[login_manager] Use keygen helper to generate owner key

session_manager_service.h

 // Copyright (c) 2009-2010 The Chromium OS Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef LOGIN_MANAGER_SESSION_MANAGER_SERVICE_H_
 #define LOGIN_MANAGER_SESSION_MANAGER_SERVICE_H_
 
 #include <dbus/dbus.h>
 #include <errno.h>
 #include <glib.h>
 #include <gtest/gtest.h>
 #include <signal.h>
 #include <unistd.h>
 
 #include <string>
 #include <vector>
 
 #include <base/basictypes.h>
 #include <base/ref_counted.h>
 #include <base/scoped_ptr.h>
 #include <base/thread.h>
 #include <chromeos/dbus/abstract_dbus_service.h>
 #include <chromeos/dbus/dbus.h>
 #include <chromeos/dbus/service_constants.h>
 
+#include "login_manager/child_job.h"
 #include "login_manager/file_checker.h"
 #include "login_manager/owner_key.h"
 #include "login_manager/owner_key_loss_mitigator.h"
 #include "login_manager/pref_store.h"
 #include "login_manager/system_utils.h"
 #include "login_manager/upstart_signal_emitter.h"
 
 namespace base {
 class MessageLoopProxy;
 }  // namespace base
@@ skipping 57 matching lines @@
     }
     void set_ownerkey(OwnerKey* key) {
       session_manager_service_->key_.reset(key);
     }
     void set_prefstore(PrefStore* store) {
       session_manager_service_->store_.reset(store);
     }
     void set_upstart_signal_emitter(UpstartSignalEmitter* emitter) {
       session_manager_service_->upstart_signal_emitter_.reset(emitter);
     }
+    void set_keygen_job(ChildJobInterface* job) {
+      session_manager_service_->keygen_job_.reset(job);
+    }
 
     // Sets whether the the manager exits when a child finishes.
     void set_exit_on_child_done(bool do_exit) {
       session_manager_service_->exit_on_child_done_ = do_exit;
     }
 
     // Executes the CleanupChildren() method on the manager.
     void CleanupChildren(int timeout) {
       session_manager_service_->CleanupChildren(timeout);
     }
@@ skipping 185 matching lines @@
   // with provided.
   gboolean RestartJob(gint pid,
                       gchar* arguments,
                       gboolean* OUT_done,
                       GError** error);
 
   // Restarts (or starts if stopped) the entd upstart job.  Returns if
   // start was successful.
   gboolean RestartEntd(GError** error);
 
+  // Ensures that the public key in |buf| is legitimately paired with
+  // a private key held by the current user, signs and stores some
+  // ownership-related metadata, and then stores this key off as the
+  // new device Owner key.
+  void ValidateAndStoreOwnerKey(const std::string& buf);
+
   // Perform very, very basic validation of |email_address|.
   static bool ValidateEmail(const std::string& email_address);
 
   // Breaks |args| into separate arg lists, delimited by "--".
   // No initial "--" is needed, but is allowed.
   // ("a", "b", "c") => ("a", "b", "c")
   // ("a", "b", "c", "--", "d", "e", "f") =>
   //     ("a", "b", "c"), ("d", "e", "f").
   // Converts args from wide to plain strings.
   static std::vector<std::vector<std::string> > GetArgLists(
@@ skipping 19 matching lines @@
   static void SIGHUPHandler(int signal);
   static void SIGINTHandler(int signal);
   static void SIGTERMHandler(int signal);
 
   // |data| is a SessionManagerService*
   static DBusHandlerResult FilterMessage(DBusConnection* conn,
                                          DBusMessage* message,
                                          void* data);
 
   // |data| is a SessionManagerService*
-  static void HandleChildExit(GPid pid,
-                              gint status,
-                              gpointer data);
+  static void HandleChildExit(GPid pid, gint status, gpointer data);
+
+  // |data| is a SessionManagerService*
+  static void HandleKeygenExit(GPid pid, gint status, gpointer data);
 
   // |data| is a SessionManagerService*.  This is a wrapper around
   // ServiceShutdown() so that we can register it as the callback for
   // when |source| has data to read.
   static gboolean HandleKill(GIOChannel* source,
                              GIOCondition condition,
                              gpointer data);
 
   // So that we can enqueue an event that will exit the main loop.
   // |data| is a SessionManagerService*
@@ skipping 16 matching lines @@
   // in his nssdb.  Returns false if not, or if that cannot be determined.
   // |error| is set appropriately on failure.
   gboolean CurrentUserHasOwnerKey(const std::vector<uint8>& pub_key,
                                   GError** error);
 
   // Cache |email_address| in |current_user_| and return true, if the address
   // passes validation.  Otherwise, set |error| appropriately and return false.
   gboolean ValidateAndCacheUserEmail(const gchar* email_address,
                                      GError** error);
 
+  // Searches through |child_pids_| for |pid|.  Returns index of child if
+  // found, -1 if not.
+  int FindChildByPid(int pid);
+
   // Terminate all children, with increasing prejudice.
   void CleanupChildren(int timeout);
 
-  // If the current user has access to the owner private key
+  // Assuming the current user has access to the owner private key
   // (read: is the owner), this call whitelists |current_user_|, sets a
   // property indicating |current_user_| is the owner, and schedules both
   // a PersistWhitelist() and a PersistStore().
   // Returns false on failure, with |error| set appropriately.
   gboolean StoreOwnerProperties(GError** error);
 
   // Signs and stores |name|=|value|, and schedules a PersistStore().
   // Returns false on failure, populating |error| with |err_msg|.
   gboolean SignAndStoreProperty(const std::string& name,
                                 const std::string& value,
@@ skipping 34 matching lines @@
   void PersistKey();
 
   // |store_| is persisted to disk, and then posts a task to |message_loop_|
   // to signal Chromium when done.
   void PersistWhitelist();
 
   // |store_| is persisted to disk, and then posts a task to |message_loop_|
   // to signal Chromium when done.
   void PersistStore();
 
+  void StartKeyGeneration();
+
   // Uses |system_| to send |signal_name| to Chromium.  Attaches a payload
   // to the signal indicating the status of |succeeded|.
   void SendSignal(const char signal_name[], bool succeeded);
 
   bool ShouldRunChildren();
   // Returns true if |child_job| believes it should be stopped.
   // If the child believes it should be stopped (as opposed to not run anymore)
   // we actually exit the Service as well.
   bool ShouldStopChild(ChildJobInterface* child_job);
 
   static const uint32 kMaxEmailSize;
   static const char kEmailSeparator;
   static const char kLegalCharacters[];
   static const char kIncognitoUser[];
   // The name of the pref that Chrome sets to track who the owner is.
   static const char kDeviceOwnerPref[];
   static const char kIOThreadName[];
+  static const char kKeygenExecutable[];
+  static const char kTemporaryKeyFilename[];
 
   std::vector<ChildJobInterface*> child_jobs_;
   std::vector<int> child_pids_;
   bool exit_on_child_done_;
+  scoped_ptr<ChildJobInterface> keygen_job_;
 
   gobject::SessionManager* session_manager_;
   GMainLoop* main_loop_;
   scoped_ptr<MessageLoop> dont_use_directly_;
   scoped_refptr<base::MessageLoopProxy> message_loop_;
 
   scoped_ptr<SystemUtils> system_;
   scoped_ptr<NssUtil> nss_;
   scoped_ptr<OwnerKey> key_;
   scoped_ptr<PrefStore> store_;
@@ skipping 17 matching lines @@
 
   bool shutting_down_;
   bool shutdown_already_;
 
   friend class TestAPI;
   DISALLOW_COPY_AND_ASSIGN(SessionManagerService);
 };
 }  // namespace login_manager
 
 #endif  // LOGIN_MANAGER_SESSION_MANAGER_SERVICE_H_