diff options
| author | mnissler@chromium.org <mnissler@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-04-05 12:19:05 +0000 |
|---|---|---|
| committer | mnissler@chromium.org <mnissler@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-04-05 12:19:05 +0000 |
| commit | 6d326281405724190199485810dab6b0c6e1dcfc (patch) | |
| tree | ed11faaa5ed0e0fbd6cb29df07efa354daf1dbc9 /chrome/browser/policy | |
| parent | 44013bcb4daaf44cdf9ae57036191219d3b8170b (diff) | |
| download | chromium_src-6d326281405724190199485810dab6b0c6e1dcfc.zip chromium_src-6d326281405724190199485810dab6b0c6e1dcfc.tar.gz chromium_src-6d326281405724190199485810dab6b0c6e1dcfc.tar.bz2 | |
Fix race on enterprise enrollment.
The policy fetch was racing against the installation-time attributes
write. Enrollment would fail if the policy fetch won the race. This
change explicitly prevents policy fetches until the device policy
machinery is ready to accept them.
BUG=chromium:28248
TEST=Hard. Enroll devices a lot, preferably with a slow TPM and against a fast server. Enrollment shouldn't fail.
Review URL: https://chromiumcodereview.appspot.com/9982005
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@130897 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/browser/policy')
| -rw-r--r-- | chrome/browser/policy/browser_policy_connector.cc | 1 | ||||
| -rw-r--r-- | chrome/browser/policy/cloud_policy_controller.cc | 4 | ||||
| -rw-r--r-- | chrome/browser/policy/cloud_policy_data_store.cc | 12 | ||||
| -rw-r--r-- | chrome/browser/policy/cloud_policy_data_store.h | 3 | ||||
| -rw-r--r-- | chrome/browser/policy/cloud_policy_subsystem.cc | 1 |
5 files changed, 20 insertions, 1 deletions
diff --git a/chrome/browser/policy/browser_policy_connector.cc b/chrome/browser/policy/browser_policy_connector.cc index 905d810..a29c610 100644 --- a/chrome/browser/policy/browser_policy_connector.cc +++ b/chrome/browser/policy/browser_policy_connector.cc @@ -194,6 +194,7 @@ void BrowserPolicyConnector::RegisterForDevicePolicy( } device_data_store_->set_user_name(owner_email); device_data_store_->set_known_machine_id(known_machine_id); + device_data_store_->set_policy_fetching_enabled(false); device_data_store_->SetOAuthToken(token); } #endif diff --git a/chrome/browser/policy/cloud_policy_controller.cc b/chrome/browser/policy/cloud_policy_controller.cc index 4622c90..cd2a675 100644 --- a/chrome/browser/policy/cloud_policy_controller.cc +++ b/chrome/browser/policy/cloud_policy_controller.cc @@ -328,6 +328,10 @@ void CloudPolicyController::FetchToken() { void CloudPolicyController::SendPolicyRequest() { DCHECK(!data_store_->device_token().empty()); + + if (!data_store_->policy_fetching_enabled()) + return; + request_job_.reset( service_->CreateJob(DeviceManagementRequestJob::TYPE_POLICY_FETCH)); request_job_->SetDMToken(data_store_->device_token()); diff --git a/chrome/browser/policy/cloud_policy_data_store.cc b/chrome/browser/policy/cloud_policy_data_store.cc index 65ab531..94ce161 100644 --- a/chrome/browser/policy/cloud_policy_data_store.cc +++ b/chrome/browser/policy/cloud_policy_data_store.cc @@ -34,13 +34,14 @@ CloudPolicyDataStore::CloudPolicyDataStore( policy_type_(policy_type), known_machine_id_(false), token_cache_loaded_(false), + policy_fetching_enabled_(true), device_mode_(DEVICE_MODE_PENDING) {} void CloudPolicyDataStore::SetDeviceToken(const std::string& device_token, bool from_cache) { DCHECK(token_cache_loaded_ != from_cache); if (!token_cache_loaded_) { - // The cache should be the first to set the token. (It may be "") + // The cache should be the first to set the token (it may be empty). DCHECK(from_cache); token_cache_loaded_ = true; } else { @@ -112,6 +113,11 @@ void CloudPolicyDataStore::set_known_machine_id(bool known_machine_id) { known_machine_id_ = known_machine_id; } +void CloudPolicyDataStore::set_policy_fetching_enabled( + bool policy_fetching_enabled) { + policy_fetching_enabled_ = policy_fetching_enabled; +} + void CloudPolicyDataStore::set_device_mode(DeviceMode device_mode) { device_mode_ = device_mode; } @@ -153,6 +159,10 @@ bool CloudPolicyDataStore::token_cache_loaded() const { return token_cache_loaded_; } +bool CloudPolicyDataStore::policy_fetching_enabled() const { + return policy_fetching_enabled_; +} + const std::string& CloudPolicyDataStore::user_name() const { return user_name_; } diff --git a/chrome/browser/policy/cloud_policy_data_store.h b/chrome/browser/policy/cloud_policy_data_store.h index d5c5e7f..20d1709 100644 --- a/chrome/browser/policy/cloud_policy_data_store.h +++ b/chrome/browser/policy/cloud_policy_data_store.h @@ -76,6 +76,7 @@ class CloudPolicyDataStore { void set_user_name(const std::string& user_name); void set_user_affiliation(UserAffiliation user_affiliation); void set_known_machine_id(bool known_machine_id); + void set_policy_fetching_enabled(bool policy_fetching_enabled); void set_device_mode(DeviceMode device_mode); #if defined(OS_CHROMEOS) @@ -94,6 +95,7 @@ class CloudPolicyDataStore { policy_register_type() const; const std::string& policy_type() const; bool token_cache_loaded() const; + bool policy_fetching_enabled() const; const std::string& user_name() const; UserAffiliation user_affiliation() const; bool known_machine_id() const; @@ -131,6 +133,7 @@ class CloudPolicyDataStore { bool known_machine_id_; bool token_cache_loaded_; + bool policy_fetching_enabled_; DeviceMode device_mode_; diff --git a/chrome/browser/policy/cloud_policy_subsystem.cc b/chrome/browser/policy/cloud_policy_subsystem.cc index 684063a..c48f61e 100644 --- a/chrome/browser/policy/cloud_policy_subsystem.cc +++ b/chrome/browser/policy/cloud_policy_subsystem.cc @@ -137,6 +137,7 @@ void CloudPolicySubsystem::Reset() { } void CloudPolicySubsystem::RefreshPolicies(bool wait_for_auth_token) { + data_store_->set_policy_fetching_enabled(true); if (cloud_policy_controller_.get()) cloud_policy_controller_->RefreshPolicies(wait_for_auth_token); // Make sure the |device_management_service_| is rolling. |