signin: force web signin flow initiated visits to accounts.google.com to their own process.

chrome/browser/signin/signin_manager.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/signin/signin_manager.h"
 
 #include <string>
 #include <vector>
 
 #include "base/callback_helpers.h"
@@ skipping 19 matching lines @@
 #include "chrome/browser/sync/sync_prefs.h"
 #include "chrome/browser/ui/global_error/global_error_service.h"
 #include "chrome/browser/ui/global_error/global_error_service_factory.h"
 #include "chrome/browser/ui/host_desktop.h"
 #include "chrome/browser/ui/webui/signin/profile_signin_confirmation_dialog.h"
 #include "chrome/common/chrome_notification_types.h"
 #include "chrome/common/chrome_switches.h"
 #include "chrome/common/pref_names.h"
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/notification_service.h"
+#include "content/public/browser/render_process_host.h"
 #include "google_apis/gaia/gaia_auth_fetcher.h"
 #include "google_apis/gaia/gaia_auth_util.h"
 #include "google_apis/gaia/gaia_constants.h"
 #include "google_apis/gaia/gaia_urls.h"
 #include "net/cookies/cookie_monster.h"
 #include "net/url_request/url_request_context.h"
 #include "net/url_request/url_request_context_getter.h"
 #include "third_party/icu/public/i18n/unicode/regex.h"
 
 #if defined(ENABLE_CONFIGURATION_POLICY) && !defined(OS_CHROMEOS)
 #include "chrome/browser/policy/user_policy_signin_service.h"
 #include "chrome/browser/policy/user_policy_signin_service_factory.h"
 #endif
 
 using namespace signin_internals_util;
 
 using content::BrowserThread;
 
 namespace {
 
 const char kGetInfoDisplayEmailKey[] = "displayEmail";
 const char kGetInfoEmailKey[] = "email";
 
 const char kGoogleAccountsUrl[] = "https://accounts.google.com";
 
+const int kInvalidProcessId = -1;
+
 }  // namespace
 
 // This class fetches GAIA cookie on IO thread on behalf of SigninManager which
 // only lives on the UI thread.
 class SigninManagerCookieHelper
     : public base::RefCountedThreadSafe<SigninManagerCookieHelper> {
  public:
   explicit SigninManagerCookieHelper(
       net::URLRequestContextGetter* request_context_getter);
 
@@ skipping 117 matching lines @@
   UBool match = matcher.matches(status);
   DCHECK(U_SUCCESS(status));
   return !!match;  // !! == convert from UBool to bool.
 }
 
 SigninManager::SigninManager()
     : profile_(NULL),
       prohibit_signout_(false),
       had_two_factor_error_(false),
       type_(SIGNIN_TYPE_NONE),
-      weak_pointer_factory_(this) {
+      weak_pointer_factory_(this),
+      signin_process_id_(kInvalidProcessId) {
+}
+
+void SigninManager::SetSigninProcess(int process_id) {
+  if (process_id == signin_process_id_)
+    return;
+  CHECK_EQ(signin_process_id_, kInvalidProcessId);

[Charlie Reis, 2013/02/28 19:19:46]

I don't think we can enforce this CHECK.  There are races with process-per-site
that make it possible (though unlikely) that we could have two processes.  In
that case, only the most recent will be allowed to sign the user in.

I don't expect this to happen in practice (given how this URL is used), but we
shouldn't crash if it does.

[tim (not reviewing), 2013/03/01 01:53:57]

Done.

+  signin_process_id_ = process_id;
+  const content::RenderProcessHost* process =
+      content::RenderProcessHost::FromID(process_id);
+  DCHECK(process);
+  registrar_.Add(this,
+                 content::NOTIFICATION_RENDERER_PROCESS_TERMINATED,
+                 content::Source<content::RenderProcessHost>(process));
+}
+
+bool SigninManager::IsSigninProcess(int process_id) const {
+  return process_id == signin_process_id_;
 }
 
 SigninManager::~SigninManager() {
   DCHECK(!signin_global_error_.get()) <<
       "SigninManager::Initialize called but not SigninManager::Shutdown";
 }
 
 void SigninManager::Initialize(Profile* profile) {
   // Should never call Initialize() twice.
   DCHECK(!IsInitialized());
@@ skipping 665 matching lines @@
       if (tok_details->service() ==
           GaiaConstants::kGaiaOAuth2LoginRefreshToken) {
         ubertoken_fetcher_.reset(new UbertokenFetcher(profile_, this));
         ubertoken_fetcher_->StartFetchingToken();
 
         // We only want to do this once per sign-in.
         CleanupNotificationRegistration();
       }
       break;
     }
+    case content::NOTIFICATION_RENDERER_PROCESS_TERMINATED: {
+      DCHECK_EQ(signin_process_id_,

[Charlie Reis, 2013/02/28 19:19:46]

Similar to above, this should be an if rather than a DCHECK.

We should remove the process from the registrar either way, of course.

[tim (not reviewing), 2013/03/01 01:53:57]

Done.

+                content::Source<content::RenderProcessHost>(source)->GetID());
+      signin_process_id_ = kInvalidProcessId;
+      registrar_.Remove(this,
+                        content::NOTIFICATION_RENDERER_PROCESS_TERMINATED,
+                        source);
+      break;
+    }
 #endif
     default:
       NOTREACHED();
   }
 }
 
 void SigninManager::Shutdown() {
   if (signin_global_error_.get()) {
     GlobalErrorServiceFactory::GetForProfile(profile_)->RemoveGlobalError(
         signin_global_error_.get());
@@ skipping 36 matching lines @@
                     NotifySigninValueChanged(field, value));
 }
 
 void SigninManager::NotifyDiagnosticsObservers(
     const TimedSigninStatusField& field,
     const std::string& value) {
   FOR_EACH_OBSERVER(SigninDiagnosticsObserver,
                     signin_diagnostics_observers_,
                     NotifySigninValueChanged(field, value));
 }