chrome/credential_provider/gaiacp/gaia_credential_provider_filter.cc - chromium/src - Git at Google

 // Copyright 2018 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "chrome/credential_provider/gaiacp/gaia_credential_provider_filter.h"

 #include "base/strings/string16.h"
 #include "chrome/credential_provider/gaiacp/associated_user_validator.h"
 #include "chrome/credential_provider/gaiacp/auth_utils.h"
 #include "chrome/credential_provider/gaiacp/logging.h"

 namespace credential_provider {

 CGaiaCredentialProviderFilter::CGaiaCredentialProviderFilter() = default;

 CGaiaCredentialProviderFilter::~CGaiaCredentialProviderFilter() = default;

 HRESULT CGaiaCredentialProviderFilter::FinalConstruct() {
   LOGFN(INFO);
   return S_OK;
 }

 void CGaiaCredentialProviderFilter::FinalRelease() {
   LOGFN(INFO);
 }

 HRESULT CGaiaCredentialProviderFilter::Filter(
     CREDENTIAL_PROVIDER_USAGE_SCENARIO cpus,
     DWORD flags,
     GUID* providers_clsids,
     BOOL* providers_allow,
     DWORD providers_count) {
   // Re-enable all users in case internet has been lost or the computer
   // crashed while users were locked out.
   AssociatedUserValidator::Get()->AllowSigninForAllAssociatedUsers(cpus);
   // Check to see if any users need to have their access to this system
   // using the normal credential providers revoked.
   AssociatedUserValidator::Get()->DenySigninForUsersWithInvalidTokenHandles(
       cpus);
   return S_OK;
 }

 HRESULT CGaiaCredentialProviderFilter::UpdateRemoteCredential(
     const CREDENTIAL_PROVIDER_CREDENTIAL_SERIALIZATION* pcpcs_in,
     CREDENTIAL_PROVIDER_CREDENTIAL_SERIALIZATION* pcpcs_out) {
   if (!pcpcs_out)
     return E_NOTIMPL;

   ULONG auth_package_id;
   HRESULT hr = GetAuthenticationPackageId(&auth_package_id);
   if (FAILED(hr))
     return E_NOTIMPL;

   if (pcpcs_in->ulAuthenticationPackage != auth_package_id)
     return E_NOTIMPL;

   if (pcpcs_in->cbSerialization == 0)
     return E_NOTIMPL;

   // If serialziation data is set, try to extract the sid for the user
   // referenced in the serialization data.
   base::string16 serialization_sid;
   hr = DetermineUserSidFromAuthenticationBuffer(pcpcs_in, &serialization_sid);
   if (FAILED(hr))
     return E_NOTIMPL;

   // Check if this user needs a reauth, if not, just pass the serialization
   // to the default handler.
   if (AssociatedUserValidator::Get()->IsTokenHandleValidForUser(
           serialization_sid)) {
     return E_NOTIMPL;
   }

   // Copy out the serialization data to pass it into the provider.
   byte* serialization_buffer =
       (BYTE*)::CoTaskMemAlloc(pcpcs_in->cbSerialization);
   if (serialization_buffer == nullptr)
     return E_NOTIMPL;

   pcpcs_out->rgbSerialization = serialization_buffer;
   memcpy(pcpcs_out->rgbSerialization, pcpcs_in->rgbSerialization,
          pcpcs_in->cbSerialization);
   pcpcs_out->cbSerialization = pcpcs_in->cbSerialization;
   pcpcs_out->clsidCredentialProvider = CLSID_GaiaCredentialProvider;
   return S_OK;
 }

 }  // namespace credential_provider
	// Copyright 2018 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "chrome/credential_provider/gaiacp/gaia_credential_provider_filter.h"

	#include "base/strings/string16.h"
	#include "chrome/credential_provider/gaiacp/associated_user_validator.h"
	#include "chrome/credential_provider/gaiacp/auth_utils.h"
	#include "chrome/credential_provider/gaiacp/logging.h"

	namespace credential_provider {

	CGaiaCredentialProviderFilter::CGaiaCredentialProviderFilter() = default;

	CGaiaCredentialProviderFilter::~CGaiaCredentialProviderFilter() = default;

	HRESULT CGaiaCredentialProviderFilter::FinalConstruct() {
	LOGFN(INFO);
	return S_OK;
	}

	void CGaiaCredentialProviderFilter::FinalRelease() {
	LOGFN(INFO);
	}

	HRESULT CGaiaCredentialProviderFilter::Filter(
	CREDENTIAL_PROVIDER_USAGE_SCENARIO cpus,
	DWORD flags,
	GUID* providers_clsids,
	BOOL* providers_allow,
	DWORD providers_count) {
	// Re-enable all users in case internet has been lost or the computer
	// crashed while users were locked out.
	AssociatedUserValidator::Get()->AllowSigninForAllAssociatedUsers(cpus);
	// Check to see if any users need to have their access to this system
	// using the normal credential providers revoked.
	AssociatedUserValidator::Get()->DenySigninForUsersWithInvalidTokenHandles(
	cpus);
	return S_OK;
	}

	HRESULT CGaiaCredentialProviderFilter::UpdateRemoteCredential(
	const CREDENTIAL_PROVIDER_CREDENTIAL_SERIALIZATION* pcpcs_in,
	CREDENTIAL_PROVIDER_CREDENTIAL_SERIALIZATION* pcpcs_out) {
	if (!pcpcs_out)
	return E_NOTIMPL;

	ULONG auth_package_id;
	HRESULT hr = GetAuthenticationPackageId(&auth_package_id);
	if (FAILED(hr))
	return E_NOTIMPL;

	if (pcpcs_in->ulAuthenticationPackage != auth_package_id)
	return E_NOTIMPL;

	if (pcpcs_in->cbSerialization == 0)
	return E_NOTIMPL;

	// If serialziation data is set, try to extract the sid for the user
	// referenced in the serialization data.
	base::string16 serialization_sid;
	hr = DetermineUserSidFromAuthenticationBuffer(pcpcs_in, &serialization_sid);
	if (FAILED(hr))
	return E_NOTIMPL;

	// Check if this user needs a reauth, if not, just pass the serialization
	// to the default handler.
	if (AssociatedUserValidator::Get()->IsTokenHandleValidForUser(
	serialization_sid)) {
	return E_NOTIMPL;
	}

	// Copy out the serialization data to pass it into the provider.
	byte* serialization_buffer =
	(BYTE*)::CoTaskMemAlloc(pcpcs_in->cbSerialization);
	if (serialization_buffer == nullptr)
	return E_NOTIMPL;

	pcpcs_out->rgbSerialization = serialization_buffer;
	memcpy(pcpcs_out->rgbSerialization, pcpcs_in->rgbSerialization,
	pcpcs_in->cbSerialization);
	pcpcs_out->cbSerialization = pcpcs_in->cbSerialization;
	pcpcs_out->clsidCredentialProvider = CLSID_GaiaCredentialProvider;
	return S_OK;
	}

	} // namespace credential_provider