Chromium Code Reviews Chromium Code Reviews
Issue 6537020:
Update policy backend and testserver for the newest policy protocol (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/policy/cloud_policy_controller.h" | 5 #include "chrome/browser/policy/cloud_policy_controller.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 | 8 |
| 9 #include "base/message_loop.h" | 9 #include "base/message_loop.h" |
| 10 #include "base/rand_util.h" | 10 #include "base/rand_util.h" |
| (...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 86 // Reschedule the refresh task if necessary. | 86 // Reschedule the refresh task if necessary. |
| 87 if (state_ == STATE_POLICY_VALID) | 87 if (state_ == STATE_POLICY_VALID) |
| 88 SetState(STATE_POLICY_VALID); | 88 SetState(STATE_POLICY_VALID); |
| 89 } | 89 } |
| 90 | 90 |
| 91 void CloudPolicyController::HandlePolicyResponse( | 91 void CloudPolicyController::HandlePolicyResponse( |
| 92 const em::DevicePolicyResponse& response) { | 92 const em::DevicePolicyResponse& response) { |
| 93 if (state_ == STATE_TOKEN_UNAVAILABLE) | 93 if (state_ == STATE_TOKEN_UNAVAILABLE) |
| 94 return; | 94 return; |
| 95 | 95 |
| 96 cache_->SetDevicePolicy(response); | 96 if (response.response_size() > 0) { |
| 97 SetState(STATE_POLICY_VALID); | 97 if (response.response_size() > 1) { |
| 98 } | 98 LOG(WARNING) << "More than one policies in the response of the device " |
|
Jakob Kummerow
2011/02/21 16:15:00
nit: s/one policies/one policy/
gfeher
2011/02/22 15:57:29
Done.
| |
| 99 | 99 << "management server, discarding."; |
| 100 void CloudPolicyController::HandleCloudPolicyResponse( | 100 } |
| 101 const em::CloudPolicyResponse& response) { | 101 // Use the new version of the protocol |
| 102 if (state_ == STATE_TOKEN_UNAVAILABLE) | 102 cache_->SetPolicy(response.response(0)); |
| 103 return; | 103 SetState(STATE_POLICY_VALID); |
| 104 | 104 } else { |
| 105 cache_->SetPolicy(response); | 105 cache_->SetDevicePolicy(response); |
| 106 SetState(STATE_POLICY_VALID); | 106 SetState(STATE_POLICY_VALID); |
| 107 } | |
| 107 } | 108 } |
| 108 | 109 |
| 109 void CloudPolicyController::OnError(DeviceManagementBackend::ErrorCode code) { | 110 void CloudPolicyController::OnError(DeviceManagementBackend::ErrorCode code) { |
| 110 if (state_ == STATE_TOKEN_UNAVAILABLE) | 111 if (state_ == STATE_TOKEN_UNAVAILABLE) |
| 111 return; | 112 return; |
| 112 | 113 |
| 113 if (code == DeviceManagementBackend::kErrorServiceDeviceNotFound || | 114 if (code == DeviceManagementBackend::kErrorServiceDeviceNotFound || |
| 114 code == DeviceManagementBackend::kErrorServiceManagementTokenInvalid) { | 115 code == DeviceManagementBackend::kErrorServiceManagementTokenInvalid) { |
| 115 LOG(WARNING) << "The device token was either invalid or unknown to the " | 116 LOG(WARNING) << "The device token was either invalid or unknown to the " |
| 116 << "device manager, re-registering device."; | 117 << "device manager, re-registering device."; |
| 117 SetState(STATE_TOKEN_UNAVAILABLE); | 118 SetState(STATE_TOKEN_UNAVAILABLE); |
| 118 } else if (code == | 119 } else if (code == |
| 119 DeviceManagementBackend::kErrorServiceManagementNotSupported) { | 120 DeviceManagementBackend::kErrorServiceManagementNotSupported) { |
| 120 VLOG(1) << "The device is no longer managed, resetting device token."; | 121 VLOG(1) << "The device is no longer managed, resetting device token."; |
| 121 SetState(STATE_TOKEN_UNAVAILABLE); | 122 SetState(STATE_TOKEN_UNAVAILABLE); |
| 122 } else if (!fallback_to_old_protocol_ && | |
| 123 code == DeviceManagementBackend::kErrorRequestInvalid) { | |
| 124 LOG(WARNING) << "Device manager doesn't understand new protocol, falling " | |
| 125 << "back to old request."; | |
| 126 fallback_to_old_protocol_ = true; | |
| 127 SetState(STATE_TOKEN_VALID); // Triggers SendPolicyRequest() immediately. | |
| 128 } else { | 123 } else { |
| 129 LOG(WARNING) << "Could not provide policy from the device manager (error = " | 124 LOG(WARNING) << "Could not provide policy from the device manager (error = " |
| 130 << code << "), will retry in " | 125 << code << "), will retry in " |
| 131 << (effective_policy_refresh_error_delay_ms_ / 1000) | 126 << (effective_policy_refresh_error_delay_ms_ / 1000) |
| 132 << " seconds."; | 127 << " seconds."; |
| 133 SetState(STATE_POLICY_ERROR); | 128 SetState(STATE_POLICY_ERROR); |
| 134 } | 129 } |
| 135 } | 130 } |
| 136 | 131 |
| 137 void CloudPolicyController::OnDeviceTokenAvailable() { | 132 void CloudPolicyController::OnDeviceTokenAvailable() { |
| (...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 178 int policy_refresh_deviation_factor_percent, | 173 int policy_refresh_deviation_factor_percent, |
| 179 int64 policy_refresh_deviation_max_ms, | 174 int64 policy_refresh_deviation_max_ms, |
| 180 int64 policy_refresh_error_delay_ms) { | 175 int64 policy_refresh_error_delay_ms) { |
| 181 DCHECK(cache); | 176 DCHECK(cache); |
| 182 | 177 |
| 183 cache_ = cache; | 178 cache_ = cache; |
| 184 backend_.reset(backend); | 179 backend_.reset(backend); |
| 185 token_fetcher_ = token_fetcher; | 180 token_fetcher_ = token_fetcher; |
| 186 identity_strategy_ = identity_strategy; | 181 identity_strategy_ = identity_strategy; |
| 187 state_ = STATE_TOKEN_UNAVAILABLE; | 182 state_ = STATE_TOKEN_UNAVAILABLE; |
| 188 fallback_to_old_protocol_ = false; | |
| 189 delayed_work_task_ = NULL; | 183 delayed_work_task_ = NULL; |
| 190 policy_refresh_rate_ms_ = policy_refresh_rate_ms; | 184 policy_refresh_rate_ms_ = policy_refresh_rate_ms; |
| 191 policy_refresh_deviation_factor_percent_ = | 185 policy_refresh_deviation_factor_percent_ = |
| 192 policy_refresh_deviation_factor_percent; | 186 policy_refresh_deviation_factor_percent; |
| 193 policy_refresh_deviation_max_ms_ = policy_refresh_deviation_max_ms; | 187 policy_refresh_deviation_max_ms_ = policy_refresh_deviation_max_ms; |
| 194 policy_refresh_error_delay_ms_ = policy_refresh_error_delay_ms; | 188 policy_refresh_error_delay_ms_ = policy_refresh_error_delay_ms; |
| 195 effective_policy_refresh_error_delay_ms_ = policy_refresh_error_delay_ms; | 189 effective_policy_refresh_error_delay_ms_ = policy_refresh_error_delay_ms; |
| 196 | 190 |
| 197 token_fetcher_->AddObserver(this); | 191 token_fetcher_->AddObserver(this); |
| 198 identity_strategy_->AddObserver(this); | 192 identity_strategy_->AddObserver(this); |
| 199 if (!identity_strategy_->GetDeviceToken().empty()) | 193 if (!identity_strategy_->GetDeviceToken().empty()) |
| 200 SetState(STATE_TOKEN_VALID); | 194 SetState(STATE_TOKEN_VALID); |
| 201 else | 195 else |
| 202 SetState(STATE_TOKEN_UNAVAILABLE); | 196 SetState(STATE_TOKEN_UNAVAILABLE); |
| 203 } | 197 } |
| 204 | 198 |
| 205 void CloudPolicyController::FetchToken() { | 199 void CloudPolicyController::FetchToken() { |
| 206 std::string username; | 200 std::string username; |
| 207 std::string auth_token; | 201 std::string auth_token; |
| 208 std::string device_id = identity_strategy_->GetDeviceID(); | 202 std::string device_id = identity_strategy_->GetDeviceID(); |
| 203 std::string machine_id = identity_strategy_->GetMachineID(); | |
| 204 em::DeviceRegisterRequest_Type policy_type = | |
| 205 identity_strategy_->GetPolicyRegisterType(); | |
| 209 if (identity_strategy_->GetCredentials(&username, &auth_token) && | 206 if (identity_strategy_->GetCredentials(&username, &auth_token) && |
| 210 CanBeInManagedDomain(username)) { | 207 CanBeInManagedDomain(username)) { |
| 211 token_fetcher_->FetchToken(auth_token, device_id); | 208 token_fetcher_->FetchToken(auth_token, device_id, policy_type, machine_id); |
| 212 } | 209 } |
| 213 } | 210 } |
| 214 | 211 |
| 215 void CloudPolicyController::SendPolicyRequest() { | 212 void CloudPolicyController::SendPolicyRequest() { |
| 216 DCHECK(!identity_strategy_->GetDeviceToken().empty()); | 213 DCHECK(!identity_strategy_->GetDeviceToken().empty()); |
| 217 if (!fallback_to_old_protocol_) { | 214 em::DevicePolicyRequest policy_request; |
| 218 em::CloudPolicyRequest policy_request; | 215 em::PolicyFetchRequest* fetch_request = policy_request.add_request(); |
| 219 policy_request.set_policy_scope(kChromePolicyScope); | 216 fetch_request->set_signature_type(em::PolicyFetchRequest::X509); |
| 220 backend_->ProcessCloudPolicyRequest(identity_strategy_->GetDeviceToken(), | 217 fetch_request->set_policy_type(identity_strategy_->GetPolicyType()); |
| 221 identity_strategy_->GetDeviceID(), | 218 if (!cache_->is_unmanaged()) |
| 222 policy_request, this); | 219 fetch_request->set_timestamp( |
| 223 } else { | 220 cache_->last_policy_refresh_time().ToTimeT() * |
| 224 em::DevicePolicyRequest policy_request; | 221 kPolicyResponseTimestampResolution); |
| 225 policy_request.set_policy_scope(kChromePolicyScope); | 222 |
| 226 em::DevicePolicySettingRequest* setting = | 223 // TODO(gfeher): Remove the following block when the server is migrated. |
| 227 policy_request.add_setting_request(); | 224 // Set fields for the old protocol. |
| 228 setting->set_key(kChromeDevicePolicySettingKey); | 225 policy_request.set_policy_scope(kChromePolicyScope); |
| 229 setting->set_watermark(""); | 226 em::DevicePolicySettingRequest* setting = |
| 230 backend_->ProcessPolicyRequest(identity_strategy_->GetDeviceToken(), | 227 policy_request.add_setting_request(); |
| 231 identity_strategy_->GetDeviceID(), | 228 setting->set_key(kChromeDevicePolicySettingKey); |
| 232 policy_request, this); | 229 setting->set_watermark(""); |
| 233 } | 230 |
| 231 backend_->ProcessPolicyRequest(identity_strategy_->GetDeviceToken(), | |
| 232 identity_strategy_->GetDeviceID(), | |
| 233 policy_request, this); | |
| 234 } | 234 } |
| 235 | 235 |
| 236 void CloudPolicyController::DoDelayedWork() { | 236 void CloudPolicyController::DoDelayedWork() { |
| 237 DCHECK(delayed_work_task_); | 237 DCHECK(delayed_work_task_); |
| 238 delayed_work_task_ = NULL; | 238 delayed_work_task_ = NULL; |
| 239 | 239 |
| 240 switch (state_) { | 240 switch (state_) { |
| 241 case STATE_TOKEN_UNAVAILABLE: | 241 case STATE_TOKEN_UNAVAILABLE: |
| 242 FetchToken(); | 242 FetchToken(); |
| 243 return; | 243 return; |
| (...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 300 } | 300 } |
| 301 | 301 |
| 302 int64 CloudPolicyController::GetRefreshDelay() { | 302 int64 CloudPolicyController::GetRefreshDelay() { |
| 303 int64 deviation = (policy_refresh_deviation_factor_percent_ * | 303 int64 deviation = (policy_refresh_deviation_factor_percent_ * |
| 304 policy_refresh_rate_ms_) / 100; | 304 policy_refresh_rate_ms_) / 100; |
| 305 deviation = std::min(deviation, policy_refresh_deviation_max_ms_); | 305 deviation = std::min(deviation, policy_refresh_deviation_max_ms_); |
| 306 return policy_refresh_rate_ms_ - base::RandGenerator(deviation + 1); | 306 return policy_refresh_rate_ms_ - base::RandGenerator(deviation + 1); |
| 307 } | 307 } |
| 308 | 308 |
| 309 } // namespace policy | 309 } // namespace policy |
| OLD | NEW |
