| OLD | NEW |
|---|
| 1 // Copyright (c) 2009-2010 The Chromium OS Authors. All rights reserved. | 1 // Copyright (c) 2009-2010 The Chromium OS Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "login_manager/session_manager_service.h" | 5 #include "login_manager/session_manager_service.h" |
| 6 | 6 |
| 7 #include <dbus/dbus-glib-lowlevel.h> | 7 #include <dbus/dbus-glib-lowlevel.h> |
| 8 #include <errno.h> | 8 #include <errno.h> |
| 9 #include <glib.h> | 9 #include <glib.h> |
| 10 #include <grp.h> | 10 #include <grp.h> |
| (...skipping 447 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 458 } | 458 } |
| 459 | 459 |
| 460 return FALSE; | 460 return FALSE; |
| 461 } | 461 } |
| 462 | 462 |
| 463 gboolean SessionManagerService::StartSession(gchar* email_address, | 463 gboolean SessionManagerService::StartSession(gchar* email_address, |
| 464 gchar* unique_identifier, | 464 gchar* unique_identifier, |
| 465 gboolean* OUT_done, | 465 gboolean* OUT_done, |
| 466 GError** error) { | 466 GError** error) { |
| 467 if (session_started_) { | 467 if (session_started_) { |
| 468 SetGError(error, | 468 const char msg[] = "Can't start session while session is already active."; |
| 469 CHROMEOS_LOGIN_ERROR_SESSION_EXISTS, | 469 LOG(ERROR) << msg; |
| 470 "Can't start a session while a session is already active."); | 470 SetGError(error, CHROMEOS_LOGIN_ERROR_SESSION_EXISTS, msg); |
| 471 *OUT_done = FALSE; | 471 return *OUT_done = FALSE; |
| 472 return FALSE; | |
| 473 } | 472 } |
| 474 if (!ValidateAndCacheUserEmail(email_address, error)) { | 473 if (!ValidateAndCacheUserEmail(email_address, error)) { |
| 475 *OUT_done = FALSE; | 474 *OUT_done = FALSE; |
| 476 return FALSE; | 475 return FALSE; |
| 477 } | 476 } |
| 478 // If the current user is the owner, and isn't whitelisted or set | 477 // If the current user is the owner, and isn't whitelisted or set |
| 479 // as the cros.device.owner pref, then do so. This attempt only succeeds | 478 // as the cros.device.owner pref, then do so. This attempt only succeeds |
| 480 // if the current user has access to the private half of the owner's | 479 // if the current user has access to the private half of the owner's |
| 481 // registered public key. | 480 // registered public key. |
| 482 StoreOwnerProperties(NULL); | 481 StoreOwnerProperties(NULL); |
| (...skipping 108 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 591 NULL); | 590 NULL); |
| 592 // TODO(cmasone): re-enable these when we try to enable logout without exiting | 591 // TODO(cmasone): re-enable these when we try to enable logout without exiting |
| 593 // the session manager | 592 // the session manager |
| 594 // child_job_->StopSession(); | 593 // child_job_->StopSession(); |
| 595 // session_started_ = false; | 594 // session_started_ = false; |
| 596 return *OUT_done = TRUE; | 595 return *OUT_done = TRUE; |
| 597 } | 596 } |
| 598 | 597 |
| 599 gboolean SessionManagerService::SetOwnerKey(GArray* public_key_der, | 598 gboolean SessionManagerService::SetOwnerKey(GArray* public_key_der, |
| 600 GError** error) { | 599 GError** error) { |
| 601 SetGError(error, | 600 const char msg[] = "The session_manager now sets the Owner's public key."; |
| 602 CHROMEOS_LOGIN_ERROR_ILLEGAL_PUBKEY, | 601 LOG(ERROR) << msg; |
| 603 "The session_manager now sets the Owner's public key."); | 602 SetGError(error, CHROMEOS_LOGIN_ERROR_ILLEGAL_PUBKEY, msg); |
| 604 // Just to be safe, send back a nACK in addition to returning an error. | 603 // Just to be safe, send back a nACK in addition to returning an error. |
| 605 SendSignal(chromium::kOwnerKeySetSignal, false); | 604 SendSignal(chromium::kOwnerKeySetSignal, false); |
| 606 return FALSE; | 605 return FALSE; |
| 607 } | 606 } |
| 608 | 607 |
| 609 gboolean SessionManagerService::Unwhitelist(gchar* email_address, | 608 gboolean SessionManagerService::Unwhitelist(gchar* email_address, |
| 610 GArray* signature, | 609 GArray* signature, |
| 611 GError** error) { | 610 GError** error) { |
| 612 LOG(INFO) << "Unwhitelisting " << email_address; | 611 LOG(INFO) << "Unwhitelisting " << email_address; |
| 613 if (!key_->IsPopulated()) { | 612 if (!key_->IsPopulated()) { |
| 614 SetGError(error, | 613 const char msg[] = "Attempt to unwhitelist before owner's key is set."; |
| 615 CHROMEOS_LOGIN_ERROR_NO_OWNER_KEY, | 614 LOG(ERROR) << msg; |
| 616 "Attempt to unwhitelist before owner's key is set."); | 615 SetGError(error, CHROMEOS_LOGIN_ERROR_NO_OWNER_KEY, msg); |
| 617 return FALSE; | 616 return FALSE; |
| 618 } | 617 } |
| 619 if (!key_->Verify(email_address, | 618 if (!key_->Verify(email_address, |
| 620 strlen(email_address), | 619 strlen(email_address), |
| 621 signature->data, | 620 signature->data, |
| 622 signature->len)) { | 621 signature->len)) { |
| 623 SetGError(error, | 622 const char msg[] = "Signature could not be verified in Unwhitelist."; |
| 624 CHROMEOS_LOGIN_ERROR_VERIFY_FAIL, | 623 LOG(ERROR) << msg; |
| 625 "Signature could not be verified in Unwhitelist."); | 624 SetGError(error, CHROMEOS_LOGIN_ERROR_VERIFY_FAIL, msg); |
| 626 return FALSE; | 625 return FALSE; |
| 627 } | 626 } |
| 628 store_->Unwhitelist(email_address); | 627 store_->Unwhitelist(email_address); |
| 629 io_thread_.message_loop()->PostTask( | 628 io_thread_.message_loop()->PostTask( |
| 630 FROM_HERE, | 629 FROM_HERE, |
| 631 NewRunnableMethod(this, &SessionManagerService::PersistWhitelist)); | 630 NewRunnableMethod(this, &SessionManagerService::PersistWhitelist)); |
| 632 return TRUE; | 631 return TRUE; |
| 633 } | 632 } |
| 634 | 633 |
| 635 gboolean SessionManagerService::CheckWhitelist(gchar* email_address, | 634 gboolean SessionManagerService::CheckWhitelist(gchar* email_address, |
| 636 GArray** OUT_signature, | 635 GArray** OUT_signature, |
| 637 GError** error) { | 636 GError** error) { |
| 638 std::string encoded; | 637 std::string encoded; |
| 639 if (!store_->GetFromWhitelist(email_address, &encoded)) { | 638 if (!store_->GetFromWhitelist(email_address, &encoded)) { |
| 640 SetGError(error, | 639 const char msg[] = "The user is not whitelisted."; |
| 641 CHROMEOS_LOGIN_ERROR_ILLEGAL_USER, | 640 LOG(INFO) << msg; |
| 642 "The user is not whitelisted."); | 641 SetGError(error, CHROMEOS_LOGIN_ERROR_ILLEGAL_USER, msg); |
| 643 return FALSE; | 642 return FALSE; |
| 644 } | 643 } |
| 645 std::string decoded; | 644 std::string decoded; |
| 646 if (!base::Base64Decode(encoded, &decoded)) { | 645 if (!base::Base64Decode(encoded, &decoded)) { |
| 647 SetGError(error, | 646 const char msg[] = "Signature could not be decoded in CheckWhitelist."; |
| 648 CHROMEOS_LOGIN_ERROR_DECODE_FAIL, | 647 LOG(ERROR) << msg; |
| 649 "Signature could not be decoded in CheckWhitelist."); | 648 SetGError(error, CHROMEOS_LOGIN_ERROR_DECODE_FAIL, msg); |
| 650 return FALSE; | 649 return FALSE; |
| 651 } | 650 } |
| 652 | 651 |
| 653 *OUT_signature = g_array_sized_new(FALSE, FALSE, 1, decoded.length()); | 652 *OUT_signature = g_array_sized_new(FALSE, FALSE, 1, decoded.length()); |
| 654 g_array_append_vals(*OUT_signature, decoded.c_str(), decoded.length()); | 653 g_array_append_vals(*OUT_signature, decoded.c_str(), decoded.length()); |
| 655 return TRUE; | 654 return TRUE; |
| 656 } | 655 } |
| 657 | 656 |
| 658 gboolean SessionManagerService::EnumerateWhitelisted(gchar*** OUT_whitelist, | 657 gboolean SessionManagerService::EnumerateWhitelisted(gchar*** OUT_whitelist, |
| 659 GError** error) { | 658 GError** error) { |
| 660 std::vector<std::string> the_whitelisted; | 659 std::vector<std::string> the_whitelisted; |
| 661 store_->EnumerateWhitelisted(&the_whitelisted); | 660 store_->EnumerateWhitelisted(&the_whitelisted); |
| 662 uint num_whitelisted = the_whitelisted.size(); | 661 uint num_whitelisted = the_whitelisted.size(); |
| 663 *OUT_whitelist = g_new(gchar*, num_whitelisted + 1); | 662 *OUT_whitelist = g_new(gchar*, num_whitelisted + 1); |
| 664 (*OUT_whitelist)[num_whitelisted] = NULL; | 663 (*OUT_whitelist)[num_whitelisted] = NULL; |
| 665 | 664 |
| 666 for (uint i = 0; i < num_whitelisted; ++i) { | 665 for (uint i = 0; i < num_whitelisted; ++i) { |
| 667 (*OUT_whitelist)[i] = g_strndup(the_whitelisted[i].c_str(), | 666 (*OUT_whitelist)[i] = g_strndup(the_whitelisted[i].c_str(), |
| 668 the_whitelisted[i].length()); | 667 the_whitelisted[i].length()); |
| 669 } | 668 } |
| 670 return TRUE; | 669 return TRUE; |
| 671 } | 670 } |
| 672 | 671 |
| 673 gboolean SessionManagerService::Whitelist(gchar* email_address, | 672 gboolean SessionManagerService::Whitelist(gchar* email_address, |
| 674 GArray* signature, | 673 GArray* signature, |
| 675 GError** error) { | 674 GError** error) { |
| 676 LOG(INFO) << "Whitelisting " << email_address; | 675 LOG(INFO) << "Whitelisting " << email_address; |
| 677 if (!key_->IsPopulated()) { | 676 if (!key_->IsPopulated()) { |
| 678 SetGError(error, | 677 const char msg[] = "Attempt to whitelist before owner's key is set."; |
| 679 CHROMEOS_LOGIN_ERROR_NO_OWNER_KEY, | 678 LOG(ERROR) << msg; |
| 680 "Attempt to whitelist before owner's key is set."); | 679 SetGError(error, CHROMEOS_LOGIN_ERROR_NO_OWNER_KEY, msg); |
| 681 return FALSE; | 680 return FALSE; |
| 682 } | 681 } |
| 683 if (!key_->Verify(email_address, | 682 if (!key_->Verify(email_address, |
| 684 strlen(email_address), | 683 strlen(email_address), |
| 685 signature->data, | 684 signature->data, |
| 686 signature->len)) { | 685 signature->len)) { |
| 687 SetGError(error, | 686 const char msg[] = "Signature could not be verified in Whitelist."; |
| 688 CHROMEOS_LOGIN_ERROR_VERIFY_FAIL, | 687 LOG(ERROR) << msg; |
| 689 "Signature could not be verified in Whitelist."); | 688 SetGError(error, CHROMEOS_LOGIN_ERROR_VERIFY_FAIL, msg); |
| 690 return FALSE; | 689 return FALSE; |
| 691 } | 690 } |
| 692 std::string data(signature->data, signature->len); | 691 std::string data(signature->data, signature->len); |
| 693 return WhitelistHelper(email_address, data, error); | 692 return WhitelistHelper(email_address, data, error); |
| 694 } | 693 } |
| 695 | 694 |
| 696 gboolean SessionManagerService::StoreProperty(gchar* name, | 695 gboolean SessionManagerService::StoreProperty(gchar* name, |
| 697 gchar* value, | 696 gchar* value, |
| 698 GArray* signature, | 697 GArray* signature, |
| 699 GError** error) { | 698 GError** error) { |
| 700 LOG(INFO) << "Setting pref " << name << "=" << value; | 699 LOG(INFO) << "Setting pref " << name << "=" << value; |
| 701 if (!key_->IsPopulated()) { | 700 if (!key_->IsPopulated()) { |
| 702 SetGError(error, | 701 const char msg[] = "Attempt to store property before owner's key is set."; |
| 703 CHROMEOS_LOGIN_ERROR_NO_OWNER_KEY, | 702 LOG(ERROR) << msg; |
| 704 "Attempt to store property before owner's key is set."); | 703 SetGError(error, CHROMEOS_LOGIN_ERROR_NO_OWNER_KEY, msg); |
| 705 return FALSE; | 704 return FALSE; |
| 706 } | 705 } |
| 707 std::string was_signed = base::StringPrintf("%s=%s", name, value); | 706 std::string was_signed = base::StringPrintf("%s=%s", name, value); |
| 708 if (!key_->Verify(was_signed.c_str(), | 707 if (!key_->Verify(was_signed.c_str(), |
| 709 was_signed.length(), | 708 was_signed.length(), |
| 710 signature->data, | 709 signature->data, |
| 711 signature->len)) { | 710 signature->len)) { |
| 712 SetGError(error, | 711 const char msg[] = "Signature could not be verified in StoreProperty."; |
| 713 CHROMEOS_LOGIN_ERROR_VERIFY_FAIL, | 712 LOG(ERROR) << msg; |
| 714 "Signature could not be verified in StoreProperty."); | 713 SetGError(error, CHROMEOS_LOGIN_ERROR_VERIFY_FAIL, msg); |
| 715 return FALSE; | 714 return FALSE; |
| 716 } | 715 } |
| 717 std::string data(signature->data, signature->len); | 716 std::string data(signature->data, signature->len); |
| 718 return SetPropertyHelper(name, value, data, error); | 717 return SetPropertyHelper(name, value, data, error); |
| 719 } | 718 } |
| 720 | 719 |
| 721 gboolean SessionManagerService::RetrieveProperty(gchar* name, | 720 gboolean SessionManagerService::RetrieveProperty(gchar* name, |
| 722 gchar** OUT_value, | 721 gchar** OUT_value, |
| 723 GArray** OUT_signature, | 722 GArray** OUT_signature, |
| 724 GError** error) { | 723 GError** error) { |
| (...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 765 GError** error) { | 764 GError** error) { |
| 766 int child_pid = pid; | 765 int child_pid = pid; |
| 767 std::vector<int>::iterator child_pid_it = | 766 std::vector<int>::iterator child_pid_it = |
| 768 std::find(child_pids_.begin(), child_pids_.end(), child_pid); | 767 std::find(child_pids_.begin(), child_pids_.end(), child_pid); |
| 769 size_t child_index = child_pid_it - child_pids_.begin(); | 768 size_t child_index = child_pid_it - child_pids_.begin(); |
| 770 | 769 |
| 771 if (child_pid_it == child_pids_.end() || | 770 if (child_pid_it == child_pids_.end() || |
| 772 child_jobs_[child_index]->GetName() != "chrome") { | 771 child_jobs_[child_index]->GetName() != "chrome") { |
| 773 // If we didn't find the pid, or we don't think that job was chrome... | 772 // If we didn't find the pid, or we don't think that job was chrome... |
| 774 *OUT_done = FALSE; | 773 *OUT_done = FALSE; |
| 775 SetGError(error, | 774 const char msg[] = "Provided pid is unknown."; |
| 776 CHROMEOS_LOGIN_ERROR_UNKNOWN_PID, | 775 LOG(ERROR) << msg; |
| 777 "Provided pid is unknown."); | 776 SetGError(error, CHROMEOS_LOGIN_ERROR_UNKNOWN_PID, msg); |
| 778 return FALSE; | 777 return FALSE; |
| 779 } | 778 } |
| 780 | 779 |
| 781 // Waiting for Chrome to shutdown takes too much time. | 780 // Waiting for Chrome to shutdown takes too much time. |
| 782 // We're killing it immediately hoping that data Chrome uses before | 781 // We're killing it immediately hoping that data Chrome uses before |
| 783 // logging in is not corrupted. | 782 // logging in is not corrupted. |
| 784 // TODO(avayvod): Remove RestartJob when crosbug.com/6924 is fixed. | 783 // TODO(avayvod): Remove RestartJob when crosbug.com/6924 is fixed. |
| 785 KillChild(child_jobs_[child_index], child_pid); | 784 KillChild(child_jobs_[child_index], child_pid); |
| 786 | 785 |
| 787 char arguments_buffer[kMaxArgumentsSize + 1]; | 786 char arguments_buffer[kMaxArgumentsSize + 1]; |
| (...skipping 138 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 926 message_loop_->PostTask( | 925 message_loop_->PostTask( |
| 927 FROM_HERE, NewRunnableMethod(this, &SessionManagerService::SendSignal, | 926 FROM_HERE, NewRunnableMethod(this, &SessionManagerService::SendSignal, |
| 928 chromium::kPropertyChangeCompleteSignal, | 927 chromium::kPropertyChangeCompleteSignal, |
| 929 what_happened)); | 928 what_happened)); |
| 930 } | 929 } |
| 931 | 930 |
| 932 // static | 931 // static |
| 933 void SessionManagerService::SetGError(GError** error, | 932 void SessionManagerService::SetGError(GError** error, |
| 934 ChromeOSLoginError code, | 933 ChromeOSLoginError code, |
| 935 const char* message) { | 934 const char* message) { |
| 936 LOG(ERROR) << message; | |
| 937 g_set_error(error, CHROMEOS_LOGIN_ERROR, code, "Login error: %s", message); | 935 g_set_error(error, CHROMEOS_LOGIN_ERROR, code, "Login error: %s", message); |
| 938 } | 936 } |
| 939 | 937 |
| 940 | 938 |
| 941 /////////////////////////////////////////////////////////////////////////////// | 939 /////////////////////////////////////////////////////////////////////////////// |
| 942 // Utility Methods | 940 // Utility Methods |
| 943 | 941 |
| 944 // This can probably be more efficient, if it needs to be. | 942 // This can probably be more efficient, if it needs to be. |
| 945 // static | 943 // static |
| 946 bool SessionManagerService::ValidateEmail(const string& email_address) { | 944 bool SessionManagerService::ValidateEmail(const string& email_address) { |
| (...skipping 89 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1036 std::string decoded; | 1034 std::string decoded; |
| 1037 if (!GetPropertyHelper(kDeviceOwnerPref, &value, &decoded, error)) | 1035 if (!GetPropertyHelper(kDeviceOwnerPref, &value, &decoded, error)) |
| 1038 return FALSE; | 1036 return FALSE; |
| 1039 std::string was_signed = base::StringPrintf("%s=%s", | 1037 std::string was_signed = base::StringPrintf("%s=%s", |
| 1040 kDeviceOwnerPref, | 1038 kDeviceOwnerPref, |
| 1041 value.c_str()); | 1039 value.c_str()); |
| 1042 if (!key_->Verify(was_signed.c_str(), | 1040 if (!key_->Verify(was_signed.c_str(), |
| 1043 was_signed.length(), | 1041 was_signed.length(), |
| 1044 decoded.c_str(), | 1042 decoded.c_str(), |
| 1045 decoded.length())) { | 1043 decoded.length())) { |
| 1046 SetGError(error, | 1044 const char msg[] = "Owner pref signature could not be verified."; |
| 1047 CHROMEOS_LOGIN_ERROR_VERIFY_FAIL, | 1045 LOG(ERROR) << msg; |
| 1048 "Owner pref signature could not be verified."); | 1046 SetGError(error, CHROMEOS_LOGIN_ERROR_VERIFY_FAIL, msg); |
| 1049 return FALSE; | 1047 return FALSE; |
| 1050 } | 1048 } |
| 1051 return value == current_user_; | 1049 return value == current_user_; |
| 1052 } | 1050 } |
| 1053 | 1051 |
| 1054 gboolean SessionManagerService::CurrentUserHasOwnerKey( | 1052 gboolean SessionManagerService::CurrentUserHasOwnerKey( |
| 1055 const std::vector<uint8>& pub_key, | 1053 const std::vector<uint8>& pub_key, |
| 1056 GError** error) { | 1054 GError** error) { |
| 1057 if (!nss_->OpenUserDB()) { | 1055 if (!nss_->OpenUserDB()) { |
| 1058 SetGError(error, | 1056 const char msg[] = "Could not open the current user's NSS database."; |
| 1059 CHROMEOS_LOGIN_ERROR_NO_USER_NSSDB, | 1057 LOG(ERROR) << msg; |
| 1060 "Could not open the current user's NSS database."); | 1058 SetGError(error, CHROMEOS_LOGIN_ERROR_NO_USER_NSSDB, msg); |
| 1061 return FALSE; | 1059 return FALSE; |
| 1062 } | 1060 } |
| 1063 if (!nss_->GetPrivateKey(pub_key)) { | 1061 if (!nss_->GetPrivateKey(pub_key)) { |
| 1064 SetGError(error, | 1062 const char msg[] = "Could not verify that public key belongs to the owner."; |
| 1065 CHROMEOS_LOGIN_ERROR_ILLEGAL_PUBKEY, | 1063 LOG(WARNING) << msg; |
| 1066 "Could not verify that public key belongs to the owner."); | 1064 SetGError(error, CHROMEOS_LOGIN_ERROR_ILLEGAL_PUBKEY, msg); |
| 1067 return FALSE; | 1065 return FALSE; |
| 1068 } | 1066 } |
| 1069 return TRUE; | 1067 return TRUE; |
| 1070 } | 1068 } |
| 1071 | 1069 |
| 1072 gboolean SessionManagerService::ValidateAndCacheUserEmail( | 1070 gboolean SessionManagerService::ValidateAndCacheUserEmail( |
| 1073 const gchar* email_address, | 1071 const gchar* email_address, |
| 1074 GError** error) { | 1072 GError** error) { |
| 1075 // basic validity checking; avoid buffer overflows here, and | 1073 // basic validity checking; avoid buffer overflows here, and |
| 1076 // canonicalize the email address a little. | 1074 // canonicalize the email address a little. |
| 1077 char email[kMaxEmailSize + 1]; | 1075 char email[kMaxEmailSize + 1]; |
| 1078 snprintf(email, sizeof(email), "%s", email_address); | 1076 snprintf(email, sizeof(email), "%s", email_address); |
| 1079 email[kMaxEmailSize] = '\0'; // Just to be sure. | 1077 email[kMaxEmailSize] = '\0'; // Just to be sure. |
| 1080 string email_string(email); | 1078 string email_string(email); |
| 1081 if (email_string != kIncognitoUser && !ValidateEmail(email_string)) { | 1079 if (email_string != kIncognitoUser && !ValidateEmail(email_string)) { |
| 1082 SetGError(error, | 1080 const char msg[] = "Provided email address is not valid. ASCII only."; |
| 1083 CHROMEOS_LOGIN_ERROR_INVALID_EMAIL, | 1081 LOG(ERROR) << msg; |
| 1084 "Provided email address is not valid. ASCII only."); | 1082 SetGError(error, CHROMEOS_LOGIN_ERROR_INVALID_EMAIL, msg); |
| 1085 return FALSE; | 1083 return FALSE; |
| 1086 } | 1084 } |
| 1087 current_user_ = StringToLowerASCII(email_string); | 1085 current_user_ = StringToLowerASCII(email_string); |
| 1088 return TRUE; | 1086 return TRUE; |
| 1089 } | 1087 } |
| 1090 | 1088 |
| 1091 int SessionManagerService::FindChildByPid(int pid) { | 1089 int SessionManagerService::FindChildByPid(int pid) { |
| 1092 for (int i = 0; i < child_pids_.size(); ++i) { | 1090 for (int i = 0; i < child_pids_.size(); ++i) { |
| 1093 if (child_pids_[i] == pid) | 1091 if (child_pids_[i] == pid) |
| 1094 return i; | 1092 return i; |
| (...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1134 | 1132 |
| 1135 gboolean SessionManagerService::SignAndStoreProperty(const std::string& name, | 1133 gboolean SessionManagerService::SignAndStoreProperty(const std::string& name, |
| 1136 const std::string& value, | 1134 const std::string& value, |
| 1137 const std::string& err_msg, | 1135 const std::string& err_msg, |
| 1138 GError** error) { | 1136 GError** error) { |
| 1139 std::vector<uint8> signature; | 1137 std::vector<uint8> signature; |
| 1140 std::string to_sign = base::StringPrintf("%s=%s", | 1138 std::string to_sign = base::StringPrintf("%s=%s", |
| 1141 kDeviceOwnerPref, | 1139 kDeviceOwnerPref, |
| 1142 current_user_.c_str()); | 1140 current_user_.c_str()); |
| 1143 if (!key_->Sign(to_sign.c_str(), to_sign.length(), &signature)) { | 1141 if (!key_->Sign(to_sign.c_str(), to_sign.length(), &signature)) { |
| 1142 LOG_IF(ERROR, error) << err_msg; |
| 1143 LOG_IF(WARNING, !error) << err_msg; |
| 1144 SetGError(error, CHROMEOS_LOGIN_ERROR_ILLEGAL_PUBKEY, err_msg.c_str()); | 1144 SetGError(error, CHROMEOS_LOGIN_ERROR_ILLEGAL_PUBKEY, err_msg.c_str()); |
| 1145 return FALSE; | 1145 return FALSE; |
| 1146 } | 1146 } |
| 1147 std::string signature_string(reinterpret_cast<const char*>(&signature[0]), | 1147 std::string signature_string(reinterpret_cast<const char*>(&signature[0]), |
| 1148 signature.size()); | 1148 signature.size()); |
| 1149 return SetPropertyHelper(kDeviceOwnerPref, | 1149 return SetPropertyHelper(kDeviceOwnerPref, |
| 1150 current_user_, | 1150 current_user_, |
| 1151 signature_string, | 1151 signature_string, |
| 1152 error); | 1152 error); |
| 1153 } | 1153 } |
| 1154 | 1154 |
| 1155 gboolean SessionManagerService::SignAndWhitelist(const std::string& email, | 1155 gboolean SessionManagerService::SignAndWhitelist(const std::string& email, |
| 1156 const std::string& err_msg, | 1156 const std::string& err_msg, |
| 1157 GError** error) { | 1157 GError** error) { |
| 1158 std::vector<uint8> signature; | 1158 std::vector<uint8> signature; |
| 1159 if (!key_->Sign(current_user_.c_str(), current_user_.length(), &signature)) { | 1159 if (!key_->Sign(current_user_.c_str(), current_user_.length(), &signature)) { |
| 1160 LOG_IF(ERROR, error) << err_msg; |
| 1161 LOG_IF(WARNING, !error) << err_msg; |
| 1160 SetGError(error, CHROMEOS_LOGIN_ERROR_ILLEGAL_PUBKEY, err_msg.c_str()); | 1162 SetGError(error, CHROMEOS_LOGIN_ERROR_ILLEGAL_PUBKEY, err_msg.c_str()); |
| 1161 return FALSE; | 1163 return FALSE; |
| 1162 } | 1164 } |
| 1163 std::string signature_string(reinterpret_cast<const char*>(&signature[0]), | 1165 std::string signature_string(reinterpret_cast<const char*>(&signature[0]), |
| 1164 signature.size()); | 1166 signature.size()); |
| 1165 return WhitelistHelper(current_user_, signature_string, error); | 1167 return WhitelistHelper(current_user_, signature_string, error); |
| 1166 } | 1168 } |
| 1167 | 1169 |
| 1168 gboolean SessionManagerService::SetPropertyHelper(const std::string& name, | 1170 gboolean SessionManagerService::SetPropertyHelper(const std::string& name, |
| 1169 const std::string& value, | 1171 const std::string& value, |
| 1170 const std::string& signature, | 1172 const std::string& signature, |
| 1171 GError** error) { | 1173 GError** error) { |
| 1172 std::string encoded; | 1174 std::string encoded; |
| 1173 if (!base::Base64Encode(signature, &encoded)) { | 1175 if (!base::Base64Encode(signature, &encoded)) { |
| 1174 SetGError(error, | 1176 const char msg[] = "Signature could not be encoded."; |
| 1175 CHROMEOS_LOGIN_ERROR_ENCODE_FAIL, | 1177 LOG(ERROR) << msg; |
| 1176 "Signature could not be verified in SetPropertyHelper."); | 1178 SetGError(error, CHROMEOS_LOGIN_ERROR_ENCODE_FAIL, msg); |
| 1177 return FALSE; | 1179 return FALSE; |
| 1178 } | 1180 } |
| 1179 store_->Set(name, value, encoded); | 1181 store_->Set(name, value, encoded); |
| 1180 io_thread_.message_loop()->PostTask( | 1182 io_thread_.message_loop()->PostTask( |
| 1181 FROM_HERE, NewRunnableMethod(this, &SessionManagerService::PersistStore)); | 1183 FROM_HERE, NewRunnableMethod(this, &SessionManagerService::PersistStore)); |
| 1182 return TRUE; | 1184 return TRUE; |
| 1183 } | 1185 } |
| 1184 | 1186 |
| 1185 gboolean SessionManagerService::WhitelistHelper(const std::string& email, | 1187 gboolean SessionManagerService::WhitelistHelper(const std::string& email, |
| 1186 const std::string& signature, | 1188 const std::string& signature, |
| 1187 GError** error) { | 1189 GError** error) { |
| 1188 std::string encoded; | 1190 std::string encoded; |
| 1189 if (!base::Base64Encode(signature, &encoded)) { | 1191 if (!base::Base64Encode(signature, &encoded)) { |
| 1190 SetGError(error, | 1192 const char msg[] = "Signature could not be encoded."; |
| 1191 CHROMEOS_LOGIN_ERROR_ENCODE_FAIL, | 1193 LOG(ERROR) << msg; |
| 1192 "Signature could not be encoded in WhitelistHelper."); | 1194 SetGError(error, CHROMEOS_LOGIN_ERROR_ENCODE_FAIL, msg); |
| 1193 return FALSE; | 1195 return FALSE; |
| 1194 } | 1196 } |
| 1195 store_->Whitelist(email, encoded); | 1197 store_->Whitelist(email, encoded); |
| 1196 io_thread_.message_loop()->PostTask( | 1198 io_thread_.message_loop()->PostTask( |
| 1197 FROM_HERE, | 1199 FROM_HERE, |
| 1198 NewRunnableMethod(this, &SessionManagerService::PersistWhitelist)); | 1200 NewRunnableMethod(this, &SessionManagerService::PersistWhitelist)); |
| 1199 return TRUE; | 1201 return TRUE; |
| 1200 } | 1202 } |
| 1201 | 1203 |
| 1202 gboolean SessionManagerService::GetPropertyHelper(const std::string& name, | 1204 gboolean SessionManagerService::GetPropertyHelper(const std::string& name, |
| 1203 std::string* OUT_value, | 1205 std::string* OUT_value, |
| 1204 std::string* OUT_signature, | 1206 std::string* OUT_signature, |
| 1205 GError** error) { | 1207 GError** error) { |
| 1206 std::string encoded; | 1208 std::string encoded; |
| 1207 if (!store_->Get(name, OUT_value, &encoded)) { | 1209 if (!store_->Get(name, OUT_value, &encoded)) { |
| 1208 std::string error_string = | 1210 std::string error_msg = |
| 1209 base::StringPrintf("The requested property %s is unknown.", | 1211 base::StringPrintf("The requested property %s is unknown.", |
| 1210 name.c_str()); | 1212 name.c_str()); |
| 1211 SetGError(error, | 1213 LOG(WARNING) << error_msg; |
| 1212 CHROMEOS_LOGIN_ERROR_UNKNOWN_PROPERTY, | 1214 SetGError(error, CHROMEOS_LOGIN_ERROR_UNKNOWN_PROPERTY, error_msg.c_str()); |
| 1213 error_string.c_str()); | |
| 1214 return FALSE; | 1215 return FALSE; |
| 1215 } | 1216 } |
| 1216 if (!base::Base64Decode(encoded, OUT_signature)) { | 1217 if (!base::Base64Decode(encoded, OUT_signature)) { |
| 1217 SetGError(error, | 1218 const char msg[] = "Signature could not be decoded."; |
| 1218 CHROMEOS_LOGIN_ERROR_DECODE_FAIL, | 1219 LOG(ERROR) << msg; |
| 1219 "Signature could not be decoded in GetPropertyHelper."); | 1220 SetGError(error, CHROMEOS_LOGIN_ERROR_DECODE_FAIL, msg); |
| 1220 return FALSE; | 1221 return FALSE; |
| 1221 } | 1222 } |
| 1222 return TRUE; | 1223 return TRUE; |
| 1223 } | 1224 } |
| 1224 | 1225 |
| 1225 void SessionManagerService::SendSignal(const char signal_name[], | 1226 void SessionManagerService::SendSignal(const char signal_name[], |
| 1226 bool succeeded) { | 1227 bool succeeded) { |
| 1227 system_->SendSignalToChromium(signal_name, succeeded ? "success" : "failure"); | 1228 system_->SendSignalToChromium(signal_name, succeeded ? "success" : "failure"); |
| 1228 } | 1229 } |
| 1229 | 1230 |
| (...skipping 12 matching lines...) Expand all Loading... |
| 1242 arg_list.push_back(args[i_arg]); | 1243 arg_list.push_back(args[i_arg]); |
| 1243 } | 1244 } |
| 1244 } | 1245 } |
| 1245 if (arg_list.size()) { | 1246 if (arg_list.size()) { |
| 1246 arg_lists.push_back(arg_list); | 1247 arg_lists.push_back(arg_list); |
| 1247 } | 1248 } |
| 1248 return arg_lists; | 1249 return arg_lists; |
| 1249 } | 1250 } |
| 1250 | 1251 |
| 1251 } // namespace login_manager | 1252 } // namespace login_manager |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 6614020:
[login_manager] Clean up error message logging/glib error reporting (Closed)
Base URL: http://git.chromium.org/git/login_manager.git@master