OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/managed_mode/chromeos/manager_password_service.h" | 5 #include "chrome/browser/managed_mode/chromeos/manager_password_service.h" |
6 | 6 |
7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/logging.h" |
8 #include "base/metrics/histogram.h" | 9 #include "base/metrics/histogram.h" |
9 #include "base/values.h" | 10 #include "base/values.h" |
| 11 #include "chrome/browser/chromeos/login/auth/key.h" |
10 #include "chrome/browser/chromeos/login/auth/user_context.h" | 12 #include "chrome/browser/chromeos/login/auth/user_context.h" |
11 #include "chrome/browser/chromeos/login/managed/locally_managed_user_constants.h
" | 13 #include "chrome/browser/chromeos/login/managed/locally_managed_user_constants.h
" |
12 #include "chrome/browser/chromeos/login/managed/supervised_user_authentication.h
" | 14 #include "chrome/browser/chromeos/login/managed/supervised_user_authentication.h
" |
13 #include "chrome/browser/chromeos/login/users/supervised_user_manager.h" | 15 #include "chrome/browser/chromeos/login/users/supervised_user_manager.h" |
14 #include "chrome/browser/chromeos/login/users/user.h" | 16 #include "chrome/browser/chromeos/login/users/user.h" |
15 #include "chrome/browser/chromeos/login/users/user_manager.h" | 17 #include "chrome/browser/chromeos/login/users/user_manager.h" |
16 #include "chrome/browser/managed_mode/managed_user_constants.h" | 18 #include "chrome/browser/managed_mode/managed_user_constants.h" |
17 #include "chrome/browser/managed_mode/managed_user_sync_service.h" | 19 #include "chrome/browser/managed_mode/managed_user_sync_service.h" |
18 | 20 |
19 namespace chromeos { | 21 namespace chromeos { |
(...skipping 103 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
123 LOG(WARNING) << "Can not apply password change to " << user_id | 125 LOG(WARNING) << "Can not apply password change to " << user_id |
124 << ": no signature / encryption keys."; | 126 << ": no signature / encryption keys."; |
125 UMA_HISTOGRAM_ENUMERATION( | 127 UMA_HISTOGRAM_ENUMERATION( |
126 "ManagedUsers.ChromeOS.PasswordChange", | 128 "ManagedUsers.ChromeOS.PasswordChange", |
127 SupervisedUserAuthentication::PASSWORD_CHANGE_FAILED_NO_SIGNATURE_KEY, | 129 SupervisedUserAuthentication::PASSWORD_CHANGE_FAILED_NO_SIGNATURE_KEY, |
128 SupervisedUserAuthentication::PASSWORD_CHANGE_RESULT_MAX_VALUE); | 130 SupervisedUserAuthentication::PASSWORD_CHANGE_RESULT_MAX_VALUE); |
129 return; | 131 return; |
130 } | 132 } |
131 | 133 |
132 UserContext manager_key(user_id); | 134 UserContext manager_key(user_id); |
133 manager_key.SetPassword(master_key); | 135 manager_key.SetKey(Key(master_key)); |
134 manager_key.SetIsUsingOAuth(false); | 136 manager_key.SetIsUsingOAuth(false); |
135 | 137 |
136 // As master key can have old label, leave label field empty - it will work | 138 // As master key can have old label, leave label field empty - it will work |
137 // as wildcard. | 139 // as wildcard. |
138 | 140 |
139 std::string new_key; | 141 std::string new_key; |
140 int revision; | 142 int revision; |
141 | 143 |
142 bool has_data = password_data->GetStringWithoutPathExpansion( | 144 bool has_data = password_data->GetStringWithoutPathExpansion( |
143 kEncryptedPassword, &new_key); | 145 kEncryptedPassword, &new_key); |
(...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
198 | 200 |
199 if (auth->HasIncompleteKey(user_id)) | 201 if (auth->HasIncompleteKey(user_id)) |
200 auth->MarkKeyIncomplete(user_id, false /* key is complete now */); | 202 auth->MarkKeyIncomplete(user_id, false /* key is complete now */); |
201 | 203 |
202 // Check if we have legacy labels for keys. | 204 // Check if we have legacy labels for keys. |
203 // TODO(antrim): Migrate it to GetLabels call once wad@ implement it. | 205 // TODO(antrim): Migrate it to GetLabels call once wad@ implement it. |
204 if (old_schema == SupervisedUserAuthentication::SCHEMA_PLAIN) { | 206 if (old_schema == SupervisedUserAuthentication::SCHEMA_PLAIN) { |
205 // 1) Add new manager key (using old key). | 207 // 1) Add new manager key (using old key). |
206 // 2) Remove old supervised user key. | 208 // 2) Remove old supervised user key. |
207 // 3) Remove old manager key. | 209 // 3) Remove old manager key. |
208 authenticator_->TransformContext( | 210 authenticator_->TransformKeyIfNeeded( |
209 master_key_context, | 211 master_key_context, |
210 base::Bind(&ManagerPasswordService::OnContextTransformed, | 212 base::Bind(&ManagerPasswordService::OnKeyTransformedIfNeeded, |
211 weak_ptr_factory_.GetWeakPtr())); | 213 weak_ptr_factory_.GetWeakPtr())); |
212 } | 214 } |
213 } | 215 } |
214 | 216 |
215 void ManagerPasswordService::OnContextTransformed( | 217 void ManagerPasswordService::OnKeyTransformedIfNeeded( |
216 const UserContext& master_key_context) { | 218 const UserContext& master_key_context) { |
217 DCHECK(!master_key_context.DoesNeedPasswordHashing()); | 219 const Key* const key = master_key_context.GetKey(); |
218 cryptohome::KeyDefinition new_master_key(master_key_context.GetPassword(), | 220 DCHECK_NE(Key::KEY_TYPE_PASSWORD_PLAIN, key->GetKeyType()); |
| 221 cryptohome::KeyDefinition new_master_key(key->GetSecret(), |
219 kCryptohomeMasterKeyLabel, | 222 kCryptohomeMasterKeyLabel, |
220 cryptohome::PRIV_DEFAULT); | 223 cryptohome::PRIV_DEFAULT); |
221 // Use new master key for further actions. | 224 // Use new master key for further actions. |
222 UserContext new_master_key_context = master_key_context; | 225 UserContext new_master_key_context = master_key_context; |
223 new_master_key_context.SetKeyLabel(kCryptohomeMasterKeyLabel); | 226 new_master_key_context.GetKey()->SetLabel(kCryptohomeMasterKeyLabel); |
224 authenticator_->AddKey( | 227 authenticator_->AddKey( |
225 master_key_context, | 228 master_key_context, |
226 new_master_key, | 229 new_master_key, |
227 true /* replace existing */, | 230 true /* replace existing */, |
228 base::Bind(&ManagerPasswordService::OnNewManagerKeySuccess, | 231 base::Bind(&ManagerPasswordService::OnNewManagerKeySuccess, |
229 weak_ptr_factory_.GetWeakPtr(), | 232 weak_ptr_factory_.GetWeakPtr(), |
230 new_master_key_context)); | 233 new_master_key_context)); |
231 } | 234 } |
232 | 235 |
233 void ManagerPasswordService::OnNewManagerKeySuccess( | 236 void ManagerPasswordService::OnNewManagerKeySuccess( |
(...skipping 22 matching lines...) Expand all Loading... |
256 void ManagerPasswordService::OnOldManagerKeyDeleted( | 259 void ManagerPasswordService::OnOldManagerKeyDeleted( |
257 const UserContext& master_key_context) { | 260 const UserContext& master_key_context) { |
258 VLOG(1) << "Removed old master key for " << master_key_context.GetUserID(); | 261 VLOG(1) << "Removed old master key for " << master_key_context.GetUserID(); |
259 } | 262 } |
260 | 263 |
261 void ManagerPasswordService::Shutdown() { | 264 void ManagerPasswordService::Shutdown() { |
262 settings_service_subscription_.reset(); | 265 settings_service_subscription_.reset(); |
263 } | 266 } |
264 | 267 |
265 } // namespace chromeos | 268 } // namespace chromeos |
OLD | NEW |