1 /* vi: set et sw=4 ts=4 cino=t0,(0: */
2 /* -*- Mode: C; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
4 * This file is part of gsignond
6 * Copyright (C) 2012 Intel Corporation.
8 * Contact: Jussi Laako <jussi.laako@linux.intel.com>
10 * This library is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU Lesser General Public
12 * License as published by the Free Software Foundation; either
13 * version 2.1 of the License, or (at your option) any later version.
15 * This library is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 * Lesser General Public License for more details.
20 * You should have received a copy of the GNU Lesser General Public
21 * License along with this library; if not, write to the Free Software
22 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
29 #include <glib/gstdio.h>
33 #include "gsignond/gsignond-log.h"
34 #include "gsignond/gsignond-storage-manager.h"
35 #include "gsignond/gsignond-utils.h"
38 * SECTION:gsignond-storage-manager
39 * @short_description: manages encrypted disk storage for storing the secret database
40 * @include: gsignond/gsignond-plugin-interface.h
42 * #GSignondStorageManager manages encrypted disk storage for storing the
43 * databases. The default implementation maintains a simple per-user
44 * directory accessible only to root and gsignond group, but gSSO can be
45 * configured to use a custom extension that provides a subclassed
46 * implementation of #GSignondStorageManager
47 * (see #GSignondExtension for instructions and pointers to examples).
50 * GSignondStorageManager:
52 * Opaque #GSignondStorageManager data structure.
56 #define GSIGNOND_STORAGE_MANAGER_GET_PRIVATE(obj) \
57 (G_TYPE_INSTANCE_GET_PRIVATE ((obj), \
58 GSIGNOND_TYPE_STORAGE_MANAGER, \
59 GSignondStorageManagerPrivate))
61 struct _GSignondStorageManagerPrivate
72 static GParamSpec *properties[N_PROPERTIES] = { NULL, };
74 G_DEFINE_TYPE (GSignondStorageManager, gsignond_storage_manager, G_TYPE_OBJECT);
77 _set_config (GSignondStorageManager *self, GSignondConfig *config)
79 g_assert (self->config == NULL);
80 self->config = config;
82 gchar *user_dir = g_strdup_printf ("gsignond.%s", g_get_user_name ());
83 const gchar *storage_path = gsignond_config_get_string (
85 GSIGNOND_CONFIG_GENERAL_STORAGE_PATH);
87 storage_path = BASE_STORAGE_DIR;
88 DBG ("storage path not configured, using default location");
91 const gchar *env_val = g_getenv("SSO_STORAGE_PATH");
93 storage_path = env_val;
95 self->location = g_build_filename (storage_path, user_dir, NULL);
97 DBG ("secure dir %s", self->location);
101 _set_property (GObject *object, guint prop_id, const GValue *value,
104 GSignondStorageManager *self =
105 GSIGNOND_STORAGE_MANAGER (object);
109 g_assert (self->config == NULL);
110 _set_config (self, GSIGNOND_CONFIG (g_value_dup_object (value)));
113 G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
118 _get_property (GObject *object, guint prop_id, GValue *value, GParamSpec *pspec)
120 GSignondStorageManager *self =
121 GSIGNOND_STORAGE_MANAGER (object);
125 g_value_set_object (value, self->config);
128 G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
133 _dispose (GObject *object)
135 GSignondStorageManager *self =
136 GSIGNOND_STORAGE_MANAGER (object);
138 /* unmount mounted filesystem */
139 if (gsignond_storage_manager_filesystem_is_mounted (self)) {
140 gsignond_storage_manager_unmount_filesystem (self);
144 g_object_unref (self->config);
148 G_OBJECT_CLASS (gsignond_storage_manager_parent_class)->dispose (object);
152 _finalize (GObject *object)
154 GSignondStorageManager *self =
155 GSIGNOND_STORAGE_MANAGER (object);
157 if (self->location) {
158 g_free (self->location);
159 self->location = NULL;
162 G_OBJECT_CLASS (gsignond_storage_manager_parent_class)->finalize (object);
166 _initialize_storage (GSignondStorageManager *self)
168 g_return_val_if_fail (self != NULL, FALSE);
169 g_return_val_if_fail (self->location, FALSE);
171 if (g_access (self->location, R_OK) == 0)
174 gboolean res = FALSE;
176 uid_t uid = getuid ();
178 WARN ("seteuid() failed");
180 if (g_mkdir_with_parents (self->location, S_IRWXU | S_IRWXG))
182 if (chown (self->location, 0, getegid ()))
183 WARN ("chown() failed");
184 if (chmod (self->location, S_IRWXU | S_IRWXG))
185 WARN ("chmod() failed");
190 WARN ("seteuid failed");
196 _delete_storage (GSignondStorageManager *self)
198 g_return_val_if_fail (self != NULL, FALSE);
199 g_return_val_if_fail (self->location, FALSE);
201 return gsignond_wipe_directory (self->location);
205 _storage_is_initialized (GSignondStorageManager *self)
207 g_return_val_if_fail (self != NULL, FALSE);
208 g_return_val_if_fail (self->location, FALSE);
210 if (g_access (self->location, 0)) /* 0 should equal to F_OK */
217 _mount_filesystem (GSignondStorageManager *self)
219 g_return_val_if_fail (self != NULL, NULL);
221 return self->location;
225 _unmount_filesystem (GSignondStorageManager *self)
227 g_return_val_if_fail (self != NULL, FALSE);
233 _filesystem_is_mounted (GSignondStorageManager *self)
235 return _storage_is_initialized (self);
239 * GSignondStorageManagerClass:
240 * @parent_class: parent class.
241 * @initialize_storage: an implementation of gsignond_storage_manager_initialize_storage()
242 * @delete_storage: an implementation of gsignond_storage_manager_delete_storage()
243 * @storage_is_initialized: an implementation of gsignond_storage_manager_storage_is_initialized()
244 * @mount_filesystem: an implementation of gsignond_storage_manager_mount_filesystem()
245 * @unmount_filesystem: an implementation of gsignond_storage_manager_unmount_filesystem()
246 * @filesystem_is_mounted: an implementation of gsignond_storage_manager_filesystem_is_mounted()
248 * #GSignondStorageManagerClass class containing pointers to class methods.
251 gsignond_storage_manager_class_init (GSignondStorageManagerClass *klass)
253 GObjectClass *base = G_OBJECT_CLASS (klass);
255 base->set_property = _set_property;
256 base->get_property = _get_property;
257 base->dispose = _dispose;
258 base->finalize = _finalize;
259 properties[PROP_CONFIG] = g_param_spec_object ("config",
261 "Configuration object",
262 GSIGNOND_TYPE_CONFIG,
263 G_PARAM_CONSTRUCT_ONLY|
265 G_PARAM_STATIC_STRINGS);
266 g_object_class_install_properties (base, N_PROPERTIES, properties);
268 /*g_type_class_add_private (klass, sizeof(GSignondStorageManagerPrivate));*/
270 klass->initialize_storage = _initialize_storage;
271 klass->delete_storage = _delete_storage;
272 klass->storage_is_initialized = _storage_is_initialized;
273 klass->mount_filesystem = _mount_filesystem;
274 klass->unmount_filesystem = _unmount_filesystem;
275 klass->filesystem_is_mounted = _filesystem_is_mounted;
279 gsignond_storage_manager_init (GSignondStorageManager *self)
281 /*self->priv = GSIGNOND_STORAGE_MANAGER_GET_PRIVATE (self);*/
283 self->location = NULL;
288 * gsignond_storage_manager_initialize_storage:
289 * @self: object instance.
291 * Initialize encryption storage. This means making sure that the
292 * necessary directories under #GSIGNOND_CONFIG_GENERAL_STORAGE_PATH exist and are accessible.
297 gsignond_storage_manager_initialize_storage (GSignondStorageManager *self)
299 return GSIGNOND_STORAGE_MANAGER_GET_CLASS (self)->
300 initialize_storage (self);
304 * gsignond_storage_manager_delete_storage:
305 * @self: object instance.
307 * Destroys all the encryption keys and wipes the storage. gsignond_wipe_directory()
308 * is typically used for the latter.
313 gsignond_storage_manager_delete_storage (GSignondStorageManager *self)
315 return GSIGNOND_STORAGE_MANAGER_GET_CLASS (self)->
316 delete_storage (self);
320 * gsignond_storage_manager_storage_is_initialized:
321 * @self: object instance.
323 * Checks if the storage has been initialized.
325 * Returns: storage has been initialized?
328 gsignond_storage_manager_storage_is_initialized (GSignondStorageManager *self)
330 return GSIGNOND_STORAGE_MANAGER_GET_CLASS (self)->
331 storage_is_initialized (self);
335 * gsignond_storage_manager_mount_filesystem:
336 * @self: object instance.
338 * Mounts an encrypted storage and returns the filesystem path of the storage
339 * mount point. This path will be set in #GSignondConfig as
340 * #GSIGNOND_CONFIG_GENERAL_SECURE_DIR and used to access the secret database via
341 * #GSignondSecretStorage.
343 * The default implemenation does nothing, and immediately returns the path for the
346 * Returns: (transfer none): path of the storage mount point.
349 gsignond_storage_manager_mount_filesystem (GSignondStorageManager *self)
351 return GSIGNOND_STORAGE_MANAGER_GET_CLASS (self)->
352 mount_filesystem (self);
356 * gsignond_storage_manager_unmount_filesystem:
357 * @self: object instance.
359 * Unmounts a previously mounted encrypted storage filesystem.
364 gsignond_storage_manager_unmount_filesystem (GSignondStorageManager *self)
366 return GSIGNOND_STORAGE_MANAGER_GET_CLASS (self)->
367 unmount_filesystem (self);
371 * gsignond_storage_manager_filesystem_is_mounted:
372 * @self: object instance.
374 * Checks if the encrypted storage filesystem is currently mounted.
376 * Returns: filesystem is currently mounted?
379 gsignond_storage_manager_filesystem_is_mounted (GSignondStorageManager *self)
381 return GSIGNOND_STORAGE_MANAGER_GET_CLASS (self)->
382 filesystem_is_mounted (self);