OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/chromeos/login/managed/managed_user_creation_controller
_new.h" | 5 #include "chrome/browser/chromeos/login/managed/managed_user_creation_controller
_new.h" |
6 | 6 |
7 #include "base/base64.h" | 7 #include "base/base64.h" |
8 #include "base/bind.h" | 8 #include "base/bind.h" |
9 #include "base/file_util.h" | 9 #include "base/file_util.h" |
10 #include "base/files/file_path.h" | 10 #include "base/files/file_path.h" |
11 #include "base/strings/string_number_conversions.h" | 11 #include "base/strings/string_number_conversions.h" |
12 #include "base/strings/string_util.h" | 12 #include "base/strings/string_util.h" |
13 #include "base/sys_info.h" | 13 #include "base/sys_info.h" |
14 #include "base/task_runner_util.h" | 14 #include "base/task_runner_util.h" |
15 #include "base/threading/sequenced_worker_pool.h" | 15 #include "base/threading/sequenced_worker_pool.h" |
16 #include "base/values.h" | 16 #include "base/values.h" |
| 17 #include "chrome/browser/chromeos/login/auth/key.h" |
17 #include "chrome/browser/chromeos/login/auth/mount_manager.h" | 18 #include "chrome/browser/chromeos/login/auth/mount_manager.h" |
18 #include "chrome/browser/chromeos/login/auth/user_context.h" | 19 #include "chrome/browser/chromeos/login/auth/user_context.h" |
19 #include "chrome/browser/chromeos/login/managed/locally_managed_user_constants.h
" | 20 #include "chrome/browser/chromeos/login/managed/locally_managed_user_constants.h
" |
20 #include "chrome/browser/chromeos/login/managed/supervised_user_authentication.h
" | 21 #include "chrome/browser/chromeos/login/managed/supervised_user_authentication.h
" |
21 #include "chrome/browser/chromeos/login/users/supervised_user_manager.h" | 22 #include "chrome/browser/chromeos/login/users/supervised_user_manager.h" |
22 #include "chrome/browser/chromeos/login/users/user.h" | 23 #include "chrome/browser/chromeos/login/users/user.h" |
23 #include "chrome/browser/chromeos/login/users/user_manager.h" | 24 #include "chrome/browser/chromeos/login/users/user_manager.h" |
24 #include "chrome/browser/lifetime/application_lifetime.h" | 25 #include "chrome/browser/lifetime/application_lifetime.h" |
25 #include "chrome/browser/sync/profile_sync_service.h" | 26 #include "chrome/browser/sync/profile_sync_service.h" |
26 #include "chrome/browser/sync/profile_sync_service_factory.h" | 27 #include "chrome/browser/sync/profile_sync_service_factory.h" |
(...skipping 166 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
193 stage_ = KEYS_GENERATED; | 194 stage_ = KEYS_GENERATED; |
194 | 195 |
195 VLOG(1) << " Phase 2 : Create cryptohome"; | 196 VLOG(1) << " Phase 2 : Create cryptohome"; |
196 | 197 |
197 timeout_timer_.Start( | 198 timeout_timer_.Start( |
198 FROM_HERE, | 199 FROM_HERE, |
199 base::TimeDelta::FromSeconds(kUserCreationTimeoutSeconds), | 200 base::TimeDelta::FromSeconds(kUserCreationTimeoutSeconds), |
200 this, | 201 this, |
201 &ManagedUserCreationControllerNew::CreationTimedOut); | 202 &ManagedUserCreationControllerNew::CreationTimedOut); |
202 authenticator_ = new ExtendedAuthenticator(this); | 203 authenticator_ = new ExtendedAuthenticator(this); |
203 authenticator_->HashPasswordWithSalt( | 204 UserContext user_context; |
204 creation_context_->master_key, | 205 user_context.SetKey(Key(creation_context_->master_key)); |
205 base::Bind(&ManagedUserCreationControllerNew::OnPasswordHashingSuccess, | 206 authenticator_->TransformKeyIfNeeded( |
| 207 user_context, |
| 208 base::Bind(&ManagedUserCreationControllerNew::OnKeyTransformedIfNeeded, |
206 weak_factory_.GetWeakPtr())); | 209 weak_factory_.GetWeakPtr())); |
207 } | 210 } |
208 | 211 |
209 void ManagedUserCreationControllerNew::OnPasswordHashingSuccess( | 212 void ManagedUserCreationControllerNew::OnKeyTransformedIfNeeded( |
210 const std::string& password_hash) { | 213 const UserContext& user_context) { |
211 VLOG(1) << " Phase 2.1 : Got hashed master key"; | 214 VLOG(1) << " Phase 2.1 : Got hashed master key"; |
212 creation_context_->salted_master_key = password_hash; | 215 creation_context_->salted_master_key = user_context.GetKey()->GetSecret(); |
213 | 216 |
214 // Create home dir with two keys. | 217 // Create home dir with two keys. |
215 std::vector<cryptohome::KeyDefinition> keys; | 218 std::vector<cryptohome::KeyDefinition> keys; |
216 | 219 |
217 // Main key is the master key. Just as keys for plain GAIA users, it is salted | 220 // Main key is the master key. Just as keys for plain GAIA users, it is salted |
218 // with system salt. It has all usual privileges. | 221 // with system salt. It has all usual privileges. |
219 cryptohome::KeyDefinition master_key(creation_context_->salted_master_key, | 222 cryptohome::KeyDefinition master_key(creation_context_->salted_master_key, |
220 kCryptohomeMasterKeyLabel, | 223 kCryptohomeMasterKeyLabel, |
221 cryptohome::PRIV_DEFAULT); | 224 cryptohome::PRIV_DEFAULT); |
222 | 225 |
(...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
261 // Plain text password, hashed and salted with individual salt. | 264 // Plain text password, hashed and salted with individual salt. |
262 // It can be used for mounting homedir, and can be replaced only when signed. | 265 // It can be used for mounting homedir, and can be replaced only when signed. |
263 cryptohome::KeyDefinition password_key(creation_context_->salted_password, | 266 cryptohome::KeyDefinition password_key(creation_context_->salted_password, |
264 kCryptohomeManagedUserKeyLabel, | 267 kCryptohomeManagedUserKeyLabel, |
265 kCryptohomeManagedUserKeyPrivileges); | 268 kCryptohomeManagedUserKeyPrivileges); |
266 base::Base64Decode(creation_context_->encryption_key, | 269 base::Base64Decode(creation_context_->encryption_key, |
267 &password_key.encryption_key); | 270 &password_key.encryption_key); |
268 base::Base64Decode(creation_context_->signature_key, | 271 base::Base64Decode(creation_context_->signature_key, |
269 &password_key.signature_key); | 272 &password_key.signature_key); |
270 | 273 |
| 274 Key key(Key::KEY_TYPE_SALTED_PBKDF2_AES256_1234, |
| 275 creation_context_->salted_master_key, |
| 276 std::string()); // The salt is stored elsewhere. |
| 277 key.SetLabel(kCryptohomeMasterKeyLabel); |
271 UserContext context(creation_context_->local_user_id); | 278 UserContext context(creation_context_->local_user_id); |
272 context.SetPassword(creation_context_->salted_master_key); | 279 context.SetKey(key); |
273 context.SetDoesNeedPasswordHashing(false); | |
274 context.SetKeyLabel(kCryptohomeMasterKeyLabel); | |
275 context.SetIsUsingOAuth(false); | 280 context.SetIsUsingOAuth(false); |
276 | 281 |
277 authenticator_->AddKey( | 282 authenticator_->AddKey( |
278 context, | 283 context, |
279 password_key, | 284 password_key, |
280 true, | 285 true, |
281 base::Bind(&ManagedUserCreationControllerNew::OnAddKeySuccess, | 286 base::Bind(&ManagedUserCreationControllerNew::OnAddKeySuccess, |
282 weak_factory_.GetWeakPtr())); | 287 weak_factory_.GetWeakPtr())); |
283 } | 288 } |
284 | 289 |
(...skipping 102 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
387 creation_context_->registration_utility.reset(); | 392 creation_context_->registration_utility.reset(); |
388 chrome::AttemptUserExit(); | 393 chrome::AttemptUserExit(); |
389 } | 394 } |
390 | 395 |
391 std::string ManagedUserCreationControllerNew::GetManagedUserId() { | 396 std::string ManagedUserCreationControllerNew::GetManagedUserId() { |
392 DCHECK(creation_context_); | 397 DCHECK(creation_context_); |
393 return creation_context_->local_user_id; | 398 return creation_context_->local_user_id; |
394 } | 399 } |
395 | 400 |
396 } // namespace chromeos | 401 } // namespace chromeos |
OLD | NEW |