diff options
15 files changed, 116 insertions, 21 deletions
diff --git a/chrome/browser/policy/browser_policy_connector.cc b/chrome/browser/policy/browser_policy_connector.cc index 2886988..de7d444 100644 --- a/chrome/browser/policy/browser_policy_connector.cc +++ b/chrome/browser/policy/browser_policy_connector.cc @@ -213,6 +213,8 @@ void BrowserPolicyConnector::InitializeUserPolicy(const std::string& user_name, user_policy_token_cache_->Load(); user_data_store_->set_user_name(user_name); + user_data_store_->set_user_affiliation(GetUserAffiliation(user_name)); + if (token_service_ && token_service_->HasTokenForService( GaiaConstants::kDeviceManagementService)) { @@ -337,6 +339,21 @@ void BrowserPolicyConnector::InitializeDevicePolicySubsystem() { #endif } +CloudPolicyDataStore::UserAffiliation + BrowserPolicyConnector::GetUserAffiliation(const std::string& user_name) { +#if defined(OS_CHROMEOS) + if (install_attributes_.get()) { + size_t pos = user_name.find('@'); + if (pos != std::string::npos && + user_name.substr(pos + 1) == install_attributes_->GetDomain()) { + return CloudPolicyDataStore::USER_AFFILIATION_MANAGED; + } + } +#endif + + return CloudPolicyDataStore::USER_AFFILIATION_NONE; +} + // static BrowserPolicyConnector* BrowserPolicyConnector::CreateForTests() { const ConfigurationPolicyProvider::PolicyDefinitionList* diff --git a/chrome/browser/policy/browser_policy_connector.h b/chrome/browser/policy/browser_policy_connector.h index 350dd77..8ca3c8f 100644 --- a/chrome/browser/policy/browser_policy_connector.h +++ b/chrome/browser/policy/browser_policy_connector.h @@ -12,6 +12,7 @@ #include "base/memory/ref_counted.h" #include "base/memory/scoped_ptr.h" #include "base/task.h" +#include "chrome/browser/policy/cloud_policy_data_store.h" #include "chrome/browser/policy/enterprise_install_attributes.h" #include "content/common/notification_observer.h" #include "content/common/notification_registrar.h" @@ -134,6 +135,11 @@ class BrowserPolicyConnector : public NotificationObserver { // be running. void InitializeDevicePolicySubsystem(); + // Works out the user affiliation by checking the given |user_name| against + // the installation attributes. + policy::CloudPolicyDataStore::UserAffiliation GetUserAffiliation( + const std::string& user_name); + static BrowserPolicyConnector* CreateForTests(); static ConfigurationPolicyProvider* CreateManagedPlatformProvider(); static ConfigurationPolicyProvider* CreateRecommendedPlatformProvider(); diff --git a/chrome/browser/policy/cloud_policy_controller.cc b/chrome/browser/policy/cloud_policy_controller.cc index 996d3d1..37659c0 100644 --- a/chrome/browser/policy/cloud_policy_controller.cc +++ b/chrome/browser/policy/cloud_policy_controller.cc @@ -257,6 +257,7 @@ void CloudPolicyController::SendPolicyRequest() { backend_->ProcessPolicyRequest(data_store_->device_token(), data_store_->device_id(), + data_store_->user_affiliation(), policy_request, this); } diff --git a/chrome/browser/policy/cloud_policy_controller_unittest.cc b/chrome/browser/policy/cloud_policy_controller_unittest.cc index f1be2a9..9e9af55 100644 --- a/chrome/browser/policy/cloud_policy_controller_unittest.cc +++ b/chrome/browser/policy/cloud_policy_controller_unittest.cc @@ -20,12 +20,12 @@ namespace policy { -using ::testing::_; using ::testing::AnyNumber; using ::testing::AtLeast; using ::testing::InSequence; using ::testing::Mock; using ::testing::Return; +using ::testing::_; class MockDeviceTokenFetcher : public DeviceTokenFetcher { public: @@ -104,7 +104,7 @@ class CloudPolicyControllerTest : public testing::Test { TEST_F(CloudPolicyControllerTest, StartupWithDeviceToken) { data_store_->SetupForTesting("fake_device_token", "device_id", "", "", true); - EXPECT_CALL(backend_, ProcessPolicyRequest(_, _, _, _)).WillOnce(DoAll( + EXPECT_CALL(backend_, ProcessPolicyRequest(_, _, _, _, _)).WillOnce(DoAll( InvokeWithoutArgs(this, &CloudPolicyControllerTest::StopMessageLoop), MockDeviceManagementBackendSucceedSpdyCloudPolicy())); CreateNewController(); @@ -140,9 +140,9 @@ TEST_F(CloudPolicyControllerTest, RefreshAfterSuccessfulPolicy) { "auth_token", true); { InSequence s; - EXPECT_CALL(backend_, ProcessPolicyRequest(_, _, _, _)).WillOnce( + EXPECT_CALL(backend_, ProcessPolicyRequest(_, _, _, _, _)).WillOnce( MockDeviceManagementBackendSucceedSpdyCloudPolicy()); - EXPECT_CALL(backend_, ProcessPolicyRequest(_, _, _, _)).WillOnce(DoAll( + EXPECT_CALL(backend_, ProcessPolicyRequest(_, _, _, _, _)).WillOnce(DoAll( InvokeWithoutArgs(this, &CloudPolicyControllerTest::StopMessageLoop), MockDeviceManagementBackendFailPolicy( DeviceManagementBackend::kErrorRequestFailed))); @@ -159,10 +159,10 @@ TEST_F(CloudPolicyControllerTest, RefreshAfterError) { "auth_token", true); { InSequence s; - EXPECT_CALL(backend_, ProcessPolicyRequest(_, _, _, _)).WillOnce( + EXPECT_CALL(backend_, ProcessPolicyRequest(_, _, _, _, _)).WillOnce( MockDeviceManagementBackendFailPolicy( DeviceManagementBackend::kErrorRequestFailed)); - EXPECT_CALL(backend_, ProcessPolicyRequest(_, _, _, _)).WillOnce(DoAll( + EXPECT_CALL(backend_, ProcessPolicyRequest(_, _, _, _, _)).WillOnce(DoAll( InvokeWithoutArgs(this, &CloudPolicyControllerTest::StopMessageLoop), MockDeviceManagementBackendSucceedSpdyCloudPolicy())); @@ -177,7 +177,7 @@ TEST_F(CloudPolicyControllerTest, RefreshAfterError) { TEST_F(CloudPolicyControllerTest, InvalidToken) { data_store_->SetupForTesting("device_token", "device_id", "standup@ten.am", "auth", true); - EXPECT_CALL(backend_, ProcessPolicyRequest(_, _, _, _)).WillOnce( + EXPECT_CALL(backend_, ProcessPolicyRequest(_, _, _, _, _)).WillOnce( MockDeviceManagementBackendFailPolicy( DeviceManagementBackend::kErrorServiceManagementTokenInvalid)); EXPECT_CALL(*token_fetcher_.get(), FetchToken()).Times(1); @@ -190,7 +190,7 @@ TEST_F(CloudPolicyControllerTest, InvalidToken) { TEST_F(CloudPolicyControllerTest, DeviceNotFound) { data_store_->SetupForTesting("device_token", "device_id", "me@you.com", "auth", true); - EXPECT_CALL(backend_, ProcessPolicyRequest(_, _, _, _)).WillOnce( + EXPECT_CALL(backend_, ProcessPolicyRequest(_, _, _, _, _)).WillOnce( MockDeviceManagementBackendFailPolicy( DeviceManagementBackend::kErrorServiceDeviceNotFound)); EXPECT_CALL(*token_fetcher_.get(), FetchToken()).Times(1); @@ -204,7 +204,7 @@ TEST_F(CloudPolicyControllerTest, DeviceNotFound) { TEST_F(CloudPolicyControllerTest, NoLongerManaged) { data_store_->SetupForTesting("device_token", "device_id", "who@what.com", "auth", true); - EXPECT_CALL(backend_, ProcessPolicyRequest(_, _, _, _)).WillOnce( + EXPECT_CALL(backend_, ProcessPolicyRequest(_, _, _, _, _)).WillOnce( MockDeviceManagementBackendFailPolicy( DeviceManagementBackend::kErrorServiceManagementNotSupported)); EXPECT_CALL(*token_fetcher_.get(), SetUnmanagedState()).Times(1); diff --git a/chrome/browser/policy/cloud_policy_data_store.cc b/chrome/browser/policy/cloud_policy_data_store.cc index 13b0daf..f9bf511 100644 --- a/chrome/browser/policy/cloud_policy_data_store.cc +++ b/chrome/browser/policy/cloud_policy_data_store.cc @@ -83,7 +83,8 @@ CloudPolicyDataStore::CloudPolicyDataStore( const std::string& policy_type, const std::string& machine_model, const std::string& machine_id) - : policy_register_type_(policy_register_type), + : user_affiliation_(USER_AFFILIATION_NONE), + policy_register_type_(policy_register_type), policy_type_(policy_type), machine_model_(machine_model), machine_id_(machine_id), @@ -148,6 +149,11 @@ void CloudPolicyDataStore::set_user_name(const std::string& user_name) { user_name_ = user_name; } +void CloudPolicyDataStore::set_user_affiliation( + UserAffiliation user_affiliation) { + user_affiliation_ = user_affiliation; +} + const std::string& CloudPolicyDataStore::device_token() const { return device_token_; } @@ -189,6 +195,11 @@ const std::string& CloudPolicyDataStore::user_name() const { return user_name_; } +CloudPolicyDataStore::UserAffiliation + CloudPolicyDataStore::user_affiliation() const { + return user_affiliation_; +} + void CloudPolicyDataStore::AddObserver( CloudPolicyDataStore::Observer* observer) { observer_list_.AddObserver(observer); diff --git a/chrome/browser/policy/cloud_policy_data_store.h b/chrome/browser/policy/cloud_policy_data_store.h index c115d56..849edaa 100644 --- a/chrome/browser/policy/cloud_policy_data_store.h +++ b/chrome/browser/policy/cloud_policy_data_store.h @@ -34,6 +34,15 @@ class CloudPolicyDataStore { virtual void OnCredentialsChanged() = 0; }; + // Describes the affilitation of a user w.r.t. the managed state of the + // device. + enum UserAffiliation { + // User is on the same domain the device was registered with. + USER_AFFILIATION_MANAGED, + // No affiliation between device and user user. + USER_AFFILIATION_NONE, + }; + ~CloudPolicyDataStore(); // Create CloudPolicyData with constants initialized for fetching user @@ -68,6 +77,7 @@ class CloudPolicyDataStore { void set_device_id(const std::string& device_id); void set_user_name(const std::string& user_name); + void set_user_affiliation(UserAffiliation user_affiliation); const std::string& device_id() const; const std::string& device_token() const; @@ -80,6 +90,7 @@ class CloudPolicyDataStore { const std::string& policy_type() const; bool token_cache_loaded() const; const std::string& user_name() const; + UserAffiliation user_affiliation() const; void AddObserver(Observer* observer); void RemoveObserver(Observer* observer); @@ -101,6 +112,7 @@ class CloudPolicyDataStore { // Data necessary for constructing policy requests. std::string device_token_; + UserAffiliation user_affiliation_; // Constants that won't change over the life-time of a cloud policy // subsystem. diff --git a/chrome/browser/policy/device_management_backend.h b/chrome/browser/policy/device_management_backend.h index 0ac03bd..af4aad0 100644 --- a/chrome/browser/policy/device_management_backend.h +++ b/chrome/browser/policy/device_management_backend.h @@ -10,6 +10,7 @@ #include "base/basictypes.h" #include "base/threading/non_thread_safe.h" +#include "chrome/browser/policy/cloud_policy_data_store.h" #include "chrome/browser/policy/proto/device_management_backend.pb.h" namespace policy { @@ -106,6 +107,7 @@ class DeviceManagementBackend : base::NonThreadSafe { virtual void ProcessPolicyRequest( const std::string& device_management_token, const std::string& device_id, + CloudPolicyDataStore::UserAffiliation user_affiliation, const em::DevicePolicyRequest& request, DevicePolicyResponseDelegate* delegate) = 0; diff --git a/chrome/browser/policy/device_management_backend_impl.cc b/chrome/browser/policy/device_management_backend_impl.cc index 03092dc..9198380 100644 --- a/chrome/browser/policy/device_management_backend_impl.cc +++ b/chrome/browser/policy/device_management_backend_impl.cc @@ -34,6 +34,8 @@ const char DeviceManagementBackendImpl::kParamDeviceType[] = "devicetype"; const char DeviceManagementBackendImpl::kParamOAuthToken[] = "oauth_token"; const char DeviceManagementBackendImpl::kParamPlatform[] = "platform"; const char DeviceManagementBackendImpl::kParamRequest[] = "request"; +const char DeviceManagementBackendImpl::kParamUserAffiliation[] = + "user_affiliation"; // String constants for the device and app type we report to the server. const char DeviceManagementBackendImpl::kValueAppType[] = "Chrome"; @@ -42,6 +44,9 @@ const char DeviceManagementBackendImpl::kValueRequestPolicy[] = "policy"; const char DeviceManagementBackendImpl::kValueRequestRegister[] = "register"; const char DeviceManagementBackendImpl::kValueRequestUnregister[] = "unregister"; +const char DeviceManagementBackendImpl::kValueUserAffiliationManaged[] = + "managed"; +const char DeviceManagementBackendImpl::kValueUserAffiliationNone[] = "none"; namespace { @@ -71,7 +76,6 @@ const int kPolicyNotFound = 902; // This error is not sent as HTTP status code. const int kPendingApprovalLegacy = 491; const int kDeviceNotFoundLegacy = 901; - #if defined(OS_CHROMEOS) // Machine info keys. const char kMachineInfoHWClass[] = "hardware_class"; @@ -384,6 +388,7 @@ class DeviceManagementPolicyJob : public DeviceManagementJobBase { DeviceManagementBackendImpl* backend_impl, const std::string& device_management_token, const std::string& device_id, + const std::string& user_affiliation, const em::DevicePolicyRequest& request, DeviceManagementBackend::DevicePolicyResponseDelegate* delegate) : DeviceManagementJobBase( @@ -392,6 +397,8 @@ class DeviceManagementPolicyJob : public DeviceManagementJobBase { device_id), delegate_(delegate) { SetDeviceManagementToken(device_management_token); + SetQueryParam(DeviceManagementBackendImpl::kParamUserAffiliation, + user_affiliation); em::DeviceManagementRequest request_wrapper; request_wrapper.mutable_policy_request()->CopyFrom(request); SetPayload(request_wrapper); @@ -538,12 +545,27 @@ void DeviceManagementBackendImpl::ProcessUnregisterRequest( void DeviceManagementBackendImpl::ProcessPolicyRequest( const std::string& device_management_token, const std::string& device_id, + CloudPolicyDataStore::UserAffiliation affiliation, const em::DevicePolicyRequest& request, DevicePolicyResponseDelegate* delegate) { UMA_HISTOGRAM_ENUMERATION(kMetricPolicy, kMetricPolicyFetchRequested, kMetricPolicySize); AddJob(new DeviceManagementPolicyJob(this, device_management_token, device_id, + UserAffiliationToString(affiliation), request, delegate)); } +// static +const char* DeviceManagementBackendImpl::UserAffiliationToString( + CloudPolicyDataStore::UserAffiliation affiliation) { + switch (affiliation) { + case CloudPolicyDataStore::USER_AFFILIATION_MANAGED: + return kValueUserAffiliationManaged; + case CloudPolicyDataStore::USER_AFFILIATION_NONE: + return kValueUserAffiliationNone; + } + NOTREACHED(); + return kValueUserAffiliationNone; +} + } // namespace policy diff --git a/chrome/browser/policy/device_management_backend_impl.h b/chrome/browser/policy/device_management_backend_impl.h index 6a9ced4..4354c98 100644 --- a/chrome/browser/policy/device_management_backend_impl.h +++ b/chrome/browser/policy/device_management_backend_impl.h @@ -35,6 +35,7 @@ class DeviceManagementBackendImpl : public DeviceManagementBackend { static const char kParamOAuthToken[]; static const char kParamPlatform[]; static const char kParamRequest[]; + static const char kParamUserAffiliation[]; // String constants for the device and app type we report to the server. static const char kValueAppType[]; @@ -42,6 +43,8 @@ class DeviceManagementBackendImpl : public DeviceManagementBackend { static const char kValueRequestPolicy[]; static const char kValueRequestRegister[]; static const char kValueRequestUnregister[]; + static const char kValueUserAffiliationManaged[]; + static const char kValueUserAffiliationNone[]; private: friend class DeviceManagementJobBase; @@ -70,9 +73,14 @@ class DeviceManagementBackendImpl : public DeviceManagementBackend { virtual void ProcessPolicyRequest( const std::string& device_management_token, const std::string& device_id, + CloudPolicyDataStore::UserAffiliation affiliation, const em::DevicePolicyRequest& request, DevicePolicyResponseDelegate* response_delegate); + // Converts a user affiliation to the appropriate query parameter value. + static const char* UserAffiliationToString( + CloudPolicyDataStore::UserAffiliation affiliation); + // Keeps track of the jobs currently in flight. JobSet pending_jobs_; diff --git a/chrome/browser/policy/device_management_service_browsertest.cc b/chrome/browser/policy/device_management_service_browsertest.cc index 297d67c..d22abec 100644 --- a/chrome/browser/policy/device_management_service_browsertest.cc +++ b/chrome/browser/policy/device_management_service_browsertest.cc @@ -119,7 +119,9 @@ IN_PROC_BROWSER_TEST_F(DeviceManagementServiceIntegrationTest, em::DevicePolicySettingRequest* setting_request = request.add_setting_request(); setting_request->set_key(kChromeDevicePolicySettingKey); - backend->ProcessPolicyRequest(token_, "testid", request, &delegate); + backend->ProcessPolicyRequest(token_, "testid", + CloudPolicyDataStore::USER_AFFILIATION_NONE, + request, &delegate); MessageLoop::current()->Run(); } @@ -170,7 +172,9 @@ IN_PROC_BROWSER_TEST_F(DeviceManagementServiceIntegrationTest, em::PolicyFetchRequest* fetch_request = request.add_request(); fetch_request->set_signature_type(em::PolicyFetchRequest::SHA1_RSA); fetch_request->set_policy_type(kChromeUserPolicyType); - backend->ProcessPolicyRequest(token_, "testid", request, &delegate); + backend->ProcessPolicyRequest(token_, "testid", + CloudPolicyDataStore::USER_AFFILIATION_NONE, + request, &delegate); MessageLoop::current()->Run(); } diff --git a/chrome/browser/policy/device_management_service_unittest.cc b/chrome/browser/policy/device_management_service_unittest.cc index 49fbe05..39f6ea8 100644 --- a/chrome/browser/policy/device_management_service_unittest.cc +++ b/chrome/browser/policy/device_management_service_unittest.cc @@ -143,7 +143,9 @@ TEST_P(DeviceManagementServiceFailedRequestTest, PolicyRequest) { em::DevicePolicySettingRequest* setting_request = request.add_setting_request(); setting_request->set_key(kChromeDevicePolicySettingKey); - backend_->ProcessPolicyRequest(kDMToken, kDeviceId, request, &mock); + backend_->ProcessPolicyRequest(kDMToken, kDeviceId, + CloudPolicyDataStore::USER_AFFILIATION_NONE, + request, &mock); TestURLFetcher* fetcher = factory_.GetFetcherByID(0); ASSERT_TRUE(fetcher); @@ -411,7 +413,9 @@ TEST_F(DeviceManagementServiceTest, CancelPolicyRequest) { request.add_setting_request(); setting_request->set_key(kChromeDevicePolicySettingKey); setting_request->set_watermark("stale"); - backend_->ProcessPolicyRequest(kDMToken, kDeviceId, request, &mock); + backend_->ProcessPolicyRequest(kDMToken, kDeviceId, + CloudPolicyDataStore::USER_AFFILIATION_NONE, + request, &mock); TestURLFetcher* fetcher = factory_.GetFetcherByID(0); ASSERT_TRUE(fetcher); @@ -463,7 +467,9 @@ TEST_F(DeviceManagementServiceTest, CancelRequestAfterShutdown) { request.add_setting_request(); setting_request->set_key(kChromeDevicePolicySettingKey); setting_request->set_watermark("stale"); - backend_->ProcessPolicyRequest(kDMToken, kDeviceId, request, &mock); + backend_->ProcessPolicyRequest(kDMToken, kDeviceId, + CloudPolicyDataStore::USER_AFFILIATION_NONE, + request, &mock); TestURLFetcher* fetcher = factory_.GetFetcherByID(0); ASSERT_TRUE(fetcher); diff --git a/chrome/browser/policy/enterprise_metrics_browsertest.cc b/chrome/browser/policy/enterprise_metrics_browsertest.cc index 3ecfc684..87daf75 100644 --- a/chrome/browser/policy/enterprise_metrics_browsertest.cc +++ b/chrome/browser/policy/enterprise_metrics_browsertest.cc @@ -76,7 +76,9 @@ class DeviceManagementBackendTestHelper { DevicePolicyResponseDelegateMock delegate; EXPECT_CALL(delegate, OnError(_)).Times(AnyNumber()); EXPECT_CALL(delegate, HandlePolicyResponse(_)).Times(AnyNumber()); - backend_->ProcessPolicyRequest("token", "testid", request, &delegate); + backend_->ProcessPolicyRequest("token", "testid", + CloudPolicyDataStore::USER_AFFILIATION_NONE, + request, &delegate); } void UnmockCreateBackend() { diff --git a/chrome/browser/policy/mock_device_management_backend.h b/chrome/browser/policy/mock_device_management_backend.h index ef55cc1..311d225 100644 --- a/chrome/browser/policy/mock_device_management_backend.h +++ b/chrome/browser/policy/mock_device_management_backend.h @@ -44,9 +44,10 @@ class MockDeviceManagementBackend : public DeviceManagementBackend { const em::DeviceUnregisterRequest& request, DeviceUnregisterResponseDelegate* delegate)); - MOCK_METHOD4(ProcessPolicyRequest, void( + MOCK_METHOD5(ProcessPolicyRequest, void( const std::string& device_management_token, const std::string& device_id, + CloudPolicyDataStore::UserAffiliation affiliation, const em::DevicePolicyRequest& request, DevicePolicyResponseDelegate* delegate)); @@ -83,7 +84,7 @@ ACTION(MockDeviceManagementBackendSucceedSpdyCloudPolicy) { // implementing support for signature verification). fetch_response->set_policy_data_signature("TODO"); fetch_response->set_new_public_key("TODO"); - arg3->HandlePolicyResponse(response); + arg4->HandlePolicyResponse(response); } ACTION_P(MockDeviceManagementBackendFailRegister, error) { @@ -91,7 +92,7 @@ ACTION_P(MockDeviceManagementBackendFailRegister, error) { } ACTION_P(MockDeviceManagementBackendFailPolicy, error) { - arg3->OnError(error); + arg4->OnError(error); } } // namespace policy diff --git a/chrome/browser/policy/mock_device_management_service.cc b/chrome/browser/policy/mock_device_management_service.cc index c6af220..6bf0fab 100644 --- a/chrome/browser/policy/mock_device_management_service.cc +++ b/chrome/browser/policy/mock_device_management_service.cc @@ -30,13 +30,15 @@ void ProxyDeviceManagementBackend::ProcessUnregisterRequest( backend_->ProcessUnregisterRequest(device_management_token, device_id, request, delegate); } + void ProxyDeviceManagementBackend::ProcessPolicyRequest( const std::string& device_management_token, const std::string& device_id, + CloudPolicyDataStore::UserAffiliation affiliation, const em::DevicePolicyRequest& request, DevicePolicyResponseDelegate* delegate) { backend_->ProcessPolicyRequest(device_management_token, device_id, - request, delegate); + affiliation, request, delegate); } MockDeviceManagementService::MockDeviceManagementService() diff --git a/chrome/browser/policy/mock_device_management_service.h b/chrome/browser/policy/mock_device_management_service.h index 1217d27..5c9a62e 100644 --- a/chrome/browser/policy/mock_device_management_service.h +++ b/chrome/browser/policy/mock_device_management_service.h @@ -39,6 +39,7 @@ class ProxyDeviceManagementBackend : public DeviceManagementBackend { virtual void ProcessPolicyRequest( const std::string& device_management_token, const std::string& device_id, + CloudPolicyDataStore::UserAffiliation affiliation, const em::DevicePolicyRequest& request, DevicePolicyResponseDelegate* delegate) OVERRIDE; |