Home | History | Annotate | Download | only in managed
      1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef CHROME_BROWSER_CHROMEOS_LOGIN_MANAGED_MANAGED_USER_AUTHENTICATOR_H_
      6 #define CHROME_BROWSER_CHROMEOS_LOGIN_MANAGED_MANAGED_USER_AUTHENTICATOR_H_
      7 
      8 #include <string>
      9 
     10 #include "base/basictypes.h"
     11 #include "base/compiler_specific.h"
     12 #include "base/memory/ref_counted.h"
     13 #include "base/memory/scoped_ptr.h"
     14 #include "third_party/cros_system_api/dbus/service_constants.h"
     15 
     16 namespace chromeos {
     17 
     18 // Authenticates locally managed users against the cryptohome.
     19 //
     20 // Typical flow:
     21 // AuthenticateToMount() calls a Cryptohome to perform offline login,
     22 // AuthenticateToCreate() calls a Cryptohome to create new cryptohome.
     23 class ManagedUserAuthenticator
     24     : public base::RefCountedThreadSafe<ManagedUserAuthenticator> {
     25  public:
     26   enum AuthState {
     27     CONTINUE,      // State indeterminate; try again when more info available.
     28     NO_MOUNT,      // No cryptohome exist for user.
     29     FAILED_MOUNT,  // Failed to mount existing cryptohome - login failed.
     30     FAILED_TPM,    // Failed to mount/create cryptohome because of TPM error.
     31     SUCCESS,       // Login succeeded .
     32   };
     33 
     34   class AuthAttempt {
     35    public:
     36     AuthAttempt(const std::string& username,
     37                 const std::string& password,
     38                 const std::string& hashed_password,
     39                 bool add_key_attempt);
     40     ~AuthAttempt();
     41 
     42     // Copy |cryptohome_code| and |cryptohome_outcome| into this object,
     43     // so we can have a copy we're sure to own, and can make available
     44     // on the IO thread.  Must be called from the IO thread.
     45     void RecordCryptohomeStatus(bool cryptohome_outcome,
     46                                 cryptohome::MountError cryptohome_code);
     47 
     48     // Copy |hash| into this object so we can have a copy we're sure to own
     49     // and can make available on the IO thread.
     50     // Must be called from the IO thread.
     51     void RecordHash(const std::string& hash);
     52 
     53     bool cryptohome_complete();
     54     bool cryptohome_outcome();
     55     bool hash_obtained();
     56     std::string hash();
     57     cryptohome::MountError cryptohome_code();
     58 
     59     const std::string username;
     60     const std::string password;
     61     const std::string hashed_password;
     62     const bool add_key;
     63 
     64    private:
     65     bool cryptohome_complete_;
     66     bool cryptohome_outcome_;
     67     bool hash_obtained_;
     68     std::string hash_;
     69 
     70     cryptohome::MountError cryptohome_code_;
     71     DISALLOW_COPY_AND_ASSIGN(AuthAttempt);
     72   };
     73 
     74   class AuthStatusConsumer {
     75    public:
     76     virtual ~AuthStatusConsumer() {}
     77     // The current login attempt has ended in failure, with error.
     78     virtual void OnAuthenticationFailure(AuthState state) = 0;
     79     // The current login attempt has ended succesfully.
     80     virtual void OnMountSuccess(const std::string& mount_hash) = 0;
     81     // The current add key attempt has ended succesfully.
     82     virtual void OnAddKeySuccess() = 0;
     83   };
     84 
     85   explicit ManagedUserAuthenticator(AuthStatusConsumer* consumer);
     86 
     87   void AuthenticateToMount(const std::string& username,
     88                            const std::string& password);
     89 
     90   void AuthenticateToCreate(const std::string& username,
     91                             const std::string& password);
     92 
     93   void AddMasterKey(const std::string& username,
     94                     const std::string& password,
     95                     const std::string& master_key);
     96   void Resolve();
     97 
     98  private:
     99   friend class base::RefCountedThreadSafe<ManagedUserAuthenticator>;
    100 
    101   ~ManagedUserAuthenticator();
    102 
    103   AuthState ResolveState();
    104   AuthState ResolveCryptohomeFailureState();
    105   AuthState ResolveCryptohomeSuccessState();
    106   void OnAuthenticationSuccess(const std::string& mount_hash, bool add_key);
    107   void OnAuthenticationFailure(AuthState state);
    108 
    109   scoped_ptr<AuthAttempt> current_state_;
    110   AuthStatusConsumer* consumer_;
    111 
    112   DISALLOW_COPY_AND_ASSIGN(ManagedUserAuthenticator);
    113 };
    114 
    115 }  // namespace chromeos
    116 
    117 #endif  // CHROME_BROWSER_CHROMEOS_LOGIN_MANAGED_MANAGED_USER_AUTHENTICATOR_H_
    118