Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(88)

Unified Diff: src/platform/cryptohome/service.cc

Issue 2051003: Initial patch from Will. (Closed) Base URL: ssh://git@chromiumos-git/chromiumos
Patch Set: Address style nits. Created 10 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: src/platform/cryptohome/service.cc
diff --git a/src/platform/cryptohome/service.cc b/src/platform/cryptohome/service.cc
index b4d89bc5001073ef49707aa648da9214a383b49b..bbe5c35c536e045e911278c642b77bb9904c1034 100644
--- a/src/platform/cryptohome/service.cc
+++ b/src/platform/cryptohome/service.cc
@@ -8,9 +8,10 @@
#include <stdio.h>
#include <stdlib.h>
-#include "cryptohome/authenticator.h"
#include "cryptohome/interface.h"
-#include "cryptohome/username_passhash.h"
+#include "cryptohome/mount.h"
+#include "cryptohome/secure_blob.h"
+#include "cryptohome/username_passkey.h"
// Forcibly namespace the dbus-bindings generated server bindings instead of
// modifying the files afterward.
@@ -22,25 +23,25 @@ namespace gobject { // NOLINT
namespace cryptohome {
-const char *Service::kDefaultMountCommand = "/usr/sbin/mount.cryptohome";
-const char *Service::kDefaultUnmountCommand = "/usr/sbin/umount.cryptohome";
-const char *Service::kDefaultIsMountedCommand =
- "/bin/mount | /bin/grep -q ' /home/chronos/user '";
-
Service::Service() : loop_(NULL),
- auth_(new Authenticator),
cryptohome_(NULL),
- mount_command_(kDefaultMountCommand),
- unmount_command_(kDefaultUnmountCommand),
- is_mounted_command_(kDefaultIsMountedCommand) { }
+ system_salt_(),
+ mount_(NULL) { }
+
Service::~Service() {
if (loop_)
g_main_loop_unref(loop_);
if (cryptohome_)
g_object_unref(cryptohome_);
+ if (mount_)
+ delete mount_;
}
bool Service::Initialize() {
+ if(mount_ == NULL) {
+ mount_ = new cryptohome::Mount();
+ mount_->Init();
+ }
// Install the type-info for the service with dbus.
dbus_g_object_type_install_info(gobject::cryptohome_get_type(),
&gobject::dbus_glib_cryptohome_object_info);
@@ -70,18 +71,48 @@ gboolean Service::CheckKey(gchar *userid,
gchar *key,
gboolean *OUT_success,
GError **error) {
- UsernamePasshash creds(userid, strlen(userid), key, strlen(key));
- if (!auth_->Init()) {
- *OUT_success = FALSE;
- return TRUE;
+ UsernamePasskey credentials(userid, strlen(userid),
+ chromeos::Blob(key, key + strlen(key)));
+
+ // TODO(fes): Handle CHROMEOS_PAM_LOCALACCOUNT
+ *OUT_success = mount_->TestCredentials(credentials);
+ return TRUE;
+}
+
+gboolean Service::MigrateKey(gchar *userid,
+ gchar *from_key,
+ gchar *to_key,
+ gboolean *OUT_success,
+ GError **error) {
+ UsernamePasskey credentials(userid, strlen(userid),
+ chromeos::Blob(to_key, to_key + strlen(to_key)));
+
+ *OUT_success = mount_->MigratePasskey(credentials, from_key);
+ return TRUE;
+}
+
+gboolean Service::Remove(gchar *userid,
+ gboolean *OUT_success,
+ GError **error) {
+ UsernamePasskey credentials(userid, strlen(userid),
+ chromeos::Blob());
+
+ *OUT_success = mount_->RemoveCryptohome(credentials);
+ return TRUE;
+}
+
+gboolean Service::GetSystemSalt(GArray **OUT_salt, GError **error) {
+ if(system_salt_.size() == 0) {
+ system_salt_ = mount_->GetSystemSalt();
}
- *OUT_success = auth_->TestAllMasterKeys(creds);
+ *OUT_salt = g_array_new(false, false, 1);
+ g_array_append_vals(*OUT_salt, &system_salt_.front(), system_salt_.size());
+
return TRUE;
}
gboolean Service::IsMounted(gboolean *OUT_is_mounted, GError **error) {
- int status = system(is_mounted_command());
- *OUT_is_mounted = !status;
+ *OUT_is_mounted = mount_->IsCryptohomeMounted();
return TRUE;
}
@@ -89,42 +120,44 @@ gboolean Service::Mount(gchar *userid,
gchar *key,
gboolean *OUT_done,
GError **error) {
- // Never double mount.
- // This will mean we don't mount over existing mounts,
- // but at present, we reboot on user change so it is ok.
- // Later, this can be more intelligent.
- if (IsMounted(OUT_done, error) && *OUT_done) {
- *OUT_done = FALSE;
- return TRUE;
- }
- // Note, by doing this we allow any chronos caller to
- // send a variable for use in the scripts. Bad idea.
- // Thankfully, this will go away with the scripts.
- setenv("CHROMEOS_USER", userid, 1);
- FILE *mount = popen(mount_command(), "w");
- if (!mount) {
- // TODO(wad) *error =
- return FALSE;
+ UsernamePasskey credentials(userid, strlen(userid),
+ chromeos::Blob(key, key + strlen(key)));
+
+ if(mount_->IsCryptohomeMounted()) {
+ if(mount_->IsCryptohomeMountedForUser(credentials)) {
+ LOG(INFO) << "Cryptohome already mounted for this user";
+ *OUT_done = TRUE;
+ return TRUE;
+ } else {
+ if(!mount_->UnmountCryptohome()) {
+ LOG(ERROR) << "Could not unmount cryptohome from previous user";
+ *OUT_done = FALSE;
+ return TRUE;
+ }
+ }
}
- fprintf(mount, "%s", key);
- int status = pclose(mount);
- if (status != 0) {
- *OUT_done = FALSE;
- } else {
- *OUT_done = TRUE;
+
+ // TODO(fes): Iterate keys if we change how cryptohome keeps track of key
+ // indexes. Right now, 0 is always the current, and 0+n should only be used
+ // temporarily during password migration.
+ Mount::MountError mount_error = Mount::MOUNT_ERROR_NONE;
+ *OUT_done = mount_->MountCryptohome(credentials, 0, &mount_error);
+ if(!(*OUT_done) && (mount_error == Mount::MOUNT_ERROR_KEY_FAILURE)) {
+ // If there is a key failure, create cryptohome from scratch.
+ // TODO(fes): remove this when Chrome is no longer expecting this behavior.
+ if(mount_->RemoveCryptohome(credentials)) {
+ *OUT_done = mount_->MountCryptohome(credentials, 0, &mount_error);
+ }
}
return TRUE;
}
gboolean Service::Unmount(gboolean *OUT_done, GError **error) {
- // Check for a mount first.
- if (IsMounted(OUT_done, error) && !*OUT_done) {
- *OUT_done = TRUE; // unmounting nothing works fine.
- return TRUE;
+ if(mount_->IsCryptohomeMounted()) {
+ *OUT_done = mount_->UnmountCryptohome();
+ } else {
+ *OUT_done = true;
}
-
- int status = system(unmount_command());
- *OUT_done = !status;
return TRUE;
}

Powered by Google App Engine
This is Rietveld 408576698