Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(612)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/chromeos/login/auth/extended_authenticator.h

Issue 391373002: Refactoring : Move AuthAttempt and Authenticators to chromeos/login (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Merge w/ToT Created 6 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « chrome/browser/chromeos/login/auth/authenticator.cc ('k') | chrome/browser/chromeos/login/auth/extended_authenticator.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #ifndef CHROME_BROWSER_CHROMEOS_LOGIN_AUTH_EXTENDED_AUTHENTICATOR_H_
6 #define CHROME_BROWSER_CHROMEOS_LOGIN_AUTH_EXTENDED_AUTHENTICATOR_H_
7
8 #include <string>
9
10 #include "base/basictypes.h"
11 #include "base/callback.h"
12 #include "base/compiler_specific.h"
13 #include "base/memory/ref_counted.h"
14 #include "base/memory/scoped_ptr.h"
15 #include "chromeos/cryptohome/cryptohome_parameters.h"
16 #include "third_party/cros_system_api/dbus/service_constants.h"
17
18 namespace chromeos {
19
20 class AuthStatusConsumer;
21 class UserContext;
22
23 // Interaction with cryptohomed: mount home dirs, create new home dirs, update
24 // passwords.
25 //
26 // Typical flow:
27 // AuthenticateToMount() calls cryptohomed to perform offline login,
28 // AuthenticateToCreate() calls cryptohomed to create new cryptohome.
29 class ExtendedAuthenticator
30 : public base::RefCountedThreadSafe<ExtendedAuthenticator> {
31 public:
32 enum AuthState {
33 SUCCESS, // Login succeeded.
34 NO_MOUNT, // No cryptohome exist for user.
35 FAILED_MOUNT, // Failed to mount existing cryptohome - login failed.
36 FAILED_TPM, // Failed to mount/create cryptohome because of TPM error.
37 };
38
39 typedef base::Callback<void(const std::string& result)> ResultCallback;
40 typedef base::Callback<void(const UserContext& context)> ContextCallback;
41
42 class NewAuthStatusConsumer {
43 public:
44 virtual ~NewAuthStatusConsumer() {}
45 // The current login attempt has ended in failure, with error.
46 virtual void OnAuthenticationFailure(AuthState state) = 0;
47 };
48
49 explicit ExtendedAuthenticator(NewAuthStatusConsumer* consumer);
50 explicit ExtendedAuthenticator(AuthStatusConsumer* consumer);
51
52 // Updates consumer of the class.
53 void SetConsumer(AuthStatusConsumer* consumer);
54
55 // This call will attempt to mount the home dir for the user, key (and key
56 // label) in |context|. If the key is of type KEY_TYPE_PASSWORD_PLAIN, it will
57 // be hashed with the system salt before being passed to cryptohomed. This
58 // call assumes that the home dir already exist for the user and will return
59 // an error otherwise. On success, the user ID hash (used as the mount point)
60 // will be passed to |success_callback|.
61 void AuthenticateToMount(const UserContext& context,
62 const ResultCallback& success_callback);
63
64 // This call will attempt to authenticate the user with the key (and key
65 // label) in |context|. No further actions are taken after authentication.
66 void AuthenticateToCheck(const UserContext& context,
67 const base::Closure& success_callback);
68
69 // This call will create and mount the home dir for |user_id| with the given
70 // |keys| if the home dir is missing. If the home dir exists already, a mount
71 // attempt will be performed using the first key in |keys| for authentication.
72 // Note that all |keys| should have been transformed from plain text already.
73 // This method does not alter them.
74 void CreateMount(const std::string& user_id,
75 const std::vector<cryptohome::KeyDefinition>& keys,
76 const ResultCallback& success_callback);
77
78 // Attempts to add a new |key| for the user identified/authorized by
79 // |context|. If a key with the same label already exists, the behavior
80 // depends on the |replace_existing| flag. If the flag is set, the old key is
81 // replaced. If the flag is not set, an error occurs. It is not allowed to
82 // replace the key used for authorization.
83 void AddKey(const UserContext& context,
84 const cryptohome::KeyDefinition& key,
85 bool replace_existing,
86 const base::Closure& success_callback);
87
88 // Attempts to perform an authorized update of the key in |context| with the
89 // new |key|. The update is authorized by providing the |signature| of the
90 // key. The original key must have the |PRIV_AUTHORIZED_UPDATE| privilege to
91 // perform this operation. The key labels in |context| and in |key| should be
92 // the same.
93 void UpdateKeyAuthorized(const UserContext& context,
94 const cryptohome::KeyDefinition& key,
95 const std::string& signature,
96 const base::Closure& success_callback);
97
98 // Attempts to remove the key labeled |key_to_remove| for the user identified/
99 // authorized by |context|. It is possible to remove the key used for
100 // authorization, although it should be done with extreme care.
101 void RemoveKey(const UserContext& context,
102 const std::string& key_to_remove,
103 const base::Closure& success_callback);
104
105 // Hashes the key in |user_context| with the system salt it its type is
106 // KEY_TYPE_PASSWORD_PLAIN and passes the resulting UserContext to the
107 // |callback|.
108 void TransformKeyIfNeeded(const UserContext& user_context,
109 const ContextCallback& callback);
110
111 private:
112 friend class base::RefCountedThreadSafe<ExtendedAuthenticator>;
113
114 ~ExtendedAuthenticator();
115
116 // Callback for system salt getter.
117 void OnSaltObtained(const std::string& system_salt);
118
119 // Performs actual operation with fully configured |context|.
120 void DoAuthenticateToMount(const ResultCallback& success_callback,
121 const UserContext& context);
122 void DoAuthenticateToCheck(const base::Closure& success_callback,
123 const UserContext& context);
124 void DoAddKey(const cryptohome::KeyDefinition& key,
125 bool replace_existing,
126 const base::Closure& success_callback,
127 const UserContext& context);
128 void DoUpdateKeyAuthorized(const cryptohome::KeyDefinition& key,
129 const std::string& signature,
130 const base::Closure& success_callback,
131 const UserContext& context);
132 void DoRemoveKey(const std::string& key_to_remove,
133 const base::Closure& success_callback,
134 const UserContext& context);
135
136 // Inner operation callbacks.
137 void OnMountComplete(const std::string& time_marker,
138 const UserContext& context,
139 const ResultCallback& success_callback,
140 bool success,
141 cryptohome::MountError return_code,
142 const std::string& mount_hash);
143 void OnOperationComplete(const std::string& time_marker,
144 const UserContext& context,
145 const base::Closure& success_callback,
146 bool success,
147 cryptohome::MountError return_code);
148
149 bool salt_obtained_;
150 std::string system_salt_;
151 std::vector<base::Closure> system_salt_callbacks_;
152
153 NewAuthStatusConsumer* consumer_;
154 AuthStatusConsumer* old_consumer_;
155
156 DISALLOW_COPY_AND_ASSIGN(ExtendedAuthenticator);
157 };
158
159 } // namespace chromeos
160
161 #endif // CHROME_BROWSER_CHROMEOS_LOGIN_AUTH_EXTENDED_AUTHENTICATOR_H_
OLDNEW
« no previous file with comments | « chrome/browser/chromeos/login/auth/authenticator.cc ('k') | chrome/browser/chromeos/login/auth/extended_authenticator.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698