Chromium Code Reviews Chromium Code Reviews
Issue 6705031:
Send policy blobs to session_manager (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| (Empty) | |
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "chrome/browser/policy/user_policy_cache.h" | |
| 6 | |
| 7 #include <string> | |
| 8 | |
| 9 #include "base/file_util.h" | |
| 10 #include "base/logging.h" | |
| 11 #include "base/task.h" | |
| 12 #include "chrome/browser/policy/policy_map.h" | |
| 13 #include "chrome/browser/policy/proto/cloud_policy.pb.h" | |
| 14 #include "chrome/browser/policy/proto/device_management_local.pb.h" | |
| 15 #include "content/browser/browser_thread.h" | |
| 16 #include "policy/configuration_policy_type.h" | |
| 17 | |
| 18 namespace policy { | |
| 19 | |
| 20 // Decodes a CloudPolicySettings object into two maps with mandatory and | |
| 21 // recommended settings, respectively. The implementation is generated code | |
| 22 // in policy/cloud_policy_generated.cc. | |
| 23 void DecodePolicy(const em::CloudPolicySettings& policy, | |
| 24 PolicyMap* mandatory, PolicyMap* recommended); | |
| 25 | |
| 26 // Saves policy information to a file. | |
| 27 class PersistPolicyTask : public Task { | |
| 28 public: | |
| 29 PersistPolicyTask(const FilePath& path, | |
| 30 const em::PolicyFetchResponse* cloud_policy_response, | |
| 31 const bool is_unmanaged) | |
| 32 : path_(path), | |
| 33 cloud_policy_response_(cloud_policy_response), | |
| 34 is_unmanaged_(is_unmanaged) {} | |
| 35 | |
| 36 private: | |
| 37 // Task override. | |
| 38 virtual void Run(); | |
| 39 | |
| 40 const FilePath path_; | |
| 41 scoped_ptr<const em::PolicyFetchResponse> cloud_policy_response_; | |
| 42 const bool is_unmanaged_; | |
| 43 }; | |
| 44 | |
| 45 void PersistPolicyTask::Run() { | |
| 46 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::FILE)); | |
| 47 std::string data; | |
| 48 em::CachedCloudPolicyResponse cached_policy; | |
| 49 if (cloud_policy_response_.get()) { | |
| 50 cached_policy.mutable_cloud_policy()->CopyFrom(*cloud_policy_response_); | |
| 51 } | |
| 52 if (is_unmanaged_) { | |
| 53 cached_policy.set_unmanaged(true); | |
| 54 cached_policy.set_timestamp(base::Time::NowFromSystemTime().ToTimeT()); | |
| 55 } | |
| 56 if (!cached_policy.SerializeToString(&data)) { | |
| 57 LOG(WARNING) << "Failed to serialize policy data"; | |
| 58 return; | |
| 59 } | |
| 60 | |
| 61 int size = data.size(); | |
| 62 if (file_util::WriteFile(path_, data.c_str(), size) != size) { | |
| 63 LOG(WARNING) << "Failed to write " << path_.value(); | |
| 64 return; | |
| 65 } | |
| 66 } | |
| 67 | |
| 68 UserPolicyCache::UserPolicyCache(const FilePath& backing_file_path) | |
| 69 : backing_file_path_(backing_file_path) { | |
| 70 } | |
| 71 | |
| 72 UserPolicyCache::~UserPolicyCache() { | |
| 73 } | |
| 74 | |
| 75 void UserPolicyCache::Load() { | |
| 76 // TODO(jkummerow): This method is doing file IO during browser startup. In | |
| 77 // the long run it would be better to delay this until the FILE thread exists. | |
| 78 if (!file_util::PathExists(backing_file_path_) || initialization_complete_) { | |
| 79 return; | |
| 80 } | |
| 81 | |
| 82 // Read the protobuf from the file. | |
| 83 std::string data; | |
| 84 if (!file_util::ReadFileToString(backing_file_path_, &data)) { | |
| 85 LOG(WARNING) << "Failed to read policy data from " | |
| 86 << backing_file_path_.value(); | |
| 87 return; | |
| 88 } | |
| 89 | |
| 90 em::CachedCloudPolicyResponse cached_response; | |
| 91 if (!cached_response.ParseFromArray(data.c_str(), data.size())) { | |
| 92 LOG(WARNING) << "Failed to parse policy data read from " | |
| 93 << backing_file_path_.value(); | |
| 94 return; | |
| 95 } | |
| 96 base::Time timestamp; | |
| 97 PolicyMap mandatory_policy; | |
|
Mattias Nissler (ping if slow)
2011/03/24 18:55:57
As discussed, we probably want to call SetPolicyIn
Jakob Kummerow
2011/03/28 13:53:53
Done.
| |
| 98 PolicyMap recommended_policy; | |
| 99 is_unmanaged_ = cached_response.unmanaged(); | |
| 100 if (is_unmanaged_) | |
| 101 timestamp = base::Time::FromTimeT(cached_response.timestamp()); | |
| 102 if (cached_response.has_cloud_policy()) { | |
| 103 DCHECK(!is_unmanaged_); | |
| 104 bool ok = DecodePolicyResponse(cached_response.cloud_policy(), | |
| 105 &mandatory_policy, | |
| 106 &recommended_policy, | |
| 107 ×tamp); | |
| 108 if (!ok) { | |
| 109 LOG(WARNING) << "Decoding policy data failed."; | |
| 110 return; | |
| 111 } | |
| 112 } | |
| 113 if (timestamp > base::Time::NowFromSystemTime()) { | |
| 114 LOG(WARNING) << "Rejected policy data from " << backing_file_path_.value() | |
| 115 << ", file is from the future."; | |
| 116 return; | |
| 117 } | |
| 118 // Swap in the new policy information. | |
| 119 if (cached_response.has_cloud_policy()) { | |
| 120 mandatory_policy_.Swap(&mandatory_policy); | |
| 121 recommended_policy_.Swap(&recommended_policy); | |
| 122 } | |
| 123 last_policy_refresh_time_ = timestamp; | |
| 124 initialization_complete_ = true; | |
| 125 | |
| 126 FOR_EACH_OBSERVER(ConfigurationPolicyProvider::Observer, | |
| 127 observer_list_, OnUpdatePolicy()); | |
| 128 } | |
| 129 | |
| 130 void UserPolicyCache::SetPolicy(const em::PolicyFetchResponse& policy) { | |
| 131 bool ok = SetPolicyInternal(policy); | |
| 132 if (ok) | |
| 133 PersistPolicy(policy, last_policy_refresh_time_); | |
| 134 } | |
| 135 | |
| 136 void UserPolicyCache::SetUnmanaged() { | |
| 137 DCHECK(CalledOnValidThread()); | |
| 138 is_unmanaged_ = true; | |
|
Mattias Nissler (ping if slow)
2011/03/24 18:55:57
This could probably also be moved to the base clas
Jakob Kummerow
2011/03/28 13:53:53
Done. Sort of. I've extracted most of the method b
| |
| 139 mandatory_policy_.Clear(); | |
| 140 recommended_policy_.Clear(); | |
| 141 last_policy_refresh_time_ = base::Time::NowFromSystemTime(); | |
| 142 | |
| 143 FOR_EACH_OBSERVER(ConfigurationPolicyProvider::Observer, | |
| 144 observer_list_, OnUpdatePolicy()); | |
| 145 | |
| 146 BrowserThread::PostTask( | |
| 147 BrowserThread::FILE, | |
| 148 FROM_HERE, | |
| 149 new PersistPolicyTask(backing_file_path_, NULL, true)); | |
| 150 } | |
| 151 | |
| 152 void UserPolicyCache::PersistPolicy(const em::PolicyFetchResponse& policy, | |
| 153 const base::Time& timestamp) { | |
| 154 if (timestamp > base::Time::NowFromSystemTime() + | |
| 155 base::TimeDelta::FromMinutes(1)) { | |
| 156 LOG(WARNING) << "Server returned policy with timestamp from the future, " | |
| 157 "not persisting to disk."; | |
| 158 } else { | |
| 159 em::PolicyFetchResponse* policy_copy = new em::PolicyFetchResponse; | |
| 160 policy_copy->CopyFrom(policy); | |
| 161 BrowserThread::PostTask( | |
| 162 BrowserThread::FILE, | |
| 163 FROM_HERE, | |
| 164 new PersistPolicyTask(backing_file_path_, policy_copy, false)); | |
| 165 } | |
| 166 } | |
| 167 | |
| 168 bool UserPolicyCache::DecodePolicyData(const em::PolicyData& policy_data, | |
| 169 PolicyMap* mandatory, | |
| 170 PolicyMap* recommended) { | |
| 171 // TODO(jkummerow): Verify policy_data.device_token(). Needs final | |
| 172 // specification which token we're actually sending / expecting to get back. | |
| 173 em::CloudPolicySettings policy; | |
| 174 if (!policy.ParseFromString(policy_data.policy_value())) { | |
| 175 LOG(WARNING) << "Failed to parse CloudPolicySettings protobuf."; | |
| 176 return false; | |
| 177 } | |
| 178 DecodePolicy(policy, mandatory, recommended); | |
| 179 return true; | |
| 180 } | |
| 181 | |
| 182 } // namespace policy | |
| OLD | NEW |
