Chromium Code Reviews Chromium Code Reviews
Issue 9466005:
Make sure the device recovers from policy loss in the consumer case. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CHROME_BROWSER_CHROMEOS_LOGIN_PARALLEL_AUTHENTICATOR_H_ | 5 #ifndef CHROME_BROWSER_CHROMEOS_LOGIN_PARALLEL_AUTHENTICATOR_H_ |
| 6 #define CHROME_BROWSER_CHROMEOS_LOGIN_PARALLEL_AUTHENTICATOR_H_ | 6 #define CHROME_BROWSER_CHROMEOS_LOGIN_PARALLEL_AUTHENTICATOR_H_ |
| 7 #pragma once | 7 #pragma once |
| 8 | 8 |
| 9 #include <string> | 9 #include <string> |
| 10 | 10 |
| (...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 55 POSSIBLE_PW_CHANGE, // Offline login failed, user may have changed pw. | 55 POSSIBLE_PW_CHANGE, // Offline login failed, user may have changed pw. |
| 56 NEED_NEW_PW, // User changed pw, and we have the old one. | 56 NEED_NEW_PW, // User changed pw, and we have the old one. |
| 57 NEED_OLD_PW, // User changed pw, and we have the new one. | 57 NEED_OLD_PW, // User changed pw, and we have the new one. |
| 58 HAVE_NEW_PW, // We have verified new pw, time to migrate key. | 58 HAVE_NEW_PW, // We have verified new pw, time to migrate key. |
| 59 OFFLINE_LOGIN, // Login succeeded offline. | 59 OFFLINE_LOGIN, // Login succeeded offline. |
| 60 DEMO_LOGIN, // Logged in as the demo user. | 60 DEMO_LOGIN, // Logged in as the demo user. |
| 61 ONLINE_LOGIN, // Offline and online login succeeded. | 61 ONLINE_LOGIN, // Offline and online login succeeded. |
| 62 UNLOCK, // Screen unlock succeeded. | 62 UNLOCK, // Screen unlock succeeded. |
| 63 ONLINE_FAILED, // Online login disallowed, but offline succeeded. | 63 ONLINE_FAILED, // Online login disallowed, but offline succeeded. |
| 64 GUEST_LOGIN, // Logged in guest mode. | 64 GUEST_LOGIN, // Logged in guest mode. |
| 65 LOGIN_FAILED // Login denied. | 65 LOGIN_FAILED, // Login denied. |
| 66 OWNER_REQUIRED // Login is restricted to the owner only. | |
| 66 }; | 67 }; |
| 67 | 68 |
| 68 explicit ParallelAuthenticator(LoginStatusConsumer* consumer); | 69 explicit ParallelAuthenticator(LoginStatusConsumer* consumer); |
| 69 virtual ~ParallelAuthenticator(); | 70 virtual ~ParallelAuthenticator(); |
| 70 | 71 |
| 71 // Authenticator overrides. | 72 // Authenticator overrides. |
| 72 virtual void CompleteLogin(Profile* profile, | 73 virtual void CompleteLogin(Profile* profile, |
| 73 const std::string& username, | 74 const std::string& username, |
| 74 const std::string& password) OVERRIDE; | 75 const std::string& password) OVERRIDE; |
| 75 | 76 |
| (...skipping 113 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 189 // Used for testing. | 190 // Used for testing. |
| 190 void set_attempt_state(TestAttemptState* new_state) { // takes ownership. | 191 void set_attempt_state(TestAttemptState* new_state) { // takes ownership. |
| 191 current_state_.reset(new_state); | 192 current_state_.reset(new_state); |
| 192 } | 193 } |
| 193 | 194 |
| 194 // Sets an online attemp for testing. | 195 // Sets an online attemp for testing. |
| 195 void set_online_attempt(OnlineAttempt* attempt) { | 196 void set_online_attempt(OnlineAttempt* attempt) { |
| 196 current_online_ = attempt; | 197 current_online_ = attempt; |
| 197 } | 198 } |
| 198 | 199 |
| 200 // Used for testing to set the expected state of an owner check. | |
| 201 void SetOwnerState(bool owner_check_finished, bool check_result); | |
| 202 | |
| 199 // If we don't have the system salt yet, loads it from the CryptohomeLibrary. | 203 // If we don't have the system salt yet, loads it from the CryptohomeLibrary. |
| 200 void LoadSystemSalt(); | 204 void LoadSystemSalt(); |
| 201 // If we don't have supplemental_user_key_ yet, loads it from the NSS DB. | 205 // If we don't have supplemental_user_key_ yet, loads it from the NSS DB. |
| 202 // Returns false if the key can not be loaded/created. | 206 // Returns false if the key can not be loaded/created. |
| 203 bool LoadSupplementalUserKey(); | 207 bool LoadSupplementalUserKey(); |
| 204 | 208 |
| 209 // checks if the current mounted home contains the owner case and either | |
| 210 // continues or fails the log-in. Used for policy lost mitigation "safe-mode". | |
| 211 void VerifyOwnerOnUIThread(); | |
| 212 | |
| 213 // checks if the current mounted home contains the owner case and either | |
| 214 // continues or fails the log-in. Used for policy lost mitigation "safe-mode". | |
| 215 void FinishVerifyOwnerOnFileThread(); | |
| 216 | |
| 217 | |
| 205 // Records OAuth1 access token verification failure for |user_account|. | 218 // Records OAuth1 access token verification failure for |user_account|. |
| 206 void RecordOAuthCheckFailure(const std::string& user_account); | 219 void RecordOAuthCheckFailure(const std::string& user_account); |
| 207 | 220 |
| 208 // Signal login completion status for cases when a new user is added via | 221 // Signal login completion status for cases when a new user is added via |
| 209 // an external authentication provider (i.e. GAIA extension). | 222 // an external authentication provider (i.e. GAIA extension). |
| 210 void ResolveLoginCompletionStatus(); | 223 void ResolveLoginCompletionStatus(); |
| 211 | 224 |
| 212 // Used when we need to try online authentication again, after successful | 225 // Used when we need to try online authentication again, after successful |
| 213 // mount, but failed online login. | 226 // mount, but failed online login. |
| 214 scoped_ptr<AuthAttemptState> reauth_state_; | 227 scoped_ptr<AuthAttemptState> reauth_state_; |
| 215 | 228 |
| 216 scoped_ptr<AuthAttemptState> current_state_; | 229 scoped_ptr<AuthAttemptState> current_state_; |
| 217 scoped_refptr<OnlineAttempt> current_online_; | 230 scoped_refptr<OnlineAttempt> current_online_; |
| 218 bool migrate_attempted_; | 231 bool migrate_attempted_; |
| 219 bool remove_attempted_; | 232 bool remove_attempted_; |
| 220 bool mount_guest_attempted_; | 233 bool mount_guest_attempted_; |
| 221 bool check_key_attempted_; | 234 bool check_key_attempted_; |
| 222 | 235 |
| 223 // When the user has changed her password, but gives us the old one, we will | 236 // When the user has changed her password, but gives us the old one, we will |
| 224 // be able to mount her cryptohome, but online authentication will fail. | 237 // be able to mount her cryptohome, but online authentication will fail. |
| 225 // This allows us to present the same behavior to the caller, regardless | 238 // This allows us to present the same behavior to the caller, regardless |
| 226 // of the order in which we receive these results. | 239 // of the order in which we receive these results. |
| 227 bool already_reported_success_; | 240 bool already_reported_success_; |
| 228 base::Lock success_lock_; // A lock around already_reported_success_. | 241 base::Lock success_lock_; // A lock around |already_reported_success_|. |
| 242 | |
| 243 // Flags signaling whether the owner verification has been done and the result | |
| 244 // of it. | |
| 245 bool owner_is_verified_; | |
| 246 bool user_can_login_; | |
| 247 // A lock for |owner_is_verified_| and |current_user_is_owner_|. | |
|
Chris Masone
2012/03/13 16:45:53
I don't see current_user_is_owner_
pastarmovj
2012/03/22 11:48:01
Done.
| |
| 248 base::Lock owner_verified_lock_; | |
| 229 | 249 |
| 230 // True if we use OAuth-based authentication flow. | 250 // True if we use OAuth-based authentication flow. |
| 231 bool using_oauth_; | 251 bool using_oauth_; |
| 232 | 252 |
| 233 friend class ResolveChecker; | 253 friend class ResolveChecker; |
| 234 friend class ParallelAuthenticatorTest; | 254 friend class ParallelAuthenticatorTest; |
| 255 FRIEND_TEST_ALL_PREFIXES(ParallelAuthenticatorTest, | |
| 256 ResolveOwnerNeededDirectFailedMount); | |
| 257 FRIEND_TEST_ALL_PREFIXES(ParallelAuthenticatorTest, ResolveOwnerNeededMount); | |
| 258 FRIEND_TEST_ALL_PREFIXES(ParallelAuthenticatorTest, | |
| 259 ResolveOwnerNeededFailedMount); | |
| 235 DISALLOW_COPY_AND_ASSIGN(ParallelAuthenticator); | 260 DISALLOW_COPY_AND_ASSIGN(ParallelAuthenticator); |
| 236 }; | 261 }; |
| 237 | 262 |
| 238 } // namespace chromeos | 263 } // namespace chromeos |
| 239 | 264 |
| 240 #endif // CHROME_BROWSER_CHROMEOS_LOGIN_PARALLEL_AUTHENTICATOR_H_ | 265 #endif // CHROME_BROWSER_CHROMEOS_LOGIN_PARALLEL_AUTHENTICATOR_H_ |
| OLD | NEW |
