| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/policy/device_management_policy_provider.h" | 5 #include "chrome/browser/policy/device_management_policy_provider.h" |
| 6 | 6 |
| 7 #include <algorithm> |
| 8 |
| 7 #include "base/command_line.h" | 9 #include "base/command_line.h" |
| 8 #include "base/file_util.h" | 10 #include "base/file_util.h" |
| 9 #include "base/path_service.h" | 11 #include "base/path_service.h" |
| 10 #include "base/rand_util.h" | 12 #include "base/rand_util.h" |
| 11 #include "base/task.h" | 13 #include "base/task.h" |
| 12 #include "chrome/browser/browser_thread.h" | 14 #include "chrome/browser/browser_thread.h" |
| 15 #include "chrome/browser/policy/cloud_policy_cache.h" |
| 13 #include "chrome/browser/policy/device_management_backend.h" | 16 #include "chrome/browser/policy/device_management_backend.h" |
| 14 #include "chrome/browser/policy/device_management_policy_cache.h" | |
| 15 #include "chrome/browser/policy/profile_policy_context.h" | 17 #include "chrome/browser/policy/profile_policy_context.h" |
| 16 #include "chrome/browser/policy/proto/device_management_constants.h" | 18 #include "chrome/browser/policy/proto/device_management_constants.h" |
| 17 #include "chrome/browser/profiles/profile.h" | 19 #include "chrome/browser/profiles/profile.h" |
| 18 #include "chrome/common/chrome_paths.h" | 20 #include "chrome/common/chrome_paths.h" |
| 19 #include "chrome/common/chrome_switches.h" | 21 #include "chrome/common/chrome_switches.h" |
| 20 #include "chrome/common/notification_service.h" | 22 #include "chrome/common/notification_service.h" |
| 21 #include "chrome/common/notification_type.h" | 23 #include "chrome/common/notification_type.h" |
| 22 | 24 |
| 23 namespace policy { | 25 namespace policy { |
| 24 | 26 |
| (...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 79 | 81 |
| 80 DeviceManagementPolicyProvider::~DeviceManagementPolicyProvider() { | 82 DeviceManagementPolicyProvider::~DeviceManagementPolicyProvider() { |
| 81 FOR_EACH_OBSERVER(ConfigurationPolicyProvider::Observer, | 83 FOR_EACH_OBSERVER(ConfigurationPolicyProvider::Observer, |
| 82 observer_list_, | 84 observer_list_, |
| 83 OnProviderGoingAway()); | 85 OnProviderGoingAway()); |
| 84 CancelRefreshTask(); | 86 CancelRefreshTask(); |
| 85 } | 87 } |
| 86 | 88 |
| 87 bool DeviceManagementPolicyProvider::Provide( | 89 bool DeviceManagementPolicyProvider::Provide( |
| 88 ConfigurationPolicyStoreInterface* policy_store) { | 90 ConfigurationPolicyStoreInterface* policy_store) { |
| 89 scoped_ptr<DictionaryValue> policies(cache_->GetPolicy()); | 91 if (cache_->has_device_policy()) { |
| 90 DecodePolicyValueTree(policies.get(), policy_store); | 92 scoped_ptr<DictionaryValue> policies(cache_->GetDevicePolicy()); |
| 93 ApplyPolicyValueTree(policies.get(), policy_store); |
| 94 } else { |
| 95 ApplyPolicyMap(cache_->GetMandatoryPolicy(), policy_store); |
| 96 // TODO(jkummerow, mnissler): provide recommended policy. |
| 97 } |
| 91 return true; | 98 return true; |
| 92 } | 99 } |
| 93 | 100 |
| 94 bool DeviceManagementPolicyProvider::IsInitializationComplete() const { | 101 bool DeviceManagementPolicyProvider::IsInitializationComplete() const { |
| 95 return !cache_->last_policy_refresh_time().is_null(); | 102 return !cache_->last_policy_refresh_time().is_null(); |
| 96 } | 103 } |
| 97 | 104 |
| 98 void DeviceManagementPolicyProvider::HandlePolicyResponse( | 105 void DeviceManagementPolicyProvider::HandlePolicyResponse( |
| 99 const em::DevicePolicyResponse& response) { | 106 const em::DevicePolicyResponse& response) { |
| 100 DCHECK(TokenAvailable()); | 107 DCHECK(TokenAvailable()); |
| 101 if (cache_->SetPolicy(response)) { | 108 if (cache_->SetDevicePolicy(response)) { |
| 102 initial_fetch_done_ = true; | 109 initial_fetch_done_ = true; |
| 103 NotifyCloudPolicyUpdate(); | 110 NotifyCloudPolicyUpdate(); |
| 104 } | 111 } |
| 105 SetState(STATE_POLICY_VALID); | 112 SetState(STATE_POLICY_VALID); |
| 106 } | 113 } |
| 107 | 114 |
| 115 void DeviceManagementPolicyProvider::HandleCloudPolicyResponse( |
| 116 const em::CloudPolicyResponse& response) { |
| 117 DCHECK(TokenAvailable()); |
| 118 if (cache_->SetPolicy(response)) { |
| 119 initial_fetch_done_ = true; |
| 120 NotifyCloudPolicyUpdate(); |
| 121 } |
| 122 SetState(STATE_POLICY_VALID); |
| 123 } |
| 124 |
| 108 void DeviceManagementPolicyProvider::OnError( | 125 void DeviceManagementPolicyProvider::OnError( |
| 109 DeviceManagementBackend::ErrorCode code) { | 126 DeviceManagementBackend::ErrorCode code) { |
| 110 DCHECK(TokenAvailable()); | 127 DCHECK(TokenAvailable()); |
| 111 if (code == DeviceManagementBackend::kErrorServiceDeviceNotFound || | 128 if (code == DeviceManagementBackend::kErrorServiceDeviceNotFound || |
| 112 code == DeviceManagementBackend::kErrorServiceManagementTokenInvalid) { | 129 code == DeviceManagementBackend::kErrorServiceManagementTokenInvalid) { |
| 113 LOG(WARNING) << "The device token was either invalid or unknown to the " | 130 LOG(WARNING) << "The device token was either invalid or unknown to the " |
| 114 << "device manager, re-registering device."; | 131 << "device manager, re-registering device."; |
| 115 SetState(STATE_TOKEN_RESET); | 132 SetState(STATE_TOKEN_RESET); |
| 116 } else if (code == | 133 } else if (code == |
| 117 DeviceManagementBackend::kErrorServiceManagementNotSupported) { | 134 DeviceManagementBackend::kErrorServiceManagementNotSupported) { |
| 118 VLOG(1) << "The device is no longer managed, resetting device token."; | 135 VLOG(1) << "The device is no longer managed, resetting device token."; |
| 119 SetState(STATE_TOKEN_RESET); | 136 SetState(STATE_TOKEN_RESET); |
| 137 } else if (!fallback_to_old_protocol_ && |
| 138 code == DeviceManagementBackend::kErrorRequestInvalid) { |
| 139 LOG(WARNING) << "Device management server doesn't understand new protocol," |
| 140 << " falling back to old request."; |
| 141 fallback_to_old_protocol_ = true; |
| 142 SetState(STATE_TOKEN_VALID); // Triggers SendPolicyRequest() immediately. |
| 120 } else { | 143 } else { |
| 121 LOG(WARNING) << "Could not provide policy from the device manager (error = " | 144 LOG(WARNING) << "Could not provide policy from the device manager (error = " |
| 122 << code << "), will retry in " | 145 << code << "), will retry in " |
| 123 << (effective_policy_refresh_error_delay_ms_ / 1000) | 146 << (effective_policy_refresh_error_delay_ms_ / 1000) |
| 124 << " seconds."; | 147 << " seconds."; |
| 125 SetState(STATE_POLICY_ERROR); | 148 SetState(STATE_POLICY_ERROR); |
| 126 } | 149 } |
| 127 } | 150 } |
| 128 | 151 |
| 129 void DeviceManagementPolicyProvider::OnTokenSuccess() { | 152 void DeviceManagementPolicyProvider::OnTokenSuccess() { |
| 130 DCHECK(!TokenAvailable()); | 153 DCHECK(!TokenAvailable()); |
| 131 SetState(STATE_TOKEN_VALID); | 154 SetState(STATE_TOKEN_VALID); |
| 132 } | 155 } |
| 133 | 156 |
| 134 void DeviceManagementPolicyProvider::OnTokenError() { | 157 void DeviceManagementPolicyProvider::OnTokenError() { |
| 135 DCHECK(!TokenAvailable()); | 158 DCHECK(!TokenAvailable()); |
| 136 LOG(WARNING) << "Could not retrieve device token."; | 159 LOG(WARNING) << "Could not retrieve device token."; |
| 137 SetState(STATE_TOKEN_ERROR); | 160 SetState(STATE_TOKEN_ERROR); |
| 138 } | 161 } |
| 139 | 162 |
| 140 void DeviceManagementPolicyProvider::OnNotManaged() { | 163 void DeviceManagementPolicyProvider::OnNotManaged() { |
| 141 DCHECK(!TokenAvailable()); | 164 DCHECK(!TokenAvailable()); |
| 142 VLOG(1) << "This device is not managed."; | 165 VLOG(1) << "This device is not managed."; |
| 143 cache_->SetDeviceUnmanaged(); | 166 cache_->SetUnmanaged(); |
| 144 SetState(STATE_UNMANAGED); | 167 SetState(STATE_UNMANAGED); |
| 145 } | 168 } |
| 146 | 169 |
| 147 void DeviceManagementPolicyProvider::SetRefreshRate( | 170 void DeviceManagementPolicyProvider::SetRefreshRate( |
| 148 int64 refresh_rate_milliseconds) { | 171 int64 refresh_rate_milliseconds) { |
| 149 policy_refresh_rate_ms_ = refresh_rate_milliseconds; | 172 policy_refresh_rate_ms_ = refresh_rate_milliseconds; |
| 150 | 173 |
| 151 // Reschedule the refresh task if necessary. | 174 // Reschedule the refresh task if necessary. |
| 152 if (state_ == STATE_POLICY_VALID) | 175 if (state_ == STATE_POLICY_VALID) |
| 153 SetState(STATE_POLICY_VALID); | 176 SetState(STATE_POLICY_VALID); |
| (...skipping 25 matching lines...) Expand all Loading... |
| 179 Profile* profile, | 202 Profile* profile, |
| 180 int64 policy_refresh_rate_ms, | 203 int64 policy_refresh_rate_ms, |
| 181 int policy_refresh_deviation_factor_percent, | 204 int policy_refresh_deviation_factor_percent, |
| 182 int64 policy_refresh_deviation_max_ms, | 205 int64 policy_refresh_deviation_max_ms, |
| 183 int64 policy_refresh_error_delay_ms, | 206 int64 policy_refresh_error_delay_ms, |
| 184 int64 token_fetch_error_delay_ms, | 207 int64 token_fetch_error_delay_ms, |
| 185 int64 unmanaged_device_refresh_rate_ms) { | 208 int64 unmanaged_device_refresh_rate_ms) { |
| 186 DCHECK(profile); | 209 DCHECK(profile); |
| 187 backend_.reset(backend); | 210 backend_.reset(backend); |
| 188 profile_ = profile; | 211 profile_ = profile; |
| 212 fallback_to_old_protocol_ = false; |
| 189 storage_dir_ = GetOrCreateDeviceManagementDir(profile_->GetPath()); | 213 storage_dir_ = GetOrCreateDeviceManagementDir(profile_->GetPath()); |
| 190 state_ = STATE_INITIALIZING; | 214 state_ = STATE_INITIALIZING; |
| 191 initial_fetch_done_ = false; | 215 initial_fetch_done_ = false; |
| 192 refresh_task_ = NULL; | 216 refresh_task_ = NULL; |
| 193 policy_refresh_rate_ms_ = policy_refresh_rate_ms; | 217 policy_refresh_rate_ms_ = policy_refresh_rate_ms; |
| 194 policy_refresh_deviation_factor_percent_ = | 218 policy_refresh_deviation_factor_percent_ = |
| 195 policy_refresh_deviation_factor_percent; | 219 policy_refresh_deviation_factor_percent; |
| 196 policy_refresh_deviation_max_ms_ = policy_refresh_deviation_max_ms; | 220 policy_refresh_deviation_max_ms_ = policy_refresh_deviation_max_ms; |
| 197 policy_refresh_error_delay_ms_ = policy_refresh_error_delay_ms; | 221 policy_refresh_error_delay_ms_ = policy_refresh_error_delay_ms; |
| 198 effective_policy_refresh_error_delay_ms_ = policy_refresh_error_delay_ms; | 222 effective_policy_refresh_error_delay_ms_ = policy_refresh_error_delay_ms; |
| 199 token_fetch_error_delay_ms_ = token_fetch_error_delay_ms; | 223 token_fetch_error_delay_ms_ = token_fetch_error_delay_ms; |
| 200 effective_token_fetch_error_delay_ms_ = token_fetch_error_delay_ms; | 224 effective_token_fetch_error_delay_ms_ = token_fetch_error_delay_ms; |
| 201 unmanaged_device_refresh_rate_ms_ = unmanaged_device_refresh_rate_ms; | 225 unmanaged_device_refresh_rate_ms_ = unmanaged_device_refresh_rate_ms; |
| 202 | 226 |
| 203 const FilePath policy_path = storage_dir_.Append(kPolicyFilename); | 227 const FilePath policy_path = storage_dir_.Append(kPolicyFilename); |
| 204 cache_.reset(new DeviceManagementPolicyCache(policy_path)); | 228 cache_.reset(new CloudPolicyCache(policy_path)); |
| 205 cache_->LoadPolicyFromFile(); | 229 cache_->LoadPolicyFromFile(); |
| 206 | 230 |
| 207 SetDeviceTokenFetcher(new DeviceTokenFetcher(backend_.get(), profile, | 231 SetDeviceTokenFetcher(new DeviceTokenFetcher(backend_.get(), profile, |
| 208 GetTokenPath())); | 232 GetTokenPath())); |
| 209 | 233 |
| 210 if (cache_->is_device_unmanaged()) { | 234 if (cache_->is_unmanaged()) { |
| 211 // This is a non-first login on an unmanaged device. | 235 // This is a non-first login on an unmanaged device. |
| 212 SetState(STATE_UNMANAGED); | 236 SetState(STATE_UNMANAGED); |
| 213 } else { | 237 } else { |
| 214 SetState(STATE_INITIALIZING); | 238 SetState(STATE_INITIALIZING); |
| 215 } | 239 } |
| 216 } | 240 } |
| 217 | 241 |
| 218 void DeviceManagementPolicyProvider::AddObserver( | 242 void DeviceManagementPolicyProvider::AddObserver( |
| 219 ConfigurationPolicyProvider::Observer* observer) { | 243 ConfigurationPolicyProvider::Observer* observer) { |
| 220 observer_list_.AddObserver(observer); | 244 observer_list_.AddObserver(observer); |
| 221 } | 245 } |
| 222 | 246 |
| 223 void DeviceManagementPolicyProvider::RemoveObserver( | 247 void DeviceManagementPolicyProvider::RemoveObserver( |
| 224 ConfigurationPolicyProvider::Observer* observer) { | 248 ConfigurationPolicyProvider::Observer* observer) { |
| 225 observer_list_.RemoveObserver(observer); | 249 observer_list_.RemoveObserver(observer); |
| 226 } | 250 } |
| 227 | 251 |
| 228 void DeviceManagementPolicyProvider::SendPolicyRequest() { | 252 void DeviceManagementPolicyProvider::SendPolicyRequest() { |
| 229 em::DevicePolicyRequest policy_request; | 253 if (!fallback_to_old_protocol_) { |
| 230 policy_request.set_policy_scope(kChromePolicyScope); | 254 em::CloudPolicyRequest policy_request; |
| 231 em::DevicePolicySettingRequest* setting = | 255 policy_request.set_policy_scope(kChromePolicyScope); |
| 232 policy_request.add_setting_request(); | 256 backend_->ProcessCloudPolicyRequest(token_fetcher_->GetDeviceToken(), |
| 233 setting->set_key(kChromeDevicePolicySettingKey); | 257 token_fetcher_->GetDeviceID(), |
| 234 setting->set_watermark(""); | 258 policy_request, this); |
| 235 backend_->ProcessPolicyRequest(token_fetcher_->GetDeviceToken(), | 259 } else { |
| 236 token_fetcher_->GetDeviceID(), | 260 em::DevicePolicyRequest policy_request; |
| 237 policy_request, this); | 261 policy_request.set_policy_scope(kChromePolicyScope); |
| 262 em::DevicePolicySettingRequest* setting = |
| 263 policy_request.add_setting_request(); |
| 264 setting->set_key(kChromeDevicePolicySettingKey); |
| 265 setting->set_watermark(""); |
| 266 backend_->ProcessPolicyRequest(token_fetcher_->GetDeviceToken(), |
| 267 token_fetcher_->GetDeviceID(), |
| 268 policy_request, this); |
| 269 } |
| 238 } | 270 } |
| 239 | 271 |
| 240 void DeviceManagementPolicyProvider::RefreshTaskExecute() { | 272 void DeviceManagementPolicyProvider::RefreshTaskExecute() { |
| 241 DCHECK(refresh_task_); | 273 DCHECK(refresh_task_); |
| 242 refresh_task_ = NULL; | 274 refresh_task_ = NULL; |
| 243 | 275 |
| 244 switch (state_) { | 276 switch (state_) { |
| 245 case STATE_INITIALIZING: | 277 case STATE_INITIALIZING: |
| 246 token_fetcher_->StartFetching(); | 278 token_fetcher_->StartFetching(); |
| 247 return; | 279 return; |
| (...skipping 127 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 375 const FilePath device_management_dir = user_data_dir.Append( | 407 const FilePath device_management_dir = user_data_dir.Append( |
| 376 FILE_PATH_LITERAL("Device Management")); | 408 FILE_PATH_LITERAL("Device Management")); |
| 377 if (!file_util::DirectoryExists(device_management_dir)) { | 409 if (!file_util::DirectoryExists(device_management_dir)) { |
| 378 if (!file_util::CreateDirectory(device_management_dir)) | 410 if (!file_util::CreateDirectory(device_management_dir)) |
| 379 NOTREACHED(); | 411 NOTREACHED(); |
| 380 } | 412 } |
| 381 return device_management_dir; | 413 return device_management_dir; |
| 382 } | 414 } |
| 383 | 415 |
| 384 } // namespace policy | 416 } // namespace policy |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 6532019:
New policy protobuf protocol. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src