1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "chrome/browser/password_manager/password_store_factory.h"
6
7#include "base/command_line.h"
8#include "base/environment.h"
9#include "base/prefs/pref_service.h"
10#include "chrome/browser/password_manager/sync_metrics.h"
11#include "chrome/browser/profiles/incognito_helpers.h"
12#include "chrome/browser/sync/glue/sync_start_util.h"
13#include "chrome/browser/webdata/web_data_service_factory.h"
14#include "chrome/common/chrome_constants.h"
15#include "chrome/common/chrome_switches.h"
16#include "components/keyed_service/content/browser_context_dependency_manager.h"
17#include "components/os_crypt/os_crypt_switches.h"
18#include "components/password_manager/core/browser/login_database.h"
19#include "components/password_manager/core/browser/password_store.h"
20#include "components/password_manager/core/browser/password_store_default.h"
21#include "components/password_manager/core/common/password_manager_pref_names.h"
22#include "components/pref_registry/pref_registry_syncable.h"
23#include "content/public/browser/browser_thread.h"
24
25#if defined(OS_WIN)
26#include "chrome/browser/password_manager/password_store_win.h"
27#include "components/password_manager/core/browser/webdata/password_web_data_service_win.h"
28#elif defined(OS_MACOSX)
29#include "chrome/browser/password_manager/password_store_mac.h"
30#include "crypto/apple_keychain.h"
31#include "crypto/mock_apple_keychain.h"
32#elif defined(OS_CHROMEOS) || defined(OS_ANDROID)
33// Don't do anything. We're going to use the default store.
34#elif defined(USE_X11)
35#include "base/nix/xdg_util.h"
36#if defined(USE_GNOME_KEYRING)
37#include "chrome/browser/password_manager/native_backend_gnome_x.h"
38#endif
39#include "chrome/browser/password_manager/native_backend_kwallet_x.h"
40#include "chrome/browser/password_manager/password_store_x.h"
41#endif
42
43using password_manager::PasswordStore;
44
45#if !defined(OS_CHROMEOS) && defined(USE_X11)
46namespace {
47
48const LocalProfileId kInvalidLocalProfileId =
49    static_cast<LocalProfileId>(0);
50
51}  // namespace
52#endif
53
54PasswordStoreService::PasswordStoreService(
55    scoped_refptr<PasswordStore> password_store)
56    : password_store_(password_store) {}
57
58PasswordStoreService::~PasswordStoreService() {}
59
60scoped_refptr<PasswordStore> PasswordStoreService::GetPasswordStore() {
61  return password_store_;
62}
63
64void PasswordStoreService::Shutdown() {
65  if (password_store_.get())
66    password_store_->Shutdown();
67}
68
69// static
70scoped_refptr<PasswordStore> PasswordStoreFactory::GetForProfile(
71    Profile* profile,
72    Profile::ServiceAccessType sat) {
73  if (sat == Profile::IMPLICIT_ACCESS && profile->IsOffTheRecord()) {
74    NOTREACHED() << "This profile is OffTheRecord";
75    return NULL;
76  }
77
78  PasswordStoreFactory* factory = GetInstance();
79  PasswordStoreService* service = static_cast<PasswordStoreService*>(
80      factory->GetServiceForBrowserContext(profile, true));
81  if (!service)
82    return NULL;
83  return service->GetPasswordStore();
84}
85
86// static
87PasswordStoreFactory* PasswordStoreFactory::GetInstance() {
88  return Singleton<PasswordStoreFactory>::get();
89}
90
91PasswordStoreFactory::PasswordStoreFactory()
92    : BrowserContextKeyedServiceFactory(
93        "PasswordStore",
94        BrowserContextDependencyManager::GetInstance()) {
95  DependsOn(WebDataServiceFactory::GetInstance());
96}
97
98PasswordStoreFactory::~PasswordStoreFactory() {}
99
100#if !defined(OS_CHROMEOS) && defined(USE_X11)
101LocalProfileId PasswordStoreFactory::GetLocalProfileId(
102    PrefService* prefs) const {
103  LocalProfileId id =
104      prefs->GetInteger(password_manager::prefs::kLocalProfileId);
105  if (id == kInvalidLocalProfileId) {
106    // Note that there are many more users than this. Thus, by design, this is
107    // not a unique id. However, it is large enough that it is very unlikely
108    // that it would be repeated twice on a single machine. It is still possible
109    // for that to occur though, so the potential results of it actually
110    // happening should be considered when using this value.
111    static const LocalProfileId kLocalProfileIdMask =
112        static_cast<LocalProfileId>((1 << 24) - 1);
113    do {
114      id = rand() & kLocalProfileIdMask;
115      // TODO(mdm): scan other profiles to make sure they are not using this id?
116    } while (id == kInvalidLocalProfileId);
117    prefs->SetInteger(password_manager::prefs::kLocalProfileId, id);
118  }
119  return id;
120}
121#endif
122
123KeyedService* PasswordStoreFactory::BuildServiceInstanceFor(
124    content::BrowserContext* context) const {
125  Profile* profile = static_cast<Profile*>(context);
126
127  base::FilePath login_db_file_path = profile->GetPath();
128  login_db_file_path = login_db_file_path.Append(chrome::kLoginDataFileName);
129  scoped_ptr<password_manager::LoginDatabase> login_db(
130      new password_manager::LoginDatabase());
131  {
132    // TODO(paivanof@gmail.com): execution of login_db->Init() should go
133    // to DB thread. http://crbug.com/138903
134    base::ThreadRestrictions::ScopedAllowIO allow_io;
135    if (!login_db->Init(login_db_file_path)) {
136      LOG(ERROR) << "Could not initialize login database.";
137      return NULL;
138    }
139  }
140
141  scoped_refptr<base::SingleThreadTaskRunner> main_thread_runner(
142      base::MessageLoopProxy::current());
143  scoped_refptr<base::SingleThreadTaskRunner> db_thread_runner(
144      content::BrowserThread::GetMessageLoopProxyForThread(
145          content::BrowserThread::DB));
146
147  scoped_refptr<PasswordStore> ps;
148#if defined(OS_WIN)
149  ps = new PasswordStoreWin(main_thread_runner,
150                            db_thread_runner,
151                            login_db.release(),
152                            WebDataServiceFactory::GetPasswordWebDataForProfile(
153                                profile, Profile::EXPLICIT_ACCESS));
154#elif defined(OS_MACOSX)
155  crypto::AppleKeychain* keychain =
156      CommandLine::ForCurrentProcess()->HasSwitch(
157          os_crypt::switches::kUseMockKeychain) ?
158          new crypto::MockAppleKeychain() : new crypto::AppleKeychain();
159  ps = new PasswordStoreMac(
160      main_thread_runner, db_thread_runner, keychain, login_db.release());
161#elif defined(OS_CHROMEOS) || defined(OS_ANDROID)
162  // For now, we use PasswordStoreDefault. We might want to make a native
163  // backend for PasswordStoreX (see below) in the future though.
164  ps = new password_manager::PasswordStoreDefault(
165      main_thread_runner, db_thread_runner, login_db.release());
166#elif defined(USE_X11)
167  // On POSIX systems, we try to use the "native" password management system of
168  // the desktop environment currently running, allowing GNOME Keyring in XFCE.
169  // (In all cases we fall back on the basic store in case of failure.)
170  base::nix::DesktopEnvironment desktop_env;
171  std::string store_type =
172      CommandLine::ForCurrentProcess()->GetSwitchValueASCII(
173          switches::kPasswordStore);
174  if (store_type == "kwallet") {
175    desktop_env = base::nix::DESKTOP_ENVIRONMENT_KDE4;
176  } else if (store_type == "gnome") {
177    desktop_env = base::nix::DESKTOP_ENVIRONMENT_GNOME;
178  } else if (store_type == "basic") {
179    desktop_env = base::nix::DESKTOP_ENVIRONMENT_OTHER;
180  } else {
181    // Detect the store to use automatically.
182    scoped_ptr<base::Environment> env(base::Environment::Create());
183    desktop_env = base::nix::GetDesktopEnvironment(env.get());
184    const char* name = base::nix::GetDesktopEnvironmentName(desktop_env);
185    VLOG(1) << "Password storage detected desktop environment: "
186            << (name ? name : "(unknown)");
187  }
188
189  PrefService* prefs = profile->GetPrefs();
190  LocalProfileId id = GetLocalProfileId(prefs);
191
192  scoped_ptr<PasswordStoreX::NativeBackend> backend;
193  if (desktop_env == base::nix::DESKTOP_ENVIRONMENT_KDE4) {
194    // KDE3 didn't use DBus, which our KWallet store uses.
195    VLOG(1) << "Trying KWallet for password storage.";
196    backend.reset(new NativeBackendKWallet(id));
197    if (backend->Init())
198      VLOG(1) << "Using KWallet for password storage.";
199    else
200      backend.reset();
201  } else if (desktop_env == base::nix::DESKTOP_ENVIRONMENT_GNOME ||
202             desktop_env == base::nix::DESKTOP_ENVIRONMENT_UNITY ||
203             desktop_env == base::nix::DESKTOP_ENVIRONMENT_XFCE) {
204#if defined(USE_GNOME_KEYRING)
205    VLOG(1) << "Trying GNOME keyring for password storage.";
206    backend.reset(new NativeBackendGnome(id));
207    if (backend->Init())
208      VLOG(1) << "Using GNOME keyring for password storage.";
209    else
210      backend.reset();
211#endif  // defined(USE_GNOME_KEYRING)
212  }
213
214  if (!backend.get()) {
215    LOG(WARNING) << "Using basic (unencrypted) store for password storage. "
216        "See http://code.google.com/p/chromium/wiki/LinuxPasswordStorage for "
217        "more information about password storage options.";
218  }
219
220  ps = new PasswordStoreX(main_thread_runner,
221                          db_thread_runner,
222                          login_db.release(),
223                          backend.release());
224#elif defined(USE_OZONE)
225  ps = new password_manager::PasswordStoreDefault(
226      main_thread_runner, db_thread_runner, login_db.release());
227#else
228  NOTIMPLEMENTED();
229#endif
230  std::string sync_username =
231      password_manager_sync_metrics::GetSyncUsername(profile);
232  if (!ps.get() ||
233      !ps->Init(sync_start_util::GetFlareForSyncableService(profile->GetPath()),
234                sync_username)) {
235    NOTREACHED() << "Could not initialize password manager.";
236    return NULL;
237  }
238
239  return new PasswordStoreService(ps);
240}
241
242void PasswordStoreFactory::RegisterProfilePrefs(
243    user_prefs::PrefRegistrySyncable* registry) {
244#if !defined(OS_CHROMEOS) && defined(USE_X11)
245  // Notice that the preprocessor conditions above are exactly those that will
246  // result in using PasswordStoreX in BuildServiceInstanceFor().
247  registry->RegisterIntegerPref(
248      password_manager::prefs::kLocalProfileId,
249      kInvalidLocalProfileId,
250      user_prefs::PrefRegistrySyncable::UNSYNCABLE_PREF);
251#endif
252}
253
254content::BrowserContext* PasswordStoreFactory::GetBrowserContextToUse(
255    content::BrowserContext* context) const {
256  return chrome::GetBrowserContextRedirectedInIncognito(context);
257}
258
259bool PasswordStoreFactory::ServiceIsNULLWhileTesting() const {
260  return true;
261}
262