Add flag for requesting an ephemeral mount

This CL adds a flag that allows Chrome to request an ephemeral mount for
a user. If the flag is set, a cryptohome backed by tmpfs will always be
mounted, even if a regular vault exists for the user.

This functionality is required for public accounts that look like regular
accounts to cryptohomed otherwise but whose cryptohomes must always be
ephemeral.

The CL is a companion to https://gerrit.chromium.org/gerrit/#/c/38995/ on
the cryptohomed side.

BUG=chromium-os:36892


Review URL: https://chromiumcodereview.appspot.com/11444006

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@171702 0039d316-1c4b-4281-b951-d872f2087c98

6 files changed, 38 insertions, 19 deletions

diff --git a/chromeos/cryptohome/async_method_caller.cc b/chromeos/cryptohome/async_method_caller.cc
index 4deb338..c868868 100644
--- a/chromeos/cryptohome/async_method_caller.cc
+++ b/chromeos/cryptohome/async_method_caller.cc
@@ -58,10 +58,10 @@ class AsyncMethodCallerImpl : public AsyncMethodCaller {
 
   virtual void AsyncMount(const std::string& user_email,
                           const std::string& passhash,
-                          const bool create_if_missing,
+                          int flags,
                           Callback callback) OVERRIDE {
     DBusThreadManager::Get()->GetCryptohomeClient()->
-        AsyncMount(user_email, passhash, create_if_missing, base::Bind(
+        AsyncMount(user_email, passhash, flags, base::Bind(
             &AsyncMethodCallerImpl::RegisterAsyncCallback,
             weak_ptr_factory_.GetWeakPtr(),
             callback,
diff --git a/chromeos/cryptohome/async_method_caller.h b/chromeos/cryptohome/async_method_caller.h
index 38e0182f..b4ab3ab 100644
--- a/chromeos/cryptohome/async_method_caller.h
+++ b/chromeos/cryptohome/async_method_caller.h
@@ -14,11 +14,20 @@
 
 namespace cryptohome {
 
-// This class manages calls to Cryptohome service's 'async' methods.
-// Note: This class is placed in ::cryptohome instead of ::chromeos::cryptohome
+// Note: This file is placed in ::cryptohome instead of ::chromeos::cryptohome
 // since there is already a namespace ::cryptohome which holds the error code
 // enum (MountError) and referencing ::chromeos::cryptohome and ::cryptohome
 // within the same code is confusing.
+
+// Flags for the AsyncMount method.
+enum MountFlags {
+    MOUNT_FLAGS_NONE = 0,       // Used to explicitly denote that no flags are
+                                // set.
+    CREATE_IF_MISSING = 1,      // Create a cryptohome if it does not exist yet.
+    ENSURE_EPHEMERAL = 1 << 1,  // Ensure that the mount is ephemeral.
+};
+
+// This class manages calls to Cryptohome service's 'async' methods.
 class CHROMEOS_EXPORT AsyncMethodCaller {
  public:
   // A callback type which is called back on the UI thread when the results of
@@ -45,16 +54,22 @@ class CHROMEOS_EXPORT AsyncMethodCaller {
 
   // Asks cryptohomed to asynchronously try to find the cryptohome for
   // |user_email| and then mount it using |passhash| to unlock the key.
-  // |create_if_missing| controls whether or not we ask cryptohomed to
-  // create a new home dir if one does not yet exist for |user_email|.
+  // The |flags| are a combination of |MountFlags|:
+  // * CREATE_IF_MISSING Controls whether or not cryptohomed is asked to create
+  //                     a new cryptohome if one does not exist yet for
+  //                     |user_email|.
+  // * ENSURE_EPHEMERAL  If |true|, the mounted cryptohome will be backed by
+  //                     tmpfs. If |false|, the ephemeral users policy decides
+  //                     whether tmpfs or an encrypted directory is used as the
+  //                     backend.
   // |callback| will be called with status info on completion.
-  // If |create_if_missing| is false, and no cryptohome exists for |user_email|,
-  // we'll get
-  // callback.Run(false, kCryptohomeMountErrorUserDoesNotExist).
-  // Otherwise, we expect the normal range of return codes.
+  // If the |CREATE_IF_MISSING| flag is not given and no cryptohome exists
+  // for |user_email|, the expected result is
+  // callback.Run(false, kCryptohomeMountErrorUserDoesNotExist). Otherwise,
+  // the normal range of return codes is expected.
   virtual void AsyncMount(const std::string& user_email,
                           const std::string& passhash,
-                          const bool create_if_missing,
+                          int flags,
                           Callback callback) = 0;
 
   // Asks cryptohomed to asynchronously to mount a tmpfs for guest mode.
diff --git a/chromeos/cryptohome/mock_async_method_caller.h b/chromeos/cryptohome/mock_async_method_caller.h
index 5b301cb..3d2fdeb 100644
--- a/chromeos/cryptohome/mock_async_method_caller.h
+++ b/chromeos/cryptohome/mock_async_method_caller.h
@@ -30,7 +30,7 @@ class MockAsyncMethodCaller : public AsyncMethodCaller {
                                      Callback callback));
   MOCK_METHOD4(AsyncMount, void(const std::string& user_email,
                                 const std::string& passhash,
-                                const bool create_if_missing,
+                                int flags,
                                 Callback callback));
   MOCK_METHOD1(AsyncMountGuest, void(Callback callback));
   MOCK_METHOD2(AsyncRemove, void(const std::string& user_email,
diff --git a/chromeos/dbus/cryptohome_client.cc b/chromeos/dbus/cryptohome_client.cc
index 8cb58ba..f5ee8aa 100644
--- a/chromeos/dbus/cryptohome_client.cc
+++ b/chromeos/dbus/cryptohome_client.cc
@@ -6,6 +6,7 @@
 
 #include "base/bind.h"
 #include "base/message_loop.h"
+#include "chromeos/cryptohome/async_method_caller.h"
 #include "chromeos/dbus/blocking_method_caller.h"
 #include "dbus/bus.h"
 #include "dbus/message.h"
@@ -125,16 +126,17 @@ class CryptohomeClientImpl : public CryptohomeClient {
   // CryptohomeClient override.
   virtual void AsyncMount(const std::string& username,
                           const std::string& key,
-                          const bool create_if_missing,
+                          int flags,
                           const AsyncMethodCallback& callback) OVERRIDE {
     INITIALIZE_METHOD_CALL(method_call, cryptohome::kCryptohomeAsyncMount);
     dbus::MessageWriter writer(&method_call);
     writer.AppendString(username);
     writer.AppendString(key);
-    writer.AppendBool(create_if_missing);
+    writer.AppendBool(flags & cryptohome::CREATE_IF_MISSING);
     writer.AppendBool(false);  // deprecated_replace_tracked_subdirectories
     // deprecated_tracked_subdirectories
     writer.AppendArrayOfStrings(std::vector<std::string>());
+    writer.AppendBool(flags & cryptohome::ENSURE_EPHEMERAL);
     proxy_->CallMethod(&method_call, dbus::ObjectProxy::TIMEOUT_USE_DEFAULT,
                        base::Bind(&CryptohomeClientImpl::OnAsyncMethodCall,
                                   weak_ptr_factory_.GetWeakPtr(),
@@ -501,7 +503,7 @@ class CryptohomeClientStubImpl : public CryptohomeClient {
   // CryptohomeClient override.
   virtual void AsyncMount(const std::string& username,
                           const std::string& key,
-                          const bool create_if_missing,
+                          int flags,
                           const AsyncMethodCallback& callback) OVERRIDE {
     ReturnAsyncMethodResult(callback);
   }
diff --git a/chromeos/dbus/cryptohome_client.h b/chromeos/dbus/cryptohome_client.h
index 7671783..60b632f 100644
--- a/chromeos/dbus/cryptohome_client.h
+++ b/chromeos/dbus/cryptohome_client.h
@@ -82,11 +82,13 @@ class CHROMEOS_EXPORT CryptohomeClient {
   // The original content of |salt| is lost.
   virtual bool GetSystemSalt(std::vector<uint8>* salt) = 0;
 
-  // Calls AsyncMount method.  |callback| is called after the method call
-  // succeeds.
+  // Calls the AsyncMount method to asynchronously mount the cryptohome for
+  // |username|, using |key| to unlock it. For supported |flags|, see the
+  // documentation of AsyncMethodCaller::AsyncMount().
+  // |callback| is called after the method call succeeds.
   virtual void AsyncMount(const std::string& username,
                           const std::string& key,
-                          const bool create_if_missing,
+                          int flags,
                           const AsyncMethodCallback& callback) = 0;
 
   // Calls AsyncMountGuest method.  |callback| is called after the method call
diff --git a/chromeos/dbus/mock_cryptohome_client.h b/chromeos/dbus/mock_cryptohome_client.h
index e36f887..5a249e0 100644
--- a/chromeos/dbus/mock_cryptohome_client.h
+++ b/chromeos/dbus/mock_cryptohome_client.h
@@ -36,7 +36,7 @@ class MockCryptohomeClient : public CryptohomeClient {
   MOCK_METHOD1(GetSystemSalt, bool(std::vector<uint8>* salt));
   MOCK_METHOD4(AsyncMount, void(const std::string& username,
                                 const std::string& key,
-                                const bool create_if_missing,
+                                int flags,
                                 const AsyncMethodCallback& callback));
   MOCK_METHOD1(AsyncMountGuest,
                void(const AsyncMethodCallback& callback));