summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorantrim@chromium.org <antrim@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2013-06-24 16:36:42 +0000
committerantrim@chromium.org <antrim@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2013-06-24 16:36:42 +0000
commitcbe40a808ee2b9f33d13defe42570173db36665d (patch)
treeca568581393838e27c441175ef3f6404e2964cee
parentc287f06c73b1b5bcc8bf85087a3a54c6c2925fe2 (diff)
downloadchromium_src-cbe40a808ee2b9f33d13defe42570173db36665d.zip
chromium_src-cbe40a808ee2b9f33d13defe42570173db36665d.tar.gz
chromium_src-cbe40a808ee2b9f33d13defe42570173db36665d.tar.bz2
Add calls to cryptohome for adding extra keys.
BUG=243342 TBR=satorux@chromium.org TEST=manual, on desktop/device - go through user creation flow Review URL: https://chromiumcodereview.appspot.com/16950019 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@208221 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat
-rw-r--r--chrome/browser/chromeos/login/managed/locally_managed_user_creation_controller.cc12
-rw-r--r--chrome/browser/chromeos/login/managed/locally_managed_user_creation_controller.h1
-rw-r--r--chrome/browser/chromeos/login/managed/managed_user_authenticator.cc71
-rw-r--r--chrome/browser/chromeos/login/managed/managed_user_authenticator.h12
-rw-r--r--chromeos/cryptohome/async_method_caller.cc12
-rw-r--r--chromeos/cryptohome/async_method_caller.h8
-rw-r--r--chromeos/cryptohome/mock_async_method_caller.cc3
-rw-r--r--chromeos/cryptohome/mock_async_method_caller.h4
-rw-r--r--chromeos/dbus/cryptohome_client.cc27
-rw-r--r--chromeos/dbus/cryptohome_client.h8
-rw-r--r--chromeos/dbus/fake_cryptohome_client.cc16
-rw-r--r--chromeos/dbus/fake_cryptohome_client.h4
-rw-r--r--chromeos/dbus/mock_cryptohome_client.h4
13 files changed, 162 insertions, 20 deletions
diff --git a/chrome/browser/chromeos/login/managed/locally_managed_user_creation_controller.cc b/chrome/browser/chromeos/login/managed/locally_managed_user_creation_controller.cc
index 6ce2359..15fdaf2 100644
--- a/chrome/browser/chromeos/login/managed/locally_managed_user_creation_controller.cc
+++ b/chrome/browser/chromeos/login/managed/locally_managed_user_creation_controller.cc
@@ -90,6 +90,7 @@ void LocallyManagedUserCreationController::SetManagerProfile(
void LocallyManagedUserCreationController::StartCreation() {
DCHECK(creation_context_);
+ VLOG(1) << "Starting supervised user creation";
UserManager::Get()->StartLocallyManagedUserCreationTransaction(
creation_context_->display_name);
@@ -102,7 +103,7 @@ void LocallyManagedUserCreationController::StartCreation() {
UserManager::Get()->SetLocallyManagedUserCreationTransactionUserId(
creation_context_->user_id);
-
+ VLOG(1) << "Creating cryptohome";
authenticator_ = new ManagedUserAuthenticator(this);
authenticator_->AuthenticateToCreate(user->email(),
creation_context_->password);
@@ -138,9 +139,13 @@ void LocallyManagedUserCreationController::OnMountSuccess(
creation_context_->master_key = StringToLowerASCII(base::HexEncode(
reinterpret_cast<const void*>(master_key_bytes),
sizeof(master_key_bytes)));
- // TODO(antrim): Add this key as secondary as soon as wad@ adds API in
- // cryptohome.
+ VLOG(1) << "Adding master key";
+ authenticator_->AddMasterKey(creation_context_->user_id,
+ creation_context_->password,
+ creation_context_->master_key);
+}
+void LocallyManagedUserCreationController::OnAddKeySuccess() {
timeout_timer_.Start(
FROM_HERE, base::TimeDelta::FromSeconds(kUserCreationTimeoutSeconds),
this,
@@ -150,6 +155,7 @@ void LocallyManagedUserCreationController::OnMountSuccess(
ManagedUserRegistrationServiceFactory::GetForProfile(
creation_context_->manager_profile);
+ VLOG(1) << "Creating user on server";
ManagedUserRegistrationInfo info(creation_context_->display_name);
info.master_key = creation_context_->master_key;
creation_context_->service->Register(
diff --git a/chrome/browser/chromeos/login/managed/locally_managed_user_creation_controller.h b/chrome/browser/chromeos/login/managed/locally_managed_user_creation_controller.h
index cd0fa83..81634db 100644
--- a/chrome/browser/chromeos/login/managed/locally_managed_user_creation_controller.h
+++ b/chrome/browser/chromeos/login/managed/locally_managed_user_creation_controller.h
@@ -94,6 +94,7 @@ class LocallyManagedUserCreationController
virtual void OnAuthenticationFailure(
ManagedUserAuthenticator::AuthState error) OVERRIDE;
virtual void OnMountSuccess(const std::string& mount_hash) OVERRIDE;
+ virtual void OnAddKeySuccess() OVERRIDE;
void CreationTimedOut();
void RegistrationCallback(const GoogleServiceAuthError& error,
diff --git a/chrome/browser/chromeos/login/managed/managed_user_authenticator.cc b/chrome/browser/chromeos/login/managed/managed_user_authenticator.cc
index 1f82c38..d6f3d85 100644
--- a/chrome/browser/chromeos/login/managed/managed_user_authenticator.cc
+++ b/chrome/browser/chromeos/login/managed/managed_user_authenticator.cc
@@ -64,7 +64,6 @@ void TriggerResolveWithLoginTimeMarker(
void Mount(ManagedUserAuthenticator::AuthAttempt* attempt,
scoped_refptr<ManagedUserAuthenticator> resolver,
int flags) {
- // TODO(antrim) : use additional mount function here.
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
chromeos::BootTimesLoader::Get()->AddLoginTimeMarker(
"CryptohomeMount-LMU-Start", false);
@@ -82,6 +81,23 @@ void Mount(ManagedUserAuthenticator::AuthAttempt* attempt,
base::Bind(&TriggerResolveResult, attempt, resolver));
}
+// Calls cryptohome's addKey method.
+void AddKey(ManagedUserAuthenticator::AuthAttempt* attempt,
+ scoped_refptr<ManagedUserAuthenticator> resolver,
+ const std::string& hashed_master_key) {
+ DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
+ chromeos::BootTimesLoader::Get()->AddLoginTimeMarker(
+ "CryptohomeAddKey-LMU-Start", false);
+ cryptohome::AsyncMethodCaller::GetInstance()->AsyncAddKey(
+ attempt->username,
+ attempt->hashed_password,
+ hashed_master_key,
+ base::Bind(&TriggerResolveWithLoginTimeMarker,
+ "CryptohomeAddKey-LMU-End",
+ attempt,
+ resolver));
+}
+
// Returns hash of |password|, salted with the system salt.
std::string HashPassword(const std::string& password) {
// Get salt, ascii encode, update sha with that, then update with ascii
@@ -106,12 +122,13 @@ std::string HashPassword(const std::string& password) {
ManagedUserAuthenticator::ManagedUserAuthenticator(AuthStatusConsumer* consumer)
: consumer_(consumer) {}
-void ManagedUserAuthenticator::AuthenticateToMount(const std::string& username,
- const std::string& password) {
+void ManagedUserAuthenticator::AuthenticateToMount(
+ const std::string& username,
+ const std::string& password) {
std::string canonicalized = gaia::CanonicalizeEmail(username);
current_state_.reset(new ManagedUserAuthenticator::AuthAttempt(
- canonicalized, password, HashPassword(password)));
+ canonicalized, password, HashPassword(password), false));
BrowserThread::PostTask(BrowserThread::UI,
FROM_HERE,
@@ -121,13 +138,13 @@ void ManagedUserAuthenticator::AuthenticateToMount(const std::string& username,
cryptohome::MOUNT_FLAGS_NONE));
}
-void ManagedUserAuthenticator::AuthenticateToCreate(const std::string& username,
- const std::string& password) {
-
+void ManagedUserAuthenticator::AuthenticateToCreate(
+ const std::string& username,
+ const std::string& password) {
std::string canonicalized = gaia::CanonicalizeEmail(username);
current_state_.reset(new ManagedUserAuthenticator::AuthAttempt(
- canonicalized, password, HashPassword(password)));
+ canonicalized, password, HashPassword(password), false));
BrowserThread::PostTask(BrowserThread::UI,
FROM_HERE,
@@ -137,13 +154,34 @@ void ManagedUserAuthenticator::AuthenticateToCreate(const std::string& username,
cryptohome::CREATE_IF_MISSING));
}
+void ManagedUserAuthenticator::AddMasterKey(
+ const std::string& username,
+ const std::string& password,
+ const std::string& master_key) {
+ std::string canonicalized = gaia::CanonicalizeEmail(username);
+
+ current_state_.reset(new ManagedUserAuthenticator::AuthAttempt(
+ canonicalized, password, HashPassword(password), true));
+
+ BrowserThread::PostTask(BrowserThread::UI,
+ FROM_HERE,
+ base::Bind(&AddKey,
+ current_state_.get(),
+ scoped_refptr<ManagedUserAuthenticator>(this),
+ HashPassword(master_key)));
+}
+
void ManagedUserAuthenticator::OnAuthenticationSuccess(
- const std::string& mount_hash) {
+ const std::string& mount_hash,
+ bool add_key) {
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
VLOG(1) << "Locally managed user authentication success";
-
- if (consumer_)
- consumer_->OnMountSuccess(mount_hash);
+ if (consumer_) {
+ if (add_key)
+ consumer_->OnAddKeySuccess();
+ else
+ consumer_->OnMountSuccess(mount_hash);
+ }
}
void ManagedUserAuthenticator::OnAuthenticationFailure(
@@ -200,7 +238,8 @@ void ManagedUserAuthenticator::Resolve() {
FROM_HERE,
base::Bind(&ManagedUserAuthenticator::OnAuthenticationSuccess,
this,
- current_state_->hash()));
+ current_state_->hash(),
+ current_state_->add_key));
break;
default:
NOTREACHED();
@@ -258,11 +297,13 @@ ManagedUserAuthenticator::AuthState
}
ManagedUserAuthenticator::AuthAttempt::AuthAttempt(const std::string& username,
- const std::string& password,
- const std::string& hashed)
+ const std::string& password,
+ const std::string& hashed,
+ bool add_key_attempt)
: username(username),
password(password),
hashed_password(hashed),
+ add_key(add_key_attempt),
cryptohome_complete_(false),
cryptohome_outcome_(false),
hash_obtained_(false),
diff --git a/chrome/browser/chromeos/login/managed/managed_user_authenticator.h b/chrome/browser/chromeos/login/managed/managed_user_authenticator.h
index 19b0c3d..2e12630 100644
--- a/chrome/browser/chromeos/login/managed/managed_user_authenticator.h
+++ b/chrome/browser/chromeos/login/managed/managed_user_authenticator.h
@@ -35,7 +35,8 @@ class ManagedUserAuthenticator
public:
AuthAttempt(const std::string& username,
const std::string& password,
- const std::string& hashed_password);
+ const std::string& hashed_password,
+ bool add_key_attempt);
~AuthAttempt();
// Copy |cryptohome_code| and |cryptohome_outcome| into this object,
@@ -58,6 +59,7 @@ class ManagedUserAuthenticator
const std::string username;
const std::string password;
const std::string hashed_password;
+ const bool add_key;
private:
bool cryptohome_complete_;
@@ -76,6 +78,8 @@ class ManagedUserAuthenticator
virtual void OnAuthenticationFailure(AuthState state) = 0;
// The current login attempt has ended succesfully.
virtual void OnMountSuccess(const std::string& mount_hash) = 0;
+ // The current add key attempt has ended succesfully.
+ virtual void OnAddKeySuccess() = 0;
};
explicit ManagedUserAuthenticator(AuthStatusConsumer* consumer);
@@ -85,6 +89,10 @@ class ManagedUserAuthenticator
void AuthenticateToCreate(const std::string& username,
const std::string& password);
+
+ void AddMasterKey(const std::string& username,
+ const std::string& password,
+ const std::string& master_key);
void Resolve();
private:
@@ -95,7 +103,7 @@ class ManagedUserAuthenticator
AuthState ResolveState();
AuthState ResolveCryptohomeFailureState();
AuthState ResolveCryptohomeSuccessState();
- void OnAuthenticationSuccess(const std::string& mount_hash);
+ void OnAuthenticationSuccess(const std::string& mount_hash, bool add_key);
void OnAuthenticationFailure(AuthState state);
scoped_ptr<AuthAttempt> current_state_;
diff --git a/chromeos/cryptohome/async_method_caller.cc b/chromeos/cryptohome/async_method_caller.cc
index 5f2182e..80c8878 100644
--- a/chromeos/cryptohome/async_method_caller.cc
+++ b/chromeos/cryptohome/async_method_caller.cc
@@ -70,6 +70,18 @@ class AsyncMethodCallerImpl : public AsyncMethodCaller {
"Couldn't initiate async mount of cryptohome."));
}
+ virtual void AsyncAddKey(const std::string& user_email,
+ const std::string& passhash,
+ const std::string& new_passhash,
+ Callback callback) OVERRIDE {
+ DBusThreadManager::Get()->GetCryptohomeClient()->
+ AsyncAddKey(user_email, passhash, new_passhash, base::Bind(
+ &AsyncMethodCallerImpl::RegisterAsyncCallback,
+ weak_ptr_factory_.GetWeakPtr(),
+ callback,
+ "Couldn't initiate async key addition."));
+ }
+
virtual void AsyncMountGuest(Callback callback) OVERRIDE {
DBusThreadManager::Get()->GetCryptohomeClient()->
AsyncMountGuest(base::Bind(
diff --git a/chromeos/cryptohome/async_method_caller.h b/chromeos/cryptohome/async_method_caller.h
index 11499c9..04f9fb6 100644
--- a/chromeos/cryptohome/async_method_caller.h
+++ b/chromeos/cryptohome/async_method_caller.h
@@ -75,6 +75,14 @@ class CHROMEOS_EXPORT AsyncMethodCaller {
int flags,
Callback callback) = 0;
+ // Asks cryptohomed to asynchronously try to add another |new_passhash| for
+ // |user_email| using |passhash| to unlock the key.
+ // |callback| will be called with status info on completion.
+ virtual void AsyncAddKey(const std::string& user_email,
+ const std::string& passhash,
+ const std::string& new_passhash,
+ Callback callback) = 0;
+
// Asks cryptohomed to asynchronously to mount a tmpfs for guest mode.
// |callback| will be called with status info on completion.
virtual void AsyncMountGuest(Callback callback) = 0;
diff --git a/chromeos/cryptohome/mock_async_method_caller.cc b/chromeos/cryptohome/mock_async_method_caller.cc
index b22f780..9bd8193 100644
--- a/chromeos/cryptohome/mock_async_method_caller.cc
+++ b/chromeos/cryptohome/mock_async_method_caller.cc
@@ -35,6 +35,9 @@ void MockAsyncMethodCaller::SetUp(bool success, MountError return_code) {
ON_CALL(*this, AsyncMount(_, _, _, _))
.WillByDefault(
WithArgs<3>(Invoke(this, &MockAsyncMethodCaller::DoCallback)));
+ ON_CALL(*this, AsyncAddKey(_, _, _, _))
+ .WillByDefault(
+ WithArgs<3>(Invoke(this, &MockAsyncMethodCaller::DoCallback)));
ON_CALL(*this, AsyncMountGuest(_))
.WillByDefault(
WithArgs<0>(Invoke(this, &MockAsyncMethodCaller::DoCallback)));
diff --git a/chromeos/cryptohome/mock_async_method_caller.h b/chromeos/cryptohome/mock_async_method_caller.h
index 0bb0b29..45be7f8 100644
--- a/chromeos/cryptohome/mock_async_method_caller.h
+++ b/chromeos/cryptohome/mock_async_method_caller.h
@@ -38,6 +38,10 @@ class MockAsyncMethodCaller : public AsyncMethodCaller {
const std::string& passhash,
int flags,
Callback callback));
+ MOCK_METHOD4(AsyncAddKey, void(const std::string& user_email,
+ const std::string& passhash,
+ const std::string& new_key,
+ Callback callback));
MOCK_METHOD1(AsyncMountGuest, void(Callback callback));
MOCK_METHOD2(AsyncRemove, void(const std::string& user_email,
Callback callback));
diff --git a/chromeos/dbus/cryptohome_client.cc b/chromeos/dbus/cryptohome_client.cc
index f420463..1a503ae 100644
--- a/chromeos/dbus/cryptohome_client.cc
+++ b/chromeos/dbus/cryptohome_client.cc
@@ -22,6 +22,8 @@ namespace {
// stub_hash = "[user_id]-hash";
static const char kUserIdStubHashSuffix[] = "-hash";
+static const char kCryptohomeAsyncAddKey[] = "AddKey";
+
// The CryptohomeClient implementation.
class CryptohomeClientImpl : public CryptohomeClient {
public:
@@ -172,6 +174,23 @@ class CryptohomeClientImpl : public CryptohomeClient {
}
// CryptohomeClient override.
+ virtual void AsyncAddKey(const std::string& username,
+ const std::string& key,
+ const std::string& new_key,
+ const AsyncMethodCallback& callback) OVERRIDE {
+ dbus::MethodCall method_call(cryptohome::kCryptohomeInterface,
+ /*cryptohome::*/kCryptohomeAsyncAddKey);
+ dbus::MessageWriter writer(&method_call);
+ writer.AppendString(username);
+ writer.AppendString(key);
+ writer.AppendString(new_key);
+ proxy_->CallMethod(&method_call, dbus::ObjectProxy::TIMEOUT_USE_DEFAULT,
+ base::Bind(&CryptohomeClientImpl::OnAsyncMethodCall,
+ weak_ptr_factory_.GetWeakPtr(),
+ callback));
+ }
+
+ // CryptohomeClient override.
virtual void AsyncMountGuest(const AsyncMethodCallback& callback) OVERRIDE {
dbus::MethodCall method_call(cryptohome::kCryptohomeInterface,
cryptohome::kCryptohomeAsyncMountGuest);
@@ -873,6 +892,14 @@ class CryptohomeClientStubImpl : public CryptohomeClient {
}
// CryptohomeClient override.
+ virtual void AsyncAddKey(const std::string& username,
+ const std::string& key,
+ const std::string& new_key,
+ const AsyncMethodCallback& callback) OVERRIDE {
+ ReturnAsyncMethodResult(callback, false);
+ }
+
+ // CryptohomeClient override.
virtual void AsyncMountGuest(const AsyncMethodCallback& callback) OVERRIDE {
ReturnAsyncMethodResult(callback, false);
}
diff --git a/chromeos/dbus/cryptohome_client.h b/chromeos/dbus/cryptohome_client.h
index 1676e5d..3d34ea4 100644
--- a/chromeos/dbus/cryptohome_client.h
+++ b/chromeos/dbus/cryptohome_client.h
@@ -113,6 +113,14 @@ class CHROMEOS_EXPORT CryptohomeClient {
int flags,
const AsyncMethodCallback& callback) = 0;
+ // Calls the AsyncAddKey method to asynchronously add another |new_key| for
+ // |username|, using |key| to unlock it first.
+ // |callback| is called after the method call succeeds.
+ virtual void AsyncAddKey(const std::string& username,
+ const std::string& key,
+ const std::string& new_key,
+ const AsyncMethodCallback& callback) = 0;
+
// Calls AsyncMountGuest method. |callback| is called after the method call
// succeeds.
virtual void AsyncMountGuest(const AsyncMethodCallback& callback) = 0;
diff --git a/chromeos/dbus/fake_cryptohome_client.cc b/chromeos/dbus/fake_cryptohome_client.cc
index f019de0..c00f3d4 100644
--- a/chromeos/dbus/fake_cryptohome_client.cc
+++ b/chromeos/dbus/fake_cryptohome_client.cc
@@ -97,6 +97,22 @@ void FakeCryptohomeClient::AsyncMount(const std::string& username,
cryptohome::MOUNT_ERROR_NONE));
}
+void FakeCryptohomeClient::AsyncAddKey(const std::string& username,
+ const std::string& key,
+ const std::string& new_key,
+ const AsyncMethodCallback& callback) {
+ DCHECK(!callback.is_null());
+
+ base::MessageLoop::current()->PostTask(FROM_HERE,
+ base::Bind(callback, 1 /* async_id */));
+ if (!handler_.is_null())
+ base::MessageLoop::current()->PostTask(FROM_HERE,
+ base::Bind(handler_,
+ 1, // async_id
+ true, // return_status
+ cryptohome::MOUNT_ERROR_NONE));
+}
+
void FakeCryptohomeClient::AsyncMountGuest(
const AsyncMethodCallback& callback) {
}
diff --git a/chromeos/dbus/fake_cryptohome_client.h b/chromeos/dbus/fake_cryptohome_client.h
index 62cdb8b..e8ff10c 100644
--- a/chromeos/dbus/fake_cryptohome_client.h
+++ b/chromeos/dbus/fake_cryptohome_client.h
@@ -42,6 +42,10 @@ class FakeCryptohomeClient : public CryptohomeClient {
const std::string& key,
int flags,
const AsyncMethodCallback& callback) OVERRIDE;
+ virtual void AsyncAddKey(const std::string& username,
+ const std::string& key,
+ const std::string& new_key,
+ const AsyncMethodCallback& callback) OVERRIDE;
virtual void AsyncMountGuest(const AsyncMethodCallback& callback) OVERRIDE;
virtual void TpmIsReady(const BoolDBusMethodCallback& callback) OVERRIDE;
virtual void TpmIsEnabled(const BoolDBusMethodCallback& callback) OVERRIDE;
diff --git a/chromeos/dbus/mock_cryptohome_client.h b/chromeos/dbus/mock_cryptohome_client.h
index b3e9b06..d72d3f4 100644
--- a/chromeos/dbus/mock_cryptohome_client.h
+++ b/chromeos/dbus/mock_cryptohome_client.h
@@ -42,6 +42,10 @@ class MockCryptohomeClient : public CryptohomeClient {
const std::string& key,
int flags,
const AsyncMethodCallback& callback));
+ MOCK_METHOD4(AsyncAddKey, void(const std::string& username,
+ const std::string& key,
+ const std::string& new_key,
+ const AsyncMethodCallback& callback));
MOCK_METHOD1(AsyncMountGuest,
void(const AsyncMethodCallback& callback));
MOCK_METHOD1(TpmIsReady, void(const BoolDBusMethodCallback& callback));
generated by cgit v1.1 at 2025-02-12 01:13:46 +0000