| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CHROME_BROWSER_CHROMEOS_LOGIN_SUPERVISED_SUPERVISED_USER_AUTHENTICATOR_H
_ | 5 #ifndef CHROME_BROWSER_CHROMEOS_LOGIN_SUPERVISED_SUPERVISED_USER_AUTHENTICATOR_H
_ |
| 6 #define CHROME_BROWSER_CHROMEOS_LOGIN_SUPERVISED_SUPERVISED_USER_AUTHENTICATOR_H
_ | 6 #define CHROME_BROWSER_CHROMEOS_LOGIN_SUPERVISED_SUPERVISED_USER_AUTHENTICATOR_H
_ |
| 7 | 7 |
| 8 #include <string> | 8 #include <string> |
| 9 | 9 |
| 10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
| 11 #include "base/compiler_specific.h" | 11 #include "base/compiler_specific.h" |
| 12 #include "base/memory/ref_counted.h" | 12 #include "base/memory/ref_counted.h" |
| 13 #include "base/memory/scoped_ptr.h" | 13 #include "base/memory/scoped_ptr.h" |
| 14 #include "components/user_manager/user_id.h" |
| 14 #include "third_party/cros_system_api/dbus/service_constants.h" | 15 #include "third_party/cros_system_api/dbus/service_constants.h" |
| 15 | 16 |
| 16 namespace chromeos { | 17 namespace chromeos { |
| 17 | 18 |
| 18 // Authenticates supervised users against the cryptohome. | 19 // Authenticates supervised users against the cryptohome. |
| 19 // | 20 // |
| 20 // Typical flow: | 21 // Typical flow: |
| 21 // AuthenticateToMount() calls a Cryptohome to perform offline login, | 22 // AuthenticateToMount() calls a Cryptohome to perform offline login, |
| 22 // AuthenticateToCreate() calls a Cryptohome to create new cryptohome. | 23 // AuthenticateToCreate() calls a Cryptohome to create new cryptohome. |
| 23 class SupervisedUserAuthenticator | 24 class SupervisedUserAuthenticator |
| 24 : public base::RefCountedThreadSafe<SupervisedUserAuthenticator> { | 25 : public base::RefCountedThreadSafe<SupervisedUserAuthenticator> { |
| 25 public: | 26 public: |
| 26 enum AuthState { | 27 enum AuthState { |
| 27 CONTINUE, // State indeterminate; try again when more info available. | 28 CONTINUE, // State indeterminate; try again when more info available. |
| 28 NO_MOUNT, // No cryptohome exist for user. | 29 NO_MOUNT, // No cryptohome exist for user. |
| 29 FAILED_MOUNT, // Failed to mount existing cryptohome - login failed. | 30 FAILED_MOUNT, // Failed to mount existing cryptohome - login failed. |
| 30 FAILED_TPM, // Failed to mount/create cryptohome because of TPM error. | 31 FAILED_TPM, // Failed to mount/create cryptohome because of TPM error. |
| 31 SUCCESS, // Login succeeded . | 32 SUCCESS, // Login succeeded . |
| 32 }; | 33 }; |
| 33 | 34 |
| 34 class AuthAttempt { | 35 class AuthAttempt { |
| 35 public: | 36 public: |
| 36 AuthAttempt(const std::string& username, | 37 AuthAttempt(const user_manager::UserID& user_id, |
| 37 const std::string& password, | 38 const std::string& password, |
| 38 bool add_key_attempt); | 39 bool add_key_attempt); |
| 39 ~AuthAttempt(); | 40 ~AuthAttempt(); |
| 40 | 41 |
| 41 // Copy |cryptohome_code| and |cryptohome_outcome| into this object, | 42 // Copy |cryptohome_code| and |cryptohome_outcome| into this object, |
| 42 // so we can have a copy we're sure to own, and can make available | 43 // so we can have a copy we're sure to own, and can make available |
| 43 // on the IO thread. Must be called from the IO thread. | 44 // on the IO thread. Must be called from the IO thread. |
| 44 void RecordCryptohomeStatus(bool cryptohome_outcome, | 45 void RecordCryptohomeStatus(bool cryptohome_outcome, |
| 45 cryptohome::MountError cryptohome_code); | 46 cryptohome::MountError cryptohome_code); |
| 46 | 47 |
| 47 // Copy |hash| into this object so we can have a copy we're sure to own | 48 // Copy |hash| into this object so we can have a copy we're sure to own |
| 48 // and can make available on the IO thread. | 49 // and can make available on the IO thread. |
| 49 // Must be called from the IO thread. | 50 // Must be called from the IO thread. |
| 50 void RecordHash(const std::string& hash); | 51 void RecordHash(const std::string& hash); |
| 51 | 52 |
| 52 bool cryptohome_complete(); | 53 bool cryptohome_complete(); |
| 53 bool cryptohome_outcome(); | 54 bool cryptohome_outcome(); |
| 54 bool hash_obtained(); | 55 bool hash_obtained(); |
| 55 std::string hash(); | 56 std::string hash(); |
| 56 cryptohome::MountError cryptohome_code(); | 57 cryptohome::MountError cryptohome_code(); |
| 57 | 58 |
| 58 const std::string username; | 59 const user_manager::UserID user_id; |
| 59 const std::string password; | 60 const std::string password; |
| 60 const bool add_key; | 61 const bool add_key; |
| 61 | 62 |
| 62 private: | 63 private: |
| 63 bool cryptohome_complete_; | 64 bool cryptohome_complete_; |
| 64 bool cryptohome_outcome_; | 65 bool cryptohome_outcome_; |
| 65 bool hash_obtained_; | 66 bool hash_obtained_; |
| 66 std::string hash_; | 67 std::string hash_; |
| 67 | 68 |
| 68 cryptohome::MountError cryptohome_code_; | 69 cryptohome::MountError cryptohome_code_; |
| 69 DISALLOW_COPY_AND_ASSIGN(AuthAttempt); | 70 DISALLOW_COPY_AND_ASSIGN(AuthAttempt); |
| 70 }; | 71 }; |
| 71 | 72 |
| 72 class AuthStatusConsumer { | 73 class AuthStatusConsumer { |
| 73 public: | 74 public: |
| 74 virtual ~AuthStatusConsumer() {} | 75 virtual ~AuthStatusConsumer() {} |
| 75 // The current login attempt has ended in failure, with error. | 76 // The current login attempt has ended in failure, with error. |
| 76 virtual void OnAuthenticationFailure(AuthState state) = 0; | 77 virtual void OnAuthenticationFailure(AuthState state) = 0; |
| 77 // The current login attempt has ended succesfully. | 78 // The current login attempt has ended succesfully. |
| 78 virtual void OnMountSuccess(const std::string& mount_hash) = 0; | 79 virtual void OnMountSuccess(const std::string& mount_hash) = 0; |
| 79 // The current add key attempt has ended succesfully. | 80 // The current add key attempt has ended succesfully. |
| 80 virtual void OnAddKeySuccess() = 0; | 81 virtual void OnAddKeySuccess() = 0; |
| 81 }; | 82 }; |
| 82 | 83 |
| 83 explicit SupervisedUserAuthenticator(AuthStatusConsumer* consumer); | 84 explicit SupervisedUserAuthenticator(AuthStatusConsumer* consumer); |
| 84 | 85 |
| 85 void AuthenticateToMount(const std::string& username, | 86 void AuthenticateToMount(const user_manager::UserID& user_id, |
| 86 const std::string& password); | 87 const std::string& password); |
| 87 | 88 |
| 88 void AuthenticateToCreate(const std::string& username, | 89 void AuthenticateToCreate(const user_manager::UserID& user_id, |
| 89 const std::string& password); | 90 const std::string& password); |
| 90 | 91 |
| 91 void AddMasterKey(const std::string& username, | 92 void AddMasterKey(const user_manager::UserID& user_id, |
| 92 const std::string& password, | 93 const std::string& password, |
| 93 const std::string& master_key); | 94 const std::string& master_key); |
| 94 void Resolve(); | 95 void Resolve(); |
| 95 | 96 |
| 96 private: | 97 private: |
| 97 friend class base::RefCountedThreadSafe<SupervisedUserAuthenticator>; | 98 friend class base::RefCountedThreadSafe<SupervisedUserAuthenticator>; |
| 98 | 99 |
| 99 ~SupervisedUserAuthenticator(); | 100 ~SupervisedUserAuthenticator(); |
| 100 | 101 |
| 101 AuthState ResolveState(); | 102 AuthState ResolveState(); |
| 102 AuthState ResolveCryptohomeFailureState(); | 103 AuthState ResolveCryptohomeFailureState(); |
| 103 AuthState ResolveCryptohomeSuccessState(); | 104 AuthState ResolveCryptohomeSuccessState(); |
| 104 void OnAuthenticationSuccess(const std::string& mount_hash, bool add_key); | 105 void OnAuthenticationSuccess(const std::string& mount_hash, bool add_key); |
| 105 void OnAuthenticationFailure(AuthState state); | 106 void OnAuthenticationFailure(AuthState state); |
| 106 | 107 |
| 107 scoped_ptr<AuthAttempt> current_state_; | 108 scoped_ptr<AuthAttempt> current_state_; |
| 108 AuthStatusConsumer* consumer_; | 109 AuthStatusConsumer* consumer_; |
| 109 | 110 |
| 110 DISALLOW_COPY_AND_ASSIGN(SupervisedUserAuthenticator); | 111 DISALLOW_COPY_AND_ASSIGN(SupervisedUserAuthenticator); |
| 111 }; | 112 }; |
| 112 | 113 |
| 113 } // namespace chromeos | 114 } // namespace chromeos |
| 114 | 115 |
| 115 #endif // CHROME_BROWSER_CHROMEOS_LOGIN_SUPERVISED_SUPERVISED_USER_AUTHENTICATO
R_H_ | 116 #endif // CHROME_BROWSER_CHROMEOS_LOGIN_SUPERVISED_SUPERVISED_USER_AUTHENTICATO
R_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1165323004:
We should use UserID object to identify users instead of username.
Base URL: https://chromium.googlesource.com/chromium/src.git@master