diff options
| author | avi <avi@chromium.org> | 2014-10-24 12:07:16 -0700 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2014-10-24 19:07:42 +0000 |
| commit | 5e64220166aa85f47fa9b8dd5db53254bc95487f (patch) | |
| tree | 20d19c1193a393fc6ec6fcdbd4e356f53e1a19b3 | |
| parent | f27055fc23aee7a2221aa6f4307578f8bbbb8a8d (diff) | |
| download | chromium_src-5e64220166aa85f47fa9b8dd5db53254bc95487f.zip chromium_src-5e64220166aa85f47fa9b8dd5db53254bc95487f.tar.gz chromium_src-5e64220166aa85f47fa9b8dd5db53254bc95487f.tar.bz2 | |
Revert of Implemented OwnerSettingsService::Set() method. (patchset #7 id:160001 of https://codereview.chromium.org/654263003/)
Reason for revert:
ASAN bot unhappy
http://build.chromium.org/p/chromium.memory/builders/Linux%20Chromium%20OS%20ASan%20LSan%20Tests%20%281%29/builds/3731
Original issue's description:
> Implemented OwnerSettingsService::Set() method.
>
> BUG=230018
> TEST=unit_tests:OwnerSettingsServiceChromeOSTest.*
>
> Committed: https://crrev.com/5fa0ee22683b92d67e07c060e8c7a3c4cced51ee
> Cr-Commit-Position: refs/heads/master@{#301132}
TBR=mnissler@chromium.org,pastarmovj@chromium.org,ygorshenin@chromium.org
NOTREECHECKS=true
NOTRY=true
BUG=230018
Review URL: https://codereview.chromium.org/640063008
Cr-Commit-Position: refs/heads/master@{#301161}
17 files changed, 499 insertions, 826 deletions
diff --git a/chrome/browser/chromeos/ownership/owner_settings_service_chromeos.cc b/chrome/browser/chromeos/ownership/owner_settings_service_chromeos.cc index 1b3a6f9..aa61394 100644 --- a/chrome/browser/chromeos/ownership/owner_settings_service_chromeos.cc +++ b/chrome/browser/chromeos/ownership/owner_settings_service_chromeos.cc @@ -15,7 +15,6 @@ #include "chrome/browser/chrome_notification_types.h" #include "chrome/browser/chromeos/profiles/profile_helper.h" #include "chrome/browser/chromeos/settings/cros_settings.h" -#include "chrome/browser/chromeos/settings/device_settings_provider.h" #include "chrome/browser/chromeos/settings/session_manager_operation.h" #include "chrome/browser/profiles/profile.h" #include "chromeos/dbus/dbus_thread_manager.h" @@ -44,6 +43,8 @@ namespace chromeos { namespace { +DeviceSettingsService* g_device_settings_service_for_testing = NULL; + bool IsOwnerInTests(const std::string& user_id) { if (user_id.empty() || !CommandLine::ForCurrentProcess()->HasSwitch(::switches::kTestType) || @@ -146,20 +147,23 @@ void DoesPrivateKeyExistAsync( callback); } +DeviceSettingsService* GetDeviceSettingsService() { + if (g_device_settings_service_for_testing) + return g_device_settings_service_for_testing; + return DeviceSettingsService::IsInitialized() ? DeviceSettingsService::Get() + : NULL; +} + } // namespace OwnerSettingsServiceChromeOS::OwnerSettingsServiceChromeOS( - DeviceSettingsService* device_settings_service, Profile* profile, const scoped_refptr<OwnerKeyUtil>& owner_key_util) : ownership::OwnerSettingsService(owner_key_util), - device_settings_service_(device_settings_service), profile_(profile), waiting_for_profile_creation_(true), waiting_for_tpm_token_(true), - has_pending_changes_(false), - weak_factory_(this), - store_settings_factory_(this) { + weak_factory_(this) { if (TPMTokenLoader::IsInitialized()) { TPMTokenLoader::TPMTokenStatus tpm_token_status = TPMTokenLoader::Get()->IsTPMTokenEnabled( @@ -174,22 +178,13 @@ OwnerSettingsServiceChromeOS::OwnerSettingsServiceChromeOS( DBusThreadManager::Get()->GetSessionManagerClient()->AddObserver(this); } - if (device_settings_service_) - device_settings_service_->AddObserver(this); - registrar_.Add(this, chrome::NOTIFICATION_PROFILE_CREATED, content::Source<Profile>(profile_)); - - UpdateFromService(); } OwnerSettingsServiceChromeOS::~OwnerSettingsServiceChromeOS() { DCHECK(thread_checker_.CalledOnValidThread()); - - if (device_settings_service_) - device_settings_service_->RemoveObserver(this); - if (DBusThreadManager::IsInitialized() && DBusThreadManager::Get()->GetSessionManagerClient()) { DBusThreadManager::Get()->GetSessionManagerClient()->RemoveObserver(this); @@ -206,43 +201,19 @@ void OwnerSettingsServiceChromeOS::OnTPMTokenReady( ReloadKeypair(); } -bool OwnerSettingsServiceChromeOS::HandlesSetting(const std::string& setting) { - return DeviceSettingsProvider::IsDeviceSetting(setting); -} - -bool OwnerSettingsServiceChromeOS::Set(const std::string& setting, - const base::Value& value) { - if (!IsOwner() && !IsOwnerInTests(user_id_)) - return false; - - UpdateDeviceSettings(setting, value, device_settings_); - em::PolicyData policy_data; - policy_data.set_username(user_id_); - CHECK(device_settings_.SerializeToString(policy_data.mutable_policy_value())); - FOR_EACH_OBSERVER(OwnerSettingsService::Observer, - observers_, - OnTentativeChangesInPolicy(policy_data)); - has_pending_changes_ = true; - StoreDeviceSettings(); - return true; -} - -bool OwnerSettingsServiceChromeOS::CommitTentativeDeviceSettings( - scoped_ptr<enterprise_management::PolicyData> policy) { - if (!IsOwner() && !IsOwnerInTests(user_id_)) - return false; - if (policy->username() != user_id_) { - LOG(ERROR) << "Username mismatch: " << policy->username() << " vs. " - << user_id_; - return false; - } - CHECK(device_settings_.ParseFromString(policy->policy_value())); - FOR_EACH_OBSERVER(OwnerSettingsService::Observer, - observers_, - OnTentativeChangesInPolicy(*policy)); - has_pending_changes_ = true; - StoreDeviceSettings(); - return true; +void OwnerSettingsServiceChromeOS::SignAndStorePolicyAsync( + scoped_ptr<em::PolicyData> policy, + const base::Closure& callback) { + DCHECK(thread_checker_.CalledOnValidThread()); + SignAndStoreSettingsOperation* operation = new SignAndStoreSettingsOperation( + base::Bind(&OwnerSettingsServiceChromeOS::HandleCompletedOperation, + weak_factory_.GetWeakPtr(), + callback), + policy.Pass()); + operation->set_owner_settings_service(weak_factory_.GetWeakPtr()); + pending_operations_.push_back(operation); + if (pending_operations_.front() == operation) + StartNextOperation(); } void OwnerSettingsServiceChromeOS::Observe( @@ -271,16 +242,6 @@ void OwnerSettingsServiceChromeOS::OwnerKeySet(bool success) { ReloadKeypair(); } -void OwnerSettingsServiceChromeOS::OwnershipStatusChanged() { - DCHECK(thread_checker_.CalledOnValidThread()); - StoreDeviceSettings(); -} - -void OwnerSettingsServiceChromeOS::DeviceSettingsUpdated() { - DCHECK(thread_checker_.CalledOnValidThread()); - StoreDeviceSettings(); -} - // static void OwnerSettingsServiceChromeOS::IsOwnerForSafeModeAsync( const std::string& user_hash, @@ -300,251 +261,10 @@ void OwnerSettingsServiceChromeOS::IsOwnerForSafeModeAsync( } // static -scoped_ptr<em::PolicyData> OwnerSettingsServiceChromeOS::AssemblePolicy( - const std::string& user_id, - const em::PolicyData* policy_data, - const em::ChromeDeviceSettingsProto* settings) { - scoped_ptr<em::PolicyData> policy(new em::PolicyData()); - if (policy_data) { - // Preserve management settings. - if (policy_data->has_management_mode()) - policy->set_management_mode(policy_data->management_mode()); - if (policy_data->has_request_token()) - policy->set_request_token(policy_data->request_token()); - if (policy_data->has_device_id()) - policy->set_device_id(policy_data->device_id()); - } else { - // If there's no previous policy data, this is the first time the device - // setting is set. We set the management mode to NOT_MANAGED initially. - policy->set_management_mode(em::PolicyData::NOT_MANAGED); - } - policy->set_policy_type(policy::dm_protocol::kChromeDevicePolicyType); - policy->set_timestamp( - (base::Time::Now() - base::Time::UnixEpoch()).InMilliseconds()); - policy->set_username(user_id); - if (!settings->SerializeToString(policy->mutable_policy_value())) - return scoped_ptr<em::PolicyData>(); - - return policy.Pass(); -} - -// static -void OwnerSettingsServiceChromeOS::UpdateDeviceSettings( - const std::string& path, - const base::Value& value, - enterprise_management::ChromeDeviceSettingsProto& settings) { - if (path == kAccountsPrefAllowNewUser) { - em::AllowNewUsersProto* allow = settings.mutable_allow_new_users(); - bool allow_value; - if (value.GetAsBoolean(&allow_value)) { - allow->set_allow_new_users(allow_value); - } else { - NOTREACHED(); - } - } else if (path == kAccountsPrefAllowGuest) { - em::GuestModeEnabledProto* guest = settings.mutable_guest_mode_enabled(); - bool guest_value; - if (value.GetAsBoolean(&guest_value)) - guest->set_guest_mode_enabled(guest_value); - else - NOTREACHED(); - } else if (path == kAccountsPrefSupervisedUsersEnabled) { - em::SupervisedUsersSettingsProto* supervised = - settings.mutable_supervised_users_settings(); - bool supervised_value; - if (value.GetAsBoolean(&supervised_value)) - supervised->set_supervised_users_enabled(supervised_value); - else - NOTREACHED(); - } else if (path == kAccountsPrefShowUserNamesOnSignIn) { - em::ShowUserNamesOnSigninProto* show = settings.mutable_show_user_names(); - bool show_value; - if (value.GetAsBoolean(&show_value)) - show->set_show_user_names(show_value); - else - NOTREACHED(); - } else if (path == kAccountsPrefDeviceLocalAccounts) { - em::DeviceLocalAccountsProto* device_local_accounts = - settings.mutable_device_local_accounts(); - device_local_accounts->clear_account(); - const base::ListValue* accounts_list = NULL; - if (value.GetAsList(&accounts_list)) { - for (base::ListValue::const_iterator entry(accounts_list->begin()); - entry != accounts_list->end(); - ++entry) { - const base::DictionaryValue* entry_dict = NULL; - if ((*entry)->GetAsDictionary(&entry_dict)) { - em::DeviceLocalAccountInfoProto* account = - device_local_accounts->add_account(); - std::string account_id; - if (entry_dict->GetStringWithoutPathExpansion( - kAccountsPrefDeviceLocalAccountsKeyId, &account_id)) { - account->set_account_id(account_id); - } - int type; - if (entry_dict->GetIntegerWithoutPathExpansion( - kAccountsPrefDeviceLocalAccountsKeyType, &type)) { - account->set_type( - static_cast<em::DeviceLocalAccountInfoProto::AccountType>( - type)); - } - std::string kiosk_app_id; - if (entry_dict->GetStringWithoutPathExpansion( - kAccountsPrefDeviceLocalAccountsKeyKioskAppId, - &kiosk_app_id)) { - account->mutable_kiosk_app()->set_app_id(kiosk_app_id); - } - } else { - NOTREACHED(); - } - } - } else { - NOTREACHED(); - } - } else if (path == kAccountsPrefDeviceLocalAccountAutoLoginId) { - em::DeviceLocalAccountsProto* device_local_accounts = - settings.mutable_device_local_accounts(); - std::string id; - if (value.GetAsString(&id)) - device_local_accounts->set_auto_login_id(id); - else - NOTREACHED(); - } else if (path == kAccountsPrefDeviceLocalAccountAutoLoginDelay) { - em::DeviceLocalAccountsProto* device_local_accounts = - settings.mutable_device_local_accounts(); - int delay; - if (value.GetAsInteger(&delay)) - device_local_accounts->set_auto_login_delay(delay); - else - NOTREACHED(); - } else if (path == kAccountsPrefDeviceLocalAccountAutoLoginBailoutEnabled) { - em::DeviceLocalAccountsProto* device_local_accounts = - settings.mutable_device_local_accounts(); - bool enabled; - if (value.GetAsBoolean(&enabled)) - device_local_accounts->set_enable_auto_login_bailout(enabled); - else - NOTREACHED(); - } else if (path == - kAccountsPrefDeviceLocalAccountPromptForNetworkWhenOffline) { - em::DeviceLocalAccountsProto* device_local_accounts = - settings.mutable_device_local_accounts(); - bool should_prompt; - if (value.GetAsBoolean(&should_prompt)) - device_local_accounts->set_prompt_for_network_when_offline(should_prompt); - else - NOTREACHED(); - } else if (path == kSignedDataRoamingEnabled) { - em::DataRoamingEnabledProto* roam = settings.mutable_data_roaming_enabled(); - bool roaming_value = false; - if (value.GetAsBoolean(&roaming_value)) - roam->set_data_roaming_enabled(roaming_value); - else - NOTREACHED(); - } else if (path == kReleaseChannel) { - em::ReleaseChannelProto* release_channel = - settings.mutable_release_channel(); - std::string channel_value; - if (value.GetAsString(&channel_value)) - release_channel->set_release_channel(channel_value); - else - NOTREACHED(); - } else if (path == kStatsReportingPref) { - em::MetricsEnabledProto* metrics = settings.mutable_metrics_enabled(); - bool metrics_value = false; - if (value.GetAsBoolean(&metrics_value)) - metrics->set_metrics_enabled(metrics_value); - else - NOTREACHED(); - } else if (path == kAccountsPrefUsers) { - em::UserWhitelistProto* whitelist_proto = settings.mutable_user_whitelist(); - whitelist_proto->clear_user_whitelist(); - const base::ListValue* users; - if (value.GetAsList(&users)) { - for (base::ListValue::const_iterator i = users->begin(); - i != users->end(); - ++i) { - std::string email; - if ((*i)->GetAsString(&email)) - whitelist_proto->add_user_whitelist(email); - } - } - } else if (path == kAccountsPrefEphemeralUsersEnabled) { - em::EphemeralUsersEnabledProto* ephemeral_users_enabled = - settings.mutable_ephemeral_users_enabled(); - bool ephemeral_users_enabled_value = false; - if (value.GetAsBoolean(&ephemeral_users_enabled_value)) { - ephemeral_users_enabled->set_ephemeral_users_enabled( - ephemeral_users_enabled_value); - } else { - NOTREACHED(); - } - } else if (path == kAllowRedeemChromeOsRegistrationOffers) { - em::AllowRedeemChromeOsRegistrationOffersProto* allow_redeem_offers = - settings.mutable_allow_redeem_offers(); - bool allow_redeem_offers_value; - if (value.GetAsBoolean(&allow_redeem_offers_value)) { - allow_redeem_offers->set_allow_redeem_offers(allow_redeem_offers_value); - } else { - NOTREACHED(); - } - } else if (path == kStartUpFlags) { - em::StartUpFlagsProto* flags_proto = settings.mutable_start_up_flags(); - flags_proto->Clear(); - const base::ListValue* flags; - if (value.GetAsList(&flags)) { - for (base::ListValue::const_iterator i = flags->begin(); - i != flags->end(); - ++i) { - std::string flag; - if ((*i)->GetAsString(&flag)) - flags_proto->add_flags(flag); - } - } - } else if (path == kSystemUse24HourClock) { - em::SystemUse24HourClockProto* use_24hour_clock_proto = - settings.mutable_use_24hour_clock(); - use_24hour_clock_proto->Clear(); - bool use_24hour_clock_value; - if (value.GetAsBoolean(&use_24hour_clock_value)) { - use_24hour_clock_proto->set_use_24hour_clock(use_24hour_clock_value); - } else { - NOTREACHED(); - } - } else if (path == kAttestationForContentProtectionEnabled) { - em::AttestationSettingsProto* attestation_settings = - settings.mutable_attestation_settings(); - bool setting_enabled; - if (value.GetAsBoolean(&setting_enabled)) { - attestation_settings->set_content_protection_enabled(setting_enabled); - } else { - NOTREACHED(); - } - } else { - // The remaining settings don't support Set(), since they are not - // intended to be customizable by the user: - // kAccountsPrefTransferSAMLCookies - // kAppPack - // kDeviceAttestationEnabled - // kDeviceOwner - // kIdleLogoutTimeout - // kIdleLogoutWarningDuration - // kReleaseChannelDelegated - // kReportDeviceActivityTimes - // kReportDeviceBootMode - // kReportDeviceLocation - // kReportDeviceVersionInfo - // kReportDeviceNetworkInterfaces - // kReportDeviceUsers - // kScreenSaverExtensionId - // kScreenSaverTimeout - // kServiceAccountIdentity - // kStartUpUrls - // kSystemTimezonePolicy - // kVariationsRestrictParameter - - LOG(FATAL) << "Device setting " << path << " is read-only."; - } +void OwnerSettingsServiceChromeOS::SetDeviceSettingsServiceForTesting( + DeviceSettingsService* device_settings_service) { + DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); + g_device_settings_service_for_testing = device_settings_service; } void OwnerSettingsServiceChromeOS::OnPostKeypairLoadedActions() { @@ -552,8 +272,8 @@ void OwnerSettingsServiceChromeOS::OnPostKeypairLoadedActions() { user_id_ = profile_->GetProfileName(); const bool is_owner = IsOwner() || IsOwnerInTests(user_id_); - if (is_owner && device_settings_service_) - device_settings_service_->InitOwner(user_id_, weak_factory_.GetWeakPtr()); + if (is_owner && GetDeviceSettingsService()) + GetDeviceSettingsService()->InitOwner(user_id_, weak_factory_.GetWeakPtr()); } void OwnerSettingsServiceChromeOS::ReloadKeypairImpl(const base::Callback< @@ -574,58 +294,44 @@ void OwnerSettingsServiceChromeOS::ReloadKeypairImpl(const base::Callback< callback)); } -void OwnerSettingsServiceChromeOS::StoreDeviceSettings() { - if (!has_pending_changes_ || store_settings_factory_.HasWeakPtrs()) - return; - if (!UpdateFromService()) - return; - scoped_ptr<em::PolicyData> policy = AssemblePolicy( - user_id_, device_settings_service_->policy_data(), &device_settings_); - has_pending_changes_ = false; - bool rv = AssembleAndSignPolicyAsync( - content::BrowserThread::GetBlockingPool(), - policy.Pass(), - base::Bind(&OwnerSettingsServiceChromeOS::OnPolicyAssembledAndSigned, - store_settings_factory_.GetWeakPtr())); - if (!rv) - OnSignedPolicyStored(false /* success */); -} - -void OwnerSettingsServiceChromeOS::OnPolicyAssembledAndSigned( - scoped_ptr<em::PolicyFetchResponse> policy_response) { - if (!policy_response.get()) { - OnSignedPolicyStored(false /* success */); - return; +void OwnerSettingsServiceChromeOS::StartNextOperation() { + DeviceSettingsService* service = GetDeviceSettingsService(); + if (!pending_operations_.empty() && service && + service->session_manager_client()) { + pending_operations_.front()->Start( + service->session_manager_client(), owner_key_util_, public_key_); } - device_settings_service_->Store( - policy_response.Pass(), - base::Bind(&OwnerSettingsServiceChromeOS::OnSignedPolicyStored, - store_settings_factory_.GetWeakPtr(), - true /* success */)); } -void OwnerSettingsServiceChromeOS::OnSignedPolicyStored(bool success) { - store_settings_factory_.InvalidateWeakPtrs(); - FOR_EACH_OBSERVER(OwnerSettingsService::Observer, - observers_, - OnSignedPolicyStored(success)); - StoreDeviceSettings(); - if (!success) - has_pending_changes_ = true; -} +void OwnerSettingsServiceChromeOS::HandleCompletedOperation( + const base::Closure& callback, + SessionManagerOperation* operation, + DeviceSettingsService::Status status) { + DCHECK_EQ(operation, pending_operations_.front()); -bool OwnerSettingsServiceChromeOS::UpdateFromService() { - if (!device_settings_service_ || - device_settings_service_->status() != - DeviceSettingsService::STORE_SUCCESS || - !device_settings_service_->device_settings()) { - return false; + DeviceSettingsService* service = GetDeviceSettingsService(); + if (status == DeviceSettingsService::STORE_SUCCESS) { + service->set_policy_data(operation->policy_data().Pass()); + service->set_device_settings(operation->device_settings().Pass()); } - enterprise_management::ChromeDeviceSettingsProto settings = - *device_settings_service_->device_settings(); - settings.MergeFrom(device_settings_); - device_settings_.Swap(&settings); - return true; + + if ((operation->public_key().get() && !public_key_.get()) || + (operation->public_key().get() && public_key_.get() && + operation->public_key()->data() != public_key_->data())) { + // Public part changed so we need to reload private part too. + ReloadKeypair(); + content::NotificationService::current()->Notify( + chrome::NOTIFICATION_OWNERSHIP_STATUS_CHANGED, + content::Source<OwnerSettingsServiceChromeOS>(this), + content::NotificationService::NoDetails()); + } + service->OnSignAndStoreOperationCompleted(status); + if (!callback.is_null()) + callback.Run(); + + pending_operations_.pop_front(); + delete operation; + StartNextOperation(); } } // namespace chromeos diff --git a/chrome/browser/chromeos/ownership/owner_settings_service_chromeos.h b/chrome/browser/chromeos/ownership/owner_settings_service_chromeos.h index 3d0116a..8f47b4d 100644 --- a/chrome/browser/chromeos/ownership/owner_settings_service_chromeos.h +++ b/chrome/browser/chromeos/ownership/owner_settings_service_chromeos.h @@ -5,12 +5,12 @@ #ifndef CHROME_BROWSER_CHROMEOS_OWNERSHIP_OWNER_SETTINGS_SERVICE_CHROMEOS_H_ #define CHROME_BROWSER_CHROMEOS_OWNERSHIP_OWNER_SETTINGS_SERVICE_CHROMEOS_H_ -#include <string> +#include <deque> #include <vector> #include "base/callback_forward.h" +#include "base/compiler_specific.h" #include "base/macros.h" -#include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h" #include "chrome/browser/chromeos/settings/device_settings_service.h" #include "chromeos/dbus/session_manager_client.h" #include "components/keyed_service/core/keyed_service.h" @@ -27,6 +27,8 @@ class OwnerKeyUtil; namespace chromeos { +class SessionManagerOperation; + // The class is a profile-keyed service which holds public/private // keypair corresponds to a profile. The keypair is reloaded automatically when // profile is created and TPM token is ready. Note that the private part of a @@ -36,19 +38,16 @@ namespace chromeos { // (crbug.com/230018). class OwnerSettingsServiceChromeOS : public ownership::OwnerSettingsService, public content::NotificationObserver, - public SessionManagerClient::Observer, - public DeviceSettingsService::Observer { + public SessionManagerClient::Observer { public: virtual ~OwnerSettingsServiceChromeOS(); void OnTPMTokenReady(bool tpm_token_enabled); // ownership::OwnerSettingsService implementation: - virtual bool HandlesSetting(const std::string& setting) override; - virtual bool Set(const std::string& setting, - const base::Value& value) override; - virtual bool CommitTentativeDeviceSettings( - scoped_ptr<enterprise_management::PolicyData> policy) override; + virtual void SignAndStorePolicyAsync( + scoped_ptr<enterprise_management::PolicyData> policy, + const base::Closure& callback) override; // NotificationObserver implementation: virtual void Observe(int type, @@ -58,10 +57,6 @@ class OwnerSettingsServiceChromeOS : public ownership::OwnerSettingsService, // SessionManagerClient::Observer: virtual void OwnerKeySet(bool success) override; - // DeviceSettingsService::Observer: - virtual void OwnershipStatusChanged() override; - virtual void DeviceSettingsUpdated() override; - // Checks if the user is the device owner, without the user profile having to // been initialized. Should be used only if login state is in safe mode. static void IsOwnerForSafeModeAsync( @@ -69,26 +64,13 @@ class OwnerSettingsServiceChromeOS : public ownership::OwnerSettingsService, const scoped_refptr<ownership::OwnerKeyUtil>& owner_key_util, const IsOwnerCallback& callback); - // Assembles PolicyData based on |settings|, |policy_data| and - // |user_id|. - static scoped_ptr<enterprise_management::PolicyData> AssemblePolicy( - const std::string& user_id, - const enterprise_management::PolicyData* policy_data, - const enterprise_management::ChromeDeviceSettingsProto* settings); - - // Updates device |settings|. - static void UpdateDeviceSettings( - const std::string& path, - const base::Value& value, - enterprise_management::ChromeDeviceSettingsProto& settings); - - bool has_pending_changes() const { return has_pending_changes_; } + static void SetDeviceSettingsServiceForTesting( + DeviceSettingsService* device_settings_service); private: friend class OwnerSettingsServiceChromeOSFactory; OwnerSettingsServiceChromeOS( - DeviceSettingsService* device_settings_service, Profile* profile, const scoped_refptr<ownership::OwnerKeyUtil>& owner_key_util); @@ -103,26 +85,13 @@ class OwnerSettingsServiceChromeOS : public ownership::OwnerSettingsService, // Possibly notifies DeviceSettingsService that owner's keypair is loaded. virtual void OnPostKeypairLoadedActions() override; - // Tries to sign store current device settings if there're pending - // changes in device settings and no active previous call to - // DeviceSettingsService::Store(). - void StoreDeviceSettings(); - - // Called when current device settings are successfully signed. - // Sends signed settings for storage. - void OnPolicyAssembledAndSigned( - scoped_ptr<enterprise_management::PolicyFetchResponse> policy_response); + // Performs next operation in the queue. + void StartNextOperation(); - // Called by DeviceSettingsService when modified and signed device - // settings are stored. Notifies observers and tries to store device - // settings again. - void OnSignedPolicyStored(bool success); - - // Fetches device settings from DeviceSettingsService and merges - // them with local device settings. - bool UpdateFromService(); - - DeviceSettingsService* device_settings_service_; + // Called when sign-and-store operation completes it's work. + void HandleCompletedOperation(const base::Closure& callback, + SessionManagerOperation* operation, + DeviceSettingsService::Status status); // Profile this service instance belongs to. Profile* profile_; @@ -136,22 +105,14 @@ class OwnerSettingsServiceChromeOS : public ownership::OwnerSettingsService, // Whether TPM token still needs to be initialized. bool waiting_for_tpm_token_; - // The device settings. This may be different from the actual - // current device settings (which can be obtained from - // DeviceSettingsService) in case the device does not have an owner - // yet or there are pending changes that have not yet been written - // to session_manager. - enterprise_management::ChromeDeviceSettingsProto device_settings_; - - // True if some settings were changed but not stored. - bool has_pending_changes_; + // The queue of pending sign-and-store operations. The first operation on the + // queue is currently active; it gets removed and destroyed once it completes. + std::deque<SessionManagerOperation*> pending_operations_; content::NotificationRegistrar registrar_; base::WeakPtrFactory<OwnerSettingsServiceChromeOS> weak_factory_; - base::WeakPtrFactory<OwnerSettingsServiceChromeOS> store_settings_factory_; - DISALLOW_COPY_AND_ASSIGN(OwnerSettingsServiceChromeOS); }; diff --git a/chrome/browser/chromeos/ownership/owner_settings_service_chromeos_factory.cc b/chrome/browser/chromeos/ownership/owner_settings_service_chromeos_factory.cc index afe0480..b971f34 100644 --- a/chrome/browser/chromeos/ownership/owner_settings_service_chromeos_factory.cc +++ b/chrome/browser/chromeos/ownership/owner_settings_service_chromeos_factory.cc @@ -7,7 +7,6 @@ #include "base/path_service.h" #include "chrome/browser/chromeos/ownership/owner_settings_service_chromeos.h" #include "chrome/browser/chromeos/profiles/profile_helper.h" -#include "chrome/browser/chromeos/settings/device_settings_service.h" #include "chrome/browser/profiles/profile.h" #include "chromeos/chromeos_paths.h" #include "components/keyed_service/content/browser_context_dependency_manager.h" @@ -16,19 +15,6 @@ namespace chromeos { -namespace { - -DeviceSettingsService* g_device_settings_service_for_testing_ = nullptr; - -DeviceSettingsService* GetDeviceSettingsService() { - if (g_device_settings_service_for_testing_) - return g_device_settings_service_for_testing_; - return DeviceSettingsService::IsInitialized() ? DeviceSettingsService::Get() - : nullptr; -} - -} // namespace - OwnerSettingsServiceChromeOSFactory::OwnerSettingsServiceChromeOSFactory() : BrowserContextKeyedServiceFactory( "OwnerSettingsService", @@ -51,12 +37,6 @@ OwnerSettingsServiceChromeOSFactory::GetInstance() { return Singleton<OwnerSettingsServiceChromeOSFactory>::get(); } -// static -void OwnerSettingsServiceChromeOSFactory::SetDeviceSettingsServiceForTesting( - DeviceSettingsService* device_settings_service) { - g_device_settings_service_for_testing_ = device_settings_service; -} - scoped_refptr<ownership::OwnerKeyUtil> OwnerSettingsServiceChromeOSFactory::GetOwnerKeyUtil() { if (owner_key_util_.get()) @@ -79,10 +59,8 @@ KeyedService* OwnerSettingsServiceChromeOSFactory::BuildInstanceFor( Profile* profile = static_cast<Profile*>(browser_context); if (profile->IsGuestSession() || ProfileHelper::IsSigninProfile(profile)) return NULL; - return new OwnerSettingsServiceChromeOS( - GetDeviceSettingsService(), - profile, - GetInstance()->GetOwnerKeyUtil()); + return new OwnerSettingsServiceChromeOS(profile, + GetInstance()->GetOwnerKeyUtil()); } bool OwnerSettingsServiceChromeOSFactory::ServiceIsCreatedWithBrowserContext() diff --git a/chrome/browser/chromeos/ownership/owner_settings_service_chromeos_factory.h b/chrome/browser/chromeos/ownership/owner_settings_service_chromeos_factory.h index 1774fa7..6352b0a 100644 --- a/chrome/browser/chromeos/ownership/owner_settings_service_chromeos_factory.h +++ b/chrome/browser/chromeos/ownership/owner_settings_service_chromeos_factory.h @@ -20,7 +20,6 @@ class OwnerKeyUtil; namespace chromeos { -class DeviceSettingsService; class OwnerSettingsServiceChromeOS; class OwnerSettingsServiceChromeOSFactory @@ -30,9 +29,6 @@ class OwnerSettingsServiceChromeOSFactory static OwnerSettingsServiceChromeOSFactory* GetInstance(); - static void SetDeviceSettingsServiceForTesting( - DeviceSettingsService* device_settings_service); - scoped_refptr<ownership::OwnerKeyUtil> GetOwnerKeyUtil(); void SetOwnerKeyUtilForTesting( diff --git a/chrome/browser/chromeos/ownership/owner_settings_service_chromeos_unittest.cc b/chrome/browser/chromeos/ownership/owner_settings_service_chromeos_unittest.cc deleted file mode 100644 index a28b144..0000000 --- a/chrome/browser/chromeos/ownership/owner_settings_service_chromeos_unittest.cc +++ /dev/null @@ -1,144 +0,0 @@ -// Copyright 2014 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include <queue> -#include <utility> - -#include "base/macros.h" -#include "base/memory/linked_ptr.h" -#include "base/memory/scoped_ptr.h" -#include "base/run_loop.h" -#include "base/test/scoped_path_override.h" -#include "base/values.h" -#include "chrome/browser/chromeos/ownership/owner_settings_service_chromeos.h" -#include "chrome/browser/chromeos/ownership/owner_settings_service_chromeos_factory.h" -#include "chrome/browser/chromeos/settings/device_settings_provider.h" -#include "chrome/browser/chromeos/settings/device_settings_test_helper.h" -#include "chrome/common/chrome_paths.h" -#include "chrome/test/base/scoped_testing_local_state.h" -#include "chrome/test/base/testing_browser_process.h" -#include "chrome/test/base/testing_profile.h" -#include "chromeos/settings/cros_settings_names.h" -#include "testing/gtest/include/gtest/gtest.h" - -namespace chromeos { - -namespace { - -void OnPrefChanged(const std::string& /* setting */) { -} - -class PrefsChecker : public ownership::OwnerSettingsService::Observer { - public: - PrefsChecker(OwnerSettingsServiceChromeOS* service, - DeviceSettingsProvider* provider) - : service_(service), provider_(provider) { - CHECK(service_); - CHECK(provider_); - service_->AddObserver(this); - } - - virtual ~PrefsChecker() { service_->RemoveObserver(this); } - - // OwnerSettingsService::Observer implementation: - virtual void OnSignedPolicyStored(bool success) override { - CHECK(success); - - if (service_->has_pending_changes()) - return; - - while (!set_requests_.empty()) { - SetRequest request = set_requests_.front(); - set_requests_.pop(); - const base::Value* value = provider_->Get(request.first); - ASSERT_TRUE(request.second->Equals(value)); - } - loop_.Quit(); - } - - void Set(const std::string& setting, const base::Value& value) { - service_->Set(setting, value); - set_requests_.push( - SetRequest(setting, linked_ptr<base::Value>(value.DeepCopy()))); - } - - void Wait() { loop_.Run(); } - - private: - OwnerSettingsServiceChromeOS* service_; - DeviceSettingsProvider* provider_; - base::RunLoop loop_; - - typedef std::pair<std::string, linked_ptr<base::Value>> SetRequest; - std::queue<SetRequest> set_requests_; - - DISALLOW_COPY_AND_ASSIGN(PrefsChecker); -}; - -} // namespace - -class OwnerSettingsServiceChromeOSTest : public DeviceSettingsTestBase { - public: - OwnerSettingsServiceChromeOSTest() - : local_state_(TestingBrowserProcess::GetGlobal()), - user_data_dir_override_(chrome::DIR_USER_DATA) {} - - virtual void SetUp() override { - DeviceSettingsTestBase::SetUp(); - provider_.reset(new DeviceSettingsProvider(base::Bind(&OnPrefChanged), - &device_settings_service_)); - owner_key_util_->SetPrivateKey(device_policy_.GetSigningKey()); - InitOwner(device_policy_.policy_data().username(), true); - FlushDeviceSettings(); - } - - virtual void TearDown() override { DeviceSettingsTestBase::TearDown(); } - - void TestSingleSet(OwnerSettingsServiceChromeOS* service, - const std::string& setting, - const base::Value& in_value) { - PrefsChecker checker(service, provider_.get()); - checker.Set(setting, in_value); - FlushDeviceSettings(); - checker.Wait(); - } - - ScopedTestingLocalState local_state_; - scoped_ptr<DeviceSettingsProvider> provider_; - base::ScopedPathOverride user_data_dir_override_; - - private: - DISALLOW_COPY_AND_ASSIGN(OwnerSettingsServiceChromeOSTest); -}; - -TEST_F(OwnerSettingsServiceChromeOSTest, SingleSetTest) { - OwnerSettingsServiceChromeOS* service = - OwnerSettingsServiceChromeOSFactory::GetForProfile(profile_.get()); - ASSERT_TRUE(service); - ASSERT_TRUE(service->IsOwner()); - TestSingleSet(service, kReleaseChannel, base::StringValue("dev-channel")); - TestSingleSet(service, kReleaseChannel, base::StringValue("beta-channel")); - TestSingleSet(service, kReleaseChannel, base::StringValue("stable-channel")); -} - -TEST_F(OwnerSettingsServiceChromeOSTest, MultipleSetTest) { - OwnerSettingsServiceChromeOS* service = - OwnerSettingsServiceChromeOSFactory::GetForProfile(profile_.get()); - ASSERT_TRUE(service); - ASSERT_TRUE(service->IsOwner()); - base::FundamentalValue allow_guest(false); - base::StringValue release_channel("stable-channel"); - base::FundamentalValue show_user_names(true); - - PrefsChecker checker(service, provider_.get()); - - checker.Set(kAccountsPrefAllowGuest, allow_guest); - checker.Set(kReleaseChannel, release_channel); - checker.Set(kAccountsPrefShowUserNamesOnSignIn, show_user_names); - - FlushDeviceSettings(); - checker.Wait(); -} - -} // namespace chromeos diff --git a/chrome/browser/chromeos/policy/device_cloud_policy_invalidator_unittest.cc b/chrome/browser/chromeos/policy/device_cloud_policy_invalidator_unittest.cc index 4c123dd..2fb4124 100644 --- a/chrome/browser/chromeos/policy/device_cloud_policy_invalidator_unittest.cc +++ b/chrome/browser/chromeos/policy/device_cloud_policy_invalidator_unittest.cc @@ -100,6 +100,7 @@ class DeviceCloudPolicyInvalidatorTest : public testing::Test { private: content::TestBrowserThreadBundle thread_bundle_; scoped_refptr<net::URLRequestContextGetter> system_request_context_; + TestingProfileManager profile_manager_; chromeos::FakeUserManager* fake_user_manager_; chromeos::ScopedUserManagerEnabler user_manager_enabler_; ScopedStubEnterpriseInstallAttributes install_attributes_; @@ -107,7 +108,6 @@ class DeviceCloudPolicyInvalidatorTest : public testing::Test { test_device_settings_service_; scoped_ptr<chromeos::ScopedTestCrosSettings> test_cros_settings_; chromeos::DeviceSettingsTestHelper device_settings_test_helper_; - TestingProfileManager profile_manager_; scoped_ptr<DeviceCloudPolicyInvalidator> invalidator_; }; @@ -116,13 +116,13 @@ DeviceCloudPolicyInvalidatorTest::DeviceCloudPolicyInvalidatorTest() : thread_bundle_(content::TestBrowserThreadBundle::IO_MAINLOOP), system_request_context_(new net::TestURLRequestContextGetter( base::MessageLoopProxy::current())), + profile_manager_(TestingBrowserProcess::GetGlobal()), fake_user_manager_(new chromeos::FakeUserManager), user_manager_enabler_(fake_user_manager_), install_attributes_("example.com", "user@example.com", "device_id", - DEVICE_MODE_ENTERPRISE), - profile_manager_(TestingBrowserProcess::GetGlobal()) { + DEVICE_MODE_ENTERPRISE) { } DeviceCloudPolicyInvalidatorTest::~DeviceCloudPolicyInvalidatorTest() { diff --git a/chrome/browser/chromeos/settings/device_settings_provider.cc b/chrome/browser/chromeos/settings/device_settings_provider.cc index 41d55d4..1da9fbc 100644 --- a/chrome/browser/chromeos/settings/device_settings_provider.cc +++ b/chrome/browser/chromeos/settings/device_settings_provider.cc @@ -13,7 +13,6 @@ #include "base/threading/thread_restrictions.h" #include "base/values.h" #include "chrome/browser/browser_process.h" -#include "chrome/browser/chromeos/ownership/owner_settings_service_chromeos.h" #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h" #include "chrome/browser/chromeos/policy/device_local_account.h" #include "chrome/browser/chromeos/policy/enterprise_install_attributes.h" @@ -450,8 +449,6 @@ DeviceSettingsProvider::DeviceSettingsProvider( } DeviceSettingsProvider::~DeviceSettingsProvider() { - if (device_settings_service_->GetOwnerSettingsService()) - device_settings_service_->GetOwnerSettingsService()->RemoveObserver(this); device_settings_service_->RemoveObserver(this); } @@ -474,51 +471,19 @@ void DeviceSettingsProvider::DoSet(const std::string& path, return; } - if (!IsDeviceSetting(path)) { - NOTREACHED() << "Try to set unhandled cros setting " << path; - return; - } - - if (device_settings_service_->HasPrivateOwnerKey()) { - // Directly set setting through OwnerSettingsService. - ownership::OwnerSettingsService* service = - device_settings_service_->GetOwnerSettingsService(); - if (!service->Set(path, in_value)) { - NotifyObservers(path); - return; - } + if (IsDeviceSetting(path)) { + pending_changes_.push_back(PendingQueueElement(path, in_value.DeepCopy())); + if (!store_callback_factory_.HasWeakPtrs()) + SetInPolicy(); } else { - // Temporary store new setting in - // |device_settings_|. |device_settings_| will be stored on a disk - // as soon as an ownership of device the will be taken. - OwnerSettingsServiceChromeOS::UpdateDeviceSettings( - path, in_value, device_settings_); - em::PolicyData data; - data.set_username(device_settings_service_->GetUsername()); - CHECK(device_settings_.SerializeToString(data.mutable_policy_value())); - - // Set the cache to the updated value. - UpdateValuesCache(data, device_settings_, TEMPORARILY_UNTRUSTED); - - if (!device_settings_cache::Store(data, g_browser_process->local_state())) { - LOG(ERROR) << "Couldn't store to the temp storage."; - NotifyObservers(path); - return; - } + NOTREACHED() << "Try to set unhandled cros setting " << path; } - - bool metrics_value; - if (path == kStatsReportingPref && in_value.GetAsBoolean(&metrics_value)) - ApplyMetricsSetting(false, metrics_value); } void DeviceSettingsProvider::OwnershipStatusChanged() { DeviceSettingsService::OwnershipStatus new_ownership_status = device_settings_service_->GetOwnershipStatus(); - if (device_settings_service_->GetOwnerSettingsService()) - device_settings_service_->GetOwnerSettingsService()->AddObserver(this); - // If the device just became owned, write the settings accumulated in the // cache to device settings proper. It is important that writing only happens // in this case, as during normal operation, the contents of the cache should @@ -539,14 +504,7 @@ void DeviceSettingsProvider::OwnershipStatusChanged() { new_settings.MergeFrom(device_settings_); device_settings_.Swap(&new_settings); } - - scoped_ptr<em::PolicyData> policy(new em::PolicyData()); - policy->set_username(device_settings_service_->GetUsername()); - CHECK(device_settings_.SerializeToString(policy->mutable_policy_value())); - if (!device_settings_service_->GetOwnerSettingsService() - ->CommitTentativeDeviceSettings(policy.Pass())) { - LOG(ERROR) << "Can't store policy"; - } + StoreDeviceSettings(); } // The owner key might have become available, allowing migration to happen. @@ -560,13 +518,6 @@ void DeviceSettingsProvider::DeviceSettingsUpdated() { UpdateAndProceedStoring(); } -void DeviceSettingsProvider::OnTentativeChangesInPolicy( - const em::PolicyData& policy_data) { - em::ChromeDeviceSettingsProto device_settings; - CHECK(device_settings.ParseFromString(policy_data.policy_value())); - UpdateValuesCache(policy_data, device_settings, TEMPORARILY_UNTRUSTED); -} - void DeviceSettingsProvider::RetrieveCachedData() { em::PolicyData policy_data; if (!device_settings_cache::Retrieve(&policy_data, @@ -578,6 +529,261 @@ void DeviceSettingsProvider::RetrieveCachedData() { UpdateValuesCache(policy_data, device_settings_, trusted_status_); } +void DeviceSettingsProvider::SetInPolicy() { + if (pending_changes_.empty()) { + NOTREACHED(); + return; + } + + if (RequestTrustedEntity() != TRUSTED) { + // Re-sync device settings before proceeding. + device_settings_service_->Load(); + return; + } + + std::string prop(pending_changes_.front().first); + scoped_ptr<base::Value> value(pending_changes_.front().second); + pending_changes_.pop_front(); + + trusted_status_ = TEMPORARILY_UNTRUSTED; + if (prop == kAccountsPrefAllowNewUser) { + em::AllowNewUsersProto* allow = + device_settings_.mutable_allow_new_users(); + bool allow_value; + if (value->GetAsBoolean(&allow_value)) + allow->set_allow_new_users(allow_value); + else + NOTREACHED(); + } else if (prop == kAccountsPrefAllowGuest) { + em::GuestModeEnabledProto* guest = + device_settings_.mutable_guest_mode_enabled(); + bool guest_value; + if (value->GetAsBoolean(&guest_value)) + guest->set_guest_mode_enabled(guest_value); + else + NOTREACHED(); + } else if (prop == kAccountsPrefSupervisedUsersEnabled) { + em::SupervisedUsersSettingsProto* supervised = + device_settings_.mutable_supervised_users_settings(); + bool supervised_value; + if (value->GetAsBoolean(&supervised_value)) + supervised->set_supervised_users_enabled(supervised_value); + else + NOTREACHED(); + } else if (prop == kAccountsPrefShowUserNamesOnSignIn) { + em::ShowUserNamesOnSigninProto* show = + device_settings_.mutable_show_user_names(); + bool show_value; + if (value->GetAsBoolean(&show_value)) + show->set_show_user_names(show_value); + else + NOTREACHED(); + } else if (prop == kAccountsPrefDeviceLocalAccounts) { + em::DeviceLocalAccountsProto* device_local_accounts = + device_settings_.mutable_device_local_accounts(); + device_local_accounts->clear_account(); + const base::ListValue* accounts_list = NULL; + if (value->GetAsList(&accounts_list)) { + for (base::ListValue::const_iterator entry(accounts_list->begin()); + entry != accounts_list->end(); ++entry) { + const base::DictionaryValue* entry_dict = NULL; + if ((*entry)->GetAsDictionary(&entry_dict)) { + em::DeviceLocalAccountInfoProto* account = + device_local_accounts->add_account(); + std::string account_id; + if (entry_dict->GetStringWithoutPathExpansion( + kAccountsPrefDeviceLocalAccountsKeyId, &account_id)) { + account->set_account_id(account_id); + } + int type; + if (entry_dict->GetIntegerWithoutPathExpansion( + kAccountsPrefDeviceLocalAccountsKeyType, &type)) { + account->set_type( + static_cast<em::DeviceLocalAccountInfoProto::AccountType>( + type)); + } + std::string kiosk_app_id; + if (entry_dict->GetStringWithoutPathExpansion( + kAccountsPrefDeviceLocalAccountsKeyKioskAppId, + &kiosk_app_id)) { + account->mutable_kiosk_app()->set_app_id(kiosk_app_id); + } + } else { + NOTREACHED(); + } + } + } else { + NOTREACHED(); + } + } else if (prop == kAccountsPrefDeviceLocalAccountAutoLoginId) { + em::DeviceLocalAccountsProto* device_local_accounts = + device_settings_.mutable_device_local_accounts(); + std::string id; + if (value->GetAsString(&id)) + device_local_accounts->set_auto_login_id(id); + else + NOTREACHED(); + } else if (prop == kAccountsPrefDeviceLocalAccountAutoLoginDelay) { + em::DeviceLocalAccountsProto* device_local_accounts = + device_settings_.mutable_device_local_accounts(); + int delay; + if (value->GetAsInteger(&delay)) + device_local_accounts->set_auto_login_delay(delay); + else + NOTREACHED(); + } else if (prop == kAccountsPrefDeviceLocalAccountAutoLoginBailoutEnabled) { + em::DeviceLocalAccountsProto* device_local_accounts = + device_settings_.mutable_device_local_accounts(); + bool enabled; + if (value->GetAsBoolean(&enabled)) + device_local_accounts->set_enable_auto_login_bailout(enabled); + else + NOTREACHED(); + } else if (prop == + kAccountsPrefDeviceLocalAccountPromptForNetworkWhenOffline) { + em::DeviceLocalAccountsProto* device_local_accounts = + device_settings_.mutable_device_local_accounts(); + bool should_prompt; + if (value->GetAsBoolean(&should_prompt)) + device_local_accounts->set_prompt_for_network_when_offline(should_prompt); + else + NOTREACHED(); + } else if (prop == kSignedDataRoamingEnabled) { + em::DataRoamingEnabledProto* roam = + device_settings_.mutable_data_roaming_enabled(); + bool roaming_value = false; + if (value->GetAsBoolean(&roaming_value)) + roam->set_data_roaming_enabled(roaming_value); + else + NOTREACHED(); + } else if (prop == kReleaseChannel) { + em::ReleaseChannelProto* release_channel = + device_settings_.mutable_release_channel(); + std::string channel_value; + if (value->GetAsString(&channel_value)) + release_channel->set_release_channel(channel_value); + else + NOTREACHED(); + } else if (prop == kStatsReportingPref) { + em::MetricsEnabledProto* metrics = + device_settings_.mutable_metrics_enabled(); + bool metrics_value = false; + if (value->GetAsBoolean(&metrics_value)) + metrics->set_metrics_enabled(metrics_value); + else + NOTREACHED(); + ApplyMetricsSetting(false, metrics_value); + } else if (prop == kAccountsPrefUsers) { + em::UserWhitelistProto* whitelist_proto = + device_settings_.mutable_user_whitelist(); + whitelist_proto->clear_user_whitelist(); + const base::ListValue* users; + if (value->GetAsList(&users)) { + for (base::ListValue::const_iterator i = users->begin(); + i != users->end(); ++i) { + std::string email; + if ((*i)->GetAsString(&email)) + whitelist_proto->add_user_whitelist(email); + } + } + } else if (prop == kAccountsPrefEphemeralUsersEnabled) { + em::EphemeralUsersEnabledProto* ephemeral_users_enabled = + device_settings_.mutable_ephemeral_users_enabled(); + bool ephemeral_users_enabled_value = false; + if (value->GetAsBoolean(&ephemeral_users_enabled_value)) { + ephemeral_users_enabled->set_ephemeral_users_enabled( + ephemeral_users_enabled_value); + } else { + NOTREACHED(); + } + } else if (prop == kAllowRedeemChromeOsRegistrationOffers) { + em::AllowRedeemChromeOsRegistrationOffersProto* allow_redeem_offers = + device_settings_.mutable_allow_redeem_offers(); + bool allow_redeem_offers_value; + if (value->GetAsBoolean(&allow_redeem_offers_value)) { + allow_redeem_offers->set_allow_redeem_offers( + allow_redeem_offers_value); + } else { + NOTREACHED(); + } + } else if (prop == kStartUpFlags) { + em::StartUpFlagsProto* flags_proto = + device_settings_.mutable_start_up_flags(); + flags_proto->Clear(); + const base::ListValue* flags; + if (value->GetAsList(&flags)) { + for (base::ListValue::const_iterator i = flags->begin(); + i != flags->end(); ++i) { + std::string flag; + if ((*i)->GetAsString(&flag)) + flags_proto->add_flags(flag); + } + } + } else if (prop == kSystemUse24HourClock) { + em::SystemUse24HourClockProto* use_24hour_clock_proto = + device_settings_.mutable_use_24hour_clock(); + use_24hour_clock_proto->Clear(); + bool use_24hour_clock_value; + if (value->GetAsBoolean(&use_24hour_clock_value)) { + use_24hour_clock_proto->set_use_24hour_clock(use_24hour_clock_value); + } else { + NOTREACHED(); + } + } else if (prop == kAttestationForContentProtectionEnabled) { + em::AttestationSettingsProto* attestation_settings = + device_settings_.mutable_attestation_settings(); + bool setting_enabled; + if (value->GetAsBoolean(&setting_enabled)) { + attestation_settings->set_content_protection_enabled(setting_enabled); + } else { + NOTREACHED(); + } + } else { + // The remaining settings don't support Set(), since they are not + // intended to be customizable by the user: + // kAccountsPrefTransferSAMLCookies + // kAppPack + // kDeviceAttestationEnabled + // kDeviceOwner + // kIdleLogoutTimeout + // kIdleLogoutWarningDuration + // kReleaseChannelDelegated + // kReportDeviceActivityTimes + // kReportDeviceBootMode + // kReportDeviceLocation + // kReportDeviceVersionInfo + // kReportDeviceNetworkInterfaces + // kReportDeviceUsers + // kScreenSaverExtensionId + // kScreenSaverTimeout + // kServiceAccountIdentity + // kStartUpUrls + // kSystemTimezonePolicy + // kVariationsRestrictParameter + + LOG(FATAL) << "Device setting " << prop << " is read-only."; + } + + em::PolicyData data; + data.set_username(device_settings_service_->GetUsername()); + CHECK(device_settings_.SerializeToString(data.mutable_policy_value())); + + // Set the cache to the updated value. + UpdateValuesCache(data, device_settings_, trusted_status_); + + if (ownership_status_ == DeviceSettingsService::OWNERSHIP_TAKEN) { + StoreDeviceSettings(); + } else { + if (!device_settings_cache::Store(data, g_browser_process->local_state())) + LOG(ERROR) << "Couldn't store to the temp storage."; + + // OnStorePolicyCompleted won't get called in this case so proceed with any + // pending operations immediately. + if (!pending_changes_.empty()) + SetInPolicy(); + } +} + void DeviceSettingsProvider::UpdateValuesCache( const em::PolicyData& policy_data, const em::ChromeDeviceSettingsProto& settings, @@ -721,6 +927,10 @@ DeviceSettingsProvider::TrustedStatus void DeviceSettingsProvider::UpdateAndProceedStoring() { // Re-sync the cache from the service. UpdateFromService(); + + // Trigger the next change if necessary. + if (trusted_status_ == TRUSTED && !pending_changes_.empty()) + SetInPolicy(); } bool DeviceSettingsProvider::UpdateFromService() { @@ -784,6 +994,18 @@ bool DeviceSettingsProvider::UpdateFromService() { return settings_loaded; } +void DeviceSettingsProvider::StoreDeviceSettings() { + // Mute all previous callbacks to guarantee the |pending_changes_| queue is + // processed serially. + store_callback_factory_.InvalidateWeakPtrs(); + + device_settings_service_->SignAndStore( + scoped_ptr<em::ChromeDeviceSettingsProto>( + new em::ChromeDeviceSettingsProto(device_settings_)), + base::Bind(&DeviceSettingsProvider::UpdateAndProceedStoring, + store_callback_factory_.GetWeakPtr())); +} + void DeviceSettingsProvider::AttemptMigration() { if (device_settings_service_->HasPrivateOwnerKey()) { PrefValueMap::const_iterator i; diff --git a/chrome/browser/chromeos/settings/device_settings_provider.h b/chrome/browser/chromeos/settings/device_settings_provider.h index 9ffeb6ff..c8b952e 100644 --- a/chrome/browser/chromeos/settings/device_settings_provider.h +++ b/chrome/browser/chromeos/settings/device_settings_provider.h @@ -5,7 +5,9 @@ #ifndef CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_SETTINGS_PROVIDER_H_ #define CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_SETTINGS_PROVIDER_H_ +#include <deque> #include <string> +#include <utility> #include <vector> #include "base/basictypes.h" @@ -16,7 +18,6 @@ #include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h" #include "chrome/browser/chromeos/settings/device_settings_service.h" #include "chromeos/settings/cros_settings_provider.h" -#include "components/ownership/owner_settings_service.h" #include "components/policy/core/common/cloud/cloud_policy_constants.h" namespace base { @@ -30,13 +31,8 @@ class ChromeDeviceSettingsProto; namespace chromeos { // CrosSettingsProvider implementation that works with device settings. -// -// Note that the write path is in the process of being migrated to -// OwnerSettingsServiceChromeOS (crbug.com/230018). -class DeviceSettingsProvider - : public CrosSettingsProvider, - public DeviceSettingsService::Observer, - public ownership::OwnerSettingsService::Observer { +class DeviceSettingsProvider : public CrosSettingsProvider, + public DeviceSettingsService::Observer { public: // The callback type that is called to get the device mode. typedef base::Callback<policy::DeviceMode(void)> GetDeviceModeCallback; @@ -63,15 +59,16 @@ class DeviceSettingsProvider virtual void OwnershipStatusChanged() override; virtual void DeviceSettingsUpdated() override; - // ownership::OwnerSettingsService::Observer implementation: - virtual void OnTentativeChangesInPolicy( - const enterprise_management::PolicyData& policy_data) override; - // Populates in-memory cache from the local_state cache that is used to store // device settings before the device is owned and to speed up policy // availability before the policy blob is fetched on boot. void RetrieveCachedData(); + // Stores a value from the |pending_changes_| queue in the device settings. + // If the device is not owned yet the data ends up only in the local_state + // cache and is serialized once ownership is acquired. + void SetInPolicy(); + // Parses the policy data and fills in |values_cache_|. void UpdateValuesCache( const enterprise_management::PolicyData& policy_data, @@ -110,6 +107,10 @@ class DeviceSettingsProvider // if new settings have been loaded. bool UpdateFromService(); + // Sends |device_settings_| to |device_settings_service_| for signing and + // storage in session_manager. + void StoreDeviceSettings(); + // Checks the current ownership status to see whether the device owner is // logged in and writes the data accumulated in |migration_values_| to proper // device settings. @@ -124,19 +125,22 @@ class DeviceSettingsProvider TrustedStatus trusted_status_; DeviceSettingsService::OwnershipStatus ownership_status_; - // The device settings as currently reported through the - // CrosSettingsProvider interface. This may be different from the - // actual current device settings (which can be obtained from - // |device_settings_service_|) in case the device does not have an - // owner yet. As soon as ownership of the device will be taken, - // |device_settings_| will stored on disk and won't be used. + // The device settings as currently reported through the CrosSettingsProvider + // interface. This may be different from the actual current device settings + // (which can be obtained from |device_settings_service_|) in case the device + // does not have an owner yet or there are pending changes that have not yet + // been written to session_manager. enterprise_management::ChromeDeviceSettingsProto device_settings_; // A cache of values, indexed by the settings keys served through the - // CrosSettingsProvider interface. This is always kept in sync with the - // current device settings. + // CrosSettingsProvider interface. This is always kept in sync with the raw + // data found in |device_settings_|. PrefValueMap values_cache_; + // This is a queue for set requests, because those need to be sequential. + typedef std::pair<std::string, base::Value*> PendingQueueElement; + std::deque<PendingQueueElement> pending_changes_; + // Weak pointer factory for creating store operation callbacks. base::WeakPtrFactory<DeviceSettingsProvider> store_callback_factory_; diff --git a/chrome/browser/chromeos/settings/device_settings_service.cc b/chrome/browser/chromeos/settings/device_settings_service.cc index 9c2669a..53b2a56 100644 --- a/chrome/browser/chromeos/settings/device_settings_service.cc +++ b/chrome/browser/chromeos/settings/device_settings_service.cc @@ -10,7 +10,6 @@ #include "base/stl_util.h" #include "base/time/time.h" #include "chrome/browser/chrome_notification_types.h" -#include "chrome/browser/chromeos/ownership/owner_settings_service_chromeos.h" #include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h" #include "chrome/browser/chromeos/settings/session_manager_operation.h" #include "components/ownership/owner_key_util.h" @@ -36,6 +35,36 @@ int kLoadRetryDelayMs = 1000 * 5; // of retry time. int kMaxLoadRetries = (1000 * 60 * 10) / kLoadRetryDelayMs; +// Assembles PolicyData based on |settings|, |policy_data| and +// |user_id|. +scoped_ptr<em::PolicyData> AssemblePolicy( + const std::string& user_id, + const em::PolicyData* policy_data, + const em::ChromeDeviceSettingsProto* settings) { + scoped_ptr<em::PolicyData> policy(new em::PolicyData()); + if (policy_data) { + // Preserve management settings. + if (policy_data->has_management_mode()) + policy->set_management_mode(policy_data->management_mode()); + if (policy_data->has_request_token()) + policy->set_request_token(policy_data->request_token()); + if (policy_data->has_device_id()) + policy->set_device_id(policy_data->device_id()); + } else { + // If there's no previous policy data, this is the first time the device + // setting is set. We set the management mode to NOT_MANAGED initially. + policy->set_management_mode(em::PolicyData::NOT_MANAGED); + } + policy->set_policy_type(policy::dm_protocol::kChromeDevicePolicyType); + policy->set_timestamp( + (base::Time::Now() - base::Time::UnixEpoch()).InMilliseconds()); + policy->set_username(user_id); + if (!settings->SerializeToString(policy->mutable_policy_value())) + return scoped_ptr<em::PolicyData>(); + + return policy.Pass(); +} + // Returns true if it is okay to transfer from the current mode to the new // mode. This function should be called in SetManagementMode(). bool CheckManagementModeTransition(em::PolicyData::ManagementMode current_mode, @@ -122,6 +151,8 @@ void DeviceSettingsService::SetSessionManager( } void DeviceSettingsService::UnsetSessionManager() { + STLDeleteContainerPointers(pending_operations_.begin(), + pending_operations_.end()); pending_operations_.clear(); if (session_manager_client_) @@ -141,10 +172,18 @@ void DeviceSettingsService::Load() { void DeviceSettingsService::SignAndStore( scoped_ptr<em::ChromeDeviceSettingsProto> new_settings, const base::Closure& callback) { + if (!owner_settings_service_) { + HandleError(STORE_KEY_UNAVAILABLE, callback); + return; + } scoped_ptr<em::PolicyData> policy = - OwnerSettingsServiceChromeOS::AssemblePolicy( - GetUsername(), policy_data(), new_settings.get()); - EnqueueSignAndStore(policy.Pass(), callback); + AssemblePolicy(GetUsername(), policy_data(), new_settings.get()); + if (!policy) { + HandleError(STORE_POLICY_ERROR, callback); + return; + } + + owner_settings_service_->SignAndStorePolicyAsync(policy.Pass(), callback); } void DeviceSettingsService::SetManagementSettings( @@ -169,8 +208,7 @@ void DeviceSettingsService::SetManagementSettings( } scoped_ptr<em::PolicyData> policy = - OwnerSettingsServiceChromeOS::AssemblePolicy( - GetUsername(), policy_data(), device_settings()); + AssemblePolicy(GetUsername(), policy_data(), device_settings()); if (!policy) { HandleError(DeviceSettingsService::STORE_POLICY_ERROR, callback); return; @@ -180,16 +218,17 @@ void DeviceSettingsService::SetManagementSettings( policy->set_request_token(request_token); policy->set_device_id(device_id); - EnqueueSignAndStore(policy.Pass(), callback); + owner_settings_service_->SignAndStorePolicyAsync(policy.Pass(), callback); } void DeviceSettingsService::Store(scoped_ptr<em::PolicyFetchResponse> policy, const base::Closure& callback) { - Enqueue(linked_ptr<SessionManagerOperation>(new StoreSettingsOperation( - base::Bind(&DeviceSettingsService::HandleCompletedOperation, - weak_factory_.GetWeakPtr(), - callback), - policy.Pass()))); + Enqueue( + new StoreSettingsOperation( + base::Bind(&DeviceSettingsService::HandleCompletedOperation, + weak_factory_.GetWeakPtr(), + callback), + policy.Pass())); } DeviceSettingsService::OwnershipStatus @@ -237,11 +276,6 @@ const std::string& DeviceSettingsService::GetUsername() const { return username_; } -ownership::OwnerSettingsService* -DeviceSettingsService::GetOwnerSettingsService() const { - return owner_settings_service_.get(); -} - void DeviceSettingsService::AddObserver(Observer* observer) { observers_.AddObserver(observer); } @@ -269,33 +303,20 @@ void DeviceSettingsService::PropertyChangeComplete(bool success) { EnsureReload(false); } -void DeviceSettingsService::Enqueue( - const linked_ptr<SessionManagerOperation>& operation) { +void DeviceSettingsService::Enqueue(SessionManagerOperation* operation) { pending_operations_.push_back(operation); - if (pending_operations_.front().get() == operation.get()) + if (pending_operations_.front() == operation) StartNextOperation(); } void DeviceSettingsService::EnqueueLoad(bool force_key_load) { - linked_ptr<SessionManagerOperation> operation(new LoadSettingsOperation( - base::Bind(&DeviceSettingsService::HandleCompletedOperation, - weak_factory_.GetWeakPtr(), - base::Closure()))); - operation->set_force_key_load(force_key_load); - operation->set_username(username_); - operation->set_owner_settings_service(owner_settings_service_); - Enqueue(operation); -} - -void DeviceSettingsService::EnqueueSignAndStore( - scoped_ptr<enterprise_management::PolicyData> policy, - const base::Closure& callback) { - linked_ptr<SessionManagerOperation> operation( - new SignAndStoreSettingsOperation( + SessionManagerOperation* operation = + new LoadSettingsOperation( base::Bind(&DeviceSettingsService::HandleCompletedOperation, weak_factory_.GetWeakPtr(), - callback), - policy.Pass())); + base::Closure())); + operation->set_force_key_load(force_key_load); + operation->set_username(username_); operation->set_owner_settings_service(owner_settings_service_); Enqueue(operation); } @@ -312,7 +333,8 @@ void DeviceSettingsService::EnsureReload(bool force_key_load) { } void DeviceSettingsService::StartNextOperation() { - if (!pending_operations_.empty() && session_manager_client_ && + if (!pending_operations_.empty() && + session_manager_client_ && owner_key_util_.get()) { pending_operations_.front()->Start( session_manager_client_, owner_key_util_, public_key_); @@ -323,7 +345,7 @@ void DeviceSettingsService::HandleCompletedOperation( const base::Closure& callback, SessionManagerOperation* operation, Status status) { - DCHECK_EQ(operation, pending_operations_.front().get()); + DCHECK_EQ(operation, pending_operations_.front()); store_status_ = status; OwnershipStatus ownership_status = OWNERSHIP_UNKNOWN; @@ -390,6 +412,7 @@ void DeviceSettingsService::HandleCompletedOperation( // Only remove the pending operation here, so new operations triggered by any // of the callbacks above are queued up properly. pending_operations_.pop_front(); + delete operation; StartNextOperation(); } @@ -408,6 +431,11 @@ void DeviceSettingsService::HandleError(Status status, callback.Run(); } +void DeviceSettingsService::OnSignAndStoreOperationCompleted(Status status) { + store_status_ = status; + FOR_EACH_OBSERVER(Observer, observers_, DeviceSettingsUpdated()); +} + ScopedTestDeviceSettingsService::ScopedTestDeviceSettingsService() { DeviceSettingsService::Initialize(); } diff --git a/chrome/browser/chromeos/settings/device_settings_service.h b/chrome/browser/chromeos/settings/device_settings_service.h index ef24d19..6f2ebdf 100644 --- a/chrome/browser/chromeos/settings/device_settings_service.h +++ b/chrome/browser/chromeos/settings/device_settings_service.h @@ -12,7 +12,6 @@ #include "base/basictypes.h" #include "base/callback.h" #include "base/compiler_specific.h" -#include "base/memory/linked_ptr.h" #include "base/memory/ref_counted.h" #include "base/memory/scoped_ptr.h" #include "base/observer_list.h" @@ -139,9 +138,6 @@ class DeviceSettingsService : public SessionManagerClient::Observer { const base::Closure& callback); // Sets the management related settings in PolicyData. - // - // TODO (ygorshenin@, crbug.com/230018): move this to the - // OwnerSettingsService. void SetManagementSettings( enterprise_management::PolicyData::ManagementMode management_mode, const std::string& request_token, @@ -173,8 +169,6 @@ class DeviceSettingsService : public SessionManagerClient::Observer { const std::string& GetUsername() const; - ownership::OwnerSettingsService* GetOwnerSettingsService() const; - // Adds an observer. void AddObserver(Observer* observer); // Removes an observer. @@ -189,15 +183,11 @@ class DeviceSettingsService : public SessionManagerClient::Observer { // Enqueues a new operation. Takes ownership of |operation| and starts it // right away if there is no active operation currently. - void Enqueue(const linked_ptr<SessionManagerOperation>& operation); + void Enqueue(SessionManagerOperation* operation); // Enqueues a load operation. void EnqueueLoad(bool force_key_load); - // Enqueues a sign and store operation. - void EnqueueSignAndStore(scoped_ptr<enterprise_management::PolicyData> policy, - const base::Closure& callback); - // Makes sure there's a reload operation so changes to the settings (and key, // in case force_key_load is set) are getting picked up. void EnsureReload(bool force_key_load); @@ -214,6 +204,19 @@ class DeviceSettingsService : public SessionManagerClient::Observer { // Updates status and invokes the callback immediately. void HandleError(Status status, const base::Closure& callback); + // Called by OwnerSettingsService when sign-and-store operation completes. + void OnSignAndStoreOperationCompleted(Status status); + + void set_policy_data( + scoped_ptr<enterprise_management::PolicyData> policy_data) { + policy_data_ = policy_data.Pass(); + } + + void set_device_settings(scoped_ptr< + enterprise_management::ChromeDeviceSettingsProto> device_settings) { + device_settings_ = device_settings.Pass(); + } + SessionManagerClient* session_manager_client_; scoped_refptr<ownership::OwnerKeyUtil> owner_key_util_; @@ -230,9 +233,9 @@ class DeviceSettingsService : public SessionManagerClient::Observer { // The queue of pending operations. The first operation on the queue is // currently active; it gets removed and destroyed once it completes. - std::deque<linked_ptr<SessionManagerOperation>> pending_operations_; + std::deque<SessionManagerOperation*> pending_operations_; - ObserverList<Observer> observers_; + ObserverList<Observer, true> observers_; // For recoverable load errors how many retries are left before we give up. int load_retries_left_; diff --git a/chrome/browser/chromeos/settings/device_settings_test_helper.cc b/chrome/browser/chromeos/settings/device_settings_test_helper.cc index fed7034..24e5886 100644 --- a/chrome/browser/chromeos/settings/device_settings_test_helper.cc +++ b/chrome/browser/chromeos/settings/device_settings_test_helper.cc @@ -197,8 +197,6 @@ DeviceSettingsTestBase::DeviceSettingsTestBase() : user_manager_(new FakeUserManager()), user_manager_enabler_(user_manager_), owner_key_util_(new ownership::MockOwnerKeyUtil()) { - OwnerSettingsServiceChromeOSFactory::SetDeviceSettingsServiceForTesting( - &device_settings_service_); OwnerSettingsServiceChromeOSFactory::GetInstance()->SetOwnerKeyUtilForTesting( owner_key_util_); } @@ -220,11 +218,13 @@ void DeviceSettingsTestBase::SetUp() { device_settings_test_helper_.set_policy_blob(device_policy_.GetBlob()); device_settings_service_.SetSessionManager(&device_settings_test_helper_, owner_key_util_); + OwnerSettingsServiceChromeOS::SetDeviceSettingsServiceForTesting( + &device_settings_service_); profile_.reset(new TestingProfile()); } void DeviceSettingsTestBase::TearDown() { - OwnerSettingsServiceChromeOSFactory::SetDeviceSettingsServiceForTesting(NULL); + OwnerSettingsServiceChromeOS::SetDeviceSettingsServiceForTesting(NULL); FlushDeviceSettings(); device_settings_service_.UnsetSessionManager(); DBusThreadManager::Shutdown(); diff --git a/chrome/browser/chromeos/settings/device_settings_test_helper.h b/chrome/browser/chromeos/settings/device_settings_test_helper.h index 8100563..cac6fc9 100644 --- a/chrome/browser/chromeos/settings/device_settings_test_helper.h +++ b/chrome/browser/chromeos/settings/device_settings_test_helper.h @@ -185,11 +185,11 @@ class DeviceSettingsTestBase : public testing::Test { // tested classes depend on implicitly. FakeUserManager* user_manager_; ScopedUserManagerEnabler user_manager_enabler_; + scoped_ptr<TestingProfile> profile_; scoped_refptr<ownership::MockOwnerKeyUtil> owner_key_util_; // Local DeviceSettingsService instance for tests. Avoid using in combination // with the global instance (DeviceSettingsService::Get()). DeviceSettingsService device_settings_service_; - scoped_ptr<TestingProfile> profile_; scoped_ptr<DBusThreadManagerSetter> dbus_setter_; diff --git a/chrome/browser/chromeos/settings/session_manager_operation.cc b/chrome/browser/chromeos/settings/session_manager_operation.cc index 6a7ed98..8947c37 100644 --- a/chrome/browser/chromeos/settings/session_manager_operation.cc +++ b/chrome/browser/chromeos/settings/session_manager_operation.cc @@ -245,15 +245,12 @@ SignAndStoreSettingsOperation::SignAndStoreSettingsOperation( : SessionManagerOperation(callback), new_policy_(new_policy.Pass()), weak_factory_(this) { + DCHECK(new_policy_); } SignAndStoreSettingsOperation::~SignAndStoreSettingsOperation() {} void SignAndStoreSettingsOperation::Run() { - if (!new_policy_) { - ReportResult(DeviceSettingsService::STORE_POLICY_ERROR); - return; - } if (!owner_settings_service_) { ReportResult(DeviceSettingsService::STORE_KEY_UNAVAILABLE); return; @@ -272,7 +269,7 @@ void SignAndStoreSettingsOperation::StartSigning(bool is_owner) { bool rv = owner_settings_service_->AssembleAndSignPolicyAsync( content::BrowserThread::GetBlockingPool(), new_policy_.Pass(), - base::Bind(&SignAndStoreSettingsOperation::StoreDeviceSettings, + base::Bind(&SignAndStoreSettingsOperation::StoreDeviceSettingsBlob, weak_factory_.GetWeakPtr())); if (!rv) { ReportResult(DeviceSettingsService::STORE_KEY_UNAVAILABLE); @@ -280,15 +277,15 @@ void SignAndStoreSettingsOperation::StartSigning(bool is_owner) { } } -void SignAndStoreSettingsOperation::StoreDeviceSettings( - scoped_ptr<em::PolicyFetchResponse> policy_response) { - if (!policy_response.get()) { +void SignAndStoreSettingsOperation::StoreDeviceSettingsBlob( + std::string device_settings_blob) { + if (device_settings_blob.empty()) { ReportResult(DeviceSettingsService::STORE_POLICY_ERROR); return; } session_manager_client()->StoreDevicePolicy( - policy_response->SerializeAsString(), + device_settings_blob, base::Bind(&SignAndStoreSettingsOperation::HandleStoreResult, weak_factory_.GetWeakPtr())); } diff --git a/chrome/browser/chromeos/settings/session_manager_operation.h b/chrome/browser/chromeos/settings/session_manager_operation.h index 356025e..03aaf80 100644 --- a/chrome/browser/chromeos/settings/session_manager_operation.h +++ b/chrome/browser/chromeos/settings/session_manager_operation.h @@ -189,8 +189,7 @@ class SignAndStoreSettingsOperation : public SessionManagerOperation { void StartSigning(bool has_private_key); // Stores the signed device settings blob. - void StoreDeviceSettings( - scoped_ptr<enterprise_management::PolicyFetchResponse> policy_response); + void StoreDeviceSettingsBlob(std::string device_settings_blob); // Handles the result of the store operation and triggers the load. void HandleStoreResult(bool success); diff --git a/chrome/chrome_tests_unit.gypi b/chrome/chrome_tests_unit.gypi index 6c3850e..dd1ee37 100644 --- a/chrome/chrome_tests_unit.gypi +++ b/chrome/chrome_tests_unit.gypi @@ -219,7 +219,6 @@ 'browser/chromeos/net/onc_utils_unittest.cc', 'browser/chromeos/offline/offline_load_page_unittest.cc', 'browser/chromeos/options/network_property_ui_data_unittest.cc', - 'browser/chromeos/ownership/owner_settings_service_chromeos_unittest.cc', 'browser/chromeos/policy/auto_enrollment_client_unittest.cc', 'browser/chromeos/policy/cloud_external_data_manager_base_unittest.cc', 'browser/chromeos/policy/cloud_external_data_policy_observer_unittest.cc', diff --git a/components/ownership/owner_settings_service.cc b/components/ownership/owner_settings_service.cc index 204cdd1..56bcbe0 100644 --- a/components/ownership/owner_settings_service.cc +++ b/components/ownership/owner_settings_service.cc @@ -12,7 +12,6 @@ #include "base/message_loop/message_loop.h" #include "base/task_runner.h" #include "base/task_runner_util.h" -#include "base/values.h" #include "components/ownership/owner_key_util.h" #include "crypto/signature_creator.h" @@ -22,15 +21,13 @@ namespace ownership { namespace { -scoped_ptr<em::PolicyFetchResponse> AssembleAndSignPolicy( - scoped_ptr<em::PolicyData> policy, - crypto::RSAPrivateKey* private_key) { +std::string AssembleAndSignPolicy(scoped_ptr<em::PolicyData> policy, + crypto::RSAPrivateKey* private_key) { // Assemble the policy. - scoped_ptr<em::PolicyFetchResponse> policy_response( - new em::PolicyFetchResponse()); - if (!policy->SerializeToString(policy_response->mutable_policy_data())) { + em::PolicyFetchResponse policy_response; + if (!policy->SerializeToString(policy_response.mutable_policy_data())) { LOG(ERROR) << "Failed to encode policy payload."; - return scoped_ptr<em::PolicyFetchResponse>(nullptr).Pass(); + return std::string(); } // Generate the signature. @@ -38,19 +35,19 @@ scoped_ptr<em::PolicyFetchResponse> AssembleAndSignPolicy( crypto::SignatureCreator::Create(private_key, crypto::SignatureCreator::SHA1)); signature_creator->Update( - reinterpret_cast<const uint8*>(policy_response->policy_data().c_str()), - policy_response->policy_data().size()); + reinterpret_cast<const uint8*>(policy_response.policy_data().c_str()), + policy_response.policy_data().size()); std::vector<uint8> signature_bytes; std::string policy_blob; if (!signature_creator->Final(&signature_bytes)) { LOG(ERROR) << "Failed to create policy signature."; - return scoped_ptr<em::PolicyFetchResponse>(nullptr).Pass(); + return std::string(); } - policy_response->mutable_policy_data_signature()->assign( + policy_response.mutable_policy_data_signature()->assign( reinterpret_cast<const char*>(vector_as_array(&signature_bytes)), signature_bytes.size()); - return policy_response.Pass(); + return policy_response.SerializeAsString(); } } // namepace @@ -64,15 +61,6 @@ OwnerSettingsService::~OwnerSettingsService() { DCHECK(thread_checker_.CalledOnValidThread()); } -void OwnerSettingsService::AddObserver(Observer* observer) { - if (observer && !observers_.HasObserver(observer)) - observers_.AddObserver(observer); -} - -void OwnerSettingsService::RemoveObserver(Observer* observer) { - observers_.RemoveObserver(observer); -} - bool OwnerSettingsService::IsOwner() { DCHECK(thread_checker_.CalledOnValidThread()); return private_key_.get() && private_key_->key(); @@ -103,31 +91,6 @@ bool OwnerSettingsService::AssembleAndSignPolicyAsync( callback); } -bool OwnerSettingsService::SetBoolean(const std::string& setting, bool value) { - DCHECK(thread_checker_.CalledOnValidThread()); - base::FundamentalValue in_value(value); - return Set(setting, in_value); -} - -bool OwnerSettingsService::SetInteger(const std::string& setting, int value) { - DCHECK(thread_checker_.CalledOnValidThread()); - base::FundamentalValue in_value(value); - return Set(setting, in_value); -} - -bool OwnerSettingsService::SetDouble(const std::string& setting, double value) { - DCHECK(thread_checker_.CalledOnValidThread()); - base::FundamentalValue in_value(value); - return Set(setting, in_value); -} - -bool OwnerSettingsService::SetString(const std::string& setting, - const std::string& value) { - DCHECK(thread_checker_.CalledOnValidThread()); - base::StringValue in_value(value); - return Set(setting, in_value); -} - void OwnerSettingsService::ReloadKeypair() { ReloadKeypairImpl( base::Bind(&OwnerSettingsService::OnKeypairLoaded, as_weak_ptr())); diff --git a/components/ownership/owner_settings_service.h b/components/ownership/owner_settings_service.h index db36595..1961975 100644 --- a/components/ownership/owner_settings_service.h +++ b/components/ownership/owner_settings_service.h @@ -13,7 +13,6 @@ #include "base/memory/ref_counted.h" #include "base/memory/scoped_ptr.h" #include "base/memory/weak_ptr.h" -#include "base/observer_list.h" #include "base/threading/thread_checker.h" #include "components/keyed_service/core/keyed_service.h" #include "components/ownership/ownership_export.h" @@ -21,7 +20,6 @@ namespace base { class TaskRunner; -class Value; } namespace ownership { @@ -33,42 +31,19 @@ class PublicKey; // which deal with ownership, keypairs and owner-related settings. class OWNERSHIP_EXPORT OwnerSettingsService : public KeyedService { public: - class Observer { - public: - virtual ~Observer() {} - - // Called when signed policy was stored, or when an error happed during - // policy storage.. - virtual void OnSignedPolicyStored(bool success) {} - - // Called when tentative changes were made to policy, but the policy still - // not signed and stored. - // - // TODO (ygorshenin@, crbug.com/230018): get rid of the method - // since it creates DeviceSettingsService's dependency on - // OwnerSettingsService. - virtual void OnTentativeChangesInPolicy( - const enterprise_management::PolicyData& policy_data) {} - }; - - typedef base::Callback<void( - scoped_ptr<enterprise_management::PolicyFetchResponse> policy_response)> + typedef base::Callback<void(std::string policy_blob)> AssembleAndSignPolicyAsyncCallback; typedef base::Callback<void(bool is_owner)> IsOwnerCallback; explicit OwnerSettingsService( const scoped_refptr<ownership::OwnerKeyUtil>& owner_key_util); - virtual ~OwnerSettingsService(); + ~OwnerSettingsService() override; base::WeakPtr<OwnerSettingsService> as_weak_ptr() { return weak_factory_.GetWeakPtr(); } - void AddObserver(Observer* observer); - - void RemoveObserver(Observer* observer); - // Returns whether current user is owner or not. When this method // is called too early, incorrect result can be returned because // private key loading may be in progress. @@ -85,24 +60,12 @@ class OWNERSHIP_EXPORT OwnerSettingsService : public KeyedService { scoped_ptr<enterprise_management::PolicyData> policy, const AssembleAndSignPolicyAsyncCallback& callback); - // Checks whether |setting| is handled by OwnerSettingsService. - virtual bool HandlesSetting(const std::string& setting) = 0; - - // Sets |setting| value to |value|. - virtual bool Set(const std::string& setting, const base::Value& value) = 0; - - // Sets a bunch of device settings accumulated before ownership gets - // established. - // - // TODO (ygorshenin@, crbug.com/230018): that this is a temporary - // solution and should be removed. - virtual bool CommitTentativeDeviceSettings( - scoped_ptr<enterprise_management::PolicyData> policy) = 0; - - bool SetBoolean(const std::string& setting, bool value); - bool SetInteger(const std::string& setting, int value); - bool SetDouble(const std::string& setting, double value); - bool SetString(const std::string& setting, const std::string& value); + // Signs |settings| with the private half of the owner key and sends + // the resulting policy blob for storage. The + // result of the operation is reported through |callback|. + virtual void SignAndStorePolicyAsync( + scoped_ptr<enterprise_management::PolicyData> policy, + const base::Closure& callback) = 0; protected: void ReloadKeypair(); @@ -126,8 +89,6 @@ class OWNERSHIP_EXPORT OwnerSettingsService : public KeyedService { std::vector<IsOwnerCallback> pending_is_owner_callbacks_; - ObserverList<Observer> observers_; - base::ThreadChecker thread_checker_; private: |