| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/policy/cloud_policy_controller.h" | 5 #include "chrome/browser/policy/cloud_policy_controller.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 | 8 |
| 9 #include "base/message_loop.h" | 9 #include "base/message_loop.h" |
| 10 #include "base/rand_util.h" | 10 #include "base/rand_util.h" |
| (...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 86 // Reschedule the refresh task if necessary. | 86 // Reschedule the refresh task if necessary. |
| 87 if (state_ == STATE_POLICY_VALID) | 87 if (state_ == STATE_POLICY_VALID) |
| 88 SetState(STATE_POLICY_VALID); | 88 SetState(STATE_POLICY_VALID); |
| 89 } | 89 } |
| 90 | 90 |
| 91 void CloudPolicyController::HandlePolicyResponse( | 91 void CloudPolicyController::HandlePolicyResponse( |
| 92 const em::DevicePolicyResponse& response) { | 92 const em::DevicePolicyResponse& response) { |
| 93 if (state_ == STATE_TOKEN_UNAVAILABLE) | 93 if (state_ == STATE_TOKEN_UNAVAILABLE) |
| 94 return; | 94 return; |
| 95 | 95 |
| 96 cache_->SetDevicePolicy(response); | 96 if (response.response_size() > 0) { |
| 97 SetState(STATE_POLICY_VALID); | 97 if (response.response_size() > 1) { |
| 98 } | 98 LOG(WARNING) << "More than one policy in the response of the device " |
| 99 | 99 << "management server, discarding."; |
| 100 void CloudPolicyController::HandleCloudPolicyResponse( | 100 } |
| 101 const em::CloudPolicyResponse& response) { | 101 // Use the new version of the protocol |
| 102 if (state_ == STATE_TOKEN_UNAVAILABLE) | 102 cache_->SetPolicy(response.response(0)); |
| 103 return; | 103 SetState(STATE_POLICY_VALID); |
| 104 | 104 } else { |
| 105 cache_->SetPolicy(response); | 105 cache_->SetDevicePolicy(response); |
| 106 SetState(STATE_POLICY_VALID); | 106 SetState(STATE_POLICY_VALID); |
| 107 } |
| 107 } | 108 } |
| 108 | 109 |
| 109 void CloudPolicyController::OnError(DeviceManagementBackend::ErrorCode code) { | 110 void CloudPolicyController::OnError(DeviceManagementBackend::ErrorCode code) { |
| 110 if (state_ == STATE_TOKEN_UNAVAILABLE) | 111 if (state_ == STATE_TOKEN_UNAVAILABLE) |
| 111 return; | 112 return; |
| 112 | 113 |
| 113 if (code == DeviceManagementBackend::kErrorServiceDeviceNotFound || | 114 if (code == DeviceManagementBackend::kErrorServiceDeviceNotFound || |
| 114 code == DeviceManagementBackend::kErrorServiceManagementTokenInvalid) { | 115 code == DeviceManagementBackend::kErrorServiceManagementTokenInvalid) { |
| 115 LOG(WARNING) << "The device token was either invalid or unknown to the " | 116 LOG(WARNING) << "The device token was either invalid or unknown to the " |
| 116 << "device manager, re-registering device."; | 117 << "device manager, re-registering device."; |
| 117 SetState(STATE_TOKEN_UNAVAILABLE); | 118 SetState(STATE_TOKEN_UNAVAILABLE); |
| 118 } else if (code == | 119 } else if (code == |
| 119 DeviceManagementBackend::kErrorServiceManagementNotSupported) { | 120 DeviceManagementBackend::kErrorServiceManagementNotSupported) { |
| 120 VLOG(1) << "The device is no longer managed, resetting device token."; | 121 VLOG(1) << "The device is no longer managed, resetting device token."; |
| 121 SetState(STATE_TOKEN_UNAVAILABLE); | 122 SetState(STATE_TOKEN_UNAVAILABLE); |
| 122 } else if (!fallback_to_old_protocol_ && | |
| 123 code == DeviceManagementBackend::kErrorRequestInvalid) { | |
| 124 LOG(WARNING) << "Device manager doesn't understand new protocol, falling " | |
| 125 << "back to old request."; | |
| 126 fallback_to_old_protocol_ = true; | |
| 127 SetState(STATE_TOKEN_VALID); // Triggers SendPolicyRequest() immediately. | |
| 128 } else { | 123 } else { |
| 129 LOG(WARNING) << "Could not provide policy from the device manager (error = " | |
| 130 << code << "), will retry in " | |
| 131 << (effective_policy_refresh_error_delay_ms_ / 1000) | |
| 132 << " seconds."; | |
| 133 SetState(STATE_POLICY_ERROR); | 124 SetState(STATE_POLICY_ERROR); |
| 134 } | 125 } |
| 135 } | 126 } |
| 136 | 127 |
| 137 void CloudPolicyController::OnDeviceTokenAvailable() { | 128 void CloudPolicyController::OnDeviceTokenAvailable() { |
| 138 identity_strategy_->OnDeviceTokenAvailable(token_fetcher_->GetDeviceToken()); | 129 identity_strategy_->OnDeviceTokenAvailable(token_fetcher_->GetDeviceToken()); |
| 139 } | 130 } |
| 140 | 131 |
| 141 void CloudPolicyController::OnDeviceTokenChanged() { | 132 void CloudPolicyController::OnDeviceTokenChanged() { |
| 142 if (identity_strategy_->GetDeviceToken().empty()) | 133 if (identity_strategy_->GetDeviceToken().empty()) |
| (...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 178 int policy_refresh_deviation_factor_percent, | 169 int policy_refresh_deviation_factor_percent, |
| 179 int64 policy_refresh_deviation_max_ms, | 170 int64 policy_refresh_deviation_max_ms, |
| 180 int64 policy_refresh_error_delay_ms) { | 171 int64 policy_refresh_error_delay_ms) { |
| 181 DCHECK(cache); | 172 DCHECK(cache); |
| 182 | 173 |
| 183 cache_ = cache; | 174 cache_ = cache; |
| 184 backend_.reset(backend); | 175 backend_.reset(backend); |
| 185 token_fetcher_ = token_fetcher; | 176 token_fetcher_ = token_fetcher; |
| 186 identity_strategy_ = identity_strategy; | 177 identity_strategy_ = identity_strategy; |
| 187 state_ = STATE_TOKEN_UNAVAILABLE; | 178 state_ = STATE_TOKEN_UNAVAILABLE; |
| 188 fallback_to_old_protocol_ = false; | |
| 189 delayed_work_task_ = NULL; | 179 delayed_work_task_ = NULL; |
| 190 policy_refresh_rate_ms_ = policy_refresh_rate_ms; | 180 policy_refresh_rate_ms_ = policy_refresh_rate_ms; |
| 191 policy_refresh_deviation_factor_percent_ = | 181 policy_refresh_deviation_factor_percent_ = |
| 192 policy_refresh_deviation_factor_percent; | 182 policy_refresh_deviation_factor_percent; |
| 193 policy_refresh_deviation_max_ms_ = policy_refresh_deviation_max_ms; | 183 policy_refresh_deviation_max_ms_ = policy_refresh_deviation_max_ms; |
| 194 policy_refresh_error_delay_ms_ = policy_refresh_error_delay_ms; | 184 policy_refresh_error_delay_ms_ = policy_refresh_error_delay_ms; |
| 195 effective_policy_refresh_error_delay_ms_ = policy_refresh_error_delay_ms; | 185 effective_policy_refresh_error_delay_ms_ = policy_refresh_error_delay_ms; |
| 196 | 186 |
| 197 token_fetcher_->AddObserver(this); | 187 token_fetcher_->AddObserver(this); |
| 198 identity_strategy_->AddObserver(this); | 188 identity_strategy_->AddObserver(this); |
| 199 if (!identity_strategy_->GetDeviceToken().empty()) | 189 if (!identity_strategy_->GetDeviceToken().empty()) |
| 200 SetState(STATE_TOKEN_VALID); | 190 SetState(STATE_TOKEN_VALID); |
| 201 else | 191 else |
| 202 SetState(STATE_TOKEN_UNAVAILABLE); | 192 SetState(STATE_TOKEN_UNAVAILABLE); |
| 203 } | 193 } |
| 204 | 194 |
| 205 void CloudPolicyController::FetchToken() { | 195 void CloudPolicyController::FetchToken() { |
| 206 std::string username; | 196 std::string username; |
| 207 std::string auth_token; | 197 std::string auth_token; |
| 208 std::string device_id = identity_strategy_->GetDeviceID(); | 198 std::string device_id = identity_strategy_->GetDeviceID(); |
| 199 std::string machine_id = identity_strategy_->GetMachineID(); |
| 200 em::DeviceRegisterRequest_Type policy_type = |
| 201 identity_strategy_->GetPolicyRegisterType(); |
| 209 if (identity_strategy_->GetCredentials(&username, &auth_token) && | 202 if (identity_strategy_->GetCredentials(&username, &auth_token) && |
| 210 CanBeInManagedDomain(username)) { | 203 CanBeInManagedDomain(username)) { |
| 211 token_fetcher_->FetchToken(auth_token, device_id); | 204 token_fetcher_->FetchToken(auth_token, device_id, policy_type, machine_id); |
| 212 } | 205 } |
| 213 } | 206 } |
| 214 | 207 |
| 215 void CloudPolicyController::SendPolicyRequest() { | 208 void CloudPolicyController::SendPolicyRequest() { |
| 216 DCHECK(!identity_strategy_->GetDeviceToken().empty()); | 209 DCHECK(!identity_strategy_->GetDeviceToken().empty()); |
| 217 if (!fallback_to_old_protocol_) { | 210 em::DevicePolicyRequest policy_request; |
| 218 em::CloudPolicyRequest policy_request; | 211 em::PolicyFetchRequest* fetch_request = policy_request.add_request(); |
| 219 policy_request.set_policy_scope(kChromePolicyScope); | 212 fetch_request->set_signature_type(em::PolicyFetchRequest::X509); |
| 220 backend_->ProcessCloudPolicyRequest(identity_strategy_->GetDeviceToken(), | 213 fetch_request->set_policy_type(identity_strategy_->GetPolicyType()); |
| 221 identity_strategy_->GetDeviceID(), | 214 if (!cache_->is_unmanaged() && |
| 222 policy_request, this); | 215 !cache_->last_policy_refresh_time().is_null()) { |
| 223 } else { | 216 base::TimeDelta timestamp = |
| 224 em::DevicePolicyRequest policy_request; | 217 cache_->last_policy_refresh_time() - base::Time::UnixEpoch(); |
| 225 policy_request.set_policy_scope(kChromePolicyScope); | 218 fetch_request->set_timestamp(timestamp.InMilliseconds()); |
| 226 em::DevicePolicySettingRequest* setting = | |
| 227 policy_request.add_setting_request(); | |
| 228 setting->set_key(kChromeDevicePolicySettingKey); | |
| 229 setting->set_watermark(""); | |
| 230 backend_->ProcessPolicyRequest(identity_strategy_->GetDeviceToken(), | |
| 231 identity_strategy_->GetDeviceID(), | |
| 232 policy_request, this); | |
| 233 } | 219 } |
| 220 |
| 221 // TODO(gfeher): Remove the following block when the server is migrated. |
| 222 // Set fields for the old protocol. |
| 223 policy_request.set_policy_scope(kChromePolicyScope); |
| 224 em::DevicePolicySettingRequest* setting = |
| 225 policy_request.add_setting_request(); |
| 226 setting->set_key(kChromeDevicePolicySettingKey); |
| 227 setting->set_watermark(""); |
| 228 |
| 229 backend_->ProcessPolicyRequest(identity_strategy_->GetDeviceToken(), |
| 230 identity_strategy_->GetDeviceID(), |
| 231 policy_request, this); |
| 234 } | 232 } |
| 235 | 233 |
| 236 void CloudPolicyController::DoDelayedWork() { | 234 void CloudPolicyController::DoDelayedWork() { |
| 237 DCHECK(delayed_work_task_); | 235 DCHECK(delayed_work_task_); |
| 238 delayed_work_task_ = NULL; | 236 delayed_work_task_ = NULL; |
| 239 | 237 |
| 240 switch (state_) { | 238 switch (state_) { |
| 241 case STATE_TOKEN_UNAVAILABLE: | 239 case STATE_TOKEN_UNAVAILABLE: |
| 242 FetchToken(); | 240 FetchToken(); |
| 243 return; | 241 return; |
| (...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 300 } | 298 } |
| 301 | 299 |
| 302 int64 CloudPolicyController::GetRefreshDelay() { | 300 int64 CloudPolicyController::GetRefreshDelay() { |
| 303 int64 deviation = (policy_refresh_deviation_factor_percent_ * | 301 int64 deviation = (policy_refresh_deviation_factor_percent_ * |
| 304 policy_refresh_rate_ms_) / 100; | 302 policy_refresh_rate_ms_) / 100; |
| 305 deviation = std::min(deviation, policy_refresh_deviation_max_ms_); | 303 deviation = std::min(deviation, policy_refresh_deviation_max_ms_); |
| 306 return policy_refresh_rate_ms_ - base::RandGenerator(deviation + 1); | 304 return policy_refresh_rate_ms_ - base::RandGenerator(deviation + 1); |
| 307 } | 305 } |
| 308 | 306 |
| 309 } // namespace policy | 307 } // namespace policy |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 6537020:
Update policy backend and testserver for the newest policy protocol (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src