blob: 0d1bc62a877955bd2330c3aede85c2d391d8a936 [file] [log] [blame]
// Copyright 2014 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "chrome/browser/chromeos/login/auth/chrome_login_performer.h"
#include "base/bind.h"
#include "base/thread_task_runner_handle.h"
#include "chrome/browser/browser_process.h"
#include "chrome/browser/chromeos/login/easy_unlock/easy_unlock_user_login_flow.h"
#include "chrome/browser/chromeos/login/login_utils.h"
#include "chrome/browser/chromeos/login/supervised/supervised_user_authentication.h"
#include "chrome/browser/chromeos/login/supervised/supervised_user_constants.h"
#include "chrome/browser/chromeos/login/supervised/supervised_user_login_flow.h"
#include "chrome/browser/chromeos/login/users/chrome_user_manager.h"
#include "chrome/browser/chromeos/login/users/supervised_user_manager.h"
#include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
#include "chrome/browser/chromeos/policy/device_local_account_policy_service.h"
#include "chrome/browser/chromeos/profiles/profile_helper.h"
#include "chrome/browser/chromeos/settings/cros_settings.h"
namespace chromeos {
ChromeLoginPerformer::ChromeLoginPerformer(Delegate* delegate)
: LoginPerformer(base::ThreadTaskRunnerHandle::Get(), delegate),
weak_factory_(this) {
}
ChromeLoginPerformer::~ChromeLoginPerformer() {
}
////////////////////////////////////////////////////////////////////////////////
// ChromeLoginPerformer, public:
bool ChromeLoginPerformer::RunTrustedCheck(const base::Closure& callback) {
CrosSettings* cros_settings = CrosSettings::Get();
CrosSettingsProvider::TrustedStatus status =
cros_settings->PrepareTrustedValues(
base::Bind(&ChromeLoginPerformer::DidRunTrustedCheck,
weak_factory_.GetWeakPtr(),
callback));
// Must not proceed without signature verification.
if (status == CrosSettingsProvider::PERMANENTLY_UNTRUSTED) {
if (delegate_)
delegate_->PolicyLoadFailed();
else
NOTREACHED();
return true; // Some callback was called.
} else if (status == CrosSettingsProvider::TEMPORARILY_UNTRUSTED) {
// Value of AllowNewUser setting is still not verified.
// Another attempt will be invoked after verification completion.
return false;
} else {
DCHECK(status == CrosSettingsProvider::TRUSTED);
// CrosSettingsProvider::TRUSTED
callback.Run();
return true; // Some callback was called.
}
}
void ChromeLoginPerformer::DidRunTrustedCheck(const base::Closure& callback) {
CrosSettings* cros_settings = CrosSettings::Get();
CrosSettingsProvider::TrustedStatus status =
cros_settings->PrepareTrustedValues(
base::Bind(&ChromeLoginPerformer::DidRunTrustedCheck,
weak_factory_.GetWeakPtr(),
callback));
// Must not proceed without signature verification.
if (status == CrosSettingsProvider::PERMANENTLY_UNTRUSTED) {
if (delegate_)
delegate_->PolicyLoadFailed();
else
NOTREACHED();
} else if (status == CrosSettingsProvider::TEMPORARILY_UNTRUSTED) {
// Value of AllowNewUser setting is still not verified.
// Another attempt will be invoked after verification completion.
return;
} else {
DCHECK(status == CrosSettingsProvider::TRUSTED);
callback.Run();
}
}
bool ChromeLoginPerformer::IsUserWhitelisted(const std::string& user_id,
bool* wildcard_match) {
return LoginUtils::IsWhitelisted(user_id, wildcard_match);
}
void ChromeLoginPerformer::RunOnlineWhitelistCheck(
const std::string& user_id,
bool wildcard_match,
const base::Closure& success_callback,
const base::Closure& failure_callback) {
// On enterprise devices, reconfirm login permission with the server.
policy::BrowserPolicyConnectorChromeOS* connector =
g_browser_process->platform_part()->browser_policy_connector_chromeos();
if (connector->IsEnterpriseManaged() && wildcard_match &&
!connector->IsNonEnterpriseUser(user_id)) {
wildcard_login_checker_.reset(new policy::WildcardLoginChecker());
wildcard_login_checker_->Start(
ProfileHelper::GetSigninProfile()->GetRequestContext(),
base::Bind(&ChromeLoginPerformer::OnlineWildcardLoginCheckCompleted,
weak_factory_.GetWeakPtr(),
success_callback,
failure_callback));
} else {
success_callback.Run();
}
}
scoped_refptr<Authenticator> ChromeLoginPerformer::CreateAuthenticator() {
return LoginUtils::Get()->CreateAuthenticator(this);
}
bool ChromeLoginPerformer::AreSupervisedUsersAllowed() {
return user_manager::UserManager::Get()->AreSupervisedUsersAllowed();
}
bool ChromeLoginPerformer::UseExtendedAuthenticatorForSupervisedUser(
const UserContext& user_context) {
SupervisedUserAuthentication* authentication =
ChromeUserManager::Get()->GetSupervisedUserManager()->GetAuthentication();
return authentication->GetPasswordSchema(user_context.GetUserID()) ==
SupervisedUserAuthentication::SCHEMA_SALT_HASHED;
}
UserContext ChromeLoginPerformer::TransformSupervisedKey(
const UserContext& context) {
SupervisedUserAuthentication* authentication =
ChromeUserManager::Get()->GetSupervisedUserManager()->GetAuthentication();
return authentication->TransformKey(context);
}
void ChromeLoginPerformer::SetupSupervisedUserFlow(const std::string& user_id) {
SupervisedUserLoginFlow* new_flow = new SupervisedUserLoginFlow(user_id);
new_flow->SetHost(ChromeUserManager::Get()->GetUserFlow(user_id)->host());
ChromeUserManager::Get()->SetUserFlow(user_id, new_flow);
}
void ChromeLoginPerformer::SetupEasyUnlockUserFlow(const std::string& user_id) {
ChromeUserManager::Get()->SetUserFlow(user_id,
new EasyUnlockUserLoginFlow(user_id));
}
bool ChromeLoginPerformer::CheckPolicyForUser(const std::string& user_id) {
// Login is not allowed if policy could not be loaded for the account.
policy::BrowserPolicyConnectorChromeOS* connector =
g_browser_process->platform_part()->browser_policy_connector_chromeos();
policy::DeviceLocalAccountPolicyService* policy_service =
connector->GetDeviceLocalAccountPolicyService();
return policy_service && policy_service->IsPolicyAvailableForUser(user_id);
}
////////////////////////////////////////////////////////////////////////////////
// ChromeLoginPerformer, private:
content::BrowserContext* ChromeLoginPerformer::GetSigninContext() {
return ProfileHelper::GetSigninProfile();
}
net::URLRequestContextGetter* ChromeLoginPerformer::GetSigninRequestContext() {
return ProfileHelper::GetSigninProfile()->GetRequestContext();
}
void ChromeLoginPerformer::OnlineWildcardLoginCheckCompleted(
const base::Closure& success_callback,
const base::Closure& failure_callback,
policy::WildcardLoginChecker::Result result) {
if (result == policy::WildcardLoginChecker::RESULT_ALLOWED) {
success_callback.Run();
} else {
failure_callback.Run();
}
}
} // namespace chromeos