Chromium Code Reviews Chromium Code Reviews
Issue 221813006:
Various supervised user password fixes - 2 (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/login/managed/managed_user_creation_controller _new.h" | 5 #include "chrome/browser/chromeos/login/managed/managed_user_creation_controller _new.h" |
| 6 | 6 |
| 7 #include "base/base64.h" | 7 #include "base/base64.h" |
| 8 #include "base/bind.h" | 8 #include "base/bind.h" |
| 9 #include "base/file_util.h" | 9 #include "base/file_util.h" |
| 10 #include "base/files/file_path.h" | 10 #include "base/files/file_path.h" |
| (...skipping 118 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 129 creation_context_->signature_key = signature_key; | 129 creation_context_->signature_key = signature_key; |
| 130 creation_context_->encryption_key = encryption_key; | 130 creation_context_->encryption_key = encryption_key; |
| 131 | 131 |
| 132 creation_context_->password_data.MergeDictionary(password_data); | 132 creation_context_->password_data.MergeDictionary(password_data); |
| 133 | 133 |
| 134 StartCreationImpl(); | 134 StartCreationImpl(); |
| 135 } | 135 } |
| 136 | 136 |
| 137 void ManagedUserCreationControllerNew::StartCreationImpl() { | 137 void ManagedUserCreationControllerNew::StartCreationImpl() { |
| 138 DCHECK(creation_context_); | 138 DCHECK(creation_context_); |
| 139 DCHECK(stage_ == STAGE_INITIAL); | 139 DCHECK_EQ(stage_, STAGE_INITIAL); |
|
Bernhard Bauer
2014/04/02 14:05:28
Nit: expected value goes first.
Denis Kuznetsov (DE-MUC)
2014/04/02 14:48:51
Done.
| |
| 140 VLOG(1) << "Starting supervised user creation"; | 140 VLOG(1) << "Starting supervised user creation"; |
| 141 VLOG(1) << " Phase 1 : Prepare keys"; | 141 VLOG(1) << " Phase 1 : Prepare keys"; |
| 142 | 142 |
| 143 SupervisedUserManager* manager = | 143 SupervisedUserManager* manager = |
| 144 UserManager::Get()->GetSupervisedUserManager(); | 144 UserManager::Get()->GetSupervisedUserManager(); |
| 145 manager->StartCreationTransaction(creation_context_->display_name); | 145 manager->StartCreationTransaction(creation_context_->display_name); |
| 146 | 146 |
| 147 creation_context_->local_user_id = manager->GenerateUserId(); | 147 creation_context_->local_user_id = manager->GenerateUserId(); |
| 148 if (creation_context_->creation_type == NEW_USER) { | 148 if (creation_context_->creation_type == NEW_USER) { |
| 149 creation_context_->sync_user_id = | 149 creation_context_->sync_user_id = |
| (...skipping 92 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 242 NOTREACHED(); | 242 NOTREACHED(); |
| 243 } | 243 } |
| 244 stage_ = STAGE_ERROR; | 244 stage_ = STAGE_ERROR; |
| 245 if (consumer_) | 245 if (consumer_) |
| 246 consumer_->OnCreationError(code); | 246 consumer_->OnCreationError(code); |
| 247 } | 247 } |
| 248 | 248 |
| 249 void ManagedUserCreationControllerNew::OnMountSuccess( | 249 void ManagedUserCreationControllerNew::OnMountSuccess( |
| 250 const std::string& mount_hash) { | 250 const std::string& mount_hash) { |
| 251 DCHECK(creation_context_); | 251 DCHECK(creation_context_); |
| 252 DCHECK(stage_ == KEYS_GENERATED); | 252 DCHECK_EQ(stage_, KEYS_GENERATED); |
| 253 VLOG(1) << " Phase 2.2 : Created home dir with master key"; | 253 VLOG(1) << " Phase 2.2 : Created home dir with master key"; |
| 254 | 254 |
| 255 creation_context_->mount_hash = mount_hash; | 255 creation_context_->mount_hash = mount_hash; |
| 256 | 256 |
| 257 // Plain text password, hashed and salted with individual salt. | 257 // Plain text password, hashed and salted with individual salt. |
| 258 // It can be used for mounting homedir, and can be replaced only when signed. | 258 // It can be used for mounting homedir, and can be replaced only when signed. |
| 259 cryptohome::KeyDefinition password_key(creation_context_->salted_password, | 259 cryptohome::KeyDefinition password_key(creation_context_->salted_password, |
| 260 kCryptohomeManagedUserKeyLabel, | 260 kCryptohomeManagedUserKeyLabel, |
| 261 kCryptohomeManagedUserKeyPrivileges); | 261 kCryptohomeManagedUserKeyPrivileges); |
| 262 base::Base64Decode(creation_context_->encryption_key, | 262 base::Base64Decode(creation_context_->encryption_key, |
| (...skipping 11 matching lines...) Expand all Loading... | |
| 274 authenticator_->AddKey( | 274 authenticator_->AddKey( |
| 275 context, | 275 context, |
| 276 password_key, | 276 password_key, |
| 277 true, | 277 true, |
| 278 base::Bind(&ManagedUserCreationControllerNew::OnAddKeySuccess, | 278 base::Bind(&ManagedUserCreationControllerNew::OnAddKeySuccess, |
| 279 weak_factory_.GetWeakPtr())); | 279 weak_factory_.GetWeakPtr())); |
| 280 } | 280 } |
| 281 | 281 |
| 282 void ManagedUserCreationControllerNew::OnAddKeySuccess() { | 282 void ManagedUserCreationControllerNew::OnAddKeySuccess() { |
| 283 DCHECK(creation_context_); | 283 DCHECK(creation_context_); |
| 284 DCHECK(stage_ == KEYS_GENERATED); | 284 DCHECK_EQ(stage_, KEYS_GENERATED); |
| 285 stage_ = CRYPTOHOME_CREATED; | 285 stage_ = CRYPTOHOME_CREATED; |
| 286 | 286 |
| 287 VLOG(1) << " Phase 3 : Create/update user on chrome.com/manage"; | 287 VLOG(1) << " Phase 3 : Create/update user on chrome.com/manage"; |
| 288 | 288 |
| 289 ProfileSyncService* sync_service = | 289 ProfileSyncService* sync_service = |
| 290 ProfileSyncServiceFactory::GetInstance()->GetForProfile( | 290 ProfileSyncServiceFactory::GetInstance()->GetForProfile( |
| 291 creation_context_->manager_profile); | 291 creation_context_->manager_profile); |
| 292 ProfileSyncService::SyncStatusSummary status = | 292 ProfileSyncService::SyncStatusSummary status = |
| 293 sync_service->QuerySyncStatusSummary(); | 293 sync_service->QuerySyncStatusSummary(); |
| 294 | 294 |
| (...skipping 17 matching lines...) Expand all Loading... | |
| 312 creation_context_->sync_user_id, | 312 creation_context_->sync_user_id, |
| 313 info, | 313 info, |
| 314 base::Bind(&ManagedUserCreationControllerNew::RegistrationCallback, | 314 base::Bind(&ManagedUserCreationControllerNew::RegistrationCallback, |
| 315 weak_factory_.GetWeakPtr())); | 315 weak_factory_.GetWeakPtr())); |
| 316 } | 316 } |
| 317 | 317 |
| 318 void ManagedUserCreationControllerNew::RegistrationCallback( | 318 void ManagedUserCreationControllerNew::RegistrationCallback( |
| 319 const GoogleServiceAuthError& error, | 319 const GoogleServiceAuthError& error, |
| 320 const std::string& token) { | 320 const std::string& token) { |
| 321 DCHECK(creation_context_); | 321 DCHECK(creation_context_); |
| 322 DCHECK(stage_ == CRYPTOHOME_CREATED); | 322 DCHECK_EQ(stage_, CRYPTOHOME_CREATED); |
| 323 | 323 |
| 324 stage_ = DASHBOARD_CREATED; | 324 stage_ = DASHBOARD_CREATED; |
| 325 | 325 |
| 326 if (error.state() == GoogleServiceAuthError::NONE) { | 326 if (error.state() == GoogleServiceAuthError::NONE) { |
| 327 creation_context_->token = token; | 327 creation_context_->token = token; |
| 328 | 328 |
| 329 PostTaskAndReplyWithResult( | 329 PostTaskAndReplyWithResult( |
| 330 content::BrowserThread::GetBlockingPool(), | 330 content::BrowserThread::GetBlockingPool(), |
| 331 FROM_HERE, | 331 FROM_HERE, |
| 332 base::Bind(&StoreManagedUserFiles, | 332 base::Bind(&StoreManagedUserFiles, |
| 333 creation_context_->token, | 333 creation_context_->token, |
| 334 MountManager::GetHomeDir(creation_context_->mount_hash)), | 334 MountManager::GetHomeDir(creation_context_->mount_hash)), |
| 335 base::Bind(&ManagedUserCreationControllerNew::OnManagedUserFilesStored, | 335 base::Bind(&ManagedUserCreationControllerNew::OnManagedUserFilesStored, |
| 336 weak_factory_.GetWeakPtr())); | 336 weak_factory_.GetWeakPtr())); |
| 337 } else { | 337 } else { |
| 338 stage_ = STAGE_ERROR; | 338 stage_ = STAGE_ERROR; |
| 339 LOG(ERROR) << "Managed user creation failed. Error code " << error.state(); | 339 LOG(ERROR) << "Managed user creation failed. Error code " << error.state(); |
| 340 if (consumer_) | 340 if (consumer_) |
| 341 consumer_->OnCreationError(CLOUD_SERVER_ERROR); | 341 consumer_->OnCreationError(CLOUD_SERVER_ERROR); |
| 342 } | 342 } |
| 343 } | 343 } |
| 344 | 344 |
| 345 void ManagedUserCreationControllerNew::OnManagedUserFilesStored(bool success) { | 345 void ManagedUserCreationControllerNew::OnManagedUserFilesStored(bool success) { |
| 346 DCHECK(creation_context_); | 346 DCHECK(creation_context_); |
| 347 DCHECK(stage_ == DASHBOARD_CREATED); | 347 DCHECK_EQ(stage_, DASHBOARD_CREATED); |
| 348 | 348 |
| 349 if (!success) { | 349 if (!success) { |
| 350 stage_ = STAGE_ERROR; | 350 stage_ = STAGE_ERROR; |
| 351 if (consumer_) | 351 if (consumer_) |
| 352 consumer_->OnCreationError(TOKEN_WRITE_FAILED); | 352 consumer_->OnCreationError(TOKEN_WRITE_FAILED); |
| 353 return; | 353 return; |
| 354 } | 354 } |
| 355 // Assume that new token is valid. It will be automatically invalidated if | 355 // Assume that new token is valid. It will be automatically invalidated if |
| 356 // sync service fails to use it. | 356 // sync service fails to use it. |
| 357 UserManager::Get()->SaveUserOAuthStatus(creation_context_->local_user_id, | 357 UserManager::Get()->SaveUserOAuthStatus(creation_context_->local_user_id, |
| (...skipping 26 matching lines...) Expand all Loading... | |
| 384 creation_context_->registration_utility.reset(); | 384 creation_context_->registration_utility.reset(); |
| 385 chrome::AttemptUserExit(); | 385 chrome::AttemptUserExit(); |
| 386 } | 386 } |
| 387 | 387 |
| 388 std::string ManagedUserCreationControllerNew::GetManagedUserId() { | 388 std::string ManagedUserCreationControllerNew::GetManagedUserId() { |
| 389 DCHECK(creation_context_); | 389 DCHECK(creation_context_); |
| 390 return creation_context_->local_user_id; | 390 return creation_context_->local_user_id; |
| 391 } | 391 } |
| 392 | 392 |
| 393 } // namespace chromeos | 393 } // namespace chromeos |
| OLD | NEW |
