1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_ENTERPRISE_INSTALL_ATTRIBUTES_H_ 6 #define CHROME_BROWSER_CHROMEOS_POLICY_ENTERPRISE_INSTALL_ATTRIBUTES_H_ 7 8 #include <map> 9 #include <string> 10 11 #include "base/basictypes.h" 12 #include "base/callback.h" 13 #include "base/compiler_specific.h" 14 #include "base/files/file_path.h" 15 #include "base/memory/weak_ptr.h" 16 #include "chrome/browser/policy/cloud/cloud_policy_constants.h" 17 #include "chromeos/dbus/cryptohome_client.h" 18 #include "chromeos/dbus/dbus_method_call_status.h" 19 20 namespace chromeos { 21 class CryptohomeLibrary; 22 } 23 24 namespace policy { 25 26 // Brokers access to the enterprise-related installation-time attributes on 27 // ChromeOS. 28 // TODO(zelidrag, mnissler): Rename + move this class - http://crbug.com/249513. 29 class EnterpriseInstallAttributes { 30 public: 31 // Return codes for LockDevice(). 32 enum LockResult { 33 LOCK_SUCCESS, 34 LOCK_NOT_READY, 35 LOCK_BACKEND_ERROR, 36 LOCK_WRONG_USER, 37 }; 38 39 // A callback to handle responses of methods returning a LockResult value. 40 typedef base::Callback<void(LockResult lock_result)> LockResultCallback; 41 42 // Constants for the possible device modes that can be stored in the lockbox. 43 static const char kConsumerDeviceMode[]; 44 static const char kEnterpiseDeviceMode[]; 45 static const char kRetailKioskDeviceMode[]; 46 static const char kConsumerKioskDeviceMode[]; 47 static const char kUnknownDeviceMode[]; 48 49 // Field names in the lockbox. 50 static const char kAttrEnterpriseDeviceId[]; 51 static const char kAttrEnterpriseDomain[]; 52 static const char kAttrEnterpriseMode[]; 53 static const char kAttrEnterpriseOwned[]; 54 static const char kAttrEnterpriseUser[]; 55 static const char kAttrConsumerKioskEnabled[]; 56 57 EnterpriseInstallAttributes( 58 chromeos::CryptohomeLibrary* cryptohome, 59 chromeos::CryptohomeClient* cryptohome_client); 60 ~EnterpriseInstallAttributes(); 61 62 // Reads data from the cache file. The cache file is used to work around slow 63 // cryptohome startup, which takes a while to register its DBus interface. 64 // See http://crosbug.com/37367 for background on this. 65 void ReadCacheFile(const base::FilePath& cache_file); 66 67 // Makes sure the local caches for enterprise-related install attributes are 68 // up-to-date with what cryptohome has. This method checks the readiness of 69 // attributes and read them if ready. Actual read will be performed in 70 // ReadAttributesIfReady(). 71 void ReadImmutableAttributes(const base::Closure& callback); 72 73 // Locks the device to be an enterprise device registered by the given user. 74 // This can also be called after the lock has already been taken, in which 75 // case it checks that the passed user agrees with the locked attribute. 76 // |callback| must not be null and is called with the result. 77 void LockDevice(const std::string& user, 78 DeviceMode device_mode, 79 const std::string& device_id, 80 const LockResultCallback& callback); 81 82 // Checks whether this is an enterprise device. 83 bool IsEnterpriseDevice(); 84 85 // Checks whether this is a consumer kiosk enabled device. 86 bool IsConsumerKioskDevice(); 87 88 // Gets the domain this device belongs to or an empty string if the device is 89 // not an enterprise device. 90 std::string GetDomain(); 91 92 // Gets the user that registered the device. Returns an empty string if the 93 // device is not an enterprise device. 94 std::string GetRegistrationUser(); 95 96 // Gets the device id that was generated when the device was registered. 97 // Returns an empty string if the device is not an enterprise device or the 98 // device id was not stored in the lockbox (prior to R19). 99 std::string GetDeviceId(); 100 101 // Gets the mode the device was enrolled to. The return value for devices that 102 // are not locked yet will be DEVICE_MODE_UNKNOWN. 103 DeviceMode GetMode(); 104 105 protected: 106 bool device_locked_; 107 std::string registration_user_; 108 std::string registration_domain_; 109 std::string registration_device_id_; 110 DeviceMode registration_mode_; 111 112 private: 113 // Decodes the install attributes provided in |attr_map|. 114 void DecodeInstallAttributes( 115 const std::map<std::string, std::string>& attr_map); 116 117 // Helper for ReadImmutableAttributes. 118 void ReadAttributesIfReady( 119 const base::Closure& callback, 120 chromeos::DBusMethodCallStatus call_status, 121 bool result); 122 123 // Helper for LockDevice(). Handles the result of InstallAttributesIsReady() 124 // and continue processing LockDevice if the result is true. 125 void LockDeviceIfAttributesIsReady( 126 const std::string& user, 127 DeviceMode device_mode, 128 const std::string& device_id, 129 const LockResultCallback& callback, 130 chromeos::DBusMethodCallStatus call_status, 131 bool result); 132 133 // Confirms the registered user and invoke the callback. 134 void OnReadImmutableAttributes(const std::string& user, 135 const LockResultCallback& callback); 136 137 chromeos::CryptohomeLibrary* cryptohome_; 138 chromeos::CryptohomeClient* cryptohome_client_; 139 140 base::WeakPtrFactory<EnterpriseInstallAttributes> weak_ptr_factory_; 141 142 DISALLOW_COPY_AND_ASSIGN(EnterpriseInstallAttributes); 143 }; 144 145 } // namespace policy 146 147 #endif // CHROME_BROWSER_CHROMEOS_POLICY_ENTERPRISE_INSTALL_ATTRIBUTES_H_ 148