| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/signin/local_auth.h" | 5 #include "chrome/browser/signin/local_auth.h" |
| 6 | 6 |
| 7 #include "base/base64.h" | 7 #include "base/base64.h" |
| 8 #include "base/logging.h" | 8 #include "base/logging.h" |
| 9 #include "base/memory/scoped_ptr.h" | 9 #include "base/memory/scoped_ptr.h" |
| 10 #include "base/metrics/histogram.h" | 10 #include "base/metrics/histogram.h" |
| (...skipping 76 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 87 | 87 |
| 88 // Stored record is base64; convert to binary. | 88 // Stored record is base64; convert to binary. |
| 89 std::string unbase64; | 89 std::string unbase64; |
| 90 if (!base::Base64Decode(encoded.substr(1), &unbase64)) | 90 if (!base::Base64Decode(encoded.substr(1), &unbase64)) |
| 91 return false; | 91 return false; |
| 92 | 92 |
| 93 // Decrypt the record using the OS account-password protection (if available). | 93 // Decrypt the record using the OS account-password protection (if available). |
| 94 return OSCrypt::DecryptString(unbase64, decoded); | 94 return OSCrypt::DecryptString(unbase64, decoded); |
| 95 } | 95 } |
| 96 | 96 |
| 97 size_t GetProfileInfoIndexOfProfile(const Profile* profile) { |
| 98 DCHECK(profile); |
| 99 |
| 100 ProfileInfoCache& info = |
| 101 g_browser_process->profile_manager()->GetProfileInfoCache(); |
| 102 return info.GetIndexOfProfileWithPath(profile->GetPath()); |
| 103 } |
| 104 |
| 97 } // namespace | 105 } // namespace |
| 98 | 106 |
| 99 namespace chrome { | 107 namespace chrome { |
| 100 | 108 |
| 101 void RegisterLocalAuthPrefs(user_prefs::PrefRegistrySyncable* registry) { | 109 void RegisterLocalAuthPrefs(user_prefs::PrefRegistrySyncable* registry) { |
| 102 registry->RegisterStringPref( | 110 registry->RegisterStringPref( |
| 103 prefs::kGoogleServicesPasswordHash, | 111 prefs::kGoogleServicesPasswordHash, |
| 104 std::string(), | 112 std::string(), |
| 105 user_prefs::PrefRegistrySyncable::UNSYNCABLE_PREF); | 113 user_prefs::PrefRegistrySyncable::UNSYNCABLE_PREF); |
| 106 } | 114 } |
| 107 | 115 |
| 108 void SetLocalAuthCredentials(size_t info_index, | 116 void SetLocalAuthCredentials(size_t info_index, |
| 109 const std::string& password) { | 117 const std::string& password) { |
| 118 if (info_index == std::string::npos) { |
| 119 NOTREACHED(); |
| 120 return; |
| 121 } |
| 110 DCHECK(password.length()); | 122 DCHECK(password.length()); |
| 111 | 123 |
| 112 // Salt should be random data, as long as the hash length, and different with | 124 // Salt should be random data, as long as the hash length, and different with |
| 113 // every save. | 125 // every save. |
| 114 std::string salt_str; | 126 std::string salt_str; |
| 115 crypto::RandBytes(WriteInto(&salt_str, kHash1Bytes + 1), kHash1Bytes); | 127 crypto::RandBytes(WriteInto(&salt_str, kHash1Bytes + 1), kHash1Bytes); |
| 116 DCHECK_EQ(kHash1Bytes, salt_str.length()); | 128 DCHECK_EQ(kHash1Bytes, salt_str.length()); |
| 117 | 129 |
| 118 // Perform secure hash of password for storage. | 130 // Perform secure hash of password for storage. |
| 119 std::string password_hash = CreateSecurePasswordHash( | 131 std::string password_hash = CreateSecurePasswordHash( |
| 120 salt_str, password, kHash1Encoding); | 132 salt_str, password, kHash1Encoding); |
| 121 DCHECK_EQ(kHash1Bytes, password_hash.length()); | 133 DCHECK_EQ(kHash1Bytes, password_hash.length()); |
| 122 | 134 |
| 123 // Group all fields into a single record for storage; | 135 // Group all fields into a single record for storage; |
| 124 std::string record; | 136 std::string record; |
| 125 record.append(salt_str); | 137 record.append(salt_str); |
| 126 record.append(password_hash); | 138 record.append(password_hash); |
| 127 | 139 |
| 128 // Encode it and store it. | 140 // Encode it and store it. |
| 129 std::string encoded = EncodePasswordHashRecord(record, kHash1Encoding); | 141 std::string encoded = EncodePasswordHashRecord(record, kHash1Encoding); |
| 130 ProfileInfoCache& info = | 142 ProfileInfoCache& info = |
| 131 g_browser_process->profile_manager()->GetProfileInfoCache(); | 143 g_browser_process->profile_manager()->GetProfileInfoCache(); |
| 132 info.SetLocalAuthCredentialsOfProfileAtIndex(info_index, encoded); | 144 info.SetLocalAuthCredentialsOfProfileAtIndex(info_index, encoded); |
| 133 } | 145 } |
| 134 | 146 |
| 135 void SetLocalAuthCredentials(const Profile* profile, | 147 void SetLocalAuthCredentials(const Profile* profile, |
| 136 const std::string& password) { | 148 const std::string& password) { |
| 137 DCHECK(profile); | 149 SetLocalAuthCredentials(GetProfileInfoIndexOfProfile(profile), password); |
| 138 | |
| 139 ProfileInfoCache& info = | |
| 140 g_browser_process->profile_manager()->GetProfileInfoCache(); | |
| 141 size_t info_index = info.GetIndexOfProfileWithPath(profile->GetPath()); | |
| 142 if (info_index == std::string::npos) { | |
| 143 NOTREACHED(); | |
| 144 return; | |
| 145 } | |
| 146 SetLocalAuthCredentials(info_index, password); | |
| 147 } | 150 } |
| 148 | 151 |
| 149 bool ValidateLocalAuthCredentials(size_t info_index, | 152 bool ValidateLocalAuthCredentials(size_t info_index, |
| 150 const std::string& password) { | 153 const std::string& password) { |
| 154 if (info_index == std::string::npos) { |
| 155 NOTREACHED(); |
| 156 return false; |
| 157 } |
| 158 |
| 151 std::string record; | 159 std::string record; |
| 152 char encoding; | 160 char encoding; |
| 153 | 161 |
| 154 ProfileInfoCache& info = | 162 ProfileInfoCache& info = |
| 155 g_browser_process->profile_manager()->GetProfileInfoCache(); | 163 g_browser_process->profile_manager()->GetProfileInfoCache(); |
| 156 | 164 |
| 157 std::string encodedhash = | 165 std::string encodedhash = |
| 158 info.GetLocalAuthCredentialsOfProfileAtIndex(info_index); | 166 info.GetLocalAuthCredentialsOfProfileAtIndex(info_index); |
| 159 if (encodedhash.length() == 0 && password.length() == 0) | 167 if (encodedhash.length() == 0 && password.length() == 0) |
| 160 return true; | 168 return true; |
| (...skipping 18 matching lines...) Expand all Loading... |
| 179 // unknown encoding | 187 // unknown encoding |
| 180 return false; | 188 return false; |
| 181 } | 189 } |
| 182 | 190 |
| 183 return crypto::SecureMemEqual(password_saved, password_check, | 191 return crypto::SecureMemEqual(password_saved, password_check, |
| 184 password_length); | 192 password_length); |
| 185 } | 193 } |
| 186 | 194 |
| 187 bool ValidateLocalAuthCredentials(const Profile* profile, | 195 bool ValidateLocalAuthCredentials(const Profile* profile, |
| 188 const std::string& password) { | 196 const std::string& password) { |
| 189 DCHECK(profile); | 197 return ValidateLocalAuthCredentials(GetProfileInfoIndexOfProfile(profile), |
| 198 password); |
| 199 } |
| 200 |
| 201 bool LocalAuthCredentialsExist(size_t profile_info_index) { |
| 202 if (profile_info_index == std::string::npos) { |
| 203 NOTREACHED(); |
| 204 return false; |
| 205 } |
| 190 | 206 |
| 191 ProfileInfoCache& info = | 207 ProfileInfoCache& info = |
| 192 g_browser_process->profile_manager()->GetProfileInfoCache(); | 208 g_browser_process->profile_manager()->GetProfileInfoCache(); |
| 193 size_t info_index = info.GetIndexOfProfileWithPath(profile->GetPath()); | 209 |
| 194 if (info_index == std::string::npos) { | 210 std::string encodedhash = |
| 195 NOTREACHED(); // This should never happen but fail safely if it does. | 211 info.GetLocalAuthCredentialsOfProfileAtIndex(profile_info_index); |
| 196 return false; | 212 |
| 197 } | 213 return !encodedhash.empty(); |
| 198 return ValidateLocalAuthCredentials(info_index, password); | 214 } |
| 215 |
| 216 bool LocalAuthCredentialsExist(const Profile* profile) { |
| 217 return LocalAuthCredentialsExist(GetProfileInfoIndexOfProfile(profile)); |
| 199 } | 218 } |
| 200 | 219 |
| 201 } // namespace chrome | 220 } // namespace chrome |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 497783002:
Disable lock if no credentials are present (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src