Chromium Code Reviews| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/policy/user_cloud_policy_store.h" | 5 #include "chrome/browser/policy/user_cloud_policy_store.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/file_util.h" | |
| 8 #include "chrome/browser/policy/proto/cloud_policy.pb.h" | 9 #include "chrome/browser/policy/proto/cloud_policy.pb.h" |
| 10 #include "chrome/browser/policy/proto/device_management_backend.pb.h" | |
| 11 #include "chrome/browser/policy/proto/device_management_local.pb.h" | |
| 12 #include "chrome/browser/profiles/profile.h" | |
| 9 #include "chrome/browser/signin/signin_manager.h" | 13 #include "chrome/browser/signin/signin_manager.h" |
| 10 #include "chrome/browser/signin/signin_manager_factory.h" | 14 #include "chrome/browser/signin/signin_manager_factory.h" |
| 15 #include "content/public/browser/browser_thread.h" | |
| 11 | 16 |
| 12 using enterprise_management::PolicyData; | 17 namespace em = enterprise_management; |
| 13 | 18 |
| 14 namespace policy { | 19 namespace policy { |
| 15 | 20 |
| 16 UserCloudPolicyStore::UserCloudPolicyStore(Profile* profile) | 21 enum PolicyLoadStatus { |
| 22 // Policy blob was successfully loaded and parsed. | |
| 23 LOAD_RESULT_SUCCESS, | |
| 24 | |
| 25 // No previously stored policy was found. | |
| 26 LOAD_RESULT_NO_POLICY_FILE, | |
| 27 | |
| 28 // Could not load the previously stored policy due to either a parse or | |
| 29 // file read error. | |
| 30 LOAD_RESULT_LOAD_ERROR | |
|
Mattias Nissler (ping if slow)
2012/08/23 09:28:35
add trailing comma
Andrew T Wilson (Slow)
2012/08/23 18:00:08
Done, although the style guide seems to be inconsi
| |
| 31 }; | |
| 32 | |
| 33 struct PolicyLoadResult { | |
| 34 PolicyLoadStatus status; | |
| 35 enterprise_management::PolicyFetchResponse policy; | |
|
Joao da Silva
2012/08/23 16:23:46
Nit: em::
Andrew T Wilson (Slow)
2012/08/23 18:00:08
Done.
| |
| 36 }; | |
| 37 | |
| 38 } // namespace policy | |
|
Joao da Silva
2012/08/23 16:23:46
Nit: two spaces before //
Also, you can keep the
Andrew T Wilson (Slow)
2012/08/23 18:00:08
Done.
| |
| 39 | |
| 40 namespace { | |
| 41 | |
| 42 // Subdirectory in the user's profile for storing user policies. | |
| 43 const FilePath::CharType kPolicyDir[] = FILE_PATH_LITERAL("Policy"); | |
| 44 // File in the above directory for storing user policy data. | |
| 45 const FilePath::CharType kPolicyCacheFile[] = FILE_PATH_LITERAL("User Policy"); | |
| 46 | |
| 47 // Loads policy from the backing file (must be called via a task on | |
| 48 // the FILE thread). Once complete, loaded policy is in |policy_| and | |
| 49 // error() will return true if an error was encountered. | |
|
Mattias Nissler (ping if slow)
2012/08/23 09:28:35
comment is outdated
Andrew T Wilson (Slow)
2012/08/23 18:00:08
Done.
| |
| 50 policy::PolicyLoadResult LoadPolicyFromDiskOnFileThread(const FilePath& path) { | |
| 51 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::FILE)); | |
| 52 policy::PolicyLoadResult result; | |
| 53 // If the backing file did not exist, just return. | |
|
Mattias Nissler (ping if slow)
2012/08/23 09:28:35
nit: s/did/does/
Andrew T Wilson (Slow)
2012/08/23 18:00:08
Done.
| |
| 54 if (!file_util::PathExists(path)) { | |
| 55 result.status = policy::LOAD_RESULT_NO_POLICY_FILE; | |
| 56 return result; | |
| 57 } | |
| 58 std::string data; | |
| 59 if (!file_util::ReadFileToString(path, &data) || | |
| 60 !result.policy.ParseFromArray(data.c_str(), data.size())) { | |
| 61 LOG(WARNING) << "Failed to read or parse policy data from " << path.value(); | |
| 62 result.status = policy::LOAD_RESULT_LOAD_ERROR; | |
| 63 return result; | |
| 64 } | |
| 65 | |
| 66 result.status = policy::LOAD_RESULT_SUCCESS; | |
| 67 return result; | |
| 68 } | |
| 69 | |
| 70 // Stores policy to the backing file (must be called via a task on | |
| 71 // the FILE thread). | |
| 72 void StorePolicyToDiskOnFileThread(const FilePath& path, | |
| 73 const em::PolicyFetchResponse& policy) { | |
| 74 DVLOG(1) << "Storing policy to " << path.AsUTF8Unsafe(); | |
|
Joao da Silva
2012/08/23 16:23:46
First time I see path.AsUTF8Unsafe(), I think path
Andrew T Wilson (Slow)
2012/08/23 18:00:08
Done.
| |
| 75 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::FILE)); | |
| 76 std::string data; | |
| 77 if (!policy.SerializeToString(&data)) { | |
| 78 DLOG(WARNING) << "Failed to serialize policy data"; | |
| 79 return; | |
| 80 } | |
| 81 | |
| 82 if (!file_util::CreateDirectory(path.DirName())) { | |
| 83 DLOG(WARNING) << "Failed to create directory " << path.DirName().value(); | |
| 84 return; | |
| 85 } | |
| 86 | |
| 87 int size = data.size(); | |
| 88 if (file_util::WriteFile(path, data.c_str(), size) != size) { | |
| 89 DLOG(WARNING) << "Failed to write " << path.value(); | |
| 90 } | |
| 91 } | |
| 92 | |
| 93 } // namespace | |
| 94 | |
| 95 namespace policy { | |
| 96 | |
| 97 UserCloudPolicyStore::UserCloudPolicyStore(Profile* profile, | |
| 98 const FilePath& path) | |
| 17 : ALLOW_THIS_IN_INITIALIZER_LIST(weak_factory_(this)), | 99 : ALLOW_THIS_IN_INITIALIZER_LIST(weak_factory_(this)), |
| 18 profile_(profile) { | 100 profile_(profile), |
| 101 backing_file_path_(path) { | |
| 19 } | 102 } |
| 20 | 103 |
| 21 UserCloudPolicyStore::~UserCloudPolicyStore() { | 104 UserCloudPolicyStore::~UserCloudPolicyStore() { |
| 22 } | 105 } |
| 23 | 106 |
| 24 void UserCloudPolicyStore::Load() { | 107 void UserCloudPolicyStore::Load() { |
| 25 // TODO(atwilson): Read policy from file. | 108 DVLOG(1) << "Initiating policy load from disk"; |
| 26 policy_.reset(); | 109 // Cancel any pending Load/Store/Validate operations. |
| 27 policy_map_.Clear(); | 110 weak_factory_.InvalidateWeakPtrs(); |
| 111 | |
| 112 // Start a new Load operation and have us get called back when it is | |
| 113 // complete. | |
| 114 content::BrowserThread::PostTaskAndReplyWithResult( | |
| 115 content::BrowserThread::FILE, FROM_HERE, | |
| 116 base::Bind(&LoadPolicyFromDiskOnFileThread, backing_file_path_), | |
| 117 base::Bind(&UserCloudPolicyStore::PolicyLoaded, | |
| 118 weak_factory_.GetWeakPtr())); | |
| 119 } | |
| 120 | |
| 121 void UserCloudPolicyStore::PolicyLoaded(PolicyLoadResult result) { | |
| 122 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI)); | |
| 123 switch (result.status) { | |
| 124 case LOAD_RESULT_LOAD_ERROR: | |
| 125 DLOG(WARNING) << "Error reading policy from disk"; | |
|
Mattias Nissler (ping if slow)
2012/08/23 09:28:35
nit: reconcile with the LOG in the helper function
Andrew T Wilson (Slow)
2012/08/23 18:00:08
OK, removed from here in favor of there.
| |
| 126 status_ = STATUS_LOAD_ERROR; | |
| 127 NotifyStoreError(); | |
| 128 break; | |
| 129 | |
| 130 case LOAD_RESULT_NO_POLICY_FILE: | |
| 131 DVLOG(1) << "No policy found on disk"; | |
| 132 NotifyStoreLoaded(); | |
| 133 break; | |
| 134 | |
| 135 case LOAD_RESULT_SUCCESS: { | |
| 136 // Found policy on disk - need to validate it before it can be used. | |
| 137 scoped_ptr<em::PolicyFetchResponse> cloud_policy( | |
| 138 new em::PolicyFetchResponse(result.policy)); | |
| 139 Validate(cloud_policy.Pass(), | |
| 140 base::Bind( | |
| 141 &UserCloudPolicyStore::InstallLoadedPolicyAfterValidation, | |
| 142 weak_factory_.GetWeakPtr())); | |
| 143 break; | |
| 144 } | |
| 145 default: | |
| 146 NOTREACHED(); | |
| 147 } | |
| 148 } | |
| 149 | |
| 150 void UserCloudPolicyStore::InstallLoadedPolicyAfterValidation( | |
| 151 UserCloudPolicyValidator* validator) { | |
| 152 validation_status_ = validator->status(); | |
| 153 if (!validator->success()) { | |
| 154 DVLOG(1) << "Validation failed: status=" << validation_status_; | |
| 155 status_ = STATUS_VALIDATION_ERROR; | |
| 156 NotifyStoreError(); | |
| 157 return; | |
| 158 } | |
| 159 | |
| 160 DVLOG(1) << "Validation succeeded - installing policy with dm_token: " << | |
| 161 validator->policy_data()->request_token(); | |
| 162 DVLOG(1) << "Device ID: " << validator->policy_data()->device_id(); | |
| 163 | |
| 164 InstallPolicy(validator->policy_data().Pass(), validator->payload().Pass()); | |
| 165 status_ = STATUS_OK; | |
| 28 NotifyStoreLoaded(); | 166 NotifyStoreLoaded(); |
| 29 } | 167 } |
| 30 | 168 |
| 31 void UserCloudPolicyStore::RemoveStoredPolicy() { | 169 void UserCloudPolicyStore::RemoveStoredPolicy() { |
| 32 // TODO(atwilson): Remove policy from disk. | 170 content::BrowserThread::PostTask( |
| 171 content::BrowserThread::FILE, FROM_HERE, | |
| 172 base::Bind(base::IgnoreResult(&file_util::Delete), | |
| 173 backing_file_path_, | |
| 174 false)); | |
| 33 } | 175 } |
| 34 | 176 |
| 35 void UserCloudPolicyStore::Store( | 177 void UserCloudPolicyStore::Store(const em::PolicyFetchResponse& policy) { |
| 36 const enterprise_management::PolicyFetchResponse& policy) { | |
| 37 // Stop any pending requests to store policy, then validate the new policy | 178 // Stop any pending requests to store policy, then validate the new policy |
| 38 // before storing it. | 179 // before storing it. |
| 39 weak_factory_.InvalidateWeakPtrs(); | 180 weak_factory_.InvalidateWeakPtrs(); |
| 40 scoped_ptr<enterprise_management::PolicyFetchResponse> policy_copy( | 181 scoped_ptr<em::PolicyFetchResponse> policy_copy( |
| 41 new enterprise_management::PolicyFetchResponse(policy)); | 182 new em::PolicyFetchResponse(policy)); |
| 42 Validate(policy_copy.Pass(), | 183 Validate(policy_copy.Pass(), |
| 43 base::Bind(&UserCloudPolicyStore::StorePolicyAfterValidation, | 184 base::Bind(&UserCloudPolicyStore::StorePolicyAfterValidation, |
| 44 weak_factory_.GetWeakPtr())); | 185 weak_factory_.GetWeakPtr())); |
| 45 } | 186 } |
| 46 | 187 |
| 47 void UserCloudPolicyStore::Validate( | 188 void UserCloudPolicyStore::Validate( |
| 48 scoped_ptr<enterprise_management::PolicyFetchResponse> policy, | 189 scoped_ptr<em::PolicyFetchResponse> policy, |
| 49 const UserCloudPolicyValidator::CompletionCallback& callback) { | 190 const UserCloudPolicyValidator::CompletionCallback& callback) { |
| 50 // Configure the validator. | 191 // Configure the validator. |
| 51 scoped_ptr<UserCloudPolicyValidator> validator = | 192 scoped_ptr<UserCloudPolicyValidator> validator = |
| 52 CreateValidator(policy.Pass(), callback); | 193 CreateValidator(policy.Pass(), callback); |
| 53 SigninManager* signin = SigninManagerFactory::GetForProfile(profile_); | 194 SigninManager* signin = SigninManagerFactory::GetForProfile(profile_); |
| 54 std::string username = signin->GetAuthenticatedUsername(); | 195 std::string username = signin->GetAuthenticatedUsername(); |
| 55 DCHECK(!username.empty()); | 196 DCHECK(!username.empty()); |
| 56 validator->ValidateUsername(username); | 197 validator->ValidateUsername(username); |
| 57 | 198 |
| 58 // Start validation. The Validator will free itself once validation is | 199 // Start validation. The Validator will free itself once validation is |
| 59 // complete. | 200 // complete. |
| 60 validator.release()->StartValidation(); | 201 validator.release()->StartValidation(); |
| 61 } | 202 } |
| 62 | 203 |
| 63 void UserCloudPolicyStore::StorePolicyAfterValidation( | 204 void UserCloudPolicyStore::StorePolicyAfterValidation( |
| 64 UserCloudPolicyValidator* validator) { | 205 UserCloudPolicyValidator* validator) { |
| 65 validation_status_ = validator->status(); | 206 validation_status_ = validator->status(); |
| 207 DVLOG(1) << "Policy validation complete: status = " << validation_status_; | |
| 66 if (!validator->success()) { | 208 if (!validator->success()) { |
| 67 status_ = STATUS_VALIDATION_ERROR; | 209 status_ = STATUS_VALIDATION_ERROR; |
| 68 NotifyStoreError(); | 210 NotifyStoreError(); |
| 69 return; | 211 return; |
| 70 } | 212 } |
| 71 // TODO(atwilson): Write policy to file. | 213 |
| 214 // Persist the validated policy (just fire a task - don't bother getting a | |
| 215 // reply because we can't do anything if it fails). | |
| 216 content::BrowserThread::PostTask( | |
| 217 content::BrowserThread::FILE, FROM_HERE, | |
| 218 base::Bind(&StorePolicyToDiskOnFileThread, | |
| 219 backing_file_path_, *validator->policy())); | |
| 72 InstallPolicy(validator->policy_data().Pass(), validator->payload().Pass()); | 220 InstallPolicy(validator->policy_data().Pass(), validator->payload().Pass()); |
| 73 status_ = STATUS_OK; | 221 status_ = STATUS_OK; |
| 74 NotifyStoreLoaded(); | 222 NotifyStoreLoaded(); |
| 75 } | 223 } |
| 76 | 224 |
| 77 // static | 225 // static |
| 78 scoped_ptr<CloudPolicyStore> CloudPolicyStore::CreateUserPolicyStore( | 226 scoped_ptr<CloudPolicyStore> CloudPolicyStore::CreateUserPolicyStore( |
| 79 Profile* profile) { | 227 Profile* profile) { |
| 80 return scoped_ptr<CloudPolicyStore>(new UserCloudPolicyStore(profile)); | 228 FilePath path = |
| 229 profile->GetPath().Append(kPolicyDir).Append(kPolicyCacheFile); | |
| 230 return scoped_ptr<CloudPolicyStore>(new UserCloudPolicyStore(profile, path)); | |
| 81 } | 231 } |
| 82 | 232 |
| 83 } // namespace policy | 233 } // namespace policy |
| OLD | NEW |