Fix up Owner settings on first load

chrome/browser/chromeos/ownership/owner_settings_service_chromeos.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/ownership/owner_settings_service_chromeos.h"
 
+#include <algorithm>
 #include <string>
 
 #include "base/bind.h"
 #include "base/bind_helpers.h"
 #include "base/callback.h"
 #include "base/command_line.h"
 #include "base/prefs/pref_service.h"
 #include "base/threading/thread_checker.h"
 #include "chrome/browser/chrome_notification_types.h"
 #include "chrome/browser/chromeos/ownership/owner_settings_service_chromeos_factory.h"
 #include "chrome/browser/chromeos/profiles/profile_helper.h"
-#include "chrome/browser/chromeos/profiles/profile_helper.h"
 #include "chrome/browser/chromeos/settings/cros_settings.h"
 #include "chrome/browser/chromeos/settings/device_settings_provider.h"
 #include "chrome/browser/chromeos/settings/session_manager_operation.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chromeos/dbus/dbus_thread_manager.h"
 #include "chromeos/tpm/tpm_token_loader.h"
 #include "components/ownership/owner_key_util.h"
 #include "components/user_manager/user.h"
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/notification_details.h"
@@ skipping 138 matching lines @@
       return false;
 
     case policy::MANAGEMENT_MODE_CONSUMER_MANAGED:
       // For consumer management unenrollment.
       return new_mode == policy::MANAGEMENT_MODE_LOCAL_OWNER;
   }
 
   NOTREACHED();
   return false;
 }
-
 }  // namespace
 
 OwnerSettingsServiceChromeOS::ManagementSettings::ManagementSettings() {
 }
 
 OwnerSettingsServiceChromeOS::ManagementSettings::~ManagementSettings() {
 }
 
 OwnerSettingsServiceChromeOS::OwnerSettingsServiceChromeOS(
     DeviceSettingsService* device_settings_service,
     Profile* profile,
     const scoped_refptr<OwnerKeyUtil>& owner_key_util)
     : ownership::OwnerSettingsService(owner_key_util),
       device_settings_service_(device_settings_service),
       profile_(profile),
       waiting_for_profile_creation_(true),
       waiting_for_tpm_token_(true),
+      has_pending_fixups_(false),
       has_pending_management_settings_(false),
       weak_factory_(this),
       store_settings_factory_(this) {
   if (TPMTokenLoader::IsInitialized()) {
     TPMTokenLoader::TPMTokenStatus tpm_token_status =
         TPMTokenLoader::Get()->IsTPMTokenEnabled(
             base::Bind(&OwnerSettingsServiceChromeOS::OnTPMTokenReady,
                        weak_factory_.GetWeakPtr()));
     waiting_for_tpm_token_ =
         tpm_token_status == TPMTokenLoader::TPM_TOKEN_STATUS_UNDETERMINED;
@@ skipping 202 matching lines @@
       base::Bind(base::IgnoreResult(&crypto::InitializeNSSForChromeOSUser),
                  user_hash,
                  ProfileHelper::GetProfilePathByUserIdHash(user_hash)),
       base::Bind(&DoesPrivateKeyExistAsync, owner_key_util, callback));
 }
 
 // static
 scoped_ptr<em::PolicyData> OwnerSettingsServiceChromeOS::AssemblePolicy(
     const std::string& user_id,
     const em::PolicyData* policy_data,
-    const em::ChromeDeviceSettingsProto* settings) {
+    bool apply_pending_management_settings,
+    const ManagementSettings& pending_management_settings,
+    em::ChromeDeviceSettingsProto* settings) {
   scoped_ptr<em::PolicyData> policy(new em::PolicyData());
   if (policy_data) {
     // Preserve management settings.
     if (policy_data->has_management_mode())
       policy->set_management_mode(policy_data->management_mode());
     if (policy_data->has_request_token())
       policy->set_request_token(policy_data->request_token());
     if (policy_data->has_device_id())
       policy->set_device_id(policy_data->device_id());
   } else {
     // If there's no previous policy data, this is the first time the device
     // setting is set. We set the management mode to LOCAL_OWNER initially.
     policy->set_management_mode(em::PolicyData::LOCAL_OWNER);
   }
+  if (apply_pending_management_settings) {
+    policy::SetManagementMode(*policy,
+                              pending_management_settings.management_mode);
+
+    if (pending_management_settings.request_token.empty())
+      policy->clear_request_token();
+    else
+      policy->set_request_token(pending_management_settings.request_token);
+
+    if (pending_management_settings.device_id.empty())
+      policy->clear_device_id();
+    else
+      policy->set_device_id(pending_management_settings.device_id);
+  }
   policy->set_policy_type(policy::dm_protocol::kChromeDevicePolicyType);
   policy->set_timestamp(
       (base::Time::Now() - base::Time::UnixEpoch()).InMilliseconds());
   policy->set_username(user_id);
+  if (policy_data->management_mode() == em::PolicyData::LOCAL_OWNER ||
+      policy_data->management_mode() == em::PolicyData::CONSUMER_MANAGED) {
+    FixupLocalOwnerPolicy(user_id, settings);
+  }
   if (!settings->SerializeToString(policy->mutable_policy_value()))
     return scoped_ptr<em::PolicyData>();
 
   return policy.Pass();
 }
 
 // static
+void OwnerSettingsServiceChromeOS::FixupLocalOwnerPolicy(
+    const std::string& user_id,
+    enterprise_management::ChromeDeviceSettingsProto* settings) {
+  if (!settings->has_allow_new_users())
+    settings->mutable_allow_new_users()->set_allow_new_users(true);
+
+  em::UserWhitelistProto* whitelist_proto = settings->mutable_user_whitelist();
+  if (whitelist_proto->user_whitelist().end() ==
+      std::find(whitelist_proto->user_whitelist().begin(),
+                whitelist_proto->user_whitelist().end(), user_id)) {
+    whitelist_proto->add_user_whitelist(user_id);
+  }
+}
+
+// static
 void OwnerSettingsServiceChromeOS::UpdateDeviceSettings(
     const std::string& path,
     const base::Value& value,
     enterprise_management::ChromeDeviceSettingsProto& settings) {
   if (path == kAccountsPrefAllowNewUser) {
     em::AllowNewUsersProto* allow = settings.mutable_allow_new_users();
     bool allow_value;
     if (value.GetAsBoolean(&allow_value)) {
       allow->set_allow_new_users(allow_value);
     } else {
@@ skipping 214 matching lines @@
 void OwnerSettingsServiceChromeOS::OnPostKeypairLoadedActions() {
   DCHECK(thread_checker_.CalledOnValidThread());
 
   const user_manager::User* user =
       ProfileHelper::Get()->GetUserByProfile(profile_);
   user_id_ = user ? user->GetUserID() : std::string();
 
   const bool is_owner = IsOwner() || IsOwnerInTests(user_id_);
   if (is_owner && device_settings_service_)
     device_settings_service_->InitOwner(user_id_, weak_factory_.GetWeakPtr());
+
+  has_pending_fixups_ = true;
 }
 
 void OwnerSettingsServiceChromeOS::ReloadKeypairImpl(const base::Callback<
     void(const scoped_refptr<PublicKey>& public_key,
          const scoped_refptr<PrivateKey>& private_key)>& callback) {
   DCHECK(thread_checker_.CalledOnValidThread());
 
   if (waiting_for_profile_creation_ || waiting_for_tpm_token_)
     return;
   scoped_refptr<base::TaskRunner> task_runner =
@@ skipping 22 matching lines @@
              device_settings_service_->device_settings()) {
     settings = *device_settings_service_->device_settings();
   } else {
     return;
   }
 
   for (const auto& change : pending_changes_)
     UpdateDeviceSettings(change.first, *change.second, settings);
   pending_changes_.clear();
 
-  scoped_ptr<em::PolicyData> policy = AssemblePolicy(
-      user_id_, device_settings_service_->policy_data(), &settings);
-
-  if (has_pending_management_settings_) {
-    policy::SetManagementMode(*policy,
-                              pending_management_settings_.management_mode);
-
-    if (pending_management_settings_.request_token.empty())
-      policy->clear_request_token();
-    else
-      policy->set_request_token(pending_management_settings_.request_token);
-
-    if (pending_management_settings_.device_id.empty())
-      policy->clear_device_id();
-    else
-      policy->set_device_id(pending_management_settings_.device_id);
-  }
+  scoped_ptr<em::PolicyData> policy =
+      AssemblePolicy(user_id_, device_settings_service_->policy_data(),
+                     has_pending_management_settings_,
+                     pending_management_settings_, &settings);
+  has_pending_fixups_ = false;
   has_pending_management_settings_ = false;
 
   bool rv = AssembleAndSignPolicyAsync(
       content::BrowserThread::GetBlockingPool(), policy.Pass(),
       base::Bind(&OwnerSettingsServiceChromeOS::OnPolicyAssembledAndSigned,
                  store_settings_factory_.GetWeakPtr()));
   if (!rv)
     ReportStatusAndContinueStoring(false /* success */);
 }
 
@@ skipping 26 matching lines @@
   std::vector<OnManagementSettingsSetCallback> callbacks;
   pending_management_settings_callbacks_.swap(callbacks);
   for (const auto& callback : callbacks) {
     if (!callback.is_null())
       callback.Run(success);
   }
   StorePendingChanges();
 }
 
 }  // namespace chromeos