| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h" | 5 #include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h" |
| 6 | 6 |
| 7 #include <utility> | 7 #include <utility> |
| 8 | 8 |
| 9 #include "base/bind.h" | 9 #include "base/bind.h" |
| 10 #include "base/logging.h" | 10 #include "base/logging.h" |
| (...skipping 18 matching lines...) Expand all Loading... |
| 29 | 29 |
| 30 DeviceCloudPolicyStoreChromeOS::DeviceCloudPolicyStoreChromeOS( | 30 DeviceCloudPolicyStoreChromeOS::DeviceCloudPolicyStoreChromeOS( |
| 31 chromeos::DeviceSettingsService* device_settings_service, | 31 chromeos::DeviceSettingsService* device_settings_service, |
| 32 chromeos::InstallAttributes* install_attributes, | 32 chromeos::InstallAttributes* install_attributes, |
| 33 scoped_refptr<base::SequencedTaskRunner> background_task_runner) | 33 scoped_refptr<base::SequencedTaskRunner> background_task_runner) |
| 34 : device_settings_service_(device_settings_service), | 34 : device_settings_service_(device_settings_service), |
| 35 install_attributes_(install_attributes), | 35 install_attributes_(install_attributes), |
| 36 background_task_runner_(background_task_runner), | 36 background_task_runner_(background_task_runner), |
| 37 weak_factory_(this) { | 37 weak_factory_(this) { |
| 38 device_settings_service_->AddObserver(this); | 38 device_settings_service_->AddObserver(this); |
| 39 device_settings_service_->SetDeviceMode(install_attributes_->GetMode()); |
| 39 } | 40 } |
| 40 | 41 |
| 41 DeviceCloudPolicyStoreChromeOS::~DeviceCloudPolicyStoreChromeOS() { | 42 DeviceCloudPolicyStoreChromeOS::~DeviceCloudPolicyStoreChromeOS() { |
| 42 device_settings_service_->RemoveObserver(this); | 43 device_settings_service_->RemoveObserver(this); |
| 43 } | 44 } |
| 44 | 45 |
| 45 void DeviceCloudPolicyStoreChromeOS::Store( | 46 void DeviceCloudPolicyStoreChromeOS::Store( |
| 46 const em::PolicyFetchResponse& policy) { | 47 const em::PolicyFetchResponse& policy) { |
| 47 // Cancel all pending requests. | 48 // Cancel all pending requests. |
| 48 weak_factory_.InvalidateWeakPtrs(); | 49 weak_factory_.InvalidateWeakPtrs(); |
| 49 | 50 |
| 50 scoped_refptr<ownership::PublicKey> public_key( | 51 scoped_refptr<ownership::PublicKey> public_key( |
| 51 device_settings_service_->GetPublicKey()); | 52 device_settings_service_->GetPublicKey()); |
| 52 if (!install_attributes_->IsEnterpriseDevice() || | 53 if (!install_attributes_->IsCloudManaged() || |
| 53 !device_settings_service_->policy_data() || !public_key.get() || | 54 !device_settings_service_->policy_data() || !public_key.get() || |
| 54 !public_key->is_loaded()) { | 55 !public_key->is_loaded()) { |
| 55 status_ = STATUS_BAD_STATE; | 56 status_ = STATUS_BAD_STATE; |
| 56 NotifyStoreError(); | 57 NotifyStoreError(); |
| 57 return; | 58 return; |
| 58 } | 59 } |
| 59 | 60 |
| 60 std::unique_ptr<DeviceCloudPolicyValidator> validator( | 61 std::unique_ptr<DeviceCloudPolicyValidator> validator( |
| 61 CreateValidator(policy)); | 62 CreateValidator(policy)); |
| 62 validator->ValidateSignatureAllowingRotation( | 63 validator->ValidateSignatureAllowingRotation( |
| (...skipping 11 matching lines...) Expand all Loading... |
| 74 | 75 |
| 75 void DeviceCloudPolicyStoreChromeOS::Load() { | 76 void DeviceCloudPolicyStoreChromeOS::Load() { |
| 76 device_settings_service_->Load(); | 77 device_settings_service_->Load(); |
| 77 } | 78 } |
| 78 | 79 |
| 79 void DeviceCloudPolicyStoreChromeOS::InstallInitialPolicy( | 80 void DeviceCloudPolicyStoreChromeOS::InstallInitialPolicy( |
| 80 const em::PolicyFetchResponse& policy) { | 81 const em::PolicyFetchResponse& policy) { |
| 81 // Cancel all pending requests. | 82 // Cancel all pending requests. |
| 82 weak_factory_.InvalidateWeakPtrs(); | 83 weak_factory_.InvalidateWeakPtrs(); |
| 83 | 84 |
| 84 if (!install_attributes_->IsEnterpriseDevice()) { | 85 if (!install_attributes_->IsCloudManaged()) { |
| 85 status_ = STATUS_BAD_STATE; | 86 status_ = STATUS_BAD_STATE; |
| 86 NotifyStoreError(); | 87 NotifyStoreError(); |
| 87 return; | 88 return; |
| 88 } | 89 } |
| 89 | 90 |
| 90 std::unique_ptr<DeviceCloudPolicyValidator> validator( | 91 std::unique_ptr<DeviceCloudPolicyValidator> validator( |
| 91 CreateValidator(policy)); | 92 CreateValidator(policy)); |
| 92 validator->ValidateInitialKey(GetPolicyVerificationKey(), | 93 validator->ValidateInitialKey(GetPolicyVerificationKey(), |
| 93 install_attributes_->GetDomain()); | 94 install_attributes_->GetDomain()); |
| 94 validator.release()->StartValidation( | 95 validator.release()->StartValidation( |
| (...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 132 std::move(validator->policy()), | 133 std::move(validator->policy()), |
| 133 base::Bind(&DeviceCloudPolicyStoreChromeOS::OnPolicyStored, | 134 base::Bind(&DeviceCloudPolicyStoreChromeOS::OnPolicyStored, |
| 134 weak_factory_.GetWeakPtr())); | 135 weak_factory_.GetWeakPtr())); |
| 135 } | 136 } |
| 136 | 137 |
| 137 void DeviceCloudPolicyStoreChromeOS::OnPolicyStored() { | 138 void DeviceCloudPolicyStoreChromeOS::OnPolicyStored() { |
| 138 UpdateFromService(); | 139 UpdateFromService(); |
| 139 } | 140 } |
| 140 | 141 |
| 141 void DeviceCloudPolicyStoreChromeOS::UpdateFromService() { | 142 void DeviceCloudPolicyStoreChromeOS::UpdateFromService() { |
| 142 if (!install_attributes_->IsEnterpriseDevice()) { | 143 if (!install_attributes_->IsEnterpriseManaged()) { |
| 143 status_ = STATUS_BAD_STATE; | 144 status_ = STATUS_BAD_STATE; |
| 144 NotifyStoreError(); | 145 NotifyStoreError(); |
| 145 return; | 146 return; |
| 146 } | 147 } |
| 147 | 148 |
| 148 CheckDMToken(); | 149 CheckDMToken(); |
| 149 UpdateStatusFromService(); | 150 UpdateStatusFromService(); |
| 150 | 151 |
| 151 const chromeos::DeviceSettingsService::Status service_status = | 152 const chromeos::DeviceSettingsService::Status service_status = |
| 152 device_settings_service_->status(); | 153 device_settings_service_->status(); |
| (...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 207 case chromeos::DeviceSettingsService::STORE_TEMP_VALIDATION_ERROR: | 208 case chromeos::DeviceSettingsService::STORE_TEMP_VALIDATION_ERROR: |
| 208 // Don't check for write errors or transient read errors. | 209 // Don't check for write errors or transient read errors. |
| 209 return; | 210 return; |
| 210 } | 211 } |
| 211 | 212 |
| 212 if (dm_token_checked_) { | 213 if (dm_token_checked_) { |
| 213 return; | 214 return; |
| 214 } | 215 } |
| 215 dm_token_checked_ = true; | 216 dm_token_checked_ = true; |
| 216 | 217 |
| 218 // PolicyData from Active Directory doesn't contain a DM token. |
| 219 if (install_attributes_->IsActiveDirectoryManaged()) { |
| 220 return; |
| 221 } |
| 222 |
| 217 // At the time LoginDisplayHostImpl decides whether enrollment flow is to be | 223 // At the time LoginDisplayHostImpl decides whether enrollment flow is to be |
| 218 // started, policy hasn't been read yet. To work around this, once the need | 224 // started, policy hasn't been read yet. To work around this, once the need |
| 219 // for recovery is detected upon policy load, a flag is stored in prefs which | 225 // for recovery is detected upon policy load, a flag is stored in prefs which |
| 220 // is accessed by LoginDisplayHostImpl early during (next) boot. | 226 // is accessed by LoginDisplayHostImpl early during (next) boot. |
| 221 const em::PolicyData* policy_data = device_settings_service_->policy_data(); | 227 const em::PolicyData* policy_data = device_settings_service_->policy_data(); |
| 222 if (service_status == chromeos::DeviceSettingsService::STORE_SUCCESS && | 228 if (service_status == chromeos::DeviceSettingsService::STORE_SUCCESS && |
| 223 policy_data && policy_data->has_request_token()) { | 229 policy_data && policy_data->has_request_token()) { |
| 224 UMA_HISTOGRAM_BOOLEAN(kDMTokenCheckHistogram, true); | 230 UMA_HISTOGRAM_BOOLEAN(kDMTokenCheckHistogram, true); |
| 225 } else { | 231 } else { |
| 226 LOG(ERROR) << "Device policy read on enrolled device yields " | 232 LOG(ERROR) << "Device policy read on enrolled device yields " |
| 227 << "no DM token! Status: " << service_status << "."; | 233 << "no DM token! Status: " << service_status << "."; |
| 228 chromeos::StartupUtils::MarkEnrollmentRecoveryRequired(); | 234 chromeos::StartupUtils::MarkEnrollmentRecoveryRequired(); |
| 229 UMA_HISTOGRAM_BOOLEAN(kDMTokenCheckHistogram, false); | 235 UMA_HISTOGRAM_BOOLEAN(kDMTokenCheckHistogram, false); |
| 230 } | 236 } |
| 231 } | 237 } |
| 232 | 238 |
| 233 } // namespace policy | 239 } // namespace policy |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2486813002:
Add DeviceADPolicyManager to provide AD policy. (Closed)
