Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(451)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/chromeos/settings/session_manager_operation.cc

Issue 62453002: Don't verify the policy timestamp when loading from cache. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: also skip timestamp checks for public accounts policy Created 7 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « chrome/browser/chromeos/policy/device_local_account_policy_store.cc ('k') | chrome/browser/policy/cloud/cloud_policy_validator.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/chromeos/settings/session_manager_operation.h" 5 #include "chrome/browser/chromeos/settings/session_manager_operation.h"
6 6
7 #include "base/bind.h" 7 #include "base/bind.h"
8 #include "base/bind_helpers.h" 8 #include "base/bind_helpers.h"
9 #include "base/files/file_path.h" 9 #include "base/files/file_path.h"
10 #include "base/message_loop/message_loop.h" 10 #include "base/message_loop/message_loop.h"
(...skipping 144 matching lines...) Expand 10 before | Expand all | Expand 10 after
155 content::BrowserThread::GetBlockingPool(); 155 content::BrowserThread::GetBlockingPool();
156 scoped_refptr<base::SequencedTaskRunner> background_task_runner = 156 scoped_refptr<base::SequencedTaskRunner> background_task_runner =
157 pool->GetSequencedTaskRunnerWithShutdownBehavior( 157 pool->GetSequencedTaskRunnerWithShutdownBehavior(
158 pool->GetSequenceToken(), 158 pool->GetSequenceToken(),
159 base::SequencedWorkerPool::SKIP_ON_SHUTDOWN); 159 base::SequencedWorkerPool::SKIP_ON_SHUTDOWN);
160 160
161 policy::DeviceCloudPolicyValidator* validator = 161 policy::DeviceCloudPolicyValidator* validator =
162 policy::DeviceCloudPolicyValidator::Create(policy.Pass(), 162 policy::DeviceCloudPolicyValidator::Create(policy.Pass(),
163 background_task_runner); 163 background_task_runner);
164 164
165 // Policy auto-generated by session manager doesn't include a timestamp, so we 165
166 // need to allow missing timestamps. 166 // Policy auto-generated by session manager doesn't include a timestamp, so
167 const bool require_timestamp = 167 // the timestamp shouldn't be verified in that case.
168 policy_data_.get() && policy_data_->has_request_token(); 168 //
169 // Additionally, offline devices can get their clock set backwards in time
170 // under some hardware conditions; checking the timestamp now could likely
171 // find a value in the future, and prevent the user from signing-in or
172 // starting guest mode. Tlsdate will eventually fix the clock when the device
173 // is back online, but the network configuration may come from device ONC.
174 //
175 // To prevent all of these issues the timestamp is just not verified when
176 // loading the device policy from the cache. Note that the timestamp is still
177 // verified during enrollment and when a new policy is fetched from the
178 // server.
169 validator->ValidateAgainstCurrentPolicy( 179 validator->ValidateAgainstCurrentPolicy(
170 policy_data_.get(), 180 policy_data_.get(),
171 require_timestamp ? 181 policy::CloudPolicyValidatorBase::TIMESTAMP_NOT_REQUIRED,
172 policy::CloudPolicyValidatorBase::TIMESTAMP_REQUIRED :
173 policy::CloudPolicyValidatorBase::TIMESTAMP_NOT_REQUIRED,
174 policy::CloudPolicyValidatorBase::DM_TOKEN_NOT_REQUIRED); 182 policy::CloudPolicyValidatorBase::DM_TOKEN_NOT_REQUIRED);
175 validator->ValidatePolicyType(policy::dm_protocol::kChromeDevicePolicyType); 183 validator->ValidatePolicyType(policy::dm_protocol::kChromeDevicePolicyType);
176 validator->ValidatePayload(); 184 validator->ValidatePayload();
177 validator->ValidateSignature(*owner_key_->public_key(), false); 185 validator->ValidateSignature(*owner_key_->public_key(), false);
178 validator->StartValidation( 186 validator->StartValidation(
179 base::Bind(&SessionManagerOperation::ReportValidatorStatus, 187 base::Bind(&SessionManagerOperation::ReportValidatorStatus,
180 weak_factory_.GetWeakPtr())); 188 weak_factory_.GetWeakPtr()));
181 } 189 }
182 190
183 void SessionManagerOperation::ReportValidatorStatus( 191 void SessionManagerOperation::ReportValidatorStatus(
(...skipping 133 matching lines...) Expand 10 before | Expand all | Expand 10 after
317 } 325 }
318 326
319 void SignAndStoreSettingsOperation::HandleStoreResult(bool success) { 327 void SignAndStoreSettingsOperation::HandleStoreResult(bool success) {
320 if (!success) 328 if (!success)
321 ReportResult(DeviceSettingsService::STORE_OPERATION_FAILED); 329 ReportResult(DeviceSettingsService::STORE_OPERATION_FAILED);
322 else 330 else
323 StartLoading(); 331 StartLoading();
324 } 332 }
325 333
326 } // namespace chromeos 334 } // namespace chromeos
OLDNEW
« no previous file with comments | « chrome/browser/chromeos/policy/device_local_account_policy_store.cc ('k') | chrome/browser/policy/cloud/cloud_policy_validator.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698