chrome/browser/chromeos/login/auth/chrome_login_performer.cc

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/chromeos/login/auth/chrome_login_performer.h"
   6
   7 #include "base/bind.h"
   8 #include "base/thread_task_runner_handle.h"
   9 #include "chrome/browser/browser_process.h"
  10 #include "chrome/browser/chromeos/login/login_utils.h"
  11 #include "chrome/browser/chromeos/login/supervised/supervised_user_authentication.h"
  12 #include "chrome/browser/chromeos/login/supervised/supervised_user_constants.h"
  13 #include "chrome/browser/chromeos/login/supervised/supervised_user_login_flow.h"
  14 #include "chrome/browser/chromeos/login/users/chrome_user_manager.h"
  15 #include "chrome/browser/chromeos/login/users/supervised_user_manager.h"
  16 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
  17 #include "chrome/browser/chromeos/policy/device_local_account_policy_service.h"
  18 #include "chrome/browser/chromeos/profiles/profile_helper.h"
  19 #include "chrome/browser/chromeos/settings/cros_settings.h"
  20
  21 namespace chromeos {
  22
  23 ChromeLoginPerformer::ChromeLoginPerformer(Delegate* delegate)
  24     : LoginPerformer(base::ThreadTaskRunnerHandle::Get(), delegate),
  25       weak_factory_(this) {
  26 }
  27
  28 ChromeLoginPerformer::~ChromeLoginPerformer() {
  29 }
  30
  31 ////////////////////////////////////////////////////////////////////////////////
  32 // ChromeLoginPerformer, public:
  33
  34 bool ChromeLoginPerformer::RunTrustedCheck(const base::Closure& callback) {
  35   CrosSettings* cros_settings = CrosSettings::Get();
  36
  37   CrosSettingsProvider::TrustedStatus status =
  38       cros_settings->PrepareTrustedValues(
  39           base::Bind(&ChromeLoginPerformer::DidRunTrustedCheck,
  40                      weak_factory_.GetWeakPtr(),
  41                      callback));
  42   // Must not proceed without signature verification.
  43   if (status == CrosSettingsProvider::PERMANENTLY_UNTRUSTED) {
  44     if (delegate_)
  45       delegate_->PolicyLoadFailed();
  46     else
  47       NOTREACHED();
  48     return true;  // Some callback was called.
  49   } else if (status == CrosSettingsProvider::TEMPORARILY_UNTRUSTED) {
  50     // Value of AllowNewUser setting is still not verified.
  51     // Another attempt will be invoked after verification completion.
  52     return false;
  53   } else {
  54     DCHECK(status == CrosSettingsProvider::TRUSTED);
  55     // CrosSettingsProvider::TRUSTED
  56     callback.Run();
  57     return true;  // Some callback was called.
  58   }
  59 }
  60
  61 void ChromeLoginPerformer::DidRunTrustedCheck(const base::Closure& callback) {
  62   CrosSettings* cros_settings = CrosSettings::Get();
  63
  64   CrosSettingsProvider::TrustedStatus status =
  65       cros_settings->PrepareTrustedValues(
  66           base::Bind(&ChromeLoginPerformer::DidRunTrustedCheck,
  67                      weak_factory_.GetWeakPtr(),
  68                      callback));
  69   // Must not proceed without signature verification.
  70   if (status == CrosSettingsProvider::PERMANENTLY_UNTRUSTED) {
  71     if (delegate_)
  72       delegate_->PolicyLoadFailed();
  73     else
  74       NOTREACHED();
  75   } else if (status == CrosSettingsProvider::TEMPORARILY_UNTRUSTED) {
  76     // Value of AllowNewUser setting is still not verified.
  77     // Another attempt will be invoked after verification completion.
  78     return;
  79   } else {
  80     DCHECK(status == CrosSettingsProvider::TRUSTED);
  81     callback.Run();
  82   }
  83 }
  84
  85 bool ChromeLoginPerformer::IsUserWhitelisted(const std::string& user_id,
  86                                              bool* wildcard_match) {
  87   return LoginUtils::IsWhitelisted(user_id, wildcard_match);
  88 }
  89
  90 void ChromeLoginPerformer::RunOnlineWhitelistCheck(
  91     const std::string& user_id,
  92     bool wildcard_match,
  93     const base::Closure& success_callback,
  94     const base::Closure& failure_callback) {
  95   // On enterprise devices, reconfirm login permission with the server.
  96   policy::BrowserPolicyConnectorChromeOS* connector =
  97       g_browser_process->platform_part()->browser_policy_connector_chromeos();
  98   if (connector->IsEnterpriseManaged() && wildcard_match &&
  99       !connector->IsNonEnterpriseUser(user_id)) {
 100     wildcard_login_checker_.reset(new policy::WildcardLoginChecker());
 101     wildcard_login_checker_->Start(
 102         ProfileHelper::GetSigninProfile()->GetRequestContext(),
 103         base::Bind(&ChromeLoginPerformer::OnlineWildcardLoginCheckCompleted,
 104                    weak_factory_.GetWeakPtr(),
 105                    success_callback,
 106                    failure_callback));
 107   } else {
 108     success_callback.Run();
 109   }
 110 }
 111
 112 scoped_refptr<Authenticator> ChromeLoginPerformer::CreateAuthenticator() {
 113   return LoginUtils::Get()->CreateAuthenticator(this);
 114 }
 115
 116 bool ChromeLoginPerformer::AreSupervisedUsersAllowed() {
 117   return user_manager::UserManager::Get()->AreSupervisedUsersAllowed();
 118 }
 119
 120 bool ChromeLoginPerformer::UseExtendedAuthenticatorForSupervisedUser(
 121     const UserContext& user_context) {
 122   SupervisedUserAuthentication* authentication =
 123       ChromeUserManager::Get()->GetSupervisedUserManager()->GetAuthentication();
 124   return authentication->GetPasswordSchema(user_context.GetUserID()) ==
 125          SupervisedUserAuthentication::SCHEMA_SALT_HASHED;
 126 }
 127
 128 UserContext ChromeLoginPerformer::TransformSupervisedKey(
 129     const UserContext& context) {
 130   SupervisedUserAuthentication* authentication =
 131       ChromeUserManager::Get()->GetSupervisedUserManager()->GetAuthentication();
 132   return authentication->TransformKey(context);
 133 }
 134
 135 void ChromeLoginPerformer::SetupSupervisedUserFlow(const std::string& user_id) {
 136   SupervisedUserLoginFlow* new_flow = new SupervisedUserLoginFlow(user_id);
 137   new_flow->set_host(ChromeUserManager::Get()->GetUserFlow(user_id)->host());
 138   ChromeUserManager::Get()->SetUserFlow(user_id, new_flow);
 139 }
 140
 141 bool ChromeLoginPerformer::CheckPolicyForUser(const std::string& user_id) {
 142   // Login is not allowed if policy could not be loaded for the account.
 143   policy::BrowserPolicyConnectorChromeOS* connector =
 144       g_browser_process->platform_part()->browser_policy_connector_chromeos();
 145   policy::DeviceLocalAccountPolicyService* policy_service =
 146       connector->GetDeviceLocalAccountPolicyService();
 147   return policy_service && policy_service->IsPolicyAvailableForUser(user_id);
 148 }
 149 ////////////////////////////////////////////////////////////////////////////////
 150 // ChromeLoginPerformer, private:
 151
 152 content::BrowserContext* ChromeLoginPerformer::GetSigninContext() {
 153   return ProfileHelper::GetSigninProfile();
 154 }
 155
 156 net::URLRequestContextGetter* ChromeLoginPerformer::GetSigninRequestContext() {
 157   return ProfileHelper::GetSigninProfile()->GetRequestContext();
 158 }
 159
 160 void ChromeLoginPerformer::OnlineWildcardLoginCheckCompleted(
 161     const base::Closure& success_callback,
 162     const base::Closure& failure_callback,
 163     policy::WildcardLoginChecker::Result result) {
 164   if (result == policy::WildcardLoginChecker::RESULT_ALLOWED) {
 165     success_callback.Run();
 166   } else {
 167     failure_callback.Run();
 168   }
 169 }
 170
 171 }  // namespace chromeos