OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/profiles/profile_io_data.h" | 5 #include "chrome/browser/profiles/profile_io_data.h" |
6 | 6 |
7 #include <string> | 7 #include <string> |
8 | 8 |
9 #include "base/basictypes.h" | 9 #include "base/basictypes.h" |
10 #include "base/bind.h" | 10 #include "base/bind.h" |
(...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
81 #include "net/url_request/url_request_job_factory_impl.h" | 81 #include "net/url_request/url_request_job_factory_impl.h" |
82 | 82 |
83 #if defined(ENABLE_MANAGED_USERS) | 83 #if defined(ENABLE_MANAGED_USERS) |
84 #include "chrome/browser/managed_mode/managed_mode_url_filter.h" | 84 #include "chrome/browser/managed_mode/managed_mode_url_filter.h" |
85 #include "chrome/browser/managed_mode/managed_user_service.h" | 85 #include "chrome/browser/managed_mode/managed_user_service.h" |
86 #include "chrome/browser/managed_mode/managed_user_service_factory.h" | 86 #include "chrome/browser/managed_mode/managed_user_service_factory.h" |
87 #endif | 87 #endif |
88 | 88 |
89 #if defined(OS_CHROMEOS) | 89 #if defined(OS_CHROMEOS) |
90 #include "chrome/browser/chromeos/drive/drive_protocol_handler.h" | 90 #include "chrome/browser/chromeos/drive/drive_protocol_handler.h" |
91 #include "chrome/browser/chromeos/login/user.h" | |
92 #include "chrome/browser/chromeos/login/user_manager.h" | |
91 #include "chrome/browser/chromeos/policy/policy_cert_service.h" | 93 #include "chrome/browser/chromeos/policy/policy_cert_service.h" |
92 #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h" | 94 #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h" |
93 #include "chrome/browser/chromeos/policy/policy_cert_verifier.h" | 95 #include "chrome/browser/chromeos/policy/policy_cert_verifier.h" |
94 #include "chrome/browser/chromeos/settings/cros_settings.h" | 96 #include "chrome/browser/chromeos/settings/cros_settings.h" |
97 #include "chromeos/dbus/cryptohome_client.h" | |
98 #include "chromeos/dbus/dbus_thread_manager.h" | |
95 #include "chromeos/settings/cros_settings_names.h" | 99 #include "chromeos/settings/cros_settings_names.h" |
100 #include "crypto/nss_util.h" | |
101 #include "crypto/nss_util_internal.h" | |
96 #endif // defined(OS_CHROMEOS) | 102 #endif // defined(OS_CHROMEOS) |
97 | 103 |
98 #if defined(USE_NSS) | 104 #if defined(USE_NSS) |
99 #include "chrome/browser/ui/crypto_module_password_dialog.h" | 105 #include "chrome/browser/ui/crypto_module_password_dialog.h" |
100 #endif | 106 #endif |
101 | 107 |
102 using content::BrowserContext; | 108 using content::BrowserContext; |
103 using content::BrowserThread; | 109 using content::BrowserThread; |
104 using content::ResourceContext; | 110 using content::ResourceContext; |
105 | 111 |
(...skipping 114 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
220 request, network_delegate, path, | 226 request, network_delegate, path, |
221 content::BrowserThread::GetBlockingPool()-> | 227 content::BrowserThread::GetBlockingPool()-> |
222 GetTaskRunnerWithShutdownBehavior( | 228 GetTaskRunnerWithShutdownBehavior( |
223 base::SequencedWorkerPool::SKIP_ON_SHUTDOWN)); | 229 base::SequencedWorkerPool::SKIP_ON_SHUTDOWN)); |
224 | 230 |
225 return NULL; | 231 return NULL; |
226 } | 232 } |
227 }; | 233 }; |
228 #endif // defined(DEBUG_DEVTOOLS) | 234 #endif // defined(DEBUG_DEVTOOLS) |
229 | 235 |
236 #if defined(OS_CHROMEOS) | |
237 // The following four functions are responsible for initializing NSS for each | |
238 // profile on ChromeOS, which has a separate NSS database and TPM slot | |
239 // per-profile. | |
240 // | |
241 // Initialization basically follows these steps: | |
242 // 1) Get some info from chromeos::UserManager about the User for this profile. | |
243 // 2) Tell nss_util to initialize the software slot for this profile. | |
244 // 3) Wait for the TPM module to be loaded by nss_util if it isn't already. | |
245 // 4) Ask CryptohomeClient which TPM slot id corresponds to this profile. | |
246 // 5) Tell nss_util to use that slot id on the TPM module. | |
247 // | |
248 // Some of these steps must happen on the UI thread, others must happen on the | |
249 // IO thread: | |
250 // UI thread IO Thread | |
251 // | |
252 // ProfileIOData::InitializeOnUIThread | |
253 // | | |
254 // chromeos::UserManager::GetUserByProfile | |
255 // \---------------------------------------v | |
256 // StartNSSInitOnIOThread | |
257 // | | |
258 // crypto::InitializeNSSForChromeOSUser | |
259 // | | |
260 // crypto::IsTPMTokenReady | |
261 // | | |
262 // StartTPMSlotInitializionOnIOThread | |
263 // v---------------------------------------/ | |
264 // GetTPMInfoForUserOnUIThread | |
265 // | | |
266 // CryptohomeClient::Pkcs11GetTpmTokenInfoForUser | |
267 // | | |
268 // DidGetTPMInfoForUserOnUIThread | |
269 // \---------------------------------------v | |
270 // crypto::InitializeTPMForChromeOSUser | |
Ryan Sleevi
2013/12/04 20:59:55
Fantastic! Thanks so much, it's MUCH clearer to fo
| |
271 | |
272 void DidGetTPMInfoForUserOnUIThread(const std::string& username_hash, | |
273 chromeos::DBusMethodCallStatus call_status, | |
274 const std::string& label, | |
275 const std::string& user_pin, | |
276 int slot_id) { | |
277 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | |
278 if (call_status == chromeos::DBUS_METHOD_CALL_FAILURE) { | |
279 NOTREACHED() << "dbus error getting TPM info for " << username_hash; | |
280 return; | |
281 } | |
282 DVLOG(1) << "Got TPM slot for " << username_hash << ": " << slot_id; | |
283 BrowserThread::PostTask( | |
284 BrowserThread::IO, | |
285 FROM_HERE, | |
286 base::Bind( | |
287 &crypto::InitializeTPMForChromeOSUser, username_hash, slot_id)); | |
288 } | |
289 | |
290 void GetTPMInfoForUserOnUIThread(const std::string& username, | |
291 const std::string& username_hash) { | |
292 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | |
293 DVLOG(1) << "Getting TPM info from cryptohome for " | |
294 << " " << username << " " << username_hash; | |
295 chromeos::DBusThreadManager::Get() | |
296 ->GetCryptohomeClient() | |
297 ->Pkcs11GetTpmTokenInfoForUser( | |
298 username, | |
299 base::Bind(&DidGetTPMInfoForUserOnUIThread, username_hash)); | |
300 } | |
301 | |
302 void StartTPMSlotInitializionOnIOThread(const std::string& username, | |
303 const std::string& username_hash) { | |
304 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); | |
305 | |
306 BrowserThread::PostTask( | |
307 BrowserThread::UI, | |
308 FROM_HERE, | |
309 base::Bind(&GetTPMInfoForUserOnUIThread, username, username_hash)); | |
310 } | |
311 | |
312 void StartNSSInitOnIOThread(const std::string& username, | |
313 const std::string& username_hash, | |
314 const base::FilePath& path, | |
315 bool is_primary_user) { | |
316 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); | |
317 DVLOG(1) << "Starting NSS init for " << username | |
318 << " hash:" << username_hash | |
319 << " is_primary_user:" << is_primary_user; | |
320 | |
321 if (!crypto::InitializeNSSForChromeOSUser( | |
322 username, username_hash, is_primary_user, path)) { | |
323 // If the user already exists in nss_util's map, it is already initialized | |
324 // or in the progress of being initialized. In either case, there's no need | |
325 // for us to do anything. | |
326 return; | |
327 } | |
328 | |
329 if (crypto::IsTPMTokenEnabledForNSS()) { | |
330 if (crypto::IsTPMTokenReady(base::Bind( | |
331 &StartTPMSlotInitializionOnIOThread, username, username_hash))) { | |
332 StartTPMSlotInitializionOnIOThread(username, username_hash); | |
333 } else { | |
334 DVLOG(1) << "Waiting for tpm ready ..."; | |
335 } | |
336 } else { | |
337 crypto::InitializePrivateSoftwareSlotForChromeOSUser(username_hash); | |
338 } | |
339 } | |
340 #endif // defined(OS_CHROMEOS) | |
341 | |
230 } // namespace | 342 } // namespace |
231 | 343 |
232 void ProfileIOData::InitializeOnUIThread(Profile* profile) { | 344 void ProfileIOData::InitializeOnUIThread(Profile* profile) { |
233 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 345 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
234 PrefService* pref_service = profile->GetPrefs(); | 346 PrefService* pref_service = profile->GetPrefs(); |
235 PrefService* local_state_pref_service = g_browser_process->local_state(); | 347 PrefService* local_state_pref_service = g_browser_process->local_state(); |
236 | 348 |
237 scoped_ptr<ProfileParams> params(new ProfileParams); | 349 scoped_ptr<ProfileParams> params(new ProfileParams); |
238 params->path = profile->GetPath(); | 350 params->path = profile->GetPath(); |
239 | 351 |
(...skipping 30 matching lines...) Expand all Loading... | |
270 | 382 |
271 params->proxy_config_service | 383 params->proxy_config_service |
272 .reset(ProxyServiceFactory::CreateProxyConfigService( | 384 .reset(ProxyServiceFactory::CreateProxyConfigService( |
273 profile->GetProxyConfigTracker())); | 385 profile->GetProxyConfigTracker())); |
274 #if defined(ENABLE_MANAGED_USERS) | 386 #if defined(ENABLE_MANAGED_USERS) |
275 ManagedUserService* managed_user_service = | 387 ManagedUserService* managed_user_service = |
276 ManagedUserServiceFactory::GetForProfile(profile); | 388 ManagedUserServiceFactory::GetForProfile(profile); |
277 params->managed_mode_url_filter = | 389 params->managed_mode_url_filter = |
278 managed_user_service->GetURLFilterForIOThread(); | 390 managed_user_service->GetURLFilterForIOThread(); |
279 #endif | 391 #endif |
392 #if defined(OS_CHROMEOS) | |
393 chromeos::UserManager* user_manager = chromeos::UserManager::Get(); | |
394 if (user_manager) { | |
395 chromeos::User* user = user_manager->GetUserByProfile(profile); | |
396 if (user) { | |
397 params->username_hash = user->username_hash(); | |
398 bool is_primary_user = (user_manager->GetPrimaryUser() == user); | |
399 BrowserThread::PostTask(BrowserThread::IO, | |
400 FROM_HERE, | |
401 base::Bind(&StartNSSInitOnIOThread, | |
402 user->email(), | |
403 user->username_hash(), | |
404 profile->GetPath(), | |
405 is_primary_user)); | |
406 } | |
407 } | |
408 if (params->username_hash.empty()) | |
409 LOG(WARNING) << "no username_hash"; | |
410 #endif | |
280 | 411 |
281 params->profile = profile; | 412 params->profile = profile; |
282 profile_params_.reset(params.release()); | 413 profile_params_.reset(params.release()); |
283 | 414 |
284 ChromeNetworkDelegate::InitializePrefsOnUIThread( | 415 ChromeNetworkDelegate::InitializePrefsOnUIThread( |
285 &enable_referrers_, | 416 &enable_referrers_, |
286 &enable_do_not_track_, | 417 &enable_do_not_track_, |
287 &force_safesearch_, | 418 &force_safesearch_, |
288 pref_service); | 419 pref_service); |
289 | 420 |
(...skipping 523 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
813 #endif | 944 #endif |
814 | 945 |
815 #if defined(OS_CHROMEOS) | 946 #if defined(OS_CHROMEOS) |
816 if (cert_verifier_) { | 947 if (cert_verifier_) { |
817 cert_verifier_->InitializeOnIOThread(); | 948 cert_verifier_->InitializeOnIOThread(); |
818 main_request_context_->set_cert_verifier(cert_verifier_.get()); | 949 main_request_context_->set_cert_verifier(cert_verifier_.get()); |
819 } else { | 950 } else { |
820 main_request_context_->set_cert_verifier( | 951 main_request_context_->set_cert_verifier( |
821 io_thread_globals->cert_verifier.get()); | 952 io_thread_globals->cert_verifier.get()); |
822 } | 953 } |
954 username_hash_ = profile_params_->username_hash; | |
823 #else | 955 #else |
824 main_request_context_->set_cert_verifier( | 956 main_request_context_->set_cert_verifier( |
825 io_thread_globals->cert_verifier.get()); | 957 io_thread_globals->cert_verifier.get()); |
826 #endif | 958 #endif |
827 | 959 |
828 InitializeInternal(profile_params_.get(), protocol_handlers); | 960 InitializeInternal(profile_params_.get(), protocol_handlers); |
829 | 961 |
830 profile_params_.reset(); | 962 profile_params_.reset(); |
831 initialized_ = true; | 963 initialized_ = true; |
832 } | 964 } |
(...skipping 137 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
970 void ProfileIOData::SetCookieSettingsForTesting( | 1102 void ProfileIOData::SetCookieSettingsForTesting( |
971 CookieSettings* cookie_settings) { | 1103 CookieSettings* cookie_settings) { |
972 DCHECK(!cookie_settings_.get()); | 1104 DCHECK(!cookie_settings_.get()); |
973 cookie_settings_ = cookie_settings; | 1105 cookie_settings_ = cookie_settings; |
974 } | 1106 } |
975 | 1107 |
976 void ProfileIOData::set_signin_names_for_testing( | 1108 void ProfileIOData::set_signin_names_for_testing( |
977 SigninNamesOnIOThread* signin_names) { | 1109 SigninNamesOnIOThread* signin_names) { |
978 signin_names_.reset(signin_names); | 1110 signin_names_.reset(signin_names); |
979 } | 1111 } |
OLD | NEW |