| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/managed_mode/chromeos/manager_password_service.h" | 5 #include "chrome/browser/managed_mode/chromeos/manager_password_service.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/logging.h" |
| 8 #include "base/metrics/histogram.h" | 9 #include "base/metrics/histogram.h" |
| 9 #include "base/values.h" | 10 #include "base/values.h" |
| 11 #include "chrome/browser/chromeos/login/auth/key.h" |
| 10 #include "chrome/browser/chromeos/login/auth/user_context.h" | 12 #include "chrome/browser/chromeos/login/auth/user_context.h" |
| 11 #include "chrome/browser/chromeos/login/managed/locally_managed_user_constants.h
" | 13 #include "chrome/browser/chromeos/login/managed/locally_managed_user_constants.h
" |
| 12 #include "chrome/browser/chromeos/login/managed/supervised_user_authentication.h
" | 14 #include "chrome/browser/chromeos/login/managed/supervised_user_authentication.h
" |
| 13 #include "chrome/browser/chromeos/login/users/supervised_user_manager.h" | 15 #include "chrome/browser/chromeos/login/users/supervised_user_manager.h" |
| 14 #include "chrome/browser/chromeos/login/users/user.h" | 16 #include "chrome/browser/chromeos/login/users/user.h" |
| 15 #include "chrome/browser/chromeos/login/users/user_manager.h" | 17 #include "chrome/browser/chromeos/login/users/user_manager.h" |
| 16 #include "chrome/browser/managed_mode/managed_user_constants.h" | 18 #include "chrome/browser/managed_mode/managed_user_constants.h" |
| 17 #include "chrome/browser/managed_mode/managed_user_sync_service.h" | 19 #include "chrome/browser/managed_mode/managed_user_sync_service.h" |
| 18 | 20 |
| 19 namespace chromeos { | 21 namespace chromeos { |
| (...skipping 103 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 123 LOG(WARNING) << "Can not apply password change to " << user_id | 125 LOG(WARNING) << "Can not apply password change to " << user_id |
| 124 << ": no signature / encryption keys."; | 126 << ": no signature / encryption keys."; |
| 125 UMA_HISTOGRAM_ENUMERATION( | 127 UMA_HISTOGRAM_ENUMERATION( |
| 126 "ManagedUsers.ChromeOS.PasswordChange", | 128 "ManagedUsers.ChromeOS.PasswordChange", |
| 127 SupervisedUserAuthentication::PASSWORD_CHANGE_FAILED_NO_SIGNATURE_KEY, | 129 SupervisedUserAuthentication::PASSWORD_CHANGE_FAILED_NO_SIGNATURE_KEY, |
| 128 SupervisedUserAuthentication::PASSWORD_CHANGE_RESULT_MAX_VALUE); | 130 SupervisedUserAuthentication::PASSWORD_CHANGE_RESULT_MAX_VALUE); |
| 129 return; | 131 return; |
| 130 } | 132 } |
| 131 | 133 |
| 132 UserContext manager_key(user_id); | 134 UserContext manager_key(user_id); |
| 133 manager_key.SetPassword(master_key); | 135 manager_key.SetKey(Key(master_key)); |
| 134 manager_key.SetIsUsingOAuth(false); | 136 manager_key.SetIsUsingOAuth(false); |
| 135 | 137 |
| 136 // As master key can have old label, leave label field empty - it will work | 138 // As master key can have old label, leave label field empty - it will work |
| 137 // as wildcard. | 139 // as wildcard. |
| 138 | 140 |
| 139 std::string new_key; | 141 std::string new_key; |
| 140 int revision; | 142 int revision; |
| 141 | 143 |
| 142 bool has_data = password_data->GetStringWithoutPathExpansion( | 144 bool has_data = password_data->GetStringWithoutPathExpansion( |
| 143 kEncryptedPassword, &new_key); | 145 kEncryptedPassword, &new_key); |
| (...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 198 | 200 |
| 199 if (auth->HasIncompleteKey(user_id)) | 201 if (auth->HasIncompleteKey(user_id)) |
| 200 auth->MarkKeyIncomplete(user_id, false /* key is complete now */); | 202 auth->MarkKeyIncomplete(user_id, false /* key is complete now */); |
| 201 | 203 |
| 202 // Check if we have legacy labels for keys. | 204 // Check if we have legacy labels for keys. |
| 203 // TODO(antrim): Migrate it to GetLabels call once wad@ implement it. | 205 // TODO(antrim): Migrate it to GetLabels call once wad@ implement it. |
| 204 if (old_schema == SupervisedUserAuthentication::SCHEMA_PLAIN) { | 206 if (old_schema == SupervisedUserAuthentication::SCHEMA_PLAIN) { |
| 205 // 1) Add new manager key (using old key). | 207 // 1) Add new manager key (using old key). |
| 206 // 2) Remove old supervised user key. | 208 // 2) Remove old supervised user key. |
| 207 // 3) Remove old manager key. | 209 // 3) Remove old manager key. |
| 208 authenticator_->TransformContext( | 210 authenticator_->TransformKeyIfNeeded( |
| 209 master_key_context, | 211 master_key_context, |
| 210 base::Bind(&ManagerPasswordService::OnContextTransformed, | 212 base::Bind(&ManagerPasswordService::OnKeyTransformedIfNeeded, |
| 211 weak_ptr_factory_.GetWeakPtr())); | 213 weak_ptr_factory_.GetWeakPtr())); |
| 212 } | 214 } |
| 213 } | 215 } |
| 214 | 216 |
| 215 void ManagerPasswordService::OnContextTransformed( | 217 void ManagerPasswordService::OnKeyTransformedIfNeeded( |
| 216 const UserContext& master_key_context) { | 218 const UserContext& master_key_context) { |
| 217 DCHECK(!master_key_context.DoesNeedPasswordHashing()); | 219 const Key* const key = master_key_context.GetKey(); |
| 218 cryptohome::KeyDefinition new_master_key(master_key_context.GetPassword(), | 220 DCHECK_NE(Key::KEY_TYPE_PASSWORD_PLAIN, key->GetKeyType()); |
| 221 cryptohome::KeyDefinition new_master_key(key->GetSecret(), |
| 219 kCryptohomeMasterKeyLabel, | 222 kCryptohomeMasterKeyLabel, |
| 220 cryptohome::PRIV_DEFAULT); | 223 cryptohome::PRIV_DEFAULT); |
| 221 // Use new master key for further actions. | 224 // Use new master key for further actions. |
| 222 UserContext new_master_key_context = master_key_context; | 225 UserContext new_master_key_context = master_key_context; |
| 223 new_master_key_context.SetKeyLabel(kCryptohomeMasterKeyLabel); | 226 new_master_key_context.GetKey()->SetLabel(kCryptohomeMasterKeyLabel); |
| 224 authenticator_->AddKey( | 227 authenticator_->AddKey( |
| 225 master_key_context, | 228 master_key_context, |
| 226 new_master_key, | 229 new_master_key, |
| 227 true /* replace existing */, | 230 true /* replace existing */, |
| 228 base::Bind(&ManagerPasswordService::OnNewManagerKeySuccess, | 231 base::Bind(&ManagerPasswordService::OnNewManagerKeySuccess, |
| 229 weak_ptr_factory_.GetWeakPtr(), | 232 weak_ptr_factory_.GetWeakPtr(), |
| 230 new_master_key_context)); | 233 new_master_key_context)); |
| 231 } | 234 } |
| 232 | 235 |
| 233 void ManagerPasswordService::OnNewManagerKeySuccess( | 236 void ManagerPasswordService::OnNewManagerKeySuccess( |
| (...skipping 22 matching lines...) Expand all Loading... |
| 256 void ManagerPasswordService::OnOldManagerKeyDeleted( | 259 void ManagerPasswordService::OnOldManagerKeyDeleted( |
| 257 const UserContext& master_key_context) { | 260 const UserContext& master_key_context) { |
| 258 VLOG(1) << "Removed old master key for " << master_key_context.GetUserID(); | 261 VLOG(1) << "Removed old master key for " << master_key_context.GetUserID(); |
| 259 } | 262 } |
| 260 | 263 |
| 261 void ManagerPasswordService::Shutdown() { | 264 void ManagerPasswordService::Shutdown() { |
| 262 settings_service_subscription_.reset(); | 265 settings_service_subscription_.reset(); |
| 263 } | 266 } |
| 264 | 267 |
| 265 } // namespace chromeos | 268 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
