Linux/FreeBSD: Add CLI switch to force use of old sudo behavior of sending a dummy password

The new switch is --use-dummy-sudo-password
2025-11-11 19:08:26 -06:00 · 2019-11-04 00:06:16 +01:00
parent 54c7e1cfd3
commit ce78f89017
6 changed files with 53 additions and 24 deletions
--- a/src/Core/CoreBase.cpp
+++ b/src/Core/CoreBase.cpp
@@ -20,6 +20,9 @@ namespace VeraCrypt
 {
 	CoreBase::CoreBase ()
 		: DeviceChangeInProgress (false)
+#if defined(TC_LINUX ) || defined (TC_FREEBSD)
+		, UseDummySudoPassword (false)
+#endif
 	{
 	}

--- a/src/Core/CoreBase.h
+++ b/src/Core/CoreBase.h
@@ -77,6 +77,10 @@ namespace VeraCrypt
 		virtual void SetFileOwner (const FilesystemPath &path, const UserId &owner) const = 0;
 		virtual DirectoryPath SlotNumberToMountPoint (VolumeSlotNumber slotNumber) const = 0;
 		virtual void WipePasswordCache () const = 0;
+#if defined(TC_LINUX ) || defined (TC_FREEBSD)
+		virtual void ForceUseDummySudoPassword (bool useDummySudoPassword) { UseDummySudoPassword = useDummySudoPassword;}
+		virtual bool GetUseDummySudoPassword () const { return UseDummySudoPassword;}
+#endif

 		Event VolumeDismountedEvent;
 		Event VolumeMountedEvent;
@@ -87,6 +91,9 @@ namespace VeraCrypt

 		bool DeviceChangeInProgress;
 		FilePath ApplicationExecutablePath;
+#if defined(TC_LINUX ) || defined (TC_FREEBSD)
+		bool UseDummySudoPassword;
+#endif

 	private:
 		CoreBase (const CoreBase &);
--- a/src/Core/Unix/CoreService.cpp
+++ b/src/Core/Unix/CoreService.cpp
@@ -300,39 +300,43 @@ namespace VeraCrypt
 				//	See : https://superuser.com/questions/902826/why-does-sudo-n-on-mac-os-x-always-return-0
 				//
 				//	If for some reason we are getting empty output from pipe, we revert to old behavior
+				//	We also use the old way if the user is forcing the use of dummy password for sudo
 				
 #if defined(TC_LINUX ) || defined (TC_FREEBSD)
 				
-				std::vector<char> buffer(128, 0);
-				std::string result;
-				bool authCheckDone = false;
-				
-				FILE* pipe = popen("sudo -n uptime 2>&1 | grep 'load average' | wc -l", "r");	//	We redirect stderr to stdout (2>&1) to be able to catch the result of the command
-				if (pipe)
+				if (!Core->GetUseDummySudoPassword ())
 				{
-					while (!feof(pipe))
+					std::vector<char> buffer(128, 0);
+					std::string result;
+					bool authCheckDone = false;
+					
+					FILE* pipe = popen("sudo -n uptime 2>&1 | grep 'load average' | wc -l", "r");	//	We redirect stderr to stdout (2>&1) to be able to catch the result of the command
+					if (pipe)
 					{
-						if (fgets(buffer.data(), 128, pipe) != nullptr)
-							result += buffer.data();
+						while (!feof(pipe))
+						{
+							if (fgets(buffer.data(), 128, pipe) != nullptr)
+								result += buffer.data();
+						}
+						
+						fflush(pipe);
+						pclose(pipe);
+						pipe = NULL;
+						
+						if (!result.empty() && strlen(result.c_str()) != 0)
+						{
+							authCheckDone = true;
+							if (result[0] == '0') // no line found with "load average" text, rerquest admin password
+								(*AdminPasswordCallback) (request.AdminPassword);
+						}
 					}
 					
-					fflush(pipe);
-					pclose(pipe);
-					pipe = NULL;
-					
-					if (!result.empty() && strlen(result.c_str()) != 0)
+					if (authCheckDone)
 					{
-						authCheckDone = true;
-						if (result[0] == '0') // no line found with "load average" text, rerquest admin password
-							(*AdminPasswordCallback) (request.AdminPassword);
+						//	Set to false to force the 'WarningEvent' to be raised in case of and elevation exception.
+						request.FastElevation = false;
 					}
 				}
-				
-				if (authCheckDone)
-				{
-					//	Set to false to force the 'WarningEvent' to be raised in case of and elevation exception.
-					request.FastElevation = false;
-				}
 #endif				
 				try
 				{