OLD | NEW |
1 // Copyright (c) 2009-2010 The Chromium OS Authors. All rights reserved. | 1 // Copyright (c) 2009-2010 The Chromium OS Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // Mount - class for managing cryptohome user keys and mounts. In Chrome OS, | 5 // Mount - class for managing cryptohome user keys and mounts. In Chrome OS, |
6 // users are managed on top of a shared unix user, chronos. When a user logs | 6 // users are managed on top of a shared unix user, chronos. When a user logs |
7 // in, cryptohome mounts their encrypted home directory to /home/chronos/user, | 7 // in, cryptohome mounts their encrypted home directory to /home/chronos/user, |
8 // and Chrome does a profile switch to that directory. All user data in their | 8 // and Chrome does a profile switch to that directory. All user data in their |
9 // home directory is transparently encrypted, providing protection against | 9 // home directory is transparently encrypted, providing protection against |
10 // offline theft. On logout, the mount point is removed. | 10 // offline theft. On logout, the mount point is removed. |
(...skipping 22 matching lines...) Expand all Loading... |
33 // The default shared user (chronos) | 33 // The default shared user (chronos) |
34 extern const std::string kDefaultSharedUser; | 34 extern const std::string kDefaultSharedUser; |
35 // The default skeleton source (/etc/skel) | 35 // The default skeleton source (/etc/skel) |
36 extern const std::string kDefaultSkeletonSource; | 36 extern const std::string kDefaultSkeletonSource; |
37 // The incognito user | 37 // The incognito user |
38 extern const std::string kIncognitoUser; | 38 extern const std::string kIncognitoUser; |
39 // Directories that we intend to track (make pass-through in cryptohome vault) | 39 // Directories that we intend to track (make pass-through in cryptohome vault) |
40 extern const char* kCacheDir; | 40 extern const char* kCacheDir; |
41 extern const char* kDownloadsDir; | 41 extern const char* kDownloadsDir; |
42 | 42 |
| 43 // Minimum free disk space on stateful_partition not to begin the cleanup |
| 44 const int64 kMinFreeSpace = 500 * 1LL << 20; // 500M bytes |
| 45 |
43 | 46 |
44 // The Mount class handles mounting/unmounting of the user's cryptohome | 47 // The Mount class handles mounting/unmounting of the user's cryptohome |
45 // directory as well as offline verification of the user's credentials against | 48 // directory as well as offline verification of the user's credentials against |
46 // the directory's crypto key. | 49 // the directory's crypto key. |
47 class Mount : public EntropySource { | 50 class Mount : public EntropySource { |
48 public: | 51 public: |
49 enum MountError { | 52 enum MountError { |
50 MOUNT_ERROR_NONE = 0, | 53 MOUNT_ERROR_NONE = 0, |
51 MOUNT_ERROR_FATAL = 1 << 0, | 54 MOUNT_ERROR_FATAL = 1 << 0, |
52 MOUNT_ERROR_KEY_FAILURE = 1 << 1, | 55 MOUNT_ERROR_KEY_FAILURE = 1 << 1, |
(...skipping 84 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
137 // Parameters | 140 // Parameters |
138 // credentials - The Credentials representing the user | 141 // credentials - The Credentials representing the user |
139 // is_new - True, if the cryptohome is being created and there is | 142 // is_new - True, if the cryptohome is being created and there is |
140 // no need in migration | 143 // no need in migration |
141 virtual bool CreateTrackedSubdirectories(const Credentials& credentials, | 144 virtual bool CreateTrackedSubdirectories(const Credentials& credentials, |
142 bool is_new) const; | 145 bool is_new) const; |
143 | 146 |
144 // Cleans (removes) content from unmounted tracked subdirectories | 147 // Cleans (removes) content from unmounted tracked subdirectories |
145 virtual void CleanUnmountedTrackedSubdirectories() const; | 148 virtual void CleanUnmountedTrackedSubdirectories() const; |
146 | 149 |
| 150 // Checks free disk space and if it falls below minimum |
| 151 // (kMinFreeSpace), performs cleanup |
| 152 virtual void DoAutomaticFreeDiskSpaceControl() const; |
| 153 |
147 // Tests if the given credentials would decrypt the user's cryptohome key | 154 // Tests if the given credentials would decrypt the user's cryptohome key |
148 // | 155 // |
149 // Parameters | 156 // Parameters |
150 // credentials - The Credentials to attempt to decrypt the key with | 157 // credentials - The Credentials to attempt to decrypt the key with |
151 virtual bool TestCredentials(const Credentials& credentials) const; | 158 virtual bool TestCredentials(const Credentials& credentials) const; |
152 | 159 |
153 // Migrages a user's vault key from one passkey to another | 160 // Migrages a user's vault key from one passkey to another |
154 // | 161 // |
155 // Parameters | 162 // Parameters |
156 // credentials - The new Credentials for the user | 163 // credentials - The new Credentials for the user |
(...skipping 208 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
365 // credentials - The Credentials representing the user | 372 // credentials - The Credentials representing the user |
366 std::string GetUserSaltFile(const Credentials& credentials) const; | 373 std::string GetUserSaltFile(const Credentials& credentials) const; |
367 | 374 |
368 // Gets the user's vault directory | 375 // Gets the user's vault directory |
369 // | 376 // |
370 // Parameters | 377 // Parameters |
371 // credentials - The Credentials representing the user | 378 // credentials - The Credentials representing the user |
372 std::string GetUserVaultPath(const Credentials& credentials) const; | 379 std::string GetUserVaultPath(const Credentials& credentials) const; |
373 | 380 |
374 private: | 381 private: |
| 382 // Invokes given callback for every unmounted cryptohome |
| 383 // |
| 384 // Parameters |
| 385 // callback - routine to invoke. |
| 386 typedef void (*CryptohomeCallback)(const FilePath&); |
| 387 void DoForEveryUnmountedCryptohome(CryptohomeCallback callback) const; |
| 388 |
375 // Same as MountCryptohome but specifies if the cryptohome directory should be | 389 // Same as MountCryptohome but specifies if the cryptohome directory should be |
376 // recreated on a fatal error | 390 // recreated on a fatal error |
377 // | 391 // |
378 // Parameters | 392 // Parameters |
379 // credentials - The Credentials representing the user | 393 // credentials - The Credentials representing the user |
380 // mount_args - The options for the call to mount: whether to create the | 394 // mount_args - The options for the call to mount: whether to create the |
381 // cryptohome if it doesn't exist and any tracked directories | 395 // cryptohome if it doesn't exist and any tracked directories |
382 // to create | 396 // to create |
383 // recreate_decrypt_fatal - Attempt to recreate the cryptohome directory on | 397 // recreate_decrypt_fatal - Attempt to recreate the cryptohome directory on |
384 // a fatal error (for example, TPM was cleared) | 398 // a fatal error (for example, TPM was cleared) |
(...skipping 82 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
467 // Used to keep track of the current logged-in user | 481 // Used to keep track of the current logged-in user |
468 scoped_ptr<UserSession> default_current_user_; | 482 scoped_ptr<UserSession> default_current_user_; |
469 UserSession* current_user_; | 483 UserSession* current_user_; |
470 | 484 |
471 DISALLOW_COPY_AND_ASSIGN(Mount); | 485 DISALLOW_COPY_AND_ASSIGN(Mount); |
472 }; | 486 }; |
473 | 487 |
474 } // namespace cryptohome | 488 } // namespace cryptohome |
475 | 489 |
476 #endif // CRYPTOHOME_MOUNT_H_ | 490 #endif // CRYPTOHOME_MOUNT_H_ |
OLD | NEW |