| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/policy/device_policy_cache.h" | 5 #include "chrome/browser/policy/device_policy_cache.h" |
| 6 | 6 |
| 7 #include "base/basictypes.h" | 7 #include "base/basictypes.h" |
| 8 #include "base/compiler_specific.h" | 8 #include "base/compiler_specific.h" |
| 9 #include "base/logging.h" | 9 #include "base/logging.h" |
| 10 #include "base/task.h" | 10 #include "base/task.h" |
| 11 #include "base/values.h" | 11 #include "base/values.h" |
| 12 #include "chrome/browser/chromeos/cros_settings_names.h" | 12 #include "chrome/browser/chromeos/cros_settings_names.h" |
| 13 #include "chrome/browser/chromeos/login/ownership_service.h" | 13 #include "chrome/browser/chromeos/login/ownership_service.h" |
| 14 #include "chrome/browser/chromeos/login/signed_settings_helper.h" | 14 #include "chrome/browser/chromeos/login/signed_settings_helper.h" |
| 15 #include "chrome/browser/chromeos/user_cros_settings_provider.h" | 15 #include "chrome/browser/chromeos/user_cros_settings_provider.h" |
| 16 #include "chrome/browser/policy/configuration_policy_pref_store.h" | 16 #include "chrome/browser/policy/configuration_policy_pref_store.h" |
| 17 #include "chrome/browser/policy/device_policy_identity_strategy.h" | 17 #include "chrome/browser/policy/device_policy_identity_strategy.h" |
| 18 #include "chrome/browser/policy/enterprise_install_attributes.h" |
| 18 #include "chrome/browser/policy/policy_map.h" | 19 #include "chrome/browser/policy/policy_map.h" |
| 19 #include "chrome/browser/policy/proto/device_management_backend.pb.h" | 20 #include "chrome/browser/policy/proto/device_management_backend.pb.h" |
| 20 #include "chrome/browser/policy/proto/device_management_constants.h" | 21 #include "chrome/browser/policy/proto/device_management_constants.h" |
| 21 #include "chrome/browser/policy/proto/device_management_local.pb.h" | 22 #include "chrome/browser/policy/proto/device_management_local.pb.h" |
| 22 #include "content/browser/browser_thread.h" | 23 #include "content/browser/browser_thread.h" |
| 23 #include "policy/configuration_policy_type.h" | 24 #include "policy/configuration_policy_type.h" |
| 24 | 25 |
| 25 namespace { | 26 namespace { |
| 26 | 27 |
| 27 // Stores policy, updates the owner key if required and reports the status | 28 // Stores policy, updates the owner key if required and reports the status |
| (...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 102 } | 103 } |
| 103 | 104 |
| 104 return Value::CreateIntegerValue(static_cast<int>(value)); | 105 return Value::CreateIntegerValue(static_cast<int>(value)); |
| 105 } | 106 } |
| 106 | 107 |
| 107 } // namespace | 108 } // namespace |
| 108 | 109 |
| 109 namespace policy { | 110 namespace policy { |
| 110 | 111 |
| 111 DevicePolicyCache::DevicePolicyCache( | 112 DevicePolicyCache::DevicePolicyCache( |
| 112 DevicePolicyIdentityStrategy* identity_strategy) | 113 DevicePolicyIdentityStrategy* identity_strategy, |
| 114 EnterpriseInstallAttributes* install_attributes) |
| 113 : identity_strategy_(identity_strategy), | 115 : identity_strategy_(identity_strategy), |
| 116 install_attributes_(install_attributes), |
| 114 signed_settings_helper_(chromeos::SignedSettingsHelper::Get()), | 117 signed_settings_helper_(chromeos::SignedSettingsHelper::Get()), |
| 115 starting_up_(true), | 118 starting_up_(true), |
| 116 ALLOW_THIS_IN_INITIALIZER_LIST(callback_factory_(this)) { | 119 ALLOW_THIS_IN_INITIALIZER_LIST(callback_factory_(this)) { |
| 117 } | 120 } |
| 118 | 121 |
| 119 DevicePolicyCache::DevicePolicyCache( | 122 DevicePolicyCache::DevicePolicyCache( |
| 120 DevicePolicyIdentityStrategy* identity_strategy, | 123 DevicePolicyIdentityStrategy* identity_strategy, |
| 124 EnterpriseInstallAttributes* install_attributes, |
| 121 chromeos::SignedSettingsHelper* signed_settings_helper) | 125 chromeos::SignedSettingsHelper* signed_settings_helper) |
| 122 : identity_strategy_(identity_strategy), | 126 : identity_strategy_(identity_strategy), |
| 127 install_attributes_(install_attributes), |
| 123 signed_settings_helper_(signed_settings_helper), | 128 signed_settings_helper_(signed_settings_helper), |
| 124 starting_up_(true), | 129 starting_up_(true), |
| 125 ALLOW_THIS_IN_INITIALIZER_LIST(callback_factory_(this)) { | 130 ALLOW_THIS_IN_INITIALIZER_LIST(callback_factory_(this)) { |
| 126 } | 131 } |
| 127 | 132 |
| 128 DevicePolicyCache::~DevicePolicyCache() { | 133 DevicePolicyCache::~DevicePolicyCache() { |
| 129 signed_settings_helper_->CancelCallback(this); | 134 signed_settings_helper_->CancelCallback(this); |
| 130 } | 135 } |
| 131 | 136 |
| 132 void DevicePolicyCache::Load() { | 137 void DevicePolicyCache::Load() { |
| 133 signed_settings_helper_->StartRetrievePolicyOp(this); | 138 signed_settings_helper_->StartRetrievePolicyOp(this); |
| 134 } | 139 } |
| 135 | 140 |
| 136 void DevicePolicyCache::SetPolicy(const em::PolicyFetchResponse& policy) { | 141 void DevicePolicyCache::SetPolicy(const em::PolicyFetchResponse& policy) { |
| 137 DCHECK(!starting_up_); | 142 DCHECK(!starting_up_); |
| 143 |
| 144 // Make sure we have an enterprise device. |
| 145 std::string registration_user(install_attributes_->GetRegistrationUser()); |
| 146 if (registration_user.empty()) { |
| 147 LOG(WARNING) << "Refusing to accept policy on non-enterprise device."; |
| 148 InformNotifier(CloudPolicySubsystem::LOCAL_ERROR, |
| 149 CloudPolicySubsystem::POLICY_LOCAL_ERROR); |
| 150 return; |
| 151 } |
| 152 |
| 153 // Check the user this policy is for against the device-locked name. |
| 154 em::PolicyData policy_data; |
| 155 if (!policy_data.ParseFromString(policy.policy_data())) { |
| 156 LOG(WARNING) << "Invalid policy protobuf"; |
| 157 InformNotifier(CloudPolicySubsystem::LOCAL_ERROR, |
| 158 CloudPolicySubsystem::POLICY_LOCAL_ERROR); |
| 159 return; |
| 160 } |
| 161 |
| 162 if (registration_user != policy_data.username()) { |
| 163 LOG(WARNING) << "Refusing policy blob for " << policy_data.username() |
| 164 << " which doesn't match " << registration_user; |
| 165 InformNotifier(CloudPolicySubsystem::LOCAL_ERROR, |
| 166 CloudPolicySubsystem::POLICY_LOCAL_ERROR); |
| 167 return; |
| 168 } |
| 169 |
| 138 set_last_policy_refresh_time(base::Time::NowFromSystemTime()); | 170 set_last_policy_refresh_time(base::Time::NowFromSystemTime()); |
| 139 | 171 |
| 140 // Start a store operation. | 172 // Start a store operation. |
| 141 new StorePolicyOperation(signed_settings_helper_, | 173 new StorePolicyOperation(signed_settings_helper_, |
| 142 policy, | 174 policy, |
| 143 callback_factory_.NewCallback( | 175 callback_factory_.NewCallback( |
| 144 &DevicePolicyCache::PolicyStoreOpCompleted)); | 176 &DevicePolicyCache::PolicyStoreOpCompleted)); |
| 145 } | 177 } |
| 146 | 178 |
| 147 void DevicePolicyCache::SetUnmanaged() { | 179 void DevicePolicyCache::SetUnmanaged() { |
| (...skipping 93 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 241 const em::DevicePolicyRefreshRateProto container = | 273 const em::DevicePolicyRefreshRateProto container = |
| 242 policy.policy_refresh_rate(); | 274 policy.policy_refresh_rate(); |
| 243 if (container.has_policy_refresh_rate()) { | 275 if (container.has_policy_refresh_rate()) { |
| 244 mandatory->Set(kPolicyPolicyRefreshRate, | 276 mandatory->Set(kPolicyPolicyRefreshRate, |
| 245 DecodeIntegerValue(container.policy_refresh_rate())); | 277 DecodeIntegerValue(container.policy_refresh_rate())); |
| 246 } | 278 } |
| 247 } | 279 } |
| 248 } | 280 } |
| 249 | 281 |
| 250 } // namespace policy | 282 } // namespace policy |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 6869042:
Add immutable settings checks when handling policy. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src