| Andreea Costinas | 922fbaf | 2020-05-28 11:55:22 +0200 | [diff] [blame] | 1 | // Copyright 2020 The Chromium OS Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
| 5 | #ifndef SYSTEM_PROXY_KERBEROS_CLIENT_H_ |
| 6 | #define SYSTEM_PROXY_KERBEROS_CLIENT_H_ |
| 7 | |
| 8 | #include <memory> |
| 9 | #include <string> |
| 10 | |
| 11 | #include <base/callback.h> |
| 12 | #include <base/files/file_path.h> |
| 13 | #include <base/memory/weak_ptr.h> |
| 14 | #include <dbus/bus.h> |
| 15 | #include <dbus/object_proxy.h> |
| 16 | #include <gtest/gtest_prod.h> // for FRIEND_TEST |
| 17 | |
| 18 | namespace system_proxy { |
| 19 | |
| 20 | // KerberosClient manages a Kerberos users' kr5conf and krb5ccache files, |
| 21 | // keeping a copy under /tmp/krb5.conf and /tmp/ccache. The files are kept in |
| 22 | // sync by connecting to the Kerberos dbus signal |KerberosFileChanged|. |
| 23 | class KerberosClient { |
| 24 | public: |
| 25 | explicit KerberosClient(scoped_refptr<dbus::Bus> bus); |
| 26 | |
| 27 | KerberosClient(const KerberosClient&) = delete; |
| 28 | KerberosClient& operator=(const KerberosClient&) = delete; |
| 29 | virtual ~KerberosClient() = default; |
| 30 | |
| 31 | // Sets the principal name and requests the kerberos files from kerberosd. |
| 32 | void SetPrincipalName(const std::string& principal_name); |
| 33 | |
| 34 | // If Kerberos is disabled, it will delete the kerberos files. |
| 35 | void SetKerberosEnabled(bool enabled); |
| 36 | |
| 37 | // Location of the kerberos credentials (ticket) cache. |
| 38 | std::string krb5_ccache_path(); |
| 39 | // Location of the kerberos configuration file. |
| 40 | std::string krb5_conf_path(); |
| 41 | |
| 42 | protected: |
| 43 | // Requests the files from kerberosd via the dbus method |
| 44 | // |GetUserKerberosFiles|. |
| 45 | virtual void GetFiles(); |
| 46 | |
| 47 | // Response handler for |GetUserKerberosFiles|. |
| 48 | void OnGetFilesResponse(dbus::Response* response); |
| 49 | |
| 50 | private: |
| 51 | friend class KerberosClientTest; |
| 52 | friend class SystemProxyAdaptorTest; |
| 53 | FRIEND_TEST(KerberosClientTest, KerberosEnabled); |
| 54 | FRIEND_TEST(KerberosClientTest, SignalHandling); |
| 55 | FRIEND_TEST(SystemProxyAdaptorTest, KerberosEnabled); |
| 56 | |
| 57 | // Writes |krb5_ccache_data| and |krb5_conf_data| to |krb5_ccache_path_| and |
| 58 | // |krb5_conf_path_| respectively. |
| 59 | void WriteFiles(const std::string& krb5_ccache_data, |
| 60 | const std::string& krb5_conf_data); |
| 61 | |
| 62 | // Writes |kerberos_file| to |path|. |
| 63 | bool WriteFile(const base::FilePath& path, const std::string& kerberos_file); |
| 64 | |
| 65 | void DeleteFiles(); |
| 66 | |
| 67 | void ConnectToKerberosFilesChangedSignal(); |
| 68 | |
| 69 | // Callback for 'KerberosFilesChanged' dbus signal. |
| 70 | void OnKerberosFilesChanged(dbus::Signal* signal); |
| 71 | |
| 72 | // Called after connecting to 'KerberosFilesChanged' signal. Verifies |
| 73 | // that the signal connected successfully. |
| 74 | void OnKerberosFilesChangedSignalConnected(const std::string& interface_name, |
| 75 | const std::string& signal_name, |
| 76 | bool success); |
| 77 | void OnKerberosServiceAvailable(bool is_available); |
| 78 | |
| 79 | std::string UpdateKrbConfig(const std::string& config_content); |
| 80 | |
| 81 | base::FilePath krb5_conf_path_; |
| 82 | base::FilePath krb5_ccache_path_; |
| 83 | // Principal name in the format user@REALM.COM. |
| 84 | std::string principal_name_; |
| 85 | bool kerberos_enabled_; |
| 86 | dbus::ObjectProxy* const kerberos_object_proxy_; |
| 87 | base::WeakPtrFactory<KerberosClient> weak_ptr_factory_{this}; |
| 88 | }; |
| 89 | |
| 90 | } // namespace system_proxy |
| 91 | |
| 92 | #endif // SYSTEM_PROXY_KERBEROS_CLIENT_H_ |