Chromium Code Reviews Chromium Code Reviews
Issue 2652653007:
Chromad: Refresh policy every 90 minutes (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/policy/active_directory_policy_manager.h" | 5 #include "chrome/browser/chromeos/policy/active_directory_policy_manager.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 #include <utility> | 8 #include <utility> |
| 9 | 9 |
| 10 #include "base/logging.h" | 10 #include "base/logging.h" |
| 11 #include "base/memory/ptr_util.h" | 11 #include "base/memory/ptr_util.h" |
| 12 #include "base/threading/thread_task_runner_handle.h" | |
| 12 #include "chromeos/dbus/auth_policy_client.h" | 13 #include "chromeos/dbus/auth_policy_client.h" |
| 13 #include "chromeos/dbus/dbus_thread_manager.h" | 14 #include "chromeos/dbus/dbus_thread_manager.h" |
| 14 #include "components/policy/core/common/policy_bundle.h" | 15 #include "components/policy/core/common/policy_bundle.h" |
| 15 #include "components/policy/core/common/policy_types.h" | 16 #include "components/policy/core/common/policy_types.h" |
| 16 #include "components/policy/policy_constants.h" | 17 #include "components/policy/policy_constants.h" |
| 17 | 18 |
| 19 namespace { | |
| 20 | |
| 21 // Refresh policy every 90 minutes which matches the Windows default: | |
| 22 // https://technet.microsoft.com/en-us/library/cc940895.aspx | |
| 23 constexpr int kRefreshIntervalSeconds = 90 * 60; | |
|
emaxx
2017/01/27 13:51:48
BTW, a constexpr base::TimeDelta may be used here
Thiemo Nagel
2017/01/27 14:15:23
Oh the joys of C++11... :)
Done.
| |
| 24 | |
| 25 // After startup, delay initial policy fetch to keep authpolicyd free for more | |
| 26 // important tasks like user auth. | |
| 27 constexpr int kInitialFetchDelaySeconds = 60; | |
| 28 | |
| 29 // Retry delay in case of |refresh_in_progress_|. | |
| 30 constexpr int kBusyRetryIntervalSeconds = 1; | |
| 31 | |
| 32 } // namespace | |
| 33 | |
| 18 namespace policy { | 34 namespace policy { |
| 19 | 35 |
| 20 ActiveDirectoryPolicyManager::~ActiveDirectoryPolicyManager() {} | 36 ActiveDirectoryPolicyManager::~ActiveDirectoryPolicyManager() {} |
| 21 | 37 |
| 22 // static | 38 // static |
| 23 std::unique_ptr<ActiveDirectoryPolicyManager> | 39 std::unique_ptr<ActiveDirectoryPolicyManager> |
| 24 ActiveDirectoryPolicyManager::CreateForDevicePolicy( | 40 ActiveDirectoryPolicyManager::CreateForDevicePolicy( |
| 25 std::unique_ptr<CloudPolicyStore> store) { | 41 std::unique_ptr<CloudPolicyStore> store) { |
| 26 return base::WrapUnique( | 42 return base::WrapUnique( |
| 27 new ActiveDirectoryPolicyManager(EmptyAccountId(), std::move(store))); | 43 new ActiveDirectoryPolicyManager(EmptyAccountId(), std::move(store))); |
| (...skipping 12 matching lines...) Expand all Loading... | |
| 40 ConfigurationPolicyProvider::Init(registry); | 56 ConfigurationPolicyProvider::Init(registry); |
| 41 | 57 |
| 42 store_->AddObserver(this); | 58 store_->AddObserver(this); |
| 43 if (!store_->is_initialized()) { | 59 if (!store_->is_initialized()) { |
| 44 store_->Load(); | 60 store_->Load(); |
| 45 } | 61 } |
| 46 | 62 |
| 47 // Does nothing if |store_| hasn't yet initialized. | 63 // Does nothing if |store_| hasn't yet initialized. |
| 48 PublishPolicy(); | 64 PublishPolicy(); |
| 49 | 65 |
| 50 RefreshPolicies(); | 66 ScheduleAutomaticRefresh(); |
| 51 } | 67 } |
| 52 | 68 |
| 53 void ActiveDirectoryPolicyManager::Shutdown() { | 69 void ActiveDirectoryPolicyManager::Shutdown() { |
| 54 store_->RemoveObserver(this); | 70 store_->RemoveObserver(this); |
| 55 ConfigurationPolicyProvider::Shutdown(); | 71 ConfigurationPolicyProvider::Shutdown(); |
| 56 } | 72 } |
| 57 | 73 |
| 58 bool ActiveDirectoryPolicyManager::IsInitializationComplete( | 74 bool ActiveDirectoryPolicyManager::IsInitializationComplete( |
| 59 PolicyDomain domain) const { | 75 PolicyDomain domain) const { |
| 60 if (domain == POLICY_DOMAIN_CHROME) | 76 if (domain == POLICY_DOMAIN_CHROME) { |
| 61 return store_->is_initialized(); | 77 return store_->is_initialized(); |
| 78 } | |
| 62 return true; | 79 return true; |
| 63 } | 80 } |
| 64 | 81 |
| 65 void ActiveDirectoryPolicyManager::RefreshPolicies() { | 82 void ActiveDirectoryPolicyManager::RefreshPolicies() { |
| 66 chromeos::DBusThreadManager* thread_manager = | 83 ScheduleRefresh(base::TimeDelta()); |
| 67 chromeos::DBusThreadManager::Get(); | |
| 68 DCHECK(thread_manager); | |
| 69 chromeos::AuthPolicyClient* auth_policy_client = | |
| 70 thread_manager->GetAuthPolicyClient(); | |
| 71 DCHECK(auth_policy_client); | |
| 72 if (account_id_ == EmptyAccountId()) { | |
| 73 auth_policy_client->RefreshDevicePolicy( | |
| 74 base::Bind(&ActiveDirectoryPolicyManager::OnPolicyRefreshed, | |
| 75 weak_ptr_factory_.GetWeakPtr())); | |
| 76 } else { | |
| 77 auth_policy_client->RefreshUserPolicy( | |
| 78 account_id_, | |
| 79 base::Bind(&ActiveDirectoryPolicyManager::OnPolicyRefreshed, | |
| 80 weak_ptr_factory_.GetWeakPtr())); | |
| 81 } | |
| 82 } | 84 } |
| 83 | 85 |
| 84 void ActiveDirectoryPolicyManager::OnStoreLoaded( | 86 void ActiveDirectoryPolicyManager::OnStoreLoaded( |
| 85 CloudPolicyStore* cloud_policy_store) { | 87 CloudPolicyStore* cloud_policy_store) { |
| 86 DCHECK_EQ(store_.get(), cloud_policy_store); | 88 DCHECK_EQ(store_.get(), cloud_policy_store); |
| 87 PublishPolicy(); | 89 PublishPolicy(); |
| 88 } | 90 } |
| 89 | 91 |
| 90 void ActiveDirectoryPolicyManager::OnStoreError( | 92 void ActiveDirectoryPolicyManager::OnStoreError( |
| 91 CloudPolicyStore* cloud_policy_store) { | 93 CloudPolicyStore* cloud_policy_store) { |
| (...skipping 28 matching lines...) Expand all Loading... | |
| 120 UpdatePolicy(std::move(bundle)); | 122 UpdatePolicy(std::move(bundle)); |
| 121 } | 123 } |
| 122 | 124 |
| 123 void ActiveDirectoryPolicyManager::OnPolicyRefreshed(bool success) { | 125 void ActiveDirectoryPolicyManager::OnPolicyRefreshed(bool success) { |
| 124 if (!success) { | 126 if (!success) { |
| 125 LOG(ERROR) << "Active Directory policy refresh failed."; | 127 LOG(ERROR) << "Active Directory policy refresh failed."; |
| 126 } | 128 } |
| 127 // Load independently of success or failure to keep up to date with whatever | 129 // Load independently of success or failure to keep up to date with whatever |
| 128 // has happened on the authpolicyd / session manager side. | 130 // has happened on the authpolicyd / session manager side. |
| 129 store_->Load(); | 131 store_->Load(); |
| 132 | |
| 133 refresh_in_progress_ = false; | |
| 134 last_refresh_ = base::TimeTicks::Now(); | |
| 135 ScheduleAutomaticRefresh(); | |
| 136 } | |
| 137 | |
| 138 void ActiveDirectoryPolicyManager::ScheduleRefresh(base::TimeDelta delay) { | |
| 139 if (refresh_task_) { | |
| 140 refresh_task_->Cancel(); | |
| 141 } | |
| 142 refresh_task_ = base::MakeUnique<base::CancelableClosure>( | |
| 143 base::Bind(&ActiveDirectoryPolicyManager::RunScheduledRefresh, | |
| 144 weak_ptr_factory_.GetWeakPtr())); | |
| 145 base::ThreadTaskRunnerHandle::Get()->PostDelayedTask( | |
| 146 FROM_HERE, refresh_task_->callback(), delay); | |
| 147 } | |
| 148 | |
| 149 void ActiveDirectoryPolicyManager::ScheduleAutomaticRefresh() { | |
| 150 base::TimeTicks baseline; | |
| 151 base::TimeDelta interval; | |
| 152 if (retry_refresh_) { | |
| 153 baseline = last_refresh_; | |
| 154 interval = base::TimeDelta::FromSeconds(kBusyRetryIntervalSeconds); | |
| 155 } else if (last_refresh_ == base::TimeTicks()) { | |
| 156 baseline = startup_; | |
| 157 interval = base::TimeDelta::FromSeconds(kInitialFetchDelaySeconds); | |
| 158 } else { | |
| 159 baseline = last_refresh_; | |
| 160 interval = base::TimeDelta::FromSeconds(kRefreshIntervalSeconds); | |
| 161 } | |
| 162 base::TimeDelta delay; | |
| 163 const base::TimeTicks now(base::TimeTicks::Now()); | |
| 164 if (now < baseline + interval) { | |
| 165 delay = baseline + interval - now; | |
| 166 } | |
| 167 ScheduleRefresh(delay); | |
| 168 } | |
| 169 | |
| 170 void ActiveDirectoryPolicyManager::RunScheduledRefresh() { | |
| 171 // Abort if a refresh is currently in progress (to avoid D-Bus jobs piling up | |
| 172 // behind each other). | |
| 173 if (refresh_in_progress_) { | |
| 174 retry_refresh_ = true; | |
| 175 return; | |
| 176 } | |
| 177 | |
| 178 retry_refresh_ = false; | |
| 179 refresh_in_progress_ = true; | |
| 180 chromeos::DBusThreadManager* thread_manager = | |
| 181 chromeos::DBusThreadManager::Get(); | |
| 182 DCHECK(thread_manager); | |
| 183 chromeos::AuthPolicyClient* auth_policy_client = | |
| 184 thread_manager->GetAuthPolicyClient(); | |
| 185 DCHECK(auth_policy_client); | |
| 186 if (account_id_ == EmptyAccountId()) { | |
| 187 auth_policy_client->RefreshDevicePolicy( | |
| 188 base::Bind(&ActiveDirectoryPolicyManager::OnPolicyRefreshed, | |
| 189 weak_ptr_factory_.GetWeakPtr())); | |
| 190 } else { | |
| 191 auth_policy_client->RefreshUserPolicy( | |
| 192 account_id_, | |
| 193 base::Bind(&ActiveDirectoryPolicyManager::OnPolicyRefreshed, | |
| 194 weak_ptr_factory_.GetWeakPtr())); | |
| 195 } | |
| 130 } | 196 } |
| 131 | 197 |
| 132 } // namespace policy | 198 } // namespace policy |
| OLD | NEW |
