| OLD | NEW |
|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/policy/active_directory_policy_manager.h" | 5 #include "chrome/browser/chromeos/policy/active_directory_policy_manager.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 #include <utility> | 8 #include <utility> |
| 9 | 9 |
| 10 #include "base/logging.h" | 10 #include "base/logging.h" |
| 11 #include "base/memory/ptr_util.h" | 11 #include "base/memory/ptr_util.h" |
| 12 #include "base/threading/thread_task_runner_handle.h" | |
| 13 #include "chromeos/dbus/auth_policy_client.h" | 12 #include "chromeos/dbus/auth_policy_client.h" |
| 14 #include "chromeos/dbus/dbus_thread_manager.h" | 13 #include "chromeos/dbus/dbus_thread_manager.h" |
| 15 #include "components/policy/core/common/policy_bundle.h" | 14 #include "components/policy/core/common/policy_bundle.h" |
| 16 #include "components/policy/core/common/policy_types.h" | 15 #include "components/policy/core/common/policy_types.h" |
| 17 #include "components/policy/policy_constants.h" | 16 #include "components/policy/policy_constants.h" |
| 18 | 17 |
| 19 namespace { | 18 namespace { |
| 20 | 19 |
| 21 // Refresh policy every 90 minutes which matches the Windows default: | 20 // Refresh policy every 90 minutes which matches the Windows default: |
| 22 // https://technet.microsoft.com/en-us/library/cc940895.aspx | 21 // https://technet.microsoft.com/en-us/library/cc940895.aspx |
| 23 constexpr base::TimeDelta kRefreshInterval = base::TimeDelta::FromMinutes(90); | 22 constexpr base::TimeDelta kRefreshInterval = base::TimeDelta::FromMinutes(90); |
| 24 | 23 |
| 25 // Retry delay in case of |refresh_in_progress_|. | |
| 26 constexpr base::TimeDelta kBusyRetryInterval = base::TimeDelta::FromSeconds(1); | |
| 27 | |
| 28 } // namespace | 24 } // namespace |
| 29 | 25 |
| 30 namespace policy { | 26 namespace policy { |
| 31 | 27 |
| 32 ActiveDirectoryPolicyManager::~ActiveDirectoryPolicyManager() {} | 28 ActiveDirectoryPolicyManager::~ActiveDirectoryPolicyManager() {} |
| 33 | 29 |
| 34 // static | 30 // static |
| 35 std::unique_ptr<ActiveDirectoryPolicyManager> | 31 std::unique_ptr<ActiveDirectoryPolicyManager> |
| 36 ActiveDirectoryPolicyManager::CreateForDevicePolicy( | 32 ActiveDirectoryPolicyManager::CreateForDevicePolicy( |
| 37 std::unique_ptr<CloudPolicyStore> store) { | 33 std::unique_ptr<CloudPolicyStore> store) { |
| (...skipping 14 matching lines...) Expand all Loading... |
| 52 ConfigurationPolicyProvider::Init(registry); | 48 ConfigurationPolicyProvider::Init(registry); |
| 53 | 49 |
| 54 store_->AddObserver(this); | 50 store_->AddObserver(this); |
| 55 if (!store_->is_initialized()) { | 51 if (!store_->is_initialized()) { |
| 56 store_->Load(); | 52 store_->Load(); |
| 57 } | 53 } |
| 58 | 54 |
| 59 // Does nothing if |store_| hasn't yet initialized. | 55 // Does nothing if |store_| hasn't yet initialized. |
| 60 PublishPolicy(); | 56 PublishPolicy(); |
| 61 | 57 |
| 62 ScheduleAutomaticRefresh(); | 58 scheduler_ = base::MakeUnique<PolicyScheduler>( |
| 59 base::BindRepeating(&ActiveDirectoryPolicyManager::DoRefresh, |
| 60 weak_ptr_factory_.GetWeakPtr()), |
| 61 base::BindRepeating(&ActiveDirectoryPolicyManager::OnPolicyRefreshed, |
| 62 weak_ptr_factory_.GetWeakPtr()), |
| 63 kRefreshInterval); |
| 63 } | 64 } |
| 64 | 65 |
| 65 void ActiveDirectoryPolicyManager::Shutdown() { | 66 void ActiveDirectoryPolicyManager::Shutdown() { |
| 66 store_->RemoveObserver(this); | 67 store_->RemoveObserver(this); |
| 67 ConfigurationPolicyProvider::Shutdown(); | 68 ConfigurationPolicyProvider::Shutdown(); |
| 68 } | 69 } |
| 69 | 70 |
| 70 bool ActiveDirectoryPolicyManager::IsInitializationComplete( | 71 bool ActiveDirectoryPolicyManager::IsInitializationComplete( |
| 71 PolicyDomain domain) const { | 72 PolicyDomain domain) const { |
| 72 if (domain == POLICY_DOMAIN_CHROME) { | 73 if (domain == POLICY_DOMAIN_CHROME) { |
| 73 return store_->is_initialized(); | 74 return store_->is_initialized(); |
| 74 } | 75 } |
| 75 return true; | 76 return true; |
| 76 } | 77 } |
| 77 | 78 |
| 78 void ActiveDirectoryPolicyManager::RefreshPolicies() { | 79 void ActiveDirectoryPolicyManager::RefreshPolicies() { |
| 79 ScheduleRefresh(base::TimeDelta()); | 80 scheduler_->ScheduleTaskNow(); |
| 80 } | 81 } |
| 81 | 82 |
| 82 void ActiveDirectoryPolicyManager::OnStoreLoaded( | 83 void ActiveDirectoryPolicyManager::OnStoreLoaded( |
| 83 CloudPolicyStore* cloud_policy_store) { | 84 CloudPolicyStore* cloud_policy_store) { |
| 84 DCHECK_EQ(store_.get(), cloud_policy_store); | 85 DCHECK_EQ(store_.get(), cloud_policy_store); |
| 85 PublishPolicy(); | 86 PublishPolicy(); |
| 86 } | 87 } |
| 87 | 88 |
| 88 void ActiveDirectoryPolicyManager::OnStoreError( | 89 void ActiveDirectoryPolicyManager::OnStoreError( |
| 89 CloudPolicyStore* cloud_policy_store) { | 90 CloudPolicyStore* cloud_policy_store) { |
| 90 DCHECK_EQ(store_.get(), cloud_policy_store); | 91 DCHECK_EQ(store_.get(), cloud_policy_store); |
| 91 // Publish policy (even though it hasn't changed) in order to signal load | 92 // Publish policy (even though it hasn't changed) in order to signal load |
| 92 // complete on the ConfigurationPolicyProvider interface. Technically, this is | 93 // complete on the ConfigurationPolicyProvider interface. Technically, this is |
| 93 // only required on the first load, but doesn't hurt in any case. | 94 // only required on the first load, but doesn't hurt in any case. |
| 94 PublishPolicy(); | 95 PublishPolicy(); |
| 95 } | 96 } |
| 96 | 97 |
| 97 ActiveDirectoryPolicyManager::ActiveDirectoryPolicyManager( | 98 ActiveDirectoryPolicyManager::ActiveDirectoryPolicyManager( |
| 98 const AccountId& account_id, | 99 const AccountId& account_id, |
| 99 std::unique_ptr<CloudPolicyStore> store) | 100 std::unique_ptr<CloudPolicyStore> store) |
| 100 : account_id_(account_id), | 101 : account_id_(account_id), store_(std::move(store)) {} |
| 101 store_(std::move(store)), | |
| 102 weak_ptr_factory_(this) {} | |
| 103 | 102 |
| 104 void ActiveDirectoryPolicyManager::PublishPolicy() { | 103 void ActiveDirectoryPolicyManager::PublishPolicy() { |
| 105 if (!store_->is_initialized()) { | 104 if (!store_->is_initialized()) { |
| 106 return; | 105 return; |
| 107 } | 106 } |
| 108 std::unique_ptr<PolicyBundle> bundle = base::MakeUnique<PolicyBundle>(); | 107 std::unique_ptr<PolicyBundle> bundle = base::MakeUnique<PolicyBundle>(); |
| 109 PolicyMap& policy_map = | 108 PolicyMap& policy_map = |
| 110 bundle->Get(PolicyNamespace(POLICY_DOMAIN_CHROME, std::string())); | 109 bundle->Get(PolicyNamespace(POLICY_DOMAIN_CHROME, std::string())); |
| 111 policy_map.CopyFrom(store_->policy_map()); | 110 policy_map.CopyFrom(store_->policy_map()); |
| 112 | 111 |
| 113 // Overwrite the source which is POLICY_SOURCE_CLOUD by default. | 112 // Overwrite the source which is POLICY_SOURCE_CLOUD by default. |
| 114 // TODO(tnagel): Rename CloudPolicyStore to PolicyStore and make the source | 113 // TODO(tnagel): Rename CloudPolicyStore to PolicyStore and make the source |
| 115 // configurable, then drop PolicyMap::SetSourceForAll(). | 114 // configurable, then drop PolicyMap::SetSourceForAll(). |
| 116 policy_map.SetSourceForAll(POLICY_SOURCE_ACTIVE_DIRECTORY); | 115 policy_map.SetSourceForAll(POLICY_SOURCE_ACTIVE_DIRECTORY); |
| 117 SetEnterpriseUsersDefaults(&policy_map); | 116 SetEnterpriseUsersDefaults(&policy_map); |
| 118 UpdatePolicy(std::move(bundle)); | 117 UpdatePolicy(std::move(bundle)); |
| 119 } | 118 } |
| 120 | 119 |
| 121 void ActiveDirectoryPolicyManager::OnPolicyRefreshed(bool success) { | 120 void ActiveDirectoryPolicyManager::DoRefresh( |
| 122 if (!success) { | 121 base::OnceCallback<void(bool success)> callback) { |
| 123 LOG(ERROR) << "Active Directory policy refresh failed."; | |
| 124 } | |
| 125 // Load independently of success or failure to keep up to date with whatever | |
| 126 // has happened on the authpolicyd / session manager side. | |
| 127 store_->Load(); | |
| 128 | |
| 129 refresh_in_progress_ = false; | |
| 130 last_refresh_ = base::TimeTicks::Now(); | |
| 131 ScheduleAutomaticRefresh(); | |
| 132 } | |
| 133 | |
| 134 void ActiveDirectoryPolicyManager::ScheduleRefresh(base::TimeDelta delay) { | |
| 135 if (refresh_task_) { | |
| 136 refresh_task_->Cancel(); | |
| 137 } | |
| 138 refresh_task_ = base::MakeUnique<base::CancelableClosure>( | |
| 139 base::Bind(&ActiveDirectoryPolicyManager::RunScheduledRefresh, | |
| 140 weak_ptr_factory_.GetWeakPtr())); | |
| 141 base::ThreadTaskRunnerHandle::Get()->PostDelayedTask( | |
| 142 FROM_HERE, refresh_task_->callback(), delay); | |
| 143 } | |
| 144 | |
| 145 void ActiveDirectoryPolicyManager::ScheduleAutomaticRefresh() { | |
| 146 base::TimeTicks baseline; | |
| 147 base::TimeDelta interval; | |
| 148 if (retry_refresh_) { | |
| 149 baseline = last_refresh_; | |
| 150 interval = kBusyRetryInterval; | |
| 151 } else if (last_refresh_ == base::TimeTicks()) { | |
| 152 baseline = startup_; | |
| 153 interval = base::TimeDelta(); | |
| 154 } else { | |
| 155 baseline = last_refresh_; | |
| 156 interval = kRefreshInterval; | |
| 157 } | |
| 158 base::TimeDelta delay; | |
| 159 const base::TimeTicks now(base::TimeTicks::Now()); | |
| 160 if (now < baseline + interval) { | |
| 161 delay = baseline + interval - now; | |
| 162 } | |
| 163 ScheduleRefresh(delay); | |
| 164 } | |
| 165 | |
| 166 void ActiveDirectoryPolicyManager::RunScheduledRefresh() { | |
| 167 // Abort if a refresh is currently in progress (to avoid D-Bus jobs piling up | |
| 168 // behind each other). | |
| 169 if (refresh_in_progress_) { | |
| 170 retry_refresh_ = true; | |
| 171 return; | |
| 172 } | |
| 173 | |
| 174 retry_refresh_ = false; | |
| 175 refresh_in_progress_ = true; | |
| 176 chromeos::DBusThreadManager* thread_manager = | 122 chromeos::DBusThreadManager* thread_manager = |
| 177 chromeos::DBusThreadManager::Get(); | 123 chromeos::DBusThreadManager::Get(); |
| 178 DCHECK(thread_manager); | 124 DCHECK(thread_manager); |
| 179 chromeos::AuthPolicyClient* auth_policy_client = | 125 chromeos::AuthPolicyClient* auth_policy_client = |
| 180 thread_manager->GetAuthPolicyClient(); | 126 thread_manager->GetAuthPolicyClient(); |
| 181 DCHECK(auth_policy_client); | 127 DCHECK(auth_policy_client); |
| 182 if (account_id_ == EmptyAccountId()) { | 128 if (account_id_ == EmptyAccountId()) { |
| 183 auth_policy_client->RefreshDevicePolicy( | 129 auth_policy_client->RefreshDevicePolicy(std::move(callback)); |
| 184 base::Bind(&ActiveDirectoryPolicyManager::OnPolicyRefreshed, | |
| 185 weak_ptr_factory_.GetWeakPtr())); | |
| 186 } else { | 130 } else { |
| 187 auth_policy_client->RefreshUserPolicy( | 131 auth_policy_client->RefreshUserPolicy(account_id_, std::move(callback)); |
| 188 account_id_, | |
| 189 base::Bind(&ActiveDirectoryPolicyManager::OnPolicyRefreshed, | |
| 190 weak_ptr_factory_.GetWeakPtr())); | |
| 191 } | 132 } |
| 192 } | 133 } |
| 193 | 134 |
| 135 void ActiveDirectoryPolicyManager::OnPolicyRefreshed(bool success) { |
| 136 if (!success) { |
| 137 LOG(ERROR) << "Active Directory policy refresh failed."; |
| 138 } |
| 139 // Load independently of success or failure to keep up to date with whatever |
| 140 // has happened on the authpolicyd / session manager side. |
| 141 store_->Load(); |
| 142 } |
| 143 |
| 194 } // namespace policy | 144 } // namespace policy |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2942373002:
Extract AD policy scheduler into separate class (Closed)
