1 /* vi: set et sw=4 ts=4 cino=t0,(0: */
2 /* -*- Mode: C; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
4 * This file is part of gsignond
6 * Copyright (C) 2012 Intel Corporation.
8 * Contact: Jussi Laako <jussi.laako@linux.intel.com>
10 * This library is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU Lesser General Public
12 * License as published by the Free Software Foundation; either
13 * version 2.1 of the License, or (at your option) any later version.
15 * This library is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 * Lesser General Public License for more details.
20 * You should have received a copy of the GNU Lesser General Public
21 * License along with this library; if not, write to the Free Software
22 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
29 #include <glib/gstdio.h>
31 #include "gsignond/gsignond-log.h"
32 #include "gsignond/gsignond-storage-manager.h"
33 #include "gsignond/gsignond-utils.h"
36 * SECTION:gsignond-storage-manager
37 * @short_description: manages encrypted disk storage for storing the secret database
38 * @include: gsignond/gsignond-plugin-interface.h
40 * #GSignondStorageManager manages encrypted disk storage for storing the
41 * databases. The default implementation maintains a simple per-user
42 * directory accessible only to root and gsignond group, but gSSO can be
43 * configured to use a custom extension that provides a subclassed
44 * implementation of #GSignondStorageManager
45 * (see #GSignondExtension for instructions and pointers to examples).
48 * GSignondStorageManager:
50 * Opaque #GSignondStorageManager data structure.
54 #define GSIGNOND_STORAGE_MANAGER_GET_PRIVATE(obj) \
55 (G_TYPE_INSTANCE_GET_PRIVATE ((obj), \
56 GSIGNOND_TYPE_STORAGE_MANAGER, \
57 GSignondStorageManagerPrivate))
59 struct _GSignondStorageManagerPrivate
70 static GParamSpec *properties[N_PROPERTIES] = { NULL, };
72 G_DEFINE_TYPE (GSignondStorageManager, gsignond_storage_manager, G_TYPE_OBJECT);
75 _set_config (GSignondStorageManager *self, GSignondConfig *config)
77 g_assert (self->config == NULL);
78 self->config = config;
80 gchar *user_dir = g_strdup_printf ("gsignond.%s", g_get_user_name ());
81 const gchar *storage_path = gsignond_config_get_string (
83 GSIGNOND_CONFIG_GENERAL_STORAGE_PATH);
85 self->location = g_build_filename (storage_path,
89 self->location = g_build_filename ("/var/db",
93 DBG ("secure dir %s", self->location);
97 _set_property (GObject *object, guint prop_id, const GValue *value,
100 GSignondStorageManager *self =
101 GSIGNOND_STORAGE_MANAGER (object);
105 g_assert (self->config == NULL);
106 _set_config (self, GSIGNOND_CONFIG (g_value_dup_object (value)));
109 G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
114 _get_property (GObject *object, guint prop_id, GValue *value, GParamSpec *pspec)
116 GSignondStorageManager *self =
117 GSIGNOND_STORAGE_MANAGER (object);
121 g_value_set_object (value, self->config);
124 G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
129 _dispose (GObject *object)
131 GSignondStorageManager *self =
132 GSIGNOND_STORAGE_MANAGER (object);
134 /* unmount mounted filesystem */
135 if (gsignond_storage_manager_filesystem_is_mounted (self)) {
136 gsignond_storage_manager_unmount_filesystem (self);
140 g_object_unref (self->config);
144 G_OBJECT_CLASS (gsignond_storage_manager_parent_class)->dispose (object);
148 _finalize (GObject *object)
150 GSignondStorageManager *self =
151 GSIGNOND_STORAGE_MANAGER (object);
153 if (self->location) {
154 g_free (self->location);
155 self->location = NULL;
158 G_OBJECT_CLASS (gsignond_storage_manager_parent_class)->finalize (object);
162 _initialize_storage (GSignondStorageManager *self)
164 g_return_val_if_fail (self != NULL, FALSE);
165 g_return_val_if_fail (self->location, FALSE);
167 if (g_access (self->location, R_OK) == 0)
170 gboolean res = FALSE;
172 uid_t uid = getuid ();
174 WARN ("seteuid() failed");
176 if (g_mkdir_with_parents (self->location, S_IRWXU | S_IRWXG))
178 if (chown (self->location, 0, getegid ()))
179 WARN ("chown() failed");
180 if (chmod (self->location, S_IRWXU | S_IRWXG))
181 WARN ("chmod() failed");
186 WARN ("seteuid failed");
192 _delete_storage (GSignondStorageManager *self)
194 g_return_val_if_fail (self != NULL, FALSE);
195 g_return_val_if_fail (self->location, FALSE);
197 return gsignond_wipe_directory (self->location);
201 _storage_is_initialized (GSignondStorageManager *self)
203 g_return_val_if_fail (self != NULL, FALSE);
204 g_return_val_if_fail (self->location, FALSE);
206 if (g_access (self->location, 0)) /* 0 should equal to F_OK */
213 _mount_filesystem (GSignondStorageManager *self)
215 g_return_val_if_fail (self != NULL, NULL);
217 return self->location;
221 _unmount_filesystem (GSignondStorageManager *self)
223 g_return_val_if_fail (self != NULL, FALSE);
229 _filesystem_is_mounted (GSignondStorageManager *self)
231 return _storage_is_initialized (self);
235 * GSignondStorageManagerClass:
236 * @parent_class: parent class.
237 * @initialize_storage: an implementation of gsignond_storage_manager_initialize_storage()
238 * @delete_storage: an implementation of gsignond_storage_manager_delete_storage()
239 * @storage_is_initialized: an implementation of gsignond_storage_manager_storage_is_initialized()
240 * @mount_filesystem: an implementation of gsignond_storage_manager_mount_filesystem()
241 * @unmount_filesystem: an implementation of gsignond_storage_manager_unmount_filesystem()
242 * @filesystem_is_mounted: an implementation of gsignond_storage_manager_filesystem_is_mounted()
244 * #GSignondStorageManagerClass class containing pointers to class methods.
247 gsignond_storage_manager_class_init (GSignondStorageManagerClass *klass)
249 GObjectClass *base = G_OBJECT_CLASS (klass);
251 base->set_property = _set_property;
252 base->get_property = _get_property;
253 base->dispose = _dispose;
254 base->finalize = _finalize;
255 properties[PROP_CONFIG] = g_param_spec_object ("config",
257 "Configuration object",
258 GSIGNOND_TYPE_CONFIG,
259 G_PARAM_CONSTRUCT_ONLY|
261 G_PARAM_STATIC_STRINGS);
262 g_object_class_install_properties (base, N_PROPERTIES, properties);
264 /*g_type_class_add_private (klass, sizeof(GSignondStorageManagerPrivate));*/
266 klass->initialize_storage = _initialize_storage;
267 klass->delete_storage = _delete_storage;
268 klass->storage_is_initialized = _storage_is_initialized;
269 klass->mount_filesystem = _mount_filesystem;
270 klass->unmount_filesystem = _unmount_filesystem;
271 klass->filesystem_is_mounted = _filesystem_is_mounted;
275 gsignond_storage_manager_init (GSignondStorageManager *self)
277 /*self->priv = GSIGNOND_STORAGE_MANAGER_GET_PRIVATE (self);*/
279 self->location = NULL;
284 * gsignond_storage_manager_initialize_storage:
285 * @self: object instance.
287 * Initialize encryption storage. This means making sure that the
288 * necessary directories exist and are accessible.
293 gsignond_storage_manager_initialize_storage (GSignondStorageManager *self)
295 return GSIGNOND_STORAGE_MANAGER_GET_CLASS (self)->
296 initialize_storage (self);
300 * gsignond_storage_manager_delete_storage:
301 * @self: object instance.
303 * Destroys all the encryption keys and wipes the storage. gsignond_wipe_directory()
304 * is typically used for the latter.
309 gsignond_storage_manager_delete_storage (GSignondStorageManager *self)
311 return GSIGNOND_STORAGE_MANAGER_GET_CLASS (self)->
312 delete_storage (self);
316 * gsignond_storage_manager_storage_is_initialized:
317 * @self: object instance.
319 * Checks if the storage has been initialized.
321 * Returns: storage has been initialized?
324 gsignond_storage_manager_storage_is_initialized (GSignondStorageManager *self)
326 return GSIGNOND_STORAGE_MANAGER_GET_CLASS (self)->
327 storage_is_initialized (self);
331 * gsignond_storage_manager_mount_filesystem:
332 * @self: object instance.
334 * Mounts an encrypted storage and returns the filesystem path of the storage
335 * mount point. This path will be used to access the secret database via
336 * #GSignondSecretStorage.
338 * The default implemenation does nothing, and immediately returns the path for the
341 * Returns: (transfer none): path of the storage mount point.
344 gsignond_storage_manager_mount_filesystem (GSignondStorageManager *self)
346 return GSIGNOND_STORAGE_MANAGER_GET_CLASS (self)->
347 mount_filesystem (self);
351 * gsignond_storage_manager_unmount_filesystem:
352 * @self: object instance.
354 * Unmounts a previously mounted encrypted storage filesystem.
359 gsignond_storage_manager_unmount_filesystem (GSignondStorageManager *self)
361 return GSIGNOND_STORAGE_MANAGER_GET_CLASS (self)->
362 unmount_filesystem (self);
366 * gsignond_storage_manager_filesystem_is_mounted:
367 * @self: object instance.
369 * Checks if the encrypted storage filesystem is currently mounted.
371 * Returns: filesystem is currently mounted?
374 gsignond_storage_manager_filesystem_is_mounted (GSignondStorageManager *self)
376 return GSIGNOND_STORAGE_MANAGER_GET_CLASS (self)->
377 filesystem_is_mounted (self);