Move GCPW bookkeeping out of forked process

Bug: 1097407 Change-Id: I80b0fa57cc19196b06b3cbec5afc7c4488ff7325 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2255113 Commit-Queue: Yusuf Sengul <yusufsn@google.com> Reviewed-by: Rakesh Soma <rakeshsoma@google.com> Cr-Commit-Position: refs/heads/master@{#781721}

Move GCPW bookkeeping out of forked process
Bug: 1097407 Change-Id: I80b0fa57cc19196b06b3cbec5afc7c4488ff7325 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2255113 Commit-Queue: Yusuf Sengul <yusufsn@google.com> Reviewed-by: Rakesh Soma <rakeshsoma@google.com> Cr-Commit-Position: refs/heads/master@{#781721}
f2e35655 · Yusuf Sengul · Commit Bot · 4b980955 · f2e35655 · f2e35655
Commit f2e35655 authored Jun 24, 2020 by Yusuf Sengul Committed by Commit Bot Jun 24, 2020
2 changed files
--- a/chrome/credential_provider/gaiacp/gaia_credential_base.cc
+++ b/chrome/credential_provider/gaiacp/gaia_credential_base.cc
@@ -1987,7 +1987,7 @@ unsigned __stdcall CGaiaCredentialBase::WaitForLoginUI(void* param) {
 }
 // static
-HRESULT CGaiaCredentialBase::SaveAccountInfo(const base::Value& properties) {
+HRESULT CGaiaCredentialBase::PerformActions(const base::Value& properties) {
  LOGFN(VERBOSE);
  base::string16 sid = GetDictString(properties, kKeySID);
@@ -2010,13 +2010,29 @@ HRESULT CGaiaCredentialBase::SaveAccountInfo(const base::Value& properties) {
  base::string16 domain = GetDictString(properties, kKeyDomain);
+  // Load the user's profile so that their registry hive is available.
+  auto profile = ScopedUserProfile::Create(sid, domain, username, password);
+  if (!profile) {
+    LOGFN(ERROR) << "Could not load user profile";
+    return E_UNEXPECTED;
+  }
+  HRESULT hr = profile->SaveAccountInfo(properties);
+  if (FAILED(hr))
+    LOGFN(ERROR) << "profile.SaveAccountInfo failed (cont) hr=" << putHR(hr);
  // TODO(crbug.com/976744): Use the down scoped kKeyMdmAccessToken instead
  // of login scoped token.
  std::string access_token = GetDictStringUTF8(properties, kKeyAccessToken);
-  if (!access_token.empty()) {
+  if (access_token.empty()) {
+    LOGFN(ERROR) << "Access token is empty.";
+    return E_FAIL;
+  }
  // Update the password recovery information if possible.
-    HRESULT hr = PasswordRecoveryManager::Get()->StoreWindowsPasswordIfNeeded(
+  hr = PasswordRecoveryManager::Get()->StoreWindowsPasswordIfNeeded(
      sid, access_token, password);
+  SecurelyClearString(password);
  if (FAILED(hr) && hr != E_NOTIMPL)
    LOGFN(ERROR) << "StoreWindowsPasswordIfNeeded hr=" << putHR(hr);
@@ -2034,28 +2050,10 @@ HRESULT CGaiaCredentialBase::SaveAccountInfo(const base::Value& properties) {
    device_upload_failures = 0;
  }
  SetUserProperty(sid, kRegDeviceDetailsUploadStatus, SUCCEEDED(hr) ? 1 : 0);
-    SetUserProperty(sid, kRegDeviceDetailsUploadFailures,
+  SetUserProperty(sid, kRegDeviceDetailsUploadFailures, device_upload_failures);
-                    device_upload_failures);
  // Below setter is only used for unit testing.
  GemDeviceDetailsManager::Get()->SetUploadStatusForTesting(hr);
-  } else {
-    LOGFN(ERROR) << "Access token is empty. Cannot save Windows password.";
-  }
-  // Load the user's profile so that their registry hive is available.
-  auto profile = ScopedUserProfile::Create(sid, domain, username, password);
-  SecurelyClearString(password);
-  if (!profile) {
-    LOGFN(ERROR) << "Could not load user profile";
-    return E_UNEXPECTED;
-  }
-  HRESULT hr = profile->SaveAccountInfo(properties);
-  if (FAILED(hr))
-    LOGFN(ERROR) << "profile.SaveAccountInfo failed (cont) hr=" << putHR(hr);
  return hr;
 }
@@ -2068,9 +2066,9 @@ HRESULT CGaiaCredentialBase::PerformPostSigninActions(
  HRESULT hr = S_OK;
  if (com_initialized) {
-    hr = credential_provider::CGaiaCredentialBase::SaveAccountInfo(properties);
+    hr = credential_provider::CGaiaCredentialBase::PerformActions(properties);
    if (FAILED(hr))
-      LOGFN(ERROR) << "SaveAccountInfo hr=" << putHR(hr);
+      LOGFN(ERROR) << "PerformActions hr=" << putHR(hr);
    // Try to enroll the machine to MDM here. MDM requires a user to be signed
    // on to an interactive session to succeed and when we call this function
@@ -2099,7 +2097,8 @@ HRESULT CGaiaCredentialBase::PerformPostSigninActions(
 // Registers OS user - gaia user association in HKEY_LOCAL_MACHINE registry
 // hive.
-HRESULT RegisterAssociation(const base::string16& sid,
+HRESULT
+RegisterAssociation(const base::string16& sid,
                    const base::string16& id,
                    const base::string16& email,
                    const base::string16& token_handle) {

--- a/chrome/credential_provider/gaiacp/gaia_credential_base.h
+++ b/chrome/credential_provider/gaiacp/gaia_credential_base.h
@@ -97,8 +97,9 @@ class ATL_NO_VTABLE CGaiaCredentialBase
    return authentication_results_;
  }
-  // Saves gaia information in the OS account that was just created.
+  // Saves account association and user profile information. Makes various HTTP
-  static HRESULT SaveAccountInfo(const base::Value& properties);
+  // calls regarding device provisioning and password management.
+  static HRESULT PerformActions(const base::Value& properties);
  // Returns true if the current credentials stored in |username_| and
  // |password_| are valid and should succeed a local Windows logon. This