Check USB device path access when prompting users to select a device.
[chromium-blink-merge.git] / chrome / browser / password_manager / password_store_x.cc
blobf490fb354f33debcecb30b8ebd41f8dcb858dff4
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/password_manager/password_store_x.h"
7 #include <algorithm>
8 #include <map>
9 #include <vector>
11 #include "base/bind.h"
12 #include "base/logging.h"
13 #include "base/prefs/pref_service.h"
14 #include "base/stl_util.h"
15 #include "chrome/browser/chrome_notification_types.h"
16 #include "components/password_manager/core/browser/password_store_change.h"
17 #include "components/password_manager/core/common/password_manager_pref_names.h"
18 #include "components/pref_registry/pref_registry_syncable.h"
19 #include "content/public/browser/browser_thread.h"
20 #include "content/public/browser/notification_service.h"
22 using autofill::PasswordForm;
23 using content::BrowserThread;
24 using password_manager::PasswordStoreChange;
25 using password_manager::PasswordStoreChangeList;
26 using password_manager::PasswordStoreDefault;
28 namespace {
30 bool AddLoginToBackend(const scoped_ptr<PasswordStoreX::NativeBackend>& backend,
31 const PasswordForm& form,
32 PasswordStoreChangeList* changes) {
33 *changes = backend->AddLogin(form);
34 return (!changes->empty() &&
35 changes->back().type() == PasswordStoreChange::ADD);
38 } // namespace
40 PasswordStoreX::PasswordStoreX(
41 scoped_refptr<base::SingleThreadTaskRunner> main_thread_runner,
42 scoped_refptr<base::SingleThreadTaskRunner> db_thread_runner,
43 scoped_ptr<password_manager::LoginDatabase> login_db,
44 NativeBackend* backend)
45 : PasswordStoreDefault(main_thread_runner,
46 db_thread_runner,
47 login_db.Pass()),
48 backend_(backend),
49 migration_checked_(!backend),
50 allow_fallback_(false) {
53 PasswordStoreX::~PasswordStoreX() {}
55 PasswordStoreChangeList PasswordStoreX::AddLoginImpl(const PasswordForm& form) {
56 CheckMigration();
57 PasswordStoreChangeList changes;
58 if (use_native_backend() && AddLoginToBackend(backend_, form, &changes)) {
59 allow_fallback_ = false;
60 } else if (allow_default_store()) {
61 changes = PasswordStoreDefault::AddLoginImpl(form);
63 return changes;
66 PasswordStoreChangeList PasswordStoreX::UpdateLoginImpl(
67 const PasswordForm& form) {
68 CheckMigration();
69 PasswordStoreChangeList changes;
70 if (use_native_backend() && backend_->UpdateLogin(form, &changes)) {
71 allow_fallback_ = false;
72 } else if (allow_default_store()) {
73 changes = PasswordStoreDefault::UpdateLoginImpl(form);
75 return changes;
78 PasswordStoreChangeList PasswordStoreX::RemoveLoginImpl(
79 const PasswordForm& form) {
80 CheckMigration();
81 PasswordStoreChangeList changes;
82 if (use_native_backend() && backend_->RemoveLogin(form)) {
83 changes.push_back(PasswordStoreChange(PasswordStoreChange::REMOVE, form));
84 allow_fallback_ = false;
85 } else if (allow_default_store()) {
86 changes = PasswordStoreDefault::RemoveLoginImpl(form);
88 return changes;
91 PasswordStoreChangeList PasswordStoreX::RemoveLoginsCreatedBetweenImpl(
92 base::Time delete_begin,
93 base::Time delete_end) {
94 CheckMigration();
95 PasswordStoreChangeList changes;
96 if (use_native_backend() &&
97 backend_->RemoveLoginsCreatedBetween(
98 delete_begin, delete_end, &changes)) {
99 LogStatsForBulkDeletion(changes.size());
100 allow_fallback_ = false;
101 } else if (allow_default_store()) {
102 changes = PasswordStoreDefault::RemoveLoginsCreatedBetweenImpl(delete_begin,
103 delete_end);
105 return changes;
108 PasswordStoreChangeList PasswordStoreX::RemoveLoginsSyncedBetweenImpl(
109 base::Time delete_begin,
110 base::Time delete_end) {
111 CheckMigration();
112 PasswordStoreChangeList changes;
113 if (use_native_backend() &&
114 backend_->RemoveLoginsSyncedBetween(delete_begin, delete_end, &changes)) {
115 LogStatsForBulkDeletionDuringRollback(changes.size());
116 allow_fallback_ = false;
117 } else if (allow_default_store()) {
118 changes = PasswordStoreDefault::RemoveLoginsSyncedBetweenImpl(delete_begin,
119 delete_end);
121 return changes;
124 namespace {
126 struct LoginLessThan {
127 bool operator()(const PasswordForm* a, const PasswordForm* b) {
128 return a->origin < b->origin;
132 // Sorts |list| by origin, like the ORDER BY clause in login_database.cc.
133 void SortLoginsByOrigin(std::vector<autofill::PasswordForm*>* list) {
134 std::sort(list->begin(), list->end(), LoginLessThan());
137 } // anonymous namespace
139 ScopedVector<autofill::PasswordForm> PasswordStoreX::FillMatchingLogins(
140 const autofill::PasswordForm& form,
141 AuthorizationPromptPolicy prompt_policy) {
142 CheckMigration();
143 ScopedVector<autofill::PasswordForm> matched_forms;
144 if (use_native_backend() && backend_->GetLogins(form, &matched_forms)) {
145 SortLoginsByOrigin(&matched_forms.get());
146 // The native backend may succeed and return no data even while locked, if
147 // the query did not match anything stored. So we continue to allow fallback
148 // until we perform a write operation, or until a read returns actual data.
149 if (!matched_forms.empty())
150 allow_fallback_ = false;
151 return matched_forms.Pass();
153 if (allow_default_store())
154 return PasswordStoreDefault::FillMatchingLogins(form, prompt_policy);
155 return ScopedVector<autofill::PasswordForm>();
158 bool PasswordStoreX::FillAutofillableLogins(
159 ScopedVector<autofill::PasswordForm>* forms) {
160 CheckMigration();
161 if (use_native_backend() && backend_->GetAutofillableLogins(forms)) {
162 SortLoginsByOrigin(&forms->get());
163 // See GetLoginsImpl() for why we disallow fallback conditionally here.
164 if (!forms->empty())
165 allow_fallback_ = false;
166 return true;
168 if (allow_default_store())
169 return PasswordStoreDefault::FillAutofillableLogins(forms);
170 return false;
173 bool PasswordStoreX::FillBlacklistLogins(
174 ScopedVector<autofill::PasswordForm>* forms) {
175 CheckMigration();
176 if (use_native_backend() && backend_->GetBlacklistLogins(forms)) {
177 // See GetLoginsImpl() for why we disallow fallback conditionally here.
178 SortLoginsByOrigin(&forms->get());
179 if (!forms->empty())
180 allow_fallback_ = false;
181 return true;
183 if (allow_default_store())
184 return PasswordStoreDefault::FillBlacklistLogins(forms);
185 return false;
188 void PasswordStoreX::CheckMigration() {
189 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::DB));
190 if (migration_checked_ || !backend_.get())
191 return;
192 migration_checked_ = true;
193 ssize_t migrated = MigrateLogins();
194 if (migrated > 0) {
195 VLOG(1) << "Migrated " << migrated << " passwords to native store.";
196 } else if (migrated == 0) {
197 // As long as we are able to migrate some passwords, we know the native
198 // store is working. But if there is nothing to migrate, the "migration"
199 // can succeed even when the native store would fail. In this case we
200 // allow a later fallback to the default store. Once any later operation
201 // succeeds on the native store, we will no longer allow fallback.
202 allow_fallback_ = true;
203 } else {
204 LOG(WARNING) << "Native password store migration failed! " <<
205 "Falling back on default (unencrypted) store.";
206 backend_.reset();
210 bool PasswordStoreX::allow_default_store() {
211 if (allow_fallback_) {
212 LOG(WARNING) << "Native password store failed! " <<
213 "Falling back on default (unencrypted) store.";
214 backend_.reset();
215 // Don't warn again. We'll use the default store because backend_ is NULL.
216 allow_fallback_ = false;
218 return !backend_.get();
221 ssize_t PasswordStoreX::MigrateLogins() {
222 DCHECK(backend_.get());
223 ScopedVector<autofill::PasswordForm> forms;
224 ScopedVector<autofill::PasswordForm> blacklist_forms;
225 bool ok = PasswordStoreDefault::FillAutofillableLogins(&forms) &&
226 PasswordStoreDefault::FillBlacklistLogins(&blacklist_forms);
227 forms.reserve(forms.size() + blacklist_forms.size());
228 forms.insert(forms.end(), blacklist_forms.begin(), blacklist_forms.end());
229 blacklist_forms.weak_clear();
230 if (ok) {
231 // We add all the passwords (and blacklist entries) to the native backend
232 // before attempting to remove any from the login database, to make sure we
233 // don't somehow end up with some of the passwords in one store and some in
234 // another. We'll always have at least one intact store this way.
235 for (size_t i = 0; i < forms.size(); ++i) {
236 PasswordStoreChangeList changes;
237 if (!AddLoginToBackend(backend_, *forms[i], &changes)) {
238 ok = false;
239 break;
242 if (ok) {
243 for (size_t i = 0; i < forms.size(); ++i) {
244 // If even one of these calls to RemoveLoginImpl() succeeds, then we
245 // should prefer the native backend to the now-incomplete login
246 // database. Thus we want to return a success status even in the case
247 // where some fail. The only real problem with this is that we might
248 // leave passwords in the login database and never come back to clean
249 // them out if any of these calls do fail.
250 PasswordStoreDefault::RemoveLoginImpl(*forms[i]);
252 // Finally, delete the database file itself. We remove the passwords from
253 // it before deleting the file just in case there is some problem deleting
254 // the file (e.g. directory is not writable, but file is), which would
255 // otherwise cause passwords to re-migrate next (or maybe every) time.
256 DeleteAndRecreateDatabaseFile();
259 ssize_t result = ok ? forms.size() : -1;
260 return result;