| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chromeos/login/auth/cryptohome_authenticator.h" | 5 #include "chromeos/login/auth/cryptohome_authenticator.h" |
| 6 | 6 |
| 7 #include <stdint.h> | 7 #include <stdint.h> |
| 8 | 8 |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| 11 #include "base/bind.h" | 11 #include "base/bind.h" |
| 12 #include "base/files/file_path.h" | 12 #include "base/files/file_path.h" |
| 13 #include "base/location.h" | 13 #include "base/location.h" |
| 14 #include "base/logging.h" | 14 #include "base/logging.h" |
| 15 #include "base/memory/weak_ptr.h" | 15 #include "base/memory/weak_ptr.h" |
| 16 #include "chromeos/chromeos_switches.h" |
| 16 #include "chromeos/cryptohome/async_method_caller.h" | 17 #include "chromeos/cryptohome/async_method_caller.h" |
| 17 #include "chromeos/cryptohome/cryptohome_parameters.h" | 18 #include "chromeos/cryptohome/cryptohome_parameters.h" |
| 18 #include "chromeos/cryptohome/homedir_methods.h" | 19 #include "chromeos/cryptohome/homedir_methods.h" |
| 19 #include "chromeos/cryptohome/system_salt_getter.h" | 20 #include "chromeos/cryptohome/system_salt_getter.h" |
| 20 #include "chromeos/dbus/cryptohome_client.h" | 21 #include "chromeos/dbus/cryptohome_client.h" |
| 21 #include "chromeos/dbus/dbus_thread_manager.h" | 22 #include "chromeos/dbus/dbus_thread_manager.h" |
| 22 #include "chromeos/login/auth/auth_status_consumer.h" | 23 #include "chromeos/login/auth/auth_status_consumer.h" |
| 23 #include "chromeos/login/auth/key.h" | 24 #include "chromeos/login/auth/key.h" |
| 24 #include "chromeos/login/auth/user_context.h" | 25 #include "chromeos/login/auth/user_context.h" |
| 25 #include "chromeos/login/login_state.h" | 26 #include "chromeos/login/login_state.h" |
| 26 #include "chromeos/login/user_names.h" | 27 #include "chromeos/login/user_names.h" |
| 27 #include "chromeos/login_event_recorder.h" | 28 #include "chromeos/login_event_recorder.h" |
| 28 #include "components/device_event_log/device_event_log.h" | 29 #include "components/device_event_log/device_event_log.h" |
| 29 #include "components/signin/core/account_id/account_id.h" | 30 #include "components/signin/core/account_id/account_id.h" |
| 31 #include "components/user_manager/known_user.h" |
| 30 #include "components/user_manager/user_type.h" | 32 #include "components/user_manager/user_type.h" |
| 31 #include "third_party/cros_system_api/dbus/service_constants.h" | 33 #include "third_party/cros_system_api/dbus/service_constants.h" |
| 32 | 34 |
| 33 namespace chromeos { | 35 namespace chromeos { |
| 34 | 36 |
| 35 namespace { | 37 namespace { |
| 36 | 38 |
| 37 // The label used for the key derived from the user's GAIA credentials. | 39 // The label used for the key derived from the user's GAIA credentials. |
| 38 const char kCryptohomeGAIAKeyLabel[] = "gaia"; | 40 const char kCryptohomeGAIAKeyLabel[] = "gaia"; |
| 39 | 41 |
| (...skipping 102 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 142 cryptohome::PRIV_DEFAULT); | 144 cryptohome::PRIV_DEFAULT); |
| 143 cryptohome::MountParameters mount(ephemeral); | 145 cryptohome::MountParameters mount(ephemeral); |
| 144 if (create_if_nonexistent) { | 146 if (create_if_nonexistent) { |
| 145 mount.create_keys.push_back(cryptohome::KeyDefinition( | 147 mount.create_keys.push_back(cryptohome::KeyDefinition( |
| 146 key->GetSecret(), | 148 key->GetSecret(), |
| 147 kCryptohomeGAIAKeyLabel, | 149 kCryptohomeGAIAKeyLabel, |
| 148 cryptohome::PRIV_DEFAULT)); | 150 cryptohome::PRIV_DEFAULT)); |
| 149 } | 151 } |
| 150 | 152 |
| 151 cryptohome::HomedirMethods::GetInstance()->MountEx( | 153 cryptohome::HomedirMethods::GetInstance()->MountEx( |
| 152 cryptohome::Identification( | 154 cryptohome::Identification(attempt->user_context.GetAccountId()), |
| 153 attempt->user_context.GetAccountId().GetUserEmail()), | |
| 154 cryptohome::Authorization(auth_key), mount, | 155 cryptohome::Authorization(auth_key), mount, |
| 155 base::Bind(&OnMount, attempt, resolver)); | 156 base::Bind(&OnMount, attempt, resolver)); |
| 156 } | 157 } |
| 157 | 158 |
| 159 // Handle cryptohome migration status. |
| 160 void OnCryptohomeRenamed(const base::WeakPtr<AuthAttemptState>& attempt, |
| 161 scoped_refptr<CryptohomeAuthenticator> resolver, |
| 162 bool ephemeral, |
| 163 bool create_if_nonexistent, |
| 164 bool success, |
| 165 cryptohome::MountError return_code) { |
| 166 chromeos::LoginEventRecorder::Get()->AddLoginTimeMarker( |
| 167 "CryptohomeRename-End", false); |
| 168 const AccountId account_id = attempt->user_context.GetAccountId(); |
| 169 if (success) { |
| 170 cryptohome::SetGaiaIdMigrationStatusDone(account_id); |
| 171 } else { |
| 172 LOG(ERROR) << "Failed to rename cryptohome for account_id='" |
| 173 << account_id.Serialize() << "' (return_code=" << return_code |
| 174 << ")"; |
| 175 } |
| 176 |
| 177 DoMount(attempt, resolver, ephemeral, create_if_nonexistent); |
| 178 } |
| 179 |
| 180 // This method migrates cryptohome identifier to gaia id (if needed), |
| 181 // and then calls Mount. |
| 182 void MigrateCryptohomeToGaiaId(const base::WeakPtr<AuthAttemptState>& attempt, |
| 183 scoped_refptr<CryptohomeAuthenticator> resolver, |
| 184 bool ephemeral, |
| 185 bool create_if_nonexistent) { |
| 186 const bool is_gaiaid_migration_started = switches::IsGaiaIdMigrationStarted(); |
| 187 const bool already_migrated = cryptohome::GetGaiaIdMigrationStatus( |
| 188 attempt->user_context.GetAccountId()); |
| 189 const bool has_gaia_id = |
| 190 !attempt->user_context.GetAccountId().GetGaiaId().empty(); |
| 191 |
| 192 bool need_migration = false; |
| 193 if (is_gaiaid_migration_started && !create_if_nonexistent && |
| 194 !already_migrated) { |
| 195 if (has_gaia_id) { |
| 196 need_migration = true; |
| 197 } else { |
| 198 LOG(WARNING) << "Account '" |
| 199 << attempt->user_context.GetAccountId().Serialize() |
| 200 << "' has no gaia id. Cryptohome migration skipped."; |
| 201 } |
| 202 } |
| 203 if (need_migration) { |
| 204 chromeos::LoginEventRecorder::Get()->AddLoginTimeMarker( |
| 205 "CryptohomeRename-Start", false); |
| 206 const std::string& cryptohome_id_from = |
| 207 attempt->user_context.GetAccountId().GetUserEmail(); // Migrated |
| 208 const std::string cryptohome_id_to = |
| 209 attempt->user_context.GetAccountId().GetGaiaIdKey(); |
| 210 |
| 211 cryptohome::HomedirMethods::GetInstance()->RenameCryptohome( |
| 212 cryptohome::Identification::FromString(cryptohome_id_from), |
| 213 cryptohome::Identification::FromString(cryptohome_id_to), |
| 214 base::Bind(&OnCryptohomeRenamed, attempt, resolver, ephemeral, |
| 215 create_if_nonexistent)); |
| 216 return; |
| 217 } |
| 218 if (is_gaiaid_migration_started && !already_migrated && has_gaia_id) { |
| 219 // Mark new users migrated. |
| 220 cryptohome::SetGaiaIdMigrationStatusDone( |
| 221 attempt->user_context.GetAccountId()); |
| 222 } |
| 223 DoMount(attempt, resolver, ephemeral, create_if_nonexistent); |
| 224 } |
| 225 |
| 158 // Callback invoked when the system salt has been retrieved. Transforms the key | 226 // Callback invoked when the system salt has been retrieved. Transforms the key |
| 159 // in |attempt->user_context| using Chrome's default hashing algorithm and the | 227 // in |attempt->user_context| using Chrome's default hashing algorithm and the |
| 160 // system salt, then calls MountEx(). | 228 // system salt, then calls MountEx(). |
| 161 void OnGetSystemSalt(const base::WeakPtr<AuthAttemptState>& attempt, | 229 void OnGetSystemSalt(const base::WeakPtr<AuthAttemptState>& attempt, |
| 162 scoped_refptr<CryptohomeAuthenticator> resolver, | 230 scoped_refptr<CryptohomeAuthenticator> resolver, |
| 163 bool ephemeral, | 231 bool ephemeral, |
| 164 bool create_if_nonexistent, | 232 bool create_if_nonexistent, |
| 165 const std::string& system_salt) { | 233 const std::string& system_salt) { |
| 166 DCHECK_EQ(Key::KEY_TYPE_PASSWORD_PLAIN, | 234 DCHECK_EQ(Key::KEY_TYPE_PASSWORD_PLAIN, |
| 167 attempt->user_context.GetKey()->GetKeyType()); | 235 attempt->user_context.GetKey()->GetKeyType()); |
| 168 | 236 |
| 169 attempt->user_context.GetKey()->Transform( | 237 attempt->user_context.GetKey()->Transform( |
| 170 Key::KEY_TYPE_SALTED_SHA256_TOP_HALF, | 238 Key::KEY_TYPE_SALTED_SHA256_TOP_HALF, |
| 171 system_salt); | 239 system_salt); |
| 172 | 240 |
| 173 DoMount(attempt, resolver, ephemeral, create_if_nonexistent); | 241 MigrateCryptohomeToGaiaId(attempt, resolver, ephemeral, |
| 242 create_if_nonexistent); |
| 174 } | 243 } |
| 175 | 244 |
| 176 // Callback invoked when cryptohome's GetKeyDataEx() method has finished. | 245 // Callback invoked when cryptohome's GetKeyDataEx() method has finished. |
| 177 // * If GetKeyDataEx() returned metadata indicating the hashing algorithm and | 246 // * If GetKeyDataEx() returned metadata indicating the hashing algorithm and |
| 178 // salt that were used to generate the key for this user's cryptohome, | 247 // salt that were used to generate the key for this user's cryptohome, |
| 179 // transforms the key in |attempt->user_context| with the same parameters. | 248 // transforms the key in |attempt->user_context| with the same parameters. |
| 180 // * Otherwise, starts the retrieval of the system salt so that the key in | 249 // * Otherwise, starts the retrieval of the system salt so that the key in |
| 181 // |attempt->user_context| can be transformed with Chrome's default hashing | 250 // |attempt->user_context| can be transformed with Chrome's default hashing |
| 182 // algorithm and the system salt. | 251 // algorithm and the system salt. |
| 183 // The resulting key is then passed to cryptohome's MountEx(). | 252 // The resulting key is then passed to cryptohome's MountEx(). |
| (...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 222 | 291 |
| 223 if (!salt) { | 292 if (!salt) { |
| 224 LOGIN_LOG(ERROR) << "Missing salt."; | 293 LOGIN_LOG(ERROR) << "Missing salt."; |
| 225 RecordKeyErrorAndResolve(attempt, resolver); | 294 RecordKeyErrorAndResolve(attempt, resolver); |
| 226 return; | 295 return; |
| 227 } | 296 } |
| 228 | 297 |
| 229 attempt->user_context.GetKey()->Transform( | 298 attempt->user_context.GetKey()->Transform( |
| 230 static_cast<Key::KeyType>(*type), | 299 static_cast<Key::KeyType>(*type), |
| 231 *salt); | 300 *salt); |
| 232 DoMount(attempt, resolver, ephemeral, create_if_nonexistent); | 301 MigrateCryptohomeToGaiaId(attempt, resolver, ephemeral, |
| 302 create_if_nonexistent); |
| 233 return; | 303 return; |
| 234 } | 304 } |
| 235 } else { | 305 } else { |
| 236 LOGIN_LOG(EVENT) << "GetKeyDataEx() returned " << key_definitions.size() | 306 LOGIN_LOG(EVENT) << "GetKeyDataEx() returned " << key_definitions.size() |
| 237 << " entries."; | 307 << " entries."; |
| 238 } | 308 } |
| 239 } | 309 } |
| 240 | 310 |
| 241 SystemSaltGetter::Get()->GetSystemSalt(base::Bind(&OnGetSystemSalt, | 311 SystemSaltGetter::Get()->GetSystemSalt(base::Bind(&OnGetSystemSalt, |
| 242 attempt, | 312 attempt, |
| (...skipping 12 matching lines...) Expand all Loading... |
| 255 // transformed accordingly before calling MountEx(). | 325 // transformed accordingly before calling MountEx(). |
| 256 void StartMount(const base::WeakPtr<AuthAttemptState>& attempt, | 326 void StartMount(const base::WeakPtr<AuthAttemptState>& attempt, |
| 257 scoped_refptr<CryptohomeAuthenticator> resolver, | 327 scoped_refptr<CryptohomeAuthenticator> resolver, |
| 258 bool ephemeral, | 328 bool ephemeral, |
| 259 bool create_if_nonexistent) { | 329 bool create_if_nonexistent) { |
| 260 chromeos::LoginEventRecorder::Get()->AddLoginTimeMarker( | 330 chromeos::LoginEventRecorder::Get()->AddLoginTimeMarker( |
| 261 "CryptohomeMount-Start", false); | 331 "CryptohomeMount-Start", false); |
| 262 | 332 |
| 263 if (attempt->user_context.GetKey()->GetKeyType() != | 333 if (attempt->user_context.GetKey()->GetKeyType() != |
| 264 Key::KEY_TYPE_PASSWORD_PLAIN) { | 334 Key::KEY_TYPE_PASSWORD_PLAIN) { |
| 265 DoMount(attempt, resolver, ephemeral, create_if_nonexistent); | 335 MigrateCryptohomeToGaiaId(attempt, resolver, ephemeral, |
| 336 create_if_nonexistent); |
| 266 return; | 337 return; |
| 267 } | 338 } |
| 268 | 339 |
| 269 cryptohome::HomedirMethods::GetInstance()->GetKeyDataEx( | 340 cryptohome::HomedirMethods::GetInstance()->GetKeyDataEx( |
| 270 cryptohome::Identification( | 341 cryptohome::Identification(attempt->user_context.GetAccountId()), |
| 271 attempt->user_context.GetAccountId().GetUserEmail()), | |
| 272 kCryptohomeGAIAKeyLabel, base::Bind(&OnGetKeyDataEx, attempt, resolver, | 342 kCryptohomeGAIAKeyLabel, base::Bind(&OnGetKeyDataEx, attempt, resolver, |
| 273 ephemeral, create_if_nonexistent)); | 343 ephemeral, create_if_nonexistent)); |
| 274 } | 344 } |
| 275 | 345 |
| 276 // Calls cryptohome's mount method for guest and also get the user hash from | 346 // Calls cryptohome's mount method for guest and also get the user hash from |
| 277 // cryptohome. | 347 // cryptohome. |
| 278 void MountGuestAndGetHash(const base::WeakPtr<AuthAttemptState>& attempt, | 348 void MountGuestAndGetHash(const base::WeakPtr<AuthAttemptState>& attempt, |
| 279 scoped_refptr<CryptohomeAuthenticator> resolver) { | 349 scoped_refptr<CryptohomeAuthenticator> resolver) { |
| 280 attempt->UsernameHashRequested(); | 350 attempt->UsernameHashRequested(); |
| 281 cryptohome::AsyncMethodCaller::GetInstance()->AsyncMountGuest( | 351 cryptohome::AsyncMethodCaller::GetInstance()->AsyncMountGuest( |
| 282 base::Bind(&TriggerResolveWithLoginTimeMarker, | 352 base::Bind(&TriggerResolveWithLoginTimeMarker, |
| 283 "CryptohomeMount-End", | 353 "CryptohomeMount-End", |
| 284 attempt, | 354 attempt, |
| 285 resolver)); | 355 resolver)); |
| 286 cryptohome::AsyncMethodCaller::GetInstance()->AsyncGetSanitizedUsername( | 356 cryptohome::AsyncMethodCaller::GetInstance()->AsyncGetSanitizedUsername( |
| 287 attempt->user_context.GetAccountId().GetUserEmail(), | 357 cryptohome::Identification(attempt->user_context.GetAccountId()), |
| 288 base::Bind(&TriggerResolveHash, attempt, resolver)); | 358 base::Bind(&TriggerResolveHash, attempt, resolver)); |
| 289 } | 359 } |
| 290 | 360 |
| 291 // Calls cryptohome's MountPublic method | 361 // Calls cryptohome's MountPublic method |
| 292 void MountPublic(const base::WeakPtr<AuthAttemptState>& attempt, | 362 void MountPublic(const base::WeakPtr<AuthAttemptState>& attempt, |
| 293 scoped_refptr<CryptohomeAuthenticator> resolver, | 363 scoped_refptr<CryptohomeAuthenticator> resolver, |
| 294 int flags) { | 364 int flags) { |
| 295 cryptohome::AsyncMethodCaller::GetInstance()->AsyncMountPublic( | 365 cryptohome::AsyncMethodCaller::GetInstance()->AsyncMountPublic( |
| 296 attempt->user_context.GetAccountId().GetUserEmail(), flags, | 366 cryptohome::Identification(attempt->user_context.GetAccountId()), flags, |
| 297 base::Bind(&TriggerResolveWithLoginTimeMarker, | 367 base::Bind(&TriggerResolveWithLoginTimeMarker, |
| 298 "CryptohomeMountPublic-End", attempt, resolver)); | 368 "CryptohomeMountPublic-End", attempt, resolver)); |
| 299 cryptohome::AsyncMethodCaller::GetInstance()->AsyncGetSanitizedUsername( | 369 cryptohome::AsyncMethodCaller::GetInstance()->AsyncGetSanitizedUsername( |
| 300 attempt->user_context.GetAccountId().GetUserEmail(), | 370 cryptohome::Identification(attempt->user_context.GetAccountId()), |
| 301 base::Bind(&TriggerResolveHash, attempt, resolver)); | 371 base::Bind(&TriggerResolveHash, attempt, resolver)); |
| 302 } | 372 } |
| 303 | 373 |
| 304 // Calls cryptohome's key migration method. | 374 // Calls cryptohome's key migration method. |
| 305 void Migrate(const base::WeakPtr<AuthAttemptState>& attempt, | 375 void Migrate(const base::WeakPtr<AuthAttemptState>& attempt, |
| 306 scoped_refptr<CryptohomeAuthenticator> resolver, | 376 scoped_refptr<CryptohomeAuthenticator> resolver, |
| 307 bool passing_old_hash, | 377 bool passing_old_hash, |
| 308 const std::string& old_password, | 378 const std::string& old_password, |
| 309 const std::string& system_salt) { | 379 const std::string& system_salt) { |
| 310 chromeos::LoginEventRecorder::Get()->AddLoginTimeMarker( | 380 chromeos::LoginEventRecorder::Get()->AddLoginTimeMarker( |
| 311 "CryptohomeMigrate-Start", false); | 381 "CryptohomeMigrate-Start", false); |
| 312 cryptohome::AsyncMethodCaller* caller = | 382 cryptohome::AsyncMethodCaller* caller = |
| 313 cryptohome::AsyncMethodCaller::GetInstance(); | 383 cryptohome::AsyncMethodCaller::GetInstance(); |
| 314 | 384 |
| 315 // TODO(bartfab): Retrieve the hashing algorithm and salt to use for |old_key| | 385 // TODO(bartfab): Retrieve the hashing algorithm and salt to use for |old_key| |
| 316 // from cryptohomed. | 386 // from cryptohomed. |
| 317 scoped_ptr<Key> old_key = | 387 scoped_ptr<Key> old_key = |
| 318 TransformKeyIfNeeded(Key(old_password), system_salt); | 388 TransformKeyIfNeeded(Key(old_password), system_salt); |
| 319 scoped_ptr<Key> new_key = | 389 scoped_ptr<Key> new_key = |
| 320 TransformKeyIfNeeded(*attempt->user_context.GetKey(), system_salt); | 390 TransformKeyIfNeeded(*attempt->user_context.GetKey(), system_salt); |
| 321 if (passing_old_hash) { | 391 if (passing_old_hash) { |
| 322 caller->AsyncMigrateKey( | 392 caller->AsyncMigrateKey( |
| 323 attempt->user_context.GetAccountId().GetUserEmail(), | 393 cryptohome::Identification(attempt->user_context.GetAccountId()), |
| 324 old_key->GetSecret(), new_key->GetSecret(), | 394 old_key->GetSecret(), new_key->GetSecret(), |
| 325 base::Bind(&TriggerResolveWithLoginTimeMarker, "CryptohomeMount-End", | 395 base::Bind(&TriggerResolveWithLoginTimeMarker, "CryptohomeMount-End", |
| 326 attempt, resolver)); | 396 attempt, resolver)); |
| 327 } else { | 397 } else { |
| 328 caller->AsyncMigrateKey( | 398 caller->AsyncMigrateKey( |
| 329 attempt->user_context.GetAccountId().GetUserEmail(), | 399 cryptohome::Identification(attempt->user_context.GetAccountId()), |
| 330 new_key->GetSecret(), old_key->GetSecret(), | 400 new_key->GetSecret(), old_key->GetSecret(), |
| 331 base::Bind(&TriggerResolveWithLoginTimeMarker, "CryptohomeMount-End", | 401 base::Bind(&TriggerResolveWithLoginTimeMarker, "CryptohomeMount-End", |
| 332 attempt, resolver)); | 402 attempt, resolver)); |
| 333 } | 403 } |
| 334 } | 404 } |
| 335 | 405 |
| 336 // Calls cryptohome's remove method. | 406 // Calls cryptohome's remove method. |
| 337 void Remove(const base::WeakPtr<AuthAttemptState>& attempt, | 407 void Remove(const base::WeakPtr<AuthAttemptState>& attempt, |
| 338 scoped_refptr<CryptohomeAuthenticator> resolver) { | 408 scoped_refptr<CryptohomeAuthenticator> resolver) { |
| 339 chromeos::LoginEventRecorder::Get()->AddLoginTimeMarker( | 409 chromeos::LoginEventRecorder::Get()->AddLoginTimeMarker( |
| 340 "CryptohomeRemove-Start", false); | 410 "CryptohomeRemove-Start", false); |
| 341 cryptohome::AsyncMethodCaller::GetInstance()->AsyncRemove( | 411 cryptohome::AsyncMethodCaller::GetInstance()->AsyncRemove( |
| 342 attempt->user_context.GetAccountId().GetUserEmail(), | 412 cryptohome::Identification(attempt->user_context.GetAccountId()), |
| 343 base::Bind(&TriggerResolveWithLoginTimeMarker, "CryptohomeRemove-End", | 413 base::Bind(&TriggerResolveWithLoginTimeMarker, "CryptohomeRemove-End", |
| 344 attempt, resolver)); | 414 attempt, resolver)); |
| 345 } | 415 } |
| 346 | 416 |
| 347 // Calls cryptohome's key check method. | 417 // Calls cryptohome's key check method. |
| 348 void CheckKey(const base::WeakPtr<AuthAttemptState>& attempt, | 418 void CheckKey(const base::WeakPtr<AuthAttemptState>& attempt, |
| 349 scoped_refptr<CryptohomeAuthenticator> resolver, | 419 scoped_refptr<CryptohomeAuthenticator> resolver, |
| 350 const std::string& system_salt) { | 420 const std::string& system_salt) { |
| 351 scoped_ptr<Key> key = | 421 scoped_ptr<Key> key = |
| 352 TransformKeyIfNeeded(*attempt->user_context.GetKey(), system_salt); | 422 TransformKeyIfNeeded(*attempt->user_context.GetKey(), system_salt); |
| 353 cryptohome::AsyncMethodCaller::GetInstance()->AsyncCheckKey( | 423 cryptohome::AsyncMethodCaller::GetInstance()->AsyncCheckKey( |
| 354 attempt->user_context.GetAccountId().GetUserEmail(), key->GetSecret(), | 424 cryptohome::Identification(attempt->user_context.GetAccountId()), |
| 355 base::Bind(&TriggerResolve, attempt, resolver)); | 425 key->GetSecret(), base::Bind(&TriggerResolve, attempt, resolver)); |
| 356 } | 426 } |
| 357 | 427 |
| 358 } // namespace | 428 } // namespace |
| 359 | 429 |
| 360 CryptohomeAuthenticator::CryptohomeAuthenticator( | 430 CryptohomeAuthenticator::CryptohomeAuthenticator( |
| 361 scoped_refptr<base::TaskRunner> task_runner, | 431 scoped_refptr<base::TaskRunner> task_runner, |
| 362 AuthStatusConsumer* consumer) | 432 AuthStatusConsumer* consumer) |
| 363 : Authenticator(consumer), | 433 : Authenticator(consumer), |
| 364 task_runner_(task_runner), | 434 task_runner_(task_runner), |
| 365 migrate_attempted_(false), | 435 migrate_attempted_(false), |
| (...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 440 false, // online_complete | 510 false, // online_complete |
| 441 false)); // user_is_new | 511 false)); // user_is_new |
| 442 remove_user_data_on_failure_ = false; | 512 remove_user_data_on_failure_ = false; |
| 443 StartMount(current_state_->AsWeakPtr(), | 513 StartMount(current_state_->AsWeakPtr(), |
| 444 scoped_refptr<CryptohomeAuthenticator>(this), | 514 scoped_refptr<CryptohomeAuthenticator>(this), |
| 445 false /* ephemeral */, false /* create_if_nonexistent */); | 515 false /* ephemeral */, false /* create_if_nonexistent */); |
| 446 } | 516 } |
| 447 | 517 |
| 448 void CryptohomeAuthenticator::LoginOffTheRecord() { | 518 void CryptohomeAuthenticator::LoginOffTheRecord() { |
| 449 DCHECK(task_runner_->RunsTasksOnCurrentThread()); | 519 DCHECK(task_runner_->RunsTasksOnCurrentThread()); |
| 450 current_state_.reset( | 520 current_state_.reset(new AuthAttemptState( |
| 451 new AuthAttemptState(UserContext(user_manager::USER_TYPE_GUEST, | 521 UserContext(user_manager::USER_TYPE_GUEST, login::GuestAccountId()), |
| 452 login::GuestAccountId().GetUserEmail()), | 522 false, // unlock |
| 453 false, // unlock | 523 false, // online_complete |
| 454 false, // online_complete | 524 false)); // user_is_new |
| 455 false)); // user_is_new | |
| 456 remove_user_data_on_failure_ = false; | 525 remove_user_data_on_failure_ = false; |
| 457 ephemeral_mount_attempted_ = true; | 526 ephemeral_mount_attempted_ = true; |
| 458 MountGuestAndGetHash(current_state_->AsWeakPtr(), | 527 MountGuestAndGetHash(current_state_->AsWeakPtr(), |
| 459 scoped_refptr<CryptohomeAuthenticator>(this)); | 528 scoped_refptr<CryptohomeAuthenticator>(this)); |
| 460 } | 529 } |
| 461 | 530 |
| 462 void CryptohomeAuthenticator::LoginAsPublicSession( | 531 void CryptohomeAuthenticator::LoginAsPublicSession( |
| 463 const UserContext& user_context) { | 532 const UserContext& user_context) { |
| 464 DCHECK(task_runner_->RunsTasksOnCurrentThread()); | 533 DCHECK(task_runner_->RunsTasksOnCurrentThread()); |
| 465 DCHECK_EQ(user_manager::USER_TYPE_PUBLIC_ACCOUNT, user_context.GetUserType()); | 534 DCHECK_EQ(user_manager::USER_TYPE_PUBLIC_ACCOUNT, user_context.GetUserType()); |
| 466 | 535 |
| 467 current_state_.reset( | 536 current_state_.reset( |
| 468 new AuthAttemptState(user_context, | 537 new AuthAttemptState(user_context, |
| 469 false, // unlock | 538 false, // unlock |
| 470 false, // online_complete | 539 false, // online_complete |
| 471 false)); // user_is_new | 540 false)); // user_is_new |
| 472 remove_user_data_on_failure_ = false; | 541 remove_user_data_on_failure_ = false; |
| 473 ephemeral_mount_attempted_ = true; | 542 ephemeral_mount_attempted_ = true; |
| 474 StartMount(current_state_->AsWeakPtr(), | 543 StartMount(current_state_->AsWeakPtr(), |
| 475 scoped_refptr<CryptohomeAuthenticator>(this), true /* ephemeral */, | 544 scoped_refptr<CryptohomeAuthenticator>(this), true /* ephemeral */, |
| 476 true /* create_if_nonexistent */); | 545 true /* create_if_nonexistent */); |
| 477 } | 546 } |
| 478 | 547 |
| 479 void CryptohomeAuthenticator::LoginAsKioskAccount( | 548 void CryptohomeAuthenticator::LoginAsKioskAccount( |
| 480 const std::string& app_user_id, | 549 const AccountId& app_account_id, |
| 481 bool use_guest_mount) { | 550 bool use_guest_mount) { |
| 482 DCHECK(task_runner_->RunsTasksOnCurrentThread()); | 551 DCHECK(task_runner_->RunsTasksOnCurrentThread()); |
| 483 | 552 |
| 484 const std::string user_id = | 553 const AccountId& account_id = |
| 485 use_guest_mount ? login::GuestAccountId().GetUserEmail() : app_user_id; | 554 use_guest_mount ? login::GuestAccountId() : app_account_id; |
| 486 current_state_.reset(new AuthAttemptState( | 555 current_state_.reset(new AuthAttemptState( |
| 487 UserContext(user_manager::USER_TYPE_KIOSK_APP, user_id), | 556 UserContext(user_manager::USER_TYPE_KIOSK_APP, account_id), |
| 488 false, // unlock | 557 false, // unlock |
| 489 false, // online_complete | 558 false, // online_complete |
| 490 false)); // user_is_new | 559 false)); // user_is_new |
| 491 | 560 |
| 492 remove_user_data_on_failure_ = true; | 561 remove_user_data_on_failure_ = true; |
| 493 if (!use_guest_mount) { | 562 if (!use_guest_mount) { |
| 494 MountPublic(current_state_->AsWeakPtr(), | 563 MountPublic(current_state_->AsWeakPtr(), |
| 495 scoped_refptr<CryptohomeAuthenticator>(this), | 564 scoped_refptr<CryptohomeAuthenticator>(this), |
| 496 cryptohome::CREATE_IF_MISSING); | 565 cryptohome::CREATE_IF_MISSING); |
| 497 } else { | 566 } else { |
| (...skipping 375 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 873 Resolve(); | 942 Resolve(); |
| 874 } | 943 } |
| 875 | 944 |
| 876 void CryptohomeAuthenticator::SetOwnerState(bool owner_check_finished, | 945 void CryptohomeAuthenticator::SetOwnerState(bool owner_check_finished, |
| 877 bool check_result) { | 946 bool check_result) { |
| 878 owner_is_verified_ = owner_check_finished; | 947 owner_is_verified_ = owner_check_finished; |
| 879 user_can_login_ = check_result; | 948 user_can_login_ = check_result; |
| 880 } | 949 } |
| 881 | 950 |
| 882 } // namespace chromeos | 951 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1693383003:
ChromeOS cryptohome should be able to use gaia id as user identifier. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master