Roll src/third_party/WebKit abe9e39c:3d349bd (svn 182659:182669)
[chromium-blink-merge.git] / chromeos / login / auth / extended_authenticator.h
blob589989f02cba952326119b8371c948d7cf095796
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CHROMEOS_LOGIN_AUTH_EXTENDED_AUTHENTICATOR_H_
6 #define CHROMEOS_LOGIN_AUTH_EXTENDED_AUTHENTICATOR_H_
8 #include <string>
10 #include "base/basictypes.h"
11 #include "base/callback.h"
12 #include "base/compiler_specific.h"
13 #include "base/memory/ref_counted.h"
14 #include "base/memory/scoped_ptr.h"
15 #include "chromeos/chromeos_export.h"
16 #include "chromeos/cryptohome/cryptohome_parameters.h"
17 #include "third_party/cros_system_api/dbus/service_constants.h"
19 namespace chromeos {
21 class AuthStatusConsumer;
22 class UserContext;
24 // Interaction with cryptohomed: mount home dirs, create new home dirs, update
25 // passwords.
27 // Typical flow:
28 // AuthenticateToMount() calls cryptohomed to perform offline login,
29 // AuthenticateToCreate() calls cryptohomed to create new cryptohome.
30 class CHROMEOS_EXPORT ExtendedAuthenticator
31 : public base::RefCountedThreadSafe<ExtendedAuthenticator> {
32 public:
33 enum AuthState {
34 SUCCESS, // Login succeeded.
35 NO_MOUNT, // No cryptohome exist for user.
36 FAILED_MOUNT, // Failed to mount existing cryptohome - login failed.
37 FAILED_TPM, // Failed to mount/create cryptohome because of TPM error.
40 typedef base::Callback<void(const std::string& result)> ResultCallback;
41 typedef base::Callback<void(const UserContext& context)> ContextCallback;
43 class NewAuthStatusConsumer {
44 public:
45 virtual ~NewAuthStatusConsumer() {}
46 // The current login attempt has ended in failure, with error.
47 virtual void OnAuthenticationFailure(AuthState state) = 0;
50 explicit ExtendedAuthenticator(NewAuthStatusConsumer* consumer);
51 explicit ExtendedAuthenticator(AuthStatusConsumer* consumer);
53 // Updates consumer of the class.
54 void SetConsumer(AuthStatusConsumer* consumer);
56 // This call will attempt to mount the home dir for the user, key (and key
57 // label) in |context|. If the key is of type KEY_TYPE_PASSWORD_PLAIN, it will
58 // be hashed with the system salt before being passed to cryptohomed. This
59 // call assumes that the home dir already exist for the user and will return
60 // an error otherwise. On success, the user ID hash (used as the mount point)
61 // will be passed to |success_callback|.
62 void AuthenticateToMount(const UserContext& context,
63 const ResultCallback& success_callback);
65 // This call will attempt to authenticate the user with the key (and key
66 // label) in |context|. No further actions are taken after authentication.
67 void AuthenticateToCheck(const UserContext& context,
68 const base::Closure& success_callback);
70 // This call will create and mount the home dir for |user_id| with the given
71 // |keys| if the home dir is missing. If the home dir exists already, a mount
72 // attempt will be performed using the first key in |keys| for authentication.
73 // Note that all |keys| should have been transformed from plain text already.
74 // This method does not alter them.
75 void CreateMount(const std::string& user_id,
76 const std::vector<cryptohome::KeyDefinition>& keys,
77 const ResultCallback& success_callback);
79 // Attempts to add a new |key| for the user identified/authorized by
80 // |context|. If a key with the same label already exists, the behavior
81 // depends on the |replace_existing| flag. If the flag is set, the old key is
82 // replaced. If the flag is not set, an error occurs. It is not allowed to
83 // replace the key used for authorization.
84 void AddKey(const UserContext& context,
85 const cryptohome::KeyDefinition& key,
86 bool replace_existing,
87 const base::Closure& success_callback);
89 // Attempts to perform an authorized update of the key in |context| with the
90 // new |key|. The update is authorized by providing the |signature| of the
91 // key. The original key must have the |PRIV_AUTHORIZED_UPDATE| privilege to
92 // perform this operation. The key labels in |context| and in |key| should be
93 // the same.
94 void UpdateKeyAuthorized(const UserContext& context,
95 const cryptohome::KeyDefinition& key,
96 const std::string& signature,
97 const base::Closure& success_callback);
99 // Attempts to remove the key labeled |key_to_remove| for the user identified/
100 // authorized by |context|. It is possible to remove the key used for
101 // authorization, although it should be done with extreme care.
102 void RemoveKey(const UserContext& context,
103 const std::string& key_to_remove,
104 const base::Closure& success_callback);
106 // Hashes the key in |user_context| with the system salt it its type is
107 // KEY_TYPE_PASSWORD_PLAIN and passes the resulting UserContext to the
108 // |callback|.
109 void TransformKeyIfNeeded(const UserContext& user_context,
110 const ContextCallback& callback);
112 private:
113 friend class base::RefCountedThreadSafe<ExtendedAuthenticator>;
115 ~ExtendedAuthenticator();
117 // Callback for system salt getter.
118 void OnSaltObtained(const std::string& system_salt);
120 // Performs actual operation with fully configured |context|.
121 void DoAuthenticateToMount(const ResultCallback& success_callback,
122 const UserContext& context);
123 void DoAuthenticateToCheck(const base::Closure& success_callback,
124 const UserContext& context);
125 void DoAddKey(const cryptohome::KeyDefinition& key,
126 bool replace_existing,
127 const base::Closure& success_callback,
128 const UserContext& context);
129 void DoUpdateKeyAuthorized(const cryptohome::KeyDefinition& key,
130 const std::string& signature,
131 const base::Closure& success_callback,
132 const UserContext& context);
133 void DoRemoveKey(const std::string& key_to_remove,
134 const base::Closure& success_callback,
135 const UserContext& context);
137 // Inner operation callbacks.
138 void OnMountComplete(const std::string& time_marker,
139 const UserContext& context,
140 const ResultCallback& success_callback,
141 bool success,
142 cryptohome::MountError return_code,
143 const std::string& mount_hash);
144 void OnOperationComplete(const std::string& time_marker,
145 const UserContext& context,
146 const base::Closure& success_callback,
147 bool success,
148 cryptohome::MountError return_code);
150 bool salt_obtained_;
151 std::string system_salt_;
152 std::vector<base::Closure> system_salt_callbacks_;
154 NewAuthStatusConsumer* consumer_;
155 AuthStatusConsumer* old_consumer_;
157 DISALLOW_COPY_AND_ASSIGN(ExtendedAuthenticator);
160 } // namespace chromeos
162 #endif // CHROMEOS_LOGIN_AUTH_EXTENDED_AUTHENTICATOR_H_