| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "chrome/browser/chromeos/login/auth/chrome_login_performer.h" |
| 6 |
| 7 #include "base/bind.h" |
| 8 #include "base/thread_task_runner_handle.h" |
| 9 #include "chrome/browser/browser_process.h" |
| 10 #include "chrome/browser/chromeos/login/login_utils.h" |
| 11 #include "chrome/browser/chromeos/login/supervised/supervised_user_authenticatio
n.h" |
| 12 #include "chrome/browser/chromeos/login/supervised/supervised_user_constants.h" |
| 13 #include "chrome/browser/chromeos/login/supervised/supervised_user_login_flow.h" |
| 14 #include "chrome/browser/chromeos/login/users/chrome_user_manager.h" |
| 15 #include "chrome/browser/chromeos/login/users/supervised_user_manager.h" |
| 16 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h" |
| 17 #include "chrome/browser/chromeos/policy/device_local_account_policy_service.h" |
| 18 #include "chrome/browser/chromeos/profiles/profile_helper.h" |
| 19 #include "chrome/browser/chromeos/settings/cros_settings.h" |
| 20 |
| 21 namespace chromeos { |
| 22 |
| 23 ChromeLoginPerformer::ChromeLoginPerformer(Delegate* delegate) |
| 24 : LoginPerformer(base::ThreadTaskRunnerHandle::Get(), delegate), |
| 25 weak_factory_(this) { |
| 26 } |
| 27 |
| 28 ChromeLoginPerformer::~ChromeLoginPerformer() { |
| 29 } |
| 30 |
| 31 //////////////////////////////////////////////////////////////////////////////// |
| 32 // ChromeLoginPerformer, public: |
| 33 |
| 34 bool ChromeLoginPerformer::RunTrustedCheck(const base::Closure& callback) { |
| 35 CrosSettings* cros_settings = CrosSettings::Get(); |
| 36 |
| 37 CrosSettingsProvider::TrustedStatus status = |
| 38 cros_settings->PrepareTrustedValues( |
| 39 base::Bind(&ChromeLoginPerformer::DidRunTrustedCheck, |
| 40 weak_factory_.GetWeakPtr(), |
| 41 callback)); |
| 42 // Must not proceed without signature verification. |
| 43 if (status == CrosSettingsProvider::PERMANENTLY_UNTRUSTED) { |
| 44 if (delegate_) |
| 45 delegate_->PolicyLoadFailed(); |
| 46 else |
| 47 NOTREACHED(); |
| 48 return true; // Some callback was called. |
| 49 } else if (status == CrosSettingsProvider::TEMPORARILY_UNTRUSTED) { |
| 50 // Value of AllowNewUser setting is still not verified. |
| 51 // Another attempt will be invoked after verification completion. |
| 52 return false; |
| 53 } else { |
| 54 DCHECK(status == CrosSettingsProvider::TRUSTED); |
| 55 // CrosSettingsProvider::TRUSTED |
| 56 callback.Run(); |
| 57 return true; // Some callback was called. |
| 58 } |
| 59 } |
| 60 |
| 61 void ChromeLoginPerformer::DidRunTrustedCheck(const base::Closure& callback) { |
| 62 CrosSettings* cros_settings = CrosSettings::Get(); |
| 63 |
| 64 CrosSettingsProvider::TrustedStatus status = |
| 65 cros_settings->PrepareTrustedValues( |
| 66 base::Bind(&ChromeLoginPerformer::DidRunTrustedCheck, |
| 67 weak_factory_.GetWeakPtr(), |
| 68 callback)); |
| 69 // Must not proceed without signature verification. |
| 70 if (status == CrosSettingsProvider::PERMANENTLY_UNTRUSTED) { |
| 71 if (delegate_) |
| 72 delegate_->PolicyLoadFailed(); |
| 73 else |
| 74 NOTREACHED(); |
| 75 } else if (status == CrosSettingsProvider::TEMPORARILY_UNTRUSTED) { |
| 76 // Value of AllowNewUser setting is still not verified. |
| 77 // Another attempt will be invoked after verification completion. |
| 78 return; |
| 79 } else { |
| 80 DCHECK(status == CrosSettingsProvider::TRUSTED); |
| 81 callback.Run(); |
| 82 } |
| 83 } |
| 84 |
| 85 bool ChromeLoginPerformer::IsUserWhitelisted(const std::string& user_id, |
| 86 bool* wildcard_match) { |
| 87 return LoginUtils::IsWhitelisted(user_id, wildcard_match); |
| 88 } |
| 89 |
| 90 void ChromeLoginPerformer::RunOnlineWhitelistCheck( |
| 91 const std::string& user_id, |
| 92 bool wildcard_match, |
| 93 const base::Closure& success_callback, |
| 94 const base::Closure& failure_callback) { |
| 95 // On enterprise devices, reconfirm login permission with the server. |
| 96 policy::BrowserPolicyConnectorChromeOS* connector = |
| 97 g_browser_process->platform_part()->browser_policy_connector_chromeos(); |
| 98 if (connector->IsEnterpriseManaged() && wildcard_match && |
| 99 !connector->IsNonEnterpriseUser(user_id)) { |
| 100 wildcard_login_checker_.reset(new policy::WildcardLoginChecker()); |
| 101 wildcard_login_checker_->Start( |
| 102 ProfileHelper::GetSigninProfile()->GetRequestContext(), |
| 103 base::Bind(&ChromeLoginPerformer::OnlineWildcardLoginCheckCompleted, |
| 104 weak_factory_.GetWeakPtr(), |
| 105 success_callback, |
| 106 failure_callback)); |
| 107 } else { |
| 108 success_callback.Run(); |
| 109 } |
| 110 } |
| 111 |
| 112 scoped_refptr<Authenticator> ChromeLoginPerformer::CreateAuthenticator() { |
| 113 return LoginUtils::Get()->CreateAuthenticator(this); |
| 114 } |
| 115 |
| 116 bool ChromeLoginPerformer::AreSupervisedUsersAllowed() { |
| 117 return user_manager::UserManager::Get()->AreSupervisedUsersAllowed(); |
| 118 } |
| 119 |
| 120 bool ChromeLoginPerformer::UseExtendedAuthenticatorForSupervisedUser( |
| 121 const UserContext& user_context) { |
| 122 SupervisedUserAuthentication* authentication = |
| 123 ChromeUserManager::Get()->GetSupervisedUserManager()->GetAuthentication(); |
| 124 return authentication->GetPasswordSchema(user_context.GetUserID()) == |
| 125 SupervisedUserAuthentication::SCHEMA_SALT_HASHED; |
| 126 } |
| 127 |
| 128 UserContext ChromeLoginPerformer::TransformSupervisedKey( |
| 129 const UserContext& context) { |
| 130 SupervisedUserAuthentication* authentication = |
| 131 ChromeUserManager::Get()->GetSupervisedUserManager()->GetAuthentication(); |
| 132 return authentication->TransformKey(context); |
| 133 } |
| 134 |
| 135 void ChromeLoginPerformer::SetupSupervisedUserFlow(const std::string& user_id) { |
| 136 SupervisedUserLoginFlow* new_flow = new SupervisedUserLoginFlow(user_id); |
| 137 new_flow->set_host(ChromeUserManager::Get()->GetUserFlow(user_id)->host()); |
| 138 ChromeUserManager::Get()->SetUserFlow(user_id, new_flow); |
| 139 } |
| 140 |
| 141 bool ChromeLoginPerformer::CheckPolicyForUser(const std::string& user_id) { |
| 142 // Login is not allowed if policy could not be loaded for the account. |
| 143 policy::BrowserPolicyConnectorChromeOS* connector = |
| 144 g_browser_process->platform_part()->browser_policy_connector_chromeos(); |
| 145 policy::DeviceLocalAccountPolicyService* policy_service = |
| 146 connector->GetDeviceLocalAccountPolicyService(); |
| 147 return policy_service && policy_service->IsPolicyAvailableForUser(user_id); |
| 148 } |
| 149 //////////////////////////////////////////////////////////////////////////////// |
| 150 // ChromeLoginPerformer, private: |
| 151 |
| 152 content::BrowserContext* ChromeLoginPerformer::GetSigninContext() { |
| 153 return ProfileHelper::GetSigninProfile(); |
| 154 } |
| 155 |
| 156 net::URLRequestContextGetter* ChromeLoginPerformer::GetSigninRequestContext() { |
| 157 return ProfileHelper::GetSigninProfile()->GetRequestContext(); |
| 158 } |
| 159 |
| 160 void ChromeLoginPerformer::OnlineWildcardLoginCheckCompleted( |
| 161 const base::Closure& success_callback, |
| 162 const base::Closure& failure_callback, |
| 163 policy::WildcardLoginChecker::Result result) { |
| 164 if (result == policy::WildcardLoginChecker::RESULT_ALLOWED) { |
| 165 success_callback.Run(); |
| 166 } else { |
| 167 failure_callback.Run(); |
| 168 } |
| 169 } |
| 170 |
| 171 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 614973002:
Extract LoginPerformer to chromeos/auth (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master