| OLD | NEW |
|---|
| 1 // Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <dlfcn.h> | 5 #include <dlfcn.h> |
| 6 #include <glib-object.h> | 6 #include <glib-object.h> |
| 7 #include <stdlib.h> | 7 #include <stdlib.h> |
| 8 | 8 |
| 9 #include <iostream> // NOLINT | 9 #include <iostream> // NOLINT |
| 10 #include <vector> | 10 #include <vector> |
| 11 | 11 |
| 12 #include <base/at_exit.h> | 12 #include <base/at_exit.h> |
| 13 #include <base/crypto/rsa_private_key.h> | 13 #include <base/crypto/rsa_private_key.h> |
| 14 #include <base/crypto/signature_creator.h> | 14 #include <base/crypto/signature_creator.h> |
| 15 #include <base/crypto/signature_verifier.h> | 15 #include <base/crypto/signature_verifier.h> |
| 16 #include <base/command_line.h> | 16 #include <base/command_line.h> |
| 17 #include <base/logging.h> | 17 #include <base/logging.h> |
| 18 #include <base/file_path.h> | 18 #include <base/file_path.h> |
| 19 #include <base/file_util.h> | 19 #include <base/file_util.h> |
| 20 #include <base/nss_util.h> | 20 #include <base/nss_util.h> |
| 21 #include <base/scoped_temp_dir.h> | 21 #include <base/scoped_temp_dir.h> |
| 22 #include <base/string_util.h> |
| 22 #include <base/stringprintf.h> | 23 #include <base/stringprintf.h> |
| 23 | 24 |
| 24 #include "chromeos_cros_api.h" // NOLINT | 25 #include "chromeos_cros_api.h" // NOLINT |
| 25 #include "chromeos_login.h" | 26 #include "chromeos_login.h" |
| 26 #include "monitor_utils.h" //NOLINT | 27 #include "monitor_utils.h" //NOLINT |
| 27 | 28 |
| 28 namespace { | 29 namespace { |
| 29 static const char kEmit[] = "emit-login-prompt-ready"; | 30 static const char kEmit[] = "emit-login-prompt-ready"; |
| 30 static const char kStartSession[] = "start-session"; | 31 static const char kStartSession[] = "start-session"; |
| 31 static const char kStopSession[] = "stop-session"; | 32 static const char kStopSession[] = "stop-session"; |
| 32 static const char kSetOwnerKey[] = "set-owner-key"; | 33 static const char kSetOwnerKey[] = "set-owner-key"; |
| 33 static const char kWhitelist[] = "whitelist"; | 34 static const char kWhitelist[] = "whitelist"; |
| 34 static const char kUnwhitelist[] = "unwhitelist"; | 35 static const char kUnwhitelist[] = "unwhitelist"; |
| 35 static const char kCheckWhitelist[] = "check-whitelist"; | 36 static const char kCheckWhitelist[] = "check-whitelist"; |
| 36 static const char kEnumerate[] = "enumerate-whitelisted"; | 37 static const char kEnumerate[] = "enumerate-whitelisted"; |
| 38 static const char kStoreProperty[] = "store-property"; |
| 39 static const char kRetrieveProperty[] = "retrieve-property"; |
| 37 | 40 |
| 38 class ClientLoop { | 41 class ClientLoop { |
| 39 public: | 42 public: |
| 40 ClientLoop() | 43 ClientLoop() |
| 41 : loop_(NULL), | 44 : loop_(NULL), |
| 42 connection_(NULL) { } | 45 connection_(NULL) { } |
| 43 | 46 |
| 44 virtual ~ClientLoop() { | 47 virtual ~ClientLoop() { |
| 45 if (connection_) { | 48 if (connection_) { |
| 46 chromeos::DisconnectSession(connection_); | 49 chromeos::DisconnectSession(connection_); |
| (...skipping 155 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 202 LOG(FATAL) << "Starting session failed."; | 205 LOG(FATAL) << "Starting session failed."; |
| 203 } | 206 } |
| 204 | 207 |
| 205 // Really have to do this after clearing owner key, starting BWSI session. | 208 // Really have to do this after clearing owner key, starting BWSI session. |
| 206 // Note that Chrome will get the signal that this has been done and CHECK. | 209 // Note that Chrome will get the signal that this has been done and CHECK. |
| 207 if (cl->HasSwitch(kSetOwnerKey)) { | 210 if (cl->HasSwitch(kSetOwnerKey)) { |
| 208 std::vector<uint8> pubkey; | 211 std::vector<uint8> pubkey; |
| 209 if (!GenerateOwnerKey(&pubkey)) | 212 if (!GenerateOwnerKey(&pubkey)) |
| 210 LOG(FATAL) << "Couldn't generate fakey owner key"; | 213 LOG(FATAL) << "Couldn't generate fakey owner key"; |
| 211 | 214 |
| 215 chromeos::CryptoBlob* blob = chromeos::CreateCryptoBlob(&pubkey[0], |
| 216 pubkey.size()); |
| 217 |
| 212 ClientLoop client_loop; | 218 ClientLoop client_loop; |
| 213 client_loop.Initialize(); | 219 client_loop.Initialize(); |
| 214 | 220 |
| 215 if (!chromeos::SetOwnerKey(pubkey)) { | 221 if (!chromeos::SetOwnerKeySafe(blob)) { |
| 216 LOG(FATAL) << "Could not send SetOwnerKey?"; | 222 LOG(FATAL) << "Could not send SetOwnerKey?"; |
| 217 } | 223 } |
| 218 client_loop.Run(); | 224 client_loop.Run(); |
| 219 LOG(INFO) << (client_loop.what_happened() == chromeos::SetKeySuccess ? | 225 LOG(INFO) << (client_loop.what_happened() == chromeos::SetKeySuccess ? |
| 220 "Successfully set owner key" : "Didn't set owner key"); | 226 "Successfully set owner key" : "Didn't set owner key"); |
| 221 exit(0); | 227 chromeos::FreeCryptoBlob(blob); |
| 222 } | 228 } |
| 223 if (cl->HasSwitch(kWhitelist)) { | 229 if (cl->HasSwitch(kWhitelist)) { |
| 224 scoped_ptr<base::RSAPrivateKey> private_key( | 230 scoped_ptr<base::RSAPrivateKey> private_key( |
| 225 GetPrivateKey(FilePath(chromeos::kOwnerKeyFile))); | 231 GetPrivateKey(FilePath(chromeos::kOwnerKeyFile))); |
| 226 | 232 |
| 227 std::string name = cl->GetSwitchValueASCII(kWhitelist); | 233 std::string name = cl->GetSwitchValueASCII(kWhitelist); |
| 228 std::vector<uint8> sig; | 234 std::vector<uint8> sig; |
| 229 if (!Sign(name, private_key.get(), &sig)) | 235 if (!Sign(name, private_key.get(), &sig)) |
| 230 LOG(FATAL) << "Can't sign " << name; | 236 LOG(FATAL) << "Can't sign " << name; |
| 231 else | 237 else |
| 232 LOG(INFO) << "Signature is " << sig.size(); | 238 LOG(INFO) << "Signature is " << sig.size(); |
| 233 | 239 |
| 234 ClientLoop client_loop; | 240 ClientLoop client_loop; |
| 235 client_loop.Initialize(); | 241 client_loop.Initialize(); |
| 236 | 242 |
| 237 if (!chromeos::Whitelist(name.c_str(), sig)) | 243 chromeos::CryptoBlob* blob = chromeos::CreateCryptoBlob(&sig[0], |
| 244 sig.size()); |
| 245 |
| 246 if (!chromeos::WhitelistSafe(name.c_str(), blob)) |
| 238 LOG(FATAL) << "Could not send SetOwnerKey?"; | 247 LOG(FATAL) << "Could not send SetOwnerKey?"; |
| 239 | 248 |
| 240 client_loop.Run(); | 249 client_loop.Run(); |
| 241 LOG(INFO) << (client_loop.what_happened() == chromeos::WhitelistOpSuccess ? | 250 LOG(INFO) << (client_loop.what_happened() == chromeos::WhitelistOpSuccess ? |
| 242 "Whitelisted " : "Failed to whitelist ") << name; | 251 "Whitelisted " : "Failed to whitelist ") << name; |
| 243 exit(0); | 252 chromeos::FreeCryptoBlob(blob); |
| 244 } | 253 } |
| 245 if (cl->HasSwitch(kUnwhitelist)) { | 254 if (cl->HasSwitch(kUnwhitelist)) { |
| 246 scoped_ptr<base::RSAPrivateKey> private_key( | 255 scoped_ptr<base::RSAPrivateKey> private_key( |
| 247 GetPrivateKey(FilePath(chromeos::kOwnerKeyFile))); | 256 GetPrivateKey(FilePath(chromeos::kOwnerKeyFile))); |
| 248 | 257 |
| 249 std::string name = cl->GetSwitchValueASCII(kUnwhitelist); | 258 std::string name = cl->GetSwitchValueASCII(kUnwhitelist); |
| 250 std::vector<uint8> sig; | 259 std::vector<uint8> sig; |
| 251 if (!Sign(name, private_key.get(), &sig)) | 260 if (!Sign(name, private_key.get(), &sig)) |
| 252 LOG(FATAL) << "Can't sign " << name; | 261 LOG(FATAL) << "Can't sign " << name; |
| 253 | 262 |
| 254 ClientLoop client_loop; | 263 ClientLoop client_loop; |
| 255 client_loop.Initialize(); | 264 client_loop.Initialize(); |
| 256 | 265 |
| 257 if (!chromeos::Unwhitelist(name.c_str(), sig)) | 266 chromeos::CryptoBlob* blob = chromeos::CreateCryptoBlob(&sig[0], |
| 258 LOG(FATAL) << "Could not send SetOwnerKey?"; | 267 sig.size()); |
| 268 |
| 269 if (!chromeos::UnwhitelistSafe(name.c_str(), blob)) |
| 270 LOG(FATAL) << "Could not send UnwhitelistSafe?"; |
| 259 | 271 |
| 260 client_loop.Run(); | 272 client_loop.Run(); |
| 261 LOG(INFO) << (client_loop.what_happened() == chromeos::WhitelistOpSuccess ? | 273 LOG(INFO) << (client_loop.what_happened() == chromeos::WhitelistOpSuccess ? |
| 262 "Whitelisted " : "Failed to whitelist ") << name; | 274 "Whitelisted " : "Failed to whitelist ") << name; |
| 263 exit(0); | 275 chromeos::FreeCryptoBlob(blob); |
| 264 } | 276 } |
| 265 if (cl->HasSwitch(kEnumerate)) { | 277 if (cl->HasSwitch(kEnumerate)) { |
| 266 std::vector<std::string> whitelisted; | 278 chromeos::UserList* whitelisted = NULL; |
| 267 if (!chromeos::EnumerateWhitelisted(&whitelisted)) { | 279 if (!chromeos::EnumerateWhitelistedSafe(&whitelisted)) { |
| 268 LOG(FATAL) << "Could not enumerate the whitelisted"; | 280 LOG(FATAL) << "Could not enumerate the whitelisted"; |
| 269 } | 281 } |
| 270 std::vector<std::string>::iterator it; | |
| 271 | 282 |
| 272 for (it = whitelisted.begin(); it < whitelisted.end(); ++it) | 283 for (int i = 0; i < whitelisted->num_users; i++) |
| 273 LOG(INFO) << *it << " is whitelisted"; | 284 LOG(INFO) << whitelisted->users[i] << " is whitelisted"; |
| 274 | 285 |
| 275 exit(0); | 286 chromeos::FreeUserList(whitelisted); |
| 276 } | 287 } |
| 277 if (cl->HasSwitch(kCheckWhitelist)) { | 288 if (cl->HasSwitch(kCheckWhitelist)) { |
| 278 std::string name = cl->GetSwitchValueASCII(kCheckWhitelist); | 289 std::string name = cl->GetSwitchValueASCII(kCheckWhitelist); |
| 290 chromeos::CryptoBlob* sig; |
| 291 |
| 292 if (!chromeos::CheckWhitelistSafe(name.c_str(), &sig)) |
| 293 LOG(WARNING) << name << " not on whitelist."; |
| 294 else { |
| 295 LOG(INFO) << name << " is on the whitelist."; |
| 296 chromeos::FreeCryptoBlob(sig); |
| 297 } |
| 298 } |
| 299 if (cl->HasSwitch(kStoreProperty)) { |
| 300 scoped_ptr<base::RSAPrivateKey> private_key( |
| 301 GetPrivateKey(FilePath(chromeos::kOwnerKeyFile))); |
| 302 |
| 303 std::string keyval = cl->GetSwitchValueASCII(kStoreProperty); |
| 279 std::vector<uint8> sig; | 304 std::vector<uint8> sig; |
| 305 if (!Sign(keyval, private_key.get(), &sig)) |
| 306 LOG(FATAL) << "Can't sign " << keyval; |
| 307 else |
| 308 LOG(INFO) << "Signature is " << sig.size(); |
| 280 | 309 |
| 281 if (!chromeos::CheckWhitelist(name.c_str(), &sig)) | 310 ClientLoop client_loop; |
| 282 LOG(WARNING) << name << " not on whitelist."; | 311 client_loop.Initialize(); |
| 283 else | |
| 284 LOG(INFO) << name << " is on the whitelist."; | |
| 285 | 312 |
| 286 exit(0); | 313 std::vector<std::string> pair; |
| 314 SplitString(keyval, '=', &pair); |
| 315 chromeos::Property* prop = chromeos::CreateProperty(pair[0].c_str(), |
| 316 pair[1].c_str(), |
| 317 &sig[0], |
| 318 sig.size()); |
| 319 if (!chromeos::StorePropertySafe(prop)) |
| 320 LOG(FATAL) << "Could not send StorePropertySafe?"; |
| 321 |
| 322 client_loop.Run(); |
| 323 LOG(INFO) << (client_loop.what_happened() == chromeos::PropertyOpSuccess ? |
| 324 "Stored " : "Failed to store ") << keyval; |
| 325 chromeos::FreeProperty(prop); |
| 326 } |
| 327 if (cl->HasSwitch(kRetrieveProperty)) { |
| 328 std::string name = cl->GetSwitchValueASCII(kRetrieveProperty); |
| 329 chromeos::Property* prop; |
| 330 |
| 331 if (!chromeos::RetrievePropertySafe(name.c_str(), &prop)) |
| 332 LOG(WARNING) << name << " not stored."; |
| 333 else { |
| 334 LOG(INFO) << prop->name << "=" << prop->value; |
| 335 chromeos::FreeProperty(prop); |
| 336 } |
| 287 } | 337 } |
| 288 | 338 |
| 289 return 0; | 339 return 0; |
| 290 } | 340 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 4132006:
[cros] Add *Safe methods to the ownership API (Closed)
Base URL: http://git.chromium.org/git/cros.git