OLD | NEW |
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/chromeos/login/parallel_authenticator.h" | 5 #include "chrome/browser/chromeos/login/parallel_authenticator.h" |
6 | 6 |
7 #include <string> | 7 #include <string> |
8 #include <vector> | 8 #include <vector> |
9 | 9 |
10 #include "base/file_path.h" | 10 #include "base/file_path.h" |
(...skipping 111 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
122 guest_mounter_ = | 122 guest_mounter_ = |
123 CryptohomeOp::CreateMountGuestAttempt(current_state_.get(), this); | 123 CryptohomeOp::CreateMountGuestAttempt(current_state_.get(), this); |
124 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 124 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
125 guest_mounter_->Initiate(); | 125 guest_mounter_->Initiate(); |
126 } | 126 } |
127 | 127 |
128 void ParallelAuthenticator::OnLoginSuccess( | 128 void ParallelAuthenticator::OnLoginSuccess( |
129 const GaiaAuthConsumer::ClientLoginResult& credentials, | 129 const GaiaAuthConsumer::ClientLoginResult& credentials, |
130 bool request_pending) { | 130 bool request_pending) { |
131 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 131 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
132 LOG(INFO) << "Online login success"; | 132 VLOG(1) << "Online login success"; |
133 // Send notification of success | 133 // Send notification of success |
134 AuthenticationNotificationDetails details(true); | 134 AuthenticationNotificationDetails details(true); |
135 NotificationService::current()->Notify( | 135 NotificationService::current()->Notify( |
136 NotificationType::LOGIN_AUTHENTICATION, | 136 NotificationType::LOGIN_AUTHENTICATION, |
137 NotificationService::AllSources(), | 137 NotificationService::AllSources(), |
138 Details<AuthenticationNotificationDetails>(&details)); | 138 Details<AuthenticationNotificationDetails>(&details)); |
139 { | 139 { |
140 AutoLock for_this_block(success_lock_); | 140 AutoLock for_this_block(success_lock_); |
141 already_reported_success_ = true; | 141 already_reported_success_ = true; |
142 } | 142 } |
(...skipping 15 matching lines...) Expand all Loading... |
158 | 158 |
159 void ParallelAuthenticator::OnPasswordChangeDetected( | 159 void ParallelAuthenticator::OnPasswordChangeDetected( |
160 const GaiaAuthConsumer::ClientLoginResult& credentials) { | 160 const GaiaAuthConsumer::ClientLoginResult& credentials) { |
161 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 161 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
162 consumer_->OnPasswordChangeDetected(credentials); | 162 consumer_->OnPasswordChangeDetected(credentials); |
163 } | 163 } |
164 | 164 |
165 void ParallelAuthenticator::CheckLocalaccount(const LoginFailure& error) { | 165 void ParallelAuthenticator::CheckLocalaccount(const LoginFailure& error) { |
166 { | 166 { |
167 AutoLock for_this_block(localaccount_lock_); | 167 AutoLock for_this_block(localaccount_lock_); |
168 LOG(INFO) << "Checking localaccount"; | 168 VLOG(1) << "Checking localaccount"; |
169 if (!checked_for_localaccount_) { | 169 if (!checked_for_localaccount_) { |
170 BrowserThread::PostDelayedTask( | 170 BrowserThread::PostDelayedTask( |
171 BrowserThread::FILE, FROM_HERE, | 171 BrowserThread::FILE, FROM_HERE, |
172 NewRunnableMethod(this, | 172 NewRunnableMethod(this, |
173 &ParallelAuthenticator::CheckLocalaccount, | 173 &ParallelAuthenticator::CheckLocalaccount, |
174 error), | 174 error), |
175 kLocalaccountRetryIntervalMs); | 175 kLocalaccountRetryIntervalMs); |
176 return; | 176 return; |
177 } | 177 } |
178 } | 178 } |
(...skipping 235 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
414 | 414 |
415 if (state != POSSIBLE_PW_CHANGE && | 415 if (state != POSSIBLE_PW_CHANGE && |
416 state != NO_MOUNT && | 416 state != NO_MOUNT && |
417 state != OFFLINE_LOGIN) | 417 state != OFFLINE_LOGIN) |
418 return state; | 418 return state; |
419 | 419 |
420 if (current_state_->online_complete()) { | 420 if (current_state_->online_complete()) { |
421 if (current_state_->online_outcome().reason() == LoginFailure::NONE) { | 421 if (current_state_->online_outcome().reason() == LoginFailure::NONE) { |
422 // Online attempt succeeded as well, so combine the results. | 422 // Online attempt succeeded as well, so combine the results. |
423 return ResolveOnlineSuccessState(state); | 423 return ResolveOnlineSuccessState(state); |
424 } else { | |
425 // Online login attempt was rejected or failed to occur. | |
426 return ResolveOnlineFailureState(state); | |
427 } | 424 } |
| 425 // Online login attempt was rejected or failed to occur. |
| 426 return ResolveOnlineFailureState(state); |
428 } | 427 } |
429 // if online isn't complete yet, just return the offline result. | 428 // if online isn't complete yet, just return the offline result. |
430 return state; | 429 return state; |
431 } | 430 } |
432 | 431 |
433 ParallelAuthenticator::AuthState | 432 ParallelAuthenticator::AuthState |
434 ParallelAuthenticator::ResolveReauthState() { | 433 ParallelAuthenticator::ResolveReauthState() { |
435 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); | 434 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); |
436 if (reauth_state_->cryptohome_complete()) { | 435 if (reauth_state_->cryptohome_complete()) { |
437 if (!reauth_state_->cryptohome_outcome()) { | 436 if (!reauth_state_->cryptohome_outcome()) { |
438 // If we've tried to migrate and failed, log the error and just wait | 437 // If we've tried to migrate and failed, log the error and just wait |
439 // til next time the user logs in to migrate their cryptohome key. | 438 // til next time the user logs in to migrate their cryptohome key. |
440 LOG(ERROR) << "Failed to migrate cryptohome key: " | 439 LOG(ERROR) << "Failed to migrate cryptohome key: " |
441 << reauth_state_->cryptohome_code(); | 440 << reauth_state_->cryptohome_code(); |
442 } | 441 } |
443 reauth_state_.reset(NULL); | 442 reauth_state_.reset(NULL); |
444 return ONLINE_LOGIN; | 443 return ONLINE_LOGIN; |
445 } | 444 } |
446 // Haven't tried the migrate yet, must be processing the online auth attempt. | 445 // Haven't tried the migrate yet, must be processing the online auth attempt. |
447 if (!reauth_state_->online_complete()) { | 446 if (!reauth_state_->online_complete()) { |
448 NOTREACHED(); // Shouldn't be here at all, if online reauth isn't done! | 447 NOTREACHED(); // Shouldn't be here at all, if online reauth isn't done! |
449 return CONTINUE; | 448 return CONTINUE; |
450 } | 449 } |
451 if (reauth_state_->online_outcome().reason() == LoginFailure::NONE) | 450 return (reauth_state_->online_outcome().reason() == LoginFailure::NONE) ? |
452 return HAVE_NEW_PW; | 451 HAVE_NEW_PW : NEED_NEW_PW; |
453 else | |
454 return NEED_NEW_PW; | |
455 } | 452 } |
456 | 453 |
457 ParallelAuthenticator::AuthState | 454 ParallelAuthenticator::AuthState |
458 ParallelAuthenticator::ResolveCryptohomeFailureState() { | 455 ParallelAuthenticator::ResolveCryptohomeFailureState() { |
459 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); | 456 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); |
460 if (data_remover_.get()) { | 457 if (data_remover_.get()) |
461 return FAILED_REMOVE; | 458 return FAILED_REMOVE; |
462 } else if (guest_mounter_.get()) { | 459 if (guest_mounter_.get()) |
463 return FAILED_TMPFS; | 460 return FAILED_TMPFS; |
464 } else if (key_migrator_.get()) { | 461 if (key_migrator_.get()) |
465 return NEED_OLD_PW; | 462 return NEED_OLD_PW; |
466 } else if (key_checker_.get()) { | 463 if (key_checker_.get()) |
467 return LOGIN_FAILED; | 464 return LOGIN_FAILED; |
468 } else if (current_state_->cryptohome_code() == | 465 if (current_state_->cryptohome_code() == |
469 chromeos::kCryptohomeMountErrorKeyFailure) { | 466 chromeos::kCryptohomeMountErrorKeyFailure) { |
470 // If we tried a mount but they used the wrong key, we may need to | 467 // If we tried a mount but they used the wrong key, we may need to |
471 // ask the user for her old password. We'll only know once we've | 468 // ask the user for her old password. We'll only know once we've |
472 // done the online check. | 469 // done the online check. |
473 return POSSIBLE_PW_CHANGE; | 470 return POSSIBLE_PW_CHANGE; |
474 } else if (current_state_->cryptohome_code() == | 471 } |
475 chromeos::kCryptohomeMountErrorUserDoesNotExist) { | 472 if (current_state_->cryptohome_code() == |
| 473 chromeos::kCryptohomeMountErrorUserDoesNotExist) { |
476 // If we tried a mount but the user did not exist, then we should wait | 474 // If we tried a mount but the user did not exist, then we should wait |
477 // for online login to succeed and try again with the "create" flag set. | 475 // for online login to succeed and try again with the "create" flag set. |
478 return NO_MOUNT; | 476 return NO_MOUNT; |
479 } else { | |
480 return FAILED_MOUNT; | |
481 } | 477 } |
| 478 return FAILED_MOUNT; |
482 } | 479 } |
483 | 480 |
484 ParallelAuthenticator::AuthState | 481 ParallelAuthenticator::AuthState |
485 ParallelAuthenticator::ResolveCryptohomeSuccessState() { | 482 ParallelAuthenticator::ResolveCryptohomeSuccessState() { |
486 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); | 483 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); |
487 if (data_remover_.get()) { | 484 if (data_remover_.get()) |
488 return CREATE_NEW; | 485 return CREATE_NEW; |
489 } else if (guest_mounter_.get()) { | 486 if (guest_mounter_.get()) |
490 return LOCAL_LOGIN; | 487 return LOCAL_LOGIN; |
491 } else if (key_migrator_.get()) { | 488 if (key_migrator_.get()) |
492 return RECOVER_MOUNT; | 489 return RECOVER_MOUNT; |
493 } else if (key_checker_.get()) { | 490 if (key_checker_.get()) |
494 return UNLOCK; | 491 return UNLOCK; |
495 } else { | 492 return OFFLINE_LOGIN; |
496 return OFFLINE_LOGIN; | |
497 } | |
498 } | 493 } |
499 | 494 |
500 ParallelAuthenticator::AuthState | 495 ParallelAuthenticator::AuthState |
501 ParallelAuthenticator::ResolveOnlineFailureState( | 496 ParallelAuthenticator::ResolveOnlineFailureState( |
502 ParallelAuthenticator::AuthState offline_state) { | 497 ParallelAuthenticator::AuthState offline_state) { |
503 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); | 498 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); |
504 if (offline_state == OFFLINE_LOGIN) { | 499 if (offline_state == OFFLINE_LOGIN) { |
505 if (current_state_->online_outcome().error().state() == | 500 if (current_state_->online_outcome().error().state() == |
506 GoogleServiceAuthError::CONNECTION_FAILED) { | 501 GoogleServiceAuthError::CONNECTION_FAILED) { |
507 // Couldn't do an online check, so just go with the offline result. | 502 // Couldn't do an online check, so just go with the offline result. |
508 return OFFLINE_LOGIN; | 503 return OFFLINE_LOGIN; |
509 } | 504 } |
510 // Otherwise, online login was rejected! | 505 // Otherwise, online login was rejected! |
511 if (current_state_->online_outcome().error().state() == | 506 if (current_state_->online_outcome().error().state() == |
512 GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS) { | 507 GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS) { |
513 return NEED_NEW_PW; | 508 return NEED_NEW_PW; |
514 } else { | |
515 return ONLINE_FAILED; | |
516 } | 509 } |
| 510 return ONLINE_FAILED; |
517 } | 511 } |
518 return LOGIN_FAILED; | 512 return LOGIN_FAILED; |
519 } | 513 } |
520 | 514 |
521 ParallelAuthenticator::AuthState | 515 ParallelAuthenticator::AuthState |
522 ParallelAuthenticator::ResolveOnlineSuccessState( | 516 ParallelAuthenticator::ResolveOnlineSuccessState( |
523 ParallelAuthenticator::AuthState offline_state) { | 517 ParallelAuthenticator::AuthState offline_state) { |
524 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); | 518 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); |
525 switch (offline_state) { | 519 switch (offline_state) { |
526 case POSSIBLE_PW_CHANGE: | 520 case POSSIBLE_PW_CHANGE: |
(...skipping 20 matching lines...) Expand all Loading... |
547 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::FILE)); | 541 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::FILE)); |
548 { | 542 { |
549 AutoLock for_this_block(localaccount_lock_); | 543 AutoLock for_this_block(localaccount_lock_); |
550 if (checked_for_localaccount_) | 544 if (checked_for_localaccount_) |
551 return; | 545 return; |
552 } | 546 } |
553 FilePath localaccount_file; | 547 FilePath localaccount_file; |
554 std::string localaccount; | 548 std::string localaccount; |
555 if (PathService::Get(base::DIR_EXE, &localaccount_file)) { | 549 if (PathService::Get(base::DIR_EXE, &localaccount_file)) { |
556 localaccount_file = localaccount_file.Append(filename); | 550 localaccount_file = localaccount_file.Append(filename); |
557 LOG(INFO) << "looking for localaccount in " << localaccount_file.value(); | 551 VLOG(1) << "Looking for localaccount in " << localaccount_file.value(); |
558 | 552 |
559 ReadFileToString(localaccount_file, &localaccount); | 553 ReadFileToString(localaccount_file, &localaccount); |
560 TrimWhitespaceASCII(localaccount, TRIM_TRAILING, &localaccount); | 554 TrimWhitespaceASCII(localaccount, TRIM_TRAILING, &localaccount); |
561 LOG(INFO) << "Loading localaccount: " << localaccount; | 555 VLOG(1) << "Loading localaccount: " << localaccount; |
562 } else { | 556 } else { |
563 LOG(INFO) << "Assuming no localaccount"; | 557 VLOG(1) << "Assuming no localaccount"; |
564 } | 558 } |
565 SetLocalaccount(localaccount); | 559 SetLocalaccount(localaccount); |
566 } | 560 } |
567 | 561 |
568 void ParallelAuthenticator::SetLocalaccount(const std::string& new_name) { | 562 void ParallelAuthenticator::SetLocalaccount(const std::string& new_name) { |
569 localaccount_ = new_name; | 563 localaccount_ = new_name; |
570 { // extra braces for clarity about AutoLock scope. | 564 { // extra braces for clarity about AutoLock scope. |
571 AutoLock for_this_block(localaccount_lock_); | 565 AutoLock for_this_block(localaccount_lock_); |
572 checked_for_localaccount_ = true; | 566 checked_for_localaccount_ = true; |
573 } | 567 } |
(...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
606 | 600 |
607 std::string ParallelAuthenticator::SaltAsAscii() { | 601 std::string ParallelAuthenticator::SaltAsAscii() { |
608 LoadSystemSalt(); // no-op if it's already loaded. | 602 LoadSystemSalt(); // no-op if it's already loaded. |
609 unsigned int salt_len = system_salt_.size(); | 603 unsigned int salt_len = system_salt_.size(); |
610 char ascii_salt[2 * salt_len + 1]; | 604 char ascii_salt[2 * salt_len + 1]; |
611 if (ParallelAuthenticator::BinaryToHex(system_salt_, | 605 if (ParallelAuthenticator::BinaryToHex(system_salt_, |
612 salt_len, | 606 salt_len, |
613 ascii_salt, | 607 ascii_salt, |
614 sizeof(ascii_salt))) { | 608 sizeof(ascii_salt))) { |
615 return std::string(ascii_salt, sizeof(ascii_salt) - 1); | 609 return std::string(ascii_salt, sizeof(ascii_salt) - 1); |
616 } else { | |
617 return std::string(); | |
618 } | 610 } |
| 611 return std::string(); |
619 } | 612 } |
620 | 613 |
621 // static | 614 // static |
622 bool ParallelAuthenticator::BinaryToHex( | 615 bool ParallelAuthenticator::BinaryToHex( |
623 const std::vector<unsigned char>& binary, | 616 const std::vector<unsigned char>& binary, |
624 const unsigned int binary_len, | 617 const unsigned int binary_len, |
625 char* hex_string, | 618 char* hex_string, |
626 const unsigned int len) { | 619 const unsigned int len) { |
627 if (len < 2*binary_len) | 620 if (len < 2*binary_len) |
628 return false; | 621 return false; |
629 memset(hex_string, 0, len); | 622 memset(hex_string, 0, len); |
630 for (uint i = 0, j = 0; i < binary_len; i++, j+=2) | 623 for (uint i = 0, j = 0; i < binary_len; i++, j+=2) |
631 snprintf(hex_string + j, len - j, "%02x", binary[i]); | 624 snprintf(hex_string + j, len - j, "%02x", binary[i]); |
632 return true; | 625 return true; |
633 } | 626 } |
634 | 627 |
635 } // namespace chromeos | 628 } // namespace chromeos |
OLD | NEW |