Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(536)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/chromeos/settings/session_manager_operation.cc

Issue 2820063005: Remove the "not_after" validation of policy timestamps (Closed)
Patch Set: Fix test Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« chrome/browser/chromeos/policy/enrollment_handler_chromeos.cc ('K') | « chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc ('k') | components/policy/core/common/cloud/cloud_policy_validator.h » ('j') | components/policy/core/common/cloud/cloud_policy_validator_unittest.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/chromeos/settings/session_manager_operation.h" 5 #include "chrome/browser/chromeos/settings/session_manager_operation.h"
6 6
7 #include <utility> 7 #include <utility>
8 8
9 #include "base/bind.h" 9 #include "base/bind.h"
10 #include "base/bind_helpers.h" 10 #include "base/bind_helpers.h"
(...skipping 153 matching lines...) Expand 10 before | Expand all | Expand 10 after
164 pool->GetSequenceToken(), 164 pool->GetSequenceToken(),
165 base::SequencedWorkerPool::SKIP_ON_SHUTDOWN); 165 base::SequencedWorkerPool::SKIP_ON_SHUTDOWN);
166 166
167 std::unique_ptr<policy::DeviceCloudPolicyValidator> validator = 167 std::unique_ptr<policy::DeviceCloudPolicyValidator> validator =
168 base::WrapUnique<policy::DeviceCloudPolicyValidator>( 168 base::WrapUnique<policy::DeviceCloudPolicyValidator>(
169 policy::DeviceCloudPolicyValidator::Create(std::move(policy), 169 policy::DeviceCloudPolicyValidator::Create(std::move(policy),
170 background_task_runner)); 170 background_task_runner));
171 171
172 if (cloud_validations_) { 172 if (cloud_validations_) {
173 // Policy auto-generated by session manager doesn't include a timestamp, so 173 // Policy auto-generated by session manager doesn't include a timestamp, so
174 // the timestamp shouldn't be verified in that case. 174 // the timestamp shouldn't be verified in that case. Note that the timestamp
175 //
176 // Additionally, offline devices can get their clock set backwards in time
177 // under some hardware conditions; checking the timestamp now could likely
178 // find a value in the future, and prevent the user from signing-in or
179 // starting guest mode. Tlsdate will eventually fix the clock when the
180 // device is back online, but the network configuration may come from device
181 // ONC.
182 //
183 // To prevent all of these issues the timestamp is just not verified when
184 // loading the device policy from session manager. Note that the timestamp
185 // is still verified during enrollment and when a new policy is fetched from 175 // is still verified during enrollment and when a new policy is fetched from
186 // the server. 176 // the server.
187 // 177 //
188 // The two *_NOT_REQUIRED options are necessary because both the DM token 178 // The two *_NOT_REQUIRED options are necessary because both the DM token
189 // and the device id are empty for a user logging in on an actual Chrome OS 179 // and the device id are empty for a user logging in on an actual Chrome OS
190 // device that is not enterprise-managed. Note for devs: The strings are not 180 // device that is not enterprise-managed. Note for devs: The strings are not
191 // empty when you test Chrome with target_os = "chromeos" on Linux! 181 // empty when you test Chrome with target_os = "chromeos" on Linux!
192 validator->ValidateAgainstCurrentPolicy( 182 validator->ValidateAgainstCurrentPolicy(
193 policy_data_.get(), 183 policy_data_.get(),
194 policy::CloudPolicyValidatorBase::TIMESTAMP_NOT_VALIDATED, 184 policy::CloudPolicyValidatorBase::TIMESTAMP_NOT_VALIDATED,
(...skipping 78 matching lines...) Expand 10 before | Expand all | Expand 10 after
273 } 263 }
274 264
275 void StoreSettingsOperation::HandleStoreResult(bool success) { 265 void StoreSettingsOperation::HandleStoreResult(bool success) {
276 if (!success) 266 if (!success)
277 ReportResult(DeviceSettingsService::STORE_OPERATION_FAILED); 267 ReportResult(DeviceSettingsService::STORE_OPERATION_FAILED);
278 else 268 else
279 StartLoading(); 269 StartLoading();
280 } 270 }
281 271
282 } // namespace chromeos 272 } // namespace chromeos
OLDNEW
« chrome/browser/chromeos/policy/enrollment_handler_chromeos.cc ('K') | « chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc ('k') | components/policy/core/common/cloud/cloud_policy_validator.h » ('j') | components/policy/core/common/cloud/cloud_policy_validator_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698