Chromium Code Reviews Chromium Code Reviews
Issue 495563003:
Move ParallelAuthnticator to chromeos and rename it to CryptohomeAuthenticator (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/login/auth/parallel_authenticator.h" | 5 #include "chromeos/login/auth/cryptohome_authenticator.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/command_line.h" | |
| 9 #include "base/files/file_path.h" | 8 #include "base/files/file_path.h" |
| 9 #include "base/location.h" | |
| 10 #include "base/logging.h" | 10 #include "base/logging.h" |
| 11 #include "chrome/browser/chromeos/ownership/owner_settings_service.h" | 11 #include "chromeos/chromeos_export.h" |
|
Nikita (slow)
2014/08/21 10:55:24
nit: not needed here
Denis Kuznetsov (DE-MUC)
2014/08/21 11:22:03
Done.
| |
| 12 #include "chrome/browser/chromeos/settings/cros_settings.h" | |
| 13 #include "chrome/common/chrome_switches.h" | |
| 14 #include "chromeos/cryptohome/async_method_caller.h" | 12 #include "chromeos/cryptohome/async_method_caller.h" |
| 15 #include "chromeos/cryptohome/system_salt_getter.h" | 13 #include "chromeos/cryptohome/system_salt_getter.h" |
| 16 #include "chromeos/dbus/cryptohome_client.h" | 14 #include "chromeos/dbus/cryptohome_client.h" |
| 17 #include "chromeos/dbus/dbus_thread_manager.h" | 15 #include "chromeos/dbus/dbus_thread_manager.h" |
| 18 #include "chromeos/login/auth/auth_status_consumer.h" | 16 #include "chromeos/login/auth/auth_status_consumer.h" |
| 19 #include "chromeos/login/auth/key.h" | 17 #include "chromeos/login/auth/key.h" |
| 20 #include "chromeos/login/auth/user_context.h" | 18 #include "chromeos/login/auth/user_context.h" |
| 21 #include "chromeos/login/login_state.h" | 19 #include "chromeos/login/login_state.h" |
| 22 #include "chromeos/login/user_names.h" | 20 #include "chromeos/login/user_names.h" |
| 23 #include "chromeos/login_event_recorder.h" | 21 #include "chromeos/login_event_recorder.h" |
| 24 #include "components/user_manager/user_manager.h" | |
| 25 #include "components/user_manager/user_type.h" | 22 #include "components/user_manager/user_type.h" |
| 26 #include "content/public/browser/browser_thread.h" | |
| 27 #include "third_party/cros_system_api/dbus/service_constants.h" | 23 #include "third_party/cros_system_api/dbus/service_constants.h" |
| 28 | 24 |
| 29 using content::BrowserThread; | |
| 30 | |
| 31 namespace chromeos { | 25 namespace chromeos { |
| 32 | 26 |
| 33 namespace { | 27 namespace { |
| 34 | 28 |
| 35 // Hashes |key| with |system_salt| if it its type is KEY_TYPE_PASSWORD_PLAIN. | 29 // Hashes |key| with |system_salt| if it its type is KEY_TYPE_PASSWORD_PLAIN. |
| 36 // Returns the keys unmodified otherwise. | 30 // Returns the keys unmodified otherwise. |
| 37 scoped_ptr<Key> TransformKeyIfNeeded(const Key& key, | 31 scoped_ptr<Key> TransformKeyIfNeeded(const Key& key, |
| 38 const std::string& system_salt) { | 32 const std::string& system_salt) { |
| 39 scoped_ptr<Key> result(new Key(key)); | 33 scoped_ptr<Key> result(new Key(key)); |
| 40 if (result->GetKeyType() == Key::KEY_TYPE_PASSWORD_PLAIN) | 34 if (result->GetKeyType() == Key::KEY_TYPE_PASSWORD_PLAIN) |
| 41 result->Transform(Key::KEY_TYPE_SALTED_SHA256_TOP_HALF, system_salt); | 35 result->Transform(Key::KEY_TYPE_SALTED_SHA256_TOP_HALF, system_salt); |
| 42 | 36 |
| 43 return result.Pass(); | 37 return result.Pass(); |
| 44 } | 38 } |
| 45 | 39 |
| 46 // Records status and calls resolver->Resolve(). | 40 // Records status and calls resolver->Resolve(). |
| 47 void TriggerResolve(AuthAttemptState* attempt, | 41 void TriggerResolve(AuthAttemptState* attempt, |
| 48 scoped_refptr<ParallelAuthenticator> resolver, | 42 scoped_refptr<CryptohomeAuthenticator> resolver, |
| 49 bool success, | 43 bool success, |
| 50 cryptohome::MountError return_code) { | 44 cryptohome::MountError return_code) { |
| 51 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | |
| 52 attempt->RecordCryptohomeStatus(success, return_code); | 45 attempt->RecordCryptohomeStatus(success, return_code); |
| 53 resolver->Resolve(); | 46 resolver->Resolve(); |
| 54 } | 47 } |
| 55 | 48 |
| 56 // Records get hash status and calls resolver->Resolve(). | 49 // Records get hash status and calls resolver->Resolve(). |
| 57 void TriggerResolveHash(AuthAttemptState* attempt, | 50 void TriggerResolveHash(AuthAttemptState* attempt, |
| 58 scoped_refptr<ParallelAuthenticator> resolver, | 51 scoped_refptr<CryptohomeAuthenticator> resolver, |
| 59 bool success, | 52 bool success, |
| 60 const std::string& username_hash) { | 53 const std::string& username_hash) { |
| 61 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | |
| 62 if (success) | 54 if (success) |
| 63 attempt->RecordUsernameHash(username_hash); | 55 attempt->RecordUsernameHash(username_hash); |
| 64 else | 56 else |
| 65 attempt->RecordUsernameHashFailed(); | 57 attempt->RecordUsernameHashFailed(); |
| 66 resolver->Resolve(); | 58 resolver->Resolve(); |
| 67 } | 59 } |
| 68 | 60 |
| 69 // Calls TriggerResolve while adding login time marker. | 61 // Calls TriggerResolve while adding login time marker. |
| 70 void TriggerResolveWithLoginTimeMarker( | 62 void TriggerResolveWithLoginTimeMarker( |
| 71 const std::string& marker_name, | 63 const std::string& marker_name, |
| 72 AuthAttemptState* attempt, | 64 AuthAttemptState* attempt, |
| 73 scoped_refptr<ParallelAuthenticator> resolver, | 65 scoped_refptr<CryptohomeAuthenticator> resolver, |
| 74 bool success, | 66 bool success, |
| 75 cryptohome::MountError return_code) { | 67 cryptohome::MountError return_code) { |
| 76 chromeos::LoginEventRecorder::Get()->AddLoginTimeMarker(marker_name, false); | 68 chromeos::LoginEventRecorder::Get()->AddLoginTimeMarker(marker_name, false); |
| 77 TriggerResolve(attempt, resolver, success, return_code); | 69 TriggerResolve(attempt, resolver, success, return_code); |
| 78 } | 70 } |
| 79 | 71 |
| 80 // Calls cryptohome's mount method. | 72 // Calls cryptohome's mount method. |
| 81 void Mount(AuthAttemptState* attempt, | 73 void Mount(AuthAttemptState* attempt, |
| 82 scoped_refptr<ParallelAuthenticator> resolver, | 74 scoped_refptr<CryptohomeAuthenticator> resolver, |
| 83 int flags, | 75 int flags, |
| 84 const std::string& system_salt) { | 76 const std::string& system_salt) { |
| 85 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | |
| 86 chromeos::LoginEventRecorder::Get()->AddLoginTimeMarker( | 77 chromeos::LoginEventRecorder::Get()->AddLoginTimeMarker( |
| 87 "CryptohomeMount-Start", false); | 78 "CryptohomeMount-Start", false); |
| 88 // Set state that username_hash is requested here so that test implementation | 79 // Set state that username_hash is requested here so that test implementation |
| 89 // that returns directly would not generate 2 OnLoginSucces() calls. | 80 // that returns directly would not generate 2 OnLoginSucces() calls. |
| 90 attempt->UsernameHashRequested(); | 81 attempt->UsernameHashRequested(); |
| 91 | 82 |
| 92 scoped_ptr<Key> key = | 83 scoped_ptr<Key> key = |
| 93 TransformKeyIfNeeded(*attempt->user_context.GetKey(), system_salt); | 84 TransformKeyIfNeeded(*attempt->user_context.GetKey(), system_salt); |
| 94 cryptohome::AsyncMethodCaller::GetInstance()->AsyncMount( | 85 cryptohome::AsyncMethodCaller::GetInstance()->AsyncMount( |
| 95 attempt->user_context.GetUserID(), | 86 attempt->user_context.GetUserID(), |
| 96 key->GetSecret(), | 87 key->GetSecret(), |
| 97 flags, | 88 flags, |
| 98 base::Bind(&TriggerResolveWithLoginTimeMarker, | 89 base::Bind(&TriggerResolveWithLoginTimeMarker, |
| 99 "CryptohomeMount-End", | 90 "CryptohomeMount-End", |
| 100 attempt, | 91 attempt, |
| 101 resolver)); | 92 resolver)); |
| 102 cryptohome::AsyncMethodCaller::GetInstance()->AsyncGetSanitizedUsername( | 93 cryptohome::AsyncMethodCaller::GetInstance()->AsyncGetSanitizedUsername( |
| 103 attempt->user_context.GetUserID(), | 94 attempt->user_context.GetUserID(), |
| 104 base::Bind(&TriggerResolveHash, | 95 base::Bind(&TriggerResolveHash, attempt, resolver)); |
| 105 attempt, | |
| 106 resolver)); | |
| 107 } | |
| 108 | |
| 109 // Calls cryptohome's mount method for guest. | |
| 110 void MountGuest(AuthAttemptState* attempt, | |
| 111 scoped_refptr<ParallelAuthenticator> resolver) { | |
| 112 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | |
| 113 cryptohome::AsyncMethodCaller::GetInstance()->AsyncMountGuest( | |
| 114 base::Bind(&TriggerResolveWithLoginTimeMarker, | |
| 115 "CryptohomeMount-End", | |
| 116 attempt, | |
| 117 resolver)); | |
| 118 } | 96 } |
| 119 | 97 |
| 120 // Calls cryptohome's mount method for guest and also get the user hash from | 98 // Calls cryptohome's mount method for guest and also get the user hash from |
| 121 // cryptohome. | 99 // cryptohome. |
| 122 void MountGuestAndGetHash(AuthAttemptState* attempt, | 100 void MountGuestAndGetHash(AuthAttemptState* attempt, |
| 123 scoped_refptr<ParallelAuthenticator> resolver) { | 101 scoped_refptr<CryptohomeAuthenticator> resolver) { |
| 124 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | |
| 125 attempt->UsernameHashRequested(); | 102 attempt->UsernameHashRequested(); |
| 126 cryptohome::AsyncMethodCaller::GetInstance()->AsyncMountGuest( | 103 cryptohome::AsyncMethodCaller::GetInstance()->AsyncMountGuest( |
| 127 base::Bind(&TriggerResolveWithLoginTimeMarker, | 104 base::Bind(&TriggerResolveWithLoginTimeMarker, |
| 128 "CryptohomeMount-End", | 105 "CryptohomeMount-End", |
| 129 attempt, | 106 attempt, |
| 130 resolver)); | 107 resolver)); |
| 131 cryptohome::AsyncMethodCaller::GetInstance()->AsyncGetSanitizedUsername( | 108 cryptohome::AsyncMethodCaller::GetInstance()->AsyncGetSanitizedUsername( |
| 132 attempt->user_context.GetUserID(), | 109 attempt->user_context.GetUserID(), |
| 133 base::Bind(&TriggerResolveHash, | 110 base::Bind(&TriggerResolveHash, attempt, resolver)); |
| 134 attempt, | |
| 135 resolver)); | |
| 136 } | 111 } |
| 137 | 112 |
| 138 // Calls cryptohome's MountPublic method | 113 // Calls cryptohome's MountPublic method |
| 139 void MountPublic(AuthAttemptState* attempt, | 114 void MountPublic(AuthAttemptState* attempt, |
| 140 scoped_refptr<ParallelAuthenticator> resolver, | 115 scoped_refptr<CryptohomeAuthenticator> resolver, |
| 141 int flags) { | 116 int flags) { |
| 142 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | |
| 143 cryptohome::AsyncMethodCaller::GetInstance()->AsyncMountPublic( | 117 cryptohome::AsyncMethodCaller::GetInstance()->AsyncMountPublic( |
| 144 attempt->user_context.GetUserID(), | 118 attempt->user_context.GetUserID(), |
| 145 flags, | 119 flags, |
| 146 base::Bind(&TriggerResolveWithLoginTimeMarker, | 120 base::Bind(&TriggerResolveWithLoginTimeMarker, |
| 147 "CryptohomeMountPublic-End", | 121 "CryptohomeMountPublic-End", |
| 148 attempt, | 122 attempt, |
| 149 resolver)); | 123 resolver)); |
| 150 cryptohome::AsyncMethodCaller::GetInstance()->AsyncGetSanitizedUsername( | 124 cryptohome::AsyncMethodCaller::GetInstance()->AsyncGetSanitizedUsername( |
| 151 attempt->user_context.GetUserID(), | 125 attempt->user_context.GetUserID(), |
| 152 base::Bind(&TriggerResolveHash, | 126 base::Bind(&TriggerResolveHash, attempt, resolver)); |
| 153 attempt, | |
| 154 resolver)); | |
| 155 } | 127 } |
| 156 | 128 |
| 157 // Calls cryptohome's key migration method. | 129 // Calls cryptohome's key migration method. |
| 158 void Migrate(AuthAttemptState* attempt, | 130 void Migrate(AuthAttemptState* attempt, |
| 159 scoped_refptr<ParallelAuthenticator> resolver, | 131 scoped_refptr<CryptohomeAuthenticator> resolver, |
| 160 bool passing_old_hash, | 132 bool passing_old_hash, |
| 161 const std::string& old_password, | 133 const std::string& old_password, |
| 162 const std::string& system_salt) { | 134 const std::string& system_salt) { |
| 163 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | |
| 164 chromeos::LoginEventRecorder::Get()->AddLoginTimeMarker( | 135 chromeos::LoginEventRecorder::Get()->AddLoginTimeMarker( |
| 165 "CryptohomeMigrate-Start", false); | 136 "CryptohomeMigrate-Start", false); |
| 166 cryptohome::AsyncMethodCaller* caller = | 137 cryptohome::AsyncMethodCaller* caller = |
| 167 cryptohome::AsyncMethodCaller::GetInstance(); | 138 cryptohome::AsyncMethodCaller::GetInstance(); |
| 168 | 139 |
| 169 // TODO(bartfab): Retrieve the hashing algorithm and salt to use for |old_key| | 140 // TODO(bartfab): Retrieve the hashing algorithm and salt to use for |old_key| |
| 170 // from cryptohomed. | 141 // from cryptohomed. |
| 171 scoped_ptr<Key> old_key = | 142 scoped_ptr<Key> old_key = |
| 172 TransformKeyIfNeeded(Key(old_password), system_salt); | 143 TransformKeyIfNeeded(Key(old_password), system_salt); |
| 173 scoped_ptr<Key> new_key = | 144 scoped_ptr<Key> new_key = |
| (...skipping 12 matching lines...) Expand all Loading... | |
| 186 old_key->GetSecret(), | 157 old_key->GetSecret(), |
| 187 base::Bind(&TriggerResolveWithLoginTimeMarker, | 158 base::Bind(&TriggerResolveWithLoginTimeMarker, |
| 188 "CryptohomeMount-End", | 159 "CryptohomeMount-End", |
| 189 attempt, | 160 attempt, |
| 190 resolver)); | 161 resolver)); |
| 191 } | 162 } |
| 192 } | 163 } |
| 193 | 164 |
| 194 // Calls cryptohome's remove method. | 165 // Calls cryptohome's remove method. |
| 195 void Remove(AuthAttemptState* attempt, | 166 void Remove(AuthAttemptState* attempt, |
| 196 scoped_refptr<ParallelAuthenticator> resolver) { | 167 scoped_refptr<CryptohomeAuthenticator> resolver) { |
| 197 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | |
| 198 chromeos::LoginEventRecorder::Get()->AddLoginTimeMarker( | 168 chromeos::LoginEventRecorder::Get()->AddLoginTimeMarker( |
| 199 "CryptohomeRemove-Start", false); | 169 "CryptohomeRemove-Start", false); |
| 200 cryptohome::AsyncMethodCaller::GetInstance()->AsyncRemove( | 170 cryptohome::AsyncMethodCaller::GetInstance()->AsyncRemove( |
| 201 attempt->user_context.GetUserID(), | 171 attempt->user_context.GetUserID(), |
| 202 base::Bind(&TriggerResolveWithLoginTimeMarker, | 172 base::Bind(&TriggerResolveWithLoginTimeMarker, |
| 203 "CryptohomeRemove-End", | 173 "CryptohomeRemove-End", |
| 204 attempt, | 174 attempt, |
| 205 resolver)); | 175 resolver)); |
| 206 } | 176 } |
| 207 | 177 |
| 208 // Calls cryptohome's key check method. | 178 // Calls cryptohome's key check method. |
| 209 void CheckKey(AuthAttemptState* attempt, | 179 void CheckKey(AuthAttemptState* attempt, |
| 210 scoped_refptr<ParallelAuthenticator> resolver, | 180 scoped_refptr<CryptohomeAuthenticator> resolver, |
| 211 const std::string& system_salt) { | 181 const std::string& system_salt) { |
| 212 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | |
| 213 scoped_ptr<Key> key = | 182 scoped_ptr<Key> key = |
| 214 TransformKeyIfNeeded(*attempt->user_context.GetKey(), system_salt); | 183 TransformKeyIfNeeded(*attempt->user_context.GetKey(), system_salt); |
| 215 cryptohome::AsyncMethodCaller::GetInstance()->AsyncCheckKey( | 184 cryptohome::AsyncMethodCaller::GetInstance()->AsyncCheckKey( |
| 216 attempt->user_context.GetUserID(), | 185 attempt->user_context.GetUserID(), |
| 217 key->GetSecret(), | 186 key->GetSecret(), |
| 218 base::Bind(&TriggerResolve, attempt, resolver)); | 187 base::Bind(&TriggerResolve, attempt, resolver)); |
| 219 } | 188 } |
| 220 | 189 |
| 221 } // namespace | 190 } // namespace |
| 222 | 191 |
| 223 ParallelAuthenticator::ParallelAuthenticator(AuthStatusConsumer* consumer) | 192 CryptohomeAuthenticator::CryptohomeAuthenticator( |
| 193 scoped_refptr<base::TaskRunner> task_runner, | |
| 194 AuthStatusConsumer* consumer) | |
| 224 : Authenticator(consumer), | 195 : Authenticator(consumer), |
| 196 task_runner_(task_runner), | |
| 225 migrate_attempted_(false), | 197 migrate_attempted_(false), |
| 226 remove_attempted_(false), | 198 remove_attempted_(false), |
| 227 resync_attempted_(false), | 199 resync_attempted_(false), |
| 228 ephemeral_mount_attempted_(false), | 200 ephemeral_mount_attempted_(false), |
| 229 check_key_attempted_(false), | 201 check_key_attempted_(false), |
| 230 already_reported_success_(false), | 202 already_reported_success_(false), |
| 231 owner_is_verified_(false), | 203 owner_is_verified_(false), |
| 232 user_can_login_(false), | 204 user_can_login_(false), |
| 233 remove_user_data_on_failure_(false), | 205 remove_user_data_on_failure_(false), |
| 234 delayed_login_failure_(NULL) { | 206 delayed_login_failure_(NULL) { |
| 235 } | 207 } |
| 236 | 208 |
| 237 void ParallelAuthenticator::AuthenticateToLogin( | 209 void CryptohomeAuthenticator::AuthenticateToLogin( |
| 238 Profile* profile, | 210 Profile* profile, |
| 239 const UserContext& user_context) { | 211 const UserContext& user_context) { |
| 240 authentication_profile_ = profile; | 212 authentication_profile_ = profile; |
| 241 current_state_.reset( | 213 current_state_.reset(new AuthAttemptState(user_context, |
| 242 new AuthAttemptState(user_context, | 214 user_manager::USER_TYPE_REGULAR, |
| 243 user_manager::USER_TYPE_REGULAR, | 215 false, // unlock |
| 244 false, // unlock | 216 false, // online_complete |
| 245 false, // online_complete | 217 !IsKnownUser(user_context))); |
| 246 !user_manager::UserManager::Get()->IsKnownUser( | |
| 247 user_context.GetUserID()))); | |
| 248 // Reset the verified flag. | 218 // Reset the verified flag. |
| 249 owner_is_verified_ = false; | 219 owner_is_verified_ = false; |
| 250 | 220 |
| 251 SystemSaltGetter::Get()->GetSystemSalt( | 221 SystemSaltGetter::Get()->GetSystemSalt( |
| 252 base::Bind(&Mount, | 222 base::Bind(&Mount, |
| 253 current_state_.get(), | 223 current_state_.get(), |
| 254 scoped_refptr<ParallelAuthenticator>(this), | 224 scoped_refptr<CryptohomeAuthenticator>(this), |
| 255 cryptohome::MOUNT_FLAGS_NONE)); | 225 cryptohome::MOUNT_FLAGS_NONE)); |
| 256 } | 226 } |
| 257 | 227 |
| 258 void ParallelAuthenticator::CompleteLogin(Profile* profile, | 228 void CryptohomeAuthenticator::CompleteLogin(Profile* profile, |
| 259 const UserContext& user_context) { | 229 const UserContext& user_context) { |
| 260 authentication_profile_ = profile; | 230 authentication_profile_ = profile; |
| 261 current_state_.reset( | 231 current_state_.reset(new AuthAttemptState(user_context, |
| 262 new AuthAttemptState(user_context, | 232 user_manager::USER_TYPE_REGULAR, |
| 263 user_manager::USER_TYPE_REGULAR, | 233 true, // unlock |
| 264 true, // unlock | 234 false, // online_complete |
| 265 false, // online_complete | 235 !IsKnownUser(user_context))); |
| 266 !user_manager::UserManager::Get()->IsKnownUser( | |
| 267 user_context.GetUserID()))); | |
| 268 | 236 |
| 269 // Reset the verified flag. | 237 // Reset the verified flag. |
| 270 owner_is_verified_ = false; | 238 owner_is_verified_ = false; |
| 271 | 239 |
| 272 SystemSaltGetter::Get()->GetSystemSalt( | 240 SystemSaltGetter::Get()->GetSystemSalt( |
| 273 base::Bind(&Mount, | 241 base::Bind(&Mount, |
| 274 current_state_.get(), | 242 current_state_.get(), |
| 275 scoped_refptr<ParallelAuthenticator>(this), | 243 scoped_refptr<CryptohomeAuthenticator>(this), |
| 276 cryptohome::MOUNT_FLAGS_NONE)); | 244 cryptohome::MOUNT_FLAGS_NONE)); |
| 277 | 245 |
| 278 // For login completion from extension, we just need to resolve the current | 246 // For login completion from extension, we just need to resolve the current |
| 279 // auth attempt state, the rest of OAuth related tasks will be done in | 247 // auth attempt state, the rest of OAuth related tasks will be done in |
| 280 // parallel. | 248 // parallel. |
| 281 BrowserThread::PostTask( | 249 task_runner_->PostTask( |
| 282 BrowserThread::UI, FROM_HERE, | 250 FROM_HERE, |
| 283 base::Bind(&ParallelAuthenticator::ResolveLoginCompletionStatus, this)); | 251 base::Bind(&CryptohomeAuthenticator::ResolveLoginCompletionStatus, this)); |
| 284 } | 252 } |
| 285 | 253 |
| 286 void ParallelAuthenticator::AuthenticateToUnlock( | 254 void CryptohomeAuthenticator::AuthenticateToUnlock( |
| 287 const UserContext& user_context) { | 255 const UserContext& user_context) { |
| 288 current_state_.reset(new AuthAttemptState(user_context, | 256 current_state_.reset(new AuthAttemptState(user_context, |
| 289 user_manager::USER_TYPE_REGULAR, | 257 user_manager::USER_TYPE_REGULAR, |
| 290 true, // unlock | 258 true, // unlock |
| 291 true, // online_complete | 259 true, // online_complete |
| 292 false)); // user_is_new | 260 false)); // user_is_new |
| 293 remove_user_data_on_failure_ = false; | 261 remove_user_data_on_failure_ = false; |
| 294 check_key_attempted_ = true; | 262 check_key_attempted_ = true; |
| 295 SystemSaltGetter::Get()->GetSystemSalt( | 263 SystemSaltGetter::Get()->GetSystemSalt( |
| 296 base::Bind(&CheckKey, | 264 base::Bind(&CheckKey, |
| 297 current_state_.get(), | 265 current_state_.get(), |
| 298 scoped_refptr<ParallelAuthenticator>(this))); | 266 scoped_refptr<CryptohomeAuthenticator>(this))); |
| 299 } | 267 } |
| 300 | 268 |
| 301 void ParallelAuthenticator::LoginAsSupervisedUser( | 269 void CryptohomeAuthenticator::LoginAsSupervisedUser( |
| 302 const UserContext& user_context) { | 270 const UserContext& user_context) { |
| 303 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 271 DCHECK(task_runner_->RunsTasksOnCurrentThread()); |
| 304 // TODO(nkostylev): Pass proper value for |user_is_new| or remove (not used). | 272 // TODO(nkostylev): Pass proper value for |user_is_new| or remove (not used). |
| 305 current_state_.reset( | 273 current_state_.reset(new AuthAttemptState(user_context, |
| 306 new AuthAttemptState(user_context, | 274 user_manager::USER_TYPE_SUPERVISED, |
| 307 user_manager::USER_TYPE_SUPERVISED, | 275 false, // unlock |
| 308 false, // unlock | 276 false, // online_complete |
| 309 false, // online_complete | 277 false)); // user_is_new |
| 310 false)); // user_is_new | |
| 311 remove_user_data_on_failure_ = false; | 278 remove_user_data_on_failure_ = false; |
| 312 SystemSaltGetter::Get()->GetSystemSalt( | 279 SystemSaltGetter::Get()->GetSystemSalt( |
| 313 base::Bind(&Mount, | 280 base::Bind(&Mount, |
| 314 current_state_.get(), | 281 current_state_.get(), |
| 315 scoped_refptr<ParallelAuthenticator>(this), | 282 scoped_refptr<CryptohomeAuthenticator>(this), |
| 316 cryptohome::MOUNT_FLAGS_NONE)); | 283 cryptohome::MOUNT_FLAGS_NONE)); |
| 317 } | 284 } |
| 318 | 285 |
| 319 void ParallelAuthenticator::LoginRetailMode() { | 286 void CryptohomeAuthenticator::LoginRetailMode() { |
| 320 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 287 DCHECK(task_runner_->RunsTasksOnCurrentThread()); |
| 321 // Note: |kRetailModeUserEMail| is used in other places to identify a retail | 288 // Note: |kRetailModeUserEMail| is used in other places to identify a retail |
| 322 // mode session. | 289 // mode session. |
| 323 current_state_.reset( | 290 current_state_.reset( |
| 324 new AuthAttemptState(UserContext(chromeos::login::kRetailModeUserName), | 291 new AuthAttemptState(UserContext(chromeos::login::kRetailModeUserName), |
| 325 user_manager::USER_TYPE_RETAIL_MODE, | 292 user_manager::USER_TYPE_RETAIL_MODE, |
| 326 false, // unlock | 293 false, // unlock |
| 327 false, // online_complete | 294 false, // online_complete |
| 328 false)); // user_is_new | 295 false)); // user_is_new |
| 329 remove_user_data_on_failure_ = false; | 296 remove_user_data_on_failure_ = false; |
| 330 ephemeral_mount_attempted_ = true; | 297 ephemeral_mount_attempted_ = true; |
| 331 MountGuestAndGetHash(current_state_.get(), | 298 MountGuestAndGetHash(current_state_.get(), |
| 332 scoped_refptr<ParallelAuthenticator>(this)); | 299 scoped_refptr<CryptohomeAuthenticator>(this)); |
| 333 } | 300 } |
| 334 | 301 |
| 335 void ParallelAuthenticator::LoginOffTheRecord() { | 302 void CryptohomeAuthenticator::LoginOffTheRecord() { |
| 336 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 303 DCHECK(task_runner_->RunsTasksOnCurrentThread()); |
| 337 current_state_.reset( | 304 current_state_.reset( |
| 338 new AuthAttemptState(UserContext(chromeos::login::kGuestUserName), | 305 new AuthAttemptState(UserContext(chromeos::login::kGuestUserName), |
| 339 user_manager::USER_TYPE_GUEST, | 306 user_manager::USER_TYPE_GUEST, |
| 340 false, // unlock | 307 false, // unlock |
| 341 false, // online_complete | 308 false, // online_complete |
| 342 false)); // user_is_new | 309 false)); // user_is_new |
| 343 remove_user_data_on_failure_ = false; | 310 remove_user_data_on_failure_ = false; |
| 344 ephemeral_mount_attempted_ = true; | 311 ephemeral_mount_attempted_ = true; |
| 345 MountGuest(current_state_.get(), | 312 MountGuestAndGetHash(current_state_.get(), |
| 346 scoped_refptr<ParallelAuthenticator>(this)); | 313 scoped_refptr<CryptohomeAuthenticator>(this)); |
| 347 } | 314 } |
| 348 | 315 |
| 349 void ParallelAuthenticator::LoginAsPublicSession( | 316 void CryptohomeAuthenticator::LoginAsPublicSession( |
| 350 const UserContext& user_context) { | 317 const UserContext& user_context) { |
| 351 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 318 DCHECK(task_runner_->RunsTasksOnCurrentThread()); |
| 352 current_state_.reset( | 319 current_state_.reset( |
| 353 new AuthAttemptState(user_context, | 320 new AuthAttemptState(user_context, |
| 354 user_manager::USER_TYPE_PUBLIC_ACCOUNT, | 321 user_manager::USER_TYPE_PUBLIC_ACCOUNT, |
| 355 false, // unlock | 322 false, // unlock |
| 356 false, // online_complete | 323 false, // online_complete |
| 357 false)); // user_is_new | 324 false)); // user_is_new |
| 358 remove_user_data_on_failure_ = false; | 325 remove_user_data_on_failure_ = false; |
| 359 ephemeral_mount_attempted_ = true; | 326 ephemeral_mount_attempted_ = true; |
| 360 SystemSaltGetter::Get()->GetSystemSalt( | 327 SystemSaltGetter::Get()->GetSystemSalt( |
| 361 base::Bind(&Mount, | 328 base::Bind(&Mount, |
| 362 current_state_.get(), | 329 current_state_.get(), |
| 363 scoped_refptr<ParallelAuthenticator>(this), | 330 scoped_refptr<CryptohomeAuthenticator>(this), |
| 364 cryptohome::CREATE_IF_MISSING | cryptohome::ENSURE_EPHEMERAL)); | 331 cryptohome::CREATE_IF_MISSING | cryptohome::ENSURE_EPHEMERAL)); |
| 365 } | 332 } |
| 366 | 333 |
| 367 void ParallelAuthenticator::LoginAsKioskAccount( | 334 void CryptohomeAuthenticator::LoginAsKioskAccount( |
| 368 const std::string& app_user_id, | 335 const std::string& app_user_id, |
| 369 bool use_guest_mount) { | 336 bool use_guest_mount) { |
| 370 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 337 DCHECK(task_runner_->RunsTasksOnCurrentThread()); |
| 371 | 338 |
| 372 const std::string user_id = | 339 const std::string user_id = |
| 373 use_guest_mount ? chromeos::login::kGuestUserName : app_user_id; | 340 use_guest_mount ? chromeos::login::kGuestUserName : app_user_id; |
| 374 current_state_.reset(new AuthAttemptState(UserContext(user_id), | 341 current_state_.reset(new AuthAttemptState(UserContext(user_id), |
| 375 user_manager::USER_TYPE_KIOSK_APP, | 342 user_manager::USER_TYPE_KIOSK_APP, |
| 376 false, // unlock | 343 false, // unlock |
| 377 false, // online_complete | 344 false, // online_complete |
| 378 false)); // user_is_new | 345 false)); // user_is_new |
| 379 | 346 |
| 380 remove_user_data_on_failure_ = true; | 347 remove_user_data_on_failure_ = true; |
| 381 if (!use_guest_mount) { | 348 if (!use_guest_mount) { |
| 382 MountPublic(current_state_.get(), | 349 MountPublic(current_state_.get(), |
| 383 scoped_refptr<ParallelAuthenticator>(this), | 350 scoped_refptr<CryptohomeAuthenticator>(this), |
| 384 cryptohome::CREATE_IF_MISSING); | 351 cryptohome::CREATE_IF_MISSING); |
| 385 } else { | 352 } else { |
| 386 ephemeral_mount_attempted_ = true; | 353 ephemeral_mount_attempted_ = true; |
| 387 MountGuestAndGetHash(current_state_.get(), | 354 MountGuestAndGetHash(current_state_.get(), |
| 388 scoped_refptr<ParallelAuthenticator>(this)); | 355 scoped_refptr<CryptohomeAuthenticator>(this)); |
| 389 } | 356 } |
| 390 } | 357 } |
| 391 | 358 |
| 392 void ParallelAuthenticator::OnRetailModeAuthSuccess() { | 359 void CryptohomeAuthenticator::OnRetailModeAuthSuccess() { |
| 393 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 360 DCHECK(task_runner_->RunsTasksOnCurrentThread()); |
| 394 VLOG(1) << "Retail mode login success"; | 361 VLOG(1) << "Retail mode login success"; |
| 395 chromeos::LoginEventRecorder::Get()->RecordAuthenticationSuccess(); | 362 chromeos::LoginEventRecorder::Get()->RecordAuthenticationSuccess(); |
| 396 if (consumer_) | 363 if (consumer_) |
| 397 consumer_->OnRetailModeAuthSuccess(current_state_->user_context); | 364 consumer_->OnRetailModeAuthSuccess(current_state_->user_context); |
| 398 } | 365 } |
| 399 | 366 |
| 400 void ParallelAuthenticator::OnAuthSuccess() { | 367 void CryptohomeAuthenticator::OnAuthSuccess() { |
| 401 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 368 DCHECK(task_runner_->RunsTasksOnCurrentThread()); |
| 402 VLOG(1) << "Login success"; | 369 VLOG(1) << "Login success"; |
| 403 // Send notification of success | 370 // Send notification of success |
| 404 chromeos::LoginEventRecorder::Get()->RecordAuthenticationSuccess(); | 371 chromeos::LoginEventRecorder::Get()->RecordAuthenticationSuccess(); |
| 405 { | 372 { |
| 406 base::AutoLock for_this_block(success_lock_); | 373 base::AutoLock for_this_block(success_lock_); |
| 407 already_reported_success_ = true; | 374 already_reported_success_ = true; |
| 408 } | 375 } |
| 409 if (consumer_) | 376 if (consumer_) |
| 410 consumer_->OnAuthSuccess(current_state_->user_context); | 377 consumer_->OnAuthSuccess(current_state_->user_context); |
| 411 } | 378 } |
| 412 | 379 |
| 413 void ParallelAuthenticator::OnOffTheRecordAuthSuccess() { | 380 void CryptohomeAuthenticator::OnOffTheRecordAuthSuccess() { |
| 414 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 381 DCHECK(task_runner_->RunsTasksOnCurrentThread()); |
| 415 chromeos::LoginEventRecorder::Get()->RecordAuthenticationSuccess(); | 382 chromeos::LoginEventRecorder::Get()->RecordAuthenticationSuccess(); |
| 416 if (consumer_) | 383 if (consumer_) |
| 417 consumer_->OnOffTheRecordAuthSuccess(); | 384 consumer_->OnOffTheRecordAuthSuccess(); |
| 418 } | 385 } |
| 419 | 386 |
| 420 void ParallelAuthenticator::OnPasswordChangeDetected() { | 387 void CryptohomeAuthenticator::OnPasswordChangeDetected() { |
| 421 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 388 DCHECK(task_runner_->RunsTasksOnCurrentThread()); |
| 422 if (consumer_) | 389 if (consumer_) |
| 423 consumer_->OnPasswordChangeDetected(); | 390 consumer_->OnPasswordChangeDetected(); |
| 424 } | 391 } |
| 425 | 392 |
| 426 void ParallelAuthenticator::OnAuthFailure(const AuthFailure& error) { | 393 void CryptohomeAuthenticator::OnAuthFailure(const AuthFailure& error) { |
| 427 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 394 DCHECK(task_runner_->RunsTasksOnCurrentThread()); |
| 428 | 395 |
| 429 // OnAuthFailure will be called again with the same |error| | 396 // OnAuthFailure will be called again with the same |error| |
| 430 // after the cryptohome has been removed. | 397 // after the cryptohome has been removed. |
| 431 if (remove_user_data_on_failure_) { | 398 if (remove_user_data_on_failure_) { |
| 432 delayed_login_failure_ = &error; | 399 delayed_login_failure_ = &error; |
| 433 RemoveEncryptedData(); | 400 RemoveEncryptedData(); |
| 434 return; | 401 return; |
| 435 } | 402 } |
| 436 chromeos::LoginEventRecorder::Get()->RecordAuthenticationFailure(); | 403 chromeos::LoginEventRecorder::Get()->RecordAuthenticationFailure(); |
| 437 LOG(WARNING) << "Login failed: " << error.GetErrorString(); | 404 LOG(WARNING) << "Login failed: " << error.GetErrorString(); |
| 438 if (consumer_) | 405 if (consumer_) |
| 439 consumer_->OnAuthFailure(error); | 406 consumer_->OnAuthFailure(error); |
| 440 } | 407 } |
| 441 | 408 |
| 442 void ParallelAuthenticator::RecoverEncryptedData( | 409 void CryptohomeAuthenticator::RecoverEncryptedData( |
| 443 const std::string& old_password) { | 410 const std::string& old_password) { |
| 444 migrate_attempted_ = true; | 411 migrate_attempted_ = true; |
| 445 current_state_->ResetCryptohomeStatus(); | 412 current_state_->ResetCryptohomeStatus(); |
| 446 SystemSaltGetter::Get()->GetSystemSalt( | 413 SystemSaltGetter::Get()->GetSystemSalt( |
| 447 base::Bind(&Migrate, | 414 base::Bind(&Migrate, |
| 448 current_state_.get(), | 415 current_state_.get(), |
| 449 scoped_refptr<ParallelAuthenticator>(this), | 416 scoped_refptr<CryptohomeAuthenticator>(this), |
| 450 true, | 417 true, |
| 451 old_password)); | 418 old_password)); |
| 452 } | 419 } |
| 453 | 420 |
| 454 void ParallelAuthenticator::RemoveEncryptedData() { | 421 void CryptohomeAuthenticator::RemoveEncryptedData() { |
| 455 remove_attempted_ = true; | 422 remove_attempted_ = true; |
| 456 current_state_->ResetCryptohomeStatus(); | 423 current_state_->ResetCryptohomeStatus(); |
| 457 BrowserThread::PostTask( | 424 task_runner_->PostTask( |
| 458 BrowserThread::UI, FROM_HERE, | 425 FROM_HERE, |
| 459 base::Bind(&Remove, | 426 base::Bind(&Remove, |
| 460 current_state_.get(), | 427 current_state_.get(), |
| 461 scoped_refptr<ParallelAuthenticator>(this))); | 428 scoped_refptr<CryptohomeAuthenticator>(this))); |
| 462 } | 429 } |
| 463 | 430 |
| 464 void ParallelAuthenticator::ResyncEncryptedData() { | 431 void CryptohomeAuthenticator::ResyncEncryptedData() { |
| 465 resync_attempted_ = true; | 432 resync_attempted_ = true; |
| 466 current_state_->ResetCryptohomeStatus(); | 433 current_state_->ResetCryptohomeStatus(); |
| 467 BrowserThread::PostTask( | 434 task_runner_->PostTask( |
| 468 BrowserThread::UI, FROM_HERE, | 435 FROM_HERE, |
| 469 base::Bind(&Remove, | 436 base::Bind(&Remove, |
| 470 current_state_.get(), | 437 current_state_.get(), |
| 471 scoped_refptr<ParallelAuthenticator>(this))); | 438 scoped_refptr<CryptohomeAuthenticator>(this))); |
| 472 } | 439 } |
| 473 | 440 |
| 474 bool ParallelAuthenticator::VerifyOwner() { | 441 bool CryptohomeAuthenticator::VerifyOwner() { |
| 475 if (owner_is_verified_) | 442 if (owner_is_verified_) |
| 476 return true; | 443 return true; |
| 477 // Check if policy data is fine and continue in safe mode if needed. | 444 // Check if policy data is fine and continue in safe mode if needed. |
| 478 bool is_safe_mode = false; | 445 if (!IsSafeMode()) { |
| 479 CrosSettings::Get()->GetBoolean(kPolicyMissingMitigationMode, &is_safe_mode); | |
| 480 if (!is_safe_mode) { | |
| 481 // Now we can continue with the login and report mount success. | 446 // Now we can continue with the login and report mount success. |
| 482 user_can_login_ = true; | 447 user_can_login_ = true; |
| 483 owner_is_verified_ = true; | 448 owner_is_verified_ = true; |
| 484 return true; | 449 return true; |
| 485 } | 450 } |
| 486 | 451 |
| 487 const std::string& user_id = current_state_->user_context.GetUserID(); | 452 CheckSafeModeOwnership( |
| 488 | 453 current_state_->user_context, |
| 489 // |IsOwnerForSafeModeAsync| expects logged in state to be | 454 base::Bind(&CryptohomeAuthenticator::OnOwnershipChecked, this)); |
| 490 // LOGGED_IN_SAFE_MODE. | |
| 491 if (LoginState::IsInitialized()) { | |
| 492 LoginState::Get()->SetLoggedInState(LoginState::LOGGED_IN_SAFE_MODE, | |
| 493 LoginState::LOGGED_IN_USER_NONE); | |
| 494 } | |
| 495 | |
| 496 OwnerSettingsService::IsOwnerForSafeModeAsync( | |
| 497 user_id, | |
| 498 current_state_->user_context.GetUserIDHash(), | |
| 499 base::Bind(&ParallelAuthenticator::OnOwnershipChecked, this)); | |
| 500 return false; | 455 return false; |
| 501 } | 456 } |
| 502 | 457 |
| 503 void ParallelAuthenticator::OnOwnershipChecked(bool is_owner) { | 458 void CryptohomeAuthenticator::OnOwnershipChecked(bool is_owner) { |
| 504 // Now we can check if this user is the owner. | 459 // Now we can check if this user is the owner. |
| 505 user_can_login_ = is_owner; | 460 user_can_login_ = is_owner; |
| 506 owner_is_verified_ = true; | 461 owner_is_verified_ = true; |
| 507 Resolve(); | 462 Resolve(); |
| 508 } | 463 } |
| 509 | 464 |
| 510 void ParallelAuthenticator::Resolve() { | 465 void CryptohomeAuthenticator::Resolve() { |
| 511 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 466 DCHECK(task_runner_->RunsTasksOnCurrentThread()); |
| 512 int mount_flags = cryptohome::MOUNT_FLAGS_NONE; | 467 int mount_flags = cryptohome::MOUNT_FLAGS_NONE; |
| 513 ParallelAuthenticator::AuthState state = ResolveState(); | 468 CryptohomeAuthenticator::AuthState state = ResolveState(); |
| 514 VLOG(1) << "Resolved state to: " << state; | 469 VLOG(1) << "Resolved state to: " << state; |
| 515 switch (state) { | 470 switch (state) { |
| 516 case CONTINUE: | 471 case CONTINUE: |
| 517 case POSSIBLE_PW_CHANGE: | 472 case POSSIBLE_PW_CHANGE: |
| 518 case NO_MOUNT: | 473 case NO_MOUNT: |
| 519 // These are intermediate states; we need more info from a request that | 474 // These are intermediate states; we need more info from a request that |
| 520 // is still pending. | 475 // is still pending. |
| 521 break; | 476 break; |
| 522 case FAILED_MOUNT: | 477 case FAILED_MOUNT: |
| 523 // In this case, whether login succeeded or not, we can't log | 478 // In this case, whether login succeeded or not, we can't log |
| 524 // the user in because their data is horked. So, override with | 479 // the user in because their data is horked. So, override with |
| 525 // the appropriate failure. | 480 // the appropriate failure. |
| 526 BrowserThread::PostTask( | 481 task_runner_->PostTask( |
| 527 BrowserThread::UI, | |
| 528 FROM_HERE, | 482 FROM_HERE, |
| 529 base::Bind(&ParallelAuthenticator::OnAuthFailure, | 483 base::Bind(&CryptohomeAuthenticator::OnAuthFailure, |
| 530 this, | 484 this, |
| 531 AuthFailure(AuthFailure::COULD_NOT_MOUNT_CRYPTOHOME))); | 485 AuthFailure(AuthFailure::COULD_NOT_MOUNT_CRYPTOHOME))); |
| 532 break; | 486 break; |
| 533 case FAILED_REMOVE: | 487 case FAILED_REMOVE: |
| 534 // In this case, we tried to remove the user's old cryptohome at her | 488 // In this case, we tried to remove the user's old cryptohome at her |
| 535 // request, and the remove failed. | 489 // request, and the remove failed. |
| 536 remove_user_data_on_failure_ = false; | 490 remove_user_data_on_failure_ = false; |
| 537 BrowserThread::PostTask( | 491 task_runner_->PostTask( |
| 538 BrowserThread::UI, | |
| 539 FROM_HERE, | 492 FROM_HERE, |
| 540 base::Bind(&ParallelAuthenticator::OnAuthFailure, | 493 base::Bind(&CryptohomeAuthenticator::OnAuthFailure, |
| 541 this, | 494 this, |
| 542 AuthFailure(AuthFailure::DATA_REMOVAL_FAILED))); | 495 AuthFailure(AuthFailure::DATA_REMOVAL_FAILED))); |
| 543 break; | 496 break; |
| 544 case FAILED_TMPFS: | 497 case FAILED_TMPFS: |
| 545 // In this case, we tried to mount a tmpfs for guest and failed. | 498 // In this case, we tried to mount a tmpfs for guest and failed. |
| 546 BrowserThread::PostTask( | 499 task_runner_->PostTask( |
| 547 BrowserThread::UI, | |
| 548 FROM_HERE, | 500 FROM_HERE, |
| 549 base::Bind(&ParallelAuthenticator::OnAuthFailure, | 501 base::Bind(&CryptohomeAuthenticator::OnAuthFailure, |
| 550 this, | 502 this, |
| 551 AuthFailure(AuthFailure::COULD_NOT_MOUNT_TMPFS))); | 503 AuthFailure(AuthFailure::COULD_NOT_MOUNT_TMPFS))); |
| 552 break; | 504 break; |
| 553 case FAILED_TPM: | 505 case FAILED_TPM: |
| 554 // In this case, we tried to create/mount cryptohome and failed | 506 // In this case, we tried to create/mount cryptohome and failed |
| 555 // because of the critical TPM error. | 507 // because of the critical TPM error. |
| 556 // Chrome will notify user and request reboot. | 508 // Chrome will notify user and request reboot. |
| 557 BrowserThread::PostTask(BrowserThread::UI, | 509 task_runner_->PostTask(FROM_HERE, |
| 558 FROM_HERE, | 510 base::Bind(&CryptohomeAuthenticator::OnAuthFailure, |
| 559 base::Bind(&ParallelAuthenticator::OnAuthFailure, | 511 this, |
| 560 this, | 512 AuthFailure(AuthFailure::TPM_ERROR))); |
| 561 AuthFailure(AuthFailure::TPM_ERROR))); | |
| 562 break; | 513 break; |
| 563 case FAILED_USERNAME_HASH: | 514 case FAILED_USERNAME_HASH: |
| 564 // In this case, we failed the GetSanitizedUsername request to | 515 // In this case, we failed the GetSanitizedUsername request to |
| 565 // cryptohomed. This can happen for any login attempt. | 516 // cryptohomed. This can happen for any login attempt. |
| 566 BrowserThread::PostTask( | 517 task_runner_->PostTask( |
| 567 BrowserThread::UI, | |
| 568 FROM_HERE, | 518 FROM_HERE, |
| 569 base::Bind(&ParallelAuthenticator::OnAuthFailure, | 519 base::Bind(&CryptohomeAuthenticator::OnAuthFailure, |
| 570 this, | 520 this, |
| 571 AuthFailure(AuthFailure::USERNAME_HASH_FAILED))); | 521 AuthFailure(AuthFailure::USERNAME_HASH_FAILED))); |
| 572 break; | 522 break; |
| 573 case REMOVED_DATA_AFTER_FAILURE: | 523 case REMOVED_DATA_AFTER_FAILURE: |
| 574 remove_user_data_on_failure_ = false; | 524 remove_user_data_on_failure_ = false; |
| 575 BrowserThread::PostTask(BrowserThread::UI, | 525 task_runner_->PostTask(FROM_HERE, |
| 576 FROM_HERE, | 526 base::Bind(&CryptohomeAuthenticator::OnAuthFailure, |
| 577 base::Bind(&ParallelAuthenticator::OnAuthFailure, | 527 this, |
| 578 this, | 528 *delayed_login_failure_)); |
| 579 *delayed_login_failure_)); | |
| 580 break; | 529 break; |
| 581 case CREATE_NEW: | 530 case CREATE_NEW: |
| 582 mount_flags |= cryptohome::CREATE_IF_MISSING; | 531 mount_flags |= cryptohome::CREATE_IF_MISSING; |
| 583 case RECOVER_MOUNT: | 532 case RECOVER_MOUNT: |
| 584 current_state_->ResetCryptohomeStatus(); | 533 current_state_->ResetCryptohomeStatus(); |
| 585 SystemSaltGetter::Get()->GetSystemSalt( | 534 SystemSaltGetter::Get()->GetSystemSalt( |
| 586 base::Bind(&Mount, | 535 base::Bind(&Mount, |
| 587 current_state_.get(), | 536 current_state_.get(), |
| 588 scoped_refptr<ParallelAuthenticator>(this), | 537 scoped_refptr<CryptohomeAuthenticator>(this), |
| 589 mount_flags)); | 538 mount_flags)); |
| 590 break; | 539 break; |
| 591 case NEED_OLD_PW: | 540 case NEED_OLD_PW: |
| 592 BrowserThread::PostTask( | 541 task_runner_->PostTask( |
| 593 BrowserThread::UI, FROM_HERE, | 542 FROM_HERE, |
| 594 base::Bind(&ParallelAuthenticator::OnPasswordChangeDetected, this)); | 543 base::Bind(&CryptohomeAuthenticator::OnPasswordChangeDetected, this)); |
| 595 break; | 544 break; |
| 596 case ONLINE_FAILED: | 545 case ONLINE_FAILED: |
| 597 case NEED_NEW_PW: | 546 case NEED_NEW_PW: |
| 598 case HAVE_NEW_PW: | 547 case HAVE_NEW_PW: |
| 599 NOTREACHED() << "Using obsolete ClientLogin code path."; | 548 NOTREACHED() << "Using obsolete ClientLogin code path."; |
| 600 break; | 549 break; |
| 601 case OFFLINE_LOGIN: | 550 case OFFLINE_LOGIN: |
| 602 VLOG(2) << "Offline login"; | 551 VLOG(2) << "Offline login"; |
| 603 // Fall through. | 552 // Fall through. |
| 604 case UNLOCK: | 553 case UNLOCK: |
| 605 VLOG(2) << "Unlock"; | 554 VLOG(2) << "Unlock"; |
| 606 // Fall through. | 555 // Fall through. |
| 607 case ONLINE_LOGIN: | 556 case ONLINE_LOGIN: |
| 608 VLOG(2) << "Online login"; | 557 VLOG(2) << "Online login"; |
| 609 BrowserThread::PostTask( | 558 task_runner_->PostTask( |
| 610 BrowserThread::UI, | 559 FROM_HERE, base::Bind(&CryptohomeAuthenticator::OnAuthSuccess, this)); |
| 611 FROM_HERE, | |
| 612 base::Bind(&ParallelAuthenticator::OnAuthSuccess, this)); | |
| 613 break; | 560 break; |
| 614 case DEMO_LOGIN: | 561 case DEMO_LOGIN: |
| 615 VLOG(2) << "Retail mode login"; | 562 VLOG(2) << "Retail mode login"; |
| 616 current_state_->user_context.SetIsUsingOAuth(false); | 563 current_state_->user_context.SetIsUsingOAuth(false); |
| 617 BrowserThread::PostTask( | 564 task_runner_->PostTask( |
| 618 BrowserThread::UI, | |
| 619 FROM_HERE, | 565 FROM_HERE, |
| 620 base::Bind(&ParallelAuthenticator::OnRetailModeAuthSuccess, this)); | 566 base::Bind(&CryptohomeAuthenticator::OnRetailModeAuthSuccess, this)); |
| 621 break; | 567 break; |
| 622 case GUEST_LOGIN: | 568 case GUEST_LOGIN: |
| 623 BrowserThread::PostTask( | 569 task_runner_->PostTask( |
| 624 BrowserThread::UI, | |
| 625 FROM_HERE, | 570 FROM_HERE, |
| 626 base::Bind(&ParallelAuthenticator::OnOffTheRecordAuthSuccess, this)); | 571 base::Bind(&CryptohomeAuthenticator::OnOffTheRecordAuthSuccess, |
| 572 this)); | |
| 627 break; | 573 break; |
| 628 case KIOSK_ACCOUNT_LOGIN: | 574 case KIOSK_ACCOUNT_LOGIN: |
| 629 case PUBLIC_ACCOUNT_LOGIN: | 575 case PUBLIC_ACCOUNT_LOGIN: |
| 630 current_state_->user_context.SetIsUsingOAuth(false); | 576 current_state_->user_context.SetIsUsingOAuth(false); |
| 631 BrowserThread::PostTask( | 577 task_runner_->PostTask( |
| 632 BrowserThread::UI, | 578 FROM_HERE, base::Bind(&CryptohomeAuthenticator::OnAuthSuccess, this)); |
| 633 FROM_HERE, | |
| 634 base::Bind(&ParallelAuthenticator::OnAuthSuccess, this)); | |
| 635 break; | 579 break; |
| 636 case SUPERVISED_USER_LOGIN: | 580 case SUPERVISED_USER_LOGIN: |
| 637 current_state_->user_context.SetIsUsingOAuth(false); | 581 current_state_->user_context.SetIsUsingOAuth(false); |
| 638 BrowserThread::PostTask( | 582 task_runner_->PostTask( |
| 639 BrowserThread::UI, | 583 FROM_HERE, base::Bind(&CryptohomeAuthenticator::OnAuthSuccess, this)); |
| 640 FROM_HERE, | |
| 641 base::Bind(&ParallelAuthenticator::OnAuthSuccess, this)); | |
| 642 break; | 584 break; |
| 643 case LOGIN_FAILED: | 585 case LOGIN_FAILED: |
| 644 current_state_->ResetCryptohomeStatus(); | 586 current_state_->ResetCryptohomeStatus(); |
| 645 BrowserThread::PostTask(BrowserThread::UI, | 587 task_runner_->PostTask(FROM_HERE, |
| 646 FROM_HERE, | 588 base::Bind(&CryptohomeAuthenticator::OnAuthFailure, |
| 647 base::Bind(&ParallelAuthenticator::OnAuthFailure, | 589 this, |
| 648 this, | 590 current_state_->online_outcome())); |
| 649 current_state_->online_outcome())); | |
| 650 break; | 591 break; |
| 651 case OWNER_REQUIRED: { | 592 case OWNER_REQUIRED: { |
| 652 current_state_->ResetCryptohomeStatus(); | 593 current_state_->ResetCryptohomeStatus(); |
| 653 bool success = false; | 594 bool success = false; |
| 654 DBusThreadManager::Get()->GetCryptohomeClient()->Unmount(&success); | 595 DBusThreadManager::Get()->GetCryptohomeClient()->Unmount(&success); |
| 655 if (!success) { | 596 if (!success) { |
| 656 // Maybe we should reboot immediately here? | 597 // Maybe we should reboot immediately here? |
| 657 LOG(ERROR) << "Couldn't unmount users home!"; | 598 LOG(ERROR) << "Couldn't unmount users home!"; |
| 658 } | 599 } |
| 659 BrowserThread::PostTask( | 600 task_runner_->PostTask( |
| 660 BrowserThread::UI, | |
| 661 FROM_HERE, | 601 FROM_HERE, |
| 662 base::Bind(&ParallelAuthenticator::OnAuthFailure, | 602 base::Bind(&CryptohomeAuthenticator::OnAuthFailure, |
| 663 this, | 603 this, |
| 664 AuthFailure(AuthFailure::OWNER_REQUIRED))); | 604 AuthFailure(AuthFailure::OWNER_REQUIRED))); |
| 665 break; | 605 break; |
| 666 } | 606 } |
| 667 default: | 607 default: |
| 668 NOTREACHED(); | 608 NOTREACHED(); |
| 669 break; | 609 break; |
| 670 } | 610 } |
| 671 } | 611 } |
| 672 | 612 |
| 673 ParallelAuthenticator::~ParallelAuthenticator() {} | 613 CryptohomeAuthenticator::~CryptohomeAuthenticator() { |
| 614 } | |
| 674 | 615 |
| 675 ParallelAuthenticator::AuthState ParallelAuthenticator::ResolveState() { | 616 CryptohomeAuthenticator::AuthState CryptohomeAuthenticator::ResolveState() { |
| 676 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 617 DCHECK(task_runner_->RunsTasksOnCurrentThread()); |
| 677 // If we haven't mounted the user's home dir yet or | 618 // If we haven't mounted the user's home dir yet or |
| 678 // haven't got sanitized username value, we can't be done. | 619 // haven't got sanitized username value, we can't be done. |
| 679 // We never get past here if any of these two cryptohome ops is still pending. | 620 // We never get past here if any of these two cryptohome ops is still pending. |
| 680 // This is an important invariant. | 621 // This is an important invariant. |
| 681 if (!current_state_->cryptohome_complete() || | 622 if (!current_state_->cryptohome_complete() || |
| 682 !current_state_->username_hash_obtained()) { | 623 !current_state_->username_hash_obtained()) { |
| 683 return CONTINUE; | 624 return CONTINUE; |
| 684 } | 625 } |
| 685 | 626 |
| 686 AuthState state = CONTINUE; | 627 AuthState state = CONTINUE; |
| 687 | 628 |
| 688 if (current_state_->cryptohome_outcome() && | 629 if (current_state_->cryptohome_outcome() && |
| 689 current_state_->username_hash_valid()) { | 630 current_state_->username_hash_valid()) { |
| 690 state = ResolveCryptohomeSuccessState(); | 631 state = ResolveCryptohomeSuccessState(); |
| 691 } else { | 632 } else { |
| 692 state = ResolveCryptohomeFailureState(); | 633 state = ResolveCryptohomeFailureState(); |
| 693 } | 634 } |
| 694 | 635 |
| 695 DCHECK(current_state_->cryptohome_complete()); // Ensure invariant holds. | 636 DCHECK(current_state_->cryptohome_complete()); // Ensure invariant holds. |
| 696 migrate_attempted_ = false; | 637 migrate_attempted_ = false; |
| 697 remove_attempted_ = false; | 638 remove_attempted_ = false; |
| 698 resync_attempted_ = false; | 639 resync_attempted_ = false; |
| 699 ephemeral_mount_attempted_ = false; | 640 ephemeral_mount_attempted_ = false; |
| 700 check_key_attempted_ = false; | 641 check_key_attempted_ = false; |
| 701 | 642 |
| 702 if (state != POSSIBLE_PW_CHANGE && | 643 if (state != POSSIBLE_PW_CHANGE && state != NO_MOUNT && |
| 703 state != NO_MOUNT && | |
| 704 state != OFFLINE_LOGIN) | 644 state != OFFLINE_LOGIN) |
| 705 return state; | 645 return state; |
| 706 | 646 |
| 707 if (current_state_->online_complete()) { | 647 if (current_state_->online_complete()) { |
| 708 if (current_state_->online_outcome().reason() == AuthFailure::NONE) { | 648 if (current_state_->online_outcome().reason() == AuthFailure::NONE) { |
| 709 // Online attempt succeeded as well, so combine the results. | 649 // Online attempt succeeded as well, so combine the results. |
| 710 return ResolveOnlineSuccessState(state); | 650 return ResolveOnlineSuccessState(state); |
| 711 } | 651 } |
| 712 NOTREACHED() << "Using obsolete ClientLogin code path."; | 652 NOTREACHED() << "Using obsolete ClientLogin code path."; |
| 713 } | 653 } |
| 714 // if online isn't complete yet, just return the offline result. | 654 // if online isn't complete yet, just return the offline result. |
| 715 return state; | 655 return state; |
| 716 } | 656 } |
| 717 | 657 |
| 718 ParallelAuthenticator::AuthState | 658 CryptohomeAuthenticator::AuthState |
| 719 ParallelAuthenticator::ResolveCryptohomeFailureState() { | 659 CryptohomeAuthenticator::ResolveCryptohomeFailureState() { |
| 720 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 660 DCHECK(task_runner_->RunsTasksOnCurrentThread()); |
| 721 if (remove_attempted_ || resync_attempted_) | 661 if (remove_attempted_ || resync_attempted_) |
| 722 return FAILED_REMOVE; | 662 return FAILED_REMOVE; |
| 723 if (ephemeral_mount_attempted_) | 663 if (ephemeral_mount_attempted_) |
| 724 return FAILED_TMPFS; | 664 return FAILED_TMPFS; |
| 725 if (migrate_attempted_) | 665 if (migrate_attempted_) |
| 726 return NEED_OLD_PW; | 666 return NEED_OLD_PW; |
| 727 if (check_key_attempted_) | 667 if (check_key_attempted_) |
| 728 return LOGIN_FAILED; | 668 return LOGIN_FAILED; |
| 729 | 669 |
| 730 if (current_state_->cryptohome_code() == | 670 if (current_state_->cryptohome_code() == |
| (...skipping 20 matching lines...) Expand all Loading... | |
| 751 return NO_MOUNT; | 691 return NO_MOUNT; |
| 752 } | 692 } |
| 753 } | 693 } |
| 754 | 694 |
| 755 if (!current_state_->username_hash_valid()) | 695 if (!current_state_->username_hash_valid()) |
| 756 return FAILED_USERNAME_HASH; | 696 return FAILED_USERNAME_HASH; |
| 757 | 697 |
| 758 return FAILED_MOUNT; | 698 return FAILED_MOUNT; |
| 759 } | 699 } |
| 760 | 700 |
| 761 ParallelAuthenticator::AuthState | 701 CryptohomeAuthenticator::AuthState |
| 762 ParallelAuthenticator::ResolveCryptohomeSuccessState() { | 702 CryptohomeAuthenticator::ResolveCryptohomeSuccessState() { |
| 763 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 703 DCHECK(task_runner_->RunsTasksOnCurrentThread()); |
| 764 if (resync_attempted_) | 704 if (resync_attempted_) |
| 765 return CREATE_NEW; | 705 return CREATE_NEW; |
| 766 if (remove_attempted_) | 706 if (remove_attempted_) |
| 767 return REMOVED_DATA_AFTER_FAILURE; | 707 return REMOVED_DATA_AFTER_FAILURE; |
| 768 if (migrate_attempted_) | 708 if (migrate_attempted_) |
| 769 return RECOVER_MOUNT; | 709 return RECOVER_MOUNT; |
| 770 if (check_key_attempted_) | 710 if (check_key_attempted_) |
| 771 return UNLOCK; | 711 return UNLOCK; |
| 772 | 712 |
| 773 if (current_state_->user_type == user_manager::USER_TYPE_GUEST) | 713 if (current_state_->user_type == user_manager::USER_TYPE_GUEST) |
| 774 return GUEST_LOGIN; | 714 return GUEST_LOGIN; |
| 775 if (current_state_->user_type == user_manager::USER_TYPE_RETAIL_MODE) | 715 if (current_state_->user_type == user_manager::USER_TYPE_RETAIL_MODE) |
| 776 return DEMO_LOGIN; | 716 return DEMO_LOGIN; |
| 777 if (current_state_->user_type == user_manager::USER_TYPE_PUBLIC_ACCOUNT) | 717 if (current_state_->user_type == user_manager::USER_TYPE_PUBLIC_ACCOUNT) |
| 778 return PUBLIC_ACCOUNT_LOGIN; | 718 return PUBLIC_ACCOUNT_LOGIN; |
| 779 if (current_state_->user_type == user_manager::USER_TYPE_KIOSK_APP) | 719 if (current_state_->user_type == user_manager::USER_TYPE_KIOSK_APP) |
| 780 return KIOSK_ACCOUNT_LOGIN; | 720 return KIOSK_ACCOUNT_LOGIN; |
| 781 if (current_state_->user_type == user_manager::USER_TYPE_SUPERVISED) | 721 if (current_state_->user_type == user_manager::USER_TYPE_SUPERVISED) |
| 782 return SUPERVISED_USER_LOGIN; | 722 return SUPERVISED_USER_LOGIN; |
| 783 | 723 |
| 784 if (!VerifyOwner()) | 724 if (!VerifyOwner()) |
| 785 return CONTINUE; | 725 return CONTINUE; |
| 786 return user_can_login_ ? OFFLINE_LOGIN : OWNER_REQUIRED; | 726 return user_can_login_ ? OFFLINE_LOGIN : OWNER_REQUIRED; |
| 787 } | 727 } |
| 788 | 728 |
| 789 ParallelAuthenticator::AuthState | 729 CryptohomeAuthenticator::AuthState |
| 790 ParallelAuthenticator::ResolveOnlineSuccessState( | 730 CryptohomeAuthenticator::ResolveOnlineSuccessState( |
| 791 ParallelAuthenticator::AuthState offline_state) { | 731 CryptohomeAuthenticator::AuthState offline_state) { |
| 792 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 732 DCHECK(task_runner_->RunsTasksOnCurrentThread()); |
| 793 switch (offline_state) { | 733 switch (offline_state) { |
| 794 case POSSIBLE_PW_CHANGE: | 734 case POSSIBLE_PW_CHANGE: |
| 795 return NEED_OLD_PW; | 735 return NEED_OLD_PW; |
| 796 case NO_MOUNT: | 736 case NO_MOUNT: |
| 797 return CREATE_NEW; | 737 return CREATE_NEW; |
| 798 case OFFLINE_LOGIN: | 738 case OFFLINE_LOGIN: |
| 799 return ONLINE_LOGIN; | 739 return ONLINE_LOGIN; |
| 800 default: | 740 default: |
| 801 NOTREACHED(); | 741 NOTREACHED(); |
| 802 return offline_state; | 742 return offline_state; |
| 803 } | 743 } |
| 804 } | 744 } |
| 805 | 745 |
| 806 void ParallelAuthenticator::ResolveLoginCompletionStatus() { | 746 void CryptohomeAuthenticator::ResolveLoginCompletionStatus() { |
| 807 // Shortcut online state resolution process. | 747 // Shortcut online state resolution process. |
| 808 current_state_->RecordOnlineLoginStatus(AuthFailure::AuthFailureNone()); | 748 current_state_->RecordOnlineLoginStatus(AuthFailure::AuthFailureNone()); |
| 809 Resolve(); | 749 Resolve(); |
| 810 } | 750 } |
| 811 | 751 |
| 812 void ParallelAuthenticator::SetOwnerState(bool owner_check_finished, | 752 void CryptohomeAuthenticator::SetOwnerState(bool owner_check_finished, |
| 813 bool check_result) { | 753 bool check_result) { |
| 814 owner_is_verified_ = owner_check_finished; | 754 owner_is_verified_ = owner_check_finished; |
| 815 user_can_login_ = check_result; | 755 user_can_login_ = check_result; |
| 816 } | 756 } |
| 817 | 757 |
| 818 } // namespace chromeos | 758 } // namespace chromeos |
| OLD | NEW |
