Chromium Code Reviews Chromium Code Reviews
Issue 769703003:
SetManagementSettings() is moved to OwnerSettingsServiceChromeOS. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/ownership/owner_settings_service_chromeos.h" | 5 #include "chrome/browser/chromeos/ownership/owner_settings_service_chromeos.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 | 8 |
| 9 #include "base/bind.h" | 9 #include "base/bind.h" |
| 10 #include "base/bind_helpers.h" | 10 #include "base/bind_helpers.h" |
| 11 #include "base/callback.h" | 11 #include "base/callback.h" |
| 12 #include "base/command_line.h" | 12 #include "base/command_line.h" |
| 13 #include "base/prefs/pref_service.h" | 13 #include "base/prefs/pref_service.h" |
| 14 #include "base/threading/thread_checker.h" | 14 #include "base/threading/thread_checker.h" |
| 15 #include "chrome/browser/chrome_notification_types.h" | 15 #include "chrome/browser/chrome_notification_types.h" |
| 16 #include "chrome/browser/chromeos/profiles/profile_helper.h" | 16 #include "chrome/browser/chromeos/profiles/profile_helper.h" |
| 17 #include "chrome/browser/chromeos/profiles/profile_helper.h" | 17 #include "chrome/browser/chromeos/profiles/profile_helper.h" |
| 18 #include "chrome/browser/chromeos/settings/cros_settings.h" | 18 #include "chrome/browser/chromeos/settings/cros_settings.h" |
| 19 #include "chrome/browser/chromeos/settings/device_settings_provider.h" | 19 #include "chrome/browser/chromeos/settings/device_settings_provider.h" |
| 20 #include "chrome/browser/chromeos/settings/session_manager_operation.h" | 20 #include "chrome/browser/chromeos/settings/session_manager_operation.h" |
| 21 #include "chrome/browser/profiles/profile.h" | 21 #include "chrome/browser/profiles/profile.h" |
| 22 #include "chromeos/dbus/dbus_thread_manager.h" | 22 #include "chromeos/dbus/dbus_thread_manager.h" |
| 23 #include "chromeos/tpm_token_loader.h" | 23 #include "chromeos/tpm_token_loader.h" |
| 24 #include "components/ownership/owner_key_util.h" | 24 #include "components/ownership/owner_key_util.h" |
| 25 #include "components/policy/core/common/cloud/cloud_policy_constants.h" | |
| 26 #include "components/user_manager/user.h" | 25 #include "components/user_manager/user.h" |
| 27 #include "content/public/browser/browser_thread.h" | 26 #include "content/public/browser/browser_thread.h" |
| 28 #include "content/public/browser/notification_details.h" | 27 #include "content/public/browser/notification_details.h" |
| 29 #include "content/public/browser/notification_service.h" | 28 #include "content/public/browser/notification_service.h" |
| 30 #include "content/public/browser/notification_source.h" | 29 #include "content/public/browser/notification_source.h" |
| 31 #include "content/public/common/content_switches.h" | 30 #include "content/public/common/content_switches.h" |
| 32 #include "crypto/nss_util.h" | 31 #include "crypto/nss_util.h" |
| 33 #include "crypto/nss_util_internal.h" | 32 #include "crypto/nss_util_internal.h" |
| 34 #include "crypto/rsa_private_key.h" | 33 #include "crypto/rsa_private_key.h" |
| 35 #include "crypto/scoped_nss_types.h" | 34 #include "crypto/scoped_nss_types.h" |
| (...skipping 105 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 141 scoped_refptr<base::TaskRunner> task_runner = | 140 scoped_refptr<base::TaskRunner> task_runner = |
| 142 BrowserThread::GetBlockingPool()->GetTaskRunnerWithShutdownBehavior( | 141 BrowserThread::GetBlockingPool()->GetTaskRunnerWithShutdownBehavior( |
| 143 base::SequencedWorkerPool::SKIP_ON_SHUTDOWN); | 142 base::SequencedWorkerPool::SKIP_ON_SHUTDOWN); |
| 144 base::PostTaskAndReplyWithResult( | 143 base::PostTaskAndReplyWithResult( |
| 145 task_runner.get(), | 144 task_runner.get(), |
| 146 FROM_HERE, | 145 FROM_HERE, |
| 147 base::Bind(&DoesPrivateKeyExistAsyncHelper, owner_key_util), | 146 base::Bind(&DoesPrivateKeyExistAsyncHelper, owner_key_util), |
| 148 callback); | 147 callback); |
| 149 } | 148 } |
| 150 | 149 |
| 150 // Returns true if it is okay to transfer from the current mode to the new | |
| 151 // mode. This function should be called in SetManagementMode(). | |
| 152 bool CheckManagementModeTransition(policy::ManagementMode current_mode, | |
| 153 policy::ManagementMode new_mode) { | |
| 154 // Mode is not changed. | |
| 155 if (current_mode == new_mode) | |
| 156 return true; | |
| 157 | |
| 158 switch (current_mode) { | |
| 159 case policy::MANAGEMENT_MODE_LOCAL_OWNER: | |
| 160 // For consumer management enrollment. | |
| 161 return new_mode == policy::MANAGEMENT_MODE_CONSUMER_MANAGED; | |
| 162 | |
| 163 case policy::MANAGEMENT_MODE_ENTERPRISE_MANAGED: | |
| 164 // Management mode cannot be set when it is currently ENTERPRISE_MANAGED. | |
| 165 return false; | |
| 166 | |
| 167 case policy::MANAGEMENT_MODE_CONSUMER_MANAGED: | |
| 168 // For consumer management unenrollment. | |
| 169 return new_mode == policy::MANAGEMENT_MODE_LOCAL_OWNER; | |
| 170 } | |
| 171 | |
| 172 NOTREACHED(); | |
| 173 return false; | |
| 174 } | |
| 175 | |
| 151 } // namespace | 176 } // namespace |
| 152 | 177 |
| 178 OwnerSettingsServiceChromeOS::ManagementSettings::ManagementSettings() { | |
| 179 } | |
| 180 | |
| 181 OwnerSettingsServiceChromeOS::ManagementSettings::~ManagementSettings() { | |
| 182 } | |
| 183 | |
| 153 OwnerSettingsServiceChromeOS::OwnerSettingsServiceChromeOS( | 184 OwnerSettingsServiceChromeOS::OwnerSettingsServiceChromeOS( |
| 154 DeviceSettingsService* device_settings_service, | 185 DeviceSettingsService* device_settings_service, |
| 155 Profile* profile, | 186 Profile* profile, |
| 156 const scoped_refptr<OwnerKeyUtil>& owner_key_util) | 187 const scoped_refptr<OwnerKeyUtil>& owner_key_util) |
| 157 : ownership::OwnerSettingsService(owner_key_util), | 188 : ownership::OwnerSettingsService(owner_key_util), |
| 158 device_settings_service_(device_settings_service), | 189 device_settings_service_(device_settings_service), |
| 159 profile_(profile), | 190 profile_(profile), |
| 160 waiting_for_profile_creation_(true), | 191 waiting_for_profile_creation_(true), |
| 161 waiting_for_tpm_token_(true), | 192 waiting_for_tpm_token_(true), |
| 193 has_pending_management_settings_(false), | |
| 162 weak_factory_(this), | 194 weak_factory_(this), |
| 163 store_settings_factory_(this) { | 195 store_settings_factory_(this) { |
| 164 if (TPMTokenLoader::IsInitialized()) { | 196 if (TPMTokenLoader::IsInitialized()) { |
| 165 TPMTokenLoader::TPMTokenStatus tpm_token_status = | 197 TPMTokenLoader::TPMTokenStatus tpm_token_status = |
| 166 TPMTokenLoader::Get()->IsTPMTokenEnabled( | 198 TPMTokenLoader::Get()->IsTPMTokenEnabled( |
| 167 base::Bind(&OwnerSettingsServiceChromeOS::OnTPMTokenReady, | 199 base::Bind(&OwnerSettingsServiceChromeOS::OnTPMTokenReady, |
| 168 weak_factory_.GetWeakPtr())); | 200 weak_factory_.GetWeakPtr())); |
| 169 waiting_for_tpm_token_ = | 201 waiting_for_tpm_token_ = |
| 170 tpm_token_status == TPMTokenLoader::TPM_TOKEN_STATUS_UNDETERMINED; | 202 tpm_token_status == TPMTokenLoader::TPM_TOKEN_STATUS_UNDETERMINED; |
| 171 } | 203 } |
| 172 | 204 |
| 173 if (DBusThreadManager::IsInitialized() && | 205 if (DBusThreadManager::IsInitialized() && |
| 174 DBusThreadManager::Get()->GetSessionManagerClient()) { | 206 DBusThreadManager::Get()->GetSessionManagerClient()) { |
| 175 DBusThreadManager::Get()->GetSessionManagerClient()->AddObserver(this); | 207 DBusThreadManager::Get()->GetSessionManagerClient()->AddObserver(this); |
| 176 } | 208 } |
| 177 | 209 |
| 178 if (device_settings_service_) | |
| 179 device_settings_service_->AddObserver(this); | |
| 180 | |
|
Mattias Nissler (ping if slow)
2014/12/03 09:07:54
I don't think this change is intentional?
ygorshenin1
2014/12/03 15:54:05
Sorry, I've removed it occasionally. Restored.
| |
| 181 registrar_.Add(this, | 210 registrar_.Add(this, |
| 182 chrome::NOTIFICATION_PROFILE_CREATED, | 211 chrome::NOTIFICATION_PROFILE_CREATED, |
| 183 content::Source<Profile>(profile_)); | 212 content::Source<Profile>(profile_)); |
| 184 } | 213 } |
| 185 | 214 |
| 186 OwnerSettingsServiceChromeOS::~OwnerSettingsServiceChromeOS() { | 215 OwnerSettingsServiceChromeOS::~OwnerSettingsServiceChromeOS() { |
| 187 DCHECK(thread_checker_.CalledOnValidThread()); | 216 DCHECK(thread_checker_.CalledOnValidThread()); |
| 188 | 217 |
| 189 if (device_settings_service_) | 218 if (device_settings_service_) |
| 190 device_settings_service_->RemoveObserver(this); | 219 device_settings_service_->RemoveObserver(this); |
| (...skipping 91 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 282 | 311 |
| 283 void OwnerSettingsServiceChromeOS::DeviceSettingsUpdated() { | 312 void OwnerSettingsServiceChromeOS::DeviceSettingsUpdated() { |
| 284 DCHECK(thread_checker_.CalledOnValidThread()); | 313 DCHECK(thread_checker_.CalledOnValidThread()); |
| 285 StorePendingChanges(); | 314 StorePendingChanges(); |
| 286 } | 315 } |
| 287 | 316 |
| 288 void OwnerSettingsServiceChromeOS::OnDeviceSettingsServiceShutdown() { | 317 void OwnerSettingsServiceChromeOS::OnDeviceSettingsServiceShutdown() { |
| 289 device_settings_service_ = nullptr; | 318 device_settings_service_ = nullptr; |
| 290 } | 319 } |
| 291 | 320 |
| 321 void OwnerSettingsServiceChromeOS::SetManagementSettings( | |
| 322 const ManagementSettings& settings, | |
| 323 const OnManagementSettingsSetCallback& callback) { | |
| 324 policy::ManagementMode current_mode = policy::MANAGEMENT_MODE_LOCAL_OWNER; | |
| 325 if (has_pending_management_settings_) { | |
| 326 current_mode = pending_management_settings_.management_mode; | |
| 327 } else if (device_settings_service_ && | |
| 328 device_settings_service_->policy_data()) { | |
| 329 current_mode = | |
| 330 policy::GetManagementMode(*device_settings_service_->policy_data()); | |
| 331 } | |
| 332 | |
| 333 if ((!IsOwner() && !IsOwnerInTests(user_id_)) || | |
| 334 !CheckManagementModeTransition(current_mode, settings.management_mode)) { | |
| 335 if (!callback.is_null()) | |
| 336 callback.Run(false /* success */); | |
| 337 return; | |
| 338 } | |
| 339 pending_management_settings_ = settings; | |
| 340 has_pending_management_settings_ = true; | |
| 341 pending_management_settings_callbacks_.push_back(callback); | |
| 342 StorePendingChanges(); | |
| 343 } | |
| 344 | |
| 292 // static | 345 // static |
| 293 void OwnerSettingsServiceChromeOS::IsOwnerForSafeModeAsync( | 346 void OwnerSettingsServiceChromeOS::IsOwnerForSafeModeAsync( |
| 294 const std::string& user_hash, | 347 const std::string& user_hash, |
| 295 const scoped_refptr<OwnerKeyUtil>& owner_key_util, | 348 const scoped_refptr<OwnerKeyUtil>& owner_key_util, |
| 296 const IsOwnerCallback& callback) { | 349 const IsOwnerCallback& callback) { |
| 297 CHECK(chromeos::LoginState::Get()->IsInSafeMode()); | 350 CHECK(chromeos::LoginState::Get()->IsInSafeMode()); |
| 298 | 351 |
| 299 // Make sure NSS is initialized and NSS DB is loaded for the user before | 352 // Make sure NSS is initialized and NSS DB is loaded for the user before |
| 300 // searching for the owner key. | 353 // searching for the owner key. |
| 301 BrowserThread::PostTaskAndReply( | 354 BrowserThread::PostTaskAndReply( |
| (...skipping 308 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 610 } else { | 663 } else { |
| 611 return; | 664 return; |
| 612 } | 665 } |
| 613 | 666 |
| 614 for (const auto& change : pending_changes_) | 667 for (const auto& change : pending_changes_) |
| 615 UpdateDeviceSettings(change.first, *change.second, settings); | 668 UpdateDeviceSettings(change.first, *change.second, settings); |
| 616 pending_changes_.clear(); | 669 pending_changes_.clear(); |
| 617 | 670 |
| 618 scoped_ptr<em::PolicyData> policy = AssemblePolicy( | 671 scoped_ptr<em::PolicyData> policy = AssemblePolicy( |
| 619 user_id_, device_settings_service_->policy_data(), &settings); | 672 user_id_, device_settings_service_->policy_data(), &settings); |
| 673 | |
| 674 if (has_pending_management_settings_) { | |
| 675 policy::SetManagementMode(*policy, | |
| 676 pending_management_settings_.management_mode); | |
| 677 policy->set_request_token(pending_management_settings_.request_token); | |
| 678 policy->set_device_id(pending_management_settings_.device_id); | |
| 679 } | |
| 680 has_pending_management_settings_ = false; | |
| 681 | |
| 620 bool rv = AssembleAndSignPolicyAsync( | 682 bool rv = AssembleAndSignPolicyAsync( |
| 621 content::BrowserThread::GetBlockingPool(), policy.Pass(), | 683 content::BrowserThread::GetBlockingPool(), policy.Pass(), |
| 622 base::Bind(&OwnerSettingsServiceChromeOS::OnPolicyAssembledAndSigned, | 684 base::Bind(&OwnerSettingsServiceChromeOS::OnPolicyAssembledAndSigned, |
| 623 store_settings_factory_.GetWeakPtr())); | 685 store_settings_factory_.GetWeakPtr())); |
| 624 if (!rv) | 686 if (!rv) |
| 625 ReportStatusAndContinueStoring(false /* success */); | 687 ReportStatusAndContinueStoring(false /* success */); |
| 626 } | 688 } |
| 627 | 689 |
| 628 void OwnerSettingsServiceChromeOS::OnPolicyAssembledAndSigned( | 690 void OwnerSettingsServiceChromeOS::OnPolicyAssembledAndSigned( |
| 629 scoped_ptr<em::PolicyFetchResponse> policy_response) { | 691 scoped_ptr<em::PolicyFetchResponse> policy_response) { |
| 630 if (!policy_response.get() || !device_settings_service_) { | 692 if (!policy_response.get() || !device_settings_service_) { |
| 631 ReportStatusAndContinueStoring(false /* success */); | 693 ReportStatusAndContinueStoring(false /* success */); |
| 632 return; | 694 return; |
| 633 } | 695 } |
| 634 device_settings_service_->Store( | 696 device_settings_service_->Store( |
| 635 policy_response.Pass(), | 697 policy_response.Pass(), |
| 636 base::Bind(&OwnerSettingsServiceChromeOS::OnSignedPolicyStored, | 698 base::Bind(&OwnerSettingsServiceChromeOS::OnSignedPolicyStored, |
| 637 store_settings_factory_.GetWeakPtr(), | 699 store_settings_factory_.GetWeakPtr(), |
| 638 true /* success */)); | 700 true /* success */)); |
| 639 } | 701 } |
| 640 | 702 |
| 641 void OwnerSettingsServiceChromeOS::OnSignedPolicyStored(bool success) { | 703 void OwnerSettingsServiceChromeOS::OnSignedPolicyStored(bool success) { |
| 642 CHECK(device_settings_service_); | 704 CHECK(device_settings_service_); |
| 643 ReportStatusAndContinueStoring(success && | 705 ReportStatusAndContinueStoring(success && |
| 644 device_settings_service_->status() != | 706 device_settings_service_->status() == |
| 645 DeviceSettingsService::STORE_SUCCESS); | 707 DeviceSettingsService::STORE_SUCCESS); |
| 646 } | 708 } |
| 647 | 709 |
| 648 void OwnerSettingsServiceChromeOS::ReportStatusAndContinueStoring( | 710 void OwnerSettingsServiceChromeOS::ReportStatusAndContinueStoring( |
| 649 bool success) { | 711 bool success) { |
| 650 store_settings_factory_.InvalidateWeakPtrs(); | 712 store_settings_factory_.InvalidateWeakPtrs(); |
| 651 FOR_EACH_OBSERVER(OwnerSettingsService::Observer, observers_, | 713 FOR_EACH_OBSERVER(OwnerSettingsService::Observer, observers_, |
| 652 OnSignedPolicyStored(success)); | 714 OnSignedPolicyStored(success)); |
| 715 for (const auto& callback : pending_management_settings_callbacks_) { | |
| 716 if (!callback.is_null()) | |
| 717 callback.Run(success); | |
| 718 } | |
| 719 pending_management_settings_callbacks_.clear(); | |
| 653 StorePendingChanges(); | 720 StorePendingChanges(); |
| 654 } | 721 } |
| 655 | 722 |
| 656 } // namespace chromeos | 723 } // namespace chromeos |
| OLD | NEW |
