OLD | NEW |
1 // Copyright (c) 2009-2010 The Chromium OS Authors. All rights reserved. | 1 // Copyright (c) 2009-2010 The Chromium OS Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // Mount - class for managing cryptohome user keys and mounts. In Chrome OS, | 5 // Mount - class for managing cryptohome user keys and mounts. In Chrome OS, |
6 // users are managed on top of a shared unix user, chronos. When a user logs | 6 // users are managed on top of a shared unix user, chronos. When a user logs |
7 // in, cryptohome mounts their encrypted home directory to /home/chronos/user, | 7 // in, cryptohome mounts their encrypted home directory to /home/chronos/user, |
8 // and Chrome does a profile switch to that directory. All user data in their | 8 // and Chrome does a profile switch to that directory. All user data in their |
9 // home directory is transparently encrypted, providing protection against | 9 // home directory is transparently encrypted, providing protection against |
10 // offline theft. On logout, the mount point is removed. | 10 // offline theft. On logout, the mount point is removed. |
(...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
52 MOUNT_ERROR_KEY_FAILURE = 1 << 1, | 52 MOUNT_ERROR_KEY_FAILURE = 1 << 1, |
53 MOUNT_ERROR_MOUNT_POINT_BUSY = 1 << 2, | 53 MOUNT_ERROR_MOUNT_POINT_BUSY = 1 << 2, |
54 MOUNT_ERROR_TPM_COMM_ERROR = 1 << 3, | 54 MOUNT_ERROR_TPM_COMM_ERROR = 1 << 3, |
55 MOUNT_ERROR_TPM_DEFEND_LOCK = 1 << 4, | 55 MOUNT_ERROR_TPM_DEFEND_LOCK = 1 << 4, |
56 MOUNT_ERROR_USER_DOES_NOT_EXIST = 1 << 5, | 56 MOUNT_ERROR_USER_DOES_NOT_EXIST = 1 << 5, |
57 MOUNT_ERROR_RECREATED = 1 << 31, | 57 MOUNT_ERROR_RECREATED = 1 << 31, |
58 }; | 58 }; |
59 | 59 |
60 struct MountArgs { | 60 struct MountArgs { |
61 bool create_if_missing; | 61 bool create_if_missing; |
62 bool replace_tracked_subdirectories; | |
63 std::vector<std::string> tracked_subdirectories; | |
64 | 62 |
65 MountArgs() | 63 MountArgs() : create_if_missing(false) { |
66 : create_if_missing(false), | |
67 replace_tracked_subdirectories(false) { | |
68 } | |
69 | |
70 void AssignSubdirsNullTerminatedList(const char** tracked_subdirectories) { | |
71 while (*tracked_subdirectories != NULL) { | |
72 this->tracked_subdirectories.push_back(*tracked_subdirectories); | |
73 tracked_subdirectories++; | |
74 } | |
75 } | 64 } |
76 | 65 |
77 void CopyFrom(const MountArgs& rhs) { | 66 void CopyFrom(const MountArgs& rhs) { |
78 this->create_if_missing = rhs.create_if_missing; | 67 this->create_if_missing = rhs.create_if_missing; |
79 this->replace_tracked_subdirectories = rhs.replace_tracked_subdirectories; | |
80 for (std::vector<std::string>::const_iterator itr = | |
81 rhs.tracked_subdirectories.begin(); | |
82 itr != rhs.tracked_subdirectories.end(); | |
83 itr++) { | |
84 this->tracked_subdirectories.push_back(*itr); | |
85 } | |
86 } | 68 } |
87 }; | 69 }; |
88 | 70 |
89 // Sets up Mount with the default locations, username, etc., as defined above. | 71 // Sets up Mount with the default locations, username, etc., as defined above. |
90 Mount(); | 72 Mount(); |
91 | 73 |
92 virtual ~Mount(); | 74 virtual ~Mount(); |
93 | 75 |
94 // Gets the uid/gid of the default user and loads the system salt | 76 // Gets the uid/gid of the default user and loads the system salt |
95 virtual bool Init(); | 77 virtual bool Init(); |
(...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
152 // If the cryptohome did not have tracked directories, but had them untracked, | 134 // If the cryptohome did not have tracked directories, but had them untracked, |
153 // migrate their contents. | 135 // migrate their contents. |
154 // | 136 // |
155 // Parameters | 137 // Parameters |
156 // credentials - The Credentials representing the user | 138 // credentials - The Credentials representing the user |
157 // is_new - True, if the cryptohome is being created and there is | 139 // is_new - True, if the cryptohome is being created and there is |
158 // no need in migration | 140 // no need in migration |
159 virtual bool CreateTrackedSubdirectories(const Credentials& credentials, | 141 virtual bool CreateTrackedSubdirectories(const Credentials& credentials, |
160 bool is_new) const; | 142 bool is_new) const; |
161 | 143 |
162 // Replaces the tracked subdirectories, returning true if a substition was | |
163 // made, or false if the set was the same | |
164 // | |
165 // Parameters | |
166 virtual bool ReplaceTrackedSubdirectories( | |
167 const std::vector<std::string>& tracked_subdirectories, | |
168 SerializedVaultKeyset* serialized) const; | |
169 | |
170 // Cleans (removes) content from unmounted tracked subdirectories | 144 // Cleans (removes) content from unmounted tracked subdirectories |
171 virtual void CleanUnmountedTrackedSubdirectories() const; | 145 virtual void CleanUnmountedTrackedSubdirectories() const; |
172 | 146 |
173 // Tests if the given credentials would decrypt the user's cryptohome key | 147 // Tests if the given credentials would decrypt the user's cryptohome key |
174 // | 148 // |
175 // Parameters | 149 // Parameters |
176 // credentials - The Credentials to attempt to decrypt the key with | 150 // credentials - The Credentials to attempt to decrypt the key with |
177 virtual bool TestCredentials(const Credentials& credentials) const; | 151 virtual bool TestCredentials(const Credentials& credentials) const; |
178 | 152 |
179 // Migrages a user's vault key from one passkey to another | 153 // Migrages a user's vault key from one passkey to another |
(...skipping 313 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
493 // Used to keep track of the current logged-in user | 467 // Used to keep track of the current logged-in user |
494 scoped_ptr<UserSession> default_current_user_; | 468 scoped_ptr<UserSession> default_current_user_; |
495 UserSession* current_user_; | 469 UserSession* current_user_; |
496 | 470 |
497 DISALLOW_COPY_AND_ASSIGN(Mount); | 471 DISALLOW_COPY_AND_ASSIGN(Mount); |
498 }; | 472 }; |
499 | 473 |
500 } // namespace cryptohome | 474 } // namespace cryptohome |
501 | 475 |
502 #endif // CRYPTOHOME_MOUNT_H_ | 476 #endif // CRYPTOHOME_MOUNT_H_ |
OLD | NEW |