1 /*
2 * Copyright (c) 2022-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "account_iam_callback.h"
17
18 #include <securec.h>
19 #include <string>
20 #include "access_token.h"
21 #include "account_iam_info.h"
22 #include "account_info_report.h"
23 #include "account_log_wrapper.h"
24 #include "account_hisysevent_adapter.h"
25 #include "iinner_os_account_manager.h"
26 #include "inner_account_iam_manager.h"
27 #include "inner_domain_account_manager.h"
28 #include "ipc_skeleton.h"
29 #include "os_account_delete_user_idm_callback.h"
30 #include "token_setproc.h"
31 #include "user_auth_client.h"
32 #include "user_idm_client.h"
33 #include "os_account_constants.h"
34
35 namespace OHOS {
36 namespace AccountSA {
37 using UserIDMClient = UserIam::UserAuth::UserIdmClient;
38 using UserAuthClient = UserIam::UserAuth::UserAuthClient;
39
40 const std::vector<uint8_t> TEMP_PIN = {50, 48, 50, 52, 48, 56};
41
SetContextId(uint16_t contextId)42 void AuthCallbackDeathRecipient::SetContextId(uint16_t contextId)
43 {
44 contextId_ = contextId;
45 }
46
OnRemoteDied(const wptr<IRemoteObject> & remote)47 void AuthCallbackDeathRecipient::OnRemoteDied(const wptr<IRemoteObject> &remote)
48 {
49 ACCOUNT_LOGI("remote callback died, cancel authentication");
50 if (contextId_ > 0) {
51 UserAuthClient::GetInstance().CancelAuthentication(contextId_);
52 }
53 }
54
AuthCallback(uint32_t userId,AuthType authType,AuthIntent authIntent,const sptr<IIDMCallback> & callback)55 AuthCallback::AuthCallback(
56 uint32_t userId, AuthType authType, AuthIntent authIntent, const sptr<IIDMCallback> &callback)
57 : userId_(userId), authType_(authType), authIntent_(authIntent), innerCallback_(callback)
58 {}
59
AuthCallback(uint32_t userId,AuthType authType,AuthIntent authIntent,bool isRemoteAuth,const sptr<IIDMCallback> & callback)60 AuthCallback::AuthCallback(uint32_t userId, AuthType authType, AuthIntent authIntent,
61 bool isRemoteAuth, const sptr<IIDMCallback> &callback)
62 : userId_(userId), authType_(authType), authIntent_(authIntent),
63 isRemoteAuth_(isRemoteAuth), innerCallback_(callback)
64 {}
65
UnlockAccount(int32_t accountId,const std::vector<uint8_t> & token,const std::vector<uint8_t> & secret,bool & isUpdateVerifiedStatus)66 ErrCode AuthCallback::UnlockAccount(int32_t accountId, const std::vector<uint8_t> &token,
67 const std::vector<uint8_t> &secret, bool &isUpdateVerifiedStatus)
68 {
69 ErrCode ret = ERR_OK;
70 if (authType_ == AuthType::PIN) {
71 (void)InnerAccountIAMManager::GetInstance().HandleFileKeyException(accountId, secret, token);
72 bool isVerified = false;
73 (void)IInnerOsAccountManager::GetInstance().IsOsAccountVerified(accountId, isVerified);
74 bool needActivateKey = true;
75 if (isVerified) {
76 ret = InnerAccountIAMManager::GetInstance().CheckNeedReactivateUserKey(accountId, needActivateKey);
77 if (ret != ERR_OK) {
78 ReportOsAccountOperationFail(accountId, "auth", ret, "Failed to check need reactivate user key");
79 ACCOUNT_LOGE("Failed to check need reactivate key, ret = %{public}d.", ret);
80 }
81 }
82
83 if (needActivateKey) {
84 // el2 file decryption
85 ret = InnerAccountIAMManager::GetInstance().ActivateUserKey(accountId, token, secret);
86 if (ret != 0) {
87 ACCOUNT_LOGE("Failed to activate user key");
88 ReportOsAccountOperationFail(accountId, "auth", ret, "Failed to activate user key");
89 return ret;
90 }
91 isUpdateVerifiedStatus = true;
92 }
93 }
94 ret = UnlockUserScreen(accountId, token, secret, isUpdateVerifiedStatus);
95 return ret;
96 }
97
UnlockUserScreen(int32_t accountId,const std::vector<uint8_t> & token,const std::vector<uint8_t> & secret,bool & isUpdateVerifiedStatus)98 ErrCode AuthCallback::UnlockUserScreen(int32_t accountId, const std::vector<uint8_t> &token,
99 const std::vector<uint8_t> &secret, bool &isUpdateVerifiedStatus)
100 {
101 ErrCode ret = ERR_OK;
102 if (!isUpdateVerifiedStatus) {
103 bool lockScreenStatus = false;
104 ret = InnerAccountIAMManager::GetInstance().GetLockScreenStatus(accountId, lockScreenStatus);
105 if (ret != 0) {
106 ReportOsAccountOperationFail(accountId, "auth", ret, "Failed to get lock status");
107 }
108 if (!lockScreenStatus) {
109 ACCOUNT_LOGI("start unlock user screen");
110 // el3\4 file decryption
111 ret = InnerAccountIAMManager::GetInstance().UnlockUserScreen(accountId, token, secret);
112 if (ret != 0) {
113 ReportOsAccountOperationFail(accountId, "auth", ret, "Failed to unlock user");
114 return ret;
115 }
116 }
117 }
118 return ret;
119 }
120
HandleAuthResult(const Attributes & extraInfo,int32_t accountId,bool & isUpdateVerifiedStatus)121 ErrCode AuthCallback::HandleAuthResult(const Attributes &extraInfo, int32_t accountId, bool &isUpdateVerifiedStatus)
122 {
123 // domain account authentication
124 if (authType_ == static_cast<AuthType>(IAMAuthType::DOMAIN)) {
125 return ERR_OK;
126 }
127 std::vector<uint8_t> token;
128 extraInfo.GetUint8ArrayValue(Attributes::ATTR_SIGNATURE, token);
129 std::vector<uint8_t> secret;
130 extraInfo.GetUint8ArrayValue(Attributes::ATTR_ROOT_SECRET, secret);
131 ErrCode ret = UnlockAccount(accountId, token, secret, isUpdateVerifiedStatus);
132 if (ret != ERR_OK) {
133 return ret;
134 }
135 // send msg for domain account offline authentication
136 InnerDomainAccountManager::GetInstance().AuthWithToken(accountId, token);
137 return ret;
138 }
139
SetDeathRecipient(const sptr<AuthCallbackDeathRecipient> & deathRecipient)140 void AuthCallback::SetDeathRecipient(const sptr<AuthCallbackDeathRecipient> &deathRecipient)
141 {
142 deathRecipient_ = deathRecipient;
143 }
144
OnResult(int32_t result,const Attributes & extraInfo)145 void AuthCallback::OnResult(int32_t result, const Attributes &extraInfo)
146 {
147 int32_t authedAccountId = 0;
148 if (!extraInfo.GetInt32Value(Attributes::AttributeKey::ATTR_USER_ID, authedAccountId)) {
149 ACCOUNT_LOGE("Get account id from auth result failed");
150 authedAccountId = static_cast<int32_t>(userId_);
151 }
152 ACCOUNT_LOGI("Auth ret: authType=%{public}d, result=%{public}d, id=%{public}d", authType_, result, authedAccountId);
153 if (innerCallback_ == nullptr) {
154 ACCOUNT_LOGE("innerCallback_ is nullptr");
155 return;
156 }
157 innerCallback_->AsObject()->RemoveDeathRecipient(deathRecipient_);
158 if (result != 0) {
159 innerCallback_->OnResult(result, extraInfo);
160 ReportOsAccountOperationFail(authedAccountId, "auth", result, "Failed to auth");
161 return AccountInfoReport::ReportSecurityInfo("", authedAccountId, ReportEvent::EVENT_LOGIN, result);
162 }
163 // private pin auth
164 if ((authType_ == AuthType::PRIVATE_PIN) || (authIntent_ == AuthIntent::QUESTION_AUTH)) {
165 ACCOUNT_LOGI("Private pin auth");
166 innerCallback_->OnResult(result, extraInfo);
167 return;
168 }
169 if (isRemoteAuth_) {
170 ACCOUNT_LOGI("Remote auth");
171 innerCallback_->OnResult(result, extraInfo);
172 return;
173 }
174 bool isUpdateVerifiedStatus = false;
175 if (HandleAuthResult(extraInfo, authedAccountId, isUpdateVerifiedStatus) != ERR_OK) {
176 int32_t remainTimes = 0;
177 int32_t freezingTime = 0;
178 extraInfo.GetInt32Value(Attributes::AttributeKey::ATTR_REMAIN_TIMES, remainTimes);
179 extraInfo.GetInt32Value(Attributes::AttributeKey::ATTR_FREEZING_TIME, freezingTime);
180 Attributes errInfo;
181 errInfo.SetInt32Value(Attributes::AttributeKey::ATTR_REMAIN_TIMES, remainTimes);
182 errInfo.SetInt32Value(Attributes::AttributeKey::ATTR_FREEZING_TIME, freezingTime);
183 innerCallback_->OnResult(ResultCode::FAIL, errInfo);
184 return AccountInfoReport::ReportSecurityInfo("", authedAccountId, ReportEvent::EVENT_LOGIN, ResultCode::FAIL);
185 }
186 innerCallback_->OnResult(result, extraInfo);
187 if (isUpdateVerifiedStatus) {
188 (void)IInnerOsAccountManager::GetInstance().SetOsAccountIsVerified(authedAccountId, true);
189 }
190 (void)IInnerOsAccountManager::GetInstance().SetOsAccountIsLoggedIn(authedAccountId, true);
191 AccountInfoReport::ReportSecurityInfo("", authedAccountId, ReportEvent::EVENT_LOGIN, result);
192 }
193
OnAcquireInfo(int32_t module,uint32_t acquireInfo,const Attributes & extraInfo)194 void AuthCallback::OnAcquireInfo(int32_t module, uint32_t acquireInfo, const Attributes &extraInfo)
195 {
196 if (innerCallback_ == nullptr) {
197 ACCOUNT_LOGE("innerCallback_ is nullptr");
198 return;
199 }
200 innerCallback_->OnAcquireInfo(module, acquireInfo, extraInfo);
201 }
202
OnRemoteDied(const wptr<IRemoteObject> & remote)203 void IDMCallbackDeathRecipient::OnRemoteDied(const wptr<IRemoteObject> &remote)
204 {
205 ACCOUNT_LOGI("Remote callback died, cancel cred");
206 if (userId_ > 0) {
207 UserIDMClient::GetInstance().Cancel(userId_);
208 }
209 }
210
IDMCallbackDeathRecipient(uint32_t userId)211 IDMCallbackDeathRecipient::IDMCallbackDeathRecipient(uint32_t userId) : userId_(userId)
212 {}
213
AddCredCallback(uint32_t userId,const CredentialParameters & credInfo,const sptr<IIDMCallback> & callback)214 AddCredCallback::AddCredCallback(uint32_t userId, const CredentialParameters &credInfo,
215 const sptr<IIDMCallback> &callback)
216 : userId_(userId), credInfo_(credInfo), innerCallback_(callback)
217 {}
218
SetDeathRecipient(const sptr<IDMCallbackDeathRecipient> & deathRecipient)219 void AddCredCallback::SetDeathRecipient(const sptr<IDMCallbackDeathRecipient> &deathRecipient)
220 {
221 deathRecipient_ = deathRecipient;
222 }
223
AddUserKey(int32_t userId,uint64_t secureUid,const std::vector<uint8_t> & token,const std::vector<uint8_t> & oldSecret,const std::vector<uint8_t> & newSecret)224 static ErrCode AddUserKey(int32_t userId, uint64_t secureUid, const std::vector<uint8_t> &token,
225 const std::vector<uint8_t> &oldSecret, const std::vector<uint8_t> &newSecret)
226 {
227 ErrCode errCode = InnerAccountIAMManager::GetInstance().UpdateStorageUserAuth(
228 userId, secureUid, token, oldSecret, newSecret);
229 if (errCode != ERR_OK) {
230 ReportOsAccountOperationFail(userId, "addCredential", errCode, "Failed to update user auth");
231 return errCode;
232 }
233 errCode = InnerAccountIAMManager::GetInstance().UpdateStorageKeyContext(userId);
234 if (errCode != ERR_OK) {
235 ReportOsAccountOperationFail(userId, "addCredential", errCode, "Failed to update key context");
236 }
237 return errCode;
238 }
239
OnResult(int32_t result,const Attributes & extraInfo)240 void AddCredCallback::OnResult(int32_t result, const Attributes &extraInfo)
241 {
242 ACCOUNT_LOGI("AddCredCallback, result=%{public}d.", result);
243 if (innerCallback_ == nullptr || innerCallback_->AsObject() == nullptr) {
244 ACCOUNT_LOGE("innerCallback_ is nullptr");
245 return;
246 }
247 innerCallback_->AsObject()->RemoveDeathRecipient(deathRecipient_);
248 auto &innerIamMgr_ = InnerAccountIAMManager::GetInstance();
249 if ((result == 0) && (credInfo_.authType == AuthType::PIN)) {
250 InnerAccountIAMManager::GetInstance().SetState(userId_, AFTER_ADD_CRED);
251 uint64_t credentialId = 0;
252 extraInfo.GetUint64Value(Attributes::AttributeKey::ATTR_CREDENTIAL_ID, credentialId);
253 (void)IInnerOsAccountManager::GetInstance().SetOsAccountCredentialId(userId_, credentialId);
254
255 uint64_t secureUid = 0;
256 extraInfo.GetUint64Value(Attributes::AttributeKey::ATTR_SEC_USER_ID, secureUid);
257 std::vector<uint8_t> newSecret;
258 extraInfo.GetUint8ArrayValue(Attributes::ATTR_ROOT_SECRET, newSecret);
259 std::vector<uint8_t> token;
260 extraInfo.GetUint8ArrayValue(Attributes::ATTR_AUTH_TOKEN, token);
261 std::vector<uint8_t> oldSecret;
262 ErrCode code = AddUserKey(userId_, secureUid, token, oldSecret, newSecret);
263 if (code == ERR_OK) {
264 std::string path = Constants::USER_INFO_BASE + Constants::PATH_SEPARATOR + std::to_string(userId_) +
265 Constants::PATH_SEPARATOR + Constants::USER_ADD_SECRET_FLAG_FILE_NAME;
266 auto accountFileOperator = std::make_shared<AccountFileOperator>();
267 code = accountFileOperator->DeleteDirOrFile(path);
268 if (code != ERR_OK) {
269 ReportOsAccountOperationFail(userId_, "addCredential", code, "Failed to delete add_secret_flag file");
270 ACCOUNT_LOGE("Delete file fail, path=%{public}s", path.c_str());
271 }
272 }
273 }
274 if (result != 0) {
275 ReportOsAccountOperationFail(userId_, "addCredential", result,
276 "Failed to add credential, type: " + std::to_string(credInfo_.authType));
277 if (credInfo_.authType == AuthType::PIN) {
278 std::string path = Constants::USER_INFO_BASE + Constants::PATH_SEPARATOR + std::to_string(userId_) +
279 Constants::PATH_SEPARATOR + Constants::USER_ADD_SECRET_FLAG_FILE_NAME;
280 auto accountFileOperator = std::make_shared<AccountFileOperator>();
281 accountFileOperator->DeleteDirOrFile(path);
282 }
283 }
284 innerIamMgr_.SetState(userId_, AFTER_OPEN_SESSION);
285 innerCallback_->OnResult(result, extraInfo);
286 }
287
OnAcquireInfo(int32_t module,uint32_t acquireInfo,const Attributes & extraInfo)288 void AddCredCallback::OnAcquireInfo(int32_t module, uint32_t acquireInfo, const Attributes &extraInfo)
289 {
290 if (innerCallback_ == nullptr) {
291 ACCOUNT_LOGE("innerCallback_ is nullptr");
292 return;
293 }
294 innerCallback_->OnAcquireInfo(module, acquireInfo, extraInfo);
295 }
296
UpdateCredCallback(uint32_t userId,const CredentialParameters & credInfo,const sptr<IIDMCallback> & callback)297 UpdateCredCallback::UpdateCredCallback(
298 uint32_t userId, const CredentialParameters &credInfo, const sptr<IIDMCallback> &callback)
299 : userId_(userId), credInfo_(credInfo), innerCallback_(callback)
300 {}
301
SetDeathRecipient(const sptr<IDMCallbackDeathRecipient> & deathRecipient)302 void UpdateCredCallback::SetDeathRecipient(const sptr<IDMCallbackDeathRecipient> &deathRecipient)
303 {
304 deathRecipient_ = deathRecipient;
305 }
306
DeleteCredential(uint32_t userId,uint64_t credentialId,const std::vector<uint8_t> & token)307 static void DeleteCredential(uint32_t userId, uint64_t credentialId, const std::vector<uint8_t> &token)
308 {
309 auto idmCallback = std::make_shared<DelCredCallback>(userId, true, token, nullptr);
310 UserIDMClient::GetInstance().DeleteCredential(userId, credentialId, token, idmCallback);
311 }
312
OnResult(int32_t result,const Attributes & extraInfo)313 void UpdateCredCallback::OnResult(int32_t result, const Attributes &extraInfo)
314 {
315 ACCOUNT_LOGI("UpdateCredCallback, userId=%{public}d, result=%{public}d.", userId_, result);
316 if (innerCallback_ == nullptr || innerCallback_->AsObject() == nullptr) {
317 ACCOUNT_LOGE("inner callback is nullptr");
318 return;
319 }
320 innerCallback_->AsObject()->RemoveDeathRecipient(deathRecipient_);
321 auto &innerIamMgr_ = InnerAccountIAMManager::GetInstance();
322 if (result != 0) {
323 ReportOsAccountOperationFail(userId_, "updateCredential", result,
324 "Failed to update credential, type: " + std::to_string(credInfo_.authType));
325 }
326 if ((result != 0) || (credInfo_.authType != AuthType::PIN)) {
327 ACCOUNT_LOGE("UpdateCredCallback fail code=%{public}d, authType=%{public}d", result, credInfo_.authType);
328 return innerCallback_->OnResult(result, extraInfo);
329 }
330 UpdateCredInfo updateCredInfo;
331 extraInfo.GetUint64Value(Attributes::AttributeKey::ATTR_CREDENTIAL_ID, updateCredInfo.credentialId);
332 extraInfo.GetUint64Value(Attributes::AttributeKey::ATTR_SEC_USER_ID, updateCredInfo.secureUid);
333 extraInfo.GetUint8ArrayValue(Attributes::ATTR_AUTH_TOKEN, updateCredInfo.token);
334 extraInfo.GetUint8ArrayValue(Attributes::ATTR_ROOT_SECRET, updateCredInfo.newSecret);
335 std::vector<uint8_t> oldSecret;
336 extraInfo.GetUint8ArrayValue(Attributes::ATTR_OLD_ROOT_SECRET, oldSecret);
337 ErrCode code = innerIamMgr_.UpdateStorageUserAuth(userId_, updateCredInfo.secureUid,
338 updateCredInfo.token, oldSecret, {});
339 if (code != ERR_OK) {
340 DeleteCredential(userId_, updateCredInfo.credentialId, credInfo_.token);
341 ReportOsAccountOperationFail(userId_, "updateCredential", code, "Failed to update user auth");
342 innerIamMgr_.SetState(userId_, AFTER_OPEN_SESSION);
343 return innerCallback_->OnResult(code, extraInfo);
344 }
345 uint64_t oldCredentialId = 0;
346 extraInfo.GetUint64Value(Attributes::AttributeKey::ATTR_OLD_CREDENTIAL_ID, oldCredentialId);
347 auto idmCallback = std::make_shared<CommitCredUpdateCallback>(userId_, updateCredInfo, innerCallback_);
348 Security::AccessToken::AccessTokenID selfToken = IPCSkeleton::GetSelfTokenID();
349 result = SetFirstCallerTokenID(selfToken);
350 ACCOUNT_LOGI("Set first caller info result: %{public}d", result);
351 UserIDMClient::GetInstance().DeleteCredential(userId_, oldCredentialId, credInfo_.token, idmCallback);
352 }
353
OnAcquireInfo(int32_t module,uint32_t acquireInfo,const Attributes & extraInfo)354 void UpdateCredCallback::OnAcquireInfo(int32_t module, uint32_t acquireInfo, const Attributes &extraInfo)
355 {
356 if (innerCallback_ == nullptr) {
357 ACCOUNT_LOGE("innerCallback_ is nullptr");
358 return;
359 }
360 innerCallback_->OnAcquireInfo(module, acquireInfo, extraInfo);
361 }
362
363 #ifdef HAS_PIN_AUTH_PART
OnGetData(int32_t authSubType,std::vector<uint8_t> challenge,std::shared_ptr<IInputerData> inputerData)364 void DelUserInputer::OnGetData(int32_t authSubType, std::vector<uint8_t> challenge,
365 std::shared_ptr<IInputerData> inputerData)
366 {
367 ACCOUNT_LOGI("Get temporary data, authSubType: %{public}d", authSubType);
368 if (inputerData == nullptr) {
369 ACCOUNT_LOGE("InputerData is nullptr");
370 return;
371 }
372 inputerData->OnSetData(PinSubType::PIN_SIX, TEMP_PIN);
373 }
374
OnResult(int32_t result,const UserIam::UserAuth::Attributes & extraInfo)375 void CommitDelCredCallback::OnResult(int32_t result, const UserIam::UserAuth::Attributes &extraInfo)
376 {
377 std::unique_lock<std::mutex> lock(mutex_);
378 ACCOUNT_LOGI("IAM OnResult callback! result %{public}d", result);
379 isCalled_ = true;
380 resultCode_ = result;
381 onResultCondition_.notify_one();
382 }
383
OnAcquireInfo(int32_t module,uint32_t acquireInfo,const UserIam::UserAuth::Attributes & extraInfo)384 void CommitDelCredCallback::OnAcquireInfo(int32_t module, uint32_t acquireInfo,
385 const UserIam::UserAuth::Attributes &extraInfo)
386 {
387 ACCOUNT_LOGI("IAM OnAcquireInfo callback! module %{public}d, acquire %{public}u.", module, acquireInfo);
388 }
389
DelUserCallback(uint32_t userId,const std::vector<uint8_t> & token,const sptr<IIDMCallback> & callback)390 DelUserCallback::DelUserCallback(uint32_t userId, const std::vector<uint8_t> &token, const sptr<IIDMCallback> &callback)
391 : userId_(userId), token_(token), innerCallback_(callback)
392 {}
393
~DelUserCallback()394 DelUserCallback::~DelUserCallback()
395 {
396 InnerAccountIAMManager::GetInstance().OnDelUserDone(userId_);
397 }
398
ConvertDelUserErrCode(int32_t result)399 static int32_t ConvertDelUserErrCode(int32_t result)
400 {
401 switch (result) {
402 case ResultCode::NOT_ENROLLED:
403 case ResultCode::INVALID_PARAMETERS:
404 return ERR_IAM_TOKEN_AUTH_FAILED;
405 case ResultCode::CANCELED:
406 case ResultCode::TIMEOUT:
407 return ERR_IAM_GENERAL_ERROR;
408 default:
409 return result;
410 }
411 }
412
OnResult(int32_t result,const Attributes & extraInfo)413 void DelUserCallback::OnResult(int32_t result, const Attributes &extraInfo)
414 {
415 ACCOUNT_LOGI("DelUserCallback, userId: %{public}d, result: %{public}d", userId_, result);
416 if (innerCallback_ == nullptr) {
417 ACCOUNT_LOGE("Inner callback is nullptr");
418 return;
419 }
420 result = ConvertDelUserErrCode(result);
421 if (result != ERR_OK) {
422 ACCOUNT_LOGE("DelUserCallback fail code = %{public}d", result);
423 ReportOsAccountOperationFail(userId_, "deleteCredential", result, "Failed to delete user");
424 return innerCallback_->OnResult(result, extraInfo);
425 }
426 uint64_t secureUid = 0;
427 extraInfo.GetUint64Value(Attributes::AttributeKey::ATTR_SEC_USER_ID, secureUid);
428 std::vector<uint8_t> oldSecret;
429 extraInfo.GetUint8ArrayValue(Attributes::ATTR_OLD_ROOT_SECRET, oldSecret);
430 std::vector<uint8_t> token;
431 extraInfo.GetUint8ArrayValue(Attributes::ATTR_AUTH_TOKEN, token);
432 auto &innerIamMgr_ = InnerAccountIAMManager::GetInstance();
433 ErrCode errCode = innerIamMgr_.UpdateStorageUserAuth(userId_, secureUid, token, oldSecret, {});
434 if (errCode != ERR_OK) {
435 ReportOsAccountOperationFail(userId_, "deleteCredential", errCode, "Failed to update user auth");
436 uint64_t credentialId = 0;
437 extraInfo.GetUint64Value(Attributes::AttributeKey::ATTR_CREDENTIAL_ID, credentialId);
438 DeleteCredential(userId_, credentialId, token);
439 ACCOUNT_LOGE("Fail to delete root secret, userId=%{public}d, errcode=%{public}d", userId_, errCode);
440 return innerCallback_->OnResult(errCode, extraInfo);
441 }
442
443 Security::AccessToken::AccessTokenID selfToken = IPCSkeleton::GetSelfTokenID();
444 result = SetFirstCallerTokenID(selfToken);
445 ACCOUNT_LOGI("Set first caller info result: %{public}d", result);
446 auto deleteUserCallback = std::make_shared<CommitDelCredCallback>();
447 UserIDMClient::GetInstance().DeleteUser(userId_, token_, deleteUserCallback);
448 std::unique_lock<std::mutex> lock(deleteUserCallback->mutex_);
449 deleteUserCallback->onResultCondition_.wait(lock, [deleteUserCallback] { return deleteUserCallback->isCalled_; });
450 if (deleteUserCallback->resultCode_ != ERR_OK) {
451 ACCOUNT_LOGE("Failed to erase user in callback, userId=%{public}d, errcode=%{public}d",
452 userId_, deleteUserCallback->resultCode_);
453 ReportOsAccountOperationFail(userId_, "deleteCredential", deleteUserCallback->resultCode_,
454 "Failed to erase user");
455 return innerCallback_->OnResult(deleteUserCallback->resultCode_, extraInfo);
456 }
457 (void)IInnerOsAccountManager::GetInstance().SetOsAccountCredentialId(userId_, 0);
458 errCode = innerIamMgr_.UpdateStorageKeyContext(userId_);
459 if (errCode != ERR_OK) {
460 ReportOsAccountOperationFail(userId_, "deleteCredential", errCode, "Failed to update key context");
461 }
462 innerCallback_->OnResult(errCode, extraInfo);
463 }
464 #endif // HAS_PIN_AUTH_PART
465
CommitCredUpdateCallback(int32_t userId,const UpdateCredInfo & extraUpdateInfo,const sptr<IIDMCallback> & callback)466 CommitCredUpdateCallback::CommitCredUpdateCallback(int32_t userId,
467 const UpdateCredInfo &extraUpdateInfo, const sptr<IIDMCallback> &callback)
468 : userId_(userId), extraUpdateInfo_(extraUpdateInfo), innerCallback_(callback)
469 {}
470
OnResult(int32_t result,const Attributes & extraInfo)471 void CommitCredUpdateCallback::OnResult(int32_t result, const Attributes &extraInfo)
472 {
473 ACCOUNT_LOGI("CommitCredUpdateCallback, result=%{public}d.", result);
474 if (innerCallback_ == nullptr) {
475 ACCOUNT_LOGE("innerCallback_ is nullptr");
476 return;
477 }
478
479 auto &innerIamMgr_ = InnerAccountIAMManager::GetInstance();
480 if (result != 0) {
481 ACCOUNT_LOGE("CommitCredUpdateCallback fail code=%{public}d", result);
482 ReportOsAccountOperationFail(userId_, "commitCredUpdate", result, "Failed to commit credential update");
483 innerCallback_->OnResult(result, extraInfo);
484 innerIamMgr_.SetState(userId_, AFTER_OPEN_SESSION);
485 return;
486 }
487 ErrCode code = innerIamMgr_.UpdateStorageUserAuth(
488 userId_, extraUpdateInfo_.secureUid, extraUpdateInfo_.token, {}, extraUpdateInfo_.newSecret);
489 if (code != ERR_OK) {
490 ACCOUNT_LOGE("Fail to update user auth, userId=%{public}d, code=%{public}d", userId_, code);
491 innerIamMgr_.SetState(userId_, AFTER_OPEN_SESSION);
492 ReportOsAccountOperationFail(userId_, "commitCredUpdate", code, "Failed to update user auth");
493 innerCallback_->OnResult(code, extraInfo);
494 return;
495 }
496 ErrCode updateRet = innerIamMgr_.UpdateStorageKeyContext(userId_);
497 if (updateRet != ERR_OK) {
498 ReportOsAccountOperationFail(userId_, "commitCredUpdate", updateRet, "Failed to update key context");
499 }
500 innerIamMgr_.SetState(userId_, AFTER_OPEN_SESSION);
501 (void)IInnerOsAccountManager::GetInstance().SetOsAccountCredentialId(userId_, extraUpdateInfo_.credentialId);
502 Attributes extraInfoResult;
503 extraInfoResult.SetUint64Value(Attributes::AttributeKey::ATTR_CREDENTIAL_ID, extraUpdateInfo_.credentialId);
504 innerCallback_->OnResult(result, extraInfoResult);
505 }
506
OnAcquireInfo(int32_t module,uint32_t acquireInfo,const Attributes & extraInfo)507 void CommitCredUpdateCallback::OnAcquireInfo(int32_t module, uint32_t acquireInfo, const Attributes &extraInfo)
508 {
509 ACCOUNT_LOGE("CommitCredUpdateCallback OnAcquireInfo");
510 }
511
DelCredCallback(int32_t userId,bool isPIN,std::vector<uint8_t> token,const sptr<IIDMCallback> & callback)512 DelCredCallback::DelCredCallback(int32_t userId, bool isPIN, std::vector<uint8_t> token,
513 const sptr<IIDMCallback> &callback)
514 : userId_(userId), isPIN_(isPIN), token_(token), innerCallback_(callback)
515 {}
516
OnResult(int32_t result,const Attributes & extraInfo)517 void DelCredCallback::OnResult(int32_t result, const Attributes &extraInfo)
518 {
519 ACCOUNT_LOGI("DelCredCallback, result=%{public}d, userId=%{public}d", result, userId_);
520 if (innerCallback_ == nullptr) {
521 ACCOUNT_LOGE("innerCallback_ is nullptr");
522 return;
523 }
524 auto &innerIamMgr_ = InnerAccountIAMManager::GetInstance();
525 if ((result == 0) && isPIN_) {
526 (void)IInnerOsAccountManager::GetInstance().SetOsAccountCredentialId(userId_, 0); // 0-invalid credentialId
527 std::vector<uint8_t> newSecret;
528 std::vector<uint8_t> oldSecret;
529 extraInfo.GetUint8ArrayValue(Attributes::ATTR_OLD_ROOT_SECRET, oldSecret);
530 uint64_t secureUid = 0;
531 extraInfo.GetUint64Value(Attributes::AttributeKey::ATTR_SEC_USER_ID, secureUid);
532 ErrCode updateRet = innerIamMgr_.UpdateStorageUserAuth(userId_, secureUid, token_, oldSecret, newSecret);
533 if (updateRet != ERR_OK) {
534 ReportOsAccountOperationFail(userId_, "deleteCredential", updateRet, "Failed to update user auth");
535 }
536 updateRet = innerIamMgr_.UpdateStorageKeyContext(userId_);
537 if (updateRet != ERR_OK) {
538 ReportOsAccountOperationFail(userId_, "deleteCredential", updateRet, "Failed to update key context");
539 }
540 }
541 if (result != 0) {
542 ACCOUNT_LOGE("DelCredCallback fail code=%{public}d, userId=%{public}d", result, userId_);
543 ReportOsAccountOperationFail(userId_, "deleteCredential", result, "Failed to delete credential");
544 }
545
546 innerIamMgr_.SetState(userId_, AFTER_OPEN_SESSION);
547 innerCallback_->OnResult(result, extraInfo);
548 }
549
OnAcquireInfo(int32_t module,uint32_t acquireInfo,const Attributes & extraInfo)550 void DelCredCallback::OnAcquireInfo(int32_t module, uint32_t acquireInfo, const Attributes &extraInfo)
551 {
552 if (innerCallback_ == nullptr) {
553 ACCOUNT_LOGE("innerCallback_ is nullptr");
554 return;
555 }
556 innerCallback_->OnAcquireInfo(module, acquireInfo, extraInfo);
557 }
558
GetCredInfoCallbackWrapper(int32_t userId,int32_t authType,const sptr<IGetCredInfoCallback> & callback)559 GetCredInfoCallbackWrapper::GetCredInfoCallbackWrapper(
560 int32_t userId, int32_t authType, const sptr<IGetCredInfoCallback> &callback)
561 : userId_(userId), authType_(authType), innerCallback_(callback)
562 {}
563
OnCredentialInfo(const std::vector<CredentialInfo> & infoList)564 void GetCredInfoCallbackWrapper::OnCredentialInfo(const std::vector<CredentialInfo> &infoList)
565 {
566 if (innerCallback_ == nullptr) {
567 return;
568 }
569 if (authType_ == 0) {
570 bool isAvailable = InnerAccountIAMManager::GetInstance().CheckDomainAuthAvailable(userId_);
571 if (isAvailable) {
572 std::vector<CredentialInfo> newInfoList = infoList;
573 CredentialInfo info;
574 info.authType = static_cast<AuthType>(IAMAuthType::DOMAIN);
575 info.pinType = static_cast<PinSubType>(IAMAuthSubType::DOMAIN_MIXED);
576 newInfoList.emplace_back(info);
577 return innerCallback_->OnCredentialInfo(newInfoList);
578 }
579 }
580 return innerCallback_->OnCredentialInfo(infoList);
581 }
582
GetPropCallbackWrapper(int32_t userId,const sptr<IGetSetPropCallback> & callback)583 GetPropCallbackWrapper::GetPropCallbackWrapper(int32_t userId, const sptr<IGetSetPropCallback> &callback)
584 : userId_(userId), innerCallback_(callback)
585 {}
586
OnResult(int32_t result,const Attributes & extraInfo)587 void GetPropCallbackWrapper::OnResult(int32_t result, const Attributes &extraInfo)
588 {
589 if (innerCallback_ == nullptr) {
590 ACCOUNT_LOGE("inner callback is nullptr");
591 return;
592 }
593 if (result != 0) {
594 ReportOsAccountOperationFail(userId_, "getProperty", result, "Failed to get property");
595 }
596 innerCallback_->OnResult(result, extraInfo);
597 }
598
SetPropCallbackWrapper(int32_t userId,const sptr<IGetSetPropCallback> & callback)599 SetPropCallbackWrapper::SetPropCallbackWrapper(int32_t userId, const sptr<IGetSetPropCallback> &callback)
600 : userId_(userId), innerCallback_(callback)
601 {}
602
OnResult(int32_t result,const Attributes & extraInfo)603 void SetPropCallbackWrapper::OnResult(int32_t result, const Attributes &extraInfo)
604 {
605 if (innerCallback_ == nullptr) {
606 ACCOUNT_LOGE("inner callback is nullptr");
607 return;
608 }
609 if (result != 0) {
610 ReportOsAccountOperationFail(userId_, "setProperty", result, "Failed to set property");
611 }
612 innerCallback_->OnResult(result, extraInfo);
613 }
614
GetSecUserInfoCallbackWrapper(AuthType authType,const sptr<IGetEnrolledIdCallback> & callback)615 GetSecUserInfoCallbackWrapper::GetSecUserInfoCallbackWrapper(
616 AuthType authType, const sptr<IGetEnrolledIdCallback> &callback)
617 : authType_(authType), innerCallback_(callback)
618 {}
619
OnSecUserInfo(const SecUserInfo & info)620 void GetSecUserInfoCallbackWrapper::OnSecUserInfo(const SecUserInfo &info)
621 {
622 if (innerCallback_ == nullptr) {
623 return;
624 }
625
626 auto it = std::find_if(info.enrolledInfo.begin(), info.enrolledInfo.end(), [this](const auto& item) {
627 return item.authType == authType_;
628 });
629 if (it != info.enrolledInfo.end()) {
630 return innerCallback_->OnEnrolledId(ERR_OK, it->enrolledId);
631 } else {
632 return innerCallback_->OnEnrolledId(ERR_IAM_NOT_ENROLLED, 0);
633 }
634 }
635
GetSecureUidCallback(int32_t userId)636 GetSecureUidCallback::GetSecureUidCallback(int32_t userId): userId_(userId)
637 {}
638
OnSecUserInfo(const SecUserInfo & info)639 void GetSecureUidCallback::OnSecUserInfo(const SecUserInfo &info)
640 {
641 ACCOUNT_LOGI("SecUserInfo call back userId=%{public}d", userId_);
642 std::unique_lock<std::mutex> lck(secureMtx_);
643 this->secureUid_ = info.secureUid;
644 secureCv_.notify_all();
645 }
646
PrepareRemoteAuthCallbackWrapper(const sptr<IPreRemoteAuthCallback> & callback)647 PrepareRemoteAuthCallbackWrapper::PrepareRemoteAuthCallbackWrapper(const sptr<IPreRemoteAuthCallback> &callback)
648 : innerCallback_(callback)
649 {}
650
OnResult(int32_t result)651 void PrepareRemoteAuthCallbackWrapper::OnResult(int32_t result)
652 {
653 if (innerCallback_ == nullptr) {
654 ACCOUNT_LOGE("Inner callback is nullptr.");
655 return;
656 }
657 if (result != 0) {
658 ACCOUNT_LOGE("PrepareRemoteAuth, result=%{public}d fail to prepare remote auth.", result);
659 }
660 innerCallback_->OnResult(result);
661 }
662
GetDomainAuthStatusInfoCallback(const GetPropertyRequest & request,const sptr<IGetSetPropCallback> & callback)663 GetDomainAuthStatusInfoCallback::GetDomainAuthStatusInfoCallback(
664 const GetPropertyRequest &request, const sptr<IGetSetPropCallback> &callback)
665 : request_(request), innerCallback_(callback)
666 {}
667
OnResult(int32_t result,Parcel & parcel)668 void GetDomainAuthStatusInfoCallback::OnResult(int32_t result, Parcel &parcel)
669 {
670 if (innerCallback_ == nullptr) {
671 ACCOUNT_LOGE("inner callback is nullptr");
672 return;
673 }
674 Attributes attributes;
675 std::shared_ptr<AuthStatusInfo> infoPtr(AuthStatusInfo::Unmarshalling(parcel));
676 if (infoPtr == nullptr) {
677 innerCallback_->OnResult(result, attributes);
678 return;
679 }
680 attributes.SetInt32Value(Attributes::ATTR_PIN_SUB_TYPE, static_cast<int32_t>(IAMAuthSubType::DOMAIN_MIXED));
681 attributes.SetInt32Value(Attributes::ATTR_REMAIN_TIMES, infoPtr->remainingTimes);
682 attributes.SetInt32Value(Attributes::ATTR_FREEZING_TIME, infoPtr->freezingTime);
683 innerCallback_->OnResult(result, attributes);
684 }
685 } // namespace AccountSA
686 } // namespace OHOS
687