| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/login/supervised/supervised_user_authenticatio
n.h" | 5 #include "chrome/browser/chromeos/login/supervised/supervised_user_authenticatio
n.h" |
| 6 | 6 |
| 7 #include "base/base64.h" | 7 #include "base/base64.h" |
| 8 #include "base/json/json_file_value_serializer.h" | 8 #include "base/json/json_file_value_serializer.h" |
| 9 #include "base/macros.h" | 9 #include "base/macros.h" |
| 10 #include "base/metrics/histogram.h" | 10 #include "base/metrics/histogram.h" |
| (...skipping 103 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 114 std::string salt; | 114 std::string salt; |
| 115 owner_->GetPasswordInformation(context.GetUserID(), &holder); | 115 owner_->GetPasswordInformation(context.GetUserID(), &holder); |
| 116 holder.GetStringWithoutPathExpansion(kSalt, &salt); | 116 holder.GetStringWithoutPathExpansion(kSalt, &salt); |
| 117 DCHECK(!salt.empty()); | 117 DCHECK(!salt.empty()); |
| 118 Key* const key = result.GetKey(); | 118 Key* const key = result.GetKey(); |
| 119 key->Transform(Key::KEY_TYPE_SALTED_PBKDF2_AES256_1234, salt); | 119 key->Transform(Key::KEY_TYPE_SALTED_PBKDF2_AES256_1234, salt); |
| 120 key->SetLabel(kCryptohomeSupervisedUserKeyLabel); | 120 key->SetLabel(kCryptohomeSupervisedUserKeyLabel); |
| 121 result.SetIsUsingOAuth(false); | 121 result.SetIsUsingOAuth(false); |
| 122 return result; | 122 return result; |
| 123 } | 123 } |
| 124 NOTREACHED() << "Unknown password schema for " << context.GetUserID(); | 124 NOTREACHED() << "Unknown password schema for " << context.GetUserID().GetUserE
mail(); |
| 125 return context; | 125 return context; |
| 126 } | 126 } |
| 127 | 127 |
| 128 bool SupervisedUserAuthentication::FillDataForNewUser( | 128 bool SupervisedUserAuthentication::FillDataForNewUser( |
| 129 const std::string& user_id, | 129 const user_manager::UserID& /* user_id */, |
| 130 const std::string& password, | 130 const std::string& password, |
| 131 base::DictionaryValue* password_data, | 131 base::DictionaryValue* password_data, |
| 132 base::DictionaryValue* extra_data) { | 132 base::DictionaryValue* extra_data) { |
| 133 Schema schema = stable_schema_; | 133 Schema schema = stable_schema_; |
| 134 if (schema == SCHEMA_PLAIN) | 134 if (schema == SCHEMA_PLAIN) |
| 135 return false; | 135 return false; |
| 136 | 136 |
| 137 if (schema == SCHEMA_SALT_HASHED) { | 137 if (schema == SCHEMA_SALT_HASHED) { |
| 138 password_data->SetIntegerWithoutPathExpansion(kSchemaVersion, schema); | 138 password_data->SetIntegerWithoutPathExpansion(kSchemaVersion, schema); |
| 139 std::string salt = CreateSalt(); | 139 std::string salt = CreateSalt(); |
| (...skipping 23 matching lines...) Expand all Loading... |
| 163 | 163 |
| 164 std::string SupervisedUserAuthentication::GenerateMasterKey() { | 164 std::string SupervisedUserAuthentication::GenerateMasterKey() { |
| 165 char master_key_bytes[kMasterKeySize]; | 165 char master_key_bytes[kMasterKeySize]; |
| 166 crypto::RandBytes(&master_key_bytes, sizeof(master_key_bytes)); | 166 crypto::RandBytes(&master_key_bytes, sizeof(master_key_bytes)); |
| 167 return base::StringToLowerASCII( | 167 return base::StringToLowerASCII( |
| 168 base::HexEncode(reinterpret_cast<const void*>(master_key_bytes), | 168 base::HexEncode(reinterpret_cast<const void*>(master_key_bytes), |
| 169 sizeof(master_key_bytes))); | 169 sizeof(master_key_bytes))); |
| 170 } | 170 } |
| 171 | 171 |
| 172 void SupervisedUserAuthentication::StorePasswordData( | 172 void SupervisedUserAuthentication::StorePasswordData( |
| 173 const std::string& user_id, | 173 const user_manager::UserID& user_id, |
| 174 const base::DictionaryValue& password_data) { | 174 const base::DictionaryValue& password_data) { |
| 175 base::DictionaryValue holder; | 175 base::DictionaryValue holder; |
| 176 owner_->GetPasswordInformation(user_id, &holder); | 176 owner_->GetPasswordInformation(user_id, &holder); |
| 177 const base::Value* value; | 177 const base::Value* value; |
| 178 if (password_data.GetWithoutPathExpansion(kSchemaVersion, &value)) | 178 if (password_data.GetWithoutPathExpansion(kSchemaVersion, &value)) |
| 179 holder.SetWithoutPathExpansion(kSchemaVersion, value->DeepCopy()); | 179 holder.SetWithoutPathExpansion(kSchemaVersion, value->DeepCopy()); |
| 180 if (password_data.GetWithoutPathExpansion(kSalt, &value)) | 180 if (password_data.GetWithoutPathExpansion(kSalt, &value)) |
| 181 holder.SetWithoutPathExpansion(kSalt, value->DeepCopy()); | 181 holder.SetWithoutPathExpansion(kSalt, value->DeepCopy()); |
| 182 if (password_data.GetWithoutPathExpansion(kPasswordRevision, &value)) | 182 if (password_data.GetWithoutPathExpansion(kPasswordRevision, &value)) |
| 183 holder.SetWithoutPathExpansion(kPasswordRevision, value->DeepCopy()); | 183 holder.SetWithoutPathExpansion(kPasswordRevision, value->DeepCopy()); |
| 184 owner_->SetPasswordInformation(user_id, &holder); | 184 owner_->SetPasswordInformation(user_id, &holder); |
| 185 } | 185 } |
| 186 | 186 |
| 187 SupervisedUserAuthentication::Schema | 187 SupervisedUserAuthentication::Schema |
| 188 SupervisedUserAuthentication::GetPasswordSchema( | 188 SupervisedUserAuthentication::GetPasswordSchema( |
| 189 const std::string& user_id) { | 189 const user_manager::UserID& user_id) { |
| 190 base::DictionaryValue holder; | 190 base::DictionaryValue holder; |
| 191 | 191 |
| 192 owner_->GetPasswordInformation(user_id, &holder); | 192 owner_->GetPasswordInformation(user_id, &holder); |
| 193 // Default version. | 193 // Default version. |
| 194 int schema_version_index; | 194 int schema_version_index; |
| 195 Schema schema_version = SCHEMA_PLAIN; | 195 Schema schema_version = SCHEMA_PLAIN; |
| 196 if (holder.GetIntegerWithoutPathExpansion(kSchemaVersion, | 196 if (holder.GetIntegerWithoutPathExpansion(kSchemaVersion, |
| 197 &schema_version_index)) { | 197 &schema_version_index)) { |
| 198 schema_version = static_cast<Schema>(schema_version_index); | 198 schema_version = static_cast<Schema>(schema_version_index); |
| 199 } | 199 } |
| 200 return schema_version; | 200 return schema_version; |
| 201 } | 201 } |
| 202 | 202 |
| 203 bool SupervisedUserAuthentication::NeedPasswordChange( | 203 bool SupervisedUserAuthentication::NeedPasswordChange( |
| 204 const std::string& user_id, | 204 const user_manager::UserID& user_id, |
| 205 const base::DictionaryValue* password_data) { | 205 const base::DictionaryValue* password_data) { |
| 206 base::DictionaryValue local; | 206 base::DictionaryValue local; |
| 207 owner_->GetPasswordInformation(user_id, &local); | 207 owner_->GetPasswordInformation(user_id, &local); |
| 208 int local_schema = SCHEMA_PLAIN; | 208 int local_schema = SCHEMA_PLAIN; |
| 209 int local_revision = kMinPasswordRevision; | 209 int local_revision = kMinPasswordRevision; |
| 210 int updated_schema = SCHEMA_PLAIN; | 210 int updated_schema = SCHEMA_PLAIN; |
| 211 int updated_revision = kMinPasswordRevision; | 211 int updated_revision = kMinPasswordRevision; |
| 212 local.GetIntegerWithoutPathExpansion(kSchemaVersion, &local_schema); | 212 local.GetIntegerWithoutPathExpansion(kSchemaVersion, &local_schema); |
| 213 local.GetIntegerWithoutPathExpansion(kPasswordRevision, &local_revision); | 213 local.GetIntegerWithoutPathExpansion(kPasswordRevision, &local_revision); |
| 214 password_data->GetIntegerWithoutPathExpansion(kSchemaVersion, | 214 password_data->GetIntegerWithoutPathExpansion(kSchemaVersion, |
| 215 &updated_schema); | 215 &updated_schema); |
| 216 password_data->GetIntegerWithoutPathExpansion(kPasswordRevision, | 216 password_data->GetIntegerWithoutPathExpansion(kPasswordRevision, |
| 217 &updated_revision); | 217 &updated_revision); |
| 218 if (updated_schema > local_schema) | 218 if (updated_schema > local_schema) |
| 219 return true; | 219 return true; |
| 220 DCHECK_EQ(updated_schema, local_schema); | 220 DCHECK_EQ(updated_schema, local_schema); |
| 221 return updated_revision > local_revision; | 221 return updated_revision > local_revision; |
| 222 } | 222 } |
| 223 | 223 |
| 224 void SupervisedUserAuthentication::ScheduleSupervisedPasswordChange( | 224 void SupervisedUserAuthentication::ScheduleSupervisedPasswordChange( |
| 225 const std::string& supervised_user_id, | 225 const user_manager::UserID& supervised_user_id, |
| 226 const base::DictionaryValue* password_data) { | 226 const base::DictionaryValue* password_data) { |
| 227 const user_manager::User* user = | 227 const user_manager::User* user = |
| 228 user_manager::UserManager::Get()->FindUser(supervised_user_id); | 228 user_manager::UserManager::Get()->FindUser(supervised_user_id); |
| 229 base::FilePath profile_path = ProfileHelper::GetProfilePathByUserIdHash( | 229 base::FilePath profile_path = ProfileHelper::GetProfilePathByUserIdHash( |
| 230 user->username_hash()); | 230 user->username_hash()); |
| 231 JSONFileValueSerializer serializer(profile_path.Append(kPasswordUpdateFile)); | 231 JSONFileValueSerializer serializer(profile_path.Append(kPasswordUpdateFile)); |
| 232 if (!serializer.Serialize(*password_data)) { | 232 if (!serializer.Serialize(*password_data)) { |
| 233 LOG(ERROR) << "Failed to schedule password update for supervised user " | 233 LOG(ERROR) << "Failed to schedule password update for supervised user " |
| 234 << supervised_user_id; | 234 << supervised_user_id.GetUserEmail(); |
| 235 UMA_HISTOGRAM_ENUMERATION( | 235 UMA_HISTOGRAM_ENUMERATION( |
| 236 "ManagedUsers.ChromeOS.PasswordChange", | 236 "ManagedUsers.ChromeOS.PasswordChange", |
| 237 SupervisedUserAuthentication::PASSWORD_CHANGE_FAILED_STORE_DATA, | 237 SupervisedUserAuthentication::PASSWORD_CHANGE_FAILED_STORE_DATA, |
| 238 SupervisedUserAuthentication::PASSWORD_CHANGE_RESULT_MAX_VALUE); | 238 SupervisedUserAuthentication::PASSWORD_CHANGE_RESULT_MAX_VALUE); |
| 239 return; | 239 return; |
| 240 } | 240 } |
| 241 base::DictionaryValue holder; | 241 base::DictionaryValue holder; |
| 242 owner_->GetPasswordInformation(supervised_user_id, &holder); | 242 owner_->GetPasswordInformation(supervised_user_id, &holder); |
| 243 holder.SetBoolean(kRequirePasswordUpdate, true); | 243 holder.SetBoolean(kRequirePasswordUpdate, true); |
| 244 owner_->SetPasswordInformation(supervised_user_id, &holder); | 244 owner_->SetPasswordInformation(supervised_user_id, &holder); |
| 245 } | 245 } |
| 246 | 246 |
| 247 bool SupervisedUserAuthentication::HasScheduledPasswordUpdate( | 247 bool SupervisedUserAuthentication::HasScheduledPasswordUpdate( |
| 248 const std::string& user_id) { | 248 const user_manager::UserID& user_id) { |
| 249 base::DictionaryValue holder; | 249 base::DictionaryValue holder; |
| 250 owner_->GetPasswordInformation(user_id, &holder); | 250 owner_->GetPasswordInformation(user_id, &holder); |
| 251 bool require_update = false; | 251 bool require_update = false; |
| 252 holder.GetBoolean(kRequirePasswordUpdate, &require_update); | 252 holder.GetBoolean(kRequirePasswordUpdate, &require_update); |
| 253 return require_update; | 253 return require_update; |
| 254 } | 254 } |
| 255 | 255 |
| 256 void SupervisedUserAuthentication::ClearScheduledPasswordUpdate( | 256 void SupervisedUserAuthentication::ClearScheduledPasswordUpdate( |
| 257 const std::string& user_id) { | 257 const user_manager::UserID& user_id) { |
| 258 base::DictionaryValue holder; | 258 base::DictionaryValue holder; |
| 259 owner_->GetPasswordInformation(user_id, &holder); | 259 owner_->GetPasswordInformation(user_id, &holder); |
| 260 holder.SetBoolean(kRequirePasswordUpdate, false); | 260 holder.SetBoolean(kRequirePasswordUpdate, false); |
| 261 owner_->SetPasswordInformation(user_id, &holder); | 261 owner_->SetPasswordInformation(user_id, &holder); |
| 262 } | 262 } |
| 263 | 263 |
| 264 bool SupervisedUserAuthentication::HasIncompleteKey( | 264 bool SupervisedUserAuthentication::HasIncompleteKey( |
| 265 const std::string& user_id) { | 265 const user_manager::UserID& user_id) { |
| 266 base::DictionaryValue holder; | 266 base::DictionaryValue holder; |
| 267 owner_->GetPasswordInformation(user_id, &holder); | 267 owner_->GetPasswordInformation(user_id, &holder); |
| 268 bool incomplete_key = false; | 268 bool incomplete_key = false; |
| 269 holder.GetBoolean(kHasIncompleteKey, &incomplete_key); | 269 holder.GetBoolean(kHasIncompleteKey, &incomplete_key); |
| 270 return incomplete_key; | 270 return incomplete_key; |
| 271 } | 271 } |
| 272 | 272 |
| 273 void SupervisedUserAuthentication::MarkKeyIncomplete(const std::string& user_id, | 273 void SupervisedUserAuthentication::MarkKeyIncomplete(const user_manager::UserID&
user_id, |
| 274 bool incomplete) { | 274 bool incomplete) { |
| 275 base::DictionaryValue holder; | 275 base::DictionaryValue holder; |
| 276 owner_->GetPasswordInformation(user_id, &holder); | 276 owner_->GetPasswordInformation(user_id, &holder); |
| 277 holder.SetBoolean(kHasIncompleteKey, incomplete); | 277 holder.SetBoolean(kHasIncompleteKey, incomplete); |
| 278 owner_->SetPasswordInformation(user_id, &holder); | 278 owner_->SetPasswordInformation(user_id, &holder); |
| 279 } | 279 } |
| 280 | 280 |
| 281 void SupervisedUserAuthentication::LoadPasswordUpdateData( | 281 void SupervisedUserAuthentication::LoadPasswordUpdateData( |
| 282 const std::string& user_id, | 282 const user_manager::UserID& user_id, |
| 283 const PasswordDataCallback& success_callback, | 283 const PasswordDataCallback& success_callback, |
| 284 const base::Closure& failure_callback) { | 284 const base::Closure& failure_callback) { |
| 285 const user_manager::User* user = | 285 const user_manager::User* user = |
| 286 user_manager::UserManager::Get()->FindUser(user_id); | 286 user_manager::UserManager::Get()->FindUser(user_id); |
| 287 base::FilePath profile_path = | 287 base::FilePath profile_path = |
| 288 ProfileHelper::GetProfilePathByUserIdHash(user->username_hash()); | 288 ProfileHelper::GetProfilePathByUserIdHash(user->username_hash()); |
| 289 PostTaskAndReplyWithResult( | 289 PostTaskAndReplyWithResult( |
| 290 content::BrowserThread::GetBlockingPool() | 290 content::BrowserThread::GetBlockingPool() |
| 291 ->GetTaskRunnerWithShutdownBehavior( | 291 ->GetTaskRunnerWithShutdownBehavior( |
| 292 base::SequencedWorkerPool::CONTINUE_ON_SHUTDOWN) | 292 base::SequencedWorkerPool::CONTINUE_ON_SHUTDOWN) |
| (...skipping 24 matching lines...) Expand all Loading... |
| 317 LOG(FATAL) << "HMAC::Sign failed"; | 317 LOG(FATAL) << "HMAC::Sign failed"; |
| 318 | 318 |
| 319 std::string raw_result(out_bytes, out_bytes + sizeof(out_bytes)); | 319 std::string raw_result(out_bytes, out_bytes + sizeof(out_bytes)); |
| 320 | 320 |
| 321 std::string result; | 321 std::string result; |
| 322 base::Base64Encode(raw_result, &result); | 322 base::Base64Encode(raw_result, &result); |
| 323 return result; | 323 return result; |
| 324 } | 324 } |
| 325 | 325 |
| 326 } // namespace chromeos | 326 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1165323004:
We should use UserID object to identify users instead of username.
Base URL: https://chromium.googlesource.com/chromium/src.git@master