1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 #ifndef CHROME_BROWSER_CHROMEOS_LOGIN_MANAGED_SUPERVISED_USER_AUTHENTICATION_H_
5 #define CHROME_BROWSER_CHROMEOS_LOGIN_MANAGED_SUPERVISED_USER_AUTHENTICATION_H_
7 #include "base/basictypes.h"
8 #include "base/compiler_specific.h"
9 #include "base/memory/weak_ptr.h"
10 #include "base/strings/string16.h"
11 #include "base/values.h"
12 #include "chrome/browser/chromeos/login/managed/supervised_user_login_flow.h"
16 class SupervisedUserManager;
19 // This is a class that encapsulates all details of password handling for
21 // Main property is the schema used to handle password. For now it can be either
22 // plain password schema, when plain text password is passed to standard
23 // cryprohome authentication algorithm without modification, or hashed password
24 // schema, when password is additioUpdateContextToChecknally hashed with
25 // user-specific salt.
26 // Second schema is required to allow password syncing across devices for
28 class SupervisedUserAuthentication {
32 SCHEMA_SALT_HASHED = 2
35 enum SupervisedUserPasswordChangeResult {
36 PASSWORD_CHANGED_IN_MANAGER_SESSION = 0,
37 PASSWORD_CHANGED_IN_USER_SESSION = 1,
38 PASSWORD_CHANGE_FAILED_NO_MASTER_KEY = 2,
39 PASSWORD_CHANGE_FAILED_NO_SIGNATURE_KEY = 3,
40 PASSWORD_CHANGE_FAILED_NO_PASSWORD_DATA = 4,
41 PASSWORD_CHANGE_FAILED_MASTER_KEY_FAILURE = 5,
42 PASSWORD_CHANGE_FAILED_LOADING_DATA = 6,
43 PASSWORD_CHANGE_FAILED_INCOMPLETE_DATA = 7,
44 PASSWORD_CHANGE_FAILED_AUTHENTICATION_FAILURE = 8,
45 PASSWORD_CHANGE_FAILED_STORE_DATA = 9,
46 PASSWORD_CHANGE_RESULT_MAX_VALUE = 10
49 typedef base::Callback<void(const base::DictionaryValue* password_data)>
52 explicit SupervisedUserAuthentication(SupervisedUserManager* owner);
53 virtual ~SupervisedUserAuthentication();
55 // Returns current schema for whole ChromeOS. It defines if users with older
56 // schema should be migrated somehow.
57 Schema GetStableSchema();
59 // Transforms password according to schema specified in Local State.
60 std::string TransformPassword(const std::string& supervised_user_id,
61 const std::string& password);
63 // Transforms password according to schema specified in Local State.
64 UserContext TransformPasswordInContext(const UserContext& context);
66 // Fills |password_data| with |password|-specific data for |user_id|,
67 // depending on target schema. Does not affect Local State.
68 bool FillDataForNewUser(const std::string& user_id,
69 const std::string& password,
70 base::DictionaryValue* password_data,
71 base::DictionaryValue* extra_data);
73 // Stores |password_data| for |user_id| in Local State. Only public parts
74 // of |password_data| will be stored.
75 void StorePasswordData(const std::string& user_id,
76 const base::DictionaryValue& password_data);
78 bool NeedPasswordChange(const std::string& user_id,
79 const base::DictionaryValue* password_data);
81 // Checks if given user should update password upon signin.
82 bool HasScheduledPasswordUpdate(const std::string& user_id);
83 void ClearScheduledPasswordUpdate(const std::string& user_id);
85 // Checks if password was migrated to new schema by supervised user.
86 // In this case it does not have encryption key, and should be updated by
87 // manager even if password versions match.
88 bool HasIncompleteKey(const std::string& user_id);
89 void MarkKeyIncomplete(const std::string& user_id, bool incomplete);
91 // Loads password data stored by ScheduleSupervisedPasswordChange.
92 void LoadPasswordUpdateData(const std::string& user_id,
93 const PasswordDataCallback& success_callback,
94 const base::Closure& failure_callback);
96 // Creates a random string that can be used as a master key for managed
98 std::string GenerateMasterKey();
100 // Called by supervised user to store password data for migration upon signin.
101 void ScheduleSupervisedPasswordChange(
102 const std::string& supervised_user_id,
103 const base::DictionaryValue* password_data);
105 // Utility method that gets schema version for |user_id| from Local State.
106 Schema GetPasswordSchema(const std::string& user_id);
108 static std::string BuildPasswordForHashWithSaltSchema(
109 const std::string& salt,
110 const std::string& plain_password);
112 static std::string BuildPasswordSignature(
113 const std::string& password,
115 const std::string& base64_signature_key);
118 SupervisedUserManager* owner_;
120 // Controls if migration is enabled.
121 bool migration_enabled_;
123 // Target schema version. Affects migration process and new user creation.
124 Schema stable_schema_;
127 DISALLOW_COPY_AND_ASSIGN(SupervisedUserAuthentication);
130 } // namespace chromeos
132 #endif // CHROME_BROWSER_CHROMEOS_LOGIN_MANAGED_SUPERVISED_USER_AUTHENTICATION_H_