Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1167)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/chromeos/settings/session_manager_operation.cc

Issue 2820063005: Remove the "not_after" validation of policy timestamps (Closed)
Patch Set: Rebase Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc ('k') | components/policy/core/common/cloud/cloud_policy_validator.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/chromeos/settings/session_manager_operation.h" 5 #include "chrome/browser/chromeos/settings/session_manager_operation.h"
6 6
7 #include <utility> 7 #include <utility>
8 8
9 #include "base/bind.h" 9 #include "base/bind.h"
10 #include "base/bind_helpers.h" 10 #include "base/bind_helpers.h"
(...skipping 152 matching lines...) Expand 10 before | Expand all | Expand 10 after
163 pool->GetSequencedTaskRunnerWithShutdownBehavior( 163 pool->GetSequencedTaskRunnerWithShutdownBehavior(
164 pool->GetSequenceToken(), 164 pool->GetSequenceToken(),
165 base::SequencedWorkerPool::SKIP_ON_SHUTDOWN); 165 base::SequencedWorkerPool::SKIP_ON_SHUTDOWN);
166 166
167 std::unique_ptr<policy::DeviceCloudPolicyValidator> validator = 167 std::unique_ptr<policy::DeviceCloudPolicyValidator> validator =
168 policy::DeviceCloudPolicyValidator::Create(std::move(policy), 168 policy::DeviceCloudPolicyValidator::Create(std::move(policy),
169 background_task_runner); 169 background_task_runner);
170 170
171 if (cloud_validations_) { 171 if (cloud_validations_) {
172 // Policy auto-generated by session manager doesn't include a timestamp, so 172 // Policy auto-generated by session manager doesn't include a timestamp, so
173 // the timestamp shouldn't be verified in that case. 173 // the timestamp shouldn't be verified in that case. Note that the timestamp
174 //
175 // Additionally, offline devices can get their clock set backwards in time
176 // under some hardware conditions; checking the timestamp now could likely
177 // find a value in the future, and prevent the user from signing-in or
178 // starting guest mode. Tlsdate will eventually fix the clock when the
179 // device is back online, but the network configuration may come from device
180 // ONC.
181 //
182 // To prevent all of these issues the timestamp is just not verified when
183 // loading the device policy from session manager. Note that the timestamp
184 // is still verified during enrollment and when a new policy is fetched from 174 // is still verified during enrollment and when a new policy is fetched from
185 // the server. 175 // the server.
186 // 176 //
187 // The two *_NOT_REQUIRED options are necessary because both the DM token 177 // The two *_NOT_REQUIRED options are necessary because both the DM token
188 // and the device id are empty for a user logging in on an actual Chrome OS 178 // and the device id are empty for a user logging in on an actual Chrome OS
189 // device that is not enterprise-managed. Note for devs: The strings are not 179 // device that is not enterprise-managed. Note for devs: The strings are not
190 // empty when you test Chrome with target_os = "chromeos" on Linux! 180 // empty when you test Chrome with target_os = "chromeos" on Linux!
191 validator->ValidateAgainstCurrentPolicy( 181 validator->ValidateAgainstCurrentPolicy(
192 policy_data_.get(), 182 policy_data_.get(),
193 policy::CloudPolicyValidatorBase::TIMESTAMP_NOT_VALIDATED, 183 policy::CloudPolicyValidatorBase::TIMESTAMP_NOT_VALIDATED,
(...skipping 78 matching lines...) Expand 10 before | Expand all | Expand 10 after
272 } 262 }
273 263
274 void StoreSettingsOperation::HandleStoreResult(bool success) { 264 void StoreSettingsOperation::HandleStoreResult(bool success) {
275 if (!success) 265 if (!success)
276 ReportResult(DeviceSettingsService::STORE_OPERATION_FAILED); 266 ReportResult(DeviceSettingsService::STORE_OPERATION_FAILED);
277 else 267 else
278 StartLoading(); 268 StartLoading();
279 } 269 }
280 270
281 } // namespace chromeos 271 } // namespace chromeos
OLDNEW
« no previous file with comments | « chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc ('k') | components/policy/core/common/cloud/cloud_policy_validator.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698