diff options
| author | zea@chromium.org <zea@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-02-08 20:47:56 +0000 |
|---|---|---|
| committer | zea@chromium.org <zea@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-02-08 20:47:56 +0000 |
| commit | cdccbc64763227c16bb9fd4c3a12c16de49cd366 (patch) | |
| tree | 88397d8f96ef52a2375dc0bce27f290179b41bf4 /chrome/browser/sync/glue/sync_backend_host.h | |
| parent | 8da87eae5d1fcac743993de3431d66bd915be03b (diff) | |
| download | chromium_src-cdccbc64763227c16bb9fd4c3a12c16de49cd366.zip chromium_src-cdccbc64763227c16bb9fd4c3a12c16de49cd366.tar.gz chromium_src-cdccbc64763227c16bb9fd4c3a12c16de49cd366.tar.bz2 | |
Revert 121030 - Merge 120257 - [Sync] Ensure we always re-encrypt with newest gaia password if available.
Previously we would only re-encrypt an account that had implicit passphrases if,
on a password change, the client was already signed in. Otherwise, for example
if the user signs in to a new client, we would disregard the current credentials
because they are unable to decrypt the existing encrypted data (based on the old
gaia password).
This change ensures we do not throw away the old credentials. If we have pending
keys, we go ahead and generate new encryption keys based on the new credentials
and set those keys as the default. In addition, we persist the keys in the
bootstrap token for the cryptographer. In this way, the bootstrap token for
accounts using implicit passphrases will always correspond to the encryption
keys derived from the most recent gaia password.
Once the user supplies the old gaia password (which they will be prompted for
due to the cryptographer having pending keys), we will install it, but then
restore the encryption keys based on the current gaia password as the default.
This decision is made based on whether the pending keybag contains the current
default key or not. If it does, then the keybag must be newer than our data,
and we let it overwrite the default. If it does not, then our current key
is the newest, and we persist the current default.
In order to support this change, we plumb from the setup flow whether a
passphrase originates from the user or from an internal source (the
signin successful notification). In this way we can differentiate the current
implicit passphrase from an older user provided one.
BUG=104508
TEST=sync_unit_tests. All existing passphrase tests. Manually signing into
a clean account, setting up sync, signing out, changing the password, then
signing in to a new client. The new client should prompt for the old password,
but once provided should re-encrypt all data with the new password.
Subsequent new clients should not prompt for any old password.
Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=120157
Review URL: https://chromiumcodereview.appspot.com/9309022
TBR=zea@chromium.org
Review URL: https://chromiumcodereview.appspot.com/9367001
TBR=zea@chromium.org
Review URL: https://chromiumcodereview.appspot.com/9360026
git-svn-id: svn://svn.chromium.org/chrome/branches/1025/src@121037 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/browser/sync/glue/sync_backend_host.h')
| -rw-r--r-- | chrome/browser/sync/glue/sync_backend_host.h | 19 |
1 files changed, 6 insertions, 13 deletions
diff --git a/chrome/browser/sync/glue/sync_backend_host.h b/chrome/browser/sync/glue/sync_backend_host.h index bc2dbbf..1fd547d 100644 --- a/chrome/browser/sync/glue/sync_backend_host.h +++ b/chrome/browser/sync/glue/sync_backend_host.h @@ -178,18 +178,11 @@ class SyncBackendHost { virtual void StartSyncingWithServer(); // Called on |frontend_loop_| to asynchronously set the passphrase. - // |is_explicit| is true if the call is in response to the user setting a - // custom explicit passphrase as opposed to implicitly (from the users' - // perspective) using their Google Account password. An implicit SetPassphrase - // will *not* override an explicit passphrase set previously. Note that - // if the data is encrypted with an old Google Account password, the user - // may still have to provide a "implicit" passphrase. - // |user_provided| corresponds to the user having manually provided this - // passphrase. It should only be false for passphrases intercepted from the - // Google Sign-in Success notification and true otherwise. - void SetPassphrase(const std::string& passphrase, - bool is_explicit, - bool user_provided); + // |is_explicit| is true if the call is in response to the user explicitly + // setting a passphrase as opposed to implicitly (from the users' perspective) + // using their Google Account password. An implicit SetPassphrase will *not* + // *not* override an explicit passphrase set previously. + void SetPassphrase(const std::string& passphrase, bool is_explicit); // Called on |frontend_loop_| to kick off shutdown procedure. After this, // no further sync activity will occur with the sync server and no further @@ -413,7 +406,7 @@ class SyncBackendHost { sync_pb::EncryptedData pending_keys); // Invoked when the passphrase provided by the user has been accepted. - void NotifyPassphraseAccepted(); + void NotifyPassphraseAccepted(const std::string& bootstrap_token); // Invoked when an updated token is available from the sync server. void NotifyUpdatedToken(const std::string& token); |