From 987672d2621fa5278dbf48cbef46c50d3fafe4c1 Mon Sep 17 00:00:00 2001
From: Geoffrey Borggaard <geoffreyb@google.com>
Date: Fri, 18 Jul 2014 16:47:18 -0400
Subject: [PATCH] Fixes setting password through DevicePolicyManager

LockPatternUtils wasn't taking the userId into account when
looking up the salt.
Bug: 16204999

Change-Id: I0626b5a0a55c244122c24fb4446f270918f3187c
---
 .../internal/widget/LockPatternUtils.java     | 25 +++++++++++++------
 .../android/server/LockSettingsService.java   |  5 ++--
 2 files changed, 20 insertions(+), 10 deletions(-)

diff --git a/core/java/com/android/internal/widget/LockPatternUtils.java b/core/java/com/android/internal/widget/LockPatternUtils.java
index d60f7875489e1..b5bfe49f39748 100644
--- a/core/java/com/android/internal/widget/LockPatternUtils.java
+++ b/core/java/com/android/internal/widget/LockPatternUtils.java
@@ -359,7 +359,8 @@ public class LockPatternUtils {
      * @return Whether the password matches any in the history.
      */
     public boolean checkPasswordHistory(String password) {
-        String passwordHashString = new String(passwordToHash(password));
+        String passwordHashString = new String(
+                passwordToHash(password, getCurrentOrCallingUserId()));
         String passwordHistory = getString(PASSWORD_HISTORY_KEY);
         if (passwordHistory == null) {
             return false;
@@ -828,7 +829,7 @@ public class LockPatternUtils {
                 if (passwordHistoryLength == 0) {
                     passwordHistory = "";
                 } else {
-                    byte[] hash = passwordToHash(password);
+                    byte[] hash = passwordToHash(password, userHandle);
                     passwordHistory = new String(hash) + "," + passwordHistory;
                     // Cut it to contain passwordHistoryLength hashes
                     // and passwordHistoryLength -1 commas.
@@ -944,13 +945,13 @@ public class LockPatternUtils {
         }
     }
 
-    private String getSalt() {
-        long salt = getLong(LOCK_PASSWORD_SALT_KEY, 0);
+    private String getSalt(int userId) {
+        long salt = getLong(LOCK_PASSWORD_SALT_KEY, 0, userId);
         if (salt == 0) {
             try {
                 salt = SecureRandom.getInstance("SHA1PRNG").nextLong();
-                setLong(LOCK_PASSWORD_SALT_KEY, salt);
-                Log.v(TAG, "Initialized lock password salt");
+                setLong(LOCK_PASSWORD_SALT_KEY, salt, userId);
+                Log.v(TAG, "Initialized lock password salt for user: " + userId);
             } catch (NoSuchAlgorithmException e) {
                 // Throw an exception rather than storing a password we'll never be able to recover
                 throw new IllegalStateException("Couldn't get SecureRandom number", e);
@@ -966,14 +967,14 @@ public class LockPatternUtils {
      * @param password the gesture pattern.
      * @return the hash of the pattern in a byte array.
      */
-    public byte[] passwordToHash(String password) {
+    public byte[] passwordToHash(String password, int userId) {
         if (password == null) {
             return null;
         }
         String algo = null;
         byte[] hashed = null;
         try {
-            byte[] saltedPassword = (password + getSalt()).getBytes();
+            byte[] saltedPassword = (password + getSalt(userId)).getBytes();
             byte[] sha1 = MessageDigest.getInstance(algo = "SHA-1").digest(saltedPassword);
             byte[] md5 = MessageDigest.getInstance(algo = "MD5").digest(saltedPassword);
             hashed = (toHex(sha1) + toHex(md5)).getBytes();
@@ -1336,6 +1337,14 @@ public class LockPatternUtils {
         return true;
     }
 
+    private long getLong(String secureSettingKey, long defaultValue, int userHandle) {
+        try {
+            return getLockSettings().getLong(secureSettingKey, defaultValue, userHandle);
+        } catch (RemoteException re) {
+            return defaultValue;
+        }
+    }
+
     private long getLong(String secureSettingKey, long defaultValue) {
         try {
             return getLockSettings().getLong(secureSettingKey, defaultValue,
diff --git a/services/core/java/com/android/server/LockSettingsService.java b/services/core/java/com/android/server/LockSettingsService.java
index 5cfc49cd7edba..86ce961256e93 100644
--- a/services/core/java/com/android/server/LockSettingsService.java
+++ b/services/core/java/com/android/server/LockSettingsService.java
@@ -346,7 +346,8 @@ public class LockSettingsService extends ILockSettings.Stub {
 
         maybeUpdateKeystore(password, userId);
 
-        writeFile(getLockPasswordFilename(userId), mLockPatternUtils.passwordToHash(password));
+        writeFile(getLockPasswordFilename(userId),
+                mLockPatternUtils.passwordToHash(password, userId));
     }
 
     @Override
@@ -391,7 +392,7 @@ public class LockSettingsService extends ILockSettings.Stub {
                 return true;
             }
             // Compare the hash from the file with the entered password's hash
-            final byte[] hash = mLockPatternUtils.passwordToHash(password);
+            final byte[] hash = mLockPatternUtils.passwordToHash(password, userId);
             final boolean matched = Arrays.equals(stored, hash);
             if (matched && !TextUtils.isEmpty(password)) {
                 maybeUpdateKeystore(password, userId);