Chromium Code Reviews Chromium Code Reviews
Issue 2794493002:
Add AuthPolicyLoginHelper (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chromeos/dbus/fake_auth_policy_client.h" | 5 #include "chromeos/dbus/fake_auth_policy_client.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/files/file_path.h" | 8 #include "base/files/file_path.h" |
| 9 #include "base/files/file_util.h" | 9 #include "base/files/file_util.h" |
| 10 #include "base/location.h" | 10 #include "base/location.h" |
| 11 #include "base/md5.h" | 11 #include "base/md5.h" |
| 12 #include "base/path_service.h" | 12 #include "base/path_service.h" |
| 13 #include "base/strings/string_split.h" | 13 #include "base/strings/string_split.h" |
| 14 #include "base/task_scheduler/post_task.h" | 14 #include "base/task_scheduler/post_task.h" |
| 15 #include "base/threading/platform_thread.h" | 15 #include "base/threading/platform_thread.h" |
| 16 #include "base/threading/thread_task_runner_handle.h" | |
| 16 #include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h" | 17 #include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h" |
| 17 #include "chromeos/chromeos_paths.h" | 18 #include "chromeos/chromeos_paths.h" |
| 18 #include "chromeos/cryptohome/cryptohome_parameters.h" | 19 #include "chromeos/cryptohome/cryptohome_parameters.h" |
| 19 #include "chromeos/dbus/cryptohome_client.h" | 20 #include "chromeos/dbus/cryptohome_client.h" |
| 20 #include "components/policy/proto/cloud_policy.pb.h" | 21 #include "components/policy/proto/cloud_policy.pb.h" |
| 21 #include "components/policy/proto/device_management_backend.pb.h" | 22 #include "components/policy/proto/device_management_backend.pb.h" |
| 22 #include "components/signin/core/account_id/account_id.h" | 23 #include "components/signin/core/account_id/account_id.h" |
| 23 #include "third_party/cros_system_api/dbus/service_constants.h" | 24 #include "third_party/cros_system_api/dbus/service_constants.h" |
| 24 | 25 |
| 25 namespace em = enterprise_management; | 26 namespace em = enterprise_management; |
| 26 | 27 |
| 27 namespace { | 28 namespace { |
| 28 | 29 |
| 29 const size_t kMaxMachineNameLength = 15; | 30 const size_t kMaxMachineNameLength = 15; |
| 30 const char kInvalidMachineNameCharacters[] = "\\/:*?\"<>|"; | 31 const char kInvalidMachineNameCharacters[] = "\\/:*?\"<>|"; |
| 31 | 32 |
| 32 // Delay policy fetch to be more realistic. | 33 // Delay operations to be more realistic. |
| 33 constexpr int kPolicyFetchDelaySeconds = 5; | 34 constexpr int kOperationDelaySeconds = 3; |
| 34 | 35 |
| 35 // Drop stub policy file of |policy_type| at |policy_path| containing | 36 // Drop stub policy file of |policy_type| at |policy_path| containing |
| 36 // |serialized_payload|. | 37 // |serialized_payload|. |
| 37 bool WritePolicyFile(const base::FilePath& policy_path, | 38 bool WritePolicyFile(const base::FilePath& policy_path, |
| 38 const std::string& serialized_payload, | 39 const std::string& serialized_payload, |
| 39 const std::string& policy_type) { | 40 const std::string& policy_type) { |
| 40 base::PlatformThread::Sleep( | 41 base::PlatformThread::Sleep( |
| 41 base::TimeDelta::FromSeconds(kPolicyFetchDelaySeconds)); | 42 base::TimeDelta::FromSeconds(kOperationDelaySeconds)); |
| 42 | 43 |
| 43 em::PolicyData data; | 44 em::PolicyData data; |
| 44 data.set_policy_value(serialized_payload); | 45 data.set_policy_value(serialized_payload); |
| 45 data.set_policy_type(policy_type); | 46 data.set_policy_type(policy_type); |
| 46 | 47 |
| 47 em::PolicyFetchResponse response; | 48 em::PolicyFetchResponse response; |
| 48 CHECK(data.SerializeToString(response.mutable_policy_data())); | 49 CHECK(data.SerializeToString(response.mutable_policy_data())); |
| 49 std::string serialized_response; | 50 std::string serialized_response; |
| 50 CHECK(response.SerializeToString(&serialized_response)); | 51 CHECK(response.SerializeToString(&serialized_response)); |
| 51 | 52 |
| 52 if (!base::CreateDirectory(policy_path.DirName())) | 53 if (!base::CreateDirectory(policy_path.DirName())) |
| 53 return false; | 54 return false; |
| 54 | 55 |
| 55 // Note that in theory there could be a short time window in which a | 56 // Note that in theory there could be a short time window in which a |
| 56 // concurrent reader sees a partial (and thus invalid) file, but given the | 57 // concurrent reader sees a partial (and thus invalid) file, but given the |
| 57 // small file size that seems very unlikely in practice. | 58 // small file size that seems very unlikely in practice. |
| 58 const int bytes_written = base::WriteFile( | 59 const int bytes_written = base::WriteFile( |
| 59 policy_path, serialized_response.c_str(), serialized_response.size()); | 60 policy_path, serialized_response.c_str(), serialized_response.size()); |
| 60 if (bytes_written < 0) | 61 if (bytes_written < 0) |
| 61 return false; | 62 return false; |
| 62 return bytes_written == static_cast<int>(serialized_response.size()); | 63 return bytes_written == static_cast<int>(serialized_response.size()); |
| 63 } | 64 } |
| 64 | 65 |
| 66 void PostDelayedClosure(const base::Closure& closure) { | |
| 67 base::ThreadTaskRunnerHandle::Get()->PostDelayedTask( | |
| 68 FROM_HERE, closure, base::TimeDelta::FromSeconds(kOperationDelaySeconds)); | |
| 69 } | |
| 70 | |
| 65 } // namespace | 71 } // namespace |
| 66 | 72 |
| 67 namespace chromeos { | 73 namespace chromeos { |
| 68 | 74 |
| 69 FakeAuthPolicyClient::FakeAuthPolicyClient() {} | 75 FakeAuthPolicyClient::FakeAuthPolicyClient() {} |
| 70 | 76 |
| 71 FakeAuthPolicyClient::~FakeAuthPolicyClient() {} | 77 FakeAuthPolicyClient::~FakeAuthPolicyClient() {} |
| 72 | 78 |
| 73 void FakeAuthPolicyClient::Init(dbus::Bus* bus) {} | 79 void FakeAuthPolicyClient::Init(dbus::Bus* bus) {} |
| 74 | 80 |
| 75 void FakeAuthPolicyClient::JoinAdDomain(const std::string& machine_name, | 81 void FakeAuthPolicyClient::JoinAdDomain(const std::string& machine_name, |
| 76 const std::string& user_principal_name, | 82 const std::string& user_principal_name, |
| 77 int password_fd, | 83 int password_fd, |
| 78 const JoinCallback& callback) { | 84 const JoinCallback& callback) { |
| 79 if (!started_) { | 85 if (!started_) { |
|
ljusten (tachyonic)
2017/03/31 15:19:33
This would get rid of a bunch of repetitions:
if
Roman Sorokin (ftl)
2017/04/04 10:10:49
Done.
| |
| 80 LOG(ERROR) << "authpolicyd not started"; | 86 LOG(ERROR) << "authpolicyd not started"; |
| 81 callback.Run(authpolicy::ERROR_DBUS_FAILURE); | 87 PostDelayedClosure(base::Bind(callback, authpolicy::ERROR_DBUS_FAILURE)); |
| 82 return; | 88 return; |
| 83 } | 89 } |
| 84 if (machine_name.size() > kMaxMachineNameLength) { | 90 if (machine_name.size() > kMaxMachineNameLength) { |
| 85 callback.Run(authpolicy::ERROR_MACHINE_NAME_TOO_LONG); | 91 PostDelayedClosure( |
| 92 base::Bind(callback, authpolicy::ERROR_MACHINE_NAME_TOO_LONG)); | |
| 86 return; | 93 return; |
| 87 } | 94 } |
| 88 | 95 |
| 89 if (machine_name.empty() || | 96 if (machine_name.empty() || |
| 90 machine_name.find_first_of(kInvalidMachineNameCharacters) != | 97 machine_name.find_first_of(kInvalidMachineNameCharacters) != |
| 91 std::string::npos) { | 98 std::string::npos) { |
| 92 callback.Run(authpolicy::ERROR_BAD_MACHINE_NAME); | 99 PostDelayedClosure( |
| 100 base::Bind(callback, authpolicy::ERROR_BAD_MACHINE_NAME)); | |
| 93 return; | 101 return; |
| 94 } | 102 } |
| 95 | 103 |
| 96 std::vector<std::string> parts = base::SplitString( | 104 std::vector<std::string> parts = base::SplitString( |
| 97 user_principal_name, "@", base::TRIM_WHITESPACE, base::SPLIT_WANT_ALL); | 105 user_principal_name, "@", base::TRIM_WHITESPACE, base::SPLIT_WANT_ALL); |
| 98 if (parts.size() != 2 || parts[0].empty() || parts[1].empty()) { | 106 if (parts.size() != 2 || parts[0].empty() || parts[1].empty()) { |
| 99 callback.Run(authpolicy::ERROR_PARSE_UPN_FAILED); | 107 PostDelayedClosure( |
| 108 base::Bind(callback, authpolicy::ERROR_PARSE_UPN_FAILED)); | |
| 100 return; | 109 return; |
| 101 } | 110 } |
| 102 | 111 |
| 103 callback.Run(authpolicy::ERROR_NONE); | 112 PostDelayedClosure(base::Bind(callback, authpolicy::ERROR_NONE)); |
| 104 } | 113 } |
| 105 | 114 |
| 106 void FakeAuthPolicyClient::AuthenticateUser( | 115 void FakeAuthPolicyClient::AuthenticateUser( |
| 107 const std::string& user_principal_name, | 116 const std::string& user_principal_name, |
| 108 int password_fd, | 117 int password_fd, |
| 109 const AuthCallback& callback) { | 118 const AuthCallback& callback) { |
| 110 authpolicy::ActiveDirectoryAccountData account_data; | 119 authpolicy::ActiveDirectoryAccountData account_data; |
| 111 if (!started_) { | 120 if (!started_) { |
| 112 LOG(ERROR) << "authpolicyd not started"; | 121 LOG(ERROR) << "authpolicyd not started"; |
| 113 callback.Run(authpolicy::ERROR_DBUS_FAILURE, account_data); | 122 PostDelayedClosure( |
| 123 base::Bind(callback, authpolicy::ERROR_DBUS_FAILURE, account_data)); | |
| 114 return; | 124 return; |
| 115 } | 125 } |
| 116 if (auth_error_ == authpolicy::ERROR_NONE) | 126 if (auth_error_ == authpolicy::ERROR_NONE) |
| 117 account_data.set_account_id(base::MD5String(user_principal_name)); | 127 account_data.set_account_id(base::MD5String(user_principal_name)); |
| 118 callback.Run(auth_error_, account_data); | 128 PostDelayedClosure(base::Bind(callback, auth_error_, account_data)); |
| 119 } | 129 } |
| 120 | 130 |
| 121 void FakeAuthPolicyClient::RefreshDevicePolicy( | 131 void FakeAuthPolicyClient::RefreshDevicePolicy( |
| 122 const RefreshPolicyCallback& callback) { | 132 const RefreshPolicyCallback& callback) { |
| 123 if (!started_) { | 133 if (!started_) { |
| 124 LOG(ERROR) << "authpolicyd not started"; | 134 LOG(ERROR) << "authpolicyd not started"; |
| 125 callback.Run(false); | 135 callback.Run(false); |
| 126 return; | 136 return; |
| 127 } | 137 } |
| 128 base::FilePath policy_path; | 138 base::FilePath policy_path; |
| (...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 177 .WithShutdownBehavior( | 187 .WithShutdownBehavior( |
| 178 base::TaskShutdownBehavior::CONTINUE_ON_SHUTDOWN) | 188 base::TaskShutdownBehavior::CONTINUE_ON_SHUTDOWN) |
| 179 .WithPriority(base::TaskPriority::BACKGROUND) | 189 .WithPriority(base::TaskPriority::BACKGROUND) |
| 180 .MayBlock(), | 190 .MayBlock(), |
| 181 base::Bind(&WritePolicyFile, policy_path, payload, | 191 base::Bind(&WritePolicyFile, policy_path, payload, |
| 182 "google/chromeos/user"), | 192 "google/chromeos/user"), |
| 183 callback); | 193 callback); |
| 184 } | 194 } |
| 185 | 195 |
| 186 } // namespace chromeos | 196 } // namespace chromeos |
| OLD | NEW |
