search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix infinite recursion on hiding panel when created during fullscreen mode.
[chromium-blink-merge.git] / chrome / browser / chromeos / login / extended_authenticator.h
blobca2124a18aef3937f268c7277f9dd54c59fa7a75
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #ifndef CHROME_BROWSER_CHROMEOS_LOGIN_EXTENDED_AUTHENTICATOR_H_
6 #define CHROME_BROWSER_CHROMEOS_LOGIN_EXTENDED_AUTHENTICATOR_H_
7
8 #include <string>
9
10 #include "base/basictypes.h"
11 #include "base/callback.h"
12 #include "base/compiler_specific.h"
13 #include "base/memory/ref_counted.h"
14 #include "base/memory/scoped_ptr.h"
15 #include "chrome/browser/chromeos/login/user.h"
16 #include "chromeos/cryptohome/cryptohome_parameters.h"
17 #include "third_party/cros_system_api/dbus/service_constants.h"
18
19 namespace chromeos {
20
21 class LoginStatusConsumer;
22
23 // Interaction with cryptohome : mounting home dirs, create new home dirs,
24 // udpate passwords.
25 //
26 // Typical flow:
27 // AuthenticateToMount() calls a Cryptohome to perform offline login,
28 // AuthenticateToCreate() calls a Cryptohome to create new cryptohome.
29 class ExtendedAuthenticator
30 : public base::RefCountedThreadSafe<ExtendedAuthenticator> {
31 public:
32 enum AuthState {
33 SUCCESS, // Login succeeded.
34 NO_MOUNT, // No cryptohome exist for user.
35 FAILED_MOUNT, // Failed to mount existing cryptohome - login failed.
36 FAILED_TPM, // Failed to mount/create cryptohome because of TPM error.
37 };
38
39 typedef base::Callback<void(const std::string& hash)> HashSuccessCallback;
40 typedef base::Callback<void(const UserContext& context)> ContextCallback;
41
42 class AuthStatusConsumer {
43 public:
44 virtual ~AuthStatusConsumer() {}
45 // The current login attempt has ended in failure, with error.
46 virtual void OnAuthenticationFailure(AuthState state) = 0;
47 };
48
49 explicit ExtendedAuthenticator(AuthStatusConsumer* consumer);
50 explicit ExtendedAuthenticator(LoginStatusConsumer* consumer);
51
52 // Updates consumer of the class.
53 void SetConsumer(LoginStatusConsumer* consumer);
54
55 // This call will attempt to mount home dir for user, key (and key label)
56 // specified in |context|. If |context.need_password_hashing| is true, the key
57 // will be hashed with password salt before passing it to cryptohome. This
58 // call assumes that homedir already exist for user, otherwise call will
59 // result in error. On success username hash (used as mount point) will be
60 // passed to |success_callback|.
61 void AuthenticateToMount(const UserContext& context,
62 const HashSuccessCallback& success_callback);
63
64 // This call will attempt to authenticate |user| with key (and key label)
65 // specified in |context|. No actions are taken upon authentication.
66 void AuthenticateToCheck(const UserContext& context,
67 const base::Closure& success_callback);
68
69 // This call will create and mount home dir for |user_id| with supplied
70 // |keys| if home dir is missing. If homedir already exist, the mount attempt
71 // will be performed using first key for |auth|.
72 // Note, that all keys in |keys| should be already hashed with system salt if
73 // it is necessary, this method does not alter them.
74 void CreateMount(const std::string& user_id,
75 const std::vector<cryptohome::KeyDefinition>& keys,
76 const HashSuccessCallback& success_callback);
77
78 // Hashes |password| with system salt. Result will be passed to
79 // |success_callback|.
80 void HashPasswordWithSalt(const std::string& password,
81 const HashSuccessCallback& success_callback);
82
83 // Attempts to add new |key| for user identified/authorized by |context|.
84 // If if key with same label already exist, behavior depends on
85 // |replace_existing| flag. If flag is set, old key will be replaced. If it
86 // is not set, attempt will lead to error.
87 // It is prohibited to use same key label both in |auth| and |key|.
88 void AddKey(const UserContext& context,
89 const cryptohome::KeyDefinition& key,
90 bool replace_existing,
91 const base::Closure& success_callback);
92
93 // Attempts to perform an authorized update of the key specified in |context|
94 // with new |key|. Update is authorized by providing |signature| of the key.
95 // Original key should have |PRIV_AUTHORIZED_UPDATE| privilege to perform this
96 // operation. Key label in |context| and in |key| should be the same.
97 void UpdateKeyAuthorized(const UserContext& context,
98 const cryptohome::KeyDefinition& key,
99 const std::string& signature,
100 const base::Closure& success_callback);
101
102 // Attempts to remove |key_to_remove|-labelled key for user
103 // identified/authorized by |context|. It is possible to remove the key used
104 // for authorization, although it should be done with extreme care.
105 void RemoveKey(const UserContext& context,
106 const std::string& key_to_remove,
107 const base::Closure& success_callback);
108
109 // Transforms |user_context| so that it can be used by DoNNN methods.
110 // Currently it consists of hashing password with system salt if needed.
111 void TransformContext(const UserContext& user_context,
112 const ContextCallback& callback);
113
114 private:
115 friend class base::RefCountedThreadSafe<ExtendedAuthenticator>;
116
117 ~ExtendedAuthenticator();
118
119 typedef base::Callback<void(const std::string& system_salt)>
120 PendingHashCallback;
121
122 // Callback for system salt getter.
123 void OnSaltObtained(const std::string& system_salt);
124
125 // Updates UserContext (salts given key with system salt) if necessary.
126 void UpdateContextToMount(const UserContext& context,
127 const std::string& hashed_password);
128 void UpdateContextAndCheckKey(const UserContext& context,
129 const std::string& hashed_password);
130
131 // Performs actual operation with fully configured |context|.
132 void DoAuthenticateToMount(const HashSuccessCallback& success_callback,
133 const UserContext& context);
134 void DoAuthenticateToCheck(const base::Closure& success_callback,
135 const UserContext& context);
136 void DoAddKey(const cryptohome::KeyDefinition& key,
137 bool replace_existing,
138 const base::Closure& success_callback,
139 const UserContext& context);
140 void DoUpdateKeyAuthorized(const cryptohome::KeyDefinition& key,
141 const std::string& signature,
142 const base::Closure& success_callback,
143 const UserContext& context);
144 void DoRemoveKey(const std::string& key_to_remove,
145 const base::Closure& success_callback,
146 const UserContext& context);
147
148 // Inner operation callbacks.
149 void OnMountComplete(const std::string& time_marker,
150 const UserContext& context,
151 const HashSuccessCallback& success_callback,
152 bool success,
153 cryptohome::MountError return_code,
154 const std::string& mount_hash);
155 void OnOperationComplete(const std::string& time_marker,
156 const UserContext& context,
157 const base::Closure& success_callback,
158 bool success,
159 cryptohome::MountError return_code);
160
161 // Inner implementation for hashing |password| with system salt. Will queue
162 // requests if |system_salt| is not known yet.
163 // Invokes |callback| with result.
164 void DoHashWithSalt(const std::string& password,
165 const HashSuccessCallback& callback,
166 const std::string& system_salt);
167
168 // Callback from previous method.
169 void DidTransformContext(const UserContext& user_context,
170 const ContextCallback& callback,
171 const std::string& hashed_password);
172
173 bool salt_obtained_;
174 std::string system_salt_;
175 std::vector<PendingHashCallback> hashing_queue_;
176
177 AuthStatusConsumer* consumer_;
178 LoginStatusConsumer* old_consumer_;
179
180 DISALLOW_COPY_AND_ASSIGN(ExtendedAuthenticator);
181 };
182
183 } // namespace chromeos
184
185 #endif // CHROME_BROWSER_CHROMEOS_LOGIN_EXTENDED_AUTHENTICATOR_H_