search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Pin Chrome's shortcut to the Win10 Start menu on install and OS upgrade.
[chromium-blink-merge.git] / chrome / browser / chromeos / login / users / supervised_user_manager_impl.cc
blob066846564f6db4530cfe15b60f9b36a6bf1e20d9
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/browser/chromeos/login/users/supervised_user_manager_impl.h"
6
7 #include "base/files/file_path.h"
8 #include "base/files/file_util.h"
9 #include "base/prefs/pref_registry_simple.h"
10 #include "base/prefs/pref_service.h"
11 #include "base/prefs/scoped_user_pref_update.h"
12 #include "base/strings/string_util.h"
13 #include "base/strings/stringprintf.h"
14 #include "base/strings/utf_string_conversions.h"
15 #include "base/threading/sequenced_worker_pool.h"
16 #include "base/values.h"
17 #include "chrome/browser/browser_process.h"
18 #include "chrome/browser/chromeos/login/supervised/supervised_user_authentication.h"
19 #include "chrome/browser/chromeos/login/supervised/supervised_user_constants.h"
20 #include "chrome/browser/chromeos/login/users/chrome_user_manager_impl.h"
21 #include "chrome/browser/chromeos/profiles/profile_helper.h"
22 #include "chrome/browser/supervised_user/supervised_user_service.h"
23 #include "chrome/browser/supervised_user/supervised_user_service_factory.h"
24 #include "chromeos/login/user_names.h"
25 #include "chromeos/settings/cros_settings_names.h"
26 #include "components/user_manager/user_type.h"
27 #include "content/public/browser/browser_thread.h"
28 #include "google_apis/gaia/gaia_auth_util.h"
29
30 using content::BrowserThread;
31
32 namespace {
33
34 // Names for pref keys in Local State.
35 // A map from supervised user local user id to sync user id.
36 const char kSupervisedUserSyncId[] = "ManagedUserSyncId";
37
38 // A map from supervised user id to manager user id.
39 const char kSupervisedUserManagers[] = "ManagedUserManagers";
40
41 // A map from supervised user id to manager display name.
42 const char kSupervisedUserManagerNames[] = "ManagedUserManagerNames";
43
44 // A map from supervised user id to manager display e-mail.
45 const char kSupervisedUserManagerDisplayEmails[] =
46 "ManagedUserManagerDisplayEmails";
47
48 // A vector pref of the supervised accounts defined on this device, that had
49 // not logged in yet.
50 const char kSupervisedUsersFirstRun[] = "LocallyManagedUsersFirstRun";
51
52 // A pref of the next id for supervised users generation.
53 const char kSupervisedUsersNextId[] = "LocallyManagedUsersNextId";
54
55 // A pref of the next id for supervised users generation.
56 const char kSupervisedUserCreationTransactionDisplayName[] =
57 "LocallyManagedUserCreationTransactionDisplayName";
58
59 // A pref of the next id for supervised users generation.
60 const char kSupervisedUserCreationTransactionUserId[] =
61 "LocallyManagedUserCreationTransactionUserId";
62
63 // A map from user id to password schema id.
64 const char kSupervisedUserPasswordSchema[] =
65 "SupervisedUserPasswordSchema";
66
67 // A map from user id to password salt.
68 const char kSupervisedUserPasswordSalt[] =
69 "SupervisedUserPasswordSalt";
70
71 // A map from user id to password revision.
72 const char kSupervisedUserPasswordRevision[] =
73 "SupervisedUserPasswordRevision";
74
75 // A map from user id to flag indicating if password should be updated upon
76 // signin.
77 const char kSupervisedUserNeedPasswordUpdate[] =
78 "SupervisedUserNeedPasswordUpdate";
79
80 // A map from user id to flag indicating if cryptohome does not have signature
81 // key.
82 const char kSupervisedUserIncompleteKey[] = "SupervisedUserHasIncompleteKey";
83
84 std::string LoadSyncToken(base::FilePath profile_dir) {
85 std::string token;
86 base::FilePath token_file =
87 profile_dir.Append(chromeos::kSupervisedUserTokenFilename);
88 VLOG(1) << "Loading" << token_file.value();
89 if (!base::ReadFileToString(token_file, &token))
90 return std::string();
91 return token;
92 }
93
94 } // namespace
95
96 namespace chromeos {
97
98 const char kSchemaVersion[] = "SchemaVersion";
99 const char kPasswordRevision[] = "PasswordRevision";
100 const char kSalt[] = "PasswordSalt";
101 const char kPasswordSignature[] = "PasswordSignature";
102 const char kEncryptedPassword[] = "EncryptedPassword";
103 const char kRequirePasswordUpdate[] = "RequirePasswordUpdate";
104 const char kHasIncompleteKey[] = "HasIncompleteKey";
105 const char kPasswordEncryptionKey[] = "password.hmac.encryption";
106 const char kPasswordSignatureKey[] = "password.hmac.signature";
107
108 const char kPasswordUpdateFile[] = "password.update";
109 const int kMinPasswordRevision = 1;
110
111 // static
112 void SupervisedUserManager::RegisterPrefs(PrefRegistrySimple* registry) {
113 registry->RegisterListPref(kSupervisedUsersFirstRun);
114 registry->RegisterIntegerPref(kSupervisedUsersNextId, 0);
115 registry->RegisterStringPref(
116 kSupervisedUserCreationTransactionDisplayName, "");
117 registry->RegisterStringPref(
118 kSupervisedUserCreationTransactionUserId, "");
119 registry->RegisterDictionaryPref(kSupervisedUserSyncId);
120 registry->RegisterDictionaryPref(kSupervisedUserManagers);
121 registry->RegisterDictionaryPref(kSupervisedUserManagerNames);
122 registry->RegisterDictionaryPref(kSupervisedUserManagerDisplayEmails);
123
124 registry->RegisterDictionaryPref(kSupervisedUserPasswordSchema);
125 registry->RegisterDictionaryPref(kSupervisedUserPasswordSalt);
126 registry->RegisterDictionaryPref(kSupervisedUserPasswordRevision);
127
128 registry->RegisterDictionaryPref(kSupervisedUserNeedPasswordUpdate);
129 registry->RegisterDictionaryPref(kSupervisedUserIncompleteKey);
130 }
131
132 SupervisedUserManagerImpl::SupervisedUserManagerImpl(
133 ChromeUserManagerImpl* owner)
134 : owner_(owner), cros_settings_(CrosSettings::Get()) {
135 // SupervisedUserManager instance should be used only on UI thread.
136 DCHECK_CURRENTLY_ON(BrowserThread::UI);
137 authentication_.reset(new SupervisedUserAuthentication(this));
138 }
139
140 SupervisedUserManagerImpl::~SupervisedUserManagerImpl() {
141 }
142
143 std::string SupervisedUserManagerImpl::GenerateUserId() {
144 int counter = g_browser_process->local_state()->
145 GetInteger(kSupervisedUsersNextId);
146 std::string id;
147 bool user_exists;
148 do {
149 id = base::StringPrintf(
150 "%d@%s", counter, chromeos::login::kSupervisedUserDomain);
151 counter++;
152 user_exists = (NULL != owner_->FindUser(id));
153 DCHECK(!user_exists);
154 if (user_exists) {
155 LOG(ERROR) << "Supervised user with id " << id << " already exists.";
156 }
157 } while (user_exists);
158
159 g_browser_process->local_state()->
160 SetInteger(kSupervisedUsersNextId, counter);
161
162 g_browser_process->local_state()->CommitPendingWrite();
163 return id;
164 }
165
166 bool SupervisedUserManagerImpl::HasSupervisedUsers(
167 const std::string& manager_id) const {
168 const user_manager::UserList& users = owner_->GetUsers();
169 for (user_manager::UserList::const_iterator it = users.begin();
170 it != users.end();
171 ++it) {
172 if ((*it)->GetType() == user_manager::USER_TYPE_SUPERVISED) {
173 if (manager_id == GetManagerUserId((*it)->email()))
174 return true;
175 }
176 }
177 return false;
178 }
179
180 const user_manager::User* SupervisedUserManagerImpl::CreateUserRecord(
181 const std::string& manager_id,
182 const std::string& local_user_id,
183 const std::string& sync_user_id,
184 const base::string16& display_name) {
185 const user_manager::User* user = FindByDisplayName(display_name);
186 DCHECK(!user);
187 if (user)
188 return user;
189 const user_manager::User* manager = owner_->FindUser(manager_id);
190 CHECK(manager);
191
192 PrefService* local_state = g_browser_process->local_state();
193
194 user_manager::User* new_user =
195 user_manager::User::CreateSupervisedUser(local_user_id);
196
197 owner_->AddUserRecord(new_user);
198
199 ListPrefUpdate prefs_new_users_update(local_state,
200 kSupervisedUsersFirstRun);
201 DictionaryPrefUpdate sync_id_update(local_state, kSupervisedUserSyncId);
202 DictionaryPrefUpdate manager_update(local_state, kSupervisedUserManagers);
203 DictionaryPrefUpdate manager_name_update(local_state,
204 kSupervisedUserManagerNames);
205 DictionaryPrefUpdate manager_email_update(
206 local_state,
207 kSupervisedUserManagerDisplayEmails);
208
209 prefs_new_users_update->Insert(0, new base::StringValue(local_user_id));
210
211 sync_id_update->SetWithoutPathExpansion(local_user_id,
212 new base::StringValue(sync_user_id));
213 manager_update->SetWithoutPathExpansion(local_user_id,
214 new base::StringValue(manager->email()));
215 manager_name_update->SetWithoutPathExpansion(local_user_id,
216 new base::StringValue(manager->GetDisplayName()));
217 manager_email_update->SetWithoutPathExpansion(local_user_id,
218 new base::StringValue(manager->display_email()));
219
220 owner_->SaveUserDisplayName(local_user_id, display_name);
221
222 g_browser_process->local_state()->CommitPendingWrite();
223 return new_user;
224 }
225
226 std::string SupervisedUserManagerImpl::GetUserSyncId(const std::string& user_id)
227 const {
228 std::string result;
229 GetUserStringValue(user_id, kSupervisedUserSyncId, &result);
230 return result;
231 }
232
233 base::string16 SupervisedUserManagerImpl::GetManagerDisplayName(
234 const std::string& user_id) const {
235 PrefService* local_state = g_browser_process->local_state();
236 const base::DictionaryValue* manager_names =
237 local_state->GetDictionary(kSupervisedUserManagerNames);
238 base::string16 result;
239 if (manager_names->GetStringWithoutPathExpansion(user_id, &result) &&
240 !result.empty())
241 return result;
242 return base::UTF8ToUTF16(GetManagerDisplayEmail(user_id));
243 }
244
245 std::string SupervisedUserManagerImpl::GetManagerUserId(
246 const std::string& user_id) const {
247 std::string result;
248 GetUserStringValue(user_id, kSupervisedUserManagers, &result);
249 return result;
250 }
251
252 std::string SupervisedUserManagerImpl::GetManagerDisplayEmail(
253 const std::string& user_id) const {
254 std::string result;
255 if (GetUserStringValue(user_id,
256 kSupervisedUserManagerDisplayEmails,
257 &result) &&
258 !result.empty())
259 return result;
260 return GetManagerUserId(user_id);
261 }
262
263 void SupervisedUserManagerImpl::GetPasswordInformation(
264 const std::string& user_id,
265 base::DictionaryValue* result) {
266 int value;
267 if (GetUserIntegerValue(user_id, kSupervisedUserPasswordSchema, &value))
268 result->SetIntegerWithoutPathExpansion(kSchemaVersion, value);
269 if (GetUserIntegerValue(user_id, kSupervisedUserPasswordRevision, &value))
270 result->SetIntegerWithoutPathExpansion(kPasswordRevision, value);
271
272 bool flag;
273 if (GetUserBooleanValue(user_id, kSupervisedUserNeedPasswordUpdate, &flag))
274 result->SetBooleanWithoutPathExpansion(kRequirePasswordUpdate, flag);
275 if (GetUserBooleanValue(user_id, kSupervisedUserIncompleteKey, &flag))
276 result->SetBooleanWithoutPathExpansion(kHasIncompleteKey, flag);
277
278 std::string salt;
279 if (GetUserStringValue(user_id, kSupervisedUserPasswordSalt, &salt))
280 result->SetStringWithoutPathExpansion(kSalt, salt);
281 }
282
283 void SupervisedUserManagerImpl::SetPasswordInformation(
284 const std::string& user_id,
285 const base::DictionaryValue* password_info) {
286 int value;
287 if (password_info->GetIntegerWithoutPathExpansion(kSchemaVersion, &value))
288 SetUserIntegerValue(user_id, kSupervisedUserPasswordSchema, value);
289 if (password_info->GetIntegerWithoutPathExpansion(kPasswordRevision, &value))
290 SetUserIntegerValue(user_id, kSupervisedUserPasswordRevision, value);
291
292 bool flag;
293 if (password_info->GetBooleanWithoutPathExpansion(kRequirePasswordUpdate,
294 &flag)) {
295 SetUserBooleanValue(user_id, kSupervisedUserNeedPasswordUpdate, flag);
296 }
297 if (password_info->GetBooleanWithoutPathExpansion(kHasIncompleteKey, &flag))
298 SetUserBooleanValue(user_id, kSupervisedUserIncompleteKey, flag);
299
300 std::string salt;
301 if (password_info->GetStringWithoutPathExpansion(kSalt, &salt))
302 SetUserStringValue(user_id, kSupervisedUserPasswordSalt, salt);
303 g_browser_process->local_state()->CommitPendingWrite();
304 }
305
306 bool SupervisedUserManagerImpl::GetUserStringValue(
307 const std::string& user_id,
308 const char* key,
309 std::string* out_value) const {
310 PrefService* local_state = g_browser_process->local_state();
311 const base::DictionaryValue* dictionary = local_state->GetDictionary(key);
312 return dictionary->GetStringWithoutPathExpansion(user_id, out_value);
313 }
314
315 bool SupervisedUserManagerImpl::GetUserIntegerValue(
316 const std::string& user_id,
317 const char* key,
318 int* out_value) const {
319 PrefService* local_state = g_browser_process->local_state();
320 const base::DictionaryValue* dictionary = local_state->GetDictionary(key);
321 return dictionary->GetIntegerWithoutPathExpansion(user_id, out_value);
322 }
323
324 bool SupervisedUserManagerImpl::GetUserBooleanValue(const std::string& user_id,
325 const char* key,
326 bool* out_value) const {
327 PrefService* local_state = g_browser_process->local_state();
328 const base::DictionaryValue* dictionary = local_state->GetDictionary(key);
329 return dictionary->GetBooleanWithoutPathExpansion(user_id, out_value);
330 }
331
332 void SupervisedUserManagerImpl::SetUserStringValue(
333 const std::string& user_id,
334 const char* key,
335 const std::string& value) {
336 PrefService* local_state = g_browser_process->local_state();
337 DictionaryPrefUpdate update(local_state, key);
338 update->SetStringWithoutPathExpansion(user_id, value);
339 }
340
341 void SupervisedUserManagerImpl::SetUserIntegerValue(
342 const std::string& user_id,
343 const char* key,
344 const int value) {
345 PrefService* local_state = g_browser_process->local_state();
346 DictionaryPrefUpdate update(local_state, key);
347 update->SetIntegerWithoutPathExpansion(user_id, value);
348 }
349
350 void SupervisedUserManagerImpl::SetUserBooleanValue(const std::string& user_id,
351 const char* key,
352 const bool value) {
353 PrefService* local_state = g_browser_process->local_state();
354 DictionaryPrefUpdate update(local_state, key);
355 update->SetBooleanWithoutPathExpansion(user_id, value);
356 }
357
358 const user_manager::User* SupervisedUserManagerImpl::FindByDisplayName(
359 const base::string16& display_name) const {
360 DCHECK_CURRENTLY_ON(BrowserThread::UI);
361 const user_manager::UserList& users = owner_->GetUsers();
362 for (user_manager::UserList::const_iterator it = users.begin();
363 it != users.end();
364 ++it) {
365 if (((*it)->GetType() == user_manager::USER_TYPE_SUPERVISED) &&
366 ((*it)->display_name() == display_name)) {
367 return *it;
368 }
369 }
370 return NULL;
371 }
372
373 const user_manager::User* SupervisedUserManagerImpl::FindBySyncId(
374 const std::string& sync_id) const {
375 DCHECK_CURRENTLY_ON(BrowserThread::UI);
376 const user_manager::UserList& users = owner_->GetUsers();
377 for (user_manager::UserList::const_iterator it = users.begin();
378 it != users.end();
379 ++it) {
380 if (((*it)->GetType() == user_manager::USER_TYPE_SUPERVISED) &&
381 (GetUserSyncId((*it)->email()) == sync_id)) {
382 return *it;
383 }
384 }
385 return NULL;
386 }
387
388 void SupervisedUserManagerImpl::StartCreationTransaction(
389 const base::string16& display_name) {
390 g_browser_process->local_state()->
391 SetString(kSupervisedUserCreationTransactionDisplayName,
392 base::UTF16ToASCII(display_name));
393 g_browser_process->local_state()->CommitPendingWrite();
394 }
395
396 void SupervisedUserManagerImpl::SetCreationTransactionUserId(
397 const std::string& email) {
398 g_browser_process->local_state()->
399 SetString(kSupervisedUserCreationTransactionUserId,
400 email);
401 g_browser_process->local_state()->CommitPendingWrite();
402 }
403
404 void SupervisedUserManagerImpl::CommitCreationTransaction() {
405 g_browser_process->local_state()->
406 ClearPref(kSupervisedUserCreationTransactionDisplayName);
407 g_browser_process->local_state()->
408 ClearPref(kSupervisedUserCreationTransactionUserId);
409 g_browser_process->local_state()->CommitPendingWrite();
410 }
411
412 bool SupervisedUserManagerImpl::HasFailedUserCreationTransaction() {
413 return !(g_browser_process->local_state()->
414 GetString(kSupervisedUserCreationTransactionDisplayName).
415 empty());
416 }
417
418 void SupervisedUserManagerImpl::RollbackUserCreationTransaction() {
419 PrefService* prefs = g_browser_process->local_state();
420
421 std::string display_name = prefs->
422 GetString(kSupervisedUserCreationTransactionDisplayName);
423 std::string user_id = prefs->
424 GetString(kSupervisedUserCreationTransactionUserId);
425
426 LOG(WARNING) << "Cleaning up transaction for "
427 << display_name << "/" << user_id;
428
429 if (user_id.empty()) {
430 // Not much to do - just remove transaction.
431 prefs->ClearPref(kSupervisedUserCreationTransactionDisplayName);
432 prefs->CommitPendingWrite();
433 return;
434 }
435
436 if (gaia::ExtractDomainName(user_id) !=
437 chromeos::login::kSupervisedUserDomain) {
438 LOG(WARNING) << "Clean up transaction for non-supervised user found :"
439 << user_id << ", will not remove data";
440 prefs->ClearPref(kSupervisedUserCreationTransactionDisplayName);
441 prefs->ClearPref(kSupervisedUserCreationTransactionUserId);
442 prefs->CommitPendingWrite();
443 return;
444 }
445 owner_->RemoveNonOwnerUserInternal(user_id, NULL);
446
447 prefs->ClearPref(kSupervisedUserCreationTransactionDisplayName);
448 prefs->ClearPref(kSupervisedUserCreationTransactionUserId);
449 prefs->CommitPendingWrite();
450 }
451
452 void SupervisedUserManagerImpl::RemoveNonCryptohomeData(
453 const std::string& user_id) {
454 PrefService* prefs = g_browser_process->local_state();
455 ListPrefUpdate prefs_new_users_update(prefs, kSupervisedUsersFirstRun);
456 prefs_new_users_update->Remove(base::StringValue(user_id), NULL);
457
458 CleanPref(user_id, kSupervisedUserSyncId);
459 CleanPref(user_id, kSupervisedUserManagers);
460 CleanPref(user_id, kSupervisedUserManagerNames);
461 CleanPref(user_id, kSupervisedUserManagerDisplayEmails);
462 CleanPref(user_id, kSupervisedUserPasswordSalt);
463 CleanPref(user_id, kSupervisedUserPasswordSchema);
464 CleanPref(user_id, kSupervisedUserPasswordRevision);
465 CleanPref(user_id, kSupervisedUserNeedPasswordUpdate);
466 CleanPref(user_id, kSupervisedUserIncompleteKey);
467 }
468
469 void SupervisedUserManagerImpl::CleanPref(const std::string& user_id,
470 const char* key) {
471 PrefService* prefs = g_browser_process->local_state();
472 DictionaryPrefUpdate dict_update(prefs, key);
473 dict_update->RemoveWithoutPathExpansion(user_id, NULL);
474 }
475
476 bool SupervisedUserManagerImpl::CheckForFirstRun(const std::string& user_id) {
477 ListPrefUpdate prefs_new_users_update(g_browser_process->local_state(),
478 kSupervisedUsersFirstRun);
479 return prefs_new_users_update->Remove(base::StringValue(user_id), NULL);
480 }
481
482 void SupervisedUserManagerImpl::UpdateManagerName(const std::string& manager_id,
483 const base::string16& new_display_name) {
484 PrefService* local_state = g_browser_process->local_state();
485
486 const base::DictionaryValue* manager_ids =
487 local_state->GetDictionary(kSupervisedUserManagers);
488
489 DictionaryPrefUpdate manager_name_update(local_state,
490 kSupervisedUserManagerNames);
491 for (base::DictionaryValue::Iterator it(*manager_ids); !it.IsAtEnd();
492 it.Advance()) {
493 std::string user_id;
494 bool has_manager_id = it.value().GetAsString(&user_id);
495 DCHECK(has_manager_id);
496 if (user_id == manager_id) {
497 manager_name_update->SetWithoutPathExpansion(
498 it.key(),
499 new base::StringValue(new_display_name));
500 }
501 }
502 }
503
504 SupervisedUserAuthentication* SupervisedUserManagerImpl::GetAuthentication() {
505 return authentication_.get();
506 }
507
508 void SupervisedUserManagerImpl::LoadSupervisedUserToken(
509 Profile* profile,
510 const LoadTokenCallback& callback) {
511 // TODO(antrim): use profile->GetPath() once we sure it is safe.
512 base::FilePath profile_dir = ProfileHelper::GetProfilePathByUserIdHash(
513 ProfileHelper::Get()->GetUserByProfile(profile)->username_hash());
514 PostTaskAndReplyWithResult(
515 content::BrowserThread::GetBlockingPool()
516 ->GetTaskRunnerWithShutdownBehavior(
517 base::SequencedWorkerPool::CONTINUE_ON_SHUTDOWN)
518 .get(),
519 FROM_HERE, base::Bind(&LoadSyncToken, profile_dir), callback);
520 }
521
522 void SupervisedUserManagerImpl::ConfigureSyncWithToken(
523 Profile* profile,
524 const std::string& token) {
525 if (!token.empty())
526 SupervisedUserServiceFactory::GetForProfile(profile)->InitSync(token);
527 }
528
529 } // namespace chromeos