Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(350)

Side by Side Diff: src/platform/cryptohome/bin/mount

Issue 2051003: Initial patch from Will. (Closed) Base URL: ssh://git@chromiumos-git/chromiumos
Patch Set: Address style nits. Created 10 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
(Empty)
1 #!/bin/bash
2 # Copyright (c) 2009 The Chromium OS Authors. All rights reserved.
3 # Use of this source code is governed by a BSD-style license that can be
4 # found in the LICENSE file.
5
6 set -e # exit on failure
7 set -E # share the error handler
8 set -u # require all variables to be defined
9 USERID=""
10 PASSWORD=""
11
12 function error_handler() {
13 if ! typeset -F cryptohome::log; then
14 echo "An error occurred before/in cryptohome." 1>&2
15 # Assume common is ok, but maybe not mount options
16 /bin/mount -t tmpfs "$INCOGNITO_MOUNT_NAME" \
17 -onoexec,nosuid,nodev "$DEFAULT_MOUNT_POINT"
18 /bin/chown $DEFAULT_USER $DEFAULT_MOUNT_POINT
19 exit 1
20 fi
21
22 local image="$IMAGE_DIR/${USERID}/image"
23 cryptohome::log "entering the mount error_handler ($image)"
24 # We don't want to error out again if close fails
25 cryptohome::close || $true
26 # Same goes for detach
27 cryptohome::detach || $true
28 if [[ -n "$image" ]]; then
29 cryptohome::log "removing the failed image: $image"
30 $rm -f $image
31 fi
32 cryptohome::log "attempting to create a new image..."
33 # Let's try a new image. If that fails, use the exit trap.
34 trap second_chance EXIT
35 cryptohome::mount_or_create "$USERID" "$PASSWORD"
36 trap - EXIT
37 cryptohome::log "new image created and mounted successfully"
38 cryptohome::log "mount completed"
39 $exit 0
40 }
41 # TODO: move traps into a single call
42 trap error_handler ERR;
43
44 function incognito_error() {
45 cryptohome::log "failed to mount incognito!"
46 exit 1
47 }
48
49 function incognito_mount() {
50 trap incognito_error ERR;
51 $mount -t tmpfs -o"${MOUNT_OPTIONS}" "$INCOGNITO_MOUNT_NAME" \
52 $DEFAULT_MOUNT_POINT
53 $chown ${DEFAULT_USER}:${DEFAULT_USER} $DEFAULT_MOUNT_POINT
54 cryptohome::log "incognito mount completed"
55 }
56
57 function second_chance() {
58 cryptohome::log "new image creation failed (again)"
59 cryptohome::log "falling back to incognito mode"
60 incognito_mount
61 exit 0
62 }
63
64 function mount_main() {
65 # This catches the unexported CHROMEOS_USER. A defined, but empty
66 # CHROMEOS_USER will pass through and be caught later.
67 if ! typeset -p CHROMEOS_USER &>/dev/null ; then
68 cryptohome::log "CHROMEOS_USER not exported."
69 cryptohome::log "Assuming incognito mode..."
70 CHROMEOS_USER="$INCOGNITO_USER"
71 fi
72
73 # Support a file to disable encryption for given users.
74 if $test -n "$DISABLED_ENCRYPTION_FILE" && \
75 $test -e "$DISABLED_ENCRYPTION_FILE"; then
76 cryptohome::log "disabled_encryption_file present"
77 if $grep -qEe "\\b${CHROMEOS_USER}\\b" "$DISABLED_ENCRYPTION_FILE"; then
78 cryptohome::log "$CHROMEOS_USER has opted out of encryption"
79 return 0
80 fi
81 fi
82
83 # Cut down on the noise from pam-mount but only do so on a pam_google
84 # login so that we don't blow away old logs during a debug login.
85 $exec 1>$STDOUT_FILE
86 $exec 2>$STDERR_FILE
87 if [[ "$CHROMEOS_USER" == "$INCOGNITO_USER" ]]; then
88 incognito_mount
89 return 0
90 fi
91 USERID="$($cat $IMAGE_DIR/salt <($echo -n $CHROMEOS_USER) | $openssl sha1)"
92 PASSWORD="$($cat)"
93 cryptohome::mount_or_create "$USERID" "$PASSWORD"
94 }
95
96 # Invoke main.
97 if [[ "${BASH_SOURCE[0]}" == "$0" ]]; then
98 source "$(dirname "$0")/../lib/chromeos-cryptohome/common"
99 utils::declare_commands exit
100 # Everything is done by default at present.
101 mount_main
102 fi
103
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698