Chromium Code Reviews Chromium Code Reviews
Issue 11434053:
Add support for public account policy to CloudPolicyClient. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 # Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 # Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 # Use of this source code is governed by a BSD-style license that can be | 2 # Use of this source code is governed by a BSD-style license that can be |
| 3 # found in the LICENSE file. | 3 # found in the LICENSE file. |
| 4 | 4 |
| 5 """A bare-bones test server for testing cloud policy support. | 5 """A bare-bones test server for testing cloud policy support. |
| 6 | 6 |
| 7 This implements a simple cloud policy test server that can be used to test | 7 This implements a simple cloud policy test server that can be used to test |
| 8 chrome's device management service client. The policy information is read from | 8 chrome's device management service client. The policy information is read from |
| 9 the file named device_management in the server's data directory. It contains | 9 the file named device_management in the server's data directory. It contains |
| 10 enforced and recommended policies for the device and user scope, and a list | 10 enforced and recommended policies for the device and user scope, and a list |
| (...skipping 243 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 254 and constructs the response. | 254 and constructs the response. |
| 255 | 255 |
| 256 Args: | 256 Args: |
| 257 msg: The DevicePolicyRequest message received from the client. | 257 msg: The DevicePolicyRequest message received from the client. |
| 258 | 258 |
| 259 Returns: | 259 Returns: |
| 260 A tuple of HTTP status code and response data to send to the client. | 260 A tuple of HTTP status code and response data to send to the client. |
| 261 """ | 261 """ |
| 262 for request in msg.request: | 262 for request in msg.request: |
| 263 if (request.policy_type in | 263 if (request.policy_type in |
| 264 ('google/chromeos/user', 'google/chromeos/device')): | 264 ('google/chromeos/user', |
| 265 'google/chromeos/device', | |
| 266 'google/chromeos/publicaccount')): | |
| 265 if request_type != 'policy': | 267 if request_type != 'policy': |
| 266 return (400, 'Invalid request type') | 268 return (400, 'Invalid request type') |
| 267 else: | 269 else: |
| 268 return self.ProcessCloudPolicy(request) | 270 return self.ProcessCloudPolicy(request) |
| 269 else: | 271 else: |
| 270 return (400, 'Invalid policy_type') | 272 return (400, 'Invalid policy_type') |
| 271 | 273 |
| 272 def ProcessAutoEnrollment(self, msg): | 274 def ProcessAutoEnrollment(self, msg): |
| 273 """Handles an auto-enrollment check request. | 275 """Handles an auto-enrollment check request. |
| 274 | 276 |
| (...skipping 146 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 421 """ | 423 """ |
| 422 | 424 |
| 423 token_info, error = self.CheckToken() | 425 token_info, error = self.CheckToken() |
| 424 if not token_info: | 426 if not token_info: |
| 425 return error | 427 return error |
| 426 | 428 |
| 427 if msg.machine_id: | 429 if msg.machine_id: |
| 428 self._server.UpdateMachineId(token_info['device_token'], msg.machine_id) | 430 self._server.UpdateMachineId(token_info['device_token'], msg.machine_id) |
| 429 | 431 |
| 430 # Response is only given if the scope is specified in the config file. | 432 # Response is only given if the scope is specified in the config file. |
| 431 # Normally 'google/chromeos/device' and 'google/chromeos/user' should be | 433 # Normally 'google/chromeos/device', 'google/chromeos/user' and |
| 432 # accepted. | 434 # 'google/chromeos/publicaccount' should be accepted. |
| 433 policy = self._server.GetPolicies() | 435 policy = self._server.GetPolicies() |
| 434 policy_value = '' | 436 policy_value = '' |
| 437 policy_type = msg.policy_type | |
| 438 if msg.settings_entity_id: | |
| 439 policy_type += '/' + msg.settings_entity_id | |
|
bartfab (slow)
2012/12/03 12:28:40
Should we document that in order to set mock publi
Mattias Nissler (ping if slow)
2012/12/03 13:50:39
Added an example at the beginning of the file.
bartfab (slow)
2012/12/03 14:01:05
Thanks, that's excellent. I had completely missed
| |
| 435 if (msg.policy_type in token_info['allowed_policy_types'] and | 440 if (msg.policy_type in token_info['allowed_policy_types'] and |
| 436 msg.policy_type in policy): | 441 policy_type in policy): |
| 437 if msg.policy_type == 'google/chromeos/user': | 442 if msg.policy_type == 'google/chromeos/user': |
| 438 settings = cp.CloudPolicySettings() | 443 settings = cp.CloudPolicySettings() |
| 439 self.GatherUserPolicySettings(settings, | 444 self.GatherUserPolicySettings(settings, policy[policy_type]) |
| 440 policy[msg.policy_type]) | |
| 441 policy_value = settings.SerializeToString() | |
| 442 elif msg.policy_type == 'google/chromeos/device': | 445 elif msg.policy_type == 'google/chromeos/device': |
| 443 settings = dp.ChromeDeviceSettingsProto() | 446 settings = dp.ChromeDeviceSettingsProto() |
| 444 self.GatherDevicePolicySettings(settings, | 447 self.GatherDevicePolicySettings(settings, policy[policy_type]) |
| 445 policy[msg.policy_type]) | 448 elif msg.policy_type == 'google/chromeos/publicaccount': |
| 446 policy_value = settings.SerializeToString() | 449 settings = cp.CloudPolicySettings() |
| 450 self.GatherUserPolicySettings(settings, policy[policy_type]) | |
| 447 | 451 |
| 448 # Figure out the key we want to use. If multiple keys are configured, the | 452 # Figure out the key we want to use. If multiple keys are configured, the |
| 449 # server will rotate through them in a round-robin fashion. | 453 # server will rotate through them in a round-robin fashion. |
| 450 signing_key = None | 454 signing_key = None |
| 451 req_key = None | 455 req_key = None |
| 452 key_version = 1 | 456 key_version = 1 |
| 453 nkeys = len(self._server.keys) | 457 nkeys = len(self._server.keys) |
| 454 if msg.signature_type == dm.PolicyFetchRequest.SHA1_RSA and nkeys > 0: | 458 if msg.signature_type == dm.PolicyFetchRequest.SHA1_RSA and nkeys > 0: |
| 455 if msg.public_key_version in range(1, nkeys + 1): | 459 if msg.public_key_version in range(1, nkeys + 1): |
| 456 # requested key exists, use for signing and rotate. | 460 # requested key exists, use for signing and rotate. |
| 457 req_key = self._server.keys[msg.public_key_version - 1]['private_key'] | 461 req_key = self._server.keys[msg.public_key_version - 1]['private_key'] |
| 458 key_version = (msg.public_key_version % nkeys) + 1 | 462 key_version = (msg.public_key_version % nkeys) + 1 |
| 459 signing_key = self._server.keys[key_version - 1] | 463 signing_key = self._server.keys[key_version - 1] |
| 460 | 464 |
| 461 # Fill the policy data protobuf. | 465 # Fill the policy data protobuf. |
| 462 policy_data = dm.PolicyData() | 466 policy_data = dm.PolicyData() |
| 463 policy_data.policy_type = msg.policy_type | 467 policy_data.policy_type = msg.policy_type |
| 464 policy_data.timestamp = int(time.time() * 1000) | 468 policy_data.timestamp = int(time.time() * 1000) |
| 465 policy_data.request_token = token_info['device_token'] | 469 policy_data.request_token = token_info['device_token'] |
| 466 policy_data.policy_value = policy_value | 470 policy_data.policy_value = settings.SerializeToString() |
| 467 policy_data.machine_name = token_info['machine_name'] | 471 policy_data.machine_name = token_info['machine_name'] |
| 468 policy_data.valid_serial_number_missing = ( | 472 policy_data.valid_serial_number_missing = ( |
| 469 token_info['machine_id'] in BAD_MACHINE_IDS) | 473 token_info['machine_id'] in BAD_MACHINE_IDS) |
| 470 | 474 |
| 471 if signing_key: | 475 if signing_key: |
| 472 policy_data.public_key_version = key_version | 476 policy_data.public_key_version = key_version |
| 473 # There is no way for the testserver to know the user name belonging to | 477 # There is no way for the testserver to know the user name belonging to |
| 474 # the GAIA auth token we received (short of actually talking to GAIA). To | 478 # the GAIA auth token we received (short of actually talking to GAIA). To |
| 475 # address this, we read the username from the policy configuration | 479 # address this, we read the username from the policy configuration |
| 476 # dictionary, or use a default. | 480 # dictionary, or use a default. |
| (...skipping 133 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 610 | 614 |
| 611 Returns: | 615 Returns: |
| 612 The newly generated device token for the device. | 616 The newly generated device token for the device. |
| 613 """ | 617 """ |
| 614 dmtoken_chars = [] | 618 dmtoken_chars = [] |
| 615 while len(dmtoken_chars) < 32: | 619 while len(dmtoken_chars) < 32: |
| 616 dmtoken_chars.append(random.choice('0123456789abcdef')) | 620 dmtoken_chars.append(random.choice('0123456789abcdef')) |
| 617 dmtoken = ''.join(dmtoken_chars) | 621 dmtoken = ''.join(dmtoken_chars) |
| 618 allowed_policy_types = { | 622 allowed_policy_types = { |
| 619 dm.DeviceRegisterRequest.USER: ['google/chromeos/user'], | 623 dm.DeviceRegisterRequest.USER: ['google/chromeos/user'], |
| 620 dm.DeviceRegisterRequest.DEVICE: ['google/chromeos/device'], | 624 dm.DeviceRegisterRequest.DEVICE: [ |
| 625 'google/chromeos/device', | |
| 626 'google/chromeos/publicaccount' | |
| 627 ], | |
| 621 dm.DeviceRegisterRequest.TT: ['google/chromeos/user'], | 628 dm.DeviceRegisterRequest.TT: ['google/chromeos/user'], |
| 622 } | 629 } |
| 623 if machine_id in KIOSK_MACHINE_IDS: | 630 if machine_id in KIOSK_MACHINE_IDS: |
| 624 enrollment_mode = dm.DeviceRegisterResponse.RETAIL | 631 enrollment_mode = dm.DeviceRegisterResponse.RETAIL |
| 625 else: | 632 else: |
| 626 enrollment_mode = dm.DeviceRegisterResponse.ENTERPRISE | 633 enrollment_mode = dm.DeviceRegisterResponse.ENTERPRISE |
| 627 self._registered_tokens[dmtoken] = { | 634 self._registered_tokens[dmtoken] = { |
| 628 'device_id': device_id, | 635 'device_id': device_id, |
| 629 'device_token': dmtoken, | 636 'device_token': dmtoken, |
| 630 'allowed_policy_types': allowed_policy_types[type], | 637 'allowed_policy_types': allowed_policy_types[type], |
| (...skipping 26 matching lines...) Expand all Loading... | |
| 657 return self._registered_tokens.get(dmtoken, None) | 664 return self._registered_tokens.get(dmtoken, None) |
| 658 | 665 |
| 659 def UnregisterDevice(self, dmtoken): | 666 def UnregisterDevice(self, dmtoken): |
| 660 """Unregisters a device identified by the given DM token. | 667 """Unregisters a device identified by the given DM token. |
| 661 | 668 |
| 662 Args: | 669 Args: |
| 663 dmtoken: The device management token provided by the client. | 670 dmtoken: The device management token provided by the client. |
| 664 """ | 671 """ |
| 665 if dmtoken in self._registered_tokens.keys(): | 672 if dmtoken in self._registered_tokens.keys(): |
| 666 del self._registered_tokens[dmtoken] | 673 del self._registered_tokens[dmtoken] |
| OLD | NEW |
