Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(13)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/chromeos/policy/enrollment_handler_chromeos.cc

Issue 143183007: Update policy signature verification to include policy domain. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Fixed style error. Created 6 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « chrome/browser/chromeos/policy/device_local_account_policy_store.cc ('k') | chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc » ('j') | chrome/browser/chromeos/settings/session_manager_operation.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/chromeos/policy/enrollment_handler_chromeos.h" 5 #include "chrome/browser/chromeos/policy/enrollment_handler_chromeos.h"
6 6
7 #include "base/bind.h" 7 #include "base/bind.h"
8 #include "base/command_line.h" 8 #include "base/command_line.h"
9 #include "base/logging.h" 9 #include "base/logging.h"
10 #include "base/message_loop/message_loop.h" 10 #include "base/message_loop/message_loop.h"
(...skipping 91 matching lines...) Expand 10 before | Expand all | Expand 10 after
102 } 102 }
103 103
104 scoped_ptr<DeviceCloudPolicyValidator> validator( 104 scoped_ptr<DeviceCloudPolicyValidator> validator(
105 DeviceCloudPolicyValidator::Create( 105 DeviceCloudPolicyValidator::Create(
106 scoped_ptr<em::PolicyFetchResponse>( 106 scoped_ptr<em::PolicyFetchResponse>(
107 new em::PolicyFetchResponse(*policy)), 107 new em::PolicyFetchResponse(*policy)),
108 background_task_runner_)); 108 background_task_runner_));
109 109
110 validator->ValidateTimestamp(base::Time(), base::Time::NowFromSystemTime(), 110 validator->ValidateTimestamp(base::Time(), base::Time::NowFromSystemTime(),
111 CloudPolicyValidatorBase::TIMESTAMP_REQUIRED); 111 CloudPolicyValidatorBase::TIMESTAMP_REQUIRED);
112 if (install_attributes_->IsEnterpriseDevice()) 112
113 validator->ValidateDomain(install_attributes_->GetDomain()); 113 // If this is re-enrollment, make sure that the new policy matches the
114 // previously-enrolled domain.
115 std::string domain;
116 if (install_attributes_->IsEnterpriseDevice()) {
117 domain = install_attributes_->GetDomain();
118 validator->ValidateDomain(domain);
119 }
114 validator->ValidateDMToken(client->dm_token(), 120 validator->ValidateDMToken(client->dm_token(),
115 CloudPolicyValidatorBase::DM_TOKEN_REQUIRED); 121 CloudPolicyValidatorBase::DM_TOKEN_REQUIRED);
116 validator->ValidatePolicyType(dm_protocol::kChromeDevicePolicyType); 122 validator->ValidatePolicyType(dm_protocol::kChromeDevicePolicyType);
117 validator->ValidatePayload(); 123 validator->ValidatePayload();
118 validator->ValidateInitialKey(GetPolicyVerificationKey()); 124 // If |domain| is empty here, the policy validation code will just use the
125 // domain from the username field in the policy itself to do key validation.
126 // TODO(mnissler): Plumb the enrolling user's username into this object so
127 // we can validate the username on the resulting policy, and use the domain
128 // from that username to validate the key below (http://crbug.com/343074).
129 validator->ValidateInitialKey(GetPolicyVerificationKey(), domain);
119 validator.release()->StartValidation( 130 validator.release()->StartValidation(
120 base::Bind(&EnrollmentHandlerChromeOS::PolicyValidated, 131 base::Bind(&EnrollmentHandlerChromeOS::PolicyValidated,
121 weak_ptr_factory_.GetWeakPtr())); 132 weak_ptr_factory_.GetWeakPtr()));
122 } 133 }
123 134
124 void EnrollmentHandlerChromeOS::OnRegistrationStateChanged( 135 void EnrollmentHandlerChromeOS::OnRegistrationStateChanged(
125 CloudPolicyClient* client) { 136 CloudPolicyClient* client) {
126 DCHECK_EQ(client_.get(), client); 137 DCHECK_EQ(client_.get(), client);
127 138
128 if (enrollment_step_ == STEP_REGISTRATION && client_->is_registered()) { 139 if (enrollment_step_ == STEP_REGISTRATION && client_->is_registered()) {
(...skipping 250 matching lines...) Expand 10 before | Expand all | Expand 10 after
379 << " " << status.client_status() 390 << " " << status.client_status()
380 << " " << status.validation_status() 391 << " " << status.validation_status()
381 << " " << status.store_status(); 392 << " " << status.store_status();
382 } 393 }
383 394
384 if (!callback.is_null()) 395 if (!callback.is_null())
385 callback.Run(status); 396 callback.Run(status);
386 } 397 }
387 398
388 } // namespace policy 399 } // namespace policy
OLDNEW
« no previous file with comments | « chrome/browser/chromeos/policy/device_local_account_policy_store.cc ('k') | chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc » ('j') | chrome/browser/chromeos/settings/session_manager_operation.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698