xref: /system/connectivity/shill/bin/shill_login_user

#!/bin/sh

#
# Copyright (C) 2012 The Android Open Source Project
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#

# Perform login tasks for shill.  This script is called by the "login"
# init script.

# Shill expects to find a user profile in /var/run/shill/user_profiles.
# There are 3 possible places a user profile could exist.  We should
# use them in the following priority order:
#
#  - "New style" cryptohome store -- we create a link to it in
#    /var/run/shill/user_profiles so if shill restarts while the
#    user is logged in, shill can regain access to the profile.
#  - User profile in ~chronos/shill -- if the above does not
#    exist, we validate this profile and move it to the cryptohome.
#    We then create a link to it using the step above.
#  - Old flimflam profile in ~chronos/flimflam -- If the above
#    does not exist, we move this to ~chronos/shill as an
#    intermediate step then use the steps above to validate,
#    and copy to the cryptohome profile.

set -e
# The login init script calls this script with the login name of the
# user whose profile is being loaded.
user=$1
script_name=$(basename $0)

profile_user=chronos
profile_name="~${profile_user}/shill"
shill_state_root=/var/run/shill
profile_link_root="${shill_state_root}/user_profiles"
profile_link_dir="$profile_link_root/$profile_user"
log_link_dir="${shill_state_root}/log"
username_hash=""

# We should not load multiple network profiles.  If a profile link
# directory already exists, we should go no further.
if [ -e "$profile_link_dir" ] ; then
  logger -t "$script_name" "User already logged in; doing nothing."
  exit 0
fi

if [ -n "$user" ] ; then
  profile_base=$(cryptohome-path system $user)
  if [ ! -d "$profile_base" ] ; then
    logger -t "$script_name" \
      "User cryptohome dir $profile_base does not exist"
    exit 1
  fi
  username_hash=$(basename $profile_base)

  # Make references to the older connection manager profiles that lived
  # in the user-owned home directory.
  user_base=$(cryptohome-path user $user)
  if [ -d "$user_base" ] ; then
    flimflam_profile_dir="$user_base/flimflam"
    flimflam_profile="$flimflam_profile_dir/flimflam.profile"
    old_profile_dir="$user_base/shill"
    old_profile="$old_profile_dir/shill.profile"
  fi
else
  # If no user is given, create a temporary profile directory which will
  # be erased on logout.
  profile_base="${shill_state_root}/guest_user_profile"
  rm -rf "$profile_base"
  flimflam_profile=""
  old_profile=""
fi

profile_dir="$profile_base/shill"
profile="$profile_dir/shill.profile"
log_dir="$profile_base/shill_logs"

if [ ! -d "$profile_dir" ]; then
  if ! mkdir -p --mode=700 $profile_dir ; then
    logger -t "$script_name" \
      "Failed to create shill user profile directory $profile_dir"
    exit 1
  fi
fi

if ! mkdir -p --mode 0700 "$profile_link_root"; then
  logger -t "$script_name" \
    "Unable to create shill user profile link directory"
fi

ln -s "$profile_dir" "$profile_link_dir" ||
  logger -t "$script_name" \
    "Failed to create shill user cryptohome link $profile_link_dir"

if ! mkdir -p --mode 0700 "$log_dir"; then
  logger -t "$script_name" \
    "Unable to create shill log directory"
fi

if [ ! -h "$log_link_dir" ]; then
  ln -s "$log_dir" "$log_link_dir" ||
    logger -t "$script_name" \
      "Failed to create shill logs link $log_link_dir"
fi

if [ ! -f "$profile" ]; then
  if [ -f "$flimflam_profile" ]; then
    if [ -f "$old_profile" ]; then
      logger -t "$script_name" "Removing outdated flimflam user profile"
      rm -f "$flimflam_profile"
      rmdir --ignore-fail-on-non-empty "$flimflam_profile_dir"
    else
      old_profile="$flimflam_profile"
      old_profile_dir="$flimflam_profile_dir"
    fi
  fi

  if [ -f "$old_profile" ] ; then
    test_profile="$profile_dir/shill.profile.test"
    mv "$old_profile" "$test_profile" ||
      logger -t "$script_name" "Failed to test-move old shill profile"
    rmdir --ignore-fail-on-non-empty "$old_profile_dir"

    # Inspect profile to make sure it makes sense as a shill profile,
    # and is properly owned.  Do so while it's in a directory whose
    # contents are unlikely to be modified underneath us.
    if [ -h "$test_profile" ] ; then
      logger -t "$script_name" "Old shill profile is a symlink"
    elif [ ! -f "$test_profile" ] ; then
      logger -t "$script_name" "Old shill profile is not a regular file"
    elif [ ! -O "$test_profile" ] ; then
      logger -t "$script_name" "Old shill profile was not properly owned"
    else
      logger -t "$script_name" "Moving old shill profile from $old_profile"
      mv "$test_profile" "$profile" ||
        logger -t "$script_name" "Failed to copy old shill profile"
    fi
    rm -rf "$test_profile"
  fi
  if [ -e "$old_profile" ] ; then
    # Old profile exists but does not resolve to a regular file!?
    logger -t "$script_name" "Old shill profile is not a file or was not moved"
    rm -rf "$old_profile"
    rmdir --ignore-fail-on-non-empty "$old_profile_dir"
  fi

  if [ ! -f "$profile" ]; then
    # If profile still does not exist, ask shill to create one.
    dbus-send --system --dest=org.chromium.flimflam --print-reply / \
      org.chromium.flimflam.Manager.CreateProfile string:$profile_name ||
        logger -t "$script_name" "Failed to create $profile_name profile"
  fi
fi

# Push user's network profile
dbus-send --system --dest=org.chromium.flimflam --print-reply / \
  org.chromium.flimflam.Manager.InsertUserProfile \
      string:$profile_name string:$username_hash ||
    logger -t "$script_name" "Failed to push $profile_name profile"