| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/ownership/owner_settings_service_chromeos.h" | 5 #include "chrome/browser/chromeos/ownership/owner_settings_service_chromeos.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 | 8 |
| 9 #include "base/bind.h" | 9 #include "base/bind.h" |
| 10 #include "base/bind_helpers.h" | 10 #include "base/bind_helpers.h" |
| 11 #include "base/callback.h" | 11 #include "base/callback.h" |
| 12 #include "base/command_line.h" | 12 #include "base/command_line.h" |
| 13 #include "base/prefs/pref_service.h" | 13 #include "base/prefs/pref_service.h" |
| 14 #include "base/threading/thread_checker.h" | 14 #include "base/threading/thread_checker.h" |
| 15 #include "chrome/browser/chrome_notification_types.h" | 15 #include "chrome/browser/chrome_notification_types.h" |
| 16 #include "chrome/browser/chromeos/profiles/profile_helper.h" | 16 #include "chrome/browser/chromeos/profiles/profile_helper.h" |
| 17 #include "chrome/browser/chromeos/profiles/profile_helper.h" | 17 #include "chrome/browser/chromeos/profiles/profile_helper.h" |
| 18 #include "chrome/browser/chromeos/settings/cros_settings.h" | 18 #include "chrome/browser/chromeos/settings/cros_settings.h" |
| 19 #include "chrome/browser/chromeos/settings/device_settings_provider.h" | 19 #include "chrome/browser/chromeos/settings/device_settings_provider.h" |
| 20 #include "chrome/browser/chromeos/settings/session_manager_operation.h" | 20 #include "chrome/browser/chromeos/settings/session_manager_operation.h" |
| 21 #include "chrome/browser/profiles/profile.h" | 21 #include "chrome/browser/profiles/profile.h" |
| 22 #include "chromeos/dbus/dbus_thread_manager.h" | 22 #include "chromeos/dbus/dbus_thread_manager.h" |
| 23 #include "chromeos/tpm_token_loader.h" | 23 #include "chromeos/tpm_token_loader.h" |
| 24 #include "components/ownership/owner_key_util.h" | 24 #include "components/ownership/owner_key_util.h" |
| 25 #include "components/policy/core/common/cloud/cloud_policy_constants.h" | |
| 26 #include "components/user_manager/user.h" | 25 #include "components/user_manager/user.h" |
| 27 #include "content/public/browser/browser_thread.h" | 26 #include "content/public/browser/browser_thread.h" |
| 28 #include "content/public/browser/notification_details.h" | 27 #include "content/public/browser/notification_details.h" |
| 29 #include "content/public/browser/notification_service.h" | 28 #include "content/public/browser/notification_service.h" |
| 30 #include "content/public/browser/notification_source.h" | 29 #include "content/public/browser/notification_source.h" |
| 31 #include "content/public/common/content_switches.h" | 30 #include "content/public/common/content_switches.h" |
| 32 #include "crypto/nss_util.h" | 31 #include "crypto/nss_util.h" |
| 33 #include "crypto/nss_util_internal.h" | 32 #include "crypto/nss_util_internal.h" |
| 34 #include "crypto/rsa_private_key.h" | 33 #include "crypto/rsa_private_key.h" |
| 35 #include "crypto/scoped_nss_types.h" | 34 #include "crypto/scoped_nss_types.h" |
| (...skipping 105 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 141 scoped_refptr<base::TaskRunner> task_runner = | 140 scoped_refptr<base::TaskRunner> task_runner = |
| 142 BrowserThread::GetBlockingPool()->GetTaskRunnerWithShutdownBehavior( | 141 BrowserThread::GetBlockingPool()->GetTaskRunnerWithShutdownBehavior( |
| 143 base::SequencedWorkerPool::SKIP_ON_SHUTDOWN); | 142 base::SequencedWorkerPool::SKIP_ON_SHUTDOWN); |
| 144 base::PostTaskAndReplyWithResult( | 143 base::PostTaskAndReplyWithResult( |
| 145 task_runner.get(), | 144 task_runner.get(), |
| 146 FROM_HERE, | 145 FROM_HERE, |
| 147 base::Bind(&DoesPrivateKeyExistAsyncHelper, owner_key_util), | 146 base::Bind(&DoesPrivateKeyExistAsyncHelper, owner_key_util), |
| 148 callback); | 147 callback); |
| 149 } | 148 } |
| 150 | 149 |
| 150 // Returns true if it is okay to transfer from the current mode to the new |
| 151 // mode. This function should be called in SetManagementMode(). |
| 152 bool CheckManagementModeTransition(policy::ManagementMode current_mode, |
| 153 policy::ManagementMode new_mode) { |
| 154 // Mode is not changed. |
| 155 if (current_mode == new_mode) |
| 156 return true; |
| 157 |
| 158 switch (current_mode) { |
| 159 case policy::MANAGEMENT_MODE_LOCAL_OWNER: |
| 160 // For consumer management enrollment. |
| 161 return new_mode == policy::MANAGEMENT_MODE_CONSUMER_MANAGED; |
| 162 |
| 163 case policy::MANAGEMENT_MODE_ENTERPRISE_MANAGED: |
| 164 // Management mode cannot be set when it is currently ENTERPRISE_MANAGED. |
| 165 return false; |
| 166 |
| 167 case policy::MANAGEMENT_MODE_CONSUMER_MANAGED: |
| 168 // For consumer management unenrollment. |
| 169 return new_mode == policy::MANAGEMENT_MODE_LOCAL_OWNER; |
| 170 } |
| 171 |
| 172 NOTREACHED(); |
| 173 return false; |
| 174 } |
| 175 |
| 151 } // namespace | 176 } // namespace |
| 152 | 177 |
| 178 OwnerSettingsServiceChromeOS::ManagementSettings::ManagementSettings() { |
| 179 } |
| 180 |
| 181 OwnerSettingsServiceChromeOS::ManagementSettings::~ManagementSettings() { |
| 182 } |
| 183 |
| 153 OwnerSettingsServiceChromeOS::OwnerSettingsServiceChromeOS( | 184 OwnerSettingsServiceChromeOS::OwnerSettingsServiceChromeOS( |
| 154 DeviceSettingsService* device_settings_service, | 185 DeviceSettingsService* device_settings_service, |
| 155 Profile* profile, | 186 Profile* profile, |
| 156 const scoped_refptr<OwnerKeyUtil>& owner_key_util) | 187 const scoped_refptr<OwnerKeyUtil>& owner_key_util) |
| 157 : ownership::OwnerSettingsService(owner_key_util), | 188 : ownership::OwnerSettingsService(owner_key_util), |
| 158 device_settings_service_(device_settings_service), | 189 device_settings_service_(device_settings_service), |
| 159 profile_(profile), | 190 profile_(profile), |
| 160 waiting_for_profile_creation_(true), | 191 waiting_for_profile_creation_(true), |
| 161 waiting_for_tpm_token_(true), | 192 waiting_for_tpm_token_(true), |
| 193 has_pending_management_settings_(false), |
| 162 weak_factory_(this), | 194 weak_factory_(this), |
| 163 store_settings_factory_(this) { | 195 store_settings_factory_(this) { |
| 164 if (TPMTokenLoader::IsInitialized()) { | 196 if (TPMTokenLoader::IsInitialized()) { |
| 165 TPMTokenLoader::TPMTokenStatus tpm_token_status = | 197 TPMTokenLoader::TPMTokenStatus tpm_token_status = |
| 166 TPMTokenLoader::Get()->IsTPMTokenEnabled( | 198 TPMTokenLoader::Get()->IsTPMTokenEnabled( |
| 167 base::Bind(&OwnerSettingsServiceChromeOS::OnTPMTokenReady, | 199 base::Bind(&OwnerSettingsServiceChromeOS::OnTPMTokenReady, |
| 168 weak_factory_.GetWeakPtr())); | 200 weak_factory_.GetWeakPtr())); |
| 169 waiting_for_tpm_token_ = | 201 waiting_for_tpm_token_ = |
| 170 tpm_token_status == TPMTokenLoader::TPM_TOKEN_STATUS_UNDETERMINED; | 202 tpm_token_status == TPMTokenLoader::TPM_TOKEN_STATUS_UNDETERMINED; |
| 171 } | 203 } |
| (...skipping 110 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 282 | 314 |
| 283 void OwnerSettingsServiceChromeOS::DeviceSettingsUpdated() { | 315 void OwnerSettingsServiceChromeOS::DeviceSettingsUpdated() { |
| 284 DCHECK(thread_checker_.CalledOnValidThread()); | 316 DCHECK(thread_checker_.CalledOnValidThread()); |
| 285 StorePendingChanges(); | 317 StorePendingChanges(); |
| 286 } | 318 } |
| 287 | 319 |
| 288 void OwnerSettingsServiceChromeOS::OnDeviceSettingsServiceShutdown() { | 320 void OwnerSettingsServiceChromeOS::OnDeviceSettingsServiceShutdown() { |
| 289 device_settings_service_ = nullptr; | 321 device_settings_service_ = nullptr; |
| 290 } | 322 } |
| 291 | 323 |
| 324 void OwnerSettingsServiceChromeOS::SetManagementSettings( |
| 325 const ManagementSettings& settings, |
| 326 const OnManagementSettingsSetCallback& callback) { |
| 327 if ((!IsOwner() && !IsOwnerInTests(user_id_))) { |
| 328 if (!callback.is_null()) |
| 329 callback.Run(false /* success */); |
| 330 return; |
| 331 } |
| 332 |
| 333 policy::ManagementMode current_mode = policy::MANAGEMENT_MODE_LOCAL_OWNER; |
| 334 if (has_pending_management_settings_) { |
| 335 current_mode = pending_management_settings_.management_mode; |
| 336 } else if (device_settings_service_ && |
| 337 device_settings_service_->policy_data()) { |
| 338 current_mode = |
| 339 policy::GetManagementMode(*device_settings_service_->policy_data()); |
| 340 } |
| 341 |
| 342 if (!CheckManagementModeTransition(current_mode, settings.management_mode)) { |
| 343 LOG(ERROR) << "Invalid management mode transition: current mode = " |
| 344 << current_mode << ", new mode = " << settings.management_mode; |
| 345 if (!callback.is_null()) |
| 346 callback.Run(false /* success */); |
| 347 return; |
| 348 } |
| 349 |
| 350 pending_management_settings_ = settings; |
| 351 has_pending_management_settings_ = true; |
| 352 pending_management_settings_callbacks_.push_back(callback); |
| 353 StorePendingChanges(); |
| 354 } |
| 355 |
| 292 // static | 356 // static |
| 293 void OwnerSettingsServiceChromeOS::IsOwnerForSafeModeAsync( | 357 void OwnerSettingsServiceChromeOS::IsOwnerForSafeModeAsync( |
| 294 const std::string& user_hash, | 358 const std::string& user_hash, |
| 295 const scoped_refptr<OwnerKeyUtil>& owner_key_util, | 359 const scoped_refptr<OwnerKeyUtil>& owner_key_util, |
| 296 const IsOwnerCallback& callback) { | 360 const IsOwnerCallback& callback) { |
| 297 CHECK(chromeos::LoginState::Get()->IsInSafeMode()); | 361 CHECK(chromeos::LoginState::Get()->IsInSafeMode()); |
| 298 | 362 |
| 299 // Make sure NSS is initialized and NSS DB is loaded for the user before | 363 // Make sure NSS is initialized and NSS DB is loaded for the user before |
| 300 // searching for the owner key. | 364 // searching for the owner key. |
| 301 BrowserThread::PostTaskAndReply( | 365 BrowserThread::PostTaskAndReply( |
| (...skipping 308 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 610 } else { | 674 } else { |
| 611 return; | 675 return; |
| 612 } | 676 } |
| 613 | 677 |
| 614 for (const auto& change : pending_changes_) | 678 for (const auto& change : pending_changes_) |
| 615 UpdateDeviceSettings(change.first, *change.second, settings); | 679 UpdateDeviceSettings(change.first, *change.second, settings); |
| 616 pending_changes_.clear(); | 680 pending_changes_.clear(); |
| 617 | 681 |
| 618 scoped_ptr<em::PolicyData> policy = AssemblePolicy( | 682 scoped_ptr<em::PolicyData> policy = AssemblePolicy( |
| 619 user_id_, device_settings_service_->policy_data(), &settings); | 683 user_id_, device_settings_service_->policy_data(), &settings); |
| 684 |
| 685 if (has_pending_management_settings_) { |
| 686 policy::SetManagementMode(*policy, |
| 687 pending_management_settings_.management_mode); |
| 688 policy->set_request_token(pending_management_settings_.request_token); |
| 689 policy->set_device_id(pending_management_settings_.device_id); |
| 690 } |
| 691 has_pending_management_settings_ = false; |
| 692 |
| 620 bool rv = AssembleAndSignPolicyAsync( | 693 bool rv = AssembleAndSignPolicyAsync( |
| 621 content::BrowserThread::GetBlockingPool(), policy.Pass(), | 694 content::BrowserThread::GetBlockingPool(), policy.Pass(), |
| 622 base::Bind(&OwnerSettingsServiceChromeOS::OnPolicyAssembledAndSigned, | 695 base::Bind(&OwnerSettingsServiceChromeOS::OnPolicyAssembledAndSigned, |
| 623 store_settings_factory_.GetWeakPtr())); | 696 store_settings_factory_.GetWeakPtr())); |
| 624 if (!rv) | 697 if (!rv) |
| 625 ReportStatusAndContinueStoring(false /* success */); | 698 ReportStatusAndContinueStoring(false /* success */); |
| 626 } | 699 } |
| 627 | 700 |
| 628 void OwnerSettingsServiceChromeOS::OnPolicyAssembledAndSigned( | 701 void OwnerSettingsServiceChromeOS::OnPolicyAssembledAndSigned( |
| 629 scoped_ptr<em::PolicyFetchResponse> policy_response) { | 702 scoped_ptr<em::PolicyFetchResponse> policy_response) { |
| 630 if (!policy_response.get() || !device_settings_service_) { | 703 if (!policy_response.get() || !device_settings_service_) { |
| 631 ReportStatusAndContinueStoring(false /* success */); | 704 ReportStatusAndContinueStoring(false /* success */); |
| 632 return; | 705 return; |
| 633 } | 706 } |
| 634 device_settings_service_->Store( | 707 device_settings_service_->Store( |
| 635 policy_response.Pass(), | 708 policy_response.Pass(), |
| 636 base::Bind(&OwnerSettingsServiceChromeOS::OnSignedPolicyStored, | 709 base::Bind(&OwnerSettingsServiceChromeOS::OnSignedPolicyStored, |
| 637 store_settings_factory_.GetWeakPtr(), | 710 store_settings_factory_.GetWeakPtr(), |
| 638 true /* success */)); | 711 true /* success */)); |
| 639 } | 712 } |
| 640 | 713 |
| 641 void OwnerSettingsServiceChromeOS::OnSignedPolicyStored(bool success) { | 714 void OwnerSettingsServiceChromeOS::OnSignedPolicyStored(bool success) { |
| 642 CHECK(device_settings_service_); | 715 CHECK(device_settings_service_); |
| 643 ReportStatusAndContinueStoring(success && | 716 ReportStatusAndContinueStoring(success && |
| 644 device_settings_service_->status() != | 717 device_settings_service_->status() == |
| 645 DeviceSettingsService::STORE_SUCCESS); | 718 DeviceSettingsService::STORE_SUCCESS); |
| 646 } | 719 } |
| 647 | 720 |
| 648 void OwnerSettingsServiceChromeOS::ReportStatusAndContinueStoring( | 721 void OwnerSettingsServiceChromeOS::ReportStatusAndContinueStoring( |
| 649 bool success) { | 722 bool success) { |
| 650 store_settings_factory_.InvalidateWeakPtrs(); | 723 store_settings_factory_.InvalidateWeakPtrs(); |
| 651 FOR_EACH_OBSERVER(OwnerSettingsService::Observer, observers_, | 724 FOR_EACH_OBSERVER(OwnerSettingsService::Observer, observers_, |
| 652 OnSignedPolicyStored(success)); | 725 OnSignedPolicyStored(success)); |
| 726 |
| 727 std::vector<OnManagementSettingsSetCallback> callbacks; |
| 728 pending_management_settings_callbacks_.swap(callbacks); |
| 729 for (const auto& callback : callbacks) { |
| 730 if (!callback.is_null()) |
| 731 callback.Run(success); |
| 732 } |
| 653 StorePendingChanges(); | 733 StorePendingChanges(); |
| 654 } | 734 } |
| 655 | 735 |
| 656 } // namespace chromeos | 736 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 769703003:
SetManagementSettings() is moved to OwnerSettingsServiceChromeOS. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master