chrome/browser/password_manager/password_store_factory.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/password_manager/password_store_factory.h"
   6
   7 #include "base/command_line.h"
   8 #include "base/environment.h"
   9 #include "base/metrics/histogram_macros.h"
  10 #include "base/prefs/pref_service.h"
  11 #include "chrome/browser/password_manager/password_manager_util.h"
  12 #include "chrome/browser/password_manager/sync_metrics.h"
  13 #include "chrome/browser/profiles/incognito_helpers.h"
  14 #include "chrome/browser/profiles/profile.h"
  15 #include "chrome/browser/sync/glue/sync_start_util.h"
  16 #include "chrome/browser/webdata/web_data_service_factory.h"
  17 #include "chrome/common/chrome_constants.h"
  18 #include "chrome/common/chrome_switches.h"
  19 #include "components/keyed_service/content/browser_context_dependency_manager.h"
  20 #include "components/os_crypt/os_crypt_switches.h"
  21 #include "components/password_manager/core/browser/login_database.h"
  22 #include "components/password_manager/core/browser/password_store.h"
  23 #include "components/password_manager/core/browser/password_store_default.h"
  24 #include "components/password_manager/core/common/password_manager_pref_names.h"
  25 #include "components/pref_registry/pref_registry_syncable.h"
  26 #include "content/public/browser/browser_thread.h"
  27
  28 #if defined(OS_WIN)
  29 #include "chrome/browser/password_manager/password_store_win.h"
  30 #include "components/password_manager/core/browser/webdata/password_web_data_service_win.h"
  31 #elif defined(OS_MACOSX)
  32 #include "chrome/browser/password_manager/password_store_mac.h"
  33 #include "crypto/apple_keychain.h"
  34 #include "crypto/mock_apple_keychain.h"
  35 #elif defined(OS_CHROMEOS) || defined(OS_ANDROID)
  36 // Don't do anything. We're going to use the default store.
  37 #elif defined(USE_X11)
  38 #include "base/nix/xdg_util.h"
  39 #if defined(USE_GNOME_KEYRING)
  40 #include "chrome/browser/password_manager/native_backend_gnome_x.h"
  41 #endif
  42 #if defined(USE_LIBSECRET)
  43 #include "base/metrics/field_trial.h"
  44 #include "chrome/browser/password_manager/native_backend_libsecret.h"
  45 #endif
  46 #include "chrome/browser/password_manager/native_backend_kwallet_x.h"
  47 #include "chrome/browser/password_manager/password_store_x.h"
  48 #endif
  49
  50 using password_manager::PasswordStore;
  51
  52 namespace {
  53
  54 #if !defined(OS_CHROMEOS) && defined(USE_X11)
  55 const LocalProfileId kInvalidLocalProfileId =
  56     static_cast<LocalProfileId>(0);
  57 #endif
  58
  59 #if defined(USE_LIBSECRET)
  60 const char kLibsecretFieldTrialName[] = "Libsecret";
  61 const char kLibsecretFieldTrialDisabledGroupName[] = "Disabled";
  62 #endif
  63
  64 void ReportOsPassword(password_manager_util::OsPasswordStatus status) {
  65   UMA_HISTOGRAM_ENUMERATION("PasswordManager.OsPasswordStatus",
  66                             status,
  67                             password_manager_util::MAX_PASSWORD_STATUS);
  68 }
  69
  70 void DelayReportOsPassword() {
  71   // Avoid checking OS password until later on in browser startup
  72   // since it calls a few Windows APIs.
  73   content::BrowserThread::PostDelayedTask(
  74       content::BrowserThread::UI,
  75       FROM_HERE,
  76       base::Bind(&password_manager_util::GetOsPasswordStatus,
  77                  base::Bind(&ReportOsPassword)),
  78       base::TimeDelta::FromSeconds(40));
  79 }
  80
  81 }  // namespace
  82
  83
  84 PasswordStoreService::PasswordStoreService(
  85     scoped_refptr<PasswordStore> password_store)
  86     : password_store_(password_store) {}
  87
  88 PasswordStoreService::~PasswordStoreService() {}
  89
  90 scoped_refptr<PasswordStore> PasswordStoreService::GetPasswordStore() {
  91   return password_store_;
  92 }
  93
  94 void PasswordStoreService::Shutdown() {
  95   if (password_store_.get())
  96     password_store_->Shutdown();
  97 }
  98
  99 // static
 100 scoped_refptr<PasswordStore> PasswordStoreFactory::GetForProfile(
 101     Profile* profile,
 102     ServiceAccessType sat) {
 103   if (sat == ServiceAccessType::IMPLICIT_ACCESS && profile->IsOffTheRecord()) {
 104     NOTREACHED() << "This profile is OffTheRecord";
 105     return NULL;
 106   }
 107
 108   PasswordStoreFactory* factory = GetInstance();
 109   PasswordStoreService* service = static_cast<PasswordStoreService*>(
 110       factory->GetServiceForBrowserContext(profile, true));
 111   if (!service)
 112     return NULL;
 113   return service->GetPasswordStore();
 114 }
 115
 116 // static
 117 PasswordStoreFactory* PasswordStoreFactory::GetInstance() {
 118   return Singleton<PasswordStoreFactory>::get();
 119 }
 120
 121 PasswordStoreFactory::PasswordStoreFactory()
 122     : BrowserContextKeyedServiceFactory(
 123         "PasswordStore",
 124         BrowserContextDependencyManager::GetInstance()) {
 125   DependsOn(WebDataServiceFactory::GetInstance());
 126 }
 127
 128 PasswordStoreFactory::~PasswordStoreFactory() {}
 129
 130 #if !defined(OS_CHROMEOS) && defined(USE_X11)
 131 LocalProfileId PasswordStoreFactory::GetLocalProfileId(
 132     PrefService* prefs) const {
 133   LocalProfileId id =
 134       prefs->GetInteger(password_manager::prefs::kLocalProfileId);
 135   if (id == kInvalidLocalProfileId) {
 136     // Note that there are many more users than this. Thus, by design, this is
 137     // not a unique id. However, it is large enough that it is very unlikely
 138     // that it would be repeated twice on a single machine. It is still possible
 139     // for that to occur though, so the potential results of it actually
 140     // happening should be considered when using this value.
 141     static const LocalProfileId kLocalProfileIdMask =
 142         static_cast<LocalProfileId>((1 << 24) - 1);
 143     do {
 144       id = rand() & kLocalProfileIdMask;
 145       // TODO(mdm): scan other profiles to make sure they are not using this id?
 146     } while (id == kInvalidLocalProfileId);
 147     prefs->SetInteger(password_manager::prefs::kLocalProfileId, id);
 148   }
 149   return id;
 150 }
 151 #endif
 152
 153 KeyedService* PasswordStoreFactory::BuildServiceInstanceFor(
 154     content::BrowserContext* context) const {
 155   DelayReportOsPassword();
 156   Profile* profile = static_cast<Profile*>(context);
 157
 158   // Given that LoginDatabase::Init() takes ~100ms on average; it will be called
 159   // by PasswordStore::Init() on the background thread to avoid UI jank.
 160   base::FilePath login_db_file_path = profile->GetPath();
 161   login_db_file_path = login_db_file_path.Append(chrome::kLoginDataFileName);
 162   scoped_ptr<password_manager::LoginDatabase> login_db(
 163       new password_manager::LoginDatabase(login_db_file_path));
 164
 165   scoped_refptr<base::SingleThreadTaskRunner> main_thread_runner(
 166       base::MessageLoopProxy::current());
 167   scoped_refptr<base::SingleThreadTaskRunner> db_thread_runner(
 168       content::BrowserThread::GetMessageLoopProxyForThread(
 169           content::BrowserThread::DB));
 170
 171   scoped_refptr<PasswordStore> ps;
 172 #if defined(OS_WIN)
 173   ps = new PasswordStoreWin(main_thread_runner, db_thread_runner,
 174                             login_db.Pass(),
 175                             WebDataServiceFactory::GetPasswordWebDataForProfile(
 176                                 profile, ServiceAccessType::EXPLICIT_ACCESS));
 177 #elif defined(OS_MACOSX)
 178   scoped_ptr<crypto::AppleKeychain> keychain(
 179       base::CommandLine::ForCurrentProcess()->HasSwitch(
 180           os_crypt::switches::kUseMockKeychain)
 181           ? new crypto::MockAppleKeychain()
 182           : new crypto::AppleKeychain());
 183   ps = new PasswordStoreMac(main_thread_runner, db_thread_runner,
 184                             keychain.Pass(), login_db.Pass());
 185 #elif defined(OS_CHROMEOS) || defined(OS_ANDROID)
 186   // For now, we use PasswordStoreDefault. We might want to make a native
 187   // backend for PasswordStoreX (see below) in the future though.
 188   ps = new password_manager::PasswordStoreDefault(
 189       main_thread_runner, db_thread_runner, login_db.Pass());
 190 #elif defined(USE_X11)
 191   // On POSIX systems, we try to use the "native" password management system of
 192   // the desktop environment currently running, allowing GNOME Keyring in XFCE.
 193   // (In all cases we fall back on the basic store in case of failure.)
 194   base::nix::DesktopEnvironment desktop_env = GetDesktopEnvironment();
 195   base::nix::DesktopEnvironment used_desktop_env;
 196   std::string store_type =
 197       base::CommandLine::ForCurrentProcess()->GetSwitchValueASCII(
 198           switches::kPasswordStore);
 199   LinuxBackendUsed used_backend = PLAINTEXT;
 200   if (store_type == "kwallet") {
 201     used_desktop_env = base::nix::DESKTOP_ENVIRONMENT_KDE4;
 202   } else if (store_type == "gnome") {
 203     used_desktop_env = base::nix::DESKTOP_ENVIRONMENT_GNOME;
 204   } else if (store_type == "basic") {
 205     used_desktop_env = base::nix::DESKTOP_ENVIRONMENT_OTHER;
 206   } else {
 207     // Detect the store to use automatically.
 208     used_desktop_env = desktop_env;
 209     const char* name = base::nix::GetDesktopEnvironmentName(desktop_env);
 210     VLOG(1) << "Password storage detected desktop environment: "
 211             << (name ? name : "(unknown)");
 212   }
 213
 214   PrefService* prefs = profile->GetPrefs();
 215   LocalProfileId id = GetLocalProfileId(prefs);
 216
 217   scoped_ptr<PasswordStoreX::NativeBackend> backend;
 218   if (used_desktop_env == base::nix::DESKTOP_ENVIRONMENT_KDE4) {
 219     // KDE3 didn't use DBus, which our KWallet store uses.
 220     VLOG(1) << "Trying KWallet for password storage.";
 221     backend.reset(new NativeBackendKWallet(id));
 222     if (backend->Init()) {
 223       VLOG(1) << "Using KWallet for password storage.";
 224       used_backend = KWALLET;
 225     } else
 226       backend.reset();
 227   } else if (used_desktop_env == base::nix::DESKTOP_ENVIRONMENT_GNOME ||
 228              used_desktop_env == base::nix::DESKTOP_ENVIRONMENT_UNITY ||
 229              used_desktop_env == base::nix::DESKTOP_ENVIRONMENT_XFCE) {
 230 #if defined(USE_LIBSECRET)
 231     if (base::FieldTrialList::FindFullName(kLibsecretFieldTrialName) !=
 232         kLibsecretFieldTrialDisabledGroupName) {
 233       VLOG(1) << "Trying libsecret for password storage.";
 234       backend.reset(new NativeBackendLibsecret(id));
 235       if (backend->Init()) {
 236         VLOG(1) << "Using libsecret keyring for password storage.";
 237         used_backend = LIBSECRET;
 238       } else
 239         backend.reset();
 240     }
 241 #endif  // defined(USE_LIBSECRET)
 242     if (!backend.get()) {
 243 #if defined(USE_GNOME_KEYRING)
 244       VLOG(1) << "Trying GNOME keyring for password storage.";
 245       backend.reset(new NativeBackendGnome(id));
 246       if (backend->Init()) {
 247         VLOG(1) << "Using GNOME keyring for password storage.";
 248         used_backend = GNOME_KEYRING;
 249       } else
 250         backend.reset();
 251 #endif  // defined(USE_GNOME_KEYRING)
 252     }
 253   }
 254
 255   if (!backend.get()) {
 256     LOG(WARNING) << "Using basic (unencrypted) store for password storage. "
 257         "See http://code.google.com/p/chromium/wiki/LinuxPasswordStorage for "
 258         "more information about password storage options.";
 259   }
 260
 261   ps = new PasswordStoreX(main_thread_runner, db_thread_runner, login_db.Pass(),
 262                           backend.release());
 263   RecordBackendStatistics(desktop_env, store_type, used_backend);
 264 #elif defined(USE_OZONE)
 265   ps = new password_manager::PasswordStoreDefault(
 266       main_thread_runner, db_thread_runner, login_db.Pass());
 267 #else
 268   NOTIMPLEMENTED();
 269 #endif
 270   if (!ps.get() ||
 271       !ps->Init(
 272           sync_start_util::GetFlareForSyncableService(profile->GetPath()))) {
 273     NOTREACHED() << "Could not initialize password manager.";
 274     return NULL;
 275   }
 276
 277   return new PasswordStoreService(ps);
 278 }
 279
 280 void PasswordStoreFactory::RegisterProfilePrefs(
 281     user_prefs::PrefRegistrySyncable* registry) {
 282 #if !defined(OS_CHROMEOS) && defined(USE_X11)
 283   // Notice that the preprocessor conditions above are exactly those that will
 284   // result in using PasswordStoreX in BuildServiceInstanceFor().
 285   registry->RegisterIntegerPref(
 286       password_manager::prefs::kLocalProfileId,
 287       kInvalidLocalProfileId,
 288       user_prefs::PrefRegistrySyncable::UNSYNCABLE_PREF);
 289 #endif
 290 }
 291
 292 content::BrowserContext* PasswordStoreFactory::GetBrowserContextToUse(
 293     content::BrowserContext* context) const {
 294   return chrome::GetBrowserContextRedirectedInIncognito(context);
 295 }
 296
 297 bool PasswordStoreFactory::ServiceIsNULLWhileTesting() const {
 298   return true;
 299 }
 300
 301 #if defined(USE_X11)
 302 base::nix::DesktopEnvironment PasswordStoreFactory::GetDesktopEnvironment() {
 303   scoped_ptr<base::Environment> env(base::Environment::Create());
 304   return base::nix::GetDesktopEnvironment(env.get());
 305 }
 306
 307 void PasswordStoreFactory::RecordBackendStatistics(
 308     base::nix::DesktopEnvironment desktop_env,
 309     const std::string& command_line_flag,
 310     LinuxBackendUsed used_backend) {
 311   LinuxBackendUsage usage = OTHER_PLAINTEXT;
 312   if (desktop_env == base::nix::DESKTOP_ENVIRONMENT_KDE4) {
 313     if (command_line_flag == "kwallet") {
 314       usage = used_backend == KWALLET ? KDE_KWALLETFLAG_KWALLET
 315                                       : KDE_KWALLETFLAG_PLAINTEXT;
 316     } else if (command_line_flag == "gnome") {
 317       usage = used_backend == PLAINTEXT
 318                   ? KDE_GNOMEFLAG_PLAINTEXT
 319                   : (used_backend == GNOME_KEYRING ? KDE_GNOMEFLAG_KEYRING
 320                                                    : KDE_GNOMEFLAG_LIBSECRET);
 321     } else if (command_line_flag == "basic") {
 322       usage = KDE_BASICFLAG_PLAINTEXT;
 323     } else {
 324       usage =
 325           used_backend == KWALLET ? KDE_NOFLAG_KWALLET : KDE_NOFLAG_PLAINTEXT;
 326     }
 327   } else if (desktop_env == base::nix::DESKTOP_ENVIRONMENT_GNOME ||
 328              desktop_env == base::nix::DESKTOP_ENVIRONMENT_UNITY ||
 329              desktop_env == base::nix::DESKTOP_ENVIRONMENT_XFCE) {
 330     if (command_line_flag == "kwallet") {
 331       usage = used_backend == KWALLET ? GNOME_KWALLETFLAG_KWALLET
 332                                       : GNOME_KWALLETFLAG_PLAINTEXT;
 333     } else if (command_line_flag == "gnome") {
 334       usage = used_backend == PLAINTEXT
 335                   ? GNOME_GNOMEFLAG_PLAINTEXT
 336                   : (used_backend == GNOME_KEYRING ? GNOME_GNOMEFLAG_KEYRING
 337                                                    : GNOME_GNOMEFLAG_LIBSECRET);
 338     } else if (command_line_flag == "basic") {
 339       usage = GNOME_BASICFLAG_PLAINTEXT;
 340     } else {
 341       usage = used_backend == PLAINTEXT
 342                   ? GNOME_NOFLAG_PLAINTEXT
 343                   : (used_backend == GNOME_KEYRING ? GNOME_NOFLAG_KEYRING
 344                                                    : GNOME_NOFLAG_LIBSECRET);
 345     }
 346   } else {
 347     // It is neither Gnome nor KDE environment.
 348     switch (used_backend) {
 349       case PLAINTEXT:
 350         usage = OTHER_PLAINTEXT;
 351         break;
 352       case KWALLET:
 353         usage = OTHER_KWALLET;
 354         break;
 355       case GNOME_KEYRING:
 356         usage = OTHER_KEYRING;
 357         break;
 358       case LIBSECRET:
 359         usage = OTHER_LIBSECRET;
 360         break;
 361     }
 362   }
 363   UMA_HISTOGRAM_ENUMERATION("PasswordManager.LinuxBackendStatistics", usage,
 364                             MAX_BACKEND_USAGE_VALUE);
 365 }
 366 #endif