1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 // windows.h must be first otherwise Win8 SDK breaks.
10 // SECURITY_WIN32 must be defined in order to get
11 // EXTENDED_NAME_FORMAT enumeration.
12 #define SECURITY_WIN32 1
16 #include "chrome/browser/password_manager/password_manager_util.h"
18 #include "base/prefs/pref_registry_simple.h"
19 #include "base/prefs/pref_service.h"
20 #include "base/strings/utf_string_conversions.h"
21 #include "base/time/time.h"
22 #include "base/win/windows_version.h"
23 #include "chrome/browser/browser_process.h"
24 #include "components/password_manager/core/browser/password_manager.h"
25 #include "components/password_manager/core/common/password_manager_pref_names.h"
26 #include "content/public/browser/render_view_host.h"
27 #include "content/public/browser/render_widget_host_view.h"
28 #include "grit/chromium_strings.h"
29 #include "grit/generated_resources.h"
30 #include "ui/base/l10n/l10n_util.h"
33 #include "ui/aura/window.h"
34 #include "ui/aura/window_tree_host.h"
38 void password_manager::PasswordManager::RegisterLocalPrefs(
39 PrefRegistrySimple* registry) {
40 registry->RegisterInt64Pref(password_manager::prefs::kOsPasswordLastChanged,
42 registry->RegisterBooleanPref(password_manager::prefs::kOsPasswordBlank,
46 namespace password_manager_util {
48 const unsigned kMaxPasswordRetries = 3;
50 const unsigned kCredUiDefaultFlags =
51 CREDUI_FLAGS_GENERIC_CREDENTIALS |
52 CREDUI_FLAGS_EXCLUDE_CERTIFICATES |
53 CREDUI_FLAGS_KEEP_USERNAME |
54 CREDUI_FLAGS_ALWAYS_SHOW_UI |
55 CREDUI_FLAGS_DO_NOT_PERSIST;
57 static int64 GetPasswordLastChanged(WCHAR* username) {
58 LPUSER_INFO_1 user_info = NULL;
61 NET_API_STATUS ret = NetUserGetInfo(NULL, username, 1, (LPBYTE*) &user_info);
63 if (ret == NERR_Success) {
64 // Returns seconds since last password change.
65 age = user_info->usri1_password_age;
66 NetApiBufferFree(user_info);
71 base::Time changed = base::Time::Now() - base::TimeDelta::FromSeconds(age);
73 return changed.ToInternalValue();
76 static bool CheckBlankPassword(WCHAR* username) {
77 PrefService* local_state = g_browser_process->local_state();
78 int64 last_changed = GetPasswordLastChanged(username);
79 bool need_recheck = true;
80 bool blank_password = false;
82 // If we cannot determine when the password was last changed
83 // then assume the password is not blank
84 if (last_changed == -1)
88 local_state->GetBoolean(password_manager::prefs::kOsPasswordBlank);
89 int64 pref_last_changed =
90 local_state->GetInt64(password_manager::prefs::kOsPasswordLastChanged);
91 if (pref_last_changed > 0 && last_changed <= pref_last_changed) {
96 HANDLE handle = INVALID_HANDLE_VALUE;
98 // Attempt to login using blank password.
99 DWORD logon_result = LogonUser(username,
102 LOGON32_LOGON_NETWORK,
103 LOGON32_PROVIDER_DEFAULT,
106 // Win XP and later return ERROR_ACCOUNT_RESTRICTION for blank password.
110 // In the case the password is blank, then LogonUser returns a failure,
111 // handle is INVALID_HANDLE_VALUE, and GetLastError() is
112 // ERROR_ACCOUNT_RESTRICTION.
113 // http://msdn.microsoft.com/en-us/library/windows/desktop/ms681385
114 blank_password = (logon_result ||
115 GetLastError() == ERROR_ACCOUNT_RESTRICTION);
118 // Account for clock skew between pulling the password age and
119 // writing to the preferences by adding a small skew factor here.
120 last_changed += base::Time::kMicrosecondsPerSecond;
122 // Save the blank password status for later.
123 local_state->SetBoolean(password_manager::prefs::kOsPasswordBlank,
125 local_state->SetInt64(password_manager::prefs::kOsPasswordLastChanged,
128 return blank_password;
131 OsPasswordStatus GetOsPasswordStatus() {
132 DWORD username_length = CREDUI_MAX_USERNAME_LENGTH;
133 WCHAR username[CREDUI_MAX_USERNAME_LENGTH+1] = {};
134 OsPasswordStatus retVal = PASSWORD_STATUS_UNKNOWN;
136 if (GetUserNameEx(NameUserPrincipal, username, &username_length)) {
137 // If we are on a domain, it is almost certain that the password is not
138 // blank, but we do not actively check any further than this to avoid any
139 // failed login attempts hitting the domain controller.
140 retVal = PASSWORD_STATUS_WIN_DOMAIN;
142 username_length = CREDUI_MAX_USERNAME_LENGTH;
143 if (GetUserName(username, &username_length)) {
144 retVal = CheckBlankPassword(username) ? PASSWORD_STATUS_BLANK :
145 PASSWORD_STATUS_NONBLANK;
152 bool AuthenticateUser(gfx::NativeWindow window) {
154 CREDUI_INFO cui = {};
155 WCHAR username[CREDUI_MAX_USERNAME_LENGTH+1] = {};
156 WCHAR displayname[CREDUI_MAX_USERNAME_LENGTH+1] = {};
157 WCHAR password[CREDUI_MAX_PASSWORD_LENGTH+1] = {};
158 DWORD username_length = CREDUI_MAX_USERNAME_LENGTH;
159 std::wstring product_name =
160 base::UTF16ToWide(l10n_util::GetStringUTF16(IDS_PRODUCT_NAME));
161 std::wstring password_prompt =
162 base::UTF16ToWide(l10n_util::GetStringUTF16(
163 IDS_PASSWORDS_PAGE_AUTHENTICATION_PROMPT));
164 HANDLE handle = INVALID_HANDLE_VALUE;
166 bool use_displayname = false;
167 bool use_principalname = false;
168 DWORD logon_result = 0;
170 // Disable password manager reauthentication before Windows 7.
171 // This is because of an interaction between LogonUser() and the sandbox.
172 // http://crbug.com/345916
173 if (base::win::GetVersion() < base::win::VERSION_WIN7)
176 // On a domain, we obtain the User Principal Name
177 // for domain authentication.
178 if (GetUserNameEx(NameUserPrincipal, username, &username_length)) {
179 use_principalname = true;
181 username_length = CREDUI_MAX_USERNAME_LENGTH;
182 // Otherwise, we're a workstation, use the plain local username.
183 if (!GetUserName(username, &username_length)) {
184 DLOG(ERROR) << "Unable to obtain username " << GetLastError();
187 // As we are on a workstation, it's possible the user
188 // has no password, so check here.
189 if (CheckBlankPassword(username))
194 // Try and obtain a friendly display name.
195 username_length = CREDUI_MAX_USERNAME_LENGTH;
196 if (GetUserNameEx(NameDisplay, displayname, &username_length))
197 use_displayname = true;
199 cui.cbSize = sizeof(CREDUI_INFO);
200 cui.hwndParent = NULL;
201 #if defined(USE_AURA)
202 cui.hwndParent = window->GetHost()->GetAcceleratedWidget();
204 cui.hwndParent = window;
207 cui.pszMessageText = password_prompt.c_str();
208 cui.pszCaptionText = product_name.c_str();
210 cui.hbmBanner = NULL;
211 BOOL save_password = FALSE;
212 DWORD credErr = NO_ERROR;
217 // TODO(wfh) Make sure we support smart cards here.
218 credErr = CredUIPromptForCredentials(
220 product_name.c_str(),
223 use_displayname ? displayname : username,
224 CREDUI_MAX_USERNAME_LENGTH+1,
226 CREDUI_MAX_PASSWORD_LENGTH+1,
228 kCredUiDefaultFlags |
229 (tries > 1 ? CREDUI_FLAGS_INCORRECT_PASSWORD : 0));
231 if (credErr == NO_ERROR) {
232 logon_result = LogonUser(username,
233 use_principalname ? NULL : L".",
235 LOGON32_LOGON_NETWORK,
236 LOGON32_PROVIDER_DEFAULT,
242 if (GetLastError() == ERROR_ACCOUNT_RESTRICTION &&
243 wcslen(password) == 0) {
244 // Password is blank, so permit.
247 DLOG(WARNING) << "Unable to authenticate " << GetLastError();
250 SecureZeroMemory(password, sizeof(password));
252 } while (credErr == NO_ERROR &&
253 (retval == false && tries < kMaxPasswordRetries));
257 } // namespace password_manager_util