Support individual Keychain item deletion

chrome/browser/password_manager/password_store_mac.cc

 // Copyright (c) 2009 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/password_manager/password_store_mac.h"
 #include "chrome/browser/password_manager/password_store_mac_internal.h"
 
 #include <CoreServices/CoreServices.h>
 #include <string>
 #include <vector>
@@ skipping 16 matching lines @@
   ~KeychainSearch();
 
   // Sets up a keycahin search based on an non "null" (NULL for char*,
   // The appropriate "Any" entry for other types) arguments.
   //
   // IMPORTANT: Any paramaters passed in *must* remain valid for as long as the
   // KeychainSearch object, since the search uses them by reference.
   void Init(const char* server, const UInt32& port,
             const SecProtocolType& protocol,
             const SecAuthenticationType& auth_type, const char* security_domain,
-            const char* path, const char* username);
+            const char* path, const char* username, OSType creator);
 
   // Fills |items| with all Keychain items that match the Init'd search.
   // If the search fails for any reason, |items| will be unchanged.
   void FindMatchingItems(std::vector<SecKeychainItemRef>* matches);
 
  private:
   const MacKeychain* keychain_;
   SecKeychainAttributeList search_attributes_;
   SecKeychainSearchRef search_ref_;
 };
 
 KeychainSearch::KeychainSearch(const MacKeychain& keychain)
     : keychain_(&keychain), search_ref_(NULL) {
   search_attributes_.count = 0;
   search_attributes_.attr = NULL;
 }
 
 KeychainSearch::~KeychainSearch() {
   if (search_attributes_.attr) {
     free(search_attributes_.attr);
   }
 }
 
 void KeychainSearch::Init(const char* server, const UInt32& port,
                           const SecProtocolType& protocol,
                           const SecAuthenticationType& auth_type,
                           const char* security_domain, const char* path,
-                          const char* username) {
+                          const char* username, OSType creator) {
   // Allocate enough to hold everything we might use.
-  const unsigned int kMaxEntryCount = 7;
+  const unsigned int kMaxEntryCount = 8;
   search_attributes_.attr =
       static_cast<SecKeychainAttribute*>(calloc(kMaxEntryCount,
                                                 sizeof(SecKeychainAttribute)));
   unsigned int entries = 0;
   // We only use search_attributes_ with SearchCreateFromAttributes, which takes
   // a "const SecKeychainAttributeList *", so we trust that they won't try
   // to modify the list, and that casting away const-ness is thus safe.
   if (server != NULL) {
     DCHECK(entries < kMaxEntryCount);
     search_attributes_.attr[entries].tag = kSecServerItemAttr;
@@ skipping 43 matching lines @@
     ++entries;
   }
   if (username != NULL) {
     DCHECK(entries <= kMaxEntryCount);
     search_attributes_.attr[entries].tag = kSecAccountItemAttr;
     search_attributes_.attr[entries].length = strlen(username);
     search_attributes_.attr[entries].data =
         const_cast<void*>(reinterpret_cast<const void*>(username));
     ++entries;
   }
+  if (creator != 0) {
+    DCHECK(entries <= kMaxEntryCount);
+    search_attributes_.attr[entries].tag = kSecCreatorItemAttr;
+    search_attributes_.attr[entries].length = sizeof(creator);
+    search_attributes_.attr[entries].data =
+        const_cast<void*>(reinterpret_cast<const void*>(&creator));
+    ++entries;
+  }
   search_attributes_.count = entries;
 }
 
 void KeychainSearch::FindMatchingItems(std::vector<SecKeychainItemRef>* items) {
   OSStatus result = keychain_->SearchCreateFromAttributes(
       NULL, kSecInternetPasswordItemClass, &search_attributes_, &search_ref_);
 
   if (result != noErr) {
     LOG(ERROR) << "Keychain lookup failed with error " << result;
     return;
@@ skipping 180 matching lines @@
   form->origin = URLFromComponents(form->ssl_valid, server, port, path);
   // TODO(stuartmorgan): Handle proxies, which need a different signon_realm
   // format.
   form->signon_realm = form->origin.GetOrigin().spec();
   if (form->scheme != PasswordForm::SCHEME_HTML) {
     form->signon_realm.append(security_domain);
   }
   return true;
 }
 
-bool FormsMatchForMerge(const PasswordForm& form_a, const PasswordForm& form_b,
-                        bool* path_matches) {
+bool FormsMatchForMerge(const PasswordForm& form_a,
+                        const PasswordForm& form_b) {
   // We never merge blacklist entries between our store and the keychain.
   if (form_a.blacklisted_by_user || form_b.blacklisted_by_user) {
     return false;
   }
-  bool matches = form_a.scheme == form_b.scheme &&
-                 form_a.signon_realm == form_b.signon_realm &&
-                 form_a.username_value == form_b.username_value;
-  if (matches && path_matches) {
-    *path_matches = (form_a.origin == form_b.origin);
-  }
-  return matches;
+  return form_a.scheme == form_b.scheme &&
+         form_a.signon_realm == form_b.signon_realm &&
+         form_a.username_value == form_b.username_value;
 }
 
 // Returns an the best match for |form| from |keychain_forms|, or NULL if there
 // is no suitable match.
 PasswordForm* BestKeychainFormForForm(
     const PasswordForm& base_form,
     const std::vector<PasswordForm*>* keychain_forms) {
   PasswordForm* partial_match = NULL;
   for (std::vector<PasswordForm*>::const_iterator i = keychain_forms->begin();
        i != keychain_forms->end(); ++i) {
     // TODO(stuartmorgan): We should really be scoring path matches and picking
     // the best, rather than just checking exact-or-not (although in practice
     // keychain items with paths probably came from us).
-    bool path_matches = false;
-    if (FormsMatchForMerge(base_form, *(*i), &path_matches)) {
-      if (path_matches) {
+    if (FormsMatchForMerge(base_form, *(*i))) {
+      if (base_form.origin == (*i)->origin) {
         return *i;
       } else if (!partial_match) {
         partial_match = *i;
       }
     }
   }
   return partial_match;
 }
 
 void MergePasswordForms(std::vector<PasswordForm*>* keychain_forms,
@@ skipping 39 matching lines @@
       i = keychain_forms->erase(i);
     }
   }
 }
 
 }  // namespace internal_keychain_helpers
 
 #pragma mark -
 
 MacKeychainPasswordFormAdapter::MacKeychainPasswordFormAdapter(
-    MacKeychain* keychain) : keychain_(keychain) {
+    MacKeychain* keychain) : keychain_(keychain), finds_only_owned_(false) {
 }
 
 std::vector<PasswordForm*>
     MacKeychainPasswordFormAdapter::PasswordsMatchingForm(
         const PasswordForm& query_form) {
   std::vector<SecKeychainItemRef> keychain_items =
       KeychainItemsForFillingForm(query_form);
 
   std::vector<PasswordForm*> keychain_forms =
       CreateFormsFromKeychainItems(keychain_items);
@@ skipping 11 matching lines @@
     PasswordForm* form = new PasswordForm();
     internal_keychain_helpers::FillPasswordFormFromKeychainItem(*keychain_,
                                                                 keychain_item,
                                                                 form);
     keychain_->Free(keychain_item);
     return form;
   }
   return NULL;
 }
 
-bool MacKeychainPasswordFormAdapter::AddLogin(const PasswordForm& form) {
+bool MacKeychainPasswordFormAdapter::AddPassword(const PasswordForm& form) {
   // We should never be trying to store a blacklist in the keychain.
   DCHECK(!form.blacklisted_by_user);
 
   std::string server;
   std::string security_domain;
   int port;
   bool is_secure;
   if (!ExtractSignonRealmComponents(form.signon_realm, &server, &port,
                                     &is_secure, &security_domain)) {
     return false;
@@ skipping 22 matching lines @@
       return false;
     }
     bool changed = SetKeychainItemPassword(existing_item, password);
     keychain_->Free(existing_item);
     return changed;
   }
 
   return result == noErr;
 }
 
+bool MacKeychainPasswordFormAdapter::RemovePassword(const PasswordForm& form) {
+  SecKeychainItemRef keychain_item = KeychainItemForForm(form);
+  if (keychain_item == NULL)
+    return false;
+  OSStatus result = keychain_->ItemDelete(keychain_item);
+  keychain_->Free(keychain_item);
+  return result == noErr;
+}
+
+void MacKeychainPasswordFormAdapter::SetFindsOnlyOwnedItems(
+    bool finds_only_owned) {
+  finds_only_owned_ = finds_only_owned;
+}
+
 std::vector<PasswordForm*>
     MacKeychainPasswordFormAdapter::CreateFormsFromKeychainItems(
         const std::vector<SecKeychainItemRef>& items) {
   std::vector<PasswordForm*> keychain_forms;
   for (std::vector<SecKeychainItemRef>::const_iterator i = items.begin();
        i != items.end(); ++i) {
     PasswordForm* form = new PasswordForm();
     if (internal_keychain_helpers::FillPasswordFormFromKeychainItem(*keychain_,
                                                                     *i, form)) {
       keychain_forms.push_back(form);
@@ skipping 48 matching lines @@
     // TODO(stuartmorgan): Proxies will currently fail here, since their
     // signon_realm is not a URL. We need to detect the proxy case and handle
     // it specially.
     return matches;
   }
   SecProtocolType protocol = is_secure ? kSecProtocolTypeHTTPS
                                        : kSecProtocolTypeHTTP;
   SecAuthenticationType auth_type = AuthTypeForScheme(scheme);
   const char* auth_domain = (scheme == PasswordForm::SCHEME_HTML) ?
       NULL : security_domain.c_str();
+  OSType creator = finds_only_owned_ ? kChromeKeychainCreatorCode : 0;
 
   KeychainSearch keychain_search(*keychain_);
   keychain_search.Init(server.c_str(), port, protocol, auth_type,
-                       auth_domain, path, username);
+                       auth_domain, path, username, creator);
   keychain_search.FindMatchingItems(&matches);
   return matches;
 }
 
 // TODO(stuartmorgan): signon_realm for proxies is not yet supported.
 bool MacKeychainPasswordFormAdapter::ExtractSignonRealmComponents(
     const std::string& signon_realm, std::string* server, int* port,
     bool* is_secure, std::string* security_domain) {
   // The signon_realm will be the Origin portion of a URL for an HTML form,
   // and the same but with the security domain as a path for HTTP auth.
@@ skipping 57 matching lines @@
 
 PasswordStoreMac::~PasswordStoreMac() {}
 
 void PasswordStoreMac::AddLoginImpl(const PasswordForm& form) {
   if (AddToKeychainIfNecessary(form)) {
     login_metadata_db_->AddLogin(form);
   }
 }
 
 void PasswordStoreMac::UpdateLoginImpl(const PasswordForm& form) {
-  // The keychain AddLogin will update if there is a collision and add if there
-  // isn't, which is the behavior we want, so there's no separate UpdateLogin.
+  // The keychain add will update if there is a collision and add if there
+  // isn't, which is the behavior we want, so there's no separate update call.
   if (AddToKeychainIfNecessary(form)) {
     int update_count = 0;
     login_metadata_db_->UpdateLogin(form, &update_count);
     // Update will catch any database entries that we already had, but we could
     // also be updating a keychain-only form, in which case we need to add.
     if (update_count == 0) {
       login_metadata_db_->AddLogin(form);
     }
   }
 }
 
 void PasswordStoreMac::RemoveLoginImpl(const PasswordForm& form) {
-  NOTIMPLEMENTED();
+  login_metadata_db_->RemoveLogin(form);
+
+  // See if we own a Keychain item associated with this item. We can do an exact
+  // search rather than messing around with trying to do fuzzy matching because
+  // passwords that we created will always have an exact-match database entry.
+  // (If a user does lose their profile but not their keychain we'll treat the
+  // entries we find like other imported entries anyway, so it's reasonable to
+  // handle deletes on them the way we would for an imported item.)
+  MacKeychainPasswordFormAdapter owned_keychain_adapter(keychain_.get());
+  owned_keychain_adapter.SetFindsOnlyOwnedItems(true);
+  PasswordForm* owned_password_form =
+      owned_keychain_adapter.PasswordExactlyMatchingForm(form);
+  if (owned_password_form) {
+    // If we don't have other forms using it (i.e., a form differing only by
+    // the names of the form elements), delete the keychain entry.
+    if (!DatabaseHasFormMatchingKeychainForm(form)) {
+      owned_keychain_adapter.RemovePassword(form);
+    }
+  }
 }
 
 void PasswordStoreMac::RemoveLoginsCreatedBetweenImpl(
     const base::Time& delete_begin, const base::Time& delete_end) {
   NOTIMPLEMENTED();
 }
 
 void PasswordStoreMac::GetLoginsImpl(GetLoginsRequest* request,
                                      const webkit_glue::PasswordForm& form) {
-  MacKeychainPasswordFormAdapter keychainAdapter(keychain_.get());
+  MacKeychainPasswordFormAdapter keychain_adapter(keychain_.get());
   std::vector<PasswordForm*> keychain_forms =
-      keychainAdapter.PasswordsMatchingForm(form);
+      keychain_adapter.PasswordsMatchingForm(form);
 
   std::vector<PasswordForm*> database_forms;
   login_metadata_db_->GetLogins(form, &database_forms);
 
   std::vector<PasswordForm*> merged_forms;
   internal_keychain_helpers::MergePasswordForms(&keychain_forms,
                                                 &database_forms,
                                                 &merged_forms);
 
   // Clean up any orphaned database entries.
@@ skipping 14 matching lines @@
 
 void PasswordStoreMac::GetAllAutofillableLoginsImpl(GetLoginsRequest* request) {
   NOTIMPLEMENTED();
 }
 
 bool PasswordStoreMac::AddToKeychainIfNecessary(const PasswordForm& form) {
   if (form.blacklisted_by_user) {
     return true;
   }
   MacKeychainPasswordFormAdapter keychainAdapter(keychain_.get());
-  return keychainAdapter.AddLogin(form);
+  return keychainAdapter.AddPassword(form);
 }
+
+bool PasswordStoreMac::DatabaseHasFormMatchingKeychainForm(
+    const webkit_glue::PasswordForm& form) {
+  bool has_match = false;
+  std::vector<PasswordForm*> database_forms;
+  login_metadata_db_->GetLogins(form, &database_forms);
+  for (std::vector<PasswordForm*>::iterator i = database_forms.begin();
+       i != database_forms.end(); ++i) {
+    if (internal_keychain_helpers::FormsMatchForMerge(form, **i) &&
+        (*i)->origin == form.origin) {
+      has_match = true;
+      break;
+    }
+  }
+  STLDeleteElements(&database_forms);
+  return has_match;
+}