| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/login/managed/supervised_user_login_flow.h" | 5 #include "chrome/browser/chromeos/login/managed/supervised_user_login_flow.h" |
| 6 | 6 |
| 7 #include "base/base64.h" | 7 #include "base/base64.h" |
| 8 #include "base/logging.h" | 8 #include "base/logging.h" |
| 9 #include "base/metrics/histogram.h" | 9 #include "base/metrics/histogram.h" |
| 10 #include "base/prefs/pref_registry_simple.h" | 10 #include "base/prefs/pref_registry_simple.h" |
| (...skipping 114 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 125 UMA_HISTOGRAM_ENUMERATION( | 125 UMA_HISTOGRAM_ENUMERATION( |
| 126 "ManagedUsers.ChromeOS.PasswordChange", | 126 "ManagedUsers.ChromeOS.PasswordChange", |
| 127 SupervisedUserAuthentication::PASSWORD_CHANGE_FAILED_INCOMPLETE_DATA, | 127 SupervisedUserAuthentication::PASSWORD_CHANGE_FAILED_INCOMPLETE_DATA, |
| 128 SupervisedUserAuthentication::PASSWORD_CHANGE_RESULT_MAX_VALUE); | 128 SupervisedUserAuthentication::PASSWORD_CHANGE_RESULT_MAX_VALUE); |
| 129 Finish(); | 129 Finish(); |
| 130 return; | 130 return; |
| 131 } | 131 } |
| 132 base::Base64Decode(base64_signature, &signature); | 132 base::Base64Decode(base64_signature, &signature); |
| 133 scoped_ptr<base::DictionaryValue> data_copy(password_data->DeepCopy()); | 133 scoped_ptr<base::DictionaryValue> data_copy(password_data->DeepCopy()); |
| 134 cryptohome::KeyDefinition key(password, | 134 cryptohome::KeyDefinition key(password, |
| 135 kCryptohomeManagedUserKeyLabel, | 135 kCryptohomeSupervisedUserKeyLabel, |
| 136 kCryptohomeManagedUserKeyPrivileges); | 136 kCryptohomeSupervisedUserKeyPrivileges); |
| 137 | 137 |
| 138 authenticator_ = new ExtendedAuthenticator(this); | 138 authenticator_ = new ExtendedAuthenticator(this); |
| 139 SupervisedUserAuthentication::Schema current_schema = | 139 SupervisedUserAuthentication::Schema current_schema = |
| 140 auth->GetPasswordSchema(user_id()); | 140 auth->GetPasswordSchema(user_id()); |
| 141 | 141 |
| 142 key.revision = revision; | 142 key.revision = revision; |
| 143 | 143 |
| 144 if (SupervisedUserAuthentication::SCHEMA_PLAIN == current_schema) { | 144 if (SupervisedUserAuthentication::SCHEMA_PLAIN == current_schema) { |
| 145 // We need to add new key, and block old one. As we don't actually have | 145 // We need to add new key, and block old one. As we don't actually have |
| 146 // signature key, use Migrate privilege instead of AuthorizedUpdate. | 146 // signature key, use Migrate privilege instead of AuthorizedUpdate. |
| 147 key.privileges = kCryptohomeManagedUserIncompleteKeyPrivileges; | 147 key.privileges = kCryptohomeSupervisedUserIncompleteKeyPrivileges; |
| 148 | 148 |
| 149 VLOG(1) << "Adding new schema key"; | 149 VLOG(1) << "Adding new schema key"; |
| 150 DCHECK(context_.GetKey()->GetLabel().empty()); | 150 DCHECK(context_.GetKey()->GetLabel().empty()); |
| 151 authenticator_->AddKey(context_, | 151 authenticator_->AddKey(context_, |
| 152 key, | 152 key, |
| 153 false /* no key exists */, | 153 false /* no key exists */, |
| 154 base::Bind(&SupervisedUserLoginFlow::OnNewKeyAdded, | 154 base::Bind(&SupervisedUserLoginFlow::OnNewKeyAdded, |
| 155 weak_factory_.GetWeakPtr(), | 155 weak_factory_.GetWeakPtr(), |
| 156 Passed(&data_copy))); | 156 Passed(&data_copy))); |
| 157 } else if (SupervisedUserAuthentication::SCHEMA_SALT_HASHED == | 157 } else if (SupervisedUserAuthentication::SCHEMA_SALT_HASHED == |
| 158 current_schema) { | 158 current_schema) { |
| 159 VLOG(1) << "Updating the key"; | 159 VLOG(1) << "Updating the key"; |
| 160 | 160 |
| 161 if (auth->HasIncompleteKey(user_id())) { | 161 if (auth->HasIncompleteKey(user_id())) { |
| 162 // We need to use Migrate instead of Authorized Update privilege. | 162 // We need to use Migrate instead of Authorized Update privilege. |
| 163 key.privileges = kCryptohomeManagedUserIncompleteKeyPrivileges; | 163 key.privileges = kCryptohomeSupervisedUserIncompleteKeyPrivileges; |
| 164 } | 164 } |
| 165 // Just update the key. | 165 // Just update the key. |
| 166 DCHECK_EQ(context_.GetKey()->GetLabel(), kCryptohomeManagedUserKeyLabel); | 166 DCHECK_EQ(context_.GetKey()->GetLabel(), kCryptohomeSupervisedUserKeyLabel); |
| 167 authenticator_->UpdateKeyAuthorized( | 167 authenticator_->UpdateKeyAuthorized( |
| 168 context_, | 168 context_, |
| 169 key, | 169 key, |
| 170 signature, | 170 signature, |
| 171 base::Bind(&SupervisedUserLoginFlow::OnPasswordUpdated, | 171 base::Bind(&SupervisedUserLoginFlow::OnPasswordUpdated, |
| 172 weak_factory_.GetWeakPtr(), | 172 weak_factory_.GetWeakPtr(), |
| 173 Passed(&data_copy))); | 173 Passed(&data_copy))); |
| 174 } else { | 174 } else { |
| 175 NOTREACHED() << "Unsupported password schema"; | 175 NOTREACHED() << "Unsupported password schema"; |
| 176 } | 176 } |
| 177 } | 177 } |
| 178 | 178 |
| 179 void SupervisedUserLoginFlow::OnNewKeyAdded( | 179 void SupervisedUserLoginFlow::OnNewKeyAdded( |
| 180 scoped_ptr<base::DictionaryValue> password_data) { | 180 scoped_ptr<base::DictionaryValue> password_data) { |
| 181 VLOG(1) << "New key added"; | 181 VLOG(1) << "New key added"; |
| 182 SupervisedUserAuthentication* auth = | 182 SupervisedUserAuthentication* auth = |
| 183 UserManager::Get()->GetSupervisedUserManager()->GetAuthentication(); | 183 UserManager::Get()->GetSupervisedUserManager()->GetAuthentication(); |
| 184 auth->StorePasswordData(user_id(), *password_data.get()); | 184 auth->StorePasswordData(user_id(), *password_data.get()); |
| 185 auth->MarkKeyIncomplete(user_id(), true /* incomplete */); | 185 auth->MarkKeyIncomplete(user_id(), true /* incomplete */); |
| 186 authenticator_->RemoveKey( | 186 authenticator_->RemoveKey( |
| 187 context_, | 187 context_, |
| 188 kLegacyCryptohomeManagedUserKeyLabel, | 188 kLegacyCryptohomeSupervisedUserKeyLabel, |
| 189 base::Bind(&SupervisedUserLoginFlow::OnOldKeyRemoved, | 189 base::Bind(&SupervisedUserLoginFlow::OnOldKeyRemoved, |
| 190 weak_factory_.GetWeakPtr())); | 190 weak_factory_.GetWeakPtr())); |
| 191 } | 191 } |
| 192 | 192 |
| 193 void SupervisedUserLoginFlow::OnOldKeyRemoved() { | 193 void SupervisedUserLoginFlow::OnOldKeyRemoved() { |
| 194 UMA_HISTOGRAM_ENUMERATION( | 194 UMA_HISTOGRAM_ENUMERATION( |
| 195 "ManagedUsers.ChromeOS.PasswordChange", | 195 "ManagedUsers.ChromeOS.PasswordChange", |
| 196 SupervisedUserAuthentication::PASSWORD_CHANGED_IN_USER_SESSION, | 196 SupervisedUserAuthentication::PASSWORD_CHANGED_IN_USER_SESSION, |
| 197 SupervisedUserAuthentication::PASSWORD_CHANGE_RESULT_MAX_VALUE); | 197 SupervisedUserAuthentication::PASSWORD_CHANGE_RESULT_MAX_VALUE); |
| 198 Finish(); | 198 Finish(); |
| (...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 250 Profile* profile) { | 250 Profile* profile) { |
| 251 profile_ = profile; | 251 profile_ = profile; |
| 252 UserManager::Get()->GetSupervisedUserManager()->LoadSupervisedUserToken( | 252 UserManager::Get()->GetSupervisedUserManager()->LoadSupervisedUserToken( |
| 253 profile, | 253 profile, |
| 254 base::Bind( | 254 base::Bind( |
| 255 &SupervisedUserLoginFlow::OnSyncSetupDataLoaded, | 255 &SupervisedUserLoginFlow::OnSyncSetupDataLoaded, |
| 256 weak_factory_.GetWeakPtr())); | 256 weak_factory_.GetWeakPtr())); |
| 257 } | 257 } |
| 258 | 258 |
| 259 } // namespace chromeos | 259 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 335833003:
Rename "managed (mode|user)" to "supervised user" (part 2) (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src