src/chrome/browser/password_manager/password_manager_util_win.cc

   1 // Copyright 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 // windows.h must be first otherwise Win8 SDK breaks.
   6 #include <windows.h>
   7 #include <wincred.h>
   8 #include <LM.h>
   9
  10 // SECURITY_WIN32 must be defined in order to get
  11 // EXTENDED_NAME_FORMAT enumeration.
  12 #define SECURITY_WIN32 1
  13 #include <security.h>
  14 #undef SECURITY_WIN32
  15
  16 #include "chrome/browser/password_manager/password_manager_util.h"
  17
  18 #include "base/prefs/pref_registry_simple.h"
  19 #include "base/prefs/pref_service.h"
  20 #include "base/strings/utf_string_conversions.h"
  21 #include "base/time/time.h"
  22 #include "base/win/windows_version.h"
  23 #include "chrome/browser/browser_process.h"
  24 #include "components/password_manager/core/browser/password_manager.h"
  25 #include "components/password_manager/core/common/password_manager_pref_names.h"
  26 #include "content/public/browser/render_view_host.h"
  27 #include "content/public/browser/render_widget_host_view.h"
  28 #include "grit/chromium_strings.h"
  29 #include "grit/generated_resources.h"
  30 #include "ui/base/l10n/l10n_util.h"
  31
  32 #if defined(USE_AURA)
  33 #include "ui/aura/window.h"
  34 #include "ui/aura/window_tree_host.h"
  35 #endif
  36
  37 // static
  38 void password_manager::PasswordManager::RegisterLocalPrefs(
  39     PrefRegistrySimple* registry) {
  40   registry->RegisterInt64Pref(password_manager::prefs::kOsPasswordLastChanged,
  41                               0);
  42   registry->RegisterBooleanPref(password_manager::prefs::kOsPasswordBlank,
  43                                 false);
  44 }
  45
  46 namespace password_manager_util {
  47
  48 const unsigned kMaxPasswordRetries = 3;
  49
  50 const unsigned kCredUiDefaultFlags =
  51     CREDUI_FLAGS_GENERIC_CREDENTIALS |
  52     CREDUI_FLAGS_EXCLUDE_CERTIFICATES |
  53     CREDUI_FLAGS_KEEP_USERNAME |
  54     CREDUI_FLAGS_ALWAYS_SHOW_UI |
  55     CREDUI_FLAGS_DO_NOT_PERSIST;
  56
  57 static int64 GetPasswordLastChanged(WCHAR* username) {
  58   LPUSER_INFO_1 user_info = NULL;
  59   DWORD age = 0;
  60
  61   NET_API_STATUS ret = NetUserGetInfo(NULL, username, 1, (LPBYTE*) &user_info);
  62
  63   if (ret == NERR_Success) {
  64     // Returns seconds since last password change.
  65     age = user_info->usri1_password_age;
  66     NetApiBufferFree(user_info);
  67   } else {
  68     return -1;
  69   }
  70
  71   base::Time changed = base::Time::Now() - base::TimeDelta::FromSeconds(age);
  72
  73   return changed.ToInternalValue();
  74 }
  75
  76 static bool CheckBlankPassword(WCHAR* username) {
  77   PrefService* local_state = g_browser_process->local_state();
  78   int64 last_changed = GetPasswordLastChanged(username);
  79   bool need_recheck = true;
  80   bool blank_password = false;
  81
  82   // If we cannot determine when the password was last changed
  83   // then assume the password is not blank
  84   if (last_changed == -1)
  85     return false;
  86
  87   blank_password =
  88       local_state->GetBoolean(password_manager::prefs::kOsPasswordBlank);
  89   int64 pref_last_changed =
  90       local_state->GetInt64(password_manager::prefs::kOsPasswordLastChanged);
  91   if (pref_last_changed > 0 && last_changed <= pref_last_changed) {
  92     need_recheck = false;
  93   }
  94
  95   if (need_recheck) {
  96     HANDLE handle = INVALID_HANDLE_VALUE;
  97
  98     // Attempt to login using blank password.
  99     DWORD logon_result = LogonUser(username,
 100                                    L".",
 101                                    L"",
 102                                    LOGON32_LOGON_NETWORK,
 103                                    LOGON32_PROVIDER_DEFAULT,
 104                                    &handle);
 105
 106     // Win XP and later return ERROR_ACCOUNT_RESTRICTION for blank password.
 107     if (logon_result)
 108       CloseHandle(handle);
 109
 110     // In the case the password is blank, then LogonUser returns a failure,
 111     // handle is INVALID_HANDLE_VALUE, and GetLastError() is
 112     // ERROR_ACCOUNT_RESTRICTION.
 113     // http://msdn.microsoft.com/en-us/library/windows/desktop/ms681385
 114     blank_password = (logon_result ||
 115                       GetLastError() == ERROR_ACCOUNT_RESTRICTION);
 116   }
 117
 118   // Account for clock skew between pulling the password age and
 119   // writing to the preferences by adding a small skew factor here.
 120   last_changed += base::Time::kMicrosecondsPerSecond;
 121
 122   // Save the blank password status for later.
 123   local_state->SetBoolean(password_manager::prefs::kOsPasswordBlank,
 124                           blank_password);
 125   local_state->SetInt64(password_manager::prefs::kOsPasswordLastChanged,
 126                         last_changed);
 127
 128   return blank_password;
 129 }
 130
 131 OsPasswordStatus GetOsPasswordStatus() {
 132   DWORD username_length = CREDUI_MAX_USERNAME_LENGTH;
 133   WCHAR username[CREDUI_MAX_USERNAME_LENGTH+1] = {};
 134   OsPasswordStatus retVal = PASSWORD_STATUS_UNKNOWN;
 135
 136   if (GetUserNameEx(NameUserPrincipal, username, &username_length)) {
 137     // If we are on a domain, it is almost certain that the password is not
 138     // blank, but we do not actively check any further than this to avoid any
 139     // failed login attempts hitting the domain controller.
 140     retVal = PASSWORD_STATUS_WIN_DOMAIN;
 141   } else {
 142     username_length = CREDUI_MAX_USERNAME_LENGTH;
 143     if (GetUserName(username, &username_length)) {
 144       retVal = CheckBlankPassword(username) ? PASSWORD_STATUS_BLANK :
 145           PASSWORD_STATUS_NONBLANK;
 146     }
 147   }
 148
 149   return retVal;
 150 }
 151
 152 bool AuthenticateUser(gfx::NativeWindow window) {
 153   bool retval = false;
 154   CREDUI_INFO cui = {};
 155   WCHAR username[CREDUI_MAX_USERNAME_LENGTH+1] = {};
 156   WCHAR displayname[CREDUI_MAX_USERNAME_LENGTH+1] = {};
 157   WCHAR password[CREDUI_MAX_PASSWORD_LENGTH+1] = {};
 158   DWORD username_length = CREDUI_MAX_USERNAME_LENGTH;
 159   std::wstring product_name =
 160       base::UTF16ToWide(l10n_util::GetStringUTF16(IDS_PRODUCT_NAME));
 161   std::wstring password_prompt =
 162       base::UTF16ToWide(l10n_util::GetStringUTF16(
 163                             IDS_PASSWORDS_PAGE_AUTHENTICATION_PROMPT));
 164   HANDLE handle = INVALID_HANDLE_VALUE;
 165   int tries = 0;
 166   bool use_displayname = false;
 167   bool use_principalname = false;
 168   DWORD logon_result = 0;
 169
 170   // Disable password manager reauthentication before Windows 7.
 171   // This is because of an interaction between LogonUser() and the sandbox.
 172   // http://crbug.com/345916
 173   if (base::win::GetVersion() < base::win::VERSION_WIN7)
 174     return true;
 175
 176   // On a domain, we obtain the User Principal Name
 177   // for domain authentication.
 178   if (GetUserNameEx(NameUserPrincipal, username, &username_length)) {
 179     use_principalname = true;
 180   } else {
 181     username_length = CREDUI_MAX_USERNAME_LENGTH;
 182     // Otherwise, we're a workstation, use the plain local username.
 183     if (!GetUserName(username, &username_length)) {
 184       DLOG(ERROR) << "Unable to obtain username " << GetLastError();
 185       return false;
 186     } else {
 187       // As we are on a workstation, it's possible the user
 188       // has no password, so check here.
 189       if (CheckBlankPassword(username))
 190         return true;
 191     }
 192   }
 193
 194   // Try and obtain a friendly display name.
 195   username_length = CREDUI_MAX_USERNAME_LENGTH;
 196   if (GetUserNameEx(NameDisplay, displayname, &username_length))
 197     use_displayname = true;
 198
 199   cui.cbSize = sizeof(CREDUI_INFO);
 200   cui.hwndParent = NULL;
 201 #if defined(USE_AURA)
 202   cui.hwndParent = window->GetHost()->GetAcceleratedWidget();
 203 #else
 204   cui.hwndParent = window;
 205 #endif
 206
 207   cui.pszMessageText = password_prompt.c_str();
 208   cui.pszCaptionText = product_name.c_str();
 209
 210   cui.hbmBanner = NULL;
 211   BOOL save_password = FALSE;
 212   DWORD credErr = NO_ERROR;
 213
 214   do {
 215     tries++;
 216
 217     // TODO(wfh) Make sure we support smart cards here.
 218     credErr = CredUIPromptForCredentials(
 219         &cui,
 220         product_name.c_str(),
 221         NULL,
 222         0,
 223         use_displayname ? displayname : username,
 224         CREDUI_MAX_USERNAME_LENGTH+1,
 225         password,
 226         CREDUI_MAX_PASSWORD_LENGTH+1,
 227         &save_password,
 228         kCredUiDefaultFlags |
 229         (tries > 1 ? CREDUI_FLAGS_INCORRECT_PASSWORD : 0));
 230
 231     if (credErr == NO_ERROR) {
 232       logon_result = LogonUser(username,
 233                                use_principalname ? NULL : L".",
 234                                password,
 235                                LOGON32_LOGON_NETWORK,
 236                                LOGON32_PROVIDER_DEFAULT,
 237                                &handle);
 238       if (logon_result) {
 239         retval = true;
 240         CloseHandle(handle);
 241       } else {
 242         if (GetLastError() == ERROR_ACCOUNT_RESTRICTION &&
 243             wcslen(password) == 0) {
 244           // Password is blank, so permit.
 245           retval = true;
 246         } else {
 247           DLOG(WARNING) << "Unable to authenticate " << GetLastError();
 248         }
 249       }
 250       SecureZeroMemory(password, sizeof(password));
 251     }
 252   } while (credErr == NO_ERROR &&
 253            (retval == false && tries < kMaxPasswordRetries));
 254   return retval;
 255 }
 256
 257 }  // namespace password_manager_util