Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(658)

Unified Diff: mount.h

Issue 2645008: Update on feedback, update dbus API, add unit tests. TEST=manual,unit,BVT BUG=3628 323 (Closed) Base URL: ssh://git@chromiumos-git/cryptohome.git
Patch Set: Address second round of feedback. Created 10 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « mock_mount.h ('k') | mount.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: mount.h
diff --git a/mount.h b/mount.h
index 99d74e4f0c6194d236d7b38600a22504ec82c28c..4996602145fc77ea5f4289b7bf1af9dfe8310b55 100644
--- a/mount.h
+++ b/mount.h
@@ -44,19 +44,21 @@
//
// Passkey change: <TBD>
-#ifndef MOUNT_H_
-#define MOUNT_H_
+#ifndef CRYPTOHOME_MOUNT_H_
+#define CRYPTOHOME_MOUNT_H_
-#include "base/basictypes.h"
-#include "base/file_path.h"
-#include "cryptohome/credentials.h"
-#include "cryptohome/secure_blob.h"
-#include "cryptohome/vault_keyset.h"
+#include <base/basictypes.h>
+#include <base/file_path.h>
+#include <base/scoped_ptr.h>
+
+#include "credentials.h"
+#include "crypto.h"
+#include "platform.h"
+#include "secure_blob.h"
+#include "vault_keyset.h"
namespace cryptohome {
-// Default entropy source is used to seed openssl's random number generator
-extern const std::string kDefaultEntropySource;
// The directory to mount the user's cryptohome at
extern const std::string kDefaultHomeDir;
// The directory containing the system salt and the user vaults
@@ -67,10 +69,6 @@ extern const std::string kDefaultSharedUser;
extern const std::string kDefaultSkeletonSource;
// The incognito user
extern const std::string kIncognitoUser;
-// Where to find mtab
-extern const std::string kMtab;
-// Openssl-encrypted files start with "Salted__" and an 8-byte salt
-extern const std::string kOpenSSLMagic;
// The Mount class handles mounting/unmounting of the user's cryptohome
// directory as well as offline verification of the user's credentials against
@@ -81,16 +79,13 @@ class Mount : public EntropySource {
MOUNT_ERROR_NONE = 0,
MOUNT_ERROR_FATAL = 1 << 0,
MOUNT_ERROR_KEY_FAILURE = 1 << 1,
+ MOUNT_ERROR_MOUNT_POINT_BUSY = 1 << 2,
+ MOUNT_ERROR_NO_SUCH_FILE = 1 << 3,
};
// Sets up Mount with the default locations, username, etc., as defined above.
Mount();
- // Sets up Mount with non-default locations
- explicit Mount(const std::string& username, const std::string& entropy_source,
- const std::string& home_dir, const std::string& shadow_root,
- const std::string& skel_source);
-
virtual ~Mount();
// Gets the uid/gid of the default user and loads the system salt
@@ -143,17 +138,47 @@ class Mount : public EntropySource {
virtual bool MigratePasskey(const Credentials& credentials,
const char* old_key);
- // Mounts an incognito home directory to the cryptohome mount point
- virtual bool MountIncognitoCryptohome();
+ // Mounts a guest home directory to the cryptohome mount point
+ virtual bool MountGuestCryptohome();
// Returns the system salt
- virtual SecureBlob GetSystemSalt();
+ virtual void GetSystemSalt(chromeos::Blob* salt);
// Used to disable setting vault ownership
void set_set_vault_ownership(bool value) {
set_vault_ownership_ = value;
}
+ // Used to override the default home directory
+ void set_home_dir(const std::string& value) {
+ home_dir_ = value;
+ }
+
+ // Used to override the default shadow root
+ void set_shadow_root(const std::string& value) {
+ shadow_root_ = value;
+ }
+
+ // Used to override the default shared username
+ void set_shared_user(const std::string& value) {
+ default_username_ = value;
+ }
+
+ // Used to override the default skeleton directory
+ void set_skel_source(const std::string& value) {
+ skel_source_ = value;
+ }
+
+ // Used to override the default Crypto handler (does not take ownership)
+ void set_crypto(Crypto* value) {
+ crypto_ = value;
+ }
+
+ // Used to override the default Platform handler (does not take ownership)
+ void set_platform(Platform* value) {
+ platform_ = value;
+ }
+
private:
// Checks if the cryptohome vault exists for the given credentials and creates
// it if not (calls CreateCryptohome).
@@ -235,119 +260,32 @@ class Mount : public EntropySource {
// index - the key index to generate
bool CreateMasterKey(const Credentials& credentials, int index);
- // Converts the passkey to a symmetric key used to decrypt the user's
- // cryptohome key.
- //
- // Parameters
- // passkey - The passkey (hash, currently) to create the key from
- // salt - The salt used in creating the key
- // iters - The hash iterations to use in generating the key
- SecureBlob PasskeyToWrapper(const chromeos::Blob& passkey,
- const chromeos::Blob& salt, int iters);
-
// Returns the user's salt at the given index
//
// Parameters
// credentials - The Credentials representing the user
// index - The salt index to return
// force - Whether to force creation of a new salt
- SecureBlob GetUserSalt(const Credentials& credentials, int index,
- bool force_new = false);
-
- // Gets the salt in the specified file, creating it if it does not exist
- //
- // Parameters
- // path - The path of the salt file
- // length - The length of the salt to create if it doesn't exist
- // force - Whether to force creation of a new salt
- SecureBlob GetOrCreateSalt(const FilePath& path, int length,
- bool force_new);
+ // salt (OUT) - The user's salt
+ void GetUserSalt(const Credentials& credentials, int index,
+ bool force_new, SecureBlob* salt);
// Loads the contents of the specified file as a blob
//
// Parameters
// path - The file path to read from
// blob (OUT) - Where to store the loaded file bytes
- bool LoadFileBytes(const FilePath& path, SecureBlob& blob);
-
- // Unmount a mount point
- //
- // Parameters
- // path - The path to unmount
- // lazy - Whether to perform a lazy unmount
- // was_busy (OUT) - Whether the mount point was busy
- bool Unmount(const std::string& path, bool lazy, bool* was_busy);
-
- // Attempt to unwrap the key at the specified path
- //
- // Parameters
- // path - The file path for the master key
- // passkey - The passkey to use (converted to a passkey wrapper by this
- // method)
- // key (OUT) - Where to store the cryptohome key on success
- bool UnwrapMasterKey(const FilePath& path,
- const chromeos::Blob& passkey,
- VaultKeyset* key);
-
- // Adds the specified key to the ecryptfs keyring so that the cryptohome can
- // be mounted. Clears the user keyring first.
- //
- // Parameters
- // vault_keyset - The keyset to add
- // key_signature (OUT) - The signature of the cryptohome key that should be
- // used in subsequent calls to mount(2)
- // fnek_signature (OUT) - The signature of the cryptohome filename
- // encryption key that should be used in subsequent calls to mount(2)
- bool AddKeyToEcryptfsKeyring(const VaultKeyset& vault_keyset,
- std::string* key_signature,
- std::string* fnek_signature);
-
- // Adds the specified key to the user keyring
- //
- // Parameters
- // key - The key to add
- // key_sig - The key's (ascii) signature
- // salt - The salt
- bool PushVaultKey(const SecureBlob& key, const std::string& key_sig,
- const SecureBlob& salt);
+ bool LoadFileBytes(const FilePath& path, SecureBlob* blob);
- // Encodes a binary blob to hex-ascii
- //
- // Parameters
- // blob - The binary blob to convert
- // buffer (IN/OUT) - Where to store the converted blob
- // buffer_length - The size of the buffer
- void AsciiEncodeToBuffer(const chromeos::Blob& blob, char *buffer,
- int buffer_length);
-
- // Terminates or kills processes (except the current) that have files open on
- // the specified path. Returns true if it tried to kill any processes.
+ // Attempt to unwrap the keyset for the specified user
//
// Parameters
- // path - The path to check if the process has open files on
- // hard - If true, send a SIGKILL instead of SIGTERM
- bool TerminatePidsWithOpenFiles(const std::string& path, bool hard);
-
- // Returns a vector of PIDs that have files open on the given path
- //
- // Parameters
- // path - The path to check if the process has open files on
- std::vector<pid_t> LookForOpenFiles(const std::string& path);
-
- // Terminates or kills processes (except the current) that have the user ID
- // specified. Returns true if it tried to kill any processes.
- //
- // Parameters
- // path - The path to check if the process has open files on
- // hard - If true, send a SIGKILL instead of SIGTERM
- bool TerminatePidsForUser(const uid_t uid, bool hard);
-
- // Returns a vector of PIDs whose Real, Effective, Saved, or File UID is equal
- // to that requested
- //
- // Parameters
- // uid - the user ID to search for
- std::vector<pid_t> GetPidsForUser(uid_t uid);
+ // credentials - The user credentials to use
+ // index - The keyset index to unwrap
+ // vault_keyset (OUT) - The unencrypted vault keyset on success
+ // error (OUT) - The specific error when unwrapping
+ bool UnwrapVaultKeyset(const Credentials& credentials, int index,
+ VaultKeyset* vault_keyset, MountError* error);
// The uid of the shared user. Ownership of the user's vault is set to this
// uid.
@@ -358,20 +296,17 @@ class Mount : public EntropySource {
gid_t default_group_;
// The shared user name. This user's uid/gid is used for vault ownership.
- const std::string default_username_;
-
- // The file path to load entropy from. Defaults to /dev/urandom
- const std::string entropy_source_;
+ std::string default_username_;
// The file path to mount cryptohome at. Defaults to /home/chronos/user
- const std::string home_dir_;
+ std::string home_dir_;
// Where to store the system salt and user salt/key/vault. Defaults to
// /home/chronos/shadow
- const std::string shadow_root_;
+ std::string shadow_root_;
// Where the skeleton for the user's cryptohome is copied from
- const std::string skel_source_;
+ std::string skel_source_;
// Stores the global system salt
cryptohome::SecureBlob system_salt_;
@@ -379,9 +314,18 @@ class Mount : public EntropySource {
// Whether to change ownership of the vault file
bool set_vault_ownership_;
+ // The crypto implementation
+ scoped_ptr<Crypto> default_crypto_;
+ Crypto *crypto_;
+
+ // The platform-specific calls
+ scoped_ptr<Platform> default_platform_;
+ Platform *platform_;
+
+ private:
DISALLOW_COPY_AND_ASSIGN(Mount);
};
-}
+} // namespace cryptohome
-#endif // MOUNT_H_
+#endif // CRYPTOHOME_MOUNT_H_
« no previous file with comments | « mock_mount.h ('k') | mount.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698