| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 #ifndef CHROME_BROWSER_CHROMEOS_LOGIN_MANAGED_SUPERVISED_USER_AUTHENTICATION_H_ | |
| 5 #define CHROME_BROWSER_CHROMEOS_LOGIN_MANAGED_SUPERVISED_USER_AUTHENTICATION_H_ | |
| 6 | |
| 7 #include "base/basictypes.h" | |
| 8 #include "base/compiler_specific.h" | |
| 9 #include "base/memory/weak_ptr.h" | |
| 10 #include "base/strings/string16.h" | |
| 11 #include "base/values.h" | |
| 12 #include "chrome/browser/chromeos/login/managed/supervised_user_login_flow.h" | |
| 13 #include "chromeos/login/auth/user_context.h" | |
| 14 | |
| 15 namespace chromeos { | |
| 16 | |
| 17 class SupervisedUserManager; | |
| 18 | |
| 19 // This is a class that encapsulates all details of password handling for | |
| 20 // supervised users. | |
| 21 // Main property is the schema used to handle password. For now it can be either | |
| 22 // plain password schema, when plain text password is passed to standard | |
| 23 // cryprohome authentication algorithm without modification, or hashed password | |
| 24 // schema, when password is additioUpdateContextToChecknally hashed with | |
| 25 // user-specific salt. | |
| 26 // Second schema is required to allow password syncing across devices for | |
| 27 // supervised users. | |
| 28 class SupervisedUserAuthentication { | |
| 29 public: | |
| 30 enum Schema { | |
| 31 SCHEMA_PLAIN = 1, | |
| 32 SCHEMA_SALT_HASHED = 2 | |
| 33 }; | |
| 34 | |
| 35 enum SupervisedUserPasswordChangeResult { | |
| 36 PASSWORD_CHANGED_IN_MANAGER_SESSION = 0, | |
| 37 PASSWORD_CHANGED_IN_USER_SESSION = 1, | |
| 38 PASSWORD_CHANGE_FAILED_NO_MASTER_KEY = 2, | |
| 39 PASSWORD_CHANGE_FAILED_NO_SIGNATURE_KEY = 3, | |
| 40 PASSWORD_CHANGE_FAILED_NO_PASSWORD_DATA = 4, | |
| 41 PASSWORD_CHANGE_FAILED_MASTER_KEY_FAILURE = 5, | |
| 42 PASSWORD_CHANGE_FAILED_LOADING_DATA = 6, | |
| 43 PASSWORD_CHANGE_FAILED_INCOMPLETE_DATA = 7, | |
| 44 PASSWORD_CHANGE_FAILED_AUTHENTICATION_FAILURE = 8, | |
| 45 PASSWORD_CHANGE_FAILED_STORE_DATA = 9, | |
| 46 PASSWORD_CHANGE_RESULT_MAX_VALUE = 10 | |
| 47 }; | |
| 48 | |
| 49 typedef base::Callback<void(const base::DictionaryValue* password_data)> | |
| 50 PasswordDataCallback; | |
| 51 | |
| 52 explicit SupervisedUserAuthentication(SupervisedUserManager* owner); | |
| 53 virtual ~SupervisedUserAuthentication(); | |
| 54 | |
| 55 // Returns current schema for whole ChromeOS. It defines if users with older | |
| 56 // schema should be migrated somehow. | |
| 57 Schema GetStableSchema(); | |
| 58 | |
| 59 // Transforms key according to schema specified in Local State. | |
| 60 UserContext TransformKey(const UserContext& context); | |
| 61 | |
| 62 // Fills |password_data| with |password|-specific data for |user_id|, | |
| 63 // depending on target schema. Does not affect Local State. | |
| 64 bool FillDataForNewUser(const std::string& user_id, | |
| 65 const std::string& password, | |
| 66 base::DictionaryValue* password_data, | |
| 67 base::DictionaryValue* extra_data); | |
| 68 | |
| 69 // Stores |password_data| for |user_id| in Local State. Only public parts | |
| 70 // of |password_data| will be stored. | |
| 71 void StorePasswordData(const std::string& user_id, | |
| 72 const base::DictionaryValue& password_data); | |
| 73 | |
| 74 bool NeedPasswordChange(const std::string& user_id, | |
| 75 const base::DictionaryValue* password_data); | |
| 76 | |
| 77 // Checks if given user should update password upon signin. | |
| 78 bool HasScheduledPasswordUpdate(const std::string& user_id); | |
| 79 void ClearScheduledPasswordUpdate(const std::string& user_id); | |
| 80 | |
| 81 // Checks if password was migrated to new schema by supervised user. | |
| 82 // In this case it does not have encryption key, and should be updated by | |
| 83 // manager even if password versions match. | |
| 84 bool HasIncompleteKey(const std::string& user_id); | |
| 85 void MarkKeyIncomplete(const std::string& user_id, bool incomplete); | |
| 86 | |
| 87 // Loads password data stored by ScheduleSupervisedPasswordChange. | |
| 88 void LoadPasswordUpdateData(const std::string& user_id, | |
| 89 const PasswordDataCallback& success_callback, | |
| 90 const base::Closure& failure_callback); | |
| 91 | |
| 92 // Creates a random string that can be used as a master key for managed | |
| 93 // user's homedir. | |
| 94 std::string GenerateMasterKey(); | |
| 95 | |
| 96 // Called by supervised user to store password data for migration upon signin. | |
| 97 void ScheduleSupervisedPasswordChange( | |
| 98 const std::string& supervised_user_id, | |
| 99 const base::DictionaryValue* password_data); | |
| 100 | |
| 101 // Utility method that gets schema version for |user_id| from Local State. | |
| 102 Schema GetPasswordSchema(const std::string& user_id); | |
| 103 | |
| 104 static std::string BuildPasswordSignature( | |
| 105 const std::string& password, | |
| 106 int revision, | |
| 107 const std::string& base64_signature_key); | |
| 108 | |
| 109 private: | |
| 110 SupervisedUserManager* owner_; | |
| 111 | |
| 112 // Controls if migration is enabled. | |
| 113 bool migration_enabled_; | |
| 114 | |
| 115 // Target schema version. Affects migration process and new user creation. | |
| 116 Schema stable_schema_; | |
| 117 | |
| 118 | |
| 119 DISALLOW_COPY_AND_ASSIGN(SupervisedUserAuthentication); | |
| 120 }; | |
| 121 | |
| 122 } // namespace chromeos | |
| 123 | |
| 124 #endif // CHROME_BROWSER_CHROMEOS_LOGIN_MANAGED_SUPERVISED_USER_AUTHENTICATION_
H_ | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 393343002:
Rename "managed (mode|user)" to "supervised user" (part 7) (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src