chromeos/login/auth/extended_authenticator.cc - Issue 413473003: Revert of Refactoring : Move AuthAttempt and Authenticators to chromeos/login

Side by Side Diff: chromeos/login/auth/extended_authenticator.cc

Issue 413473003: Revert of Refactoring : Move AuthAttempt and Authenticators to chromeos/login (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Created 6 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
	(Empty)
1 // Copyright 2014 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.

4

5 #include "chromeos/login/auth/extended_authenticator.h"

6

7 #include "base/bind.h"

8 #include "base/strings/string_number_conversions.h"

9 #include "base/strings/string_util.h"

10 #include "chromeos/cryptohome/async_method_caller.h"

11 #include "chromeos/cryptohome/cryptohome_parameters.h"

12 #include "chromeos/cryptohome/homedir_methods.h"

13 #include "chromeos/cryptohome/system_salt_getter.h"

14 #include "chromeos/dbus/cryptohome_client.h"

15 #include "chromeos/dbus/dbus_thread_manager.h"

16 #include "chromeos/login/auth/auth_status_consumer.h"

17 #include "chromeos/login/auth/key.h"

18 #include "chromeos/login/auth/user_context.h"

19 #include "chromeos/login_event_recorder.h"

20 #include "content/public/browser/browser_thread.h"

21 #include "crypto/sha2.h"

22 #include "google_apis/gaia/gaia_auth_util.h"

23 #include "third_party/cros_system_api/dbus/service_constants.h"

24

25 using content::BrowserThread;

26

27 namespace chromeos {

28

29 namespace {

30

31 void RecordStartMarker(const std::string& marker) {

32 std::string full_marker = "Cryptohome-";

33 full_marker.append(marker);

34 full_marker.append("-Start");

35 chromeos::LoginEventRecorder::Get()->AddLoginTimeMarker(full_marker, false);

36 }

37

38 void RecordEndMarker(const std::string& marker) {

39 std::string full_marker = "Cryptohome-";

40 full_marker.append(marker);

41 full_marker.append("-End");

42 chromeos::LoginEventRecorder::Get()->AddLoginTimeMarker(full_marker, false);

43 }

44

45 } // namespace

46

47 ExtendedAuthenticator::ExtendedAuthenticator(NewAuthStatusConsumer* consumer)

48 : salt_obtained_(false), consumer_(consumer), old_consumer_(NULL) {

49 SystemSaltGetter::Get()->GetSystemSalt(

50 base::Bind(&ExtendedAuthenticator::OnSaltObtained, this));

51 }

52

53 ExtendedAuthenticator::ExtendedAuthenticator(AuthStatusConsumer* consumer)

54 : salt_obtained_(false), consumer_(NULL), old_consumer_(consumer) {

55 SystemSaltGetter::Get()->GetSystemSalt(

56 base::Bind(&ExtendedAuthenticator::OnSaltObtained, this));

57 }

58

59 void ExtendedAuthenticator::SetConsumer(AuthStatusConsumer* consumer) {

60 old_consumer_ = consumer;

61 }

62

63 void ExtendedAuthenticator::AuthenticateToMount(

64 const UserContext& context,

65 const ResultCallback& success_callback) {

66 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));

67 TransformKeyIfNeeded(context,

68 base::Bind(&ExtendedAuthenticator::DoAuthenticateToMount,

69 this,

70 success_callback));

71 }

72

73 void ExtendedAuthenticator::AuthenticateToCheck(

74 const UserContext& context,

75 const base::Closure& success_callback) {

76 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));

77 TransformKeyIfNeeded(context,

78 base::Bind(&ExtendedAuthenticator::DoAuthenticateToCheck,

79 this,

80 success_callback));

81 }

82

83 void ExtendedAuthenticator::CreateMount(

84 const std::string& user_id,

85 const std::vector<cryptohome::KeyDefinition>& keys,

86 const ResultCallback& success_callback) {

87 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));

88

89 RecordStartMarker("MountEx");

90

91 std::string canonicalized = gaia::CanonicalizeEmail(user_id);

92 cryptohome::Identification id(canonicalized);

93 cryptohome::Authorization auth(keys.front());

94 cryptohome::MountParameters mount(false);

95 for (size_t i = 0; i < keys.size(); i++) {

96 mount.create_keys.push_back(keys[i]);

97 }

98 UserContext context(user_id);

99 Key key(keys.front().key);

100 key.SetLabel(keys.front().label);

101 context.SetKey(key);

102

103 cryptohome::HomedirMethods::GetInstance()->MountEx(

104 id,

105 auth,

106 mount,

107 base::Bind(&ExtendedAuthenticator::OnMountComplete,

108 this,

109 "MountEx",

110 context,

111 success_callback));

112 }

113

114 void ExtendedAuthenticator::AddKey(const UserContext& context,

115 const cryptohome::KeyDefinition& key,

116 bool replace_existing,

117 const base::Closure& success_callback) {

118 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));

119 TransformKeyIfNeeded(context,

120 base::Bind(&ExtendedAuthenticator::DoAddKey,

121 this,

122 key,

123 replace_existing,

124 success_callback));

125 }

126

127 void ExtendedAuthenticator::UpdateKeyAuthorized(

128 const UserContext& context,

129 const cryptohome::KeyDefinition& key,

130 const std::string& signature,

131 const base::Closure& success_callback) {

132 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));

133 TransformKeyIfNeeded(context,

134 base::Bind(&ExtendedAuthenticator::DoUpdateKeyAuthorized,

135 this,

136 key,

137 signature,

138 success_callback));

139 }

140

141 void ExtendedAuthenticator::RemoveKey(const UserContext& context,

142 const std::string& key_to_remove,

143 const base::Closure& success_callback) {

144 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));

145 TransformKeyIfNeeded(context,

146 base::Bind(&ExtendedAuthenticator::DoRemoveKey,

147 this,

148 key_to_remove,

149 success_callback));

150 }

151

152 void ExtendedAuthenticator::TransformKeyIfNeeded(

153 const UserContext& user_context,

154 const ContextCallback& callback) {

155 if (user_context.GetKey()->GetKeyType() != Key::KEY_TYPE_PASSWORD_PLAIN) {

156 callback.Run(user_context);

157 return;

158 }

159

160 if (!salt_obtained_) {

161 system_salt_callbacks_.push_back(

162 base::Bind(&ExtendedAuthenticator::TransformKeyIfNeeded,

163 this,

164 user_context,

165 callback));

166 return;

167 }

168

169 UserContext transformed_context = user_context;

170 transformed_context.GetKey()->Transform(Key::KEY_TYPE_SALTED_SHA256_TOP_HALF,

171 system_salt_);

172 callback.Run(transformed_context);

173 }

174

175 ExtendedAuthenticator::~ExtendedAuthenticator() {

176 }

177

178 void ExtendedAuthenticator::OnSaltObtained(const std::string& system_salt) {

179 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));

180

181 salt_obtained_ = true;

182 system_salt_ = system_salt;

183 for (std::vector<base::Closure>::const_iterator it =

184 system_salt_callbacks_.begin();

185 it != system_salt_callbacks_.end();

186 ++it) {

187 it->Run();

188 }

189 system_salt_callbacks_.clear();

190 }

191

192 void ExtendedAuthenticator::DoAuthenticateToMount(

193 const ResultCallback& success_callback,

194 const UserContext& user_context) {

195 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));

196

197 RecordStartMarker("MountEx");

198

199 std::string canonicalized = gaia::CanonicalizeEmail(user_context.GetUserID());

200 cryptohome::Identification id(canonicalized);

201 const Key* const key = user_context.GetKey();

202 cryptohome::Authorization auth(key->GetSecret(), key->GetLabel());

203 cryptohome::MountParameters mount(false);

204

205 cryptohome::HomedirMethods::GetInstance()->MountEx(

206 id,

207 auth,

208 mount,

209 base::Bind(&ExtendedAuthenticator::OnMountComplete,

210 this,

211 "MountEx",

212 user_context,

213 success_callback));

214 }

215

216 void ExtendedAuthenticator::DoAuthenticateToCheck(

217 const base::Closure& success_callback,

218 const UserContext& user_context) {

219 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));

220

221 RecordStartMarker("CheckKeyEx");

222

223 std::string canonicalized = gaia::CanonicalizeEmail(user_context.GetUserID());

224 cryptohome::Identification id(canonicalized);

225 const Key* const key = user_context.GetKey();

226 cryptohome::Authorization auth(key->GetSecret(), key->GetLabel());

227

228 cryptohome::HomedirMethods::GetInstance()->CheckKeyEx(

229 id,

230 auth,

231 base::Bind(&ExtendedAuthenticator::OnOperationComplete,

232 this,

233 "CheckKeyEx",

234 user_context,

235 success_callback));

236 }

237

238 void ExtendedAuthenticator::DoAddKey(const cryptohome::KeyDefinition& key,

239 bool replace_existing,

240 const base::Closure& success_callback,

241 const UserContext& user_context) {

242 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));

243

244 RecordStartMarker("AddKeyEx");

245

246 std::string canonicalized = gaia::CanonicalizeEmail(user_context.GetUserID());

247 cryptohome::Identification id(canonicalized);

248 const Key* const auth_key = user_context.GetKey();

249 cryptohome::Authorization auth(auth_key->GetSecret(), auth_key->GetLabel());

250

251 cryptohome::HomedirMethods::GetInstance()->AddKeyEx(

252 id,

253 auth,

254 key,

255 replace_existing,

256 base::Bind(&ExtendedAuthenticator::OnOperationComplete,

257 this,

258 "AddKeyEx",

259 user_context,

260 success_callback));

261 }

262

263 void ExtendedAuthenticator::DoUpdateKeyAuthorized(

264 const cryptohome::KeyDefinition& key,

265 const std::string& signature,

266 const base::Closure& success_callback,

267 const UserContext& user_context) {

268 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));

269 RecordStartMarker("UpdateKeyAuthorized");

270

271 std::string canonicalized = gaia::CanonicalizeEmail(user_context.GetUserID());

272 cryptohome::Identification id(canonicalized);

273 const Key* const auth_key = user_context.GetKey();

274 cryptohome::Authorization auth(auth_key->GetSecret(), auth_key->GetLabel());

275

276 cryptohome::HomedirMethods::GetInstance()->UpdateKeyEx(

277 id,

278 auth,

279 key,

280 signature,

281 base::Bind(&ExtendedAuthenticator::OnOperationComplete,

282 this,

283 "UpdateKeyAuthorized",

284 user_context,

285 success_callback));

286 }

287

288 void ExtendedAuthenticator::DoRemoveKey(const std::string& key_to_remove,

289 const base::Closure& success_callback,

290 const UserContext& user_context) {

291 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));

292

293 RecordStartMarker("RemoveKeyEx");

294

295 std::string canonicalized = gaia::CanonicalizeEmail(user_context.GetUserID());

296 cryptohome::Identification id(canonicalized);

297 const Key* const auth_key = user_context.GetKey();

298 cryptohome::Authorization auth(auth_key->GetSecret(), auth_key->GetLabel());

299

300 cryptohome::HomedirMethods::GetInstance()->RemoveKeyEx(

301 id,

302 auth,

303 key_to_remove,

304 base::Bind(&ExtendedAuthenticator::OnOperationComplete,

305 this,

306 "RemoveKeyEx",

307 user_context,

308 success_callback));

309 }

310

311 void ExtendedAuthenticator::OnMountComplete(

312 const std::string& time_marker,

313 const UserContext& user_context,

314 const ResultCallback& success_callback,

315 bool success,

316 cryptohome::MountError return_code,

317 const std::string& mount_hash) {

318 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));

319

320 RecordEndMarker(time_marker);

321 UserContext copy = user_context;

322 copy.SetUserIDHash(mount_hash);

323 if (return_code == cryptohome::MOUNT_ERROR_NONE) {

324 if (!success_callback.is_null())

325 success_callback.Run(mount_hash);

326 if (old_consumer_)

327 old_consumer_->OnAuthSuccess(copy);

328 return;

329 }

330 AuthState state = FAILED_MOUNT;

331 if (return_code == cryptohome::MOUNT_ERROR_TPM_COMM_ERROR \|\|

332 return_code == cryptohome::MOUNT_ERROR_TPM_DEFEND_LOCK \|\|

333 return_code == cryptohome::MOUNT_ERROR_TPM_NEEDS_REBOOT) {

334 state = FAILED_TPM;

335 }

336 if (return_code == cryptohome::MOUNT_ERROR_USER_DOES_NOT_EXIST) {

337 state = NO_MOUNT;

338 }

339 if (consumer_)

340 consumer_->OnAuthenticationFailure(state);

341 if (old_consumer_) {

342 AuthFailure failure(AuthFailure::COULD_NOT_MOUNT_CRYPTOHOME);

343 old_consumer_->OnAuthFailure(failure);

344 }

345 }

346

347 void ExtendedAuthenticator::OnOperationComplete(

348 const std::string& time_marker,

349 const UserContext& user_context,

350 const base::Closure& success_callback,

351 bool success,

352 cryptohome::MountError return_code) {

353 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));

354

355 RecordEndMarker(time_marker);

356 if (return_code == cryptohome::MOUNT_ERROR_NONE) {

357 if (!success_callback.is_null())

358 success_callback.Run();

359 if (old_consumer_)

360 old_consumer_->OnAuthSuccess(user_context);

361 return;

362 }

363

364 AuthState state = FAILED_MOUNT;

365

366 if (return_code == cryptohome::MOUNT_ERROR_TPM_COMM_ERROR \|\|

367 return_code == cryptohome::MOUNT_ERROR_TPM_DEFEND_LOCK \|\|

368 return_code == cryptohome::MOUNT_ERROR_TPM_NEEDS_REBOOT) {

369 state = FAILED_TPM;

370 }

371

372 if (return_code == cryptohome::MOUNT_ERROR_USER_DOES_NOT_EXIST)

373 state = NO_MOUNT;

374

375 if (consumer_)

376 consumer_->OnAuthenticationFailure(state);

377

378 if (old_consumer_) {

379 AuthFailure failure(AuthFailure::UNLOCK_FAILED);

380 old_consumer_->OnAuthFailure(failure);

381 }

382 }

383

384 } // namespace chromeos

OLD	NEW

« no previous file with comments | « chromeos/login/auth/extended_authenticator.h ('k') | chromeos/login/auth/mock_auth_attempt_state_resolver.h » ('j') | no next file with comments »