| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "chrome/browser/chromeos/login/extended_authenticator.h" | |
| 6 | |
| 7 #include "base/bind.h" | |
| 8 #include "base/strings/string_number_conversions.h" | |
| 9 #include "base/strings/string_util.h" | |
| 10 #include "chrome/browser/chromeos/boot_times_loader.h" | |
| 11 #include "chrome/browser/chromeos/login/login_status_consumer.h" | |
| 12 #include "chrome/browser/chromeos/login/parallel_authenticator.h" | |
| 13 #include "chromeos/cryptohome/async_method_caller.h" | |
| 14 #include "chromeos/cryptohome/cryptohome_parameters.h" | |
| 15 #include "chromeos/cryptohome/homedir_methods.h" | |
| 16 #include "chromeos/cryptohome/system_salt_getter.h" | |
| 17 #include "chromeos/dbus/cryptohome_client.h" | |
| 18 #include "chromeos/dbus/dbus_thread_manager.h" | |
| 19 #include "content/public/browser/browser_thread.h" | |
| 20 #include "crypto/sha2.h" | |
| 21 #include "google_apis/gaia/gaia_auth_util.h" | |
| 22 #include "third_party/cros_system_api/dbus/service_constants.h" | |
| 23 | |
| 24 using content::BrowserThread; | |
| 25 | |
| 26 namespace chromeos { | |
| 27 | |
| 28 namespace { | |
| 29 | |
| 30 void RecordStartMarker(const std::string& marker) { | |
| 31 std::string full_marker = "Cryptohome-"; | |
| 32 full_marker.append(marker); | |
| 33 full_marker.append("-Start"); | |
| 34 chromeos::BootTimesLoader::Get()->AddLoginTimeMarker(full_marker, false); | |
| 35 } | |
| 36 | |
| 37 void RecordEndMarker(const std::string& marker) { | |
| 38 std::string full_marker = "Cryptohome-"; | |
| 39 full_marker.append(marker); | |
| 40 full_marker.append("-End"); | |
| 41 chromeos::BootTimesLoader::Get()->AddLoginTimeMarker(full_marker, false); | |
| 42 } | |
| 43 | |
| 44 } // namespace | |
| 45 | |
| 46 ExtendedAuthenticator::ExtendedAuthenticator(AuthStatusConsumer* consumer) | |
| 47 : salt_obtained_(false), consumer_(consumer), old_consumer_(NULL) { | |
| 48 SystemSaltGetter::Get()->GetSystemSalt( | |
| 49 base::Bind(&ExtendedAuthenticator::OnSaltObtained, this)); | |
| 50 } | |
| 51 | |
| 52 ExtendedAuthenticator::ExtendedAuthenticator(LoginStatusConsumer* consumer) | |
| 53 : salt_obtained_(false), consumer_(NULL), old_consumer_(consumer) { | |
| 54 SystemSaltGetter::Get()->GetSystemSalt( | |
| 55 base::Bind(&ExtendedAuthenticator::OnSaltObtained, this)); | |
| 56 } | |
| 57 | |
| 58 ExtendedAuthenticator::~ExtendedAuthenticator() {} | |
| 59 | |
| 60 void ExtendedAuthenticator::SetConsumer(LoginStatusConsumer* consumer) { | |
| 61 old_consumer_ = consumer; | |
| 62 } | |
| 63 | |
| 64 void ExtendedAuthenticator::OnSaltObtained(const std::string& system_salt) { | |
| 65 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | |
| 66 | |
| 67 salt_obtained_ = true; | |
| 68 system_salt_ = system_salt; | |
| 69 for (size_t i = 0; i < hashing_queue_.size(); i++) { | |
| 70 hashing_queue_[i].Run(system_salt); | |
| 71 } | |
| 72 hashing_queue_.clear(); | |
| 73 } | |
| 74 | |
| 75 void ExtendedAuthenticator::AuthenticateToMount( | |
| 76 const UserContext& context, | |
| 77 const HashSuccessCallback& success_callback) { | |
| 78 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | |
| 79 TransformContext(context, | |
| 80 base::Bind(&ExtendedAuthenticator::DoAuthenticateToMount, | |
| 81 this, | |
| 82 success_callback)); | |
| 83 } | |
| 84 | |
| 85 void ExtendedAuthenticator::AuthenticateToCheck( | |
| 86 const UserContext& context, | |
| 87 const base::Closure& success_callback) { | |
| 88 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | |
| 89 | |
| 90 TransformContext(context, | |
| 91 base::Bind(&ExtendedAuthenticator::DoAuthenticateToCheck, | |
| 92 this, | |
| 93 success_callback)); | |
| 94 } | |
| 95 | |
| 96 void ExtendedAuthenticator::CreateMount( | |
| 97 const std::string& user_id, | |
| 98 const std::vector<cryptohome::KeyDefinition>& keys, | |
| 99 const HashSuccessCallback& success_callback) { | |
| 100 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | |
| 101 | |
| 102 RecordStartMarker("MountEx"); | |
| 103 | |
| 104 std::string canonicalized = gaia::CanonicalizeEmail(user_id); | |
| 105 cryptohome::Identification id(canonicalized); | |
| 106 cryptohome::Authorization auth(keys.front()); | |
| 107 cryptohome::MountParameters mount(false); | |
| 108 for (size_t i = 0; i < keys.size(); i++) { | |
| 109 mount.create_keys.push_back(keys[i]); | |
| 110 } | |
| 111 UserContext context(user_id, keys.front().key, std::string()); | |
| 112 context.SetKeyLabel(keys.front().label); | |
| 113 | |
| 114 cryptohome::HomedirMethods::GetInstance()->MountEx( | |
| 115 id, | |
| 116 auth, | |
| 117 mount, | |
| 118 base::Bind(&ExtendedAuthenticator::OnMountComplete, | |
| 119 this, | |
| 120 "MountEx", | |
| 121 context, | |
| 122 success_callback)); | |
| 123 } | |
| 124 | |
| 125 void ExtendedAuthenticator::AddKey(const UserContext& context, | |
| 126 const cryptohome::KeyDefinition& key, | |
| 127 bool replace_existing, | |
| 128 const base::Closure& success_callback) { | |
| 129 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | |
| 130 TransformContext(context, | |
| 131 base::Bind(&ExtendedAuthenticator::DoAddKey, | |
| 132 this, | |
| 133 key, | |
| 134 replace_existing, | |
| 135 success_callback)); | |
| 136 } | |
| 137 | |
| 138 void ExtendedAuthenticator::UpdateKeyAuthorized( | |
| 139 const UserContext& context, | |
| 140 const cryptohome::KeyDefinition& key, | |
| 141 const std::string& signature, | |
| 142 const base::Closure& success_callback) { | |
| 143 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | |
| 144 TransformContext(context, | |
| 145 base::Bind(&ExtendedAuthenticator::DoUpdateKeyAuthorized, | |
| 146 this, | |
| 147 key, | |
| 148 signature, | |
| 149 success_callback)); | |
| 150 } | |
| 151 | |
| 152 void ExtendedAuthenticator::RemoveKey(const UserContext& context, | |
| 153 const std::string& key_to_remove, | |
| 154 const base::Closure& success_callback) { | |
| 155 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | |
| 156 TransformContext(context, | |
| 157 base::Bind(&ExtendedAuthenticator::DoRemoveKey, | |
| 158 this, | |
| 159 key_to_remove, | |
| 160 success_callback)); | |
| 161 } | |
| 162 | |
| 163 void ExtendedAuthenticator::DoAuthenticateToMount( | |
| 164 const HashSuccessCallback& success_callback, | |
| 165 const UserContext& user_context) { | |
| 166 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | |
| 167 | |
| 168 RecordStartMarker("MountEx"); | |
| 169 | |
| 170 std::string canonicalized = gaia::CanonicalizeEmail(user_context.GetUserID()); | |
| 171 cryptohome::Identification id(canonicalized); | |
| 172 cryptohome::Authorization auth(user_context.GetPassword(), | |
| 173 user_context.GetKeyLabel()); | |
| 174 cryptohome::MountParameters mount(false); | |
| 175 | |
| 176 cryptohome::HomedirMethods::GetInstance()->MountEx( | |
| 177 id, | |
| 178 auth, | |
| 179 mount, | |
| 180 base::Bind(&ExtendedAuthenticator::OnMountComplete, | |
| 181 this, | |
| 182 "MountEx", | |
| 183 user_context, | |
| 184 success_callback)); | |
| 185 } | |
| 186 | |
| 187 void ExtendedAuthenticator::DoAuthenticateToCheck( | |
| 188 const base::Closure& success_callback, | |
| 189 const UserContext& user_context) { | |
| 190 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | |
| 191 | |
| 192 RecordStartMarker("CheckKeyEx"); | |
| 193 | |
| 194 std::string canonicalized = gaia::CanonicalizeEmail(user_context.GetUserID()); | |
| 195 cryptohome::Identification id(canonicalized); | |
| 196 cryptohome::Authorization auth(user_context.GetPassword(), | |
| 197 user_context.GetKeyLabel()); | |
| 198 | |
| 199 cryptohome::HomedirMethods::GetInstance()->CheckKeyEx( | |
| 200 id, | |
| 201 auth, | |
| 202 base::Bind(&ExtendedAuthenticator::OnOperationComplete, | |
| 203 this, | |
| 204 "CheckKeyEx", | |
| 205 user_context, | |
| 206 success_callback)); | |
| 207 } | |
| 208 | |
| 209 void ExtendedAuthenticator::DoAddKey(const cryptohome::KeyDefinition& key, | |
| 210 bool replace_existing, | |
| 211 const base::Closure& success_callback, | |
| 212 const UserContext& user_context) { | |
| 213 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | |
| 214 | |
| 215 RecordStartMarker("AddKeyEx"); | |
| 216 | |
| 217 std::string canonicalized = gaia::CanonicalizeEmail(user_context.GetUserID()); | |
| 218 cryptohome::Identification id(canonicalized); | |
| 219 cryptohome::Authorization auth(user_context.GetPassword(), | |
| 220 user_context.GetKeyLabel()); | |
| 221 | |
| 222 cryptohome::HomedirMethods::GetInstance()->AddKeyEx( | |
| 223 id, | |
| 224 auth, | |
| 225 key, | |
| 226 replace_existing, | |
| 227 base::Bind(&ExtendedAuthenticator::OnOperationComplete, | |
| 228 this, | |
| 229 "AddKeyEx", | |
| 230 user_context, | |
| 231 success_callback)); | |
| 232 } | |
| 233 | |
| 234 void ExtendedAuthenticator::DoUpdateKeyAuthorized( | |
| 235 const cryptohome::KeyDefinition& key, | |
| 236 const std::string& signature, | |
| 237 const base::Closure& success_callback, | |
| 238 const UserContext& user_context) { | |
| 239 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | |
| 240 RecordStartMarker("UpdateKeyAuthorized"); | |
| 241 | |
| 242 std::string canonicalized = gaia::CanonicalizeEmail(user_context.GetUserID()); | |
| 243 cryptohome::Identification id(canonicalized); | |
| 244 cryptohome::Authorization auth(user_context.GetPassword(), | |
| 245 user_context.GetKeyLabel()); | |
| 246 | |
| 247 cryptohome::HomedirMethods::GetInstance()->UpdateKeyEx( | |
| 248 id, | |
| 249 auth, | |
| 250 key, | |
| 251 signature, | |
| 252 base::Bind(&ExtendedAuthenticator::OnOperationComplete, | |
| 253 this, | |
| 254 "UpdateKeyAuthorized", | |
| 255 user_context, | |
| 256 success_callback)); | |
| 257 } | |
| 258 | |
| 259 void ExtendedAuthenticator::DoRemoveKey(const std::string& key_to_remove, | |
| 260 const base::Closure& success_callback, | |
| 261 const UserContext& user_context) { | |
| 262 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | |
| 263 | |
| 264 RecordStartMarker("RemoveKeyEx"); | |
| 265 | |
| 266 std::string canonicalized = gaia::CanonicalizeEmail(user_context.GetUserID()); | |
| 267 cryptohome::Identification id(canonicalized); | |
| 268 cryptohome::Authorization auth(user_context.GetPassword(), | |
| 269 user_context.GetKeyLabel()); | |
| 270 | |
| 271 cryptohome::HomedirMethods::GetInstance()->RemoveKeyEx( | |
| 272 id, | |
| 273 auth, | |
| 274 key_to_remove, | |
| 275 base::Bind(&ExtendedAuthenticator::OnOperationComplete, | |
| 276 this, | |
| 277 "RemoveKeyEx", | |
| 278 user_context, | |
| 279 success_callback)); | |
| 280 } | |
| 281 | |
| 282 void ExtendedAuthenticator::OnMountComplete( | |
| 283 const std::string& time_marker, | |
| 284 const UserContext& user_context, | |
| 285 const HashSuccessCallback& success_callback, | |
| 286 bool success, | |
| 287 cryptohome::MountError return_code, | |
| 288 const std::string& mount_hash) { | |
| 289 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | |
| 290 | |
| 291 RecordEndMarker(time_marker); | |
| 292 UserContext copy; | |
| 293 copy.CopyFrom(user_context); | |
| 294 copy.SetUserIDHash(mount_hash); | |
| 295 if (return_code == cryptohome::MOUNT_ERROR_NONE) { | |
| 296 if (!success_callback.is_null()) | |
| 297 success_callback.Run(mount_hash); | |
| 298 if (old_consumer_) | |
| 299 old_consumer_->OnLoginSuccess(copy); | |
| 300 return; | |
| 301 } | |
| 302 AuthState state = FAILED_MOUNT; | |
| 303 if (return_code == cryptohome::MOUNT_ERROR_TPM_COMM_ERROR || | |
| 304 return_code == cryptohome::MOUNT_ERROR_TPM_DEFEND_LOCK || | |
| 305 return_code == cryptohome::MOUNT_ERROR_TPM_NEEDS_REBOOT) { | |
| 306 state = FAILED_TPM; | |
| 307 } | |
| 308 if (return_code == cryptohome::MOUNT_ERROR_USER_DOES_NOT_EXIST) { | |
| 309 state = NO_MOUNT; | |
| 310 } | |
| 311 if (consumer_) | |
| 312 consumer_->OnAuthenticationFailure(state); | |
| 313 if (old_consumer_) { | |
| 314 LoginFailure failure(LoginFailure::COULD_NOT_MOUNT_CRYPTOHOME); | |
| 315 old_consumer_->OnLoginFailure(failure); | |
| 316 } | |
| 317 } | |
| 318 | |
| 319 void ExtendedAuthenticator::OnOperationComplete( | |
| 320 const std::string& time_marker, | |
| 321 const UserContext& user_context, | |
| 322 const base::Closure& success_callback, | |
| 323 bool success, | |
| 324 cryptohome::MountError return_code) { | |
| 325 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | |
| 326 | |
| 327 RecordEndMarker(time_marker); | |
| 328 if (return_code == cryptohome::MOUNT_ERROR_NONE) { | |
| 329 if (!success_callback.is_null()) | |
| 330 success_callback.Run(); | |
| 331 if (old_consumer_) | |
| 332 old_consumer_->OnLoginSuccess(user_context); | |
| 333 return; | |
| 334 } | |
| 335 | |
| 336 AuthState state = FAILED_MOUNT; | |
| 337 | |
| 338 if (return_code == cryptohome::MOUNT_ERROR_TPM_COMM_ERROR || | |
| 339 return_code == cryptohome::MOUNT_ERROR_TPM_DEFEND_LOCK || | |
| 340 return_code == cryptohome::MOUNT_ERROR_TPM_NEEDS_REBOOT) { | |
| 341 state = FAILED_TPM; | |
| 342 } | |
| 343 | |
| 344 if (return_code == cryptohome::MOUNT_ERROR_USER_DOES_NOT_EXIST) | |
| 345 state = NO_MOUNT; | |
| 346 | |
| 347 if (consumer_) | |
| 348 consumer_->OnAuthenticationFailure(state); | |
| 349 | |
| 350 if (old_consumer_) { | |
| 351 LoginFailure failure(LoginFailure::UNLOCK_FAILED); | |
| 352 old_consumer_->OnLoginFailure(failure); | |
| 353 } | |
| 354 } | |
| 355 | |
| 356 void ExtendedAuthenticator::HashPasswordWithSalt( | |
| 357 const std::string& password, | |
| 358 const HashSuccessCallback& success_callback) { | |
| 359 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | |
| 360 DCHECK(consumer_) << "This is a part of new API"; | |
| 361 | |
| 362 DoHashWithSalt(password, success_callback, system_salt_); | |
| 363 } | |
| 364 | |
| 365 void ExtendedAuthenticator::TransformContext(const UserContext& user_context, | |
| 366 const ContextCallback& callback) { | |
| 367 if (!user_context.DoesNeedPasswordHashing()) { | |
| 368 callback.Run(user_context); | |
| 369 } else { | |
| 370 DoHashWithSalt(user_context.GetPassword(), | |
| 371 base::Bind(&ExtendedAuthenticator::DidTransformContext, | |
| 372 this, | |
| 373 user_context, | |
| 374 callback), | |
| 375 system_salt_); | |
| 376 } | |
| 377 } | |
| 378 | |
| 379 void ExtendedAuthenticator::DidTransformContext( | |
| 380 const UserContext& user_context, | |
| 381 const ContextCallback& callback, | |
| 382 const std::string& hashed_password) { | |
| 383 DCHECK(user_context.DoesNeedPasswordHashing()); | |
| 384 UserContext context; | |
| 385 context.CopyFrom(user_context); | |
| 386 context.SetPassword(hashed_password); | |
| 387 context.SetDoesNeedPasswordHashing(false); | |
| 388 callback.Run(context); | |
| 389 } | |
| 390 | |
| 391 void ExtendedAuthenticator::DoHashWithSalt(const std::string& password, | |
| 392 const HashSuccessCallback& callback, | |
| 393 const std::string& system_salt) { | |
| 394 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | |
| 395 | |
| 396 if (salt_obtained_) { | |
| 397 std::string hash = | |
| 398 ParallelAuthenticator::HashPassword(password, system_salt); | |
| 399 callback.Run(hash); | |
| 400 return; | |
| 401 } | |
| 402 hashing_queue_.push_back(base::Bind( | |
| 403 &ExtendedAuthenticator::DoHashWithSalt, this, password, callback)); | |
| 404 } | |
| 405 | |
| 406 } // namespace chromeos | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 286933002:
[cros login] Split login related classes into subfolders. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src