Chromium Code Reviews Chromium Code Reviews
Issue 6729012:
cryptohome: Add new platform functions (Closed)
Base URL: ssh://git@gitrw.chromium.org:9222/cryptohome.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2009-2010 The Chromium OS Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium OS Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // Contains the implementation of class Platform | 5 // Contains the implementation of class Platform |
| 6 | 6 |
| 7 #include "platform.h" | 7 #include "platform.h" |
| 8 | 8 |
| 9 #include <errno.h> | 9 #include <errno.h> |
| 10 #include <grp.h> | |
| 10 #include <limits.h> | 11 #include <limits.h> |
| 11 #include <pwd.h> | 12 #include <pwd.h> |
| 12 #include <signal.h> | 13 #include <signal.h> |
| 13 #include <sys/mount.h> | 14 #include <sys/mount.h> |
| 14 #include <sys/stat.h> | 15 #include <sys/stat.h> |
| 15 #include <sys/statvfs.h> | 16 #include <sys/statvfs.h> |
| 16 #include <sys/types.h> | 17 #include <sys/types.h> |
| 18 #include <sys/wait.h> | |
| 17 | 19 |
| 18 #include <base/file_util.h> | 20 #include <base/file_util.h> |
| 19 #include <base/string_util.h> | 21 #include <base/string_util.h> |
| 20 | 22 |
| 21 // Included last to avoid redefinition problems | 23 // Included last to avoid redefinition problems |
| 22 extern "C" { | 24 extern "C" { |
| 23 #include <keyutils.h> | 25 #include <keyutils.h> |
| 24 } | 26 } |
| 25 | 27 |
| 26 using std::string; | 28 using std::string; |
| (...skipping 303 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 330 } | 332 } |
| 331 uid_t check_uid = static_cast<uid_t>(atoi(value.c_str())); | 333 uid_t check_uid = static_cast<uid_t>(atoi(value.c_str())); |
| 332 if (check_uid == uid) { | 334 if (check_uid == uid) { |
| 333 pids->push_back(pid); | 335 pids->push_back(pid); |
| 334 break; | 336 break; |
| 335 } | 337 } |
| 336 } | 338 } |
| 337 } | 339 } |
| 338 } | 340 } |
| 339 | 341 |
| 340 bool Platform::SetOwnership(const std::string& directory, uid_t user_id, | 342 bool Platform::SetOwnership(const std::string& path, uid_t user_id, |
| 341 gid_t group_id) { | 343 gid_t group_id) { |
| 342 if (chown(directory.c_str(), user_id, group_id)) { | 344 if (chown(path.c_str(), user_id, group_id)) { |
| 343 return false; | 345 return false; |
| 344 } | 346 } |
| 345 return true; | 347 return true; |
| 346 } | 348 } |
| 347 | 349 |
| 350 bool Platform::SetOwnershipRecursive(const std::string& directory, | |
| 351 uid_t user_id, | |
| 352 gid_t group_id) { | |
| 353 std::vector<std::string> to_recurse; | |
| 354 to_recurse.push_back(directory); | |
| 355 while (to_recurse.size()) { | |
| 356 std::string current_dir = to_recurse.back(); | |
| 357 to_recurse.pop_back(); | |
| 358 | |
| 359 FilePath next_path; | |
| 360 | |
| 361 // Push the subdirectories to the back of the vector | |
| 362 file_util::FileEnumerator dir_enumerator( | |
| 363 FilePath(current_dir), | |
| 364 false, // do not recurse into subdirectories. | |
| 365 file_util::FileEnumerator::DIRECTORIES); | |
|
Will Drewry
2011/03/25 21:02:09
Any idea if this magically follows symlink dirs to
gauravsh
2011/03/25 23:30:46
I looked at the source, and unless the 4th argumen
| |
| 366 while (!(next_path = dir_enumerator.Next()).empty()) { | |
| 367 to_recurse.push_back(next_path.value()); | |
| 368 } | |
| 369 | |
| 370 // Handle the files | |
| 371 file_util::FileEnumerator file_enumerator(FilePath(current_dir), false, | |
| 372 file_util::FileEnumerator::FILES); | |
| 373 while (!(next_path = file_enumerator.Next()).empty()) { | |
| 374 if (!SetOwnership(next_path.value(), user_id, group_id)) { | |
| 375 LOG(ERROR) << "Couldn't change owner (" << user_id << ":" << group_id | |
| 376 << ") of path: " << next_path.value().c_str(); | |
| 377 return false; | |
| 378 } | |
| 379 } | |
| 380 | |
| 381 // Set permissions on the directory itself | |
| 382 if (!SetOwnership(current_dir, user_id, group_id)) { | |
| 383 LOG(ERROR) << "Couldn't change owner (" << user_id << ":" << group_id | |
| 384 << ") of path: " << current_dir.c_str(); | |
| 385 return false; | |
| 386 } | |
| 387 } | |
| 388 return true; | |
| 389 } | |
| 390 | |
| 348 int Platform::SetMask(int new_mask) { | 391 int Platform::SetMask(int new_mask) { |
| 349 return umask(new_mask); | 392 return umask(new_mask); |
| 350 } | 393 } |
| 351 | 394 |
| 352 bool Platform::GetUserId(const std::string& user, uid_t* user_id, | 395 bool Platform::GetUserId(const std::string& user, uid_t* user_id, |
| 353 gid_t* group_id) { | 396 gid_t* group_id) { |
| 354 // Load the passwd entry | 397 // Load the passwd entry |
| 355 long user_name_length = sysconf(_SC_GETPW_R_SIZE_MAX); | 398 long user_name_length = sysconf(_SC_GETPW_R_SIZE_MAX); |
| 356 if(user_name_length == -1) { | 399 if(user_name_length == -1) { |
| 357 user_name_length = kDefaultPwnameLength; | 400 user_name_length = kDefaultPwnameLength; |
| 358 } | 401 } |
| 359 struct passwd user_info, *user_infop; | 402 struct passwd user_info, *user_infop; |
| 360 std::vector<char> user_name_buf(user_name_length); | 403 std::vector<char> user_name_buf(user_name_length); |
| 361 if (getpwnam_r(user.c_str(), &user_info, &user_name_buf[0], | 404 if (getpwnam_r(user.c_str(), &user_info, &user_name_buf[0], |
| 362 user_name_length, &user_infop)) { | 405 user_name_length, &user_infop)) { |
| 363 return false; | 406 return false; |
| 364 } | 407 } |
| 365 *user_id = user_info.pw_uid; | 408 *user_id = user_info.pw_uid; |
| 366 *group_id = user_info.pw_gid; | 409 *group_id = user_info.pw_gid; |
| 367 return true; | 410 return true; |
| 368 } | 411 } |
| 369 | 412 |
| 413 bool Platform::GetGroupId(const std::string& group, gid_t* group_id) { | |
| 414 // Load the group entry | |
| 415 long group_name_length = sysconf(_SC_GETGR_R_SIZE_MAX); | |
| 416 if(group_name_length == -1) { | |
|
Will Drewry
2011/03/25 21:02:09
style nit: if (
gauravsh
2011/03/25 23:30:46
Done.
| |
| 417 group_name_length = kDefaultPwnameLength; | |
| 418 } | |
| 419 struct group group_info, *group_infop; | |
| 420 std::vector<char> group_name_buf(group_name_length); | |
| 421 if (getgrnam_r(group.c_str(), &group_info, &group_name_buf[0], | |
| 422 group_name_length, &group_infop)) { | |
| 423 return false; | |
| 424 } | |
| 425 *group_id = group_info.gr_gid; | |
| 426 return true; | |
| 427 } | |
| 428 | |
| 370 int64 Platform::AmountOfFreeDiskSpace(const string& path) const { | 429 int64 Platform::AmountOfFreeDiskSpace(const string& path) const { |
| 371 struct statvfs stats; | 430 struct statvfs stats; |
| 372 if (statvfs(path.c_str(), &stats) != 0) { | 431 if (statvfs(path.c_str(), &stats) != 0) { |
| 373 return -1; | 432 return -1; |
| 374 } | 433 } |
| 375 return static_cast<int64>(stats.f_bavail) * stats.f_frsize; | 434 return static_cast<int64>(stats.f_bavail) * stats.f_frsize; |
| 376 } | 435 } |
| 377 | 436 |
| 378 void Platform::ClearUserKeyring() { | 437 void Platform::ClearUserKeyring() { |
| 379 keyctl(KEYCTL_CLEAR, KEY_SPEC_USER_KEYRING); | 438 keyctl(KEYCTL_CLEAR, KEY_SPEC_USER_KEYRING); |
| 380 } | 439 } |
| 381 | 440 |
| 441 bool Platform::Symlink(const std::string& from, const std::string& to) { | |
| 442 int rc = symlink(from.c_str(), to.c_str()); | |
| 443 if (rc && rc != EEXIST) { | |
| 444 LOG(ERROR) << "Error creating symbolic link from " << from << " to " << to | |
|
Will Drewry
2011/03/25 21:02:09
PLOG will give the errno conversion too.
gauravsh
2011/03/25 23:30:46
Done.
| |
| 445 << ", rc=" << rc; | |
| 446 return false; | |
| 447 } | |
| 448 return true; | |
| 449 } | |
| 450 | |
| 451 bool Platform::Exec(const std::string& command, | |
| 452 const std::vector<std::string>& args, | |
| 453 uid_t uid, | |
| 454 gid_t gid) { | |
| 455 pid_t child_pid = -1; | |
| 456 child_pid = vfork(); | |
| 457 if (child_pid == 0) { | |
| 458 if (uid != static_cast<uid_t>(-1)) { | |
| 459 if (setresuid(uid, uid, uid)) { | |
| 460 _exit(1); | |
| 461 } | |
| 462 } | |
| 463 if (gid != static_cast<gid_t>(-1)) { | |
|
Will Drewry
2011/03/25 21:02:09
Does setresuid need to be called last?
gauravsh
2011/03/25 23:30:46
I do not think it matters. (Didn't find anything i
| |
| 464 if (setresgid(gid, gid, gid)) { | |
| 465 _exit(2); | |
| 466 } | |
| 467 } | |
| 468 const char** local_args = (const char**) calloc(args.size() + 1, | |
| 469 sizeof(char*)); | |
| 470 int index = 0; | |
| 471 std::vector<std::string>::const_iterator it; | |
| 472 for (it = args.begin(); it != args.end(); ++it, ++index) { | |
| 473 local_args[index] = const_cast<char*>(it->c_str()); | |
| 474 } | |
| 475 execve(command.c_str(), const_cast<char* const*>(local_args), NULL); | |
|
Will Drewry
2011/03/25 21:02:09
Worth a PLOG(ERROR) here if execve fails?
gauravsh
2011/03/25 23:30:46
Done.
| |
| 476 _exit(3); | |
| 477 } else if (child_pid != -1) { | |
| 478 int status = 0; | |
| 479 do { | |
| 480 pid_t term_pid = waitpid(child_pid, &status, WUNTRACED | WCONTINUED); | |
| 481 if (term_pid == -1) { | |
| 482 return false; | |
| 483 } | |
| 484 } while (!WIFEXITED(status) && !WIFSIGNALED(status)); | |
| 485 if (WIFEXITED(status) && WEXITSTATUS(status) == 0) { | |
| 486 return true; | |
| 487 } | |
|
Will Drewry
2011/03/25 21:02:09
If not, we could check for exit status 3 here.
| |
| 488 } | |
| 489 return false; | |
|
Will Drewry
2011/03/25 21:02:09
Might be worth doing a PLOG() before return false
gauravsh
2011/03/25 23:30:46
Done.
| |
| 490 } | |
| 491 | |
| 382 } // namespace cryptohome | 492 } // namespace cryptohome |
| OLD | NEW |
