OLD | NEW |
---|---|
1 // Copyright (c) 2011 The Chromium OS Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium OS Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "login_manager/device_policy.h" | 5 #include "login_manager/device_policy.h" |
6 | 6 |
7 #include <string> | 7 #include <string> |
8 | 8 |
9 #include <base/basictypes.h> | 9 #include <base/basictypes.h> |
10 #include <base/file_path.h> | 10 #include <base/file_path.h> |
11 #include <base/file_util.h> | 11 #include <base/file_util.h> |
12 #include <base/logging.h> | 12 #include <base/logging.h> |
13 | 13 |
14 #include "login_manager/bindings/device_management_backend.pb.h" | 14 #include "login_manager/bindings/device_management_backend.pb.h" |
15 #include "login_manager/bindings/chrome_device_policy.pb.h" | |
gauravsh
2011/04/08 04:58:49
nit: alpha order of #includes.
Chris Masone
2011/04/08 05:57:41
Done.
| |
15 #include "login_manager/system_utils.h" | 16 #include "login_manager/system_utils.h" |
17 #include "login_manager/owner_key.h" | |
gauravsh
2011/04/08 04:58:49
nit: alpha order of includes.
Chris Masone
2011/04/08 05:57:41
Done.
| |
18 | |
19 namespace em = enterprise_management; | |
16 | 20 |
17 namespace login_manager { | 21 namespace login_manager { |
22 using google::protobuf::RepeatedPtrField; | |
23 using std::string; | |
24 | |
18 // static | 25 // static |
19 const char DevicePolicy::kDefaultPath[] = "/var/lib/whitelist/policy"; | 26 const char DevicePolicy::kDefaultPath[] = "/var/lib/whitelist/policy"; |
27 // static | |
28 const char DevicePolicy::kDevicePolicyType[] = "google/chromeos/device"; | |
20 | 29 |
21 DevicePolicy::DevicePolicy(const FilePath& policy_path) | 30 DevicePolicy::DevicePolicy(const FilePath& policy_path) |
22 : policy_path_(policy_path) { | 31 : policy_path_(policy_path) { |
23 } | 32 } |
24 | 33 |
25 DevicePolicy::~DevicePolicy() { | 34 DevicePolicy::~DevicePolicy() { |
26 } | 35 } |
27 | 36 |
28 bool DevicePolicy::LoadOrCreate() { | 37 bool DevicePolicy::LoadOrCreate() { |
29 if (!file_util::PathExists(policy_path_)) | 38 if (!file_util::PathExists(policy_path_)) |
30 return true; | 39 return true; |
31 std::string polstr; | 40 std::string polstr; |
32 if (!file_util::ReadFileToString(policy_path_, &polstr) || polstr.empty()) { | 41 if (!file_util::ReadFileToString(policy_path_, &polstr) || polstr.empty()) { |
33 PLOG(ERROR) << "Could not read policy off disk"; | 42 PLOG(ERROR) << "Could not read policy off disk"; |
34 return false; | 43 return false; |
35 } | 44 } |
36 if (!policy_.ParseFromString(polstr)) { | 45 if (!policy_.ParseFromString(polstr)) { |
37 LOG(ERROR) << "Policy on disk could not be parsed!"; | 46 LOG(ERROR) << "Policy on disk could not be parsed!"; |
38 return false; | 47 return false; |
39 } | 48 } |
40 return true; | 49 return true; |
41 } | 50 } |
42 | 51 |
43 bool DevicePolicy::Get(std::string* output) const { | 52 const enterprise_management::PolicyFetchResponse& DevicePolicy::Get() const { |
44 return policy_.SerializeToString(output); | 53 return policy_; |
45 } | 54 } |
46 | 55 |
47 bool DevicePolicy::Persist() { | 56 bool DevicePolicy::Persist() { |
48 SystemUtils utils; | 57 SystemUtils utils; |
49 std::string polstr; | 58 std::string polstr; |
50 if (!policy_.SerializeToString(&polstr)) { | 59 if (!policy_.SerializeToString(&polstr)) { |
51 LOG(ERROR) << "Could not be serialize policy!"; | 60 LOG(ERROR) << "Could not be serialize policy!"; |
52 return false; | 61 return false; |
53 } | 62 } |
54 return utils.AtomicFileWrite(policy_path_, polstr.c_str(), polstr.length()); | 63 return utils.AtomicFileWrite(policy_path_, polstr.c_str(), polstr.length()); |
55 } | 64 } |
56 | 65 |
66 bool DevicePolicy::SerializeToString(std::string* output) const { | |
67 return policy_.SerializeToString(output); | |
68 } | |
69 | |
57 void DevicePolicy::Set( | 70 void DevicePolicy::Set( |
58 const enterprise_management::PolicyFetchResponse& policy) { | 71 const enterprise_management::PolicyFetchResponse& policy) { |
59 policy_.Clear(); | 72 policy_.Clear(); |
60 // This can only fail if |policy| and |policy_| are different types. | 73 // This can only fail if |policy| and |policy_| are different types. |
61 policy_.CheckTypeAndMergeFrom(policy); | 74 policy_.CheckTypeAndMergeFrom(policy); |
62 } | 75 } |
63 | 76 |
77 bool DevicePolicy::StoreOwnerProperties(OwnerKey* key, | |
78 const std::string& current_user, | |
79 GError** error) { | |
80 em::PolicyData poldata; | |
81 if (policy_.has_policy_data()) | |
82 poldata.ParseFromString(policy_.policy_data()); | |
83 em::ChromeDeviceSettingsProto polval; | |
84 if (poldata.has_policy_type() && | |
85 poldata.policy_type() == kDevicePolicyType) { | |
86 if (poldata.has_policy_value()) | |
87 polval.ParseFromString(poldata.policy_value()); | |
88 } else { | |
89 poldata.set_policy_type(kDevicePolicyType); | |
90 } | |
91 // If there existed some device policy, we've got it now! | |
92 // Updtae the UserWhitelistProto inside the ChromeDeviceSettingsProto we made. | |
gauravsh
2011/04/08 04:58:49
Update
Chris Masone
2011/04/08 05:57:41
Done.
| |
93 em::UserWhitelistProto* whitelist_proto = polval.mutable_user_whitelist(); | |
94 bool on_whitelist = false; | |
95 const RepeatedPtrField<string>& whitelist = whitelist_proto->user_whitelist(); | |
96 for (RepeatedPtrField<string>::const_iterator it = whitelist.begin(); | |
97 it != whitelist.end(); | |
98 ++it) { | |
99 on_whitelist = (current_user == *it); | |
gauravsh
2011/04/08 04:58:49
you should break here if on_whitelist gets set to
Chris Masone
2011/04/08 05:57:41
Done.
| |
100 } | |
101 if (!on_whitelist) | |
102 whitelist_proto->add_user_whitelist(current_user); | |
103 bool current_user_is_owner = true; | |
104 | |
105 if (current_user_is_owner && on_whitelist) | |
gauravsh
2011/04/08 04:58:49
you set current_user_is_owner in the line above? i
Chris Masone
2011/04/08 05:57:41
TODO added
| |
106 return TRUE; // No changes are needed. | |
gauravsh
2011/04/08 04:58:49
holy capslock batman! true?
(After going through
Chris Masone
2011/04/08 05:57:41
TRUE/FALSE are the gboolean values. I usually use
| |
107 | |
108 // |polval| now has what we want in it. We need to put it into | |
gauravsh
2011/04/08 04:58:49
Confusing comment. |polval| was set much further a
Chris Masone
2011/04/08 05:57:41
Done.
| |
109 // |poldata|, serialize that, sign it, and put both into |policy_|. | |
110 poldata.set_policy_value(polval.SerializeAsString()); | |
111 std::string new_data = poldata.SerializeAsString(); | |
112 std::vector<uint8> sig; | |
113 const uint8* data = reinterpret_cast<const uint8*>(new_data.c_str()); | |
114 if (!key->Sign(data, new_data.length(), &sig)) { | |
gauravsh
2011/04/08 04:58:49
should you NULL-check key?
Chris Masone
2011/04/08 05:57:41
Done.
| |
115 SystemUtils utils; | |
116 const char err_msg[] = "Could not sign policy containing new owner data."; | |
117 LOG_IF(ERROR, error) << err_msg; | |
118 LOG_IF(WARNING, !error) << err_msg; | |
119 utils.SetGError(error, CHROMEOS_LOGIN_ERROR_ILLEGAL_PUBKEY, err_msg); | |
gauravsh
2011/04/08 04:58:49
so a NULL |error| will be handled correctly by Set
Chris Masone
2011/04/08 05:57:41
by g_set_error inside SetGError, actually.
| |
120 return FALSE; | |
gauravsh
2011/04/08 04:58:49
false?
Chris Masone
2011/04/08 05:57:41
Done.
| |
121 } | |
122 | |
123 em::PolicyFetchResponse new_policy; | |
124 new_policy.CheckTypeAndMergeFrom(policy_); | |
125 new_policy.set_policy_data(new_data); | |
126 new_policy.set_policy_data_signature( | |
127 std::string(reinterpret_cast<const char*>(&sig[0]), sig.size())); | |
128 Set(new_policy); | |
129 return TRUE; | |
gauravsh
2011/04/08 04:58:49
true?
Chris Masone
2011/04/08 05:57:41
Done.
| |
130 } | |
131 | |
64 } // namespace login_manager | 132 } // namespace login_manager |
OLD | NEW |