OLD | NEW |
1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/chromeos/policy/active_directory_policy_manager.h" | 5 #include "chrome/browser/chromeos/policy/active_directory_policy_manager.h" |
6 | 6 |
7 #include <string> | 7 #include <string> |
8 #include <utility> | 8 #include <utility> |
9 | 9 |
10 #include "base/logging.h" | 10 #include "base/logging.h" |
11 #include "base/memory/ptr_util.h" | 11 #include "base/memory/ptr_util.h" |
12 #include "base/threading/thread_task_runner_handle.h" | |
13 #include "chromeos/dbus/auth_policy_client.h" | 12 #include "chromeos/dbus/auth_policy_client.h" |
14 #include "chromeos/dbus/dbus_thread_manager.h" | 13 #include "chromeos/dbus/dbus_thread_manager.h" |
15 #include "components/policy/core/common/policy_bundle.h" | 14 #include "components/policy/core/common/policy_bundle.h" |
16 #include "components/policy/core/common/policy_types.h" | 15 #include "components/policy/core/common/policy_types.h" |
17 #include "components/policy/policy_constants.h" | 16 #include "components/policy/policy_constants.h" |
18 | 17 |
19 namespace { | 18 namespace { |
20 | 19 |
21 // Refresh policy every 90 minutes which matches the Windows default: | 20 // Refresh policy every 90 minutes which matches the Windows default: |
22 // https://technet.microsoft.com/en-us/library/cc940895.aspx | 21 // https://technet.microsoft.com/en-us/library/cc940895.aspx |
23 constexpr base::TimeDelta kRefreshInterval = base::TimeDelta::FromMinutes(90); | 22 constexpr base::TimeDelta kRefreshInterval = base::TimeDelta::FromMinutes(90); |
24 | 23 |
25 // Retry delay in case of |refresh_in_progress_|. | |
26 constexpr base::TimeDelta kBusyRetryInterval = base::TimeDelta::FromSeconds(1); | |
27 | |
28 } // namespace | 24 } // namespace |
29 | 25 |
30 namespace policy { | 26 namespace policy { |
31 | 27 |
32 ActiveDirectoryPolicyManager::~ActiveDirectoryPolicyManager() {} | 28 ActiveDirectoryPolicyManager::~ActiveDirectoryPolicyManager() {} |
33 | 29 |
34 // static | 30 // static |
35 std::unique_ptr<ActiveDirectoryPolicyManager> | 31 std::unique_ptr<ActiveDirectoryPolicyManager> |
36 ActiveDirectoryPolicyManager::CreateForDevicePolicy( | 32 ActiveDirectoryPolicyManager::CreateForDevicePolicy( |
37 std::unique_ptr<CloudPolicyStore> store) { | 33 std::unique_ptr<CloudPolicyStore> store) { |
(...skipping 14 matching lines...) Expand all Loading... |
52 ConfigurationPolicyProvider::Init(registry); | 48 ConfigurationPolicyProvider::Init(registry); |
53 | 49 |
54 store_->AddObserver(this); | 50 store_->AddObserver(this); |
55 if (!store_->is_initialized()) { | 51 if (!store_->is_initialized()) { |
56 store_->Load(); | 52 store_->Load(); |
57 } | 53 } |
58 | 54 |
59 // Does nothing if |store_| hasn't yet initialized. | 55 // Does nothing if |store_| hasn't yet initialized. |
60 PublishPolicy(); | 56 PublishPolicy(); |
61 | 57 |
62 ScheduleAutomaticRefresh(); | 58 scheduler_ = base::MakeUnique<PolicyScheduler>( |
| 59 base::BindRepeating(&ActiveDirectoryPolicyManager::DoRefresh, |
| 60 weak_ptr_factory_.GetWeakPtr()), |
| 61 base::BindRepeating(&ActiveDirectoryPolicyManager::OnPolicyRefreshed, |
| 62 weak_ptr_factory_.GetWeakPtr()), |
| 63 kRefreshInterval); |
63 } | 64 } |
64 | 65 |
65 void ActiveDirectoryPolicyManager::Shutdown() { | 66 void ActiveDirectoryPolicyManager::Shutdown() { |
66 store_->RemoveObserver(this); | 67 store_->RemoveObserver(this); |
67 ConfigurationPolicyProvider::Shutdown(); | 68 ConfigurationPolicyProvider::Shutdown(); |
68 } | 69 } |
69 | 70 |
70 bool ActiveDirectoryPolicyManager::IsInitializationComplete( | 71 bool ActiveDirectoryPolicyManager::IsInitializationComplete( |
71 PolicyDomain domain) const { | 72 PolicyDomain domain) const { |
72 if (domain == POLICY_DOMAIN_CHROME) { | 73 if (domain == POLICY_DOMAIN_CHROME) { |
73 return store_->is_initialized(); | 74 return store_->is_initialized(); |
74 } | 75 } |
75 return true; | 76 return true; |
76 } | 77 } |
77 | 78 |
78 void ActiveDirectoryPolicyManager::RefreshPolicies() { | 79 void ActiveDirectoryPolicyManager::RefreshPolicies() { |
79 ScheduleRefresh(base::TimeDelta()); | 80 scheduler_->ScheduleTaskNow(); |
80 } | 81 } |
81 | 82 |
82 void ActiveDirectoryPolicyManager::OnStoreLoaded( | 83 void ActiveDirectoryPolicyManager::OnStoreLoaded( |
83 CloudPolicyStore* cloud_policy_store) { | 84 CloudPolicyStore* cloud_policy_store) { |
84 DCHECK_EQ(store_.get(), cloud_policy_store); | 85 DCHECK_EQ(store_.get(), cloud_policy_store); |
85 PublishPolicy(); | 86 PublishPolicy(); |
86 } | 87 } |
87 | 88 |
88 void ActiveDirectoryPolicyManager::OnStoreError( | 89 void ActiveDirectoryPolicyManager::OnStoreError( |
89 CloudPolicyStore* cloud_policy_store) { | 90 CloudPolicyStore* cloud_policy_store) { |
90 DCHECK_EQ(store_.get(), cloud_policy_store); | 91 DCHECK_EQ(store_.get(), cloud_policy_store); |
91 // Publish policy (even though it hasn't changed) in order to signal load | 92 // Publish policy (even though it hasn't changed) in order to signal load |
92 // complete on the ConfigurationPolicyProvider interface. Technically, this is | 93 // complete on the ConfigurationPolicyProvider interface. Technically, this is |
93 // only required on the first load, but doesn't hurt in any case. | 94 // only required on the first load, but doesn't hurt in any case. |
94 PublishPolicy(); | 95 PublishPolicy(); |
95 } | 96 } |
96 | 97 |
97 ActiveDirectoryPolicyManager::ActiveDirectoryPolicyManager( | 98 ActiveDirectoryPolicyManager::ActiveDirectoryPolicyManager( |
98 const AccountId& account_id, | 99 const AccountId& account_id, |
99 std::unique_ptr<CloudPolicyStore> store) | 100 std::unique_ptr<CloudPolicyStore> store) |
100 : account_id_(account_id), | 101 : account_id_(account_id), store_(std::move(store)) {} |
101 store_(std::move(store)), | |
102 weak_ptr_factory_(this) {} | |
103 | 102 |
104 void ActiveDirectoryPolicyManager::PublishPolicy() { | 103 void ActiveDirectoryPolicyManager::PublishPolicy() { |
105 if (!store_->is_initialized()) { | 104 if (!store_->is_initialized()) { |
106 return; | 105 return; |
107 } | 106 } |
108 std::unique_ptr<PolicyBundle> bundle = base::MakeUnique<PolicyBundle>(); | 107 std::unique_ptr<PolicyBundle> bundle = base::MakeUnique<PolicyBundle>(); |
109 PolicyMap& policy_map = | 108 PolicyMap& policy_map = |
110 bundle->Get(PolicyNamespace(POLICY_DOMAIN_CHROME, std::string())); | 109 bundle->Get(PolicyNamespace(POLICY_DOMAIN_CHROME, std::string())); |
111 policy_map.CopyFrom(store_->policy_map()); | 110 policy_map.CopyFrom(store_->policy_map()); |
112 | 111 |
113 // Overwrite the source which is POLICY_SOURCE_CLOUD by default. | 112 // Overwrite the source which is POLICY_SOURCE_CLOUD by default. |
114 // TODO(tnagel): Rename CloudPolicyStore to PolicyStore and make the source | 113 // TODO(tnagel): Rename CloudPolicyStore to PolicyStore and make the source |
115 // configurable, then drop PolicyMap::SetSourceForAll(). | 114 // configurable, then drop PolicyMap::SetSourceForAll(). |
116 policy_map.SetSourceForAll(POLICY_SOURCE_ACTIVE_DIRECTORY); | 115 policy_map.SetSourceForAll(POLICY_SOURCE_ACTIVE_DIRECTORY); |
117 SetEnterpriseUsersDefaults(&policy_map); | 116 SetEnterpriseUsersDefaults(&policy_map); |
118 UpdatePolicy(std::move(bundle)); | 117 UpdatePolicy(std::move(bundle)); |
119 } | 118 } |
120 | 119 |
121 void ActiveDirectoryPolicyManager::OnPolicyRefreshed(bool success) { | 120 void ActiveDirectoryPolicyManager::DoRefresh( |
122 if (!success) { | 121 base::OnceCallback<void(bool success)> callback) { |
123 LOG(ERROR) << "Active Directory policy refresh failed."; | |
124 } | |
125 // Load independently of success or failure to keep up to date with whatever | |
126 // has happened on the authpolicyd / session manager side. | |
127 store_->Load(); | |
128 | |
129 refresh_in_progress_ = false; | |
130 last_refresh_ = base::TimeTicks::Now(); | |
131 ScheduleAutomaticRefresh(); | |
132 } | |
133 | |
134 void ActiveDirectoryPolicyManager::ScheduleRefresh(base::TimeDelta delay) { | |
135 if (refresh_task_) { | |
136 refresh_task_->Cancel(); | |
137 } | |
138 refresh_task_ = base::MakeUnique<base::CancelableClosure>( | |
139 base::Bind(&ActiveDirectoryPolicyManager::RunScheduledRefresh, | |
140 weak_ptr_factory_.GetWeakPtr())); | |
141 base::ThreadTaskRunnerHandle::Get()->PostDelayedTask( | |
142 FROM_HERE, refresh_task_->callback(), delay); | |
143 } | |
144 | |
145 void ActiveDirectoryPolicyManager::ScheduleAutomaticRefresh() { | |
146 base::TimeTicks baseline; | |
147 base::TimeDelta interval; | |
148 if (retry_refresh_) { | |
149 baseline = last_refresh_; | |
150 interval = kBusyRetryInterval; | |
151 } else if (last_refresh_ == base::TimeTicks()) { | |
152 baseline = startup_; | |
153 interval = base::TimeDelta(); | |
154 } else { | |
155 baseline = last_refresh_; | |
156 interval = kRefreshInterval; | |
157 } | |
158 base::TimeDelta delay; | |
159 const base::TimeTicks now(base::TimeTicks::Now()); | |
160 if (now < baseline + interval) { | |
161 delay = baseline + interval - now; | |
162 } | |
163 ScheduleRefresh(delay); | |
164 } | |
165 | |
166 void ActiveDirectoryPolicyManager::RunScheduledRefresh() { | |
167 // Abort if a refresh is currently in progress (to avoid D-Bus jobs piling up | |
168 // behind each other). | |
169 if (refresh_in_progress_) { | |
170 retry_refresh_ = true; | |
171 return; | |
172 } | |
173 | |
174 retry_refresh_ = false; | |
175 refresh_in_progress_ = true; | |
176 chromeos::DBusThreadManager* thread_manager = | 122 chromeos::DBusThreadManager* thread_manager = |
177 chromeos::DBusThreadManager::Get(); | 123 chromeos::DBusThreadManager::Get(); |
178 DCHECK(thread_manager); | 124 DCHECK(thread_manager); |
179 chromeos::AuthPolicyClient* auth_policy_client = | 125 chromeos::AuthPolicyClient* auth_policy_client = |
180 thread_manager->GetAuthPolicyClient(); | 126 thread_manager->GetAuthPolicyClient(); |
181 DCHECK(auth_policy_client); | 127 DCHECK(auth_policy_client); |
182 if (account_id_ == EmptyAccountId()) { | 128 if (account_id_ == EmptyAccountId()) { |
183 auth_policy_client->RefreshDevicePolicy( | 129 auth_policy_client->RefreshDevicePolicy(std::move(callback)); |
184 base::Bind(&ActiveDirectoryPolicyManager::OnPolicyRefreshed, | |
185 weak_ptr_factory_.GetWeakPtr())); | |
186 } else { | 130 } else { |
187 auth_policy_client->RefreshUserPolicy( | 131 auth_policy_client->RefreshUserPolicy(account_id_, std::move(callback)); |
188 account_id_, | |
189 base::Bind(&ActiveDirectoryPolicyManager::OnPolicyRefreshed, | |
190 weak_ptr_factory_.GetWeakPtr())); | |
191 } | 132 } |
192 } | 133 } |
193 | 134 |
| 135 void ActiveDirectoryPolicyManager::OnPolicyRefreshed(bool success) { |
| 136 if (!success) { |
| 137 LOG(ERROR) << "Active Directory policy refresh failed."; |
| 138 } |
| 139 // Load independently of success or failure to keep up to date with whatever |
| 140 // has happened on the authpolicyd / session manager side. |
| 141 store_->Load(); |
| 142 } |
| 143 |
194 } // namespace policy | 144 } // namespace policy |
OLD | NEW |