mirror of
https://github.com/veracrypt/VeraCrypt.git
synced 2025-11-11 11:08:02 -06:00
Linux/FreeBSD: Use of 'sudo -n uptime' command to check whether user has an active 'sudo' session instead of the use of a 'dummy' password. (#513)
Signed-off-by: El Mostafa IDRASSI <el-mostafa.idrassi@prestalab.net>
This commit is contained in:
El Mostafa Idrassi
committed by
Mounir IDRASSI
Mounir IDRASSI
parent
15a8cde6f5
commit
9463a628a6
@@ -288,6 +288,41 @@ namespace VeraCrypt
|
|||||||
request.FastElevation = !ElevatedServiceAvailable;
|
request.FastElevation = !ElevatedServiceAvailable;
|
||||||
request.ApplicationExecutablePath = Core->GetApplicationExecutablePath();
|
request.ApplicationExecutablePath = Core->GetApplicationExecutablePath();
|
||||||
|
|
||||||
|
// Test if the user has an active "sudo" session.
|
||||||
|
// This is only done under Linux / FreeBSD by executing the command 'sudo -n uptime'.
|
||||||
|
// In case a "sudo" session is active, the result of the command contains the string 'load average'.
|
||||||
|
// Otherwise, the result contains "sudo: a password is required".
|
||||||
|
// This may not work on all OSX versions because of a bug in sudo in its version 1.7.10,
|
||||||
|
// therefore we keep the old behaviour of sending a 'dummy' password under OSX.
|
||||||
|
// See : https://superuser.com/questions/902826/why-does-sudo-n-on-mac-os-x-always-return-0
|
||||||
|
|
||||||
|
#if defined(TC_LINUX ) || defined (TC_FREEBSD)
|
||||||
|
|
||||||
|
// Set to false to force the 'WarningEvent' to be raised in case of and elevation exception.
|
||||||
|
request.FastElevation = false;
|
||||||
|
|
||||||
|
std::vector<char> buffer(128, 0);
|
||||||
|
std::string result;
|
||||||
|
|
||||||
|
FILE* pipe = popen("sudo -n uptime 2>&1 | grep 'load average' | wc -l", "r"); // We redirect stderr to stdout (2>&1) to be able to catch the result of the command
|
||||||
|
if (pipe)
|
||||||
|
{
|
||||||
|
while (!feof(pipe))
|
||||||
|
{
|
||||||
|
if (fgets(buffer.data(), 128, pipe) != nullptr)
|
||||||
|
result += buffer.data();
|
||||||
|
}
|
||||||
|
|
||||||
|
fflush(pipe);
|
||||||
|
pclose(pipe);
|
||||||
|
pipe = NULL;
|
||||||
|
|
||||||
|
if (!result.empty() && strlen(result.c_str()) != 0 && !memcmp(result.c_str(), "0", 1))
|
||||||
|
{
|
||||||
|
(*AdminPasswordCallback) (request.AdminPassword);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#endif
|
||||||
while (!ElevatedServiceAvailable)
|
while (!ElevatedServiceAvailable)
|
||||||
{
|
{
|
||||||
try
|
try
|
||||||
@@ -396,6 +431,7 @@ namespace VeraCrypt
|
|||||||
vector <char> adminPassword (request.AdminPassword.size() + 1);
|
vector <char> adminPassword (request.AdminPassword.size() + 1);
|
||||||
int timeout = 6000;
|
int timeout = 6000;
|
||||||
|
|
||||||
|
// 'request.FastElevation' is always false under Linux / FreeBSD
|
||||||
if (request.FastElevation)
|
if (request.FastElevation)
|
||||||
{
|
{
|
||||||
string dummyPassword = "dummy\n";
|
string dummyPassword = "dummy\n";
|
||||||
@@ -457,6 +493,7 @@ namespace VeraCrypt
|
|||||||
outPipe->Close();
|
outPipe->Close();
|
||||||
errPipe.Close();
|
errPipe.Close();
|
||||||
|
|
||||||
|
// 'request.FastElevation' is always false under Linux / FreeBSD
|
||||||
if (request.FastElevation)
|
if (request.FastElevation)
|
||||||
{
|
{
|
||||||
// Prevent defunct process
|
// Prevent defunct process
|
||||||
|
|||||||
Reference in New Issue
Block a user