OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/profiles/profile_io_data.h" | 5 #include "chrome/browser/profiles/profile_io_data.h" |
6 | 6 |
7 #include <string> | 7 #include <string> |
8 | 8 |
9 #include "base/basictypes.h" | 9 #include "base/basictypes.h" |
10 #include "base/bind.h" | 10 #include "base/bind.h" |
(...skipping 71 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
82 #include "net/url_request/url_request_job_factory_impl.h" | 82 #include "net/url_request/url_request_job_factory_impl.h" |
83 | 83 |
84 #if defined(ENABLE_MANAGED_USERS) | 84 #if defined(ENABLE_MANAGED_USERS) |
85 #include "chrome/browser/managed_mode/managed_mode_url_filter.h" | 85 #include "chrome/browser/managed_mode/managed_mode_url_filter.h" |
86 #include "chrome/browser/managed_mode/managed_user_service.h" | 86 #include "chrome/browser/managed_mode/managed_user_service.h" |
87 #include "chrome/browser/managed_mode/managed_user_service_factory.h" | 87 #include "chrome/browser/managed_mode/managed_user_service_factory.h" |
88 #endif | 88 #endif |
89 | 89 |
90 #if defined(OS_CHROMEOS) | 90 #if defined(OS_CHROMEOS) |
91 #include "chrome/browser/chromeos/drive/drive_protocol_handler.h" | 91 #include "chrome/browser/chromeos/drive/drive_protocol_handler.h" |
92 #include "chrome/browser/chromeos/login/user.h" | |
93 #include "chrome/browser/chromeos/login/user_manager.h" | |
92 #include "chrome/browser/chromeos/policy/policy_cert_service.h" | 94 #include "chrome/browser/chromeos/policy/policy_cert_service.h" |
93 #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h" | 95 #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h" |
94 #include "chrome/browser/chromeos/policy/policy_cert_verifier.h" | 96 #include "chrome/browser/chromeos/policy/policy_cert_verifier.h" |
95 #include "chrome/browser/chromeos/settings/cros_settings.h" | 97 #include "chrome/browser/chromeos/settings/cros_settings.h" |
98 #include "chromeos/dbus/cryptohome_client.h" | |
99 #include "chromeos/dbus/dbus_thread_manager.h" | |
96 #include "chromeos/settings/cros_settings_names.h" | 100 #include "chromeos/settings/cros_settings_names.h" |
101 #include "crypto/nss_util.h" | |
102 #include "crypto/nss_util_internal.h" | |
97 #endif // defined(OS_CHROMEOS) | 103 #endif // defined(OS_CHROMEOS) |
98 | 104 |
99 #if defined(USE_NSS) | 105 #if defined(USE_NSS) |
100 #include "chrome/browser/ui/crypto_module_password_dialog.h" | 106 #include "chrome/browser/ui/crypto_module_password_dialog.h" |
101 #endif | 107 #endif |
102 | 108 |
103 using content::BrowserContext; | 109 using content::BrowserContext; |
104 using content::BrowserThread; | 110 using content::BrowserThread; |
105 using content::ResourceContext; | 111 using content::ResourceContext; |
106 | 112 |
(...skipping 114 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
221 request, network_delegate, path, | 227 request, network_delegate, path, |
222 content::BrowserThread::GetBlockingPool()-> | 228 content::BrowserThread::GetBlockingPool()-> |
223 GetTaskRunnerWithShutdownBehavior( | 229 GetTaskRunnerWithShutdownBehavior( |
224 base::SequencedWorkerPool::SKIP_ON_SHUTDOWN)); | 230 base::SequencedWorkerPool::SKIP_ON_SHUTDOWN)); |
225 | 231 |
226 return NULL; | 232 return NULL; |
227 } | 233 } |
228 }; | 234 }; |
229 #endif // defined(DEBUG_DEVTOOLS) | 235 #endif // defined(DEBUG_DEVTOOLS) |
230 | 236 |
237 #if defined(OS_CHROMEOS) | |
238 // The following four functions are responsible for initializing NSS for each | |
239 // profile on ChromeOS, which has a separate NSS database and TPM slot | |
240 // per-profile. | |
241 // | |
242 // Initialization basically follows these steps: | |
243 // 1) Get some info from chromeos::UserManager about the User for this profile. | |
244 // 2) Tell nss_util to initialize the software slot for this profile. | |
245 // 3) Wait for the TPM module to be loaded by nss_util if it isn't already. | |
246 // 4) Ask CryptohomeClient which TPM slot id corresponds to this profile. | |
247 // 5) Tell nss_util to use that slot id on the TPM module. | |
248 // | |
249 // Some of these steps must happen on the UI thread, others must happen on the | |
250 // IO thread: | |
251 // UI thread IO Thread | |
252 // | |
253 // ProfileIOData::InitializeOnUIThread | |
254 // | | |
255 // chromeos::UserManager::GetUserByProfile | |
256 // \---------------------------------------v | |
257 // StartNSSInitOnIOThread | |
258 // | | |
259 // crypto::InitializeNSSForChromeOSUser | |
260 // | | |
261 // crypto::IsTPMTokenReady | |
262 // | | |
263 // StartTPMSlotInitializationOnIOThread | |
264 // v---------------------------------------/ | |
265 // GetTPMInfoForUserOnUIThread | |
266 // | | |
267 // CryptohomeClient::Pkcs11GetTpmTokenInfoForUser | |
268 // | | |
269 // DidGetTPMInfoForUserOnUIThread | |
270 // \---------------------------------------v | |
271 // crypto::InitializeTPMForChromeOSUser | |
272 | |
273 void DidGetTPMInfoForUserOnUIThread(const std::string& username_hash, | |
274 chromeos::DBusMethodCallStatus call_status, | |
275 const std::string& label, | |
276 const std::string& user_pin, | |
277 int slot_id) { | |
278 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | |
279 if (call_status == chromeos::DBUS_METHOD_CALL_FAILURE) { | |
280 NOTREACHED() << "dbus error getting TPM info for " << username_hash; | |
281 return; | |
282 } | |
283 DVLOG(1) << "Got TPM slot for " << username_hash << ": " << slot_id; | |
284 BrowserThread::PostTask( | |
285 BrowserThread::IO, | |
286 FROM_HERE, | |
287 base::Bind( | |
288 &crypto::InitializeTPMForChromeOSUser, username_hash, slot_id)); | |
289 } | |
290 | |
291 void GetTPMInfoForUserOnUIThread(const std::string& username, | |
292 const std::string& username_hash) { | |
293 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | |
294 DVLOG(1) << "Getting TPM info from cryptohome for " | |
295 << " " << username << " " << username_hash; | |
296 chromeos::DBusThreadManager::Get() | |
297 ->GetCryptohomeClient() | |
298 ->Pkcs11GetTpmTokenInfoForUser( | |
299 username, | |
300 base::Bind(&DidGetTPMInfoForUserOnUIThread, username_hash)); | |
301 } | |
302 | |
303 void StartTPMSlotInitializationOnIOThread(const std::string& username, | |
304 const std::string& username_hash) { | |
305 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); | |
306 | |
307 BrowserThread::PostTask( | |
308 BrowserThread::UI, | |
309 FROM_HERE, | |
310 base::Bind(&GetTPMInfoForUserOnUIThread, username, username_hash)); | |
311 } | |
312 | |
313 void StartNSSInitOnIOThread(const std::string& username, | |
314 const std::string& username_hash, | |
315 const base::FilePath& path, | |
316 bool is_primary_user) { | |
317 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); | |
318 DVLOG(1) << "Starting NSS init for " << username | |
319 << " hash:" << username_hash | |
320 << " is_primary_user:" << is_primary_user; | |
321 | |
322 if (!crypto::InitializeNSSForChromeOSUser( | |
323 username, username_hash, is_primary_user, path)) { | |
324 // If the user already exists in nss_util's map, it is already initialized | |
325 // or in the progress of being initialized. In either case, there's no need | |
mmenke
2013/12/05 17:24:16
nit: progress -> process
mattm
2013/12/05 21:30:39
Done.
| |
326 // for us to do anything. | |
mmenke
2013/12/05 17:24:16
nit: Don't use "us" or "we" in comments, since it
mattm
2013/12/05 21:30:39
Done.
| |
327 return; | |
328 } | |
329 | |
330 if (crypto::IsTPMTokenEnabledForNSS()) { | |
331 if (crypto::IsTPMTokenReady(base::Bind( | |
332 &StartTPMSlotInitializationOnIOThread, username, username_hash))) { | |
333 StartTPMSlotInitializationOnIOThread(username, username_hash); | |
334 } else { | |
335 DVLOG(1) << "Waiting for tpm ready ..."; | |
336 } | |
337 } else { | |
338 crypto::InitializePrivateSoftwareSlotForChromeOSUser(username_hash); | |
339 } | |
340 } | |
341 #endif // defined(OS_CHROMEOS) | |
342 | |
231 } // namespace | 343 } // namespace |
232 | 344 |
233 void ProfileIOData::InitializeOnUIThread(Profile* profile) { | 345 void ProfileIOData::InitializeOnUIThread(Profile* profile) { |
234 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 346 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
235 PrefService* pref_service = profile->GetPrefs(); | 347 PrefService* pref_service = profile->GetPrefs(); |
236 PrefService* local_state_pref_service = g_browser_process->local_state(); | 348 PrefService* local_state_pref_service = g_browser_process->local_state(); |
237 | 349 |
238 scoped_ptr<ProfileParams> params(new ProfileParams); | 350 scoped_ptr<ProfileParams> params(new ProfileParams); |
239 params->path = profile->GetPath(); | 351 params->path = profile->GetPath(); |
240 | 352 |
(...skipping 30 matching lines...) Expand all Loading... | |
271 | 383 |
272 params->proxy_config_service | 384 params->proxy_config_service |
273 .reset(ProxyServiceFactory::CreateProxyConfigService( | 385 .reset(ProxyServiceFactory::CreateProxyConfigService( |
274 profile->GetProxyConfigTracker())); | 386 profile->GetProxyConfigTracker())); |
275 #if defined(ENABLE_MANAGED_USERS) | 387 #if defined(ENABLE_MANAGED_USERS) |
276 ManagedUserService* managed_user_service = | 388 ManagedUserService* managed_user_service = |
277 ManagedUserServiceFactory::GetForProfile(profile); | 389 ManagedUserServiceFactory::GetForProfile(profile); |
278 params->managed_mode_url_filter = | 390 params->managed_mode_url_filter = |
279 managed_user_service->GetURLFilterForIOThread(); | 391 managed_user_service->GetURLFilterForIOThread(); |
280 #endif | 392 #endif |
393 #if defined(OS_CHROMEOS) | |
394 chromeos::UserManager* user_manager = chromeos::UserManager::Get(); | |
395 if (user_manager) { | |
396 chromeos::User* user = user_manager->GetUserByProfile(profile); | |
397 if (user) { | |
398 params->username_hash = user->username_hash(); | |
399 bool is_primary_user = (user_manager->GetPrimaryUser() == user); | |
400 BrowserThread::PostTask(BrowserThread::IO, | |
401 FROM_HERE, | |
402 base::Bind(&StartNSSInitOnIOThread, | |
403 user->email(), | |
404 user->username_hash(), | |
405 profile->GetPath(), | |
406 is_primary_user)); | |
407 } | |
408 } | |
409 if (params->username_hash.empty()) | |
410 LOG(WARNING) << "no username_hash"; | |
411 #endif | |
281 | 412 |
282 params->profile = profile; | 413 params->profile = profile; |
283 profile_params_.reset(params.release()); | 414 profile_params_.reset(params.release()); |
284 | 415 |
285 ChromeNetworkDelegate::InitializePrefsOnUIThread( | 416 ChromeNetworkDelegate::InitializePrefsOnUIThread( |
286 &enable_referrers_, | 417 &enable_referrers_, |
287 &enable_do_not_track_, | 418 &enable_do_not_track_, |
288 &force_safesearch_, | 419 &force_safesearch_, |
289 pref_service); | 420 pref_service); |
290 | 421 |
(...skipping 535 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
826 #endif | 957 #endif |
827 | 958 |
828 #if defined(OS_CHROMEOS) | 959 #if defined(OS_CHROMEOS) |
829 if (cert_verifier_) { | 960 if (cert_verifier_) { |
830 cert_verifier_->InitializeOnIOThread(); | 961 cert_verifier_->InitializeOnIOThread(); |
831 main_request_context_->set_cert_verifier(cert_verifier_.get()); | 962 main_request_context_->set_cert_verifier(cert_verifier_.get()); |
832 } else { | 963 } else { |
833 main_request_context_->set_cert_verifier( | 964 main_request_context_->set_cert_verifier( |
834 io_thread_globals->cert_verifier.get()); | 965 io_thread_globals->cert_verifier.get()); |
835 } | 966 } |
967 username_hash_ = profile_params_->username_hash; | |
836 #else | 968 #else |
837 main_request_context_->set_cert_verifier( | 969 main_request_context_->set_cert_verifier( |
838 io_thread_globals->cert_verifier.get()); | 970 io_thread_globals->cert_verifier.get()); |
839 #endif | 971 #endif |
840 | 972 |
841 InitializeInternal(profile_params_.get(), protocol_handlers); | 973 InitializeInternal(profile_params_.get(), protocol_handlers); |
842 | 974 |
843 profile_params_.reset(); | 975 profile_params_.reset(); |
844 initialized_ = true; | 976 initialized_ = true; |
845 } | 977 } |
(...skipping 140 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
986 void ProfileIOData::SetCookieSettingsForTesting( | 1118 void ProfileIOData::SetCookieSettingsForTesting( |
987 CookieSettings* cookie_settings) { | 1119 CookieSettings* cookie_settings) { |
988 DCHECK(!cookie_settings_.get()); | 1120 DCHECK(!cookie_settings_.get()); |
989 cookie_settings_ = cookie_settings; | 1121 cookie_settings_ = cookie_settings; |
990 } | 1122 } |
991 | 1123 |
992 void ProfileIOData::set_signin_names_for_testing( | 1124 void ProfileIOData::set_signin_names_for_testing( |
993 SigninNamesOnIOThread* signin_names) { | 1125 SigninNamesOnIOThread* signin_names) { |
994 signin_names_.reset(signin_names); | 1126 signin_names_.reset(signin_names); |
995 } | 1127 } |
OLD | NEW |