| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/settings/device_settings_service.h" | 5 #include "chrome/browser/chromeos/settings/device_settings_service.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/logging.h" | 8 #include "base/logging.h" |
| 9 #include "base/message_loop/message_loop.h" | 9 #include "base/message_loop/message_loop.h" |
| 10 #include "base/stl_util.h" | 10 #include "base/stl_util.h" |
| (...skipping 17 matching lines...) Loading... |
| 28 | 28 |
| 29 // Delay between load retries when there was a validation error. | 29 // Delay between load retries when there was a validation error. |
| 30 // NOTE: This code is here to mitigate clock loss on some devices where policy | 30 // NOTE: This code is here to mitigate clock loss on some devices where policy |
| 31 // loads will fail with a validation error caused by RTC clock being reset when | 31 // loads will fail with a validation error caused by RTC clock being reset when |
| 32 // the battery is drained. | 32 // the battery is drained. |
| 33 int kLoadRetryDelayMs = 1000 * 5; | 33 int kLoadRetryDelayMs = 1000 * 5; |
| 34 // Maximal number of retries before we give up. Calculated to allow for 10 min | 34 // Maximal number of retries before we give up. Calculated to allow for 10 min |
| 35 // of retry time. | 35 // of retry time. |
| 36 int kMaxLoadRetries = (1000 * 60 * 10) / kLoadRetryDelayMs; | 36 int kMaxLoadRetries = (1000 * 60 * 10) / kLoadRetryDelayMs; |
| 37 | 37 |
| 38 // Assembles PolicyData based on |settings|, |policy_data| and | |
| 39 // |user_id|. | |
| 40 scoped_ptr<em::PolicyData> AssemblePolicy( | |
| 41 const std::string& user_id, | |
| 42 const em::PolicyData* policy_data, | |
| 43 const em::ChromeDeviceSettingsProto* settings) { | |
| 44 scoped_ptr<em::PolicyData> policy(new em::PolicyData()); | |
| 45 if (policy_data) { | |
| 46 // Preserve management settings. | |
| 47 if (policy_data->has_management_mode()) | |
| 48 policy->set_management_mode(policy_data->management_mode()); | |
| 49 if (policy_data->has_request_token()) | |
| 50 policy->set_request_token(policy_data->request_token()); | |
| 51 if (policy_data->has_device_id()) | |
| 52 policy->set_device_id(policy_data->device_id()); | |
| 53 } else { | |
| 54 // If there's no previous policy data, this is the first time the device | |
| 55 // setting is set. We set the management mode to NOT_MANAGED initially. | |
| 56 policy->set_management_mode(em::PolicyData::NOT_MANAGED); | |
| 57 } | |
| 58 policy->set_policy_type(policy::dm_protocol::kChromeDevicePolicyType); | |
| 59 policy->set_timestamp( | |
| 60 (base::Time::Now() - base::Time::UnixEpoch()).InMilliseconds()); | |
| 61 policy->set_username(user_id); | |
| 62 if (!settings->SerializeToString(policy->mutable_policy_value())) | |
| 63 return scoped_ptr<em::PolicyData>(); | |
| 64 | |
| 65 return policy.Pass(); | |
| 66 } | |
| 67 | |
| 68 // Returns true if it is okay to transfer from the current mode to the new | |
| 69 // mode. This function should be called in SetManagementMode(). | |
| 70 bool CheckManagementModeTransition(em::PolicyData::ManagementMode current_mode, | |
| 71 em::PolicyData::ManagementMode new_mode) { | |
| 72 // Mode is not changed. | |
| 73 if (current_mode == new_mode) | |
| 74 return true; | |
| 75 | |
| 76 switch (current_mode) { | |
| 77 case em::PolicyData::NOT_MANAGED: | |
| 78 // For consumer management enrollment. | |
| 79 return new_mode == em::PolicyData::CONSUMER_MANAGED; | |
| 80 | |
| 81 case em::PolicyData::ENTERPRISE_MANAGED: | |
| 82 // Management mode cannot be set when it is currently ENTERPRISE_MANAGED. | |
| 83 return false; | |
| 84 | |
| 85 case em::PolicyData::CONSUMER_MANAGED: | |
| 86 // For consumer management unenrollment. | |
| 87 return new_mode == em::PolicyData::NOT_MANAGED; | |
| 88 } | |
| 89 | |
| 90 NOTREACHED(); | |
| 91 return false; | |
| 92 } | |
| 93 | |
| 94 } // namespace | 38 } // namespace |
| 95 | 39 |
| 96 namespace chromeos { | 40 namespace chromeos { |
| 97 | 41 |
| 98 DeviceSettingsService::Observer::~Observer() {} | 42 DeviceSettingsService::Observer::~Observer() {} |
| 99 | 43 |
| 100 static DeviceSettingsService* g_device_settings_service = NULL; | 44 static DeviceSettingsService* g_device_settings_service = NULL; |
| 101 | 45 |
| 102 // static | 46 // static |
| 103 void DeviceSettingsService::Initialize() { | 47 void DeviceSettingsService::Initialize() { |
| (...skipping 61 matching lines...) Loading... |
| 165 return public_key_; | 109 return public_key_; |
| 166 } | 110 } |
| 167 | 111 |
| 168 void DeviceSettingsService::Load() { | 112 void DeviceSettingsService::Load() { |
| 169 EnqueueLoad(false); | 113 EnqueueLoad(false); |
| 170 } | 114 } |
| 171 | 115 |
| 172 void DeviceSettingsService::SignAndStore( | 116 void DeviceSettingsService::SignAndStore( |
| 173 scoped_ptr<em::ChromeDeviceSettingsProto> new_settings, | 117 scoped_ptr<em::ChromeDeviceSettingsProto> new_settings, |
| 174 const base::Closure& callback) { | 118 const base::Closure& callback) { |
| 175 if (!owner_settings_service_) { | 119 if (!delegate_) |
| 176 HandleError(STORE_KEY_UNAVAILABLE, callback); | 120 HandleError(STORE_KEY_UNAVAILABLE, callback); |
| 177 return; | 121 else |
| 178 } | 122 delegate_->SignAndStoreAsync(new_settings.Pass(), callback); |
| 179 scoped_ptr<em::PolicyData> policy = | |
| 180 AssemblePolicy(GetUsername(), policy_data(), new_settings.get()); | |
| 181 if (!policy) { | |
| 182 HandleError(STORE_POLICY_ERROR, callback); | |
| 183 return; | |
| 184 } | |
| 185 | |
| 186 owner_settings_service_->SignAndStorePolicyAsync(policy.Pass(), callback); | |
| 187 } | 123 } |
| 188 | 124 |
| 189 void DeviceSettingsService::SetManagementSettings( | 125 void DeviceSettingsService::SetManagementSettings( |
| 190 em::PolicyData::ManagementMode management_mode, | 126 em::PolicyData::ManagementMode management_mode, |
| 191 const std::string& request_token, | 127 const std::string& request_token, |
| 192 const std::string& device_id, | 128 const std::string& device_id, |
| 193 const base::Closure& callback) { | 129 const base::Closure& callback) { |
| 194 if (!owner_settings_service_) { | 130 if (!delegate_) { |
| 195 HandleError(STORE_KEY_UNAVAILABLE, callback); | 131 HandleError(STORE_KEY_UNAVAILABLE, callback); |
| 196 return; | 132 } else { |
| 133 delegate_->SetManagementSettingsAsync( |
| 134 management_mode, request_token, device_id, callback); |
| 197 } | 135 } |
| 198 | |
| 199 em::PolicyData::ManagementMode current_mode = em::PolicyData::NOT_MANAGED; | |
| 200 if (policy_data() && policy_data()->has_management_mode()) | |
| 201 current_mode = policy_data()->management_mode(); | |
| 202 | |
| 203 if (!CheckManagementModeTransition(current_mode, management_mode)) { | |
| 204 LOG(ERROR) << "Invalid management mode transition: current mode = " | |
| 205 << current_mode << ", new mode = " << management_mode; | |
| 206 HandleError(DeviceSettingsService::STORE_POLICY_ERROR, callback); | |
| 207 return; | |
| 208 } | |
| 209 | |
| 210 scoped_ptr<em::PolicyData> policy = | |
| 211 AssemblePolicy(GetUsername(), policy_data(), device_settings()); | |
| 212 if (!policy) { | |
| 213 HandleError(DeviceSettingsService::STORE_POLICY_ERROR, callback); | |
| 214 return; | |
| 215 } | |
| 216 | |
| 217 policy->set_management_mode(management_mode); | |
| 218 policy->set_request_token(request_token); | |
| 219 policy->set_device_id(device_id); | |
| 220 | |
| 221 owner_settings_service_->SignAndStorePolicyAsync(policy.Pass(), callback); | |
| 222 } | 136 } |
| 223 | 137 |
| 224 void DeviceSettingsService::Store(scoped_ptr<em::PolicyFetchResponse> policy, | 138 void DeviceSettingsService::Store(scoped_ptr<em::PolicyFetchResponse> policy, |
| 225 const base::Closure& callback) { | 139 const base::Closure& callback) { |
| 226 Enqueue( | 140 Enqueue( |
| 227 new StoreSettingsOperation( | 141 new StoreSettingsOperation( |
| 228 base::Bind(&DeviceSettingsService::HandleCompletedOperation, | 142 base::Bind(&DeviceSettingsService::HandleCompletedOperation, |
| 229 weak_factory_.GetWeakPtr(), | 143 weak_factory_.GetWeakPtr(), |
| 230 callback), | 144 callback), |
| 231 policy.Pass())); | 145 policy.Pass())); |
| (...skipping 16 matching lines...) Loading... |
| 248 // If the key hasn't been loaded yet, enqueue the callback to be fired when | 162 // If the key hasn't been loaded yet, enqueue the callback to be fired when |
| 249 // the next SessionManagerOperation completes. If no operation is pending, | 163 // the next SessionManagerOperation completes. If no operation is pending, |
| 250 // start a load operation to fetch the key and report the result. | 164 // start a load operation to fetch the key and report the result. |
| 251 pending_ownership_status_callbacks_.push_back(callback); | 165 pending_ownership_status_callbacks_.push_back(callback); |
| 252 if (pending_operations_.empty()) | 166 if (pending_operations_.empty()) |
| 253 EnqueueLoad(false); | 167 EnqueueLoad(false); |
| 254 } | 168 } |
| 255 } | 169 } |
| 256 | 170 |
| 257 bool DeviceSettingsService::HasPrivateOwnerKey() { | 171 bool DeviceSettingsService::HasPrivateOwnerKey() { |
| 258 return owner_settings_service_ && owner_settings_service_->IsOwner(); | 172 return delegate_ && delegate_->IsOwner(); |
| 259 } | 173 } |
| 260 | 174 |
| 261 void DeviceSettingsService::InitOwner( | 175 void DeviceSettingsService::InitOwner( |
| 262 const std::string& username, | 176 const std::string& username, |
| 263 const base::WeakPtr<ownership::OwnerSettingsService>& | 177 const base::WeakPtr<PrivateKeyDelegate>& delegate) { |
| 264 owner_settings_service) { | |
| 265 // When InitOwner() is called twice with the same |username| it's | 178 // When InitOwner() is called twice with the same |username| it's |
| 266 // worth to reload settings since owner key may become available. | 179 // worth to reload settings since owner key may become available. |
| 267 if (!username_.empty() && username_ != username) | 180 if (!username_.empty() && username_ != username) |
| 268 return; | 181 return; |
| 269 username_ = username; | 182 username_ = username; |
| 270 owner_settings_service_ = owner_settings_service; | 183 delegate_ = delegate; |
| 271 | 184 |
| 272 EnsureReload(true); | 185 EnsureReload(true); |
| 273 } | 186 } |
| 274 | 187 |
| 275 const std::string& DeviceSettingsService::GetUsername() const { | 188 const std::string& DeviceSettingsService::GetUsername() const { |
| 276 return username_; | 189 return username_; |
| 277 } | 190 } |
| 278 | 191 |
| 279 void DeviceSettingsService::AddObserver(Observer* observer) { | 192 void DeviceSettingsService::AddObserver(Observer* observer) { |
| 280 observers_.AddObserver(observer); | 193 observers_.AddObserver(observer); |
| (...skipping 29 matching lines...) Loading... |
| 310 } | 223 } |
| 311 | 224 |
| 312 void DeviceSettingsService::EnqueueLoad(bool force_key_load) { | 225 void DeviceSettingsService::EnqueueLoad(bool force_key_load) { |
| 313 SessionManagerOperation* operation = | 226 SessionManagerOperation* operation = |
| 314 new LoadSettingsOperation( | 227 new LoadSettingsOperation( |
| 315 base::Bind(&DeviceSettingsService::HandleCompletedOperation, | 228 base::Bind(&DeviceSettingsService::HandleCompletedOperation, |
| 316 weak_factory_.GetWeakPtr(), | 229 weak_factory_.GetWeakPtr(), |
| 317 base::Closure())); | 230 base::Closure())); |
| 318 operation->set_force_key_load(force_key_load); | 231 operation->set_force_key_load(force_key_load); |
| 319 operation->set_username(username_); | 232 operation->set_username(username_); |
| 320 operation->set_owner_settings_service(owner_settings_service_); | 233 operation->set_delegate(delegate_); |
| 321 Enqueue(operation); | 234 Enqueue(operation); |
| 322 } | 235 } |
| 323 | 236 |
| 324 void DeviceSettingsService::EnsureReload(bool force_key_load) { | 237 void DeviceSettingsService::EnsureReload(bool force_key_load) { |
| 325 if (!pending_operations_.empty()) { | 238 if (!pending_operations_.empty()) { |
| 326 pending_operations_.front()->set_username(username_); | 239 pending_operations_.front()->set_username(username_); |
| 327 pending_operations_.front()->set_owner_settings_service( | 240 pending_operations_.front()->set_delegate(delegate_); |
| 328 owner_settings_service_); | |
| 329 pending_operations_.front()->RestartLoad(force_key_load); | 241 pending_operations_.front()->RestartLoad(force_key_load); |
| 330 } else { | 242 } else { |
| 331 EnqueueLoad(force_key_load); | 243 EnqueueLoad(force_key_load); |
| 332 } | 244 } |
| 333 } | 245 } |
| 334 | 246 |
| 335 void DeviceSettingsService::StartNextOperation() { | 247 void DeviceSettingsService::StartNextOperation() { |
| 336 if (!pending_operations_.empty() && | 248 if (!pending_operations_.empty() && |
| 337 session_manager_client_ && | 249 session_manager_client_ && |
| 338 owner_key_util_.get()) { | 250 owner_key_util_.get()) { |
| (...skipping 101 matching lines...) Loading... |
| 440 DeviceSettingsService::Initialize(); | 352 DeviceSettingsService::Initialize(); |
| 441 } | 353 } |
| 442 | 354 |
| 443 ScopedTestDeviceSettingsService::~ScopedTestDeviceSettingsService() { | 355 ScopedTestDeviceSettingsService::~ScopedTestDeviceSettingsService() { |
| 444 // Clean pending operations. | 356 // Clean pending operations. |
| 445 DeviceSettingsService::Get()->UnsetSessionManager(); | 357 DeviceSettingsService::Get()->UnsetSessionManager(); |
| 446 DeviceSettingsService::Shutdown(); | 358 DeviceSettingsService::Shutdown(); |
| 447 } | 359 } |
| 448 | 360 |
| 449 } // namespace chromeos | 361 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews