OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/policy/cloud_policy_controller.h" | 5 #include "chrome/browser/policy/cloud_policy_controller.h" |
6 | 6 |
7 #include <algorithm> | 7 #include <algorithm> |
8 | 8 |
9 #include "base/message_loop.h" | 9 #include "base/message_loop.h" |
10 #include "base/rand_util.h" | 10 #include "base/rand_util.h" |
(...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
86 // Reschedule the refresh task if necessary. | 86 // Reschedule the refresh task if necessary. |
87 if (state_ == STATE_POLICY_VALID) | 87 if (state_ == STATE_POLICY_VALID) |
88 SetState(STATE_POLICY_VALID); | 88 SetState(STATE_POLICY_VALID); |
89 } | 89 } |
90 | 90 |
91 void CloudPolicyController::HandlePolicyResponse( | 91 void CloudPolicyController::HandlePolicyResponse( |
92 const em::DevicePolicyResponse& response) { | 92 const em::DevicePolicyResponse& response) { |
93 if (state_ == STATE_TOKEN_UNAVAILABLE) | 93 if (state_ == STATE_TOKEN_UNAVAILABLE) |
94 return; | 94 return; |
95 | 95 |
96 cache_->SetDevicePolicy(response); | 96 if (response.response_size() > 0) { |
97 SetState(STATE_POLICY_VALID); | 97 if (response.response_size() > 1) { |
98 } | 98 LOG(WARNING) << "More than one policy in the response of the device " |
99 | 99 << "management server, discarding."; |
100 void CloudPolicyController::HandleCloudPolicyResponse( | 100 } |
101 const em::CloudPolicyResponse& response) { | 101 // Use the new version of the protocol |
102 if (state_ == STATE_TOKEN_UNAVAILABLE) | 102 cache_->SetPolicy(response.response(0)); |
103 return; | 103 SetState(STATE_POLICY_VALID); |
104 | 104 } else { |
105 cache_->SetPolicy(response); | 105 cache_->SetDevicePolicy(response); |
106 SetState(STATE_POLICY_VALID); | 106 SetState(STATE_POLICY_VALID); |
| 107 } |
107 } | 108 } |
108 | 109 |
109 void CloudPolicyController::OnError(DeviceManagementBackend::ErrorCode code) { | 110 void CloudPolicyController::OnError(DeviceManagementBackend::ErrorCode code) { |
110 if (state_ == STATE_TOKEN_UNAVAILABLE) | 111 if (state_ == STATE_TOKEN_UNAVAILABLE) |
111 return; | 112 return; |
112 | 113 |
113 if (code == DeviceManagementBackend::kErrorServiceDeviceNotFound || | 114 if (code == DeviceManagementBackend::kErrorServiceDeviceNotFound || |
114 code == DeviceManagementBackend::kErrorServiceManagementTokenInvalid) { | 115 code == DeviceManagementBackend::kErrorServiceManagementTokenInvalid) { |
115 LOG(WARNING) << "The device token was either invalid or unknown to the " | 116 LOG(WARNING) << "The device token was either invalid or unknown to the " |
116 << "device manager, re-registering device."; | 117 << "device manager, re-registering device."; |
117 SetState(STATE_TOKEN_UNAVAILABLE); | 118 SetState(STATE_TOKEN_UNAVAILABLE); |
118 } else if (code == | 119 } else if (code == |
119 DeviceManagementBackend::kErrorServiceManagementNotSupported) { | 120 DeviceManagementBackend::kErrorServiceManagementNotSupported) { |
120 VLOG(1) << "The device is no longer managed, resetting device token."; | 121 VLOG(1) << "The device is no longer managed, resetting device token."; |
121 SetState(STATE_TOKEN_UNAVAILABLE); | 122 SetState(STATE_TOKEN_UNAVAILABLE); |
122 } else if (!fallback_to_old_protocol_ && | |
123 code == DeviceManagementBackend::kErrorRequestInvalid) { | |
124 LOG(WARNING) << "Device manager doesn't understand new protocol, falling " | |
125 << "back to old request."; | |
126 fallback_to_old_protocol_ = true; | |
127 SetState(STATE_TOKEN_VALID); // Triggers SendPolicyRequest() immediately. | |
128 } else { | 123 } else { |
129 LOG(WARNING) << "Could not provide policy from the device manager (error = " | |
130 << code << "), will retry in " | |
131 << (effective_policy_refresh_error_delay_ms_ / 1000) | |
132 << " seconds."; | |
133 SetState(STATE_POLICY_ERROR); | 124 SetState(STATE_POLICY_ERROR); |
134 } | 125 } |
135 } | 126 } |
136 | 127 |
137 void CloudPolicyController::OnDeviceTokenAvailable() { | 128 void CloudPolicyController::OnDeviceTokenAvailable() { |
138 identity_strategy_->OnDeviceTokenAvailable(token_fetcher_->GetDeviceToken()); | 129 identity_strategy_->OnDeviceTokenAvailable(token_fetcher_->GetDeviceToken()); |
139 } | 130 } |
140 | 131 |
141 void CloudPolicyController::OnDeviceTokenChanged() { | 132 void CloudPolicyController::OnDeviceTokenChanged() { |
142 if (identity_strategy_->GetDeviceToken().empty()) | 133 if (identity_strategy_->GetDeviceToken().empty()) |
(...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
178 int policy_refresh_deviation_factor_percent, | 169 int policy_refresh_deviation_factor_percent, |
179 int64 policy_refresh_deviation_max_ms, | 170 int64 policy_refresh_deviation_max_ms, |
180 int64 policy_refresh_error_delay_ms) { | 171 int64 policy_refresh_error_delay_ms) { |
181 DCHECK(cache); | 172 DCHECK(cache); |
182 | 173 |
183 cache_ = cache; | 174 cache_ = cache; |
184 backend_.reset(backend); | 175 backend_.reset(backend); |
185 token_fetcher_ = token_fetcher; | 176 token_fetcher_ = token_fetcher; |
186 identity_strategy_ = identity_strategy; | 177 identity_strategy_ = identity_strategy; |
187 state_ = STATE_TOKEN_UNAVAILABLE; | 178 state_ = STATE_TOKEN_UNAVAILABLE; |
188 fallback_to_old_protocol_ = false; | |
189 delayed_work_task_ = NULL; | 179 delayed_work_task_ = NULL; |
190 policy_refresh_rate_ms_ = policy_refresh_rate_ms; | 180 policy_refresh_rate_ms_ = policy_refresh_rate_ms; |
191 policy_refresh_deviation_factor_percent_ = | 181 policy_refresh_deviation_factor_percent_ = |
192 policy_refresh_deviation_factor_percent; | 182 policy_refresh_deviation_factor_percent; |
193 policy_refresh_deviation_max_ms_ = policy_refresh_deviation_max_ms; | 183 policy_refresh_deviation_max_ms_ = policy_refresh_deviation_max_ms; |
194 policy_refresh_error_delay_ms_ = policy_refresh_error_delay_ms; | 184 policy_refresh_error_delay_ms_ = policy_refresh_error_delay_ms; |
195 effective_policy_refresh_error_delay_ms_ = policy_refresh_error_delay_ms; | 185 effective_policy_refresh_error_delay_ms_ = policy_refresh_error_delay_ms; |
196 | 186 |
197 token_fetcher_->AddObserver(this); | 187 token_fetcher_->AddObserver(this); |
198 identity_strategy_->AddObserver(this); | 188 identity_strategy_->AddObserver(this); |
199 if (!identity_strategy_->GetDeviceToken().empty()) | 189 if (!identity_strategy_->GetDeviceToken().empty()) |
200 SetState(STATE_TOKEN_VALID); | 190 SetState(STATE_TOKEN_VALID); |
201 else | 191 else |
202 SetState(STATE_TOKEN_UNAVAILABLE); | 192 SetState(STATE_TOKEN_UNAVAILABLE); |
203 } | 193 } |
204 | 194 |
205 void CloudPolicyController::FetchToken() { | 195 void CloudPolicyController::FetchToken() { |
206 std::string username; | 196 std::string username; |
207 std::string auth_token; | 197 std::string auth_token; |
208 std::string device_id = identity_strategy_->GetDeviceID(); | 198 std::string device_id = identity_strategy_->GetDeviceID(); |
| 199 std::string machine_id = identity_strategy_->GetMachineID(); |
| 200 em::DeviceRegisterRequest_Type policy_type = |
| 201 identity_strategy_->GetPolicyRegisterType(); |
209 if (identity_strategy_->GetCredentials(&username, &auth_token) && | 202 if (identity_strategy_->GetCredentials(&username, &auth_token) && |
210 CanBeInManagedDomain(username)) { | 203 CanBeInManagedDomain(username)) { |
211 token_fetcher_->FetchToken(auth_token, device_id); | 204 token_fetcher_->FetchToken(auth_token, device_id, policy_type, machine_id); |
212 } | 205 } |
213 } | 206 } |
214 | 207 |
215 void CloudPolicyController::SendPolicyRequest() { | 208 void CloudPolicyController::SendPolicyRequest() { |
216 DCHECK(!identity_strategy_->GetDeviceToken().empty()); | 209 DCHECK(!identity_strategy_->GetDeviceToken().empty()); |
217 if (!fallback_to_old_protocol_) { | 210 em::DevicePolicyRequest policy_request; |
218 em::CloudPolicyRequest policy_request; | 211 em::PolicyFetchRequest* fetch_request = policy_request.add_request(); |
219 policy_request.set_policy_scope(kChromePolicyScope); | 212 fetch_request->set_signature_type(em::PolicyFetchRequest::X509); |
220 backend_->ProcessCloudPolicyRequest(identity_strategy_->GetDeviceToken(), | 213 fetch_request->set_policy_type(identity_strategy_->GetPolicyType()); |
221 identity_strategy_->GetDeviceID(), | 214 if (!cache_->is_unmanaged() && |
222 policy_request, this); | 215 !cache_->last_policy_refresh_time().is_null()) { |
223 } else { | 216 base::TimeDelta timestamp = |
224 em::DevicePolicyRequest policy_request; | 217 cache_->last_policy_refresh_time() - base::Time::UnixEpoch(); |
225 policy_request.set_policy_scope(kChromePolicyScope); | 218 fetch_request->set_timestamp(timestamp.InMilliseconds()); |
226 em::DevicePolicySettingRequest* setting = | |
227 policy_request.add_setting_request(); | |
228 setting->set_key(kChromeDevicePolicySettingKey); | |
229 setting->set_watermark(""); | |
230 backend_->ProcessPolicyRequest(identity_strategy_->GetDeviceToken(), | |
231 identity_strategy_->GetDeviceID(), | |
232 policy_request, this); | |
233 } | 219 } |
| 220 |
| 221 // TODO(gfeher): Remove the following block when the server is migrated. |
| 222 // Set fields for the old protocol. |
| 223 policy_request.set_policy_scope(kChromePolicyScope); |
| 224 em::DevicePolicySettingRequest* setting = |
| 225 policy_request.add_setting_request(); |
| 226 setting->set_key(kChromeDevicePolicySettingKey); |
| 227 setting->set_watermark(""); |
| 228 |
| 229 backend_->ProcessPolicyRequest(identity_strategy_->GetDeviceToken(), |
| 230 identity_strategy_->GetDeviceID(), |
| 231 policy_request, this); |
234 } | 232 } |
235 | 233 |
236 void CloudPolicyController::DoDelayedWork() { | 234 void CloudPolicyController::DoDelayedWork() { |
237 DCHECK(delayed_work_task_); | 235 DCHECK(delayed_work_task_); |
238 delayed_work_task_ = NULL; | 236 delayed_work_task_ = NULL; |
239 | 237 |
240 switch (state_) { | 238 switch (state_) { |
241 case STATE_TOKEN_UNAVAILABLE: | 239 case STATE_TOKEN_UNAVAILABLE: |
242 FetchToken(); | 240 FetchToken(); |
243 return; | 241 return; |
(...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
300 } | 298 } |
301 | 299 |
302 int64 CloudPolicyController::GetRefreshDelay() { | 300 int64 CloudPolicyController::GetRefreshDelay() { |
303 int64 deviation = (policy_refresh_deviation_factor_percent_ * | 301 int64 deviation = (policy_refresh_deviation_factor_percent_ * |
304 policy_refresh_rate_ms_) / 100; | 302 policy_refresh_rate_ms_) / 100; |
305 deviation = std::min(deviation, policy_refresh_deviation_max_ms_); | 303 deviation = std::min(deviation, policy_refresh_deviation_max_ms_); |
306 return policy_refresh_rate_ms_ - base::RandGenerator(deviation + 1); | 304 return policy_refresh_rate_ms_ - base::RandGenerator(deviation + 1); |
307 } | 305 } |
308 | 306 |
309 } // namespace policy | 307 } // namespace policy |
OLD | NEW |