| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #ifndef CHROME_BROWSER_CHROMEOS_LOGIN_AUTH_EXTENDED_AUTHENTICATOR_H_ |
| 6 #define CHROME_BROWSER_CHROMEOS_LOGIN_AUTH_EXTENDED_AUTHENTICATOR_H_ |
| 7 |
| 8 #include <string> |
| 9 |
| 10 #include "base/basictypes.h" |
| 11 #include "base/callback.h" |
| 12 #include "base/compiler_specific.h" |
| 13 #include "base/memory/ref_counted.h" |
| 14 #include "base/memory/scoped_ptr.h" |
| 15 #include "chromeos/cryptohome/cryptohome_parameters.h" |
| 16 #include "third_party/cros_system_api/dbus/service_constants.h" |
| 17 |
| 18 namespace chromeos { |
| 19 |
| 20 class AuthStatusConsumer; |
| 21 class UserContext; |
| 22 |
| 23 // Interaction with cryptohomed: mount home dirs, create new home dirs, update |
| 24 // passwords. |
| 25 // |
| 26 // Typical flow: |
| 27 // AuthenticateToMount() calls cryptohomed to perform offline login, |
| 28 // AuthenticateToCreate() calls cryptohomed to create new cryptohome. |
| 29 class ExtendedAuthenticator |
| 30 : public base::RefCountedThreadSafe<ExtendedAuthenticator> { |
| 31 public: |
| 32 enum AuthState { |
| 33 SUCCESS, // Login succeeded. |
| 34 NO_MOUNT, // No cryptohome exist for user. |
| 35 FAILED_MOUNT, // Failed to mount existing cryptohome - login failed. |
| 36 FAILED_TPM, // Failed to mount/create cryptohome because of TPM error. |
| 37 }; |
| 38 |
| 39 typedef base::Callback<void(const std::string& result)> ResultCallback; |
| 40 typedef base::Callback<void(const UserContext& context)> ContextCallback; |
| 41 |
| 42 class NewAuthStatusConsumer { |
| 43 public: |
| 44 virtual ~NewAuthStatusConsumer() {} |
| 45 // The current login attempt has ended in failure, with error. |
| 46 virtual void OnAuthenticationFailure(AuthState state) = 0; |
| 47 }; |
| 48 |
| 49 explicit ExtendedAuthenticator(NewAuthStatusConsumer* consumer); |
| 50 explicit ExtendedAuthenticator(AuthStatusConsumer* consumer); |
| 51 |
| 52 // Updates consumer of the class. |
| 53 void SetConsumer(AuthStatusConsumer* consumer); |
| 54 |
| 55 // This call will attempt to mount the home dir for the user, key (and key |
| 56 // label) in |context|. If the key is of type KEY_TYPE_PASSWORD_PLAIN, it will |
| 57 // be hashed with the system salt before being passed to cryptohomed. This |
| 58 // call assumes that the home dir already exist for the user and will return |
| 59 // an error otherwise. On success, the user ID hash (used as the mount point) |
| 60 // will be passed to |success_callback|. |
| 61 void AuthenticateToMount(const UserContext& context, |
| 62 const ResultCallback& success_callback); |
| 63 |
| 64 // This call will attempt to authenticate the user with the key (and key |
| 65 // label) in |context|. No further actions are taken after authentication. |
| 66 void AuthenticateToCheck(const UserContext& context, |
| 67 const base::Closure& success_callback); |
| 68 |
| 69 // This call will create and mount the home dir for |user_id| with the given |
| 70 // |keys| if the home dir is missing. If the home dir exists already, a mount |
| 71 // attempt will be performed using the first key in |keys| for authentication. |
| 72 // Note that all |keys| should have been transformed from plain text already. |
| 73 // This method does not alter them. |
| 74 void CreateMount(const std::string& user_id, |
| 75 const std::vector<cryptohome::KeyDefinition>& keys, |
| 76 const ResultCallback& success_callback); |
| 77 |
| 78 // Attempts to add a new |key| for the user identified/authorized by |
| 79 // |context|. If a key with the same label already exists, the behavior |
| 80 // depends on the |replace_existing| flag. If the flag is set, the old key is |
| 81 // replaced. If the flag is not set, an error occurs. It is not allowed to |
| 82 // replace the key used for authorization. |
| 83 void AddKey(const UserContext& context, |
| 84 const cryptohome::KeyDefinition& key, |
| 85 bool replace_existing, |
| 86 const base::Closure& success_callback); |
| 87 |
| 88 // Attempts to perform an authorized update of the key in |context| with the |
| 89 // new |key|. The update is authorized by providing the |signature| of the |
| 90 // key. The original key must have the |PRIV_AUTHORIZED_UPDATE| privilege to |
| 91 // perform this operation. The key labels in |context| and in |key| should be |
| 92 // the same. |
| 93 void UpdateKeyAuthorized(const UserContext& context, |
| 94 const cryptohome::KeyDefinition& key, |
| 95 const std::string& signature, |
| 96 const base::Closure& success_callback); |
| 97 |
| 98 // Attempts to remove the key labeled |key_to_remove| for the user identified/ |
| 99 // authorized by |context|. It is possible to remove the key used for |
| 100 // authorization, although it should be done with extreme care. |
| 101 void RemoveKey(const UserContext& context, |
| 102 const std::string& key_to_remove, |
| 103 const base::Closure& success_callback); |
| 104 |
| 105 // Hashes the key in |user_context| with the system salt it its type is |
| 106 // KEY_TYPE_PASSWORD_PLAIN and passes the resulting UserContext to the |
| 107 // |callback|. |
| 108 void TransformKeyIfNeeded(const UserContext& user_context, |
| 109 const ContextCallback& callback); |
| 110 |
| 111 private: |
| 112 friend class base::RefCountedThreadSafe<ExtendedAuthenticator>; |
| 113 |
| 114 ~ExtendedAuthenticator(); |
| 115 |
| 116 // Callback for system salt getter. |
| 117 void OnSaltObtained(const std::string& system_salt); |
| 118 |
| 119 // Performs actual operation with fully configured |context|. |
| 120 void DoAuthenticateToMount(const ResultCallback& success_callback, |
| 121 const UserContext& context); |
| 122 void DoAuthenticateToCheck(const base::Closure& success_callback, |
| 123 const UserContext& context); |
| 124 void DoAddKey(const cryptohome::KeyDefinition& key, |
| 125 bool replace_existing, |
| 126 const base::Closure& success_callback, |
| 127 const UserContext& context); |
| 128 void DoUpdateKeyAuthorized(const cryptohome::KeyDefinition& key, |
| 129 const std::string& signature, |
| 130 const base::Closure& success_callback, |
| 131 const UserContext& context); |
| 132 void DoRemoveKey(const std::string& key_to_remove, |
| 133 const base::Closure& success_callback, |
| 134 const UserContext& context); |
| 135 |
| 136 // Inner operation callbacks. |
| 137 void OnMountComplete(const std::string& time_marker, |
| 138 const UserContext& context, |
| 139 const ResultCallback& success_callback, |
| 140 bool success, |
| 141 cryptohome::MountError return_code, |
| 142 const std::string& mount_hash); |
| 143 void OnOperationComplete(const std::string& time_marker, |
| 144 const UserContext& context, |
| 145 const base::Closure& success_callback, |
| 146 bool success, |
| 147 cryptohome::MountError return_code); |
| 148 |
| 149 bool salt_obtained_; |
| 150 std::string system_salt_; |
| 151 std::vector<base::Closure> system_salt_callbacks_; |
| 152 |
| 153 NewAuthStatusConsumer* consumer_; |
| 154 AuthStatusConsumer* old_consumer_; |
| 155 |
| 156 DISALLOW_COPY_AND_ASSIGN(ExtendedAuthenticator); |
| 157 }; |
| 158 |
| 159 } // namespace chromeos |
| 160 |
| 161 #endif // CHROME_BROWSER_CHROMEOS_LOGIN_AUTH_EXTENDED_AUTHENTICATOR_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 413473003:
Revert of Refactoring : Move AuthAttempt and Authenticators to chromeos/login (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src