chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc - Issue 2801993002: Abandon user sign in when policy is retrieved before session started

Unified Diff: chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc

Issue 2801993002: Abandon user sign in when policy is retrieved before session started (Closed)

Patch Set: Added comments to new functions Created 3 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

« chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h ('K') | « chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h ('k') | chromeos/dbus/session_manager_client.h » ('j') | chromeos/dbus/session_manager_client.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc

diff --git a/chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc b/chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc

index f73ec0ceb7924b4cee34ba619a98db1525294b92..e299227f1895e3edc29e13b3293f1dcbf3772d0b 100644

--- a/chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc

+++ b/chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc

@@ -19,6 +19,7 @@

#include "base/stl_util.h"

#include "base/strings/stringprintf.h"

#include "chrome/browser/chromeos/policy/user_policy_token_loader.h"

+#include "chrome/browser/lifetime/application_lifetime.h"

#include "chromeos/cryptohome/cryptohome_parameters.h"

#include "chromeos/dbus/cryptohome_client.h"

#include "chromeos/dbus/session_manager_client.h"

@@ -41,6 +42,9 @@ const base::FilePath::CharType kPolicyKeyFile[] =

// Maximum key size that will be loaded, in bytes.

const size_t kKeySizeLimit = 16 * 1024;

+const char kSessionDoesNotExist[] =

+ "org.chromium.SessionManagerInterface.SessionDoesNotExist";

Daniel Erat 2017/04/10 18:59:26 this is an implementation detail of the d-bus inte

igorcov 2017/04/18 10:23:18 Done - https://chromium-review.googlesource.com/c/

enum ValidationFailure {

VALIDATION_FAILURE_DBUS,

VALIDATION_FAILURE_LOAD_KEY,

@@ -94,9 +98,11 @@ void UserCloudPolicyStoreChromeOS::Store(

void UserCloudPolicyStoreChromeOS::Load() {

// Cancel all pending requests.

weak_factory_.InvalidateWeakPtrs();

- session_manager_client_->RetrievePolicyForUser(

+ session_manager_client_->RetrievePolicyForUserWithErrorCallback(

cryptohome::Identification(account_id_),

base::Bind(&UserCloudPolicyStoreChromeOS::OnPolicyRetrieved,

+ weak_factory_.GetWeakPtr()),

+ base::Bind(&UserCloudPolicyStoreChromeOS::OnPolicyRetrievedWithError,

weak_factory_.GetWeakPtr()));

}

@@ -243,6 +249,24 @@ void UserCloudPolicyStoreChromeOS::OnPolicyRetrieved(

}

+void UserCloudPolicyStoreChromeOS::OnPolicyRetrievedWithError(

+ const std::string& error_name,

+ const std::string& error_message) {

+ LOG(ERROR) << "Error on policy retrieved " << error_name << ":"

Daniel Erat 2017/04/10 18:59:26 add space after ':'

igorcov 2017/04/18 10:23:18 Done.

+ << error_message;

+ // Disallow the sign in when the error is dbus_error::kSessionDoesNotExist

+ // from Chrome OS.

Daniel Erat 2017/04/10 18:59:26 this is chrome-os-only code, so you should probabl

igorcov 2017/04/18 10:23:18 Done.

+ // TODO(igorcov): crbug/689206. Find the root cause for the behavior that

+ // makes Chrome request the user policy before the session is started.

+ if (error_name == kSessionDoesNotExist) {

+ chrome::AttemptUserExit();

Daniel Erat 2017/04/10 18:59:26 should chrome crash instead, or will that put us i

Andrew T Wilson (Slow) 2017/04/11 13:35:04 Signing out silently can indeed be confusing for u

+ return;

+ }

+ status_ = STATUS_PARSE_ERROR;

+ NotifyStoreError();

void UserCloudPolicyStoreChromeOS::ValidateRetrievedPolicy(

std::unique_ptr<em::PolicyFetchResponse> policy) {

// Create and configure a validator for the loaded policy.