ash: Add UserAuthenticationServiceProvider

This adds a DBus service provider to enable ChromeOS daemons to call
into Ash to start the in-session user authentication dialog. The dialog
will be implemented in Ash.

Currently the only expected client is u2fd, which needs this UI flow
in WebAuthn.

TEST=Used u2fd to call UserAuthenticationServiceProvider and verified
     it received the call by logging.

Cq-Depend: chromium:2291256
Bug: b:144861739
Change-Id: I47c6b88f2eb4484cef197a009e6ad5bbc4b3e5c8
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2291258Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Xiyuan Xia <xiyuan@chromium.org>
Commit-Queue: Yicheng Li <yichengli@chromium.org>
Cr-Commit-Position: refs/heads/master@{#789336}

ash/BUILD.gn

@@ -266,6 +266,8 @@ component("ash") {
     "dbus/liveness_service_provider.h",
     "dbus/url_handler_service_provider.cc",
     "dbus/url_handler_service_provider.h",
+    "dbus/user_authentication_service_provider.cc",
+    "dbus/user_authentication_service_provider.h",
     "debug.cc",
     "debug.h",
     "detachable_base/detachable_base_handler.cc",
@@ -1807,6 +1809,7 @@ action("dbus_service_files") {
     "dbus/org.chromium.GesturePropertiesService.conf",
     "dbus/org.chromium.LivenessService.conf",
     "dbus/org.chromium.UrlHandlerService.conf",
+    "dbus/org.chromium.UserAuthenticationService.conf",
   ]
   output_conf_file = "$root_out_dir/dbus/ash_dbus_services.conf"
   outputs = [ output_conf_file ]

ash/dbus/ash_dbus_services.cc

@@ -8,6 +8,7 @@
 #include "ash/dbus/gesture_properties_service_provider.h"
 #include "ash/dbus/liveness_service_provider.h"
 #include "ash/dbus/url_handler_service_provider.h"
+#include "ash/dbus/user_authentication_service_provider.h"
 #include "base/feature_list.h"
 #include "chromeos/constants/chromeos_features.h"
 #include "chromeos/dbus/services/cros_dbus_service.h"
@@ -40,6 +41,11 @@ AshDBusServices::AshDBusServices(dbus::Bus* system_bus) {
       dbus::ObjectPath(chromeos::kUrlHandlerServicePath),
       chromeos::CrosDBusService::CreateServiceProviderList(
           std::make_unique<UrlHandlerServiceProvider>()));
+  user_authentication_service_ = chromeos::CrosDBusService::Create(
+      system_bus, chromeos::kUserAuthenticationServiceName,
+      dbus::ObjectPath(chromeos::kUserAuthenticationServicePath),
+      chromeos::CrosDBusService::CreateServiceProviderList(
+          std::make_unique<UserAuthenticationServiceProvider>()));
 }
 
 AshDBusServices::~AshDBusServices() {
@@ -47,6 +53,7 @@ AshDBusServices::~AshDBusServices() {
   gesture_properties_service_.reset();
   liveness_service_.reset();
   url_handler_service_.reset();
+  user_authentication_service_.reset();
 }
 
 }  // namespace ash

ash/dbus/ash_dbus_services.h

@@ -30,6 +30,7 @@ class AshDBusServices {
   std::unique_ptr<chromeos::CrosDBusService> gesture_properties_service_;
   std::unique_ptr<chromeos::CrosDBusService> liveness_service_;
   std::unique_ptr<chromeos::CrosDBusService> url_handler_service_;
+  std::unique_ptr<chromeos::CrosDBusService> user_authentication_service_;
 
   DISALLOW_COPY_AND_ASSIGN(AshDBusServices);
 };

ash/dbus/org.chromium.UserAuthenticationService.conf

+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+  "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<!--
+  Copyright 2020 The Chromium Authors. All rights reserved.
+  Use of this source code is governed by a BSD-style license that can be
+  found in the LICENSE file.
+-->
+<busconfig>
+  <policy user="chronos">
+    <allow own="org.chromium.UserAuthenticationService"/>
+  </policy>
+
+  <!--
+    u2fd uses this service to ask Chrome to show the auth dialog for WebAuthn.
+  -->
+  <policy user="u2f">
+    <allow send_destination="org.chromium.UserAuthenticationService"
+           send_interface="org.chromium.UserAuthenticationServiceInterface"/>
+  </policy>
+</busconfig>

ash/dbus/user_authentication_service_provider.cc

+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "ash/dbus/user_authentication_service_provider.h"
+
+#include "base/bind.h"
+#include "base/logging.h"
+#include "dbus/bus.h"
+#include "dbus/message.h"
+#include "third_party/cros_system_api/dbus/service_constants.h"
+
+namespace ash {
+
+UserAuthenticationServiceProvider::UserAuthenticationServiceProvider() =
+    default;
+
+UserAuthenticationServiceProvider::~UserAuthenticationServiceProvider() =
+    default;
+
+void UserAuthenticationServiceProvider::Start(
+    scoped_refptr<dbus::ExportedObject> exported_object) {
+  exported_object->ExportMethod(
+      chromeos::kUserAuthenticationServiceInterface,
+      chromeos::kUserAuthenticationServiceShowAuthDialogMethod,
+      base::BindRepeating(&UserAuthenticationServiceProvider::ShowAuthDialog,
+                          weak_ptr_factory_.GetWeakPtr()),
+      base::BindOnce(&UserAuthenticationServiceProvider::OnExported,
+                     weak_ptr_factory_.GetWeakPtr()));
+}
+
+void UserAuthenticationServiceProvider::OnExported(
+    const std::string& interface_name,
+    const std::string& method_name,
+    bool success) {
+  if (!success) {
+    LOG(ERROR) << "Failed to export " << interface_name << "." << method_name;
+  }
+}
+
+void UserAuthenticationServiceProvider::ShowAuthDialog(
+    dbus::MethodCall* method_call,
+    dbus::ExportedObject::ResponseSender response_sender) {
+  // TODO(yichengli): Call AuthDialogController to start authentication flow.
+  std::move(response_sender).Run(dbus::Response::FromMethodCall(method_call));
+}
+
+}  // namespace ash

ash/dbus/user_authentication_service_provider.h

+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef ASH_DBUS_USER_AUTHENTICATION_SERVICE_PROVIDER_H_
+#define ASH_DBUS_USER_AUTHENTICATION_SERVICE_PROVIDER_H_
+
+#include "base/memory/weak_ptr.h"
+#include "chromeos/dbus/services/cros_dbus_service.h"
+#include "dbus/exported_object.h"
+
+namespace dbus {
+class MethodCall;
+}
+
+namespace ash {
+
+// This class exports a D-Bus method that platform daemons call to request Ash
+// to start in-session user authentication flow.
+class UserAuthenticationServiceProvider
+    : public chromeos::CrosDBusService::ServiceProviderInterface {
+ public:
+  UserAuthenticationServiceProvider();
+  UserAuthenticationServiceProvider(const UserAuthenticationServiceProvider&) =
+      delete;
+  UserAuthenticationServiceProvider& operator=(
+      const UserAuthenticationServiceProvider&) = delete;
+  ~UserAuthenticationServiceProvider() override;
+
+  // CrosDBusService::ServiceProviderInterface overrides:
+  void Start(scoped_refptr<dbus::ExportedObject> exported_object) override;
+
+ private:
+  // Called from ExportedObject when a handler is exported as a D-Bus
+  // method or failed to be exported.
+  void OnExported(const std::string& interface_name,
+                  const std::string& method_name,
+                  bool success);
+
+  // Called on UI thread in response to D-Bus requests.
+  void ShowAuthDialog(dbus::MethodCall* method_call,
+                      dbus::ExportedObject::ResponseSender response_sender);
+
+  // Keep this last so that all weak pointers will be invalidated at the
+  // beginning of destruction.
+  base::WeakPtrFactory<UserAuthenticationServiceProvider> weak_ptr_factory_{
+      this};
+};
+
+}  // namespace ash
+
+#endif  // ASH_DBUS_USER_AUTHENTICATION_SERVICE_PROVIDER_H_