| Index: chrome/browser/chromeos/login/auth/extended_authenticator.h
|
| diff --git a/chrome/browser/chromeos/login/auth/extended_authenticator.h b/chrome/browser/chromeos/login/auth/extended_authenticator.h
|
| index 1525a448c09671a6140a63c81811a0822ef87627..2f03a090a981042ef66a130e7eb2793c6b8c5208 100644
|
| --- a/chrome/browser/chromeos/login/auth/extended_authenticator.h
|
| +++ b/chrome/browser/chromeos/login/auth/extended_authenticator.h
|
| @@ -20,12 +20,12 @@ namespace chromeos {
|
| class LoginStatusConsumer;
|
| class UserContext;
|
|
|
| -// Interaction with cryptohome : mounting home dirs, create new home dirs,
|
| -// udpate passwords.
|
| +// Interaction with cryptohomed: mount home dirs, create new home dirs, update
|
| +// passwords.
|
| //
|
| // Typical flow:
|
| -// AuthenticateToMount() calls a Cryptohome to perform offline login,
|
| -// AuthenticateToCreate() calls a Cryptohome to create new cryptohome.
|
| +// AuthenticateToMount() calls cryptohomed to perform offline login,
|
| +// AuthenticateToCreate() calls cryptohomed to create new cryptohome.
|
| class ExtendedAuthenticator
|
| : public base::RefCountedThreadSafe<ExtendedAuthenticator> {
|
| public:
|
| @@ -36,7 +36,7 @@ class ExtendedAuthenticator
|
| FAILED_TPM, // Failed to mount/create cryptohome because of TPM error.
|
| };
|
|
|
| - typedef base::Callback<void(const std::string& hash)> HashSuccessCallback;
|
| + typedef base::Callback<void(const std::string& result)> ResultCallback;
|
| typedef base::Callback<void(const UserContext& context)> ContextCallback;
|
|
|
| class AuthStatusConsumer {
|
| @@ -52,84 +52,72 @@ class ExtendedAuthenticator
|
| // Updates consumer of the class.
|
| void SetConsumer(LoginStatusConsumer* consumer);
|
|
|
| - // This call will attempt to mount home dir for user, key (and key label)
|
| - // specified in |context|. If |context.need_password_hashing| is true, the key
|
| - // will be hashed with password salt before passing it to cryptohome. This
|
| - // call assumes that homedir already exist for user, otherwise call will
|
| - // result in error. On success username hash (used as mount point) will be
|
| - // passed to |success_callback|.
|
| + // This call will attempt to mount the home dir for the user, key (and key
|
| + // label) in |context|. If the key is of type KEY_TYPE_PASSWORD_PLAIN, it will
|
| + // be hashed with the system salt before being passed to cryptohomed. This
|
| + // call assumes that the home dir already exist for the user and will return
|
| + // an error otherwise. On success, the user ID hash (used as the mount point)
|
| + // will be passed to |success_callback|.
|
| void AuthenticateToMount(const UserContext& context,
|
| - const HashSuccessCallback& success_callback);
|
| + const ResultCallback& success_callback);
|
|
|
| - // This call will attempt to authenticate |user| with key (and key label)
|
| - // specified in |context|. No actions are taken upon authentication.
|
| + // This call will attempt to authenticate the user with the key (and key
|
| + // label) in |context|. No further actions are taken after authentication.
|
| void AuthenticateToCheck(const UserContext& context,
|
| const base::Closure& success_callback);
|
|
|
| - // This call will create and mount home dir for |user_id| with supplied
|
| - // |keys| if home dir is missing. If homedir already exist, the mount attempt
|
| - // will be performed using first key for |auth|.
|
| - // Note, that all keys in |keys| should be already hashed with system salt if
|
| - // it is necessary, this method does not alter them.
|
| + // This call will create and mount the home dir for |user_id| with the given
|
| + // |keys| if the home dir is missing. If the home dir exists already, a mount
|
| + // attempt will be performed using the first key in |keys| for authentication.
|
| + // Note that all |keys| should have been transformed from plain text already.
|
| + // This method does not alter them.
|
| void CreateMount(const std::string& user_id,
|
| const std::vector<cryptohome::KeyDefinition>& keys,
|
| - const HashSuccessCallback& success_callback);
|
| -
|
| - // Hashes |password| with system salt. Result will be passed to
|
| - // |success_callback|.
|
| - void HashPasswordWithSalt(const std::string& password,
|
| - const HashSuccessCallback& success_callback);
|
| -
|
| - // Attempts to add new |key| for user identified/authorized by |context|.
|
| - // If if key with same label already exist, behavior depends on
|
| - // |replace_existing| flag. If flag is set, old key will be replaced. If it
|
| - // is not set, attempt will lead to error.
|
| - // It is prohibited to use same key label both in |auth| and |key|.
|
| + const ResultCallback& success_callback);
|
| +
|
| + // Attempts to add a new |key| for the user identified/authorized by
|
| + // |context|. If a key with the same label already exists, the behavior
|
| + // depends on the |replace_existing| flag. If the flag is set, the old key is
|
| + // replaced. If the flag is not set, an error occurs. It is not allowed to
|
| + // replace the key used for authorization.
|
| void AddKey(const UserContext& context,
|
| const cryptohome::KeyDefinition& key,
|
| bool replace_existing,
|
| const base::Closure& success_callback);
|
|
|
| - // Attempts to perform an authorized update of the key specified in |context|
|
| - // with new |key|. Update is authorized by providing |signature| of the key.
|
| - // Original key should have |PRIV_AUTHORIZED_UPDATE| privilege to perform this
|
| - // operation. Key label in |context| and in |key| should be the same.
|
| + // Attempts to perform an authorized update of the key in |context| with the
|
| + // new |key|. The update is authorized by providing the |signature| of the
|
| + // key. The original key must have the |PRIV_AUTHORIZED_UPDATE| privilege to
|
| + // perform this operation. The key labels in |context| and in |key| should be
|
| + // the same.
|
| void UpdateKeyAuthorized(const UserContext& context,
|
| const cryptohome::KeyDefinition& key,
|
| const std::string& signature,
|
| const base::Closure& success_callback);
|
|
|
| - // Attempts to remove |key_to_remove|-labelled key for user
|
| - // identified/authorized by |context|. It is possible to remove the key used
|
| - // for authorization, although it should be done with extreme care.
|
| + // Attempts to remove the key labeled |key_to_remove| for the user identified/
|
| + // authorized by |context|. It is possible to remove the key used for
|
| + // authorization, although it should be done with extreme care.
|
| void RemoveKey(const UserContext& context,
|
| const std::string& key_to_remove,
|
| const base::Closure& success_callback);
|
|
|
| - // Transforms |user_context| so that it can be used by DoNNN methods.
|
| - // Currently it consists of hashing password with system salt if needed.
|
| - void TransformContext(const UserContext& user_context,
|
| - const ContextCallback& callback);
|
| + // Hashes the key in |user_context| with the system salt it its type is
|
| + // KEY_TYPE_PASSWORD_PLAIN and passes the resulting UserContext to the
|
| + // |callback|.
|
| + void TransformKeyIfNeeded(const UserContext& user_context,
|
| + const ContextCallback& callback);
|
|
|
| private:
|
| friend class base::RefCountedThreadSafe<ExtendedAuthenticator>;
|
|
|
| ~ExtendedAuthenticator();
|
|
|
| - typedef base::Callback<void(const std::string& system_salt)>
|
| - PendingHashCallback;
|
| -
|
| // Callback for system salt getter.
|
| void OnSaltObtained(const std::string& system_salt);
|
|
|
| - // Updates UserContext (salts given key with system salt) if necessary.
|
| - void UpdateContextToMount(const UserContext& context,
|
| - const std::string& hashed_password);
|
| - void UpdateContextAndCheckKey(const UserContext& context,
|
| - const std::string& hashed_password);
|
| -
|
| // Performs actual operation with fully configured |context|.
|
| - void DoAuthenticateToMount(const HashSuccessCallback& success_callback,
|
| + void DoAuthenticateToMount(const ResultCallback& success_callback,
|
| const UserContext& context);
|
| void DoAuthenticateToCheck(const base::Closure& success_callback,
|
| const UserContext& context);
|
| @@ -148,7 +136,7 @@ class ExtendedAuthenticator
|
| // Inner operation callbacks.
|
| void OnMountComplete(const std::string& time_marker,
|
| const UserContext& context,
|
| - const HashSuccessCallback& success_callback,
|
| + const ResultCallback& success_callback,
|
| bool success,
|
| cryptohome::MountError return_code,
|
| const std::string& mount_hash);
|
| @@ -158,21 +146,9 @@ class ExtendedAuthenticator
|
| bool success,
|
| cryptohome::MountError return_code);
|
|
|
| - // Inner implementation for hashing |password| with system salt. Will queue
|
| - // requests if |system_salt| is not known yet.
|
| - // Invokes |callback| with result.
|
| - void DoHashWithSalt(const std::string& password,
|
| - const HashSuccessCallback& callback,
|
| - const std::string& system_salt);
|
| -
|
| - // Callback from previous method.
|
| - void DidTransformContext(const UserContext& user_context,
|
| - const ContextCallback& callback,
|
| - const std::string& hashed_password);
|
| -
|
| bool salt_obtained_;
|
| std::string system_salt_;
|
| - std::vector<PendingHashCallback> hashing_queue_;
|
| + std::vector<base::Closure> system_salt_callbacks_;
|
|
|
| AuthStatusConsumer* consumer_;
|
| LoginStatusConsumer* old_consumer_;
|
|
|
Chromium Code Reviews
