1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CHROME_BROWSER_CHROMEOS_LOGIN_MANAGED_MANAGED_USER_AUTHENTICATOR_H_ 6 #define CHROME_BROWSER_CHROMEOS_LOGIN_MANAGED_MANAGED_USER_AUTHENTICATOR_H_ 7 8 #include <string> 9 10 #include "base/basictypes.h" 11 #include "base/compiler_specific.h" 12 #include "base/memory/ref_counted.h" 13 #include "base/memory/scoped_ptr.h" 14 #include "third_party/cros_system_api/dbus/service_constants.h" 15 16 namespace chromeos { 17 18 // Authenticates locally managed users against the cryptohome. 19 // 20 // Typical flow: 21 // AuthenticateToMount() calls a Cryptohome to perform offline login, 22 // AuthenticateToCreate() calls a Cryptohome to create new cryptohome. 23 class ManagedUserAuthenticator 24 : public base::RefCountedThreadSafe<ManagedUserAuthenticator> { 25 public: 26 enum AuthState { 27 CONTINUE, // State indeterminate; try again when more info available. 28 NO_MOUNT, // No cryptohome exist for user. 29 FAILED_MOUNT, // Failed to mount existing cryptohome - login failed. 30 FAILED_TPM, // Failed to mount/create cryptohome because of TPM error. 31 SUCCESS, // Login succeeded . 32 }; 33 34 class AuthAttempt { 35 public: 36 AuthAttempt(const std::string& username, 37 const std::string& password, 38 bool add_key_attempt); 39 ~AuthAttempt(); 40 41 // Copy |cryptohome_code| and |cryptohome_outcome| into this object, 42 // so we can have a copy we're sure to own, and can make available 43 // on the IO thread. Must be called from the IO thread. 44 void RecordCryptohomeStatus(bool cryptohome_outcome, 45 cryptohome::MountError cryptohome_code); 46 47 // Copy |hash| into this object so we can have a copy we're sure to own 48 // and can make available on the IO thread. 49 // Must be called from the IO thread. 50 void RecordHash(const std::string& hash); 51 52 bool cryptohome_complete(); 53 bool cryptohome_outcome(); 54 bool hash_obtained(); 55 std::string hash(); 56 cryptohome::MountError cryptohome_code(); 57 58 const std::string username; 59 const std::string password; 60 const bool add_key; 61 62 private: 63 bool cryptohome_complete_; 64 bool cryptohome_outcome_; 65 bool hash_obtained_; 66 std::string hash_; 67 68 cryptohome::MountError cryptohome_code_; 69 DISALLOW_COPY_AND_ASSIGN(AuthAttempt); 70 }; 71 72 class AuthStatusConsumer { 73 public: 74 virtual ~AuthStatusConsumer() {} 75 // The current login attempt has ended in failure, with error. 76 virtual void OnAuthenticationFailure(AuthState state) = 0; 77 // The current login attempt has ended succesfully. 78 virtual void OnMountSuccess(const std::string& mount_hash) = 0; 79 // The current add key attempt has ended succesfully. 80 virtual void OnAddKeySuccess() = 0; 81 }; 82 83 explicit ManagedUserAuthenticator(AuthStatusConsumer* consumer); 84 85 void AuthenticateToMount(const std::string& username, 86 const std::string& password); 87 88 void AuthenticateToCreate(const std::string& username, 89 const std::string& password); 90 91 void AddMasterKey(const std::string& username, 92 const std::string& password, 93 const std::string& master_key); 94 void Resolve(); 95 96 private: 97 friend class base::RefCountedThreadSafe<ManagedUserAuthenticator>; 98 99 ~ManagedUserAuthenticator(); 100 101 AuthState ResolveState(); 102 AuthState ResolveCryptohomeFailureState(); 103 AuthState ResolveCryptohomeSuccessState(); 104 void OnAuthenticationSuccess(const std::string& mount_hash, bool add_key); 105 void OnAuthenticationFailure(AuthState state); 106 107 scoped_ptr<AuthAttempt> current_state_; 108 AuthStatusConsumer* consumer_; 109 110 DISALLOW_COPY_AND_ASSIGN(ManagedUserAuthenticator); 111 }; 112 113 } // namespace chromeos 114 115 #endif // CHROME_BROWSER_CHROMEOS_LOGIN_MANAGED_MANAGED_USER_AUTHENTICATOR_H_ 116
