OLD | NEW |
1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/chromeos/policy/active_directory_policy_manager.h" | 5 #include "chrome/browser/chromeos/policy/active_directory_policy_manager.h" |
6 | 6 |
7 #include <string> | 7 #include <string> |
8 #include <utility> | 8 #include <utility> |
9 | 9 |
10 #include "base/logging.h" | 10 #include "base/logging.h" |
11 #include "base/memory/ptr_util.h" | 11 #include "base/memory/ptr_util.h" |
12 #include "base/threading/thread_task_runner_handle.h" | |
13 #include "chromeos/dbus/auth_policy_client.h" | 12 #include "chromeos/dbus/auth_policy_client.h" |
14 #include "chromeos/dbus/dbus_thread_manager.h" | 13 #include "chromeos/dbus/dbus_thread_manager.h" |
15 #include "components/policy/core/common/policy_bundle.h" | 14 #include "components/policy/core/common/policy_bundle.h" |
16 #include "components/policy/core/common/policy_types.h" | 15 #include "components/policy/core/common/policy_types.h" |
17 #include "components/policy/policy_constants.h" | 16 #include "components/policy/policy_constants.h" |
18 | 17 |
19 namespace { | 18 namespace { |
20 | 19 |
21 // Refresh policy every 90 minutes which matches the Windows default: | 20 // Refresh policy every 90 minutes which matches the Windows default: |
22 // https://technet.microsoft.com/en-us/library/cc940895.aspx | 21 // https://technet.microsoft.com/en-us/library/cc940895.aspx |
23 constexpr base::TimeDelta kRefreshInterval = base::TimeDelta::FromMinutes(90); | 22 constexpr base::TimeDelta kRefreshInterval = base::TimeDelta::FromMinutes(90); |
24 | 23 |
25 // Retry delay in case of |refresh_in_progress_|. | 24 // Backoff interval in case refresh is still running. |
26 constexpr base::TimeDelta kBusyRetryInterval = base::TimeDelta::FromSeconds(1); | 25 constexpr base::TimeDelta kBackoffInterval = base::TimeDelta::FromSeconds(1); |
27 | 26 |
28 } // namespace | 27 } // namespace |
29 | 28 |
30 namespace policy { | 29 namespace policy { |
31 | 30 |
32 ActiveDirectoryPolicyManager::~ActiveDirectoryPolicyManager() {} | 31 ActiveDirectoryPolicyManager::~ActiveDirectoryPolicyManager() {} |
33 | 32 |
34 // static | 33 // static |
35 std::unique_ptr<ActiveDirectoryPolicyManager> | 34 std::unique_ptr<ActiveDirectoryPolicyManager> |
36 ActiveDirectoryPolicyManager::CreateForDevicePolicy( | 35 ActiveDirectoryPolicyManager::CreateForDevicePolicy( |
(...skipping 15 matching lines...) Expand all Loading... |
52 ConfigurationPolicyProvider::Init(registry); | 51 ConfigurationPolicyProvider::Init(registry); |
53 | 52 |
54 store_->AddObserver(this); | 53 store_->AddObserver(this); |
55 if (!store_->is_initialized()) { | 54 if (!store_->is_initialized()) { |
56 store_->Load(); | 55 store_->Load(); |
57 } | 56 } |
58 | 57 |
59 // Does nothing if |store_| hasn't yet initialized. | 58 // Does nothing if |store_| hasn't yet initialized. |
60 PublishPolicy(); | 59 PublishPolicy(); |
61 | 60 |
62 ScheduleAutomaticRefresh(); | 61 scheduler_ = base::MakeUnique<PolicyScheduler>( |
| 62 base::BindRepeating(&ActiveDirectoryPolicyManager::DoRefresh, |
| 63 weak_ptr_factory_.GetWeakPtr()), |
| 64 base::BindRepeating(&ActiveDirectoryPolicyManager::OnPolicyRefreshed, |
| 65 weak_ptr_factory_.GetWeakPtr()), |
| 66 kRefreshInterval, kBackoffInterval); |
63 } | 67 } |
64 | 68 |
65 void ActiveDirectoryPolicyManager::Shutdown() { | 69 void ActiveDirectoryPolicyManager::Shutdown() { |
66 store_->RemoveObserver(this); | 70 store_->RemoveObserver(this); |
67 ConfigurationPolicyProvider::Shutdown(); | 71 ConfigurationPolicyProvider::Shutdown(); |
68 } | 72 } |
69 | 73 |
70 bool ActiveDirectoryPolicyManager::IsInitializationComplete( | 74 bool ActiveDirectoryPolicyManager::IsInitializationComplete( |
71 PolicyDomain domain) const { | 75 PolicyDomain domain) const { |
72 if (domain == POLICY_DOMAIN_CHROME) { | 76 if (domain == POLICY_DOMAIN_CHROME) { |
73 return store_->is_initialized(); | 77 return store_->is_initialized(); |
74 } | 78 } |
75 return true; | 79 return true; |
76 } | 80 } |
77 | 81 |
78 void ActiveDirectoryPolicyManager::RefreshPolicies() { | 82 void ActiveDirectoryPolicyManager::RefreshPolicies() { |
79 ScheduleRefresh(base::TimeDelta()); | 83 scheduler_->ScheduleTask(base::TimeDelta()); |
80 } | 84 } |
81 | 85 |
82 void ActiveDirectoryPolicyManager::OnStoreLoaded( | 86 void ActiveDirectoryPolicyManager::OnStoreLoaded( |
83 CloudPolicyStore* cloud_policy_store) { | 87 CloudPolicyStore* cloud_policy_store) { |
84 DCHECK_EQ(store_.get(), cloud_policy_store); | 88 DCHECK_EQ(store_.get(), cloud_policy_store); |
85 PublishPolicy(); | 89 PublishPolicy(); |
86 } | 90 } |
87 | 91 |
88 void ActiveDirectoryPolicyManager::OnStoreError( | 92 void ActiveDirectoryPolicyManager::OnStoreError( |
89 CloudPolicyStore* cloud_policy_store) { | 93 CloudPolicyStore* cloud_policy_store) { |
90 DCHECK_EQ(store_.get(), cloud_policy_store); | 94 DCHECK_EQ(store_.get(), cloud_policy_store); |
91 // Publish policy (even though it hasn't changed) in order to signal load | 95 // Publish policy (even though it hasn't changed) in order to signal load |
92 // complete on the ConfigurationPolicyProvider interface. Technically, this is | 96 // complete on the ConfigurationPolicyProvider interface. Technically, this is |
93 // only required on the first load, but doesn't hurt in any case. | 97 // only required on the first load, but doesn't hurt in any case. |
94 PublishPolicy(); | 98 PublishPolicy(); |
95 } | 99 } |
96 | 100 |
97 ActiveDirectoryPolicyManager::ActiveDirectoryPolicyManager( | 101 ActiveDirectoryPolicyManager::ActiveDirectoryPolicyManager( |
98 const AccountId& account_id, | 102 const AccountId& account_id, |
99 std::unique_ptr<CloudPolicyStore> store) | 103 std::unique_ptr<CloudPolicyStore> store) |
100 : account_id_(account_id), | 104 : account_id_(account_id), store_(std::move(store)) {} |
101 store_(std::move(store)), | |
102 weak_ptr_factory_(this) {} | |
103 | 105 |
104 void ActiveDirectoryPolicyManager::PublishPolicy() { | 106 void ActiveDirectoryPolicyManager::PublishPolicy() { |
105 if (!store_->is_initialized()) { | 107 if (!store_->is_initialized()) { |
106 return; | 108 return; |
107 } | 109 } |
108 std::unique_ptr<PolicyBundle> bundle = base::MakeUnique<PolicyBundle>(); | 110 std::unique_ptr<PolicyBundle> bundle = base::MakeUnique<PolicyBundle>(); |
109 PolicyMap& policy_map = | 111 PolicyMap& policy_map = |
110 bundle->Get(PolicyNamespace(POLICY_DOMAIN_CHROME, std::string())); | 112 bundle->Get(PolicyNamespace(POLICY_DOMAIN_CHROME, std::string())); |
111 policy_map.CopyFrom(store_->policy_map()); | 113 policy_map.CopyFrom(store_->policy_map()); |
112 | 114 |
113 // Overwrite the source which is POLICY_SOURCE_CLOUD by default. | 115 // Overwrite the source which is POLICY_SOURCE_CLOUD by default. |
114 // TODO(tnagel): Rename CloudPolicyStore to PolicyStore and make the source | 116 // TODO(tnagel): Rename CloudPolicyStore to PolicyStore and make the source |
115 // configurable, then drop PolicyMap::SetSourceForAll(). | 117 // configurable, then drop PolicyMap::SetSourceForAll(). |
116 policy_map.SetSourceForAll(POLICY_SOURCE_ACTIVE_DIRECTORY); | 118 policy_map.SetSourceForAll(POLICY_SOURCE_ACTIVE_DIRECTORY); |
117 SetEnterpriseUsersDefaults(&policy_map); | 119 SetEnterpriseUsersDefaults(&policy_map); |
118 UpdatePolicy(std::move(bundle)); | 120 UpdatePolicy(std::move(bundle)); |
119 } | 121 } |
120 | 122 |
121 void ActiveDirectoryPolicyManager::OnPolicyRefreshed(bool success) { | 123 void ActiveDirectoryPolicyManager::DoRefresh( |
122 if (!success) { | 124 base::OnceCallback<void(bool success)> callback) { |
123 LOG(ERROR) << "Active Directory policy refresh failed."; | |
124 } | |
125 // Load independently of success or failure to keep up to date with whatever | |
126 // has happened on the authpolicyd / session manager side. | |
127 store_->Load(); | |
128 | |
129 refresh_in_progress_ = false; | |
130 last_refresh_ = base::TimeTicks::Now(); | |
131 ScheduleAutomaticRefresh(); | |
132 } | |
133 | |
134 void ActiveDirectoryPolicyManager::ScheduleRefresh(base::TimeDelta delay) { | |
135 if (refresh_task_) { | |
136 refresh_task_->Cancel(); | |
137 } | |
138 refresh_task_ = base::MakeUnique<base::CancelableClosure>( | |
139 base::Bind(&ActiveDirectoryPolicyManager::RunScheduledRefresh, | |
140 weak_ptr_factory_.GetWeakPtr())); | |
141 base::ThreadTaskRunnerHandle::Get()->PostDelayedTask( | |
142 FROM_HERE, refresh_task_->callback(), delay); | |
143 } | |
144 | |
145 void ActiveDirectoryPolicyManager::ScheduleAutomaticRefresh() { | |
146 base::TimeTicks baseline; | |
147 base::TimeDelta interval; | |
148 if (retry_refresh_) { | |
149 baseline = last_refresh_; | |
150 interval = kBusyRetryInterval; | |
151 } else if (last_refresh_ == base::TimeTicks()) { | |
152 baseline = startup_; | |
153 interval = base::TimeDelta(); | |
154 } else { | |
155 baseline = last_refresh_; | |
156 interval = kRefreshInterval; | |
157 } | |
158 base::TimeDelta delay; | |
159 const base::TimeTicks now(base::TimeTicks::Now()); | |
160 if (now < baseline + interval) { | |
161 delay = baseline + interval - now; | |
162 } | |
163 ScheduleRefresh(delay); | |
164 } | |
165 | |
166 void ActiveDirectoryPolicyManager::RunScheduledRefresh() { | |
167 // Abort if a refresh is currently in progress (to avoid D-Bus jobs piling up | |
168 // behind each other). | |
169 if (refresh_in_progress_) { | |
170 retry_refresh_ = true; | |
171 return; | |
172 } | |
173 | |
174 retry_refresh_ = false; | |
175 refresh_in_progress_ = true; | |
176 chromeos::DBusThreadManager* thread_manager = | 125 chromeos::DBusThreadManager* thread_manager = |
177 chromeos::DBusThreadManager::Get(); | 126 chromeos::DBusThreadManager::Get(); |
178 DCHECK(thread_manager); | 127 DCHECK(thread_manager); |
179 chromeos::AuthPolicyClient* auth_policy_client = | 128 chromeos::AuthPolicyClient* auth_policy_client = |
180 thread_manager->GetAuthPolicyClient(); | 129 thread_manager->GetAuthPolicyClient(); |
181 DCHECK(auth_policy_client); | 130 DCHECK(auth_policy_client); |
182 if (account_id_ == EmptyAccountId()) { | 131 if (account_id_ == EmptyAccountId()) { |
183 auth_policy_client->RefreshDevicePolicy( | 132 auth_policy_client->RefreshDevicePolicy(std::move(callback)); |
184 base::Bind(&ActiveDirectoryPolicyManager::OnPolicyRefreshed, | |
185 weak_ptr_factory_.GetWeakPtr())); | |
186 } else { | 133 } else { |
187 auth_policy_client->RefreshUserPolicy( | 134 auth_policy_client->RefreshUserPolicy(account_id_, std::move(callback)); |
188 account_id_, | |
189 base::Bind(&ActiveDirectoryPolicyManager::OnPolicyRefreshed, | |
190 weak_ptr_factory_.GetWeakPtr())); | |
191 } | 135 } |
192 } | 136 } |
193 | 137 |
| 138 void ActiveDirectoryPolicyManager::OnPolicyRefreshed(bool success) { |
| 139 if (!success) { |
| 140 LOG(ERROR) << "Active Directory policy refresh failed."; |
| 141 } |
| 142 // Load independently of success or failure to keep up to date with whatever |
| 143 // has happened on the authpolicyd / session manager side. |
| 144 store_->Load(); |
| 145 } |
| 146 |
194 } // namespace policy | 147 } // namespace policy |
OLD | NEW |