151 lines
6.7 KiB
Diff
151 lines
6.7 KiB
Diff
From 8b78203d8d1991e4ed8b50b5d44e1c8e76c60001 Mon Sep 17 00:00:00 2001
|
|
From: Yusuf Sengul <yusufsn@google.com>
|
|
Date: Fri, 26 Jun 2020 19:54:38 +0000
|
|
Subject: [PATCH 06/12] Move GCPW bookkeeping out of forked process
|
|
|
|
(cherry picked from commit f2e3565562e38e760220a4c6d2ea895477081095)
|
|
|
|
Bug: 1097407
|
|
Change-Id: I80b0fa57cc19196b06b3cbec5afc7c4488ff7325
|
|
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2255113
|
|
Commit-Queue: Yusuf Sengul <yusufsn@google.com>
|
|
Reviewed-by: Rakesh Soma <rakeshsoma@google.com>
|
|
Cr-Original-Commit-Position: refs/heads/master@{#781721}
|
|
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2268117
|
|
Cr-Commit-Position: refs/branch-heads/4103@{#729}
|
|
Cr-Branched-From: 8ad47e8d21f6866e4a37f47d83a860d41debf514-refs/heads/master@{#756066}
|
|
---
|
|
.../gaiacp/gaia_credential_base.cc | 67 ++++++++++---------
|
|
.../gaiacp/gaia_credential_base.h | 5 +-
|
|
2 files changed, 37 insertions(+), 35 deletions(-)
|
|
|
|
diff --git a/chrome/credential_provider/gaiacp/gaia_credential_base.cc b/chrome/credential_provider/gaiacp/gaia_credential_base.cc
|
|
index 6704a9db9c8..30e8011b73d 100644
|
|
--- a/chrome/credential_provider/gaiacp/gaia_credential_base.cc
|
|
+++ b/chrome/credential_provider/gaiacp/gaia_credential_base.cc
|
|
@@ -1986,7 +1986,7 @@ unsigned __stdcall CGaiaCredentialBase::WaitForLoginUI(void* param) {
|
|
}
|
|
|
|
// static
|
|
-HRESULT CGaiaCredentialBase::SaveAccountInfo(const base::Value& properties) {
|
|
+HRESULT CGaiaCredentialBase::PerformActions(const base::Value& properties) {
|
|
LOGFN(VERBOSE);
|
|
|
|
base::string16 sid = GetDictString(properties, kKeySID);
|
|
@@ -2009,35 +2009,9 @@ HRESULT CGaiaCredentialBase::SaveAccountInfo(const base::Value& properties) {
|
|
|
|
base::string16 domain = GetDictString(properties, kKeyDomain);
|
|
|
|
- // TODO(crbug.com/976744): Use the down scoped kKeyMdmAccessToken instead
|
|
- // of login scoped token.
|
|
- std::string access_token = GetDictStringUTF8(properties, kKeyAccessToken);
|
|
- if (!access_token.empty()) {
|
|
- // Update the password recovery information if possible.
|
|
- HRESULT hr = PasswordRecoveryManager::Get()->StoreWindowsPasswordIfNeeded(
|
|
- sid, access_token, password);
|
|
- if (FAILED(hr) && hr != E_NOTIMPL)
|
|
- LOGFN(ERROR) << "StoreWindowsPasswordIfNeeded hr=" << putHR(hr);
|
|
-
|
|
- // Upload device details to gem database.
|
|
- hr = GemDeviceDetailsManager::Get()->UploadDeviceDetails(access_token, sid,
|
|
- username, domain);
|
|
- if (FAILED(hr) && hr != E_NOTIMPL)
|
|
- LOGFN(ERROR) << "UploadDeviceDetails hr=" << putHR(hr);
|
|
-
|
|
- SetUserProperty(sid, kRegDeviceDetailsUploadStatus, SUCCEEDED(hr) ? 1 : 0);
|
|
-
|
|
- // Below setter is only used for unit testing.
|
|
- GemDeviceDetailsManager::Get()->SetUploadStatusForTesting(hr);
|
|
- } else {
|
|
- LOGFN(ERROR) << "Access token is empty. Cannot save Windows password.";
|
|
- }
|
|
-
|
|
// Load the user's profile so that their registry hive is available.
|
|
auto profile = ScopedUserProfile::Create(sid, domain, username, password);
|
|
|
|
- SecurelyClearString(password);
|
|
-
|
|
if (!profile) {
|
|
LOGFN(ERROR) << "Could not load user profile";
|
|
return E_UNEXPECTED;
|
|
@@ -2047,6 +2021,32 @@ HRESULT CGaiaCredentialBase::SaveAccountInfo(const base::Value& properties) {
|
|
if (FAILED(hr))
|
|
LOGFN(ERROR) << "profile.SaveAccountInfo failed (cont) hr=" << putHR(hr);
|
|
|
|
+ // TODO(crbug.com/976744): Use the down scoped kKeyMdmAccessToken instead
|
|
+ // of login scoped token.
|
|
+ std::string access_token = GetDictStringUTF8(properties, kKeyAccessToken);
|
|
+ if (access_token.empty()) {
|
|
+ LOGFN(ERROR) << "Access token is empty.";
|
|
+ return E_FAIL;
|
|
+ }
|
|
+
|
|
+ // Update the password recovery information if possible.
|
|
+ hr = PasswordRecoveryManager::Get()->StoreWindowsPasswordIfNeeded(
|
|
+ sid, access_token, password);
|
|
+ SecurelyClearString(password);
|
|
+ if (FAILED(hr) && hr != E_NOTIMPL)
|
|
+ LOGFN(ERROR) << "StoreWindowsPasswordIfNeeded hr=" << putHR(hr);
|
|
+
|
|
+ // Upload device details to gem database.
|
|
+ hr = GemDeviceDetailsManager::Get()->UploadDeviceDetails(access_token, sid,
|
|
+ username, domain);
|
|
+ if (FAILED(hr) && hr != E_NOTIMPL)
|
|
+ LOGFN(ERROR) << "UploadDeviceDetails hr=" << putHR(hr);
|
|
+
|
|
+ SetUserProperty(sid, kRegDeviceDetailsUploadStatus, SUCCEEDED(hr) ? 1 : 0);
|
|
+
|
|
+ // Below setter is only used for unit testing.
|
|
+ GemDeviceDetailsManager::Get()->SetUploadStatusForTesting(hr);
|
|
+
|
|
return hr;
|
|
}
|
|
|
|
@@ -2058,9 +2058,9 @@ HRESULT CGaiaCredentialBase::PerformPostSigninActions(
|
|
HRESULT hr = S_OK;
|
|
|
|
if (com_initialized) {
|
|
- hr = credential_provider::CGaiaCredentialBase::SaveAccountInfo(properties);
|
|
+ hr = credential_provider::CGaiaCredentialBase::PerformActions(properties);
|
|
if (FAILED(hr))
|
|
- LOGFN(ERROR) << "SaveAccountInfo hr=" << putHR(hr);
|
|
+ LOGFN(ERROR) << "PerformActions hr=" << putHR(hr);
|
|
|
|
// Try to enroll the machine to MDM here. MDM requires a user to be signed
|
|
// on to an interactive session to succeed and when we call this function
|
|
@@ -2089,10 +2089,11 @@ HRESULT CGaiaCredentialBase::PerformPostSigninActions(
|
|
|
|
// Registers OS user - gaia user association in HKEY_LOCAL_MACHINE registry
|
|
// hive.
|
|
-HRESULT RegisterAssociation(const base::string16& sid,
|
|
- const base::string16& id,
|
|
- const base::string16& email,
|
|
- const base::string16& token_handle) {
|
|
+HRESULT
|
|
+RegisterAssociation(const base::string16& sid,
|
|
+ const base::string16& id,
|
|
+ const base::string16& email,
|
|
+ const base::string16& token_handle) {
|
|
// Save token handle. This handle will be used later to determine if the
|
|
// the user has changed their password since the account was created.
|
|
HRESULT hr = SetUserProperty(sid, kUserTokenHandle, token_handle);
|
|
diff --git a/chrome/credential_provider/gaiacp/gaia_credential_base.h b/chrome/credential_provider/gaiacp/gaia_credential_base.h
|
|
index 6aaaf44244b..6bf33ff4d3b 100644
|
|
--- a/chrome/credential_provider/gaiacp/gaia_credential_base.h
|
|
+++ b/chrome/credential_provider/gaiacp/gaia_credential_base.h
|
|
@@ -97,8 +97,9 @@ class ATL_NO_VTABLE CGaiaCredentialBase
|
|
return authentication_results_;
|
|
}
|
|
|
|
- // Saves gaia information in the OS account that was just created.
|
|
- static HRESULT SaveAccountInfo(const base::Value& properties);
|
|
+ // Saves account association and user profile information. Makes various HTTP
|
|
+ // calls regarding device provisioning and password management.
|
|
+ static HRESULT PerformActions(const base::Value& properties);
|
|
|
|
// Returns true if the current credentials stored in |username_| and
|
|
// |password_| are valid and should succeed a local Windows logon. This
|
|
--
|
|
2.28.0
|
|
|