Linux/FreeBSD: Add CLI switch to force use of old sudo behavior of sending a dummy password

The new switch is --use-dummy-sudo-password

src/Core/CoreBase.cpp

@@ -20,6 +20,9 @@ namespace VeraCrypt
 {
 	CoreBase::CoreBase ()
 		: DeviceChangeInProgress (false)
+#if defined(TC_LINUX ) || defined (TC_FREEBSD)
+		, UseDummySudoPassword (false)
+#endif
 	{
 	}
 

src/Core/CoreBase.h

@@ -77,6 +77,10 @@ namespace VeraCrypt
 		virtual void SetFileOwner (const FilesystemPath &path, const UserId &owner) const = 0;
 		virtual DirectoryPath SlotNumberToMountPoint (VolumeSlotNumber slotNumber) const = 0;
 		virtual void WipePasswordCache () const = 0;
+#if defined(TC_LINUX ) || defined (TC_FREEBSD)
+		virtual void ForceUseDummySudoPassword (bool useDummySudoPassword) { UseDummySudoPassword = useDummySudoPassword;}
+		virtual bool GetUseDummySudoPassword () const { return UseDummySudoPassword;}
+#endif
 
 		Event VolumeDismountedEvent;
 		Event VolumeMountedEvent;
@@ -87,6 +91,9 @@ namespace VeraCrypt
 
 		bool DeviceChangeInProgress;
 		FilePath ApplicationExecutablePath;
+#if defined(TC_LINUX ) || defined (TC_FREEBSD)
+		bool UseDummySudoPassword;
+#endif
 
 	private:
 		CoreBase (const CoreBase &);

src/Core/Unix/CoreService.cpp

@@ -300,39 +300,43 @@ namespace VeraCrypt
 				//	See : https://superuser.com/questions/902826/why-does-sudo-n-on-mac-os-x-always-return-0
 				//
 				//	If for some reason we are getting empty output from pipe, we revert to old behavior
+				//	We also use the old way if the user is forcing the use of dummy password for sudo
 				
 #if defined(TC_LINUX ) || defined (TC_FREEBSD)
 				
-				std::vector<char> buffer(128, 0);
+				if (!Core->GetUseDummySudoPassword ())
-				std::string result;
-				bool authCheckDone = false;
-				
-				FILE* pipe = popen("sudo -n uptime 2>&1 | grep 'load average' | wc -l", "r");	//	We redirect stderr to stdout (2>&1) to be able to catch the result of the command
-				if (pipe)
 				{
-					while (!feof(pipe))
+					std::vector<char> buffer(128, 0);
+					std::string result;
+					bool authCheckDone = false;
+					
+					FILE* pipe = popen("sudo -n uptime 2>&1 | grep 'load average' | wc -l", "r");	//	We redirect stderr to stdout (2>&1) to be able to catch the result of the command
+					if (pipe)
 					{
-						if (fgets(buffer.data(), 128, pipe) != nullptr)
+						while (!feof(pipe))
-							result += buffer.data();
+						{
+							if (fgets(buffer.data(), 128, pipe) != nullptr)
+								result += buffer.data();
+						}
+						
+						fflush(pipe);
+						pclose(pipe);
+						pipe = NULL;
+						
+						if (!result.empty() && strlen(result.c_str()) != 0)
+						{
+							authCheckDone = true;
+							if (result[0] == '0') // no line found with "load average" text, rerquest admin password
+								(*AdminPasswordCallback) (request.AdminPassword);
+						}
 					}
 					
-					fflush(pipe);
+					if (authCheckDone)
-					pclose(pipe);
-					pipe = NULL;
-					
-					if (!result.empty() && strlen(result.c_str()) != 0)
 					{
-						authCheckDone = true;
+						//	Set to false to force the 'WarningEvent' to be raised in case of and elevation exception.
-						if (result[0] == '0') // no line found with "load average" text, rerquest admin password
+						request.FastElevation = false;
-							(*AdminPasswordCallback) (request.AdminPassword);
 					}
 				}
-				
-				if (authCheckDone)
-				{
-					//	Set to false to force the 'WarningEvent' to be raised in case of and elevation exception.
-					request.FastElevation = false;
-				}
 #endif				
 				try
 				{

src/Main/CommandLineInterface.cpp

@@ -32,6 +32,9 @@ namespace VeraCrypt
 		ArgTrueCryptMode (false),
 		ArgDisableFileSizeCheck (false),
 		ArgUseLegacyPassword (false),
+#if defined(TC_LINUX ) || defined (TC_FREEBSD)
+		ArgUseDummySudoPassword (false),
+#endif
 		StartBackgroundTask (false)
 	{
 		wxCmdLineParser parser;
@@ -100,7 +103,9 @@ namespace VeraCrypt
 		parser.AddParam (								_("Mount point"), wxCMD_LINE_VAL_STRING, wxCMD_LINE_PARAM_OPTIONAL);
 		parser.AddSwitch (L"",	L"no-size-check",		_("Disable check of container size against disk free space."));
 		parser.AddSwitch (L"",	L"legacy-password-maxlength", _("Use legacy maximum password length (64 UTF-8 bytes)"));
-
+#if defined(TC_LINUX ) || defined (TC_FREEBSD)
+		parser.AddSwitch (L"",	L"use-dummy-sudo-password",	_("Use dummy password in sudo to detect if it is already authenticated"));
+#endif
 		wxString str;
 		bool param1IsVolume = false;
 		bool param1IsMountedVolumeSpec = false;
@@ -339,6 +344,9 @@ namespace VeraCrypt
 		ArgTrueCryptMode = parser.Found (L"truecrypt");
 		ArgDisableFileSizeCheck = parser.Found (L"no-size-check");
 		ArgUseLegacyPassword = parser.Found (L"legacy-password-maxlength") || ArgTrueCryptMode;		
+#if defined(TC_LINUX ) || defined (TC_FREEBSD)
+		ArgUseDummySudoPassword = parser.Found (L"use-dummy-sudo-password");
+#endif
 
 #if !defined(TC_WINDOWS) && !defined(TC_MACOSX)
 		if (parser.Found (L"fs-options", &str))

src/Main/CommandLineInterface.h

@@ -85,6 +85,9 @@ namespace VeraCrypt
         shared_ptr<SecureBuffer> ArgTokenPin;
         bool ArgDisableFileSizeCheck;
         bool ArgUseLegacyPassword;
+#if defined(TC_LINUX ) || defined (TC_FREEBSD)
+        bool ArgUseDummySudoPassword;
+#endif
 
 		bool StartBackgroundTask;
 		UserPreferences Preferences;

src/Main/UserInterface.cpp

@@ -534,6 +534,10 @@ namespace VeraCrypt
 			Core->SetAdminPasswordCallback (shared_ptr <GetStringFunctor> (new AdminPasswordRequestHandler));
 		}
 
+#if defined(TC_LINUX ) || defined (TC_FREEBSD)
+		Core->ForceUseDummySudoPassword (CmdLine->ArgUseDummySudoPassword);
+#endif
+
 		Core->WarningEvent.Connect (EventConnector <UserInterface> (this, &UserInterface::OnWarning));
 		Core->VolumeMountedEvent.Connect (EventConnector <UserInterface> (this, &UserInterface::OnVolumeMounted));