chrome/browser/chromeos/login/auth/chrome_login_performer.cc

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/chromeos/login/auth/chrome_login_performer.h"
   6
   7 #include "base/bind.h"
   8 #include "base/thread_task_runner_handle.h"
   9 #include "chrome/browser/browser_process.h"
  10 #include "chrome/browser/chromeos/login/easy_unlock/easy_unlock_user_login_flow.h"
  11 #include "chrome/browser/chromeos/login/session/user_session_manager.h"
  12 #include "chrome/browser/chromeos/login/supervised/supervised_user_authentication.h"
  13 #include "chrome/browser/chromeos/login/supervised/supervised_user_constants.h"
  14 #include "chrome/browser/chromeos/login/supervised/supervised_user_login_flow.h"
  15 #include "chrome/browser/chromeos/login/users/chrome_user_manager.h"
  16 #include "chrome/browser/chromeos/login/users/supervised_user_manager.h"
  17 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
  18 #include "chrome/browser/chromeos/policy/device_local_account_policy_service.h"
  19 #include "chrome/browser/chromeos/profiles/profile_helper.h"
  20 #include "chrome/browser/chromeos/settings/cros_settings.h"
  21
  22 namespace chromeos {
  23
  24 ChromeLoginPerformer::ChromeLoginPerformer(Delegate* delegate)
  25     : LoginPerformer(base::ThreadTaskRunnerHandle::Get(), delegate),
  26       weak_factory_(this) {
  27 }
  28
  29 ChromeLoginPerformer::~ChromeLoginPerformer() {
  30 }
  31
  32 ////////////////////////////////////////////////////////////////////////////////
  33 // ChromeLoginPerformer, public:
  34
  35 bool ChromeLoginPerformer::RunTrustedCheck(const base::Closure& callback) {
  36   CrosSettings* cros_settings = CrosSettings::Get();
  37
  38   CrosSettingsProvider::TrustedStatus status =
  39       cros_settings->PrepareTrustedValues(
  40           base::Bind(&ChromeLoginPerformer::DidRunTrustedCheck,
  41                      weak_factory_.GetWeakPtr(),
  42                      callback));
  43   // Must not proceed without signature verification.
  44   if (status == CrosSettingsProvider::PERMANENTLY_UNTRUSTED) {
  45     if (delegate_)
  46       delegate_->PolicyLoadFailed();
  47     else
  48       NOTREACHED();
  49     return true;  // Some callback was called.
  50   } else if (status == CrosSettingsProvider::TEMPORARILY_UNTRUSTED) {
  51     // Value of AllowNewUser setting is still not verified.
  52     // Another attempt will be invoked after verification completion.
  53     return false;
  54   } else {
  55     DCHECK(status == CrosSettingsProvider::TRUSTED);
  56     // CrosSettingsProvider::TRUSTED
  57     callback.Run();
  58     return true;  // Some callback was called.
  59   }
  60 }
  61
  62 void ChromeLoginPerformer::DidRunTrustedCheck(const base::Closure& callback) {
  63   CrosSettings* cros_settings = CrosSettings::Get();
  64
  65   CrosSettingsProvider::TrustedStatus status =
  66       cros_settings->PrepareTrustedValues(
  67           base::Bind(&ChromeLoginPerformer::DidRunTrustedCheck,
  68                      weak_factory_.GetWeakPtr(),
  69                      callback));
  70   // Must not proceed without signature verification.
  71   if (status == CrosSettingsProvider::PERMANENTLY_UNTRUSTED) {
  72     if (delegate_)
  73       delegate_->PolicyLoadFailed();
  74     else
  75       NOTREACHED();
  76   } else if (status == CrosSettingsProvider::TEMPORARILY_UNTRUSTED) {
  77     // Value of AllowNewUser setting is still not verified.
  78     // Another attempt will be invoked after verification completion.
  79     return;
  80   } else {
  81     DCHECK(status == CrosSettingsProvider::TRUSTED);
  82     callback.Run();
  83   }
  84 }
  85
  86 bool ChromeLoginPerformer::IsUserWhitelisted(const std::string& user_id,
  87                                              bool* wildcard_match) {
  88   return CrosSettings::IsWhitelisted(user_id, wildcard_match);
  89 }
  90
  91 void ChromeLoginPerformer::RunOnlineWhitelistCheck(
  92     const std::string& user_id,
  93     bool wildcard_match,
  94     const base::Closure& success_callback,
  95     const base::Closure& failure_callback) {
  96   // On enterprise devices, reconfirm login permission with the server.
  97   policy::BrowserPolicyConnectorChromeOS* connector =
  98       g_browser_process->platform_part()->browser_policy_connector_chromeos();
  99   if (connector->IsEnterpriseManaged() && wildcard_match &&
 100       !connector->IsNonEnterpriseUser(user_id)) {
 101     wildcard_login_checker_.reset(new policy::WildcardLoginChecker());
 102     wildcard_login_checker_->Start(
 103         ProfileHelper::GetSigninProfile()->GetRequestContext(),
 104         base::Bind(&ChromeLoginPerformer::OnlineWildcardLoginCheckCompleted,
 105                    weak_factory_.GetWeakPtr(),
 106                    success_callback,
 107                    failure_callback));
 108   } else {
 109     success_callback.Run();
 110   }
 111 }
 112
 113 scoped_refptr<Authenticator> ChromeLoginPerformer::CreateAuthenticator() {
 114   return UserSessionManager::GetInstance()->CreateAuthenticator(this);
 115 }
 116
 117 bool ChromeLoginPerformer::AreSupervisedUsersAllowed() {
 118   return user_manager::UserManager::Get()->AreSupervisedUsersAllowed();
 119 }
 120
 121 bool ChromeLoginPerformer::UseExtendedAuthenticatorForSupervisedUser(
 122     const UserContext& user_context) {
 123   SupervisedUserAuthentication* authentication =
 124       ChromeUserManager::Get()->GetSupervisedUserManager()->GetAuthentication();
 125   return authentication->GetPasswordSchema(user_context.GetUserID()) ==
 126          SupervisedUserAuthentication::SCHEMA_SALT_HASHED;
 127 }
 128
 129 UserContext ChromeLoginPerformer::TransformSupervisedKey(
 130     const UserContext& context) {
 131   SupervisedUserAuthentication* authentication =
 132       ChromeUserManager::Get()->GetSupervisedUserManager()->GetAuthentication();
 133   return authentication->TransformKey(context);
 134 }
 135
 136 void ChromeLoginPerformer::SetupSupervisedUserFlow(const std::string& user_id) {
 137   SupervisedUserLoginFlow* new_flow = new SupervisedUserLoginFlow(user_id);
 138   new_flow->SetHost(ChromeUserManager::Get()->GetUserFlow(user_id)->host());
 139   ChromeUserManager::Get()->SetUserFlow(user_id, new_flow);
 140 }
 141
 142 void ChromeLoginPerformer::SetupEasyUnlockUserFlow(const std::string& user_id) {
 143   ChromeUserManager::Get()->SetUserFlow(user_id,
 144                                         new EasyUnlockUserLoginFlow(user_id));
 145 }
 146
 147 bool ChromeLoginPerformer::CheckPolicyForUser(const std::string& user_id) {
 148   // Login is not allowed if policy could not be loaded for the account.
 149   policy::BrowserPolicyConnectorChromeOS* connector =
 150       g_browser_process->platform_part()->browser_policy_connector_chromeos();
 151   policy::DeviceLocalAccountPolicyService* policy_service =
 152       connector->GetDeviceLocalAccountPolicyService();
 153   return policy_service && policy_service->IsPolicyAvailableForUser(user_id);
 154 }
 155 ////////////////////////////////////////////////////////////////////////////////
 156 // ChromeLoginPerformer, private:
 157
 158 content::BrowserContext* ChromeLoginPerformer::GetSigninContext() {
 159   return ProfileHelper::GetSigninProfile();
 160 }
 161
 162 net::URLRequestContextGetter* ChromeLoginPerformer::GetSigninRequestContext() {
 163   return ProfileHelper::GetSigninProfile()->GetRequestContext();
 164 }
 165
 166 void ChromeLoginPerformer::OnlineWildcardLoginCheckCompleted(
 167     const base::Closure& success_callback,
 168     const base::Closure& failure_callback,
 169     policy::WildcardLoginChecker::Result result) {
 170   if (result == policy::WildcardLoginChecker::RESULT_ALLOWED) {
 171     success_callback.Run();
 172   } else {
 173     failure_callback.Run();
 174   }
 175 }
 176
 177 }  // namespace chromeos