chrome/browser/chromeos/login/managed/supervised_user_authentication.h - platform/external/chromium_org - Git at Google

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 #ifndef CHROME_BROWSER_CHROMEOS_LOGIN_MANAGED_SUPERVISED_USER_AUTHENTICATION_H_
 #define CHROME_BROWSER_CHROMEOS_LOGIN_MANAGED_SUPERVISED_USER_AUTHENTICATION_H_

 #include "base/basictypes.h"
 #include "base/compiler_specific.h"
 #include "base/memory/weak_ptr.h"
 #include "base/strings/string16.h"
 #include "base/values.h"
 #include "chrome/browser/chromeos/login/managed/supervised_user_login_flow.h"
 #include "chromeos/login/auth/user_context.h"

 namespace chromeos {

 class SupervisedUserManager;

 // This is a class that encapsulates all details of password handling for
 // supervised users.
 // Main property is the schema used to handle password. For now it can be either
 // plain password schema, when plain text password is passed to standard
 // cryprohome authentication algorithm without modification, or hashed password
 // schema, when password is additioUpdateContextToChecknally hashed with
 // user-specific salt.
 // Second schema is required to allow password syncing across devices for
 // supervised users.
 class SupervisedUserAuthentication {
  public:
   enum Schema {
     SCHEMA_PLAIN = 1,
     SCHEMA_SALT_HASHED = 2
   };

   enum SupervisedUserPasswordChangeResult {
     PASSWORD_CHANGED_IN_MANAGER_SESSION = 0,
     PASSWORD_CHANGED_IN_USER_SESSION = 1,
     PASSWORD_CHANGE_FAILED_NO_MASTER_KEY = 2,
     PASSWORD_CHANGE_FAILED_NO_SIGNATURE_KEY = 3,
     PASSWORD_CHANGE_FAILED_NO_PASSWORD_DATA = 4,
     PASSWORD_CHANGE_FAILED_MASTER_KEY_FAILURE = 5,
     PASSWORD_CHANGE_FAILED_LOADING_DATA = 6,
     PASSWORD_CHANGE_FAILED_INCOMPLETE_DATA = 7,
     PASSWORD_CHANGE_FAILED_AUTHENTICATION_FAILURE = 8,
     PASSWORD_CHANGE_FAILED_STORE_DATA = 9,
     PASSWORD_CHANGE_RESULT_MAX_VALUE = 10
   };

   typedef base::Callback<void(const base::DictionaryValue* password_data)>
       PasswordDataCallback;

   explicit SupervisedUserAuthentication(SupervisedUserManager* owner);
   virtual ~SupervisedUserAuthentication();

   // Returns current schema for whole ChromeOS. It defines if users with older
   // schema should be migrated somehow.
   Schema GetStableSchema();

   // Transforms key according to schema specified in Local State.
   UserContext TransformKey(const UserContext& context);

   // Fills |password_data| with |password|-specific data for |user_id|,
   // depending on target schema. Does not affect Local State.
   bool FillDataForNewUser(const std::string& user_id,
                           const std::string& password,
                           base::DictionaryValue* password_data,
                           base::DictionaryValue* extra_data);

   // Stores |password_data| for |user_id| in Local State. Only public parts
   // of |password_data| will be stored.
   void StorePasswordData(const std::string& user_id,
                          const base::DictionaryValue& password_data);

   bool NeedPasswordChange(const std::string& user_id,
                           const base::DictionaryValue* password_data);

   // Checks if given user should update password upon signin.
   bool HasScheduledPasswordUpdate(const std::string& user_id);
   void ClearScheduledPasswordUpdate(const std::string& user_id);

   // Checks if password was migrated to new schema by supervised user.
   // In this case it does not have encryption key, and should be updated by
   // manager even if password versions match.
   bool HasIncompleteKey(const std::string& user_id);
   void MarkKeyIncomplete(const std::string& user_id, bool incomplete);

   // Loads password data stored by ScheduleSupervisedPasswordChange.
   void LoadPasswordUpdateData(const std::string& user_id,
                               const PasswordDataCallback& success_callback,
                               const base::Closure& failure_callback);

   // Creates a random string that can be used as a master key for managed
   // user's homedir.
   std::string GenerateMasterKey();

   // Called by supervised user to store password data for migration upon signin.
   void ScheduleSupervisedPasswordChange(
       const std::string& supervised_user_id,
       const base::DictionaryValue* password_data);

   // Utility method that gets schema version for |user_id| from Local State.
   Schema GetPasswordSchema(const std::string& user_id);

   static std::string BuildPasswordSignature(
       const std::string& password,
       int revision,
       const std::string& base64_signature_key);

  private:
   SupervisedUserManager* owner_;

   // Controls if migration is enabled.
   bool migration_enabled_;

   // Target schema version. Affects migration process and new user creation.
   Schema stable_schema_;


   DISALLOW_COPY_AND_ASSIGN(SupervisedUserAuthentication);
 };

 } // namespace chromeos

 #endif  // CHROME_BROWSER_CHROMEOS_LOGIN_MANAGED_SUPERVISED_USER_AUTHENTICATION_H_
	// Copyright 2013 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.
	#ifndef CHROME_BROWSER_CHROMEOS_LOGIN_MANAGED_SUPERVISED_USER_AUTHENTICATION_H_
	#define CHROME_BROWSER_CHROMEOS_LOGIN_MANAGED_SUPERVISED_USER_AUTHENTICATION_H_

	#include "base/basictypes.h"
	#include "base/compiler_specific.h"
	#include "base/memory/weak_ptr.h"
	#include "base/strings/string16.h"
	#include "base/values.h"
	#include "chrome/browser/chromeos/login/managed/supervised_user_login_flow.h"
	#include "chromeos/login/auth/user_context.h"

	namespace chromeos {

	class SupervisedUserManager;

	// This is a class that encapsulates all details of password handling for
	// supervised users.
	// Main property is the schema used to handle password. For now it can be either
	// plain password schema, when plain text password is passed to standard
	// cryprohome authentication algorithm without modification, or hashed password
	// schema, when password is additioUpdateContextToChecknally hashed with
	// user-specific salt.
	// Second schema is required to allow password syncing across devices for
	// supervised users.
	class SupervisedUserAuthentication {
	public:
	enum Schema {
	SCHEMA_PLAIN = 1,
	SCHEMA_SALT_HASHED = 2
	};

	enum SupervisedUserPasswordChangeResult {
	PASSWORD_CHANGED_IN_MANAGER_SESSION = 0,
	PASSWORD_CHANGED_IN_USER_SESSION = 1,
	PASSWORD_CHANGE_FAILED_NO_MASTER_KEY = 2,
	PASSWORD_CHANGE_FAILED_NO_SIGNATURE_KEY = 3,
	PASSWORD_CHANGE_FAILED_NO_PASSWORD_DATA = 4,
	PASSWORD_CHANGE_FAILED_MASTER_KEY_FAILURE = 5,
	PASSWORD_CHANGE_FAILED_LOADING_DATA = 6,
	PASSWORD_CHANGE_FAILED_INCOMPLETE_DATA = 7,
	PASSWORD_CHANGE_FAILED_AUTHENTICATION_FAILURE = 8,
	PASSWORD_CHANGE_FAILED_STORE_DATA = 9,
	PASSWORD_CHANGE_RESULT_MAX_VALUE = 10
	};

	typedef base::Callback<void(const base::DictionaryValue* password_data)>
	PasswordDataCallback;

	explicit SupervisedUserAuthentication(SupervisedUserManager* owner);
	virtual ~SupervisedUserAuthentication();

	// Returns current schema for whole ChromeOS. It defines if users with older
	// schema should be migrated somehow.
	Schema GetStableSchema();

	// Transforms key according to schema specified in Local State.
	UserContext TransformKey(const UserContext& context);

	// Fills \|password_data\| with \|password\|-specific data for \|user_id\|,
	// depending on target schema. Does not affect Local State.
	bool FillDataForNewUser(const std::string& user_id,
	const std::string& password,
	base::DictionaryValue* password_data,
	base::DictionaryValue* extra_data);

	// Stores \|password_data\| for \|user_id\| in Local State. Only public parts
	// of \|password_data\| will be stored.
	void StorePasswordData(const std::string& user_id,
	const base::DictionaryValue& password_data);

	bool NeedPasswordChange(const std::string& user_id,
	const base::DictionaryValue* password_data);

	// Checks if given user should update password upon signin.
	bool HasScheduledPasswordUpdate(const std::string& user_id);
	void ClearScheduledPasswordUpdate(const std::string& user_id);

	// Checks if password was migrated to new schema by supervised user.
	// In this case it does not have encryption key, and should be updated by
	// manager even if password versions match.
	bool HasIncompleteKey(const std::string& user_id);
	void MarkKeyIncomplete(const std::string& user_id, bool incomplete);

	// Loads password data stored by ScheduleSupervisedPasswordChange.
	void LoadPasswordUpdateData(const std::string& user_id,
	const PasswordDataCallback& success_callback,
	const base::Closure& failure_callback);

	// Creates a random string that can be used as a master key for managed
	// user's homedir.
	std::string GenerateMasterKey();

	// Called by supervised user to store password data for migration upon signin.
	void ScheduleSupervisedPasswordChange(
	const std::string& supervised_user_id,
	const base::DictionaryValue* password_data);

	// Utility method that gets schema version for \|user_id\| from Local State.
	Schema GetPasswordSchema(const std::string& user_id);

	static std::string BuildPasswordSignature(
	const std::string& password,
	int revision,
	const std::string& base64_signature_key);

	private:
	SupervisedUserManager* owner_;

	// Controls if migration is enabled.
	bool migration_enabled_;

	// Target schema version. Affects migration process and new user creation.
	Schema stable_schema_;


	DISALLOW_COPY_AND_ASSIGN(SupervisedUserAuthentication);
	};

	} // namespace chromeos

	#endif // CHROME_BROWSER_CHROMEOS_LOGIN_MANAGED_SUPERVISED_USER_AUTHENTICATION_H_