| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/supervised_user/chromeos/manager_password_service.h" | 5 #include "chrome/browser/supervised_user/chromeos/manager_password_service.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/logging.h" | 8 #include "base/logging.h" |
| 9 #include "base/metrics/histogram.h" | 9 #include "base/metrics/histogram.h" |
| 10 #include "base/values.h" | 10 #include "base/values.h" |
| 11 #include "chrome/browser/chromeos/login/supervised/supervised_user_authenticatio
n.h" | 11 #include "chrome/browser/chromeos/login/supervised/supervised_user_authenticatio
n.h" |
| 12 #include "chrome/browser/chromeos/login/supervised/supervised_user_constants.h" | 12 #include "chrome/browser/chromeos/login/supervised/supervised_user_constants.h" |
| 13 #include "chrome/browser/chromeos/login/users/chrome_user_manager.h" | 13 #include "chrome/browser/chromeos/login/users/chrome_user_manager.h" |
| 14 #include "chrome/browser/chromeos/login/users/supervised_user_manager.h" | 14 #include "chrome/browser/chromeos/login/users/supervised_user_manager.h" |
| 15 #include "chrome/browser/supervised_user/legacy/supervised_user_sync_service.h" | 15 #include "chrome/browser/supervised_user/legacy/supervised_user_sync_service.h" |
| 16 #include "chrome/browser/supervised_user/supervised_user_constants.h" | 16 #include "chrome/browser/supervised_user/supervised_user_constants.h" |
| 17 #include "chromeos/login/auth/key.h" | 17 #include "chromeos/login/auth/key.h" |
| 18 #include "chromeos/login/auth/user_context.h" | 18 #include "chromeos/login/auth/user_context.h" |
| 19 #include "components/user_manager/user.h" | 19 #include "components/user_manager/user.h" |
| 20 #include "components/user_manager/user_manager.h" | 20 #include "components/user_manager/user_manager.h" |
| 21 #include "components/user_manager/user_type.h" | 21 #include "components/user_manager/user_type.h" |
| 22 | 22 |
| 23 namespace chromeos { | 23 namespace chromeos { |
| 24 | 24 |
| 25 ManagerPasswordService::ManagerPasswordService() : weak_ptr_factory_(this) {} | 25 ManagerPasswordService::ManagerPasswordService() : user_id_(std::string(), std::
string()), weak_ptr_factory_(this) {} |
| 26 | 26 |
| 27 ManagerPasswordService::~ManagerPasswordService() {} | 27 ManagerPasswordService::~ManagerPasswordService() {} |
| 28 | 28 |
| 29 void ManagerPasswordService::Init( | 29 void ManagerPasswordService::Init( |
| 30 const std::string& user_id, | 30 const user_manager::UserID& user_id, |
| 31 SupervisedUserSyncService* user_service, | 31 SupervisedUserSyncService* user_service, |
| 32 SupervisedUserSharedSettingsService* shared_settings_service) { | 32 SupervisedUserSharedSettingsService* shared_settings_service) { |
| 33 user_id_ = user_id; | 33 user_id_ = user_id; |
| 34 user_service_ = user_service; | 34 user_service_ = user_service; |
| 35 settings_service_ = shared_settings_service; | 35 settings_service_ = shared_settings_service; |
| 36 settings_service_subscription_ = settings_service_->Subscribe( | 36 settings_service_subscription_ = settings_service_->Subscribe( |
| 37 base::Bind(&ManagerPasswordService::OnSharedSettingsChange, | 37 base::Bind(&ManagerPasswordService::OnSharedSettingsChange, |
| 38 weak_ptr_factory_.GetWeakPtr())); | 38 weak_ptr_factory_.GetWeakPtr())); |
| 39 | 39 |
| 40 authenticator_ = ExtendedAuthenticator::Create(this); | 40 authenticator_ = ExtendedAuthenticator::Create(this); |
| 41 | 41 |
| 42 SupervisedUserManager* supervised_user_manager = | 42 SupervisedUserManager* supervised_user_manager = |
| 43 ChromeUserManager::Get()->GetSupervisedUserManager(); | 43 ChromeUserManager::Get()->GetSupervisedUserManager(); |
| 44 | 44 |
| 45 for (const user_manager::User* user : | 45 for (const user_manager::User* user : |
| 46 user_manager::UserManager::Get()->GetUsers()) { | 46 user_manager::UserManager::Get()->GetUsers()) { |
| 47 if (user->GetType() != user_manager::USER_TYPE_SUPERVISED) | 47 if (user->GetType() != user_manager::USER_TYPE_SUPERVISED) |
| 48 continue; | 48 continue; |
| 49 if (user_id != supervised_user_manager->GetManagerUserId(user->email())) | 49 if (user_id != supervised_user_manager->GetManagerUserId(user->GetUserID())) |
| 50 continue; | 50 continue; |
| 51 OnSharedSettingsChange( | 51 OnSharedSettingsChange( |
| 52 supervised_user_manager->GetUserSyncId(user->email()), | 52 supervised_user_manager->GetUserSyncId(user->GetUserID()), |
| 53 supervised_users::kChromeOSPasswordData); | 53 supervised_users::kChromeOSPasswordData); |
| 54 } | 54 } |
| 55 } | 55 } |
| 56 | 56 |
| 57 void ManagerPasswordService::OnSharedSettingsChange( | 57 void ManagerPasswordService::OnSharedSettingsChange( |
| 58 const std::string& su_id, | 58 const std::string& su_id, |
| 59 const std::string& key) { | 59 const std::string& key) { |
| 60 if (key != supervised_users::kChromeOSPasswordData) | 60 if (key != supervised_users::kChromeOSPasswordData) |
| 61 return; | 61 return; |
| 62 | 62 |
| (...skipping 12 matching lines...) Expand all Loading... |
| 75 } | 75 } |
| 76 const base::DictionaryValue* dict; | 76 const base::DictionaryValue* dict; |
| 77 if (!value->GetAsDictionary(&dict)) { | 77 if (!value->GetAsDictionary(&dict)) { |
| 78 LOG(WARNING) << "Got non-dictionary value from sync."; | 78 LOG(WARNING) << "Got non-dictionary value from sync."; |
| 79 return; | 79 return; |
| 80 } | 80 } |
| 81 | 81 |
| 82 SupervisedUserAuthentication* auth = | 82 SupervisedUserAuthentication* auth = |
| 83 supervised_user_manager->GetAuthentication(); | 83 supervised_user_manager->GetAuthentication(); |
| 84 | 84 |
| 85 if (!auth->NeedPasswordChange(user->email(), dict) && | 85 if (!auth->NeedPasswordChange(user->GetUserID(), dict) && |
| 86 !auth->HasIncompleteKey(user->email())) { | 86 !auth->HasIncompleteKey(user->GetUserID())) { |
| 87 return; | 87 return; |
| 88 } | 88 } |
| 89 scoped_ptr<base::DictionaryValue> wrapper(dict->DeepCopy()); | 89 scoped_ptr<base::DictionaryValue> wrapper(dict->DeepCopy()); |
| 90 user_service_->GetSupervisedUsersAsync( | 90 user_service_->GetSupervisedUsersAsync( |
| 91 base::Bind(&ManagerPasswordService::GetSupervisedUsersCallback, | 91 base::Bind(&ManagerPasswordService::GetSupervisedUsersCallback, |
| 92 weak_ptr_factory_.GetWeakPtr(), | 92 weak_ptr_factory_.GetWeakPtr(), |
| 93 su_id, | 93 su_id, |
| 94 user->email(), | 94 user->GetUserID(), |
| 95 Passed(&wrapper))); | 95 Passed(&wrapper))); |
| 96 } | 96 } |
| 97 | 97 |
| 98 void ManagerPasswordService::GetSupervisedUsersCallback( | 98 void ManagerPasswordService::GetSupervisedUsersCallback( |
| 99 const std::string& sync_su_id, | 99 const std::string& sync_su_id, |
| 100 const std::string& user_id, | 100 const user_manager::UserID& user_id, |
| 101 scoped_ptr<base::DictionaryValue> password_data, | 101 scoped_ptr<base::DictionaryValue> password_data, |
| 102 const base::DictionaryValue* supervised_users) { | 102 const base::DictionaryValue* supervised_users) { |
| 103 const base::DictionaryValue* supervised_user = NULL; | 103 const base::DictionaryValue* supervised_user = NULL; |
| 104 if (!supervised_users->GetDictionary(sync_su_id, &supervised_user)) | 104 if (!supervised_users->GetDictionary(sync_su_id, &supervised_user)) |
| 105 return; | 105 return; |
| 106 std::string master_key; | 106 std::string master_key; |
| 107 std::string encryption_key; | 107 std::string encryption_key; |
| 108 std::string signature_key; | 108 std::string signature_key; |
| 109 if (!supervised_user->GetString(SupervisedUserSyncService::kMasterKey, | 109 if (!supervised_user->GetString(SupervisedUserSyncService::kMasterKey, |
| 110 &master_key)) { | 110 &master_key)) { |
| 111 LOG(WARNING) << "Can not apply password change to " << user_id | 111 LOG(WARNING) << "Can not apply password change to " << user_id.GetUserEmail(
) |
| 112 << ": no master key found"; | 112 << ": no master key found"; |
| 113 UMA_HISTOGRAM_ENUMERATION( | 113 UMA_HISTOGRAM_ENUMERATION( |
| 114 "ManagedUsers.ChromeOS.PasswordChange", | 114 "ManagedUsers.ChromeOS.PasswordChange", |
| 115 SupervisedUserAuthentication::PASSWORD_CHANGE_FAILED_NO_MASTER_KEY, | 115 SupervisedUserAuthentication::PASSWORD_CHANGE_FAILED_NO_MASTER_KEY, |
| 116 SupervisedUserAuthentication::PASSWORD_CHANGE_RESULT_MAX_VALUE); | 116 SupervisedUserAuthentication::PASSWORD_CHANGE_RESULT_MAX_VALUE); |
| 117 return; | 117 return; |
| 118 } | 118 } |
| 119 | 119 |
| 120 if (!supervised_user->GetString( | 120 if (!supervised_user->GetString( |
| 121 SupervisedUserSyncService::kPasswordSignatureKey, &signature_key) || | 121 SupervisedUserSyncService::kPasswordSignatureKey, &signature_key) || |
| 122 !supervised_user->GetString( | 122 !supervised_user->GetString( |
| 123 SupervisedUserSyncService::kPasswordEncryptionKey, | 123 SupervisedUserSyncService::kPasswordEncryptionKey, |
| 124 &encryption_key)) { | 124 &encryption_key)) { |
| 125 LOG(WARNING) << "Can not apply password change to " << user_id | 125 LOG(WARNING) << "Can not apply password change to " << user_id.GetUserEmail(
) |
| 126 << ": no signature / encryption keys."; | 126 << ": no signature / encryption keys."; |
| 127 UMA_HISTOGRAM_ENUMERATION( | 127 UMA_HISTOGRAM_ENUMERATION( |
| 128 "ManagedUsers.ChromeOS.PasswordChange", | 128 "ManagedUsers.ChromeOS.PasswordChange", |
| 129 SupervisedUserAuthentication::PASSWORD_CHANGE_FAILED_NO_SIGNATURE_KEY, | 129 SupervisedUserAuthentication::PASSWORD_CHANGE_FAILED_NO_SIGNATURE_KEY, |
| 130 SupervisedUserAuthentication::PASSWORD_CHANGE_RESULT_MAX_VALUE); | 130 SupervisedUserAuthentication::PASSWORD_CHANGE_RESULT_MAX_VALUE); |
| 131 return; | 131 return; |
| 132 } | 132 } |
| 133 | 133 |
| 134 UserContext manager_key(user_id); | 134 UserContext manager_key(user_id); |
| 135 manager_key.SetKey(Key(master_key)); | 135 manager_key.SetKey(Key(master_key)); |
| 136 manager_key.SetIsUsingOAuth(false); | 136 manager_key.SetIsUsingOAuth(false); |
| 137 | 137 |
| 138 // As master key can have old label, leave label field empty - it will work | 138 // As master key can have old label, leave label field empty - it will work |
| 139 // as wildcard. | 139 // as wildcard. |
| 140 | 140 |
| 141 std::string new_key; | 141 std::string new_key; |
| 142 int revision; | 142 int revision; |
| 143 | 143 |
| 144 bool has_data = password_data->GetStringWithoutPathExpansion( | 144 bool has_data = password_data->GetStringWithoutPathExpansion( |
| 145 kEncryptedPassword, &new_key); | 145 kEncryptedPassword, &new_key); |
| 146 has_data &= password_data->GetIntegerWithoutPathExpansion(kPasswordRevision, | 146 has_data &= password_data->GetIntegerWithoutPathExpansion(kPasswordRevision, |
| 147 &revision); | 147 &revision); |
| 148 if (!has_data) { | 148 if (!has_data) { |
| 149 LOG(WARNING) << "Can not apply password change to " << user_id | 149 LOG(WARNING) << "Can not apply password change to " << user_id.GetUserEmail(
) |
| 150 << ": incomplete password data."; | 150 << ": incomplete password data."; |
| 151 UMA_HISTOGRAM_ENUMERATION( | 151 UMA_HISTOGRAM_ENUMERATION( |
| 152 "ManagedUsers.ChromeOS.PasswordChange", | 152 "ManagedUsers.ChromeOS.PasswordChange", |
| 153 SupervisedUserAuthentication::PASSWORD_CHANGE_FAILED_NO_PASSWORD_DATA, | 153 SupervisedUserAuthentication::PASSWORD_CHANGE_FAILED_NO_PASSWORD_DATA, |
| 154 SupervisedUserAuthentication::PASSWORD_CHANGE_RESULT_MAX_VALUE); | 154 SupervisedUserAuthentication::PASSWORD_CHANGE_RESULT_MAX_VALUE); |
| 155 return; | 155 return; |
| 156 } | 156 } |
| 157 | 157 |
| 158 cryptohome::KeyDefinition new_key_definition( | 158 cryptohome::KeyDefinition new_key_definition( |
| 159 new_key, | 159 new_key, |
| (...skipping 23 matching lines...) Expand all Loading... |
| 183 ExtendedAuthenticator::AuthState state) { | 183 ExtendedAuthenticator::AuthState state) { |
| 184 UMA_HISTOGRAM_ENUMERATION( | 184 UMA_HISTOGRAM_ENUMERATION( |
| 185 "ManagedUsers.ChromeOS.PasswordChange", | 185 "ManagedUsers.ChromeOS.PasswordChange", |
| 186 SupervisedUserAuthentication::PASSWORD_CHANGE_FAILED_MASTER_KEY_FAILURE, | 186 SupervisedUserAuthentication::PASSWORD_CHANGE_FAILED_MASTER_KEY_FAILURE, |
| 187 SupervisedUserAuthentication::PASSWORD_CHANGE_RESULT_MAX_VALUE); | 187 SupervisedUserAuthentication::PASSWORD_CHANGE_RESULT_MAX_VALUE); |
| 188 LOG(ERROR) << "Can not apply password change, master key failure"; | 188 LOG(ERROR) << "Can not apply password change, master key failure"; |
| 189 } | 189 } |
| 190 | 190 |
| 191 void ManagerPasswordService::OnAddKeySuccess( | 191 void ManagerPasswordService::OnAddKeySuccess( |
| 192 const UserContext& master_key_context, | 192 const UserContext& master_key_context, |
| 193 const std::string& user_id, | 193 const user_manager::UserID& user_id, |
| 194 scoped_ptr<base::DictionaryValue> password_data) { | 194 scoped_ptr<base::DictionaryValue> password_data) { |
| 195 VLOG(0) << "Password changed for " << user_id; | 195 VLOG(0) << "Password changed for " << user_id.GetUserEmail(); |
| 196 UMA_HISTOGRAM_ENUMERATION( | 196 UMA_HISTOGRAM_ENUMERATION( |
| 197 "ManagedUsers.ChromeOS.PasswordChange", | 197 "ManagedUsers.ChromeOS.PasswordChange", |
| 198 SupervisedUserAuthentication::PASSWORD_CHANGED_IN_MANAGER_SESSION, | 198 SupervisedUserAuthentication::PASSWORD_CHANGED_IN_MANAGER_SESSION, |
| 199 SupervisedUserAuthentication::PASSWORD_CHANGE_RESULT_MAX_VALUE); | 199 SupervisedUserAuthentication::PASSWORD_CHANGE_RESULT_MAX_VALUE); |
| 200 | 200 |
| 201 SupervisedUserAuthentication* auth = | 201 SupervisedUserAuthentication* auth = |
| 202 ChromeUserManager::Get()->GetSupervisedUserManager()->GetAuthentication(); | 202 ChromeUserManager::Get()->GetSupervisedUserManager()->GetAuthentication(); |
| 203 int old_schema = auth->GetPasswordSchema(user_id); | 203 int old_schema = auth->GetPasswordSchema(user_id); |
| 204 auth->StorePasswordData(user_id, *password_data.get()); | 204 auth->StorePasswordData(user_id, *password_data.get()); |
| 205 | 205 |
| (...skipping 27 matching lines...) Expand all Loading... |
| 233 master_key_context, | 233 master_key_context, |
| 234 new_master_key, | 234 new_master_key, |
| 235 true /* replace existing */, | 235 true /* replace existing */, |
| 236 base::Bind(&ManagerPasswordService::OnNewManagerKeySuccess, | 236 base::Bind(&ManagerPasswordService::OnNewManagerKeySuccess, |
| 237 weak_ptr_factory_.GetWeakPtr(), | 237 weak_ptr_factory_.GetWeakPtr(), |
| 238 new_master_key_context)); | 238 new_master_key_context)); |
| 239 } | 239 } |
| 240 | 240 |
| 241 void ManagerPasswordService::OnNewManagerKeySuccess( | 241 void ManagerPasswordService::OnNewManagerKeySuccess( |
| 242 const UserContext& master_key_context) { | 242 const UserContext& master_key_context) { |
| 243 VLOG(1) << "Added new master key for " << master_key_context.GetUserID(); | 243 VLOG(1) << "Added new master key for " << master_key_context.GetUserID().GetUs
erEmail(); |
| 244 authenticator_->RemoveKey( | 244 authenticator_->RemoveKey( |
| 245 master_key_context, | 245 master_key_context, |
| 246 kLegacyCryptohomeSupervisedUserKeyLabel, | 246 kLegacyCryptohomeSupervisedUserKeyLabel, |
| 247 base::Bind(&ManagerPasswordService::OnOldSupervisedUserKeyDeleted, | 247 base::Bind(&ManagerPasswordService::OnOldSupervisedUserKeyDeleted, |
| 248 weak_ptr_factory_.GetWeakPtr(), | 248 weak_ptr_factory_.GetWeakPtr(), |
| 249 master_key_context)); | 249 master_key_context)); |
| 250 } | 250 } |
| 251 | 251 |
| 252 void ManagerPasswordService::OnOldSupervisedUserKeyDeleted( | 252 void ManagerPasswordService::OnOldSupervisedUserKeyDeleted( |
| 253 const UserContext& master_key_context) { | 253 const UserContext& master_key_context) { |
| 254 VLOG(1) << "Removed old supervised user key for " | 254 VLOG(1) << "Removed old supervised user key for " |
| 255 << master_key_context.GetUserID(); | 255 << master_key_context.GetUserID().GetUserEmail(); |
| 256 authenticator_->RemoveKey( | 256 authenticator_->RemoveKey( |
| 257 master_key_context, | 257 master_key_context, |
| 258 kLegacyCryptohomeMasterKeyLabel, | 258 kLegacyCryptohomeMasterKeyLabel, |
| 259 base::Bind(&ManagerPasswordService::OnOldManagerKeyDeleted, | 259 base::Bind(&ManagerPasswordService::OnOldManagerKeyDeleted, |
| 260 weak_ptr_factory_.GetWeakPtr(), | 260 weak_ptr_factory_.GetWeakPtr(), |
| 261 master_key_context)); | 261 master_key_context)); |
| 262 } | 262 } |
| 263 | 263 |
| 264 void ManagerPasswordService::OnOldManagerKeyDeleted( | 264 void ManagerPasswordService::OnOldManagerKeyDeleted( |
| 265 const UserContext& master_key_context) { | 265 const UserContext& master_key_context) { |
| 266 VLOG(1) << "Removed old master key for " << master_key_context.GetUserID(); | 266 VLOG(1) << "Removed old master key for " << master_key_context.GetUserID().Get
UserEmail(); |
| 267 } | 267 } |
| 268 | 268 |
| 269 void ManagerPasswordService::Shutdown() { | 269 void ManagerPasswordService::Shutdown() { |
| 270 settings_service_subscription_.reset(); | 270 settings_service_subscription_.reset(); |
| 271 } | 271 } |
| 272 | 272 |
| 273 } // namespace chromeos | 273 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1165323004:
We should use UserID object to identify users instead of username.
Base URL: https://chromium.googlesource.com/chromium/src.git@master