Commit f64ce534 authored by Owen Min's avatar Owen Min Committed by Commit Bot

Suppress keychain user confirmation dialog for SC API

The secure connect extension API should not show any user confirmation
dialog as it's admin's responsibility to confirm it ahead of time.

Disable the dialog temporarily when quering the password from Keychain.

Bug: 1077078
Change-Id: I6c3426e2cd58149fa4ef74cb1a8f7c8eaab5556f
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2358905Reviewed-by: default avatarGustavo Sacomoto <sacomoto@chromium.org>
Commit-Queue: Owen Min <zmin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#799104}
parent d34e93e7
......@@ -133,6 +133,31 @@ LONG CreateRandomSecret(std::string* secret) {
constexpr char kServiceName[] = "Endpoint Verification Safe Storage";
constexpr char kAccountName[] = "Endpoint Verification";
class ScopedKeychianUserInteractionAllowed {
public:
explicit ScopedKeychianUserInteractionAllowed(Boolean allowed) {
status_ = SecKeychainGetUserInteractionAllowed(&was_allowed_);
if (status_ != noErr)
return;
if (was_allowed_ == allowed)
return;
status_ = SecKeychainSetUserInteractionAllowed(allowed);
needs_reset_ = true;
}
~ScopedKeychianUserInteractionAllowed() {
if (needs_reset_)
SecKeychainSetUserInteractionAllowed(was_allowed_);
}
OSStatus status() { return status_; }
private:
OSStatus status_;
Boolean was_allowed_;
bool needs_reset_ = false;
};
OSStatus AddRandomPasswordToKeychain(const crypto::AppleKeychain& keychain,
std::string* secret) {
// Generate a password with 128 bits of randomness.
......@@ -154,6 +179,9 @@ OSStatus ReadEncryptedSecret(std::string* password, bool force_recreate) {
crypto::AppleKeychain keychain;
password->clear();
base::ScopedCFTypeRef<SecKeychainItemRef> item_ref;
ScopedKeychianUserInteractionAllowed user_interaction_allowed(FALSE);
if (user_interaction_allowed.status() != noErr)
return user_interaction_allowed.status();
OSStatus status = keychain.FindGenericPassword(
strlen(kServiceName), kServiceName, strlen(kAccountName), kAccountName,
&password_length, &password_data, item_ref.InitializeInto());
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment