Index: chrome/browser/chromeos/login/auth/extended_authenticator.h |
diff --git a/chrome/browser/chromeos/login/auth/extended_authenticator.h b/chrome/browser/chromeos/login/auth/extended_authenticator.h |
index 1525a448c09671a6140a63c81811a0822ef87627..2f03a090a981042ef66a130e7eb2793c6b8c5208 100644 |
--- a/chrome/browser/chromeos/login/auth/extended_authenticator.h |
+++ b/chrome/browser/chromeos/login/auth/extended_authenticator.h |
@@ -20,12 +20,12 @@ namespace chromeos { |
class LoginStatusConsumer; |
class UserContext; |
-// Interaction with cryptohome : mounting home dirs, create new home dirs, |
-// udpate passwords. |
+// Interaction with cryptohomed: mount home dirs, create new home dirs, update |
+// passwords. |
// |
// Typical flow: |
-// AuthenticateToMount() calls a Cryptohome to perform offline login, |
-// AuthenticateToCreate() calls a Cryptohome to create new cryptohome. |
+// AuthenticateToMount() calls cryptohomed to perform offline login, |
+// AuthenticateToCreate() calls cryptohomed to create new cryptohome. |
class ExtendedAuthenticator |
: public base::RefCountedThreadSafe<ExtendedAuthenticator> { |
public: |
@@ -36,7 +36,7 @@ class ExtendedAuthenticator |
FAILED_TPM, // Failed to mount/create cryptohome because of TPM error. |
}; |
- typedef base::Callback<void(const std::string& hash)> HashSuccessCallback; |
+ typedef base::Callback<void(const std::string& result)> ResultCallback; |
typedef base::Callback<void(const UserContext& context)> ContextCallback; |
class AuthStatusConsumer { |
@@ -52,84 +52,72 @@ class ExtendedAuthenticator |
// Updates consumer of the class. |
void SetConsumer(LoginStatusConsumer* consumer); |
- // This call will attempt to mount home dir for user, key (and key label) |
- // specified in |context|. If |context.need_password_hashing| is true, the key |
- // will be hashed with password salt before passing it to cryptohome. This |
- // call assumes that homedir already exist for user, otherwise call will |
- // result in error. On success username hash (used as mount point) will be |
- // passed to |success_callback|. |
+ // This call will attempt to mount the home dir for the user, key (and key |
+ // label) in |context|. If the key is of type KEY_TYPE_PASSWORD_PLAIN, it will |
+ // be hashed with the system salt before being passed to cryptohomed. This |
+ // call assumes that the home dir already exist for the user and will return |
+ // an error otherwise. On success, the user ID hash (used as the mount point) |
+ // will be passed to |success_callback|. |
void AuthenticateToMount(const UserContext& context, |
- const HashSuccessCallback& success_callback); |
+ const ResultCallback& success_callback); |
- // This call will attempt to authenticate |user| with key (and key label) |
- // specified in |context|. No actions are taken upon authentication. |
+ // This call will attempt to authenticate the user with the key (and key |
+ // label) in |context|. No further actions are taken after authentication. |
void AuthenticateToCheck(const UserContext& context, |
const base::Closure& success_callback); |
- // This call will create and mount home dir for |user_id| with supplied |
- // |keys| if home dir is missing. If homedir already exist, the mount attempt |
- // will be performed using first key for |auth|. |
- // Note, that all keys in |keys| should be already hashed with system salt if |
- // it is necessary, this method does not alter them. |
+ // This call will create and mount the home dir for |user_id| with the given |
+ // |keys| if the home dir is missing. If the home dir exists already, a mount |
+ // attempt will be performed using the first key in |keys| for authentication. |
+ // Note that all |keys| should have been transformed from plain text already. |
+ // This method does not alter them. |
void CreateMount(const std::string& user_id, |
const std::vector<cryptohome::KeyDefinition>& keys, |
- const HashSuccessCallback& success_callback); |
- |
- // Hashes |password| with system salt. Result will be passed to |
- // |success_callback|. |
- void HashPasswordWithSalt(const std::string& password, |
- const HashSuccessCallback& success_callback); |
- |
- // Attempts to add new |key| for user identified/authorized by |context|. |
- // If if key with same label already exist, behavior depends on |
- // |replace_existing| flag. If flag is set, old key will be replaced. If it |
- // is not set, attempt will lead to error. |
- // It is prohibited to use same key label both in |auth| and |key|. |
+ const ResultCallback& success_callback); |
+ |
+ // Attempts to add a new |key| for the user identified/authorized by |
+ // |context|. If a key with the same label already exists, the behavior |
+ // depends on the |replace_existing| flag. If the flag is set, the old key is |
+ // replaced. If the flag is not set, an error occurs. It is not allowed to |
+ // replace the key used for authorization. |
void AddKey(const UserContext& context, |
const cryptohome::KeyDefinition& key, |
bool replace_existing, |
const base::Closure& success_callback); |
- // Attempts to perform an authorized update of the key specified in |context| |
- // with new |key|. Update is authorized by providing |signature| of the key. |
- // Original key should have |PRIV_AUTHORIZED_UPDATE| privilege to perform this |
- // operation. Key label in |context| and in |key| should be the same. |
+ // Attempts to perform an authorized update of the key in |context| with the |
+ // new |key|. The update is authorized by providing the |signature| of the |
+ // key. The original key must have the |PRIV_AUTHORIZED_UPDATE| privilege to |
+ // perform this operation. The key labels in |context| and in |key| should be |
+ // the same. |
void UpdateKeyAuthorized(const UserContext& context, |
const cryptohome::KeyDefinition& key, |
const std::string& signature, |
const base::Closure& success_callback); |
- // Attempts to remove |key_to_remove|-labelled key for user |
- // identified/authorized by |context|. It is possible to remove the key used |
- // for authorization, although it should be done with extreme care. |
+ // Attempts to remove the key labeled |key_to_remove| for the user identified/ |
+ // authorized by |context|. It is possible to remove the key used for |
+ // authorization, although it should be done with extreme care. |
void RemoveKey(const UserContext& context, |
const std::string& key_to_remove, |
const base::Closure& success_callback); |
- // Transforms |user_context| so that it can be used by DoNNN methods. |
- // Currently it consists of hashing password with system salt if needed. |
- void TransformContext(const UserContext& user_context, |
- const ContextCallback& callback); |
+ // Hashes the key in |user_context| with the system salt it its type is |
+ // KEY_TYPE_PASSWORD_PLAIN and passes the resulting UserContext to the |
+ // |callback|. |
+ void TransformKeyIfNeeded(const UserContext& user_context, |
+ const ContextCallback& callback); |
private: |
friend class base::RefCountedThreadSafe<ExtendedAuthenticator>; |
~ExtendedAuthenticator(); |
- typedef base::Callback<void(const std::string& system_salt)> |
- PendingHashCallback; |
- |
// Callback for system salt getter. |
void OnSaltObtained(const std::string& system_salt); |
- // Updates UserContext (salts given key with system salt) if necessary. |
- void UpdateContextToMount(const UserContext& context, |
- const std::string& hashed_password); |
- void UpdateContextAndCheckKey(const UserContext& context, |
- const std::string& hashed_password); |
- |
// Performs actual operation with fully configured |context|. |
- void DoAuthenticateToMount(const HashSuccessCallback& success_callback, |
+ void DoAuthenticateToMount(const ResultCallback& success_callback, |
const UserContext& context); |
void DoAuthenticateToCheck(const base::Closure& success_callback, |
const UserContext& context); |
@@ -148,7 +136,7 @@ class ExtendedAuthenticator |
// Inner operation callbacks. |
void OnMountComplete(const std::string& time_marker, |
const UserContext& context, |
- const HashSuccessCallback& success_callback, |
+ const ResultCallback& success_callback, |
bool success, |
cryptohome::MountError return_code, |
const std::string& mount_hash); |
@@ -158,21 +146,9 @@ class ExtendedAuthenticator |
bool success, |
cryptohome::MountError return_code); |
- // Inner implementation for hashing |password| with system salt. Will queue |
- // requests if |system_salt| is not known yet. |
- // Invokes |callback| with result. |
- void DoHashWithSalt(const std::string& password, |
- const HashSuccessCallback& callback, |
- const std::string& system_salt); |
- |
- // Callback from previous method. |
- void DidTransformContext(const UserContext& user_context, |
- const ContextCallback& callback, |
- const std::string& hashed_password); |
- |
bool salt_obtained_; |
std::string system_salt_; |
- std::vector<PendingHashCallback> hashing_queue_; |
+ std::vector<base::Closure> system_salt_callbacks_; |
AuthStatusConsumer* consumer_; |
LoginStatusConsumer* old_consumer_; |