Chromium Code Reviews Chromium Code Reviews
Issue 9389028:
Make nss/TPM integration in ChromeOS more robust. (Closed)
Base URL: http://git.chromium.org/git/chromium/src@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/login/user_manager.h" | 5 #include "chrome/browser/chromeos/login/user_manager.h" |
| 6 | 6 |
| 7 #include <vector> | 7 #include <vector> |
| 8 | 8 |
| 9 #include "base/bind.h" | 9 #include "base/bind.h" |
| 10 #include "base/command_line.h" | 10 #include "base/command_line.h" |
| (...skipping 220 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 231 | 231 |
| 232 RealTPMTokenInfoDelegate::RealTPMTokenInfoDelegate() : token_ready_(false) {} | 232 RealTPMTokenInfoDelegate::RealTPMTokenInfoDelegate() : token_ready_(false) {} |
| 233 RealTPMTokenInfoDelegate::~RealTPMTokenInfoDelegate() {} | 233 RealTPMTokenInfoDelegate::~RealTPMTokenInfoDelegate() {} |
| 234 | 234 |
| 235 bool RealTPMTokenInfoDelegate::IsTokenAvailable() const { | 235 bool RealTPMTokenInfoDelegate::IsTokenAvailable() const { |
| 236 CHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 236 CHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
| 237 return CrosLibrary::Get()->GetCryptohomeLibrary()->TpmIsEnabled(); | 237 return CrosLibrary::Get()->GetCryptohomeLibrary()->TpmIsEnabled(); |
| 238 } | 238 } |
| 239 | 239 |
| 240 bool RealTPMTokenInfoDelegate::IsTokenReady() const { | 240 bool RealTPMTokenInfoDelegate::IsTokenReady() const { |
| 241 if (token_ready_) | |
| 242 return true; | |
| 241 CHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 243 CHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
|
wtc
2012/02/15 01:41:32
Should this CHECK be the first line of this functi
stevenjb
2012/02/15 01:58:51
Comment added.
| |
| 242 if (!token_ready_) { | 244 // Retrieve token_name_ and user_pin_ here since they will never change |
| 243 // Retrieve token_name_ and user_pin_ here since they will never change | 245 // and CryptohomeLibrary calls are not thread safe. |
| 244 // and CryptohomeLibrary calls are not thread safe. | 246 if (CrosLibrary::Get()->GetCryptohomeLibrary()->Pkcs11IsTpmTokenReady()) { |
| 245 if (CrosLibrary::Get()->GetCryptohomeLibrary()->Pkcs11IsTpmTokenReady()) { | 247 CrosLibrary::Get()->GetCryptohomeLibrary()->Pkcs11GetTpmTokenInfo( |
| 246 CrosLibrary::Get()->GetCryptohomeLibrary()->Pkcs11GetTpmTokenInfo( | 248 &token_name_, &user_pin_); |
| 247 &token_name_, &user_pin_); | 249 token_ready_ = true; |
| 248 token_ready_ = true; | |
| 249 } | |
| 250 } | 250 } |
| 251 return token_ready_; | 251 return token_ready_; |
| 252 } | 252 } |
| 253 | 253 |
| 254 void RealTPMTokenInfoDelegate::GetTokenInfo(std::string* token_name, | 254 void RealTPMTokenInfoDelegate::GetTokenInfo(std::string* token_name, |
| 255 std::string* user_pin) const { | 255 std::string* user_pin) const { |
| 256 // May be called from a non UI thread, but must only be called after | 256 // May be called from a non UI thread, but must only be called after |
| 257 // IsTokenReady() returns true. | 257 // IsTokenReady() returns true. |
| 258 CHECK(token_ready_); | 258 CHECK(token_ready_); |
| 259 if (token_name) | 259 if (token_name) |
| (...skipping 458 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 718 } | 718 } |
| 719 } | 719 } |
| 720 | 720 |
| 721 void UserManager::StubUserLoggedIn() { | 721 void UserManager::StubUserLoggedIn() { |
| 722 logged_in_user_ = &stub_user_; | 722 logged_in_user_ = &stub_user_; |
| 723 stub_user_.SetImage(GetDefaultImage(kStubDefaultImageIndex), | 723 stub_user_.SetImage(GetDefaultImage(kStubDefaultImageIndex), |
| 724 kStubDefaultImageIndex); | 724 kStubDefaultImageIndex); |
| 725 } | 725 } |
| 726 | 726 |
| 727 void UserManager::NotifyOnLogin() { | 727 void UserManager::NotifyOnLogin() { |
| 728 CHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | |
| 728 content::NotificationService::current()->Notify( | 729 content::NotificationService::current()->Notify( |
| 729 chrome::NOTIFICATION_LOGIN_USER_CHANGED, | 730 chrome::NOTIFICATION_LOGIN_USER_CHANGED, |
| 730 content::Source<UserManager>(this), | 731 content::Source<UserManager>(this), |
| 731 content::Details<const User>(logged_in_user_)); | 732 content::Details<const User>(logged_in_user_)); |
| 732 | 733 |
| 733 chromeos::input_method::InputMethodManager::GetInstance()-> | 734 chromeos::input_method::InputMethodManager::GetInstance()-> |
| 734 SetDeferImeStartup(false); | 735 SetDeferImeStartup(false); |
| 735 // Shut down the IME so that it will reload the user's settings. | 736 // Shut down the IME so that it will reload the user's settings. |
| 736 chromeos::input_method::InputMethodManager::GetInstance()-> | 737 chromeos::input_method::InputMethodManager::GetInstance()-> |
| 737 StopInputMethodDaemon(); | 738 StopInputMethodDaemon(); |
| 738 | 739 |
| 739 #if defined(TOOLKIT_USES_GTK) | 740 #if defined(TOOLKIT_USES_GTK) |
| 740 // Let the window manager know that we're logged in now. | 741 // Let the window manager know that we're logged in now. |
| 741 WmIpc::instance()->SetLoggedInProperty(true); | 742 WmIpc::instance()->SetLoggedInProperty(true); |
| 742 #endif | 743 #endif |
| 743 | 744 |
| 744 // Ensure we've opened the real user's key/certificate database. | 745 // Ensure we've opened the real user's key/certificate database. |
| 745 crypto::OpenPersistentNSSDB(); | 746 crypto::OpenPersistentNSSDB(); |
| 746 | 747 |
| 747 // Only load the Opencryptoki library into NSS if we have this switch. | 748 // Only load the Opencryptoki library into NSS if we have this switch. |
| 748 // TODO(gspencer): Remove this switch once cryptohomed work is finished: | 749 // TODO(gspencer): Remove this switch once cryptohomed work is finished: |
| 749 // http://crosbug.com/12295 and http://crosbug.com/12304 | 750 // http://crosbug.com/12295 and http://crosbug.com/12304 |
| 750 if (CommandLine::ForCurrentProcess()->HasSwitch( | 751 if (CommandLine::ForCurrentProcess()->HasSwitch( |
| 751 switches::kLoadOpencryptoki)) { | 752 switches::kLoadOpencryptoki)) { |
| 752 crypto::EnableTPMTokenForNSS(new RealTPMTokenInfoDelegate()); | 753 crypto::EnableTPMTokenForNSS(new RealTPMTokenInfoDelegate()); |
| 753 CertLibrary* cert_library; | 754 CertLibrary* cert_library; |
| 754 cert_library = chromeos::CrosLibrary::Get()->GetCertLibrary(); | 755 cert_library = chromeos::CrosLibrary::Get()->GetCertLibrary(); |
| 756 // Note: this calls crypto::EnsureTPMTokenReady() | |
| 755 cert_library->RequestCertificates(); | 757 cert_library->RequestCertificates(); |
| 756 } | 758 } |
| 757 | 759 |
| 758 // Schedules current user ownership check on file thread. | 760 // Schedules current user ownership check on file thread. |
| 759 BrowserThread::PostTask(BrowserThread::FILE, FROM_HERE, | 761 BrowserThread::PostTask(BrowserThread::FILE, FROM_HERE, |
| 760 base::Bind(&UserManager::CheckOwnership, | 762 base::Bind(&UserManager::CheckOwnership, |
| 761 base::Unretained(this))); | 763 base::Unretained(this))); |
| 762 } | 764 } |
| 763 | 765 |
| 764 void UserManager::SetInitialUserImage(const std::string& username) { | 766 void UserManager::SetInitialUserImage(const std::string& username) { |
| (...skipping 230 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 995 | 997 |
| 996 User* UserManager::CreateUser(const std::string& email) const { | 998 User* UserManager::CreateUser(const std::string& email) const { |
| 997 User* user = new User(email, email == kGuestUser); | 999 User* user = new User(email, email == kGuestUser); |
| 998 user->set_oauth_token_status(LoadUserOAuthStatus(email)); | 1000 user->set_oauth_token_status(LoadUserOAuthStatus(email)); |
| 999 // Used to determine whether user's display name is unique. | 1001 // Used to determine whether user's display name is unique. |
| 1000 ++display_name_count_[user->GetDisplayName()]; | 1002 ++display_name_count_[user->GetDisplayName()]; |
| 1001 return user; | 1003 return user; |
| 1002 } | 1004 } |
| 1003 | 1005 |
| 1004 } // namespace chromeos | 1006 } // namespace chromeos |
| OLD | NEW |
