| OLD | NEW |
|---|
| 1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CHROME_BROWSER_PASSWORD_MANAGER_PASSWORD_STORE_MAC_INTERNAL_H_ | 5 #ifndef CHROME_BROWSER_PASSWORD_MANAGER_PASSWORD_STORE_MAC_INTERNAL_H_ |
| 6 #define CHROME_BROWSER_PASSWORD_MANAGER_PASSWORD_STORE_MAC_INTERNAL_H_ | 6 #define CHROME_BROWSER_PASSWORD_MANAGER_PASSWORD_STORE_MAC_INTERNAL_H_ |
| 7 | 7 |
| 8 #include <Security/Security.h> | 8 #include <Security/Security.h> |
| 9 | 9 |
| 10 #include <string> | 10 #include <string> |
| (...skipping 19 matching lines...) Expand all Loading... |
| 30 // Returns the PasswordForm for the Keychain entry that matches |form| on all | 30 // Returns the PasswordForm for the Keychain entry that matches |form| on all |
| 31 // of the fields that uniquely identify a Keychain item, or NULL if there is | 31 // of the fields that uniquely identify a Keychain item, or NULL if there is |
| 32 // no such entry. | 32 // no such entry. |
| 33 // Caller is responsible for deleting the returned form. | 33 // Caller is responsible for deleting the returned form. |
| 34 webkit_glue::PasswordForm* PasswordExactlyMatchingForm( | 34 webkit_glue::PasswordForm* PasswordExactlyMatchingForm( |
| 35 const webkit_glue::PasswordForm& query_form); | 35 const webkit_glue::PasswordForm& query_form); |
| 36 | 36 |
| 37 // Creates a new keychain entry from |form|, or updates the password of an | 37 // Creates a new keychain entry from |form|, or updates the password of an |
| 38 // existing keychain entry if there is a collision. Returns true if a keychain | 38 // existing keychain entry if there is a collision. Returns true if a keychain |
| 39 // entry was successfully added/updated. | 39 // entry was successfully added/updated. |
| 40 bool AddLogin(const webkit_glue::PasswordForm& form); | 40 bool AddPassword(const webkit_glue::PasswordForm& form); |
| 41 |
| 42 // Removes the keychain password matching |form| if any. Returns true if a |
| 43 // keychain item was found and successfully removed. |
| 44 bool RemovePassword(const webkit_glue::PasswordForm& form); |
| 45 |
| 46 // Controls whether or not Chrome will restrict Keychain searches to items |
| 47 // that it created. Defaults to false. |
| 48 void SetFindsOnlyOwnedItems(bool finds_only_owned); |
| 41 | 49 |
| 42 private: | 50 private: |
| 43 // Returns PasswordForms constructed from the given Keychain items. | 51 // Returns PasswordForms constructed from the given Keychain items. |
| 44 // Caller is responsible for deleting the returned forms. | 52 // Caller is responsible for deleting the returned forms. |
| 45 std::vector<webkit_glue::PasswordForm*> CreateFormsFromKeychainItems( | 53 std::vector<webkit_glue::PasswordForm*> CreateFormsFromKeychainItems( |
| 46 const std::vector<SecKeychainItemRef>& items); | 54 const std::vector<SecKeychainItemRef>& items); |
| 47 | 55 |
| 48 // Searches |keychain| for all items usable for the given form, and returns | 56 // Searches |keychain| for all items usable for the given form, and returns |
| 49 // them. The caller is responsible for calling MacKeychain::Free on the | 57 // them. The caller is responsible for calling MacKeychain::Free on the |
| 50 // returned items. | 58 // returned items. |
| 51 std::vector<SecKeychainItemRef> KeychainItemsForFillingForm( | 59 std::vector<SecKeychainItemRef> KeychainItemsForFillingForm( |
| 52 const webkit_glue::PasswordForm& form); | 60 const webkit_glue::PasswordForm& form); |
| 53 | 61 |
| 54 // Searches |keychain| for the specific keychain entry that corresponds to the | 62 // Searches |keychain| for the specific keychain entry that corresponds to the |
| 55 // given form, and returns it (or NULL if no match is found). The caller is | 63 // given form, and returns it (or NULL if no match is found). The caller is |
| 56 // responsible for calling MacKeychain::Free on on the returned item. | 64 // responsible for calling MacKeychain::Free on on the returned item. |
| 57 SecKeychainItemRef KeychainItemForForm( | 65 SecKeychainItemRef KeychainItemForForm( |
| 58 const webkit_glue::PasswordForm& form); | 66 const webkit_glue::PasswordForm& form); |
| 59 | 67 |
| 60 // Returns the Keychain items matching the given signon_realm, scheme, and | 68 // Returns the Keychain items matching the given signon_realm, scheme, and |
| 61 // optionally path and username (either of both can be NULL). | 69 // optionally path and username (either of both can be NULL). |
| 62 // them. The caller is responsible for calling MacKeychain::Free on the | 70 // The caller is responsible for calling MacKeychain::Free on the |
| 63 // returned items. | 71 // returned items. |
| 64 std::vector<SecKeychainItemRef> MatchingKeychainItems( | 72 std::vector<SecKeychainItemRef> MatchingKeychainItems( |
| 65 const std::string& signon_realm, webkit_glue::PasswordForm::Scheme scheme, | 73 const std::string& signon_realm, webkit_glue::PasswordForm::Scheme scheme, |
| 66 const char* path, const char* username); | 74 const char* path, const char* username); |
| 67 | 75 |
| 68 // Takes a PasswordForm's signon_realm and parses it into its component parts, | 76 // Takes a PasswordForm's signon_realm and parses it into its component parts, |
| 69 // which are returned though the appropriate out parameters. | 77 // which are returned though the appropriate out parameters. |
| 70 // Returns true if it can be successfully parsed, in which case all out params | 78 // Returns true if it can be successfully parsed, in which case all out params |
| 71 // that are non-NULL will be set. If there is no port, port will be 0. | 79 // that are non-NULL will be set. If there is no port, port will be 0. |
| 72 // If the return value is false, the state of the out params is undefined. | 80 // If the return value is false, the state of the out params is undefined. |
| (...skipping 11 matching lines...) Expand all Loading... |
| 84 bool SetKeychainItemPassword(const SecKeychainItemRef& keychain_item, | 92 bool SetKeychainItemPassword(const SecKeychainItemRef& keychain_item, |
| 85 const std::string& password); | 93 const std::string& password); |
| 86 | 94 |
| 87 // Sets the creator code of keychain_item to creator_code; returns true if the | 95 // Sets the creator code of keychain_item to creator_code; returns true if the |
| 88 // creator code was successfully set. | 96 // creator code was successfully set. |
| 89 bool SetKeychainItemCreatorCode(const SecKeychainItemRef& keychain_item, | 97 bool SetKeychainItemCreatorCode(const SecKeychainItemRef& keychain_item, |
| 90 OSType creator_code); | 98 OSType creator_code); |
| 91 | 99 |
| 92 MacKeychain* keychain_; | 100 MacKeychain* keychain_; |
| 93 | 101 |
| 102 // If true, Keychain searches are restricted to items created by Chrome. |
| 103 bool finds_only_owned_; |
| 104 |
| 94 DISALLOW_COPY_AND_ASSIGN(MacKeychainPasswordFormAdapter); | 105 DISALLOW_COPY_AND_ASSIGN(MacKeychainPasswordFormAdapter); |
| 95 }; | 106 }; |
| 96 | 107 |
| 97 namespace internal_keychain_helpers { | 108 namespace internal_keychain_helpers { |
| 98 | 109 |
| 99 // Sets the fields of |form| based on the keychain data from |keychain_item|. | 110 // Sets the fields of |form| based on the keychain data from |keychain_item|. |
| 100 // Fields that can't be determined from |keychain_item| will be unchanged. | 111 // Fields that can't be determined from |keychain_item| will be unchanged. |
| 101 // | 112 // |
| 102 // IMPORTANT: This function can cause the OS to trigger UI (to allow access to | 113 // IMPORTANT: This function can cause the OS to trigger UI (to allow access to |
| 103 // the keychain item if we aren't trusted for the item), and block until the UI | 114 // the keychain item if we aren't trusted for the item), and block until the UI |
| 104 // is dismissed. | 115 // is dismissed. |
| 105 // | 116 // |
| 106 // If excessive prompting for access to other applications' keychain items | 117 // If excessive prompting for access to other applications' keychain items |
| 107 // becomes an issue, the password storage API will need to be refactored to | 118 // becomes an issue, the password storage API will need to be refactored to |
| 108 // allow the password to be retrieved later (accessing other fields doesn't | 119 // allow the password to be retrieved later (accessing other fields doesn't |
| 109 // require authorization). | 120 // require authorization). |
| 110 bool FillPasswordFormFromKeychainItem(const MacKeychain& keychain, | 121 bool FillPasswordFormFromKeychainItem(const MacKeychain& keychain, |
| 111 const SecKeychainItemRef& keychain_item, | 122 const SecKeychainItemRef& keychain_item, |
| 112 webkit_glue::PasswordForm* form); | 123 webkit_glue::PasswordForm* form); |
| 113 | 124 |
| 114 // Returns true if the two given forms match based on signon_reaml, scheme, and | 125 // Returns true if the two given forms match based on signon_reaml, scheme, and |
| 115 // username_value, and are thus suitable for merging (see MergePasswordForms). | 126 // username_value, and are thus suitable for merging (see MergePasswordForms). |
| 116 // If this returns true, and path_matches is non-NULL, *path_matches will be set | |
| 117 // based on whether the full origin matches as well. | |
| 118 bool FormsMatchForMerge(const webkit_glue::PasswordForm& form_a, | 127 bool FormsMatchForMerge(const webkit_glue::PasswordForm& form_a, |
| 119 const webkit_glue::PasswordForm& form_b, | 128 const webkit_glue::PasswordForm& form_b); |
| 120 bool* path_matches); | |
| 121 | 129 |
| 122 // Populates merged_forms by combining the password data from keychain_forms and | 130 // Populates merged_forms by combining the password data from keychain_forms and |
| 123 // the metadata from database_forms, removing used entries from the two source | 131 // the metadata from database_forms, removing used entries from the two source |
| 124 // lists. | 132 // lists. |
| 125 // | 133 // |
| 126 // On return, database_forms and keychain_forms will have only unused | 134 // On return, database_forms and keychain_forms will have only unused |
| 127 // entries; for database_forms that means entries for which no corresponding | 135 // entries; for database_forms that means entries for which no corresponding |
| 128 // password can be found (and which aren't blacklist entries), but for | 136 // password can be found (and which aren't blacklist entries), but for |
| 129 // keychain_forms it's only entries we explicitly choose not to use (e.g., | 137 // keychain_forms it's only entries we explicitly choose not to use (e.g., |
| 130 // blacklist entries from other browsers). Keychain entries that we have no | 138 // blacklist entries from other browsers). Keychain entries that we have no |
| 131 // database matches for will still end up in merged_forms, since they have | 139 // database matches for will still end up in merged_forms, since they have |
| 132 // enough information to be used as imported passwords. | 140 // enough information to be used as imported passwords. |
| 133 void MergePasswordForms(std::vector<webkit_glue::PasswordForm*>* keychain_forms, | 141 void MergePasswordForms(std::vector<webkit_glue::PasswordForm*>* keychain_forms, |
| 134 std::vector<webkit_glue::PasswordForm*>* database_forms, | 142 std::vector<webkit_glue::PasswordForm*>* database_forms, |
| 135 std::vector<webkit_glue::PasswordForm*>* merged_forms); | 143 std::vector<webkit_glue::PasswordForm*>* merged_forms); |
| 136 | 144 |
| 137 } // internal_keychain_helpers | 145 } // internal_keychain_helpers |
| 138 | 146 |
| 139 #endif // CHROME_BROWSER_PASSWORD_MANAGER_PASSWORD_STORE_MAC_INTERNAL_H_ | 147 #endif // CHROME_BROWSER_PASSWORD_MANAGER_PASSWORD_STORE_MAC_INTERNAL_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 155451:
Support individual Keychain item deletion (Closed)
