| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/policy/browser_policy_connector.h" | 5 #include "chrome/browser/policy/browser_policy_connector.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/bind_helpers.h" | 8 #include "base/bind_helpers.h" |
| 9 #include "base/command_line.h" | 9 #include "base/command_line.h" |
| 10 #include "base/files/file_path.h" | 10 #include "base/files/file_path.h" |
| (...skipping 10 matching lines...) Expand all Loading... |
| 21 #include "chrome/browser/policy/cloud/cloud_policy_service.h" | 21 #include "chrome/browser/policy/cloud/cloud_policy_service.h" |
| 22 #include "chrome/browser/policy/cloud/device_management_service.h" | 22 #include "chrome/browser/policy/cloud/device_management_service.h" |
| 23 #include "chrome/browser/policy/configuration_policy_provider.h" | 23 #include "chrome/browser/policy/configuration_policy_provider.h" |
| 24 #include "chrome/browser/policy/managed_mode_policy_provider.h" | 24 #include "chrome/browser/policy/managed_mode_policy_provider.h" |
| 25 #include "chrome/browser/policy/policy_service_impl.h" | 25 #include "chrome/browser/policy/policy_service_impl.h" |
| 26 #include "chrome/browser/policy/policy_statistics_collector.h" | 26 #include "chrome/browser/policy/policy_statistics_collector.h" |
| 27 #include "chrome/browser/profiles/profile.h" | 27 #include "chrome/browser/profiles/profile.h" |
| 28 #include "chrome/common/chrome_paths.h" | 28 #include "chrome/common/chrome_paths.h" |
| 29 #include "chrome/common/chrome_switches.h" | 29 #include "chrome/common/chrome_switches.h" |
| 30 #include "chrome/common/pref_names.h" | 30 #include "chrome/common/pref_names.h" |
| 31 #include "components/user_prefs/pref_registry_syncable.h" |
| 31 #include "content/public/browser/browser_thread.h" | 32 #include "content/public/browser/browser_thread.h" |
| 32 #include "google_apis/gaia/gaia_auth_util.h" | 33 #include "google_apis/gaia/gaia_auth_util.h" |
| 33 #include "google_apis/gaia/gaia_constants.h" | 34 #include "google_apis/gaia/gaia_constants.h" |
| 34 #include "grit/generated_resources.h" | 35 #include "grit/generated_resources.h" |
| 35 #include "net/url_request/url_request_context_getter.h" | 36 #include "net/url_request/url_request_context_getter.h" |
| 36 #include "policy/policy_constants.h" | 37 #include "policy/policy_constants.h" |
| 37 #include "third_party/icu/public/i18n/unicode/regex.h" | 38 #include "third_party/icu/public/i18n/unicode/regex.h" |
| 38 | 39 |
| 39 #if defined(OS_WIN) | 40 #if defined(OS_WIN) |
| 40 #include "chrome/browser/policy/policy_loader_win.h" | 41 #include "chrome/browser/policy/policy_loader_win.h" |
| (...skipping 183 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 224 // call SetPolicyProviderForTesting() again. It is still owned by the test. | 225 // call SetPolicyProviderForTesting() again. It is still owned by the test. |
| 225 g_testing_provider = NULL; | 226 g_testing_provider = NULL; |
| 226 if (platform_provider_) | 227 if (platform_provider_) |
| 227 platform_provider_->Shutdown(); | 228 platform_provider_->Shutdown(); |
| 228 | 229 |
| 229 #if defined(OS_CHROMEOS) | 230 #if defined(OS_CHROMEOS) |
| 230 // The AppPackUpdater may be observing the |device_cloud_policy_subsystem_|. | 231 // The AppPackUpdater may be observing the |device_cloud_policy_subsystem_|. |
| 231 // Delete it first. | 232 // Delete it first. |
| 232 app_pack_updater_.reset(); | 233 app_pack_updater_.reset(); |
| 233 | 234 |
| 235 network_configuration_updater_.reset(); |
| 236 |
| 234 if (device_cloud_policy_manager_) | 237 if (device_cloud_policy_manager_) |
| 235 device_cloud_policy_manager_->Shutdown(); | 238 device_cloud_policy_manager_->Shutdown(); |
| 236 if (device_local_account_policy_provider_) | 239 if (device_local_account_policy_provider_) |
| 237 device_local_account_policy_provider_->Shutdown(); | 240 device_local_account_policy_provider_->Shutdown(); |
| 238 if (device_local_account_policy_service_) | 241 if (device_local_account_policy_service_) |
| 239 device_local_account_policy_service_->Disconnect(); | 242 device_local_account_policy_service_->Disconnect(); |
| 240 if (user_cloud_policy_manager_) | 243 if (user_cloud_policy_manager_) |
| 241 user_cloud_policy_manager_->Shutdown(); | 244 user_cloud_policy_manager_->Shutdown(); |
| 242 global_user_cloud_policy_provider_.Shutdown(); | 245 global_user_cloud_policy_provider_.Shutdown(); |
| 243 #endif | 246 #endif |
| (...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 292 } | 295 } |
| 293 | 296 |
| 294 #if defined(OS_CHROMEOS) | 297 #if defined(OS_CHROMEOS) |
| 295 void BrowserPolicyConnector::InitializeUserPolicy( | 298 void BrowserPolicyConnector::InitializeUserPolicy( |
| 296 const std::string& user_name, | 299 const std::string& user_name, |
| 297 bool is_public_account, | 300 bool is_public_account, |
| 298 bool wait_for_policy_fetch) { | 301 bool wait_for_policy_fetch) { |
| 299 // If the user is managed then importing certificates from ONC policy is | 302 // If the user is managed then importing certificates from ONC policy is |
| 300 // allowed, otherwise it's not. Update this flag once the user has signed in, | 303 // allowed, otherwise it's not. Update this flag once the user has signed in, |
| 301 // and before user policy is loaded. | 304 // and before user policy is loaded. |
| 302 GetNetworkConfigurationUpdater()->set_allow_web_trust( | 305 GetNetworkConfigurationUpdater()->set_allow_trusted_certificates_from_policy( |
| 303 GetUserAffiliation(user_name) == USER_AFFILIATION_MANAGED); | 306 GetUserAffiliation(user_name) == USER_AFFILIATION_MANAGED); |
| 304 | 307 |
| 305 // Re-initializing user policy is disallowed for two reasons: | 308 // Re-initializing user policy is disallowed for two reasons: |
| 306 // (a) Existing profiles may hold pointers to |user_cloud_policy_manager_|. | 309 // (a) Existing profiles may hold pointers to |user_cloud_policy_manager_|. |
| 307 // (b) Implementing UserCloudPolicyManager::IsInitializationComplete() | 310 // (b) Implementing UserCloudPolicyManager::IsInitializationComplete() |
| 308 // correctly is impossible for re-initialization. | 311 // correctly is impossible for re-initialization. |
| 309 CHECK(!user_cloud_policy_manager_); | 312 CHECK(!user_cloud_policy_manager_); |
| 310 | 313 |
| 311 CommandLine* command_line = CommandLine::ForCurrentProcess(); | 314 CommandLine* command_line = CommandLine::ForCurrentProcess(); |
| 312 | 315 |
| (...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 377 | 380 |
| 378 #if defined(OS_CHROMEOS) | 381 #if defined(OS_CHROMEOS) |
| 379 AppPackUpdater* BrowserPolicyConnector::GetAppPackUpdater() { | 382 AppPackUpdater* BrowserPolicyConnector::GetAppPackUpdater() { |
| 380 // request_context_ is NULL in unit tests. | 383 // request_context_ is NULL in unit tests. |
| 381 if (!app_pack_updater_ && request_context_) { | 384 if (!app_pack_updater_ && request_context_) { |
| 382 app_pack_updater_.reset( | 385 app_pack_updater_.reset( |
| 383 new AppPackUpdater(request_context_, install_attributes_.get())); | 386 new AppPackUpdater(request_context_, install_attributes_.get())); |
| 384 } | 387 } |
| 385 return app_pack_updater_.get(); | 388 return app_pack_updater_.get(); |
| 386 } | 389 } |
| 387 #endif | |
| 388 | 390 |
| 389 #if defined(OS_CHROMEOS) | |
| 390 NetworkConfigurationUpdater* | 391 NetworkConfigurationUpdater* |
| 391 BrowserPolicyConnector::GetNetworkConfigurationUpdater() { | 392 BrowserPolicyConnector::GetNetworkConfigurationUpdater() { |
| 392 if (!network_configuration_updater_) { | 393 if (!network_configuration_updater_) { |
| 393 network_configuration_updater_.reset(new NetworkConfigurationUpdater( | 394 network_configuration_updater_.reset(new NetworkConfigurationUpdater( |
| 394 GetPolicyService(), | 395 GetPolicyService(), |
| 395 chromeos::CrosLibrary::Get()->GetNetworkLibrary())); | 396 chromeos::CrosLibrary::Get()->GetNetworkLibrary())); |
| 396 } | 397 } |
| 397 return network_configuration_updater_.get(); | 398 return network_configuration_updater_.get(); |
| 398 } | 399 } |
| 400 |
| 401 net::CertTrustAnchorProvider* |
| 402 BrowserPolicyConnector::GetCertTrustAnchorProvider() { |
| 403 return GetNetworkConfigurationUpdater()->GetCertTrustAnchorProvider(); |
| 404 } |
| 399 #endif | 405 #endif |
| 400 | 406 |
| 401 void BrowserPolicyConnector::SetDeviceManagementServiceForTesting( | 407 void BrowserPolicyConnector::SetDeviceManagementServiceForTesting( |
| 402 scoped_ptr<DeviceManagementService> service) { | 408 scoped_ptr<DeviceManagementService> service) { |
| 403 device_management_service_ = service.Pass(); | 409 device_management_service_ = service.Pass(); |
| 404 } | 410 } |
| 405 | 411 |
| 406 // static | 412 // static |
| 407 void BrowserPolicyConnector::SetPolicyProviderForTesting( | 413 void BrowserPolicyConnector::SetPolicyProviderForTesting( |
| 408 ConfigurationPolicyProvider* provider) { | 414 ConfigurationPolicyProvider* provider) { |
| (...skipping 57 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 466 UTF8ToUTF16(gaia::ExtractDomainName(gaia::CanonicalizeEmail(username))); | 472 UTF8ToUTF16(gaia::ExtractDomainName(gaia::CanonicalizeEmail(username))); |
| 467 for (size_t i = 0; i < arraysize(kNonManagedDomainPatterns); i++) { | 473 for (size_t i = 0; i < arraysize(kNonManagedDomainPatterns); i++) { |
| 468 string16 pattern = WideToUTF16(kNonManagedDomainPatterns[i]); | 474 string16 pattern = WideToUTF16(kNonManagedDomainPatterns[i]); |
| 469 if (MatchDomain(domain, pattern)) | 475 if (MatchDomain(domain, pattern)) |
| 470 return true; | 476 return true; |
| 471 } | 477 } |
| 472 return false; | 478 return false; |
| 473 } | 479 } |
| 474 | 480 |
| 475 // static | 481 // static |
| 482 bool BrowserPolicyConnector::UsedPolicyCertificates(Profile* profile) { |
| 483 #if defined(OS_CHROMEOS) |
| 484 if (profile->GetPrefs()->GetBoolean(prefs::kUsedPolicyCertificatesOnce)) |
| 485 return true; |
| 486 #endif |
| 487 return false; |
| 488 } |
| 489 |
| 490 // static |
| 476 void BrowserPolicyConnector::RegisterPrefs(PrefRegistrySimple* registry) { | 491 void BrowserPolicyConnector::RegisterPrefs(PrefRegistrySimple* registry) { |
| 477 registry->RegisterIntegerPref(prefs::kUserPolicyRefreshRate, | 492 registry->RegisterIntegerPref(prefs::kUserPolicyRefreshRate, |
| 478 kDefaultPolicyRefreshRateMs); | 493 kDefaultPolicyRefreshRateMs); |
| 479 #if defined(OS_CHROMEOS) | 494 #if defined(OS_CHROMEOS) |
| 480 registry->RegisterIntegerPref(prefs::kDevicePolicyRefreshRate, | 495 registry->RegisterIntegerPref(prefs::kDevicePolicyRefreshRate, |
| 481 kDefaultPolicyRefreshRateMs); | 496 kDefaultPolicyRefreshRateMs); |
| 482 #endif | 497 #endif |
| 483 } | 498 } |
| 484 | 499 |
| 500 // static |
| 501 void BrowserPolicyConnector::RegisterUserPrefs(PrefRegistrySyncable* registry) { |
| 502 #if defined(OS_CHROMEOS) |
| 503 registry->RegisterBooleanPref(prefs::kUsedPolicyCertificatesOnce, |
| 504 false, |
| 505 PrefRegistrySyncable::UNSYNCABLE_PREF); |
| 506 #endif |
| 507 } |
| 508 |
| 485 void BrowserPolicyConnector::SetTimezoneIfPolicyAvailable() { | 509 void BrowserPolicyConnector::SetTimezoneIfPolicyAvailable() { |
| 486 #if defined(OS_CHROMEOS) | 510 #if defined(OS_CHROMEOS) |
| 487 typedef chromeos::CrosSettingsProvider Provider; | 511 typedef chromeos::CrosSettingsProvider Provider; |
| 488 Provider::TrustedStatus result = | 512 Provider::TrustedStatus result = |
| 489 chromeos::CrosSettings::Get()->PrepareTrustedValues( | 513 chromeos::CrosSettings::Get()->PrepareTrustedValues( |
| 490 base::Bind(&BrowserPolicyConnector::SetTimezoneIfPolicyAvailable, | 514 base::Bind(&BrowserPolicyConnector::SetTimezoneIfPolicyAvailable, |
| 491 weak_ptr_factory_.GetWeakPtr())); | 515 weak_ptr_factory_.GetWeakPtr())); |
| 492 | 516 |
| 493 if (result != Provider::TRUSTED) | 517 if (result != Provider::TRUSTED) |
| 494 return; | 518 return; |
| (...skipping 57 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 552 return new AsyncPolicyProvider(loader.Pass()); | 576 return new AsyncPolicyProvider(loader.Pass()); |
| 553 } else { | 577 } else { |
| 554 return NULL; | 578 return NULL; |
| 555 } | 579 } |
| 556 #else | 580 #else |
| 557 return NULL; | 581 return NULL; |
| 558 #endif | 582 #endif |
| 559 } | 583 } |
| 560 | 584 |
| 561 } // namespace policy | 585 } // namespace policy |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 13035003:
Added a PolicyCertVerifier that uses the trust anchors from the ONC policies. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src