From 8b78203d8d1991e4ed8b50b5d44e1c8e76c60001 Mon Sep 17 00:00:00 2001
From: Yusuf Sengul <yusufsn@google.com>
Date: Fri, 26 Jun 2020 19:54:38 +0000
Subject: [PATCH 06/12] Move GCPW bookkeeping out of forked process

(cherry picked from commit f2e3565562e38e760220a4c6d2ea895477081095)

Bug: 1097407
Change-Id: I80b0fa57cc19196b06b3cbec5afc7c4488ff7325
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2255113
Commit-Queue: Yusuf Sengul <yusufsn@google.com>
Reviewed-by: Rakesh Soma <rakeshsoma@google.com>
Cr-Original-Commit-Position: refs/heads/master@{#781721}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2268117
Cr-Commit-Position: refs/branch-heads/4103@{#729}
Cr-Branched-From: 8ad47e8d21f6866e4a37f47d83a860d41debf514-refs/heads/master@{#756066}
---
 .../gaiacp/gaia_credential_base.cc            | 67 ++++++++++---------
 .../gaiacp/gaia_credential_base.h             |  5 +-
 2 files changed, 37 insertions(+), 35 deletions(-)

diff --git a/chrome/credential_provider/gaiacp/gaia_credential_base.cc b/chrome/credential_provider/gaiacp/gaia_credential_base.cc
index 6704a9db9c8..30e8011b73d 100644
--- a/chrome/credential_provider/gaiacp/gaia_credential_base.cc
+++ b/chrome/credential_provider/gaiacp/gaia_credential_base.cc
@@ -1986,7 +1986,7 @@ unsigned __stdcall CGaiaCredentialBase::WaitForLoginUI(void* param) {
 }
 
 // static
-HRESULT CGaiaCredentialBase::SaveAccountInfo(const base::Value& properties) {
+HRESULT CGaiaCredentialBase::PerformActions(const base::Value& properties) {
   LOGFN(VERBOSE);
 
   base::string16 sid = GetDictString(properties, kKeySID);
@@ -2009,35 +2009,9 @@ HRESULT CGaiaCredentialBase::SaveAccountInfo(const base::Value& properties) {
 
   base::string16 domain = GetDictString(properties, kKeyDomain);
 
-  // TODO(crbug.com/976744): Use the down scoped kKeyMdmAccessToken instead
-  // of login scoped token.
-  std::string access_token = GetDictStringUTF8(properties, kKeyAccessToken);
-  if (!access_token.empty()) {
-    // Update the password recovery information if possible.
-    HRESULT hr = PasswordRecoveryManager::Get()->StoreWindowsPasswordIfNeeded(
-        sid, access_token, password);
-    if (FAILED(hr) && hr != E_NOTIMPL)
-      LOGFN(ERROR) << "StoreWindowsPasswordIfNeeded hr=" << putHR(hr);
-
-    // Upload device details to gem database.
-    hr = GemDeviceDetailsManager::Get()->UploadDeviceDetails(access_token, sid,
-                                                             username, domain);
-    if (FAILED(hr) && hr != E_NOTIMPL)
-      LOGFN(ERROR) << "UploadDeviceDetails hr=" << putHR(hr);
-
-    SetUserProperty(sid, kRegDeviceDetailsUploadStatus, SUCCEEDED(hr) ? 1 : 0);
-
-    // Below setter is only used for unit testing.
-    GemDeviceDetailsManager::Get()->SetUploadStatusForTesting(hr);
-  } else {
-    LOGFN(ERROR) << "Access token is empty. Cannot save Windows password.";
-  }
-
   // Load the user's profile so that their registry hive is available.
   auto profile = ScopedUserProfile::Create(sid, domain, username, password);
 
-  SecurelyClearString(password);
-
   if (!profile) {
     LOGFN(ERROR) << "Could not load user profile";
     return E_UNEXPECTED;
@@ -2047,6 +2021,32 @@ HRESULT CGaiaCredentialBase::SaveAccountInfo(const base::Value& properties) {
   if (FAILED(hr))
     LOGFN(ERROR) << "profile.SaveAccountInfo failed (cont) hr=" << putHR(hr);
 
+  // TODO(crbug.com/976744): Use the down scoped kKeyMdmAccessToken instead
+  // of login scoped token.
+  std::string access_token = GetDictStringUTF8(properties, kKeyAccessToken);
+  if (access_token.empty()) {
+    LOGFN(ERROR) << "Access token is empty.";
+    return E_FAIL;
+  }
+
+  // Update the password recovery information if possible.
+  hr = PasswordRecoveryManager::Get()->StoreWindowsPasswordIfNeeded(
+    sid, access_token, password);
+  SecurelyClearString(password);
+  if (FAILED(hr) && hr != E_NOTIMPL)
+    LOGFN(ERROR) << "StoreWindowsPasswordIfNeeded hr=" << putHR(hr);
+
+  // Upload device details to gem database.
+  hr = GemDeviceDetailsManager::Get()->UploadDeviceDetails(access_token, sid,
+                                                           username, domain);
+  if (FAILED(hr) && hr != E_NOTIMPL)
+    LOGFN(ERROR) << "UploadDeviceDetails hr=" << putHR(hr);
+
+  SetUserProperty(sid, kRegDeviceDetailsUploadStatus, SUCCEEDED(hr) ? 1 : 0);
+
+  // Below setter is only used for unit testing.
+  GemDeviceDetailsManager::Get()->SetUploadStatusForTesting(hr);
+
   return hr;
 }
 
@@ -2058,9 +2058,9 @@ HRESULT CGaiaCredentialBase::PerformPostSigninActions(
   HRESULT hr = S_OK;
 
   if (com_initialized) {
-    hr = credential_provider::CGaiaCredentialBase::SaveAccountInfo(properties);
+    hr = credential_provider::CGaiaCredentialBase::PerformActions(properties);
     if (FAILED(hr))
-      LOGFN(ERROR) << "SaveAccountInfo hr=" << putHR(hr);
+      LOGFN(ERROR) << "PerformActions hr=" << putHR(hr);
 
     // Try to enroll the machine to MDM here. MDM requires a user to be signed
     // on to an interactive session to succeed and when we call this function
@@ -2089,10 +2089,11 @@ HRESULT CGaiaCredentialBase::PerformPostSigninActions(
 
 // Registers OS user - gaia user association in HKEY_LOCAL_MACHINE registry
 // hive.
-HRESULT RegisterAssociation(const base::string16& sid,
-                            const base::string16& id,
-                            const base::string16& email,
-                            const base::string16& token_handle) {
+HRESULT
+RegisterAssociation(const base::string16& sid,
+                    const base::string16& id,
+                    const base::string16& email,
+                    const base::string16& token_handle) {
   // Save token handle.  This handle will be used later to determine if the
   // the user has changed their password since the account was created.
   HRESULT hr = SetUserProperty(sid, kUserTokenHandle, token_handle);
diff --git a/chrome/credential_provider/gaiacp/gaia_credential_base.h b/chrome/credential_provider/gaiacp/gaia_credential_base.h
index 6aaaf44244b..6bf33ff4d3b 100644
--- a/chrome/credential_provider/gaiacp/gaia_credential_base.h
+++ b/chrome/credential_provider/gaiacp/gaia_credential_base.h
@@ -97,8 +97,9 @@ class ATL_NO_VTABLE CGaiaCredentialBase
     return authentication_results_;
   }
 
-  // Saves gaia information in the OS account that was just created.
-  static HRESULT SaveAccountInfo(const base::Value& properties);
+  // Saves account association and user profile information. Makes various HTTP
+  // calls regarding device provisioning and password management.
+  static HRESULT PerformActions(const base::Value& properties);
 
   // Returns true if the current credentials stored in |username_| and
   // |password_| are valid and should succeed a local Windows logon. This
-- 
2.28.0