Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1188)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc

Issue 2606773002: Setup Chromad user policy plumbing (Closed)
Patch Set: CrOS compilation fix Created 4 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« chrome/browser/chromeos/policy/user_active_directory_policy_manager.h ('K') | « chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h ('k') | chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos_unittest.cc » ('j') | chrome/browser/policy/profile_policy_connector.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc
diff --git a/chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc b/chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc
index 0893816d19a97bc2bd6c4e424c8d40c8f729fc6c..7a4ef22c63dc6a775edfd1385e135ac6507609be 100644
--- a/chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc
+++ b/chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc
@@ -66,18 +66,22 @@ UserCloudPolicyStoreChromeOS::UserCloudPolicyStoreChromeOS(
chromeos::SessionManagerClient* session_manager_client,
scoped_refptr<base::SequencedTaskRunner> background_task_runner,
const AccountId& account_id,
- const base::FilePath& user_policy_key_dir)
+ const base::FilePath& user_policy_key_dir,
+ bool is_active_directory)
: UserCloudPolicyStoreBase(background_task_runner),
cryptohome_client_(cryptohome_client),
session_manager_client_(session_manager_client),
account_id_(account_id),
user_policy_key_dir_(user_policy_key_dir),
+ is_active_directory_(is_active_directory),
weak_factory_(this) {}
UserCloudPolicyStoreChromeOS::~UserCloudPolicyStoreChromeOS() {}
void UserCloudPolicyStoreChromeOS::Store(
const em::PolicyFetchResponse& policy) {
+ DCHECK(!is_active_directory_);
+
// Cancel all pending requests.
weak_factory_.InvalidateWeakPtrs();
std::unique_ptr<em::PolicyFetchResponse> response(
@@ -98,9 +102,9 @@ void UserCloudPolicyStoreChromeOS::Load() {
}
void UserCloudPolicyStoreChromeOS::LoadImmediately() {
- // This blocking DBus call is in the startup path and will block the UI
+ // This blocking D-Bus call is in the startup path and will block the UI
// thread. This only happens when the Profile is created synchronously, which
- // on ChromeOS happens whenever the browser is restarted into the same
+ // on Chrome OS happens whenever the browser is restarted into the same
// session. That happens when the browser crashes, or right after signin if
// the user has flags configured in about:flags.
// However, on those paths we must load policy synchronously so that the
@@ -225,10 +229,13 @@ void UserCloudPolicyStoreChromeOS::OnPolicyRetrieved(
}
// Load |cached_policy_key_| to verify the loaded policy.
- EnsurePolicyKeyLoaded(
- base::Bind(&UserCloudPolicyStoreChromeOS::ValidateRetrievedPolicy,
- weak_factory_.GetWeakPtr(),
- base::Passed(&policy)));
+ if (is_active_directory_) {
+ ValidateRetrievedPolicy(std::move(policy));
+ } else {
+ EnsurePolicyKeyLoaded(
+ base::Bind(&UserCloudPolicyStoreChromeOS::ValidateRetrievedPolicy,
+ weak_factory_.GetWeakPtr(), base::Passed(&policy)));
+ }
}
void UserCloudPolicyStoreChromeOS::ValidateRetrievedPolicy(
@@ -345,11 +352,21 @@ UserCloudPolicyStoreChromeOS::CreateValidatorForLoad(
std::unique_ptr<em::PolicyFetchResponse> policy) {
std::unique_ptr<UserCloudPolicyValidator> validator = CreateValidator(
std::move(policy), CloudPolicyValidatorBase::TIMESTAMP_NOT_BEFORE);
- validator->ValidateUsername(account_id_.GetUserEmail(), true);
- // The policy loaded from session manager need not be validated using the
- // verification key since it is secure, and since there may be legacy policy
- // data that was stored without a verification key.
- validator->ValidateSignature(cached_policy_key_);
+ if (is_active_directory_) {
+ validator->ValidateTimestamp(
+ base::Time(), base::Time(),
+ CloudPolicyValidatorBase::TIMESTAMP_NOT_VALIDATED);
+ validator->ValidateDMToken(std::string(),
+ CloudPolicyValidatorBase::DM_TOKEN_NOT_REQUIRED);
+ validator->ValidateDeviceId(
+ std::string(), CloudPolicyValidatorBase::DEVICE_ID_NOT_REQUIRED);
+ } else {
+ validator->ValidateUsername(account_id_.GetUserEmail(), true);
+ // The policy loaded from session manager need not be validated using the
+ // verification key since it is secure, and since there may be legacy policy
+ // data that was stored without a verification key.
+ validator->ValidateSignature(cached_policy_key_);
+ }
return validator;
}
« chrome/browser/chromeos/policy/user_active_directory_policy_manager.h ('K') | « chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h ('k') | chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos_unittest.cc » ('j') | chrome/browser/policy/profile_policy_connector.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698