Enable Enterprise enrollment on desktop builds.

chromeos/dbus/session_manager_client.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chromeos/dbus/session_manager_client.h"
 
-#include <map>
-
 #include "base/bind.h"
 #include "base/callback.h"
 #include "base/file_util.h"
 #include "base/files/file_path.h"
 #include "base/location.h"
 #include "base/path_service.h"
 #include "base/strings/string_util.h"
+#include "base/task_runner_util.h"
 #include "base/threading/worker_pool.h"
 #include "chromeos/chromeos_paths.h"
 #include "chromeos/dbus/blocking_method_caller.h"
 #include "chromeos/dbus/cryptohome_client.h"
 #include "dbus/bus.h"
 #include "dbus/message.h"
 #include "dbus/object_path.h"
 #include "dbus/object_proxy.h"
+#include "policy/proto/device_management_backend.pb.h"
 #include "third_party/cros_system_api/dbus/service_constants.h"
 
 namespace chromeos {
 
+namespace {
+
+// Returns a location for |file| that is specific to the given |username|.
+// These paths will be relative to DIR_USER_POLICY_KEYS, and can be used only
+// to store stub files.
+base::FilePath GetUserFilePath(const std::string& username, const char* file) {
+  base::FilePath keys_path;
+  if (!PathService::Get(chromeos::DIR_USER_POLICY_KEYS, &keys_path))
+    return base::FilePath();
+  const std::string sanitized =
+      CryptohomeClient::GetStubSanitizedUsername(username);
+  return keys_path.AppendASCII(sanitized).AppendASCII(file);
+}
+
+// Helper to asynchronously retrieve a file's content.
+std::string GetFileContent(const base::FilePath& path) {
+  std::string result;
+  if (!path.empty())
+    base::ReadFileToString(path, &result);
+  return result;
+}
+
+// Helper to write a file in a background thread.
+void StoreFile(const base::FilePath& path, const std::string& data) {
+  const int size = static_cast<int>(data.size());
+  if (path.empty() ||
+      !base::CreateDirectory(path.DirName()) ||
+      base::WriteFile(path, data.data(), size) != size) {
+    LOG(WARNING) << "Failed to write to " << path.value();
+  }
+}
+
+}  // namespace
+
 // The SessionManagerClient implementation used in production.
 class SessionManagerClientImpl : public SessionManagerClient {
  public:
   SessionManagerClientImpl()
       : session_manager_proxy_(NULL),
         weak_ptr_factory_(this) {}
 
   virtual ~SessionManagerClientImpl() {
   }
 
@@ skipping 159 matching lines @@
         dbus::ObjectProxy::TIMEOUT_USE_DEFAULT,
         base::Bind(&SessionManagerClientImpl::OnStorePolicy,
                    weak_ptr_factory_.GetWeakPtr(),
                    login_manager::kSessionManagerStorePolicy,
                    callback));
   }
 
   virtual void StorePolicyForUser(
       const std::string& username,
       const std::string& policy_blob,
-      const std::string& ignored_policy_key,
       const StorePolicyCallback& callback) OVERRIDE {
     CallStorePolicyByUsername(login_manager::kSessionManagerStorePolicyForUser,
                               username,
                               policy_blob,
                               callback);
   }
 
   virtual void StoreDeviceLocalAccountPolicy(
       const std::string& account_name,
       const std::string& policy_blob,
@@ skipping 323 matching lines @@
   virtual void NotifyLockScreenShown() OVERRIDE {
     FOR_EACH_OBSERVER(Observer, observers_, ScreenIsLocked());
   }
   virtual void NotifyLockScreenDismissed() OVERRIDE {
     FOR_EACH_OBSERVER(Observer, observers_, ScreenIsUnlocked());
   }
   virtual void RetrieveActiveSessions(
       const ActiveSessionsCallback& callback) OVERRIDE {}
   virtual void RetrieveDevicePolicy(
       const RetrievePolicyCallback& callback) OVERRIDE {
-    callback.Run(device_policy_);
+    base::FilePath owner_key_path;
+    if (!PathService::Get(chromeos::FILE_OWNER_KEY, &owner_key_path)) {
+      callback.Run("");
+      return;
+    }
+    base::FilePath device_policy_path =
+        owner_key_path.DirName().AppendASCII("stub_device_policy");
+    base::PostTaskAndReplyWithResult(
+        base::WorkerPool::GetTaskRunner(false),
+        FROM_HERE,
+        base::Bind(&GetFileContent, device_policy_path),
+        callback);
   }
   virtual void RetrievePolicyForUser(
       const std::string& username,
       const RetrievePolicyCallback& callback) OVERRIDE {
-    callback.Run(user_policies_[username]);
+    base::PostTaskAndReplyWithResult(
+        base::WorkerPool::GetTaskRunner(false),
+        FROM_HERE,
+        base::Bind(&GetFileContent, GetUserFilePath(username, "stub_policy")),
+        callback);
   }
   virtual std::string BlockingRetrievePolicyForUser(
       const std::string& username) OVERRIDE {
-    return user_policies_[username];
+    return GetFileContent(GetUserFilePath(username, "stub_policy"));
   }
   virtual void RetrieveDeviceLocalAccountPolicy(
       const std::string& account_name,
       const RetrievePolicyCallback& callback) OVERRIDE {
-    callback.Run(user_policies_[account_name]);
+    RetrievePolicyForUser(account_name, callback);
   }
   virtual void StoreDevicePolicy(const std::string& policy_blob,
                                  const StorePolicyCallback& callback) OVERRIDE {
-    device_policy_ = policy_blob;
-    callback.Run(true);
+    enterprise_management::PolicyFetchResponse response;
+    base::FilePath owner_key_path;
+    if (!response.ParseFromString(policy_blob) ||
+        !PathService::Get(chromeos::FILE_OWNER_KEY, &owner_key_path)) {
+      callback.Run(false);
+      return;
+    }
+
+    if (response.has_new_public_key()) {
+      base::WorkerPool::PostTask(
+          FROM_HERE,
+          base::Bind(&StoreFile, owner_key_path, response.new_public_key()),
+          false);
+    }
+
+    // Chrome will attempt to retrieve the device policy right after storing
+    // during enrollment, so make sure it's written before signaling
+    // completion.
+    // Note also that the owner key will be written before the device policy,
+    // if it was present in the blob.
+    base::FilePath device_policy_path =
+        owner_key_path.DirName().AppendASCII("stub_device_policy");
+    base::WorkerPool::PostTaskAndReply(
+        FROM_HERE,
+        base::Bind(&StoreFile, device_policy_path, policy_blob),
+        base::Bind(callback, true),
+        false);
   }
   virtual void StorePolicyForUser(
       const std::string& username,
       const std::string& policy_blob,
-      const std::string& policy_key,
       const StorePolicyCallback& callback) OVERRIDE {
-    if (policy_key.empty()) {
-      user_policies_[username] = policy_blob;
-      callback.Run(true);
-      return;
-    }
     // The session manager writes the user policy key to a well-known
     // location. Do the same with the stub impl, so that user policy works and
     // can be tested on desktop builds.
-    // TODO(joaodasilva): parse the PolicyFetchResponse in |policy_blob| to get
-    // the policy key directly, after moving the policy protobufs to a top-level
-    // directory. The |policy_key| argument to this method can then be removed.
-    // http://crbug.com/240269
-    base::FilePath key_path;
-    if (!PathService::Get(chromeos::DIR_USER_POLICY_KEYS, &key_path)) {
+    enterprise_management::PolicyFetchResponse response;
+    if (!response.ParseFromString(policy_blob)) {
       callback.Run(false);
       return;
     }
-    const std::string sanitized =
-        CryptohomeClient::GetStubSanitizedUsername(username);
-    key_path = key_path.AppendASCII(sanitized).AppendASCII("policy.pub");
-    // Assume that the key write is successful.
-    user_policies_[username] = policy_blob;
+
+    if (response.has_new_public_key()) {
+      base::FilePath key_path = GetUserFilePath(username, "policy.pub");
+      base::WorkerPool::PostTask(
+          FROM_HERE,
+          base::Bind(&StoreFile, key_path, response.new_public_key()),
+          false);
+    }
+
+    // This file isn't read directly by Chrome, but is used by this class to
+    // reload the user policy across restarts.
+    base::FilePath stub_policy_path = GetUserFilePath(username, "stub_policy");
     base::WorkerPool::PostTaskAndReply(
         FROM_HERE,
-        base::Bind(&SessionManagerClientStubImpl::StoreFileInBackground,
-                   key_path, policy_key),
+        base::Bind(&StoreFile, stub_policy_path, policy_blob),
         base::Bind(callback, true),
         false);
   }
   virtual void StoreDeviceLocalAccountPolicy(
       const std::string& account_name,
       const std::string& policy_blob,
       const StorePolicyCallback& callback) OVERRIDE {
-    user_policies_[account_name] = policy_blob;
-    callback.Run(true);
+    StorePolicyForUser(account_name, policy_blob, callback);
   }
   virtual void SetFlagsForUser(const std::string& username,
                                const std::vector<std::string>& flags) OVERRIDE {
   }
-
-  static void StoreFileInBackground(const base::FilePath& path,
-                                    const std::string& data) {
-    const int size = static_cast<int>(data.size());
-    if (!base::CreateDirectory(path.DirName()) ||
-        base::WriteFile(path, data.data(), size) != size) {
-      LOG(WARNING) << "Failed to write policy key to " << path.value();
-    }
-  }
-
  private:
   StubDelegate* delegate_;  // Weak pointer; may be NULL.
   ObserverList<Observer> observers_;
   std::string device_policy_;
-  std::map<std::string, std::string> user_policies_;
 
   DISALLOW_COPY_AND_ASSIGN(SessionManagerClientStubImpl);
 };
 
 SessionManagerClient::SessionManagerClient() {
 }
 
 SessionManagerClient::~SessionManagerClient() {
 }
 
 SessionManagerClient* SessionManagerClient::Create(
     DBusClientImplementationType type) {
   if (type == REAL_DBUS_CLIENT_IMPLEMENTATION)
     return new SessionManagerClientImpl();
   DCHECK_EQ(STUB_DBUS_CLIENT_IMPLEMENTATION, type);
   return new SessionManagerClientStubImpl();
 }
 
 }  // namespace chromeos