| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chromeos/login/auth/cryptohome_authenticator.h" | 5 #include "chromeos/login/auth/cryptohome_authenticator.h" |
| 6 | 6 |
| 7 #include <stdint.h> | 7 #include <stdint.h> |
| 8 | 8 |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| (...skipping 131 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 142 cryptohome::PRIV_DEFAULT); | 142 cryptohome::PRIV_DEFAULT); |
| 143 cryptohome::MountParameters mount(ephemeral); | 143 cryptohome::MountParameters mount(ephemeral); |
| 144 if (create_if_nonexistent) { | 144 if (create_if_nonexistent) { |
| 145 mount.create_keys.push_back(cryptohome::KeyDefinition( | 145 mount.create_keys.push_back(cryptohome::KeyDefinition( |
| 146 key->GetSecret(), | 146 key->GetSecret(), |
| 147 kCryptohomeGAIAKeyLabel, | 147 kCryptohomeGAIAKeyLabel, |
| 148 cryptohome::PRIV_DEFAULT)); | 148 cryptohome::PRIV_DEFAULT)); |
| 149 } | 149 } |
| 150 | 150 |
| 151 cryptohome::HomedirMethods::GetInstance()->MountEx( | 151 cryptohome::HomedirMethods::GetInstance()->MountEx( |
| 152 cryptohome::Identification( | 152 cryptohome::Identification(attempt->user_context.GetAccountId()), |
| 153 attempt->user_context.GetAccountId().GetUserEmail()), | |
| 154 cryptohome::Authorization(auth_key), mount, | 153 cryptohome::Authorization(auth_key), mount, |
| 155 base::Bind(&OnMount, attempt, resolver)); | 154 base::Bind(&OnMount, attempt, resolver)); |
| 156 } | 155 } |
| 157 | 156 |
| 158 // Callback invoked when the system salt has been retrieved. Transforms the key | 157 // Callback invoked when the system salt has been retrieved. Transforms the key |
| 159 // in |attempt->user_context| using Chrome's default hashing algorithm and the | 158 // in |attempt->user_context| using Chrome's default hashing algorithm and the |
| 160 // system salt, then calls MountEx(). | 159 // system salt, then calls MountEx(). |
| 161 void OnGetSystemSalt(const base::WeakPtr<AuthAttemptState>& attempt, | 160 void OnGetSystemSalt(const base::WeakPtr<AuthAttemptState>& attempt, |
| 162 scoped_refptr<CryptohomeAuthenticator> resolver, | 161 scoped_refptr<CryptohomeAuthenticator> resolver, |
| 163 bool ephemeral, | 162 bool ephemeral, |
| (...skipping 96 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 260 chromeos::LoginEventRecorder::Get()->AddLoginTimeMarker( | 259 chromeos::LoginEventRecorder::Get()->AddLoginTimeMarker( |
| 261 "CryptohomeMount-Start", false); | 260 "CryptohomeMount-Start", false); |
| 262 | 261 |
| 263 if (attempt->user_context.GetKey()->GetKeyType() != | 262 if (attempt->user_context.GetKey()->GetKeyType() != |
| 264 Key::KEY_TYPE_PASSWORD_PLAIN) { | 263 Key::KEY_TYPE_PASSWORD_PLAIN) { |
| 265 DoMount(attempt, resolver, ephemeral, create_if_nonexistent); | 264 DoMount(attempt, resolver, ephemeral, create_if_nonexistent); |
| 266 return; | 265 return; |
| 267 } | 266 } |
| 268 | 267 |
| 269 cryptohome::HomedirMethods::GetInstance()->GetKeyDataEx( | 268 cryptohome::HomedirMethods::GetInstance()->GetKeyDataEx( |
| 270 cryptohome::Identification( | 269 cryptohome::Identification(attempt->user_context.GetAccountId()), |
| 271 attempt->user_context.GetAccountId().GetUserEmail()), | |
| 272 kCryptohomeGAIAKeyLabel, base::Bind(&OnGetKeyDataEx, attempt, resolver, | 270 kCryptohomeGAIAKeyLabel, base::Bind(&OnGetKeyDataEx, attempt, resolver, |
| 273 ephemeral, create_if_nonexistent)); | 271 ephemeral, create_if_nonexistent)); |
| 274 } | 272 } |
| 275 | 273 |
| 276 // Calls cryptohome's mount method for guest and also get the user hash from | 274 // Calls cryptohome's mount method for guest and also get the user hash from |
| 277 // cryptohome. | 275 // cryptohome. |
| 278 void MountGuestAndGetHash(const base::WeakPtr<AuthAttemptState>& attempt, | 276 void MountGuestAndGetHash(const base::WeakPtr<AuthAttemptState>& attempt, |
| 279 scoped_refptr<CryptohomeAuthenticator> resolver) { | 277 scoped_refptr<CryptohomeAuthenticator> resolver) { |
| 280 attempt->UsernameHashRequested(); | 278 attempt->UsernameHashRequested(); |
| 281 cryptohome::AsyncMethodCaller::GetInstance()->AsyncMountGuest( | 279 cryptohome::AsyncMethodCaller::GetInstance()->AsyncMountGuest( |
| 282 base::Bind(&TriggerResolveWithLoginTimeMarker, | 280 base::Bind(&TriggerResolveWithLoginTimeMarker, |
| 283 "CryptohomeMount-End", | 281 "CryptohomeMount-End", |
| 284 attempt, | 282 attempt, |
| 285 resolver)); | 283 resolver)); |
| 286 cryptohome::AsyncMethodCaller::GetInstance()->AsyncGetSanitizedUsername( | 284 cryptohome::AsyncMethodCaller::GetInstance()->AsyncGetSanitizedUsername( |
| 287 attempt->user_context.GetAccountId().GetUserEmail(), | 285 cryptohome::Identification(attempt->user_context.GetAccountId()), |
| 288 base::Bind(&TriggerResolveHash, attempt, resolver)); | 286 base::Bind(&TriggerResolveHash, attempt, resolver)); |
| 289 } | 287 } |
| 290 | 288 |
| 291 // Calls cryptohome's MountPublic method | 289 // Calls cryptohome's MountPublic method |
| 292 void MountPublic(const base::WeakPtr<AuthAttemptState>& attempt, | 290 void MountPublic(const base::WeakPtr<AuthAttemptState>& attempt, |
| 293 scoped_refptr<CryptohomeAuthenticator> resolver, | 291 scoped_refptr<CryptohomeAuthenticator> resolver, |
| 294 int flags) { | 292 int flags) { |
| 295 cryptohome::AsyncMethodCaller::GetInstance()->AsyncMountPublic( | 293 cryptohome::AsyncMethodCaller::GetInstance()->AsyncMountPublic( |
| 296 attempt->user_context.GetAccountId().GetUserEmail(), flags, | 294 cryptohome::Identification(attempt->user_context.GetAccountId()), flags, |
| 297 base::Bind(&TriggerResolveWithLoginTimeMarker, | 295 base::Bind(&TriggerResolveWithLoginTimeMarker, |
| 298 "CryptohomeMountPublic-End", attempt, resolver)); | 296 "CryptohomeMountPublic-End", attempt, resolver)); |
| 299 cryptohome::AsyncMethodCaller::GetInstance()->AsyncGetSanitizedUsername( | 297 cryptohome::AsyncMethodCaller::GetInstance()->AsyncGetSanitizedUsername( |
| 300 attempt->user_context.GetAccountId().GetUserEmail(), | 298 cryptohome::Identification(attempt->user_context.GetAccountId()), |
| 301 base::Bind(&TriggerResolveHash, attempt, resolver)); | 299 base::Bind(&TriggerResolveHash, attempt, resolver)); |
| 302 } | 300 } |
| 303 | 301 |
| 304 // Calls cryptohome's key migration method. | 302 // Calls cryptohome's key migration method. |
| 305 void Migrate(const base::WeakPtr<AuthAttemptState>& attempt, | 303 void Migrate(const base::WeakPtr<AuthAttemptState>& attempt, |
| 306 scoped_refptr<CryptohomeAuthenticator> resolver, | 304 scoped_refptr<CryptohomeAuthenticator> resolver, |
| 307 bool passing_old_hash, | 305 bool passing_old_hash, |
| 308 const std::string& old_password, | 306 const std::string& old_password, |
| 309 const std::string& system_salt) { | 307 const std::string& system_salt) { |
| 310 chromeos::LoginEventRecorder::Get()->AddLoginTimeMarker( | 308 chromeos::LoginEventRecorder::Get()->AddLoginTimeMarker( |
| 311 "CryptohomeMigrate-Start", false); | 309 "CryptohomeMigrate-Start", false); |
| 312 cryptohome::AsyncMethodCaller* caller = | 310 cryptohome::AsyncMethodCaller* caller = |
| 313 cryptohome::AsyncMethodCaller::GetInstance(); | 311 cryptohome::AsyncMethodCaller::GetInstance(); |
| 314 | 312 |
| 315 // TODO(bartfab): Retrieve the hashing algorithm and salt to use for |old_key| | 313 // TODO(bartfab): Retrieve the hashing algorithm and salt to use for |old_key| |
| 316 // from cryptohomed. | 314 // from cryptohomed. |
| 317 scoped_ptr<Key> old_key = | 315 scoped_ptr<Key> old_key = |
| 318 TransformKeyIfNeeded(Key(old_password), system_salt); | 316 TransformKeyIfNeeded(Key(old_password), system_salt); |
| 319 scoped_ptr<Key> new_key = | 317 scoped_ptr<Key> new_key = |
| 320 TransformKeyIfNeeded(*attempt->user_context.GetKey(), system_salt); | 318 TransformKeyIfNeeded(*attempt->user_context.GetKey(), system_salt); |
| 321 if (passing_old_hash) { | 319 if (passing_old_hash) { |
| 322 caller->AsyncMigrateKey( | 320 caller->AsyncMigrateKey( |
| 323 attempt->user_context.GetAccountId().GetUserEmail(), | 321 cryptohome::Identification(attempt->user_context.GetAccountId()), |
| 324 old_key->GetSecret(), new_key->GetSecret(), | 322 old_key->GetSecret(), new_key->GetSecret(), |
| 325 base::Bind(&TriggerResolveWithLoginTimeMarker, "CryptohomeMount-End", | 323 base::Bind(&TriggerResolveWithLoginTimeMarker, "CryptohomeMount-End", |
| 326 attempt, resolver)); | 324 attempt, resolver)); |
| 327 } else { | 325 } else { |
| 328 caller->AsyncMigrateKey( | 326 caller->AsyncMigrateKey( |
| 329 attempt->user_context.GetAccountId().GetUserEmail(), | 327 cryptohome::Identification(attempt->user_context.GetAccountId()), |
| 330 new_key->GetSecret(), old_key->GetSecret(), | 328 new_key->GetSecret(), old_key->GetSecret(), |
| 331 base::Bind(&TriggerResolveWithLoginTimeMarker, "CryptohomeMount-End", | 329 base::Bind(&TriggerResolveWithLoginTimeMarker, "CryptohomeMount-End", |
| 332 attempt, resolver)); | 330 attempt, resolver)); |
| 333 } | 331 } |
| 334 } | 332 } |
| 335 | 333 |
| 336 // Calls cryptohome's remove method. | 334 // Calls cryptohome's remove method. |
| 337 void Remove(const base::WeakPtr<AuthAttemptState>& attempt, | 335 void Remove(const base::WeakPtr<AuthAttemptState>& attempt, |
| 338 scoped_refptr<CryptohomeAuthenticator> resolver) { | 336 scoped_refptr<CryptohomeAuthenticator> resolver) { |
| 339 chromeos::LoginEventRecorder::Get()->AddLoginTimeMarker( | 337 chromeos::LoginEventRecorder::Get()->AddLoginTimeMarker( |
| 340 "CryptohomeRemove-Start", false); | 338 "CryptohomeRemove-Start", false); |
| 341 cryptohome::AsyncMethodCaller::GetInstance()->AsyncRemove( | 339 cryptohome::AsyncMethodCaller::GetInstance()->AsyncRemove( |
| 342 attempt->user_context.GetAccountId().GetUserEmail(), | 340 cryptohome::Identification(attempt->user_context.GetAccountId()), |
| 343 base::Bind(&TriggerResolveWithLoginTimeMarker, "CryptohomeRemove-End", | 341 base::Bind(&TriggerResolveWithLoginTimeMarker, "CryptohomeRemove-End", |
| 344 attempt, resolver)); | 342 attempt, resolver)); |
| 345 } | 343 } |
| 346 | 344 |
| 347 // Calls cryptohome's key check method. | 345 // Calls cryptohome's key check method. |
| 348 void CheckKey(const base::WeakPtr<AuthAttemptState>& attempt, | 346 void CheckKey(const base::WeakPtr<AuthAttemptState>& attempt, |
| 349 scoped_refptr<CryptohomeAuthenticator> resolver, | 347 scoped_refptr<CryptohomeAuthenticator> resolver, |
| 350 const std::string& system_salt) { | 348 const std::string& system_salt) { |
| 351 scoped_ptr<Key> key = | 349 scoped_ptr<Key> key = |
| 352 TransformKeyIfNeeded(*attempt->user_context.GetKey(), system_salt); | 350 TransformKeyIfNeeded(*attempt->user_context.GetKey(), system_salt); |
| 353 cryptohome::AsyncMethodCaller::GetInstance()->AsyncCheckKey( | 351 cryptohome::AsyncMethodCaller::GetInstance()->AsyncCheckKey( |
| 354 attempt->user_context.GetAccountId().GetUserEmail(), key->GetSecret(), | 352 cryptohome::Identification(attempt->user_context.GetAccountId()), |
| 355 base::Bind(&TriggerResolve, attempt, resolver)); | 353 key->GetSecret(), base::Bind(&TriggerResolve, attempt, resolver)); |
| 356 } | 354 } |
| 357 | 355 |
| 358 } // namespace | 356 } // namespace |
| 359 | 357 |
| 360 CryptohomeAuthenticator::CryptohomeAuthenticator( | 358 CryptohomeAuthenticator::CryptohomeAuthenticator( |
| 361 scoped_refptr<base::TaskRunner> task_runner, | 359 scoped_refptr<base::TaskRunner> task_runner, |
| 362 AuthStatusConsumer* consumer) | 360 AuthStatusConsumer* consumer) |
| 363 : Authenticator(consumer), | 361 : Authenticator(consumer), |
| 364 task_runner_(task_runner), | 362 task_runner_(task_runner), |
| 365 migrate_attempted_(false), | 363 migrate_attempted_(false), |
| (...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 440 false, // online_complete | 438 false, // online_complete |
| 441 false)); // user_is_new | 439 false)); // user_is_new |
| 442 remove_user_data_on_failure_ = false; | 440 remove_user_data_on_failure_ = false; |
| 443 StartMount(current_state_->AsWeakPtr(), | 441 StartMount(current_state_->AsWeakPtr(), |
| 444 scoped_refptr<CryptohomeAuthenticator>(this), | 442 scoped_refptr<CryptohomeAuthenticator>(this), |
| 445 false /* ephemeral */, false /* create_if_nonexistent */); | 443 false /* ephemeral */, false /* create_if_nonexistent */); |
| 446 } | 444 } |
| 447 | 445 |
| 448 void CryptohomeAuthenticator::LoginOffTheRecord() { | 446 void CryptohomeAuthenticator::LoginOffTheRecord() { |
| 449 DCHECK(task_runner_->RunsTasksOnCurrentThread()); | 447 DCHECK(task_runner_->RunsTasksOnCurrentThread()); |
| 450 current_state_.reset( | 448 current_state_.reset(new AuthAttemptState( |
| 451 new AuthAttemptState(UserContext(user_manager::USER_TYPE_GUEST, | 449 UserContext(user_manager::USER_TYPE_GUEST, login::GuestAccountId()), |
| 452 login::GuestAccountId().GetUserEmail()), | 450 false, // unlock |
| 453 false, // unlock | 451 false, // online_complete |
| 454 false, // online_complete | 452 false)); // user_is_new |
| 455 false)); // user_is_new | |
| 456 remove_user_data_on_failure_ = false; | 453 remove_user_data_on_failure_ = false; |
| 457 ephemeral_mount_attempted_ = true; | 454 ephemeral_mount_attempted_ = true; |
| 458 MountGuestAndGetHash(current_state_->AsWeakPtr(), | 455 MountGuestAndGetHash(current_state_->AsWeakPtr(), |
| 459 scoped_refptr<CryptohomeAuthenticator>(this)); | 456 scoped_refptr<CryptohomeAuthenticator>(this)); |
| 460 } | 457 } |
| 461 | 458 |
| 462 void CryptohomeAuthenticator::LoginAsPublicSession( | 459 void CryptohomeAuthenticator::LoginAsPublicSession( |
| 463 const UserContext& user_context) { | 460 const UserContext& user_context) { |
| 464 DCHECK(task_runner_->RunsTasksOnCurrentThread()); | 461 DCHECK(task_runner_->RunsTasksOnCurrentThread()); |
| 465 DCHECK_EQ(user_manager::USER_TYPE_PUBLIC_ACCOUNT, user_context.GetUserType()); | 462 DCHECK_EQ(user_manager::USER_TYPE_PUBLIC_ACCOUNT, user_context.GetUserType()); |
| 466 | 463 |
| 467 current_state_.reset( | 464 current_state_.reset( |
| 468 new AuthAttemptState(user_context, | 465 new AuthAttemptState(user_context, |
| 469 false, // unlock | 466 false, // unlock |
| 470 false, // online_complete | 467 false, // online_complete |
| 471 false)); // user_is_new | 468 false)); // user_is_new |
| 472 remove_user_data_on_failure_ = false; | 469 remove_user_data_on_failure_ = false; |
| 473 ephemeral_mount_attempted_ = true; | 470 ephemeral_mount_attempted_ = true; |
| 474 StartMount(current_state_->AsWeakPtr(), | 471 StartMount(current_state_->AsWeakPtr(), |
| 475 scoped_refptr<CryptohomeAuthenticator>(this), true /* ephemeral */, | 472 scoped_refptr<CryptohomeAuthenticator>(this), true /* ephemeral */, |
| 476 true /* create_if_nonexistent */); | 473 true /* create_if_nonexistent */); |
| 477 } | 474 } |
| 478 | 475 |
| 479 void CryptohomeAuthenticator::LoginAsKioskAccount( | 476 void CryptohomeAuthenticator::LoginAsKioskAccount( |
| 480 const std::string& app_user_id, | 477 const AccountId& app_account_id, |
| 481 bool use_guest_mount) { | 478 bool use_guest_mount) { |
| 482 DCHECK(task_runner_->RunsTasksOnCurrentThread()); | 479 DCHECK(task_runner_->RunsTasksOnCurrentThread()); |
| 483 | 480 |
| 484 const std::string user_id = | 481 const AccountId& account_id = |
| 485 use_guest_mount ? login::GuestAccountId().GetUserEmail() : app_user_id; | 482 use_guest_mount ? login::GuestAccountId() : app_account_id; |
| 486 current_state_.reset(new AuthAttemptState( | 483 current_state_.reset(new AuthAttemptState( |
| 487 UserContext(user_manager::USER_TYPE_KIOSK_APP, user_id), | 484 UserContext(user_manager::USER_TYPE_KIOSK_APP, account_id), |
| 488 false, // unlock | 485 false, // unlock |
| 489 false, // online_complete | 486 false, // online_complete |
| 490 false)); // user_is_new | 487 false)); // user_is_new |
| 491 | 488 |
| 492 remove_user_data_on_failure_ = true; | 489 remove_user_data_on_failure_ = true; |
| 493 if (!use_guest_mount) { | 490 if (!use_guest_mount) { |
| 494 MountPublic(current_state_->AsWeakPtr(), | 491 MountPublic(current_state_->AsWeakPtr(), |
| 495 scoped_refptr<CryptohomeAuthenticator>(this), | 492 scoped_refptr<CryptohomeAuthenticator>(this), |
| 496 cryptohome::CREATE_IF_MISSING); | 493 cryptohome::CREATE_IF_MISSING); |
| 497 } else { | 494 } else { |
| (...skipping 375 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 873 Resolve(); | 870 Resolve(); |
| 874 } | 871 } |
| 875 | 872 |
| 876 void CryptohomeAuthenticator::SetOwnerState(bool owner_check_finished, | 873 void CryptohomeAuthenticator::SetOwnerState(bool owner_check_finished, |
| 877 bool check_result) { | 874 bool check_result) { |
| 878 owner_is_verified_ = owner_check_finished; | 875 owner_is_verified_ = owner_check_finished; |
| 879 user_can_login_ = check_result; | 876 user_can_login_ = check_result; |
| 880 } | 877 } |
| 881 | 878 |
| 882 } // namespace chromeos | 879 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1693383003:
ChromeOS cryptohome should be able to use gaia id as user identifier. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master