Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(71)

Side by Side Diff: src/platform/pam_offline/authenticator.h

Issue 2051003: Initial patch from Will. (Closed) Base URL: ssh://git@chromiumos-git/chromiumos
Patch Set: Address style nits. Created 10 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
(Empty)
1 // Copyright (c) 2009-2010 The Chromium OS Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #ifndef PAM_OFFLINE_AUTHENTICATOR_H_
6 #define PAM_OFFLINE_AUTHENTICATOR_H_
7
8 #include "base/basictypes.h"
9 #include "pam_offline/credentials.h"
10 #include "pam_offline/utils.h"
11
12 namespace pam_offline {
13
14 // System salt and user dirs start here.
15 extern const std::string kDefaultShadowRoot;
16
17 class Authenticator {
18
19 public:
20 // Initializes the authenticator with the default shadow root of
21 // "/home/.shadow/".
22 Authenticator();
23
24 // Initializes the authenticator with an alternative shadow root. The
25 // shadow_root should point to a directory with the system salt and
26 // obfuscated user directories.
27 //
28 // Parameters
29 // shadow_root - A local file system path containing the system salt
30 // and obfuscated user directories.
31 //
32 explicit Authenticator(const std::string &shadow_root);
33
34 ~Authenticator();
35
36 // Loads the system salt, and anything else that might need to be done.
37 // This *must* be called before other methods.
38 //
39 // Returns false if the initialization fails for some reason. May also
40 // spew LOG messages on failure.
41 bool Init();
42
43 // Returns the system salt
44 Blob GetSystemSalt() const;
45
46 // "Wraps" the hashed password using the same algorithm as
47 // cryptohome::password_to_wrapper. This encodes the hashed_password in a
48 // master key specific salt, resulting in the passphrase for the master
49 // key.
50 //
51 // Parameters
52 // master_salt_file - The local filesystem path to the salt file for the
53 // master password that you intend to decrypt.
54 // hashed_password - The user's hashed password, as returned by
55 // Credentials::GetPasswordWeakHash.
56 // iters - The number of wrap iterations to perform. Should be the same
57 // number that were used by the cryptohome script to create the passphrase.
58 //
59 std::string IteratedWrapHashedPassword(const std::string &master_salt_file,
60 const std::string &hashed_password,
61 const int iters) const;
62
63 // Same as above, except with a default iters of 1.
64 std::string WrapHashedPassword(const std::string &master_salt_file,
65 const std::string &hashed_password) const;
66
67 bool TestDecrypt(const std::string passphrase,
68 const Blob salt,
69 const Blob cipher_text) const;
70
71 // Attempts to decrypt a single master key.
72 //
73 // Parameters
74 // master_key_file - The full local filesystem path to the master key.
75 // hashed_password - The hashed password (as returned by
76 // Credentials.GetPasswordWeakHash)
77 //
78 bool TestOneMasterKey(const std::string &master_key_file,
79 const std::string &hashed_password) const;
80
81 // Enumerates all of the master keys (master.0, master.1, etc), looking
82 // for that can be successfully decrypted with the given credentials.
83 //
84 // Parameters
85 // credentials - An object representing the user's credentials.
86 //
87 bool TestAllMasterKeys(const Credentials &credentials) const;
88
89 private:
90 std::string shadow_root_;
91 Blob system_salt_;
92
93 DISALLOW_COPY_AND_ASSIGN(Authenticator);
94 };
95
96 } // namespace pam_offline
97
98 #endif // PAM_OFFLINE_AUTHENTICATOR_H_
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698