| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "chrome/browser/chromeos/login/auth/chrome_login_performer.h" | |
| 6 | |
| 7 #include "base/bind.h" | |
| 8 #include "base/thread_task_runner_handle.h" | |
| 9 #include "chrome/browser/browser_process.h" | |
| 10 #include "chrome/browser/chromeos/login/login_utils.h" | |
| 11 #include "chrome/browser/chromeos/login/supervised/supervised_user_authenticatio
n.h" | |
| 12 #include "chrome/browser/chromeos/login/supervised/supervised_user_constants.h" | |
| 13 #include "chrome/browser/chromeos/login/supervised/supervised_user_login_flow.h" | |
| 14 #include "chrome/browser/chromeos/login/users/chrome_user_manager.h" | |
| 15 #include "chrome/browser/chromeos/login/users/supervised_user_manager.h" | |
| 16 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h" | |
| 17 #include "chrome/browser/chromeos/policy/device_local_account_policy_service.h" | |
| 18 #include "chrome/browser/chromeos/profiles/profile_helper.h" | |
| 19 #include "chrome/browser/chromeos/settings/cros_settings.h" | |
| 20 | |
| 21 namespace chromeos { | |
| 22 | |
| 23 ChromeLoginPerformer::ChromeLoginPerformer(Delegate* delegate) | |
| 24 : LoginPerformer(base::ThreadTaskRunnerHandle::Get(), delegate), | |
| 25 weak_factory_(this) { | |
| 26 } | |
| 27 | |
| 28 ChromeLoginPerformer::~ChromeLoginPerformer() { | |
| 29 } | |
| 30 | |
| 31 //////////////////////////////////////////////////////////////////////////////// | |
| 32 // ChromeLoginPerformer, public: | |
| 33 | |
| 34 bool ChromeLoginPerformer::RunTrustedCheck(const base::Closure& callback) { | |
| 35 CrosSettings* cros_settings = CrosSettings::Get(); | |
| 36 | |
| 37 CrosSettingsProvider::TrustedStatus status = | |
| 38 cros_settings->PrepareTrustedValues( | |
| 39 base::Bind(&ChromeLoginPerformer::DidRunTrustedCheck, | |
| 40 weak_factory_.GetWeakPtr(), | |
| 41 callback)); | |
| 42 // Must not proceed without signature verification. | |
| 43 if (status == CrosSettingsProvider::PERMANENTLY_UNTRUSTED) { | |
| 44 if (delegate_) | |
| 45 delegate_->PolicyLoadFailed(); | |
| 46 else | |
| 47 NOTREACHED(); | |
| 48 return true; // Some callback was called. | |
| 49 } else if (status == CrosSettingsProvider::TEMPORARILY_UNTRUSTED) { | |
| 50 // Value of AllowNewUser setting is still not verified. | |
| 51 // Another attempt will be invoked after verification completion. | |
| 52 return false; | |
| 53 } else { | |
| 54 DCHECK(status == CrosSettingsProvider::TRUSTED); | |
| 55 // CrosSettingsProvider::TRUSTED | |
| 56 callback.Run(); | |
| 57 return true; // Some callback was called. | |
| 58 } | |
| 59 } | |
| 60 | |
| 61 void ChromeLoginPerformer::DidRunTrustedCheck(const base::Closure& callback) { | |
| 62 CrosSettings* cros_settings = CrosSettings::Get(); | |
| 63 | |
| 64 CrosSettingsProvider::TrustedStatus status = | |
| 65 cros_settings->PrepareTrustedValues( | |
| 66 base::Bind(&ChromeLoginPerformer::DidRunTrustedCheck, | |
| 67 weak_factory_.GetWeakPtr(), | |
| 68 callback)); | |
| 69 // Must not proceed without signature verification. | |
| 70 if (status == CrosSettingsProvider::PERMANENTLY_UNTRUSTED) { | |
| 71 if (delegate_) | |
| 72 delegate_->PolicyLoadFailed(); | |
| 73 else | |
| 74 NOTREACHED(); | |
| 75 } else if (status == CrosSettingsProvider::TEMPORARILY_UNTRUSTED) { | |
| 76 // Value of AllowNewUser setting is still not verified. | |
| 77 // Another attempt will be invoked after verification completion. | |
| 78 return; | |
| 79 } else { | |
| 80 DCHECK(status == CrosSettingsProvider::TRUSTED); | |
| 81 callback.Run(); | |
| 82 } | |
| 83 } | |
| 84 | |
| 85 bool ChromeLoginPerformer::IsUserWhitelisted(const std::string& user_id, | |
| 86 bool* wildcard_match) { | |
| 87 return LoginUtils::IsWhitelisted(user_id, wildcard_match); | |
| 88 } | |
| 89 | |
| 90 void ChromeLoginPerformer::RunOnlineWhitelistCheck( | |
| 91 const std::string& user_id, | |
| 92 bool wildcard_match, | |
| 93 const base::Closure& success_callback, | |
| 94 const base::Closure& failure_callback) { | |
| 95 // On enterprise devices, reconfirm login permission with the server. | |
| 96 policy::BrowserPolicyConnectorChromeOS* connector = | |
| 97 g_browser_process->platform_part()->browser_policy_connector_chromeos(); | |
| 98 if (connector->IsEnterpriseManaged() && wildcard_match && | |
| 99 !connector->IsNonEnterpriseUser(user_id)) { | |
| 100 wildcard_login_checker_.reset(new policy::WildcardLoginChecker()); | |
| 101 wildcard_login_checker_->Start( | |
| 102 ProfileHelper::GetSigninProfile()->GetRequestContext(), | |
| 103 base::Bind(&ChromeLoginPerformer::OnlineWildcardLoginCheckCompleted, | |
| 104 weak_factory_.GetWeakPtr(), | |
| 105 success_callback, | |
| 106 failure_callback)); | |
| 107 } else { | |
| 108 success_callback.Run(); | |
| 109 } | |
| 110 } | |
| 111 | |
| 112 scoped_refptr<Authenticator> ChromeLoginPerformer::CreateAuthenticator() { | |
| 113 return LoginUtils::Get()->CreateAuthenticator(this); | |
| 114 } | |
| 115 | |
| 116 bool ChromeLoginPerformer::AreSupervisedUsersAllowed() { | |
| 117 return user_manager::UserManager::Get()->AreSupervisedUsersAllowed(); | |
| 118 } | |
| 119 | |
| 120 bool ChromeLoginPerformer::UseExtendedAuthenticatorForSupervisedUser( | |
| 121 const UserContext& user_context) { | |
| 122 SupervisedUserAuthentication* authentication = | |
| 123 ChromeUserManager::Get()->GetSupervisedUserManager()->GetAuthentication(); | |
| 124 return authentication->GetPasswordSchema(user_context.GetUserID()) == | |
| 125 SupervisedUserAuthentication::SCHEMA_SALT_HASHED; | |
| 126 } | |
| 127 | |
| 128 UserContext ChromeLoginPerformer::TransformSupervisedKey( | |
| 129 const UserContext& context) { | |
| 130 SupervisedUserAuthentication* authentication = | |
| 131 ChromeUserManager::Get()->GetSupervisedUserManager()->GetAuthentication(); | |
| 132 return authentication->TransformKey(context); | |
| 133 } | |
| 134 | |
| 135 void ChromeLoginPerformer::SetupSupervisedUserFlow(const std::string& user_id) { | |
| 136 SupervisedUserLoginFlow* new_flow = new SupervisedUserLoginFlow(user_id); | |
| 137 new_flow->set_host(ChromeUserManager::Get()->GetUserFlow(user_id)->host()); | |
| 138 ChromeUserManager::Get()->SetUserFlow(user_id, new_flow); | |
| 139 } | |
| 140 | |
| 141 bool ChromeLoginPerformer::CheckPolicyForUser(const std::string& user_id) { | |
| 142 // Login is not allowed if policy could not be loaded for the account. | |
| 143 policy::BrowserPolicyConnectorChromeOS* connector = | |
| 144 g_browser_process->platform_part()->browser_policy_connector_chromeos(); | |
| 145 policy::DeviceLocalAccountPolicyService* policy_service = | |
| 146 connector->GetDeviceLocalAccountPolicyService(); | |
| 147 return policy_service && policy_service->IsPolicyAvailableForUser(user_id); | |
| 148 } | |
| 149 //////////////////////////////////////////////////////////////////////////////// | |
| 150 // ChromeLoginPerformer, private: | |
| 151 | |
| 152 content::BrowserContext* ChromeLoginPerformer::GetSigninContext() { | |
| 153 return ProfileHelper::GetSigninProfile(); | |
| 154 } | |
| 155 | |
| 156 net::URLRequestContextGetter* ChromeLoginPerformer::GetSigninRequestContext() { | |
| 157 return ProfileHelper::GetSigninProfile()->GetRequestContext(); | |
| 158 } | |
| 159 | |
| 160 void ChromeLoginPerformer::OnlineWildcardLoginCheckCompleted( | |
| 161 const base::Closure& success_callback, | |
| 162 const base::Closure& failure_callback, | |
| 163 policy::WildcardLoginChecker::Result result) { | |
| 164 if (result == policy::WildcardLoginChecker::RESULT_ALLOWED) { | |
| 165 success_callback.Run(); | |
| 166 } else { | |
| 167 failure_callback.Run(); | |
| 168 } | |
| 169 } | |
| 170 | |
| 171 } // namespace chromeos | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 681593003:
Revert of Extract LoginPerformer to chromeos/auth (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master