| Index: chromeos/login/auth/cryptohome_authenticator.cc
|
| diff --git a/chromeos/login/auth/cryptohome_authenticator.cc b/chromeos/login/auth/cryptohome_authenticator.cc
|
| index df430d08d0c69b60b5344f19362eca535b18128d..5d9858d2841ec5a773b480279fd53bad3bd793a3 100644
|
| --- a/chromeos/login/auth/cryptohome_authenticator.cc
|
| +++ b/chromeos/login/auth/cryptohome_authenticator.cc
|
| @@ -13,6 +13,7 @@
|
| #include "base/location.h"
|
| #include "base/logging.h"
|
| #include "base/memory/weak_ptr.h"
|
| +#include "chromeos/chromeos_switches.h"
|
| #include "chromeos/cryptohome/async_method_caller.h"
|
| #include "chromeos/cryptohome/cryptohome_parameters.h"
|
| #include "chromeos/cryptohome/homedir_methods.h"
|
| @@ -27,6 +28,7 @@
|
| #include "chromeos/login_event_recorder.h"
|
| #include "components/device_event_log/device_event_log.h"
|
| #include "components/signin/core/account_id/account_id.h"
|
| +#include "components/user_manager/known_user.h"
|
| #include "components/user_manager/user_type.h"
|
| #include "third_party/cros_system_api/dbus/service_constants.h"
|
|
|
| @@ -149,12 +151,78 @@ void DoMount(const base::WeakPtr<AuthAttemptState>& attempt,
|
| }
|
|
|
| cryptohome::HomedirMethods::GetInstance()->MountEx(
|
| - cryptohome::Identification(
|
| - attempt->user_context.GetAccountId().GetUserEmail()),
|
| + cryptohome::Identification(attempt->user_context.GetAccountId()),
|
| cryptohome::Authorization(auth_key), mount,
|
| base::Bind(&OnMount, attempt, resolver));
|
| }
|
|
|
| +// Handle cryptohome migration status.
|
| +void OnCryptohomeRenamed(const base::WeakPtr<AuthAttemptState>& attempt,
|
| + scoped_refptr<CryptohomeAuthenticator> resolver,
|
| + bool ephemeral,
|
| + bool create_if_nonexistent,
|
| + bool success,
|
| + cryptohome::MountError return_code) {
|
| + chromeos::LoginEventRecorder::Get()->AddLoginTimeMarker(
|
| + "CryptohomeRename-End", false);
|
| + const AccountId account_id = attempt->user_context.GetAccountId();
|
| + if (success) {
|
| + cryptohome::SetGaiaIdMigrationStatusDone(account_id);
|
| + } else {
|
| + LOG(ERROR) << "Failed to rename cryptohome for account_id='"
|
| + << account_id.Serialize() << "' (return_code=" << return_code
|
| + << ")";
|
| + }
|
| +
|
| + DoMount(attempt, resolver, ephemeral, create_if_nonexistent);
|
| +}
|
| +
|
| +// This method migrates cryptohome identifier to gaia id (if needed),
|
| +// and then calls Mount.
|
| +void MigrateCryptohomeToGaiaId(const base::WeakPtr<AuthAttemptState>& attempt,
|
| + scoped_refptr<CryptohomeAuthenticator> resolver,
|
| + bool ephemeral,
|
| + bool create_if_nonexistent) {
|
| + const bool is_gaiaid_migration_started = switches::IsGaiaIdMigrationStarted();
|
| + const bool already_migrated = cryptohome::GetGaiaIdMigrationStatus(
|
| + attempt->user_context.GetAccountId());
|
| + const bool has_gaia_id =
|
| + !attempt->user_context.GetAccountId().GetGaiaId().empty();
|
| +
|
| + bool need_migration = false;
|
| + if (is_gaiaid_migration_started && !create_if_nonexistent &&
|
| + !already_migrated) {
|
| + if (has_gaia_id) {
|
| + need_migration = true;
|
| + } else {
|
| + LOG(WARNING) << "Account '"
|
| + << attempt->user_context.GetAccountId().Serialize()
|
| + << "' has no gaia id. Cryptohome migration skipped.";
|
| + }
|
| + }
|
| + if (need_migration) {
|
| + chromeos::LoginEventRecorder::Get()->AddLoginTimeMarker(
|
| + "CryptohomeRename-Start", false);
|
| + const std::string& cryptohome_id_from =
|
| + attempt->user_context.GetAccountId().GetUserEmail(); // Migrated
|
| + const std::string cryptohome_id_to =
|
| + attempt->user_context.GetAccountId().GetGaiaIdKey();
|
| +
|
| + cryptohome::HomedirMethods::GetInstance()->RenameCryptohome(
|
| + cryptohome::Identification::FromString(cryptohome_id_from),
|
| + cryptohome::Identification::FromString(cryptohome_id_to),
|
| + base::Bind(&OnCryptohomeRenamed, attempt, resolver, ephemeral,
|
| + create_if_nonexistent));
|
| + return;
|
| + }
|
| + if (is_gaiaid_migration_started && !already_migrated && has_gaia_id) {
|
| + // Mark new users migrated.
|
| + cryptohome::SetGaiaIdMigrationStatusDone(
|
| + attempt->user_context.GetAccountId());
|
| + }
|
| + DoMount(attempt, resolver, ephemeral, create_if_nonexistent);
|
| +}
|
| +
|
| // Callback invoked when the system salt has been retrieved. Transforms the key
|
| // in |attempt->user_context| using Chrome's default hashing algorithm and the
|
| // system salt, then calls MountEx().
|
| @@ -170,7 +238,8 @@ void OnGetSystemSalt(const base::WeakPtr<AuthAttemptState>& attempt,
|
| Key::KEY_TYPE_SALTED_SHA256_TOP_HALF,
|
| system_salt);
|
|
|
| - DoMount(attempt, resolver, ephemeral, create_if_nonexistent);
|
| + MigrateCryptohomeToGaiaId(attempt, resolver, ephemeral,
|
| + create_if_nonexistent);
|
| }
|
|
|
| // Callback invoked when cryptohome's GetKeyDataEx() method has finished.
|
| @@ -229,7 +298,8 @@ void OnGetKeyDataEx(
|
| attempt->user_context.GetKey()->Transform(
|
| static_cast<Key::KeyType>(*type),
|
| *salt);
|
| - DoMount(attempt, resolver, ephemeral, create_if_nonexistent);
|
| + MigrateCryptohomeToGaiaId(attempt, resolver, ephemeral,
|
| + create_if_nonexistent);
|
| return;
|
| }
|
| } else {
|
| @@ -262,13 +332,13 @@ void StartMount(const base::WeakPtr<AuthAttemptState>& attempt,
|
|
|
| if (attempt->user_context.GetKey()->GetKeyType() !=
|
| Key::KEY_TYPE_PASSWORD_PLAIN) {
|
| - DoMount(attempt, resolver, ephemeral, create_if_nonexistent);
|
| + MigrateCryptohomeToGaiaId(attempt, resolver, ephemeral,
|
| + create_if_nonexistent);
|
| return;
|
| }
|
|
|
| cryptohome::HomedirMethods::GetInstance()->GetKeyDataEx(
|
| - cryptohome::Identification(
|
| - attempt->user_context.GetAccountId().GetUserEmail()),
|
| + cryptohome::Identification(attempt->user_context.GetAccountId()),
|
| kCryptohomeGAIAKeyLabel, base::Bind(&OnGetKeyDataEx, attempt, resolver,
|
| ephemeral, create_if_nonexistent));
|
| }
|
| @@ -284,7 +354,7 @@ void MountGuestAndGetHash(const base::WeakPtr<AuthAttemptState>& attempt,
|
| attempt,
|
| resolver));
|
| cryptohome::AsyncMethodCaller::GetInstance()->AsyncGetSanitizedUsername(
|
| - attempt->user_context.GetAccountId().GetUserEmail(),
|
| + cryptohome::Identification(attempt->user_context.GetAccountId()),
|
| base::Bind(&TriggerResolveHash, attempt, resolver));
|
| }
|
|
|
| @@ -293,11 +363,11 @@ void MountPublic(const base::WeakPtr<AuthAttemptState>& attempt,
|
| scoped_refptr<CryptohomeAuthenticator> resolver,
|
| int flags) {
|
| cryptohome::AsyncMethodCaller::GetInstance()->AsyncMountPublic(
|
| - attempt->user_context.GetAccountId().GetUserEmail(), flags,
|
| + cryptohome::Identification(attempt->user_context.GetAccountId()), flags,
|
| base::Bind(&TriggerResolveWithLoginTimeMarker,
|
| "CryptohomeMountPublic-End", attempt, resolver));
|
| cryptohome::AsyncMethodCaller::GetInstance()->AsyncGetSanitizedUsername(
|
| - attempt->user_context.GetAccountId().GetUserEmail(),
|
| + cryptohome::Identification(attempt->user_context.GetAccountId()),
|
| base::Bind(&TriggerResolveHash, attempt, resolver));
|
| }
|
|
|
| @@ -320,13 +390,13 @@ void Migrate(const base::WeakPtr<AuthAttemptState>& attempt,
|
| TransformKeyIfNeeded(*attempt->user_context.GetKey(), system_salt);
|
| if (passing_old_hash) {
|
| caller->AsyncMigrateKey(
|
| - attempt->user_context.GetAccountId().GetUserEmail(),
|
| + cryptohome::Identification(attempt->user_context.GetAccountId()),
|
| old_key->GetSecret(), new_key->GetSecret(),
|
| base::Bind(&TriggerResolveWithLoginTimeMarker, "CryptohomeMount-End",
|
| attempt, resolver));
|
| } else {
|
| caller->AsyncMigrateKey(
|
| - attempt->user_context.GetAccountId().GetUserEmail(),
|
| + cryptohome::Identification(attempt->user_context.GetAccountId()),
|
| new_key->GetSecret(), old_key->GetSecret(),
|
| base::Bind(&TriggerResolveWithLoginTimeMarker, "CryptohomeMount-End",
|
| attempt, resolver));
|
| @@ -339,7 +409,7 @@ void Remove(const base::WeakPtr<AuthAttemptState>& attempt,
|
| chromeos::LoginEventRecorder::Get()->AddLoginTimeMarker(
|
| "CryptohomeRemove-Start", false);
|
| cryptohome::AsyncMethodCaller::GetInstance()->AsyncRemove(
|
| - attempt->user_context.GetAccountId().GetUserEmail(),
|
| + cryptohome::Identification(attempt->user_context.GetAccountId()),
|
| base::Bind(&TriggerResolveWithLoginTimeMarker, "CryptohomeRemove-End",
|
| attempt, resolver));
|
| }
|
| @@ -351,8 +421,8 @@ void CheckKey(const base::WeakPtr<AuthAttemptState>& attempt,
|
| scoped_ptr<Key> key =
|
| TransformKeyIfNeeded(*attempt->user_context.GetKey(), system_salt);
|
| cryptohome::AsyncMethodCaller::GetInstance()->AsyncCheckKey(
|
| - attempt->user_context.GetAccountId().GetUserEmail(), key->GetSecret(),
|
| - base::Bind(&TriggerResolve, attempt, resolver));
|
| + cryptohome::Identification(attempt->user_context.GetAccountId()),
|
| + key->GetSecret(), base::Bind(&TriggerResolve, attempt, resolver));
|
| }
|
|
|
| } // namespace
|
| @@ -447,12 +517,11 @@ void CryptohomeAuthenticator::LoginAsSupervisedUser(
|
|
|
| void CryptohomeAuthenticator::LoginOffTheRecord() {
|
| DCHECK(task_runner_->RunsTasksOnCurrentThread());
|
| - current_state_.reset(
|
| - new AuthAttemptState(UserContext(user_manager::USER_TYPE_GUEST,
|
| - login::GuestAccountId().GetUserEmail()),
|
| - false, // unlock
|
| - false, // online_complete
|
| - false)); // user_is_new
|
| + current_state_.reset(new AuthAttemptState(
|
| + UserContext(user_manager::USER_TYPE_GUEST, login::GuestAccountId()),
|
| + false, // unlock
|
| + false, // online_complete
|
| + false)); // user_is_new
|
| remove_user_data_on_failure_ = false;
|
| ephemeral_mount_attempted_ = true;
|
| MountGuestAndGetHash(current_state_->AsWeakPtr(),
|
| @@ -477,14 +546,14 @@ void CryptohomeAuthenticator::LoginAsPublicSession(
|
| }
|
|
|
| void CryptohomeAuthenticator::LoginAsKioskAccount(
|
| - const std::string& app_user_id,
|
| + const AccountId& app_account_id,
|
| bool use_guest_mount) {
|
| DCHECK(task_runner_->RunsTasksOnCurrentThread());
|
|
|
| - const std::string user_id =
|
| - use_guest_mount ? login::GuestAccountId().GetUserEmail() : app_user_id;
|
| + const AccountId& account_id =
|
| + use_guest_mount ? login::GuestAccountId() : app_account_id;
|
| current_state_.reset(new AuthAttemptState(
|
| - UserContext(user_manager::USER_TYPE_KIOSK_APP, user_id),
|
| + UserContext(user_manager::USER_TYPE_KIOSK_APP, account_id),
|
| false, // unlock
|
| false, // online_complete
|
| false)); // user_is_new
|
|
|
Chromium Code Reviews
Issue 1693383003:
ChromeOS cryptohome should be able to use gaia id as user identifier. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master