| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #ifndef CHROMEOS_LOGIN_AUTH_EXTENDED_AUTHENTICATOR_H_ | |
| 6 #define CHROMEOS_LOGIN_AUTH_EXTENDED_AUTHENTICATOR_H_ | |
| 7 | |
| 8 #include <string> | |
| 9 | |
| 10 #include "base/basictypes.h" | |
| 11 #include "base/callback.h" | |
| 12 #include "base/compiler_specific.h" | |
| 13 #include "base/memory/ref_counted.h" | |
| 14 #include "base/memory/scoped_ptr.h" | |
| 15 #include "chromeos/chromeos_export.h" | |
| 16 #include "chromeos/cryptohome/cryptohome_parameters.h" | |
| 17 #include "third_party/cros_system_api/dbus/service_constants.h" | |
| 18 | |
| 19 namespace chromeos { | |
| 20 | |
| 21 class AuthStatusConsumer; | |
| 22 class UserContext; | |
| 23 | |
| 24 // Interaction with cryptohomed: mount home dirs, create new home dirs, update | |
| 25 // passwords. | |
| 26 // | |
| 27 // Typical flow: | |
| 28 // AuthenticateToMount() calls cryptohomed to perform offline login, | |
| 29 // AuthenticateToCreate() calls cryptohomed to create new cryptohome. | |
| 30 class CHROMEOS_EXPORT ExtendedAuthenticator | |
| 31 : public base::RefCountedThreadSafe<ExtendedAuthenticator> { | |
| 32 public: | |
| 33 enum AuthState { | |
| 34 SUCCESS, // Login succeeded. | |
| 35 NO_MOUNT, // No cryptohome exist for user. | |
| 36 FAILED_MOUNT, // Failed to mount existing cryptohome - login failed. | |
| 37 FAILED_TPM, // Failed to mount/create cryptohome because of TPM error. | |
| 38 }; | |
| 39 | |
| 40 typedef base::Callback<void(const std::string& result)> ResultCallback; | |
| 41 typedef base::Callback<void(const UserContext& context)> ContextCallback; | |
| 42 | |
| 43 class NewAuthStatusConsumer { | |
| 44 public: | |
| 45 virtual ~NewAuthStatusConsumer() {} | |
| 46 // The current login attempt has ended in failure, with error. | |
| 47 virtual void OnAuthenticationFailure(AuthState state) = 0; | |
| 48 }; | |
| 49 | |
| 50 explicit ExtendedAuthenticator(NewAuthStatusConsumer* consumer); | |
| 51 explicit ExtendedAuthenticator(AuthStatusConsumer* consumer); | |
| 52 | |
| 53 // Updates consumer of the class. | |
| 54 void SetConsumer(AuthStatusConsumer* consumer); | |
| 55 | |
| 56 // This call will attempt to mount the home dir for the user, key (and key | |
| 57 // label) in |context|. If the key is of type KEY_TYPE_PASSWORD_PLAIN, it will | |
| 58 // be hashed with the system salt before being passed to cryptohomed. This | |
| 59 // call assumes that the home dir already exist for the user and will return | |
| 60 // an error otherwise. On success, the user ID hash (used as the mount point) | |
| 61 // will be passed to |success_callback|. | |
| 62 void AuthenticateToMount(const UserContext& context, | |
| 63 const ResultCallback& success_callback); | |
| 64 | |
| 65 // This call will attempt to authenticate the user with the key (and key | |
| 66 // label) in |context|. No further actions are taken after authentication. | |
| 67 void AuthenticateToCheck(const UserContext& context, | |
| 68 const base::Closure& success_callback); | |
| 69 | |
| 70 // This call will create and mount the home dir for |user_id| with the given | |
| 71 // |keys| if the home dir is missing. If the home dir exists already, a mount | |
| 72 // attempt will be performed using the first key in |keys| for authentication. | |
| 73 // Note that all |keys| should have been transformed from plain text already. | |
| 74 // This method does not alter them. | |
| 75 void CreateMount(const std::string& user_id, | |
| 76 const std::vector<cryptohome::KeyDefinition>& keys, | |
| 77 const ResultCallback& success_callback); | |
| 78 | |
| 79 // Attempts to add a new |key| for the user identified/authorized by | |
| 80 // |context|. If a key with the same label already exists, the behavior | |
| 81 // depends on the |replace_existing| flag. If the flag is set, the old key is | |
| 82 // replaced. If the flag is not set, an error occurs. It is not allowed to | |
| 83 // replace the key used for authorization. | |
| 84 void AddKey(const UserContext& context, | |
| 85 const cryptohome::KeyDefinition& key, | |
| 86 bool replace_existing, | |
| 87 const base::Closure& success_callback); | |
| 88 | |
| 89 // Attempts to perform an authorized update of the key in |context| with the | |
| 90 // new |key|. The update is authorized by providing the |signature| of the | |
| 91 // key. The original key must have the |PRIV_AUTHORIZED_UPDATE| privilege to | |
| 92 // perform this operation. The key labels in |context| and in |key| should be | |
| 93 // the same. | |
| 94 void UpdateKeyAuthorized(const UserContext& context, | |
| 95 const cryptohome::KeyDefinition& key, | |
| 96 const std::string& signature, | |
| 97 const base::Closure& success_callback); | |
| 98 | |
| 99 // Attempts to remove the key labeled |key_to_remove| for the user identified/ | |
| 100 // authorized by |context|. It is possible to remove the key used for | |
| 101 // authorization, although it should be done with extreme care. | |
| 102 void RemoveKey(const UserContext& context, | |
| 103 const std::string& key_to_remove, | |
| 104 const base::Closure& success_callback); | |
| 105 | |
| 106 // Hashes the key in |user_context| with the system salt it its type is | |
| 107 // KEY_TYPE_PASSWORD_PLAIN and passes the resulting UserContext to the | |
| 108 // |callback|. | |
| 109 void TransformKeyIfNeeded(const UserContext& user_context, | |
| 110 const ContextCallback& callback); | |
| 111 | |
| 112 private: | |
| 113 friend class base::RefCountedThreadSafe<ExtendedAuthenticator>; | |
| 114 | |
| 115 ~ExtendedAuthenticator(); | |
| 116 | |
| 117 // Callback for system salt getter. | |
| 118 void OnSaltObtained(const std::string& system_salt); | |
| 119 | |
| 120 // Performs actual operation with fully configured |context|. | |
| 121 void DoAuthenticateToMount(const ResultCallback& success_callback, | |
| 122 const UserContext& context); | |
| 123 void DoAuthenticateToCheck(const base::Closure& success_callback, | |
| 124 const UserContext& context); | |
| 125 void DoAddKey(const cryptohome::KeyDefinition& key, | |
| 126 bool replace_existing, | |
| 127 const base::Closure& success_callback, | |
| 128 const UserContext& context); | |
| 129 void DoUpdateKeyAuthorized(const cryptohome::KeyDefinition& key, | |
| 130 const std::string& signature, | |
| 131 const base::Closure& success_callback, | |
| 132 const UserContext& context); | |
| 133 void DoRemoveKey(const std::string& key_to_remove, | |
| 134 const base::Closure& success_callback, | |
| 135 const UserContext& context); | |
| 136 | |
| 137 // Inner operation callbacks. | |
| 138 void OnMountComplete(const std::string& time_marker, | |
| 139 const UserContext& context, | |
| 140 const ResultCallback& success_callback, | |
| 141 bool success, | |
| 142 cryptohome::MountError return_code, | |
| 143 const std::string& mount_hash); | |
| 144 void OnOperationComplete(const std::string& time_marker, | |
| 145 const UserContext& context, | |
| 146 const base::Closure& success_callback, | |
| 147 bool success, | |
| 148 cryptohome::MountError return_code); | |
| 149 | |
| 150 bool salt_obtained_; | |
| 151 std::string system_salt_; | |
| 152 std::vector<base::Closure> system_salt_callbacks_; | |
| 153 | |
| 154 NewAuthStatusConsumer* consumer_; | |
| 155 AuthStatusConsumer* old_consumer_; | |
| 156 | |
| 157 DISALLOW_COPY_AND_ASSIGN(ExtendedAuthenticator); | |
| 158 }; | |
| 159 | |
| 160 } // namespace chromeos | |
| 161 | |
| 162 #endif // CHROMEOS_LOGIN_AUTH_EXTENDED_AUTHENTICATOR_H_ | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 413473003:
Revert of Refactoring : Move AuthAttempt and Authenticators to chromeos/login (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src