1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_DEVICE_LOCAL_ACCOUNT_POLICY_SERVICE_H_ 6 #define CHROME_BROWSER_CHROMEOS_POLICY_DEVICE_LOCAL_ACCOUNT_POLICY_SERVICE_H_ 7 8 #include <map> 9 #include <string> 10 11 #include "base/basictypes.h" 12 #include "base/compiler_specific.h" 13 #include "base/memory/scoped_ptr.h" 14 #include "base/memory/weak_ptr.h" 15 #include "base/observer_list.h" 16 #include "chrome/browser/policy/cloud/cloud_policy_core.h" 17 #include "chrome/browser/policy/cloud/cloud_policy_store.h" 18 #include "content/public/browser/notification_observer.h" 19 20 namespace chromeos { 21 class CrosSettings; 22 class DeviceSettingsService; 23 class SessionManagerClient; 24 } 25 26 namespace policy { 27 28 class CloudPolicyClient; 29 class DeviceLocalAccountPolicyStore; 30 class DeviceManagementService; 31 32 // The main switching central that downloads, caches, refreshes, etc. policy for 33 // a single device-local account. 34 class DeviceLocalAccountPolicyBroker { 35 public: 36 explicit DeviceLocalAccountPolicyBroker( 37 const std::string& user_id, 38 scoped_ptr<DeviceLocalAccountPolicyStore> store); 39 ~DeviceLocalAccountPolicyBroker(); 40 41 const std::string& user_id() const { return user_id_; } 42 43 CloudPolicyCore* core() { return &core_; } 44 const CloudPolicyCore* core() const { return &core_; } 45 46 // Establish a cloud connection for the service. 47 void Connect(scoped_ptr<CloudPolicyClient> client); 48 49 // Destroy the cloud connection, stopping policy refreshes. 50 void Disconnect(); 51 52 // Reads the refresh delay from policy and configures the refresh scheduler. 53 void UpdateRefreshDelay(); 54 55 // Retrieves the display name for the account as stored in policy. Returns an 56 // empty string if the policy is not present. 57 std::string GetDisplayName() const; 58 59 private: 60 const std::string user_id_; 61 scoped_ptr<DeviceLocalAccountPolicyStore> store_; 62 CloudPolicyCore core_; 63 64 DISALLOW_COPY_AND_ASSIGN(DeviceLocalAccountPolicyBroker); 65 }; 66 67 // Manages user policy blobs for device-local accounts present on the device. 68 // The actual policy blobs are brokered by session_manager (to prevent file 69 // manipulation), and we're making signature checks on the policy blobs to 70 // ensure they're issued by the device owner. 71 class DeviceLocalAccountPolicyService : public content::NotificationObserver, 72 public CloudPolicyStore::Observer { 73 public: 74 // Interface for interested parties to observe policy changes. 75 class Observer { 76 public: 77 virtual ~Observer() {} 78 79 // Policy for the given |user_id| has changed. 80 virtual void OnPolicyUpdated(const std::string& user_id) = 0; 81 82 // The list of accounts has been updated. 83 virtual void OnDeviceLocalAccountsChanged() = 0; 84 }; 85 86 DeviceLocalAccountPolicyService( 87 chromeos::SessionManagerClient* session_manager_client, 88 chromeos::DeviceSettingsService* device_settings_service, 89 chromeos::CrosSettings* cros_settings); 90 virtual ~DeviceLocalAccountPolicyService(); 91 92 // Initializes the cloud policy service connection. 93 void Connect(DeviceManagementService* device_management_service); 94 95 // Prevents further policy fetches from the cloud. 96 void Disconnect(); 97 98 // Get the policy broker for a given |user_id|. Returns NULL if that |user_id| 99 // does not belong to an existing device-local account. 100 DeviceLocalAccountPolicyBroker* GetBrokerForUser(const std::string& user_id); 101 102 // Indicates whether policy has been successfully fetched for the given 103 // |user_id|. 104 bool IsPolicyAvailableForUser(const std::string& user_id); 105 106 void AddObserver(Observer* observer); 107 void RemoveObserver(Observer* observer); 108 109 // NotificationObserver: 110 virtual void Observe(int type, 111 const content::NotificationSource& source, 112 const content::NotificationDetails& details) OVERRIDE; 113 114 // CloudPolicyStore::Observer: 115 virtual void OnStoreLoaded(CloudPolicyStore* store) OVERRIDE; 116 virtual void OnStoreError(CloudPolicyStore* store) OVERRIDE; 117 118 private: 119 struct PolicyBrokerWrapper { 120 PolicyBrokerWrapper(); 121 122 // Return the |broker|, creating it first if necessary. 123 DeviceLocalAccountPolicyBroker* GetBroker(); 124 125 // Fire up the cloud connection for fetching policy for the account from the 126 // cloud if this is an enterprise-managed device. 127 void ConnectIfPossible(); 128 129 // Destroy the cloud connection. 130 void Disconnect(); 131 132 // Delete the broker. 133 void DeleteBroker(); 134 135 std::string user_id; 136 std::string account_id; 137 DeviceLocalAccountPolicyService* parent; 138 DeviceLocalAccountPolicyBroker* broker; 139 }; 140 141 typedef std::map<std::string, PolicyBrokerWrapper> PolicyBrokerMap; 142 143 // Re-queries the list of defined device-local accounts from device settings 144 // and updates |policy_brokers_| to match that list. 145 void UpdateAccountList(); 146 147 // Deletes brokers in |map| and clears it. 148 void DeleteBrokers(PolicyBrokerMap* map); 149 150 // Find the broker for a given |store|. Returns NULL if |store| is unknown. 151 DeviceLocalAccountPolicyBroker* GetBrokerForStore(CloudPolicyStore* store); 152 153 chromeos::SessionManagerClient* session_manager_client_; 154 chromeos::DeviceSettingsService* device_settings_service_; 155 chromeos::CrosSettings* cros_settings_; 156 157 DeviceManagementService* device_management_service_; 158 159 // The device-local account policy brokers, keyed by user ID. 160 PolicyBrokerMap policy_brokers_; 161 162 ObserverList<Observer, true> observers_; 163 164 // Weak pointer factory for cros_settings_->PrepareTrustedValues() callbacks. 165 base::WeakPtrFactory<DeviceLocalAccountPolicyService> 166 cros_settings_callback_factory_; 167 168 DISALLOW_COPY_AND_ASSIGN(DeviceLocalAccountPolicyService); 169 }; 170 171 } // namespace policy 172 173 #endif // CHROME_BROWSER_CHROMEOS_POLICY_DEVICE_LOCAL_ACCOUNT_POLICY_SERVICE_H_ 174