| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chromeos/login/auth/cryptohome_authenticator.h" | 5 #include "chromeos/login/auth/cryptohome_authenticator.h" |
| 6 | 6 |
| 7 #include "base/basictypes.h" |
| 7 #include "base/bind.h" | 8 #include "base/bind.h" |
| 8 #include "base/files/file_path.h" | 9 #include "base/files/file_path.h" |
| 9 #include "base/location.h" | 10 #include "base/location.h" |
| 10 #include "base/logging.h" | 11 #include "base/logging.h" |
| 11 #include "chromeos/cryptohome/async_method_caller.h" | 12 #include "chromeos/cryptohome/async_method_caller.h" |
| 12 #include "chromeos/cryptohome/cryptohome_parameters.h" | 13 #include "chromeos/cryptohome/cryptohome_parameters.h" |
| 13 #include "chromeos/cryptohome/homedir_methods.h" | 14 #include "chromeos/cryptohome/homedir_methods.h" |
| 14 #include "chromeos/cryptohome/system_salt_getter.h" | 15 #include "chromeos/cryptohome/system_salt_getter.h" |
| 15 #include "chromeos/dbus/cryptohome_client.h" | 16 #include "chromeos/dbus/cryptohome_client.h" |
| 16 #include "chromeos/dbus/dbus_thread_manager.h" | 17 #include "chromeos/dbus/dbus_thread_manager.h" |
| 17 #include "chromeos/login/auth/auth_status_consumer.h" | 18 #include "chromeos/login/auth/auth_status_consumer.h" |
| 18 #include "chromeos/login/auth/key.h" | 19 #include "chromeos/login/auth/key.h" |
| 19 #include "chromeos/login/auth/user_context.h" | 20 #include "chromeos/login/auth/user_context.h" |
| 20 #include "chromeos/login/login_state.h" | 21 #include "chromeos/login/login_state.h" |
| 21 #include "chromeos/login/user_names.h" | 22 #include "chromeos/login/user_names.h" |
| 22 #include "chromeos/login_event_recorder.h" | 23 #include "chromeos/login_event_recorder.h" |
| 23 #include "components/user_manager/user_type.h" | 24 #include "components/user_manager/user_type.h" |
| 24 #include "third_party/cros_system_api/dbus/service_constants.h" | 25 #include "third_party/cros_system_api/dbus/service_constants.h" |
| 25 | 26 |
| 26 namespace chromeos { | 27 namespace chromeos { |
| 27 | 28 |
| 28 namespace { | 29 namespace { |
| 29 | 30 |
| 30 // The label used for the key derived from the user's GAIA credentials. | 31 // The label used for the key derived from the user's GAIA credentials. |
| 31 const char kCryptohomeGAIAKeyLabel[] = "gaia"; | 32 const char kCryptohomeGAIAKeyLabel[] = "gaia"; |
| 32 | 33 |
| 34 // The name under which the type of key generated from the user's GAIA |
| 35 // credentials is stored. |
| 36 const char kKeyProviderDataTypeName[] = "type"; |
| 37 |
| 38 // The name under which the salt used to generate a key from the user's GAIA |
| 39 // credentials is stored. |
| 40 const char kKeyProviderDataSaltName[] = "salt"; |
| 41 |
| 33 // Hashes |key| with |system_salt| if it its type is KEY_TYPE_PASSWORD_PLAIN. | 42 // Hashes |key| with |system_salt| if it its type is KEY_TYPE_PASSWORD_PLAIN. |
| 34 // Returns the keys unmodified otherwise. | 43 // Returns the keys unmodified otherwise. |
| 35 scoped_ptr<Key> TransformKeyIfNeeded(const Key& key, | 44 scoped_ptr<Key> TransformKeyIfNeeded(const Key& key, |
| 36 const std::string& system_salt) { | 45 const std::string& system_salt) { |
| 37 scoped_ptr<Key> result(new Key(key)); | 46 scoped_ptr<Key> result(new Key(key)); |
| 38 if (result->GetKeyType() == Key::KEY_TYPE_PASSWORD_PLAIN) | 47 if (result->GetKeyType() == Key::KEY_TYPE_PASSWORD_PLAIN) |
| 39 result->Transform(Key::KEY_TYPE_SALTED_SHA256_TOP_HALF, system_salt); | 48 result->Transform(Key::KEY_TYPE_SALTED_SHA256_TOP_HALF, system_salt); |
| 40 | 49 |
| 41 return result.Pass(); | 50 return result.Pass(); |
| 42 } | 51 } |
| (...skipping 23 matching lines...) Expand all Loading... |
| 66 void TriggerResolveWithLoginTimeMarker( | 75 void TriggerResolveWithLoginTimeMarker( |
| 67 const std::string& marker_name, | 76 const std::string& marker_name, |
| 68 AuthAttemptState* attempt, | 77 AuthAttemptState* attempt, |
| 69 scoped_refptr<CryptohomeAuthenticator> resolver, | 78 scoped_refptr<CryptohomeAuthenticator> resolver, |
| 70 bool success, | 79 bool success, |
| 71 cryptohome::MountError return_code) { | 80 cryptohome::MountError return_code) { |
| 72 chromeos::LoginEventRecorder::Get()->AddLoginTimeMarker(marker_name, false); | 81 chromeos::LoginEventRecorder::Get()->AddLoginTimeMarker(marker_name, false); |
| 73 TriggerResolve(attempt, resolver, success, return_code); | 82 TriggerResolve(attempt, resolver, success, return_code); |
| 74 } | 83 } |
| 75 | 84 |
| 76 void TriggerResolveWithHashAndLoginTimeMarker( | 85 // Records an error in accessing the user's cryptohome with the given key and |
| 77 const std::string& marker_name, | 86 // calls resolver->Resolve() after adding a login time marker. |
| 78 AuthAttemptState* attempt, | 87 void RecordKeyErrorAndResolve(AuthAttemptState* attempt, |
| 79 scoped_refptr<CryptohomeAuthenticator> resolver, | 88 scoped_refptr<CryptohomeAuthenticator> resolver) { |
| 80 bool success, | 89 chromeos::LoginEventRecorder::Get()->AddLoginTimeMarker("CryptohomeMount-End", |
| 81 cryptohome::MountError return_code, | 90 false); |
| 82 const std::string& mount_hash) { | 91 attempt->RecordCryptohomeStatus(false /* success */, |
| 83 chromeos::LoginEventRecorder::Get()->AddLoginTimeMarker(marker_name, false); | 92 cryptohome::MOUNT_ERROR_KEY_FAILURE); |
| 93 resolver->Resolve(); |
| 94 } |
| 95 |
| 96 // Callback invoked when cryptohome's MountEx() method has finished. |
| 97 void OnMount(AuthAttemptState* attempt, |
| 98 scoped_refptr<CryptohomeAuthenticator> resolver, |
| 99 bool success, |
| 100 cryptohome::MountError return_code, |
| 101 const std::string& mount_hash) { |
| 102 chromeos::LoginEventRecorder::Get()->AddLoginTimeMarker("CryptohomeMount-End", |
| 103 false); |
| 84 attempt->RecordCryptohomeStatus(success, return_code); | 104 attempt->RecordCryptohomeStatus(success, return_code); |
| 85 if (success) | 105 if (success) |
| 86 attempt->RecordUsernameHash(mount_hash); | 106 attempt->RecordUsernameHash(mount_hash); |
| 87 else | 107 else |
| 88 attempt->RecordUsernameHashFailed(); | 108 attempt->RecordUsernameHashFailed(); |
| 89 resolver->Resolve(); | 109 resolver->Resolve(); |
| 90 } | 110 } |
| 91 | 111 |
| 92 // Calls cryptohome's mount method. | 112 // Calls cryptohome's MountEx() method. The key in |attempt->user_context| must |
| 93 void Mount(AuthAttemptState* attempt, | 113 // not be a plain text password. If the user provided a plain text password, |
| 94 scoped_refptr<CryptohomeAuthenticator> resolver, | 114 // that password must be transformed to another key type (by salted hashing) |
| 95 bool ephemeral, | 115 // before calling this method. |
| 96 bool create_if_nonexistent, | 116 void DoMount(AuthAttemptState* attempt, |
| 97 const std::string& system_salt) { | 117 scoped_refptr<CryptohomeAuthenticator> resolver, |
| 98 chromeos::LoginEventRecorder::Get()->AddLoginTimeMarker( | 118 bool ephemeral, |
| 99 "CryptohomeMount-Start", false); | 119 bool create_if_nonexistent) { |
| 120 const Key* key = attempt->user_context.GetKey(); |
| 121 // If the |key| is a plain text password, crash rather than attempting to |
| 122 // mount the cryptohome with a plain text password. |
| 123 CHECK_NE(Key::KEY_TYPE_PASSWORD_PLAIN, key->GetKeyType()); |
| 124 |
| 100 // Set state that username_hash is requested here so that test implementation | 125 // Set state that username_hash is requested here so that test implementation |
| 101 // that returns directly would not generate 2 OnLoginSucces() calls. | 126 // that returns directly would not generate 2 OnLoginSucces() calls. |
| 102 attempt->UsernameHashRequested(); | 127 attempt->UsernameHashRequested(); |
| 103 | 128 |
| 104 scoped_ptr<Key> key = | |
| 105 TransformKeyIfNeeded(*attempt->user_context.GetKey(), system_salt); | |
| 106 // Set the authentication's key label to an empty string, which is a wildcard | 129 // Set the authentication's key label to an empty string, which is a wildcard |
| 107 // allowing any key to match. This is necessary because cryptohomes created by | 130 // allowing any key to match. This is necessary because cryptohomes created by |
| 108 // Chrome OS M38 and older will have a legacy key with no label while those | 131 // Chrome OS M38 and older will have a legacy key with no label while those |
| 109 // created by Chrome OS M39 and newer will have a key with the label | 132 // created by Chrome OS M39 and newer will have a key with the label |
| 110 // kCryptohomeGAIAKeyLabel. | 133 // kCryptohomeGAIAKeyLabel. |
| 111 const cryptohome::KeyDefinition auth_key(key->GetSecret(), | 134 const cryptohome::KeyDefinition auth_key(key->GetSecret(), |
| 112 std::string(), | 135 std::string(), |
| 113 cryptohome::PRIV_DEFAULT); | 136 cryptohome::PRIV_DEFAULT); |
| 114 cryptohome::MountParameters mount(ephemeral); | 137 cryptohome::MountParameters mount(ephemeral); |
| 115 if (create_if_nonexistent) { | 138 if (create_if_nonexistent) { |
| 116 mount.create_keys.push_back(cryptohome::KeyDefinition( | 139 mount.create_keys.push_back(cryptohome::KeyDefinition( |
| 117 key->GetSecret(), | 140 key->GetSecret(), |
| 118 kCryptohomeGAIAKeyLabel, | 141 kCryptohomeGAIAKeyLabel, |
| 119 cryptohome::PRIV_DEFAULT)); | 142 cryptohome::PRIV_DEFAULT)); |
| 120 } | 143 } |
| 121 | 144 |
| 122 cryptohome::HomedirMethods::GetInstance()->MountEx( | 145 cryptohome::HomedirMethods::GetInstance()->MountEx( |
| 123 cryptohome::Identification(attempt->user_context.GetUserID()), | 146 cryptohome::Identification(attempt->user_context.GetUserID()), |
| 124 cryptohome::Authorization(auth_key), | 147 cryptohome::Authorization(auth_key), |
| 125 mount, | 148 mount, |
| 126 base::Bind(&TriggerResolveWithHashAndLoginTimeMarker, | 149 base::Bind(&OnMount, attempt, resolver)); |
| 127 "CryptohomeMount-End", | 150 } |
| 151 |
| 152 // Callback invoked when the system salt has been retrieved. Transforms the key |
| 153 // in |attempt->user_context| using Chrome's default hashing algorithm and the |
| 154 // system salt, then calls MountEx(). |
| 155 void OnGetSystemSalt(AuthAttemptState* attempt, |
| 156 scoped_refptr<CryptohomeAuthenticator> resolver, |
| 157 bool ephemeral, |
| 158 bool create_if_nonexistent, |
| 159 const std::string& system_salt) { |
| 160 DCHECK_EQ(Key::KEY_TYPE_PASSWORD_PLAIN, |
| 161 attempt->user_context.GetKey()->GetKeyType()); |
| 162 |
| 163 attempt->user_context.GetKey()->Transform( |
| 164 Key::KEY_TYPE_SALTED_SHA256_TOP_HALF, |
| 165 system_salt); |
| 166 |
| 167 DoMount(attempt, resolver, ephemeral, create_if_nonexistent); |
| 168 } |
| 169 |
| 170 // Callback invoked when cryptohome's GetKeyDataEx() method has finished. |
| 171 // * If GetKeyDataEx() returned metadata indicating the hashing algorithm and |
| 172 // salt that were used to generate the key for this user's cryptohome, |
| 173 // transforms the key in |attempt->user_context| with the same parameters. |
| 174 // * Otherwise, starts the retrieval of the system salt so that the key in |
| 175 // |attempt->user_context| can be transformed with Chrome's default hashing |
| 176 // algorithm and the system salt. |
| 177 // The resulting key is then passed to cryptohome's MountEx(). |
| 178 void OnGetKeyDataEx(AuthAttemptState* attempt, |
| 179 scoped_refptr<CryptohomeAuthenticator> resolver, |
| 180 bool ephemeral, |
| 181 bool create_if_nonexistent, |
| 182 bool success, |
| 183 cryptohome::MountError return_code, |
| 184 ScopedVector<cryptohome::RetrievedKeyData> key_data) { |
| 185 if (success && key_data.size() == 1) { |
| 186 cryptohome::RetrievedKeyData* key_data_entry = key_data.front(); |
| 187 DCHECK_EQ(kCryptohomeGAIAKeyLabel, key_data_entry->label); |
| 188 |
| 189 // Extract the key type and salt from |key_data|, if present. |
| 190 scoped_ptr<int64> type; |
| 191 scoped_ptr<std::string> salt; |
| 192 for (ScopedVector<cryptohome::RetrievedKeyData::ProviderData>:: |
| 193 const_iterator it = key_data_entry->provider_data.begin(); |
| 194 it != key_data_entry->provider_data.end(); ++it) { |
| 195 if ((*it)->name == kKeyProviderDataTypeName) { |
| 196 if ((*it)->number) |
| 197 type.reset(new int64(*(*it)->number)); |
| 198 else |
| 199 NOTREACHED(); |
| 200 } else if ((*it)->name == kKeyProviderDataSaltName) { |
| 201 if ((*it)->bytes) |
| 202 salt.reset(new std::string(*(*it)->bytes)); |
| 203 else |
| 204 NOTREACHED(); |
| 205 } |
| 206 } |
| 207 |
| 208 if (type) { |
| 209 if (*type < 0 || *type >= Key::KEY_TYPE_COUNT) { |
| 210 LOG(ERROR) << "Invalid key type: " << *type; |
| 211 RecordKeyErrorAndResolve(attempt, resolver); |
| 212 return; |
| 213 } |
| 214 |
| 215 if (!salt) { |
| 216 LOG(ERROR) << "Missing salt."; |
| 217 RecordKeyErrorAndResolve(attempt, resolver); |
| 218 return; |
| 219 } |
| 220 |
| 221 attempt->user_context.GetKey()->Transform( |
| 222 static_cast<Key::KeyType>(*type), |
| 223 *salt); |
| 224 DoMount(attempt, resolver, ephemeral, create_if_nonexistent); |
| 225 return; |
| 226 } |
| 227 } |
| 228 |
| 229 SystemSaltGetter::Get()->GetSystemSalt(base::Bind(&OnGetSystemSalt, |
| 230 attempt, |
| 231 resolver, |
| 232 ephemeral, |
| 233 create_if_nonexistent)); |
| 234 } |
| 235 |
| 236 // Starts the process that will mount a user's cryptohome. |
| 237 // * If the key in |attempt->user_context| is not a plain text password, |
| 238 // cryptohome's MountEx() method is called directly with the key. |
| 239 // * Otherwise, the key must be transformed (by salted hashing) before being |
| 240 // passed to MountEx(). In that case, cryptohome's GetKeyDataEx() method is |
| 241 // called to retrieve metadata indicating the hashing algorithm and salt that |
| 242 // were used to generate the key for this user's cryptohome and the key is |
| 243 // transformed accordingly before calling MountEx(). |
| 244 void StartMount(AuthAttemptState* attempt, |
| 245 scoped_refptr<CryptohomeAuthenticator> resolver, |
| 246 bool ephemeral, |
| 247 bool create_if_nonexistent) { |
| 248 chromeos::LoginEventRecorder::Get()->AddLoginTimeMarker( |
| 249 "CryptohomeMount-Start", false); |
| 250 |
| 251 if (attempt->user_context.GetKey()->GetKeyType() != |
| 252 Key::KEY_TYPE_PASSWORD_PLAIN) { |
| 253 DoMount(attempt, resolver, ephemeral, create_if_nonexistent); |
| 254 return; |
| 255 } |
| 256 |
| 257 cryptohome::HomedirMethods::GetInstance()->GetKeyDataEx( |
| 258 cryptohome::Identification(attempt->user_context.GetUserID()), |
| 259 kCryptohomeGAIAKeyLabel, |
| 260 base::Bind(&OnGetKeyDataEx, |
| 128 attempt, | 261 attempt, |
| 129 resolver)); | 262 resolver, |
| 263 ephemeral, |
| 264 create_if_nonexistent)); |
| 130 } | 265 } |
| 131 | 266 |
| 132 // Calls cryptohome's mount method for guest and also get the user hash from | 267 // Calls cryptohome's mount method for guest and also get the user hash from |
| 133 // cryptohome. | 268 // cryptohome. |
| 134 void MountGuestAndGetHash(AuthAttemptState* attempt, | 269 void MountGuestAndGetHash(AuthAttemptState* attempt, |
| 135 scoped_refptr<CryptohomeAuthenticator> resolver) { | 270 scoped_refptr<CryptohomeAuthenticator> resolver) { |
| 136 attempt->UsernameHashRequested(); | 271 attempt->UsernameHashRequested(); |
| 137 cryptohome::AsyncMethodCaller::GetInstance()->AsyncMountGuest( | 272 cryptohome::AsyncMethodCaller::GetInstance()->AsyncMountGuest( |
| 138 base::Bind(&TriggerResolveWithLoginTimeMarker, | 273 base::Bind(&TriggerResolveWithLoginTimeMarker, |
| 139 "CryptohomeMount-End", | 274 "CryptohomeMount-End", |
| (...skipping 105 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 245 const UserContext& user_context) { | 380 const UserContext& user_context) { |
| 246 authentication_profile_ = profile; | 381 authentication_profile_ = profile; |
| 247 current_state_.reset(new AuthAttemptState(user_context, | 382 current_state_.reset(new AuthAttemptState(user_context, |
| 248 user_manager::USER_TYPE_REGULAR, | 383 user_manager::USER_TYPE_REGULAR, |
| 249 false, // unlock | 384 false, // unlock |
| 250 false, // online_complete | 385 false, // online_complete |
| 251 !IsKnownUser(user_context))); | 386 !IsKnownUser(user_context))); |
| 252 // Reset the verified flag. | 387 // Reset the verified flag. |
| 253 owner_is_verified_ = false; | 388 owner_is_verified_ = false; |
| 254 | 389 |
| 255 SystemSaltGetter::Get()->GetSystemSalt( | 390 StartMount(current_state_.get(), |
| 256 base::Bind(&Mount, | 391 scoped_refptr<CryptohomeAuthenticator>(this), |
| 257 current_state_.get(), | 392 false /* ephemeral */, |
| 258 scoped_refptr<CryptohomeAuthenticator>(this), | 393 false /* create_if_nonexistent */); |
| 259 false /* ephemeral */, | |
| 260 false /* create_if_nonexistent */)); | |
| 261 } | 394 } |
| 262 | 395 |
| 263 void CryptohomeAuthenticator::CompleteLogin(Profile* profile, | 396 void CryptohomeAuthenticator::CompleteLogin(Profile* profile, |
| 264 const UserContext& user_context) { | 397 const UserContext& user_context) { |
| 265 authentication_profile_ = profile; | 398 authentication_profile_ = profile; |
| 266 current_state_.reset(new AuthAttemptState(user_context, | 399 current_state_.reset(new AuthAttemptState(user_context, |
| 267 user_manager::USER_TYPE_REGULAR, | 400 user_manager::USER_TYPE_REGULAR, |
| 268 true, // unlock | 401 true, // unlock |
| 269 false, // online_complete | 402 false, // online_complete |
| 270 !IsKnownUser(user_context))); | 403 !IsKnownUser(user_context))); |
| 271 | 404 |
| 272 // Reset the verified flag. | 405 // Reset the verified flag. |
| 273 owner_is_verified_ = false; | 406 owner_is_verified_ = false; |
| 274 | 407 |
| 275 SystemSaltGetter::Get()->GetSystemSalt( | 408 StartMount(current_state_.get(), |
| 276 base::Bind(&Mount, | 409 scoped_refptr<CryptohomeAuthenticator>(this), |
| 277 current_state_.get(), | 410 false /* ephemeral */, |
| 278 scoped_refptr<CryptohomeAuthenticator>(this), | 411 false /* create_if_nonexistent */); |
| 279 false /* ephemeral */, | |
| 280 false /* create_if_nonexistent */)); | |
| 281 | 412 |
| 282 // For login completion from extension, we just need to resolve the current | 413 // For login completion from extension, we just need to resolve the current |
| 283 // auth attempt state, the rest of OAuth related tasks will be done in | 414 // auth attempt state, the rest of OAuth related tasks will be done in |
| 284 // parallel. | 415 // parallel. |
| 285 task_runner_->PostTask( | 416 task_runner_->PostTask( |
| 286 FROM_HERE, | 417 FROM_HERE, |
| 287 base::Bind(&CryptohomeAuthenticator::ResolveLoginCompletionStatus, this)); | 418 base::Bind(&CryptohomeAuthenticator::ResolveLoginCompletionStatus, this)); |
| 288 } | 419 } |
| 289 | 420 |
| 290 void CryptohomeAuthenticator::AuthenticateToUnlock( | 421 void CryptohomeAuthenticator::AuthenticateToUnlock( |
| (...skipping 14 matching lines...) Expand all Loading... |
| 305 void CryptohomeAuthenticator::LoginAsSupervisedUser( | 436 void CryptohomeAuthenticator::LoginAsSupervisedUser( |
| 306 const UserContext& user_context) { | 437 const UserContext& user_context) { |
| 307 DCHECK(task_runner_->RunsTasksOnCurrentThread()); | 438 DCHECK(task_runner_->RunsTasksOnCurrentThread()); |
| 308 // TODO(nkostylev): Pass proper value for |user_is_new| or remove (not used). | 439 // TODO(nkostylev): Pass proper value for |user_is_new| or remove (not used). |
| 309 current_state_.reset(new AuthAttemptState(user_context, | 440 current_state_.reset(new AuthAttemptState(user_context, |
| 310 user_manager::USER_TYPE_SUPERVISED, | 441 user_manager::USER_TYPE_SUPERVISED, |
| 311 false, // unlock | 442 false, // unlock |
| 312 false, // online_complete | 443 false, // online_complete |
| 313 false)); // user_is_new | 444 false)); // user_is_new |
| 314 remove_user_data_on_failure_ = false; | 445 remove_user_data_on_failure_ = false; |
| 315 SystemSaltGetter::Get()->GetSystemSalt( | 446 StartMount(current_state_.get(), |
| 316 base::Bind(&Mount, | 447 scoped_refptr<CryptohomeAuthenticator>(this), |
| 317 current_state_.get(), | 448 false /* ephemeral */, |
| 318 scoped_refptr<CryptohomeAuthenticator>(this), | 449 false /* create_if_nonexistent */); |
| 319 false /* ephemeral */, | |
| 320 false /* create_if_nonexistent */)); | |
| 321 } | 450 } |
| 322 | 451 |
| 323 void CryptohomeAuthenticator::LoginRetailMode() { | 452 void CryptohomeAuthenticator::LoginRetailMode() { |
| 324 DCHECK(task_runner_->RunsTasksOnCurrentThread()); | 453 DCHECK(task_runner_->RunsTasksOnCurrentThread()); |
| 325 // Note: |kRetailModeUserEMail| is used in other places to identify a retail | 454 // Note: |kRetailModeUserEMail| is used in other places to identify a retail |
| 326 // mode session. | 455 // mode session. |
| 327 current_state_.reset( | 456 current_state_.reset( |
| 328 new AuthAttemptState(UserContext(chromeos::login::kRetailModeUserName), | 457 new AuthAttemptState(UserContext(chromeos::login::kRetailModeUserName), |
| 329 user_manager::USER_TYPE_RETAIL_MODE, | 458 user_manager::USER_TYPE_RETAIL_MODE, |
| 330 false, // unlock | 459 false, // unlock |
| (...skipping 23 matching lines...) Expand all Loading... |
| 354 const UserContext& user_context) { | 483 const UserContext& user_context) { |
| 355 DCHECK(task_runner_->RunsTasksOnCurrentThread()); | 484 DCHECK(task_runner_->RunsTasksOnCurrentThread()); |
| 356 current_state_.reset( | 485 current_state_.reset( |
| 357 new AuthAttemptState(user_context, | 486 new AuthAttemptState(user_context, |
| 358 user_manager::USER_TYPE_PUBLIC_ACCOUNT, | 487 user_manager::USER_TYPE_PUBLIC_ACCOUNT, |
| 359 false, // unlock | 488 false, // unlock |
| 360 false, // online_complete | 489 false, // online_complete |
| 361 false)); // user_is_new | 490 false)); // user_is_new |
| 362 remove_user_data_on_failure_ = false; | 491 remove_user_data_on_failure_ = false; |
| 363 ephemeral_mount_attempted_ = true; | 492 ephemeral_mount_attempted_ = true; |
| 364 SystemSaltGetter::Get()->GetSystemSalt( | 493 StartMount(current_state_.get(), |
| 365 base::Bind(&Mount, | 494 scoped_refptr<CryptohomeAuthenticator>(this), |
| 366 current_state_.get(), | 495 true /* ephemeral */, |
| 367 scoped_refptr<CryptohomeAuthenticator>(this), | 496 true /* create_if_nonexistent */); |
| 368 true /* ephemeral */, | |
| 369 true /* create_if_nonexistent */)); | |
| 370 } | 497 } |
| 371 | 498 |
| 372 void CryptohomeAuthenticator::LoginAsKioskAccount( | 499 void CryptohomeAuthenticator::LoginAsKioskAccount( |
| 373 const std::string& app_user_id, | 500 const std::string& app_user_id, |
| 374 bool use_guest_mount) { | 501 bool use_guest_mount) { |
| 375 DCHECK(task_runner_->RunsTasksOnCurrentThread()); | 502 DCHECK(task_runner_->RunsTasksOnCurrentThread()); |
| 376 | 503 |
| 377 const std::string user_id = | 504 const std::string user_id = |
| 378 use_guest_mount ? chromeos::login::kGuestUserName : app_user_id; | 505 use_guest_mount ? chromeos::login::kGuestUserName : app_user_id; |
| 379 current_state_.reset(new AuthAttemptState(UserContext(user_id), | 506 current_state_.reset(new AuthAttemptState(UserContext(user_id), |
| (...skipping 182 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 562 remove_user_data_on_failure_ = false; | 689 remove_user_data_on_failure_ = false; |
| 563 task_runner_->PostTask(FROM_HERE, | 690 task_runner_->PostTask(FROM_HERE, |
| 564 base::Bind(&CryptohomeAuthenticator::OnAuthFailure, | 691 base::Bind(&CryptohomeAuthenticator::OnAuthFailure, |
| 565 this, | 692 this, |
| 566 *delayed_login_failure_)); | 693 *delayed_login_failure_)); |
| 567 break; | 694 break; |
| 568 case CREATE_NEW: | 695 case CREATE_NEW: |
| 569 create_if_nonexistent = true; | 696 create_if_nonexistent = true; |
| 570 case RECOVER_MOUNT: | 697 case RECOVER_MOUNT: |
| 571 current_state_->ResetCryptohomeStatus(); | 698 current_state_->ResetCryptohomeStatus(); |
| 572 SystemSaltGetter::Get()->GetSystemSalt( | 699 StartMount(current_state_.get(), |
| 573 base::Bind(&Mount, | 700 scoped_refptr<CryptohomeAuthenticator>(this), |
| 574 current_state_.get(), | 701 false /*ephemeral*/, |
| 575 scoped_refptr<CryptohomeAuthenticator>(this), | 702 create_if_nonexistent); |
| 576 false /*ephemeral*/, | |
| 577 create_if_nonexistent)); | |
| 578 break; | 703 break; |
| 579 case NEED_OLD_PW: | 704 case NEED_OLD_PW: |
| 580 task_runner_->PostTask( | 705 task_runner_->PostTask( |
| 581 FROM_HERE, | 706 FROM_HERE, |
| 582 base::Bind(&CryptohomeAuthenticator::OnPasswordChangeDetected, this)); | 707 base::Bind(&CryptohomeAuthenticator::OnPasswordChangeDetected, this)); |
| 583 break; | 708 break; |
| 584 case ONLINE_FAILED: | 709 case ONLINE_FAILED: |
| 585 case NEED_NEW_PW: | 710 case NEED_NEW_PW: |
| 586 case HAVE_NEW_PW: | 711 case HAVE_NEW_PW: |
| 587 NOTREACHED() << "Using obsolete ClientLogin code path."; | 712 NOTREACHED() << "Using obsolete ClientLogin code path."; |
| (...skipping 200 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 788 Resolve(); | 913 Resolve(); |
| 789 } | 914 } |
| 790 | 915 |
| 791 void CryptohomeAuthenticator::SetOwnerState(bool owner_check_finished, | 916 void CryptohomeAuthenticator::SetOwnerState(bool owner_check_finished, |
| 792 bool check_result) { | 917 bool check_result) { |
| 793 owner_is_verified_ = owner_check_finished; | 918 owner_is_verified_ = owner_check_finished; |
| 794 user_can_login_ = check_result; | 919 user_can_login_ = check_result; |
| 795 } | 920 } |
| 796 | 921 |
| 797 } // namespace chromeos | 922 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 517653002:
Make CryptohomeAuthenticator's Login*() methods work with pre-hashed keys (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@d_3_367847_add_sha256_key_type