| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chromeos/login/auth/cryptohome_authenticator.h" | 5 #include "chromeos/login/auth/cryptohome_authenticator.h" |
| 6 | 6 |
| 7 #include <vector> | 7 #include <vector> |
| 8 | 8 |
| 9 #include "base/basictypes.h" | 9 #include "base/basictypes.h" |
| 10 #include "base/bind.h" | 10 #include "base/bind.h" |
| 11 #include "base/files/file_path.h" | 11 #include "base/files/file_path.h" |
| 12 #include "base/location.h" | 12 #include "base/location.h" |
| 13 #include "base/logging.h" | 13 #include "base/logging.h" |
| 14 #include "base/memory/weak_ptr.h" | 14 #include "base/memory/weak_ptr.h" |
| 15 #include "chromeos/cryptohome/async_method_caller.h" | 15 #include "chromeos/cryptohome/async_method_caller.h" |
| 16 #include "chromeos/cryptohome/cryptohome_parameters.h" | 16 #include "chromeos/cryptohome/cryptohome_parameters.h" |
| 17 #include "chromeos/cryptohome/homedir_methods.h" | 17 #include "chromeos/cryptohome/homedir_methods.h" |
| 18 #include "chromeos/cryptohome/system_salt_getter.h" | 18 #include "chromeos/cryptohome/system_salt_getter.h" |
| 19 #include "chromeos/dbus/cryptohome_client.h" | 19 #include "chromeos/dbus/cryptohome_client.h" |
| 20 #include "chromeos/dbus/dbus_thread_manager.h" | 20 #include "chromeos/dbus/dbus_thread_manager.h" |
| 21 #include "chromeos/login/auth/auth_status_consumer.h" | 21 #include "chromeos/login/auth/auth_status_consumer.h" |
| 22 #include "chromeos/login/auth/key.h" | 22 #include "chromeos/login/auth/key.h" |
| 23 #include "chromeos/login/auth/user_context.h" | 23 #include "chromeos/login/auth/user_context.h" |
| 24 #include "chromeos/login/login_state.h" | 24 #include "chromeos/login/login_state.h" |
| 25 #include "chromeos/login/user_names.h" | 25 #include "chromeos/login/user_names.h" |
| 26 #include "chromeos/login_event_recorder.h" | 26 #include "chromeos/login_event_recorder.h" |
| 27 #include "components/device_event_log/device_event_log.h" | 27 #include "components/device_event_log/device_event_log.h" |
| 28 #include "components/signin/core/account_id/account_id.h" |
| 28 #include "components/user_manager/user_type.h" | 29 #include "components/user_manager/user_type.h" |
| 29 #include "third_party/cros_system_api/dbus/service_constants.h" | 30 #include "third_party/cros_system_api/dbus/service_constants.h" |
| 30 | 31 |
| 31 namespace chromeos { | 32 namespace chromeos { |
| 32 | 33 |
| 33 namespace { | 34 namespace { |
| 34 | 35 |
| 35 // The label used for the key derived from the user's GAIA credentials. | 36 // The label used for the key derived from the user's GAIA credentials. |
| 36 const char kCryptohomeGAIAKeyLabel[] = "gaia"; | 37 const char kCryptohomeGAIAKeyLabel[] = "gaia"; |
| 37 | 38 |
| (...skipping 102 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 140 cryptohome::PRIV_DEFAULT); | 141 cryptohome::PRIV_DEFAULT); |
| 141 cryptohome::MountParameters mount(ephemeral); | 142 cryptohome::MountParameters mount(ephemeral); |
| 142 if (create_if_nonexistent) { | 143 if (create_if_nonexistent) { |
| 143 mount.create_keys.push_back(cryptohome::KeyDefinition( | 144 mount.create_keys.push_back(cryptohome::KeyDefinition( |
| 144 key->GetSecret(), | 145 key->GetSecret(), |
| 145 kCryptohomeGAIAKeyLabel, | 146 kCryptohomeGAIAKeyLabel, |
| 146 cryptohome::PRIV_DEFAULT)); | 147 cryptohome::PRIV_DEFAULT)); |
| 147 } | 148 } |
| 148 | 149 |
| 149 cryptohome::HomedirMethods::GetInstance()->MountEx( | 150 cryptohome::HomedirMethods::GetInstance()->MountEx( |
| 150 cryptohome::Identification(attempt->user_context.GetUserID()), | 151 cryptohome::Identification( |
| 151 cryptohome::Authorization(auth_key), | 152 attempt->user_context.GetUserID().GetUserEmail()), |
| 152 mount, | 153 cryptohome::Authorization(auth_key), mount, |
| 153 base::Bind(&OnMount, attempt, resolver)); | 154 base::Bind(&OnMount, attempt, resolver)); |
| 154 } | 155 } |
| 155 | 156 |
| 156 // Callback invoked when the system salt has been retrieved. Transforms the key | 157 // Callback invoked when the system salt has been retrieved. Transforms the key |
| 157 // in |attempt->user_context| using Chrome's default hashing algorithm and the | 158 // in |attempt->user_context| using Chrome's default hashing algorithm and the |
| 158 // system salt, then calls MountEx(). | 159 // system salt, then calls MountEx(). |
| 159 void OnGetSystemSalt(const base::WeakPtr<AuthAttemptState>& attempt, | 160 void OnGetSystemSalt(const base::WeakPtr<AuthAttemptState>& attempt, |
| 160 scoped_refptr<CryptohomeAuthenticator> resolver, | 161 scoped_refptr<CryptohomeAuthenticator> resolver, |
| 161 bool ephemeral, | 162 bool ephemeral, |
| 162 bool create_if_nonexistent, | 163 bool create_if_nonexistent, |
| (...skipping 95 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 258 chromeos::LoginEventRecorder::Get()->AddLoginTimeMarker( | 259 chromeos::LoginEventRecorder::Get()->AddLoginTimeMarker( |
| 259 "CryptohomeMount-Start", false); | 260 "CryptohomeMount-Start", false); |
| 260 | 261 |
| 261 if (attempt->user_context.GetKey()->GetKeyType() != | 262 if (attempt->user_context.GetKey()->GetKeyType() != |
| 262 Key::KEY_TYPE_PASSWORD_PLAIN) { | 263 Key::KEY_TYPE_PASSWORD_PLAIN) { |
| 263 DoMount(attempt, resolver, ephemeral, create_if_nonexistent); | 264 DoMount(attempt, resolver, ephemeral, create_if_nonexistent); |
| 264 return; | 265 return; |
| 265 } | 266 } |
| 266 | 267 |
| 267 cryptohome::HomedirMethods::GetInstance()->GetKeyDataEx( | 268 cryptohome::HomedirMethods::GetInstance()->GetKeyDataEx( |
| 268 cryptohome::Identification(attempt->user_context.GetUserID()), | 269 cryptohome::Identification( |
| 269 kCryptohomeGAIAKeyLabel, | 270 attempt->user_context.GetUserID().GetUserEmail()), |
| 270 base::Bind(&OnGetKeyDataEx, | 271 kCryptohomeGAIAKeyLabel, base::Bind(&OnGetKeyDataEx, attempt, resolver, |
| 271 attempt, | 272 ephemeral, create_if_nonexistent)); |
| 272 resolver, | |
| 273 ephemeral, | |
| 274 create_if_nonexistent)); | |
| 275 } | 273 } |
| 276 | 274 |
| 277 // Calls cryptohome's mount method for guest and also get the user hash from | 275 // Calls cryptohome's mount method for guest and also get the user hash from |
| 278 // cryptohome. | 276 // cryptohome. |
| 279 void MountGuestAndGetHash(const base::WeakPtr<AuthAttemptState>& attempt, | 277 void MountGuestAndGetHash(const base::WeakPtr<AuthAttemptState>& attempt, |
| 280 scoped_refptr<CryptohomeAuthenticator> resolver) { | 278 scoped_refptr<CryptohomeAuthenticator> resolver) { |
| 281 attempt->UsernameHashRequested(); | 279 attempt->UsernameHashRequested(); |
| 282 cryptohome::AsyncMethodCaller::GetInstance()->AsyncMountGuest( | 280 cryptohome::AsyncMethodCaller::GetInstance()->AsyncMountGuest( |
| 283 base::Bind(&TriggerResolveWithLoginTimeMarker, | 281 base::Bind(&TriggerResolveWithLoginTimeMarker, |
| 284 "CryptohomeMount-End", | 282 "CryptohomeMount-End", |
| 285 attempt, | 283 attempt, |
| 286 resolver)); | 284 resolver)); |
| 287 cryptohome::AsyncMethodCaller::GetInstance()->AsyncGetSanitizedUsername( | 285 cryptohome::AsyncMethodCaller::GetInstance()->AsyncGetSanitizedUsername( |
| 288 attempt->user_context.GetUserID(), | 286 attempt->user_context.GetUserID().GetUserEmail(), |
| 289 base::Bind(&TriggerResolveHash, attempt, resolver)); | 287 base::Bind(&TriggerResolveHash, attempt, resolver)); |
| 290 } | 288 } |
| 291 | 289 |
| 292 // Calls cryptohome's MountPublic method | 290 // Calls cryptohome's MountPublic method |
| 293 void MountPublic(const base::WeakPtr<AuthAttemptState>& attempt, | 291 void MountPublic(const base::WeakPtr<AuthAttemptState>& attempt, |
| 294 scoped_refptr<CryptohomeAuthenticator> resolver, | 292 scoped_refptr<CryptohomeAuthenticator> resolver, |
| 295 int flags) { | 293 int flags) { |
| 296 cryptohome::AsyncMethodCaller::GetInstance()->AsyncMountPublic( | 294 cryptohome::AsyncMethodCaller::GetInstance()->AsyncMountPublic( |
| 297 attempt->user_context.GetUserID(), | 295 attempt->user_context.GetUserID().GetUserEmail(), flags, |
| 298 flags, | |
| 299 base::Bind(&TriggerResolveWithLoginTimeMarker, | 296 base::Bind(&TriggerResolveWithLoginTimeMarker, |
| 300 "CryptohomeMountPublic-End", | 297 "CryptohomeMountPublic-End", attempt, resolver)); |
| 301 attempt, | |
| 302 resolver)); | |
| 303 cryptohome::AsyncMethodCaller::GetInstance()->AsyncGetSanitizedUsername( | 298 cryptohome::AsyncMethodCaller::GetInstance()->AsyncGetSanitizedUsername( |
| 304 attempt->user_context.GetUserID(), | 299 attempt->user_context.GetUserID().GetUserEmail(), |
| 305 base::Bind(&TriggerResolveHash, attempt, resolver)); | 300 base::Bind(&TriggerResolveHash, attempt, resolver)); |
| 306 } | 301 } |
| 307 | 302 |
| 308 // Calls cryptohome's key migration method. | 303 // Calls cryptohome's key migration method. |
| 309 void Migrate(const base::WeakPtr<AuthAttemptState>& attempt, | 304 void Migrate(const base::WeakPtr<AuthAttemptState>& attempt, |
| 310 scoped_refptr<CryptohomeAuthenticator> resolver, | 305 scoped_refptr<CryptohomeAuthenticator> resolver, |
| 311 bool passing_old_hash, | 306 bool passing_old_hash, |
| 312 const std::string& old_password, | 307 const std::string& old_password, |
| 313 const std::string& system_salt) { | 308 const std::string& system_salt) { |
| 314 chromeos::LoginEventRecorder::Get()->AddLoginTimeMarker( | 309 chromeos::LoginEventRecorder::Get()->AddLoginTimeMarker( |
| 315 "CryptohomeMigrate-Start", false); | 310 "CryptohomeMigrate-Start", false); |
| 316 cryptohome::AsyncMethodCaller* caller = | 311 cryptohome::AsyncMethodCaller* caller = |
| 317 cryptohome::AsyncMethodCaller::GetInstance(); | 312 cryptohome::AsyncMethodCaller::GetInstance(); |
| 318 | 313 |
| 319 // TODO(bartfab): Retrieve the hashing algorithm and salt to use for |old_key| | 314 // TODO(bartfab): Retrieve the hashing algorithm and salt to use for |old_key| |
| 320 // from cryptohomed. | 315 // from cryptohomed. |
| 321 scoped_ptr<Key> old_key = | 316 scoped_ptr<Key> old_key = |
| 322 TransformKeyIfNeeded(Key(old_password), system_salt); | 317 TransformKeyIfNeeded(Key(old_password), system_salt); |
| 323 scoped_ptr<Key> new_key = | 318 scoped_ptr<Key> new_key = |
| 324 TransformKeyIfNeeded(*attempt->user_context.GetKey(), system_salt); | 319 TransformKeyIfNeeded(*attempt->user_context.GetKey(), system_salt); |
| 325 if (passing_old_hash) { | 320 if (passing_old_hash) { |
| 326 caller->AsyncMigrateKey(attempt->user_context.GetUserID(), | 321 caller->AsyncMigrateKey( |
| 327 old_key->GetSecret(), | 322 attempt->user_context.GetUserID().GetUserEmail(), old_key->GetSecret(), |
| 328 new_key->GetSecret(), | 323 new_key->GetSecret(), |
| 329 base::Bind(&TriggerResolveWithLoginTimeMarker, | 324 base::Bind(&TriggerResolveWithLoginTimeMarker, "CryptohomeMount-End", |
| 330 "CryptohomeMount-End", | 325 attempt, resolver)); |
| 331 attempt, | |
| 332 resolver)); | |
| 333 } else { | 326 } else { |
| 334 caller->AsyncMigrateKey(attempt->user_context.GetUserID(), | 327 caller->AsyncMigrateKey( |
| 335 new_key->GetSecret(), | 328 attempt->user_context.GetUserID().GetUserEmail(), new_key->GetSecret(), |
| 336 old_key->GetSecret(), | 329 old_key->GetSecret(), |
| 337 base::Bind(&TriggerResolveWithLoginTimeMarker, | 330 base::Bind(&TriggerResolveWithLoginTimeMarker, "CryptohomeMount-End", |
| 338 "CryptohomeMount-End", | 331 attempt, resolver)); |
| 339 attempt, | |
| 340 resolver)); | |
| 341 } | 332 } |
| 342 } | 333 } |
| 343 | 334 |
| 344 // Calls cryptohome's remove method. | 335 // Calls cryptohome's remove method. |
| 345 void Remove(const base::WeakPtr<AuthAttemptState>& attempt, | 336 void Remove(const base::WeakPtr<AuthAttemptState>& attempt, |
| 346 scoped_refptr<CryptohomeAuthenticator> resolver) { | 337 scoped_refptr<CryptohomeAuthenticator> resolver) { |
| 347 chromeos::LoginEventRecorder::Get()->AddLoginTimeMarker( | 338 chromeos::LoginEventRecorder::Get()->AddLoginTimeMarker( |
| 348 "CryptohomeRemove-Start", false); | 339 "CryptohomeRemove-Start", false); |
| 349 cryptohome::AsyncMethodCaller::GetInstance()->AsyncRemove( | 340 cryptohome::AsyncMethodCaller::GetInstance()->AsyncRemove( |
| 350 attempt->user_context.GetUserID(), | 341 attempt->user_context.GetUserID().GetUserEmail(), |
| 351 base::Bind(&TriggerResolveWithLoginTimeMarker, | 342 base::Bind(&TriggerResolveWithLoginTimeMarker, "CryptohomeRemove-End", |
| 352 "CryptohomeRemove-End", | 343 attempt, resolver)); |
| 353 attempt, | |
| 354 resolver)); | |
| 355 } | 344 } |
| 356 | 345 |
| 357 // Calls cryptohome's key check method. | 346 // Calls cryptohome's key check method. |
| 358 void CheckKey(const base::WeakPtr<AuthAttemptState>& attempt, | 347 void CheckKey(const base::WeakPtr<AuthAttemptState>& attempt, |
| 359 scoped_refptr<CryptohomeAuthenticator> resolver, | 348 scoped_refptr<CryptohomeAuthenticator> resolver, |
| 360 const std::string& system_salt) { | 349 const std::string& system_salt) { |
| 361 scoped_ptr<Key> key = | 350 scoped_ptr<Key> key = |
| 362 TransformKeyIfNeeded(*attempt->user_context.GetKey(), system_salt); | 351 TransformKeyIfNeeded(*attempt->user_context.GetKey(), system_salt); |
| 363 cryptohome::AsyncMethodCaller::GetInstance()->AsyncCheckKey( | 352 cryptohome::AsyncMethodCaller::GetInstance()->AsyncCheckKey( |
| 364 attempt->user_context.GetUserID(), | 353 attempt->user_context.GetUserID().GetUserEmail(), key->GetSecret(), |
| 365 key->GetSecret(), | |
| 366 base::Bind(&TriggerResolve, attempt, resolver)); | 354 base::Bind(&TriggerResolve, attempt, resolver)); |
| 367 } | 355 } |
| 368 | 356 |
| 369 } // namespace | 357 } // namespace |
| 370 | 358 |
| 371 CryptohomeAuthenticator::CryptohomeAuthenticator( | 359 CryptohomeAuthenticator::CryptohomeAuthenticator( |
| 372 scoped_refptr<base::TaskRunner> task_runner, | 360 scoped_refptr<base::TaskRunner> task_runner, |
| 373 AuthStatusConsumer* consumer) | 361 AuthStatusConsumer* consumer) |
| 374 : Authenticator(consumer), | 362 : Authenticator(consumer), |
| 375 task_runner_(task_runner), | 363 task_runner_(task_runner), |
| (...skipping 508 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 884 Resolve(); | 872 Resolve(); |
| 885 } | 873 } |
| 886 | 874 |
| 887 void CryptohomeAuthenticator::SetOwnerState(bool owner_check_finished, | 875 void CryptohomeAuthenticator::SetOwnerState(bool owner_check_finished, |
| 888 bool check_result) { | 876 bool check_result) { |
| 889 owner_is_verified_ = owner_check_finished; | 877 owner_is_verified_ = owner_check_finished; |
| 890 user_can_login_ = check_result; | 878 user_can_login_ = check_result; |
| 891 } | 879 } |
| 892 | 880 |
| 893 } // namespace chromeos | 881 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1412813003:
This CL replaces user_manager::UserID with AccountId. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@468875--Chrome-OS-handles-deletion-of-Gmail-account-poorly--Create-AccountID-structure-part2--user_names