PART1: Initiated the SignedSettings refactoring.

chrome/browser/chromeos/user_cros_settings_provider.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/user_cros_settings_provider.h"
 
 #include <map>
 #include <set>
 
 #include "base/hash_tables.h"
 #include "base/logging.h"
 #include "base/memory/singleton.h"
 #include "base/string_util.h"
 #include "base/task.h"
 #include "base/values.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/chromeos/cros/cros_library.h"
 #include "chrome/browser/chromeos/cros/login_library.h"
 #include "chrome/browser/chromeos/cros/network_library.h"
 #include "chrome/browser/chromeos/cros_settings.h"
 #include "chrome/browser/chromeos/cros_settings_names.h"
 #include "chrome/browser/chromeos/login/ownership_service.h"
 #include "chrome/browser/chromeos/login/ownership_status_checker.h"
 #include "chrome/browser/chromeos/login/user_manager.h"
-#include "chrome/browser/policy/browser_policy_connector.h"
 #include "chrome/browser/prefs/pref_service.h"
 #include "chrome/browser/prefs/scoped_user_pref_update.h"
 #include "chrome/browser/ui/options/options_util.h"
 #include "chrome/common/chrome_notification_types.h"
 #include "chrome/installer/util/google_update_settings.h"
 #include "content/browser/browser_thread.h"
 
 namespace chromeos {
 
 namespace {
@@ skipping 129 matching lines @@
     local_state->RegisterStringPref(pref_path.c_str(),
                                     "",
                                     PrefService::UNSYNCABLE_PREF);
   } else {
     DCHECK(IsControlledListSetting(pref_path));
     local_state->RegisterListPref(pref_path.c_str(),
                                   PrefService::UNSYNCABLE_PREF);
   }
 }
 
-// Create a settings value with "managed" and "disabled" property.
-// "managed" property is true if the setting is managed by administrator.
-// "disabled" property is true if the UI for the setting should be disabled.
-Value* CreateSettingsValue(Value *value, bool managed, bool disabled) {
-  DictionaryValue* dict = new DictionaryValue;
-  dict->Set("value", value);
-  dict->Set("managed", Value::CreateBooleanValue(managed));
-  dict->Set("disabled", Value::CreateBooleanValue(disabled));
-  return dict;
-}
-
 enum UseValue {
   USE_VALUE_SUPPLIED,
   USE_VALUE_DEFAULT
 };
 
 void UpdateCacheBool(const std::string& name,
                      bool value,
                      UseValue use_value) {
   PrefService* prefs = g_browser_process->local_state();
   if (use_value == USE_VALUE_DEFAULT)
     prefs->ClearPref(name.c_str());
   else
     prefs->SetBoolean(name.c_str(), value);
   prefs->ScheduleSavePersistentPrefs();
 }
 
 void UpdateCacheString(const std::string& name,
                        const std::string& value,
                        UseValue use_value) {
   PrefService* prefs = g_browser_process->local_state();
   if (use_value == USE_VALUE_DEFAULT)
     prefs->ClearPref(name.c_str());
   else
     prefs->SetString(name.c_str(), value);
   prefs->ScheduleSavePersistentPrefs();
 }
 
+// Helper function to parse the whitelist from the policy cache into the local
+// state.
+// TODO(pastarmovj): This function will disappear in step two of the refactoring
+// as per design doc. (Contact pastarmovj@chromium.org for a link to it.)
 bool GetUserWhitelist(ListValue* user_list) {
   PrefService* prefs = g_browser_process->local_state();
   DCHECK(!prefs->IsManagedPreference(kAccountsPrefUsers));
 
   std::vector<std::string> whitelist;
   if (!SignedSettings::EnumerateWhitelist(&whitelist)) {
     LOG(WARNING) << "Failed to retrieve user whitelist.";
     return false;
   }
 
   ListPrefUpdate cached_whitelist_update(prefs, kAccountsPrefUsers);
   cached_whitelist_update->Clear();
 
-  const UserManager::User& self = UserManager::Get()->logged_in_user();
-  bool is_owner = UserManager::Get()->current_user_is_owner();
-
-  for (size_t i = 0; i < whitelist.size(); ++i) {
-    const std::string& email = whitelist[i];
-
-    if (user_list) {
-      DictionaryValue* user = new DictionaryValue;
-      user->SetString("email", email);
-      user->SetString("name", "");
-      user->SetBoolean("owner", is_owner && email == self.email());
-      user_list->Append(user);
-    }
-
-    cached_whitelist_update->Append(Value::CreateStringValue(email));
-  }
+  for (size_t i = 0; i < whitelist.size(); ++i)
+    cached_whitelist_update->Append(Value::CreateStringValue(whitelist[i]));
 
   prefs->ScheduleSavePersistentPrefs();
   return true;
 }
 
 class UserCrosSettingsTrust : public SignedSettingsHelper::Callback {
  public:
   static UserCrosSettingsTrust* GetInstance() {
     return Singleton<UserCrosSettingsTrust>::get();
   }
@@ skipping 314 matching lines @@
 // static
 void UserCrosSettingsProvider::RegisterPrefs(PrefService* local_state) {
   for (size_t i = 0; i < arraysize(kBooleanSettings); ++i)
     RegisterSetting(local_state, kBooleanSettings[i]);
   for (size_t i = 0; i < arraysize(kStringSettings); ++i)
     RegisterSetting(local_state, kStringSettings[i]);
   for (size_t i = 0; i < arraysize(kListSettings); ++i)
     RegisterSetting(local_state, kListSettings[i]);
 }
 
-bool UserCrosSettingsProvider::RequestTrustedAllowGuest(Task* callback) {
-  return UserCrosSettingsTrust::GetInstance()->RequestTrustedEntity(
-      kAccountsPrefAllowGuest, callback);
-}
-
-bool UserCrosSettingsProvider::RequestTrustedAllowNewUser(Task* callback) {
-  return UserCrosSettingsTrust::GetInstance()->RequestTrustedEntity(
-      kAccountsPrefAllowNewUser, callback);
-}
-
-bool UserCrosSettingsProvider::RequestTrustedShowUsersOnSignin(Task* callback) {
-  return UserCrosSettingsTrust::GetInstance()->RequestTrustedEntity(
-      kAccountsPrefShowUserNamesOnSignIn, callback);
-}
-
-bool UserCrosSettingsProvider::RequestTrustedDataRoamingEnabled(
-    Task* callback) {
-  return UserCrosSettingsTrust::GetInstance()->RequestTrustedEntity(
-      kSignedDataRoamingEnabled, callback);
-}
-
-bool UserCrosSettingsProvider::RequestTrustedOwner(Task* callback) {
-  return UserCrosSettingsTrust::GetInstance()->RequestTrustedEntity(
-      kDeviceOwner, callback);
-}
-
-bool UserCrosSettingsProvider::RequestTrustedReportingEnabled(Task* callback) {
-  return UserCrosSettingsTrust::GetInstance()->RequestTrustedEntity(
-      kStatsReportingPref, callback);
-}
-
 void UserCrosSettingsProvider::Reload() {
   UserCrosSettingsTrust::GetInstance()->Reload();
 }
 
-// static
-bool UserCrosSettingsProvider::cached_allow_guest() {
-  // Trigger prefetching if singleton object still does not exist.
-  UserCrosSettingsTrust::GetInstance();
-  return g_browser_process->local_state()->GetBoolean(kAccountsPrefAllowGuest);
-}
-
-// static
-bool UserCrosSettingsProvider::cached_allow_new_user() {
-  // Trigger prefetching if singleton object still does not exist.
-  UserCrosSettingsTrust::GetInstance();
-  return g_browser_process->local_state()->GetBoolean(
-      kAccountsPrefAllowNewUser);
-}
-
-// static
-bool UserCrosSettingsProvider::cached_data_roaming_enabled() {
-  // Trigger prefetching if singleton object still does not exist.
-  UserCrosSettingsTrust::GetInstance();
-  return g_browser_process->local_state()->GetBoolean(
-      kSignedDataRoamingEnabled);
-}
-
-// static
-bool UserCrosSettingsProvider::cached_show_users_on_signin() {
-  // Trigger prefetching if singleton object still does not exist.
-  UserCrosSettingsTrust::GetInstance();
-  return g_browser_process->local_state()->GetBoolean(
-      kAccountsPrefShowUserNamesOnSignIn);
-}
-
-// static
-bool UserCrosSettingsProvider::cached_reporting_enabled() {
-  // Trigger prefetching if singleton object still does not exist.
-  UserCrosSettingsTrust::GetInstance();
-  return g_browser_process->local_state()->GetBoolean(
-      kStatsReportingPref);
-}
-
-// static
-const ListValue* UserCrosSettingsProvider::cached_whitelist() {
-  PrefService* prefs = g_browser_process->local_state();
-  const ListValue* cached_users = prefs->GetList(kAccountsPrefUsers);
-  if (!prefs->IsManagedPreference(kAccountsPrefUsers)) {
-    if (cached_users == NULL) {
-      // Update whitelist cache.
-      GetUserWhitelist(NULL);
-      cached_users = prefs->GetList(kAccountsPrefUsers);
-    }
-  }
-  if (cached_users == NULL) {
-    NOTREACHED();
-    cached_users = new ListValue;
-  }
-  return cached_users;
-}
-
-// static
-std::string UserCrosSettingsProvider::cached_owner() {
-  // Trigger prefetching if singleton object still does not exist.
-  UserCrosSettingsTrust::GetInstance();
-  if (!g_browser_process || !g_browser_process->local_state())
-    return std::string();
-  return g_browser_process->local_state()->GetString(kDeviceOwner);
-}
-
-// static
-bool UserCrosSettingsProvider::IsEmailInCachedWhitelist(
-    const std::string& email) {
-  const ListValue* whitelist = cached_whitelist();
-  if (whitelist) {
-    StringValue email_value(email);
-    for (ListValue::const_iterator i(whitelist->begin());
-        i != whitelist->end(); ++i) {
-      if ((*i)->Equals(&email_value))
-        return true;
-    }
-  }
-  return false;
-}
-
 void UserCrosSettingsProvider::DoSet(const std::string& path,
                                      Value* in_value) {
   UserCrosSettingsTrust::GetInstance()->Set(path, in_value);
 }
 
-bool UserCrosSettingsProvider::Get(const std::string& path,
-                                   Value** out_value) const {
-  if (path == kAccountsPrefUsers) {
-    ListValue* user_list = new ListValue;
-    GetUserWhitelist(user_list);
-    *out_value = user_list;
-    return true;
+const base::Value* UserCrosSettingsProvider::Get(
+    const std::string& path) const {
+  if (HandlesSetting(path)) {
+    PrefService* prefs = g_browser_process->local_state();
+    // TODO(pastarmovj): Temporary hack until we refactor the user whitelisting
+    // handling to completely coincide with the rest of the settings.
+    if (path == kAccountsPrefUsers &&
+        prefs->GetList(kAccountsPrefUsers) == NULL) {
+        GetUserWhitelist(NULL);
+    }
+    const PrefService::Preference* pref = prefs->FindPreference(path.c_str());
+    return pref->GetValue();
+  }
+  return NULL;
+}
+
+class TrustedEntryFetcher : public Task {
+ public:
+  explicit TrustedEntryFetcher(const base::Closure& callback)
+      : callback_(callback) {
   }
 
-  if (IsControlledBooleanSetting(path) || IsControlledStringSetting(path)) {
-    PrefService* prefs = g_browser_process->local_state();
-    const PrefService::Preference* pref = prefs->FindPreference(path.c_str());
-    const Value *pref_value = pref->GetValue();
-
-    *out_value = CreateSettingsValue(
-        pref_value->DeepCopy(),
-        g_browser_process->browser_policy_connector()->IsEnterpriseManaged(),
-        !UserManager::Get()->current_user_is_owner());
-    return true;
+  void Run() {
+    callback_.Run();
   }
 
-  return false;
+ private:
+  base::Closure callback_;
+};
+
+bool UserCrosSettingsProvider::GetTrusted(const std::string& path,
+                                          const base::Closure& callback) const {
+  return UserCrosSettingsTrust::GetInstance()->RequestTrustedEntity(
+      path, new TrustedEntryFetcher(callback));
 }
 
 bool UserCrosSettingsProvider::HandlesSetting(const std::string& path) const {
   return ::StartsWithASCII(path, "cros.accounts.", true) ||
       ::StartsWithASCII(path, "cros.signed.", true) ||
       ::StartsWithASCII(path, "cros.metrics.", true) ||
+      path == kDeviceOwner ||
       path == kReleaseChannel;
 }
 
+// static
 void UserCrosSettingsProvider::WhitelistUser(const std::string& email) {
   SignedSettingsHelper::Get()->StartWhitelistOp(
       email, true, UserCrosSettingsTrust::GetInstance());
   PrefService* prefs = g_browser_process->local_state();
   ListPrefUpdate cached_whitelist_update(prefs, kAccountsPrefUsers);
   cached_whitelist_update->Append(Value::CreateStringValue(email));

[Chris Masone, 2011/10/05 18:43:12]

hm.  I know you didn't add this code, but am I correct that this is appending
the email address to the cached whitelist _before_ the signed settings code has
successfully written it?  If so, this is a vulnerability.

[pastarmovj, 2011/10/13 11:23:02]

Yes but the PolicyStoreOp will force reload of the signed settings if it fails
and thus the cache will be updated to the proper value after that again.
P.S. this function disappears in the newer version anyway. :) the new
implementation moves the caching to the CrosSettings and completely eliminates
cache updates before writes (the cache is updated on successful policy retrieve
notifications only). I know it is sort of stupid to forward reference changes
here but I wanted to break the work in smaller and easier to review CLs than a
single huge monster.

[Chris Masone, 2011/10/13 23:42:37]

ok, sounds good.

   prefs->ScheduleSavePersistentPrefs();
 }
 
+// static
 void UserCrosSettingsProvider::UnwhitelistUser(const std::string& email) {
   SignedSettingsHelper::Get()->StartWhitelistOp(
       email, false, UserCrosSettingsTrust::GetInstance());
 
   PrefService* prefs = g_browser_process->local_state();
   ListPrefUpdate cached_whitelist_update(prefs, kAccountsPrefUsers);
   StringValue email_value(email);
   if (cached_whitelist_update->Remove(email_value, NULL))
     prefs->ScheduleSavePersistentPrefs();
 }
 
 // static
 void UserCrosSettingsProvider::UpdateCachedOwner(const std::string& email) {
   UpdateCacheString(kDeviceOwner, email, USE_VALUE_SUPPLIED);
 }
 
 }  // namespace chromeos