Chromium Code Reviews
|
|
Chromium Code Reviews
Issue
2841553002:
Allow machine key challenges by signin profiles. (Closed)
|
Created:
3 years, 8 months ago by The one and only Dr. Crash Modified:
3 years, 7 months ago Reviewers:
emaxx CC:
chromium-reviews, chromium-apps-reviews_chromium.org, extensions-reviews_chromium.org, dkrahn+watch_chromium.org, emaxx, dkalin1 Target Ref:
refs/heads/master Project:
chromium Visibility:
Public. |
DescriptionAllow machine key challenges by signin profiles.
This allows calling chrome.enterprise.platformKeys.challengeMachineKey() from a profile that does not have a user associated with it.
BUG=715121
TEST=unit tests
Review-Url: https://codereview.chromium.org/2841553002
Cr-Commit-Position: refs/heads/master@{#467991}
Committed: https://chromium.googlesource.com/chromium/src/+/8b9e9fcb9eb5c2408d8488f2f619b51ff24d0470
Patch Set 1 #Patch Set 2 : Undid .h change #Patch Set 3 : Make dependent CL #Patch Set 4 : Works in signin profile. #Patch Set 5 : Removed debugging logs. #Patch Set 6 : Allow enterprise challenges from login apps. #Patch Set 7 : Small refactor. #Patch Set 8 : Removed dependency on API permission which will stay in its own CL #Patch Set 9 : Renaming. #Patch Set 10 : Don't need Chrome constants. #Patch Set 11 : Oops. Welcome back, Chrome constants. #Patch Set 12 : Renaming. #Patch Set 13 : Rebased. #Patch Set 14 : Removed dep. #Patch Set 15 : Use static methods as available. #
Total comments: 20
Patch Set 16 : Review feedback. #Patch Set 17 : Format, explicit. #Patch Set 18 : Rebased #
Total comments: 2
Patch Set 19 : Review nits. #
Dependent Patchsets: Messages
Total messages: 51 (38 generated)
Description was changed from ========== Allow machine key challenges by signin profiles. ========== to ========== Allow machine key challenges by signin profiles. BUG=715121 TEST=unit tests ==========
The CQ bit was checked by drcrash@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at: https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: CLs for remote refs other than refs/heads/master must contain NOTRY=true and NOPRESUBMIT=true in order for the CQ to process them
drcrash@chromium.org changed reviewers: + emaxx@chromium.org
Whitelisted apps on the signing screen are allowed to call remote attestation for enterprise machine keys.
I plan a second CL to ensure that an appropriate error is given for challengeUserKey() but did not want to mix too many things in that one CL.
The CQ bit was checked by drcrash@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at: https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was checked by drcrash@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at: https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was checked by drcrash@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at: https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
On 2017/04/26 09:02:58, The one and only Dr. Crash wrote: > I plan a second CL to ensure that an appropriate error is given for > challengeUserKey() but did not want to mix too many things in that one CL. Second CL: https://codereview.chromium.org/2838423003
The CQ bit was checked by drcrash@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at: https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was checked by drcrash@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at: https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
https://codereview.chromium.org/2841553002/diff/280001/chrome/browser/extensi... File chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.cc (right): https://codereview.chromium.org/2841553002/diff/280001/chrome/browser/extensi... chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.cc:148: return Manifest::IsPolicyLocation(extension_->location()); nit: #include "extensions/common/extension.h" https://codereview.chromium.org/2841553002/diff/280001/chrome/browser/extensi... chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.cc:342: if (!chromeos::ProfileHelper::IsSigninProfile(profile_) && nit: Maybe drop a short explanatory comment here? The condition becomes a bit complex to read. https://codereview.chromium.org/2841553002/diff/280001/chrome/browser/extensi... File chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.h (right): https://codereview.chromium.org/2841553002/diff/280001/chrome/browser/extensi... chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.h:121: const extensions::Extension* extension_; I believe it's unsafe to store the raw pointer, as an extension may become deleted and the Extension object may be destroyed while the platformKeys operation is running. So either store some "elementary" pieces of data here (like std::string extension_id, bool force_installed_extension) or use scoped_refptr<const Extension> instead here. https://codereview.chromium.org/2841553002/diff/280001/chrome/browser/extensi... File chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api_unittest.cc (right): https://codereview.chromium.org/2841553002/diff/280001/chrome/browser/extensi... chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api_unittest.cc:153: class EPKPChallengeKeyTestBase : public BrowserWithTestWindowTest { What about accepting ProfileType in constructor, instead of this a bit tricky behavior "descendant class rewrites it"? Then it will be, IMO, easier to understand where is it coming from. Also this would allow creating of extension_ in the constructor, like it was in the original version. The SetUpExtension() and SetUpContext() methods could be then removed. https://codereview.chromium.org/2841553002/diff/280001/chrome/browser/extensi... chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api_unittest.cc:155: enum ProfileType { USER_PROFILE, SIGNIN_PROFILE }; nit: "enum class" is recommended over "enum". Also it's recommended to use constant-style naming if possible: https://google.github.io/styleguide/cppguide.html#Enumerator_Names So suggesting: enum class ProfileType { kUser, kSignin }; https://codereview.chromium.org/2841553002/diff/280001/chrome/browser/extensi... chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api_unittest.cc:194: virtual scoped_refptr<extensions::Extension> CreateExtension() { nit: Drop "virtual" and make the method private. https://codereview.chromium.org/2841553002/diff/280001/chrome/browser/extensi... chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api_unittest.cc:194: virtual scoped_refptr<extensions::Extension> CreateExtension() { nit: Remove "extensions::". (Applies to other parts in this file.) https://codereview.chromium.org/2841553002/diff/280001/chrome/browser/extensi... chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api_unittest.cc:370: class EPKPChallengeMachineKeyAllProfilesTest nit: Please add a short comment for this class, e.g.: // Tests of challengeMachineKey function that should run on user profile and // sign-in profile, depending on the supplied parameter. https://codereview.chromium.org/2841553002/diff/280001/chrome/browser/extensi... chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api_unittest.cc:422: func_->set_extension(extension_.get()); Can this be done in one of the existing SetUp* functions? It's a bit too much to introduce a virtual method just for this simple case.
https://codereview.chromium.org/2841553002/diff/280001/chrome/browser/extensi... File chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.cc (right): https://codereview.chromium.org/2841553002/diff/280001/chrome/browser/extensi... chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.cc:148: return Manifest::IsPolicyLocation(extension_->location()); On 2017/04/26 21:19:02, emaxx wrote: > nit: #include "extensions/common/extension.h" Done. https://codereview.chromium.org/2841553002/diff/280001/chrome/browser/extensi... chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.cc:342: if (!chromeos::ProfileHelper::IsSigninProfile(profile_) && On 2017/04/26 21:19:03, emaxx wrote: > nit: Maybe drop a short explanatory comment here? The condition becomes a bit > complex to read. Done. https://codereview.chromium.org/2841553002/diff/280001/chrome/browser/extensi... File chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api_unittest.cc (right): https://codereview.chromium.org/2841553002/diff/280001/chrome/browser/extensi... chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api_unittest.cc:153: class EPKPChallengeKeyTestBase : public BrowserWithTestWindowTest { On 2017/04/26 21:19:03, emaxx wrote: > What about accepting ProfileType in constructor, instead of this a bit tricky > behavior "descendant class rewrites it"? > Then it will be, IMO, easier to understand where is it coming from. > > Also this would allow creating of extension_ in the constructor, like it was in > the original version. The SetUpExtension() and SetUpContext() methods could be > then removed. No, it has to be a param for the tests. It's simpler that way. https://codereview.chromium.org/2841553002/diff/280001/chrome/browser/extensi... chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api_unittest.cc:155: enum ProfileType { USER_PROFILE, SIGNIN_PROFILE }; On 2017/04/26 21:19:03, emaxx wrote: > nit: "enum class" is recommended over "enum". > Also it's recommended to use constant-style naming if possible: > https://google.github.io/styleguide/cppguide.html#Enumerator_Names > So suggesting: > enum class ProfileType { kUser, kSignin }; Done. https://codereview.chromium.org/2841553002/diff/280001/chrome/browser/extensi... chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api_unittest.cc:194: virtual scoped_refptr<extensions::Extension> CreateExtension() { On 2017/04/26 21:19:03, emaxx wrote: > nit: Remove "extensions::". > (Applies to other parts in this file.) Done. https://codereview.chromium.org/2841553002/diff/280001/chrome/browser/extensi... chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api_unittest.cc:194: virtual scoped_refptr<extensions::Extension> CreateExtension() { On 2017/04/26 21:19:03, emaxx wrote: > nit: Drop "virtual" and make the method private. Done. https://codereview.chromium.org/2841553002/diff/280001/chrome/browser/extensi... chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api_unittest.cc:194: virtual scoped_refptr<extensions::Extension> CreateExtension() { On 2017/04/26 21:19:03, emaxx wrote: > nit: Drop "virtual" and make the method private. Done. https://codereview.chromium.org/2841553002/diff/280001/chrome/browser/extensi... chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api_unittest.cc:370: class EPKPChallengeMachineKeyAllProfilesTest On 2017/04/26 21:19:03, emaxx wrote: > nit: Please add a short comment for this class, e.g.: > // Tests of challengeMachineKey function that should run on user profile and > // sign-in profile, depending on the supplied parameter. Done. https://codereview.chromium.org/2841553002/diff/280001/chrome/browser/extensi... chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api_unittest.cc:422: func_->set_extension(extension_.get()); On 2017/04/26 21:19:03, emaxx wrote: > Can this be done in one of the existing SetUp* functions? > It's a bit too much to introduce a virtual method just for this simple case. No, but I got rid of the unnecessary SetUpContext().
The CQ bit was checked by drcrash@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at: https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
https://codereview.chromium.org/2841553002/diff/280001/chrome/browser/extensi... File chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.h (right): https://codereview.chromium.org/2841553002/diff/280001/chrome/browser/extensi... chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.h:121: const extensions::Extension* extension_; On 2017/04/26 21:19:03, emaxx wrote: > I believe it's unsafe to store the raw pointer, as an extension may become > deleted and the Extension object may be destroyed while the platformKeys > operation is running. > So either store some "elementary" pieces of data here (like std::string > extension_id, bool force_installed_extension) or use scoped_refptr<const > Extension> instead here. Ping. Or there's some evidence that this Extension instance will stay alive for the whole lifetime of EPKPChallengeKeyBas? https://codereview.chromium.org/2841553002/diff/280001/chrome/browser/extensi... File chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api_unittest.cc (right): https://codereview.chromium.org/2841553002/diff/280001/chrome/browser/extensi... chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api_unittest.cc:153: class EPKPChallengeKeyTestBase : public BrowserWithTestWindowTest { On 2017/04/26 22:04:13, The one and only Dr. Crash wrote: > On 2017/04/26 21:19:03, emaxx wrote: > > What about accepting ProfileType in constructor, instead of this a bit tricky > > behavior "descendant class rewrites it"? > > Then it will be, IMO, easier to understand where is it coming from. > > > > Also this would allow creating of extension_ in the constructor, like it was > in > > the original version. The SetUpExtension() and SetUpContext() methods could be > > then removed. > > No, it has to be a param for the tests. It's simpler that way. I suggested to make it the constructor's parameter here in EPKPChallengeKeyTestBase. Then the derived EPKPChallengeMachineKeyAllProfilesTest can call it with GetParam(). It will be simpler because profile_type_ will be known straight away in the base constructor. This means that extension_ can be created in constructor as it was before, and consequently no need for (virtual) SetUpExtension().
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
The CQ bit was checked by drcrash@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at: https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was checked by drcrash@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at: https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by drcrash@chromium.org
The CQ bit was checked by drcrash@chromium.org
CQ is trying da patch. Follow status at: https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
No L-G-T-M from a valid reviewer yet. CQ run can only be started once the patch has received an L-G-T-M from a full committer. Even if an L-G-T-M may have been provided, it was from a non-committer,_not_ a full super star committer. Committers are members of the group "project-chromium-committers". Note that this has nothing to do with OWNERS files.
The CQ bit was checked by drcrash@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at: https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
LGTM % nits And please add some description to the CL. At least, it should mention that this affects the challengeMachineKey method in the chrome.enterprise.platformKeys API. https://codereview.chromium.org/2841553002/diff/340001/chrome/browser/extensi... File chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.h (right): https://codereview.chromium.org/2841553002/diff/340001/chrome/browser/extensi... chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.h:41: class Extension; nit: I think I've already commented on that, so: forward declaration is not the right thing here, you need to include "extensions/common/extension.h", because scoped_refptr doesn't work with incomplete types by default: https://cs.chromium.org/chromium/src/base/memory/ref_counted.h?l=558&rcl=c443... (It works here currently probably because some other header includes extension.h, but that's accidental.) https://codereview.chromium.org/2841553002/diff/340001/chrome/browser/extensi... File chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api_unittest.cc (right): https://codereview.chromium.org/2841553002/diff/340001/chrome/browser/extensi... chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api_unittest.cc:260: EPKPChallengeMachineKeyTest( nit: explicit
Description was changed from ========== Allow machine key challenges by signin profiles. BUG=715121 TEST=unit tests ========== to ========== Allow machine key challenges by signin profiles. This allows calling chrome.enterprise.platformKeys.challengeMachineKey() from a profile that does not have a user associated with it. BUG=715121 TEST=unit tests ==========
The CQ bit was checked by drcrash@chromium.org
The patchset sent to the CQ was uploaded after l-g-t-m from emaxx@chromium.org Link to the patchset: https://codereview.chromium.org/2841553002/#ps360001 (title: "Review nits.")
CQ is trying da patch. Follow status at: https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
CQ is committing da patch.
Bot data: {"patchset_id": 360001, "attempt_start_ts": 1493386281630810,
"parent_rev": "00b1e7279ad1c6b8b538faa9a5c4facd37dc8666", "commit_rev":
"8b9e9fcb9eb5c2408d8488f2f619b51ff24d0470"}
Message was sent while issue was closed.
Description was changed from ========== Allow machine key challenges by signin profiles. This allows calling chrome.enterprise.platformKeys.challengeMachineKey() from a profile that does not have a user associated with it. BUG=715121 TEST=unit tests ========== to ========== Allow machine key challenges by signin profiles. This allows calling chrome.enterprise.platformKeys.challengeMachineKey() from a profile that does not have a user associated with it. BUG=715121 TEST=unit tests Review-Url: https://codereview.chromium.org/2841553002 Cr-Commit-Position: refs/heads/master@{#467991} Committed: https://chromium.googlesource.com/chromium/src/+/8b9e9fcb9eb5c2408d8488f2f619... ==========
Message was sent while issue was closed.
Committed patchset #19 (id:360001) as https://chromium.googlesource.com/chromium/src/+/8b9e9fcb9eb5c2408d8488f2f619... |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
