| OLD | NEW |
|---|
| 1 // Copyright (c) 2009-2010 The Chromium OS Authors. All rights reserved. | 1 // Copyright (c) 2009-2010 The Chromium OS Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // Contains the implementation of class Mount | 5 // Contains the implementation of class Mount |
| 6 | 6 |
| 7 #include "mount.h" | 7 #include "mount.h" |
| 8 | 8 |
| 9 #include <errno.h> | 9 #include <errno.h> |
| 10 | 10 |
| (...skipping 217 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 228 // If the mount was successful, set the status to indicate that the | 228 // If the mount was successful, set the status to indicate that the |
| 229 // cryptohome was recreated. | 229 // cryptohome was recreated. |
| 230 if (local_result && mount_error) { | 230 if (local_result && mount_error) { |
| 231 *mount_error = MOUNT_ERROR_RECREATED; | 231 *mount_error = MOUNT_ERROR_RECREATED; |
| 232 } | 232 } |
| 233 return local_result; | 233 return local_result; |
| 234 } | 234 } |
| 235 return false; | 235 return false; |
| 236 } | 236 } |
| 237 | 237 |
| 238 // TODO(glotov): the following code is deprecated. Remove it. | |
| 239 if (mount_args.replace_tracked_subdirectories) { | |
| 240 if (ReplaceTrackedSubdirectories(mount_args.tracked_subdirectories, | |
| 241 &serialized)) { | |
| 242 // If the tracked subdirectories changed, re-save the vault keyset | |
| 243 StoreVaultKeyset(credentials, serialized); | |
| 244 } | |
| 245 } | |
| 246 | |
| 247 crypto_->ClearKeyset(); | 238 crypto_->ClearKeyset(); |
| 248 | 239 |
| 249 // Add the decrypted key to the keyring so that ecryptfs can use it | 240 // Add the decrypted key to the keyring so that ecryptfs can use it |
| 250 string key_signature, fnek_signature; | 241 string key_signature, fnek_signature; |
| 251 if (!crypto_->AddKeyset(vault_keyset, &key_signature, &fnek_signature)) { | 242 if (!crypto_->AddKeyset(vault_keyset, &key_signature, &fnek_signature)) { |
| 252 LOG(INFO) << "Cryptohome mount failed because of keyring failure."; | 243 LOG(INFO) << "Cryptohome mount failed because of keyring failure."; |
| 253 if (mount_error) { | 244 if (mount_error) { |
| 254 *mount_error = MOUNT_ERROR_FATAL; | 245 *mount_error = MOUNT_ERROR_FATAL; |
| 255 } | 246 } |
| 256 return false; | 247 return false; |
| (...skipping 100 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 357 } | 348 } |
| 358 | 349 |
| 359 bool Mount::CreateCryptohome(const Credentials& credentials, | 350 bool Mount::CreateCryptohome(const Credentials& credentials, |
| 360 const Mount::MountArgs& mount_args) const { | 351 const Mount::MountArgs& mount_args) const { |
| 361 int original_mask = platform_->SetMask(kDefaultUmask); | 352 int original_mask = platform_->SetMask(kDefaultUmask); |
| 362 | 353 |
| 363 // Create the user's entry in the shadow root | 354 // Create the user's entry in the shadow root |
| 364 FilePath user_dir(GetUserDirectory(credentials)); | 355 FilePath user_dir(GetUserDirectory(credentials)); |
| 365 file_util::CreateDirectory(user_dir); | 356 file_util::CreateDirectory(user_dir); |
| 366 | 357 |
| 367 // Generat a new master key | 358 // Generate a new master key |
| 368 VaultKeyset vault_keyset; | 359 VaultKeyset vault_keyset; |
| 369 vault_keyset.CreateRandom(*this); | 360 vault_keyset.CreateRandom(*this); |
| 370 SerializedVaultKeyset serialized; | 361 SerializedVaultKeyset serialized; |
| 371 ReplaceTrackedSubdirectories(mount_args.tracked_subdirectories, &serialized); | |
| 372 if (!AddVaultKeyset(credentials, vault_keyset, &serialized)) { | 362 if (!AddVaultKeyset(credentials, vault_keyset, &serialized)) { |
| 373 platform_->SetMask(original_mask); | 363 platform_->SetMask(original_mask); |
| 374 return false; | 364 return false; |
| 375 } | 365 } |
| 376 if (!StoreVaultKeyset(credentials, serialized)) { | 366 if (!StoreVaultKeyset(credentials, serialized)) { |
| 377 platform_->SetMask(original_mask); | 367 platform_->SetMask(original_mask); |
| 378 return false; | 368 return false; |
| 379 } | 369 } |
| 380 | 370 |
| 381 // Create the user's path and set the proper ownership | 371 // Create the user's path and set the proper ownership |
| (...skipping 99 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 481 } | 471 } |
| 482 file_util::Delete(tmp_migrated_dir, true); | 472 file_util::Delete(tmp_migrated_dir, true); |
| 483 } | 473 } |
| 484 } | 474 } |
| 485 | 475 |
| 486 // Restore the umask | 476 // Restore the umask |
| 487 platform_->SetMask(original_mask); | 477 platform_->SetMask(original_mask); |
| 488 return result; | 478 return result; |
| 489 } | 479 } |
| 490 | 480 |
| 491 bool Mount::ReplaceTrackedSubdirectories( | |
| 492 const std::vector<std::string>& tracked_subdirectories, | |
| 493 SerializedVaultKeyset* serialized) const { | |
| 494 std::set<std::string> existing; | |
| 495 for (int index = 0; index < serialized->tracked_subdirectories_size(); | |
| 496 ++index) { | |
| 497 existing.insert(serialized->tracked_subdirectories(index)); | |
| 498 } | |
| 499 bool new_exists = false; | |
| 500 for (std::vector<std::string>::const_iterator itr = | |
| 501 tracked_subdirectories.begin(); | |
| 502 itr != tracked_subdirectories.end(); | |
| 503 ++itr) { | |
| 504 if (!existing.erase(*itr)) { | |
| 505 new_exists = true; | |
| 506 } | |
| 507 } | |
| 508 // If there are any subdirectories that were in one set but not the other, | |
| 509 // then we need to replace | |
| 510 if (existing.size() || new_exists) { | |
| 511 serialized->clear_tracked_subdirectories(); | |
| 512 for (std::vector<std::string>::const_iterator itr = | |
| 513 tracked_subdirectories.begin(); | |
| 514 itr != tracked_subdirectories.end(); | |
| 515 ++itr) { | |
| 516 serialized->add_tracked_subdirectories(*itr); | |
| 517 } | |
| 518 return true; | |
| 519 } | |
| 520 return false; | |
| 521 } | |
| 522 | |
| 523 void Mount::CleanUnmountedTrackedSubdirectories() const { | 481 void Mount::CleanUnmountedTrackedSubdirectories() const { |
| 524 FilePath shadow_root(shadow_root_); | 482 FilePath shadow_root(shadow_root_); |
| 525 file_util::FileEnumerator dir_enumerator(shadow_root, false, | 483 file_util::FileEnumerator dir_enumerator(shadow_root, false, |
| 526 file_util::FileEnumerator::DIRECTORIES); | 484 file_util::FileEnumerator::DIRECTORIES); |
| 527 for (FilePath next_path = dir_enumerator.Next(); !next_path.empty(); | 485 for (FilePath next_path = dir_enumerator.Next(); !next_path.empty(); |
| 528 next_path = dir_enumerator.Next()) { | 486 next_path = dir_enumerator.Next()) { |
| 529 FilePath dir_name = next_path.BaseName(); | 487 FilePath dir_name = next_path.BaseName(); |
| 530 string str_dir_name = dir_name.value(); | 488 string str_dir_name = dir_name.value(); |
| 531 if (str_dir_name.length() != kUserDirNameLength) { | 489 if (str_dir_name.length() != kUserDirNameLength) { |
| 532 continue; | 490 continue; |
| (...skipping 558 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1091 if (error) { | 1049 if (error) { |
| 1092 *error = Mount::MOUNT_ERROR_KEY_FAILURE; | 1050 *error = Mount::MOUNT_ERROR_KEY_FAILURE; |
| 1093 } | 1051 } |
| 1094 return false; | 1052 return false; |
| 1095 } | 1053 } |
| 1096 | 1054 |
| 1097 return true; | 1055 return true; |
| 1098 } | 1056 } |
| 1099 | 1057 |
| 1100 } // namespace cryptohome | 1058 } // namespace cryptohome |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 6598009:
Deprecating tracked_directories as a Vault parameter (Closed)
Base URL: ssh://git@gitrw.chromium.org:9222/cryptohome.git@master