| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/managed_mode/chromeos/manager_password_service.h" | 5 #include "chrome/browser/supervised_user/chromeos/manager_password_service.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/logging.h" | 8 #include "base/logging.h" |
| 9 #include "base/metrics/histogram.h" | 9 #include "base/metrics/histogram.h" |
| 10 #include "base/values.h" | 10 #include "base/values.h" |
| 11 #include "chrome/browser/chromeos/login/auth/key.h" | 11 #include "chrome/browser/chromeos/login/auth/key.h" |
| 12 #include "chrome/browser/chromeos/login/auth/user_context.h" | 12 #include "chrome/browser/chromeos/login/auth/user_context.h" |
| 13 #include "chrome/browser/chromeos/login/managed/locally_managed_user_constants.h
" | 13 #include "chrome/browser/chromeos/login/managed/locally_managed_user_constants.h
" |
| 14 #include "chrome/browser/chromeos/login/managed/supervised_user_authentication.h
" | 14 #include "chrome/browser/chromeos/login/managed/supervised_user_authentication.h
" |
| 15 #include "chrome/browser/chromeos/login/users/supervised_user_manager.h" | 15 #include "chrome/browser/chromeos/login/users/supervised_user_manager.h" |
| 16 #include "chrome/browser/chromeos/login/users/user.h" | 16 #include "chrome/browser/chromeos/login/users/user.h" |
| 17 #include "chrome/browser/chromeos/login/users/user_manager.h" | 17 #include "chrome/browser/chromeos/login/users/user_manager.h" |
| 18 #include "chrome/browser/managed_mode/managed_user_constants.h" | 18 #include "chrome/browser/supervised_user/supervised_user_constants.h" |
| 19 #include "chrome/browser/managed_mode/managed_user_sync_service.h" | 19 #include "chrome/browser/supervised_user/supervised_user_sync_service.h" |
| 20 | 20 |
| 21 namespace chromeos { | 21 namespace chromeos { |
| 22 | 22 |
| 23 ManagerPasswordService::ManagerPasswordService() : weak_ptr_factory_(this) {} | 23 ManagerPasswordService::ManagerPasswordService() : weak_ptr_factory_(this) {} |
| 24 | 24 |
| 25 ManagerPasswordService::~ManagerPasswordService() {} | 25 ManagerPasswordService::~ManagerPasswordService() {} |
| 26 | 26 |
| 27 void ManagerPasswordService::Init( | 27 void ManagerPasswordService::Init( |
| 28 const std::string& user_id, | 28 const std::string& user_id, |
| 29 ManagedUserSyncService* user_service, | 29 SupervisedUserSyncService* user_service, |
| 30 ManagedUserSharedSettingsService* shared_settings_service) { | 30 SupervisedUserSharedSettingsService* shared_settings_service) { |
| 31 user_id_ = user_id; | 31 user_id_ = user_id; |
| 32 user_service_ = user_service; | 32 user_service_ = user_service; |
| 33 settings_service_ = shared_settings_service; | 33 settings_service_ = shared_settings_service; |
| 34 settings_service_subscription_ = settings_service_->Subscribe( | 34 settings_service_subscription_ = settings_service_->Subscribe( |
| 35 base::Bind(&ManagerPasswordService::OnSharedSettingsChange, | 35 base::Bind(&ManagerPasswordService::OnSharedSettingsChange, |
| 36 weak_ptr_factory_.GetWeakPtr())); | 36 weak_ptr_factory_.GetWeakPtr())); |
| 37 | 37 |
| 38 authenticator_ = new ExtendedAuthenticator(this); | 38 authenticator_ = new ExtendedAuthenticator(this); |
| 39 | 39 |
| 40 UserManager* user_manager = UserManager::Get(); | 40 UserManager* user_manager = UserManager::Get(); |
| 41 | 41 |
| 42 SupervisedUserManager* supervised_user_manager = | 42 SupervisedUserManager* supervised_user_manager = |
| 43 user_manager->GetSupervisedUserManager(); | 43 user_manager->GetSupervisedUserManager(); |
| 44 | 44 |
| 45 const UserList& users = user_manager->GetUsers(); | 45 const UserList& users = user_manager->GetUsers(); |
| 46 | 46 |
| 47 for (UserList::const_iterator it = users.begin(); it != users.end(); ++it) { | 47 for (UserList::const_iterator it = users.begin(); it != users.end(); ++it) { |
| 48 if ((*it)->GetType() != User::USER_TYPE_LOCALLY_MANAGED) | 48 if ((*it)->GetType() != User::USER_TYPE_LOCALLY_MANAGED) |
| 49 continue; | 49 continue; |
| 50 if (user_id != supervised_user_manager->GetManagerUserId((*it)->email())) | 50 if (user_id != supervised_user_manager->GetManagerUserId((*it)->email())) |
| 51 continue; | 51 continue; |
| 52 OnSharedSettingsChange( | 52 OnSharedSettingsChange( |
| 53 supervised_user_manager->GetUserSyncId((*it)->email()), | 53 supervised_user_manager->GetUserSyncId((*it)->email()), |
| 54 managed_users::kChromeOSPasswordData); | 54 supervised_users::kChromeOSPasswordData); |
| 55 } | 55 } |
| 56 } | 56 } |
| 57 | 57 |
| 58 void ManagerPasswordService::OnSharedSettingsChange( | 58 void ManagerPasswordService::OnSharedSettingsChange( |
| 59 const std::string& mu_id, | 59 const std::string& su_id, |
| 60 const std::string& key) { | 60 const std::string& key) { |
| 61 if (key != managed_users::kChromeOSPasswordData) | 61 if (key != supervised_users::kChromeOSPasswordData) |
| 62 return; | 62 return; |
| 63 | 63 |
| 64 SupervisedUserManager* supervised_user_manager = | 64 SupervisedUserManager* supervised_user_manager = |
| 65 UserManager::Get()->GetSupervisedUserManager(); | 65 UserManager::Get()->GetSupervisedUserManager(); |
| 66 const User* user = supervised_user_manager->FindBySyncId(mu_id); | 66 const User* user = supervised_user_manager->FindBySyncId(su_id); |
| 67 // No user on device. | 67 // No user on device. |
| 68 if (user == NULL) | 68 if (user == NULL) |
| 69 return; | 69 return; |
| 70 | 70 |
| 71 const base::Value* value = settings_service_->GetValue(mu_id, key); | 71 const base::Value* value = settings_service_->GetValue(su_id, key); |
| 72 | 72 |
| 73 if (value == NULL) { | 73 if (value == NULL) { |
| 74 LOG(WARNING) << "Got empty value from sync."; | 74 LOG(WARNING) << "Got empty value from sync."; |
| 75 return; | 75 return; |
| 76 } | 76 } |
| 77 const base::DictionaryValue* dict; | 77 const base::DictionaryValue* dict; |
| 78 if (!value->GetAsDictionary(&dict)) { | 78 if (!value->GetAsDictionary(&dict)) { |
| 79 LOG(WARNING) << "Got non-dictionary value from sync."; | 79 LOG(WARNING) << "Got non-dictionary value from sync."; |
| 80 return; | 80 return; |
| 81 } | 81 } |
| 82 | 82 |
| 83 SupervisedUserAuthentication* auth = | 83 SupervisedUserAuthentication* auth = |
| 84 supervised_user_manager->GetAuthentication(); | 84 supervised_user_manager->GetAuthentication(); |
| 85 | 85 |
| 86 if (!auth->NeedPasswordChange(user->email(), dict) && | 86 if (!auth->NeedPasswordChange(user->email(), dict) && |
| 87 !auth->HasIncompleteKey(user->email())) { | 87 !auth->HasIncompleteKey(user->email())) { |
| 88 return; | 88 return; |
| 89 } | 89 } |
| 90 scoped_ptr<base::DictionaryValue> wrapper(dict->DeepCopy()); | 90 scoped_ptr<base::DictionaryValue> wrapper(dict->DeepCopy()); |
| 91 user_service_->GetManagedUsersAsync( | 91 user_service_->GetSupervisedUsersAsync( |
| 92 base::Bind(&ManagerPasswordService::GetManagedUsersCallback, | 92 base::Bind(&ManagerPasswordService::GetSupervisedUsersCallback, |
| 93 weak_ptr_factory_.GetWeakPtr(), | 93 weak_ptr_factory_.GetWeakPtr(), |
| 94 mu_id, | 94 su_id, |
| 95 user->email(), | 95 user->email(), |
| 96 Passed(&wrapper))); | 96 Passed(&wrapper))); |
| 97 } | 97 } |
| 98 | 98 |
| 99 void ManagerPasswordService::GetManagedUsersCallback( | 99 void ManagerPasswordService::GetSupervisedUsersCallback( |
| 100 const std::string& sync_mu_id, | 100 const std::string& sync_su_id, |
| 101 const std::string& user_id, | 101 const std::string& user_id, |
| 102 scoped_ptr<base::DictionaryValue> password_data, | 102 scoped_ptr<base::DictionaryValue> password_data, |
| 103 const base::DictionaryValue* managed_users) { | 103 const base::DictionaryValue* supervised_users) { |
| 104 const base::DictionaryValue* managed_user = NULL; | 104 const base::DictionaryValue* supervised_user = NULL; |
| 105 if (!managed_users->GetDictionary(sync_mu_id, &managed_user)) | 105 if (!supervised_users->GetDictionary(sync_su_id, &supervised_user)) |
| 106 return; | 106 return; |
| 107 std::string master_key; | 107 std::string master_key; |
| 108 std::string encryption_key; | 108 std::string encryption_key; |
| 109 std::string signature_key; | 109 std::string signature_key; |
| 110 if (!managed_user->GetString(ManagedUserSyncService::kMasterKey, | 110 if (!supervised_user->GetString(SupervisedUserSyncService::kMasterKey, |
| 111 &master_key)) { | 111 &master_key)) { |
| 112 LOG(WARNING) << "Can not apply password change to " << user_id | 112 LOG(WARNING) << "Can not apply password change to " << user_id |
| 113 << ": no master key found"; | 113 << ": no master key found"; |
| 114 UMA_HISTOGRAM_ENUMERATION( | 114 UMA_HISTOGRAM_ENUMERATION( |
| 115 "ManagedUsers.ChromeOS.PasswordChange", | 115 "ManagedUsers.ChromeOS.PasswordChange", |
| 116 SupervisedUserAuthentication::PASSWORD_CHANGE_FAILED_NO_MASTER_KEY, | 116 SupervisedUserAuthentication::PASSWORD_CHANGE_FAILED_NO_MASTER_KEY, |
| 117 SupervisedUserAuthentication::PASSWORD_CHANGE_RESULT_MAX_VALUE); | 117 SupervisedUserAuthentication::PASSWORD_CHANGE_RESULT_MAX_VALUE); |
| 118 return; | 118 return; |
| 119 } | 119 } |
| 120 | 120 |
| 121 if (!managed_user->GetString(ManagedUserSyncService::kPasswordSignatureKey, | 121 if (!supervised_user->GetString( |
| 122 &signature_key) || | 122 SupervisedUserSyncService::kPasswordSignatureKey, &signature_key) || |
| 123 !managed_user->GetString(ManagedUserSyncService::kPasswordEncryptionKey, | 123 !supervised_user->GetString( |
| 124 &encryption_key)) { | 124 SupervisedUserSyncService::kPasswordEncryptionKey, |
| 125 &encryption_key)) { |
| 125 LOG(WARNING) << "Can not apply password change to " << user_id | 126 LOG(WARNING) << "Can not apply password change to " << user_id |
| 126 << ": no signature / encryption keys."; | 127 << ": no signature / encryption keys."; |
| 127 UMA_HISTOGRAM_ENUMERATION( | 128 UMA_HISTOGRAM_ENUMERATION( |
| 128 "ManagedUsers.ChromeOS.PasswordChange", | 129 "ManagedUsers.ChromeOS.PasswordChange", |
| 129 SupervisedUserAuthentication::PASSWORD_CHANGE_FAILED_NO_SIGNATURE_KEY, | 130 SupervisedUserAuthentication::PASSWORD_CHANGE_FAILED_NO_SIGNATURE_KEY, |
| 130 SupervisedUserAuthentication::PASSWORD_CHANGE_RESULT_MAX_VALUE); | 131 SupervisedUserAuthentication::PASSWORD_CHANGE_RESULT_MAX_VALUE); |
| 131 return; | 132 return; |
| 132 } | 133 } |
| 133 | 134 |
| 134 UserContext manager_key(user_id); | 135 UserContext manager_key(user_id); |
| (...skipping 15 matching lines...) Expand all Loading... |
| 150 << ": incomplete password data."; | 151 << ": incomplete password data."; |
| 151 UMA_HISTOGRAM_ENUMERATION( | 152 UMA_HISTOGRAM_ENUMERATION( |
| 152 "ManagedUsers.ChromeOS.PasswordChange", | 153 "ManagedUsers.ChromeOS.PasswordChange", |
| 153 SupervisedUserAuthentication::PASSWORD_CHANGE_FAILED_NO_PASSWORD_DATA, | 154 SupervisedUserAuthentication::PASSWORD_CHANGE_FAILED_NO_PASSWORD_DATA, |
| 154 SupervisedUserAuthentication::PASSWORD_CHANGE_RESULT_MAX_VALUE); | 155 SupervisedUserAuthentication::PASSWORD_CHANGE_RESULT_MAX_VALUE); |
| 155 return; | 156 return; |
| 156 } | 157 } |
| 157 | 158 |
| 158 cryptohome::KeyDefinition new_key_definition( | 159 cryptohome::KeyDefinition new_key_definition( |
| 159 new_key, | 160 new_key, |
| 160 kCryptohomeManagedUserKeyLabel, | 161 kCryptohomeSupervisedUserKeyLabel, |
| 161 cryptohome::PRIV_AUTHORIZED_UPDATE || cryptohome::PRIV_MOUNT); | 162 cryptohome::PRIV_AUTHORIZED_UPDATE || cryptohome::PRIV_MOUNT); |
| 162 new_key_definition.revision = revision; | 163 new_key_definition.revision = revision; |
| 163 | 164 |
| 164 new_key_definition.encryption_key = encryption_key; | 165 new_key_definition.encryption_key = encryption_key; |
| 165 new_key_definition.signature_key = signature_key; | 166 new_key_definition.signature_key = signature_key; |
| 166 | 167 |
| 167 authenticator_->AddKey(manager_key, | 168 authenticator_->AddKey(manager_key, |
| 168 new_key_definition, | 169 new_key_definition, |
| 169 true /* replace existing */, | 170 true /* replace existing */, |
| 170 base::Bind(&ManagerPasswordService::OnAddKeySuccess, | 171 base::Bind(&ManagerPasswordService::OnAddKeySuccess, |
| (...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 231 base::Bind(&ManagerPasswordService::OnNewManagerKeySuccess, | 232 base::Bind(&ManagerPasswordService::OnNewManagerKeySuccess, |
| 232 weak_ptr_factory_.GetWeakPtr(), | 233 weak_ptr_factory_.GetWeakPtr(), |
| 233 new_master_key_context)); | 234 new_master_key_context)); |
| 234 } | 235 } |
| 235 | 236 |
| 236 void ManagerPasswordService::OnNewManagerKeySuccess( | 237 void ManagerPasswordService::OnNewManagerKeySuccess( |
| 237 const UserContext& master_key_context) { | 238 const UserContext& master_key_context) { |
| 238 VLOG(1) << "Added new master key for " << master_key_context.GetUserID(); | 239 VLOG(1) << "Added new master key for " << master_key_context.GetUserID(); |
| 239 authenticator_->RemoveKey( | 240 authenticator_->RemoveKey( |
| 240 master_key_context, | 241 master_key_context, |
| 241 kLegacyCryptohomeManagedUserKeyLabel, | 242 kLegacyCryptohomeSupervisedUserKeyLabel, |
| 242 base::Bind(&ManagerPasswordService::OnOldManagedUserKeyDeleted, | 243 base::Bind(&ManagerPasswordService::OnOldSupervisedUserKeyDeleted, |
| 243 weak_ptr_factory_.GetWeakPtr(), | 244 weak_ptr_factory_.GetWeakPtr(), |
| 244 master_key_context)); | 245 master_key_context)); |
| 245 } | 246 } |
| 246 | 247 |
| 247 void ManagerPasswordService::OnOldManagedUserKeyDeleted( | 248 void ManagerPasswordService::OnOldSupervisedUserKeyDeleted( |
| 248 const UserContext& master_key_context) { | 249 const UserContext& master_key_context) { |
| 249 VLOG(1) << "Removed old managed user key for " | 250 VLOG(1) << "Removed old supervised user key for " |
| 250 << master_key_context.GetUserID(); | 251 << master_key_context.GetUserID(); |
| 251 authenticator_->RemoveKey( | 252 authenticator_->RemoveKey( |
| 252 master_key_context, | 253 master_key_context, |
| 253 kLegacyCryptohomeMasterKeyLabel, | 254 kLegacyCryptohomeMasterKeyLabel, |
| 254 base::Bind(&ManagerPasswordService::OnOldManagerKeyDeleted, | 255 base::Bind(&ManagerPasswordService::OnOldManagerKeyDeleted, |
| 255 weak_ptr_factory_.GetWeakPtr(), | 256 weak_ptr_factory_.GetWeakPtr(), |
| 256 master_key_context)); | 257 master_key_context)); |
| 257 } | 258 } |
| 258 | 259 |
| 259 void ManagerPasswordService::OnOldManagerKeyDeleted( | 260 void ManagerPasswordService::OnOldManagerKeyDeleted( |
| 260 const UserContext& master_key_context) { | 261 const UserContext& master_key_context) { |
| 261 VLOG(1) << "Removed old master key for " << master_key_context.GetUserID(); | 262 VLOG(1) << "Removed old master key for " << master_key_context.GetUserID(); |
| 262 } | 263 } |
| 263 | 264 |
| 264 void ManagerPasswordService::Shutdown() { | 265 void ManagerPasswordService::Shutdown() { |
| 265 settings_service_subscription_.reset(); | 266 settings_service_subscription_.reset(); |
| 266 } | 267 } |
| 267 | 268 |
| 268 } // namespace chromeos | 269 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 335833003:
Rename "managed (mode|user)" to "supervised user" (part 2) (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src