| Index: chrome/browser/chromeos/policy/active_directory_policy_manager.h
|
| diff --git a/chrome/browser/chromeos/policy/active_directory_policy_manager.h b/chrome/browser/chromeos/policy/active_directory_policy_manager.h
|
| index 46cf742e3f35dd633174965ce6ff71098e0418d7..5502fb82bf12a1d85b2aa57617ee31e4b1821401 100644
|
| --- a/chrome/browser/chromeos/policy/active_directory_policy_manager.h
|
| +++ b/chrome/browser/chromeos/policy/active_directory_policy_manager.h
|
| @@ -7,8 +7,11 @@
|
|
|
| #include <memory>
|
|
|
| +#include "base/bind.h"
|
| #include "base/macros.h"
|
| #include "base/memory/weak_ptr.h"
|
| +#include "base/time/time.h"
|
| +#include "base/timer/timer.h"
|
| #include "components/policy/core/common/cloud/cloud_policy_store.h"
|
| #include "components/policy/core/common/configuration_policy_provider.h"
|
| #include "components/policy/core/common/policy_scheduler.h"
|
| @@ -18,9 +21,11 @@ namespace policy {
|
|
|
| // ConfigurationPolicyProvider for device or user policy from Active Directory.
|
| // The choice of constructor determines whether device or user policy is
|
| -// provided. The policy is fetched from the Domain Controller by authpolicyd
|
| -// which stores it in session manager and from where it is loaded by
|
| -// ActiveDirectoryPolicyManager.
|
| +// provided.
|
| +// Data flow: Triggered by DoPolicyFetch(), policy is fetched by authpolicyd and
|
| +// stored in session manager with completion indicated by OnPolicyFetched().
|
| +// From there policy load from session manager is triggered, completion of which
|
| +// is notified via OnStoreLoaded()/OnStoreError().
|
| class ActiveDirectoryPolicyManager : public ConfigurationPolicyProvider,
|
| public CloudPolicyStore::Observer {
|
| public:
|
| @@ -33,6 +38,8 @@ class ActiveDirectoryPolicyManager : public ConfigurationPolicyProvider,
|
| // Create manager for |accound_id| user policy.
|
| static std::unique_ptr<ActiveDirectoryPolicyManager> CreateForUserPolicy(
|
| const AccountId& account_id,
|
| + base::TimeDelta initial_policy_fetch_timeout,
|
| + base::OnceClosure exit_session,
|
| std::unique_ptr<CloudPolicyStore> store);
|
|
|
| // ConfigurationPolicyProvider:
|
| @@ -47,10 +54,25 @@ class ActiveDirectoryPolicyManager : public ConfigurationPolicyProvider,
|
|
|
| CloudPolicyStore* store() const { return store_.get(); }
|
|
|
| + // Helper function to force a policy fetch timeout.
|
| + void ForceTimeoutForTest();
|
| +
|
| private:
|
| - // |account_id| specifies the user to manage policy for. If |account_id| is
|
| + // |account_id| specifies the user to manage policy for. If |account_id| is
|
| // empty, device policy is managed.
|
| + //
|
| + // The following applies to user policy only: If
|
| + // |initial_policy_fetch_timeout| is non-zero, IsInitializationComplete() is
|
| + // forced to false until either there has been a successful policy fetch from
|
| + // the server and a subsequent successful load from session manager or
|
| + // |initial_policy_fetch_timeout| has expired and there has been a successful
|
| + // load from session manager. The timeout may be set to TimeDelta::Max() to
|
| + // enforce successful policy fetch. In case the conditions for signaling
|
| + // initialization complete are not met, the user session is aborted by calling
|
| + // |exit_session|.
|
| ActiveDirectoryPolicyManager(const AccountId& account_id,
|
| + base::TimeDelta initial_policy_fetch_timeout,
|
| + base::OnceClosure exit_session,
|
| std::unique_ptr<CloudPolicyStore> store);
|
|
|
| // Publish the policy that's currently cached in the store.
|
| @@ -58,14 +80,49 @@ class ActiveDirectoryPolicyManager : public ConfigurationPolicyProvider,
|
|
|
| // Calls into authpolicyd to fetch policy. Reports success or failure via
|
| // |callback|.
|
| - void DoFetch(PolicyScheduler::TaskCallback callback);
|
| + void DoPolicyFetch(PolicyScheduler::TaskCallback callback);
|
|
|
| - // Called by scheduler with result of policy fetch.
|
| + // Called by scheduler with result of policy fetch. This covers policy
|
| + // download, parsing and storing into session manager. (To access and publish
|
| + // the policy, the store needs to be reloaded from session manager.)
|
| void OnPolicyFetched(bool success);
|
|
|
| + // Called when |initial_policy_timeout_| times out, to cancel the blocking
|
| + // wait for the initial policy fetch.
|
| + void OnBlockingFetchTimeout();
|
| +
|
| + // Cancels waiting for the initial policy fetch/load and flags the
|
| + // ConfigurationPolicyProvider ready (assuming all other initialization tasks
|
| + // have completed) or exits the session in case the requirements to continue
|
| + // have not been met. |success| denotes whether the policy fetch was
|
| + // successful.
|
| + void CancelWaitForInitialPolicy(bool success);
|
| +
|
| const AccountId account_id_;
|
| - std::unique_ptr<CloudPolicyStore> store_;
|
|
|
| + // Whether we're waiting for a policy fetch to complete before reporting
|
| + // IsInitializationComplete().
|
| + bool waiting_for_initial_policy_fetch_;
|
| +
|
| + // Whether the user session is continued in case of failure of initial policy
|
| + // fetch.
|
| + bool initial_policy_fetch_may_fail_;
|
| +
|
| + // Whether policy fetch has ever been reported as completed by authpolicyd.
|
| + bool fetch_ever_completed_ = false;
|
| +
|
| + // Whether policy fetch has ever been reported as successful by authpolicyd.
|
| + bool fetch_ever_succeeded_ = false;
|
| +
|
| + // A timer that puts a hard limit on the maximum time to wait for the initial
|
| + // policy fetch/load.
|
| + base::Timer initial_policy_timeout_{false /* retain_user_task */,
|
| + false /* is_repeating */};
|
| +
|
| + // Callback to exit the session.
|
| + base::OnceClosure exit_session_;
|
| +
|
| + std::unique_ptr<CloudPolicyStore> store_;
|
| std::unique_ptr<PolicyScheduler> scheduler_;
|
|
|
| // Must be last member.
|
|
|
Chromium Code Reviews
Issue 2954293002:
Chromad: Prevent session from starting without policy (Closed)
