Chromium Code Reviews Chromium Code Reviews
Issue 6409040:
New policy protobuf protocol. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/policy/device_management_policy_provider.h" | 5 #include "chrome/browser/policy/device_management_policy_provider.h" |
| 6 | 6 |
| 7 #include <algorithm> | |
| 8 | |
| 7 #include "base/command_line.h" | 9 #include "base/command_line.h" |
| 8 #include "base/file_util.h" | 10 #include "base/file_util.h" |
| 9 #include "base/path_service.h" | 11 #include "base/path_service.h" |
| 10 #include "base/rand_util.h" | 12 #include "base/rand_util.h" |
| 11 #include "base/task.h" | 13 #include "base/task.h" |
| 12 #include "chrome/browser/browser_thread.h" | 14 #include "chrome/browser/browser_thread.h" |
| 15 #include "chrome/browser/policy/cloud_policy_cache.h" | |
| 13 #include "chrome/browser/policy/device_management_backend.h" | 16 #include "chrome/browser/policy/device_management_backend.h" |
| 14 #include "chrome/browser/policy/device_management_policy_cache.h" | |
| 15 #include "chrome/browser/policy/profile_policy_context.h" | 17 #include "chrome/browser/policy/profile_policy_context.h" |
| 16 #include "chrome/browser/policy/proto/device_management_constants.h" | 18 #include "chrome/browser/policy/proto/device_management_constants.h" |
| 17 #include "chrome/browser/profiles/profile.h" | 19 #include "chrome/browser/profiles/profile.h" |
| 18 #include "chrome/common/chrome_paths.h" | 20 #include "chrome/common/chrome_paths.h" |
| 19 #include "chrome/common/chrome_switches.h" | 21 #include "chrome/common/chrome_switches.h" |
| 20 #include "chrome/common/notification_service.h" | 22 #include "chrome/common/notification_service.h" |
| 21 #include "chrome/common/notification_type.h" | 23 #include "chrome/common/notification_type.h" |
| 22 | 24 |
| 23 namespace policy { | 25 namespace policy { |
| 24 | 26 |
| (...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 79 | 81 |
| 80 DeviceManagementPolicyProvider::~DeviceManagementPolicyProvider() { | 82 DeviceManagementPolicyProvider::~DeviceManagementPolicyProvider() { |
| 81 FOR_EACH_OBSERVER(ConfigurationPolicyProvider::Observer, | 83 FOR_EACH_OBSERVER(ConfigurationPolicyProvider::Observer, |
| 82 observer_list_, | 84 observer_list_, |
| 83 OnProviderGoingAway()); | 85 OnProviderGoingAway()); |
| 84 CancelRefreshTask(); | 86 CancelRefreshTask(); |
| 85 } | 87 } |
| 86 | 88 |
| 87 bool DeviceManagementPolicyProvider::Provide( | 89 bool DeviceManagementPolicyProvider::Provide( |
| 88 ConfigurationPolicyStoreInterface* policy_store) { | 90 ConfigurationPolicyStoreInterface* policy_store) { |
| 89 scoped_ptr<DictionaryValue> policies(cache_->GetPolicy()); | 91 if (cache_->has_device_policy()) { |
| 90 DecodePolicyValueTree(policies.get(), policy_store); | 92 scoped_ptr<DictionaryValue> policies(cache_->GetDevicePolicy()); |
| 93 ApplyPolicyValueTree(policies.get(), policy_store); | |
| 94 } else { | |
| 95 scoped_ptr<PolicyMapType> policies(cache_->GetMandatoryPolicy()); | |
| 96 ApplyPolicyMap(policies.get(), policy_store); | |
| 97 // TODO(jkummerow, mnissler): provide recommended policy. | |
| 98 } | |
| 91 return true; | 99 return true; |
| 92 } | 100 } |
| 93 | 101 |
| 94 bool DeviceManagementPolicyProvider::IsInitializationComplete() const { | 102 bool DeviceManagementPolicyProvider::IsInitializationComplete() const { |
| 95 return !cache_->last_policy_refresh_time().is_null(); | 103 return !cache_->last_policy_refresh_time().is_null(); |
| 96 } | 104 } |
| 97 | 105 |
| 98 void DeviceManagementPolicyProvider::HandlePolicyResponse( | 106 void DeviceManagementPolicyProvider::HandlePolicyResponse( |
| 99 const em::DevicePolicyResponse& response) { | 107 const em::DevicePolicyResponse& response) { |
| 100 DCHECK(TokenAvailable()); | 108 DCHECK(TokenAvailable()); |
| 101 if (cache_->SetPolicy(response)) { | 109 if (cache_->SetPolicy(response)) { |
| 102 initial_fetch_done_ = true; | 110 initial_fetch_done_ = true; |
| 103 NotifyCloudPolicyUpdate(); | 111 NotifyCloudPolicyUpdate(); |
| 104 } | 112 } |
| 105 SetState(STATE_POLICY_VALID); | 113 SetState(STATE_POLICY_VALID); |
| 106 } | 114 } |
| 107 | 115 |
| 116 void DeviceManagementPolicyProvider::HandleCloudPolicyResponse( | |
| 117 const em::CloudPolicyResponse& response) { | |
| 118 DCHECK(TokenAvailable()); | |
| 119 if (cache_->SetPolicy(response)) { | |
| 120 initial_fetch_done_ = true; | |
| 121 NotifyCloudPolicyUpdate(); | |
| 122 } | |
| 123 SetState(STATE_POLICY_VALID); | |
| 124 } | |
| 125 | |
| 108 void DeviceManagementPolicyProvider::OnError( | 126 void DeviceManagementPolicyProvider::OnError( |
| 109 DeviceManagementBackend::ErrorCode code) { | 127 DeviceManagementBackend::ErrorCode code) { |
| 110 DCHECK(TokenAvailable()); | 128 DCHECK(TokenAvailable()); |
| 111 if (code == DeviceManagementBackend::kErrorServiceDeviceNotFound || | 129 if (code == DeviceManagementBackend::kErrorServiceDeviceNotFound || |
| 112 code == DeviceManagementBackend::kErrorServiceManagementTokenInvalid) { | 130 code == DeviceManagementBackend::kErrorServiceManagementTokenInvalid) { |
| 113 LOG(WARNING) << "The device token was either invalid or unknown to the " | 131 LOG(WARNING) << "The device token was either invalid or unknown to the " |
| 114 << "device manager, re-registering device."; | 132 << "device manager, re-registering device."; |
| 115 SetState(STATE_TOKEN_RESET); | 133 SetState(STATE_TOKEN_RESET); |
| 116 } else if (code == | 134 } else if (code == |
| 117 DeviceManagementBackend::kErrorServiceManagementNotSupported) { | 135 DeviceManagementBackend::kErrorServiceManagementNotSupported) { |
| 118 VLOG(1) << "The device is no longer managed, resetting device token."; | 136 VLOG(1) << "The device is no longer managed, resetting device token."; |
| 119 SetState(STATE_TOKEN_RESET); | 137 SetState(STATE_TOKEN_RESET); |
| 138 } else if (!fallback_to_old_protocol_ && | |
| 139 code == DeviceManagementBackend::kErrorRequestInvalid) { | |
| 140 LOG(WARNING) << "Device manager doesn't understand new protocol, falling " | |
| 141 << "back to old request."; | |
| 142 fallback_to_old_protocol_ = true; | |
| 143 SendPolicyRequest(); | |
|
Mattias Nissler (ping if slow)
2011/02/03 16:23:41
You can do SetState(STATE_TOKEN_VALID) instead for
Jakob Kummerow
2011/02/08 16:15:43
Done.
| |
| 120 } else { | 144 } else { |
| 121 LOG(WARNING) << "Could not provide policy from the device manager (error = " | 145 LOG(WARNING) << "Could not provide policy from the device manager (error = " |
| 122 << code << "), will retry in " | 146 << code << "), will retry in " |
| 123 << (effective_policy_refresh_error_delay_ms_ / 1000) | 147 << (effective_policy_refresh_error_delay_ms_ / 1000) |
| 124 << " seconds."; | 148 << " seconds."; |
| 125 SetState(STATE_POLICY_ERROR); | 149 SetState(STATE_POLICY_ERROR); |
| 126 } | 150 } |
| 127 } | 151 } |
| 128 | 152 |
| 129 void DeviceManagementPolicyProvider::OnTokenSuccess() { | 153 void DeviceManagementPolicyProvider::OnTokenSuccess() { |
| 130 DCHECK(!TokenAvailable()); | 154 DCHECK(!TokenAvailable()); |
| 131 SetState(STATE_TOKEN_VALID); | 155 SetState(STATE_TOKEN_VALID); |
| 132 } | 156 } |
| 133 | 157 |
| 134 void DeviceManagementPolicyProvider::OnTokenError() { | 158 void DeviceManagementPolicyProvider::OnTokenError() { |
| 135 DCHECK(!TokenAvailable()); | 159 DCHECK(!TokenAvailable()); |
| 136 LOG(WARNING) << "Could not retrieve device token."; | 160 LOG(WARNING) << "Could not retrieve device token."; |
| 137 SetState(STATE_TOKEN_ERROR); | 161 SetState(STATE_TOKEN_ERROR); |
| 138 } | 162 } |
| 139 | 163 |
| 140 void DeviceManagementPolicyProvider::OnNotManaged() { | 164 void DeviceManagementPolicyProvider::OnNotManaged() { |
| 141 DCHECK(!TokenAvailable()); | 165 DCHECK(!TokenAvailable()); |
| 142 VLOG(1) << "This device is not managed."; | 166 VLOG(1) << "This device is not managed."; |
| 143 cache_->SetDeviceUnmanaged(); | 167 cache_->SetUnmanaged(); |
| 144 SetState(STATE_UNMANAGED); | 168 SetState(STATE_UNMANAGED); |
| 145 } | 169 } |
| 146 | 170 |
| 147 void DeviceManagementPolicyProvider::SetRefreshRate( | 171 void DeviceManagementPolicyProvider::SetRefreshRate( |
| 148 int64 refresh_rate_milliseconds) { | 172 int64 refresh_rate_milliseconds) { |
| 149 policy_refresh_rate_ms_ = refresh_rate_milliseconds; | 173 policy_refresh_rate_ms_ = refresh_rate_milliseconds; |
| 150 | 174 |
| 151 // Reschedule the refresh task if necessary. | 175 // Reschedule the refresh task if necessary. |
| 152 if (state_ == STATE_POLICY_VALID) | 176 if (state_ == STATE_POLICY_VALID) |
| 153 SetState(STATE_POLICY_VALID); | 177 SetState(STATE_POLICY_VALID); |
| (...skipping 25 matching lines...) Expand all Loading... | |
| 179 Profile* profile, | 203 Profile* profile, |
| 180 int64 policy_refresh_rate_ms, | 204 int64 policy_refresh_rate_ms, |
| 181 int policy_refresh_deviation_factor_percent, | 205 int policy_refresh_deviation_factor_percent, |
| 182 int64 policy_refresh_deviation_max_ms, | 206 int64 policy_refresh_deviation_max_ms, |
| 183 int64 policy_refresh_error_delay_ms, | 207 int64 policy_refresh_error_delay_ms, |
| 184 int64 token_fetch_error_delay_ms, | 208 int64 token_fetch_error_delay_ms, |
| 185 int64 unmanaged_device_refresh_rate_ms) { | 209 int64 unmanaged_device_refresh_rate_ms) { |
| 186 DCHECK(profile); | 210 DCHECK(profile); |
| 187 backend_.reset(backend); | 211 backend_.reset(backend); |
| 188 profile_ = profile; | 212 profile_ = profile; |
| 213 fallback_to_old_protocol_ = false; | |
| 189 storage_dir_ = GetOrCreateDeviceManagementDir(profile_->GetPath()); | 214 storage_dir_ = GetOrCreateDeviceManagementDir(profile_->GetPath()); |
| 190 state_ = STATE_INITIALIZING; | 215 state_ = STATE_INITIALIZING; |
| 191 initial_fetch_done_ = false; | 216 initial_fetch_done_ = false; |
| 192 refresh_task_ = NULL; | 217 refresh_task_ = NULL; |
| 193 policy_refresh_rate_ms_ = policy_refresh_rate_ms; | 218 policy_refresh_rate_ms_ = policy_refresh_rate_ms; |
| 194 policy_refresh_deviation_factor_percent_ = | 219 policy_refresh_deviation_factor_percent_ = |
| 195 policy_refresh_deviation_factor_percent; | 220 policy_refresh_deviation_factor_percent; |
| 196 policy_refresh_deviation_max_ms_ = policy_refresh_deviation_max_ms; | 221 policy_refresh_deviation_max_ms_ = policy_refresh_deviation_max_ms; |
| 197 policy_refresh_error_delay_ms_ = policy_refresh_error_delay_ms; | 222 policy_refresh_error_delay_ms_ = policy_refresh_error_delay_ms; |
| 198 effective_policy_refresh_error_delay_ms_ = policy_refresh_error_delay_ms; | 223 effective_policy_refresh_error_delay_ms_ = policy_refresh_error_delay_ms; |
| 199 token_fetch_error_delay_ms_ = token_fetch_error_delay_ms; | 224 token_fetch_error_delay_ms_ = token_fetch_error_delay_ms; |
| 200 effective_token_fetch_error_delay_ms_ = token_fetch_error_delay_ms; | 225 effective_token_fetch_error_delay_ms_ = token_fetch_error_delay_ms; |
| 201 unmanaged_device_refresh_rate_ms_ = unmanaged_device_refresh_rate_ms; | 226 unmanaged_device_refresh_rate_ms_ = unmanaged_device_refresh_rate_ms; |
| 202 | 227 |
| 203 const FilePath policy_path = storage_dir_.Append(kPolicyFilename); | 228 const FilePath policy_path = storage_dir_.Append(kPolicyFilename); |
| 204 cache_.reset(new DeviceManagementPolicyCache(policy_path)); | 229 cache_.reset(new CloudPolicyCache(policy_path)); |
| 205 cache_->LoadPolicyFromFile(); | 230 cache_->LoadPolicyFromFile(); |
| 206 | 231 |
| 207 SetDeviceTokenFetcher(new DeviceTokenFetcher(backend_.get(), profile, | 232 SetDeviceTokenFetcher(new DeviceTokenFetcher(backend_.get(), profile, |
| 208 GetTokenPath())); | 233 GetTokenPath())); |
| 209 | 234 |
| 210 if (cache_->is_device_unmanaged()) { | 235 if (cache_->is_unmanaged()) { |
| 211 // This is a non-first login on an unmanaged device. | 236 // This is a non-first login on an unmanaged device. |
| 212 SetState(STATE_UNMANAGED); | 237 SetState(STATE_UNMANAGED); |
| 213 } else { | 238 } else { |
| 214 SetState(STATE_INITIALIZING); | 239 SetState(STATE_INITIALIZING); |
| 215 } | 240 } |
| 216 } | 241 } |
| 217 | 242 |
| 218 void DeviceManagementPolicyProvider::AddObserver( | 243 void DeviceManagementPolicyProvider::AddObserver( |
| 219 ConfigurationPolicyProvider::Observer* observer) { | 244 ConfigurationPolicyProvider::Observer* observer) { |
| 220 observer_list_.AddObserver(observer); | 245 observer_list_.AddObserver(observer); |
| 221 } | 246 } |
| 222 | 247 |
| 223 void DeviceManagementPolicyProvider::RemoveObserver( | 248 void DeviceManagementPolicyProvider::RemoveObserver( |
| 224 ConfigurationPolicyProvider::Observer* observer) { | 249 ConfigurationPolicyProvider::Observer* observer) { |
| 225 observer_list_.RemoveObserver(observer); | 250 observer_list_.RemoveObserver(observer); |
| 226 } | 251 } |
| 227 | 252 |
| 228 void DeviceManagementPolicyProvider::SendPolicyRequest() { | 253 void DeviceManagementPolicyProvider::SendPolicyRequest() { |
| 229 em::DevicePolicyRequest policy_request; | 254 if (!fallback_to_old_protocol_) { |
| 230 policy_request.set_policy_scope(kChromePolicyScope); | 255 em::CloudPolicyRequest policy_request; |
| 231 em::DevicePolicySettingRequest* setting = | 256 policy_request.set_policy_scope(kChromePolicyScope); |
| 232 policy_request.add_setting_request(); | 257 backend_->ProcessCloudPolicyRequest(token_fetcher_->GetDeviceToken(), |
| 233 setting->set_key(kChromeDevicePolicySettingKey); | 258 token_fetcher_->GetDeviceID(), |
| 234 setting->set_watermark(""); | 259 policy_request, this); |
| 235 backend_->ProcessPolicyRequest(token_fetcher_->GetDeviceToken(), | 260 } else { |
| 236 token_fetcher_->GetDeviceID(), | 261 em::DevicePolicyRequest policy_request; |
| 237 policy_request, this); | 262 policy_request.set_policy_scope(kChromePolicyScope); |
| 263 em::DevicePolicySettingRequest* setting = | |
| 264 policy_request.add_setting_request(); | |
| 265 setting->set_key(kChromeDevicePolicySettingKey); | |
| 266 setting->set_watermark(""); | |
| 267 backend_->ProcessPolicyRequest(token_fetcher_->GetDeviceToken(), | |
| 268 token_fetcher_->GetDeviceID(), | |
| 269 policy_request, this); | |
| 270 } | |
| 238 } | 271 } |
| 239 | 272 |
| 240 void DeviceManagementPolicyProvider::RefreshTaskExecute() { | 273 void DeviceManagementPolicyProvider::RefreshTaskExecute() { |
| 241 DCHECK(refresh_task_); | 274 DCHECK(refresh_task_); |
| 242 refresh_task_ = NULL; | 275 refresh_task_ = NULL; |
| 243 | 276 |
| 244 switch (state_) { | 277 switch (state_) { |
| 245 case STATE_INITIALIZING: | 278 case STATE_INITIALIZING: |
| 246 token_fetcher_->StartFetching(); | 279 token_fetcher_->StartFetching(); |
| 247 return; | 280 return; |
| (...skipping 127 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 375 const FilePath device_management_dir = user_data_dir.Append( | 408 const FilePath device_management_dir = user_data_dir.Append( |
| 376 FILE_PATH_LITERAL("Device Management")); | 409 FILE_PATH_LITERAL("Device Management")); |
| 377 if (!file_util::DirectoryExists(device_management_dir)) { | 410 if (!file_util::DirectoryExists(device_management_dir)) { |
| 378 if (!file_util::CreateDirectory(device_management_dir)) | 411 if (!file_util::CreateDirectory(device_management_dir)) |
| 379 NOTREACHED(); | 412 NOTREACHED(); |
| 380 } | 413 } |
| 381 return device_management_dir; | 414 return device_management_dir; |
| 382 } | 415 } |
| 383 | 416 |
| 384 } // namespace policy | 417 } // namespace policy |
| OLD | NEW |
