
  120  */
  121 int zuluCryptGetPassFromFile( int * socket_path,const char * path,uid_t uid,string_t * st )
  122 {
  123     string_t p     = String( zuluCryptRunTimePath() ) ;
  124     const char * z = StringContent( p ) ;
  125     size_t s       = StringLength( p ) ;
  126     int m          = StringPrefixMatch( path,z,s ) ;
  127 
  128     StringDelete( &p ) ;
  129 
  130     if( socket_path ){
  131 
  132         *socket_path = m ;
  133     }
  134 
  135     if( m ){
  136         /*
  137          * zuluCryptPrepareSocketPath() is defined in path_access.c
  138          */
  139         zuluCryptPrepareSocketPath( uid ) ;
  140 
  141         zuluCryptSecurityDropElevatedPrivileges() ;
  142 
  143         /*
  144          * path that starts with $/tmp/zuluCrypt-$UID is treated not as a path to key file but as path
  145          * to a local socket to get a passphrase
  146          */
  147         /*
  148          * zuluCryptGetKeyFromSocket() is defined in ../pluginManager/zuluCryptPluginManager.c
  149          */
  150         zuluCryptGetKeyFromSocket( path,st,uid ) ;
  151 
  152         return 0 ;
  153     }else{
  154 
  155         zuluCryptSecurityDropElevatedPrivileges() ;
  156 
  157         /*
  158          * 8192000 bytes is the default cryptsetup maximum keyfile size
  159          */
  160         m = StringGetFromFileMemoryLocked( st,path,0,8192000 ) ;
  161 
  162         switch( m ){
  163 
  164             case 0 : return 0 ;
  165             case 1 : return 4 ;
  166             case 2 : return 2 ;
  167         }
  168         /*
  169          * not supposed to get here
  170          */
  171         return -1 ;
  172     }
  173 }
  174 
  175 char * zuluCryptEvaluateDeviceTags( const char * tag,const char * path )
  176 {
  177     char * r ;
  178 
  179     zuluCryptSecurityGainElevatedPrivileges() ;
  180 
  181     /*
  182      * zuluCryptDeviceFromUUID()  is defined in ../lib/blkid_evaluate_tag.c
  183      * zuluCryptDeviceFromLabel() is defined in ../lib/blkid_evaluate_tag.c
  184      */
  185     if( StringsAreEqual( tag,"UUID" ) ){
  186 
  187         r = zuluCryptDeviceFromUUID( path ) ;
  188     }else{
  189         r = zuluCryptDeviceFromLabel( path ) ;
  190     }
  191 
  192     zuluCryptSecurityDropElevatedPrivileges() ;
  193 
  194     return r ;
  195 }
  196 
  197 char * zuluCryptUUIDFromPath( const char * device )
  198 {
  199     char * c ;
  200 
  201     zuluCryptSecurityGainElevatedPrivileges() ;
  202 
  203     /*
  204      * zuluCryptUUIDFromPath_1() is defined in ../lib/blkid_evaluate_tag.c
  205      */
  206     c = zuluCryptUUIDFromPath_1( device ) ;
  207 
  208     zuluCryptSecurityDropElevatedPrivileges() ;
  209     return c ;
  210 }