1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/password_manager/password_store_x.h"
11 #include "base/bind.h"
12 #include "base/logging.h"
13 #include "base/prefs/pref_service.h"
14 #include "base/stl_util.h"
15 #include "chrome/browser/chrome_notification_types.h"
16 #include "components/password_manager/core/browser/password_store_change.h"
17 #include "components/password_manager/core/common/password_manager_pref_names.h"
18 #include "components/pref_registry/pref_registry_syncable.h"
19 #include "content/public/browser/browser_thread.h"
20 #include "content/public/browser/notification_service.h"
22 using autofill::PasswordForm
;
23 using content::BrowserThread
;
24 using password_manager::PasswordStoreChange
;
25 using password_manager::PasswordStoreChangeList
;
26 using password_manager::PasswordStoreDefault
;
30 bool AddLoginToBackend(const scoped_ptr
<PasswordStoreX::NativeBackend
>& backend
,
31 const PasswordForm
& form
,
32 PasswordStoreChangeList
* changes
) {
33 *changes
= backend
->AddLogin(form
);
34 return (!changes
->empty() &&
35 changes
->back().type() == PasswordStoreChange::ADD
);
40 PasswordStoreX::PasswordStoreX(
41 scoped_refptr
<base::SingleThreadTaskRunner
> main_thread_runner
,
42 scoped_refptr
<base::SingleThreadTaskRunner
> db_thread_runner
,
43 scoped_ptr
<password_manager::LoginDatabase
> login_db
,
44 NativeBackend
* backend
)
45 : PasswordStoreDefault(main_thread_runner
,
49 migration_checked_(!backend
),
50 allow_fallback_(false) {
53 PasswordStoreX::~PasswordStoreX() {}
55 PasswordStoreChangeList
PasswordStoreX::AddLoginImpl(const PasswordForm
& form
) {
57 PasswordStoreChangeList changes
;
58 if (use_native_backend() && AddLoginToBackend(backend_
, form
, &changes
)) {
59 allow_fallback_
= false;
60 } else if (allow_default_store()) {
61 changes
= PasswordStoreDefault::AddLoginImpl(form
);
66 PasswordStoreChangeList
PasswordStoreX::UpdateLoginImpl(
67 const PasswordForm
& form
) {
69 PasswordStoreChangeList changes
;
70 if (use_native_backend() && backend_
->UpdateLogin(form
, &changes
)) {
71 allow_fallback_
= false;
72 } else if (allow_default_store()) {
73 changes
= PasswordStoreDefault::UpdateLoginImpl(form
);
78 PasswordStoreChangeList
PasswordStoreX::RemoveLoginImpl(
79 const PasswordForm
& form
) {
81 PasswordStoreChangeList changes
;
82 if (use_native_backend() && backend_
->RemoveLogin(form
)) {
83 changes
.push_back(PasswordStoreChange(PasswordStoreChange::REMOVE
, form
));
84 allow_fallback_
= false;
85 } else if (allow_default_store()) {
86 changes
= PasswordStoreDefault::RemoveLoginImpl(form
);
91 PasswordStoreChangeList
PasswordStoreX::RemoveLoginsCreatedBetweenImpl(
92 base::Time delete_begin
,
93 base::Time delete_end
) {
95 PasswordStoreChangeList changes
;
96 if (use_native_backend() &&
97 backend_
->RemoveLoginsCreatedBetween(
98 delete_begin
, delete_end
, &changes
)) {
99 LogStatsForBulkDeletion(changes
.size());
100 allow_fallback_
= false;
101 } else if (allow_default_store()) {
102 changes
= PasswordStoreDefault::RemoveLoginsCreatedBetweenImpl(delete_begin
,
108 PasswordStoreChangeList
PasswordStoreX::RemoveLoginsSyncedBetweenImpl(
109 base::Time delete_begin
,
110 base::Time delete_end
) {
112 PasswordStoreChangeList changes
;
113 if (use_native_backend() &&
114 backend_
->RemoveLoginsSyncedBetween(delete_begin
, delete_end
, &changes
)) {
115 LogStatsForBulkDeletionDuringRollback(changes
.size());
116 allow_fallback_
= false;
117 } else if (allow_default_store()) {
118 changes
= PasswordStoreDefault::RemoveLoginsSyncedBetweenImpl(delete_begin
,
126 struct LoginLessThan
{
127 bool operator()(const PasswordForm
* a
, const PasswordForm
* b
) {
128 return a
->origin
< b
->origin
;
132 // Sorts |list| by origin, like the ORDER BY clause in login_database.cc.
133 void SortLoginsByOrigin(std::vector
<autofill::PasswordForm
*>* list
) {
134 std::sort(list
->begin(), list
->end(), LoginLessThan());
137 } // anonymous namespace
139 ScopedVector
<autofill::PasswordForm
> PasswordStoreX::FillMatchingLogins(
140 const autofill::PasswordForm
& form
,
141 AuthorizationPromptPolicy prompt_policy
) {
143 ScopedVector
<autofill::PasswordForm
> matched_forms
;
144 if (use_native_backend() && backend_
->GetLogins(form
, &matched_forms
)) {
145 SortLoginsByOrigin(&matched_forms
.get());
146 // The native backend may succeed and return no data even while locked, if
147 // the query did not match anything stored. So we continue to allow fallback
148 // until we perform a write operation, or until a read returns actual data.
149 if (!matched_forms
.empty())
150 allow_fallback_
= false;
151 return matched_forms
.Pass();
153 if (allow_default_store())
154 return PasswordStoreDefault::FillMatchingLogins(form
, prompt_policy
);
155 return ScopedVector
<autofill::PasswordForm
>();
158 bool PasswordStoreX::FillAutofillableLogins(
159 ScopedVector
<autofill::PasswordForm
>* forms
) {
161 if (use_native_backend() && backend_
->GetAutofillableLogins(forms
)) {
162 SortLoginsByOrigin(&forms
->get());
163 // See GetLoginsImpl() for why we disallow fallback conditionally here.
165 allow_fallback_
= false;
168 if (allow_default_store())
169 return PasswordStoreDefault::FillAutofillableLogins(forms
);
173 bool PasswordStoreX::FillBlacklistLogins(
174 ScopedVector
<autofill::PasswordForm
>* forms
) {
176 if (use_native_backend() && backend_
->GetBlacklistLogins(forms
)) {
177 // See GetLoginsImpl() for why we disallow fallback conditionally here.
178 SortLoginsByOrigin(&forms
->get());
180 allow_fallback_
= false;
183 if (allow_default_store())
184 return PasswordStoreDefault::FillBlacklistLogins(forms
);
188 void PasswordStoreX::CheckMigration() {
189 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::DB
));
190 if (migration_checked_
|| !backend_
.get())
192 migration_checked_
= true;
193 ssize_t migrated
= MigrateLogins();
195 VLOG(1) << "Migrated " << migrated
<< " passwords to native store.";
196 } else if (migrated
== 0) {
197 // As long as we are able to migrate some passwords, we know the native
198 // store is working. But if there is nothing to migrate, the "migration"
199 // can succeed even when the native store would fail. In this case we
200 // allow a later fallback to the default store. Once any later operation
201 // succeeds on the native store, we will no longer allow fallback.
202 allow_fallback_
= true;
204 LOG(WARNING
) << "Native password store migration failed! " <<
205 "Falling back on default (unencrypted) store.";
210 bool PasswordStoreX::allow_default_store() {
211 if (allow_fallback_
) {
212 LOG(WARNING
) << "Native password store failed! " <<
213 "Falling back on default (unencrypted) store.";
215 // Don't warn again. We'll use the default store because backend_ is NULL.
216 allow_fallback_
= false;
218 return !backend_
.get();
221 ssize_t
PasswordStoreX::MigrateLogins() {
222 DCHECK(backend_
.get());
223 ScopedVector
<autofill::PasswordForm
> forms
;
224 ScopedVector
<autofill::PasswordForm
> blacklist_forms
;
225 bool ok
= PasswordStoreDefault::FillAutofillableLogins(&forms
) &&
226 PasswordStoreDefault::FillBlacklistLogins(&blacklist_forms
);
227 forms
.reserve(forms
.size() + blacklist_forms
.size());
228 forms
.insert(forms
.end(), blacklist_forms
.begin(), blacklist_forms
.end());
229 blacklist_forms
.weak_clear();
231 // We add all the passwords (and blacklist entries) to the native backend
232 // before attempting to remove any from the login database, to make sure we
233 // don't somehow end up with some of the passwords in one store and some in
234 // another. We'll always have at least one intact store this way.
235 for (size_t i
= 0; i
< forms
.size(); ++i
) {
236 PasswordStoreChangeList changes
;
237 if (!AddLoginToBackend(backend_
, *forms
[i
], &changes
)) {
243 for (size_t i
= 0; i
< forms
.size(); ++i
) {
244 // If even one of these calls to RemoveLoginImpl() succeeds, then we
245 // should prefer the native backend to the now-incomplete login
246 // database. Thus we want to return a success status even in the case
247 // where some fail. The only real problem with this is that we might
248 // leave passwords in the login database and never come back to clean
249 // them out if any of these calls do fail.
250 PasswordStoreDefault::RemoveLoginImpl(*forms
[i
]);
252 // Finally, delete the database file itself. We remove the passwords from
253 // it before deleting the file just in case there is some problem deleting
254 // the file (e.g. directory is not writable, but file is), which would
255 // otherwise cause passwords to re-migrate next (or maybe every) time.
256 DeleteAndRecreateDatabaseFile();
259 ssize_t result
= ok
? forms
.size() : -1;