| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/login/auth/parallel_authenticator.h" | 5 #include "chromeos/login/auth/cryptohome_authenticator.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/command_line.h" | |
| 9 #include "base/files/file_path.h" | 8 #include "base/files/file_path.h" |
| 9 #include "base/location.h" |
| 10 #include "base/logging.h" | 10 #include "base/logging.h" |
| 11 #include "chrome/browser/chromeos/ownership/owner_settings_service.h" | |
| 12 #include "chrome/browser/chromeos/settings/cros_settings.h" | |
| 13 #include "chrome/common/chrome_switches.h" | |
| 14 #include "chromeos/cryptohome/async_method_caller.h" | 11 #include "chromeos/cryptohome/async_method_caller.h" |
| 15 #include "chromeos/cryptohome/system_salt_getter.h" | 12 #include "chromeos/cryptohome/system_salt_getter.h" |
| 16 #include "chromeos/dbus/cryptohome_client.h" | 13 #include "chromeos/dbus/cryptohome_client.h" |
| 17 #include "chromeos/dbus/dbus_thread_manager.h" | 14 #include "chromeos/dbus/dbus_thread_manager.h" |
| 18 #include "chromeos/login/auth/auth_status_consumer.h" | 15 #include "chromeos/login/auth/auth_status_consumer.h" |
| 19 #include "chromeos/login/auth/key.h" | 16 #include "chromeos/login/auth/key.h" |
| 20 #include "chromeos/login/auth/user_context.h" | 17 #include "chromeos/login/auth/user_context.h" |
| 21 #include "chromeos/login/login_state.h" | 18 #include "chromeos/login/login_state.h" |
| 22 #include "chromeos/login/user_names.h" | 19 #include "chromeos/login/user_names.h" |
| 23 #include "chromeos/login_event_recorder.h" | 20 #include "chromeos/login_event_recorder.h" |
| 24 #include "components/user_manager/user_manager.h" | |
| 25 #include "components/user_manager/user_type.h" | 21 #include "components/user_manager/user_type.h" |
| 26 #include "content/public/browser/browser_thread.h" | |
| 27 #include "third_party/cros_system_api/dbus/service_constants.h" | 22 #include "third_party/cros_system_api/dbus/service_constants.h" |
| 28 | 23 |
| 29 using content::BrowserThread; | |
| 30 | |
| 31 namespace chromeos { | 24 namespace chromeos { |
| 32 | 25 |
| 33 namespace { | 26 namespace { |
| 34 | 27 |
| 35 // Hashes |key| with |system_salt| if it its type is KEY_TYPE_PASSWORD_PLAIN. | 28 // Hashes |key| with |system_salt| if it its type is KEY_TYPE_PASSWORD_PLAIN. |
| 36 // Returns the keys unmodified otherwise. | 29 // Returns the keys unmodified otherwise. |
| 37 scoped_ptr<Key> TransformKeyIfNeeded(const Key& key, | 30 scoped_ptr<Key> TransformKeyIfNeeded(const Key& key, |
| 38 const std::string& system_salt) { | 31 const std::string& system_salt) { |
| 39 scoped_ptr<Key> result(new Key(key)); | 32 scoped_ptr<Key> result(new Key(key)); |
| 40 if (result->GetKeyType() == Key::KEY_TYPE_PASSWORD_PLAIN) | 33 if (result->GetKeyType() == Key::KEY_TYPE_PASSWORD_PLAIN) |
| 41 result->Transform(Key::KEY_TYPE_SALTED_SHA256_TOP_HALF, system_salt); | 34 result->Transform(Key::KEY_TYPE_SALTED_SHA256_TOP_HALF, system_salt); |
| 42 | 35 |
| 43 return result.Pass(); | 36 return result.Pass(); |
| 44 } | 37 } |
| 45 | 38 |
| 46 // Records status and calls resolver->Resolve(). | 39 // Records status and calls resolver->Resolve(). |
| 47 void TriggerResolve(AuthAttemptState* attempt, | 40 void TriggerResolve(AuthAttemptState* attempt, |
| 48 scoped_refptr<ParallelAuthenticator> resolver, | 41 scoped_refptr<CryptohomeAuthenticator> resolver, |
| 49 bool success, | 42 bool success, |
| 50 cryptohome::MountError return_code) { | 43 cryptohome::MountError return_code) { |
| 51 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | |
| 52 attempt->RecordCryptohomeStatus(success, return_code); | 44 attempt->RecordCryptohomeStatus(success, return_code); |
| 53 resolver->Resolve(); | 45 resolver->Resolve(); |
| 54 } | 46 } |
| 55 | 47 |
| 56 // Records get hash status and calls resolver->Resolve(). | 48 // Records get hash status and calls resolver->Resolve(). |
| 57 void TriggerResolveHash(AuthAttemptState* attempt, | 49 void TriggerResolveHash(AuthAttemptState* attempt, |
| 58 scoped_refptr<ParallelAuthenticator> resolver, | 50 scoped_refptr<CryptohomeAuthenticator> resolver, |
| 59 bool success, | 51 bool success, |
| 60 const std::string& username_hash) { | 52 const std::string& username_hash) { |
| 61 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | |
| 62 if (success) | 53 if (success) |
| 63 attempt->RecordUsernameHash(username_hash); | 54 attempt->RecordUsernameHash(username_hash); |
| 64 else | 55 else |
| 65 attempt->RecordUsernameHashFailed(); | 56 attempt->RecordUsernameHashFailed(); |
| 66 resolver->Resolve(); | 57 resolver->Resolve(); |
| 67 } | 58 } |
| 68 | 59 |
| 69 // Calls TriggerResolve while adding login time marker. | 60 // Calls TriggerResolve while adding login time marker. |
| 70 void TriggerResolveWithLoginTimeMarker( | 61 void TriggerResolveWithLoginTimeMarker( |
| 71 const std::string& marker_name, | 62 const std::string& marker_name, |
| 72 AuthAttemptState* attempt, | 63 AuthAttemptState* attempt, |
| 73 scoped_refptr<ParallelAuthenticator> resolver, | 64 scoped_refptr<CryptohomeAuthenticator> resolver, |
| 74 bool success, | 65 bool success, |
| 75 cryptohome::MountError return_code) { | 66 cryptohome::MountError return_code) { |
| 76 chromeos::LoginEventRecorder::Get()->AddLoginTimeMarker(marker_name, false); | 67 chromeos::LoginEventRecorder::Get()->AddLoginTimeMarker(marker_name, false); |
| 77 TriggerResolve(attempt, resolver, success, return_code); | 68 TriggerResolve(attempt, resolver, success, return_code); |
| 78 } | 69 } |
| 79 | 70 |
| 80 // Calls cryptohome's mount method. | 71 // Calls cryptohome's mount method. |
| 81 void Mount(AuthAttemptState* attempt, | 72 void Mount(AuthAttemptState* attempt, |
| 82 scoped_refptr<ParallelAuthenticator> resolver, | 73 scoped_refptr<CryptohomeAuthenticator> resolver, |
| 83 int flags, | 74 int flags, |
| 84 const std::string& system_salt) { | 75 const std::string& system_salt) { |
| 85 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | |
| 86 chromeos::LoginEventRecorder::Get()->AddLoginTimeMarker( | 76 chromeos::LoginEventRecorder::Get()->AddLoginTimeMarker( |
| 87 "CryptohomeMount-Start", false); | 77 "CryptohomeMount-Start", false); |
| 88 // Set state that username_hash is requested here so that test implementation | 78 // Set state that username_hash is requested here so that test implementation |
| 89 // that returns directly would not generate 2 OnLoginSucces() calls. | 79 // that returns directly would not generate 2 OnLoginSucces() calls. |
| 90 attempt->UsernameHashRequested(); | 80 attempt->UsernameHashRequested(); |
| 91 | 81 |
| 92 scoped_ptr<Key> key = | 82 scoped_ptr<Key> key = |
| 93 TransformKeyIfNeeded(*attempt->user_context.GetKey(), system_salt); | 83 TransformKeyIfNeeded(*attempt->user_context.GetKey(), system_salt); |
| 94 cryptohome::AsyncMethodCaller::GetInstance()->AsyncMount( | 84 cryptohome::AsyncMethodCaller::GetInstance()->AsyncMount( |
| 95 attempt->user_context.GetUserID(), | 85 attempt->user_context.GetUserID(), |
| 96 key->GetSecret(), | 86 key->GetSecret(), |
| 97 flags, | 87 flags, |
| 98 base::Bind(&TriggerResolveWithLoginTimeMarker, | 88 base::Bind(&TriggerResolveWithLoginTimeMarker, |
| 99 "CryptohomeMount-End", | 89 "CryptohomeMount-End", |
| 100 attempt, | 90 attempt, |
| 101 resolver)); | 91 resolver)); |
| 102 cryptohome::AsyncMethodCaller::GetInstance()->AsyncGetSanitizedUsername( | 92 cryptohome::AsyncMethodCaller::GetInstance()->AsyncGetSanitizedUsername( |
| 103 attempt->user_context.GetUserID(), | 93 attempt->user_context.GetUserID(), |
| 104 base::Bind(&TriggerResolveHash, | 94 base::Bind(&TriggerResolveHash, attempt, resolver)); |
| 105 attempt, | |
| 106 resolver)); | |
| 107 } | |
| 108 | |
| 109 // Calls cryptohome's mount method for guest. | |
| 110 void MountGuest(AuthAttemptState* attempt, | |
| 111 scoped_refptr<ParallelAuthenticator> resolver) { | |
| 112 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | |
| 113 cryptohome::AsyncMethodCaller::GetInstance()->AsyncMountGuest( | |
| 114 base::Bind(&TriggerResolveWithLoginTimeMarker, | |
| 115 "CryptohomeMount-End", | |
| 116 attempt, | |
| 117 resolver)); | |
| 118 } | 95 } |
| 119 | 96 |
| 120 // Calls cryptohome's mount method for guest and also get the user hash from | 97 // Calls cryptohome's mount method for guest and also get the user hash from |
| 121 // cryptohome. | 98 // cryptohome. |
| 122 void MountGuestAndGetHash(AuthAttemptState* attempt, | 99 void MountGuestAndGetHash(AuthAttemptState* attempt, |
| 123 scoped_refptr<ParallelAuthenticator> resolver) { | 100 scoped_refptr<CryptohomeAuthenticator> resolver) { |
| 124 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | |
| 125 attempt->UsernameHashRequested(); | 101 attempt->UsernameHashRequested(); |
| 126 cryptohome::AsyncMethodCaller::GetInstance()->AsyncMountGuest( | 102 cryptohome::AsyncMethodCaller::GetInstance()->AsyncMountGuest( |
| 127 base::Bind(&TriggerResolveWithLoginTimeMarker, | 103 base::Bind(&TriggerResolveWithLoginTimeMarker, |
| 128 "CryptohomeMount-End", | 104 "CryptohomeMount-End", |
| 129 attempt, | 105 attempt, |
| 130 resolver)); | 106 resolver)); |
| 131 cryptohome::AsyncMethodCaller::GetInstance()->AsyncGetSanitizedUsername( | 107 cryptohome::AsyncMethodCaller::GetInstance()->AsyncGetSanitizedUsername( |
| 132 attempt->user_context.GetUserID(), | 108 attempt->user_context.GetUserID(), |
| 133 base::Bind(&TriggerResolveHash, | 109 base::Bind(&TriggerResolveHash, attempt, resolver)); |
| 134 attempt, | |
| 135 resolver)); | |
| 136 } | 110 } |
| 137 | 111 |
| 138 // Calls cryptohome's MountPublic method | 112 // Calls cryptohome's MountPublic method |
| 139 void MountPublic(AuthAttemptState* attempt, | 113 void MountPublic(AuthAttemptState* attempt, |
| 140 scoped_refptr<ParallelAuthenticator> resolver, | 114 scoped_refptr<CryptohomeAuthenticator> resolver, |
| 141 int flags) { | 115 int flags) { |
| 142 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | |
| 143 cryptohome::AsyncMethodCaller::GetInstance()->AsyncMountPublic( | 116 cryptohome::AsyncMethodCaller::GetInstance()->AsyncMountPublic( |
| 144 attempt->user_context.GetUserID(), | 117 attempt->user_context.GetUserID(), |
| 145 flags, | 118 flags, |
| 146 base::Bind(&TriggerResolveWithLoginTimeMarker, | 119 base::Bind(&TriggerResolveWithLoginTimeMarker, |
| 147 "CryptohomeMountPublic-End", | 120 "CryptohomeMountPublic-End", |
| 148 attempt, | 121 attempt, |
| 149 resolver)); | 122 resolver)); |
| 150 cryptohome::AsyncMethodCaller::GetInstance()->AsyncGetSanitizedUsername( | 123 cryptohome::AsyncMethodCaller::GetInstance()->AsyncGetSanitizedUsername( |
| 151 attempt->user_context.GetUserID(), | 124 attempt->user_context.GetUserID(), |
| 152 base::Bind(&TriggerResolveHash, | 125 base::Bind(&TriggerResolveHash, attempt, resolver)); |
| 153 attempt, | |
| 154 resolver)); | |
| 155 } | 126 } |
| 156 | 127 |
| 157 // Calls cryptohome's key migration method. | 128 // Calls cryptohome's key migration method. |
| 158 void Migrate(AuthAttemptState* attempt, | 129 void Migrate(AuthAttemptState* attempt, |
| 159 scoped_refptr<ParallelAuthenticator> resolver, | 130 scoped_refptr<CryptohomeAuthenticator> resolver, |
| 160 bool passing_old_hash, | 131 bool passing_old_hash, |
| 161 const std::string& old_password, | 132 const std::string& old_password, |
| 162 const std::string& system_salt) { | 133 const std::string& system_salt) { |
| 163 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | |
| 164 chromeos::LoginEventRecorder::Get()->AddLoginTimeMarker( | 134 chromeos::LoginEventRecorder::Get()->AddLoginTimeMarker( |
| 165 "CryptohomeMigrate-Start", false); | 135 "CryptohomeMigrate-Start", false); |
| 166 cryptohome::AsyncMethodCaller* caller = | 136 cryptohome::AsyncMethodCaller* caller = |
| 167 cryptohome::AsyncMethodCaller::GetInstance(); | 137 cryptohome::AsyncMethodCaller::GetInstance(); |
| 168 | 138 |
| 169 // TODO(bartfab): Retrieve the hashing algorithm and salt to use for |old_key| | 139 // TODO(bartfab): Retrieve the hashing algorithm and salt to use for |old_key| |
| 170 // from cryptohomed. | 140 // from cryptohomed. |
| 171 scoped_ptr<Key> old_key = | 141 scoped_ptr<Key> old_key = |
| 172 TransformKeyIfNeeded(Key(old_password), system_salt); | 142 TransformKeyIfNeeded(Key(old_password), system_salt); |
| 173 scoped_ptr<Key> new_key = | 143 scoped_ptr<Key> new_key = |
| (...skipping 12 matching lines...) Expand all Loading... |
| 186 old_key->GetSecret(), | 156 old_key->GetSecret(), |
| 187 base::Bind(&TriggerResolveWithLoginTimeMarker, | 157 base::Bind(&TriggerResolveWithLoginTimeMarker, |
| 188 "CryptohomeMount-End", | 158 "CryptohomeMount-End", |
| 189 attempt, | 159 attempt, |
| 190 resolver)); | 160 resolver)); |
| 191 } | 161 } |
| 192 } | 162 } |
| 193 | 163 |
| 194 // Calls cryptohome's remove method. | 164 // Calls cryptohome's remove method. |
| 195 void Remove(AuthAttemptState* attempt, | 165 void Remove(AuthAttemptState* attempt, |
| 196 scoped_refptr<ParallelAuthenticator> resolver) { | 166 scoped_refptr<CryptohomeAuthenticator> resolver) { |
| 197 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | |
| 198 chromeos::LoginEventRecorder::Get()->AddLoginTimeMarker( | 167 chromeos::LoginEventRecorder::Get()->AddLoginTimeMarker( |
| 199 "CryptohomeRemove-Start", false); | 168 "CryptohomeRemove-Start", false); |
| 200 cryptohome::AsyncMethodCaller::GetInstance()->AsyncRemove( | 169 cryptohome::AsyncMethodCaller::GetInstance()->AsyncRemove( |
| 201 attempt->user_context.GetUserID(), | 170 attempt->user_context.GetUserID(), |
| 202 base::Bind(&TriggerResolveWithLoginTimeMarker, | 171 base::Bind(&TriggerResolveWithLoginTimeMarker, |
| 203 "CryptohomeRemove-End", | 172 "CryptohomeRemove-End", |
| 204 attempt, | 173 attempt, |
| 205 resolver)); | 174 resolver)); |
| 206 } | 175 } |
| 207 | 176 |
| 208 // Calls cryptohome's key check method. | 177 // Calls cryptohome's key check method. |
| 209 void CheckKey(AuthAttemptState* attempt, | 178 void CheckKey(AuthAttemptState* attempt, |
| 210 scoped_refptr<ParallelAuthenticator> resolver, | 179 scoped_refptr<CryptohomeAuthenticator> resolver, |
| 211 const std::string& system_salt) { | 180 const std::string& system_salt) { |
| 212 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | |
| 213 scoped_ptr<Key> key = | 181 scoped_ptr<Key> key = |
| 214 TransformKeyIfNeeded(*attempt->user_context.GetKey(), system_salt); | 182 TransformKeyIfNeeded(*attempt->user_context.GetKey(), system_salt); |
| 215 cryptohome::AsyncMethodCaller::GetInstance()->AsyncCheckKey( | 183 cryptohome::AsyncMethodCaller::GetInstance()->AsyncCheckKey( |
| 216 attempt->user_context.GetUserID(), | 184 attempt->user_context.GetUserID(), |
| 217 key->GetSecret(), | 185 key->GetSecret(), |
| 218 base::Bind(&TriggerResolve, attempt, resolver)); | 186 base::Bind(&TriggerResolve, attempt, resolver)); |
| 219 } | 187 } |
| 220 | 188 |
| 221 } // namespace | 189 } // namespace |
| 222 | 190 |
| 223 ParallelAuthenticator::ParallelAuthenticator(AuthStatusConsumer* consumer) | 191 CryptohomeAuthenticator::CryptohomeAuthenticator( |
| 192 scoped_refptr<base::TaskRunner> task_runner, |
| 193 AuthStatusConsumer* consumer) |
| 224 : Authenticator(consumer), | 194 : Authenticator(consumer), |
| 195 task_runner_(task_runner), |
| 225 migrate_attempted_(false), | 196 migrate_attempted_(false), |
| 226 remove_attempted_(false), | 197 remove_attempted_(false), |
| 227 resync_attempted_(false), | 198 resync_attempted_(false), |
| 228 ephemeral_mount_attempted_(false), | 199 ephemeral_mount_attempted_(false), |
| 229 check_key_attempted_(false), | 200 check_key_attempted_(false), |
| 230 already_reported_success_(false), | 201 already_reported_success_(false), |
| 231 owner_is_verified_(false), | 202 owner_is_verified_(false), |
| 232 user_can_login_(false), | 203 user_can_login_(false), |
| 233 remove_user_data_on_failure_(false), | 204 remove_user_data_on_failure_(false), |
| 234 delayed_login_failure_(NULL) { | 205 delayed_login_failure_(NULL) { |
| 235 } | 206 } |
| 236 | 207 |
| 237 void ParallelAuthenticator::AuthenticateToLogin( | 208 void CryptohomeAuthenticator::AuthenticateToLogin( |
| 238 Profile* profile, | 209 Profile* profile, |
| 239 const UserContext& user_context) { | 210 const UserContext& user_context) { |
| 240 authentication_profile_ = profile; | 211 authentication_profile_ = profile; |
| 241 current_state_.reset( | 212 current_state_.reset(new AuthAttemptState(user_context, |
| 242 new AuthAttemptState(user_context, | 213 user_manager::USER_TYPE_REGULAR, |
| 243 user_manager::USER_TYPE_REGULAR, | 214 false, // unlock |
| 244 false, // unlock | 215 false, // online_complete |
| 245 false, // online_complete | 216 !IsKnownUser(user_context))); |
| 246 !user_manager::UserManager::Get()->IsKnownUser( | |
| 247 user_context.GetUserID()))); | |
| 248 // Reset the verified flag. | 217 // Reset the verified flag. |
| 249 owner_is_verified_ = false; | 218 owner_is_verified_ = false; |
| 250 | 219 |
| 251 SystemSaltGetter::Get()->GetSystemSalt( | 220 SystemSaltGetter::Get()->GetSystemSalt( |
| 252 base::Bind(&Mount, | 221 base::Bind(&Mount, |
| 253 current_state_.get(), | 222 current_state_.get(), |
| 254 scoped_refptr<ParallelAuthenticator>(this), | 223 scoped_refptr<CryptohomeAuthenticator>(this), |
| 255 cryptohome::MOUNT_FLAGS_NONE)); | 224 cryptohome::MOUNT_FLAGS_NONE)); |
| 256 } | 225 } |
| 257 | 226 |
| 258 void ParallelAuthenticator::CompleteLogin(Profile* profile, | 227 void CryptohomeAuthenticator::CompleteLogin(Profile* profile, |
| 259 const UserContext& user_context) { | 228 const UserContext& user_context) { |
| 260 authentication_profile_ = profile; | 229 authentication_profile_ = profile; |
| 261 current_state_.reset( | 230 current_state_.reset(new AuthAttemptState(user_context, |
| 262 new AuthAttemptState(user_context, | 231 user_manager::USER_TYPE_REGULAR, |
| 263 user_manager::USER_TYPE_REGULAR, | 232 true, // unlock |
| 264 true, // unlock | 233 false, // online_complete |
| 265 false, // online_complete | 234 !IsKnownUser(user_context))); |
| 266 !user_manager::UserManager::Get()->IsKnownUser( | |
| 267 user_context.GetUserID()))); | |
| 268 | 235 |
| 269 // Reset the verified flag. | 236 // Reset the verified flag. |
| 270 owner_is_verified_ = false; | 237 owner_is_verified_ = false; |
| 271 | 238 |
| 272 SystemSaltGetter::Get()->GetSystemSalt( | 239 SystemSaltGetter::Get()->GetSystemSalt( |
| 273 base::Bind(&Mount, | 240 base::Bind(&Mount, |
| 274 current_state_.get(), | 241 current_state_.get(), |
| 275 scoped_refptr<ParallelAuthenticator>(this), | 242 scoped_refptr<CryptohomeAuthenticator>(this), |
| 276 cryptohome::MOUNT_FLAGS_NONE)); | 243 cryptohome::MOUNT_FLAGS_NONE)); |
| 277 | 244 |
| 278 // For login completion from extension, we just need to resolve the current | 245 // For login completion from extension, we just need to resolve the current |
| 279 // auth attempt state, the rest of OAuth related tasks will be done in | 246 // auth attempt state, the rest of OAuth related tasks will be done in |
| 280 // parallel. | 247 // parallel. |
| 281 BrowserThread::PostTask( | 248 task_runner_->PostTask( |
| 282 BrowserThread::UI, FROM_HERE, | 249 FROM_HERE, |
| 283 base::Bind(&ParallelAuthenticator::ResolveLoginCompletionStatus, this)); | 250 base::Bind(&CryptohomeAuthenticator::ResolveLoginCompletionStatus, this)); |
| 284 } | 251 } |
| 285 | 252 |
| 286 void ParallelAuthenticator::AuthenticateToUnlock( | 253 void CryptohomeAuthenticator::AuthenticateToUnlock( |
| 287 const UserContext& user_context) { | 254 const UserContext& user_context) { |
| 288 current_state_.reset(new AuthAttemptState(user_context, | 255 current_state_.reset(new AuthAttemptState(user_context, |
| 289 user_manager::USER_TYPE_REGULAR, | 256 user_manager::USER_TYPE_REGULAR, |
| 290 true, // unlock | 257 true, // unlock |
| 291 true, // online_complete | 258 true, // online_complete |
| 292 false)); // user_is_new | 259 false)); // user_is_new |
| 293 remove_user_data_on_failure_ = false; | 260 remove_user_data_on_failure_ = false; |
| 294 check_key_attempted_ = true; | 261 check_key_attempted_ = true; |
| 295 SystemSaltGetter::Get()->GetSystemSalt( | 262 SystemSaltGetter::Get()->GetSystemSalt( |
| 296 base::Bind(&CheckKey, | 263 base::Bind(&CheckKey, |
| 297 current_state_.get(), | 264 current_state_.get(), |
| 298 scoped_refptr<ParallelAuthenticator>(this))); | 265 scoped_refptr<CryptohomeAuthenticator>(this))); |
| 299 } | 266 } |
| 300 | 267 |
| 301 void ParallelAuthenticator::LoginAsSupervisedUser( | 268 void CryptohomeAuthenticator::LoginAsSupervisedUser( |
| 302 const UserContext& user_context) { | 269 const UserContext& user_context) { |
| 303 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 270 DCHECK(task_runner_->RunsTasksOnCurrentThread()); |
| 304 // TODO(nkostylev): Pass proper value for |user_is_new| or remove (not used). | 271 // TODO(nkostylev): Pass proper value for |user_is_new| or remove (not used). |
| 305 current_state_.reset( | 272 current_state_.reset(new AuthAttemptState(user_context, |
| 306 new AuthAttemptState(user_context, | 273 user_manager::USER_TYPE_SUPERVISED, |
| 307 user_manager::USER_TYPE_SUPERVISED, | 274 false, // unlock |
| 308 false, // unlock | 275 false, // online_complete |
| 309 false, // online_complete | 276 false)); // user_is_new |
| 310 false)); // user_is_new | |
| 311 remove_user_data_on_failure_ = false; | 277 remove_user_data_on_failure_ = false; |
| 312 SystemSaltGetter::Get()->GetSystemSalt( | 278 SystemSaltGetter::Get()->GetSystemSalt( |
| 313 base::Bind(&Mount, | 279 base::Bind(&Mount, |
| 314 current_state_.get(), | 280 current_state_.get(), |
| 315 scoped_refptr<ParallelAuthenticator>(this), | 281 scoped_refptr<CryptohomeAuthenticator>(this), |
| 316 cryptohome::MOUNT_FLAGS_NONE)); | 282 cryptohome::MOUNT_FLAGS_NONE)); |
| 317 } | 283 } |
| 318 | 284 |
| 319 void ParallelAuthenticator::LoginRetailMode() { | 285 void CryptohomeAuthenticator::LoginRetailMode() { |
| 320 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 286 DCHECK(task_runner_->RunsTasksOnCurrentThread()); |
| 321 // Note: |kRetailModeUserEMail| is used in other places to identify a retail | 287 // Note: |kRetailModeUserEMail| is used in other places to identify a retail |
| 322 // mode session. | 288 // mode session. |
| 323 current_state_.reset( | 289 current_state_.reset( |
| 324 new AuthAttemptState(UserContext(chromeos::login::kRetailModeUserName), | 290 new AuthAttemptState(UserContext(chromeos::login::kRetailModeUserName), |
| 325 user_manager::USER_TYPE_RETAIL_MODE, | 291 user_manager::USER_TYPE_RETAIL_MODE, |
| 326 false, // unlock | 292 false, // unlock |
| 327 false, // online_complete | 293 false, // online_complete |
| 328 false)); // user_is_new | 294 false)); // user_is_new |
| 329 remove_user_data_on_failure_ = false; | 295 remove_user_data_on_failure_ = false; |
| 330 ephemeral_mount_attempted_ = true; | 296 ephemeral_mount_attempted_ = true; |
| 331 MountGuestAndGetHash(current_state_.get(), | 297 MountGuestAndGetHash(current_state_.get(), |
| 332 scoped_refptr<ParallelAuthenticator>(this)); | 298 scoped_refptr<CryptohomeAuthenticator>(this)); |
| 333 } | 299 } |
| 334 | 300 |
| 335 void ParallelAuthenticator::LoginOffTheRecord() { | 301 void CryptohomeAuthenticator::LoginOffTheRecord() { |
| 336 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 302 DCHECK(task_runner_->RunsTasksOnCurrentThread()); |
| 337 current_state_.reset( | 303 current_state_.reset( |
| 338 new AuthAttemptState(UserContext(chromeos::login::kGuestUserName), | 304 new AuthAttemptState(UserContext(chromeos::login::kGuestUserName), |
| 339 user_manager::USER_TYPE_GUEST, | 305 user_manager::USER_TYPE_GUEST, |
| 340 false, // unlock | 306 false, // unlock |
| 341 false, // online_complete | 307 false, // online_complete |
| 342 false)); // user_is_new | 308 false)); // user_is_new |
| 343 remove_user_data_on_failure_ = false; | 309 remove_user_data_on_failure_ = false; |
| 344 ephemeral_mount_attempted_ = true; | 310 ephemeral_mount_attempted_ = true; |
| 345 MountGuest(current_state_.get(), | 311 MountGuestAndGetHash(current_state_.get(), |
| 346 scoped_refptr<ParallelAuthenticator>(this)); | 312 scoped_refptr<CryptohomeAuthenticator>(this)); |
| 347 } | 313 } |
| 348 | 314 |
| 349 void ParallelAuthenticator::LoginAsPublicSession( | 315 void CryptohomeAuthenticator::LoginAsPublicSession( |
| 350 const UserContext& user_context) { | 316 const UserContext& user_context) { |
| 351 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 317 DCHECK(task_runner_->RunsTasksOnCurrentThread()); |
| 352 current_state_.reset( | 318 current_state_.reset( |
| 353 new AuthAttemptState(user_context, | 319 new AuthAttemptState(user_context, |
| 354 user_manager::USER_TYPE_PUBLIC_ACCOUNT, | 320 user_manager::USER_TYPE_PUBLIC_ACCOUNT, |
| 355 false, // unlock | 321 false, // unlock |
| 356 false, // online_complete | 322 false, // online_complete |
| 357 false)); // user_is_new | 323 false)); // user_is_new |
| 358 remove_user_data_on_failure_ = false; | 324 remove_user_data_on_failure_ = false; |
| 359 ephemeral_mount_attempted_ = true; | 325 ephemeral_mount_attempted_ = true; |
| 360 SystemSaltGetter::Get()->GetSystemSalt( | 326 SystemSaltGetter::Get()->GetSystemSalt( |
| 361 base::Bind(&Mount, | 327 base::Bind(&Mount, |
| 362 current_state_.get(), | 328 current_state_.get(), |
| 363 scoped_refptr<ParallelAuthenticator>(this), | 329 scoped_refptr<CryptohomeAuthenticator>(this), |
| 364 cryptohome::CREATE_IF_MISSING | cryptohome::ENSURE_EPHEMERAL)); | 330 cryptohome::CREATE_IF_MISSING | cryptohome::ENSURE_EPHEMERAL)); |
| 365 } | 331 } |
| 366 | 332 |
| 367 void ParallelAuthenticator::LoginAsKioskAccount( | 333 void CryptohomeAuthenticator::LoginAsKioskAccount( |
| 368 const std::string& app_user_id, | 334 const std::string& app_user_id, |
| 369 bool use_guest_mount) { | 335 bool use_guest_mount) { |
| 370 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 336 DCHECK(task_runner_->RunsTasksOnCurrentThread()); |
| 371 | 337 |
| 372 const std::string user_id = | 338 const std::string user_id = |
| 373 use_guest_mount ? chromeos::login::kGuestUserName : app_user_id; | 339 use_guest_mount ? chromeos::login::kGuestUserName : app_user_id; |
| 374 current_state_.reset(new AuthAttemptState(UserContext(user_id), | 340 current_state_.reset(new AuthAttemptState(UserContext(user_id), |
| 375 user_manager::USER_TYPE_KIOSK_APP, | 341 user_manager::USER_TYPE_KIOSK_APP, |
| 376 false, // unlock | 342 false, // unlock |
| 377 false, // online_complete | 343 false, // online_complete |
| 378 false)); // user_is_new | 344 false)); // user_is_new |
| 379 | 345 |
| 380 remove_user_data_on_failure_ = true; | 346 remove_user_data_on_failure_ = true; |
| 381 if (!use_guest_mount) { | 347 if (!use_guest_mount) { |
| 382 MountPublic(current_state_.get(), | 348 MountPublic(current_state_.get(), |
| 383 scoped_refptr<ParallelAuthenticator>(this), | 349 scoped_refptr<CryptohomeAuthenticator>(this), |
| 384 cryptohome::CREATE_IF_MISSING); | 350 cryptohome::CREATE_IF_MISSING); |
| 385 } else { | 351 } else { |
| 386 ephemeral_mount_attempted_ = true; | 352 ephemeral_mount_attempted_ = true; |
| 387 MountGuestAndGetHash(current_state_.get(), | 353 MountGuestAndGetHash(current_state_.get(), |
| 388 scoped_refptr<ParallelAuthenticator>(this)); | 354 scoped_refptr<CryptohomeAuthenticator>(this)); |
| 389 } | 355 } |
| 390 } | 356 } |
| 391 | 357 |
| 392 void ParallelAuthenticator::OnRetailModeAuthSuccess() { | 358 void CryptohomeAuthenticator::OnRetailModeAuthSuccess() { |
| 393 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 359 DCHECK(task_runner_->RunsTasksOnCurrentThread()); |
| 394 VLOG(1) << "Retail mode login success"; | 360 VLOG(1) << "Retail mode login success"; |
| 395 chromeos::LoginEventRecorder::Get()->RecordAuthenticationSuccess(); | 361 chromeos::LoginEventRecorder::Get()->RecordAuthenticationSuccess(); |
| 396 if (consumer_) | 362 if (consumer_) |
| 397 consumer_->OnRetailModeAuthSuccess(current_state_->user_context); | 363 consumer_->OnRetailModeAuthSuccess(current_state_->user_context); |
| 398 } | 364 } |
| 399 | 365 |
| 400 void ParallelAuthenticator::OnAuthSuccess() { | 366 void CryptohomeAuthenticator::OnAuthSuccess() { |
| 401 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 367 DCHECK(task_runner_->RunsTasksOnCurrentThread()); |
| 402 VLOG(1) << "Login success"; | 368 VLOG(1) << "Login success"; |
| 403 // Send notification of success | 369 // Send notification of success |
| 404 chromeos::LoginEventRecorder::Get()->RecordAuthenticationSuccess(); | 370 chromeos::LoginEventRecorder::Get()->RecordAuthenticationSuccess(); |
| 405 { | 371 { |
| 406 base::AutoLock for_this_block(success_lock_); | 372 base::AutoLock for_this_block(success_lock_); |
| 407 already_reported_success_ = true; | 373 already_reported_success_ = true; |
| 408 } | 374 } |
| 409 if (consumer_) | 375 if (consumer_) |
| 410 consumer_->OnAuthSuccess(current_state_->user_context); | 376 consumer_->OnAuthSuccess(current_state_->user_context); |
| 411 } | 377 } |
| 412 | 378 |
| 413 void ParallelAuthenticator::OnOffTheRecordAuthSuccess() { | 379 void CryptohomeAuthenticator::OnOffTheRecordAuthSuccess() { |
| 414 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 380 DCHECK(task_runner_->RunsTasksOnCurrentThread()); |
| 415 chromeos::LoginEventRecorder::Get()->RecordAuthenticationSuccess(); | 381 chromeos::LoginEventRecorder::Get()->RecordAuthenticationSuccess(); |
| 416 if (consumer_) | 382 if (consumer_) |
| 417 consumer_->OnOffTheRecordAuthSuccess(); | 383 consumer_->OnOffTheRecordAuthSuccess(); |
| 418 } | 384 } |
| 419 | 385 |
| 420 void ParallelAuthenticator::OnPasswordChangeDetected() { | 386 void CryptohomeAuthenticator::OnPasswordChangeDetected() { |
| 421 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 387 DCHECK(task_runner_->RunsTasksOnCurrentThread()); |
| 422 if (consumer_) | 388 if (consumer_) |
| 423 consumer_->OnPasswordChangeDetected(); | 389 consumer_->OnPasswordChangeDetected(); |
| 424 } | 390 } |
| 425 | 391 |
| 426 void ParallelAuthenticator::OnAuthFailure(const AuthFailure& error) { | 392 void CryptohomeAuthenticator::OnAuthFailure(const AuthFailure& error) { |
| 427 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 393 DCHECK(task_runner_->RunsTasksOnCurrentThread()); |
| 428 | 394 |
| 429 // OnAuthFailure will be called again with the same |error| | 395 // OnAuthFailure will be called again with the same |error| |
| 430 // after the cryptohome has been removed. | 396 // after the cryptohome has been removed. |
| 431 if (remove_user_data_on_failure_) { | 397 if (remove_user_data_on_failure_) { |
| 432 delayed_login_failure_ = &error; | 398 delayed_login_failure_ = &error; |
| 433 RemoveEncryptedData(); | 399 RemoveEncryptedData(); |
| 434 return; | 400 return; |
| 435 } | 401 } |
| 436 chromeos::LoginEventRecorder::Get()->RecordAuthenticationFailure(); | 402 chromeos::LoginEventRecorder::Get()->RecordAuthenticationFailure(); |
| 437 LOG(WARNING) << "Login failed: " << error.GetErrorString(); | 403 LOG(WARNING) << "Login failed: " << error.GetErrorString(); |
| 438 if (consumer_) | 404 if (consumer_) |
| 439 consumer_->OnAuthFailure(error); | 405 consumer_->OnAuthFailure(error); |
| 440 } | 406 } |
| 441 | 407 |
| 442 void ParallelAuthenticator::RecoverEncryptedData( | 408 void CryptohomeAuthenticator::RecoverEncryptedData( |
| 443 const std::string& old_password) { | 409 const std::string& old_password) { |
| 444 migrate_attempted_ = true; | 410 migrate_attempted_ = true; |
| 445 current_state_->ResetCryptohomeStatus(); | 411 current_state_->ResetCryptohomeStatus(); |
| 446 SystemSaltGetter::Get()->GetSystemSalt( | 412 SystemSaltGetter::Get()->GetSystemSalt( |
| 447 base::Bind(&Migrate, | 413 base::Bind(&Migrate, |
| 448 current_state_.get(), | 414 current_state_.get(), |
| 449 scoped_refptr<ParallelAuthenticator>(this), | 415 scoped_refptr<CryptohomeAuthenticator>(this), |
| 450 true, | 416 true, |
| 451 old_password)); | 417 old_password)); |
| 452 } | 418 } |
| 453 | 419 |
| 454 void ParallelAuthenticator::RemoveEncryptedData() { | 420 void CryptohomeAuthenticator::RemoveEncryptedData() { |
| 455 remove_attempted_ = true; | 421 remove_attempted_ = true; |
| 456 current_state_->ResetCryptohomeStatus(); | 422 current_state_->ResetCryptohomeStatus(); |
| 457 BrowserThread::PostTask( | 423 task_runner_->PostTask( |
| 458 BrowserThread::UI, FROM_HERE, | 424 FROM_HERE, |
| 459 base::Bind(&Remove, | 425 base::Bind(&Remove, |
| 460 current_state_.get(), | 426 current_state_.get(), |
| 461 scoped_refptr<ParallelAuthenticator>(this))); | 427 scoped_refptr<CryptohomeAuthenticator>(this))); |
| 462 } | 428 } |
| 463 | 429 |
| 464 void ParallelAuthenticator::ResyncEncryptedData() { | 430 void CryptohomeAuthenticator::ResyncEncryptedData() { |
| 465 resync_attempted_ = true; | 431 resync_attempted_ = true; |
| 466 current_state_->ResetCryptohomeStatus(); | 432 current_state_->ResetCryptohomeStatus(); |
| 467 BrowserThread::PostTask( | 433 task_runner_->PostTask( |
| 468 BrowserThread::UI, FROM_HERE, | 434 FROM_HERE, |
| 469 base::Bind(&Remove, | 435 base::Bind(&Remove, |
| 470 current_state_.get(), | 436 current_state_.get(), |
| 471 scoped_refptr<ParallelAuthenticator>(this))); | 437 scoped_refptr<CryptohomeAuthenticator>(this))); |
| 472 } | 438 } |
| 473 | 439 |
| 474 bool ParallelAuthenticator::VerifyOwner() { | 440 bool CryptohomeAuthenticator::VerifyOwner() { |
| 475 if (owner_is_verified_) | 441 if (owner_is_verified_) |
| 476 return true; | 442 return true; |
| 477 // Check if policy data is fine and continue in safe mode if needed. | 443 // Check if policy data is fine and continue in safe mode if needed. |
| 478 bool is_safe_mode = false; | 444 if (!IsSafeMode()) { |
| 479 CrosSettings::Get()->GetBoolean(kPolicyMissingMitigationMode, &is_safe_mode); | |
| 480 if (!is_safe_mode) { | |
| 481 // Now we can continue with the login and report mount success. | 445 // Now we can continue with the login and report mount success. |
| 482 user_can_login_ = true; | 446 user_can_login_ = true; |
| 483 owner_is_verified_ = true; | 447 owner_is_verified_ = true; |
| 484 return true; | 448 return true; |
| 485 } | 449 } |
| 486 | 450 |
| 487 const std::string& user_id = current_state_->user_context.GetUserID(); | 451 CheckSafeModeOwnership( |
| 488 | 452 current_state_->user_context, |
| 489 // |IsOwnerForSafeModeAsync| expects logged in state to be | 453 base::Bind(&CryptohomeAuthenticator::OnOwnershipChecked, this)); |
| 490 // LOGGED_IN_SAFE_MODE. | |
| 491 if (LoginState::IsInitialized()) { | |
| 492 LoginState::Get()->SetLoggedInState(LoginState::LOGGED_IN_SAFE_MODE, | |
| 493 LoginState::LOGGED_IN_USER_NONE); | |
| 494 } | |
| 495 | |
| 496 OwnerSettingsService::IsOwnerForSafeModeAsync( | |
| 497 user_id, | |
| 498 current_state_->user_context.GetUserIDHash(), | |
| 499 base::Bind(&ParallelAuthenticator::OnOwnershipChecked, this)); | |
| 500 return false; | 454 return false; |
| 501 } | 455 } |
| 502 | 456 |
| 503 void ParallelAuthenticator::OnOwnershipChecked(bool is_owner) { | 457 void CryptohomeAuthenticator::OnOwnershipChecked(bool is_owner) { |
| 504 // Now we can check if this user is the owner. | 458 // Now we can check if this user is the owner. |
| 505 user_can_login_ = is_owner; | 459 user_can_login_ = is_owner; |
| 506 owner_is_verified_ = true; | 460 owner_is_verified_ = true; |
| 507 Resolve(); | 461 Resolve(); |
| 508 } | 462 } |
| 509 | 463 |
| 510 void ParallelAuthenticator::Resolve() { | 464 void CryptohomeAuthenticator::Resolve() { |
| 511 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 465 DCHECK(task_runner_->RunsTasksOnCurrentThread()); |
| 512 int mount_flags = cryptohome::MOUNT_FLAGS_NONE; | 466 int mount_flags = cryptohome::MOUNT_FLAGS_NONE; |
| 513 ParallelAuthenticator::AuthState state = ResolveState(); | 467 CryptohomeAuthenticator::AuthState state = ResolveState(); |
| 514 VLOG(1) << "Resolved state to: " << state; | 468 VLOG(1) << "Resolved state to: " << state; |
| 515 switch (state) { | 469 switch (state) { |
| 516 case CONTINUE: | 470 case CONTINUE: |
| 517 case POSSIBLE_PW_CHANGE: | 471 case POSSIBLE_PW_CHANGE: |
| 518 case NO_MOUNT: | 472 case NO_MOUNT: |
| 519 // These are intermediate states; we need more info from a request that | 473 // These are intermediate states; we need more info from a request that |
| 520 // is still pending. | 474 // is still pending. |
| 521 break; | 475 break; |
| 522 case FAILED_MOUNT: | 476 case FAILED_MOUNT: |
| 523 // In this case, whether login succeeded or not, we can't log | 477 // In this case, whether login succeeded or not, we can't log |
| 524 // the user in because their data is horked. So, override with | 478 // the user in because their data is horked. So, override with |
| 525 // the appropriate failure. | 479 // the appropriate failure. |
| 526 BrowserThread::PostTask( | 480 task_runner_->PostTask( |
| 527 BrowserThread::UI, | |
| 528 FROM_HERE, | 481 FROM_HERE, |
| 529 base::Bind(&ParallelAuthenticator::OnAuthFailure, | 482 base::Bind(&CryptohomeAuthenticator::OnAuthFailure, |
| 530 this, | 483 this, |
| 531 AuthFailure(AuthFailure::COULD_NOT_MOUNT_CRYPTOHOME))); | 484 AuthFailure(AuthFailure::COULD_NOT_MOUNT_CRYPTOHOME))); |
| 532 break; | 485 break; |
| 533 case FAILED_REMOVE: | 486 case FAILED_REMOVE: |
| 534 // In this case, we tried to remove the user's old cryptohome at her | 487 // In this case, we tried to remove the user's old cryptohome at her |
| 535 // request, and the remove failed. | 488 // request, and the remove failed. |
| 536 remove_user_data_on_failure_ = false; | 489 remove_user_data_on_failure_ = false; |
| 537 BrowserThread::PostTask( | 490 task_runner_->PostTask( |
| 538 BrowserThread::UI, | |
| 539 FROM_HERE, | 491 FROM_HERE, |
| 540 base::Bind(&ParallelAuthenticator::OnAuthFailure, | 492 base::Bind(&CryptohomeAuthenticator::OnAuthFailure, |
| 541 this, | 493 this, |
| 542 AuthFailure(AuthFailure::DATA_REMOVAL_FAILED))); | 494 AuthFailure(AuthFailure::DATA_REMOVAL_FAILED))); |
| 543 break; | 495 break; |
| 544 case FAILED_TMPFS: | 496 case FAILED_TMPFS: |
| 545 // In this case, we tried to mount a tmpfs for guest and failed. | 497 // In this case, we tried to mount a tmpfs for guest and failed. |
| 546 BrowserThread::PostTask( | 498 task_runner_->PostTask( |
| 547 BrowserThread::UI, | |
| 548 FROM_HERE, | 499 FROM_HERE, |
| 549 base::Bind(&ParallelAuthenticator::OnAuthFailure, | 500 base::Bind(&CryptohomeAuthenticator::OnAuthFailure, |
| 550 this, | 501 this, |
| 551 AuthFailure(AuthFailure::COULD_NOT_MOUNT_TMPFS))); | 502 AuthFailure(AuthFailure::COULD_NOT_MOUNT_TMPFS))); |
| 552 break; | 503 break; |
| 553 case FAILED_TPM: | 504 case FAILED_TPM: |
| 554 // In this case, we tried to create/mount cryptohome and failed | 505 // In this case, we tried to create/mount cryptohome and failed |
| 555 // because of the critical TPM error. | 506 // because of the critical TPM error. |
| 556 // Chrome will notify user and request reboot. | 507 // Chrome will notify user and request reboot. |
| 557 BrowserThread::PostTask(BrowserThread::UI, | 508 task_runner_->PostTask(FROM_HERE, |
| 558 FROM_HERE, | 509 base::Bind(&CryptohomeAuthenticator::OnAuthFailure, |
| 559 base::Bind(&ParallelAuthenticator::OnAuthFailure, | 510 this, |
| 560 this, | 511 AuthFailure(AuthFailure::TPM_ERROR))); |
| 561 AuthFailure(AuthFailure::TPM_ERROR))); | |
| 562 break; | 512 break; |
| 563 case FAILED_USERNAME_HASH: | 513 case FAILED_USERNAME_HASH: |
| 564 // In this case, we failed the GetSanitizedUsername request to | 514 // In this case, we failed the GetSanitizedUsername request to |
| 565 // cryptohomed. This can happen for any login attempt. | 515 // cryptohomed. This can happen for any login attempt. |
| 566 BrowserThread::PostTask( | 516 task_runner_->PostTask( |
| 567 BrowserThread::UI, | |
| 568 FROM_HERE, | 517 FROM_HERE, |
| 569 base::Bind(&ParallelAuthenticator::OnAuthFailure, | 518 base::Bind(&CryptohomeAuthenticator::OnAuthFailure, |
| 570 this, | 519 this, |
| 571 AuthFailure(AuthFailure::USERNAME_HASH_FAILED))); | 520 AuthFailure(AuthFailure::USERNAME_HASH_FAILED))); |
| 572 break; | 521 break; |
| 573 case REMOVED_DATA_AFTER_FAILURE: | 522 case REMOVED_DATA_AFTER_FAILURE: |
| 574 remove_user_data_on_failure_ = false; | 523 remove_user_data_on_failure_ = false; |
| 575 BrowserThread::PostTask(BrowserThread::UI, | 524 task_runner_->PostTask(FROM_HERE, |
| 576 FROM_HERE, | 525 base::Bind(&CryptohomeAuthenticator::OnAuthFailure, |
| 577 base::Bind(&ParallelAuthenticator::OnAuthFailure, | 526 this, |
| 578 this, | 527 *delayed_login_failure_)); |
| 579 *delayed_login_failure_)); | |
| 580 break; | 528 break; |
| 581 case CREATE_NEW: | 529 case CREATE_NEW: |
| 582 mount_flags |= cryptohome::CREATE_IF_MISSING; | 530 mount_flags |= cryptohome::CREATE_IF_MISSING; |
| 583 case RECOVER_MOUNT: | 531 case RECOVER_MOUNT: |
| 584 current_state_->ResetCryptohomeStatus(); | 532 current_state_->ResetCryptohomeStatus(); |
| 585 SystemSaltGetter::Get()->GetSystemSalt( | 533 SystemSaltGetter::Get()->GetSystemSalt( |
| 586 base::Bind(&Mount, | 534 base::Bind(&Mount, |
| 587 current_state_.get(), | 535 current_state_.get(), |
| 588 scoped_refptr<ParallelAuthenticator>(this), | 536 scoped_refptr<CryptohomeAuthenticator>(this), |
| 589 mount_flags)); | 537 mount_flags)); |
| 590 break; | 538 break; |
| 591 case NEED_OLD_PW: | 539 case NEED_OLD_PW: |
| 592 BrowserThread::PostTask( | 540 task_runner_->PostTask( |
| 593 BrowserThread::UI, FROM_HERE, | 541 FROM_HERE, |
| 594 base::Bind(&ParallelAuthenticator::OnPasswordChangeDetected, this)); | 542 base::Bind(&CryptohomeAuthenticator::OnPasswordChangeDetected, this)); |
| 595 break; | 543 break; |
| 596 case ONLINE_FAILED: | 544 case ONLINE_FAILED: |
| 597 case NEED_NEW_PW: | 545 case NEED_NEW_PW: |
| 598 case HAVE_NEW_PW: | 546 case HAVE_NEW_PW: |
| 599 NOTREACHED() << "Using obsolete ClientLogin code path."; | 547 NOTREACHED() << "Using obsolete ClientLogin code path."; |
| 600 break; | 548 break; |
| 601 case OFFLINE_LOGIN: | 549 case OFFLINE_LOGIN: |
| 602 VLOG(2) << "Offline login"; | 550 VLOG(2) << "Offline login"; |
| 603 // Fall through. | 551 // Fall through. |
| 604 case UNLOCK: | 552 case UNLOCK: |
| 605 VLOG(2) << "Unlock"; | 553 VLOG(2) << "Unlock"; |
| 606 // Fall through. | 554 // Fall through. |
| 607 case ONLINE_LOGIN: | 555 case ONLINE_LOGIN: |
| 608 VLOG(2) << "Online login"; | 556 VLOG(2) << "Online login"; |
| 609 BrowserThread::PostTask( | 557 task_runner_->PostTask( |
| 610 BrowserThread::UI, | 558 FROM_HERE, base::Bind(&CryptohomeAuthenticator::OnAuthSuccess, this)); |
| 611 FROM_HERE, | |
| 612 base::Bind(&ParallelAuthenticator::OnAuthSuccess, this)); | |
| 613 break; | 559 break; |
| 614 case DEMO_LOGIN: | 560 case DEMO_LOGIN: |
| 615 VLOG(2) << "Retail mode login"; | 561 VLOG(2) << "Retail mode login"; |
| 616 current_state_->user_context.SetIsUsingOAuth(false); | 562 current_state_->user_context.SetIsUsingOAuth(false); |
| 617 BrowserThread::PostTask( | 563 task_runner_->PostTask( |
| 618 BrowserThread::UI, | |
| 619 FROM_HERE, | 564 FROM_HERE, |
| 620 base::Bind(&ParallelAuthenticator::OnRetailModeAuthSuccess, this)); | 565 base::Bind(&CryptohomeAuthenticator::OnRetailModeAuthSuccess, this)); |
| 621 break; | 566 break; |
| 622 case GUEST_LOGIN: | 567 case GUEST_LOGIN: |
| 623 BrowserThread::PostTask( | 568 task_runner_->PostTask( |
| 624 BrowserThread::UI, | |
| 625 FROM_HERE, | 569 FROM_HERE, |
| 626 base::Bind(&ParallelAuthenticator::OnOffTheRecordAuthSuccess, this)); | 570 base::Bind(&CryptohomeAuthenticator::OnOffTheRecordAuthSuccess, |
| 571 this)); |
| 627 break; | 572 break; |
| 628 case KIOSK_ACCOUNT_LOGIN: | 573 case KIOSK_ACCOUNT_LOGIN: |
| 629 case PUBLIC_ACCOUNT_LOGIN: | 574 case PUBLIC_ACCOUNT_LOGIN: |
| 630 current_state_->user_context.SetIsUsingOAuth(false); | 575 current_state_->user_context.SetIsUsingOAuth(false); |
| 631 BrowserThread::PostTask( | 576 task_runner_->PostTask( |
| 632 BrowserThread::UI, | 577 FROM_HERE, base::Bind(&CryptohomeAuthenticator::OnAuthSuccess, this)); |
| 633 FROM_HERE, | |
| 634 base::Bind(&ParallelAuthenticator::OnAuthSuccess, this)); | |
| 635 break; | 578 break; |
| 636 case SUPERVISED_USER_LOGIN: | 579 case SUPERVISED_USER_LOGIN: |
| 637 current_state_->user_context.SetIsUsingOAuth(false); | 580 current_state_->user_context.SetIsUsingOAuth(false); |
| 638 BrowserThread::PostTask( | 581 task_runner_->PostTask( |
| 639 BrowserThread::UI, | 582 FROM_HERE, base::Bind(&CryptohomeAuthenticator::OnAuthSuccess, this)); |
| 640 FROM_HERE, | |
| 641 base::Bind(&ParallelAuthenticator::OnAuthSuccess, this)); | |
| 642 break; | 583 break; |
| 643 case LOGIN_FAILED: | 584 case LOGIN_FAILED: |
| 644 current_state_->ResetCryptohomeStatus(); | 585 current_state_->ResetCryptohomeStatus(); |
| 645 BrowserThread::PostTask(BrowserThread::UI, | 586 task_runner_->PostTask(FROM_HERE, |
| 646 FROM_HERE, | 587 base::Bind(&CryptohomeAuthenticator::OnAuthFailure, |
| 647 base::Bind(&ParallelAuthenticator::OnAuthFailure, | 588 this, |
| 648 this, | 589 current_state_->online_outcome())); |
| 649 current_state_->online_outcome())); | |
| 650 break; | 590 break; |
| 651 case OWNER_REQUIRED: { | 591 case OWNER_REQUIRED: { |
| 652 current_state_->ResetCryptohomeStatus(); | 592 current_state_->ResetCryptohomeStatus(); |
| 653 bool success = false; | 593 bool success = false; |
| 654 DBusThreadManager::Get()->GetCryptohomeClient()->Unmount(&success); | 594 DBusThreadManager::Get()->GetCryptohomeClient()->Unmount(&success); |
| 655 if (!success) { | 595 if (!success) { |
| 656 // Maybe we should reboot immediately here? | 596 // Maybe we should reboot immediately here? |
| 657 LOG(ERROR) << "Couldn't unmount users home!"; | 597 LOG(ERROR) << "Couldn't unmount users home!"; |
| 658 } | 598 } |
| 659 BrowserThread::PostTask( | 599 task_runner_->PostTask( |
| 660 BrowserThread::UI, | |
| 661 FROM_HERE, | 600 FROM_HERE, |
| 662 base::Bind(&ParallelAuthenticator::OnAuthFailure, | 601 base::Bind(&CryptohomeAuthenticator::OnAuthFailure, |
| 663 this, | 602 this, |
| 664 AuthFailure(AuthFailure::OWNER_REQUIRED))); | 603 AuthFailure(AuthFailure::OWNER_REQUIRED))); |
| 665 break; | 604 break; |
| 666 } | 605 } |
| 667 default: | 606 default: |
| 668 NOTREACHED(); | 607 NOTREACHED(); |
| 669 break; | 608 break; |
| 670 } | 609 } |
| 671 } | 610 } |
| 672 | 611 |
| 673 ParallelAuthenticator::~ParallelAuthenticator() {} | 612 CryptohomeAuthenticator::~CryptohomeAuthenticator() { |
| 613 } |
| 674 | 614 |
| 675 ParallelAuthenticator::AuthState ParallelAuthenticator::ResolveState() { | 615 CryptohomeAuthenticator::AuthState CryptohomeAuthenticator::ResolveState() { |
| 676 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 616 DCHECK(task_runner_->RunsTasksOnCurrentThread()); |
| 677 // If we haven't mounted the user's home dir yet or | 617 // If we haven't mounted the user's home dir yet or |
| 678 // haven't got sanitized username value, we can't be done. | 618 // haven't got sanitized username value, we can't be done. |
| 679 // We never get past here if any of these two cryptohome ops is still pending. | 619 // We never get past here if any of these two cryptohome ops is still pending. |
| 680 // This is an important invariant. | 620 // This is an important invariant. |
| 681 if (!current_state_->cryptohome_complete() || | 621 if (!current_state_->cryptohome_complete() || |
| 682 !current_state_->username_hash_obtained()) { | 622 !current_state_->username_hash_obtained()) { |
| 683 return CONTINUE; | 623 return CONTINUE; |
| 684 } | 624 } |
| 685 | 625 |
| 686 AuthState state = CONTINUE; | 626 AuthState state = CONTINUE; |
| 687 | 627 |
| 688 if (current_state_->cryptohome_outcome() && | 628 if (current_state_->cryptohome_outcome() && |
| 689 current_state_->username_hash_valid()) { | 629 current_state_->username_hash_valid()) { |
| 690 state = ResolveCryptohomeSuccessState(); | 630 state = ResolveCryptohomeSuccessState(); |
| 691 } else { | 631 } else { |
| 692 state = ResolveCryptohomeFailureState(); | 632 state = ResolveCryptohomeFailureState(); |
| 693 } | 633 } |
| 694 | 634 |
| 695 DCHECK(current_state_->cryptohome_complete()); // Ensure invariant holds. | 635 DCHECK(current_state_->cryptohome_complete()); // Ensure invariant holds. |
| 696 migrate_attempted_ = false; | 636 migrate_attempted_ = false; |
| 697 remove_attempted_ = false; | 637 remove_attempted_ = false; |
| 698 resync_attempted_ = false; | 638 resync_attempted_ = false; |
| 699 ephemeral_mount_attempted_ = false; | 639 ephemeral_mount_attempted_ = false; |
| 700 check_key_attempted_ = false; | 640 check_key_attempted_ = false; |
| 701 | 641 |
| 702 if (state != POSSIBLE_PW_CHANGE && | 642 if (state != POSSIBLE_PW_CHANGE && state != NO_MOUNT && |
| 703 state != NO_MOUNT && | |
| 704 state != OFFLINE_LOGIN) | 643 state != OFFLINE_LOGIN) |
| 705 return state; | 644 return state; |
| 706 | 645 |
| 707 if (current_state_->online_complete()) { | 646 if (current_state_->online_complete()) { |
| 708 if (current_state_->online_outcome().reason() == AuthFailure::NONE) { | 647 if (current_state_->online_outcome().reason() == AuthFailure::NONE) { |
| 709 // Online attempt succeeded as well, so combine the results. | 648 // Online attempt succeeded as well, so combine the results. |
| 710 return ResolveOnlineSuccessState(state); | 649 return ResolveOnlineSuccessState(state); |
| 711 } | 650 } |
| 712 NOTREACHED() << "Using obsolete ClientLogin code path."; | 651 NOTREACHED() << "Using obsolete ClientLogin code path."; |
| 713 } | 652 } |
| 714 // if online isn't complete yet, just return the offline result. | 653 // if online isn't complete yet, just return the offline result. |
| 715 return state; | 654 return state; |
| 716 } | 655 } |
| 717 | 656 |
| 718 ParallelAuthenticator::AuthState | 657 CryptohomeAuthenticator::AuthState |
| 719 ParallelAuthenticator::ResolveCryptohomeFailureState() { | 658 CryptohomeAuthenticator::ResolveCryptohomeFailureState() { |
| 720 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 659 DCHECK(task_runner_->RunsTasksOnCurrentThread()); |
| 721 if (remove_attempted_ || resync_attempted_) | 660 if (remove_attempted_ || resync_attempted_) |
| 722 return FAILED_REMOVE; | 661 return FAILED_REMOVE; |
| 723 if (ephemeral_mount_attempted_) | 662 if (ephemeral_mount_attempted_) |
| 724 return FAILED_TMPFS; | 663 return FAILED_TMPFS; |
| 725 if (migrate_attempted_) | 664 if (migrate_attempted_) |
| 726 return NEED_OLD_PW; | 665 return NEED_OLD_PW; |
| 727 if (check_key_attempted_) | 666 if (check_key_attempted_) |
| 728 return LOGIN_FAILED; | 667 return LOGIN_FAILED; |
| 729 | 668 |
| 730 if (current_state_->cryptohome_code() == | 669 if (current_state_->cryptohome_code() == |
| (...skipping 20 matching lines...) Expand all Loading... |
| 751 return NO_MOUNT; | 690 return NO_MOUNT; |
| 752 } | 691 } |
| 753 } | 692 } |
| 754 | 693 |
| 755 if (!current_state_->username_hash_valid()) | 694 if (!current_state_->username_hash_valid()) |
| 756 return FAILED_USERNAME_HASH; | 695 return FAILED_USERNAME_HASH; |
| 757 | 696 |
| 758 return FAILED_MOUNT; | 697 return FAILED_MOUNT; |
| 759 } | 698 } |
| 760 | 699 |
| 761 ParallelAuthenticator::AuthState | 700 CryptohomeAuthenticator::AuthState |
| 762 ParallelAuthenticator::ResolveCryptohomeSuccessState() { | 701 CryptohomeAuthenticator::ResolveCryptohomeSuccessState() { |
| 763 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 702 DCHECK(task_runner_->RunsTasksOnCurrentThread()); |
| 764 if (resync_attempted_) | 703 if (resync_attempted_) |
| 765 return CREATE_NEW; | 704 return CREATE_NEW; |
| 766 if (remove_attempted_) | 705 if (remove_attempted_) |
| 767 return REMOVED_DATA_AFTER_FAILURE; | 706 return REMOVED_DATA_AFTER_FAILURE; |
| 768 if (migrate_attempted_) | 707 if (migrate_attempted_) |
| 769 return RECOVER_MOUNT; | 708 return RECOVER_MOUNT; |
| 770 if (check_key_attempted_) | 709 if (check_key_attempted_) |
| 771 return UNLOCK; | 710 return UNLOCK; |
| 772 | 711 |
| 773 if (current_state_->user_type == user_manager::USER_TYPE_GUEST) | 712 if (current_state_->user_type == user_manager::USER_TYPE_GUEST) |
| 774 return GUEST_LOGIN; | 713 return GUEST_LOGIN; |
| 775 if (current_state_->user_type == user_manager::USER_TYPE_RETAIL_MODE) | 714 if (current_state_->user_type == user_manager::USER_TYPE_RETAIL_MODE) |
| 776 return DEMO_LOGIN; | 715 return DEMO_LOGIN; |
| 777 if (current_state_->user_type == user_manager::USER_TYPE_PUBLIC_ACCOUNT) | 716 if (current_state_->user_type == user_manager::USER_TYPE_PUBLIC_ACCOUNT) |
| 778 return PUBLIC_ACCOUNT_LOGIN; | 717 return PUBLIC_ACCOUNT_LOGIN; |
| 779 if (current_state_->user_type == user_manager::USER_TYPE_KIOSK_APP) | 718 if (current_state_->user_type == user_manager::USER_TYPE_KIOSK_APP) |
| 780 return KIOSK_ACCOUNT_LOGIN; | 719 return KIOSK_ACCOUNT_LOGIN; |
| 781 if (current_state_->user_type == user_manager::USER_TYPE_SUPERVISED) | 720 if (current_state_->user_type == user_manager::USER_TYPE_SUPERVISED) |
| 782 return SUPERVISED_USER_LOGIN; | 721 return SUPERVISED_USER_LOGIN; |
| 783 | 722 |
| 784 if (!VerifyOwner()) | 723 if (!VerifyOwner()) |
| 785 return CONTINUE; | 724 return CONTINUE; |
| 786 return user_can_login_ ? OFFLINE_LOGIN : OWNER_REQUIRED; | 725 return user_can_login_ ? OFFLINE_LOGIN : OWNER_REQUIRED; |
| 787 } | 726 } |
| 788 | 727 |
| 789 ParallelAuthenticator::AuthState | 728 CryptohomeAuthenticator::AuthState |
| 790 ParallelAuthenticator::ResolveOnlineSuccessState( | 729 CryptohomeAuthenticator::ResolveOnlineSuccessState( |
| 791 ParallelAuthenticator::AuthState offline_state) { | 730 CryptohomeAuthenticator::AuthState offline_state) { |
| 792 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 731 DCHECK(task_runner_->RunsTasksOnCurrentThread()); |
| 793 switch (offline_state) { | 732 switch (offline_state) { |
| 794 case POSSIBLE_PW_CHANGE: | 733 case POSSIBLE_PW_CHANGE: |
| 795 return NEED_OLD_PW; | 734 return NEED_OLD_PW; |
| 796 case NO_MOUNT: | 735 case NO_MOUNT: |
| 797 return CREATE_NEW; | 736 return CREATE_NEW; |
| 798 case OFFLINE_LOGIN: | 737 case OFFLINE_LOGIN: |
| 799 return ONLINE_LOGIN; | 738 return ONLINE_LOGIN; |
| 800 default: | 739 default: |
| 801 NOTREACHED(); | 740 NOTREACHED(); |
| 802 return offline_state; | 741 return offline_state; |
| 803 } | 742 } |
| 804 } | 743 } |
| 805 | 744 |
| 806 void ParallelAuthenticator::ResolveLoginCompletionStatus() { | 745 void CryptohomeAuthenticator::ResolveLoginCompletionStatus() { |
| 807 // Shortcut online state resolution process. | 746 // Shortcut online state resolution process. |
| 808 current_state_->RecordOnlineLoginStatus(AuthFailure::AuthFailureNone()); | 747 current_state_->RecordOnlineLoginStatus(AuthFailure::AuthFailureNone()); |
| 809 Resolve(); | 748 Resolve(); |
| 810 } | 749 } |
| 811 | 750 |
| 812 void ParallelAuthenticator::SetOwnerState(bool owner_check_finished, | 751 void CryptohomeAuthenticator::SetOwnerState(bool owner_check_finished, |
| 813 bool check_result) { | 752 bool check_result) { |
| 814 owner_is_verified_ = owner_check_finished; | 753 owner_is_verified_ = owner_check_finished; |
| 815 user_can_login_ = check_result; | 754 user_can_login_ = check_result; |
| 816 } | 755 } |
| 817 | 756 |
| 818 } // namespace chromeos | 757 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 495563003:
Move ParallelAuthnticator to chromeos and rename it to CryptohomeAuthenticator (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src