| Index: chromeos_login.h
|
| diff --git a/chromeos_login.h b/chromeos_login.h
|
| index 5a9c0e4b776cab89d68f0c7d2ebb89d868a9ecad..108392311d22880a84578df406d3d737cf5fd923 100644
|
| --- a/chromeos_login.h
|
| +++ b/chromeos_login.h
|
| @@ -25,6 +25,22 @@ enum OwnershipEvent {
|
| PropertyOpFailure = 5,
|
| };
|
|
|
| +struct CryptoBlob {
|
| + const uint8* data;
|
| + int length;
|
| +};
|
| +
|
| +struct Property {
|
| + const char* name;
|
| + const char* value;
|
| + CryptoBlob* signature;
|
| +};
|
| +
|
| +struct UserList {
|
| + const char** users; // array of NULL-terminated C-strings
|
| + int num_users;
|
| +};
|
| +
|
| static const char kOwnerKeyFile[] = "/var/lib/whitelist/owner.key";
|
|
|
| class OpaqueSessionConnection;
|
| @@ -34,31 +50,97 @@ typedef void(*SessionMonitor)(void*, const OwnershipEvent&);
|
| extern SessionConnection (*MonitorSession)(SessionMonitor monitor, void*);
|
| extern void (*DisconnectSession)(SessionConnection connection);
|
|
|
| +// DEPRECATED due to memory unsafety.
|
| extern bool (*CheckWhitelist)(const char* email,
|
| std::vector<uint8>* OUT_signature);
|
| +
|
| +// Checks if |email| is on the whitelist.
|
| +// Returns true if so, and allocates a CryptoBlob to pass back in the out param.
|
| +// If not, returns false and |OUT_signature| is untouched.
|
| +// Free |OUT_signature| using FreeCryptoBlob().
|
| +extern bool (*CheckWhitelistSafe)(const char* email,
|
| + CryptoBlob** OUT_signature);
|
| +
|
| +// Kicks off an attempt to emit the "login-prompt-ready" upstart signal.
|
| extern bool (*EmitLoginPromptReady)();
|
|
|
| +// DEPRECATED due to memory unsafety.
|
| +extern bool (*EnumerateWhitelisted)(std::vector<std::string>* OUT_whitelisted);
|
| +
|
| // EnumerateWhitelisted() is for informational purposes only. The data
|
| // is returned without signatures. To determine if a user is allowed to log in
|
| // to the device, YOU MUST use CheckWhitelist and verify the signature that is
|
| // returned.
|
| -extern bool (*EnumerateWhitelisted)(std::vector<std::string>* OUT_whitelisted);
|
| +// Free |OUT_whitelisted| using FreeUserList().
|
| +extern bool (*EnumerateWhitelistedSafe)(UserList** OUT_whitelisted);
|
| +
|
| +// These methods are used to create structures to pass to
|
| +// the "*Safe" functions defined in this file. We need to do this
|
| +// to safely pass data over the dll boundary between our .so and Chrome.
|
| +extern CryptoBlob* (*CreateCryptoBlob)(const uint8* in, const int in_len);
|
| +extern Property* (*CreateProperty)(const char* name, const char* value,
|
| + const uint8* sig, const int sig_len);
|
| +extern UserList* (*CreateUserList)(char** users);
|
| +
|
| +// These methods are used to free structures that were returned in
|
| +// out-params from "*Safe" functions defined in this file. We need to do this
|
| +// to safely pass data over the dll boundary between our .so and Chrome.
|
| +extern void (*FreeCryptoBlob)(CryptoBlob* blob);
|
| +extern void (*FreeProperty)(Property* property);
|
| +extern void (*FreeUserList)(UserList* userlist);
|
| +
|
| extern bool (*RestartJob)(int pid, const char* command_line);
|
| +
|
| +// DEPRECATED due to memory unsafety.
|
| extern bool (*RetrieveProperty)(const char* name,
|
| std::string* OUT_value,
|
| std::vector<uint8>* OUT_signature);
|
| +
|
| +// Fetches the property called |name|.
|
| +// Returns true if it can be fetched, allocates a Property to pass back.
|
| +// If not, returns false and |OUT_property| is untouched
|
| +// Free |OUT_property| using FreeProperty.
|
| +extern bool (*RetrievePropertySafe)(const char* name, Property** OUT_property);
|
| +
|
| +// DEPRECATED due to memory unsafety.
|
| extern bool (*SetOwnerKey)(const std::vector<uint8>& public_key_der);
|
| +
|
| +// Attempts to set the Owner key to |public_key_der|.
|
| +// Returns true if the attempt starts successfully.
|
| +extern bool (*SetOwnerKeySafe)(const CryptoBlob* public_key_der);
|
| +
|
| extern bool (*StartSession)(const char* user_email,
|
| const char* unique_id /* unused */);
|
| +
|
| extern bool (*StopSession)(const char* unique_id /* unused */);
|
| +
|
| +// DEPRECATED due to memory unsafety.
|
| extern bool (*StoreProperty)(const char* name,
|
| const char* value,
|
| const std::vector<uint8>& signature);
|
| +
|
| +// Attempts to store |prop|.
|
| +// Returns true if the attempt starts successfully.
|
| +extern bool (*StorePropertySafe)(const Property* prop);
|
| +
|
| +// DEPRECATED due to memory unsafety.
|
| extern bool (*Unwhitelist)(const char* email,
|
| const std::vector<uint8>& signature);
|
| +
|
| +// Attempts to remove |email| from the whitelist.
|
| +// Returns true if the attempt is started successfully.
|
| +extern bool (*UnwhitelistSafe)(const char* email,
|
| + const CryptoBlob* signature);
|
| +
|
| +// DEPRECATED due to memory unsafety.
|
| extern bool (*Whitelist)(const char* email,
|
| const std::vector<uint8>& signature);
|
|
|
| +// Attempts to whitelist |email|.
|
| +// Returns true if the attempt is successfully started.
|
| +extern bool (*WhitelistSafe)(const char* email,
|
| + const CryptoBlob* signature);
|
| +
|
| } // namespace chromeos
|
|
|
| #endif // CHROMEOS_LOGIN_H_
|
|
|
Chromium Code Reviews
Issue 4132006:
[cros] Add *Safe methods to the ownership API (Closed)
Base URL: http://git.chromium.org/git/cros.git