Jorim Jaggi | 2fef6f7 | 2016-11-01 19:06:25 -0700 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2016 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License |
| 15 | */ |
| 16 | |
Andrew Scull | 507d11c | 2017-05-03 17:19:01 +0100 | [diff] [blame] | 17 | package com.android.server.locksettings; |
Jorim Jaggi | 2fef6f7 | 2016-11-01 19:06:25 -0700 | [diff] [blame] | 18 | |
Pavel Grafov | a182b9c | 2019-10-16 14:43:46 +0100 | [diff] [blame] | 19 | import static android.app.admin.DevicePolicyManager.PASSWORD_COMPLEXITY_NONE; |
| 20 | |
| 21 | import static com.android.internal.widget.LockPatternUtils.CREDENTIAL_TYPE_NONE; |
| 22 | import static com.android.internal.widget.LockPatternUtils.CREDENTIAL_TYPE_PATTERN; |
| 23 | |
Sudheer Shanka | dc589ac | 2016-11-10 15:30:17 -0800 | [diff] [blame] | 24 | import android.app.ActivityManager; |
Pavel Grafov | a182b9c | 2019-10-16 14:43:46 +0100 | [diff] [blame] | 25 | import android.app.admin.PasswordMetrics; |
Jorim Jaggi | 2fef6f7 | 2016-11-01 19:06:25 -0700 | [diff] [blame] | 26 | import android.os.ShellCommand; |
Rubin Xu | 62b56b3 | 2020-01-16 14:53:34 +0000 | [diff] [blame] | 27 | import android.text.TextUtils; |
Jorim Jaggi | 2fef6f7 | 2016-11-01 19:06:25 -0700 | [diff] [blame] | 28 | |
Jorim Jaggi | 2fef6f7 | 2016-11-01 19:06:25 -0700 | [diff] [blame] | 29 | import com.android.internal.widget.LockPatternUtils; |
| 30 | import com.android.internal.widget.LockPatternUtils.RequestThrottledException; |
Rubin Xu | a58125d | 2019-09-06 20:11:48 +0100 | [diff] [blame] | 31 | import com.android.internal.widget.LockscreenCredential; |
Pavel Grafov | a182b9c | 2019-10-16 14:43:46 +0100 | [diff] [blame] | 32 | import com.android.internal.widget.PasswordValidationError; |
Jorim Jaggi | 2fef6f7 | 2016-11-01 19:06:25 -0700 | [diff] [blame] | 33 | |
Felipe Leme | 1fc9c81 | 2018-07-11 10:02:23 -0700 | [diff] [blame] | 34 | import java.io.PrintWriter; |
Pavel Grafov | a182b9c | 2019-10-16 14:43:46 +0100 | [diff] [blame] | 35 | import java.util.List; |
Felipe Leme | 1fc9c81 | 2018-07-11 10:02:23 -0700 | [diff] [blame] | 36 | |
Jorim Jaggi | 2fef6f7 | 2016-11-01 19:06:25 -0700 | [diff] [blame] | 37 | class LockSettingsShellCommand extends ShellCommand { |
| 38 | |
| 39 | private static final String COMMAND_SET_PATTERN = "set-pattern"; |
| 40 | private static final String COMMAND_SET_PIN = "set-pin"; |
| 41 | private static final String COMMAND_SET_PASSWORD = "set-password"; |
| 42 | private static final String COMMAND_CLEAR = "clear"; |
Rubin Xu | 3bf722a | 2016-12-15 16:07:38 +0000 | [diff] [blame] | 43 | private static final String COMMAND_SP = "sp"; |
Jeff Sharkey | 6544099 | 2017-03-31 09:45:46 -0600 | [diff] [blame] | 44 | private static final String COMMAND_SET_DISABLED = "set-disabled"; |
Pavel Grafov | 5f679b2 | 2017-06-26 18:39:10 +0100 | [diff] [blame] | 45 | private static final String COMMAND_VERIFY = "verify"; |
chaviw | 5953e66 | 2017-08-21 10:46:11 -0700 | [diff] [blame] | 46 | private static final String COMMAND_GET_DISABLED = "get-disabled"; |
Rubin Xu | a3c71a1 | 2019-12-04 15:25:02 +0000 | [diff] [blame] | 47 | private static final String COMMAND_REMOVE_CACHE = "remove-cache"; |
Felipe Leme | 1fc9c81 | 2018-07-11 10:02:23 -0700 | [diff] [blame] | 48 | private static final String COMMAND_HELP = "help"; |
Jorim Jaggi | 2fef6f7 | 2016-11-01 19:06:25 -0700 | [diff] [blame] | 49 | |
| 50 | private int mCurrentUserId; |
| 51 | private final LockPatternUtils mLockPatternUtils; |
Jorim Jaggi | 2fef6f7 | 2016-11-01 19:06:25 -0700 | [diff] [blame] | 52 | private String mOld = ""; |
| 53 | private String mNew = ""; |
| 54 | |
Felipe Leme | 1fc9c81 | 2018-07-11 10:02:23 -0700 | [diff] [blame] | 55 | LockSettingsShellCommand(LockPatternUtils lockPatternUtils) { |
Jorim Jaggi | 2fef6f7 | 2016-11-01 19:06:25 -0700 | [diff] [blame] | 56 | mLockPatternUtils = lockPatternUtils; |
| 57 | } |
| 58 | |
| 59 | @Override |
| 60 | public int onCommand(String cmd) { |
Felipe Leme | 1fc9c81 | 2018-07-11 10:02:23 -0700 | [diff] [blame] | 61 | if (cmd == null) { |
| 62 | return handleDefaultCommands(cmd); |
| 63 | } |
Jorim Jaggi | 2fef6f7 | 2016-11-01 19:06:25 -0700 | [diff] [blame] | 64 | try { |
Sudheer Shanka | dc589ac | 2016-11-10 15:30:17 -0800 | [diff] [blame] | 65 | mCurrentUserId = ActivityManager.getService().getCurrentUser().id; |
Jorim Jaggi | 2fef6f7 | 2016-11-01 19:06:25 -0700 | [diff] [blame] | 66 | |
| 67 | parseArgs(); |
Lenka Trochtova | 66c492a | 2018-12-06 11:29:21 +0100 | [diff] [blame] | 68 | if (!mLockPatternUtils.hasSecureLockScreen()) { |
| 69 | switch (cmd) { |
| 70 | case COMMAND_HELP: |
| 71 | case COMMAND_GET_DISABLED: |
| 72 | case COMMAND_SET_DISABLED: |
| 73 | break; |
| 74 | default: |
| 75 | getErrPrintWriter().println( |
| 76 | "The device does not support lock screen - ignoring the command."); |
| 77 | return -1; |
| 78 | } |
| 79 | } |
Rubin Xu | a3c71a1 | 2019-12-04 15:25:02 +0000 | [diff] [blame] | 80 | switch (cmd) { |
| 81 | // Commands that do not require authentication go here. |
| 82 | case COMMAND_REMOVE_CACHE: |
| 83 | runRemoveCache(); |
| 84 | return 0; |
| 85 | case COMMAND_HELP: |
| 86 | onHelp(); |
| 87 | return 0; |
| 88 | } |
Jorim Jaggi | 2fef6f7 | 2016-11-01 19:06:25 -0700 | [diff] [blame] | 89 | if (!checkCredential()) { |
| 90 | return -1; |
| 91 | } |
Pavel Grafov | a182b9c | 2019-10-16 14:43:46 +0100 | [diff] [blame] | 92 | boolean success = true; |
Jorim Jaggi | 2fef6f7 | 2016-11-01 19:06:25 -0700 | [diff] [blame] | 93 | switch (cmd) { |
| 94 | case COMMAND_SET_PATTERN: |
Pavel Grafov | a182b9c | 2019-10-16 14:43:46 +0100 | [diff] [blame] | 95 | success = runSetPattern(); |
Jorim Jaggi | 2fef6f7 | 2016-11-01 19:06:25 -0700 | [diff] [blame] | 96 | break; |
| 97 | case COMMAND_SET_PASSWORD: |
Pavel Grafov | a182b9c | 2019-10-16 14:43:46 +0100 | [diff] [blame] | 98 | success = runSetPassword(); |
Jorim Jaggi | 2fef6f7 | 2016-11-01 19:06:25 -0700 | [diff] [blame] | 99 | break; |
| 100 | case COMMAND_SET_PIN: |
Pavel Grafov | a182b9c | 2019-10-16 14:43:46 +0100 | [diff] [blame] | 101 | success = runSetPin(); |
Jorim Jaggi | 2fef6f7 | 2016-11-01 19:06:25 -0700 | [diff] [blame] | 102 | break; |
| 103 | case COMMAND_CLEAR: |
Pavel Grafov | a182b9c | 2019-10-16 14:43:46 +0100 | [diff] [blame] | 104 | success = runClear(); |
Jorim Jaggi | 2fef6f7 | 2016-11-01 19:06:25 -0700 | [diff] [blame] | 105 | break; |
Rubin Xu | 3bf722a | 2016-12-15 16:07:38 +0000 | [diff] [blame] | 106 | case COMMAND_SP: |
Paul Crowley | 7a0cc0a | 2017-05-31 22:12:57 +0000 | [diff] [blame] | 107 | runChangeSp(); |
Rubin Xu | 3bf722a | 2016-12-15 16:07:38 +0000 | [diff] [blame] | 108 | break; |
Jeff Sharkey | 6544099 | 2017-03-31 09:45:46 -0600 | [diff] [blame] | 109 | case COMMAND_SET_DISABLED: |
| 110 | runSetDisabled(); |
| 111 | break; |
Pavel Grafov | 5f679b2 | 2017-06-26 18:39:10 +0100 | [diff] [blame] | 112 | case COMMAND_VERIFY: |
| 113 | runVerify(); |
| 114 | break; |
chaviw | 5953e66 | 2017-08-21 10:46:11 -0700 | [diff] [blame] | 115 | case COMMAND_GET_DISABLED: |
| 116 | runGetDisabled(); |
| 117 | break; |
Jorim Jaggi | 2fef6f7 | 2016-11-01 19:06:25 -0700 | [diff] [blame] | 118 | default: |
| 119 | getErrPrintWriter().println("Unknown command: " + cmd); |
| 120 | break; |
| 121 | } |
Pavel Grafov | a182b9c | 2019-10-16 14:43:46 +0100 | [diff] [blame] | 122 | return success ? 0 : -1; |
Jorim Jaggi | 2fef6f7 | 2016-11-01 19:06:25 -0700 | [diff] [blame] | 123 | } catch (Exception e) { |
Rubin Xu | 0cbc19e | 2016-12-09 14:00:21 +0000 | [diff] [blame] | 124 | getErrPrintWriter().println("Error while executing command: " + cmd); |
| 125 | e.printStackTrace(getErrPrintWriter()); |
Jorim Jaggi | 2fef6f7 | 2016-11-01 19:06:25 -0700 | [diff] [blame] | 126 | return -1; |
| 127 | } |
| 128 | } |
| 129 | |
Pavel Grafov | 5f679b2 | 2017-06-26 18:39:10 +0100 | [diff] [blame] | 130 | private void runVerify() { |
| 131 | // The command is only run if the credential is correct. |
| 132 | getOutPrintWriter().println("Lock credential verified successfully"); |
| 133 | } |
| 134 | |
Jorim Jaggi | 2fef6f7 | 2016-11-01 19:06:25 -0700 | [diff] [blame] | 135 | @Override |
| 136 | public void onHelp() { |
Felipe Leme | 1fc9c81 | 2018-07-11 10:02:23 -0700 | [diff] [blame] | 137 | try (final PrintWriter pw = getOutPrintWriter();) { |
| 138 | pw.println("lockSettings service commands:"); |
| 139 | pw.println(""); |
| 140 | pw.println("NOTE: when lock screen is set, all commands require the --old <CREDENTIAL>" |
| 141 | + " argument."); |
| 142 | pw.println(""); |
| 143 | pw.println(" help"); |
| 144 | pw.println(" Prints this help text."); |
| 145 | pw.println(""); |
| 146 | pw.println(" get-disabled [--old <CREDENTIAL>] [--user USER_ID]"); |
| 147 | pw.println(" Checks whether lock screen is disabled."); |
| 148 | pw.println(""); |
| 149 | pw.println(" set-disabled [--old <CREDENTIAL>] [--user USER_ID] <true|false>"); |
| 150 | pw.println(" When true, disables lock screen."); |
| 151 | pw.println(""); |
| 152 | pw.println(" set-pattern [--old <CREDENTIAL>] [--user USER_ID] <PATTERN>"); |
| 153 | pw.println(" Sets the lock screen as pattern, using the given PATTERN to unlock."); |
| 154 | pw.println(""); |
| 155 | pw.println(" set-pin [--old <CREDENTIAL>] [--user USER_ID] <PIN>"); |
| 156 | pw.println(" Sets the lock screen as PIN, using the given PIN to unlock."); |
| 157 | pw.println(""); |
| 158 | pw.println(" set-pin [--old <CREDENTIAL>] [--user USER_ID] <PASSWORD>"); |
| 159 | pw.println(" Sets the lock screen as password, using the given PASSOWRD to unlock."); |
| 160 | pw.println(""); |
| 161 | pw.println(" sp [--old <CREDENTIAL>] [--user USER_ID]"); |
| 162 | pw.println(" Gets whether synthetic password is enabled."); |
| 163 | pw.println(""); |
| 164 | pw.println(" sp [--old <CREDENTIAL>] [--user USER_ID] <1|0>"); |
| 165 | pw.println(" Enables / disables synthetic password."); |
| 166 | pw.println(""); |
| 167 | pw.println(" clear [--old <CREDENTIAL>] [--user USER_ID]"); |
| 168 | pw.println(" Clears the lock credentials."); |
| 169 | pw.println(""); |
| 170 | pw.println(" verify [--old <CREDENTIAL>] [--user USER_ID]"); |
| 171 | pw.println(" Verifies the lock credentials."); |
| 172 | pw.println(""); |
Rubin Xu | a3c71a1 | 2019-12-04 15:25:02 +0000 | [diff] [blame] | 173 | pw.println(" remove-cache [--user USER_ID]"); |
| 174 | pw.println(" Removes cached unified challenge for the managed profile."); |
| 175 | pw.println(""); |
Felipe Leme | 1fc9c81 | 2018-07-11 10:02:23 -0700 | [diff] [blame] | 176 | } |
Jorim Jaggi | 2fef6f7 | 2016-11-01 19:06:25 -0700 | [diff] [blame] | 177 | } |
| 178 | |
| 179 | private void parseArgs() { |
| 180 | String opt; |
| 181 | while ((opt = getNextOption()) != null) { |
| 182 | if ("--old".equals(opt)) { |
| 183 | mOld = getNextArgRequired(); |
Rubin Xu | 3bf722a | 2016-12-15 16:07:38 +0000 | [diff] [blame] | 184 | } else if ("--user".equals(opt)) { |
| 185 | mCurrentUserId = Integer.parseInt(getNextArgRequired()); |
Jorim Jaggi | 2fef6f7 | 2016-11-01 19:06:25 -0700 | [diff] [blame] | 186 | } else { |
| 187 | getErrPrintWriter().println("Unknown option: " + opt); |
| 188 | throw new IllegalArgumentException(); |
| 189 | } |
| 190 | } |
| 191 | mNew = getNextArg(); |
| 192 | } |
| 193 | |
Paul Crowley | 7a0cc0a | 2017-05-31 22:12:57 +0000 | [diff] [blame] | 194 | private void runChangeSp() { |
| 195 | if (mNew != null ) { |
| 196 | if ("1".equals(mNew)) { |
| 197 | mLockPatternUtils.enableSyntheticPassword(); |
| 198 | getOutPrintWriter().println("Synthetic password enabled"); |
| 199 | } else if ("0".equals(mNew)) { |
| 200 | mLockPatternUtils.disableSyntheticPassword(); |
| 201 | getOutPrintWriter().println("Synthetic password disabled"); |
| 202 | } |
Rubin Xu | 3bf722a | 2016-12-15 16:07:38 +0000 | [diff] [blame] | 203 | } |
| 204 | getOutPrintWriter().println(String.format("SP Enabled = %b", |
| 205 | mLockPatternUtils.isSyntheticPasswordEnabled())); |
| 206 | } |
| 207 | |
Rubin Xu | a58125d | 2019-09-06 20:11:48 +0100 | [diff] [blame] | 208 | private LockscreenCredential getOldCredential() { |
Rubin Xu | 62b56b3 | 2020-01-16 14:53:34 +0000 | [diff] [blame] | 209 | if (TextUtils.isEmpty(mOld)) { |
| 210 | return LockscreenCredential.createNone(); |
| 211 | } |
Rubin Xu | a58125d | 2019-09-06 20:11:48 +0100 | [diff] [blame] | 212 | if (mLockPatternUtils.isLockPasswordEnabled(mCurrentUserId)) { |
| 213 | final int quality = mLockPatternUtils.getKeyguardStoredPasswordQuality(mCurrentUserId); |
| 214 | if (LockPatternUtils.isQualityAlphabeticPassword(quality)) { |
| 215 | return LockscreenCredential.createPassword(mOld); |
| 216 | } else { |
| 217 | return LockscreenCredential.createPin(mOld); |
| 218 | } |
Rubin Xu | 62b56b3 | 2020-01-16 14:53:34 +0000 | [diff] [blame] | 219 | } |
| 220 | if (mLockPatternUtils.isLockPatternEnabled(mCurrentUserId)) { |
Rubin Xu | a58125d | 2019-09-06 20:11:48 +0100 | [diff] [blame] | 221 | return LockscreenCredential.createPattern(LockPatternUtils.byteArrayToPattern( |
| 222 | mOld.getBytes())); |
Rubin Xu | a58125d | 2019-09-06 20:11:48 +0100 | [diff] [blame] | 223 | } |
Rubin Xu | 62b56b3 | 2020-01-16 14:53:34 +0000 | [diff] [blame] | 224 | // User supplied some old credential but the device has neither password nor pattern, |
| 225 | // so just return a password credential (and let it be rejected during LSS verification) |
| 226 | return LockscreenCredential.createPassword(mOld); |
| 227 | |
Rubin Xu | a58125d | 2019-09-06 20:11:48 +0100 | [diff] [blame] | 228 | } |
| 229 | |
Pavel Grafov | a182b9c | 2019-10-16 14:43:46 +0100 | [diff] [blame] | 230 | private boolean runSetPattern() { |
| 231 | final LockscreenCredential pattern = LockscreenCredential.createPattern( |
| 232 | LockPatternUtils.byteArrayToPattern(mNew.getBytes())); |
| 233 | if (!isNewCredentialSufficient(pattern)) { |
| 234 | return false; |
| 235 | } |
| 236 | mLockPatternUtils.setLockCredential(pattern, getOldCredential(), mCurrentUserId); |
Jorim Jaggi | 2fef6f7 | 2016-11-01 19:06:25 -0700 | [diff] [blame] | 237 | getOutPrintWriter().println("Pattern set to '" + mNew + "'"); |
Pavel Grafov | a182b9c | 2019-10-16 14:43:46 +0100 | [diff] [blame] | 238 | return true; |
Jorim Jaggi | 2fef6f7 | 2016-11-01 19:06:25 -0700 | [diff] [blame] | 239 | } |
| 240 | |
Pavel Grafov | a182b9c | 2019-10-16 14:43:46 +0100 | [diff] [blame] | 241 | private boolean runSetPassword() { |
| 242 | final LockscreenCredential password = LockscreenCredential.createPassword(mNew); |
| 243 | if (!isNewCredentialSufficient(password)) { |
| 244 | return false; |
| 245 | } |
| 246 | mLockPatternUtils.setLockCredential(password, getOldCredential(), mCurrentUserId); |
Jorim Jaggi | 2fef6f7 | 2016-11-01 19:06:25 -0700 | [diff] [blame] | 247 | getOutPrintWriter().println("Password set to '" + mNew + "'"); |
Pavel Grafov | a182b9c | 2019-10-16 14:43:46 +0100 | [diff] [blame] | 248 | return true; |
Jorim Jaggi | 2fef6f7 | 2016-11-01 19:06:25 -0700 | [diff] [blame] | 249 | } |
| 250 | |
Pavel Grafov | a182b9c | 2019-10-16 14:43:46 +0100 | [diff] [blame] | 251 | private boolean runSetPin() { |
| 252 | final LockscreenCredential pin = LockscreenCredential.createPin(mNew); |
| 253 | if (!isNewCredentialSufficient(pin)) { |
| 254 | return false; |
| 255 | } |
| 256 | mLockPatternUtils.setLockCredential(pin, getOldCredential(), mCurrentUserId); |
Jorim Jaggi | 2fef6f7 | 2016-11-01 19:06:25 -0700 | [diff] [blame] | 257 | getOutPrintWriter().println("Pin set to '" + mNew + "'"); |
Pavel Grafov | a182b9c | 2019-10-16 14:43:46 +0100 | [diff] [blame] | 258 | return true; |
Jorim Jaggi | 2fef6f7 | 2016-11-01 19:06:25 -0700 | [diff] [blame] | 259 | } |
| 260 | |
Pavel Grafov | a182b9c | 2019-10-16 14:43:46 +0100 | [diff] [blame] | 261 | private boolean runClear() { |
| 262 | LockscreenCredential none = LockscreenCredential.createNone(); |
| 263 | if (!isNewCredentialSufficient(none)) { |
| 264 | return false; |
| 265 | } |
| 266 | mLockPatternUtils.setLockCredential(none, getOldCredential(), mCurrentUserId); |
Jorim Jaggi | 2fef6f7 | 2016-11-01 19:06:25 -0700 | [diff] [blame] | 267 | getOutPrintWriter().println("Lock credential cleared"); |
Pavel Grafov | a182b9c | 2019-10-16 14:43:46 +0100 | [diff] [blame] | 268 | return true; |
| 269 | } |
| 270 | |
| 271 | private boolean isNewCredentialSufficient(LockscreenCredential credential) { |
| 272 | final PasswordMetrics requiredMetrics = |
| 273 | mLockPatternUtils.getRequestedPasswordMetrics(mCurrentUserId); |
| 274 | final List<PasswordValidationError> errors; |
| 275 | if (credential.isPassword() || credential.isPin()) { |
| 276 | errors = PasswordMetrics.validatePassword(requiredMetrics, PASSWORD_COMPLEXITY_NONE, |
| 277 | credential.isPin(), credential.getCredential()); |
| 278 | } else { |
| 279 | PasswordMetrics metrics = new PasswordMetrics( |
| 280 | credential.isPattern() ? CREDENTIAL_TYPE_PATTERN : CREDENTIAL_TYPE_NONE); |
| 281 | errors = PasswordMetrics.validatePasswordMetrics( |
| 282 | requiredMetrics, PASSWORD_COMPLEXITY_NONE, false /* isPin */, metrics); |
| 283 | } |
| 284 | if (!errors.isEmpty()) { |
| 285 | getOutPrintWriter().println( |
| 286 | "New credential doesn't satisfy admin policies: " + errors.get(0)); |
| 287 | return false; |
| 288 | } |
| 289 | return true; |
Jorim Jaggi | 2fef6f7 | 2016-11-01 19:06:25 -0700 | [diff] [blame] | 290 | } |
| 291 | |
Felipe Leme | 1fc9c81 | 2018-07-11 10:02:23 -0700 | [diff] [blame] | 292 | private void runSetDisabled() { |
Jeff Sharkey | 6544099 | 2017-03-31 09:45:46 -0600 | [diff] [blame] | 293 | final boolean disabled = Boolean.parseBoolean(mNew); |
| 294 | mLockPatternUtils.setLockScreenDisabled(disabled, mCurrentUserId); |
| 295 | getOutPrintWriter().println("Lock screen disabled set to " + disabled); |
| 296 | } |
| 297 | |
chaviw | 5953e66 | 2017-08-21 10:46:11 -0700 | [diff] [blame] | 298 | private void runGetDisabled() { |
| 299 | boolean isLockScreenDisabled = mLockPatternUtils.isLockScreenDisabled(mCurrentUserId); |
| 300 | getOutPrintWriter().println(isLockScreenDisabled); |
| 301 | } |
| 302 | |
Felipe Leme | 1fc9c81 | 2018-07-11 10:02:23 -0700 | [diff] [blame] | 303 | private boolean checkCredential() { |
Rubin Xu | 5e891bc | 2019-10-14 10:22:23 +0100 | [diff] [blame] | 304 | if (mLockPatternUtils.isSecure(mCurrentUserId)) { |
Pavel Grafov | fc135c7 | 2017-07-25 16:38:04 +0100 | [diff] [blame] | 305 | if (mLockPatternUtils.isManagedProfileWithUnifiedChallenge(mCurrentUserId)) { |
| 306 | getOutPrintWriter().println("Profile uses unified challenge"); |
| 307 | return false; |
| 308 | } |
| 309 | |
Pavel Grafov | c07067d | 2017-07-05 16:30:04 +0100 | [diff] [blame] | 310 | try { |
Rubin Xu | a58125d | 2019-09-06 20:11:48 +0100 | [diff] [blame] | 311 | final boolean result = mLockPatternUtils.checkCredential(getOldCredential(), |
| 312 | mCurrentUserId, null); |
Pavel Grafov | c07067d | 2017-07-05 16:30:04 +0100 | [diff] [blame] | 313 | if (!result) { |
Pavel Grafov | b319125 | 2017-07-14 12:30:31 +0100 | [diff] [blame] | 314 | if (!mLockPatternUtils.isManagedProfileWithUnifiedChallenge(mCurrentUserId)) { |
| 315 | mLockPatternUtils.reportFailedPasswordAttempt(mCurrentUserId); |
| 316 | } |
Pavel Grafov | c07067d | 2017-07-05 16:30:04 +0100 | [diff] [blame] | 317 | getOutPrintWriter().println("Old password '" + mOld + "' didn't match"); |
Irina Dumitrescu | 472dae5 | 2018-07-19 18:07:58 +0100 | [diff] [blame] | 318 | } else { |
| 319 | // Resets the counter for failed password attempts to 0. |
| 320 | mLockPatternUtils.reportSuccessfulPasswordAttempt(mCurrentUserId); |
Pavel Grafov | c07067d | 2017-07-05 16:30:04 +0100 | [diff] [blame] | 321 | } |
| 322 | return result; |
| 323 | } catch (RequestThrottledException e) { |
| 324 | getOutPrintWriter().println("Request throttled"); |
Jorim Jaggi | 2fef6f7 | 2016-11-01 19:06:25 -0700 | [diff] [blame] | 325 | return false; |
| 326 | } |
| 327 | } else { |
Rubin Xu | ca7007b | 2019-03-25 11:44:41 +0000 | [diff] [blame] | 328 | if (!mOld.isEmpty()) { |
| 329 | getOutPrintWriter().println("Old password provided but user has no password"); |
| 330 | return false; |
| 331 | } |
Jorim Jaggi | 2fef6f7 | 2016-11-01 19:06:25 -0700 | [diff] [blame] | 332 | return true; |
| 333 | } |
| 334 | } |
Rubin Xu | a3c71a1 | 2019-12-04 15:25:02 +0000 | [diff] [blame] | 335 | |
| 336 | private void runRemoveCache() { |
| 337 | mLockPatternUtils.removeCachedUnifiedChallenge(mCurrentUserId); |
| 338 | getOutPrintWriter().println("Password cached removed for user " + mCurrentUserId); |
| 339 | } |
Jorim Jaggi | 2fef6f7 | 2016-11-01 19:06:25 -0700 | [diff] [blame] | 340 | } |