File: kerberos_credentials_manager.h

package info (click to toggle)
chromium 139.0.7258.127-1
  • links: PTS, VCS
  • area: main
  • in suites:
  • size: 6,122,068 kB
  • sloc: cpp: 35,100,771; ansic: 7,163,530; javascript: 4,103,002; python: 1,436,920; asm: 946,517; xml: 746,709; pascal: 187,653; perl: 88,691; sh: 88,436; objc: 79,953; sql: 51,488; cs: 44,583; fortran: 24,137; makefile: 22,147; tcl: 15,277; php: 13,980; yacc: 8,984; ruby: 7,485; awk: 3,720; lisp: 3,096; lex: 1,327; ada: 727; jsp: 228; sed: 36
file content (311 lines) | stat: -rw-r--r-- 12,532 bytes parent folder | download | duplicates (6) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
 
// Copyright 2019 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef CHROME_BROWSER_ASH_KERBEROS_KERBEROS_CREDENTIALS_MANAGER_H_
#define CHROME_BROWSER_ASH_KERBEROS_KERBEROS_CREDENTIALS_MANAGER_H_

#include <optional>
#include <string>
#include <vector>

#include "base/callback_list.h"
#include "base/functional/callback.h"
#include "base/memory/raw_ptr.h"
#include "base/memory/weak_ptr.h"
#include "base/observer_list.h"
#include "base/observer_list_types.h"
#include "base/timer/timer.h"
#include "chrome/browser/ash/kerberos/kerberos_files_handler.h"
#include "chromeos/ash/components/dbus/kerberos/kerberos_service.pb.h"
#include "components/keyed_service/core/keyed_service.h"
#include "components/policy/core/common/policy_namespace.h"
#include "components/policy/core/common/policy_service.h"
#include "net/base/backoff_entry.h"

class PrefRegistrySimple;
class PrefService;
class PrefChangeRegistrar;
class Profile;

namespace chromeos {
class VariableExpander;
}

namespace policy {
class PolicyMap;
}  // namespace policy

namespace ash {

class KerberosAddAccountRunner;

class KerberosCredentialsManager : public KeyedService,
                                   public policy::PolicyService::Observer {
 public:
  using ResultCallback = base::OnceCallback<void(kerberos::ErrorType)>;
  using ListAccountsCallback =
      base::OnceCallback<void(const kerberos::ListAccountsResponse&)>;
  using ValidateConfigCallback =
      base::OnceCallback<void(const kerberos::ValidateConfigResponse&)>;

  class Observer : public base::CheckedObserver {
   public:
    Observer();

    Observer(const Observer&) = delete;
    Observer& operator=(const Observer&) = delete;

    ~Observer() override;

    // Called when the set of accounts was changed through Kerberos credentials
    // manager.
    virtual void OnAccountsChanged() {}

    // Called when Kerberos enabled/disabled state changes. The new state is
    // available via IsKerberosEnabled().
    virtual void OnKerberosEnabledStateChanged() {}
  };

  // Maximum number of managed accounts addition retries per prefs change.
  static constexpr int kMaxFailureCountForManagedAccounts = 10;

  KerberosCredentialsManager(PrefService* local_state,
                             Profile* primary_profile);

  KerberosCredentialsManager(const KerberosCredentialsManager&) = delete;
  KerberosCredentialsManager& operator=(const KerberosCredentialsManager&) =
      delete;

  ~KerberosCredentialsManager() override;

  // Registers prefs stored in local state.
  static void RegisterLocalStatePrefs(PrefRegistrySimple* registry);

  // Registers prefs stored in user profiles.
  static void RegisterProfilePrefs(PrefRegistrySimple* registry);

  // Helper method for ignoring the results of method calls.
  static ResultCallback EmptyResultCallback();

  // Returns the default Kerberos configuration (krb5.conf).
  static const char* GetDefaultKerberosConfig();

  // Returns true if the Kerberos feature is enabled.
  bool IsKerberosEnabled() const;

  // PolicyService:
  void OnPolicyUpdated(const policy::PolicyNamespace& ns,
                       const policy::PolicyMap& previous,
                       const policy::PolicyMap& current) override;

  // PolicyService:
  void OnPolicyServiceInitialized(policy::PolicyDomain domain) override;

  // Start observing this object. |observer| is not owned.
  void AddObserver(Observer* observer);

  // Stop observing this object. |observer| is not owned.
  void RemoveObserver(Observer* observer);

  // Adds an account for the given |principal_name| (user@example.com). If
  // |is_managed| is true, the account is assumed to be managed by an admin and
  // it overwrites any existing unmanaged account. If |password| is given,
  // authenticates the account. If |remember_password| is true and a |password|
  // is given, the Kerberos daemon remembers the password. |krb5_conf| is set as
  // configuration. On success, sets |principal_name| as active principal and
  // calls OnAccountsChanged() for observers. If |allow_existing| is false and
  // an account for |principal_name| already exists, no action is performed and
  // the method returns with ERROR_DUPLICATE_PRINCIPAL_NAME. If true, the
  // existing account is updated.
  void AddAccountAndAuthenticate(std::string principal_name,
                                 bool is_managed,
                                 const std::optional<std::string>& password,
                                 bool remember_password,
                                 const std::string& krb5_conf,
                                 bool allow_existing,
                                 ResultCallback callback);

  // Removes the Kerberos account for the account with given |principal_name|.
  // On success, calls OnAccountsChanged() for observers.
  void RemoveAccount(std::string principal_name, ResultCallback callback);

  // Removes all Kerberos accounts.
  // On success, calls OnAccountsChanged() for observers.
  void ClearAccounts(ResultCallback callback);

  // Returns a list of all existing accounts, including current status like
  // remaining Kerberos ticket lifetime.
  void ListAccounts(ListAccountsCallback callback);

  // Sets the contents of the Kerberos configuration (krb5.conf) to |krb5_conf|
  // for the account with given |principal_name|.
  void SetConfig(std::string principal_name,
                 const std::string& krb5_conf,
                 ResultCallback callback);

  // Verifies that only allowlisted configuration options are used in the
  // Kerberos configuration |krb5_conf|. The Kerberos daemon does not allow all
  // options for security reasons. Also performs basic syntax checks. Returns
  // useful error information.
  void ValidateConfig(const std::string& krb5_conf,
                      ValidateConfigCallback callback);

  // Sets the currently active account.
  kerberos::ErrorType SetActiveAccount(std::string principal_name);

  // Returns the currently active account or an empty string if there is none.
  const std::string& GetActiveAccount() const {
    return GetActivePrincipalName();
  }

  // Getter for the GetKerberosFiles() callback, used on tests to build a mock
  // KerberosFilesHandler.
  base::RepeatingClosure GetGetKerberosFilesCallbackForTesting();

  // Used on tests to replace the KerberosFilesHandler created on the
  // constructor with a mock KerberosFilesHandler.
  void SetKerberosFilesHandlerForTesting(
      std::unique_ptr<KerberosFilesHandler> kerberos_files_handler);

  // Used on tests to optionally set a callback that will be called after adding
  // a managed account.
  void SetAddManagedAccountCallbackForTesting(
      base::RepeatingCallback<void(kerberos::ErrorType)> callback);

 private:
  friend class KerberosAddAccountRunner;
  using RepeatedAccountField =
      google::protobuf::RepeatedPtrField<kerberos::Account>;

  // Callback on KerberosAddAccountRunner::Done.
  void OnAddAccountRunnerDone(KerberosAddAccountRunner* runner,
                              std::string principal_name,
                              bool is_managed,
                              ResultCallback callback,
                              kerberos::ErrorType error);

  // Callback for KerberosAddAccountRunner when adding a managed account.
  void OnAddManagedAccountRunnerDone(kerberos::ErrorType error);

  // Callback for RemoveAccount().
  void OnRemoveAccount(const std::string& principal_name,
                       ResultCallback callback,
                       const kerberos::RemoveAccountResponse& response);

  // Callback for ClearAccounts().
  void OnClearAccounts(kerberos::ClearMode mode,
                       ResultCallback callback,
                       const kerberos::ClearAccountsResponse& response);

  // Callback for RemoveAccount().
  void OnListAccounts(ListAccountsCallback callback,
                      const kerberos::ListAccountsResponse& response);

  // Callback for SetConfig().
  void OnSetConfig(ResultCallback callback,
                   const kerberos::SetConfigResponse& response);

  // Callback for ValidateConfig().
  void OnValidateConfig(ValidateConfigCallback callback,
                        const kerberos::ValidateConfigResponse& response);

  // Calls KerberosClient::GetKerberosFiles().
  void GetKerberosFiles();

  // Callback for GetKerberosFiles().
  void OnGetKerberosFiles(const std::string& principal_name,
                          const kerberos::GetKerberosFilesResponse& response);

  // Callback for 'KerberosFilesChanged' D-Bus signal sent by kerberosd.
  void OnKerberosFilesChanged(const std::string& principal_name);

  // Callback for 'KerberosTicketExpiring' D-Bus signal sent by kerberosd.
  void OnKerberosTicketExpiring(const std::string& principal_name);

  // Calls OnAccountsChanged() on all observers.
  void NotifyAccountsChanged();

  // Calls OnKerberosEnabledStateChanged() on all observers.
  void NotifyEnabledStateChanged();

  // Accessors for active principal (stored in user pref).
  const std::string& GetActivePrincipalName() const;
  void SetActivePrincipalName(const std::string& principal_name);
  void ClearActivePrincipalName();

  // Checks whether the active principal is contained in the given |accounts|.
  // If not, resets it to the first principal or clears it if the list is empty.
  // It's expected to trigger if the active account is removed by
  // |RemoveAccount()| or |ClearAccounts()|.
  void ValidateActivePrincipal(const RepeatedAccountField& accounts);

  // Notification shown when the Kerberos ticket is about to expire.
  void ShowTicketExpiryNotification();

  // Pref change handlers.
  void UpdateEnabledFromPref();
  void UpdateRememberPasswordEnabledFromPref();
  void UpdateAddAccountsAllowedFromPref();
  void UpdateAccountsFromPref(bool is_retry);

  // Does the main work for UpdateAccountsFromPref(). To clean up stale managed
  // accounts, an up-to-date accounts list is needed. UpdateAccountsFromPref()
  // first gets a list of accounts (asynchronously) and calls into this method
  // to set new accounts and clean up old ones.
  void RemoveAllManagedAccountsExcept(std::vector<std::string> keep_list);

  // Informs session manager whether it needs to store the login password in the
  // kernel keyring. That's the case when '${PASSWORD}' is used as password in
  // the KerberosAccounts policy. The Kerberos daemon expands that to the login
  // password.
  void NotifyRequiresLoginPassword(bool requires_login_password);

  // Called when the user clicks on the ticket expiry notification.
  void OnTicketExpiryNotificationClick(const std::string& principal_name);

  // Local state prefs, not owned.
  raw_ptr<PrefService> local_state_ = nullptr;

  // Primary profile, not owned.
  raw_ptr<Profile> primary_profile_ = nullptr;

  // Policy service of the primary profile, not owned.
  raw_ptr<policy::PolicyService> policy_service_ = nullptr;

  // Called by OnSignalConnected(), puts Kerberos files where GSSAPI finds them.
  std::unique_ptr<KerberosFilesHandler> kerberos_files_handler_;

  // Observer for Kerberos-related prefs.
  std::unique_ptr<PrefChangeRegistrar> pref_change_registrar_;

  // Subscriptions whose destruction will cancel the corresponding callbacks.
  // The callbacks are used to listen to signals from KerberosClient.
  base::CallbackListSubscription kerberos_file_changed_signal_subscription_;
  base::CallbackListSubscription kerberos_ticket_expiring_signal_subscription_;

  // Keeps track of accounts currently being added.
  std::vector<std::unique_ptr<KerberosAddAccountRunner>> add_account_runners_;

  // Variable expander for the principal name (replaces ${LOGIN_ID} etc.).
  std::unique_ptr<chromeos::VariableExpander> principal_expander_;

  // List of objects that observe this instance.
  base::ObserverList<Observer, true /* check_empty */> observers_;

  // Backoff entry used to control managed accounts addition retries.
  net::BackoffEntry backoff_entry_for_managed_accounts_;

  // Timer for keeping track of managed accounts addition retries.
  base::OneShotTimer managed_accounts_retry_timer_;

  // Callback optionally used for testing.
  base::RepeatingCallback<void(kerberos::ErrorType)>
      add_managed_account_callback_for_testing_;

  base::WeakPtrFactory<KerberosCredentialsManager> weak_factory_{this};
};

}  // namespace ash

#endif  // CHROME_BROWSER_ASH_KERBEROS_KERBEROS_CREDENTIALS_MANAGER_H_