| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/policy/device_local_account_policy_store.h" | 5 #include "chrome/browser/chromeos/policy/device_local_account_policy_store.h" |
| 6 | 6 |
| 7 #include <utility> | 7 #include <utility> |
| 8 | 8 |
| 9 #include "base/bind.h" | 9 #include "base/bind.h" |
| 10 #include "base/callback.h" | 10 #include "base/callback.h" |
| (...skipping 22 matching lines...) Expand all Loading... |
| 33 device_settings_service_(device_settings_service), | 33 device_settings_service_(device_settings_service), |
| 34 weak_factory_(this) {} | 34 weak_factory_(this) {} |
| 35 | 35 |
| 36 DeviceLocalAccountPolicyStore::~DeviceLocalAccountPolicyStore() {} | 36 DeviceLocalAccountPolicyStore::~DeviceLocalAccountPolicyStore() {} |
| 37 | 37 |
| 38 void DeviceLocalAccountPolicyStore::Load() { | 38 void DeviceLocalAccountPolicyStore::Load() { |
| 39 weak_factory_.InvalidateWeakPtrs(); | 39 weak_factory_.InvalidateWeakPtrs(); |
| 40 session_manager_client_->RetrieveDeviceLocalAccountPolicy( | 40 session_manager_client_->RetrieveDeviceLocalAccountPolicy( |
| 41 account_id_, | 41 account_id_, |
| 42 base::Bind(&DeviceLocalAccountPolicyStore::ValidateLoadedPolicyBlob, | 42 base::Bind(&DeviceLocalAccountPolicyStore::ValidateLoadedPolicyBlob, |
| 43 weak_factory_.GetWeakPtr())); | 43 weak_factory_.GetWeakPtr(), true /*validate_in_background*/)); |
| 44 } |
| 45 |
| 46 void DeviceLocalAccountPolicyStore::LoadImmediately() { |
| 47 // This blocking D-Bus call is in the startup path and will block the UI |
| 48 // thread. This only happens when the Profile is created synchronously, which |
| 49 // on Chrome OS happens whenever the browser is restarted into the same |
| 50 // session, that is when the browser crashes, or right after signin if |
| 51 // the user has flags configured in about:flags. |
| 52 // However, on those paths we must load policy synchronously so that the |
| 53 // Profile initialization never sees unmanaged prefs, which would lead to |
| 54 // data loss. http://crbug.com/263061 |
| 55 |
| 56 // Cancel all running async loads. |
| 57 weak_factory_.InvalidateWeakPtrs(); |
| 58 |
| 59 const std::string policy_blob = |
| 60 session_manager_client_->BlockingRetrieveDeviceLocalAccountPolicy( |
| 61 account_id_); |
| 62 ValidateLoadedPolicyBlob(false /*validate_in_background*/, policy_blob); |
| 44 } | 63 } |
| 45 | 64 |
| 46 void DeviceLocalAccountPolicyStore::Store( | 65 void DeviceLocalAccountPolicyStore::Store( |
| 47 const em::PolicyFetchResponse& policy) { | 66 const em::PolicyFetchResponse& policy) { |
| 48 weak_factory_.InvalidateWeakPtrs(); | 67 weak_factory_.InvalidateWeakPtrs(); |
| 49 CheckKeyAndValidate( | 68 CheckKeyAndValidate( |
| 50 true, base::MakeUnique<em::PolicyFetchResponse>(policy), | 69 true, base::MakeUnique<em::PolicyFetchResponse>(policy), |
| 70 true /*validate_in_background*/, |
| 51 base::Bind(&DeviceLocalAccountPolicyStore::StoreValidatedPolicy, | 71 base::Bind(&DeviceLocalAccountPolicyStore::StoreValidatedPolicy, |
| 52 weak_factory_.GetWeakPtr())); | 72 weak_factory_.GetWeakPtr())); |
| 53 } | 73 } |
| 54 | 74 |
| 55 void DeviceLocalAccountPolicyStore::ValidateLoadedPolicyBlob( | 75 void DeviceLocalAccountPolicyStore::ValidateLoadedPolicyBlob( |
| 76 bool validate_in_background, |
| 56 const std::string& policy_blob) { | 77 const std::string& policy_blob) { |
| 57 if (policy_blob.empty()) { | 78 if (policy_blob.empty()) { |
| 58 status_ = CloudPolicyStore::STATUS_LOAD_ERROR; | 79 status_ = CloudPolicyStore::STATUS_LOAD_ERROR; |
| 59 NotifyStoreError(); | 80 NotifyStoreError(); |
| 60 } else { | 81 } else { |
| 61 std::unique_ptr<em::PolicyFetchResponse> policy( | 82 std::unique_ptr<em::PolicyFetchResponse> policy( |
| 62 new em::PolicyFetchResponse()); | 83 new em::PolicyFetchResponse()); |
| 63 if (policy->ParseFromString(policy_blob)) { | 84 if (policy->ParseFromString(policy_blob)) { |
| 64 CheckKeyAndValidate( | 85 CheckKeyAndValidate( |
| 65 false, std::move(policy), | 86 false, std::move(policy), validate_in_background, |
| 66 base::Bind(&DeviceLocalAccountPolicyStore::UpdatePolicy, | 87 base::Bind(&DeviceLocalAccountPolicyStore::UpdatePolicy, |
| 67 weak_factory_.GetWeakPtr())); | 88 weak_factory_.GetWeakPtr())); |
| 68 } else { | 89 } else { |
| 69 status_ = CloudPolicyStore::STATUS_PARSE_ERROR; | 90 status_ = CloudPolicyStore::STATUS_PARSE_ERROR; |
| 70 NotifyStoreError(); | 91 NotifyStoreError(); |
| 71 } | 92 } |
| 72 } | 93 } |
| 73 } | 94 } |
| 74 | 95 |
| 75 void DeviceLocalAccountPolicyStore::UpdatePolicy( | 96 void DeviceLocalAccountPolicyStore::UpdatePolicy( |
| (...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 120 status_ = CloudPolicyStore::STATUS_STORE_ERROR; | 141 status_ = CloudPolicyStore::STATUS_STORE_ERROR; |
| 121 NotifyStoreError(); | 142 NotifyStoreError(); |
| 122 } else { | 143 } else { |
| 123 Load(); | 144 Load(); |
| 124 } | 145 } |
| 125 } | 146 } |
| 126 | 147 |
| 127 void DeviceLocalAccountPolicyStore::CheckKeyAndValidate( | 148 void DeviceLocalAccountPolicyStore::CheckKeyAndValidate( |
| 128 bool valid_timestamp_required, | 149 bool valid_timestamp_required, |
| 129 std::unique_ptr<em::PolicyFetchResponse> policy, | 150 std::unique_ptr<em::PolicyFetchResponse> policy, |
| 151 bool validate_in_background, |
| 130 const ValidateCompletionCallback& callback) { | 152 const ValidateCompletionCallback& callback) { |
| 131 device_settings_service_->GetOwnershipStatusAsync( | 153 if (validate_in_background) { |
| 132 base::Bind(&DeviceLocalAccountPolicyStore::Validate, | 154 device_settings_service_->GetOwnershipStatusAsync( |
| 133 weak_factory_.GetWeakPtr(), | 155 base::Bind(&DeviceLocalAccountPolicyStore::Validate, |
| 134 valid_timestamp_required, | 156 weak_factory_.GetWeakPtr(), valid_timestamp_required, |
| 135 base::Passed(&policy), | 157 base::Passed(&policy), callback, validate_in_background)); |
| 136 callback)); | 158 } else { |
| 159 chromeos::DeviceSettingsService::OwnershipStatus ownership_status = |
| 160 device_settings_service_->GetOwnershipStatus(); |
| 161 Validate(valid_timestamp_required, std::move(policy), callback, |
| 162 validate_in_background, ownership_status); |
| 163 } |
| 137 } | 164 } |
| 138 | 165 |
| 139 void DeviceLocalAccountPolicyStore::Validate( | 166 void DeviceLocalAccountPolicyStore::Validate( |
| 140 bool valid_timestamp_required, | 167 bool valid_timestamp_required, |
| 141 std::unique_ptr<em::PolicyFetchResponse> policy_response, | 168 std::unique_ptr<em::PolicyFetchResponse> policy_response, |
| 142 const ValidateCompletionCallback& callback, | 169 const ValidateCompletionCallback& callback, |
| 170 bool validate_in_background, |
| 143 chromeos::DeviceSettingsService::OwnershipStatus ownership_status) { | 171 chromeos::DeviceSettingsService::OwnershipStatus ownership_status) { |
| 144 DCHECK_NE(chromeos::DeviceSettingsService::OWNERSHIP_UNKNOWN, | 172 DCHECK_NE(chromeos::DeviceSettingsService::OWNERSHIP_UNKNOWN, |
| 145 ownership_status); | 173 ownership_status); |
| 146 const em::PolicyData* device_policy_data = | 174 const em::PolicyData* device_policy_data = |
| 147 device_settings_service_->policy_data(); | 175 device_settings_service_->policy_data(); |
| 148 // Note that the key is obtained through the device settings service instead | 176 // Note that the key is obtained through the device settings service instead |
| 149 // of using |policy_signature_public_key_| member, as the latter one is | 177 // of using |policy_signature_public_key_| member, as the latter one is |
| 150 // updated only after the successful installation of the policy. | 178 // updated only after the successful installation of the policy. |
| 151 scoped_refptr<ownership::PublicKey> key = | 179 scoped_refptr<ownership::PublicKey> key = |
| 152 device_settings_service_->GetPublicKey(); | 180 device_settings_service_->GetPublicKey(); |
| (...skipping 22 matching lines...) Expand all Loading... |
| 175 // Validate the DMToken to match what device policy has. | 203 // Validate the DMToken to match what device policy has. |
| 176 validator->ValidateDMToken(device_policy_data->request_token(), | 204 validator->ValidateDMToken(device_policy_data->request_token(), |
| 177 CloudPolicyValidatorBase::DM_TOKEN_REQUIRED); | 205 CloudPolicyValidatorBase::DM_TOKEN_REQUIRED); |
| 178 | 206 |
| 179 // Validate the device id to match what device policy has. | 207 // Validate the device id to match what device policy has. |
| 180 validator->ValidateDeviceId(device_policy_data->device_id(), | 208 validator->ValidateDeviceId(device_policy_data->device_id(), |
| 181 CloudPolicyValidatorBase::DEVICE_ID_REQUIRED); | 209 CloudPolicyValidatorBase::DEVICE_ID_REQUIRED); |
| 182 | 210 |
| 183 validator->ValidatePayload(); | 211 validator->ValidatePayload(); |
| 184 validator->ValidateSignature(key->as_string()); | 212 validator->ValidateSignature(key->as_string()); |
| 185 validator.release()->StartValidation(base::Bind(callback, key->as_string())); | 213 |
| 214 if (validate_in_background) { |
| 215 // The Validator will delete itself once validation is |
| 216 // complete. |
| 217 validator.release()->StartValidation( |
| 218 base::Bind(callback, key->as_string())); |
| 219 } else { |
| 220 validator->RunValidation(); |
| 221 |
| 222 UpdatePolicy(key->as_string(), validator.get()); |
| 223 } |
| 186 } | 224 } |
| 187 | 225 |
| 188 } // namespace policy | 226 } // namespace policy |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2714493002:
Load DeviceLocalAccount policy and DeviceSettings immediately on restore after Chrome crash. (Closed)
