Check USB device path access when prompting users to select a device.
[chromium-blink-merge.git] / chrome / browser / password_manager / password_store_factory.cc
blobfba3d006ed0236949734a869026156461846ec26
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/password_manager/password_store_factory.h"
7 #include "base/command_line.h"
8 #include "base/environment.h"
9 #include "base/metrics/histogram_macros.h"
10 #include "base/prefs/pref_service.h"
11 #include "chrome/browser/password_manager/password_manager_util.h"
12 #include "chrome/browser/password_manager/sync_metrics.h"
13 #include "chrome/browser/profiles/incognito_helpers.h"
14 #include "chrome/browser/profiles/profile.h"
15 #include "chrome/browser/sync/glue/sync_start_util.h"
16 #include "chrome/browser/webdata/web_data_service_factory.h"
17 #include "chrome/common/chrome_constants.h"
18 #include "chrome/common/chrome_switches.h"
19 #include "components/keyed_service/content/browser_context_dependency_manager.h"
20 #include "components/os_crypt/os_crypt_switches.h"
21 #include "components/password_manager/core/browser/affiliated_match_helper.h"
22 #include "components/password_manager/core/browser/affiliation_service.h"
23 #include "components/password_manager/core/browser/affiliation_utils.h"
24 #include "components/password_manager/core/browser/login_database.h"
25 #include "components/password_manager/core/browser/password_store.h"
26 #include "components/password_manager/core/browser/password_store_default.h"
27 #include "components/password_manager/core/common/password_manager_pref_names.h"
28 #include "components/pref_registry/pref_registry_syncable.h"
29 #include "content/public/browser/browser_thread.h"
31 #if defined(OS_WIN)
32 #include "chrome/browser/password_manager/password_store_win.h"
33 #include "components/password_manager/core/browser/webdata/password_web_data_service_win.h"
34 #elif defined(OS_MACOSX)
35 #include "chrome/browser/password_manager/password_store_mac.h"
36 #include "crypto/apple_keychain.h"
37 #include "crypto/mock_apple_keychain.h"
38 #elif defined(OS_CHROMEOS) || defined(OS_ANDROID)
39 // Don't do anything. We're going to use the default store.
40 #elif defined(USE_X11)
41 #include "base/nix/xdg_util.h"
42 #if defined(USE_GNOME_KEYRING)
43 #include "chrome/browser/password_manager/native_backend_gnome_x.h"
44 #endif
45 #if defined(USE_LIBSECRET)
46 #include "base/metrics/field_trial.h"
47 #include "chrome/browser/password_manager/native_backend_libsecret.h"
48 #endif
49 #include "chrome/browser/password_manager/native_backend_kwallet_x.h"
50 #include "chrome/browser/password_manager/password_store_x.h"
51 #endif
53 using password_manager::PasswordStore;
55 namespace {
57 #if !defined(OS_CHROMEOS) && defined(USE_X11)
58 const LocalProfileId kInvalidLocalProfileId =
59 static_cast<LocalProfileId>(0);
60 #endif
62 #if defined(USE_LIBSECRET)
63 const char kLibsecretFieldTrialName[] = "Libsecret";
64 const char kLibsecretFieldTrialDisabledGroupName[] = "Disabled";
65 #endif
67 void ReportOsPassword(password_manager_util::OsPasswordStatus status) {
68 UMA_HISTOGRAM_ENUMERATION("PasswordManager.OsPasswordStatus",
69 status,
70 password_manager_util::MAX_PASSWORD_STATUS);
73 void DelayReportOsPassword() {
74 // Avoid checking OS password until later on in browser startup
75 // since it calls a few Windows APIs.
76 content::BrowserThread::PostDelayedTask(
77 content::BrowserThread::UI,
78 FROM_HERE,
79 base::Bind(&password_manager_util::GetOsPasswordStatus,
80 base::Bind(&ReportOsPassword)),
81 base::TimeDelta::FromSeconds(40));
84 } // namespace
87 PasswordStoreService::PasswordStoreService(
88 scoped_refptr<PasswordStore> password_store)
89 : password_store_(password_store) {}
91 PasswordStoreService::~PasswordStoreService() {}
93 scoped_refptr<PasswordStore> PasswordStoreService::GetPasswordStore() {
94 return password_store_;
97 void PasswordStoreService::Shutdown() {
98 if (password_store_.get())
99 password_store_->Shutdown();
102 // static
103 scoped_refptr<PasswordStore> PasswordStoreFactory::GetForProfile(
104 Profile* profile,
105 ServiceAccessType sat) {
106 if (sat == ServiceAccessType::IMPLICIT_ACCESS && profile->IsOffTheRecord()) {
107 NOTREACHED() << "This profile is OffTheRecord";
108 return nullptr;
111 PasswordStoreFactory* factory = GetInstance();
112 PasswordStoreService* service = static_cast<PasswordStoreService*>(
113 factory->GetServiceForBrowserContext(profile, true));
114 if (!service)
115 return nullptr;
116 return service->GetPasswordStore();
119 // static
120 PasswordStoreFactory* PasswordStoreFactory::GetInstance() {
121 return Singleton<PasswordStoreFactory>::get();
124 PasswordStoreFactory::PasswordStoreFactory()
125 : BrowserContextKeyedServiceFactory(
126 "PasswordStore",
127 BrowserContextDependencyManager::GetInstance()) {
128 DependsOn(WebDataServiceFactory::GetInstance());
131 PasswordStoreFactory::~PasswordStoreFactory() {}
133 #if !defined(OS_CHROMEOS) && defined(USE_X11)
134 LocalProfileId PasswordStoreFactory::GetLocalProfileId(
135 PrefService* prefs) const {
136 LocalProfileId id =
137 prefs->GetInteger(password_manager::prefs::kLocalProfileId);
138 if (id == kInvalidLocalProfileId) {
139 // Note that there are many more users than this. Thus, by design, this is
140 // not a unique id. However, it is large enough that it is very unlikely
141 // that it would be repeated twice on a single machine. It is still possible
142 // for that to occur though, so the potential results of it actually
143 // happening should be considered when using this value.
144 static const LocalProfileId kLocalProfileIdMask =
145 static_cast<LocalProfileId>((1 << 24) - 1);
146 do {
147 id = rand() & kLocalProfileIdMask;
148 // TODO(mdm): scan other profiles to make sure they are not using this id?
149 } while (id == kInvalidLocalProfileId);
150 prefs->SetInteger(password_manager::prefs::kLocalProfileId, id);
152 return id;
154 #endif
156 KeyedService* PasswordStoreFactory::BuildServiceInstanceFor(
157 content::BrowserContext* context) const {
158 DelayReportOsPassword();
159 Profile* profile = static_cast<Profile*>(context);
161 // Given that LoginDatabase::Init() takes ~100ms on average; it will be called
162 // by PasswordStore::Init() on the background thread to avoid UI jank.
163 base::FilePath login_db_file_path = profile->GetPath();
164 login_db_file_path = login_db_file_path.Append(chrome::kLoginDataFileName);
165 scoped_ptr<password_manager::LoginDatabase> login_db(
166 new password_manager::LoginDatabase(login_db_file_path));
168 scoped_refptr<base::SingleThreadTaskRunner> main_thread_runner(
169 base::MessageLoopProxy::current());
170 scoped_refptr<base::SingleThreadTaskRunner> db_thread_runner(
171 content::BrowserThread::GetMessageLoopProxyForThread(
172 content::BrowserThread::DB));
174 scoped_refptr<PasswordStore> ps;
175 #if defined(OS_WIN)
176 ps = new PasswordStoreWin(main_thread_runner, db_thread_runner,
177 login_db.Pass(),
178 WebDataServiceFactory::GetPasswordWebDataForProfile(
179 profile, ServiceAccessType::EXPLICIT_ACCESS));
180 #elif defined(OS_MACOSX)
181 scoped_ptr<crypto::AppleKeychain> keychain(
182 base::CommandLine::ForCurrentProcess()->HasSwitch(
183 os_crypt::switches::kUseMockKeychain)
184 ? new crypto::MockAppleKeychain()
185 : new crypto::AppleKeychain());
186 ps = new PasswordStoreMac(main_thread_runner, db_thread_runner,
187 keychain.Pass(), login_db.Pass());
188 #elif defined(OS_CHROMEOS) || defined(OS_ANDROID)
189 // For now, we use PasswordStoreDefault. We might want to make a native
190 // backend for PasswordStoreX (see below) in the future though.
191 ps = new password_manager::PasswordStoreDefault(
192 main_thread_runner, db_thread_runner, login_db.Pass());
193 #elif defined(USE_X11)
194 // On POSIX systems, we try to use the "native" password management system of
195 // the desktop environment currently running, allowing GNOME Keyring in XFCE.
196 // (In all cases we fall back on the basic store in case of failure.)
197 base::nix::DesktopEnvironment desktop_env = GetDesktopEnvironment();
198 base::nix::DesktopEnvironment used_desktop_env;
199 std::string store_type =
200 base::CommandLine::ForCurrentProcess()->GetSwitchValueASCII(
201 switches::kPasswordStore);
202 LinuxBackendUsed used_backend = PLAINTEXT;
203 if (store_type == "kwallet") {
204 used_desktop_env = base::nix::DESKTOP_ENVIRONMENT_KDE4;
205 } else if (store_type == "gnome") {
206 used_desktop_env = base::nix::DESKTOP_ENVIRONMENT_GNOME;
207 } else if (store_type == "basic") {
208 used_desktop_env = base::nix::DESKTOP_ENVIRONMENT_OTHER;
209 } else {
210 // Detect the store to use automatically.
211 used_desktop_env = desktop_env;
212 const char* name = base::nix::GetDesktopEnvironmentName(desktop_env);
213 VLOG(1) << "Password storage detected desktop environment: "
214 << (name ? name : "(unknown)");
217 PrefService* prefs = profile->GetPrefs();
218 LocalProfileId id = GetLocalProfileId(prefs);
220 scoped_ptr<PasswordStoreX::NativeBackend> backend;
221 if (used_desktop_env == base::nix::DESKTOP_ENVIRONMENT_KDE4) {
222 // KDE3 didn't use DBus, which our KWallet store uses.
223 VLOG(1) << "Trying KWallet for password storage.";
224 backend.reset(new NativeBackendKWallet(id));
225 if (backend->Init()) {
226 VLOG(1) << "Using KWallet for password storage.";
227 used_backend = KWALLET;
228 } else
229 backend.reset();
230 } else if (used_desktop_env == base::nix::DESKTOP_ENVIRONMENT_GNOME ||
231 used_desktop_env == base::nix::DESKTOP_ENVIRONMENT_UNITY ||
232 used_desktop_env == base::nix::DESKTOP_ENVIRONMENT_XFCE) {
233 #if defined(USE_LIBSECRET)
234 if (base::FieldTrialList::FindFullName(kLibsecretFieldTrialName) !=
235 kLibsecretFieldTrialDisabledGroupName) {
236 VLOG(1) << "Trying libsecret for password storage.";
237 backend.reset(new NativeBackendLibsecret(id));
238 if (backend->Init()) {
239 VLOG(1) << "Using libsecret keyring for password storage.";
240 used_backend = LIBSECRET;
241 } else
242 backend.reset();
244 #endif // defined(USE_LIBSECRET)
245 if (!backend.get()) {
246 #if defined(USE_GNOME_KEYRING)
247 VLOG(1) << "Trying GNOME keyring for password storage.";
248 backend.reset(new NativeBackendGnome(id));
249 if (backend->Init()) {
250 VLOG(1) << "Using GNOME keyring for password storage.";
251 used_backend = GNOME_KEYRING;
252 } else
253 backend.reset();
254 #endif // defined(USE_GNOME_KEYRING)
258 if (!backend.get()) {
259 LOG(WARNING) << "Using basic (unencrypted) store for password storage. "
260 "See http://code.google.com/p/chromium/wiki/LinuxPasswordStorage for "
261 "more information about password storage options.";
264 ps = new PasswordStoreX(main_thread_runner, db_thread_runner, login_db.Pass(),
265 backend.release());
266 RecordBackendStatistics(desktop_env, store_type, used_backend);
267 #elif defined(USE_OZONE)
268 ps = new password_manager::PasswordStoreDefault(
269 main_thread_runner, db_thread_runner, login_db.Pass());
270 #else
271 NOTIMPLEMENTED();
272 #endif
273 if (!ps.get() ||
274 !ps->Init(
275 sync_start_util::GetFlareForSyncableService(profile->GetPath()))) {
276 NOTREACHED() << "Could not initialize password manager.";
277 return nullptr;
280 base::CommandLine* command_line = base::CommandLine::ForCurrentProcess();
281 if (password_manager::IsAffiliationBasedMatchingEnabled(*command_line)) {
282 // The PasswordStore is so far the only consumer of the AffiliationService,
283 // therefore the service is owned by the AffiliatedMatchHelper, which in
284 // turn is owned by the PasswordStore.
285 // TODO(engedy): Double-check which request context we want.
286 scoped_ptr<password_manager::AffiliationService> affiliation_service(
287 new password_manager::AffiliationService(db_thread_runner));
288 affiliation_service->Initialize(
289 profile->GetRequestContext(),
290 profile->GetPath().Append(chrome::kAffiliationDatabaseFileName));
291 scoped_ptr<password_manager::AffiliatedMatchHelper> affiliated_match_helper(
292 new password_manager::AffiliatedMatchHelper(
293 ps.get(), affiliation_service.Pass()));
294 affiliated_match_helper->Initialize();
295 ps->SetAffiliatedMatchHelper(affiliated_match_helper.Pass());
298 return new PasswordStoreService(ps);
301 void PasswordStoreFactory::RegisterProfilePrefs(
302 user_prefs::PrefRegistrySyncable* registry) {
303 #if !defined(OS_CHROMEOS) && defined(USE_X11)
304 // Notice that the preprocessor conditions above are exactly those that will
305 // result in using PasswordStoreX in BuildServiceInstanceFor().
306 registry->RegisterIntegerPref(
307 password_manager::prefs::kLocalProfileId,
308 kInvalidLocalProfileId,
309 user_prefs::PrefRegistrySyncable::UNSYNCABLE_PREF);
310 #endif
313 content::BrowserContext* PasswordStoreFactory::GetBrowserContextToUse(
314 content::BrowserContext* context) const {
315 return chrome::GetBrowserContextRedirectedInIncognito(context);
318 bool PasswordStoreFactory::ServiceIsNULLWhileTesting() const {
319 return true;
322 #if defined(USE_X11)
323 base::nix::DesktopEnvironment PasswordStoreFactory::GetDesktopEnvironment() {
324 scoped_ptr<base::Environment> env(base::Environment::Create());
325 return base::nix::GetDesktopEnvironment(env.get());
328 void PasswordStoreFactory::RecordBackendStatistics(
329 base::nix::DesktopEnvironment desktop_env,
330 const std::string& command_line_flag,
331 LinuxBackendUsed used_backend) {
332 LinuxBackendUsage usage = OTHER_PLAINTEXT;
333 if (desktop_env == base::nix::DESKTOP_ENVIRONMENT_KDE4) {
334 if (command_line_flag == "kwallet") {
335 usage = used_backend == KWALLET ? KDE_KWALLETFLAG_KWALLET
336 : KDE_KWALLETFLAG_PLAINTEXT;
337 } else if (command_line_flag == "gnome") {
338 usage = used_backend == PLAINTEXT
339 ? KDE_GNOMEFLAG_PLAINTEXT
340 : (used_backend == GNOME_KEYRING ? KDE_GNOMEFLAG_KEYRING
341 : KDE_GNOMEFLAG_LIBSECRET);
342 } else if (command_line_flag == "basic") {
343 usage = KDE_BASICFLAG_PLAINTEXT;
344 } else {
345 usage =
346 used_backend == KWALLET ? KDE_NOFLAG_KWALLET : KDE_NOFLAG_PLAINTEXT;
348 } else if (desktop_env == base::nix::DESKTOP_ENVIRONMENT_GNOME ||
349 desktop_env == base::nix::DESKTOP_ENVIRONMENT_UNITY ||
350 desktop_env == base::nix::DESKTOP_ENVIRONMENT_XFCE) {
351 if (command_line_flag == "kwallet") {
352 usage = used_backend == KWALLET ? GNOME_KWALLETFLAG_KWALLET
353 : GNOME_KWALLETFLAG_PLAINTEXT;
354 } else if (command_line_flag == "gnome") {
355 usage = used_backend == PLAINTEXT
356 ? GNOME_GNOMEFLAG_PLAINTEXT
357 : (used_backend == GNOME_KEYRING ? GNOME_GNOMEFLAG_KEYRING
358 : GNOME_GNOMEFLAG_LIBSECRET);
359 } else if (command_line_flag == "basic") {
360 usage = GNOME_BASICFLAG_PLAINTEXT;
361 } else {
362 usage = used_backend == PLAINTEXT
363 ? GNOME_NOFLAG_PLAINTEXT
364 : (used_backend == GNOME_KEYRING ? GNOME_NOFLAG_KEYRING
365 : GNOME_NOFLAG_LIBSECRET);
367 } else {
368 // It is neither Gnome nor KDE environment.
369 switch (used_backend) {
370 case PLAINTEXT:
371 usage = OTHER_PLAINTEXT;
372 break;
373 case KWALLET:
374 usage = OTHER_KWALLET;
375 break;
376 case GNOME_KEYRING:
377 usage = OTHER_KEYRING;
378 break;
379 case LIBSECRET:
380 usage = OTHER_LIBSECRET;
381 break;
384 UMA_HISTOGRAM_ENUMERATION("PasswordManager.LinuxBackendStatistics", usage,
385 MAX_BACKEND_USAGE_VALUE);
387 #endif