| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/login/signed_settings.h" | 5 #include "chrome/browser/chromeos/login/signed_settings.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 #include <vector> | 8 #include <vector> |
| 9 | 9 |
| 10 #include "base/bind.h" | 10 #include "base/bind.h" |
| (...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 76 return false; | 76 return false; |
| 77 } | 77 } |
| 78 | 78 |
| 79 // static | 79 // static |
| 80 SignedSettings::ReturnCode SignedSettings::MapKeyOpCode( | 80 SignedSettings::ReturnCode SignedSettings::MapKeyOpCode( |
| 81 OwnerManager::KeyOpCode return_code) { | 81 OwnerManager::KeyOpCode return_code) { |
| 82 return (return_code == OwnerManager::KEY_UNAVAILABLE ? | 82 return (return_code == OwnerManager::KEY_UNAVAILABLE ? |
| 83 KEY_UNAVAILABLE : BAD_SIGNATURE); | 83 KEY_UNAVAILABLE : BAD_SIGNATURE); |
| 84 } | 84 } |
| 85 | 85 |
| 86 // static | |
| 87 bool SignedSettings::EnumerateWhitelist(std::vector<std::string>* whitelisted) { | |
| 88 OwnershipService* service = OwnershipService::GetSharedInstance(); | |
| 89 if (!service->has_cached_policy()) | |
| 90 return false; | |
| 91 em::ChromeDeviceSettingsProto pol; | |
| 92 pol.ParseFromString(service->cached_policy().policy_value()); | |
| 93 if (!pol.has_user_whitelist()) | |
| 94 return false; | |
| 95 | |
| 96 const RepeatedPtrField<std::string>& whitelist = | |
| 97 pol.user_whitelist().user_whitelist(); | |
| 98 for (RepeatedPtrField<std::string>::const_iterator it = whitelist.begin(); | |
| 99 it != whitelist.end(); | |
| 100 ++it) { | |
| 101 whitelisted->push_back(*it); | |
| 102 } | |
| 103 return true; | |
| 104 } | |
| 105 | |
| 106 class CheckWhitelistOp : public SignedSettings { | |
| 107 public: | |
| 108 CheckWhitelistOp(const std::string& email, | |
| 109 SignedSettings::Delegate<bool>* d); | |
| 110 virtual ~CheckWhitelistOp(); | |
| 111 void Execute(); | |
| 112 void Fail(SignedSettings::ReturnCode code); | |
| 113 void Succeed(bool value); | |
| 114 // Implementation of OwnerManager::Delegate | |
| 115 void OnKeyOpComplete(const OwnerManager::KeyOpCode return_code, | |
| 116 const std::vector<uint8>& payload); | |
| 117 | |
| 118 private: | |
| 119 bool LookUpInPolicy(const std::string& email); | |
| 120 // Always call d_->OnSettingOpCompleted() via this call. | |
| 121 // It guarantees that the callback will not be triggered until _after_ | |
| 122 // Execute() returns, which is implicitly assumed by SignedSettingsHelper | |
| 123 // in some cases. | |
| 124 void PerformCallback(SignedSettings::ReturnCode code, bool value); | |
| 125 | |
| 126 const std::string email_; | |
| 127 SignedSettings::Delegate<bool>* d_; | |
| 128 }; | |
| 129 | |
| 130 class WhitelistOp : public SignedSettings, | |
| 131 public SignedSettings::Delegate<bool> { | |
| 132 public: | |
| 133 WhitelistOp(const std::string& email, | |
| 134 bool add_to_whitelist, | |
| 135 SignedSettings::Delegate<bool>* d); | |
| 136 virtual ~WhitelistOp(); | |
| 137 void Execute(); | |
| 138 void Fail(SignedSettings::ReturnCode code); | |
| 139 void Succeed(bool value); | |
| 140 // Implementation of OwnerManager::Delegate | |
| 141 void OnKeyOpComplete(const OwnerManager::KeyOpCode return_code, | |
| 142 const std::vector<uint8>& payload); | |
| 143 // Implementation of SignedSettings::Delegate | |
| 144 void OnSettingsOpCompleted(ReturnCode code, bool value); | |
| 145 | |
| 146 private: | |
| 147 void ModifyWhitelist(const std::string& email, | |
| 148 bool add_to_whitelist, | |
| 149 em::UserWhitelistProto* whitelist_proto); | |
| 150 // Always call d_->OnSettingOpCompleted() via this call. | |
| 151 // It guarantees that the callback will not be triggered until _after_ | |
| 152 // Execute() returns, which is implicitly assumed by SignedSettingsHelper | |
| 153 // in some cases. | |
| 154 void PerformCallback(SignedSettings::ReturnCode code, bool value); | |
| 155 | |
| 156 const std::string email_; | |
| 157 const bool add_to_whitelist_; | |
| 158 SignedSettings::Delegate<bool>* d_; | |
| 159 em::PolicyFetchResponse to_store_; | |
| 160 scoped_refptr<SignedSettings> store_op_; | |
| 161 }; | |
| 162 | |
| 163 class StorePropertyOp : public SignedSettings, | 86 class StorePropertyOp : public SignedSettings, |
| 164 public SignedSettings::Delegate<bool> { | 87 public SignedSettings::Delegate<bool> { |
| 165 public: | 88 public: |
| 166 StorePropertyOp(const std::string& name, | 89 StorePropertyOp(const std::string& name, |
| 167 const base::Value& value, | 90 const base::Value& value, |
| 168 SignedSettings::Delegate<bool>* d); | 91 SignedSettings::Delegate<bool>* d); |
| 169 virtual ~StorePropertyOp(); | 92 virtual ~StorePropertyOp(); |
| 170 void Execute(); | 93 void Execute(); |
| 171 void Fail(SignedSettings::ReturnCode code); | 94 void Fail(SignedSettings::ReturnCode code); |
| 172 void Succeed(bool value); | 95 void Succeed(bool value); |
| (...skipping 92 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 265 void PerformCallback(SignedSettings::ReturnCode code, | 188 void PerformCallback(SignedSettings::ReturnCode code, |
| 266 const em::PolicyFetchResponse& value); | 189 const em::PolicyFetchResponse& value); |
| 267 | 190 |
| 268 void ProcessPolicy(const std::string& serialized_proto); | 191 void ProcessPolicy(const std::string& serialized_proto); |
| 269 | 192 |
| 270 em::PolicyFetchResponse policy_; | 193 em::PolicyFetchResponse policy_; |
| 271 SignedSettings::Delegate<const em::PolicyFetchResponse&>* d_; | 194 SignedSettings::Delegate<const em::PolicyFetchResponse&>* d_; |
| 272 }; | 195 }; |
| 273 | 196 |
| 274 // static | 197 // static |
| 275 SignedSettings* SignedSettings::CreateCheckWhitelistOp( | |
| 276 const std::string& email, | |
| 277 SignedSettings::Delegate<bool>* d) { | |
| 278 DCHECK(d != NULL); | |
| 279 return new CheckWhitelistOp(Authenticator::Canonicalize(email), d); | |
| 280 } | |
| 281 | |
| 282 // static | |
| 283 SignedSettings* SignedSettings::CreateWhitelistOp( | |
| 284 const std::string& email, | |
| 285 bool add_to_whitelist, | |
| 286 SignedSettings::Delegate<bool>* d) { | |
| 287 DCHECK(d != NULL); | |
| 288 return new WhitelistOp(Authenticator::Canonicalize(email), | |
| 289 add_to_whitelist, | |
| 290 d); | |
| 291 } | |
| 292 | |
| 293 // static | |
| 294 SignedSettings* SignedSettings::CreateStorePropertyOp( | 198 SignedSettings* SignedSettings::CreateStorePropertyOp( |
| 295 const std::string& name, | 199 const std::string& name, |
| 296 const base::Value& value, | 200 const base::Value& value, |
| 297 SignedSettings::Delegate<bool>* d) { | 201 SignedSettings::Delegate<bool>* d) { |
| 298 DCHECK(d != NULL); | 202 DCHECK(d != NULL); |
| 299 return new StorePropertyOp(name, value, d); | 203 return new StorePropertyOp(name, value, d); |
| 300 } | 204 } |
| 301 | 205 |
| 302 // static | 206 // static |
| 303 SignedSettings* SignedSettings::CreateRetrievePropertyOp( | 207 SignedSettings* SignedSettings::CreateRetrievePropertyOp( |
| (...skipping 12 matching lines...) Expand all Loading... |
| 316 return new StorePolicyOp(policy, d); | 220 return new StorePolicyOp(policy, d); |
| 317 } | 221 } |
| 318 | 222 |
| 319 // static | 223 // static |
| 320 SignedSettings* SignedSettings::CreateRetrievePolicyOp( | 224 SignedSettings* SignedSettings::CreateRetrievePolicyOp( |
| 321 SignedSettings::Delegate<const em::PolicyFetchResponse&>* d) { | 225 SignedSettings::Delegate<const em::PolicyFetchResponse&>* d) { |
| 322 DCHECK(d != NULL); | 226 DCHECK(d != NULL); |
| 323 return new RetrievePolicyOp(d); | 227 return new RetrievePolicyOp(d); |
| 324 } | 228 } |
| 325 | 229 |
| 326 CheckWhitelistOp::CheckWhitelistOp(const std::string& email, | |
| 327 SignedSettings::Delegate<bool>* d) | |
| 328 : email_(email), | |
| 329 d_(d) { | |
| 330 } | |
| 331 | |
| 332 CheckWhitelistOp::~CheckWhitelistOp() {} | |
| 333 | |
| 334 void CheckWhitelistOp::Execute() { | |
| 335 std::vector<uint8> sig; | |
| 336 std::string email_to_check = email_; | |
| 337 if (!service_->has_cached_policy()) { | |
| 338 TryToFetchPolicyAndCallBack(); | |
| 339 return; | |
| 340 } | |
| 341 if (LookUpInPolicy(email_to_check)) { | |
| 342 VLOG(2) << "Whitelist check was successful for " << email_to_check; | |
| 343 Succeed(true); | |
| 344 return; | |
| 345 } | |
| 346 // If the exact match was not found try to match against a wildcard entry | |
| 347 // where the domain only matches (e.g. *@example.com). In theory we should | |
| 348 // always have correctly formated mail address here but a little precaution | |
| 349 // does no harm. | |
| 350 if (email_.find('@') != std::string::npos) { | |
| 351 email_to_check = std::string("*").append(email_.substr(email_.find('@'))); | |
| 352 if (LookUpInPolicy(email_to_check)) { | |
| 353 VLOG(2) << "Whitelist check was successful for " << email_to_check; | |
| 354 Succeed(true); | |
| 355 return; | |
| 356 } | |
| 357 } | |
| 358 Fail(NOT_FOUND); | |
| 359 return; | |
| 360 } | |
| 361 | |
| 362 void CheckWhitelistOp::Fail(SignedSettings::ReturnCode code) { | |
| 363 BrowserThread::PostTask( | |
| 364 BrowserThread::UI, FROM_HERE, | |
| 365 base::Bind(&CheckWhitelistOp::PerformCallback, this, code, false)); | |
| 366 } | |
| 367 | |
| 368 void CheckWhitelistOp::Succeed(bool value) { | |
| 369 BrowserThread::PostTask( | |
| 370 BrowserThread::UI, FROM_HERE, | |
| 371 base::Bind(&CheckWhitelistOp::PerformCallback, this, SUCCESS, value)); | |
| 372 } | |
| 373 | |
| 374 void CheckWhitelistOp::OnKeyOpComplete( | |
| 375 const OwnerManager::KeyOpCode return_code, | |
| 376 const std::vector<uint8>& payload) { | |
| 377 NOTREACHED(); | |
| 378 // Ensure we're on the UI thread, due to the need to send DBus traffic. | |
| 379 if (!BrowserThread::CurrentlyOn(BrowserThread::UI)) { | |
| 380 BrowserThread::PostTask( | |
| 381 BrowserThread::UI, FROM_HERE, | |
| 382 base::Bind(&CheckWhitelistOp::OnKeyOpComplete, this, return_code, | |
| 383 payload)); | |
| 384 return; | |
| 385 } | |
| 386 if (return_code == OwnerManager::SUCCESS) { | |
| 387 VLOG(2) << "Whitelist check was successful."; | |
| 388 Succeed(true); | |
| 389 } else { | |
| 390 VLOG(2) << "Whitelist check failed."; | |
| 391 Fail(SignedSettings::MapKeyOpCode(return_code)); | |
| 392 } | |
| 393 } | |
| 394 | |
| 395 bool CheckWhitelistOp::LookUpInPolicy(const std::string& email) { | |
| 396 em::ChromeDeviceSettingsProto pol; | |
| 397 pol.ParseFromString(service_->cached_policy().policy_value()); | |
| 398 if (!pol.has_user_whitelist()) | |
| 399 return false; | |
| 400 | |
| 401 const RepeatedPtrField<std::string>& whitelist = | |
| 402 pol.user_whitelist().user_whitelist(); | |
| 403 for (RepeatedPtrField<std::string>::const_iterator it = whitelist.begin(); | |
| 404 it != whitelist.end(); | |
| 405 ++it) { | |
| 406 if (email == *it) | |
| 407 return true; | |
| 408 } | |
| 409 return false; | |
| 410 } | |
| 411 | |
| 412 void CheckWhitelistOp::PerformCallback(SignedSettings::ReturnCode code, | |
| 413 bool value) { | |
| 414 d_->OnSettingsOpCompleted(code, value); | |
| 415 } | |
| 416 | |
| 417 WhitelistOp::WhitelistOp(const std::string& email, | |
| 418 bool add_to_whitelist, | |
| 419 SignedSettings::Delegate<bool>* d) | |
| 420 : email_(email), | |
| 421 add_to_whitelist_(add_to_whitelist), | |
| 422 d_(d) { | |
| 423 } | |
| 424 | |
| 425 WhitelistOp::~WhitelistOp() {} | |
| 426 | |
| 427 void WhitelistOp::Execute() { | |
| 428 if (!service_->has_cached_policy()) { | |
| 429 TryToFetchPolicyAndCallBack(); | |
| 430 return; | |
| 431 } | |
| 432 em::PolicyData to_sign; | |
| 433 to_sign.CheckTypeAndMergeFrom(service_->cached_policy()); | |
| 434 em::ChromeDeviceSettingsProto pol; | |
| 435 pol.ParseFromString(to_sign.policy_value()); | |
| 436 em::UserWhitelistProto* whitelist_proto = pol.mutable_user_whitelist(); | |
| 437 ModifyWhitelist(email_, add_to_whitelist_, whitelist_proto); | |
| 438 to_sign.set_policy_value(pol.SerializeAsString()); | |
| 439 to_store_.set_policy_data(to_sign.SerializeAsString()); | |
| 440 service_->StartSigningAttempt(to_store_.policy_data(), this); | |
| 441 } | |
| 442 | |
| 443 void WhitelistOp::Fail(SignedSettings::ReturnCode code) { | |
| 444 BrowserThread::PostTask( | |
| 445 BrowserThread::UI, FROM_HERE, | |
| 446 base::Bind(&WhitelistOp::PerformCallback, this, code, false)); | |
| 447 } | |
| 448 | |
| 449 void WhitelistOp::Succeed(bool value) { | |
| 450 BrowserThread::PostTask( | |
| 451 BrowserThread::UI, FROM_HERE, | |
| 452 base::Bind(&WhitelistOp::PerformCallback, this, SUCCESS, value)); | |
| 453 } | |
| 454 | |
| 455 void WhitelistOp::OnKeyOpComplete(const OwnerManager::KeyOpCode return_code, | |
| 456 const std::vector<uint8>& sig) { | |
| 457 // Ensure we're on the UI thread, due to the need to send DBus traffic. | |
| 458 if (!BrowserThread::CurrentlyOn(BrowserThread::UI)) { | |
| 459 BrowserThread::PostTask( | |
| 460 BrowserThread::UI, FROM_HERE, | |
| 461 base::Bind(&WhitelistOp::OnKeyOpComplete, this, return_code, sig)); | |
| 462 return; | |
| 463 } | |
| 464 VLOG(2) << "WhitelistOp::OnKeyOpComplete return_code = " << return_code; | |
| 465 // Now, sure we're on the UI thread. | |
| 466 if (return_code == OwnerManager::SUCCESS) { | |
| 467 to_store_.set_policy_data_signature( | |
| 468 std::string(reinterpret_cast<const char*>(&sig[0]), sig.size())); | |
| 469 store_op_ = CreateStorePolicyOp(&to_store_, this); | |
| 470 // d_->OnSettingsOpCompleted() will be called by this call. | |
| 471 store_op_->Execute(); | |
| 472 } else { | |
| 473 Fail(SignedSettings::MapKeyOpCode(return_code)); | |
| 474 } | |
| 475 } | |
| 476 | |
| 477 void WhitelistOp::OnSettingsOpCompleted(ReturnCode code, bool value) { | |
| 478 if (value && to_store_.has_policy_data()) { | |
| 479 em::PolicyData poldata; | |
| 480 poldata.ParseFromString(to_store_.policy_data()); | |
| 481 service_->set_cached_policy(poldata); | |
| 482 Succeed(value); | |
| 483 return; | |
| 484 } | |
| 485 Fail(NOT_FOUND); | |
| 486 } | |
| 487 | |
| 488 void WhitelistOp::ModifyWhitelist(const std::string& email, | |
| 489 bool add_to_whitelist, | |
| 490 em::UserWhitelistProto* whitelist_proto) { | |
| 491 int i = 0; | |
| 492 const RepeatedPtrField<string>& whitelist = whitelist_proto->user_whitelist(); | |
| 493 for (RepeatedPtrField<string>::const_iterator it = whitelist.begin(); | |
| 494 it != whitelist.end(); | |
| 495 ++it, ++i) { | |
| 496 if (email == *it) | |
| 497 break; | |
| 498 } | |
| 499 // |i| contains the index of |email|, if it is in |whitelist|. | |
| 500 if (add_to_whitelist) { | |
| 501 if (i >= whitelist.size()) // |email| was not in |whitelist|, we must add. | |
| 502 whitelist_proto->add_user_whitelist(email); | |
| 503 return; | |
| 504 } else { | |
| 505 if (i < whitelist.size()) { // |email| was in |whitelist|, we must remove. | |
| 506 RepeatedPtrField<string>* change_list = | |
| 507 whitelist_proto->mutable_user_whitelist(); | |
| 508 change_list->SwapElements(i, whitelist.size() - 1); // Move to end. | |
| 509 change_list->RemoveLast(); | |
| 510 } | |
| 511 return; | |
| 512 } | |
| 513 LOG(WARNING) << "Whitelist modification no-op: " << email; | |
| 514 } | |
| 515 | |
| 516 void WhitelistOp::PerformCallback(SignedSettings::ReturnCode code, bool value) { | |
| 517 d_->OnSettingsOpCompleted(code, value); | |
| 518 } | |
| 519 | |
| 520 StorePropertyOp::StorePropertyOp(const std::string& name, | 230 StorePropertyOp::StorePropertyOp(const std::string& name, |
| 521 const base::Value& value, | 231 const base::Value& value, |
| 522 SignedSettings::Delegate<bool>* d) | 232 SignedSettings::Delegate<bool>* d) |
| 523 : name_(name), | 233 : name_(name), |
| 524 value_(value.DeepCopy()), | 234 value_(value.DeepCopy()), |
| 525 d_(d), | 235 d_(d), |
| 526 store_op_(NULL) { | 236 store_op_(NULL) { |
| 527 } | 237 } |
| 528 | 238 |
| 529 StorePropertyOp::~StorePropertyOp() {} | 239 StorePropertyOp::~StorePropertyOp() {} |
| (...skipping 449 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 979 sig.assign(sig_ptr, sig_ptr + policy_.policy_data_signature().length()); | 689 sig.assign(sig_ptr, sig_ptr + policy_.policy_data_signature().length()); |
| 980 service_->StartVerifyAttempt(policy_.policy_data(), sig, this); | 690 service_->StartVerifyAttempt(policy_.policy_data(), sig, this); |
| 981 } | 691 } |
| 982 | 692 |
| 983 void RetrievePolicyOp::PerformCallback(SignedSettings::ReturnCode code, | 693 void RetrievePolicyOp::PerformCallback(SignedSettings::ReturnCode code, |
| 984 const em::PolicyFetchResponse& value) { | 694 const em::PolicyFetchResponse& value) { |
| 985 d_->OnSettingsOpCompleted(code, value); | 695 d_->OnSettingsOpCompleted(code, value); |
| 986 } | 696 } |
| 987 | 697 |
| 988 } // namespace chromeos | 698 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 8163011:
PART3: Removed whitelist special ops. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src