OLD | NEW |
---|---|
(Empty) | |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "chrome/browser/policy/user_policy_cache.h" | |
6 | |
7 #include <string> | |
8 | |
9 #include "base/file_util.h" | |
10 #include "base/logging.h" | |
11 #include "base/task.h" | |
12 #include "chrome/browser/policy/policy_map.h" | |
13 #include "chrome/browser/policy/proto/cloud_policy.pb.h" | |
14 #include "chrome/browser/policy/proto/device_management_local.pb.h" | |
15 #include "content/browser/browser_thread.h" | |
16 #include "policy/configuration_policy_type.h" | |
17 | |
18 namespace policy { | |
19 | |
20 // Decodes a CloudPolicySettings object into two maps with mandatory and | |
21 // recommended settings, respectively. The implementation is generated code | |
22 // in policy/cloud_policy_generated.cc. | |
23 void DecodePolicy(const em::CloudPolicySettings& policy, | |
24 PolicyMap* mandatory, PolicyMap* recommended); | |
25 | |
26 // Saves policy information to a file. | |
27 class PersistPolicyTask : public Task { | |
28 public: | |
29 PersistPolicyTask(const FilePath& path, | |
30 const em::PolicyFetchResponse* cloud_policy_response, | |
31 const bool is_unmanaged) | |
32 : path_(path), | |
33 cloud_policy_response_(cloud_policy_response), | |
34 is_unmanaged_(is_unmanaged) {} | |
35 | |
36 private: | |
37 // Task override. | |
38 virtual void Run(); | |
39 | |
40 const FilePath path_; | |
41 scoped_ptr<const em::PolicyFetchResponse> cloud_policy_response_; | |
42 const bool is_unmanaged_; | |
43 }; | |
44 | |
45 void PersistPolicyTask::Run() { | |
46 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::FILE)); | |
47 std::string data; | |
48 em::CachedCloudPolicyResponse cached_policy; | |
49 if (cloud_policy_response_.get()) { | |
50 cached_policy.mutable_cloud_policy()->CopyFrom(*cloud_policy_response_); | |
51 } | |
52 if (is_unmanaged_) { | |
53 cached_policy.set_unmanaged(true); | |
54 cached_policy.set_timestamp(base::Time::NowFromSystemTime().ToTimeT()); | |
55 } | |
56 if (!cached_policy.SerializeToString(&data)) { | |
57 LOG(WARNING) << "Failed to serialize policy data"; | |
58 return; | |
59 } | |
60 | |
61 int size = data.size(); | |
62 if (file_util::WriteFile(path_, data.c_str(), size) != size) { | |
63 LOG(WARNING) << "Failed to write " << path_.value(); | |
64 return; | |
65 } | |
66 } | |
67 | |
68 UserPolicyCache::UserPolicyCache(const FilePath& backing_file_path) | |
69 : backing_file_path_(backing_file_path) { | |
70 } | |
71 | |
72 UserPolicyCache::~UserPolicyCache() { | |
73 } | |
74 | |
75 void UserPolicyCache::Load() { | |
76 // TODO(jkummerow): This method is doing file IO during browser startup. In | |
77 // the long run it would be better to delay this until the FILE thread exists. | |
78 if (!file_util::PathExists(backing_file_path_) || initialization_complete_) { | |
79 return; | |
80 } | |
81 | |
82 // Read the protobuf from the file. | |
83 std::string data; | |
84 if (!file_util::ReadFileToString(backing_file_path_, &data)) { | |
85 LOG(WARNING) << "Failed to read policy data from " | |
86 << backing_file_path_.value(); | |
87 return; | |
88 } | |
89 | |
90 em::CachedCloudPolicyResponse cached_response; | |
91 if (!cached_response.ParseFromArray(data.c_str(), data.size())) { | |
92 LOG(WARNING) << "Failed to parse policy data read from " | |
93 << backing_file_path_.value(); | |
94 return; | |
95 } | |
96 base::Time timestamp; | |
97 PolicyMap mandatory_policy; | |
Mattias Nissler (ping if slow)
2011/03/24 18:55:57
As discussed, we probably want to call SetPolicyIn
Jakob Kummerow
2011/03/28 13:53:53
Done.
| |
98 PolicyMap recommended_policy; | |
99 is_unmanaged_ = cached_response.unmanaged(); | |
100 if (is_unmanaged_) | |
101 timestamp = base::Time::FromTimeT(cached_response.timestamp()); | |
102 if (cached_response.has_cloud_policy()) { | |
103 DCHECK(!is_unmanaged_); | |
104 bool ok = DecodePolicyResponse(cached_response.cloud_policy(), | |
105 &mandatory_policy, | |
106 &recommended_policy, | |
107 ×tamp); | |
108 if (!ok) { | |
109 LOG(WARNING) << "Decoding policy data failed."; | |
110 return; | |
111 } | |
112 } | |
113 if (timestamp > base::Time::NowFromSystemTime()) { | |
114 LOG(WARNING) << "Rejected policy data from " << backing_file_path_.value() | |
115 << ", file is from the future."; | |
116 return; | |
117 } | |
118 // Swap in the new policy information. | |
119 if (cached_response.has_cloud_policy()) { | |
120 mandatory_policy_.Swap(&mandatory_policy); | |
121 recommended_policy_.Swap(&recommended_policy); | |
122 } | |
123 last_policy_refresh_time_ = timestamp; | |
124 initialization_complete_ = true; | |
125 | |
126 FOR_EACH_OBSERVER(ConfigurationPolicyProvider::Observer, | |
127 observer_list_, OnUpdatePolicy()); | |
128 } | |
129 | |
130 void UserPolicyCache::SetPolicy(const em::PolicyFetchResponse& policy) { | |
131 bool ok = SetPolicyInternal(policy); | |
132 if (ok) | |
133 PersistPolicy(policy, last_policy_refresh_time_); | |
134 } | |
135 | |
136 void UserPolicyCache::SetUnmanaged() { | |
137 DCHECK(CalledOnValidThread()); | |
138 is_unmanaged_ = true; | |
Mattias Nissler (ping if slow)
2011/03/24 18:55:57
This could probably also be moved to the base clas
Jakob Kummerow
2011/03/28 13:53:53
Done. Sort of. I've extracted most of the method b
| |
139 mandatory_policy_.Clear(); | |
140 recommended_policy_.Clear(); | |
141 last_policy_refresh_time_ = base::Time::NowFromSystemTime(); | |
142 | |
143 FOR_EACH_OBSERVER(ConfigurationPolicyProvider::Observer, | |
144 observer_list_, OnUpdatePolicy()); | |
145 | |
146 BrowserThread::PostTask( | |
147 BrowserThread::FILE, | |
148 FROM_HERE, | |
149 new PersistPolicyTask(backing_file_path_, NULL, true)); | |
150 } | |
151 | |
152 void UserPolicyCache::PersistPolicy(const em::PolicyFetchResponse& policy, | |
153 const base::Time& timestamp) { | |
154 if (timestamp > base::Time::NowFromSystemTime() + | |
155 base::TimeDelta::FromMinutes(1)) { | |
156 LOG(WARNING) << "Server returned policy with timestamp from the future, " | |
157 "not persisting to disk."; | |
158 } else { | |
159 em::PolicyFetchResponse* policy_copy = new em::PolicyFetchResponse; | |
160 policy_copy->CopyFrom(policy); | |
161 BrowserThread::PostTask( | |
162 BrowserThread::FILE, | |
163 FROM_HERE, | |
164 new PersistPolicyTask(backing_file_path_, policy_copy, false)); | |
165 } | |
166 } | |
167 | |
168 bool UserPolicyCache::DecodePolicyData(const em::PolicyData& policy_data, | |
169 PolicyMap* mandatory, | |
170 PolicyMap* recommended) { | |
171 // TODO(jkummerow): Verify policy_data.device_token(). Needs final | |
172 // specification which token we're actually sending / expecting to get back. | |
173 em::CloudPolicySettings policy; | |
174 if (!policy.ParseFromString(policy_data.policy_value())) { | |
175 LOG(WARNING) << "Failed to parse CloudPolicySettings protobuf."; | |
176 return false; | |
177 } | |
178 DecodePolicy(policy, mandatory, recommended); | |
179 return true; | |
180 } | |
181 | |
182 } // namespace policy | |
OLD | NEW |