| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/login/supervised/supervised_user_authenticator
.h" | 5 #include "chrome/browser/chromeos/login/supervised/supervised_user_authenticator
.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/strings/string_number_conversions.h" | 8 #include "base/strings/string_number_conversions.h" |
| 9 #include "base/strings/string_util.h" | 9 #include "base/strings/string_util.h" |
| 10 #include "chrome/browser/chromeos/boot_times_recorder.h" | 10 #include "chrome/browser/chromeos/boot_times_recorder.h" |
| (...skipping 12 matching lines...) Expand all Loading... |
| 23 | 23 |
| 24 namespace chromeos { | 24 namespace chromeos { |
| 25 | 25 |
| 26 namespace { | 26 namespace { |
| 27 | 27 |
| 28 // Records status and calls resolver->Resolve(). | 28 // Records status and calls resolver->Resolve(). |
| 29 void TriggerResolve(SupervisedUserAuthenticator::AuthAttempt* attempt, | 29 void TriggerResolve(SupervisedUserAuthenticator::AuthAttempt* attempt, |
| 30 scoped_refptr<SupervisedUserAuthenticator> resolver, | 30 scoped_refptr<SupervisedUserAuthenticator> resolver, |
| 31 bool success, | 31 bool success, |
| 32 cryptohome::MountError return_code) { | 32 cryptohome::MountError return_code) { |
| 33 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 33 DCHECK_CURRENTLY_ON(BrowserThread::UI); |
| 34 attempt->RecordCryptohomeStatus(success, return_code); | 34 attempt->RecordCryptohomeStatus(success, return_code); |
| 35 resolver->Resolve(); | 35 resolver->Resolve(); |
| 36 } | 36 } |
| 37 | 37 |
| 38 // Records status and calls resolver->Resolve(). | 38 // Records status and calls resolver->Resolve(). |
| 39 void TriggerResolveResult(SupervisedUserAuthenticator::AuthAttempt* attempt, | 39 void TriggerResolveResult(SupervisedUserAuthenticator::AuthAttempt* attempt, |
| 40 scoped_refptr<SupervisedUserAuthenticator> resolver, | 40 scoped_refptr<SupervisedUserAuthenticator> resolver, |
| 41 bool success, | 41 bool success, |
| 42 const std::string& result) { | 42 const std::string& result) { |
| 43 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 43 DCHECK_CURRENTLY_ON(BrowserThread::UI); |
| 44 attempt->RecordHash(result); | 44 attempt->RecordHash(result); |
| 45 resolver->Resolve(); | 45 resolver->Resolve(); |
| 46 } | 46 } |
| 47 | 47 |
| 48 // Calls TriggerResolve while adding login time marker. | 48 // Calls TriggerResolve while adding login time marker. |
| 49 void TriggerResolveWithLoginTimeMarker( | 49 void TriggerResolveWithLoginTimeMarker( |
| 50 const std::string& marker_name, | 50 const std::string& marker_name, |
| 51 SupervisedUserAuthenticator::AuthAttempt* attempt, | 51 SupervisedUserAuthenticator::AuthAttempt* attempt, |
| 52 scoped_refptr<SupervisedUserAuthenticator> resolver, | 52 scoped_refptr<SupervisedUserAuthenticator> resolver, |
| 53 bool success, | 53 bool success, |
| 54 cryptohome::MountError return_code) { | 54 cryptohome::MountError return_code) { |
| 55 chromeos::BootTimesRecorder::Get()->AddLoginTimeMarker(marker_name, false); | 55 chromeos::BootTimesRecorder::Get()->AddLoginTimeMarker(marker_name, false); |
| 56 TriggerResolve(attempt, resolver, success, return_code); | 56 TriggerResolve(attempt, resolver, success, return_code); |
| 57 } | 57 } |
| 58 | 58 |
| 59 // Calls cryptohome's mount method. | 59 // Calls cryptohome's mount method. |
| 60 void Mount(SupervisedUserAuthenticator::AuthAttempt* attempt, | 60 void Mount(SupervisedUserAuthenticator::AuthAttempt* attempt, |
| 61 scoped_refptr<SupervisedUserAuthenticator> resolver, | 61 scoped_refptr<SupervisedUserAuthenticator> resolver, |
| 62 int flags, | 62 int flags, |
| 63 const std::string& system_salt) { | 63 const std::string& system_salt) { |
| 64 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 64 DCHECK_CURRENTLY_ON(BrowserThread::UI); |
| 65 chromeos::BootTimesRecorder::Get()->AddLoginTimeMarker( | 65 chromeos::BootTimesRecorder::Get()->AddLoginTimeMarker( |
| 66 "CryptohomeMount-LMU-Start", false); | 66 "CryptohomeMount-LMU-Start", false); |
| 67 | 67 |
| 68 Key key(attempt->password); | 68 Key key(attempt->password); |
| 69 key.Transform(Key::KEY_TYPE_SALTED_SHA256_TOP_HALF, system_salt); | 69 key.Transform(Key::KEY_TYPE_SALTED_SHA256_TOP_HALF, system_salt); |
| 70 cryptohome::AsyncMethodCaller::GetInstance()->AsyncMount( | 70 cryptohome::AsyncMethodCaller::GetInstance()->AsyncMount( |
| 71 attempt->username, | 71 attempt->username, |
| 72 key.GetSecret(), | 72 key.GetSecret(), |
| 73 flags, | 73 flags, |
| 74 base::Bind(&TriggerResolveWithLoginTimeMarker, | 74 base::Bind(&TriggerResolveWithLoginTimeMarker, |
| 75 "CryptohomeMount-LMU-End", | 75 "CryptohomeMount-LMU-End", |
| 76 attempt, | 76 attempt, |
| 77 resolver)); | 77 resolver)); |
| 78 | 78 |
| 79 cryptohome::AsyncMethodCaller::GetInstance()->AsyncGetSanitizedUsername( | 79 cryptohome::AsyncMethodCaller::GetInstance()->AsyncGetSanitizedUsername( |
| 80 attempt->username, | 80 attempt->username, |
| 81 base::Bind(&TriggerResolveResult, attempt, resolver)); | 81 base::Bind(&TriggerResolveResult, attempt, resolver)); |
| 82 } | 82 } |
| 83 | 83 |
| 84 // Calls cryptohome's addKey method. | 84 // Calls cryptohome's addKey method. |
| 85 void AddKey(SupervisedUserAuthenticator::AuthAttempt* attempt, | 85 void AddKey(SupervisedUserAuthenticator::AuthAttempt* attempt, |
| 86 scoped_refptr<SupervisedUserAuthenticator> resolver, | 86 scoped_refptr<SupervisedUserAuthenticator> resolver, |
| 87 const std::string& plain_text_master_key, | 87 const std::string& plain_text_master_key, |
| 88 const std::string& system_salt) { | 88 const std::string& system_salt) { |
| 89 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 89 DCHECK_CURRENTLY_ON(BrowserThread::UI); |
| 90 chromeos::BootTimesRecorder::Get()->AddLoginTimeMarker( | 90 chromeos::BootTimesRecorder::Get()->AddLoginTimeMarker( |
| 91 "CryptohomeAddKey-LMU-Start", false); | 91 "CryptohomeAddKey-LMU-Start", false); |
| 92 | 92 |
| 93 Key user_key(attempt->password); | 93 Key user_key(attempt->password); |
| 94 user_key.Transform(Key::KEY_TYPE_SALTED_SHA256_TOP_HALF, system_salt); | 94 user_key.Transform(Key::KEY_TYPE_SALTED_SHA256_TOP_HALF, system_salt); |
| 95 Key master_key(plain_text_master_key); | 95 Key master_key(plain_text_master_key); |
| 96 master_key.Transform(Key::KEY_TYPE_SALTED_SHA256_TOP_HALF, system_salt); | 96 master_key.Transform(Key::KEY_TYPE_SALTED_SHA256_TOP_HALF, system_salt); |
| 97 cryptohome::AsyncMethodCaller::GetInstance()->AsyncAddKey( | 97 cryptohome::AsyncMethodCaller::GetInstance()->AsyncAddKey( |
| 98 attempt->username, | 98 attempt->username, |
| 99 user_key.GetSecret(), | 99 user_key.GetSecret(), |
| (...skipping 52 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 152 SystemSaltGetter::Get()->GetSystemSalt( | 152 SystemSaltGetter::Get()->GetSystemSalt( |
| 153 base::Bind(&AddKey, | 153 base::Bind(&AddKey, |
| 154 current_state_.get(), | 154 current_state_.get(), |
| 155 scoped_refptr<SupervisedUserAuthenticator>(this), | 155 scoped_refptr<SupervisedUserAuthenticator>(this), |
| 156 master_key)); | 156 master_key)); |
| 157 } | 157 } |
| 158 | 158 |
| 159 void SupervisedUserAuthenticator::OnAuthenticationSuccess( | 159 void SupervisedUserAuthenticator::OnAuthenticationSuccess( |
| 160 const std::string& mount_hash, | 160 const std::string& mount_hash, |
| 161 bool add_key) { | 161 bool add_key) { |
| 162 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 162 DCHECK_CURRENTLY_ON(BrowserThread::UI); |
| 163 VLOG(1) << "Supervised user authentication success"; | 163 VLOG(1) << "Supervised user authentication success"; |
| 164 if (consumer_) { | 164 if (consumer_) { |
| 165 if (add_key) | 165 if (add_key) |
| 166 consumer_->OnAddKeySuccess(); | 166 consumer_->OnAddKeySuccess(); |
| 167 else | 167 else |
| 168 consumer_->OnMountSuccess(mount_hash); | 168 consumer_->OnMountSuccess(mount_hash); |
| 169 } | 169 } |
| 170 } | 170 } |
| 171 | 171 |
| 172 void SupervisedUserAuthenticator::OnAuthenticationFailure( | 172 void SupervisedUserAuthenticator::OnAuthenticationFailure( |
| 173 SupervisedUserAuthenticator::AuthState state) { | 173 SupervisedUserAuthenticator::AuthState state) { |
| 174 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 174 DCHECK_CURRENTLY_ON(BrowserThread::UI); |
| 175 LOG(WARNING) << "Supervised user authentication failure"; | 175 LOG(WARNING) << "Supervised user authentication failure"; |
| 176 if (consumer_) | 176 if (consumer_) |
| 177 consumer_->OnAuthenticationFailure(state); | 177 consumer_->OnAuthenticationFailure(state); |
| 178 } | 178 } |
| 179 | 179 |
| 180 void SupervisedUserAuthenticator::Resolve() { | 180 void SupervisedUserAuthenticator::Resolve() { |
| 181 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 181 DCHECK_CURRENTLY_ON(BrowserThread::UI); |
| 182 SupervisedUserAuthenticator::AuthState state = ResolveState(); | 182 SupervisedUserAuthenticator::AuthState state = ResolveState(); |
| 183 VLOG(1) << "Resolved state to: " << state; | 183 VLOG(1) << "Resolved state to: " << state; |
| 184 switch (state) { | 184 switch (state) { |
| 185 case CONTINUE: | 185 case CONTINUE: |
| 186 // These are intermediate states; we need more info from a request that | 186 // These are intermediate states; we need more info from a request that |
| 187 // is still pending. | 187 // is still pending. |
| 188 break; | 188 break; |
| 189 case FAILED_MOUNT: | 189 case FAILED_MOUNT: |
| 190 // In this case, whether login succeeded or not, we can't log | 190 // In this case, whether login succeeded or not, we can't log |
| 191 // the user in because their data is horked. So, override with | 191 // the user in because their data is horked. So, override with |
| (...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 232 default: | 232 default: |
| 233 NOTREACHED(); | 233 NOTREACHED(); |
| 234 break; | 234 break; |
| 235 } | 235 } |
| 236 } | 236 } |
| 237 | 237 |
| 238 SupervisedUserAuthenticator::~SupervisedUserAuthenticator() {} | 238 SupervisedUserAuthenticator::~SupervisedUserAuthenticator() {} |
| 239 | 239 |
| 240 SupervisedUserAuthenticator::AuthState | 240 SupervisedUserAuthenticator::AuthState |
| 241 SupervisedUserAuthenticator::ResolveState() { | 241 SupervisedUserAuthenticator::ResolveState() { |
| 242 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 242 DCHECK_CURRENTLY_ON(BrowserThread::UI); |
| 243 // If we haven't mounted the user's home dir yet, we can't be done. | 243 // If we haven't mounted the user's home dir yet, we can't be done. |
| 244 // We never get past here if a cryptohome op is still pending. | 244 // We never get past here if a cryptohome op is still pending. |
| 245 // This is an important invariant. | 245 // This is an important invariant. |
| 246 if (!current_state_->cryptohome_complete()) | 246 if (!current_state_->cryptohome_complete()) |
| 247 return CONTINUE; | 247 return CONTINUE; |
| 248 if (!current_state_->add_key && !current_state_->hash_obtained()) | 248 if (!current_state_->add_key && !current_state_->hash_obtained()) |
| 249 return CONTINUE; | 249 return CONTINUE; |
| 250 | 250 |
| 251 AuthState state; | 251 AuthState state; |
| 252 | 252 |
| 253 if (current_state_->cryptohome_outcome()) | 253 if (current_state_->cryptohome_outcome()) |
| 254 state = ResolveCryptohomeSuccessState(); | 254 state = ResolveCryptohomeSuccessState(); |
| 255 else | 255 else |
| 256 state = ResolveCryptohomeFailureState(); | 256 state = ResolveCryptohomeFailureState(); |
| 257 | 257 |
| 258 DCHECK(current_state_->cryptohome_complete()); | 258 DCHECK(current_state_->cryptohome_complete()); |
| 259 DCHECK(current_state_->hash_obtained() || current_state_->add_key); | 259 DCHECK(current_state_->hash_obtained() || current_state_->add_key); |
| 260 return state; | 260 return state; |
| 261 } | 261 } |
| 262 | 262 |
| 263 SupervisedUserAuthenticator::AuthState | 263 SupervisedUserAuthenticator::AuthState |
| 264 SupervisedUserAuthenticator::ResolveCryptohomeFailureState() { | 264 SupervisedUserAuthenticator::ResolveCryptohomeFailureState() { |
| 265 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 265 DCHECK_CURRENTLY_ON(BrowserThread::UI); |
| 266 LOG(ERROR) << "Failed to authenticate supervised user, code: " | 266 LOG(ERROR) << "Failed to authenticate supervised user, code: " |
| 267 << current_state_->cryptohome_code(); | 267 << current_state_->cryptohome_code(); |
| 268 if (current_state_->cryptohome_code() == | 268 if (current_state_->cryptohome_code() == |
| 269 cryptohome::MOUNT_ERROR_TPM_NEEDS_REBOOT) { | 269 cryptohome::MOUNT_ERROR_TPM_NEEDS_REBOOT) { |
| 270 // Critical TPM error detected, reboot needed. | 270 // Critical TPM error detected, reboot needed. |
| 271 return FAILED_TPM; | 271 return FAILED_TPM; |
| 272 } | 272 } |
| 273 | 273 |
| 274 if (current_state_->cryptohome_code() == | 274 if (current_state_->cryptohome_code() == |
| 275 cryptohome::MOUNT_ERROR_USER_DOES_NOT_EXIST) { | 275 cryptohome::MOUNT_ERROR_USER_DOES_NOT_EXIST) { |
| 276 // If we tried a mount but the user did not exist, then we should wait | 276 // If we tried a mount but the user did not exist, then we should wait |
| 277 // for online login to succeed and try again with the "create" flag set. | 277 // for online login to succeed and try again with the "create" flag set. |
| 278 return NO_MOUNT; | 278 return NO_MOUNT; |
| 279 } | 279 } |
| 280 | 280 |
| 281 return FAILED_MOUNT; | 281 return FAILED_MOUNT; |
| 282 } | 282 } |
| 283 | 283 |
| 284 SupervisedUserAuthenticator::AuthState | 284 SupervisedUserAuthenticator::AuthState |
| 285 SupervisedUserAuthenticator::ResolveCryptohomeSuccessState() { | 285 SupervisedUserAuthenticator::ResolveCryptohomeSuccessState() { |
| 286 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 286 DCHECK_CURRENTLY_ON(BrowserThread::UI); |
| 287 return SUCCESS; | 287 return SUCCESS; |
| 288 } | 288 } |
| 289 | 289 |
| 290 SupervisedUserAuthenticator::AuthAttempt::AuthAttempt( | 290 SupervisedUserAuthenticator::AuthAttempt::AuthAttempt( |
| 291 const std::string& username, | 291 const std::string& username, |
| 292 const std::string& password, | 292 const std::string& password, |
| 293 bool add_key_attempt) | 293 bool add_key_attempt) |
| 294 : username(username), | 294 : username(username), |
| 295 password(password), | 295 password(password), |
| 296 add_key(add_key_attempt), | 296 add_key(add_key_attempt), |
| 297 cryptohome_complete_(false), | 297 cryptohome_complete_(false), |
| 298 cryptohome_outcome_(false), | 298 cryptohome_outcome_(false), |
| 299 hash_obtained_(false), | 299 hash_obtained_(false), |
| 300 cryptohome_code_(cryptohome::MOUNT_ERROR_NONE) {} | 300 cryptohome_code_(cryptohome::MOUNT_ERROR_NONE) {} |
| 301 | 301 |
| 302 SupervisedUserAuthenticator::AuthAttempt::~AuthAttempt() {} | 302 SupervisedUserAuthenticator::AuthAttempt::~AuthAttempt() {} |
| 303 | 303 |
| 304 void SupervisedUserAuthenticator::AuthAttempt::RecordCryptohomeStatus( | 304 void SupervisedUserAuthenticator::AuthAttempt::RecordCryptohomeStatus( |
| 305 bool cryptohome_outcome, | 305 bool cryptohome_outcome, |
| 306 cryptohome::MountError cryptohome_code) { | 306 cryptohome::MountError cryptohome_code) { |
| 307 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 307 DCHECK_CURRENTLY_ON(BrowserThread::UI); |
| 308 cryptohome_complete_ = true; | 308 cryptohome_complete_ = true; |
| 309 cryptohome_outcome_ = cryptohome_outcome; | 309 cryptohome_outcome_ = cryptohome_outcome; |
| 310 cryptohome_code_ = cryptohome_code; | 310 cryptohome_code_ = cryptohome_code; |
| 311 } | 311 } |
| 312 | 312 |
| 313 void SupervisedUserAuthenticator::AuthAttempt::RecordHash( | 313 void SupervisedUserAuthenticator::AuthAttempt::RecordHash( |
| 314 const std::string& hash) { | 314 const std::string& hash) { |
| 315 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 315 DCHECK_CURRENTLY_ON(BrowserThread::UI); |
| 316 hash_obtained_ = true; | 316 hash_obtained_ = true; |
| 317 hash_ = hash; | 317 hash_ = hash; |
| 318 } | 318 } |
| 319 | 319 |
| 320 bool SupervisedUserAuthenticator::AuthAttempt::cryptohome_complete() { | 320 bool SupervisedUserAuthenticator::AuthAttempt::cryptohome_complete() { |
| 321 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 321 DCHECK_CURRENTLY_ON(BrowserThread::UI); |
| 322 return cryptohome_complete_; | 322 return cryptohome_complete_; |
| 323 } | 323 } |
| 324 | 324 |
| 325 bool SupervisedUserAuthenticator::AuthAttempt::cryptohome_outcome() { | 325 bool SupervisedUserAuthenticator::AuthAttempt::cryptohome_outcome() { |
| 326 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 326 DCHECK_CURRENTLY_ON(BrowserThread::UI); |
| 327 return cryptohome_outcome_; | 327 return cryptohome_outcome_; |
| 328 } | 328 } |
| 329 | 329 |
| 330 cryptohome::MountError | 330 cryptohome::MountError |
| 331 SupervisedUserAuthenticator::AuthAttempt::cryptohome_code() { | 331 SupervisedUserAuthenticator::AuthAttempt::cryptohome_code() { |
| 332 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 332 DCHECK_CURRENTLY_ON(BrowserThread::UI); |
| 333 return cryptohome_code_; | 333 return cryptohome_code_; |
| 334 } | 334 } |
| 335 | 335 |
| 336 bool SupervisedUserAuthenticator::AuthAttempt::hash_obtained() { | 336 bool SupervisedUserAuthenticator::AuthAttempt::hash_obtained() { |
| 337 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 337 DCHECK_CURRENTLY_ON(BrowserThread::UI); |
| 338 return hash_obtained_; | 338 return hash_obtained_; |
| 339 } | 339 } |
| 340 | 340 |
| 341 std::string SupervisedUserAuthenticator::AuthAttempt::hash() { | 341 std::string SupervisedUserAuthenticator::AuthAttempt::hash() { |
| 342 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 342 DCHECK_CURRENTLY_ON(BrowserThread::UI); |
| 343 return hash_; | 343 return hash_; |
| 344 } | 344 } |
| 345 | 345 |
| 346 } // namespace chromeos | 346 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1036723003:
favor DCHECK_CURRENTLY_ON for better logs in chrome/browser/chromeos/ (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master