Use real creator code for Keychain items

chrome/browser/password_manager/password_store_mac.cc

 // Copyright (c) 2009 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/password_manager/password_store_mac.h"
 #include "chrome/browser/password_manager/password_store_mac_internal.h"
 
 #include <CoreServices/CoreServices.h>
 #include <string>
 #include <vector>
 
 #include "base/logging.h"
+#include "base/mac_util.h"
 #include "base/stl_util-inl.h"
 #include "base/string_util.h"
 #include "chrome/browser/keychain_mac.h"
 #include "chrome/browser/password_manager/login_database_mac.h"
 
 using webkit_glue::PasswordForm;
 
-static const OSType kChromeKeychainCreatorCode = 'rimZ';
-
 // Utility class to handle the details of constructing and running a keychain
 // search from a set of attributes.
 class KeychainSearch {
  public:
   KeychainSearch(const MacKeychain& keychain);
   ~KeychainSearch();
 
   // Sets up a keycahin search based on an non "null" (NULL for char*,
   // The appropriate "Any" entry for other types) arguments.
   //
@@ skipping 399 matching lines @@
                        database_blacklist_forms.begin(),
                        database_blacklist_forms.end());
 
   // Clear out all the Keychain entries we used.
   DeleteVectorElementsInSet(keychain_forms, used_keychain_forms);
 }
 
 std::vector<PasswordForm*> GetPasswordsForForms(
     const MacKeychain& keychain, std::vector<PasswordForm*>* database_forms) {
   MacKeychainPasswordFormAdapter keychain_adapter(&keychain);
-  
+
   std::vector<PasswordForm*> merged_forms;
   for (std::vector<PasswordForm*>::iterator i = database_forms->begin();
        i != database_forms->end();) {
     std::vector<PasswordForm*> db_form_container(1, *i);
     std::vector<PasswordForm*> keychain_matches =
         keychain_adapter.PasswordsMergeableWithForm(**i);
     MergePasswordForms(&keychain_matches, &db_form_container, &merged_forms);
     if (db_form_container.size() == 0) {
       i = database_forms->erase(i);
     } else {
@@ skipping 48 matching lines @@
   return NULL;
 }
 
 std::vector<PasswordForm*>
     MacKeychainPasswordFormAdapter::GetAllPasswordFormPasswords() {
   SecAuthenticationType supported_auth_types[] = {
     kSecAuthenticationTypeHTMLForm,
     kSecAuthenticationTypeHTTPBasic,
     kSecAuthenticationTypeHTTPDigest,
   };
-  OSType creator = finds_only_owned_ ? kChromeKeychainCreatorCode : 0;
 
   std::vector<SecKeychainItemRef> matches;
   for (unsigned int i = 0; i < arraysize(supported_auth_types); ++i) {
     KeychainSearch keychain_search(*keychain_);
     keychain_search.Init(NULL, 0, kSecProtocolTypeAny, supported_auth_types[i],
-                         NULL, NULL, NULL, creator);
+                         NULL, NULL, NULL, CreatorCodeForSearch());
     keychain_search.FindMatchingItems(&matches);
   }
 
   return ConvertKeychainItemsToForms(&matches);
 }
 
 bool MacKeychainPasswordFormAdapter::AddPassword(const PasswordForm& form) {
   // We should never be trying to store a blacklist in the keychain.
   DCHECK(!form.blacklisted_by_user);
 
@@ skipping 13 matching lines @@
   SecKeychainItemRef new_item = NULL;
   OSStatus result = keychain_->AddInternetPassword(
       NULL, server.size(), server.c_str(),
       security_domain.size(), security_domain.c_str(),
       username.size(), username.c_str(),
       path.size(), path.c_str(),
       port, protocol, AuthTypeForScheme(form.scheme),
       password.size(), password.c_str(), &new_item);
 
   if (result == noErr) {
-    SetKeychainItemCreatorCode(new_item, kChromeKeychainCreatorCode);
+    SetKeychainItemCreatorCode(new_item, mac_util::CreatorCodeForApplication());
     keychain_->Free(new_item);
   } else if (result == errSecDuplicateItem) {
     // If we collide with an existing item, find and update it instead.
     SecKeychainItemRef existing_item = KeychainItemForForm(form);
     if (!existing_item) {
       return false;
     }
     bool changed = SetKeychainItemPassword(existing_item, password);
     keychain_->Free(existing_item);
     return changed;
@@ skipping 73 matching lines @@
     // TODO(stuartmorgan): Proxies will currently fail here, since their
     // signon_realm is not a URL. We need to detect the proxy case and handle
     // it specially.
     return matches;
   }
   SecProtocolType protocol = is_secure ? kSecProtocolTypeHTTPS
                                        : kSecProtocolTypeHTTP;
   SecAuthenticationType auth_type = AuthTypeForScheme(scheme);
   const char* auth_domain = (scheme == PasswordForm::SCHEME_HTML) ?
       NULL : security_domain.c_str();
-  OSType creator = finds_only_owned_ ? kChromeKeychainCreatorCode : 0;
-
   KeychainSearch keychain_search(*keychain_);
   keychain_search.Init(server.c_str(), port, protocol, auth_type,
-                       auth_domain, path, username, creator);
+                       auth_domain, path, username, CreatorCodeForSearch());
   keychain_search.FindMatchingItems(&matches);
   return matches;
 }
 
 // TODO(stuartmorgan): signon_realm for proxies is not yet supported.
 bool MacKeychainPasswordFormAdapter::ExtractSignonRealmComponents(
     const std::string& signon_realm, std::string* server, int* port,
     bool* is_secure, std::string* security_domain) {
   // The signon_realm will be the Origin portion of a URL for an HTML form,
   // and the same but with the security domain as a path for HTTP auth.
@@ skipping 39 matching lines @@
 bool MacKeychainPasswordFormAdapter::SetKeychainItemCreatorCode(
     const SecKeychainItemRef& keychain_item, OSType creator_code) {
   SecKeychainAttribute attr = { kSecCreatorItemAttr, sizeof(creator_code),
                                 &creator_code };
   SecKeychainAttributeList attrList = { 1, &attr };
   OSStatus result = keychain_->ItemModifyAttributesAndData(keychain_item,
                                                            &attrList, 0, NULL);
   return result == noErr;
 }
 
+OSType MacKeychainPasswordFormAdapter::CreatorCodeForSearch() {
+  return finds_only_owned_ ? mac_util::CreatorCodeForApplication() : 0;
+}
+
 #pragma mark -
 
 PasswordStoreMac::PasswordStoreMac(MacKeychain* keychain,
                                    LoginDatabaseMac* login_db)
     : keychain_(keychain), login_metadata_db_(login_db) {
   DCHECK(keychain_.get());
   DCHECK(login_metadata_db_.get());
 }
 
 PasswordStoreMac::~PasswordStoreMac() {}
@@ skipping 88 matching lines @@
 
 void PasswordStoreMac::GetBlacklistLoginsImpl(GetLoginsRequest* request) {
   std::vector<PasswordForm*> database_forms;
   login_metadata_db_->GetBlacklistLogins(&database_forms);
   NotifyConsumer(request, database_forms);
 }
 
 void PasswordStoreMac::GetAutofillableLoginsImpl(GetLoginsRequest* request) {
   std::vector<PasswordForm*> database_forms;
   login_metadata_db_->GetAutofillableLogins(&database_forms);
-  
+
   std::vector<PasswordForm*> merged_forms =
       internal_keychain_helpers::GetPasswordsForForms(*keychain_,
                                                       &database_forms);
-  
+
   // Clean up any orphaned database entries.
   RemoveDatabaseForms(database_forms);
   STLDeleteElements(&database_forms);
-  
+
   NotifyConsumer(request, merged_forms);
 }
 
 bool PasswordStoreMac::AddToKeychainIfNecessary(const PasswordForm& form) {
   if (form.blacklisted_by_user) {
     return true;
   }
   MacKeychainPasswordFormAdapter keychainAdapter(keychain_.get());
   return keychainAdapter.AddPassword(form);
 }
@@ skipping 11 matching lines @@
       break;
     }
   }
   STLDeleteElements(&database_forms);
   return has_match;
 }
 
 std::vector<PasswordForm*> PasswordStoreMac::GetUnusedKeychainForms() {
   std::vector<PasswordForm*> database_forms;
   login_metadata_db_->GetAutofillableLogins(&database_forms);
-  
+
   MacKeychainPasswordFormAdapter owned_keychain_adapter(keychain_.get());
   owned_keychain_adapter.SetFindsOnlyOwnedItems(true);
   std::vector<PasswordForm*> owned_keychain_forms =
       owned_keychain_adapter.GetAllPasswordFormPasswords();
-  
+
   // Run a merge; anything left in owned_keychain_forms when we are done no
   // longer has a matching database entry.
   std::vector<PasswordForm*> merged_forms;
   internal_keychain_helpers::MergePasswordForms(&owned_keychain_forms,
                                                 &database_forms,
                                                 &merged_forms);
   STLDeleteElements(&merged_forms);
   STLDeleteElements(&database_forms);
 
   return owned_keychain_forms;
 }
 
 void PasswordStoreMac::RemoveDatabaseForms(
     const std::vector<PasswordForm*>& forms) {
   for (std::vector<PasswordForm*>::const_iterator i = forms.begin();
        i != forms.end(); ++i) {
     login_metadata_db_->RemoveLogin(**i);
   }
 }
 
 void PasswordStoreMac::RemoveKeychainForms(
     const std::vector<PasswordForm*>& forms) {
   MacKeychainPasswordFormAdapter owned_keychain_adapter(keychain_.get());
   owned_keychain_adapter.SetFindsOnlyOwnedItems(true);
   for (std::vector<PasswordForm*>::const_iterator i = forms.begin();
        i != forms.end(); ++i) {
     owned_keychain_adapter.RemovePassword(**i);
   }
 }