OLD | NEW |
1 // Copyright (c) 2009-2010 The Chromium OS Authors. All rights reserved. | 1 // Copyright (c) 2009-2010 The Chromium OS Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "login_manager/session_manager_service.h" | 5 #include "login_manager/session_manager_service.h" |
6 | 6 |
7 #include <dbus/dbus-glib-lowlevel.h> | 7 #include <dbus/dbus-glib-lowlevel.h> |
8 #include <errno.h> | 8 #include <errno.h> |
9 #include <glib.h> | 9 #include <glib.h> |
10 #include <grp.h> | 10 #include <grp.h> |
(...skipping 447 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
458 } | 458 } |
459 | 459 |
460 return FALSE; | 460 return FALSE; |
461 } | 461 } |
462 | 462 |
463 gboolean SessionManagerService::StartSession(gchar* email_address, | 463 gboolean SessionManagerService::StartSession(gchar* email_address, |
464 gchar* unique_identifier, | 464 gchar* unique_identifier, |
465 gboolean* OUT_done, | 465 gboolean* OUT_done, |
466 GError** error) { | 466 GError** error) { |
467 if (session_started_) { | 467 if (session_started_) { |
468 SetGError(error, | 468 const char msg[] = "Can't start session while session is already active."; |
469 CHROMEOS_LOGIN_ERROR_SESSION_EXISTS, | 469 LOG(ERROR) << msg; |
470 "Can't start a session while a session is already active."); | 470 SetGError(error, CHROMEOS_LOGIN_ERROR_SESSION_EXISTS, msg); |
471 *OUT_done = FALSE; | 471 return *OUT_done = FALSE; |
472 return FALSE; | |
473 } | 472 } |
474 if (!ValidateAndCacheUserEmail(email_address, error)) { | 473 if (!ValidateAndCacheUserEmail(email_address, error)) { |
475 *OUT_done = FALSE; | 474 *OUT_done = FALSE; |
476 return FALSE; | 475 return FALSE; |
477 } | 476 } |
478 // If the current user is the owner, and isn't whitelisted or set | 477 // If the current user is the owner, and isn't whitelisted or set |
479 // as the cros.device.owner pref, then do so. This attempt only succeeds | 478 // as the cros.device.owner pref, then do so. This attempt only succeeds |
480 // if the current user has access to the private half of the owner's | 479 // if the current user has access to the private half of the owner's |
481 // registered public key. | 480 // registered public key. |
482 StoreOwnerProperties(NULL); | 481 StoreOwnerProperties(NULL); |
(...skipping 108 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
591 NULL); | 590 NULL); |
592 // TODO(cmasone): re-enable these when we try to enable logout without exiting | 591 // TODO(cmasone): re-enable these when we try to enable logout without exiting |
593 // the session manager | 592 // the session manager |
594 // child_job_->StopSession(); | 593 // child_job_->StopSession(); |
595 // session_started_ = false; | 594 // session_started_ = false; |
596 return *OUT_done = TRUE; | 595 return *OUT_done = TRUE; |
597 } | 596 } |
598 | 597 |
599 gboolean SessionManagerService::SetOwnerKey(GArray* public_key_der, | 598 gboolean SessionManagerService::SetOwnerKey(GArray* public_key_der, |
600 GError** error) { | 599 GError** error) { |
601 SetGError(error, | 600 const char msg[] = "The session_manager now sets the Owner's public key."; |
602 CHROMEOS_LOGIN_ERROR_ILLEGAL_PUBKEY, | 601 LOG(ERROR) << msg; |
603 "The session_manager now sets the Owner's public key."); | 602 SetGError(error, CHROMEOS_LOGIN_ERROR_ILLEGAL_PUBKEY, msg); |
604 // Just to be safe, send back a nACK in addition to returning an error. | 603 // Just to be safe, send back a nACK in addition to returning an error. |
605 SendSignal(chromium::kOwnerKeySetSignal, false); | 604 SendSignal(chromium::kOwnerKeySetSignal, false); |
606 return FALSE; | 605 return FALSE; |
607 } | 606 } |
608 | 607 |
609 gboolean SessionManagerService::Unwhitelist(gchar* email_address, | 608 gboolean SessionManagerService::Unwhitelist(gchar* email_address, |
610 GArray* signature, | 609 GArray* signature, |
611 GError** error) { | 610 GError** error) { |
612 LOG(INFO) << "Unwhitelisting " << email_address; | 611 LOG(INFO) << "Unwhitelisting " << email_address; |
613 if (!key_->IsPopulated()) { | 612 if (!key_->IsPopulated()) { |
614 SetGError(error, | 613 const char msg[] = "Attempt to unwhitelist before owner's key is set."; |
615 CHROMEOS_LOGIN_ERROR_NO_OWNER_KEY, | 614 LOG(ERROR) << msg; |
616 "Attempt to unwhitelist before owner's key is set."); | 615 SetGError(error, CHROMEOS_LOGIN_ERROR_NO_OWNER_KEY, msg); |
617 return FALSE; | 616 return FALSE; |
618 } | 617 } |
619 if (!key_->Verify(email_address, | 618 if (!key_->Verify(email_address, |
620 strlen(email_address), | 619 strlen(email_address), |
621 signature->data, | 620 signature->data, |
622 signature->len)) { | 621 signature->len)) { |
623 SetGError(error, | 622 const char msg[] = "Signature could not be verified in Unwhitelist."; |
624 CHROMEOS_LOGIN_ERROR_VERIFY_FAIL, | 623 LOG(ERROR) << msg; |
625 "Signature could not be verified in Unwhitelist."); | 624 SetGError(error, CHROMEOS_LOGIN_ERROR_VERIFY_FAIL, msg); |
626 return FALSE; | 625 return FALSE; |
627 } | 626 } |
628 store_->Unwhitelist(email_address); | 627 store_->Unwhitelist(email_address); |
629 io_thread_.message_loop()->PostTask( | 628 io_thread_.message_loop()->PostTask( |
630 FROM_HERE, | 629 FROM_HERE, |
631 NewRunnableMethod(this, &SessionManagerService::PersistWhitelist)); | 630 NewRunnableMethod(this, &SessionManagerService::PersistWhitelist)); |
632 return TRUE; | 631 return TRUE; |
633 } | 632 } |
634 | 633 |
635 gboolean SessionManagerService::CheckWhitelist(gchar* email_address, | 634 gboolean SessionManagerService::CheckWhitelist(gchar* email_address, |
636 GArray** OUT_signature, | 635 GArray** OUT_signature, |
637 GError** error) { | 636 GError** error) { |
638 std::string encoded; | 637 std::string encoded; |
639 if (!store_->GetFromWhitelist(email_address, &encoded)) { | 638 if (!store_->GetFromWhitelist(email_address, &encoded)) { |
640 SetGError(error, | 639 const char msg[] = "The user is not whitelisted."; |
641 CHROMEOS_LOGIN_ERROR_ILLEGAL_USER, | 640 LOG(INFO) << msg; |
642 "The user is not whitelisted."); | 641 SetGError(error, CHROMEOS_LOGIN_ERROR_ILLEGAL_USER, msg); |
643 return FALSE; | 642 return FALSE; |
644 } | 643 } |
645 std::string decoded; | 644 std::string decoded; |
646 if (!base::Base64Decode(encoded, &decoded)) { | 645 if (!base::Base64Decode(encoded, &decoded)) { |
647 SetGError(error, | 646 const char msg[] = "Signature could not be decoded in CheckWhitelist."; |
648 CHROMEOS_LOGIN_ERROR_DECODE_FAIL, | 647 LOG(ERROR) << msg; |
649 "Signature could not be decoded in CheckWhitelist."); | 648 SetGError(error, CHROMEOS_LOGIN_ERROR_DECODE_FAIL, msg); |
650 return FALSE; | 649 return FALSE; |
651 } | 650 } |
652 | 651 |
653 *OUT_signature = g_array_sized_new(FALSE, FALSE, 1, decoded.length()); | 652 *OUT_signature = g_array_sized_new(FALSE, FALSE, 1, decoded.length()); |
654 g_array_append_vals(*OUT_signature, decoded.c_str(), decoded.length()); | 653 g_array_append_vals(*OUT_signature, decoded.c_str(), decoded.length()); |
655 return TRUE; | 654 return TRUE; |
656 } | 655 } |
657 | 656 |
658 gboolean SessionManagerService::EnumerateWhitelisted(gchar*** OUT_whitelist, | 657 gboolean SessionManagerService::EnumerateWhitelisted(gchar*** OUT_whitelist, |
659 GError** error) { | 658 GError** error) { |
660 std::vector<std::string> the_whitelisted; | 659 std::vector<std::string> the_whitelisted; |
661 store_->EnumerateWhitelisted(&the_whitelisted); | 660 store_->EnumerateWhitelisted(&the_whitelisted); |
662 uint num_whitelisted = the_whitelisted.size(); | 661 uint num_whitelisted = the_whitelisted.size(); |
663 *OUT_whitelist = g_new(gchar*, num_whitelisted + 1); | 662 *OUT_whitelist = g_new(gchar*, num_whitelisted + 1); |
664 (*OUT_whitelist)[num_whitelisted] = NULL; | 663 (*OUT_whitelist)[num_whitelisted] = NULL; |
665 | 664 |
666 for (uint i = 0; i < num_whitelisted; ++i) { | 665 for (uint i = 0; i < num_whitelisted; ++i) { |
667 (*OUT_whitelist)[i] = g_strndup(the_whitelisted[i].c_str(), | 666 (*OUT_whitelist)[i] = g_strndup(the_whitelisted[i].c_str(), |
668 the_whitelisted[i].length()); | 667 the_whitelisted[i].length()); |
669 } | 668 } |
670 return TRUE; | 669 return TRUE; |
671 } | 670 } |
672 | 671 |
673 gboolean SessionManagerService::Whitelist(gchar* email_address, | 672 gboolean SessionManagerService::Whitelist(gchar* email_address, |
674 GArray* signature, | 673 GArray* signature, |
675 GError** error) { | 674 GError** error) { |
676 LOG(INFO) << "Whitelisting " << email_address; | 675 LOG(INFO) << "Whitelisting " << email_address; |
677 if (!key_->IsPopulated()) { | 676 if (!key_->IsPopulated()) { |
678 SetGError(error, | 677 const char msg[] = "Attempt to whitelist before owner's key is set."; |
679 CHROMEOS_LOGIN_ERROR_NO_OWNER_KEY, | 678 LOG(ERROR) << msg; |
680 "Attempt to whitelist before owner's key is set."); | 679 SetGError(error, CHROMEOS_LOGIN_ERROR_NO_OWNER_KEY, msg); |
681 return FALSE; | 680 return FALSE; |
682 } | 681 } |
683 if (!key_->Verify(email_address, | 682 if (!key_->Verify(email_address, |
684 strlen(email_address), | 683 strlen(email_address), |
685 signature->data, | 684 signature->data, |
686 signature->len)) { | 685 signature->len)) { |
687 SetGError(error, | 686 const char msg[] = "Signature could not be verified in Whitelist."; |
688 CHROMEOS_LOGIN_ERROR_VERIFY_FAIL, | 687 LOG(ERROR) << msg; |
689 "Signature could not be verified in Whitelist."); | 688 SetGError(error, CHROMEOS_LOGIN_ERROR_VERIFY_FAIL, msg); |
690 return FALSE; | 689 return FALSE; |
691 } | 690 } |
692 std::string data(signature->data, signature->len); | 691 std::string data(signature->data, signature->len); |
693 return WhitelistHelper(email_address, data, error); | 692 return WhitelistHelper(email_address, data, error); |
694 } | 693 } |
695 | 694 |
696 gboolean SessionManagerService::StoreProperty(gchar* name, | 695 gboolean SessionManagerService::StoreProperty(gchar* name, |
697 gchar* value, | 696 gchar* value, |
698 GArray* signature, | 697 GArray* signature, |
699 GError** error) { | 698 GError** error) { |
700 LOG(INFO) << "Setting pref " << name << "=" << value; | 699 LOG(INFO) << "Setting pref " << name << "=" << value; |
701 if (!key_->IsPopulated()) { | 700 if (!key_->IsPopulated()) { |
702 SetGError(error, | 701 const char msg[] = "Attempt to store property before owner's key is set."; |
703 CHROMEOS_LOGIN_ERROR_NO_OWNER_KEY, | 702 LOG(ERROR) << msg; |
704 "Attempt to store property before owner's key is set."); | 703 SetGError(error, CHROMEOS_LOGIN_ERROR_NO_OWNER_KEY, msg); |
705 return FALSE; | 704 return FALSE; |
706 } | 705 } |
707 std::string was_signed = base::StringPrintf("%s=%s", name, value); | 706 std::string was_signed = base::StringPrintf("%s=%s", name, value); |
708 if (!key_->Verify(was_signed.c_str(), | 707 if (!key_->Verify(was_signed.c_str(), |
709 was_signed.length(), | 708 was_signed.length(), |
710 signature->data, | 709 signature->data, |
711 signature->len)) { | 710 signature->len)) { |
712 SetGError(error, | 711 const char msg[] = "Signature could not be verified in StoreProperty."; |
713 CHROMEOS_LOGIN_ERROR_VERIFY_FAIL, | 712 LOG(ERROR) << msg; |
714 "Signature could not be verified in StoreProperty."); | 713 SetGError(error, CHROMEOS_LOGIN_ERROR_VERIFY_FAIL, msg); |
715 return FALSE; | 714 return FALSE; |
716 } | 715 } |
717 std::string data(signature->data, signature->len); | 716 std::string data(signature->data, signature->len); |
718 return SetPropertyHelper(name, value, data, error); | 717 return SetPropertyHelper(name, value, data, error); |
719 } | 718 } |
720 | 719 |
721 gboolean SessionManagerService::RetrieveProperty(gchar* name, | 720 gboolean SessionManagerService::RetrieveProperty(gchar* name, |
722 gchar** OUT_value, | 721 gchar** OUT_value, |
723 GArray** OUT_signature, | 722 GArray** OUT_signature, |
724 GError** error) { | 723 GError** error) { |
(...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
765 GError** error) { | 764 GError** error) { |
766 int child_pid = pid; | 765 int child_pid = pid; |
767 std::vector<int>::iterator child_pid_it = | 766 std::vector<int>::iterator child_pid_it = |
768 std::find(child_pids_.begin(), child_pids_.end(), child_pid); | 767 std::find(child_pids_.begin(), child_pids_.end(), child_pid); |
769 size_t child_index = child_pid_it - child_pids_.begin(); | 768 size_t child_index = child_pid_it - child_pids_.begin(); |
770 | 769 |
771 if (child_pid_it == child_pids_.end() || | 770 if (child_pid_it == child_pids_.end() || |
772 child_jobs_[child_index]->GetName() != "chrome") { | 771 child_jobs_[child_index]->GetName() != "chrome") { |
773 // If we didn't find the pid, or we don't think that job was chrome... | 772 // If we didn't find the pid, or we don't think that job was chrome... |
774 *OUT_done = FALSE; | 773 *OUT_done = FALSE; |
775 SetGError(error, | 774 const char msg[] = "Provided pid is unknown."; |
776 CHROMEOS_LOGIN_ERROR_UNKNOWN_PID, | 775 LOG(ERROR) << msg; |
777 "Provided pid is unknown."); | 776 SetGError(error, CHROMEOS_LOGIN_ERROR_UNKNOWN_PID, msg); |
778 return FALSE; | 777 return FALSE; |
779 } | 778 } |
780 | 779 |
781 // Waiting for Chrome to shutdown takes too much time. | 780 // Waiting for Chrome to shutdown takes too much time. |
782 // We're killing it immediately hoping that data Chrome uses before | 781 // We're killing it immediately hoping that data Chrome uses before |
783 // logging in is not corrupted. | 782 // logging in is not corrupted. |
784 // TODO(avayvod): Remove RestartJob when crosbug.com/6924 is fixed. | 783 // TODO(avayvod): Remove RestartJob when crosbug.com/6924 is fixed. |
785 KillChild(child_jobs_[child_index], child_pid); | 784 KillChild(child_jobs_[child_index], child_pid); |
786 | 785 |
787 char arguments_buffer[kMaxArgumentsSize + 1]; | 786 char arguments_buffer[kMaxArgumentsSize + 1]; |
(...skipping 138 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
926 message_loop_->PostTask( | 925 message_loop_->PostTask( |
927 FROM_HERE, NewRunnableMethod(this, &SessionManagerService::SendSignal, | 926 FROM_HERE, NewRunnableMethod(this, &SessionManagerService::SendSignal, |
928 chromium::kPropertyChangeCompleteSignal, | 927 chromium::kPropertyChangeCompleteSignal, |
929 what_happened)); | 928 what_happened)); |
930 } | 929 } |
931 | 930 |
932 // static | 931 // static |
933 void SessionManagerService::SetGError(GError** error, | 932 void SessionManagerService::SetGError(GError** error, |
934 ChromeOSLoginError code, | 933 ChromeOSLoginError code, |
935 const char* message) { | 934 const char* message) { |
936 LOG(ERROR) << message; | |
937 g_set_error(error, CHROMEOS_LOGIN_ERROR, code, "Login error: %s", message); | 935 g_set_error(error, CHROMEOS_LOGIN_ERROR, code, "Login error: %s", message); |
938 } | 936 } |
939 | 937 |
940 | 938 |
941 /////////////////////////////////////////////////////////////////////////////// | 939 /////////////////////////////////////////////////////////////////////////////// |
942 // Utility Methods | 940 // Utility Methods |
943 | 941 |
944 // This can probably be more efficient, if it needs to be. | 942 // This can probably be more efficient, if it needs to be. |
945 // static | 943 // static |
946 bool SessionManagerService::ValidateEmail(const string& email_address) { | 944 bool SessionManagerService::ValidateEmail(const string& email_address) { |
(...skipping 89 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1036 std::string decoded; | 1034 std::string decoded; |
1037 if (!GetPropertyHelper(kDeviceOwnerPref, &value, &decoded, error)) | 1035 if (!GetPropertyHelper(kDeviceOwnerPref, &value, &decoded, error)) |
1038 return FALSE; | 1036 return FALSE; |
1039 std::string was_signed = base::StringPrintf("%s=%s", | 1037 std::string was_signed = base::StringPrintf("%s=%s", |
1040 kDeviceOwnerPref, | 1038 kDeviceOwnerPref, |
1041 value.c_str()); | 1039 value.c_str()); |
1042 if (!key_->Verify(was_signed.c_str(), | 1040 if (!key_->Verify(was_signed.c_str(), |
1043 was_signed.length(), | 1041 was_signed.length(), |
1044 decoded.c_str(), | 1042 decoded.c_str(), |
1045 decoded.length())) { | 1043 decoded.length())) { |
1046 SetGError(error, | 1044 const char msg[] = "Owner pref signature could not be verified."; |
1047 CHROMEOS_LOGIN_ERROR_VERIFY_FAIL, | 1045 LOG(ERROR) << msg; |
1048 "Owner pref signature could not be verified."); | 1046 SetGError(error, CHROMEOS_LOGIN_ERROR_VERIFY_FAIL, msg); |
1049 return FALSE; | 1047 return FALSE; |
1050 } | 1048 } |
1051 return value == current_user_; | 1049 return value == current_user_; |
1052 } | 1050 } |
1053 | 1051 |
1054 gboolean SessionManagerService::CurrentUserHasOwnerKey( | 1052 gboolean SessionManagerService::CurrentUserHasOwnerKey( |
1055 const std::vector<uint8>& pub_key, | 1053 const std::vector<uint8>& pub_key, |
1056 GError** error) { | 1054 GError** error) { |
1057 if (!nss_->OpenUserDB()) { | 1055 if (!nss_->OpenUserDB()) { |
1058 SetGError(error, | 1056 const char msg[] = "Could not open the current user's NSS database."; |
1059 CHROMEOS_LOGIN_ERROR_NO_USER_NSSDB, | 1057 LOG(ERROR) << msg; |
1060 "Could not open the current user's NSS database."); | 1058 SetGError(error, CHROMEOS_LOGIN_ERROR_NO_USER_NSSDB, msg); |
1061 return FALSE; | 1059 return FALSE; |
1062 } | 1060 } |
1063 if (!nss_->GetPrivateKey(pub_key)) { | 1061 if (!nss_->GetPrivateKey(pub_key)) { |
1064 SetGError(error, | 1062 const char msg[] = "Could not verify that public key belongs to the owner."; |
1065 CHROMEOS_LOGIN_ERROR_ILLEGAL_PUBKEY, | 1063 LOG(WARNING) << msg; |
1066 "Could not verify that public key belongs to the owner."); | 1064 SetGError(error, CHROMEOS_LOGIN_ERROR_ILLEGAL_PUBKEY, msg); |
1067 return FALSE; | 1065 return FALSE; |
1068 } | 1066 } |
1069 return TRUE; | 1067 return TRUE; |
1070 } | 1068 } |
1071 | 1069 |
1072 gboolean SessionManagerService::ValidateAndCacheUserEmail( | 1070 gboolean SessionManagerService::ValidateAndCacheUserEmail( |
1073 const gchar* email_address, | 1071 const gchar* email_address, |
1074 GError** error) { | 1072 GError** error) { |
1075 // basic validity checking; avoid buffer overflows here, and | 1073 // basic validity checking; avoid buffer overflows here, and |
1076 // canonicalize the email address a little. | 1074 // canonicalize the email address a little. |
1077 char email[kMaxEmailSize + 1]; | 1075 char email[kMaxEmailSize + 1]; |
1078 snprintf(email, sizeof(email), "%s", email_address); | 1076 snprintf(email, sizeof(email), "%s", email_address); |
1079 email[kMaxEmailSize] = '\0'; // Just to be sure. | 1077 email[kMaxEmailSize] = '\0'; // Just to be sure. |
1080 string email_string(email); | 1078 string email_string(email); |
1081 if (email_string != kIncognitoUser && !ValidateEmail(email_string)) { | 1079 if (email_string != kIncognitoUser && !ValidateEmail(email_string)) { |
1082 SetGError(error, | 1080 const char msg[] = "Provided email address is not valid. ASCII only."; |
1083 CHROMEOS_LOGIN_ERROR_INVALID_EMAIL, | 1081 LOG(ERROR) << msg; |
1084 "Provided email address is not valid. ASCII only."); | 1082 SetGError(error, CHROMEOS_LOGIN_ERROR_INVALID_EMAIL, msg); |
1085 return FALSE; | 1083 return FALSE; |
1086 } | 1084 } |
1087 current_user_ = StringToLowerASCII(email_string); | 1085 current_user_ = StringToLowerASCII(email_string); |
1088 return TRUE; | 1086 return TRUE; |
1089 } | 1087 } |
1090 | 1088 |
1091 int SessionManagerService::FindChildByPid(int pid) { | 1089 int SessionManagerService::FindChildByPid(int pid) { |
1092 for (int i = 0; i < child_pids_.size(); ++i) { | 1090 for (int i = 0; i < child_pids_.size(); ++i) { |
1093 if (child_pids_[i] == pid) | 1091 if (child_pids_[i] == pid) |
1094 return i; | 1092 return i; |
(...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1134 | 1132 |
1135 gboolean SessionManagerService::SignAndStoreProperty(const std::string& name, | 1133 gboolean SessionManagerService::SignAndStoreProperty(const std::string& name, |
1136 const std::string& value, | 1134 const std::string& value, |
1137 const std::string& err_msg, | 1135 const std::string& err_msg, |
1138 GError** error) { | 1136 GError** error) { |
1139 std::vector<uint8> signature; | 1137 std::vector<uint8> signature; |
1140 std::string to_sign = base::StringPrintf("%s=%s", | 1138 std::string to_sign = base::StringPrintf("%s=%s", |
1141 kDeviceOwnerPref, | 1139 kDeviceOwnerPref, |
1142 current_user_.c_str()); | 1140 current_user_.c_str()); |
1143 if (!key_->Sign(to_sign.c_str(), to_sign.length(), &signature)) { | 1141 if (!key_->Sign(to_sign.c_str(), to_sign.length(), &signature)) { |
| 1142 LOG_IF(ERROR, error) << err_msg; |
| 1143 LOG_IF(WARNING, !error) << err_msg; |
1144 SetGError(error, CHROMEOS_LOGIN_ERROR_ILLEGAL_PUBKEY, err_msg.c_str()); | 1144 SetGError(error, CHROMEOS_LOGIN_ERROR_ILLEGAL_PUBKEY, err_msg.c_str()); |
1145 return FALSE; | 1145 return FALSE; |
1146 } | 1146 } |
1147 std::string signature_string(reinterpret_cast<const char*>(&signature[0]), | 1147 std::string signature_string(reinterpret_cast<const char*>(&signature[0]), |
1148 signature.size()); | 1148 signature.size()); |
1149 return SetPropertyHelper(kDeviceOwnerPref, | 1149 return SetPropertyHelper(kDeviceOwnerPref, |
1150 current_user_, | 1150 current_user_, |
1151 signature_string, | 1151 signature_string, |
1152 error); | 1152 error); |
1153 } | 1153 } |
1154 | 1154 |
1155 gboolean SessionManagerService::SignAndWhitelist(const std::string& email, | 1155 gboolean SessionManagerService::SignAndWhitelist(const std::string& email, |
1156 const std::string& err_msg, | 1156 const std::string& err_msg, |
1157 GError** error) { | 1157 GError** error) { |
1158 std::vector<uint8> signature; | 1158 std::vector<uint8> signature; |
1159 if (!key_->Sign(current_user_.c_str(), current_user_.length(), &signature)) { | 1159 if (!key_->Sign(current_user_.c_str(), current_user_.length(), &signature)) { |
| 1160 LOG_IF(ERROR, error) << err_msg; |
| 1161 LOG_IF(WARNING, !error) << err_msg; |
1160 SetGError(error, CHROMEOS_LOGIN_ERROR_ILLEGAL_PUBKEY, err_msg.c_str()); | 1162 SetGError(error, CHROMEOS_LOGIN_ERROR_ILLEGAL_PUBKEY, err_msg.c_str()); |
1161 return FALSE; | 1163 return FALSE; |
1162 } | 1164 } |
1163 std::string signature_string(reinterpret_cast<const char*>(&signature[0]), | 1165 std::string signature_string(reinterpret_cast<const char*>(&signature[0]), |
1164 signature.size()); | 1166 signature.size()); |
1165 return WhitelistHelper(current_user_, signature_string, error); | 1167 return WhitelistHelper(current_user_, signature_string, error); |
1166 } | 1168 } |
1167 | 1169 |
1168 gboolean SessionManagerService::SetPropertyHelper(const std::string& name, | 1170 gboolean SessionManagerService::SetPropertyHelper(const std::string& name, |
1169 const std::string& value, | 1171 const std::string& value, |
1170 const std::string& signature, | 1172 const std::string& signature, |
1171 GError** error) { | 1173 GError** error) { |
1172 std::string encoded; | 1174 std::string encoded; |
1173 if (!base::Base64Encode(signature, &encoded)) { | 1175 if (!base::Base64Encode(signature, &encoded)) { |
1174 SetGError(error, | 1176 const char msg[] = "Signature could not be encoded."; |
1175 CHROMEOS_LOGIN_ERROR_ENCODE_FAIL, | 1177 LOG(ERROR) << msg; |
1176 "Signature could not be verified in SetPropertyHelper."); | 1178 SetGError(error, CHROMEOS_LOGIN_ERROR_ENCODE_FAIL, msg); |
1177 return FALSE; | 1179 return FALSE; |
1178 } | 1180 } |
1179 store_->Set(name, value, encoded); | 1181 store_->Set(name, value, encoded); |
1180 io_thread_.message_loop()->PostTask( | 1182 io_thread_.message_loop()->PostTask( |
1181 FROM_HERE, NewRunnableMethod(this, &SessionManagerService::PersistStore)); | 1183 FROM_HERE, NewRunnableMethod(this, &SessionManagerService::PersistStore)); |
1182 return TRUE; | 1184 return TRUE; |
1183 } | 1185 } |
1184 | 1186 |
1185 gboolean SessionManagerService::WhitelistHelper(const std::string& email, | 1187 gboolean SessionManagerService::WhitelistHelper(const std::string& email, |
1186 const std::string& signature, | 1188 const std::string& signature, |
1187 GError** error) { | 1189 GError** error) { |
1188 std::string encoded; | 1190 std::string encoded; |
1189 if (!base::Base64Encode(signature, &encoded)) { | 1191 if (!base::Base64Encode(signature, &encoded)) { |
1190 SetGError(error, | 1192 const char msg[] = "Signature could not be encoded."; |
1191 CHROMEOS_LOGIN_ERROR_ENCODE_FAIL, | 1193 LOG(ERROR) << msg; |
1192 "Signature could not be encoded in WhitelistHelper."); | 1194 SetGError(error, CHROMEOS_LOGIN_ERROR_ENCODE_FAIL, msg); |
1193 return FALSE; | 1195 return FALSE; |
1194 } | 1196 } |
1195 store_->Whitelist(email, encoded); | 1197 store_->Whitelist(email, encoded); |
1196 io_thread_.message_loop()->PostTask( | 1198 io_thread_.message_loop()->PostTask( |
1197 FROM_HERE, | 1199 FROM_HERE, |
1198 NewRunnableMethod(this, &SessionManagerService::PersistWhitelist)); | 1200 NewRunnableMethod(this, &SessionManagerService::PersistWhitelist)); |
1199 return TRUE; | 1201 return TRUE; |
1200 } | 1202 } |
1201 | 1203 |
1202 gboolean SessionManagerService::GetPropertyHelper(const std::string& name, | 1204 gboolean SessionManagerService::GetPropertyHelper(const std::string& name, |
1203 std::string* OUT_value, | 1205 std::string* OUT_value, |
1204 std::string* OUT_signature, | 1206 std::string* OUT_signature, |
1205 GError** error) { | 1207 GError** error) { |
1206 std::string encoded; | 1208 std::string encoded; |
1207 if (!store_->Get(name, OUT_value, &encoded)) { | 1209 if (!store_->Get(name, OUT_value, &encoded)) { |
1208 std::string error_string = | 1210 std::string error_msg = |
1209 base::StringPrintf("The requested property %s is unknown.", | 1211 base::StringPrintf("The requested property %s is unknown.", |
1210 name.c_str()); | 1212 name.c_str()); |
1211 SetGError(error, | 1213 LOG(WARNING) << error_msg; |
1212 CHROMEOS_LOGIN_ERROR_UNKNOWN_PROPERTY, | 1214 SetGError(error, CHROMEOS_LOGIN_ERROR_UNKNOWN_PROPERTY, error_msg.c_str()); |
1213 error_string.c_str()); | |
1214 return FALSE; | 1215 return FALSE; |
1215 } | 1216 } |
1216 if (!base::Base64Decode(encoded, OUT_signature)) { | 1217 if (!base::Base64Decode(encoded, OUT_signature)) { |
1217 SetGError(error, | 1218 const char msg[] = "Signature could not be decoded."; |
1218 CHROMEOS_LOGIN_ERROR_DECODE_FAIL, | 1219 LOG(ERROR) << msg; |
1219 "Signature could not be decoded in GetPropertyHelper."); | 1220 SetGError(error, CHROMEOS_LOGIN_ERROR_DECODE_FAIL, msg); |
1220 return FALSE; | 1221 return FALSE; |
1221 } | 1222 } |
1222 return TRUE; | 1223 return TRUE; |
1223 } | 1224 } |
1224 | 1225 |
1225 void SessionManagerService::SendSignal(const char signal_name[], | 1226 void SessionManagerService::SendSignal(const char signal_name[], |
1226 bool succeeded) { | 1227 bool succeeded) { |
1227 system_->SendSignalToChromium(signal_name, succeeded ? "success" : "failure"); | 1228 system_->SendSignalToChromium(signal_name, succeeded ? "success" : "failure"); |
1228 } | 1229 } |
1229 | 1230 |
(...skipping 12 matching lines...) Expand all Loading... |
1242 arg_list.push_back(args[i_arg]); | 1243 arg_list.push_back(args[i_arg]); |
1243 } | 1244 } |
1244 } | 1245 } |
1245 if (arg_list.size()) { | 1246 if (arg_list.size()) { |
1246 arg_lists.push_back(arg_list); | 1247 arg_lists.push_back(arg_list); |
1247 } | 1248 } |
1248 return arg_lists; | 1249 return arg_lists; |
1249 } | 1250 } |
1250 | 1251 |
1251 } // namespace login_manager | 1252 } // namespace login_manager |
OLD | NEW |