Chromium Code Reviews Chromium Code Reviews
Issue 2652653007:
Chromad: Refresh policy every 90 minutes (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/policy/active_directory_policy_manager.h" | 5 #include "chrome/browser/chromeos/policy/active_directory_policy_manager.h" |
| 6 | 6 |
| 7 #include <algorithm> | |
|
emaxx
2017/01/26 20:54:02
nit: not needed?
Thiemo Nagel
2017/01/27 10:55:35
Done.
| |
| 7 #include <string> | 8 #include <string> |
| 8 #include <utility> | 9 #include <utility> |
| 9 | 10 |
| 10 #include "base/logging.h" | 11 #include "base/logging.h" |
| 11 #include "base/memory/ptr_util.h" | 12 #include "base/memory/ptr_util.h" |
| 13 #include "base/threading/thread_task_runner_handle.h" | |
| 12 #include "chromeos/dbus/auth_policy_client.h" | 14 #include "chromeos/dbus/auth_policy_client.h" |
| 13 #include "chromeos/dbus/dbus_thread_manager.h" | 15 #include "chromeos/dbus/dbus_thread_manager.h" |
| 14 #include "components/policy/core/common/policy_bundle.h" | 16 #include "components/policy/core/common/policy_bundle.h" |
| 15 #include "components/policy/core/common/policy_types.h" | 17 #include "components/policy/core/common/policy_types.h" |
| 16 #include "components/policy/policy_constants.h" | 18 #include "components/policy/policy_constants.h" |
| 17 | 19 |
| 20 namespace { | |
| 21 | |
| 22 // Refresh policy every 90 minutes which matches the Windows default: | |
| 23 // https://technet.microsoft.com/en-us/library/cc940895.aspx | |
| 24 constexpr int kRefreshIntervalSeconds = 90 * 60; | |
| 25 | |
| 26 // After startup, delay initial policy fetch to keep authpolicyd free for more | |
| 27 // important tasks like user auth. | |
| 28 constexpr int kInitialFetchDelaySeconds = 60; | |
| 29 | |
| 30 // Retry delay in case of |refresh_in_progress_|. | |
| 31 constexpr int kBusyRetryDelaySeconds = 1; | |
| 32 | |
| 33 } // namespace | |
| 34 | |
| 18 namespace policy { | 35 namespace policy { |
| 19 | 36 |
| 20 ActiveDirectoryPolicyManager::~ActiveDirectoryPolicyManager() {} | 37 ActiveDirectoryPolicyManager::~ActiveDirectoryPolicyManager() {} |
| 21 | 38 |
| 22 // static | 39 // static |
| 23 std::unique_ptr<ActiveDirectoryPolicyManager> | 40 std::unique_ptr<ActiveDirectoryPolicyManager> |
| 24 ActiveDirectoryPolicyManager::CreateForDevicePolicy( | 41 ActiveDirectoryPolicyManager::CreateForDevicePolicy( |
| 25 std::unique_ptr<CloudPolicyStore> store) { | 42 std::unique_ptr<CloudPolicyStore> store) { |
| 26 return base::WrapUnique( | 43 return base::WrapUnique( |
| 27 new ActiveDirectoryPolicyManager(EmptyAccountId(), std::move(store))); | 44 new ActiveDirectoryPolicyManager(EmptyAccountId(), std::move(store))); |
| (...skipping 12 matching lines...) Expand all Loading... | |
| 40 ConfigurationPolicyProvider::Init(registry); | 57 ConfigurationPolicyProvider::Init(registry); |
| 41 | 58 |
| 42 store_->AddObserver(this); | 59 store_->AddObserver(this); |
| 43 if (!store_->is_initialized()) { | 60 if (!store_->is_initialized()) { |
| 44 store_->Load(); | 61 store_->Load(); |
| 45 } | 62 } |
| 46 | 63 |
| 47 // Does nothing if |store_| hasn't yet initialized. | 64 // Does nothing if |store_| hasn't yet initialized. |
| 48 PublishPolicy(); | 65 PublishPolicy(); |
| 49 | 66 |
| 50 RefreshPolicies(); | 67 ScheduleAutomaticRefresh(); |
| 51 } | 68 } |
| 52 | 69 |
| 53 void ActiveDirectoryPolicyManager::Shutdown() { | 70 void ActiveDirectoryPolicyManager::Shutdown() { |
| 54 store_->RemoveObserver(this); | 71 store_->RemoveObserver(this); |
| 55 ConfigurationPolicyProvider::Shutdown(); | 72 ConfigurationPolicyProvider::Shutdown(); |
| 56 } | 73 } |
| 57 | 74 |
| 58 bool ActiveDirectoryPolicyManager::IsInitializationComplete( | 75 bool ActiveDirectoryPolicyManager::IsInitializationComplete( |
| 59 PolicyDomain domain) const { | 76 PolicyDomain domain) const { |
| 60 if (domain == POLICY_DOMAIN_CHROME) | 77 if (domain == POLICY_DOMAIN_CHROME) { |
| 61 return store_->is_initialized(); | 78 return store_->is_initialized(); |
| 79 } | |
| 62 return true; | 80 return true; |
| 63 } | 81 } |
| 64 | 82 |
| 65 void ActiveDirectoryPolicyManager::RefreshPolicies() { | 83 void ActiveDirectoryPolicyManager::RefreshPolicies() { |
| 66 chromeos::DBusThreadManager* thread_manager = | 84 ScheduleRefresh(base::TimeDelta()); |
| 67 chromeos::DBusThreadManager::Get(); | |
| 68 DCHECK(thread_manager); | |
| 69 chromeos::AuthPolicyClient* auth_policy_client = | |
| 70 thread_manager->GetAuthPolicyClient(); | |
| 71 DCHECK(auth_policy_client); | |
| 72 if (account_id_ == EmptyAccountId()) { | |
| 73 auth_policy_client->RefreshDevicePolicy( | |
| 74 base::Bind(&ActiveDirectoryPolicyManager::OnPolicyRefreshed, | |
| 75 weak_ptr_factory_.GetWeakPtr())); | |
| 76 } else { | |
| 77 auth_policy_client->RefreshUserPolicy( | |
| 78 account_id_, | |
| 79 base::Bind(&ActiveDirectoryPolicyManager::OnPolicyRefreshed, | |
| 80 weak_ptr_factory_.GetWeakPtr())); | |
| 81 } | |
| 82 } | 85 } |
| 83 | 86 |
| 84 void ActiveDirectoryPolicyManager::OnStoreLoaded( | 87 void ActiveDirectoryPolicyManager::OnStoreLoaded( |
| 85 CloudPolicyStore* cloud_policy_store) { | 88 CloudPolicyStore* cloud_policy_store) { |
| 86 DCHECK_EQ(store_.get(), cloud_policy_store); | 89 DCHECK_EQ(store_.get(), cloud_policy_store); |
| 87 PublishPolicy(); | 90 PublishPolicy(); |
| 88 } | 91 } |
| 89 | 92 |
| 90 void ActiveDirectoryPolicyManager::OnStoreError( | 93 void ActiveDirectoryPolicyManager::OnStoreError( |
| 91 CloudPolicyStore* cloud_policy_store) { | 94 CloudPolicyStore* cloud_policy_store) { |
| (...skipping 28 matching lines...) Expand all Loading... | |
| 120 UpdatePolicy(std::move(bundle)); | 123 UpdatePolicy(std::move(bundle)); |
| 121 } | 124 } |
| 122 | 125 |
| 123 void ActiveDirectoryPolicyManager::OnPolicyRefreshed(bool success) { | 126 void ActiveDirectoryPolicyManager::OnPolicyRefreshed(bool success) { |
| 124 if (!success) { | 127 if (!success) { |
| 125 LOG(ERROR) << "Active Directory policy refresh failed."; | 128 LOG(ERROR) << "Active Directory policy refresh failed."; |
| 126 } | 129 } |
| 127 // Load independently of success or failure to keep up to date with whatever | 130 // Load independently of success or failure to keep up to date with whatever |
| 128 // has happened on the authpolicyd / session manager side. | 131 // has happened on the authpolicyd / session manager side. |
| 129 store_->Load(); | 132 store_->Load(); |
| 133 | |
| 134 refresh_in_progress_ = false; | |
| 135 last_refresh_ = base::TimeTicks::Now(); | |
| 136 ScheduleAutomaticRefresh(); | |
| 137 } | |
| 138 | |
| 139 void ActiveDirectoryPolicyManager::ScheduleRefresh(base::TimeDelta delay) { | |
| 140 if (refresh_task_) { | |
| 141 refresh_task_->Cancel(); | |
| 142 } | |
| 143 refresh_task_ = base::MakeUnique<base::CancelableClosure>( | |
| 144 base::Bind(&ActiveDirectoryPolicyManager::RunScheduledRefresh, | |
| 145 weak_ptr_factory_.GetWeakPtr())); | |
| 146 base::ThreadTaskRunnerHandle::Get()->PostDelayedTask( | |
| 147 FROM_HERE, refresh_task_->callback(), delay); | |
| 148 } | |
| 149 | |
| 150 void ActiveDirectoryPolicyManager::ScheduleAutomaticRefresh() { | |
| 151 base::TimeTicks baseline; | |
| 152 base::TimeDelta interval; | |
| 153 if (last_refresh_ == base::TimeTicks()) { | |
| 154 baseline = startup_; | |
| 155 interval = base::TimeDelta::FromSeconds(kInitialFetchDelaySeconds); | |
| 156 } else { | |
| 157 baseline = last_refresh_; | |
| 158 interval = base::TimeDelta::FromSeconds(kRefreshIntervalSeconds); | |
| 159 } | |
| 160 base::TimeTicks now(base::TimeTicks::Now()); | |
| 161 base::TimeDelta delay; | |
| 162 if (now < baseline + interval) { | |
| 163 delay = baseline + interval - now; | |
| 164 } | |
| 165 ScheduleRefresh(delay); | |
| 166 } | |
| 167 | |
| 168 void ActiveDirectoryPolicyManager::RunScheduledRefresh() { | |
| 169 // Re-schedule when a refresh is currently in progress (to avoid D-Bus jobs | |
|
emaxx
2017/01/26 20:54:02
Sorry, I'm still a bit puzzled about why this re-s
Thiemo Nagel
2017/01/27 10:55:35
Your reasoning is sound. I wanted to a manual ref
| |
| 170 // piling up behind each other). | |
| 171 if (refresh_in_progress_) { | |
| 172 // Don't call ScheduleRefresh() directly as that would cancel the task | |
| 173 // that's currently running. | |
| 174 base::ThreadTaskRunnerHandle::Get()->PostTask( | |
| 175 FROM_HERE, | |
| 176 base::Bind(&ActiveDirectoryPolicyManager::ScheduleRefresh, | |
| 177 weak_ptr_factory_.GetWeakPtr(), | |
| 178 base::TimeDelta::FromSeconds(kBusyRetryDelaySeconds))); | |
| 179 return; | |
| 180 } | |
| 181 | |
| 182 refresh_in_progress_ = true; | |
| 183 chromeos::DBusThreadManager* thread_manager = | |
| 184 chromeos::DBusThreadManager::Get(); | |
| 185 DCHECK(thread_manager); | |
| 186 chromeos::AuthPolicyClient* auth_policy_client = | |
| 187 thread_manager->GetAuthPolicyClient(); | |
| 188 DCHECK(auth_policy_client); | |
| 189 if (account_id_ == EmptyAccountId()) { | |
| 190 auth_policy_client->RefreshDevicePolicy( | |
| 191 base::Bind(&ActiveDirectoryPolicyManager::OnPolicyRefreshed, | |
| 192 weak_ptr_factory_.GetWeakPtr())); | |
| 193 } else { | |
| 194 auth_policy_client->RefreshUserPolicy( | |
| 195 account_id_, | |
| 196 base::Bind(&ActiveDirectoryPolicyManager::OnPolicyRefreshed, | |
| 197 weak_ptr_factory_.GetWeakPtr())); | |
| 198 } | |
| 130 } | 199 } |
| 131 | 200 |
| 132 } // namespace policy | 201 } // namespace policy |
| OLD | NEW |
