Chromium Code Reviews Chromium Code Reviews
Issue 12183017:
Verify the signature on user cloud policy downloads. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CHROME_BROWSER_POLICY_USER_CLOUD_POLICY_STORE_CHROMEOS_H_ | 5 #ifndef CHROME_BROWSER_POLICY_USER_CLOUD_POLICY_STORE_CHROMEOS_H_ |
| 6 #define CHROME_BROWSER_POLICY_USER_CLOUD_POLICY_STORE_CHROMEOS_H_ | 6 #define CHROME_BROWSER_POLICY_USER_CLOUD_POLICY_STORE_CHROMEOS_H_ |
| 7 | 7 |
| 8 #include <string> | 8 #include <string> |
| 9 | 9 |
| 10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
| 11 #include "base/compiler_specific.h" | 11 #include "base/compiler_specific.h" |
| 12 #include "base/file_path.h" | 12 #include "base/file_path.h" |
| 13 #include "base/memory/scoped_ptr.h" | 13 #include "base/memory/scoped_ptr.h" |
| 14 #include "base/memory/weak_ptr.h" | 14 #include "base/memory/weak_ptr.h" |
| 15 #include "chrome/browser/policy/cloud_policy_validator.h" | 15 #include "chrome/browser/policy/cloud_policy_validator.h" |
| 16 #include "chrome/browser/policy/user_cloud_policy_store_base.h" | 16 #include "chrome/browser/policy/user_cloud_policy_store_base.h" |
| 17 #include "chromeos/dbus/dbus_method_call_status.h" | |
| 17 | 18 |
| 18 namespace chromeos { | 19 namespace chromeos { |
| 20 class CryptohomeClient; | |
| 19 class SessionManagerClient; | 21 class SessionManagerClient; |
| 20 } | 22 } |
| 21 | 23 |
| 22 namespace policy { | 24 namespace policy { |
| 23 | 25 |
| 24 class LegacyPolicyCacheLoader; | 26 class LegacyPolicyCacheLoader; |
| 27 class UserPolicyKey; | |
| 25 | 28 |
| 26 // Implements a cloud policy store backed by the Chrome OS' session_manager, | 29 // Implements a cloud policy store backed by the Chrome OS' session_manager, |
| 27 // which takes care of persisting policy to disk and is accessed via DBus calls | 30 // which takes care of persisting policy to disk and is accessed via DBus calls |
| 28 // through SessionManagerClient. | 31 // through SessionManagerClient. |
| 29 // | 32 // |
| 30 // Additionally, this class drives legacy UserPolicyTokenCache and | 33 // Additionally, this class drives legacy UserPolicyTokenCache and |
| 31 // UserPolicyDiskCache instances, migrating policy from these to session_manager | 34 // UserPolicyDiskCache instances, migrating policy from these to session_manager |
| 32 // storage on the fly. | 35 // storage on the fly. |
| 33 class UserCloudPolicyStoreChromeOS : public UserCloudPolicyStoreBase { | 36 class UserCloudPolicyStoreChromeOS : public UserCloudPolicyStoreBase { |
| 34 public: | 37 public: |
| 35 UserCloudPolicyStoreChromeOS( | 38 UserCloudPolicyStoreChromeOS( |
| 39 chromeos::CryptohomeClient* cryptohome_client, | |
| 36 chromeos::SessionManagerClient* session_manager_client, | 40 chromeos::SessionManagerClient* session_manager_client, |
| 37 const std::string& username, | 41 const std::string& username, |
| 42 const FilePath& user_policy_key_dir, | |
| 38 const FilePath& legacy_token_cache_file, | 43 const FilePath& legacy_token_cache_file, |
| 39 const FilePath& legacy_policy_cache_file); | 44 const FilePath& legacy_policy_cache_file); |
| 40 virtual ~UserCloudPolicyStoreChromeOS(); | 45 virtual ~UserCloudPolicyStoreChromeOS(); |
| 41 | 46 |
| 42 // CloudPolicyStore: | 47 // CloudPolicyStore: |
| 43 virtual void Store( | 48 virtual void Store( |
| 44 const enterprise_management::PolicyFetchResponse& policy) OVERRIDE; | 49 const enterprise_management::PolicyFetchResponse& policy) OVERRIDE; |
| 45 virtual void Load() OVERRIDE; | 50 virtual void Load() OVERRIDE; |
| 46 | 51 |
| 47 private: | 52 private: |
| 53 // Starts validation of |policy| before storing it. | |
| 54 void ValidatePolicyForStore( | |
| 55 scoped_ptr<enterprise_management::PolicyFetchResponse> policy); | |
| 56 | |
| 57 // Completion handler for policy validation on the Store() path. | |
| 58 // Starts a store operation if the validation succeeded. | |
| 59 void OnPolicyToStoreValidated(UserCloudPolicyValidator* validator); | |
| 60 | |
| 61 // Called back from SessionManagerClient for policy store operations. | |
| 62 void OnPolicyStored(bool); | |
| 63 | |
| 48 // Called back from SessionManagerClient for policy load operations. | 64 // Called back from SessionManagerClient for policy load operations. |
| 49 void OnPolicyRetrieved(const std::string& policy_blob); | 65 void OnPolicyRetrieved(const std::string& policy_blob); |
| 50 | 66 |
| 67 // Starts validation of the loaded |policy| before installing it. | |
| 68 void ValidateRetrievedPolicy( | |
| 69 scoped_ptr<enterprise_management::PolicyFetchResponse> policy); | |
| 70 | |
| 51 // Completion handler for policy validation on the Load() path. Installs the | 71 // Completion handler for policy validation on the Load() path. Installs the |
| 52 // policy and publishes it if validation succeeded. | 72 // policy and publishes it if validation succeeded. |
| 53 void OnRetrievedPolicyValidated(UserCloudPolicyValidator* validator); | 73 void OnRetrievedPolicyValidated(UserCloudPolicyValidator* validator); |
| 54 | 74 |
| 55 // Completion handler for policy validation on the Load() path. Starts a store | |
| 56 // operation if the validation succeeded. | |
| 57 void OnPolicyToStoreValidated(UserCloudPolicyValidator* validator); | |
| 58 | |
| 59 // Called back from SessionManagerClient for policy store operations. | |
| 60 void OnPolicyStored(bool); | |
| 61 | |
| 62 // Starts policy blob validation. | |
| 63 void Validate( | |
| 64 scoped_ptr<enterprise_management::PolicyFetchResponse> policy, | |
| 65 const UserCloudPolicyValidator::CompletionCallback& callback); | |
| 66 | |
| 67 // Callback for loading legacy caches. | 75 // Callback for loading legacy caches. |
| 68 void OnLegacyLoadFinished( | 76 void OnLegacyLoadFinished( |
| 69 const std::string& dm_token, | 77 const std::string& dm_token, |
| 70 const std::string& device_id, | 78 const std::string& device_id, |
| 71 Status status, | 79 Status status, |
| 72 scoped_ptr<enterprise_management::PolicyFetchResponse>); | 80 scoped_ptr<enterprise_management::PolicyFetchResponse>); |
| 73 | 81 |
| 74 // Completion callback for legacy policy validation. | 82 // Completion callback for legacy policy validation. |
| 75 void OnLegacyPolicyValidated(const std::string& dm_token, | 83 void OnLegacyPolicyValidated(const std::string& dm_token, |
| 76 const std::string& device_id, | 84 const std::string& device_id, |
| 77 UserCloudPolicyValidator* validator); | 85 UserCloudPolicyValidator* validator); |
| 78 | 86 |
| 79 // Installs legacy tokens. | 87 // Installs legacy tokens. |
| 80 void InstallLegacyTokens(const std::string& dm_token, | 88 void InstallLegacyTokens(const std::string& dm_token, |
| 81 const std::string& device_id); | 89 const std::string& device_id); |
| 82 | 90 |
| 83 // Removes the passed-in legacy cache directory. | 91 // Removes the passed-in legacy cache directory. |
| 84 static void RemoveLegacyCacheDir(const FilePath& dir); | 92 static void RemoveLegacyCacheDir(const FilePath& dir); |
| 85 | 93 |
| 94 void EnsurePolicyKeyLoaded(const base::Closure& callback); | |
|
Mattias Nissler (ping if slow)
2013/02/07 14:12:07
document.
Joao da Silva
2013/02/07 16:32:00
Done.
| |
| 95 | |
| 96 // Callback for getting the sanitized username from |cryptohome_client_|. | |
| 97 void OnGetSanitizedUsername(const base::Closure& callback, | |
| 98 chromeos::DBusMethodCallStatus call_status, | |
| 99 const std::string& sanitized_username); | |
| 100 | |
| 101 chromeos::CryptohomeClient* cryptohome_client_; | |
| 86 chromeos::SessionManagerClient* session_manager_client_; | 102 chromeos::SessionManagerClient* session_manager_client_; |
| 87 const std::string username_; | 103 const std::string username_; |
| 104 FilePath user_policy_key_dir_; | |
| 88 | 105 |
| 89 base::WeakPtrFactory<UserCloudPolicyStoreChromeOS> weak_factory_; | 106 base::WeakPtrFactory<UserCloudPolicyStoreChromeOS> weak_factory_; |
| 90 | 107 |
| 91 // TODO(mnissler): Remove all the legacy policy support members below after | 108 // TODO(mnissler): Remove all the legacy policy support members below after |
| 92 // the number of pre-M20 clients drops back to zero. | 109 // the number of pre-M20 clients drops back to zero. |
| 93 FilePath legacy_cache_dir_; | 110 FilePath legacy_cache_dir_; |
| 94 scoped_ptr<LegacyPolicyCacheLoader> legacy_loader_; | 111 scoped_ptr<LegacyPolicyCacheLoader> legacy_loader_; |
| 95 bool legacy_caches_loaded_; | 112 bool legacy_caches_loaded_; |
| 96 | 113 |
| 114 scoped_ptr<UserPolicyKey> policy_key_; | |
| 115 | |
| 97 DISALLOW_COPY_AND_ASSIGN(UserCloudPolicyStoreChromeOS); | 116 DISALLOW_COPY_AND_ASSIGN(UserCloudPolicyStoreChromeOS); |
| 98 }; | 117 }; |
| 99 | 118 |
| 100 } // namespace policy | 119 } // namespace policy |
| 101 | 120 |
| 102 #endif // CHROME_BROWSER_POLICY_USER_CLOUD_POLICY_STORE_CHROMEOS_H_ | 121 #endif // CHROME_BROWSER_POLICY_USER_CLOUD_POLICY_STORE_CHROMEOS_H_ |
| OLD | NEW |
