Reverting Tizen 2.x specific workarounds for password change/authtype==none.

Change-Id: Ib888b1df3afc54405cf6a3b48bad86e7fc0c92e4

diff --git a/src/manager/service/ckm-logic.cpp b/src/manager/service/ckm-logic.cpp
index b324a20..8e25c1e 100644 (file)
--- a/src/manager/service/ckm-logic.cpp
+++ b/src/manager/service/ckm-logic.cpp
@@ -60,63 +60,29 @@ CKMLogic::CKMLogic()
 
 CKMLogic::~CKMLogic(){}
 
-void CKMLogic::loadDKEKFile(uid_t user, const Password &password, bool apiReq) {
+void CKMLogic::loadDKEKFile(uid_t user, const Password &password) {
     auto &handle = m_userDataMap[user];
 
     FileSystem fs(user);
 
-    auto wrappedDKEKMain = fs.getDKEK();
-    auto wrappedDKEKBackup = fs.getDKEKBackup();
+    auto wrappedDKEK = fs.getDKEK();
 
-    if (wrappedDKEKMain.empty()) {
-        wrappedDKEKMain = KeyProvider::generateDomainKEK(std::to_string(user), password);
-        fs.saveDKEK(wrappedDKEKMain);
+    if (wrappedDKEK.empty()) {
+        wrappedDKEK = KeyProvider::generateDomainKEK(std::to_string(user), password);
+        fs.saveDKEK(wrappedDKEK);
     }
 
-    chooseDKEKFile(handle, password, wrappedDKEKMain, wrappedDKEKBackup);
-
-    if (!password.empty() || apiReq) {
-        handle.isDKEKConfirmed = true;
-
-        if (true == handle.isMainDKEK)
-            fs.removeDKEKBackup();
-        else
-            fs.restoreDKEK();
-    }
-}
-
-void CKMLogic::chooseDKEKFile(
-    UserData &handle,
-    const Password &password,
-    const RawBuffer &first,
-    const RawBuffer &second)
-{
-    try {
-        handle.keyProvider = KeyProvider(first, password);
-        handle.isMainDKEK = true;
-    } catch (const KeyProvider::Exception::Base &e) {
-        // Second buffer is empty. Lets rethrow first error
-        if (second.empty())
-            throw;
-        handle.keyProvider = KeyProvider(second, password);
-        handle.isMainDKEK = false;
-    }
+    handle.keyProvider = KeyProvider(wrappedDKEK, password);
 }
 
 void CKMLogic::saveDKEKFile(uid_t user, const Password &password) {
     auto &handle = m_userDataMap[user];
 
     FileSystem fs(user);
-    if (handle.isMainDKEK)
-        fs.createDKEKBackup();
-
     fs.saveDKEK(handle.keyProvider.getWrappedDomainKEK(password));
-
-    handle.isMainDKEK = true;
-    handle.isDKEKConfirmed = false;
 }
 
-RawBuffer CKMLogic::unlockUserKey(uid_t user, const Password &password, bool apiRequest) {
+RawBuffer CKMLogic::unlockUserKey(uid_t user, const Password &password) {
     int retCode = CKM_API_SUCCESS;
 
     try {
@@ -124,7 +90,7 @@ RawBuffer CKMLogic::unlockUserKey(uid_t user, const Password &password, bool api
             auto &handle = m_userDataMap[user];
             FileSystem fs(user);
 
-            loadDKEKFile(user, password, apiRequest);
+            loadDKEKFile(user, password);
 
             auto wrappedDatabaseDEK = fs.getDBDEK();
 
@@ -142,9 +108,6 @@ RawBuffer CKMLogic::unlockUserKey(uid_t user, const Password &password, bool api
             for(auto& appSmackLabel : removedApps) {
                 handle.database.deleteKey(appSmackLabel);
             }
-        } else if (apiRequest == true && m_userDataMap[user].isDKEKConfirmed == false) {
-            // now we will try to choose the DKEK key and remove old one
-            loadDKEKFile(user, password, apiRequest);
         }
     } catch (const KeyProvider::Exception::PassWordError &e) {
         LogError("Incorrect Password " << e.GetMessage());
@@ -204,7 +167,7 @@ RawBuffer CKMLogic::changeUserPassword(
 {
     int retCode = CKM_API_SUCCESS;
     try {
-        loadDKEKFile(user, oldPassword, true);
+        loadDKEKFile(user, oldPassword);
         saveDKEKFile(user, newPassword);
     } catch (const KeyProvider::Exception::PassWordError &e) {
         LogError("Incorrect Password " << e.GetMessage());

diff --git a/src/manager/service/ckm-logic.h b/src/manager/service/ckm-logic.h
index 912f44c..ab43124 100644 (file)
--- a/src/manager/service/ckm-logic.h
+++ b/src/manager/service/ckm-logic.h
@@ -38,16 +38,9 @@
 namespace CKM {
 
 struct UserData {
-    UserData()
-      : isMainDKEK(false)
-      , isDKEKConfirmed(false)
-    {}
-
     KeyProvider    keyProvider;
     DB::Crypto     database;
     CryptoLogic    crypto;
-    bool           isMainDKEK;
-    bool           isDKEKConfirmed;
 };
 
 class CKMLogic {
@@ -59,8 +52,7 @@ public:
     CKMLogic& operator=(CKMLogic &&) = delete;
     virtual ~CKMLogic();
 
-    RawBuffer unlockUserKey(uid_t user, const Password &password, bool apiRequest = true);
-
+    RawBuffer unlockUserKey(uid_t user, const Password &password);
     RawBuffer lockUserKey(uid_t user);
 
     RawBuffer removeUserData(uid_t user);
@@ -186,14 +178,7 @@ private:
 
     void loadDKEKFile(
         uid_t user,
-        const Password &password,
-        bool apiReq);
-
-    void chooseDKEKFile(
-        UserData &handle,
-        const Password &password,
-        const RawBuffer &first,
-        const RawBuffer &second);
+        const Password &password);
 
     void saveDKEKFile(
         uid_t user,

diff --git a/src/manager/service/ckm-service.cpp b/src/manager/service/ckm-service.cpp
index d281dc4..28a10b5 100644 (file)
--- a/src/manager/service/ckm-service.cpp
+++ b/src/manager/service/ckm-service.cpp
@@ -157,14 +157,6 @@ RawBuffer CKMService::ProcessStorage(Credentials &cred, MessageBuffer &buffer)
     buffer.Deserialize(command);
     buffer.Deserialize(msgID);
 
-    // This is a workaround solution for locktype=None in Tizen 2.2.1
-    // When locktype is None, lockscreen app doesn't interfere with unlocking process.
-    // Therefor lockscreen app cannot notify unlock events to key-manager when locktype is None.
-    // So, to unlock user data when lock type is None, key-manager always try to unlock user data with null password.
-    // Even if the result is fail, it will be ignored.
-    Password nullPassword("");
-    m_logic->unlockUserKey(cred.uid, nullPassword, false);
-
     LogDebug("Process storage. Command: " << command);
 
     switch(static_cast<LogicCommand>(command)) {

diff --git a/src/manager/service/file-system.cpp b/src/manager/service/file-system.cpp
index 7a02fe1..a5e63f9 100644 (file)
--- a/src/manager/service/file-system.cpp
+++ b/src/manager/service/file-system.cpp
@@ -43,7 +43,6 @@ namespace {
 
 const std::string CKM_DATA_PATH = "/opt/data/ckm/";
 const std::string CKM_KEY_PREFIX = "key-";
-const std::string CKM_KEY_BACKUP_PREFIX = "key-backup-";
 const std::string CKM_DB_KEY_PREFIX = "db-key-";
 const std::string CKM_DB_PREFIX = "db-";
 const std::string CKM_REMOVED_APP_PREFIX = "removed-app-";
@@ -70,12 +69,6 @@ std::string FileSystem::getDKEKPath() const {
     return ss.str();
 }
 
-std::string FileSystem::getDKEKBackupPath() const {
-    std::stringstream ss;
-    ss << CKM_DATA_PATH << CKM_KEY_BACKUP_PREFIX << m_uid;
-    return ss.str();
-}
-
 std::string FileSystem::getDBDEKPath() const {
     std::stringstream ss;
     ss << CKM_DATA_PATH << CKM_DB_KEY_PREFIX << m_uid;
@@ -114,11 +107,6 @@ RawBuffer FileSystem::getDKEK() const
     return loadFile(getDKEKPath());
 }
 
-RawBuffer FileSystem::getDKEKBackup() const
-{
-    return loadFile(getDKEKBackupPath());
-}
-
 RawBuffer FileSystem::getDBDEK() const
 {
     return loadFile(getDBDEKPath());
@@ -141,33 +129,6 @@ void FileSystem::saveDKEK(const RawBuffer &buffer) const {
     saveFile(getDKEKPath(), buffer);
 }
 
-void FileSystem::moveFile(const std::string &from, const std::string &to) const {
-    if (0 == ::rename(from.c_str(), to.c_str())) {
-        return;
-    }
-    auto description = GetErrnoString(errno);
-    LogError("Error during rename file DKEKBackup to DKEK: " << description);
-    ThrowMsg(Exception::RenameFailed,
-             "Error during rename file DKEKBackup to DKEK: " << description);
-}
-
-void FileSystem::restoreDKEK() const {
-    moveFile(getDKEKBackupPath(), getDKEKPath());
-}
-
-void FileSystem::createDKEKBackup() const {
-    moveFile(getDKEKPath(), getDKEKBackupPath());
-}
-
-void FileSystem::removeDKEKBackup() const {
-    if (0 == unlink(getDKEKBackupPath().c_str())) {
-        return;
-    }
-    // Backup is accessible only during "change password transaction"
-    auto description = GetErrnoString(errno);
-    LogDebug("Error in unlink file DKEKBackup: " << description);
-}
-
 void FileSystem::saveDBDEK(const RawBuffer &buffer) const {
     saveFile(getDBDEKPath(), buffer);
 }
@@ -277,13 +238,6 @@ int FileSystem::removeUserData() const {
             << "Errno: " << errno << " " << GetErrnoString(err));
     }
 
-    if (unlink(getDKEKBackupPath().c_str())) {
-        retCode = -1;
-        err = errno;
-        LogDebug("Unlink user backup DKEK failed (file probably does not exists): " << getDKEKBackupPath()
-            << "Errno: " << errno << " " << GetErrnoString(err));
-    }
-
     if (unlink(getDBDEKPath().c_str())) {
         retCode = -1;
         err = errno;

diff --git a/src/manager/service/file-system.h b/src/manager/service/file-system.h
index 9058c42..ace87e9 100644 (file)
--- a/src/manager/service/file-system.h
+++ b/src/manager/service/file-system.h
@@ -46,14 +46,8 @@ public:
 
     // Domain Key Encryption Key
     RawBuffer getDKEK() const;
-    RawBuffer getDKEKBackup() const;
     void saveDKEK(const RawBuffer &buffer) const;
 
-    // Functions required in "password change transaction"
-    void createDKEKBackup() const;
-    void restoreDKEK() const; // delete DKEK and move DKEKBackup -> DKEK
-    void removeDKEKBackup() const;  // delete DKEKBackup
-
     // Database Data Encryption Key
     RawBuffer getDBDEK() const;
     void saveDBDEK(const RawBuffer &buffer) const;
@@ -71,12 +65,10 @@ public:
     virtual ~FileSystem(){}
 protected:
     std::string getDKEKPath() const;
-    std::string getDKEKBackupPath() const;
     std::string getDBDEKPath() const;
     RawBuffer loadFile(const std::string &path) const;
     void saveFile(const std::string &path, const RawBuffer &buffer) const;
     std::string getRemovedAppsPath() const;
-    void moveFile(const std::string &from, const std::string &to) const;
 
     uid_t m_uid;
 };