| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/ownership/owner_settings_service_chromeos.h" | 5 #include "chrome/browser/chromeos/ownership/owner_settings_service_chromeos.h" |
| 6 | 6 |
| 7 #include <algorithm> |
| 7 #include <string> | 8 #include <string> |
| 8 | 9 |
| 9 #include "base/bind.h" | 10 #include "base/bind.h" |
| 10 #include "base/bind_helpers.h" | 11 #include "base/bind_helpers.h" |
| 11 #include "base/callback.h" | 12 #include "base/callback.h" |
| 12 #include "base/command_line.h" | 13 #include "base/command_line.h" |
| 13 #include "base/prefs/pref_service.h" | 14 #include "base/prefs/pref_service.h" |
| 14 #include "base/threading/thread_checker.h" | 15 #include "base/threading/thread_checker.h" |
| 15 #include "chrome/browser/chrome_notification_types.h" | 16 #include "chrome/browser/chrome_notification_types.h" |
| 16 #include "chrome/browser/chromeos/ownership/owner_settings_service_chromeos_fact
ory.h" | 17 #include "chrome/browser/chromeos/ownership/owner_settings_service_chromeos_fact
ory.h" |
| 17 #include "chrome/browser/chromeos/profiles/profile_helper.h" | 18 #include "chrome/browser/chromeos/profiles/profile_helper.h" |
| 18 #include "chrome/browser/chromeos/profiles/profile_helper.h" | |
| 19 #include "chrome/browser/chromeos/settings/cros_settings.h" | 19 #include "chrome/browser/chromeos/settings/cros_settings.h" |
| 20 #include "chrome/browser/chromeos/settings/device_settings_provider.h" | 20 #include "chrome/browser/chromeos/settings/device_settings_provider.h" |
| 21 #include "chrome/browser/chromeos/settings/session_manager_operation.h" | 21 #include "chrome/browser/chromeos/settings/session_manager_operation.h" |
| 22 #include "chrome/browser/profiles/profile.h" | 22 #include "chrome/browser/profiles/profile.h" |
| 23 #include "chromeos/dbus/dbus_thread_manager.h" | 23 #include "chromeos/dbus/dbus_thread_manager.h" |
| 24 #include "chromeos/tpm/tpm_token_loader.h" | 24 #include "chromeos/tpm/tpm_token_loader.h" |
| 25 #include "components/ownership/owner_key_util.h" | 25 #include "components/ownership/owner_key_util.h" |
| 26 #include "components/user_manager/user.h" | 26 #include "components/user_manager/user.h" |
| 27 #include "content/public/browser/browser_thread.h" | 27 #include "content/public/browser/browser_thread.h" |
| 28 #include "content/public/browser/notification_details.h" | 28 #include "content/public/browser/notification_details.h" |
| (...skipping 138 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 167 return false; | 167 return false; |
| 168 | 168 |
| 169 case policy::MANAGEMENT_MODE_CONSUMER_MANAGED: | 169 case policy::MANAGEMENT_MODE_CONSUMER_MANAGED: |
| 170 // For consumer management unenrollment. | 170 // For consumer management unenrollment. |
| 171 return new_mode == policy::MANAGEMENT_MODE_LOCAL_OWNER; | 171 return new_mode == policy::MANAGEMENT_MODE_LOCAL_OWNER; |
| 172 } | 172 } |
| 173 | 173 |
| 174 NOTREACHED(); | 174 NOTREACHED(); |
| 175 return false; | 175 return false; |
| 176 } | 176 } |
| 177 | |
| 178 } // namespace | 177 } // namespace |
| 179 | 178 |
| 180 OwnerSettingsServiceChromeOS::ManagementSettings::ManagementSettings() { | 179 OwnerSettingsServiceChromeOS::ManagementSettings::ManagementSettings() { |
| 181 } | 180 } |
| 182 | 181 |
| 183 OwnerSettingsServiceChromeOS::ManagementSettings::~ManagementSettings() { | 182 OwnerSettingsServiceChromeOS::ManagementSettings::~ManagementSettings() { |
| 184 } | 183 } |
| 185 | 184 |
| 186 OwnerSettingsServiceChromeOS::OwnerSettingsServiceChromeOS( | 185 OwnerSettingsServiceChromeOS::OwnerSettingsServiceChromeOS( |
| 187 DeviceSettingsService* device_settings_service, | 186 DeviceSettingsService* device_settings_service, |
| 188 Profile* profile, | 187 Profile* profile, |
| 189 const scoped_refptr<OwnerKeyUtil>& owner_key_util) | 188 const scoped_refptr<OwnerKeyUtil>& owner_key_util) |
| 190 : ownership::OwnerSettingsService(owner_key_util), | 189 : ownership::OwnerSettingsService(owner_key_util), |
| 191 device_settings_service_(device_settings_service), | 190 device_settings_service_(device_settings_service), |
| 192 profile_(profile), | 191 profile_(profile), |
| 193 waiting_for_profile_creation_(true), | 192 waiting_for_profile_creation_(true), |
| 194 waiting_for_tpm_token_(true), | 193 waiting_for_tpm_token_(true), |
| 194 has_pending_fixups_(false), |
| 195 has_pending_management_settings_(false), | 195 has_pending_management_settings_(false), |
| 196 weak_factory_(this), | 196 weak_factory_(this), |
| 197 store_settings_factory_(this) { | 197 store_settings_factory_(this) { |
| 198 if (TPMTokenLoader::IsInitialized()) { | 198 if (TPMTokenLoader::IsInitialized()) { |
| 199 TPMTokenLoader::TPMTokenStatus tpm_token_status = | 199 TPMTokenLoader::TPMTokenStatus tpm_token_status = |
| 200 TPMTokenLoader::Get()->IsTPMTokenEnabled( | 200 TPMTokenLoader::Get()->IsTPMTokenEnabled( |
| 201 base::Bind(&OwnerSettingsServiceChromeOS::OnTPMTokenReady, | 201 base::Bind(&OwnerSettingsServiceChromeOS::OnTPMTokenReady, |
| 202 weak_factory_.GetWeakPtr())); | 202 weak_factory_.GetWeakPtr())); |
| 203 waiting_for_tpm_token_ = | 203 waiting_for_tpm_token_ = |
| 204 tpm_token_status == TPMTokenLoader::TPM_TOKEN_STATUS_UNDETERMINED; | 204 tpm_token_status == TPMTokenLoader::TPM_TOKEN_STATUS_UNDETERMINED; |
| (...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 242 void OwnerSettingsServiceChromeOS::OnTPMTokenReady( | 242 void OwnerSettingsServiceChromeOS::OnTPMTokenReady( |
| 243 bool /* tpm_token_enabled */) { | 243 bool /* tpm_token_enabled */) { |
| 244 DCHECK(thread_checker_.CalledOnValidThread()); | 244 DCHECK(thread_checker_.CalledOnValidThread()); |
| 245 waiting_for_tpm_token_ = false; | 245 waiting_for_tpm_token_ = false; |
| 246 | 246 |
| 247 // TPMTokenLoader initializes the TPM and NSS database which is necessary to | 247 // TPMTokenLoader initializes the TPM and NSS database which is necessary to |
| 248 // determine ownership. Force a reload once we know these are initialized. | 248 // determine ownership. Force a reload once we know these are initialized. |
| 249 ReloadKeypair(); | 249 ReloadKeypair(); |
| 250 } | 250 } |
| 251 | 251 |
| 252 bool OwnerSettingsServiceChromeOS::HasPendingChanges() const { |
| 253 return !pending_changes_.empty() || tentative_settings_.get() || |
| 254 has_pending_management_settings_ || has_pending_fixups_; |
| 255 } |
| 256 |
| 252 bool OwnerSettingsServiceChromeOS::HandlesSetting(const std::string& setting) { | 257 bool OwnerSettingsServiceChromeOS::HandlesSetting(const std::string& setting) { |
| 253 return DeviceSettingsProvider::IsDeviceSetting(setting); | 258 return DeviceSettingsProvider::IsDeviceSetting(setting); |
| 254 } | 259 } |
| 255 | 260 |
| 256 bool OwnerSettingsServiceChromeOS::Set(const std::string& setting, | 261 bool OwnerSettingsServiceChromeOS::Set(const std::string& setting, |
| 257 const base::Value& value) { | 262 const base::Value& value) { |
| 258 DCHECK(thread_checker_.CalledOnValidThread()); | 263 DCHECK(thread_checker_.CalledOnValidThread()); |
| 259 if (!IsOwner() && !IsOwnerInTests(user_id_)) | 264 if (!IsOwner() && !IsOwnerInTests(user_id_)) |
| 260 return false; | 265 return false; |
| 261 | 266 |
| (...skipping 145 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 407 base::Bind(base::IgnoreResult(&crypto::InitializeNSSForChromeOSUser), | 412 base::Bind(base::IgnoreResult(&crypto::InitializeNSSForChromeOSUser), |
| 408 user_hash, | 413 user_hash, |
| 409 ProfileHelper::GetProfilePathByUserIdHash(user_hash)), | 414 ProfileHelper::GetProfilePathByUserIdHash(user_hash)), |
| 410 base::Bind(&DoesPrivateKeyExistAsync, owner_key_util, callback)); | 415 base::Bind(&DoesPrivateKeyExistAsync, owner_key_util, callback)); |
| 411 } | 416 } |
| 412 | 417 |
| 413 // static | 418 // static |
| 414 scoped_ptr<em::PolicyData> OwnerSettingsServiceChromeOS::AssemblePolicy( | 419 scoped_ptr<em::PolicyData> OwnerSettingsServiceChromeOS::AssemblePolicy( |
| 415 const std::string& user_id, | 420 const std::string& user_id, |
| 416 const em::PolicyData* policy_data, | 421 const em::PolicyData* policy_data, |
| 417 const em::ChromeDeviceSettingsProto* settings) { | 422 bool apply_pending_management_settings, |
| 423 const ManagementSettings& pending_management_settings, |
| 424 em::ChromeDeviceSettingsProto* settings) { |
| 418 scoped_ptr<em::PolicyData> policy(new em::PolicyData()); | 425 scoped_ptr<em::PolicyData> policy(new em::PolicyData()); |
| 419 if (policy_data) { | 426 if (policy_data) { |
| 420 // Preserve management settings. | 427 // Preserve management settings. |
| 421 if (policy_data->has_management_mode()) | 428 if (policy_data->has_management_mode()) |
| 422 policy->set_management_mode(policy_data->management_mode()); | 429 policy->set_management_mode(policy_data->management_mode()); |
| 423 if (policy_data->has_request_token()) | 430 if (policy_data->has_request_token()) |
| 424 policy->set_request_token(policy_data->request_token()); | 431 policy->set_request_token(policy_data->request_token()); |
| 425 if (policy_data->has_device_id()) | 432 if (policy_data->has_device_id()) |
| 426 policy->set_device_id(policy_data->device_id()); | 433 policy->set_device_id(policy_data->device_id()); |
| 427 } else { | 434 } else { |
| 428 // If there's no previous policy data, this is the first time the device | 435 // If there's no previous policy data, this is the first time the device |
| 429 // setting is set. We set the management mode to LOCAL_OWNER initially. | 436 // setting is set. We set the management mode to LOCAL_OWNER initially. |
| 430 policy->set_management_mode(em::PolicyData::LOCAL_OWNER); | 437 policy->set_management_mode(em::PolicyData::LOCAL_OWNER); |
| 431 } | 438 } |
| 439 if (apply_pending_management_settings) { |
| 440 policy::SetManagementMode(*policy, |
| 441 pending_management_settings.management_mode); |
| 442 |
| 443 if (pending_management_settings.request_token.empty()) |
| 444 policy->clear_request_token(); |
| 445 else |
| 446 policy->set_request_token(pending_management_settings.request_token); |
| 447 |
| 448 if (pending_management_settings.device_id.empty()) |
| 449 policy->clear_device_id(); |
| 450 else |
| 451 policy->set_device_id(pending_management_settings.device_id); |
| 452 } |
| 432 policy->set_policy_type(policy::dm_protocol::kChromeDevicePolicyType); | 453 policy->set_policy_type(policy::dm_protocol::kChromeDevicePolicyType); |
| 433 policy->set_timestamp( | 454 policy->set_timestamp( |
| 434 (base::Time::Now() - base::Time::UnixEpoch()).InMilliseconds()); | 455 (base::Time::Now() - base::Time::UnixEpoch()).InMilliseconds()); |
| 435 policy->set_username(user_id); | 456 policy->set_username(user_id); |
| 457 if (policy_data->management_mode() == em::PolicyData::LOCAL_OWNER || |
| 458 policy_data->management_mode() == em::PolicyData::CONSUMER_MANAGED) { |
| 459 FixupLocalOwnerPolicy(user_id, settings); |
| 460 } |
| 436 if (!settings->SerializeToString(policy->mutable_policy_value())) | 461 if (!settings->SerializeToString(policy->mutable_policy_value())) |
| 437 return scoped_ptr<em::PolicyData>(); | 462 return scoped_ptr<em::PolicyData>(); |
| 438 | 463 |
| 439 return policy.Pass(); | 464 return policy.Pass(); |
| 440 } | 465 } |
| 441 | 466 |
| 442 // static | 467 // static |
| 468 void OwnerSettingsServiceChromeOS::FixupLocalOwnerPolicy( |
| 469 const std::string& user_id, |
| 470 enterprise_management::ChromeDeviceSettingsProto* settings) { |
| 471 if (!settings->has_allow_new_users()) |
| 472 settings->mutable_allow_new_users()->set_allow_new_users(true); |
| 473 |
| 474 em::UserWhitelistProto* whitelist_proto = settings->mutable_user_whitelist(); |
| 475 if (whitelist_proto->user_whitelist().end() == |
| 476 std::find(whitelist_proto->user_whitelist().begin(), |
| 477 whitelist_proto->user_whitelist().end(), user_id)) { |
| 478 whitelist_proto->add_user_whitelist(user_id); |
| 479 } |
| 480 } |
| 481 |
| 482 // static |
| 443 void OwnerSettingsServiceChromeOS::UpdateDeviceSettings( | 483 void OwnerSettingsServiceChromeOS::UpdateDeviceSettings( |
| 444 const std::string& path, | 484 const std::string& path, |
| 445 const base::Value& value, | 485 const base::Value& value, |
| 446 enterprise_management::ChromeDeviceSettingsProto& settings) { | 486 enterprise_management::ChromeDeviceSettingsProto& settings) { |
| 447 if (path == kAccountsPrefAllowNewUser) { | 487 if (path == kAccountsPrefAllowNewUser) { |
| 448 em::AllowNewUsersProto* allow = settings.mutable_allow_new_users(); | 488 em::AllowNewUsersProto* allow = settings.mutable_allow_new_users(); |
| 449 bool allow_value; | 489 bool allow_value; |
| 450 if (value.GetAsBoolean(&allow_value)) { | 490 if (value.GetAsBoolean(&allow_value)) { |
| 451 allow->set_allow_new_users(allow_value); | 491 allow->set_allow_new_users(allow_value); |
| 452 } else { | 492 } else { |
| (...skipping 214 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 667 void OwnerSettingsServiceChromeOS::OnPostKeypairLoadedActions() { | 707 void OwnerSettingsServiceChromeOS::OnPostKeypairLoadedActions() { |
| 668 DCHECK(thread_checker_.CalledOnValidThread()); | 708 DCHECK(thread_checker_.CalledOnValidThread()); |
| 669 | 709 |
| 670 const user_manager::User* user = | 710 const user_manager::User* user = |
| 671 ProfileHelper::Get()->GetUserByProfile(profile_); | 711 ProfileHelper::Get()->GetUserByProfile(profile_); |
| 672 user_id_ = user ? user->GetUserID() : std::string(); | 712 user_id_ = user ? user->GetUserID() : std::string(); |
| 673 | 713 |
| 674 const bool is_owner = IsOwner() || IsOwnerInTests(user_id_); | 714 const bool is_owner = IsOwner() || IsOwnerInTests(user_id_); |
| 675 if (is_owner && device_settings_service_) | 715 if (is_owner && device_settings_service_) |
| 676 device_settings_service_->InitOwner(user_id_, weak_factory_.GetWeakPtr()); | 716 device_settings_service_->InitOwner(user_id_, weak_factory_.GetWeakPtr()); |
| 717 |
| 718 has_pending_fixups_ = true; |
| 677 } | 719 } |
| 678 | 720 |
| 679 void OwnerSettingsServiceChromeOS::ReloadKeypairImpl(const base::Callback< | 721 void OwnerSettingsServiceChromeOS::ReloadKeypairImpl(const base::Callback< |
| 680 void(const scoped_refptr<PublicKey>& public_key, | 722 void(const scoped_refptr<PublicKey>& public_key, |
| 681 const scoped_refptr<PrivateKey>& private_key)>& callback) { | 723 const scoped_refptr<PrivateKey>& private_key)>& callback) { |
| 682 DCHECK(thread_checker_.CalledOnValidThread()); | 724 DCHECK(thread_checker_.CalledOnValidThread()); |
| 683 | 725 |
| 684 if (waiting_for_profile_creation_ || waiting_for_tpm_token_) | 726 if (waiting_for_profile_creation_ || waiting_for_tpm_token_) |
| 685 return; | 727 return; |
| 686 scoped_refptr<base::TaskRunner> task_runner = | 728 scoped_refptr<base::TaskRunner> task_runner = |
| 687 BrowserThread::GetBlockingPool()->GetTaskRunnerWithShutdownBehavior( | 729 BrowserThread::GetBlockingPool()->GetTaskRunnerWithShutdownBehavior( |
| 688 base::SequencedWorkerPool::SKIP_ON_SHUTDOWN); | 730 base::SequencedWorkerPool::SKIP_ON_SHUTDOWN); |
| 689 task_runner->PostTask( | 731 task_runner->PostTask( |
| 690 FROM_HERE, | 732 FROM_HERE, |
| 691 base::Bind(&LoadPrivateKey, | 733 base::Bind(&LoadPrivateKey, |
| 692 owner_key_util_, | 734 owner_key_util_, |
| 693 ProfileHelper::GetUserIdHashFromProfile(profile_), | 735 ProfileHelper::GetUserIdHashFromProfile(profile_), |
| 694 callback)); | 736 callback)); |
| 695 } | 737 } |
| 696 | 738 |
| 697 void OwnerSettingsServiceChromeOS::StorePendingChanges() { | 739 void OwnerSettingsServiceChromeOS::StorePendingChanges() { |
| 698 if (!has_pending_changes() || store_settings_factory_.HasWeakPtrs() || | 740 if (!HasPendingChanges() || store_settings_factory_.HasWeakPtrs() || |
| 699 !device_settings_service_ || user_id_.empty()) { | 741 !device_settings_service_ || user_id_.empty()) { |
| 700 return; | 742 return; |
| 701 } | 743 } |
| 702 | 744 |
| 703 em::ChromeDeviceSettingsProto settings; | 745 em::ChromeDeviceSettingsProto settings; |
| 704 if (tentative_settings_.get()) { | 746 if (tentative_settings_.get()) { |
| 705 settings.Swap(tentative_settings_.get()); | 747 settings.Swap(tentative_settings_.get()); |
| 706 tentative_settings_.reset(); | 748 tentative_settings_.reset(); |
| 707 } else if (device_settings_service_->status() == | 749 } else if (device_settings_service_->status() == |
| 708 DeviceSettingsService::STORE_SUCCESS && | 750 DeviceSettingsService::STORE_SUCCESS && |
| 709 device_settings_service_->device_settings()) { | 751 device_settings_service_->device_settings()) { |
| 710 settings = *device_settings_service_->device_settings(); | 752 settings = *device_settings_service_->device_settings(); |
| 711 } else { | 753 } else { |
| 712 return; | 754 return; |
| 713 } | 755 } |
| 714 | 756 |
| 715 for (const auto& change : pending_changes_) | 757 for (const auto& change : pending_changes_) |
| 716 UpdateDeviceSettings(change.first, *change.second, settings); | 758 UpdateDeviceSettings(change.first, *change.second, settings); |
| 717 pending_changes_.clear(); | 759 pending_changes_.clear(); |
| 718 | 760 |
| 719 scoped_ptr<em::PolicyData> policy = AssemblePolicy( | 761 scoped_ptr<em::PolicyData> policy = |
| 720 user_id_, device_settings_service_->policy_data(), &settings); | 762 AssemblePolicy(user_id_, device_settings_service_->policy_data(), |
| 721 | 763 has_pending_management_settings_, |
| 722 if (has_pending_management_settings_) { | 764 pending_management_settings_, &settings); |
| 723 policy::SetManagementMode(*policy, | 765 has_pending_fixups_ = false; |
| 724 pending_management_settings_.management_mode); | |
| 725 | |
| 726 if (pending_management_settings_.request_token.empty()) | |
| 727 policy->clear_request_token(); | |
| 728 else | |
| 729 policy->set_request_token(pending_management_settings_.request_token); | |
| 730 | |
| 731 if (pending_management_settings_.device_id.empty()) | |
| 732 policy->clear_device_id(); | |
| 733 else | |
| 734 policy->set_device_id(pending_management_settings_.device_id); | |
| 735 } | |
| 736 has_pending_management_settings_ = false; | 766 has_pending_management_settings_ = false; |
| 737 | 767 |
| 738 bool rv = AssembleAndSignPolicyAsync( | 768 bool rv = AssembleAndSignPolicyAsync( |
| 739 content::BrowserThread::GetBlockingPool(), policy.Pass(), | 769 content::BrowserThread::GetBlockingPool(), policy.Pass(), |
| 740 base::Bind(&OwnerSettingsServiceChromeOS::OnPolicyAssembledAndSigned, | 770 base::Bind(&OwnerSettingsServiceChromeOS::OnPolicyAssembledAndSigned, |
| 741 store_settings_factory_.GetWeakPtr())); | 771 store_settings_factory_.GetWeakPtr())); |
| 742 if (!rv) | 772 if (!rv) |
| 743 ReportStatusAndContinueStoring(false /* success */); | 773 ReportStatusAndContinueStoring(false /* success */); |
| 744 } | 774 } |
| 745 | 775 |
| (...skipping 26 matching lines...) Expand all Loading... |
| 772 std::vector<OnManagementSettingsSetCallback> callbacks; | 802 std::vector<OnManagementSettingsSetCallback> callbacks; |
| 773 pending_management_settings_callbacks_.swap(callbacks); | 803 pending_management_settings_callbacks_.swap(callbacks); |
| 774 for (const auto& callback : callbacks) { | 804 for (const auto& callback : callbacks) { |
| 775 if (!callback.is_null()) | 805 if (!callback.is_null()) |
| 776 callback.Run(success); | 806 callback.Run(success); |
| 777 } | 807 } |
| 778 StorePendingChanges(); | 808 StorePendingChanges(); |
| 779 } | 809 } |
| 780 | 810 |
| 781 } // namespace chromeos | 811 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 985093002:
Fix up Owner settings on first load (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master