| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #ifndef CHROME_BROWSER_CHROMEOS_LOGIN_EXTENDED_AUTHENTICATOR_H_ | |
| 6 #define CHROME_BROWSER_CHROMEOS_LOGIN_EXTENDED_AUTHENTICATOR_H_ | |
| 7 | |
| 8 #include <string> | |
| 9 | |
| 10 #include "base/basictypes.h" | |
| 11 #include "base/callback.h" | |
| 12 #include "base/compiler_specific.h" | |
| 13 #include "base/memory/ref_counted.h" | |
| 14 #include "base/memory/scoped_ptr.h" | |
| 15 #include "chrome/browser/chromeos/login/user.h" | |
| 16 #include "chromeos/cryptohome/cryptohome_parameters.h" | |
| 17 #include "third_party/cros_system_api/dbus/service_constants.h" | |
| 18 | |
| 19 namespace chromeos { | |
| 20 | |
| 21 class LoginStatusConsumer; | |
| 22 | |
| 23 // Interaction with cryptohome : mounting home dirs, create new home dirs, | |
| 24 // udpate passwords. | |
| 25 // | |
| 26 // Typical flow: | |
| 27 // AuthenticateToMount() calls a Cryptohome to perform offline login, | |
| 28 // AuthenticateToCreate() calls a Cryptohome to create new cryptohome. | |
| 29 class ExtendedAuthenticator | |
| 30 : public base::RefCountedThreadSafe<ExtendedAuthenticator> { | |
| 31 public: | |
| 32 enum AuthState { | |
| 33 SUCCESS, // Login succeeded. | |
| 34 NO_MOUNT, // No cryptohome exist for user. | |
| 35 FAILED_MOUNT, // Failed to mount existing cryptohome - login failed. | |
| 36 FAILED_TPM, // Failed to mount/create cryptohome because of TPM error. | |
| 37 }; | |
| 38 | |
| 39 typedef base::Callback<void(const std::string& hash)> HashSuccessCallback; | |
| 40 typedef base::Callback<void(const UserContext& context)> ContextCallback; | |
| 41 | |
| 42 class AuthStatusConsumer { | |
| 43 public: | |
| 44 virtual ~AuthStatusConsumer() {} | |
| 45 // The current login attempt has ended in failure, with error. | |
| 46 virtual void OnAuthenticationFailure(AuthState state) = 0; | |
| 47 }; | |
| 48 | |
| 49 explicit ExtendedAuthenticator(AuthStatusConsumer* consumer); | |
| 50 explicit ExtendedAuthenticator(LoginStatusConsumer* consumer); | |
| 51 | |
| 52 // Updates consumer of the class. | |
| 53 void SetConsumer(LoginStatusConsumer* consumer); | |
| 54 | |
| 55 // This call will attempt to mount home dir for user, key (and key label) | |
| 56 // specified in |context|. If |context.need_password_hashing| is true, the key | |
| 57 // will be hashed with password salt before passing it to cryptohome. This | |
| 58 // call assumes that homedir already exist for user, otherwise call will | |
| 59 // result in error. On success username hash (used as mount point) will be | |
| 60 // passed to |success_callback|. | |
| 61 void AuthenticateToMount(const UserContext& context, | |
| 62 const HashSuccessCallback& success_callback); | |
| 63 | |
| 64 // This call will attempt to authenticate |user| with key (and key label) | |
| 65 // specified in |context|. No actions are taken upon authentication. | |
| 66 void AuthenticateToCheck(const UserContext& context, | |
| 67 const base::Closure& success_callback); | |
| 68 | |
| 69 // This call will create and mount home dir for |user_id| with supplied | |
| 70 // |keys| if home dir is missing. If homedir already exist, the mount attempt | |
| 71 // will be performed using first key for |auth|. | |
| 72 // Note, that all keys in |keys| should be already hashed with system salt if | |
| 73 // it is necessary, this method does not alter them. | |
| 74 void CreateMount(const std::string& user_id, | |
| 75 const std::vector<cryptohome::KeyDefinition>& keys, | |
| 76 const HashSuccessCallback& success_callback); | |
| 77 | |
| 78 // Hashes |password| with system salt. Result will be passed to | |
| 79 // |success_callback|. | |
| 80 void HashPasswordWithSalt(const std::string& password, | |
| 81 const HashSuccessCallback& success_callback); | |
| 82 | |
| 83 // Attempts to add new |key| for user identified/authorized by |context|. | |
| 84 // If if key with same label already exist, behavior depends on | |
| 85 // |replace_existing| flag. If flag is set, old key will be replaced. If it | |
| 86 // is not set, attempt will lead to error. | |
| 87 // It is prohibited to use same key label both in |auth| and |key|. | |
| 88 void AddKey(const UserContext& context, | |
| 89 const cryptohome::KeyDefinition& key, | |
| 90 bool replace_existing, | |
| 91 const base::Closure& success_callback); | |
| 92 | |
| 93 // Attempts to perform an authorized update of the key specified in |context| | |
| 94 // with new |key|. Update is authorized by providing |signature| of the key. | |
| 95 // Original key should have |PRIV_AUTHORIZED_UPDATE| privilege to perform this | |
| 96 // operation. Key label in |context| and in |key| should be the same. | |
| 97 void UpdateKeyAuthorized(const UserContext& context, | |
| 98 const cryptohome::KeyDefinition& key, | |
| 99 const std::string& signature, | |
| 100 const base::Closure& success_callback); | |
| 101 | |
| 102 // Attempts to remove |key_to_remove|-labelled key for user | |
| 103 // identified/authorized by |context|. It is possible to remove the key used | |
| 104 // for authorization, although it should be done with extreme care. | |
| 105 void RemoveKey(const UserContext& context, | |
| 106 const std::string& key_to_remove, | |
| 107 const base::Closure& success_callback); | |
| 108 | |
| 109 // Transforms |user_context| so that it can be used by DoNNN methods. | |
| 110 // Currently it consists of hashing password with system salt if needed. | |
| 111 void TransformContext(const UserContext& user_context, | |
| 112 const ContextCallback& callback); | |
| 113 | |
| 114 private: | |
| 115 friend class base::RefCountedThreadSafe<ExtendedAuthenticator>; | |
| 116 | |
| 117 ~ExtendedAuthenticator(); | |
| 118 | |
| 119 typedef base::Callback<void(const std::string& system_salt)> | |
| 120 PendingHashCallback; | |
| 121 | |
| 122 // Callback for system salt getter. | |
| 123 void OnSaltObtained(const std::string& system_salt); | |
| 124 | |
| 125 // Updates UserContext (salts given key with system salt) if necessary. | |
| 126 void UpdateContextToMount(const UserContext& context, | |
| 127 const std::string& hashed_password); | |
| 128 void UpdateContextAndCheckKey(const UserContext& context, | |
| 129 const std::string& hashed_password); | |
| 130 | |
| 131 // Performs actual operation with fully configured |context|. | |
| 132 void DoAuthenticateToMount(const HashSuccessCallback& success_callback, | |
| 133 const UserContext& context); | |
| 134 void DoAuthenticateToCheck(const base::Closure& success_callback, | |
| 135 const UserContext& context); | |
| 136 void DoAddKey(const cryptohome::KeyDefinition& key, | |
| 137 bool replace_existing, | |
| 138 const base::Closure& success_callback, | |
| 139 const UserContext& context); | |
| 140 void DoUpdateKeyAuthorized(const cryptohome::KeyDefinition& key, | |
| 141 const std::string& signature, | |
| 142 const base::Closure& success_callback, | |
| 143 const UserContext& context); | |
| 144 void DoRemoveKey(const std::string& key_to_remove, | |
| 145 const base::Closure& success_callback, | |
| 146 const UserContext& context); | |
| 147 | |
| 148 // Inner operation callbacks. | |
| 149 void OnMountComplete(const std::string& time_marker, | |
| 150 const UserContext& context, | |
| 151 const HashSuccessCallback& success_callback, | |
| 152 bool success, | |
| 153 cryptohome::MountError return_code, | |
| 154 const std::string& mount_hash); | |
| 155 void OnOperationComplete(const std::string& time_marker, | |
| 156 const UserContext& context, | |
| 157 const base::Closure& success_callback, | |
| 158 bool success, | |
| 159 cryptohome::MountError return_code); | |
| 160 | |
| 161 // Inner implementation for hashing |password| with system salt. Will queue | |
| 162 // requests if |system_salt| is not known yet. | |
| 163 // Invokes |callback| with result. | |
| 164 void DoHashWithSalt(const std::string& password, | |
| 165 const HashSuccessCallback& callback, | |
| 166 const std::string& system_salt); | |
| 167 | |
| 168 // Callback from previous method. | |
| 169 void DidTransformContext(const UserContext& user_context, | |
| 170 const ContextCallback& callback, | |
| 171 const std::string& hashed_password); | |
| 172 | |
| 173 bool salt_obtained_; | |
| 174 std::string system_salt_; | |
| 175 std::vector<PendingHashCallback> hashing_queue_; | |
| 176 | |
| 177 AuthStatusConsumer* consumer_; | |
| 178 LoginStatusConsumer* old_consumer_; | |
| 179 | |
| 180 DISALLOW_COPY_AND_ASSIGN(ExtendedAuthenticator); | |
| 181 }; | |
| 182 | |
| 183 } // namespace chromeos | |
| 184 | |
| 185 #endif // CHROME_BROWSER_CHROMEOS_LOGIN_EXTENDED_AUTHENTICATOR_H_ | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 286933002:
[cros login] Split login related classes into subfolders. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src