OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/profiles/profile_io_data.h" | 5 #include "chrome/browser/profiles/profile_io_data.h" |
6 | 6 |
7 #include <string> | 7 #include <string> |
8 | 8 |
9 #include "base/basictypes.h" | 9 #include "base/basictypes.h" |
10 #include "base/bind.h" | 10 #include "base/bind.h" |
(...skipping 71 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
82 #include "net/url_request/url_request_job_factory_impl.h" | 82 #include "net/url_request/url_request_job_factory_impl.h" |
83 | 83 |
84 #if defined(ENABLE_MANAGED_USERS) | 84 #if defined(ENABLE_MANAGED_USERS) |
85 #include "chrome/browser/managed_mode/managed_mode_url_filter.h" | 85 #include "chrome/browser/managed_mode/managed_mode_url_filter.h" |
86 #include "chrome/browser/managed_mode/managed_user_service.h" | 86 #include "chrome/browser/managed_mode/managed_user_service.h" |
87 #include "chrome/browser/managed_mode/managed_user_service_factory.h" | 87 #include "chrome/browser/managed_mode/managed_user_service_factory.h" |
88 #endif | 88 #endif |
89 | 89 |
90 #if defined(OS_CHROMEOS) | 90 #if defined(OS_CHROMEOS) |
91 #include "chrome/browser/chromeos/drive/drive_protocol_handler.h" | 91 #include "chrome/browser/chromeos/drive/drive_protocol_handler.h" |
| 92 #include "chrome/browser/chromeos/login/user.h" |
| 93 #include "chrome/browser/chromeos/login/user_manager.h" |
92 #include "chrome/browser/chromeos/policy/policy_cert_service.h" | 94 #include "chrome/browser/chromeos/policy/policy_cert_service.h" |
93 #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h" | 95 #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h" |
94 #include "chrome/browser/chromeos/policy/policy_cert_verifier.h" | 96 #include "chrome/browser/chromeos/policy/policy_cert_verifier.h" |
95 #include "chrome/browser/chromeos/settings/cros_settings.h" | 97 #include "chrome/browser/chromeos/settings/cros_settings.h" |
| 98 #include "chromeos/dbus/cryptohome_client.h" |
| 99 #include "chromeos/dbus/dbus_thread_manager.h" |
96 #include "chromeos/settings/cros_settings_names.h" | 100 #include "chromeos/settings/cros_settings_names.h" |
| 101 #include "crypto/nss_util.h" |
| 102 #include "crypto/nss_util_internal.h" |
97 #endif // defined(OS_CHROMEOS) | 103 #endif // defined(OS_CHROMEOS) |
98 | 104 |
99 #if defined(USE_NSS) | 105 #if defined(USE_NSS) |
100 #include "chrome/browser/ui/crypto_module_password_dialog.h" | 106 #include "chrome/browser/ui/crypto_module_password_dialog.h" |
101 #endif | 107 #endif |
102 | 108 |
103 using content::BrowserContext; | 109 using content::BrowserContext; |
104 using content::BrowserThread; | 110 using content::BrowserThread; |
105 using content::ResourceContext; | 111 using content::ResourceContext; |
106 | 112 |
(...skipping 114 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
221 request, network_delegate, path, | 227 request, network_delegate, path, |
222 content::BrowserThread::GetBlockingPool()-> | 228 content::BrowserThread::GetBlockingPool()-> |
223 GetTaskRunnerWithShutdownBehavior( | 229 GetTaskRunnerWithShutdownBehavior( |
224 base::SequencedWorkerPool::SKIP_ON_SHUTDOWN)); | 230 base::SequencedWorkerPool::SKIP_ON_SHUTDOWN)); |
225 | 231 |
226 return NULL; | 232 return NULL; |
227 } | 233 } |
228 }; | 234 }; |
229 #endif // defined(DEBUG_DEVTOOLS) | 235 #endif // defined(DEBUG_DEVTOOLS) |
230 | 236 |
| 237 #if defined(OS_CHROMEOS) |
| 238 // The following four functions are responsible for initializing NSS for each |
| 239 // profile on ChromeOS, which has a separate NSS database and TPM slot |
| 240 // per-profile. |
| 241 // |
| 242 // Initialization basically follows these steps: |
| 243 // 1) Get some info from chromeos::UserManager about the User for this profile. |
| 244 // 2) Tell nss_util to initialize the software slot for this profile. |
| 245 // 3) Wait for the TPM module to be loaded by nss_util if it isn't already. |
| 246 // 4) Ask CryptohomeClient which TPM slot id corresponds to this profile. |
| 247 // 5) Tell nss_util to use that slot id on the TPM module. |
| 248 // |
| 249 // Some of these steps must happen on the UI thread, others must happen on the |
| 250 // IO thread: |
| 251 // UI thread IO Thread |
| 252 // |
| 253 // ProfileIOData::InitializeOnUIThread |
| 254 // | |
| 255 // chromeos::UserManager::GetUserByProfile |
| 256 // \---------------------------------------v |
| 257 // StartNSSInitOnIOThread |
| 258 // | |
| 259 // crypto::InitializeNSSForChromeOSUser |
| 260 // | |
| 261 // crypto::IsTPMTokenReady |
| 262 // | |
| 263 // StartTPMSlotInitializationOnIOThread |
| 264 // v---------------------------------------/ |
| 265 // GetTPMInfoForUserOnUIThread |
| 266 // | |
| 267 // CryptohomeClient::Pkcs11GetTpmTokenInfoForUser |
| 268 // | |
| 269 // DidGetTPMInfoForUserOnUIThread |
| 270 // \---------------------------------------v |
| 271 // crypto::InitializeTPMForChromeOSUser |
| 272 |
| 273 void DidGetTPMInfoForUserOnUIThread(const std::string& username_hash, |
| 274 chromeos::DBusMethodCallStatus call_status, |
| 275 const std::string& label, |
| 276 const std::string& user_pin, |
| 277 int slot_id) { |
| 278 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
| 279 if (call_status == chromeos::DBUS_METHOD_CALL_FAILURE) { |
| 280 NOTREACHED() << "dbus error getting TPM info for " << username_hash; |
| 281 return; |
| 282 } |
| 283 DVLOG(1) << "Got TPM slot for " << username_hash << ": " << slot_id; |
| 284 BrowserThread::PostTask( |
| 285 BrowserThread::IO, |
| 286 FROM_HERE, |
| 287 base::Bind( |
| 288 &crypto::InitializeTPMForChromeOSUser, username_hash, slot_id)); |
| 289 } |
| 290 |
| 291 void GetTPMInfoForUserOnUIThread(const std::string& username, |
| 292 const std::string& username_hash) { |
| 293 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
| 294 DVLOG(1) << "Getting TPM info from cryptohome for " |
| 295 << " " << username << " " << username_hash; |
| 296 chromeos::DBusThreadManager::Get() |
| 297 ->GetCryptohomeClient() |
| 298 ->Pkcs11GetTpmTokenInfoForUser( |
| 299 username, |
| 300 base::Bind(&DidGetTPMInfoForUserOnUIThread, username_hash)); |
| 301 } |
| 302 |
| 303 void StartTPMSlotInitializationOnIOThread(const std::string& username, |
| 304 const std::string& username_hash) { |
| 305 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); |
| 306 |
| 307 BrowserThread::PostTask( |
| 308 BrowserThread::UI, |
| 309 FROM_HERE, |
| 310 base::Bind(&GetTPMInfoForUserOnUIThread, username, username_hash)); |
| 311 } |
| 312 |
| 313 void StartNSSInitOnIOThread(const std::string& username, |
| 314 const std::string& username_hash, |
| 315 const base::FilePath& path, |
| 316 bool is_primary_user) { |
| 317 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); |
| 318 DVLOG(1) << "Starting NSS init for " << username |
| 319 << " hash:" << username_hash |
| 320 << " is_primary_user:" << is_primary_user; |
| 321 |
| 322 if (!crypto::InitializeNSSForChromeOSUser( |
| 323 username, username_hash, is_primary_user, path)) { |
| 324 // If the user already exists in nss_util's map, it is already initialized |
| 325 // or in the process of being initialized. In either case, there's no need |
| 326 // to do anything. |
| 327 return; |
| 328 } |
| 329 |
| 330 if (crypto::IsTPMTokenEnabledForNSS()) { |
| 331 if (crypto::IsTPMTokenReady(base::Bind( |
| 332 &StartTPMSlotInitializationOnIOThread, username, username_hash))) { |
| 333 StartTPMSlotInitializationOnIOThread(username, username_hash); |
| 334 } else { |
| 335 DVLOG(1) << "Waiting for tpm ready ..."; |
| 336 } |
| 337 } else { |
| 338 crypto::InitializePrivateSoftwareSlotForChromeOSUser(username_hash); |
| 339 } |
| 340 } |
| 341 #endif // defined(OS_CHROMEOS) |
| 342 |
231 } // namespace | 343 } // namespace |
232 | 344 |
233 void ProfileIOData::InitializeOnUIThread(Profile* profile) { | 345 void ProfileIOData::InitializeOnUIThread(Profile* profile) { |
234 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 346 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
235 PrefService* pref_service = profile->GetPrefs(); | 347 PrefService* pref_service = profile->GetPrefs(); |
236 PrefService* local_state_pref_service = g_browser_process->local_state(); | 348 PrefService* local_state_pref_service = g_browser_process->local_state(); |
237 | 349 |
238 scoped_ptr<ProfileParams> params(new ProfileParams); | 350 scoped_ptr<ProfileParams> params(new ProfileParams); |
239 params->path = profile->GetPath(); | 351 params->path = profile->GetPath(); |
240 | 352 |
(...skipping 30 matching lines...) Expand all Loading... |
271 | 383 |
272 params->proxy_config_service | 384 params->proxy_config_service |
273 .reset(ProxyServiceFactory::CreateProxyConfigService( | 385 .reset(ProxyServiceFactory::CreateProxyConfigService( |
274 profile->GetProxyConfigTracker())); | 386 profile->GetProxyConfigTracker())); |
275 #if defined(ENABLE_MANAGED_USERS) | 387 #if defined(ENABLE_MANAGED_USERS) |
276 ManagedUserService* managed_user_service = | 388 ManagedUserService* managed_user_service = |
277 ManagedUserServiceFactory::GetForProfile(profile); | 389 ManagedUserServiceFactory::GetForProfile(profile); |
278 params->managed_mode_url_filter = | 390 params->managed_mode_url_filter = |
279 managed_user_service->GetURLFilterForIOThread(); | 391 managed_user_service->GetURLFilterForIOThread(); |
280 #endif | 392 #endif |
| 393 #if defined(OS_CHROMEOS) |
| 394 chromeos::UserManager* user_manager = chromeos::UserManager::Get(); |
| 395 if (user_manager) { |
| 396 chromeos::User* user = user_manager->GetUserByProfile(profile); |
| 397 if (user) { |
| 398 params->username_hash = user->username_hash(); |
| 399 bool is_primary_user = (user_manager->GetPrimaryUser() == user); |
| 400 BrowserThread::PostTask(BrowserThread::IO, |
| 401 FROM_HERE, |
| 402 base::Bind(&StartNSSInitOnIOThread, |
| 403 user->email(), |
| 404 user->username_hash(), |
| 405 profile->GetPath(), |
| 406 is_primary_user)); |
| 407 } |
| 408 } |
| 409 if (params->username_hash.empty()) |
| 410 LOG(WARNING) << "no username_hash"; |
| 411 #endif |
281 | 412 |
282 params->profile = profile; | 413 params->profile = profile; |
283 profile_params_.reset(params.release()); | 414 profile_params_.reset(params.release()); |
284 | 415 |
285 ChromeNetworkDelegate::InitializePrefsOnUIThread( | 416 ChromeNetworkDelegate::InitializePrefsOnUIThread( |
286 &enable_referrers_, | 417 &enable_referrers_, |
287 &enable_do_not_track_, | 418 &enable_do_not_track_, |
288 &force_safesearch_, | 419 &force_safesearch_, |
289 pref_service); | 420 pref_service); |
290 | 421 |
(...skipping 535 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
826 #endif | 957 #endif |
827 | 958 |
828 #if defined(OS_CHROMEOS) | 959 #if defined(OS_CHROMEOS) |
829 if (cert_verifier_) { | 960 if (cert_verifier_) { |
830 cert_verifier_->InitializeOnIOThread(); | 961 cert_verifier_->InitializeOnIOThread(); |
831 main_request_context_->set_cert_verifier(cert_verifier_.get()); | 962 main_request_context_->set_cert_verifier(cert_verifier_.get()); |
832 } else { | 963 } else { |
833 main_request_context_->set_cert_verifier( | 964 main_request_context_->set_cert_verifier( |
834 io_thread_globals->cert_verifier.get()); | 965 io_thread_globals->cert_verifier.get()); |
835 } | 966 } |
| 967 username_hash_ = profile_params_->username_hash; |
836 #else | 968 #else |
837 main_request_context_->set_cert_verifier( | 969 main_request_context_->set_cert_verifier( |
838 io_thread_globals->cert_verifier.get()); | 970 io_thread_globals->cert_verifier.get()); |
839 #endif | 971 #endif |
840 | 972 |
841 InitializeInternal(profile_params_.get(), protocol_handlers); | 973 InitializeInternal(profile_params_.get(), protocol_handlers); |
842 | 974 |
843 profile_params_.reset(); | 975 profile_params_.reset(); |
844 initialized_ = true; | 976 initialized_ = true; |
845 } | 977 } |
(...skipping 140 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
986 void ProfileIOData::SetCookieSettingsForTesting( | 1118 void ProfileIOData::SetCookieSettingsForTesting( |
987 CookieSettings* cookie_settings) { | 1119 CookieSettings* cookie_settings) { |
988 DCHECK(!cookie_settings_.get()); | 1120 DCHECK(!cookie_settings_.get()); |
989 cookie_settings_ = cookie_settings; | 1121 cookie_settings_ = cookie_settings; |
990 } | 1122 } |
991 | 1123 |
992 void ProfileIOData::set_signin_names_for_testing( | 1124 void ProfileIOData::set_signin_names_for_testing( |
993 SigninNamesOnIOThread* signin_names) { | 1125 SigninNamesOnIOThread* signin_names) { |
994 signin_names_.reset(signin_names); | 1126 signin_names_.reset(signin_names); |
995 } | 1127 } |
OLD | NEW |