1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CHROME_BROWSER_CHROMEOS_LOGIN_MANAGED_MANAGED_USER_AUTHENTICATOR_H_ 6 #define CHROME_BROWSER_CHROMEOS_LOGIN_MANAGED_MANAGED_USER_AUTHENTICATOR_H_ 7 8 #include <string> 9 10 #include "base/basictypes.h" 11 #include "base/compiler_specific.h" 12 #include "base/memory/ref_counted.h" 13 #include "base/memory/scoped_ptr.h" 14 #include "third_party/cros_system_api/dbus/service_constants.h" 15 16 namespace chromeos { 17 18 // Authenticates locally managed users against the cryptohome. 19 // 20 // Typical flow: 21 // AuthenticateToMount() calls a Cryptohome to perform offline login, 22 // AuthenticateToCreate() calls a Cryptohome to create new cryptohome. 23 class ManagedUserAuthenticator 24 : public base::RefCountedThreadSafe<ManagedUserAuthenticator> { 25 public: 26 enum AuthState { 27 CONTINUE, // State indeterminate; try again when more info available. 28 NO_MOUNT, // No cryptohome exist for user. 29 FAILED_MOUNT, // Failed to mount existing cryptohome - login failed. 30 FAILED_TPM, // Failed to mount/create cryptohome because of TPM error. 31 SUCCESS, // Login succeeded . 32 }; 33 34 class AuthAttempt { 35 public: 36 AuthAttempt(const std::string& username, 37 const std::string& password, 38 const std::string& hashed_password, 39 bool add_key_attempt); 40 ~AuthAttempt(); 41 42 // Copy |cryptohome_code| and |cryptohome_outcome| into this object, 43 // so we can have a copy we're sure to own, and can make available 44 // on the IO thread. Must be called from the IO thread. 45 void RecordCryptohomeStatus(bool cryptohome_outcome, 46 cryptohome::MountError cryptohome_code); 47 48 // Copy |hash| into this object so we can have a copy we're sure to own 49 // and can make available on the IO thread. 50 // Must be called from the IO thread. 51 void RecordHash(const std::string& hash); 52 53 bool cryptohome_complete(); 54 bool cryptohome_outcome(); 55 bool hash_obtained(); 56 std::string hash(); 57 cryptohome::MountError cryptohome_code(); 58 59 const std::string username; 60 const std::string password; 61 const std::string hashed_password; 62 const bool add_key; 63 64 private: 65 bool cryptohome_complete_; 66 bool cryptohome_outcome_; 67 bool hash_obtained_; 68 std::string hash_; 69 70 cryptohome::MountError cryptohome_code_; 71 DISALLOW_COPY_AND_ASSIGN(AuthAttempt); 72 }; 73 74 class AuthStatusConsumer { 75 public: 76 virtual ~AuthStatusConsumer() {} 77 // The current login attempt has ended in failure, with error. 78 virtual void OnAuthenticationFailure(AuthState state) = 0; 79 // The current login attempt has ended succesfully. 80 virtual void OnMountSuccess(const std::string& mount_hash) = 0; 81 // The current add key attempt has ended succesfully. 82 virtual void OnAddKeySuccess() = 0; 83 }; 84 85 explicit ManagedUserAuthenticator(AuthStatusConsumer* consumer); 86 87 void AuthenticateToMount(const std::string& username, 88 const std::string& password); 89 90 void AuthenticateToCreate(const std::string& username, 91 const std::string& password); 92 93 void AddMasterKey(const std::string& username, 94 const std::string& password, 95 const std::string& master_key); 96 void Resolve(); 97 98 private: 99 friend class base::RefCountedThreadSafe<ManagedUserAuthenticator>; 100 101 ~ManagedUserAuthenticator(); 102 103 AuthState ResolveState(); 104 AuthState ResolveCryptohomeFailureState(); 105 AuthState ResolveCryptohomeSuccessState(); 106 void OnAuthenticationSuccess(const std::string& mount_hash, bool add_key); 107 void OnAuthenticationFailure(AuthState state); 108 109 scoped_ptr<AuthAttempt> current_state_; 110 AuthStatusConsumer* consumer_; 111 112 DISALLOW_COPY_AND_ASSIGN(ManagedUserAuthenticator); 113 }; 114 115 } // namespace chromeos 116 117 #endif // CHROME_BROWSER_CHROMEOS_LOGIN_MANAGED_MANAGED_USER_AUTHENTICATOR_H_ 118