OLD | NEW |
(Empty) | |
| 1 // Copyright (c) 2009-2010 The Chromium OS Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 // Mount - class for managing cryptohome user keys and mounts. In Chrome OS, |
| 6 // users are managed on top of a shared unix user, chronos. When a user logs |
| 7 // in, cryptohome mounts their encrypted home directory to /home/chronos/user, |
| 8 // and Chrome does a profile switch to that directory. All user data in their |
| 9 // home directory is transparently encrypted, providing protection against |
| 10 // offline theft. On logout, the mount point is removed. |
| 11 // |
| 12 // Cryptohome manages directories as follows: |
| 13 // |
| 14 // /home/.shadow : Location for the system salt and |
| 15 // individual users' salt/key/vault |
| 16 // /home/.shadow/<salted_hash_of_username> : Each Chrome OS user gets a |
| 17 // directory in the shadow root where |
| 18 // their salts, keys, and vault are |
| 19 // stored. |
| 20 // /home/.shadow/<s_h_o_u>/vault : The user's vault (the encrypted |
| 21 // version of their home directory) |
| 22 // /home/.shadow/<s_h_o_u>/master.X : Vault key at index X. Key indexes |
| 23 // may be used during password |
| 24 // change. The vault key is |
| 25 // encrypted using a key generated |
| 26 // from the user's passkey and the |
| 27 // key-specific salt. |
| 28 // /home/.shadow/<s_h_o_u>/master.X.salt : Salt used in converting the user's |
| 29 // passkey to a passkey wrapper |
| 30 // (what encrypts the vault key) at |
| 31 // index X. |
| 32 // /home/chronos/user : On successful login, the user's |
| 33 // vault directory is mounted here |
| 34 // using the symmetric key decrypted |
| 35 // from master.X by the user's |
| 36 // passkey. |
| 37 // |
| 38 // Offline login and screen unlock is processed through cryptohome using a test |
| 39 // decryption of any of the user's master keys using the passkey provided. |
| 40 // |
| 41 // A user's cryptohome is automatically created when the vault directory for the |
| 42 // user does not exist and the cryptohome service gets a call to mount the |
| 43 // user's home directory. |
| 44 // |
| 45 // Passkey change: <TBD> |
| 46 |
| 47 #ifndef MOUNT_H_ |
| 48 #define MOUNT_H_ |
| 49 |
| 50 #include "base/basictypes.h" |
| 51 #include "base/file_path.h" |
| 52 #include "cryptohome/credentials.h" |
| 53 #include "cryptohome/secure_blob.h" |
| 54 #include "cryptohome/vault_keyset.h" |
| 55 |
| 56 namespace cryptohome { |
| 57 |
| 58 // Default entropy source is used to seed openssl's random number generator |
| 59 extern const std::string kDefaultEntropySource; |
| 60 // The directory to mount the user's cryptohome at |
| 61 extern const std::string kDefaultHomeDir; |
| 62 // The directory containing the system salt and the user vaults |
| 63 extern const std::string kDefaultShadowRoot; |
| 64 // The default shared user (chronos) |
| 65 extern const std::string kDefaultSharedUser; |
| 66 // The default skeleton source (/etc/skel) |
| 67 extern const std::string kDefaultSkeletonSource; |
| 68 // The incognito user |
| 69 extern const std::string kIncognitoUser; |
| 70 // Where to find mtab |
| 71 extern const std::string kMtab; |
| 72 // Openssl-encrypted files start with "Salted__" and an 8-byte salt |
| 73 extern const std::string kOpenSSLMagic; |
| 74 |
| 75 // The Mount class handles mounting/unmounting of the user's cryptohome |
| 76 // directory as well as offline verification of the user's credentials against |
| 77 // the directory's crypto key. |
| 78 class Mount : public EntropySource { |
| 79 public: |
| 80 enum MountError { |
| 81 MOUNT_ERROR_NONE = 0, |
| 82 MOUNT_ERROR_FATAL = 1 << 0, |
| 83 MOUNT_ERROR_KEY_FAILURE = 1 << 1, |
| 84 }; |
| 85 |
| 86 // Sets up Mount with the default locations, username, etc., as defined above. |
| 87 Mount(); |
| 88 |
| 89 // Sets up Mount with non-default locations |
| 90 explicit Mount(const std::string& username, const std::string& entropy_source, |
| 91 const std::string& home_dir, const std::string& shadow_root, |
| 92 const std::string& skel_source); |
| 93 |
| 94 virtual ~Mount(); |
| 95 |
| 96 // Gets the uid/gid of the default user and loads the system salt |
| 97 virtual bool Init(); |
| 98 |
| 99 // Attempts to mount the cryptohome for the given credentials |
| 100 // |
| 101 // Parameters |
| 102 // credentials - The Credentials representing the user |
| 103 // index - The key index to try |
| 104 // error - The specific error condition on failure |
| 105 virtual bool MountCryptohome(const Credentials& credentials, int index, |
| 106 MountError* error = NULL); |
| 107 |
| 108 // Unmounts any mount at the cryptohome mount point |
| 109 virtual bool UnmountCryptohome(); |
| 110 |
| 111 // Remove a user's cryptohome |
| 112 virtual bool RemoveCryptohome(const Credentials& credentials); |
| 113 |
| 114 // Checks if the mount point currently has a mount |
| 115 virtual bool IsCryptohomeMounted(); |
| 116 |
| 117 // Checks if the mount point currently has a mount, and if that mount is for |
| 118 // the specified credentials |
| 119 // |
| 120 // Parameters |
| 121 // credentials - The Credentials for which to test the mount point |
| 122 virtual bool IsCryptohomeMountedForUser(const Credentials& credentials); |
| 123 |
| 124 // Creates the cryptohome salt, key, and vault for the specified credentials |
| 125 // |
| 126 // Parameters |
| 127 // credentials - The Credentials representing the user whose cryptohome |
| 128 // should be created. |
| 129 // index - The key index to generate |
| 130 virtual bool CreateCryptohome(const Credentials& credentials, int index); |
| 131 |
| 132 // Tests if the given credentials would unwrap the user's cryptohome key |
| 133 // |
| 134 // Parameters |
| 135 // credentials - The Credentials to attempt to unwrap the key with |
| 136 virtual bool TestCredentials(const Credentials& credentials); |
| 137 |
| 138 // Migrages a user's vault key from one passkey to another |
| 139 // |
| 140 // Parameters |
| 141 // credentials - The new Credentials for the user |
| 142 // from_key - The old Credentials |
| 143 virtual bool MigratePasskey(const Credentials& credentials, |
| 144 const char* old_key); |
| 145 |
| 146 // Mounts an incognito home directory to the cryptohome mount point |
| 147 virtual bool MountIncognitoCryptohome(); |
| 148 |
| 149 // Returns the system salt |
| 150 virtual SecureBlob GetSystemSalt(); |
| 151 |
| 152 // Used to disable setting vault ownership |
| 153 void set_set_vault_ownership(bool value) { |
| 154 set_vault_ownership_ = value; |
| 155 } |
| 156 |
| 157 private: |
| 158 // Checks if the cryptohome vault exists for the given credentials and creates |
| 159 // it if not (calls CreateCryptohome). |
| 160 // |
| 161 // Parameters |
| 162 // credentials - The Credentials representing the user whose cryptohome |
| 163 // should be ensured. |
| 164 // created (OUT) - Whether the cryptohome was created |
| 165 virtual bool EnsureCryptohome(const Credentials& credentials, |
| 166 bool* created); |
| 167 |
| 168 // Saves the VaultKeyset for the user at the given index |
| 169 // |
| 170 // Parameters |
| 171 // credentials - The Credentials for the user |
| 172 // vault_keyset - The VaultKeyset to save |
| 173 // index - The index to save the VaultKeyset to |
| 174 bool SaveVaultKeyset(const Credentials& credentials, |
| 175 const VaultKeyset& vault_keyset, |
| 176 int index); |
| 177 |
| 178 // Gets the directory in the shadow root where the user's salt, key, and vault |
| 179 // are stored. |
| 180 // |
| 181 // Parameters |
| 182 // credentials - The Credentials representing the user |
| 183 std::string GetUserDirectory(const Credentials& credentials); |
| 184 |
| 185 // Gets the user's key file name at the given index |
| 186 // |
| 187 // Parameters |
| 188 // credentials - The Credentials representing the user |
| 189 // index - The key index to return |
| 190 std::string GetUserKeyFile(const Credentials& credentials, int index); |
| 191 |
| 192 // Gets the user's salt file name at the given index |
| 193 // |
| 194 // Parameters |
| 195 // credentials - The Credentials representing the user |
| 196 // index - The salt index to return |
| 197 std::string GetUserSaltFile(const Credentials& credentials, int index); |
| 198 |
| 199 // Gets the user's vault directory |
| 200 // |
| 201 // Parameters |
| 202 // credentials - The Credentials representing the user |
| 203 std::string GetUserVaultPath(const Credentials& credentials); |
| 204 |
| 205 // Recursively copies directory contents to the destination if the destination |
| 206 // file does not exist. Sets ownership to the default_user_ |
| 207 // |
| 208 // Parameters |
| 209 // destination - Where to copy files to |
| 210 // source - Where to copy files from |
| 211 void RecursiveCopy(const FilePath& destination, const FilePath& source); |
| 212 |
| 213 // Copies the skeleton directory to the user's cryptohome if that user is |
| 214 // currently mounted |
| 215 // |
| 216 // Parameters |
| 217 // credentials - The Credentials representing the user |
| 218 void CopySkeletonForUser(const Credentials& credentials); |
| 219 |
| 220 // Copies the skeleton directory to the cryptohome mount point |
| 221 // |
| 222 void CopySkeleton(); |
| 223 |
| 224 // Returns the specified number of random bytes |
| 225 // |
| 226 // Parameters |
| 227 // rand (IN/OUT) - Where to store the bytes, must be a least length bytes |
| 228 // length - The number of random bytes to return |
| 229 void GetSecureRandom(unsigned char *rand, int length) const; |
| 230 |
| 231 // Creates a new master key and stores it in the master key file for a user |
| 232 // |
| 233 // Parameters |
| 234 // credentials - The Credentials representing the user |
| 235 // index - the key index to generate |
| 236 bool CreateMasterKey(const Credentials& credentials, int index); |
| 237 |
| 238 // Converts the passkey to a symmetric key used to decrypt the user's |
| 239 // cryptohome key. |
| 240 // |
| 241 // Parameters |
| 242 // passkey - The passkey (hash, currently) to create the key from |
| 243 // salt - The salt used in creating the key |
| 244 // iters - The hash iterations to use in generating the key |
| 245 SecureBlob PasskeyToWrapper(const chromeos::Blob& passkey, |
| 246 const chromeos::Blob& salt, int iters); |
| 247 |
| 248 // Returns the user's salt at the given index |
| 249 // |
| 250 // Parameters |
| 251 // credentials - The Credentials representing the user |
| 252 // index - The salt index to return |
| 253 // force - Whether to force creation of a new salt |
| 254 SecureBlob GetUserSalt(const Credentials& credentials, int index, |
| 255 bool force_new = false); |
| 256 |
| 257 // Gets the salt in the specified file, creating it if it does not exist |
| 258 // |
| 259 // Parameters |
| 260 // path - The path of the salt file |
| 261 // length - The length of the salt to create if it doesn't exist |
| 262 // force - Whether to force creation of a new salt |
| 263 SecureBlob GetOrCreateSalt(const FilePath& path, int length, |
| 264 bool force_new); |
| 265 |
| 266 // Loads the contents of the specified file as a blob |
| 267 // |
| 268 // Parameters |
| 269 // path - The file path to read from |
| 270 // blob (OUT) - Where to store the loaded file bytes |
| 271 bool LoadFileBytes(const FilePath& path, SecureBlob& blob); |
| 272 |
| 273 // Unmount a mount point |
| 274 // |
| 275 // Parameters |
| 276 // path - The path to unmount |
| 277 // lazy - Whether to perform a lazy unmount |
| 278 // was_busy (OUT) - Whether the mount point was busy |
| 279 bool Unmount(const std::string& path, bool lazy, bool* was_busy); |
| 280 |
| 281 // Attempt to unwrap the key at the specified path |
| 282 // |
| 283 // Parameters |
| 284 // path - The file path for the master key |
| 285 // passkey - The passkey to use (converted to a passkey wrapper by this |
| 286 // method) |
| 287 // key (OUT) - Where to store the cryptohome key on success |
| 288 bool UnwrapMasterKey(const FilePath& path, |
| 289 const chromeos::Blob& passkey, |
| 290 VaultKeyset* key); |
| 291 |
| 292 // Adds the specified key to the ecryptfs keyring so that the cryptohome can |
| 293 // be mounted. Clears the user keyring first. |
| 294 // |
| 295 // Parameters |
| 296 // vault_keyset - The keyset to add |
| 297 // key_signature (OUT) - The signature of the cryptohome key that should be |
| 298 // used in subsequent calls to mount(2) |
| 299 // fnek_signature (OUT) - The signature of the cryptohome filename |
| 300 // encryption key that should be used in subsequent calls to mount(2) |
| 301 bool AddKeyToEcryptfsKeyring(const VaultKeyset& vault_keyset, |
| 302 std::string* key_signature, |
| 303 std::string* fnek_signature); |
| 304 |
| 305 // Adds the specified key to the user keyring |
| 306 // |
| 307 // Parameters |
| 308 // key - The key to add |
| 309 // key_sig - The key's (ascii) signature |
| 310 // salt - The salt |
| 311 bool PushVaultKey(const SecureBlob& key, const std::string& key_sig, |
| 312 const SecureBlob& salt); |
| 313 |
| 314 // Encodes a binary blob to hex-ascii |
| 315 // |
| 316 // Parameters |
| 317 // blob - The binary blob to convert |
| 318 // buffer (IN/OUT) - Where to store the converted blob |
| 319 // buffer_length - The size of the buffer |
| 320 void AsciiEncodeToBuffer(const chromeos::Blob& blob, char *buffer, |
| 321 int buffer_length); |
| 322 |
| 323 // Terminates or kills processes (except the current) that have files open on |
| 324 // the specified path. Returns true if it tried to kill any processes. |
| 325 // |
| 326 // Parameters |
| 327 // path - The path to check if the process has open files on |
| 328 // hard - If true, send a SIGKILL instead of SIGTERM |
| 329 bool TerminatePidsWithOpenFiles(const std::string& path, bool hard); |
| 330 |
| 331 // Returns a vector of PIDs that have files open on the given path |
| 332 // |
| 333 // Parameters |
| 334 // path - The path to check if the process has open files on |
| 335 std::vector<pid_t> LookForOpenFiles(const std::string& path); |
| 336 |
| 337 // Terminates or kills processes (except the current) that have the user ID |
| 338 // specified. Returns true if it tried to kill any processes. |
| 339 // |
| 340 // Parameters |
| 341 // path - The path to check if the process has open files on |
| 342 // hard - If true, send a SIGKILL instead of SIGTERM |
| 343 bool TerminatePidsForUser(const uid_t uid, bool hard); |
| 344 |
| 345 // Returns a vector of PIDs whose Real, Effective, Saved, or File UID is equal |
| 346 // to that requested |
| 347 // |
| 348 // Parameters |
| 349 // uid - the user ID to search for |
| 350 std::vector<pid_t> GetPidsForUser(uid_t uid); |
| 351 |
| 352 // The uid of the shared user. Ownership of the user's vault is set to this |
| 353 // uid. |
| 354 uid_t default_user_; |
| 355 |
| 356 // The gid of the shared user. Ownership of the user's vault is set to this |
| 357 // gid. |
| 358 gid_t default_group_; |
| 359 |
| 360 // The shared user name. This user's uid/gid is used for vault ownership. |
| 361 const std::string default_username_; |
| 362 |
| 363 // The file path to load entropy from. Defaults to /dev/urandom |
| 364 const std::string entropy_source_; |
| 365 |
| 366 // The file path to mount cryptohome at. Defaults to /home/chronos/user |
| 367 const std::string home_dir_; |
| 368 |
| 369 // Where to store the system salt and user salt/key/vault. Defaults to |
| 370 // /home/chronos/shadow |
| 371 const std::string shadow_root_; |
| 372 |
| 373 // Where the skeleton for the user's cryptohome is copied from |
| 374 const std::string skel_source_; |
| 375 |
| 376 // Stores the global system salt |
| 377 cryptohome::SecureBlob system_salt_; |
| 378 |
| 379 // Whether to change ownership of the vault file |
| 380 bool set_vault_ownership_; |
| 381 |
| 382 DISALLOW_COPY_AND_ASSIGN(Mount); |
| 383 }; |
| 384 |
| 385 } |
| 386 |
| 387 #endif // MOUNT_H_ |
OLD | NEW |