| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CHROME_BROWSER_CHROMEOS_LOGIN_PARALLEL_AUTHENTICATOR_H_ | 5 #ifndef CHROME_BROWSER_CHROMEOS_LOGIN_PARALLEL_AUTHENTICATOR_H_ |
| 6 #define CHROME_BROWSER_CHROMEOS_LOGIN_PARALLEL_AUTHENTICATOR_H_ | 6 #define CHROME_BROWSER_CHROMEOS_LOGIN_PARALLEL_AUTHENTICATOR_H_ |
| 7 #pragma once | 7 #pragma once |
| 8 | 8 |
| 9 #include <string> | 9 #include <string> |
| 10 #include <vector> | 10 #include <vector> |
| (...skipping 58 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 69 RECOVER_MOUNT, // After RecoverEncryptedData, mount cryptohome. | 69 RECOVER_MOUNT, // After RecoverEncryptedData, mount cryptohome. |
| 70 POSSIBLE_PW_CHANGE, // Offline login failed, user may have changed pw. | 70 POSSIBLE_PW_CHANGE, // Offline login failed, user may have changed pw. |
| 71 NEED_NEW_PW, // User changed pw, and we have the old one. | 71 NEED_NEW_PW, // User changed pw, and we have the old one. |
| 72 NEED_OLD_PW, // User changed pw, and we have the new one. | 72 NEED_OLD_PW, // User changed pw, and we have the new one. |
| 73 HAVE_NEW_PW, // We have verified new pw, time to migrate key. | 73 HAVE_NEW_PW, // We have verified new pw, time to migrate key. |
| 74 OFFLINE_LOGIN, // Login succeeded offline. | 74 OFFLINE_LOGIN, // Login succeeded offline. |
| 75 ONLINE_LOGIN, // Offline and online login succeeded. | 75 ONLINE_LOGIN, // Offline and online login succeeded. |
| 76 UNLOCK, // Screen unlock succeeded. | 76 UNLOCK, // Screen unlock succeeded. |
| 77 ONLINE_FAILED, // Online login disallowed, but offline succeeded. | 77 ONLINE_FAILED, // Online login disallowed, but offline succeeded. |
| 78 GUEST_LOGIN, // Logged in guest mode. | 78 GUEST_LOGIN, // Logged in guest mode. |
| 79 LOGIN_FAILED // Login denied. | 79 LOGIN_FAILED, // Login denied. |
| 80 OWNER_REQUIRED // Login is restricted to the owner only. |
| 80 }; | 81 }; |
| 81 | 82 |
| 82 explicit ParallelAuthenticator(LoginStatusConsumer* consumer); | 83 explicit ParallelAuthenticator(LoginStatusConsumer* consumer); |
| 83 virtual ~ParallelAuthenticator(); | 84 virtual ~ParallelAuthenticator(); |
| 84 | 85 |
| 85 // Authenticator overrides. | 86 // Authenticator overrides. |
| 86 virtual void CompleteLogin(Profile* profile, | 87 virtual void CompleteLogin(Profile* profile, |
| 87 const std::string& username, | 88 const std::string& username, |
| 88 const std::string& password) OVERRIDE; | 89 const std::string& password) OVERRIDE; |
| 89 | 90 |
| (...skipping 120 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 210 // Initiate() |to_initiate|. | 211 // Initiate() |to_initiate|. |
| 211 // Call this method on the IO thread. | 212 // Call this method on the IO thread. |
| 212 void ResyncRecoverHelper(CryptohomeOp* to_initiate); | 213 void ResyncRecoverHelper(CryptohomeOp* to_initiate); |
| 213 | 214 |
| 214 // If we don't have the system salt yet, loads it from the CryptohomeLibrary. | 215 // If we don't have the system salt yet, loads it from the CryptohomeLibrary. |
| 215 void LoadSystemSalt(); | 216 void LoadSystemSalt(); |
| 216 // If we don't have supplemental_user_key_ yet, loads it from the NSS DB. | 217 // If we don't have supplemental_user_key_ yet, loads it from the NSS DB. |
| 217 // Returns false if the key can not be loaded/created. | 218 // Returns false if the key can not be loaded/created. |
| 218 bool LoadSupplementalUserKey(); | 219 bool LoadSupplementalUserKey(); |
| 219 | 220 |
| 221 // checks if the current mounted home contains the owner case and either |
| 222 // continues or fails the log-in. Used for policy lost mitigation "safe-mode". |
| 223 void VerifyOwnerOnUIThread(); |
| 224 |
| 225 // checks if the current mounted home contains the owner case and either |
| 226 // continues or fails the log-in. Used for policy lost mitigation "safe-mode". |
| 227 void FinishVerifyOwnerOnFileThread(); |
| 228 |
| 229 |
| 220 // Records OAuth1 access token verification failure for |user_account|. | 230 // Records OAuth1 access token verification failure for |user_account|. |
| 221 void RecordOAuthCheckFailure(const std::string& user_account); | 231 void RecordOAuthCheckFailure(const std::string& user_account); |
| 222 | 232 |
| 223 // Signal login completion status for cases when a new user is added via | 233 // Signal login completion status for cases when a new user is added via |
| 224 // an external authentication provider (i.e. GAIA extension). | 234 // an external authentication provider (i.e. GAIA extension). |
| 225 void ResolveLoginCompletionStatus(); | 235 void ResolveLoginCompletionStatus(); |
| 226 | 236 |
| 227 // Milliseconds until we timeout our attempt to hit ClientLogin. | 237 // Milliseconds until we timeout our attempt to hit ClientLogin. |
| 228 static const int kClientLoginTimeoutMs; | 238 static const int kClientLoginTimeoutMs; |
| 229 | 239 |
| (...skipping 10 matching lines...) Expand all Loading... |
| 240 scoped_refptr<CryptohomeOp> key_migrator_; | 250 scoped_refptr<CryptohomeOp> key_migrator_; |
| 241 scoped_refptr<CryptohomeOp> data_remover_; | 251 scoped_refptr<CryptohomeOp> data_remover_; |
| 242 scoped_refptr<CryptohomeOp> guest_mounter_; | 252 scoped_refptr<CryptohomeOp> guest_mounter_; |
| 243 scoped_refptr<CryptohomeOp> key_checker_; | 253 scoped_refptr<CryptohomeOp> key_checker_; |
| 244 | 254 |
| 245 // When the user has changed her password, but gives us the old one, we will | 255 // When the user has changed her password, but gives us the old one, we will |
| 246 // be able to mount her cryptohome, but online authentication will fail. | 256 // be able to mount her cryptohome, but online authentication will fail. |
| 247 // This allows us to present the same behavior to the caller, regardless | 257 // This allows us to present the same behavior to the caller, regardless |
| 248 // of the order in which we receive these results. | 258 // of the order in which we receive these results. |
| 249 bool already_reported_success_; | 259 bool already_reported_success_; |
| 250 base::Lock success_lock_; // A lock around already_reported_success_. | 260 base::Lock success_lock_; // A lock around |already_reported_success_|. |
| 261 |
| 262 // Flags signaling whether the owner verification has been done and the result |
| 263 // of it. |
| 264 bool owner_is_verified_; |
| 265 bool user_can_login_; |
| 266 // A lock for |owner_is_verified_| and |current_user_is_owner_|. |
| 267 base::Lock owner_verified_lock_; |
| 251 | 268 |
| 252 // True if we use OAuth-based authentication flow. | 269 // True if we use OAuth-based authentication flow. |
| 253 bool using_oauth_; | 270 bool using_oauth_; |
| 254 | 271 |
| 255 friend class ResolveChecker; | 272 friend class ResolveChecker; |
| 256 friend class ParallelAuthenticatorTest; | 273 friend class ParallelAuthenticatorTest; |
| 257 DISALLOW_COPY_AND_ASSIGN(ParallelAuthenticator); | 274 DISALLOW_COPY_AND_ASSIGN(ParallelAuthenticator); |
| 258 }; | 275 }; |
| 259 | 276 |
| 260 } // namespace chromeos | 277 } // namespace chromeos |
| 261 | 278 |
| 262 #endif // CHROME_BROWSER_CHROMEOS_LOGIN_PARALLEL_AUTHENTICATOR_H_ | 279 #endif // CHROME_BROWSER_CHROMEOS_LOGIN_PARALLEL_AUTHENTICATOR_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 9466005:
Make sure the device recovers from policy loss in the consumer case. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src