chrome/browser/chromeos/login/supervised_user_manager_impl.cc - Issue 286933002: [cros login] Split login related classes into subfolders.

Side by Side Diff: chrome/browser/chromeos/login/supervised_user_manager_impl.cc

Issue 286933002: [cros login] Split login related classes into subfolders. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: fix includes in new tests Created 6 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
	(Empty)
1 // Copyright 2013 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.

4

5 #include "chrome/browser/chromeos/login/supervised_user_manager_impl.h"

6

7 #include "base/file_util.h"

8 #include "base/files/file_path.h"

9 #include "base/prefs/pref_registry_simple.h"

10 #include "base/prefs/pref_service.h"

11 #include "base/prefs/scoped_user_pref_update.h"

12 #include "base/strings/string_util.h"

13 #include "base/strings/stringprintf.h"

14 #include "base/strings/utf_string_conversions.h"

15 #include "base/threading/sequenced_worker_pool.h"

16 #include "base/values.h"

17 #include "chrome/browser/browser_process.h"

18 #include "chrome/browser/chromeos/login/managed/locally_managed_user_constants.h "

19 #include "chrome/browser/chromeos/login/managed/supervised_user_authentication.h "

20 #include "chrome/browser/chromeos/login/user_manager_impl.h"

21 #include "chrome/browser/chromeos/profiles/profile_helper.h"

22 #include "chrome/browser/managed_mode/managed_user_service.h"

23 #include "chrome/browser/managed_mode/managed_user_service_factory.h"

24 #include "chromeos/settings/cros_settings_names.h"

25 #include "content/public/browser/browser_thread.h"

26 #include "google_apis/gaia/gaia_auth_util.h"

27

28 using content::BrowserThread;

29

30 namespace {

31

32 // Names for pref keys in Local State.

33 // A map from locally managed user local user id to sync user id.

34 const char kManagedUserSyncId[] =

35 "ManagedUserSyncId";

36

37 // A map from locally managed user id to manager user id.

38 const char kManagedUserManagers[] =

39 "ManagedUserManagers";

40

41 // A map from locally managed user id to manager display name.

42 const char kManagedUserManagerNames[] =

43 "ManagedUserManagerNames";

44

45 // A map from locally managed user id to manager display e-mail.

46 const char kManagedUserManagerDisplayEmails[] =

47 "ManagedUserManagerDisplayEmails";

48

49 // A vector pref of the locally managed accounts defined on this device, that

50 // had not logged in yet.

51 const char kLocallyManagedUsersFirstRun[] = "LocallyManagedUsersFirstRun";

52

53 // A pref of the next id for locally managed users generation.

54 const char kLocallyManagedUsersNextId[] =

55 "LocallyManagedUsersNextId";

56

57 // A pref of the next id for locally managed users generation.

58 const char kLocallyManagedUserCreationTransactionDisplayName[] =

59 "LocallyManagedUserCreationTransactionDisplayName";

60

61 // A pref of the next id for locally managed users generation.

62 const char kLocallyManagedUserCreationTransactionUserId[] =

63 "LocallyManagedUserCreationTransactionUserId";

64

65 // A map from user id to password schema id.

66 const char kSupervisedUserPasswordSchema[] =

67 "SupervisedUserPasswordSchema";

68

69 // A map from user id to password salt.

70 const char kSupervisedUserPasswordSalt[] =

71 "SupervisedUserPasswordSalt";

72

73 // A map from user id to password revision.

74 const char kSupervisedUserPasswordRevision[] =

75 "SupervisedUserPasswordRevision";

76

77 // A map from user id to flag indicating if password should be updated upon

78 // signin.

79 const char kSupervisedUserNeedPasswordUpdate[] =

80 "SupervisedUserNeedPasswordUpdate";

81

82 // A map from user id to flag indicating if cryptohome does not have signature

83 // key.

84 const char kSupervisedUserIncompleteKey[] = "SupervisedUserHasIncompleteKey";

85

86 std::string LoadSyncToken(base::FilePath profile_dir) {

87 std::string token;

88 base::FilePath token_file =

89 profile_dir.Append(chromeos::kManagedUserTokenFilename);

90 VLOG(1) << "Loading" << token_file.value();

91 if (!base::ReadFileToString(token_file, &token))

92 return std::string();

93 return token;

94 }

95

96 } // namespace

97

98 namespace chromeos {

99

100 const char kSchemaVersion[] = "SchemaVersion";

101 const char kPasswordRevision[] = "PasswordRevision";

102 const char kSalt[] = "PasswordSalt";

103 const char kPasswordSignature[] = "PasswordSignature";

104 const char kEncryptedPassword[] = "EncryptedPassword";

105 const char kRequirePasswordUpdate[] = "RequirePasswordUpdate";

106 const char kHasIncompleteKey[] = "HasIncompleteKey";

107 const char kPasswordEncryptionKey[] = "password.hmac.encryption";

108 const char kPasswordSignatureKey[] = "password.hmac.signature";

109

110 const char kPasswordUpdateFile[] = "password.update";

111 const int kMinPasswordRevision = 1;

112

113 // static

114 void SupervisedUserManager::RegisterPrefs(PrefRegistrySimple* registry) {

115 registry->RegisterListPref(kLocallyManagedUsersFirstRun);

116 registry->RegisterIntegerPref(kLocallyManagedUsersNextId, 0);

117 registry->RegisterStringPref(

118 kLocallyManagedUserCreationTransactionDisplayName, "");

119 registry->RegisterStringPref(

120 kLocallyManagedUserCreationTransactionUserId, "");

121 registry->RegisterDictionaryPref(kManagedUserSyncId);

122 registry->RegisterDictionaryPref(kManagedUserManagers);

123 registry->RegisterDictionaryPref(kManagedUserManagerNames);

124 registry->RegisterDictionaryPref(kManagedUserManagerDisplayEmails);

125

126 registry->RegisterDictionaryPref(kSupervisedUserPasswordSchema);

127 registry->RegisterDictionaryPref(kSupervisedUserPasswordSalt);

128 registry->RegisterDictionaryPref(kSupervisedUserPasswordRevision);

129

130 registry->RegisterDictionaryPref(kSupervisedUserNeedPasswordUpdate);

131 registry->RegisterDictionaryPref(kSupervisedUserIncompleteKey);

132 }

133

134 SupervisedUserManagerImpl::SupervisedUserManagerImpl(UserManagerImpl* owner)

135 : owner_(owner),

136 cros_settings_(CrosSettings::Get()) {

137 // SupervisedUserManager instance should be used only on UI thread.

138 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));

139 authentication_.reset(new SupervisedUserAuthentication(this));

140 }

141

142 SupervisedUserManagerImpl::~SupervisedUserManagerImpl() {

143 }

144

145 std::string SupervisedUserManagerImpl::GenerateUserId() {

146 int counter = g_browser_process->local_state()->

147 GetInteger(kLocallyManagedUsersNextId);

148 std::string id;

149 bool user_exists;

150 do {

151 id = base::StringPrintf("%d@%s", counter,

152 UserManager::kLocallyManagedUserDomain);

153 counter++;

154 user_exists = (NULL != owner_->FindUser(id));

155 DCHECK(!user_exists);

156 if (user_exists) {

157 LOG(ERROR) << "Supervised user with id " << id << " already exists.";

158 }

159 } while (user_exists);

160

161 g_browser_process->local_state()->

162 SetInteger(kLocallyManagedUsersNextId, counter);

163

164 g_browser_process->local_state()->CommitPendingWrite();

165 return id;

166 }

167

168 bool SupervisedUserManagerImpl::HasSupervisedUsers(

169 const std::string& manager_id) const {

170 const UserList& users = owner_->GetUsers();

171 for (UserList::const_iterator it = users.begin(); it != users.end(); ++it) {

172 if ((*it)->GetType() == User::USER_TYPE_LOCALLY_MANAGED) {

173 if (manager_id == GetManagerUserId((*it)->email()))

174 return true;

175 }

176 }

177 return false;

178 }

179

180 const User* SupervisedUserManagerImpl::CreateUserRecord(

181 const std::string& manager_id,

182 const std::string& local_user_id,

183 const std::string& sync_user_id,

184 const base::string16& display_name) {

185 const User* user = FindByDisplayName(display_name);

186 DCHECK(!user);

187 if (user)

188 return user;

189 const User* manager = owner_->FindUser(manager_id);

190 CHECK(manager);

191

192 PrefService* local_state = g_browser_process->local_state();

193

194 User* new_user = User::CreateLocallyManagedUser(local_user_id);

195

196 owner_->AddUserRecord(new_user);

197

198 ListPrefUpdate prefs_new_users_update(local_state,

199 kLocallyManagedUsersFirstRun);

200 DictionaryPrefUpdate sync_id_update(local_state, kManagedUserSyncId);

201 DictionaryPrefUpdate manager_update(local_state, kManagedUserManagers);

202 DictionaryPrefUpdate manager_name_update(local_state,

203 kManagedUserManagerNames);

204 DictionaryPrefUpdate manager_email_update(local_state,

205 kManagedUserManagerDisplayEmails);

206

207 prefs_new_users_update->Insert(0, new base::StringValue(local_user_id));

208

209 sync_id_update->SetWithoutPathExpansion(local_user_id,

210 new base::StringValue(sync_user_id));

211 manager_update->SetWithoutPathExpansion(local_user_id,

212 new base::StringValue(manager->email()));

213 manager_name_update->SetWithoutPathExpansion(local_user_id,

214 new base::StringValue(manager->GetDisplayName()));

215 manager_email_update->SetWithoutPathExpansion(local_user_id,

216 new base::StringValue(manager->display_email()));

217

218 owner_->SaveUserDisplayName(local_user_id, display_name);

219

220 g_browser_process->local_state()->CommitPendingWrite();

221 return new_user;

222 }

223

224 std::string SupervisedUserManagerImpl::GetUserSyncId(const std::string& user_id)

225 const {

226 std::string result;

227 GetUserStringValue(user_id, kManagedUserSyncId, &result);

228 return result;

229 }

230

231 base::string16 SupervisedUserManagerImpl::GetManagerDisplayName(

232 const std::string& user_id) const {

233 PrefService* local_state = g_browser_process->local_state();

234 const base::DictionaryValue* manager_names =

235 local_state->GetDictionary(kManagedUserManagerNames);

236 base::string16 result;

237 if (manager_names->GetStringWithoutPathExpansion(user_id, &result) &&

238 !result.empty())

239 return result;

240 return base::UTF8ToUTF16(GetManagerDisplayEmail(user_id));

241 }

242

243 std::string SupervisedUserManagerImpl::GetManagerUserId(

244 const std::string& user_id) const {

245 std::string result;

246 GetUserStringValue(user_id, kManagedUserManagers, &result);

247 return result;

248 }

249

250 std::string SupervisedUserManagerImpl::GetManagerDisplayEmail(

251 const std::string& user_id) const {

252 std::string result;

253 if (GetUserStringValue(user_id, kManagedUserManagerDisplayEmails, &result) &&

254 !result.empty())

255 return result;

256 return GetManagerUserId(user_id);

257 }

258

259 void SupervisedUserManagerImpl::GetPasswordInformation(

260 const std::string& user_id,

261 base::DictionaryValue* result) {

262 int value;

263 if (GetUserIntegerValue(user_id, kSupervisedUserPasswordSchema, &value))

264 result->SetIntegerWithoutPathExpansion(kSchemaVersion, value);

265 if (GetUserIntegerValue(user_id, kSupervisedUserPasswordRevision, &value))

266 result->SetIntegerWithoutPathExpansion(kPasswordRevision, value);

267

268 bool flag;

269 if (GetUserBooleanValue(user_id, kSupervisedUserNeedPasswordUpdate, &flag))

270 result->SetBooleanWithoutPathExpansion(kRequirePasswordUpdate, flag);

271 if (GetUserBooleanValue(user_id, kSupervisedUserIncompleteKey, &flag))

272 result->SetBooleanWithoutPathExpansion(kHasIncompleteKey, flag);

273

274 std::string salt;

275 if (GetUserStringValue(user_id, kSupervisedUserPasswordSalt, &salt))

276 result->SetStringWithoutPathExpansion(kSalt, salt);

277 }

278

279 void SupervisedUserManagerImpl::SetPasswordInformation(

280 const std::string& user_id,

281 const base::DictionaryValue* password_info) {

282 int value;

283 if (password_info->GetIntegerWithoutPathExpansion(kSchemaVersion, &value))

284 SetUserIntegerValue(user_id, kSupervisedUserPasswordSchema, value);

285 if (password_info->GetIntegerWithoutPathExpansion(kPasswordRevision, &value))

286 SetUserIntegerValue(user_id, kSupervisedUserPasswordRevision, value);

287

288 bool flag;

289 if (password_info->GetBooleanWithoutPathExpansion(kRequirePasswordUpdate,

290 &flag)) {

291 SetUserBooleanValue(user_id, kSupervisedUserNeedPasswordUpdate, flag);

292 }

293 if (password_info->GetBooleanWithoutPathExpansion(kHasIncompleteKey, &flag))

294 SetUserBooleanValue(user_id, kSupervisedUserIncompleteKey, flag);

295

296 std::string salt;

297 if (password_info->GetStringWithoutPathExpansion(kSalt, &salt))

298 SetUserStringValue(user_id, kSupervisedUserPasswordSalt, salt);

299 g_browser_process->local_state()->CommitPendingWrite();

300 }

301

302 bool SupervisedUserManagerImpl::GetUserStringValue(

303 const std::string& user_id,

304 const char* key,

305 std::string* out_value) const {

306 PrefService* local_state = g_browser_process->local_state();

307 const base::DictionaryValue* dictionary = local_state->GetDictionary(key);

308 return dictionary->GetStringWithoutPathExpansion(user_id, out_value);

309 }

310

311 bool SupervisedUserManagerImpl::GetUserIntegerValue(

312 const std::string& user_id,

313 const char* key,

314 int* out_value) const {

315 PrefService* local_state = g_browser_process->local_state();

316 const base::DictionaryValue* dictionary = local_state->GetDictionary(key);

317 return dictionary->GetIntegerWithoutPathExpansion(user_id, out_value);

318 }

319

320 bool SupervisedUserManagerImpl::GetUserBooleanValue(const std::string& user_id,

321 const char* key,

322 bool* out_value) const {

323 PrefService* local_state = g_browser_process->local_state();

324 const base::DictionaryValue* dictionary = local_state->GetDictionary(key);

325 return dictionary->GetBooleanWithoutPathExpansion(user_id, out_value);

326 }

327

328 void SupervisedUserManagerImpl::SetUserStringValue(

329 const std::string& user_id,

330 const char* key,

331 const std::string& value) {

332 PrefService* local_state = g_browser_process->local_state();

333 DictionaryPrefUpdate update(local_state, key);

334 update->SetStringWithoutPathExpansion(user_id, value);

335 }

336

337 void SupervisedUserManagerImpl::SetUserIntegerValue(

338 const std::string& user_id,

339 const char* key,

340 const int value) {

341 PrefService* local_state = g_browser_process->local_state();

342 DictionaryPrefUpdate update(local_state, key);

343 update->SetIntegerWithoutPathExpansion(user_id, value);

344 }

345

346 void SupervisedUserManagerImpl::SetUserBooleanValue(const std::string& user_id,

347 const char* key,

348 const bool value) {

349 PrefService* local_state = g_browser_process->local_state();

350 DictionaryPrefUpdate update(local_state, key);

351 update->SetBooleanWithoutPathExpansion(user_id, value);

352 }

353

354 const User* SupervisedUserManagerImpl::FindByDisplayName(

355 const base::string16& display_name) const {

356 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));

357 const UserList& users = owner_->GetUsers();

358 for (UserList::const_iterator it = users.begin(); it != users.end(); ++it) {

359 if (((*it)->GetType() == User::USER_TYPE_LOCALLY_MANAGED) &&

360 ((*it)->display_name() == display_name)) {

361 return *it;

362 }

363 }

364 return NULL;

365 }

366

367 const User* SupervisedUserManagerImpl::FindBySyncId(

368 const std::string& sync_id) const {

369 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));

370 const UserList& users = owner_->GetUsers();

371 for (UserList::const_iterator it = users.begin(); it != users.end(); ++it) {

372 if (((*it)->GetType() == User::USER_TYPE_LOCALLY_MANAGED) &&

373 (GetUserSyncId((*it)->email()) == sync_id)) {

374 return *it;

375 }

376 }

377 return NULL;

378 }

379

380 void SupervisedUserManagerImpl::StartCreationTransaction(

381 const base::string16& display_name) {

382 g_browser_process->local_state()->

383 SetString(kLocallyManagedUserCreationTransactionDisplayName,

384 base::UTF16ToASCII(display_name));

385 g_browser_process->local_state()->CommitPendingWrite();

386 }

387

388 void SupervisedUserManagerImpl::SetCreationTransactionUserId(

389 const std::string& email) {

390 g_browser_process->local_state()->

391 SetString(kLocallyManagedUserCreationTransactionUserId,

392 email);

393 g_browser_process->local_state()->CommitPendingWrite();

394 }

395

396 void SupervisedUserManagerImpl::CommitCreationTransaction() {

397 g_browser_process->local_state()->

398 ClearPref(kLocallyManagedUserCreationTransactionDisplayName);

399 g_browser_process->local_state()->

400 ClearPref(kLocallyManagedUserCreationTransactionUserId);

401 g_browser_process->local_state()->CommitPendingWrite();

402 }

403

404 bool SupervisedUserManagerImpl::HasFailedUserCreationTransaction() {

405 return !(g_browser_process->local_state()->

406 GetString(kLocallyManagedUserCreationTransactionDisplayName).

407 empty());

408 }

409

410 void SupervisedUserManagerImpl::RollbackUserCreationTransaction() {

411 PrefService* prefs = g_browser_process->local_state();

412

413 std::string display_name = prefs->

414 GetString(kLocallyManagedUserCreationTransactionDisplayName);

415 std::string user_id = prefs->

416 GetString(kLocallyManagedUserCreationTransactionUserId);

417

418 LOG(WARNING) << "Cleaning up transaction for "

419 << display_name << "/" << user_id;

420

421 if (user_id.empty()) {

422 // Not much to do - just remove transaction.

423 prefs->ClearPref(kLocallyManagedUserCreationTransactionDisplayName);

424 prefs->CommitPendingWrite();

425 return;

426 }

427

428 if (gaia::ExtractDomainName(user_id) !=

429 UserManager::kLocallyManagedUserDomain) {

430 LOG(WARNING) << "Clean up transaction for non-locally managed user found :"

431 << user_id << ", will not remove data";

432 prefs->ClearPref(kLocallyManagedUserCreationTransactionDisplayName);

433 prefs->ClearPref(kLocallyManagedUserCreationTransactionUserId);

434 prefs->CommitPendingWrite();

435 return;

436 }

437 owner_->RemoveNonOwnerUserInternal(user_id, NULL);

438

439 prefs->ClearPref(kLocallyManagedUserCreationTransactionDisplayName);

440 prefs->ClearPref(kLocallyManagedUserCreationTransactionUserId);

441 prefs->CommitPendingWrite();

442 }

443

444 void SupervisedUserManagerImpl::RemoveNonCryptohomeData(

445 const std::string& user_id) {

446 PrefService* prefs = g_browser_process->local_state();

447 ListPrefUpdate prefs_new_users_update(prefs, kLocallyManagedUsersFirstRun);

448 prefs_new_users_update->Remove(base::StringValue(user_id), NULL);

449

450 CleanPref(user_id, kManagedUserSyncId);

451 CleanPref(user_id, kManagedUserManagers);

452 CleanPref(user_id, kManagedUserManagerNames);

453 CleanPref(user_id, kManagedUserManagerDisplayEmails);

454 CleanPref(user_id, kSupervisedUserPasswordSalt);

455 CleanPref(user_id, kSupervisedUserPasswordSchema);

456 CleanPref(user_id, kSupervisedUserPasswordRevision);

457 CleanPref(user_id, kSupervisedUserNeedPasswordUpdate);

458 CleanPref(user_id, kSupervisedUserIncompleteKey);

459 }

460

461 void SupervisedUserManagerImpl::CleanPref(const std::string& user_id,

462 const char* key) {

463 PrefService* prefs = g_browser_process->local_state();

464 DictionaryPrefUpdate dict_update(prefs, key);

465 dict_update->RemoveWithoutPathExpansion(user_id, NULL);

466 }

467

468 bool SupervisedUserManagerImpl::CheckForFirstRun(const std::string& user_id) {

469 ListPrefUpdate prefs_new_users_update(g_browser_process->local_state(),

470 kLocallyManagedUsersFirstRun);

471 return prefs_new_users_update->Remove(base::StringValue(user_id), NULL);

472 }

473

474 void SupervisedUserManagerImpl::UpdateManagerName(const std::string& manager_id,

475 const base::string16& new_display_name) {

476 PrefService* local_state = g_browser_process->local_state();

477

478 const base::DictionaryValue* manager_ids =

479 local_state->GetDictionary(kManagedUserManagers);

480

481 DictionaryPrefUpdate manager_name_update(local_state,

482 kManagedUserManagerNames);

483 for (base::DictionaryValue::Iterator it(*manager_ids); !it.IsAtEnd();

484 it.Advance()) {

485 std::string user_id;

486 bool has_manager_id = it.value().GetAsString(&user_id);

487 DCHECK(has_manager_id);

488 if (user_id == manager_id) {

489 manager_name_update->SetWithoutPathExpansion(

490 it.key(),

491 new base::StringValue(new_display_name));

492 }

493 }

494 }

495

496 SupervisedUserAuthentication* SupervisedUserManagerImpl::GetAuthentication() {

497 return authentication_.get();

498 }

499

500 void SupervisedUserManagerImpl::LoadSupervisedUserToken(

501 Profile* profile,

502 const LoadTokenCallback& callback) {

503 // TODO(antrim): use profile->GetPath() once we sure it is safe.

504 base::FilePath profile_dir = ProfileHelper::GetProfilePathByUserIdHash(

505 UserManager::Get()->GetUserByProfile(profile)->username_hash());

506 PostTaskAndReplyWithResult(

507 content::BrowserThread::GetBlockingPool(),

508 FROM_HERE,

509 base::Bind(&LoadSyncToken, profile_dir),

510 callback);

511 }

512

513 void SupervisedUserManagerImpl::ConfigureSyncWithToken(

514 Profile* profile,

515 const std::string& token) {

516 if (!token.empty())

517 ManagedUserServiceFactory::GetForProfile(profile)->InitSync(token);

518 }

519

520 } // namespace chromeos

OLD	NEW