Authentication support for Legacy mode

This change introduces new 'Mount' API argument - UNIX_FD for named pipe.
This named pipe is utilized to securely send secret data over D-Bus.
Currently data consists of null-terminated char buffers with username and
password.

Data on receiving side is encapsulated into classes whose role is to:
- keep secret as short-lived as possible
- erase secret from memory when it's not needed
- pass secrets (and format them) to another secure container with above
  capabilities

New classes:
- Credentials: is a class encapsulating login and password. It zeroes them
  at destruction.
- CredentialProvider: contains Credentials, specifies SecureBuffer, allows
  to store credentials in SecureBuffer
- SecureBuffer: char vector which zeroes itself at destruction,
  used to provision secret data
- VolatileFile: class creating temporary file with 'owner-only' permissions
  in /tmp; at destruction overwrites it's contents with '*' and removes it

New behavior:
- when UNIX_FD is provided over D-Bus it's treated as open unix pipe. Data
  is read from this pipe and stored securely into CredentialsProvider
- credentials are stored in applications inside CredentialsProvider object,
  encapsulated by unique_ptr for as long as it's needed
- strings containing secrets are zeroed immediately after use
- VolatileFile is used to securely pass credentials to nbdkit curl plugin
  instead of command line parameters.

Tested:
Manual and automated tests on WilsonCity platform:
- positive and negative tests for authentication on both CIFS and HTTPS
  resources
- error injection (ill-formed data transfered over pipe, pipe broken etc.)

Change-Id: I608ae0380b8ad57110bc0939f71eb48604e7dc99
Signed-off-by: Adrian Ambrożewicz <adrian.ambrozewicz@linux.intel.com>
Signed-off-by: Agata Olender <agata.olender@intel.com>

0 files changed, 0 insertions, 0 deletions