| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/policy/browser_policy_connector.h" | 5 #include "chrome/browser/policy/browser_policy_connector.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/bind_helpers.h" | 8 #include "base/bind_helpers.h" |
| 9 #include "base/command_line.h" | 9 #include "base/command_line.h" |
| 10 #include "base/files/file_path.h" | 10 #include "base/files/file_path.h" |
| (...skipping 10 matching lines...) Expand all Loading... |
| 21 #include "chrome/browser/policy/cloud/cloud_policy_service.h" | 21 #include "chrome/browser/policy/cloud/cloud_policy_service.h" |
| 22 #include "chrome/browser/policy/cloud/device_management_service.h" | 22 #include "chrome/browser/policy/cloud/device_management_service.h" |
| 23 #include "chrome/browser/policy/configuration_policy_provider.h" | 23 #include "chrome/browser/policy/configuration_policy_provider.h" |
| 24 #include "chrome/browser/policy/managed_mode_policy_provider.h" | 24 #include "chrome/browser/policy/managed_mode_policy_provider.h" |
| 25 #include "chrome/browser/policy/policy_service_impl.h" | 25 #include "chrome/browser/policy/policy_service_impl.h" |
| 26 #include "chrome/browser/policy/policy_statistics_collector.h" | 26 #include "chrome/browser/policy/policy_statistics_collector.h" |
| 27 #include "chrome/browser/profiles/profile.h" | 27 #include "chrome/browser/profiles/profile.h" |
| 28 #include "chrome/common/chrome_paths.h" | 28 #include "chrome/common/chrome_paths.h" |
| 29 #include "chrome/common/chrome_switches.h" | 29 #include "chrome/common/chrome_switches.h" |
| 30 #include "chrome/common/pref_names.h" | 30 #include "chrome/common/pref_names.h" |
| 31 #include "components/user_prefs/pref_registry_syncable.h" |
| 31 #include "content/public/browser/browser_thread.h" | 32 #include "content/public/browser/browser_thread.h" |
| 32 #include "google_apis/gaia/gaia_auth_util.h" | 33 #include "google_apis/gaia/gaia_auth_util.h" |
| 33 #include "google_apis/gaia/gaia_constants.h" | 34 #include "google_apis/gaia/gaia_constants.h" |
| 34 #include "grit/generated_resources.h" | 35 #include "grit/generated_resources.h" |
| 35 #include "net/url_request/url_request_context_getter.h" | 36 #include "net/url_request/url_request_context_getter.h" |
| 36 #include "policy/policy_constants.h" | 37 #include "policy/policy_constants.h" |
| 37 #include "third_party/icu/public/i18n/unicode/regex.h" | 38 #include "third_party/icu/public/i18n/unicode/regex.h" |
| 38 | 39 |
| 39 #if defined(OS_WIN) | 40 #if defined(OS_WIN) |
| 40 #include "chrome/browser/policy/policy_loader_win.h" | 41 #include "chrome/browser/policy/policy_loader_win.h" |
| (...skipping 188 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 229 // call SetPolicyProviderForTesting() again. It is still owned by the test. | 230 // call SetPolicyProviderForTesting() again. It is still owned by the test. |
| 230 g_testing_provider = NULL; | 231 g_testing_provider = NULL; |
| 231 if (platform_provider_) | 232 if (platform_provider_) |
| 232 platform_provider_->Shutdown(); | 233 platform_provider_->Shutdown(); |
| 233 | 234 |
| 234 #if defined(OS_CHROMEOS) | 235 #if defined(OS_CHROMEOS) |
| 235 // The AppPackUpdater may be observing the |device_cloud_policy_subsystem_|. | 236 // The AppPackUpdater may be observing the |device_cloud_policy_subsystem_|. |
| 236 // Delete it first. | 237 // Delete it first. |
| 237 app_pack_updater_.reset(); | 238 app_pack_updater_.reset(); |
| 238 | 239 |
| 240 network_configuration_updater_.reset(); |
| 241 |
| 239 if (device_cloud_policy_manager_) | 242 if (device_cloud_policy_manager_) |
| 240 device_cloud_policy_manager_->Shutdown(); | 243 device_cloud_policy_manager_->Shutdown(); |
| 241 if (device_local_account_policy_provider_) | 244 if (device_local_account_policy_provider_) |
| 242 device_local_account_policy_provider_->Shutdown(); | 245 device_local_account_policy_provider_->Shutdown(); |
| 243 if (device_local_account_policy_service_) | 246 if (device_local_account_policy_service_) |
| 244 device_local_account_policy_service_->Disconnect(); | 247 device_local_account_policy_service_->Disconnect(); |
| 245 if (user_cloud_policy_manager_) | 248 if (user_cloud_policy_manager_) |
| 246 user_cloud_policy_manager_->Shutdown(); | 249 user_cloud_policy_manager_->Shutdown(); |
| 247 global_user_cloud_policy_provider_.Shutdown(); | 250 global_user_cloud_policy_provider_.Shutdown(); |
| 248 #endif | 251 #endif |
| (...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 297 } | 300 } |
| 298 | 301 |
| 299 #if defined(OS_CHROMEOS) | 302 #if defined(OS_CHROMEOS) |
| 300 void BrowserPolicyConnector::InitializeUserPolicy( | 303 void BrowserPolicyConnector::InitializeUserPolicy( |
| 301 const std::string& user_name, | 304 const std::string& user_name, |
| 302 bool is_public_account, | 305 bool is_public_account, |
| 303 bool wait_for_policy_fetch) { | 306 bool wait_for_policy_fetch) { |
| 304 // If the user is managed then importing certificates from ONC policy is | 307 // If the user is managed then importing certificates from ONC policy is |
| 305 // allowed, otherwise it's not. Update this flag once the user has signed in, | 308 // allowed, otherwise it's not. Update this flag once the user has signed in, |
| 306 // and before user policy is loaded. | 309 // and before user policy is loaded. |
| 307 GetNetworkConfigurationUpdater()->set_allow_web_trust( | 310 GetNetworkConfigurationUpdater()->set_allow_trusted_certificates_from_policy( |
| 308 GetUserAffiliation(user_name) == USER_AFFILIATION_MANAGED); | 311 GetUserAffiliation(user_name) == USER_AFFILIATION_MANAGED); |
| 309 | 312 |
| 310 // Re-initializing user policy is disallowed for two reasons: | 313 // Re-initializing user policy is disallowed for two reasons: |
| 311 // (a) Existing profiles may hold pointers to |user_cloud_policy_manager_|. | 314 // (a) Existing profiles may hold pointers to |user_cloud_policy_manager_|. |
| 312 // (b) Implementing UserCloudPolicyManager::IsInitializationComplete() | 315 // (b) Implementing UserCloudPolicyManager::IsInitializationComplete() |
| 313 // correctly is impossible for re-initialization. | 316 // correctly is impossible for re-initialization. |
| 314 CHECK(!user_cloud_policy_manager_); | 317 CHECK(!user_cloud_policy_manager_); |
| 315 | 318 |
| 316 CommandLine* command_line = CommandLine::ForCurrentProcess(); | 319 CommandLine* command_line = CommandLine::ForCurrentProcess(); |
| 317 | 320 |
| (...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 382 | 385 |
| 383 #if defined(OS_CHROMEOS) | 386 #if defined(OS_CHROMEOS) |
| 384 AppPackUpdater* BrowserPolicyConnector::GetAppPackUpdater() { | 387 AppPackUpdater* BrowserPolicyConnector::GetAppPackUpdater() { |
| 385 // request_context_ is NULL in unit tests. | 388 // request_context_ is NULL in unit tests. |
| 386 if (!app_pack_updater_ && request_context_) { | 389 if (!app_pack_updater_ && request_context_) { |
| 387 app_pack_updater_.reset( | 390 app_pack_updater_.reset( |
| 388 new AppPackUpdater(request_context_, install_attributes_.get())); | 391 new AppPackUpdater(request_context_, install_attributes_.get())); |
| 389 } | 392 } |
| 390 return app_pack_updater_.get(); | 393 return app_pack_updater_.get(); |
| 391 } | 394 } |
| 392 #endif | |
| 393 | 395 |
| 394 #if defined(OS_CHROMEOS) | |
| 395 NetworkConfigurationUpdater* | 396 NetworkConfigurationUpdater* |
| 396 BrowserPolicyConnector::GetNetworkConfigurationUpdater() { | 397 BrowserPolicyConnector::GetNetworkConfigurationUpdater() { |
| 397 if (!network_configuration_updater_) { | 398 if (!network_configuration_updater_) { |
| 398 network_configuration_updater_.reset(new NetworkConfigurationUpdater( | 399 network_configuration_updater_.reset(new NetworkConfigurationUpdater( |
| 399 GetPolicyService(), | 400 GetPolicyService(), |
| 400 chromeos::CrosLibrary::Get()->GetNetworkLibrary())); | 401 chromeos::CrosLibrary::Get()->GetNetworkLibrary())); |
| 401 } | 402 } |
| 402 return network_configuration_updater_.get(); | 403 return network_configuration_updater_.get(); |
| 403 } | 404 } |
| 405 |
| 406 net::CertTrustAnchorProvider* |
| 407 BrowserPolicyConnector::GetCertTrustAnchorProvider() { |
| 408 return GetNetworkConfigurationUpdater()->GetCertTrustAnchorProvider(); |
| 409 } |
| 404 #endif | 410 #endif |
| 405 | 411 |
| 406 void BrowserPolicyConnector::SetDeviceManagementServiceForTesting( | 412 void BrowserPolicyConnector::SetDeviceManagementServiceForTesting( |
| 407 scoped_ptr<DeviceManagementService> service) { | 413 scoped_ptr<DeviceManagementService> service) { |
| 408 device_management_service_ = service.Pass(); | 414 device_management_service_ = service.Pass(); |
| 409 } | 415 } |
| 410 | 416 |
| 411 // static | 417 // static |
| 412 void BrowserPolicyConnector::SetPolicyProviderForTesting( | 418 void BrowserPolicyConnector::SetPolicyProviderForTesting( |
| 413 ConfigurationPolicyProvider* provider) { | 419 ConfigurationPolicyProvider* provider) { |
| (...skipping 57 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 471 UTF8ToUTF16(gaia::ExtractDomainName(gaia::CanonicalizeEmail(username))); | 477 UTF8ToUTF16(gaia::ExtractDomainName(gaia::CanonicalizeEmail(username))); |
| 472 for (size_t i = 0; i < arraysize(kNonManagedDomainPatterns); i++) { | 478 for (size_t i = 0; i < arraysize(kNonManagedDomainPatterns); i++) { |
| 473 string16 pattern = WideToUTF16(kNonManagedDomainPatterns[i]); | 479 string16 pattern = WideToUTF16(kNonManagedDomainPatterns[i]); |
| 474 if (MatchDomain(domain, pattern)) | 480 if (MatchDomain(domain, pattern)) |
| 475 return true; | 481 return true; |
| 476 } | 482 } |
| 477 return false; | 483 return false; |
| 478 } | 484 } |
| 479 | 485 |
| 480 // static | 486 // static |
| 487 bool BrowserPolicyConnector::UsedPolicyCertificates(Profile* profile) { |
| 488 #if defined(OS_CHROMEOS) |
| 489 if (profile->GetPrefs()->GetBoolean(prefs::kUsedPolicyCertificatesOnce)) |
| 490 return true; |
| 491 #endif |
| 492 return false; |
| 493 } |
| 494 |
| 495 // static |
| 481 void BrowserPolicyConnector::RegisterPrefs(PrefRegistrySimple* registry) { | 496 void BrowserPolicyConnector::RegisterPrefs(PrefRegistrySimple* registry) { |
| 482 registry->RegisterIntegerPref(prefs::kUserPolicyRefreshRate, | 497 registry->RegisterIntegerPref(prefs::kUserPolicyRefreshRate, |
| 483 kDefaultPolicyRefreshRateMs); | 498 kDefaultPolicyRefreshRateMs); |
| 484 #if defined(OS_CHROMEOS) | 499 #if defined(OS_CHROMEOS) |
| 485 registry->RegisterIntegerPref(prefs::kDevicePolicyRefreshRate, | 500 registry->RegisterIntegerPref(prefs::kDevicePolicyRefreshRate, |
| 486 kDefaultPolicyRefreshRateMs); | 501 kDefaultPolicyRefreshRateMs); |
| 487 #endif | 502 #endif |
| 488 } | 503 } |
| 489 | 504 |
| 505 // static |
| 506 void BrowserPolicyConnector::RegisterUserPrefs(PrefRegistrySyncable* registry) { |
| 507 #if defined(OS_CHROMEOS) |
| 508 registry->RegisterBooleanPref(prefs::kUsedPolicyCertificatesOnce, |
| 509 false, |
| 510 PrefRegistrySyncable::UNSYNCABLE_PREF); |
| 511 #endif |
| 512 } |
| 513 |
| 490 void BrowserPolicyConnector::SetTimezoneIfPolicyAvailable() { | 514 void BrowserPolicyConnector::SetTimezoneIfPolicyAvailable() { |
| 491 #if defined(OS_CHROMEOS) | 515 #if defined(OS_CHROMEOS) |
| 492 typedef chromeos::CrosSettingsProvider Provider; | 516 typedef chromeos::CrosSettingsProvider Provider; |
| 493 Provider::TrustedStatus result = | 517 Provider::TrustedStatus result = |
| 494 chromeos::CrosSettings::Get()->PrepareTrustedValues( | 518 chromeos::CrosSettings::Get()->PrepareTrustedValues( |
| 495 base::Bind(&BrowserPolicyConnector::SetTimezoneIfPolicyAvailable, | 519 base::Bind(&BrowserPolicyConnector::SetTimezoneIfPolicyAvailable, |
| 496 weak_ptr_factory_.GetWeakPtr())); | 520 weak_ptr_factory_.GetWeakPtr())); |
| 497 | 521 |
| 498 if (result != Provider::TRUSTED) | 522 if (result != Provider::TRUSTED) |
| 499 return; | 523 return; |
| (...skipping 57 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 557 return new AsyncPolicyProvider(loader.Pass()); | 581 return new AsyncPolicyProvider(loader.Pass()); |
| 558 } else { | 582 } else { |
| 559 return NULL; | 583 return NULL; |
| 560 } | 584 } |
| 561 #else | 585 #else |
| 562 return NULL; | 586 return NULL; |
| 563 #endif | 587 #endif |
| 564 } | 588 } |
| 565 | 589 |
| 566 } // namespace policy | 590 } // namespace policy |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 13532005:
Added a PolicyCertVerifier that uses the trust anchors from the ONC policies. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src