components/os_crypt/key_storage_libsecret.cc - Issue 2273723002: Migrate Libsecret for OSCrypt to a new schema

Side by Side Diff: components/os_crypt/key_storage_libsecret.cc

Issue 2273723002: Migrate Libsecret for OSCrypt to a new schema (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: fixed generated password's attributes Created 4 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« components/os_crypt/key_storage_libsecret.h ('K') | « components/os_crypt/key_storage_libsecret.h ('k') | components/os_crypt/os_crypt_util_linux_unittest.cc » ('j') | components/os_crypt/os_crypt_util_linux_unittest.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright 2016 The Chromium Authors. All rights reserved.	1 // Copyright 2016 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "components/os_crypt/key_storage_libsecret.h"	5 #include "components/os_crypt/key_storage_libsecret.h"

6	6

7 #include "base/base64.h"	7 #include "base/base64.h"

8 #include "base/rand_util.h"	8 #include "base/rand_util.h"

9 #include "base/strings/string_number_conversions.h"	9 #include "base/strings/string_number_conversions.h"

10 #include "components/os_crypt/libsecret_util_linux.h"	10 #include "components/os_crypt/libsecret_util_linux.h"

11	11

12 namespace {	12 namespace {

13	13

14 const SecretSchema kKeystoreSchema = {	14 const SecretSchema kDeprecatedSchema = {
	Lei Zhang 2016/08/26 21:33:56 Let's call this kKeystoreSchemaV1. (and add a comm Let's call this kKeystoreSchemaV1. (and add a comment to say deprecated in M55) Name the new schema kKeystoreSchemaV2, because if we ever deprecate V2, we don't want to have to name a schema kTheOtherDeprecatedSchema. cfroussios 2016/08/29 09:58:42 Done. Show quoted text On 2016/08/26 21:33:56, Lei Zhang wrote: > Let's call this kKeystoreSchemaV1. (and add a comment to say deprecated in M55) > Name the new schema kKeystoreSchemaV2, because if we ever deprecate V2, we don't > want to have to name a schema kTheOtherDeprecatedSchema. Done.
15 "chrome_libsecret_os_crypt_password",	15 "chrome_libsecret_os_crypt_password",

16 SECRET_SCHEMA_NONE,	16 SECRET_SCHEMA_NONE,

17 {	17 {

18 {nullptr, SECRET_SCHEMA_ATTRIBUTE_STRING},	18 {nullptr, SECRET_SCHEMA_ATTRIBUTE_STRING},

19 }};	19 }};

20	20

	21 const SecretSchema kSchema = {

	22 "chrome_libsecret_keyring_os_crypt_password",

	23 SECRET_SCHEMA_DONT_MATCH_NAME,

	24 {

	25 {"application", SECRET_SCHEMA_ATTRIBUTE_STRING},

	26 {nullptr, SECRET_SCHEMA_ATTRIBUTE_STRING},

	27 }};

	28

21 } // namespace	29 } // namespace

22	30

23 std::string KeyStorageLibsecret::AddRandomPasswordInLibsecret() {	31 std::string KeyStorageLibsecret::AddRandomPasswordInLibsecret() {

24 std::string password;	32 std::string password;

25 base::Base64Encode(base::RandBytesAsString(16), &password);	33 base::Base64Encode(base::RandBytesAsString(16), &password);

26 GError* error = nullptr;	34 GError* error = nullptr;

27 LibsecretLoader::secret_password_store_sync(	35 bool success = LibsecretLoader::secret_password_store_sync(

28 &kKeystoreSchema, nullptr, KeyStorageLinux::kKey, password.c_str(),	36 &kSchema, nullptr, KeyStorageLinux::kKey, password.c_str(), nullptr,

29 nullptr, &error, nullptr);	37 &error, "application", "chrome", nullptr);

30	38 if (error \|\| !success) {

31 if (error) {

32 VLOG(1) << "Libsecret lookup failed: " << error->message;	39 VLOG(1) << "Libsecret lookup failed: " << error->message;

33 return std::string();	40 return std::string();

34 }	41 }

	42

	43 VLOG(1) << "OSCrypt generated a new password.";

35 return password;	44 return password;

36 }	45 }

37	46

38 std::string KeyStorageLibsecret::GetKey() {	47 std::string KeyStorageLibsecret::GetKey() {

39 GError* error = nullptr;	48 GError* error = nullptr;

40 LibsecretAttributesBuilder attrs;	49 LibsecretAttributesBuilder attrs;

	50 attrs.Append("application", "chrome");

41 SecretValue* password_libsecret = LibsecretLoader::secret_service_lookup_sync(	51 SecretValue* password_libsecret = LibsecretLoader::secret_service_lookup_sync(

42 nullptr, &kKeystoreSchema, attrs.Get(), nullptr, &error);	52 nullptr, &kSchema, attrs.Get(), nullptr, &error);

43

44 if (error) {	53 if (error) {

45 VLOG(1) << "Libsecret lookup failed: " << error->message;	54 VLOG(1) << "Libsecret lookup failed: " << error->message;

46 g_error_free(error);	55 g_error_free(error);

47 return std::string();	56 return std::string();

48 }	57 }

49 if (!password_libsecret) {	58 if (!password_libsecret) {

	59 std::string password = Migrate();

	60 if (!password.empty())

	61 return password;

50 return AddRandomPasswordInLibsecret();	62 return AddRandomPasswordInLibsecret();

51 }	63 }

52 std::string password(	64 std::string password(

53 LibsecretLoader::secret_value_get_text(password_libsecret));	65 LibsecretLoader::secret_value_get_text(password_libsecret));

54 LibsecretLoader::secret_value_unref(password_libsecret);	66 LibsecretLoader::secret_value_unref(password_libsecret);

55 return password;	67 return password;

56 }	68 }

57	69

58 bool KeyStorageLibsecret::Init() {	70 bool KeyStorageLibsecret::Init() {

59 return LibsecretLoader::EnsureLibsecretLoaded();	71 return LibsecretLoader::EnsureLibsecretLoaded();

60 }	72 }

	73

	74 std::string KeyStorageLibsecret::Migrate() {

	75 GError* error = nullptr;

	76 LibsecretAttributesBuilder attrs;

	77

	78 // Detect old entry.

	79 SecretValue* password_libsecret = LibsecretLoader::secret_service_lookup_sync(

	80 nullptr, &kDeprecatedSchema, attrs.Get(), nullptr, &error);

	81 if (error \|\| !password_libsecret)

	82 return std::string();

	83

	84 VLOG(1) << "OSCrypt detected a deprecated password in Libsecret.";

	85 std::string password(

	86 LibsecretLoader::secret_value_get_text(password_libsecret));

	87

	88 // Create new entry.

	89 bool success = LibsecretLoader::secret_password_store_sync(

	90 &kSchema, nullptr, KeyStorageLinux::kKey, password.c_str(), nullptr,

	91 &error, "application", "chrome", nullptr);

	92 if (error \|\| !success)

	93 return std::string();

	94

	95 // Delete old entry.

	96 success = LibsecretLoader::secret_password_clear_sync(

	97 &kDeprecatedSchema, nullptr, &error, nullptr);

	98 // Even if deletion failed, we have to use the password that we created.
	Lei Zhang 2016/08/26 21:33:56 Move this to between lines 95-96. Move this to between lines 95-96. cfroussios 2016/08/29 09:58:42 Done. Show quoted text On 2016/08/26 21:33:56, Lei Zhang wrote: > Move this to between lines 95-96. Done.
	99

	100 VLOG(1) << "OSCrypt migrated from deprecated password.";

	101

	102 return password;

	103 }

OLD	NEW