OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h" | 5 #include "chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h" |
6 | 6 |
7 #include <stddef.h> | 7 #include <stddef.h> |
8 #include <utility> | 8 #include <utility> |
9 | 9 |
10 #include "base/bind.h" | 10 #include "base/bind.h" |
(...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
61 | 61 |
62 } // namespace | 62 } // namespace |
63 | 63 |
64 // Helper class for loading legacy policy caches. | 64 // Helper class for loading legacy policy caches. |
65 class LegacyPolicyCacheLoader : public UserPolicyTokenLoader::Delegate, | 65 class LegacyPolicyCacheLoader : public UserPolicyTokenLoader::Delegate, |
66 public UserPolicyDiskCache::Delegate { | 66 public UserPolicyDiskCache::Delegate { |
67 public: | 67 public: |
68 typedef base::Callback<void(const std::string&, | 68 typedef base::Callback<void(const std::string&, |
69 const std::string&, | 69 const std::string&, |
70 CloudPolicyStore::Status, | 70 CloudPolicyStore::Status, |
71 scoped_ptr<em::PolicyFetchResponse>)> Callback; | 71 std::unique_ptr<em::PolicyFetchResponse>)> |
| 72 Callback; |
72 | 73 |
73 LegacyPolicyCacheLoader( | 74 LegacyPolicyCacheLoader( |
74 const base::FilePath& token_cache_file, | 75 const base::FilePath& token_cache_file, |
75 const base::FilePath& policy_cache_file, | 76 const base::FilePath& policy_cache_file, |
76 scoped_refptr<base::SequencedTaskRunner> background_task_runner); | 77 scoped_refptr<base::SequencedTaskRunner> background_task_runner); |
77 ~LegacyPolicyCacheLoader() override; | 78 ~LegacyPolicyCacheLoader() override; |
78 | 79 |
79 // Starts loading, and reports the result to |callback| when done. | 80 // Starts loading, and reports the result to |callback| when done. |
80 void Load(const Callback& callback); | 81 void Load(const Callback& callback); |
81 | 82 |
(...skipping 12 matching lines...) Expand all Loading... |
94 | 95 |
95 // Maps a disk cache LoadResult to a CloudPolicyStore::Status. | 96 // Maps a disk cache LoadResult to a CloudPolicyStore::Status. |
96 static CloudPolicyStore::Status TranslateLoadResult( | 97 static CloudPolicyStore::Status TranslateLoadResult( |
97 UserPolicyDiskCache::LoadResult result); | 98 UserPolicyDiskCache::LoadResult result); |
98 | 99 |
99 scoped_refptr<UserPolicyTokenLoader> token_loader_; | 100 scoped_refptr<UserPolicyTokenLoader> token_loader_; |
100 scoped_refptr<UserPolicyDiskCache> policy_cache_; | 101 scoped_refptr<UserPolicyDiskCache> policy_cache_; |
101 | 102 |
102 std::string dm_token_; | 103 std::string dm_token_; |
103 std::string device_id_; | 104 std::string device_id_; |
104 scoped_ptr<em::PolicyFetchResponse> policy_; | 105 std::unique_ptr<em::PolicyFetchResponse> policy_; |
105 CloudPolicyStore::Status status_; | 106 CloudPolicyStore::Status status_; |
106 | 107 |
107 Callback callback_; | 108 Callback callback_; |
108 | 109 |
109 base::WeakPtrFactory<LegacyPolicyCacheLoader> weak_factory_; | 110 base::WeakPtrFactory<LegacyPolicyCacheLoader> weak_factory_; |
110 | 111 |
111 DISALLOW_COPY_AND_ASSIGN(LegacyPolicyCacheLoader); | 112 DISALLOW_COPY_AND_ASSIGN(LegacyPolicyCacheLoader); |
112 }; | 113 }; |
113 | 114 |
114 LegacyPolicyCacheLoader::LegacyPolicyCacheLoader( | 115 LegacyPolicyCacheLoader::LegacyPolicyCacheLoader( |
(...skipping 80 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
195 legacy_caches_loaded_(false), | 196 legacy_caches_loaded_(false), |
196 policy_key_loaded_(false), | 197 policy_key_loaded_(false), |
197 weak_factory_(this) {} | 198 weak_factory_(this) {} |
198 | 199 |
199 UserCloudPolicyStoreChromeOS::~UserCloudPolicyStoreChromeOS() {} | 200 UserCloudPolicyStoreChromeOS::~UserCloudPolicyStoreChromeOS() {} |
200 | 201 |
201 void UserCloudPolicyStoreChromeOS::Store( | 202 void UserCloudPolicyStoreChromeOS::Store( |
202 const em::PolicyFetchResponse& policy) { | 203 const em::PolicyFetchResponse& policy) { |
203 // Cancel all pending requests. | 204 // Cancel all pending requests. |
204 weak_factory_.InvalidateWeakPtrs(); | 205 weak_factory_.InvalidateWeakPtrs(); |
205 scoped_ptr<em::PolicyFetchResponse> response( | 206 std::unique_ptr<em::PolicyFetchResponse> response( |
206 new em::PolicyFetchResponse(policy)); | 207 new em::PolicyFetchResponse(policy)); |
207 EnsurePolicyKeyLoaded( | 208 EnsurePolicyKeyLoaded( |
208 base::Bind(&UserCloudPolicyStoreChromeOS::ValidatePolicyForStore, | 209 base::Bind(&UserCloudPolicyStoreChromeOS::ValidatePolicyForStore, |
209 weak_factory_.GetWeakPtr(), | 210 weak_factory_.GetWeakPtr(), |
210 base::Passed(&response))); | 211 base::Passed(&response))); |
211 } | 212 } |
212 | 213 |
213 void UserCloudPolicyStoreChromeOS::Load() { | 214 void UserCloudPolicyStoreChromeOS::Load() { |
214 // Cancel all pending requests. | 215 // Cancel all pending requests. |
215 weak_factory_.InvalidateWeakPtrs(); | 216 weak_factory_.InvalidateWeakPtrs(); |
(...skipping 16 matching lines...) Expand all Loading... |
232 session_manager_client_->BlockingRetrievePolicyForUser( | 233 session_manager_client_->BlockingRetrievePolicyForUser( |
233 cryptohome::Identification(account_id_)); | 234 cryptohome::Identification(account_id_)); |
234 if (policy_blob.empty()) { | 235 if (policy_blob.empty()) { |
235 // The session manager doesn't have policy, or the call failed. | 236 // The session manager doesn't have policy, or the call failed. |
236 // Just notify that the load is done, and don't bother with the legacy | 237 // Just notify that the load is done, and don't bother with the legacy |
237 // caches in this case. | 238 // caches in this case. |
238 NotifyStoreLoaded(); | 239 NotifyStoreLoaded(); |
239 return; | 240 return; |
240 } | 241 } |
241 | 242 |
242 scoped_ptr<em::PolicyFetchResponse> policy(new em::PolicyFetchResponse()); | 243 std::unique_ptr<em::PolicyFetchResponse> policy( |
| 244 new em::PolicyFetchResponse()); |
243 if (!policy->ParseFromString(policy_blob)) { | 245 if (!policy->ParseFromString(policy_blob)) { |
244 status_ = STATUS_PARSE_ERROR; | 246 status_ = STATUS_PARSE_ERROR; |
245 NotifyStoreError(); | 247 NotifyStoreError(); |
246 return; | 248 return; |
247 } | 249 } |
248 | 250 |
249 std::string sanitized_username = | 251 std::string sanitized_username = |
250 cryptohome_client_->BlockingGetSanitizedUsername( | 252 cryptohome_client_->BlockingGetSanitizedUsername( |
251 cryptohome::Identification(account_id_)); | 253 cryptohome::Identification(account_id_)); |
252 if (sanitized_username.empty()) { | 254 if (sanitized_username.empty()) { |
253 status_ = STATUS_LOAD_ERROR; | 255 status_ = STATUS_LOAD_ERROR; |
254 NotifyStoreError(); | 256 NotifyStoreError(); |
255 return; | 257 return; |
256 } | 258 } |
257 | 259 |
258 policy_key_path_ = user_policy_key_dir_.Append( | 260 policy_key_path_ = user_policy_key_dir_.Append( |
259 base::StringPrintf(kPolicyKeyFile, sanitized_username.c_str())); | 261 base::StringPrintf(kPolicyKeyFile, sanitized_username.c_str())); |
260 LoadPolicyKey(policy_key_path_, &policy_key_); | 262 LoadPolicyKey(policy_key_path_, &policy_key_); |
261 policy_key_loaded_ = true; | 263 policy_key_loaded_ = true; |
262 | 264 |
263 scoped_ptr<UserCloudPolicyValidator> validator = | 265 std::unique_ptr<UserCloudPolicyValidator> validator = |
264 CreateValidatorForLoad(std::move(policy)); | 266 CreateValidatorForLoad(std::move(policy)); |
265 validator->RunValidation(); | 267 validator->RunValidation(); |
266 OnRetrievedPolicyValidated(validator.get()); | 268 OnRetrievedPolicyValidated(validator.get()); |
267 } | 269 } |
268 | 270 |
269 void UserCloudPolicyStoreChromeOS::ValidatePolicyForStore( | 271 void UserCloudPolicyStoreChromeOS::ValidatePolicyForStore( |
270 scoped_ptr<em::PolicyFetchResponse> policy) { | 272 std::unique_ptr<em::PolicyFetchResponse> policy) { |
271 // Create and configure a validator. | 273 // Create and configure a validator. |
272 scoped_ptr<UserCloudPolicyValidator> validator = CreateValidator( | 274 std::unique_ptr<UserCloudPolicyValidator> validator = CreateValidator( |
273 std::move(policy), CloudPolicyValidatorBase::TIMESTAMP_REQUIRED); | 275 std::move(policy), CloudPolicyValidatorBase::TIMESTAMP_REQUIRED); |
274 validator->ValidateUsername(account_id_.GetUserEmail(), true); | 276 validator->ValidateUsername(account_id_.GetUserEmail(), true); |
275 if (policy_key_.empty()) { | 277 if (policy_key_.empty()) { |
276 validator->ValidateInitialKey(GetPolicyVerificationKey(), | 278 validator->ValidateInitialKey(GetPolicyVerificationKey(), |
277 ExtractDomain(account_id_.GetUserEmail())); | 279 ExtractDomain(account_id_.GetUserEmail())); |
278 } else { | 280 } else { |
279 const bool allow_rotation = true; | 281 const bool allow_rotation = true; |
280 validator->ValidateSignature(policy_key_, GetPolicyVerificationKey(), | 282 validator->ValidateSignature(policy_key_, GetPolicyVerificationKey(), |
281 ExtractDomain(account_id_.GetUserEmail()), | 283 ExtractDomain(account_id_.GetUserEmail()), |
282 allow_rotation); | 284 allow_rotation); |
(...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
344 // the world about the policy update. | 346 // the world about the policy update. |
345 policy_.reset(); | 347 policy_.reset(); |
346 NotifyStoreLoaded(); | 348 NotifyStoreLoaded(); |
347 } | 349 } |
348 return; | 350 return; |
349 } | 351 } |
350 | 352 |
351 // Policy is supplied by session_manager. Disregard legacy data from now on. | 353 // Policy is supplied by session_manager. Disregard legacy data from now on. |
352 legacy_loader_.reset(); | 354 legacy_loader_.reset(); |
353 | 355 |
354 scoped_ptr<em::PolicyFetchResponse> policy(new em::PolicyFetchResponse()); | 356 std::unique_ptr<em::PolicyFetchResponse> policy( |
| 357 new em::PolicyFetchResponse()); |
355 if (!policy->ParseFromString(policy_blob)) { | 358 if (!policy->ParseFromString(policy_blob)) { |
356 status_ = STATUS_PARSE_ERROR; | 359 status_ = STATUS_PARSE_ERROR; |
357 NotifyStoreError(); | 360 NotifyStoreError(); |
358 return; | 361 return; |
359 } | 362 } |
360 | 363 |
361 // Load |policy_key_| to verify the loaded policy. | 364 // Load |policy_key_| to verify the loaded policy. |
362 EnsurePolicyKeyLoaded( | 365 EnsurePolicyKeyLoaded( |
363 base::Bind(&UserCloudPolicyStoreChromeOS::ValidateRetrievedPolicy, | 366 base::Bind(&UserCloudPolicyStoreChromeOS::ValidateRetrievedPolicy, |
364 weak_factory_.GetWeakPtr(), | 367 weak_factory_.GetWeakPtr(), |
365 base::Passed(&policy))); | 368 base::Passed(&policy))); |
366 } | 369 } |
367 | 370 |
368 void UserCloudPolicyStoreChromeOS::ValidateRetrievedPolicy( | 371 void UserCloudPolicyStoreChromeOS::ValidateRetrievedPolicy( |
369 scoped_ptr<em::PolicyFetchResponse> policy) { | 372 std::unique_ptr<em::PolicyFetchResponse> policy) { |
370 // Create and configure a validator for the loaded policy. | 373 // Create and configure a validator for the loaded policy. |
371 scoped_ptr<UserCloudPolicyValidator> validator = | 374 std::unique_ptr<UserCloudPolicyValidator> validator = |
372 CreateValidatorForLoad(std::move(policy)); | 375 CreateValidatorForLoad(std::move(policy)); |
373 // Start validation. The Validator will delete itself once validation is | 376 // Start validation. The Validator will delete itself once validation is |
374 // complete. | 377 // complete. |
375 validator.release()->StartValidation( | 378 validator.release()->StartValidation( |
376 base::Bind(&UserCloudPolicyStoreChromeOS::OnRetrievedPolicyValidated, | 379 base::Bind(&UserCloudPolicyStoreChromeOS::OnRetrievedPolicyValidated, |
377 weak_factory_.GetWeakPtr())); | 380 weak_factory_.GetWeakPtr())); |
378 } | 381 } |
379 | 382 |
380 void UserCloudPolicyStoreChromeOS::OnRetrievedPolicyValidated( | 383 void UserCloudPolicyStoreChromeOS::OnRetrievedPolicyValidated( |
381 UserCloudPolicyValidator* validator) { | 384 UserCloudPolicyValidator* validator) { |
(...skipping 23 matching lines...) Expand all Loading... |
405 legacy_cache_dir_)); | 408 legacy_cache_dir_)); |
406 legacy_cache_dir_.clear(); | 409 legacy_cache_dir_.clear(); |
407 } | 410 } |
408 NotifyStoreLoaded(); | 411 NotifyStoreLoaded(); |
409 } | 412 } |
410 | 413 |
411 void UserCloudPolicyStoreChromeOS::OnLegacyLoadFinished( | 414 void UserCloudPolicyStoreChromeOS::OnLegacyLoadFinished( |
412 const std::string& dm_token, | 415 const std::string& dm_token, |
413 const std::string& device_id, | 416 const std::string& device_id, |
414 Status status, | 417 Status status, |
415 scoped_ptr<em::PolicyFetchResponse> policy) { | 418 std::unique_ptr<em::PolicyFetchResponse> policy) { |
416 status_ = status; | 419 status_ = status; |
417 if (policy.get()) { | 420 if (policy.get()) { |
418 // Create and configure a validator for the loaded legacy policy. Note that | 421 // Create and configure a validator for the loaded legacy policy. Note that |
419 // the signature on this policy is not verified. | 422 // the signature on this policy is not verified. |
420 scoped_ptr<UserCloudPolicyValidator> validator = CreateValidator( | 423 std::unique_ptr<UserCloudPolicyValidator> validator = CreateValidator( |
421 std::move(policy), CloudPolicyValidatorBase::TIMESTAMP_REQUIRED); | 424 std::move(policy), CloudPolicyValidatorBase::TIMESTAMP_REQUIRED); |
422 validator->ValidateUsername(account_id_.GetUserEmail(), true); | 425 validator->ValidateUsername(account_id_.GetUserEmail(), true); |
423 validator.release()->StartValidation( | 426 validator.release()->StartValidation( |
424 base::Bind(&UserCloudPolicyStoreChromeOS::OnLegacyPolicyValidated, | 427 base::Bind(&UserCloudPolicyStoreChromeOS::OnLegacyPolicyValidated, |
425 weak_factory_.GetWeakPtr(), | 428 weak_factory_.GetWeakPtr(), |
426 dm_token, | 429 dm_token, |
427 device_id)); | 430 device_id)); |
428 } else { | 431 } else { |
429 InstallLegacyTokens(dm_token, device_id); | 432 InstallLegacyTokens(dm_token, device_id); |
430 } | 433 } |
(...skipping 117 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
548 if (call_status == chromeos::DBUS_METHOD_CALL_SUCCESS && | 551 if (call_status == chromeos::DBUS_METHOD_CALL_SUCCESS && |
549 !sanitized_username.empty()) { | 552 !sanitized_username.empty()) { |
550 policy_key_path_ = user_policy_key_dir_.Append( | 553 policy_key_path_ = user_policy_key_dir_.Append( |
551 base::StringPrintf(kPolicyKeyFile, sanitized_username.c_str())); | 554 base::StringPrintf(kPolicyKeyFile, sanitized_username.c_str())); |
552 } else { | 555 } else { |
553 SampleValidationFailure(VALIDATION_FAILURE_DBUS); | 556 SampleValidationFailure(VALIDATION_FAILURE_DBUS); |
554 } | 557 } |
555 ReloadPolicyKey(callback); | 558 ReloadPolicyKey(callback); |
556 } | 559 } |
557 | 560 |
558 scoped_ptr<UserCloudPolicyValidator> | 561 std::unique_ptr<UserCloudPolicyValidator> |
559 UserCloudPolicyStoreChromeOS::CreateValidatorForLoad( | 562 UserCloudPolicyStoreChromeOS::CreateValidatorForLoad( |
560 scoped_ptr<em::PolicyFetchResponse> policy) { | 563 std::unique_ptr<em::PolicyFetchResponse> policy) { |
561 scoped_ptr<UserCloudPolicyValidator> validator = CreateValidator( | 564 std::unique_ptr<UserCloudPolicyValidator> validator = CreateValidator( |
562 std::move(policy), CloudPolicyValidatorBase::TIMESTAMP_NOT_BEFORE); | 565 std::move(policy), CloudPolicyValidatorBase::TIMESTAMP_NOT_BEFORE); |
563 validator->ValidateUsername(account_id_.GetUserEmail(), true); | 566 validator->ValidateUsername(account_id_.GetUserEmail(), true); |
564 const bool allow_rotation = false; | 567 const bool allow_rotation = false; |
565 const std::string empty_key = std::string(); | 568 const std::string empty_key = std::string(); |
566 // The policy loaded from session manager need not be validated using the | 569 // The policy loaded from session manager need not be validated using the |
567 // verification key since it is secure, and since there may be legacy policy | 570 // verification key since it is secure, and since there may be legacy policy |
568 // data that was stored without a verification key. Hence passing an empty | 571 // data that was stored without a verification key. Hence passing an empty |
569 // value for the verification key. | 572 // value for the verification key. |
570 validator->ValidateSignature(policy_key_, empty_key, | 573 validator->ValidateSignature(policy_key_, empty_key, |
571 ExtractDomain(account_id_.GetUserEmail()), | 574 ExtractDomain(account_id_.GetUserEmail()), |
572 allow_rotation); | 575 allow_rotation); |
573 return validator; | 576 return validator; |
574 } | 577 } |
575 } // namespace policy | 578 } // namespace policy |
OLD | NEW |