1 /*
2 * Copyright (c) 2022-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "account_iam_callback.h"
17
18 #include <securec.h>
19 #include <string>
20 #include "access_token.h"
21 #include "account_iam_info.h"
22 #include "account_info_report.h"
23 #include "account_log_wrapper.h"
24 #include "account_hisysevent_adapter.h"
25 #include "iinner_os_account_manager.h"
26 #include "inner_account_iam_manager.h"
27 #include "inner_domain_account_manager.h"
28 #include "ipc_skeleton.h"
29 #include "os_account_delete_user_idm_callback.h"
30 #include "token_setproc.h"
31 #include "user_auth_client.h"
32 #include "user_idm_client.h"
33 #include "os_account_constants.h"
34
35 namespace OHOS {
36 namespace AccountSA {
37 using UserIDMClient = UserIam::UserAuth::UserIdmClient;
38 using UserAuthClient = UserIam::UserAuth::UserAuthClient;
39
40 const std::vector<uint8_t> TEMP_PIN = {50, 48, 50, 52, 48, 56};
41
SetContextId(uint16_t contextId)42 void AuthCallbackDeathRecipient::SetContextId(uint16_t contextId)
43 {
44 contextId_ = contextId;
45 }
46
OnRemoteDied(const wptr<IRemoteObject> & remote)47 void AuthCallbackDeathRecipient::OnRemoteDied(const wptr<IRemoteObject> &remote)
48 {
49 ACCOUNT_LOGI("remote callback died, cancel authentication");
50 if (contextId_ > 0) {
51 UserAuthClient::GetInstance().CancelAuthentication(contextId_);
52 }
53 }
54
AuthCallback(uint32_t userId,AuthType authType,AuthIntent authIntent,const sptr<IIDMCallback> & callback)55 AuthCallback::AuthCallback(
56 uint32_t userId, AuthType authType, AuthIntent authIntent, const sptr<IIDMCallback> &callback)
57 : userId_(userId), authType_(authType), authIntent_(authIntent), innerCallback_(callback)
58 {}
59
AuthCallback(uint32_t userId,AuthType authType,AuthIntent authIntent,bool isRemoteAuth,const sptr<IIDMCallback> & callback)60 AuthCallback::AuthCallback(uint32_t userId, AuthType authType, AuthIntent authIntent,
61 bool isRemoteAuth, const sptr<IIDMCallback> &callback)
62 : userId_(userId), authType_(authType), authIntent_(authIntent),
63 isRemoteAuth_(isRemoteAuth), innerCallback_(callback)
64 {}
65
UnlockAccount(int32_t accountId,const std::vector<uint8_t> & token,const std::vector<uint8_t> & secret,bool & isUpdateVerifiedStatus)66 ErrCode AuthCallback::UnlockAccount(int32_t accountId, const std::vector<uint8_t> &token,
67 const std::vector<uint8_t> &secret, bool &isUpdateVerifiedStatus)
68 {
69 ErrCode ret = ERR_OK;
70 if (authType_ == AuthType::PIN) {
71 (void)InnerAccountIAMManager::GetInstance().HandleFileKeyException(accountId, secret, token);
72 bool isVerified = false;
73 (void)IInnerOsAccountManager::GetInstance().IsOsAccountVerified(accountId, isVerified);
74 if (!isVerified) {
75 // el2 file decryption
76 ret = InnerAccountIAMManager::GetInstance().ActivateUserKey(accountId, token, secret);
77 if (ret != 0) {
78 ACCOUNT_LOGE("Failed to activate user key");
79 ReportOsAccountOperationFail(accountId, "auth", ret, "Failed to activate user key");
80 return ret;
81 }
82 isUpdateVerifiedStatus = true;
83 }
84 }
85 if (!isUpdateVerifiedStatus) {
86 bool lockScreenStatus = false;
87 ret = InnerAccountIAMManager::GetInstance().GetLockScreenStatus(accountId, lockScreenStatus);
88 if (ret != 0) {
89 ReportOsAccountOperationFail(accountId, "auth", ret, "Failed to get lock status");
90 }
91 if (!lockScreenStatus) {
92 ACCOUNT_LOGI("start unlock user screen");
93 // el3\4 file decryption
94 ret = InnerAccountIAMManager::GetInstance().UnlockUserScreen(accountId, token, secret);
95 if (ret != 0) {
96 ReportOsAccountOperationFail(accountId, "auth", ret, "Failed to unlock user");
97 return ret;
98 }
99 }
100 }
101 return ret;
102 }
103
HandleAuthResult(const Attributes & extraInfo,int32_t accountId,bool & isUpdateVerifiedStatus)104 ErrCode AuthCallback::HandleAuthResult(const Attributes &extraInfo, int32_t accountId, bool &isUpdateVerifiedStatus)
105 {
106 // domain account authentication
107 if (authType_ == static_cast<AuthType>(IAMAuthType::DOMAIN)) {
108 return ERR_OK;
109 }
110 std::vector<uint8_t> token;
111 extraInfo.GetUint8ArrayValue(Attributes::ATTR_SIGNATURE, token);
112 std::vector<uint8_t> secret;
113 extraInfo.GetUint8ArrayValue(Attributes::ATTR_ROOT_SECRET, secret);
114 ErrCode ret = UnlockAccount(accountId, token, secret, isUpdateVerifiedStatus);
115 if (ret != ERR_OK) {
116 return ret;
117 }
118 // send msg for domain account offline authentication
119 InnerDomainAccountManager::GetInstance().AuthWithToken(accountId, token);
120 return ret;
121 }
122
SetDeathRecipient(const sptr<AuthCallbackDeathRecipient> & deathRecipient)123 void AuthCallback::SetDeathRecipient(const sptr<AuthCallbackDeathRecipient> &deathRecipient)
124 {
125 deathRecipient_ = deathRecipient;
126 }
127
OnResult(int32_t result,const Attributes & extraInfo)128 void AuthCallback::OnResult(int32_t result, const Attributes &extraInfo)
129 {
130 int32_t authedAccountId = 0;
131 if (!extraInfo.GetInt32Value(Attributes::AttributeKey::ATTR_USER_ID, authedAccountId)) {
132 ACCOUNT_LOGE("Get account id from auth result failed");
133 authedAccountId = static_cast<int32_t>(userId_);
134 }
135 ACCOUNT_LOGI("Auth ret: authType=%{public}d, result=%{public}d, id=%{public}d", authType_, result, authedAccountId);
136 if (innerCallback_ == nullptr) {
137 ACCOUNT_LOGE("innerCallback_ is nullptr");
138 return;
139 }
140 innerCallback_->AsObject()->RemoveDeathRecipient(deathRecipient_);
141 if (result != 0) {
142 innerCallback_->OnResult(result, extraInfo);
143 ReportOsAccountOperationFail(authedAccountId, "auth", result, "Failed to auth");
144 return AccountInfoReport::ReportSecurityInfo("", authedAccountId, ReportEvent::EVENT_LOGIN, result);
145 }
146 // private pin auth
147 if ((authType_ == AuthType::PRIVATE_PIN) || (authIntent_ == AuthIntent::QUESTION_AUTH)) {
148 ACCOUNT_LOGI("Private pin auth");
149 innerCallback_->OnResult(result, extraInfo);
150 return;
151 }
152 if (isRemoteAuth_) {
153 ACCOUNT_LOGI("Remote auth");
154 innerCallback_->OnResult(result, extraInfo);
155 return;
156 }
157 bool isUpdateVerifiedStatus = false;
158 if (HandleAuthResult(extraInfo, authedAccountId, isUpdateVerifiedStatus) != ERR_OK) {
159 int32_t remainTimes = 0;
160 int32_t freezingTime = 0;
161 extraInfo.GetInt32Value(Attributes::AttributeKey::ATTR_REMAIN_TIMES, remainTimes);
162 extraInfo.GetInt32Value(Attributes::AttributeKey::ATTR_FREEZING_TIME, freezingTime);
163 Attributes errInfo;
164 errInfo.SetInt32Value(Attributes::AttributeKey::ATTR_REMAIN_TIMES, remainTimes);
165 errInfo.SetInt32Value(Attributes::AttributeKey::ATTR_FREEZING_TIME, freezingTime);
166 innerCallback_->OnResult(ResultCode::FAIL, errInfo);
167 return AccountInfoReport::ReportSecurityInfo("", authedAccountId, ReportEvent::EVENT_LOGIN, ResultCode::FAIL);
168 }
169 innerCallback_->OnResult(result, extraInfo);
170 if (isUpdateVerifiedStatus) {
171 (void)IInnerOsAccountManager::GetInstance().SetOsAccountIsVerified(authedAccountId, true);
172 }
173 (void)IInnerOsAccountManager::GetInstance().SetOsAccountIsLoggedIn(authedAccountId, true);
174 AccountInfoReport::ReportSecurityInfo("", authedAccountId, ReportEvent::EVENT_LOGIN, result);
175 }
176
OnAcquireInfo(int32_t module,uint32_t acquireInfo,const Attributes & extraInfo)177 void AuthCallback::OnAcquireInfo(int32_t module, uint32_t acquireInfo, const Attributes &extraInfo)
178 {
179 if (innerCallback_ == nullptr) {
180 ACCOUNT_LOGE("innerCallback_ is nullptr");
181 return;
182 }
183 innerCallback_->OnAcquireInfo(module, acquireInfo, extraInfo);
184 }
185
OnRemoteDied(const wptr<IRemoteObject> & remote)186 void IDMCallbackDeathRecipient::OnRemoteDied(const wptr<IRemoteObject> &remote)
187 {
188 ACCOUNT_LOGI("Remote callback died, cancel cred");
189 if (userId_ > 0) {
190 UserIDMClient::GetInstance().Cancel(userId_);
191 }
192 }
193
IDMCallbackDeathRecipient(uint32_t userId)194 IDMCallbackDeathRecipient::IDMCallbackDeathRecipient(uint32_t userId) : userId_(userId)
195 {}
196
AddCredCallback(uint32_t userId,const CredentialParameters & credInfo,const sptr<IIDMCallback> & callback)197 AddCredCallback::AddCredCallback(uint32_t userId, const CredentialParameters &credInfo,
198 const sptr<IIDMCallback> &callback)
199 : userId_(userId), credInfo_(credInfo), innerCallback_(callback)
200 {}
201
SetDeathRecipient(const sptr<IDMCallbackDeathRecipient> & deathRecipient)202 void AddCredCallback::SetDeathRecipient(const sptr<IDMCallbackDeathRecipient> &deathRecipient)
203 {
204 deathRecipient_ = deathRecipient;
205 }
206
AddUserKey(int32_t userId,uint64_t secureUid,const std::vector<uint8_t> & token,const std::vector<uint8_t> & oldSecret,const std::vector<uint8_t> & newSecret)207 static ErrCode AddUserKey(int32_t userId, uint64_t secureUid, const std::vector<uint8_t> &token,
208 const std::vector<uint8_t> &oldSecret, const std::vector<uint8_t> &newSecret)
209 {
210 ErrCode errCode = InnerAccountIAMManager::GetInstance().UpdateStorageUserAuth(
211 userId, secureUid, token, oldSecret, newSecret);
212 if (errCode != ERR_OK) {
213 ReportOsAccountOperationFail(userId, "addCredential", errCode, "Failed to update user auth");
214 return errCode;
215 }
216 errCode = InnerAccountIAMManager::GetInstance().UpdateStorageKeyContext(userId);
217 if (errCode != ERR_OK) {
218 ReportOsAccountOperationFail(userId, "addCredential", errCode, "Failed to update key context");
219 }
220 return errCode;
221 }
222
OnResult(int32_t result,const Attributes & extraInfo)223 void AddCredCallback::OnResult(int32_t result, const Attributes &extraInfo)
224 {
225 ACCOUNT_LOGI("AddCredCallback, result=%{public}d.", result);
226 if (innerCallback_ == nullptr || innerCallback_->AsObject() == nullptr) {
227 ACCOUNT_LOGE("innerCallback_ is nullptr");
228 return;
229 }
230 innerCallback_->AsObject()->RemoveDeathRecipient(deathRecipient_);
231 auto &innerIamMgr_ = InnerAccountIAMManager::GetInstance();
232 if ((result == 0) && (credInfo_.authType == AuthType::PIN)) {
233 InnerAccountIAMManager::GetInstance().SetState(userId_, AFTER_ADD_CRED);
234 uint64_t credentialId = 0;
235 extraInfo.GetUint64Value(Attributes::AttributeKey::ATTR_CREDENTIAL_ID, credentialId);
236 (void)IInnerOsAccountManager::GetInstance().SetOsAccountCredentialId(userId_, credentialId);
237
238 uint64_t secureUid = 0;
239 extraInfo.GetUint64Value(Attributes::AttributeKey::ATTR_SEC_USER_ID, secureUid);
240 std::vector<uint8_t> newSecret;
241 extraInfo.GetUint8ArrayValue(Attributes::ATTR_ROOT_SECRET, newSecret);
242 std::vector<uint8_t> token;
243 extraInfo.GetUint8ArrayValue(Attributes::ATTR_AUTH_TOKEN, token);
244 std::vector<uint8_t> oldSecret;
245 ErrCode code = AddUserKey(userId_, secureUid, token, oldSecret, newSecret);
246 if (code == ERR_OK) {
247 std::string path = Constants::USER_INFO_BASE + Constants::PATH_SEPARATOR + std::to_string(userId_) +
248 Constants::PATH_SEPARATOR + Constants::USER_ADD_SECRET_FLAG_FILE_NAME;
249 auto accountFileOperator = std::make_shared<AccountFileOperator>();
250 code = accountFileOperator->DeleteDirOrFile(path);
251 if (code != ERR_OK) {
252 ReportOsAccountOperationFail(userId_, "addCredential", code, "Failed to delete add_secret_flag file");
253 ACCOUNT_LOGE("Delete file fail, path=%{public}s", path.c_str());
254 }
255 }
256 }
257 if (result != 0) {
258 ReportOsAccountOperationFail(userId_, "addCredential", result,
259 "Failed to add credential, type: " + std::to_string(credInfo_.authType));
260 if (credInfo_.authType == AuthType::PIN) {
261 std::string path = Constants::USER_INFO_BASE + Constants::PATH_SEPARATOR + std::to_string(userId_) +
262 Constants::PATH_SEPARATOR + Constants::USER_ADD_SECRET_FLAG_FILE_NAME;
263 auto accountFileOperator = std::make_shared<AccountFileOperator>();
264 accountFileOperator->DeleteDirOrFile(path);
265 }
266 }
267 innerIamMgr_.SetState(userId_, AFTER_OPEN_SESSION);
268 innerCallback_->OnResult(result, extraInfo);
269 }
270
OnAcquireInfo(int32_t module,uint32_t acquireInfo,const Attributes & extraInfo)271 void AddCredCallback::OnAcquireInfo(int32_t module, uint32_t acquireInfo, const Attributes &extraInfo)
272 {
273 if (innerCallback_ == nullptr) {
274 ACCOUNT_LOGE("innerCallback_ is nullptr");
275 return;
276 }
277 innerCallback_->OnAcquireInfo(module, acquireInfo, extraInfo);
278 }
279
UpdateCredCallback(uint32_t userId,const CredentialParameters & credInfo,const sptr<IIDMCallback> & callback)280 UpdateCredCallback::UpdateCredCallback(
281 uint32_t userId, const CredentialParameters &credInfo, const sptr<IIDMCallback> &callback)
282 : userId_(userId), credInfo_(credInfo), innerCallback_(callback)
283 {}
284
SetDeathRecipient(const sptr<IDMCallbackDeathRecipient> & deathRecipient)285 void UpdateCredCallback::SetDeathRecipient(const sptr<IDMCallbackDeathRecipient> &deathRecipient)
286 {
287 deathRecipient_ = deathRecipient;
288 }
289
DeleteCredential(uint32_t userId,uint64_t credentialId,const std::vector<uint8_t> & token)290 static void DeleteCredential(uint32_t userId, uint64_t credentialId, const std::vector<uint8_t> &token)
291 {
292 auto idmCallback = std::make_shared<DelCredCallback>(userId, true, token, nullptr);
293 UserIDMClient::GetInstance().DeleteCredential(userId, credentialId, token, idmCallback);
294 }
295
OnResult(int32_t result,const Attributes & extraInfo)296 void UpdateCredCallback::OnResult(int32_t result, const Attributes &extraInfo)
297 {
298 ACCOUNT_LOGI("UpdateCredCallback, userId=%{public}d, result=%{public}d.", userId_, result);
299 if (innerCallback_ == nullptr || innerCallback_->AsObject() == nullptr) {
300 ACCOUNT_LOGE("inner callback is nullptr");
301 return;
302 }
303 innerCallback_->AsObject()->RemoveDeathRecipient(deathRecipient_);
304 auto &innerIamMgr_ = InnerAccountIAMManager::GetInstance();
305 if (result != 0) {
306 ReportOsAccountOperationFail(userId_, "updateCredential", result,
307 "Failed to update credential, type: " + std::to_string(credInfo_.authType));
308 }
309 if ((result != 0) || (credInfo_.authType != AuthType::PIN)) {
310 ACCOUNT_LOGE("UpdateCredCallback fail code=%{public}d, authType=%{public}d", result, credInfo_.authType);
311 return innerCallback_->OnResult(result, extraInfo);
312 }
313 UpdateCredInfo updateCredInfo;
314 extraInfo.GetUint64Value(Attributes::AttributeKey::ATTR_CREDENTIAL_ID, updateCredInfo.credentialId);
315 extraInfo.GetUint64Value(Attributes::AttributeKey::ATTR_SEC_USER_ID, updateCredInfo.secureUid);
316 extraInfo.GetUint8ArrayValue(Attributes::ATTR_AUTH_TOKEN, updateCredInfo.token);
317 extraInfo.GetUint8ArrayValue(Attributes::ATTR_ROOT_SECRET, updateCredInfo.newSecret);
318 std::vector<uint8_t> oldSecret;
319 extraInfo.GetUint8ArrayValue(Attributes::ATTR_OLD_ROOT_SECRET, oldSecret);
320 ErrCode code = innerIamMgr_.UpdateStorageUserAuth(userId_, updateCredInfo.secureUid,
321 updateCredInfo.token, oldSecret, {});
322 if (code != ERR_OK) {
323 DeleteCredential(userId_, updateCredInfo.credentialId, credInfo_.token);
324 ReportOsAccountOperationFail(userId_, "updateCredential", code, "Failed to update user auth");
325 innerIamMgr_.SetState(userId_, AFTER_OPEN_SESSION);
326 return innerCallback_->OnResult(code, extraInfo);
327 }
328 uint64_t oldCredentialId = 0;
329 extraInfo.GetUint64Value(Attributes::AttributeKey::ATTR_OLD_CREDENTIAL_ID, oldCredentialId);
330 auto idmCallback = std::make_shared<CommitCredUpdateCallback>(userId_, updateCredInfo, innerCallback_);
331 Security::AccessToken::AccessTokenID selfToken = IPCSkeleton::GetSelfTokenID();
332 result = SetFirstCallerTokenID(selfToken);
333 ACCOUNT_LOGI("Set first caller info result: %{public}d", result);
334 UserIDMClient::GetInstance().DeleteCredential(userId_, oldCredentialId, credInfo_.token, idmCallback);
335 }
336
OnAcquireInfo(int32_t module,uint32_t acquireInfo,const Attributes & extraInfo)337 void UpdateCredCallback::OnAcquireInfo(int32_t module, uint32_t acquireInfo, const Attributes &extraInfo)
338 {
339 if (innerCallback_ == nullptr) {
340 ACCOUNT_LOGE("innerCallback_ is nullptr");
341 return;
342 }
343 innerCallback_->OnAcquireInfo(module, acquireInfo, extraInfo);
344 }
345
346 #ifdef HAS_PIN_AUTH_PART
OnGetData(int32_t authSubType,std::vector<uint8_t> challenge,std::shared_ptr<IInputerData> inputerData)347 void DelUserInputer::OnGetData(int32_t authSubType, std::vector<uint8_t> challenge,
348 std::shared_ptr<IInputerData> inputerData)
349 {
350 ACCOUNT_LOGI("Get temporary data, authSubType: %{public}d", authSubType);
351 if (inputerData == nullptr) {
352 ACCOUNT_LOGE("InputerData is nullptr");
353 return;
354 }
355 inputerData->OnSetData(PinSubType::PIN_SIX, TEMP_PIN);
356 }
357
OnResult(int32_t result,const UserIam::UserAuth::Attributes & extraInfo)358 void CommitDelCredCallback::OnResult(int32_t result, const UserIam::UserAuth::Attributes &extraInfo)
359 {
360 std::unique_lock<std::mutex> lock(mutex_);
361 ACCOUNT_LOGI("IAM OnResult callback! result %{public}d", result);
362 isCalled_ = true;
363 resultCode_ = result;
364 onResultCondition_.notify_one();
365 }
366
OnAcquireInfo(int32_t module,uint32_t acquireInfo,const UserIam::UserAuth::Attributes & extraInfo)367 void CommitDelCredCallback::OnAcquireInfo(int32_t module, uint32_t acquireInfo,
368 const UserIam::UserAuth::Attributes &extraInfo)
369 {
370 ACCOUNT_LOGI("IAM OnAcquireInfo callback! module %{public}d, acquire %{public}u.", module, acquireInfo);
371 }
372
DelUserCallback(uint32_t userId,const std::vector<uint8_t> & token,const sptr<IIDMCallback> & callback)373 DelUserCallback::DelUserCallback(uint32_t userId, const std::vector<uint8_t> &token, const sptr<IIDMCallback> &callback)
374 : userId_(userId), token_(token), innerCallback_(callback)
375 {}
376
~DelUserCallback()377 DelUserCallback::~DelUserCallback()
378 {
379 InnerAccountIAMManager::GetInstance().OnDelUserDone(userId_);
380 }
381
ConvertDelUserErrCode(int32_t result)382 static int32_t ConvertDelUserErrCode(int32_t result)
383 {
384 switch (result) {
385 case ResultCode::NOT_ENROLLED:
386 case ResultCode::INVALID_PARAMETERS:
387 return ERR_IAM_TOKEN_AUTH_FAILED;
388 case ResultCode::CANCELED:
389 case ResultCode::TIMEOUT:
390 return ERR_IAM_GENERAL_ERROR;
391 default:
392 return result;
393 }
394 }
395
OnResult(int32_t result,const Attributes & extraInfo)396 void DelUserCallback::OnResult(int32_t result, const Attributes &extraInfo)
397 {
398 ACCOUNT_LOGI("DelUserCallback, userId: %{public}d, result: %{public}d", userId_, result);
399 if (innerCallback_ == nullptr) {
400 ACCOUNT_LOGE("Inner callback is nullptr");
401 return;
402 }
403 result = ConvertDelUserErrCode(result);
404 if (result != ERR_OK) {
405 ACCOUNT_LOGE("DelUserCallback fail code = %{public}d", result);
406 ReportOsAccountOperationFail(userId_, "deleteCredential", result, "Failed to delete user");
407 return innerCallback_->OnResult(result, extraInfo);
408 }
409 uint64_t secureUid = 0;
410 extraInfo.GetUint64Value(Attributes::AttributeKey::ATTR_SEC_USER_ID, secureUid);
411 std::vector<uint8_t> oldSecret;
412 extraInfo.GetUint8ArrayValue(Attributes::ATTR_OLD_ROOT_SECRET, oldSecret);
413 std::vector<uint8_t> token;
414 extraInfo.GetUint8ArrayValue(Attributes::ATTR_AUTH_TOKEN, token);
415 auto &innerIamMgr_ = InnerAccountIAMManager::GetInstance();
416 ErrCode errCode = innerIamMgr_.UpdateStorageUserAuth(userId_, secureUid, token, oldSecret, {});
417 if (errCode != ERR_OK) {
418 ReportOsAccountOperationFail(userId_, "deleteCredential", errCode, "Failed to update user auth");
419 uint64_t credentialId = 0;
420 extraInfo.GetUint64Value(Attributes::AttributeKey::ATTR_CREDENTIAL_ID, credentialId);
421 DeleteCredential(userId_, credentialId, token);
422 ACCOUNT_LOGE("Fail to delete root secret, userId=%{public}d, errcode=%{public}d", userId_, errCode);
423 return innerCallback_->OnResult(errCode, extraInfo);
424 }
425
426 Security::AccessToken::AccessTokenID selfToken = IPCSkeleton::GetSelfTokenID();
427 result = SetFirstCallerTokenID(selfToken);
428 ACCOUNT_LOGI("Set first caller info result: %{public}d", result);
429 auto deleteUserCallback = std::make_shared<CommitDelCredCallback>();
430 UserIDMClient::GetInstance().DeleteUser(userId_, token_, deleteUserCallback);
431 std::unique_lock<std::mutex> lock(deleteUserCallback->mutex_);
432 deleteUserCallback->onResultCondition_.wait(lock, [deleteUserCallback] { return deleteUserCallback->isCalled_; });
433 if (deleteUserCallback->resultCode_ != ERR_OK) {
434 ACCOUNT_LOGE("Failed to erase user in callback, userId=%{public}d, errcode=%{public}d",
435 userId_, deleteUserCallback->resultCode_);
436 ReportOsAccountOperationFail(userId_, "deleteCredential", deleteUserCallback->resultCode_,
437 "Failed to erase user");
438 return innerCallback_->OnResult(deleteUserCallback->resultCode_, extraInfo);
439 }
440 (void)IInnerOsAccountManager::GetInstance().SetOsAccountCredentialId(userId_, 0);
441 errCode = innerIamMgr_.UpdateStorageKeyContext(userId_);
442 if (errCode != ERR_OK) {
443 ReportOsAccountOperationFail(userId_, "deleteCredential", errCode, "Failed to update key context");
444 }
445 innerCallback_->OnResult(errCode, extraInfo);
446 }
447 #endif // HAS_PIN_AUTH_PART
448
CommitCredUpdateCallback(int32_t userId,const UpdateCredInfo & extraUpdateInfo,const sptr<IIDMCallback> & callback)449 CommitCredUpdateCallback::CommitCredUpdateCallback(int32_t userId,
450 const UpdateCredInfo &extraUpdateInfo, const sptr<IIDMCallback> &callback)
451 : userId_(userId), extraUpdateInfo_(extraUpdateInfo), innerCallback_(callback)
452 {}
453
OnResult(int32_t result,const Attributes & extraInfo)454 void CommitCredUpdateCallback::OnResult(int32_t result, const Attributes &extraInfo)
455 {
456 ACCOUNT_LOGI("CommitCredUpdateCallback, result=%{public}d.", result);
457 if (innerCallback_ == nullptr) {
458 ACCOUNT_LOGE("innerCallback_ is nullptr");
459 return;
460 }
461
462 auto &innerIamMgr_ = InnerAccountIAMManager::GetInstance();
463 if (result != 0) {
464 ACCOUNT_LOGE("CommitCredUpdateCallback fail code=%{public}d", result);
465 ReportOsAccountOperationFail(userId_, "commitCredUpdate", result, "Failed to commit credential update");
466 innerCallback_->OnResult(result, extraInfo);
467 innerIamMgr_.SetState(userId_, AFTER_OPEN_SESSION);
468 return;
469 }
470 ErrCode code = innerIamMgr_.UpdateStorageUserAuth(
471 userId_, extraUpdateInfo_.secureUid, extraUpdateInfo_.token, {}, extraUpdateInfo_.newSecret);
472 if (code != ERR_OK) {
473 ACCOUNT_LOGE("Fail to update user auth, userId=%{public}d, code=%{public}d", userId_, code);
474 innerIamMgr_.SetState(userId_, AFTER_OPEN_SESSION);
475 ReportOsAccountOperationFail(userId_, "commitCredUpdate", code, "Failed to update user auth");
476 innerCallback_->OnResult(code, extraInfo);
477 return;
478 }
479 ErrCode updateRet = innerIamMgr_.UpdateStorageKeyContext(userId_);
480 if (updateRet != ERR_OK) {
481 ReportOsAccountOperationFail(userId_, "commitCredUpdate", updateRet, "Failed to update key context");
482 }
483 innerIamMgr_.SetState(userId_, AFTER_OPEN_SESSION);
484 (void)IInnerOsAccountManager::GetInstance().SetOsAccountCredentialId(userId_, extraUpdateInfo_.credentialId);
485 Attributes extraInfoResult;
486 extraInfoResult.SetUint64Value(Attributes::AttributeKey::ATTR_CREDENTIAL_ID, extraUpdateInfo_.credentialId);
487 innerCallback_->OnResult(result, extraInfoResult);
488 }
489
OnAcquireInfo(int32_t module,uint32_t acquireInfo,const Attributes & extraInfo)490 void CommitCredUpdateCallback::OnAcquireInfo(int32_t module, uint32_t acquireInfo, const Attributes &extraInfo)
491 {
492 ACCOUNT_LOGE("CommitCredUpdateCallback OnAcquireInfo");
493 }
494
DelCredCallback(int32_t userId,bool isPIN,std::vector<uint8_t> token,const sptr<IIDMCallback> & callback)495 DelCredCallback::DelCredCallback(int32_t userId, bool isPIN, std::vector<uint8_t> token,
496 const sptr<IIDMCallback> &callback)
497 : userId_(userId), isPIN_(isPIN), token_(token), innerCallback_(callback)
498 {}
499
OnResult(int32_t result,const Attributes & extraInfo)500 void DelCredCallback::OnResult(int32_t result, const Attributes &extraInfo)
501 {
502 ACCOUNT_LOGI("DelCredCallback, result=%{public}d, userId=%{public}d", result, userId_);
503 if (innerCallback_ == nullptr) {
504 ACCOUNT_LOGE("innerCallback_ is nullptr");
505 return;
506 }
507 auto &innerIamMgr_ = InnerAccountIAMManager::GetInstance();
508 if ((result == 0) && isPIN_) {
509 (void)IInnerOsAccountManager::GetInstance().SetOsAccountCredentialId(userId_, 0); // 0-invalid credentialId
510 std::vector<uint8_t> newSecret;
511 std::vector<uint8_t> oldSecret;
512 extraInfo.GetUint8ArrayValue(Attributes::ATTR_OLD_ROOT_SECRET, oldSecret);
513 uint64_t secureUid = 0;
514 extraInfo.GetUint64Value(Attributes::AttributeKey::ATTR_SEC_USER_ID, secureUid);
515 ErrCode updateRet = innerIamMgr_.UpdateStorageUserAuth(userId_, secureUid, token_, oldSecret, newSecret);
516 if (updateRet != ERR_OK) {
517 ReportOsAccountOperationFail(userId_, "deleteCredential", updateRet, "Failed to update user auth");
518 }
519 updateRet = innerIamMgr_.UpdateStorageKeyContext(userId_);
520 if (updateRet != ERR_OK) {
521 ReportOsAccountOperationFail(userId_, "deleteCredential", updateRet, "Failed to update key context");
522 }
523 }
524 if (result != 0) {
525 ACCOUNT_LOGE("DelCredCallback fail code=%{public}d, userId=%{public}d", result, userId_);
526 ReportOsAccountOperationFail(userId_, "deleteCredential", result, "Failed to delete credential");
527 }
528
529 innerIamMgr_.SetState(userId_, AFTER_OPEN_SESSION);
530 innerCallback_->OnResult(result, extraInfo);
531 }
532
OnAcquireInfo(int32_t module,uint32_t acquireInfo,const Attributes & extraInfo)533 void DelCredCallback::OnAcquireInfo(int32_t module, uint32_t acquireInfo, const Attributes &extraInfo)
534 {
535 if (innerCallback_ == nullptr) {
536 ACCOUNT_LOGE("innerCallback_ is nullptr");
537 return;
538 }
539 innerCallback_->OnAcquireInfo(module, acquireInfo, extraInfo);
540 }
541
GetCredInfoCallbackWrapper(int32_t userId,int32_t authType,const sptr<IGetCredInfoCallback> & callback)542 GetCredInfoCallbackWrapper::GetCredInfoCallbackWrapper(
543 int32_t userId, int32_t authType, const sptr<IGetCredInfoCallback> &callback)
544 : userId_(userId), authType_(authType), innerCallback_(callback)
545 {}
546
OnCredentialInfo(const std::vector<CredentialInfo> & infoList)547 void GetCredInfoCallbackWrapper::OnCredentialInfo(const std::vector<CredentialInfo> &infoList)
548 {
549 if (innerCallback_ == nullptr) {
550 return;
551 }
552 if (authType_ == 0) {
553 bool isAvailable = InnerAccountIAMManager::GetInstance().CheckDomainAuthAvailable(userId_);
554 if (isAvailable) {
555 std::vector<CredentialInfo> newInfoList = infoList;
556 CredentialInfo info;
557 info.authType = static_cast<AuthType>(IAMAuthType::DOMAIN);
558 info.pinType = static_cast<PinSubType>(IAMAuthSubType::DOMAIN_MIXED);
559 newInfoList.emplace_back(info);
560 return innerCallback_->OnCredentialInfo(newInfoList);
561 }
562 }
563 return innerCallback_->OnCredentialInfo(infoList);
564 }
565
GetPropCallbackWrapper(int32_t userId,const sptr<IGetSetPropCallback> & callback)566 GetPropCallbackWrapper::GetPropCallbackWrapper(int32_t userId, const sptr<IGetSetPropCallback> &callback)
567 : userId_(userId), innerCallback_(callback)
568 {}
569
OnResult(int32_t result,const Attributes & extraInfo)570 void GetPropCallbackWrapper::OnResult(int32_t result, const Attributes &extraInfo)
571 {
572 if (innerCallback_ == nullptr) {
573 ACCOUNT_LOGE("inner callback is nullptr");
574 return;
575 }
576 if (result != 0) {
577 ReportOsAccountOperationFail(userId_, "getProperty", result, "Failed to get property");
578 }
579 innerCallback_->OnResult(result, extraInfo);
580 }
581
SetPropCallbackWrapper(int32_t userId,const sptr<IGetSetPropCallback> & callback)582 SetPropCallbackWrapper::SetPropCallbackWrapper(int32_t userId, const sptr<IGetSetPropCallback> &callback)
583 : userId_(userId), innerCallback_(callback)
584 {}
585
OnResult(int32_t result,const Attributes & extraInfo)586 void SetPropCallbackWrapper::OnResult(int32_t result, const Attributes &extraInfo)
587 {
588 if (innerCallback_ == nullptr) {
589 ACCOUNT_LOGE("inner callback is nullptr");
590 return;
591 }
592 if (result != 0) {
593 ReportOsAccountOperationFail(userId_, "setProperty", result, "Failed to set property");
594 }
595 innerCallback_->OnResult(result, extraInfo);
596 }
597
GetSecUserInfoCallbackWrapper(AuthType authType,const sptr<IGetEnrolledIdCallback> & callback)598 GetSecUserInfoCallbackWrapper::GetSecUserInfoCallbackWrapper(
599 AuthType authType, const sptr<IGetEnrolledIdCallback> &callback)
600 : authType_(authType), innerCallback_(callback)
601 {}
602
OnSecUserInfo(const SecUserInfo & info)603 void GetSecUserInfoCallbackWrapper::OnSecUserInfo(const SecUserInfo &info)
604 {
605 if (innerCallback_ == nullptr) {
606 return;
607 }
608
609 auto it = std::find_if(info.enrolledInfo.begin(), info.enrolledInfo.end(), [this](const auto& item) {
610 return item.authType == authType_;
611 });
612 if (it != info.enrolledInfo.end()) {
613 return innerCallback_->OnEnrolledId(ERR_OK, it->enrolledId);
614 } else {
615 return innerCallback_->OnEnrolledId(ERR_IAM_NOT_ENROLLED, 0);
616 }
617 }
618
GetSecureUidCallback(int32_t userId)619 GetSecureUidCallback::GetSecureUidCallback(int32_t userId): userId_(userId)
620 {}
621
OnSecUserInfo(const SecUserInfo & info)622 void GetSecureUidCallback::OnSecUserInfo(const SecUserInfo &info)
623 {
624 ACCOUNT_LOGI("SecUserInfo call back userId=%{public}d", userId_);
625 std::unique_lock<std::mutex> lck(secureMtx_);
626 this->secureUid_ = info.secureUid;
627 secureCv_.notify_all();
628 }
629
PrepareRemoteAuthCallbackWrapper(const sptr<IPreRemoteAuthCallback> & callback)630 PrepareRemoteAuthCallbackWrapper::PrepareRemoteAuthCallbackWrapper(const sptr<IPreRemoteAuthCallback> &callback)
631 : innerCallback_(callback)
632 {}
633
OnResult(int32_t result)634 void PrepareRemoteAuthCallbackWrapper::OnResult(int32_t result)
635 {
636 if (innerCallback_ == nullptr) {
637 ACCOUNT_LOGE("Inner callback is nullptr.");
638 return;
639 }
640 if (result != 0) {
641 ACCOUNT_LOGE("PrepareRemoteAuth, result=%{public}d fail to prepare remote auth.", result);
642 }
643 innerCallback_->OnResult(result);
644 }
645
GetDomainAuthStatusInfoCallback(const GetPropertyRequest & request,const sptr<IGetSetPropCallback> & callback)646 GetDomainAuthStatusInfoCallback::GetDomainAuthStatusInfoCallback(
647 const GetPropertyRequest &request, const sptr<IGetSetPropCallback> &callback)
648 : request_(request), innerCallback_(callback)
649 {}
650
OnResult(int32_t result,Parcel & parcel)651 void GetDomainAuthStatusInfoCallback::OnResult(int32_t result, Parcel &parcel)
652 {
653 if (innerCallback_ == nullptr) {
654 ACCOUNT_LOGE("inner callback is nullptr");
655 return;
656 }
657 Attributes attributes;
658 std::shared_ptr<AuthStatusInfo> infoPtr(AuthStatusInfo::Unmarshalling(parcel));
659 if (infoPtr == nullptr) {
660 innerCallback_->OnResult(result, attributes);
661 return;
662 }
663 attributes.SetInt32Value(Attributes::ATTR_PIN_SUB_TYPE, static_cast<int32_t>(IAMAuthSubType::DOMAIN_MIXED));
664 attributes.SetInt32Value(Attributes::ATTR_REMAIN_TIMES, infoPtr->remainingTimes);
665 attributes.SetInt32Value(Attributes::ATTR_FREEZING_TIME, infoPtr->freezingTime);
666 innerCallback_->OnResult(result, attributes);
667 }
668 } // namespace AccountSA
669 } // namespace OHOS
670