Commit a2086c05 authored by Owen Min's avatar Owen Min Committed by Commit Bot

Reland "Check if user has password in security connect API"

This is reland for https://chromium-review.googlesource.com/c/chromium/src/+/2039631
The code is updated to match the latest SecureConnect native host
update.

Check if user has password in security connect API
In chrome.enterprise.reportingPrivate.getDeviceInfo API, screen lock >
secured flag now check if user has password on Windows.

The code behavior matches SecureConnect native host: 291830502

Bug: 1047785
Change-Id: Ib6ce74d4b10b50616057042e0e2c30a2336522d6
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2078674
Commit-Queue: Owen Min <zmin@chromium.org>
Reviewed-by: default avatarGustavo Sacomoto <sacomoto@chromium.org>
Reviewed-by: default avatarJulian Pastarmov <pastarmovj@chromium.org>
Cr-Commit-Position: refs/heads/master@{#745516}
parent aa1c0bc6
...@@ -4,9 +4,16 @@ ...@@ -4,9 +4,16 @@
#include "chrome/browser/extensions/api/enterprise_reporting_private/device_info_fetcher_win.h" #include "chrome/browser/extensions/api/enterprise_reporting_private/device_info_fetcher_win.h"
#include <Windows.h>
#define SECURITY_WIN32 1
#include <security.h>
#include <wincred.h>
#include "base/path_service.h" #include "base/path_service.h"
#include "base/strings/utf_string_conversions.h" #include "base/strings/utf_string_conversions.h"
#include "base/system/sys_info.h" #include "base/system/sys_info.h"
#include "base/win/scoped_handle.h"
#include "base/win/windows_types.h" #include "base/win/windows_types.h"
#include "base/win/wmi.h" #include "base/win/wmi.h"
#include "net/base/network_interfaces.h" #include "net/base/network_interfaces.h"
...@@ -105,9 +112,57 @@ base::Optional<bool> GetConsoleLockStatus() { ...@@ -105,9 +112,57 @@ base::Optional<bool> GetConsoleLockStatus() {
return status; return status;
} }
// Returns the current OS user name if we can get it.
base::Optional<base::string16> GetUserName() {
WCHAR username[CREDUI_MAX_USERNAME_LENGTH + 1];
DWORD username_length = sizeof(username);
if (::GetUserNameEx(NameUserPrincipal, username, &username_length))
return username;
if (::GetUserNameW(username, &username_length))
return username;
return base::Optional<base::string16>();
}
// Returns true if the current OS user has a non-blank password, false if
// password is blank. Returns empty optional in case any system error.
base::Optional<bool> IsUserPasswordValid() {
base::Optional<base::string16> username = GetUserName();
if (!username)
return base::Optional<bool>();
base::win::ScopedHandle::Handle handle;
if (::LogonUserW(username->c_str(), /* lpszDomain= */ nullptr,
/* lpszPassword= */ L"",
/* dwLogonType= */ LOGON32_LOGON_INTERACTIVE,
/* dwLogonProvider= */ LOGON32_PROVIDER_DEFAULT, &handle)) {
// Login successfully, the password is blank.
return false;
}
DWORD error = ::GetLastError();
switch (error) {
// Windows doesn't allow blank password logon attempt. Because user with
// a valid password should return ERROR_LOGON_FAILURE regardless, we assume
// user doesn't have password in this case.
case ERROR_ACCOUNT_RESTRICTION:
return false;
// Logon failed, user must have a non-blank password.
case ERROR_LOGON_FAILURE:
return true;
default:
return base::Optional<bool>();
}
}
// Gets cumulative screen locking policy based on the screen saver and console // Gets cumulative screen locking policy based on the screen saver and console
// lock status. // lock status.
enterprise_reporting_private::SettingValue GetScreenlockSecured() { enterprise_reporting_private::SettingValue GetScreenlockSecured() {
base::Optional<bool> has_valid_password = IsUserPasswordValid();
// Skip the check in case of any unexpected error.
if (has_valid_password && !has_valid_password.value())
return enterprise_reporting_private::SETTING_VALUE_DISABLED;
const base::Optional<bool> screen_lock_status = GetScreenLockStatus(); const base::Optional<bool> screen_lock_status = GetScreenLockStatus();
if (screen_lock_status.value_or(false)) if (screen_lock_status.value_or(false))
return enterprise_reporting_private::SETTING_VALUE_ENABLED; return enterprise_reporting_private::SETTING_VALUE_ENABLED;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment