OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/policy/user_cloud_policy_store.h" | 5 #include "chrome/browser/policy/user_cloud_policy_store.h" |
6 | 6 |
7 #include "base/bind.h" | 7 #include "base/bind.h" |
8 #include "base/file_util.h" | 8 #include "base/file_util.h" |
9 #include "chrome/browser/policy/proto/cloud_policy.pb.h" | 9 #include "chrome/browser/policy/proto/cloud_policy.pb.h" |
10 #include "chrome/browser/policy/proto/device_management_backend.pb.h" | 10 #include "chrome/browser/policy/proto/device_management_backend.pb.h" |
(...skipping 170 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
181 status_ = STATUS_VALIDATION_ERROR; | 181 status_ = STATUS_VALIDATION_ERROR; |
182 NotifyStoreError(); | 182 NotifyStoreError(); |
183 return; | 183 return; |
184 } | 184 } |
185 | 185 |
186 DVLOG(1) << "Validation succeeded - installing policy with dm_token: " << | 186 DVLOG(1) << "Validation succeeded - installing policy with dm_token: " << |
187 validator->policy_data()->request_token(); | 187 validator->policy_data()->request_token(); |
188 DVLOG(1) << "Device ID: " << validator->policy_data()->device_id(); | 188 DVLOG(1) << "Device ID: " << validator->policy_data()->device_id(); |
189 | 189 |
190 InstallPolicy(validator->policy_data().Pass(), validator->payload().Pass()); | 190 InstallPolicy(validator->policy_data().Pass(), validator->payload().Pass()); |
191 FilterDisallowedPolicies(); | |
192 status_ = STATUS_OK; | 191 status_ = STATUS_OK; |
193 NotifyStoreLoaded(); | 192 NotifyStoreLoaded(); |
194 } | 193 } |
195 | 194 |
196 void UserCloudPolicyStore::Store(const em::PolicyFetchResponse& policy) { | 195 void UserCloudPolicyStore::Store(const em::PolicyFetchResponse& policy) { |
197 // Stop any pending requests to store policy, then validate the new policy | 196 // Stop any pending requests to store policy, then validate the new policy |
198 // before storing it. | 197 // before storing it. |
199 weak_factory_.InvalidateWeakPtrs(); | 198 weak_factory_.InvalidateWeakPtrs(); |
200 scoped_ptr<em::PolicyFetchResponse> policy_copy( | 199 scoped_ptr<em::PolicyFetchResponse> policy_copy( |
201 new em::PolicyFetchResponse(policy)); | 200 new em::PolicyFetchResponse(policy)); |
202 Validate(policy_copy.Pass(), | 201 Validate(policy_copy.Pass(), |
203 true, | 202 true, |
204 base::Bind(&UserCloudPolicyStore::StorePolicyAfterValidation, | 203 base::Bind(&UserCloudPolicyStore::StorePolicyAfterValidation, |
205 weak_factory_.GetWeakPtr())); | 204 weak_factory_.GetWeakPtr())); |
206 } | 205 } |
207 | 206 |
208 void UserCloudPolicyStore::Validate( | 207 void UserCloudPolicyStore::Validate( |
209 scoped_ptr<em::PolicyFetchResponse> policy, | 208 scoped_ptr<em::PolicyFetchResponse> policy, |
210 bool validate_in_background, | 209 bool validate_in_background, |
211 const UserCloudPolicyValidator::CompletionCallback& callback) { | 210 const UserCloudPolicyValidator::CompletionCallback& callback) { |
212 // Configure the validator. | 211 // Configure the validator. |
213 scoped_ptr<UserCloudPolicyValidator> validator = | 212 scoped_ptr<UserCloudPolicyValidator> validator = |
214 CreateValidator(policy.Pass()); | 213 CreateValidator(policy.Pass()); |
215 SigninManager* signin = SigninManagerFactory::GetForProfileIfExists(profile_); | 214 SigninManager* signin = SigninManagerFactory::GetForProfileIfExists(profile_); |
216 if (signin) { | 215 if (signin) { |
217 std::string username = signin->GetAuthenticatedUsername(); | 216 std::string username = signin->GetAuthenticatedUsername(); |
218 DCHECK(!username.empty()); | 217 // Validate the username if the user is signed in. |
219 validator->ValidateUsername(username); | 218 if (!username.empty()) |
| 219 validator->ValidateUsername(username); |
220 } | 220 } |
221 | 221 |
222 if (validate_in_background) { | 222 if (validate_in_background) { |
223 // Start validation in the background. The Validator will free itself once | 223 // Start validation in the background. The Validator will free itself once |
224 // validation is complete. | 224 // validation is complete. |
225 validator.release()->StartValidation(callback); | 225 validator.release()->StartValidation(callback); |
226 } else { | 226 } else { |
227 // Run validation immediately and invoke the callback with the results. | 227 // Run validation immediately and invoke the callback with the results. |
228 validator->RunValidation(); | 228 validator->RunValidation(); |
229 callback.Run(validator.get()); | 229 callback.Run(validator.get()); |
(...skipping 10 matching lines...) Expand all Loading... |
240 return; | 240 return; |
241 } | 241 } |
242 | 242 |
243 // Persist the validated policy (just fire a task - don't bother getting a | 243 // Persist the validated policy (just fire a task - don't bother getting a |
244 // reply because we can't do anything if it fails). | 244 // reply because we can't do anything if it fails). |
245 content::BrowserThread::PostTask( | 245 content::BrowserThread::PostTask( |
246 content::BrowserThread::FILE, FROM_HERE, | 246 content::BrowserThread::FILE, FROM_HERE, |
247 base::Bind(&StorePolicyToDiskOnFileThread, | 247 base::Bind(&StorePolicyToDiskOnFileThread, |
248 backing_file_path_, *validator->policy())); | 248 backing_file_path_, *validator->policy())); |
249 InstallPolicy(validator->policy_data().Pass(), validator->payload().Pass()); | 249 InstallPolicy(validator->policy_data().Pass(), validator->payload().Pass()); |
250 FilterDisallowedPolicies(); | |
251 status_ = STATUS_OK; | 250 status_ = STATUS_OK; |
252 NotifyStoreLoaded(); | 251 NotifyStoreLoaded(); |
253 } | 252 } |
254 | 253 |
255 void UserCloudPolicyStore::FilterDisallowedPolicies() { | |
256 // We don't yet allow setting SyncDisabled in desktop cloud policy, because | |
257 // it causes the user to be signed out which then removes the cloud policy. | |
258 // TODO(atwilson): Remove this once we support signing in with sync disabled | |
259 // (http://crbug.com/166148). | |
260 policy_map_.Erase(key::kSyncDisabled); | |
261 } | |
262 | |
263 } // namespace policy | 254 } // namespace policy |
OLD | NEW |