OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/chromeos/policy/device_local_account_policy_store.h" | 5 #include "chrome/browser/chromeos/policy/device_local_account_policy_store.h" |
6 | 6 |
7 #include <utility> | 7 #include <utility> |
8 | 8 |
9 #include "base/bind.h" | 9 #include "base/bind.h" |
10 #include "base/callback.h" | 10 #include "base/callback.h" |
(...skipping 22 matching lines...) Expand all Loading... |
33 device_settings_service_(device_settings_service), | 33 device_settings_service_(device_settings_service), |
34 weak_factory_(this) {} | 34 weak_factory_(this) {} |
35 | 35 |
36 DeviceLocalAccountPolicyStore::~DeviceLocalAccountPolicyStore() {} | 36 DeviceLocalAccountPolicyStore::~DeviceLocalAccountPolicyStore() {} |
37 | 37 |
38 void DeviceLocalAccountPolicyStore::Load() { | 38 void DeviceLocalAccountPolicyStore::Load() { |
39 weak_factory_.InvalidateWeakPtrs(); | 39 weak_factory_.InvalidateWeakPtrs(); |
40 session_manager_client_->RetrieveDeviceLocalAccountPolicy( | 40 session_manager_client_->RetrieveDeviceLocalAccountPolicy( |
41 account_id_, | 41 account_id_, |
42 base::Bind(&DeviceLocalAccountPolicyStore::ValidateLoadedPolicyBlob, | 42 base::Bind(&DeviceLocalAccountPolicyStore::ValidateLoadedPolicyBlob, |
43 weak_factory_.GetWeakPtr())); | 43 weak_factory_.GetWeakPtr(), true /*validate_in_background*/)); |
| 44 } |
| 45 |
| 46 void DeviceLocalAccountPolicyStore::LoadImmediately() { |
| 47 // This blocking D-Bus call is in the startup path and will block the UI |
| 48 // thread. This only happens when the Profile is created synchronously, which |
| 49 // on Chrome OS happens whenever the browser is restarted into the same |
| 50 // session, that is when the browser crashes, or right after signin if |
| 51 // the user has flags configured in about:flags. |
| 52 // However, on those paths we must load policy synchronously so that the |
| 53 // Profile initialization never sees unmanaged prefs, which would lead to |
| 54 // data loss. http://crbug.com/263061 |
| 55 |
| 56 // Cancel all running async loads. |
| 57 weak_factory_.InvalidateWeakPtrs(); |
| 58 |
| 59 const std::string policy_blob = |
| 60 session_manager_client_->BlockingRetrieveDeviceLocalAccountPolicy( |
| 61 account_id_); |
| 62 ValidateLoadedPolicyBlob(false /*validate_in_background*/, policy_blob); |
44 } | 63 } |
45 | 64 |
46 void DeviceLocalAccountPolicyStore::Store( | 65 void DeviceLocalAccountPolicyStore::Store( |
47 const em::PolicyFetchResponse& policy) { | 66 const em::PolicyFetchResponse& policy) { |
48 weak_factory_.InvalidateWeakPtrs(); | 67 weak_factory_.InvalidateWeakPtrs(); |
49 CheckKeyAndValidate( | 68 CheckKeyAndValidate( |
50 true, base::MakeUnique<em::PolicyFetchResponse>(policy), | 69 true, base::MakeUnique<em::PolicyFetchResponse>(policy), |
| 70 true /*validate_in_background*/, |
51 base::Bind(&DeviceLocalAccountPolicyStore::StoreValidatedPolicy, | 71 base::Bind(&DeviceLocalAccountPolicyStore::StoreValidatedPolicy, |
52 weak_factory_.GetWeakPtr())); | 72 weak_factory_.GetWeakPtr())); |
53 } | 73 } |
54 | 74 |
55 void DeviceLocalAccountPolicyStore::ValidateLoadedPolicyBlob( | 75 void DeviceLocalAccountPolicyStore::ValidateLoadedPolicyBlob( |
| 76 bool validate_in_background, |
56 const std::string& policy_blob) { | 77 const std::string& policy_blob) { |
57 if (policy_blob.empty()) { | 78 if (policy_blob.empty()) { |
58 status_ = CloudPolicyStore::STATUS_LOAD_ERROR; | 79 status_ = CloudPolicyStore::STATUS_LOAD_ERROR; |
59 NotifyStoreError(); | 80 NotifyStoreError(); |
60 } else { | 81 } else { |
61 std::unique_ptr<em::PolicyFetchResponse> policy( | 82 std::unique_ptr<em::PolicyFetchResponse> policy( |
62 new em::PolicyFetchResponse()); | 83 new em::PolicyFetchResponse()); |
63 if (policy->ParseFromString(policy_blob)) { | 84 if (policy->ParseFromString(policy_blob)) { |
64 CheckKeyAndValidate( | 85 CheckKeyAndValidate( |
65 false, std::move(policy), | 86 false, std::move(policy), validate_in_background, |
66 base::Bind(&DeviceLocalAccountPolicyStore::UpdatePolicy, | 87 base::Bind(&DeviceLocalAccountPolicyStore::UpdatePolicy, |
67 weak_factory_.GetWeakPtr())); | 88 weak_factory_.GetWeakPtr())); |
68 } else { | 89 } else { |
69 status_ = CloudPolicyStore::STATUS_PARSE_ERROR; | 90 status_ = CloudPolicyStore::STATUS_PARSE_ERROR; |
70 NotifyStoreError(); | 91 NotifyStoreError(); |
71 } | 92 } |
72 } | 93 } |
73 } | 94 } |
74 | 95 |
75 void DeviceLocalAccountPolicyStore::UpdatePolicy( | 96 void DeviceLocalAccountPolicyStore::UpdatePolicy( |
(...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
120 status_ = CloudPolicyStore::STATUS_STORE_ERROR; | 141 status_ = CloudPolicyStore::STATUS_STORE_ERROR; |
121 NotifyStoreError(); | 142 NotifyStoreError(); |
122 } else { | 143 } else { |
123 Load(); | 144 Load(); |
124 } | 145 } |
125 } | 146 } |
126 | 147 |
127 void DeviceLocalAccountPolicyStore::CheckKeyAndValidate( | 148 void DeviceLocalAccountPolicyStore::CheckKeyAndValidate( |
128 bool valid_timestamp_required, | 149 bool valid_timestamp_required, |
129 std::unique_ptr<em::PolicyFetchResponse> policy, | 150 std::unique_ptr<em::PolicyFetchResponse> policy, |
| 151 bool validate_in_background, |
130 const ValidateCompletionCallback& callback) { | 152 const ValidateCompletionCallback& callback) { |
131 device_settings_service_->GetOwnershipStatusAsync( | 153 if (validate_in_background) { |
132 base::Bind(&DeviceLocalAccountPolicyStore::Validate, | 154 device_settings_service_->GetOwnershipStatusAsync( |
133 weak_factory_.GetWeakPtr(), | 155 base::Bind(&DeviceLocalAccountPolicyStore::Validate, |
134 valid_timestamp_required, | 156 weak_factory_.GetWeakPtr(), valid_timestamp_required, |
135 base::Passed(&policy), | 157 base::Passed(&policy), callback, validate_in_background)); |
136 callback)); | 158 } else { |
| 159 chromeos::DeviceSettingsService::OwnershipStatus ownership_status = |
| 160 device_settings_service_->GetOwnershipStatus(); |
| 161 Validate(valid_timestamp_required, std::move(policy), callback, |
| 162 validate_in_background, ownership_status); |
| 163 } |
137 } | 164 } |
138 | 165 |
139 void DeviceLocalAccountPolicyStore::Validate( | 166 void DeviceLocalAccountPolicyStore::Validate( |
140 bool valid_timestamp_required, | 167 bool valid_timestamp_required, |
141 std::unique_ptr<em::PolicyFetchResponse> policy_response, | 168 std::unique_ptr<em::PolicyFetchResponse> policy_response, |
142 const ValidateCompletionCallback& callback, | 169 const ValidateCompletionCallback& callback, |
| 170 bool validate_in_background, |
143 chromeos::DeviceSettingsService::OwnershipStatus ownership_status) { | 171 chromeos::DeviceSettingsService::OwnershipStatus ownership_status) { |
144 DCHECK_NE(chromeos::DeviceSettingsService::OWNERSHIP_UNKNOWN, | 172 DCHECK_NE(chromeos::DeviceSettingsService::OWNERSHIP_UNKNOWN, |
145 ownership_status); | 173 ownership_status); |
146 const em::PolicyData* device_policy_data = | 174 const em::PolicyData* device_policy_data = |
147 device_settings_service_->policy_data(); | 175 device_settings_service_->policy_data(); |
148 // Note that the key is obtained through the device settings service instead | 176 // Note that the key is obtained through the device settings service instead |
149 // of using |policy_signature_public_key_| member, as the latter one is | 177 // of using |policy_signature_public_key_| member, as the latter one is |
150 // updated only after the successful installation of the policy. | 178 // updated only after the successful installation of the policy. |
151 scoped_refptr<ownership::PublicKey> key = | 179 scoped_refptr<ownership::PublicKey> key = |
152 device_settings_service_->GetPublicKey(); | 180 device_settings_service_->GetPublicKey(); |
(...skipping 22 matching lines...) Expand all Loading... |
175 // Validate the DMToken to match what device policy has. | 203 // Validate the DMToken to match what device policy has. |
176 validator->ValidateDMToken(device_policy_data->request_token(), | 204 validator->ValidateDMToken(device_policy_data->request_token(), |
177 CloudPolicyValidatorBase::DM_TOKEN_REQUIRED); | 205 CloudPolicyValidatorBase::DM_TOKEN_REQUIRED); |
178 | 206 |
179 // Validate the device id to match what device policy has. | 207 // Validate the device id to match what device policy has. |
180 validator->ValidateDeviceId(device_policy_data->device_id(), | 208 validator->ValidateDeviceId(device_policy_data->device_id(), |
181 CloudPolicyValidatorBase::DEVICE_ID_REQUIRED); | 209 CloudPolicyValidatorBase::DEVICE_ID_REQUIRED); |
182 | 210 |
183 validator->ValidatePayload(); | 211 validator->ValidatePayload(); |
184 validator->ValidateSignature(key->as_string()); | 212 validator->ValidateSignature(key->as_string()); |
185 validator.release()->StartValidation(base::Bind(callback, key->as_string())); | 213 |
| 214 if (validate_in_background) { |
| 215 // The Validator will delete itself once validation is |
| 216 // complete. |
| 217 validator.release()->StartValidation( |
| 218 base::Bind(callback, key->as_string())); |
| 219 } else { |
| 220 validator->RunValidation(); |
| 221 |
| 222 UpdatePolicy(key->as_string(), validator.get()); |
| 223 } |
186 } | 224 } |
187 | 225 |
188 } // namespace policy | 226 } // namespace policy |
OLD | NEW |