1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/password_manager/password_store_x.h"
11 #include "base/bind.h"
12 #include "base/logging.h"
13 #include "base/prefs/pref_service.h"
14 #include "base/stl_util.h"
15 #include "chrome/browser/chrome_notification_types.h"
16 #include "components/password_manager/core/browser/password_store_change.h"
17 #include "components/password_manager/core/common/password_manager_pref_names.h"
18 #include "components/user_prefs/pref_registry_syncable.h"
19 #include "content/public/browser/browser_thread.h"
20 #include "content/public/browser/notification_service.h"
22 using autofill::PasswordForm;
23 using content::BrowserThread;
24 using password_manager::PasswordStoreChange;
25 using password_manager::PasswordStoreChangeList;
26 using password_manager::PasswordStoreDefault;
29 PasswordStoreX::PasswordStoreX(
30 scoped_refptr<base::SingleThreadTaskRunner> main_thread_runner,
31 scoped_refptr<base::SingleThreadTaskRunner> db_thread_runner,
32 password_manager::LoginDatabase* login_db,
33 NativeBackend* backend)
34 : PasswordStoreDefault(main_thread_runner, db_thread_runner, login_db),
36 migration_checked_(!backend),
37 allow_fallback_(false) {}
39 PasswordStoreX::~PasswordStoreX() {}
41 PasswordStoreChangeList PasswordStoreX::AddLoginImpl(const PasswordForm& form) {
43 PasswordStoreChangeList changes;
44 if (use_native_backend() && backend_->AddLogin(form)) {
45 changes.push_back(PasswordStoreChange(PasswordStoreChange::ADD, form));
46 allow_fallback_ = false;
47 } else if (allow_default_store()) {
48 changes = PasswordStoreDefault::AddLoginImpl(form);
53 PasswordStoreChangeList PasswordStoreX::UpdateLoginImpl(
54 const PasswordForm& form) {
56 PasswordStoreChangeList changes;
57 if (use_native_backend() && backend_->UpdateLogin(form)) {
58 changes.push_back(PasswordStoreChange(PasswordStoreChange::UPDATE, form));
59 allow_fallback_ = false;
60 } else if (allow_default_store()) {
61 changes = PasswordStoreDefault::UpdateLoginImpl(form);
66 PasswordStoreChangeList PasswordStoreX::RemoveLoginImpl(
67 const PasswordForm& form) {
69 PasswordStoreChangeList changes;
70 if (use_native_backend() && backend_->RemoveLogin(form)) {
71 changes.push_back(PasswordStoreChange(PasswordStoreChange::REMOVE, form));
72 allow_fallback_ = false;
73 } else if (allow_default_store()) {
74 changes = PasswordStoreDefault::RemoveLoginImpl(form);
79 PasswordStoreChangeList PasswordStoreX::RemoveLoginsCreatedBetweenImpl(
80 const base::Time& delete_begin,
81 const base::Time& delete_end) {
83 vector<PasswordForm*> forms;
84 PasswordStoreChangeList changes;
85 if (use_native_backend() &&
86 backend_->GetLoginsCreatedBetween(delete_begin, delete_end, &forms) &&
87 backend_->RemoveLoginsCreatedBetween(delete_begin, delete_end)) {
88 for (vector<PasswordForm*>::const_iterator it = forms.begin();
89 it != forms.end(); ++it) {
90 changes.push_back(PasswordStoreChange(PasswordStoreChange::REMOVE,
93 LogStatsForBulkDeletion(changes.size());
94 allow_fallback_ = false;
95 } else if (allow_default_store()) {
96 changes = PasswordStoreDefault::RemoveLoginsCreatedBetweenImpl(delete_begin,
99 STLDeleteElements(&forms);
104 struct LoginLessThan {
105 bool operator()(const PasswordForm* a, const PasswordForm* b) {
106 return a->origin < b->origin;
109 } // anonymous namespace
111 void PasswordStoreX::SortLoginsByOrigin(NativeBackend::PasswordFormList* list) {
112 // In login_database.cc, the query has ORDER BY origin_url. Simulate that.
113 std::sort(list->begin(), list->end(), LoginLessThan());
116 void PasswordStoreX::GetLoginsImpl(
117 const autofill::PasswordForm& form,
118 AuthorizationPromptPolicy prompt_policy,
119 const ConsumerCallbackRunner& callback_runner) {
121 std::vector<autofill::PasswordForm*> matched_forms;
122 if (use_native_backend() && backend_->GetLogins(form, &matched_forms)) {
123 SortLoginsByOrigin(&matched_forms);
124 // The native backend may succeed and return no data even while locked, if
125 // the query did not match anything stored. So we continue to allow fallback
126 // until we perform a write operation, or until a read returns actual data.
127 if (matched_forms.size() > 0)
128 allow_fallback_ = false;
129 } else if (allow_default_store()) {
130 DCHECK(matched_forms.empty());
131 PasswordStoreDefault::GetLoginsImpl(form, prompt_policy, callback_runner);
134 // The consumer will be left hanging unless we reply.
135 callback_runner.Run(matched_forms);
138 void PasswordStoreX::GetAutofillableLoginsImpl(GetLoginsRequest* request) {
140 if (use_native_backend() &&
141 backend_->GetAutofillableLogins(request->result())) {
142 SortLoginsByOrigin(request->result());
143 // See GetLoginsImpl() for why we disallow fallback conditionally here.
144 if (request->result()->size() > 0)
145 allow_fallback_ = false;
146 } else if (allow_default_store()) {
147 PasswordStoreDefault::GetAutofillableLoginsImpl(request);
150 // The consumer will be left hanging unless we reply.
151 ForwardLoginsResult(request);
154 void PasswordStoreX::GetBlacklistLoginsImpl(GetLoginsRequest* request) {
156 if (use_native_backend() &&
157 backend_->GetBlacklistLogins(request->result())) {
158 SortLoginsByOrigin(request->result());
159 // See GetLoginsImpl() for why we disallow fallback conditionally here.
160 if (request->result()->size() > 0)
161 allow_fallback_ = false;
162 } else if (allow_default_store()) {
163 PasswordStoreDefault::GetBlacklistLoginsImpl(request);
166 // The consumer will be left hanging unless we reply.
167 ForwardLoginsResult(request);
170 bool PasswordStoreX::FillAutofillableLogins(vector<PasswordForm*>* forms) {
172 if (use_native_backend() && backend_->GetAutofillableLogins(forms)) {
173 // See GetLoginsImpl() for why we disallow fallback conditionally here.
174 if (forms->size() > 0)
175 allow_fallback_ = false;
178 if (allow_default_store())
179 return PasswordStoreDefault::FillAutofillableLogins(forms);
183 bool PasswordStoreX::FillBlacklistLogins(vector<PasswordForm*>* forms) {
185 if (use_native_backend() && backend_->GetBlacklistLogins(forms)) {
186 // See GetLoginsImpl() for why we disallow fallback conditionally here.
187 if (forms->size() > 0)
188 allow_fallback_ = false;
191 if (allow_default_store())
192 return PasswordStoreDefault::FillBlacklistLogins(forms);
196 void PasswordStoreX::CheckMigration() {
197 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::DB));
198 if (migration_checked_ || !backend_.get())
200 migration_checked_ = true;
201 ssize_t migrated = MigrateLogins();
203 VLOG(1) << "Migrated " << migrated << " passwords to native store.";
204 } else if (migrated == 0) {
205 // As long as we are able to migrate some passwords, we know the native
206 // store is working. But if there is nothing to migrate, the "migration"
207 // can succeed even when the native store would fail. In this case we
208 // allow a later fallback to the default store. Once any later operation
209 // succeeds on the native store, we will no longer allow fallback.
210 allow_fallback_ = true;
212 LOG(WARNING) << "Native password store migration failed! " <<
213 "Falling back on default (unencrypted) store.";
214 backend_.reset(NULL);
218 bool PasswordStoreX::allow_default_store() {
219 if (allow_fallback_) {
220 LOG(WARNING) << "Native password store failed! " <<
221 "Falling back on default (unencrypted) store.";
222 backend_.reset(NULL);
223 // Don't warn again. We'll use the default store because backend_ is NULL.
224 allow_fallback_ = false;
226 return !backend_.get();
229 ssize_t PasswordStoreX::MigrateLogins() {
230 DCHECK(backend_.get());
231 vector<PasswordForm*> forms;
232 bool ok = PasswordStoreDefault::FillAutofillableLogins(&forms) &&
233 PasswordStoreDefault::FillBlacklistLogins(&forms);
235 // We add all the passwords (and blacklist entries) to the native backend
236 // before attempting to remove any from the login database, to make sure we
237 // don't somehow end up with some of the passwords in one store and some in
238 // another. We'll always have at least one intact store this way.
239 for (size_t i = 0; i < forms.size(); ++i) {
240 if (!backend_->AddLogin(*forms[i])) {
246 for (size_t i = 0; i < forms.size(); ++i) {
247 // If even one of these calls to RemoveLoginImpl() succeeds, then we
248 // should prefer the native backend to the now-incomplete login
249 // database. Thus we want to return a success status even in the case
250 // where some fail. The only real problem with this is that we might
251 // leave passwords in the login database and never come back to clean
252 // them out if any of these calls do fail.
253 PasswordStoreDefault::RemoveLoginImpl(*forms[i]);
255 // Finally, delete the database file itself. We remove the passwords from
256 // it before deleting the file just in case there is some problem deleting
257 // the file (e.g. directory is not writable, but file is), which would
258 // otherwise cause passwords to re-migrate next (or maybe every) time.
259 DeleteAndRecreateDatabaseFile();
262 ssize_t result = ok ? forms.size() : -1;
263 STLDeleteElements(&forms);