Chromium Code Reviews Chromium Code Reviews
Issue 1693383003:
ChromeOS cryptohome should be able to use gaia id as user identifier. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: chrome/browser/chromeos/app_mode/kiosk_app_manager.cc |
| diff --git a/chrome/browser/chromeos/app_mode/kiosk_app_manager.cc b/chrome/browser/chromeos/app_mode/kiosk_app_manager.cc |
| index f20e31cde7472194f50822b4b362d8231671dcfc..818835c89f1e10f1109cdfdee94c24af61b9b043 100644 |
| --- a/chrome/browser/chromeos/app_mode/kiosk_app_manager.cc |
| +++ b/chrome/browser/chromeos/app_mode/kiosk_app_manager.cc |
| @@ -35,6 +35,7 @@ |
| #include "chrome/common/extensions/extension_constants.h" |
| #include "chromeos/chromeos_paths.h" |
| #include "chromeos/cryptohome/async_method_caller.h" |
| +#include "chromeos/cryptohome/cryptohome_parameters.h" |
| #include "chromeos/dbus/dbus_thread_manager.h" |
| #include "chromeos/settings/cros_settings_names.h" |
| #include "components/ownership/owner_key_util.h" |
| @@ -42,6 +43,7 @@ |
| #include "components/prefs/pref_service.h" |
| #include "components/prefs/scoped_user_pref_update.h" |
| #include "components/signin/core/account_id/account_id.h" |
| +#include "components/user_manager/known_user.h" |
| #include "components/user_manager/user_manager.h" |
| #include "content/public/browser/browser_thread.h" |
| #include "extensions/common/extension_urls.h" |
| @@ -61,30 +63,32 @@ std::string GenerateKioskAppAccountId(const std::string& app_id) { |
| return app_id + '@' + kKioskAppAccountDomain; |
| } |
| -void ScheduleDelayedCryptohomeRemoval(const std::string& user_id, |
| +void ScheduleDelayedCryptohomeRemoval(const AccountId& account_id, |
| const std::string& app_id) { |
| PrefService* local_state = g_browser_process->local_state(); |
| DictionaryPrefUpdate dict_update(local_state, kKioskUsersToRemove); |
| - dict_update->SetStringWithoutPathExpansion(user_id, app_id); |
| + dict_update->SetStringWithoutPathExpansion(account_id.Serialize(), app_id); |
|
xiyuan
2016/02/17 23:14:25
The comment for Serialize() in account_id.h says:
Alexander Alekseev
2016/02/18 13:45:14
You're right. We should not use it here. I've repl
|
| local_state->CommitPendingWrite(); |
| } |
| -void CancelDelayedCryptohomeRemoval(const std::string& user_id) { |
| +void CancelDelayedCryptohomeRemoval(const AccountId& account_id) { |
| PrefService* local_state = g_browser_process->local_state(); |
| DictionaryPrefUpdate dict_update(local_state, kKioskUsersToRemove); |
| - dict_update->RemoveWithoutPathExpansion(user_id, NULL); |
| + dict_update->RemoveWithoutPathExpansion(account_id.Serialize(), NULL); |
| + const std::string& old_user_id = account_id.GetUserEmail(); // Migrated |
| + dict_update->RemoveWithoutPathExpansion(old_user_id, NULL); |
| local_state->CommitPendingWrite(); |
| } |
| -void OnRemoveAppCryptohomeComplete(const std::string& user_id, |
| +void OnRemoveAppCryptohomeComplete(const AccountId& account_id, |
| const std::string& app, |
| const base::Closure& callback, |
| bool success, |
| cryptohome::MountError return_code) { |
| if (success) { |
| - CancelDelayedCryptohomeRemoval(user_id); |
| + CancelDelayedCryptohomeRemoval(account_id); |
| } else { |
| - ScheduleDelayedCryptohomeRemoval(user_id, app); |
| + ScheduleDelayedCryptohomeRemoval(account_id, app); |
| LOG(ERROR) << "Remove cryptohome for " << app |
| << " failed, return code: " << return_code; |
| } |
| @@ -103,14 +107,14 @@ void PerformDelayedCryptohomeRemovals(bool service_is_available) { |
| local_state->GetDictionary(kKioskUsersToRemove); |
| for (base::DictionaryValue::Iterator it(*dict); !it.IsAtEnd(); it.Advance()) { |
| std::string user_id = it.key(); |
| + const AccountId account_id( |
| + user_manager::known_user::MayBeDeserializeAccountId(user_id)); |
| std::string app_id; |
| it.value().GetAsString(&app_id); |
| VLOG(1) << "Removing obsolete crypthome for " << app_id; |
| cryptohome::AsyncMethodCaller::GetInstance()->AsyncRemove( |
| - user_id, |
| - base::Bind(&OnRemoveAppCryptohomeComplete, |
| - user_id, |
| - app_id, |
| + cryptohome::Identification(account_id), |
| + base::Bind(&OnRemoveAppCryptohomeComplete, account_id, app_id, |
| base::Closure())); |
| } |
| } |
| @@ -167,20 +171,20 @@ void KioskAppManager::RemoveObsoleteCryptohomes() { |
| base::Bind(&PerformDelayedCryptohomeRemovals)); |
| } |
| -KioskAppManager::App::App( |
| - const KioskAppData& data, |
| - bool is_extension_pending, |
| - bool auto_launched_with_zero_delay) |
| +KioskAppManager::App::App(const KioskAppData& data, |
| + bool is_extension_pending, |
| + bool auto_launched_with_zero_delay) |
| : app_id(data.app_id()), |
| - user_id(data.user_id()), |
| + account_id(data.account_id()), |
| name(data.name()), |
| icon(data.icon()), |
| is_loading(data.IsLoading() || is_extension_pending), |
| - was_auto_launched_with_zero_delay(auto_launched_with_zero_delay) { |
| -} |
| + was_auto_launched_with_zero_delay(auto_launched_with_zero_delay) {} |
| -KioskAppManager::App::App() : is_loading(false), |
| - was_auto_launched_with_zero_delay(false) {} |
| +KioskAppManager::App::App() |
| + : account_id(EmptyAccountId()), |
| + is_loading(false), |
| + was_auto_launched_with_zero_delay(false) {} |
| KioskAppManager::App::~App() {} |
| @@ -634,6 +638,7 @@ void KioskAppManager::UpdateAppData() { |
| if (it->account_id == auto_login_account_id) |
| auto_launch_app_id_ = it->kiosk_app_id; |
| + const AccountId account_id(AccountId::FromUserEmail(it->user_id)); |
|
xiyuan
2016/02/17 23:14:25
Note it->user_id could be an arbitrary string set
Alexander Alekseev
2016/02/18 13:45:14
It cannot be completely arbitrary, because we use
xiyuan
2016/02/18 17:22:33
I am not objecting to the change. Just want to poi
Alexander Alekseev
2016/02/19 00:17:03
You're right. But it still looks like email. It ca
|
| std::map<std::string, KioskAppData*>::iterator old_it = |
| old_apps.find(it->kiosk_app_id); |
| if (old_it != old_apps.end()) { |
| @@ -641,11 +646,11 @@ void KioskAppManager::UpdateAppData() { |
| old_apps.erase(old_it); |
| } else { |
| KioskAppData* new_app = new KioskAppData( |
| - this, it->kiosk_app_id, it->user_id, GURL(it->kiosk_app_update_url)); |
| + this, it->kiosk_app_id, account_id, GURL(it->kiosk_app_update_url)); |
| apps_.push_back(new_app); // Takes ownership of |new_app|. |
| new_app->Load(); |
| } |
| - CancelDelayedCryptohomeRemoval(it->user_id); |
| + CancelDelayedCryptohomeRemoval(account_id); |
| } |
| base::Closure cryptohomes_barrier_closure; |
| @@ -655,7 +660,7 @@ void KioskAppManager::UpdateAppData() { |
| if (active_user) { |
| const AccountId active_account_id = active_user->GetAccountId(); |
| for (const auto& it : old_apps) { |
| - if (it.second->user_id() == active_account_id.GetUserEmail()) { |
| + if (it.second->account_id() == active_account_id) { |
| VLOG(1) << "Currently running kiosk app removed from policy, exiting"; |
| cryptohomes_barrier_closure = BarrierClosure( |
| old_apps.size(), base::Bind(&chrome::AttemptUserExit)); |
| @@ -670,11 +675,9 @@ void KioskAppManager::UpdateAppData() { |
| it != old_apps.end(); ++it) { |
| it->second->ClearCache(); |
| cryptohome::AsyncMethodCaller::GetInstance()->AsyncRemove( |
| - it->second->user_id(), |
| - base::Bind(&OnRemoveAppCryptohomeComplete, |
| - it->second->user_id(), |
| - it->first, |
| - cryptohomes_barrier_closure)); |
| + cryptohome::Identification(it->second->account_id()), |
| + base::Bind(&OnRemoveAppCryptohomeComplete, it->second->account_id(), |
| + it->first, cryptohomes_barrier_closure)); |
| apps_to_remove.push_back(it->second->app_id()); |
| } |
| STLDeleteValues(&old_apps); |
