root/chrome/browser/chromeos/login/managed/supervised_user_authentication.h

/* [<][>][^][v][top][bottom][index][help] */

INCLUDED FROM

// Copyright 2013 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CHROME_BROWSER_CHROMEOS_LOGIN_MANAGED_SUPERVISED_USER_AUTHENTICATION_H_
#define CHROME_BROWSER_CHROMEOS_LOGIN_MANAGED_SUPERVISED_USER_AUTHENTICATION_H_

#include "base/basictypes.h"
#include "base/compiler_specific.h"
#include "base/memory/weak_ptr.h"
#include "base/strings/string16.h"
#include "base/values.h"
#include "chrome/browser/chromeos/login/managed/supervised_user_login_flow.h"

namespace chromeos {

class SupervisedUserManager;
struct UserContext;

// This is a class that encapsulates all details of password handling for
// supervised users.
// Main property is the schema used to handle password. For now it can be either
// plain password schema, when plain text password is passed to standard
// cryprohome authentication algorithm without modification, or hashed password
// schema, when password is additioUpdateContextToChecknally hashed with
// user-specific salt.
// Second schema is required to allow password syncing across devices for
// supervised users.
class SupervisedUserAuthentication {
 public:
  enum Schema {
    SCHEMA_PLAIN = 1,
    SCHEMA_SALT_HASHED = 2
  };

  enum SupervisedUserPasswordChangeResult {
    PASSWORD_CHANGED_IN_MANAGER_SESSION = 0,
    PASSWORD_CHANGED_IN_USER_SESSION = 1,
    PASSWORD_CHANGE_FAILED_NO_MASTER_KEY = 2,
    PASSWORD_CHANGE_FAILED_NO_SIGNATURE_KEY = 3,
    PASSWORD_CHANGE_FAILED_NO_PASSWORD_DATA = 4,
    PASSWORD_CHANGE_FAILED_MASTER_KEY_FAILURE = 5,
    PASSWORD_CHANGE_FAILED_LOADING_DATA = 6,
    PASSWORD_CHANGE_FAILED_INCOMPLETE_DATA = 7,
    PASSWORD_CHANGE_FAILED_AUTHENTICATION_FAILURE = 8,
    PASSWORD_CHANGE_FAILED_STORE_DATA = 9,
    PASSWORD_CHANGE_RESULT_MAX_VALUE = 10
  };

  typedef base::Callback<void(const base::DictionaryValue* password_data)>
      PasswordDataCallback;

  explicit SupervisedUserAuthentication(SupervisedUserManager* owner);
  virtual ~SupervisedUserAuthentication();

  // Returns current schema for whole ChromeOS. It defines if users with older
  // schema should be migrated somehow.
  Schema GetStableSchema();

  // Transforms password according to schema specified in Local State.
  std::string TransformPassword(const std::string& supervised_user_id,
                                const std::string& password);

  // Transforms password according to schema specified in Local State.
  UserContext TransformPasswordInContext(const UserContext& context);

  // Fills |password_data| with |password|-specific data for |user_id|,
  // depending on target schema. Does not affect Local State.
  bool FillDataForNewUser(const std::string& user_id,
                          const std::string& password,
                          base::DictionaryValue* password_data,
                          base::DictionaryValue* extra_data);

  // Stores |password_data| for |user_id| in Local State. Only public parts
  // of |password_data| will be stored.
  void StorePasswordData(const std::string& user_id,
                         const base::DictionaryValue& password_data);

  bool NeedPasswordChange(const std::string& user_id,
                          const base::DictionaryValue* password_data);

  // Checks if given user should update password upon signin.
  bool HasScheduledPasswordUpdate(const std::string& user_id);
  void ClearScheduledPasswordUpdate(const std::string& user_id);

  // Checks if password was migrated to new schema by supervised user.
  // In this case it does not have encryption key, and should be updated by
  // manager even if password versions match.
  bool HasIncompleteKey(const std::string& user_id);
  void MarkKeyIncomplete(const std::string& user_id, bool incomplete);

  // Loads password data stored by ScheduleSupervisedPasswordChange.
  void LoadPasswordUpdateData(const std::string& user_id,
                              const PasswordDataCallback& success_callback,
                              const base::Closure& failure_callback);

  // Creates a random string that can be used as a master key for managed
  // user's homedir.
  std::string GenerateMasterKey();

  // Called by supervised user to store password data for migration upon signin.
  void ScheduleSupervisedPasswordChange(
      const std::string& supervised_user_id,
      const base::DictionaryValue* password_data);

  // Utility method that gets schema version for |user_id| from Local State.
  Schema GetPasswordSchema(const std::string& user_id);

 private:
  SupervisedUserManager* owner_;

  // Controls if migration is enabled.
  bool migration_enabled_;

  // Target schema version. Affects migration process and new user creation.
  Schema stable_schema_;


  DISALLOW_COPY_AND_ASSIGN(SupervisedUserAuthentication);
};

} // namespace chromeos

#endif  // CHROME_BROWSER_CHROMEOS_LOGIN_MANAGED_SUPERVISED_USER_AUTHENTICATION_H_
/* [<][>][^][v][top][bottom][index][help] */