| OLD | NEW |
|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chromeos/dbus/fake_auth_policy_client.h" | 5 #include "chromeos/dbus/fake_auth_policy_client.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/files/file_path.h" | 8 #include "base/files/file_path.h" |
| 9 #include "base/files/file_util.h" | 9 #include "base/files/file_util.h" |
| 10 #include "base/location.h" | 10 #include "base/location.h" |
| 11 #include "base/md5.h" | 11 #include "base/md5.h" |
| 12 #include "base/path_service.h" | 12 #include "base/path_service.h" |
| 13 #include "base/strings/string_split.h" | 13 #include "base/strings/string_split.h" |
| 14 #include "base/task_scheduler/post_task.h" | 14 #include "base/task_scheduler/post_task.h" |
| 15 #include "base/threading/platform_thread.h" | 15 #include "base/threading/platform_thread.h" |
| 16 #include "base/threading/thread_task_runner_handle.h" |
| 16 #include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h" | 17 #include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h" |
| 17 #include "chromeos/chromeos_paths.h" | 18 #include "chromeos/chromeos_paths.h" |
| 18 #include "chromeos/cryptohome/cryptohome_parameters.h" | 19 #include "chromeos/cryptohome/cryptohome_parameters.h" |
| 19 #include "chromeos/dbus/cryptohome_client.h" | 20 #include "chromeos/dbus/cryptohome_client.h" |
| 20 #include "components/policy/proto/cloud_policy.pb.h" | 21 #include "components/policy/proto/cloud_policy.pb.h" |
| 21 #include "components/policy/proto/device_management_backend.pb.h" | 22 #include "components/policy/proto/device_management_backend.pb.h" |
| 22 #include "components/signin/core/account_id/account_id.h" | 23 #include "components/signin/core/account_id/account_id.h" |
| 23 #include "third_party/cros_system_api/dbus/service_constants.h" | 24 #include "third_party/cros_system_api/dbus/service_constants.h" |
| 24 | 25 |
| 25 namespace em = enterprise_management; | 26 namespace em = enterprise_management; |
| 26 | 27 |
| 27 namespace { | 28 namespace { |
| 28 | 29 |
| 29 const size_t kMaxMachineNameLength = 15; | 30 const size_t kMaxMachineNameLength = 15; |
| 30 const char kInvalidMachineNameCharacters[] = "\\/:*?\"<>|"; | 31 const char kInvalidMachineNameCharacters[] = "\\/:*?\"<>|"; |
| 31 | 32 |
| 32 // Delay policy fetch to be more realistic. | 33 // Delay operations to be more realistic. |
| 33 constexpr int kPolicyFetchDelaySeconds = 5; | 34 constexpr int kOperationDelaySeconds = 3; |
| 34 | 35 |
| 35 // Drop stub policy file of |policy_type| at |policy_path| containing | 36 // Drop stub policy file of |policy_type| at |policy_path| containing |
| 36 // |serialized_payload|. | 37 // |serialized_payload|. |
| 37 bool WritePolicyFile(const base::FilePath& policy_path, | 38 bool WritePolicyFile(const base::FilePath& policy_path, |
| 38 const std::string& serialized_payload, | 39 const std::string& serialized_payload, |
| 39 const std::string& policy_type) { | 40 const std::string& policy_type) { |
| 40 base::PlatformThread::Sleep( | 41 base::PlatformThread::Sleep( |
| 41 base::TimeDelta::FromSeconds(kPolicyFetchDelaySeconds)); | 42 base::TimeDelta::FromSeconds(kOperationDelaySeconds)); |
| 42 | 43 |
| 43 em::PolicyData data; | 44 em::PolicyData data; |
| 44 data.set_policy_value(serialized_payload); | 45 data.set_policy_value(serialized_payload); |
| 45 data.set_policy_type(policy_type); | 46 data.set_policy_type(policy_type); |
| 46 | 47 |
| 47 em::PolicyFetchResponse response; | 48 em::PolicyFetchResponse response; |
| 48 CHECK(data.SerializeToString(response.mutable_policy_data())); | 49 CHECK(data.SerializeToString(response.mutable_policy_data())); |
| 49 std::string serialized_response; | 50 std::string serialized_response; |
| 50 CHECK(response.SerializeToString(&serialized_response)); | 51 CHECK(response.SerializeToString(&serialized_response)); |
| 51 | 52 |
| 52 if (!base::CreateDirectory(policy_path.DirName())) | 53 if (!base::CreateDirectory(policy_path.DirName())) |
| 53 return false; | 54 return false; |
| 54 | 55 |
| 55 // Note that in theory there could be a short time window in which a | 56 // Note that in theory there could be a short time window in which a |
| 56 // concurrent reader sees a partial (and thus invalid) file, but given the | 57 // concurrent reader sees a partial (and thus invalid) file, but given the |
| 57 // small file size that seems very unlikely in practice. | 58 // small file size that seems very unlikely in practice. |
| 58 const int bytes_written = base::WriteFile( | 59 const int bytes_written = base::WriteFile( |
| 59 policy_path, serialized_response.c_str(), serialized_response.size()); | 60 policy_path, serialized_response.c_str(), serialized_response.size()); |
| 60 if (bytes_written < 0) | 61 if (bytes_written < 0) |
| 61 return false; | 62 return false; |
| 62 return bytes_written == static_cast<int>(serialized_response.size()); | 63 return bytes_written == static_cast<int>(serialized_response.size()); |
| 63 } | 64 } |
| 64 | 65 |
| 66 void PostDelayedClosure(base::OnceClosure closure) { |
| 67 base::ThreadTaskRunnerHandle::Get()->PostDelayedTask( |
| 68 FROM_HERE, std::move(closure), |
| 69 base::TimeDelta::FromSeconds(kOperationDelaySeconds)); |
| 70 } |
| 71 |
| 65 } // namespace | 72 } // namespace |
| 66 | 73 |
| 67 namespace chromeos { | 74 namespace chromeos { |
| 68 | 75 |
| 69 FakeAuthPolicyClient::FakeAuthPolicyClient() {} | 76 FakeAuthPolicyClient::FakeAuthPolicyClient() {} |
| 70 | 77 |
| 71 FakeAuthPolicyClient::~FakeAuthPolicyClient() {} | 78 FakeAuthPolicyClient::~FakeAuthPolicyClient() {} |
| 72 | 79 |
| 73 void FakeAuthPolicyClient::Init(dbus::Bus* bus) {} | 80 void FakeAuthPolicyClient::Init(dbus::Bus* bus) {} |
| 74 | 81 |
| 75 void FakeAuthPolicyClient::JoinAdDomain(const std::string& machine_name, | 82 void FakeAuthPolicyClient::JoinAdDomain(const std::string& machine_name, |
| 76 const std::string& user_principal_name, | 83 const std::string& user_principal_name, |
| 77 int password_fd, | 84 int password_fd, |
| 78 const JoinCallback& callback) { | 85 JoinCallback callback) { |
| 86 authpolicy::ErrorType error = authpolicy::ERROR_NONE; |
| 79 if (!started_) { | 87 if (!started_) { |
| 80 LOG(ERROR) << "authpolicyd not started"; | 88 LOG(ERROR) << "authpolicyd not started"; |
| 81 callback.Run(authpolicy::ERROR_DBUS_FAILURE); | 89 error = authpolicy::ERROR_DBUS_FAILURE; |
| 82 return; | 90 } else if (machine_name.size() > kMaxMachineNameLength) { |
| 91 error = authpolicy::ERROR_MACHINE_NAME_TOO_LONG; |
| 92 } else if (machine_name.empty() || |
| 93 machine_name.find_first_of(kInvalidMachineNameCharacters) != |
| 94 std::string::npos) { |
| 95 error = authpolicy::ERROR_BAD_MACHINE_NAME; |
| 96 } else { |
| 97 std::vector<std::string> parts = base::SplitString( |
| 98 user_principal_name, "@", base::TRIM_WHITESPACE, base::SPLIT_WANT_ALL); |
| 99 if (parts.size() != 2 || parts[0].empty() || parts[1].empty()) { |
| 100 error = authpolicy::ERROR_PARSE_UPN_FAILED; |
| 101 } |
| 83 } | 102 } |
| 84 if (machine_name.size() > kMaxMachineNameLength) { | 103 PostDelayedClosure(base::BindOnce(std::move(callback), error)); |
| 85 callback.Run(authpolicy::ERROR_MACHINE_NAME_TOO_LONG); | |
| 86 return; | |
| 87 } | |
| 88 | |
| 89 if (machine_name.empty() || | |
| 90 machine_name.find_first_of(kInvalidMachineNameCharacters) != | |
| 91 std::string::npos) { | |
| 92 callback.Run(authpolicy::ERROR_BAD_MACHINE_NAME); | |
| 93 return; | |
| 94 } | |
| 95 | |
| 96 std::vector<std::string> parts = base::SplitString( | |
| 97 user_principal_name, "@", base::TRIM_WHITESPACE, base::SPLIT_WANT_ALL); | |
| 98 if (parts.size() != 2 || parts[0].empty() || parts[1].empty()) { | |
| 99 callback.Run(authpolicy::ERROR_PARSE_UPN_FAILED); | |
| 100 return; | |
| 101 } | |
| 102 | |
| 103 callback.Run(authpolicy::ERROR_NONE); | |
| 104 } | 104 } |
| 105 | 105 |
| 106 void FakeAuthPolicyClient::AuthenticateUser( | 106 void FakeAuthPolicyClient::AuthenticateUser( |
| 107 const std::string& user_principal_name, | 107 const std::string& user_principal_name, |
| 108 int password_fd, | 108 int password_fd, |
| 109 const AuthCallback& callback) { | 109 AuthCallback callback) { |
| 110 authpolicy::ErrorType error = authpolicy::ERROR_NONE; |
| 110 authpolicy::ActiveDirectoryAccountData account_data; | 111 authpolicy::ActiveDirectoryAccountData account_data; |
| 111 if (!started_) { | 112 if (!started_) { |
| 112 LOG(ERROR) << "authpolicyd not started"; | 113 LOG(ERROR) << "authpolicyd not started"; |
| 113 callback.Run(authpolicy::ERROR_DBUS_FAILURE, account_data); | 114 error = authpolicy::ERROR_DBUS_FAILURE; |
| 114 return; | 115 } else { |
| 116 if (auth_error_ == authpolicy::ERROR_NONE) |
| 117 account_data.set_account_id(base::MD5String(user_principal_name)); |
| 118 error = auth_error_; |
| 115 } | 119 } |
| 116 if (auth_error_ == authpolicy::ERROR_NONE) | 120 PostDelayedClosure(base::BindOnce(std::move(callback), error, account_data)); |
| 117 account_data.set_account_id(base::MD5String(user_principal_name)); | |
| 118 callback.Run(auth_error_, account_data); | |
| 119 } | 121 } |
| 120 | 122 |
| 121 void FakeAuthPolicyClient::RefreshDevicePolicy( | 123 void FakeAuthPolicyClient::RefreshDevicePolicy(RefreshPolicyCallback callback) { |
| 122 const RefreshPolicyCallback& callback) { | |
| 123 if (!started_) { | 124 if (!started_) { |
| 124 LOG(ERROR) << "authpolicyd not started"; | 125 LOG(ERROR) << "authpolicyd not started"; |
| 125 callback.Run(false); | 126 std::move(callback).Run(false); |
| 126 return; | 127 return; |
| 127 } | 128 } |
| 128 base::FilePath policy_path; | 129 base::FilePath policy_path; |
| 129 if (!PathService::Get(chromeos::FILE_OWNER_KEY, &policy_path)) { | 130 if (!PathService::Get(chromeos::FILE_OWNER_KEY, &policy_path)) { |
| 130 callback.Run(false); | 131 std::move(callback).Run(false); |
| 131 return; | 132 return; |
| 132 } | 133 } |
| 133 policy_path = policy_path.DirName().AppendASCII("stub_device_policy"); | 134 policy_path = policy_path.DirName().AppendASCII("stub_device_policy"); |
| 134 | 135 |
| 135 em::ChromeDeviceSettingsProto policy; | 136 em::ChromeDeviceSettingsProto policy; |
| 136 std::string payload; | 137 std::string payload; |
| 137 CHECK(policy.SerializeToString(&payload)); | 138 CHECK(policy.SerializeToString(&payload)); |
| 138 | 139 |
| 139 // Drop file for SessionManagerClientStubImpl to read. | 140 // Drop file for SessionManagerClientStubImpl to read. |
| 140 base::PostTaskWithTraitsAndReplyWithResult( | 141 base::PostTaskWithTraitsAndReplyWithResult( |
| 141 FROM_HERE, base::TaskTraits() | 142 FROM_HERE, |
| 142 .WithShutdownBehavior( | 143 base::TaskTraits() |
| 143 base::TaskShutdownBehavior::CONTINUE_ON_SHUTDOWN) | 144 .WithShutdownBehavior( |
| 144 .WithPriority(base::TaskPriority::BACKGROUND) | 145 base::TaskShutdownBehavior::CONTINUE_ON_SHUTDOWN) |
| 145 .MayBlock(), | 146 .WithPriority(base::TaskPriority::BACKGROUND) |
| 146 Bind(&WritePolicyFile, policy_path, payload, "google/chromeos/device"), | 147 .MayBlock(), |
| 147 callback); | 148 base::BindOnce(&WritePolicyFile, policy_path, payload, |
| 149 "google/chromeos/device"), |
| 150 std::move(callback)); |
| 148 } | 151 } |
| 149 | 152 |
| 150 void FakeAuthPolicyClient::RefreshUserPolicy( | 153 void FakeAuthPolicyClient::RefreshUserPolicy(const AccountId& account_id, |
| 151 const AccountId& account_id, | 154 RefreshPolicyCallback callback) { |
| 152 const RefreshPolicyCallback& callback) { | |
| 153 if (!started_) { | 155 if (!started_) { |
| 154 LOG(ERROR) << "authpolicyd not started"; | 156 LOG(ERROR) << "authpolicyd not started"; |
| 155 callback.Run(false); | 157 std::move(callback).Run(false); |
| 156 return; | 158 return; |
| 157 } | 159 } |
| 158 base::FilePath policy_path; | 160 base::FilePath policy_path; |
| 159 if (!PathService::Get(chromeos::DIR_USER_POLICY_KEYS, &policy_path)) { | 161 if (!PathService::Get(chromeos::DIR_USER_POLICY_KEYS, &policy_path)) { |
| 160 callback.Run(false); | 162 std::move(callback).Run(false); |
| 161 return; | 163 return; |
| 162 } | 164 } |
| 163 const cryptohome::Identification cryptohome_identification(account_id); | 165 const cryptohome::Identification cryptohome_identification(account_id); |
| 164 const std::string sanitized_username = | 166 const std::string sanitized_username = |
| 165 chromeos::CryptohomeClient::GetStubSanitizedUsername( | 167 chromeos::CryptohomeClient::GetStubSanitizedUsername( |
| 166 cryptohome_identification); | 168 cryptohome_identification); |
| 167 policy_path = policy_path.AppendASCII(sanitized_username); | 169 policy_path = policy_path.AppendASCII(sanitized_username); |
| 168 policy_path = policy_path.AppendASCII("stub_policy"); | 170 policy_path = policy_path.AppendASCII("stub_policy"); |
| 169 | 171 |
| 170 em::CloudPolicySettings policy; | 172 em::CloudPolicySettings policy; |
| 171 std::string payload; | 173 std::string payload; |
| 172 CHECK(policy.SerializeToString(&payload)); | 174 CHECK(policy.SerializeToString(&payload)); |
| 173 | 175 |
| 174 // Drop file for SessionManagerClientStubImpl to read. | 176 // Drop file for SessionManagerClientStubImpl to read. |
| 175 base::PostTaskWithTraitsAndReplyWithResult( | 177 base::PostTaskWithTraitsAndReplyWithResult( |
| 176 FROM_HERE, base::TaskTraits() | 178 FROM_HERE, |
| 177 .WithShutdownBehavior( | 179 base::TaskTraits() |
| 178 base::TaskShutdownBehavior::CONTINUE_ON_SHUTDOWN) | 180 .WithShutdownBehavior( |
| 179 .WithPriority(base::TaskPriority::BACKGROUND) | 181 base::TaskShutdownBehavior::CONTINUE_ON_SHUTDOWN) |
| 180 .MayBlock(), | 182 .WithPriority(base::TaskPriority::BACKGROUND) |
| 181 base::Bind(&WritePolicyFile, policy_path, payload, | 183 .MayBlock(), |
| 182 "google/chromeos/user"), | 184 base::BindOnce(&WritePolicyFile, policy_path, payload, |
| 183 callback); | 185 "google/chromeos/user"), |
| 186 std::move(callback)); |
| 184 } | 187 } |
| 185 | 188 |
| 186 } // namespace chromeos | 189 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2794493002:
Add AuthPolicyLoginHelper (Closed)
