1// Copyright 2014 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef CHROME_BROWSER_CHROMEOS_LOGIN_SUPERVISED_SUPERVISED_USER_AUTHENTICATOR_H_ 6#define CHROME_BROWSER_CHROMEOS_LOGIN_SUPERVISED_SUPERVISED_USER_AUTHENTICATOR_H_ 7 8#include <string> 9 10#include "base/basictypes.h" 11#include "base/compiler_specific.h" 12#include "base/memory/ref_counted.h" 13#include "base/memory/scoped_ptr.h" 14#include "third_party/cros_system_api/dbus/service_constants.h" 15 16namespace chromeos { 17 18// Authenticates supervised users against the cryptohome. 19// 20// Typical flow: 21// AuthenticateToMount() calls a Cryptohome to perform offline login, 22// AuthenticateToCreate() calls a Cryptohome to create new cryptohome. 23class SupervisedUserAuthenticator 24 : public base::RefCountedThreadSafe<SupervisedUserAuthenticator> { 25 public: 26 enum AuthState { 27 CONTINUE, // State indeterminate; try again when more info available. 28 NO_MOUNT, // No cryptohome exist for user. 29 FAILED_MOUNT, // Failed to mount existing cryptohome - login failed. 30 FAILED_TPM, // Failed to mount/create cryptohome because of TPM error. 31 SUCCESS, // Login succeeded . 32 }; 33 34 class AuthAttempt { 35 public: 36 AuthAttempt(const std::string& username, 37 const std::string& password, 38 bool add_key_attempt); 39 ~AuthAttempt(); 40 41 // Copy |cryptohome_code| and |cryptohome_outcome| into this object, 42 // so we can have a copy we're sure to own, and can make available 43 // on the IO thread. Must be called from the IO thread. 44 void RecordCryptohomeStatus(bool cryptohome_outcome, 45 cryptohome::MountError cryptohome_code); 46 47 // Copy |hash| into this object so we can have a copy we're sure to own 48 // and can make available on the IO thread. 49 // Must be called from the IO thread. 50 void RecordHash(const std::string& hash); 51 52 bool cryptohome_complete(); 53 bool cryptohome_outcome(); 54 bool hash_obtained(); 55 std::string hash(); 56 cryptohome::MountError cryptohome_code(); 57 58 const std::string username; 59 const std::string password; 60 const bool add_key; 61 62 private: 63 bool cryptohome_complete_; 64 bool cryptohome_outcome_; 65 bool hash_obtained_; 66 std::string hash_; 67 68 cryptohome::MountError cryptohome_code_; 69 DISALLOW_COPY_AND_ASSIGN(AuthAttempt); 70 }; 71 72 class AuthStatusConsumer { 73 public: 74 virtual ~AuthStatusConsumer() {} 75 // The current login attempt has ended in failure, with error. 76 virtual void OnAuthenticationFailure(AuthState state) = 0; 77 // The current login attempt has ended succesfully. 78 virtual void OnMountSuccess(const std::string& mount_hash) = 0; 79 // The current add key attempt has ended succesfully. 80 virtual void OnAddKeySuccess() = 0; 81 }; 82 83 explicit SupervisedUserAuthenticator(AuthStatusConsumer* consumer); 84 85 void AuthenticateToMount(const std::string& username, 86 const std::string& password); 87 88 void AuthenticateToCreate(const std::string& username, 89 const std::string& password); 90 91 void AddMasterKey(const std::string& username, 92 const std::string& password, 93 const std::string& master_key); 94 void Resolve(); 95 96 private: 97 friend class base::RefCountedThreadSafe<SupervisedUserAuthenticator>; 98 99 ~SupervisedUserAuthenticator(); 100 101 AuthState ResolveState(); 102 AuthState ResolveCryptohomeFailureState(); 103 AuthState ResolveCryptohomeSuccessState(); 104 void OnAuthenticationSuccess(const std::string& mount_hash, bool add_key); 105 void OnAuthenticationFailure(AuthState state); 106 107 scoped_ptr<AuthAttempt> current_state_; 108 AuthStatusConsumer* consumer_; 109 110 DISALLOW_COPY_AND_ASSIGN(SupervisedUserAuthenticator); 111}; 112 113} // namespace chromeos 114 115#endif // CHROME_BROWSER_CHROMEOS_LOGIN_SUPERVISED_SUPERVISED_USER_AUTHENTICATOR_H_ 116