Check if user has password in security connect API

In chrome.enterprise.reportingPrivate.getDeviceInfo API, screen lock secured flag now check if user has password on Windows. The code behavior matches SecureConnect native host: 291830502 Bug: 1047785 Change-Id: Iffc94d9cf179f85f353b8d245b90f5dd759c4bd6 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2031703 Commit-Queue: Julian Pastarmov <pastarmovj@chromium.org> Reviewed-by: Julian Pastarmov <pastarmovj@chromium.org> Cr-Commit-Position: refs/heads/master@{#737709}

Check if user has password in security connect API
In chrome.enterprise.reportingPrivate.getDeviceInfo API, screen lock secured flag now check if user has password on Windows. The code behavior matches SecureConnect native host: 291830502 Bug: 1047785 Change-Id: Iffc94d9cf179f85f353b8d245b90f5dd759c4bd6 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2031703 Commit-Queue: Julian Pastarmov <pastarmovj@chromium.org> Reviewed-by: Julian Pastarmov <pastarmovj@chromium.org> Cr-Commit-Position: refs/heads/master@{#737709}
18bb0cd4 · Owen Min · Commit Bot · a05d328d · 18bb0cd4
Commit 18bb0cd4 authored Feb 03, 2020 by Owen Min Committed by Commit Bot Feb 03, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 35 additions and 0 deletions

chrome/browser/extensions/api/enterprise_reporting_private/device_info_fetcher_win.cc ...i/enterprise_reporting_private/device_info_fetcher_win.cc +35 -0

No files found.
--- a/chrome/browser/extensions/api/enterprise_reporting_private/device_info_fetcher_win.cc
+++ b/chrome/browser/extensions/api/enterprise_reporting_private/device_info_fetcher_win.cc
@@ -4,9 +4,16 @@
 #include "chrome/browser/extensions/api/enterprise_reporting_private/device_info_fetcher_win.h"
+#include <Windows.h>
+#define SECURITY_WIN32 1
+#include <security.h>
+#include <wincred.h>
 #include "base/path_service.h"
 #include "base/strings/utf_string_conversions.h"
 #include "base/system/sys_info.h"
+#include "base/win/scoped_handle.h"
 #include "base/win/windows_types.h"
 #include "base/win/wmi.h"
 #include "net/base/network_interfaces.h"
@@ -105,9 +112,37 @@ base::Optional<bool> GetConsoleLockStatus() {
  return status;
 }
+// Returns false if user doesn't have password and we can login successfully
+// without one. Returns true if user has a password and the login failed with an
+// empty one. Returns empty value for any other error.
+base::Optional<bool> UserHasPassword() {
+  WCHAR username[CREDUI_MAX_USERNAME_LENGTH + 1] = {};
+  DWORD username_length = sizeof(username);
+  if (!::GetUserNameEx(NameUserPrincipal, username, &username_length))
+    return base::Optional<bool>();
+  base::win::ScopedHandle::Handle handle;
+  if (!::LogonUser(username, /* lpszDomain= */ nullptr, /* lpszPassword= */ L"",
+                   /* dwLogonType= */ LOGON32_LOGON_INTERACTIVE,
+                   /* dwLogonProvider= */ LOGON32_PROVIDER_DEFAULT, &handle)) {
+    return false;
+  } else if (GetLastError() == ERROR_LOGON_FAILURE) {
+    return true;
+  }
+  return base::Optional<bool>();
+}
 // Gets cumulative screen locking policy based on the screen saver and console
 // lock status.
 enterprise_reporting_private::SettingValue GetScreenlockSecured() {
+  base::Optional<bool> has_password = UserHasPassword();
+  if (!has_password.has_value())
+    return enterprise_reporting_private::SETTING_VALUE_UNKNOWN;
+  if (!has_password.value()) {
+    return enterprise_reporting_private::SETTING_VALUE_DISABLED;
+  }
  const base::Optional<bool> screen_lock_status = GetScreenLockStatus();
  if (screen_lock_status.value_or(false))
    return enterprise_reporting_private::SETTING_VALUE_ENABLED;