OLD | NEW |
1 // Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 /** | 5 /** |
6 * Check the validity of the policy extension manifest. | 6 * Check the validity of the policy extension manifest. |
7 * | 7 * |
8 * This function is invoked by entd before the policy is loaded in order to | 8 * This function is invoked by entd before the policy is loaded in order to |
9 * check the validity of the extension manifest. If this function returns | 9 * check the validity of the extension manifest. If this function returns |
10 * false, entd exits and does not restart until the next user logs in. | 10 * false, entd exits and does not restart until the next user logs in. |
(...skipping 372 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
383 return true; | 383 return true; |
384 } | 384 } |
385 | 385 |
386 /** | 386 /** |
387 * Check if a PKCS11 token appears to be ready for use. | 387 * Check if a PKCS11 token appears to be ready for use. |
388 * | 388 * |
389 * This method returns true if the given token has been initialized, both | 389 * This method returns true if the given token has been initialized, both |
390 * PINs have been set, and neither PIN is locked. | 390 * PINs have been set, and neither PIN is locked. |
391 */ | 391 */ |
392 Policy.prototype.checkToken = | 392 Policy.prototype.checkToken = |
393 function initToken(token) { | 393 function checkToken(token) { |
394 token.refresh(); | 394 token.refresh(); |
395 return ((token.flags & Token.CKF_TOKEN_INITIALIZED) && | 395 return ((token.flags & Token.CKF_TOKEN_INITIALIZED) && |
396 (token.flags & Token.CKF_USER_PIN_INITIALIZED) && | 396 (token.flags & Token.CKF_USER_PIN_INITIALIZED) && |
397 !(token.flags & (Token.CKF_SO_PIN_TO_BE_CHANGED || | 397 !(token.flags & (Token.CKF_SO_PIN_TO_BE_CHANGED || |
398 Token.CKF_USER_PIN_TO_BE_CHANGED || | 398 Token.CKF_USER_PIN_TO_BE_CHANGED || |
399 Token.CKF_SO_PIN_LOCKED || | 399 Token.CKF_SO_PIN_LOCKED || |
400 Token.CKF_USER_PIN_LOCKED))); | 400 Token.CKF_USER_PIN_LOCKED))); |
401 } | 401 } |
402 | 402 |
403 /** | 403 /** |
404 * Initialize a PKCS11 token. | 404 * Initialize a PKCS11 token. |
405 * | 405 * |
406 * This performs *only* the token initialization. Callers must also reset | 406 * This performs *only* the token initialization. Callers must also reset |
407 * the SO and User PINs before the token is usable. | 407 * the SO and User PINs before the token is usable. |
408 * | 408 * |
409 * @param {entd.Pkcs11.Token} token The token to initialize. | 409 * @param {entd.Pkcs11.Token} token The token to initialize. |
410 * @param {string} tokenLabel Optional. The label to assign to the new token. | 410 * @param {string} tokenLabel Optional. The label to assign to the new token. |
411 */ | 411 */ |
412 Policy.prototype.initToken = | 412 Policy.prototype.initToken = |
413 function initToken(token, tokenLabel) { | 413 function initToken(token, tokenLabel) { |
414 if (!tokenLabel) | 414 if (!tokenLabel) |
415 tokenLabel = "Initialized by CrOS"; | 415 tokenLabel = "Initialized by CrOS"; |
416 | 416 |
417 this.start(token, 'init', | 417 this.start(token, 'init', |
418 'Initializing token: ' + tokenLabel); | 418 'Initializing token: ' + tokenLabel); |
419 | 419 |
420 var sopin; | 420 var sopin; |
421 | 421 |
422 token.refresh(); | 422 token.refresh(); |
| 423 |
423 if (token.flags & Token.CKF_SO_PIN_TO_BE_CHANGED) { | 424 if (token.flags & Token.CKF_SO_PIN_TO_BE_CHANGED) { |
424 // If the SO pin hasn't been initialized yet, then it's the one | 425 // If the SO pin hasn't been initialized yet, then it's the one |
425 // assigned by opencryptoki. | 426 // assigned by opencryptoki. |
426 sopin = Token.DEFAULT_SO_PIN; | 427 sopin = Token.DEFAULT_SO_PIN; |
427 } else { | 428 } else { |
428 // Otherwise, it *should be* the one we assigned when we initialized it. | 429 // Otherwise, it *should be* the one we assigned when we initialized it. |
429 sopin = Policy.PKCS11_SO_PIN; | 430 sopin = Policy.PKCS11_SO_PIN; |
430 } | 431 } |
431 | 432 |
432 try { | 433 try { |
(...skipping 736 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1169 userType = Session.CKU_SO; | 1170 userType = Session.CKU_SO; |
1170 } else { | 1171 } else { |
1171 return Policy.CallbackError('Invalid userType: ' + arg.userType); | 1172 return Policy.CallbackError('Invalid userType: ' + arg.userType); |
1172 } | 1173 } |
1173 | 1174 |
1174 var policy = this.policy; | 1175 var policy = this.policy; |
1175 entd.setTimeout(function () { | 1176 entd.setTimeout(function () { |
1176 policy.setTokenPin(token, userType, arg.oldPin, arg.newPin); | 1177 policy.setTokenPin(token, userType, arg.oldPin, arg.newPin); |
1177 }, 1); | 1178 }, 1); |
1178 | 1179 |
1179 return Policy.CallbackSuccess('Resetting user pin'); | 1180 return Policy.CallbackSuccess('Resetting so pin'); |
1180 } | 1181 } |
1181 | 1182 |
1182 /** | 1183 /** |
1183 * Initialize a PKCS11 token. | 1184 * Initialize a PKCS11 token. |
1184 * | 1185 * |
1185 * @param {Object} arg An object with the following properties: | 1186 * @param {Object} arg An object with the following properties: |
1186 * - 'slotId' An integer representing the slot that contains the target token. | 1187 * - 'slotId' An integer representing the slot that contains the target token. |
1187 * | 1188 * |
1188 * Initializing a PKCS11 token is an asynchronous operation. While the | 1189 * Initializing a PKCS11 token is an asynchronous operation. While the |
1189 * initialization is in progress the token state will be 'start:init'. If the | 1190 * initialization is in progress the token state will be 'start:init'. If the |
(...skipping 217 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1407 var cert = this.policy.certificates[util.toKey(arg.certificateId)]; | 1408 var cert = this.policy.certificates[util.toKey(arg.certificateId)]; |
1408 if (!cert) | 1409 if (!cert) |
1409 return Policy.CallbackError('Unknown certificate: ' + arg.certificateId); | 1410 return Policy.CallbackError('Unknown certificate: ' + arg.certificateId); |
1410 | 1411 |
1411 cert.onInstall_(/* firstInstall: */ true); | 1412 cert.onInstall_(/* firstInstall: */ true); |
1412 | 1413 |
1413 return Policy.CallbackSuccess(cert.info('Installing certificate: ' + | 1414 return Policy.CallbackSuccess(cert.info('Installing certificate: ' + |
1414 cert.label)); | 1415 cert.label)); |
1415 } | 1416 } |
1416 | 1417 |
| 1418 Policy.Callbacks.prototype['cb:restart'] = |
| 1419 function cb_restart(arg) { |
| 1420 entd.syslog.info("Restarting by client request."); |
| 1421 // Exit code two means we haven't errored, but would like to be restarted. |
| 1422 entd.scheduleShutdown(2); |
| 1423 return Policy.CallbackSuccess('Restarting'); |
| 1424 } |
| 1425 |
1417 /** | 1426 /** |
1418 * Return an object indicating that a callback succeeded. | 1427 * Return an object indicating that a callback succeeded. |
1419 */ | 1428 */ |
1420 Policy.CallbackSuccess = | 1429 Policy.CallbackSuccess = |
1421 function CallbackSuccess(data) { | 1430 function CallbackSuccess(data) { |
1422 return { status: 'success', data: data }; | 1431 return { status: 'success', data: data }; |
1423 }; | 1432 }; |
1424 | 1433 |
1425 /** | 1434 /** |
1426 * Return an object indicating that a callback encountered an error. | 1435 * Return an object indicating that a callback encountered an error. |
(...skipping 280 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1707 return str; | 1716 return str; |
1708 } | 1717 } |
1709 | 1718 |
1710 /** | 1719 /** |
1711 * Detect a raw string. | 1720 * Detect a raw string. |
1712 */ | 1721 */ |
1713 util.isRawString = | 1722 util.isRawString = |
1714 function isRawString(str) { | 1723 function isRawString(str) { |
1715 return str instanceof String && str.isRaw_ == true; | 1724 return str instanceof String && str.isRaw_ == true; |
1716 } | 1725 } |
OLD | NEW |