| OLD | NEW |
|---|
| (Empty) |
| 1 #!/bin/bash | |
| 2 # Copyright (c) 2009 The Chromium OS Authors. All rights reserved. | |
| 3 # Use of this source code is governed by a BSD-style license that can be | |
| 4 # found in the LICENSE file. | |
| 5 | |
| 6 set -e # exit on failure | |
| 7 set -E # share the error handler | |
| 8 set -u # require all variables to be defined | |
| 9 USERID="" | |
| 10 PASSWORD="" | |
| 11 | |
| 12 function error_handler() { | |
| 13 if ! typeset -F cryptohome::log; then | |
| 14 echo "An error occurred before/in cryptohome." 1>&2 | |
| 15 # Assume common is ok, but maybe not mount options | |
| 16 /bin/mount -t tmpfs "$INCOGNITO_MOUNT_NAME" \ | |
| 17 -onoexec,nosuid,nodev "$DEFAULT_MOUNT_POINT" | |
| 18 /bin/chown $DEFAULT_USER $DEFAULT_MOUNT_POINT | |
| 19 exit 1 | |
| 20 fi | |
| 21 | |
| 22 local image="$IMAGE_DIR/${USERID}/image" | |
| 23 cryptohome::log "entering the mount error_handler ($image)" | |
| 24 # We don't want to error out again if close fails | |
| 25 cryptohome::close || $true | |
| 26 # Same goes for detach | |
| 27 cryptohome::detach || $true | |
| 28 if [[ -n "$image" ]]; then | |
| 29 cryptohome::log "removing the failed image: $image" | |
| 30 $rm -f $image | |
| 31 fi | |
| 32 cryptohome::log "attempting to create a new image..." | |
| 33 # Let's try a new image. If that fails, use the exit trap. | |
| 34 trap second_chance EXIT | |
| 35 cryptohome::mount_or_create "$USERID" "$PASSWORD" | |
| 36 trap - EXIT | |
| 37 cryptohome::log "new image created and mounted successfully" | |
| 38 cryptohome::log "mount completed" | |
| 39 $exit 0 | |
| 40 } | |
| 41 # TODO: move traps into a single call | |
| 42 trap error_handler ERR; | |
| 43 | |
| 44 function incognito_error() { | |
| 45 cryptohome::log "failed to mount incognito!" | |
| 46 exit 1 | |
| 47 } | |
| 48 | |
| 49 function incognito_mount() { | |
| 50 trap incognito_error ERR; | |
| 51 $mount -t tmpfs -o"${MOUNT_OPTIONS}" "$INCOGNITO_MOUNT_NAME" \ | |
| 52 $DEFAULT_MOUNT_POINT | |
| 53 $chown ${DEFAULT_USER}:${DEFAULT_USER} $DEFAULT_MOUNT_POINT | |
| 54 cryptohome::log "incognito mount completed" | |
| 55 } | |
| 56 | |
| 57 function second_chance() { | |
| 58 cryptohome::log "new image creation failed (again)" | |
| 59 cryptohome::log "falling back to incognito mode" | |
| 60 incognito_mount | |
| 61 exit 0 | |
| 62 } | |
| 63 | |
| 64 function mount_main() { | |
| 65 # This catches the unexported CHROMEOS_USER. A defined, but empty | |
| 66 # CHROMEOS_USER will pass through and be caught later. | |
| 67 if ! typeset -p CHROMEOS_USER &>/dev/null ; then | |
| 68 cryptohome::log "CHROMEOS_USER not exported." | |
| 69 cryptohome::log "Assuming incognito mode..." | |
| 70 CHROMEOS_USER="$INCOGNITO_USER" | |
| 71 fi | |
| 72 | |
| 73 # Support a file to disable encryption for given users. | |
| 74 if $test -n "$DISABLED_ENCRYPTION_FILE" && \ | |
| 75 $test -e "$DISABLED_ENCRYPTION_FILE"; then | |
| 76 cryptohome::log "disabled_encryption_file present" | |
| 77 if $grep -qEe "\\b${CHROMEOS_USER}\\b" "$DISABLED_ENCRYPTION_FILE"; then | |
| 78 cryptohome::log "$CHROMEOS_USER has opted out of encryption" | |
| 79 return 0 | |
| 80 fi | |
| 81 fi | |
| 82 | |
| 83 # Cut down on the noise from pam-mount but only do so on a pam_google | |
| 84 # login so that we don't blow away old logs during a debug login. | |
| 85 $exec 1>$STDOUT_FILE | |
| 86 $exec 2>$STDERR_FILE | |
| 87 if [[ "$CHROMEOS_USER" == "$INCOGNITO_USER" ]]; then | |
| 88 incognito_mount | |
| 89 return 0 | |
| 90 fi | |
| 91 USERID="$($cat $IMAGE_DIR/salt <($echo -n $CHROMEOS_USER) | $openssl sha1)" | |
| 92 PASSWORD="$($cat)" | |
| 93 cryptohome::mount_or_create "$USERID" "$PASSWORD" | |
| 94 } | |
| 95 | |
| 96 # Invoke main. | |
| 97 if [[ "${BASH_SOURCE[0]}" == "$0" ]]; then | |
| 98 source "$(dirname "$0")/../lib/chromeos-cryptohome/common" | |
| 99 utils::declare_commands exit | |
| 100 # Everything is done by default at present. | |
| 101 mount_main | |
| 102 fi | |
| 103 | |
| OLD | NEW |
|---|
Chromium Code Reviews
