| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright (c) 2009-2010 The Chromium OS Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #ifndef PAM_OFFLINE_AUTHENTICATOR_H_ | |
| 6 #define PAM_OFFLINE_AUTHENTICATOR_H_ | |
| 7 | |
| 8 #include "base/basictypes.h" | |
| 9 #include "pam_offline/credentials.h" | |
| 10 #include "pam_offline/utils.h" | |
| 11 | |
| 12 namespace pam_offline { | |
| 13 | |
| 14 // System salt and user dirs start here. | |
| 15 extern const std::string kDefaultShadowRoot; | |
| 16 | |
| 17 class Authenticator { | |
| 18 | |
| 19 public: | |
| 20 // Initializes the authenticator with the default shadow root of | |
| 21 // "/home/.shadow/". | |
| 22 Authenticator(); | |
| 23 | |
| 24 // Initializes the authenticator with an alternative shadow root. The | |
| 25 // shadow_root should point to a directory with the system salt and | |
| 26 // obfuscated user directories. | |
| 27 // | |
| 28 // Parameters | |
| 29 // shadow_root - A local file system path containing the system salt | |
| 30 // and obfuscated user directories. | |
| 31 // | |
| 32 explicit Authenticator(const std::string &shadow_root); | |
| 33 | |
| 34 ~Authenticator(); | |
| 35 | |
| 36 // Loads the system salt, and anything else that might need to be done. | |
| 37 // This *must* be called before other methods. | |
| 38 // | |
| 39 // Returns false if the initialization fails for some reason. May also | |
| 40 // spew LOG messages on failure. | |
| 41 bool Init(); | |
| 42 | |
| 43 // Returns the system salt | |
| 44 Blob GetSystemSalt() const; | |
| 45 | |
| 46 // "Wraps" the hashed password using the same algorithm as | |
| 47 // cryptohome::password_to_wrapper. This encodes the hashed_password in a | |
| 48 // master key specific salt, resulting in the passphrase for the master | |
| 49 // key. | |
| 50 // | |
| 51 // Parameters | |
| 52 // master_salt_file - The local filesystem path to the salt file for the | |
| 53 // master password that you intend to decrypt. | |
| 54 // hashed_password - The user's hashed password, as returned by | |
| 55 // Credentials::GetPasswordWeakHash. | |
| 56 // iters - The number of wrap iterations to perform. Should be the same | |
| 57 // number that were used by the cryptohome script to create the passphrase. | |
| 58 // | |
| 59 std::string IteratedWrapHashedPassword(const std::string &master_salt_file, | |
| 60 const std::string &hashed_password, | |
| 61 const int iters) const; | |
| 62 | |
| 63 // Same as above, except with a default iters of 1. | |
| 64 std::string WrapHashedPassword(const std::string &master_salt_file, | |
| 65 const std::string &hashed_password) const; | |
| 66 | |
| 67 bool TestDecrypt(const std::string passphrase, | |
| 68 const Blob salt, | |
| 69 const Blob cipher_text) const; | |
| 70 | |
| 71 // Attempts to decrypt a single master key. | |
| 72 // | |
| 73 // Parameters | |
| 74 // master_key_file - The full local filesystem path to the master key. | |
| 75 // hashed_password - The hashed password (as returned by | |
| 76 // Credentials.GetPasswordWeakHash) | |
| 77 // | |
| 78 bool TestOneMasterKey(const std::string &master_key_file, | |
| 79 const std::string &hashed_password) const; | |
| 80 | |
| 81 // Enumerates all of the master keys (master.0, master.1, etc), looking | |
| 82 // for that can be successfully decrypted with the given credentials. | |
| 83 // | |
| 84 // Parameters | |
| 85 // credentials - An object representing the user's credentials. | |
| 86 // | |
| 87 bool TestAllMasterKeys(const Credentials &credentials) const; | |
| 88 | |
| 89 private: | |
| 90 std::string shadow_root_; | |
| 91 Blob system_salt_; | |
| 92 | |
| 93 DISALLOW_COPY_AND_ASSIGN(Authenticator); | |
| 94 }; | |
| 95 | |
| 96 } // namespace pam_offline | |
| 97 | |
| 98 #endif // PAM_OFFLINE_AUTHENTICATOR_H_ | |
| OLD | NEW |
|---|
Chromium Code Reviews
