OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/policy/device_policy_cache.h" | 5 #include "chrome/browser/policy/device_policy_cache.h" |
6 | 6 |
7 #include "base/basictypes.h" | 7 #include "base/basictypes.h" |
8 #include "base/compiler_specific.h" | 8 #include "base/compiler_specific.h" |
9 #include "base/logging.h" | 9 #include "base/logging.h" |
10 #include "base/task.h" | 10 #include "base/task.h" |
11 #include "base/values.h" | 11 #include "base/values.h" |
12 #include "chrome/browser/chromeos/cros_settings_names.h" | 12 #include "chrome/browser/chromeos/cros_settings_names.h" |
13 #include "chrome/browser/chromeos/login/ownership_service.h" | 13 #include "chrome/browser/chromeos/login/ownership_service.h" |
14 #include "chrome/browser/chromeos/login/signed_settings_helper.h" | 14 #include "chrome/browser/chromeos/login/signed_settings_helper.h" |
15 #include "chrome/browser/chromeos/user_cros_settings_provider.h" | 15 #include "chrome/browser/chromeos/user_cros_settings_provider.h" |
16 #include "chrome/browser/policy/configuration_policy_pref_store.h" | 16 #include "chrome/browser/policy/configuration_policy_pref_store.h" |
17 #include "chrome/browser/policy/device_policy_identity_strategy.h" | 17 #include "chrome/browser/policy/device_policy_identity_strategy.h" |
| 18 #include "chrome/browser/policy/enterprise_install_attributes.h" |
18 #include "chrome/browser/policy/policy_map.h" | 19 #include "chrome/browser/policy/policy_map.h" |
19 #include "chrome/browser/policy/proto/device_management_backend.pb.h" | 20 #include "chrome/browser/policy/proto/device_management_backend.pb.h" |
20 #include "chrome/browser/policy/proto/device_management_constants.h" | 21 #include "chrome/browser/policy/proto/device_management_constants.h" |
21 #include "chrome/browser/policy/proto/device_management_local.pb.h" | 22 #include "chrome/browser/policy/proto/device_management_local.pb.h" |
22 #include "content/browser/browser_thread.h" | 23 #include "content/browser/browser_thread.h" |
23 #include "policy/configuration_policy_type.h" | 24 #include "policy/configuration_policy_type.h" |
24 | 25 |
25 namespace { | 26 namespace { |
26 | 27 |
27 // Stores policy, updates the owner key if required and reports the status | 28 // Stores policy, updates the owner key if required and reports the status |
(...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
102 } | 103 } |
103 | 104 |
104 return Value::CreateIntegerValue(static_cast<int>(value)); | 105 return Value::CreateIntegerValue(static_cast<int>(value)); |
105 } | 106 } |
106 | 107 |
107 } // namespace | 108 } // namespace |
108 | 109 |
109 namespace policy { | 110 namespace policy { |
110 | 111 |
111 DevicePolicyCache::DevicePolicyCache( | 112 DevicePolicyCache::DevicePolicyCache( |
112 DevicePolicyIdentityStrategy* identity_strategy) | 113 DevicePolicyIdentityStrategy* identity_strategy, |
| 114 EnterpriseInstallAttributes* install_attributes) |
113 : identity_strategy_(identity_strategy), | 115 : identity_strategy_(identity_strategy), |
| 116 install_attributes_(install_attributes), |
114 signed_settings_helper_(chromeos::SignedSettingsHelper::Get()), | 117 signed_settings_helper_(chromeos::SignedSettingsHelper::Get()), |
115 starting_up_(true), | 118 starting_up_(true), |
116 ALLOW_THIS_IN_INITIALIZER_LIST(callback_factory_(this)) { | 119 ALLOW_THIS_IN_INITIALIZER_LIST(callback_factory_(this)) { |
117 } | 120 } |
118 | 121 |
119 DevicePolicyCache::DevicePolicyCache( | 122 DevicePolicyCache::DevicePolicyCache( |
120 DevicePolicyIdentityStrategy* identity_strategy, | 123 DevicePolicyIdentityStrategy* identity_strategy, |
| 124 EnterpriseInstallAttributes* install_attributes, |
121 chromeos::SignedSettingsHelper* signed_settings_helper) | 125 chromeos::SignedSettingsHelper* signed_settings_helper) |
122 : identity_strategy_(identity_strategy), | 126 : identity_strategy_(identity_strategy), |
| 127 install_attributes_(install_attributes), |
123 signed_settings_helper_(signed_settings_helper), | 128 signed_settings_helper_(signed_settings_helper), |
124 starting_up_(true), | 129 starting_up_(true), |
125 ALLOW_THIS_IN_INITIALIZER_LIST(callback_factory_(this)) { | 130 ALLOW_THIS_IN_INITIALIZER_LIST(callback_factory_(this)) { |
126 } | 131 } |
127 | 132 |
128 DevicePolicyCache::~DevicePolicyCache() { | 133 DevicePolicyCache::~DevicePolicyCache() { |
129 signed_settings_helper_->CancelCallback(this); | 134 signed_settings_helper_->CancelCallback(this); |
130 } | 135 } |
131 | 136 |
132 void DevicePolicyCache::Load() { | 137 void DevicePolicyCache::Load() { |
133 signed_settings_helper_->StartRetrievePolicyOp(this); | 138 signed_settings_helper_->StartRetrievePolicyOp(this); |
134 } | 139 } |
135 | 140 |
136 void DevicePolicyCache::SetPolicy(const em::PolicyFetchResponse& policy) { | 141 void DevicePolicyCache::SetPolicy(const em::PolicyFetchResponse& policy) { |
137 DCHECK(!starting_up_); | 142 DCHECK(!starting_up_); |
| 143 |
| 144 // Make sure we have an enterprise device. |
| 145 std::string registration_user(install_attributes_->GetRegistrationUser()); |
| 146 if (registration_user.empty()) { |
| 147 LOG(WARNING) << "Refusing to accept policy on non-enterprise device."; |
| 148 InformNotifier(CloudPolicySubsystem::LOCAL_ERROR, |
| 149 CloudPolicySubsystem::POLICY_LOCAL_ERROR); |
| 150 return; |
| 151 } |
| 152 |
| 153 // Check the user this policy is for against the device-locked name. |
| 154 em::PolicyData policy_data; |
| 155 if (!policy_data.ParseFromString(policy.policy_data())) { |
| 156 LOG(WARNING) << "Invalid policy protobuf"; |
| 157 InformNotifier(CloudPolicySubsystem::LOCAL_ERROR, |
| 158 CloudPolicySubsystem::POLICY_LOCAL_ERROR); |
| 159 return; |
| 160 } |
| 161 |
| 162 if (registration_user != policy_data.username()) { |
| 163 LOG(WARNING) << "Refusing policy blob for " << policy_data.username() |
| 164 << " which doesn't match " << registration_user; |
| 165 InformNotifier(CloudPolicySubsystem::LOCAL_ERROR, |
| 166 CloudPolicySubsystem::POLICY_LOCAL_ERROR); |
| 167 return; |
| 168 } |
| 169 |
138 set_last_policy_refresh_time(base::Time::NowFromSystemTime()); | 170 set_last_policy_refresh_time(base::Time::NowFromSystemTime()); |
139 | 171 |
140 // Start a store operation. | 172 // Start a store operation. |
141 new StorePolicyOperation(signed_settings_helper_, | 173 new StorePolicyOperation(signed_settings_helper_, |
142 policy, | 174 policy, |
143 callback_factory_.NewCallback( | 175 callback_factory_.NewCallback( |
144 &DevicePolicyCache::PolicyStoreOpCompleted)); | 176 &DevicePolicyCache::PolicyStoreOpCompleted)); |
145 } | 177 } |
146 | 178 |
147 void DevicePolicyCache::SetUnmanaged() { | 179 void DevicePolicyCache::SetUnmanaged() { |
(...skipping 93 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
241 const em::DevicePolicyRefreshRateProto container = | 273 const em::DevicePolicyRefreshRateProto container = |
242 policy.policy_refresh_rate(); | 274 policy.policy_refresh_rate(); |
243 if (container.has_policy_refresh_rate()) { | 275 if (container.has_policy_refresh_rate()) { |
244 mandatory->Set(kPolicyPolicyRefreshRate, | 276 mandatory->Set(kPolicyPolicyRefreshRate, |
245 DecodeIntegerValue(container.policy_refresh_rate())); | 277 DecodeIntegerValue(container.policy_refresh_rate())); |
246 } | 278 } |
247 } | 279 } |
248 } | 280 } |
249 | 281 |
250 } // namespace policy | 282 } // namespace policy |
OLD | NEW |