Chromium Code Reviews Chromium Code Reviews
Issue 9466005:
Make sure the device recovers from policy loss in the consumer case. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: chrome/browser/chromeos/login/parallel_authenticator.h |
| diff --git a/chrome/browser/chromeos/login/parallel_authenticator.h b/chrome/browser/chromeos/login/parallel_authenticator.h |
| index 343490226825f516bc610515dd9db2dd34a56cba..20f2712a693cca1f7be9417c15a361b4795573fa 100644 |
| --- a/chrome/browser/chromeos/login/parallel_authenticator.h |
| +++ b/chrome/browser/chromeos/login/parallel_authenticator.h |
| @@ -62,7 +62,8 @@ class ParallelAuthenticator : public Authenticator, |
| UNLOCK, // Screen unlock succeeded. |
| ONLINE_FAILED, // Online login disallowed, but offline succeeded. |
| GUEST_LOGIN, // Logged in guest mode. |
| - LOGIN_FAILED // Login denied. |
| + LOGIN_FAILED, // Login denied. |
| + OWNER_REQUIRED // Login is restricted to the owner only. |
| }; |
| explicit ParallelAuthenticator(LoginStatusConsumer* consumer); |
| @@ -196,12 +197,24 @@ class ParallelAuthenticator : public Authenticator, |
| current_online_ = attempt; |
| } |
| + // Used for testing to set the expected state of an owner check. |
| + void SetOwnerState(bool owner_check_finished, bool check_result); |
| + |
| // If we don't have the system salt yet, loads it from the CryptohomeLibrary. |
| void LoadSystemSalt(); |
| // If we don't have supplemental_user_key_ yet, loads it from the NSS DB. |
| // Returns false if the key can not be loaded/created. |
| bool LoadSupplementalUserKey(); |
| + // checks if the current mounted home contains the owner case and either |
| + // continues or fails the log-in. Used for policy lost mitigation "safe-mode". |
| + void VerifyOwnerOnUIThread(); |
| + |
| + // checks if the current mounted home contains the owner case and either |
| + // continues or fails the log-in. Used for policy lost mitigation "safe-mode". |
| + void FinishVerifyOwnerOnFileThread(); |
| + |
| + |
| // Records OAuth1 access token verification failure for |user_account|. |
| void RecordOAuthCheckFailure(const std::string& user_account); |
| @@ -225,13 +238,25 @@ class ParallelAuthenticator : public Authenticator, |
| // This allows us to present the same behavior to the caller, regardless |
| // of the order in which we receive these results. |
| bool already_reported_success_; |
| - base::Lock success_lock_; // A lock around already_reported_success_. |
| + base::Lock success_lock_; // A lock around |already_reported_success_|. |
| + |
| + // Flags signaling whether the owner verification has been done and the result |
| + // of it. |
| + bool owner_is_verified_; |
| + bool user_can_login_; |
| + // A lock for |owner_is_verified_| and |current_user_is_owner_|. |
|
Chris Masone
2012/03/13 16:45:53
I don't see current_user_is_owner_
pastarmovj
2012/03/22 11:48:01
Done.
|
| + base::Lock owner_verified_lock_; |
| // True if we use OAuth-based authentication flow. |
| bool using_oauth_; |
| friend class ResolveChecker; |
| friend class ParallelAuthenticatorTest; |
| + FRIEND_TEST_ALL_PREFIXES(ParallelAuthenticatorTest, |
| + ResolveOwnerNeededDirectFailedMount); |
| + FRIEND_TEST_ALL_PREFIXES(ParallelAuthenticatorTest, ResolveOwnerNeededMount); |
| + FRIEND_TEST_ALL_PREFIXES(ParallelAuthenticatorTest, |
| + ResolveOwnerNeededFailedMount); |
| DISALLOW_COPY_AND_ASSIGN(ParallelAuthenticator); |
| }; |
