1 // Copyright 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h" 6 7 #include "base/memory/singleton.h" 8 #include "base/prefs/pref_registry_simple.h" 9 #include "base/prefs/pref_service.h" 10 #include "base/prefs/scoped_user_pref_update.h" 11 #include "chrome/browser/browser_process.h" 12 #include "chrome/browser/chromeos/login/users/user_manager.h" 13 #include "chrome/browser/chromeos/policy/policy_cert_service.h" 14 #include "chrome/browser/chromeos/policy/policy_cert_verifier.h" 15 #include "chrome/browser/chromeos/policy/user_network_configuration_updater_factory.h" 16 #include "chrome/browser/lifetime/application_lifetime.h" 17 #include "chrome/browser/profiles/incognito_helpers.h" 18 #include "chrome/browser/profiles/profile.h" 19 #include "chrome/common/pref_names.h" 20 #include "components/keyed_service/content/browser_context_dependency_manager.h" 21 #include "components/pref_registry/pref_registry_syncable.h" 22 23 namespace policy { 24 25 // static 26 PolicyCertService* PolicyCertServiceFactory::GetForProfile(Profile* profile) { 27 return static_cast<PolicyCertService*>( 28 GetInstance()->GetServiceForBrowserContext(profile, false)); 29 } 30 31 // static 32 scoped_ptr<PolicyCertVerifier> PolicyCertServiceFactory::CreateForProfile( 33 Profile* profile) { 34 DCHECK(!GetInstance()->GetServiceForBrowserContext(profile, false)); 35 PolicyCertService* service = static_cast<PolicyCertService*>( 36 GetInstance()->GetServiceForBrowserContext(profile, true)); 37 if (!service) 38 return scoped_ptr<PolicyCertVerifier>(); 39 return service->CreatePolicyCertVerifier(); 40 } 41 42 // static 43 PolicyCertServiceFactory* PolicyCertServiceFactory::GetInstance() { 44 return Singleton<PolicyCertServiceFactory>::get(); 45 } 46 47 // static 48 void PolicyCertServiceFactory::SetUsedPolicyCertificates( 49 const std::string& user_id) { 50 if (UsedPolicyCertificates(user_id)) 51 return; 52 ListPrefUpdate update(g_browser_process->local_state(), 53 prefs::kUsedPolicyCertificates); 54 update->AppendString(user_id); 55 } 56 57 // static 58 void PolicyCertServiceFactory::ClearUsedPolicyCertificates( 59 const std::string& user_id) { 60 ListPrefUpdate update(g_browser_process->local_state(), 61 prefs::kUsedPolicyCertificates); 62 update->Remove(base::StringValue(user_id), NULL); 63 } 64 65 // static 66 bool PolicyCertServiceFactory::UsedPolicyCertificates( 67 const std::string& user_id) { 68 base::StringValue value(user_id); 69 const base::ListValue* list = 70 g_browser_process->local_state()->GetList(prefs::kUsedPolicyCertificates); 71 if (!list) { 72 NOTREACHED(); 73 return false; 74 } 75 return list->Find(value) != list->end(); 76 } 77 78 // static 79 void PolicyCertServiceFactory::RegisterPrefs(PrefRegistrySimple* local_state) { 80 local_state->RegisterListPref(prefs::kUsedPolicyCertificates); 81 } 82 83 PolicyCertServiceFactory::PolicyCertServiceFactory() 84 : BrowserContextKeyedServiceFactory( 85 "PolicyCertService", 86 BrowserContextDependencyManager::GetInstance()) { 87 DependsOn(UserNetworkConfigurationUpdaterFactory::GetInstance()); 88 } 89 90 PolicyCertServiceFactory::~PolicyCertServiceFactory() {} 91 92 KeyedService* PolicyCertServiceFactory::BuildServiceInstanceFor( 93 content::BrowserContext* context) const { 94 Profile* profile = static_cast<Profile*>(context); 95 96 chromeos::UserManager* user_manager = chromeos::UserManager::Get(); 97 chromeos::User* user = 98 user_manager->GetUserByProfile(profile->GetOriginalProfile()); 99 if (!user) 100 return NULL; 101 102 // Backwards compatibility: profiles that used policy-pushed certificates used 103 // to have this condition marked in their prefs. This signal has moved to 104 // local_state though, to support checking it before the profile is loaded. 105 // Check the profile here and update the local_state, if appropriate. 106 // TODO(joaodasilva): remove this, eventually. 107 PrefService* prefs = profile->GetOriginalProfile()->GetPrefs(); 108 if (prefs->GetBoolean(prefs::kUsedPolicyCertificatesOnce)) { 109 SetUsedPolicyCertificates(user->email()); 110 prefs->ClearPref(prefs::kUsedPolicyCertificatesOnce); 111 112 if (user_manager->GetLoggedInUsers().size() > 1u) { 113 // This login should not have been allowed. After rebooting, local_state 114 // will contain the updated list of users that used policy-pushed 115 // certificates and this won't happen again. 116 // Note that a user becomes logged in before his profile is created. 117 LOG(ERROR) << "Shutdown session because a tainted profile was added."; 118 g_browser_process->local_state()->CommitPendingWrite(); 119 prefs->CommitPendingWrite(); 120 chrome::AttemptUserExit(); 121 } 122 } 123 124 UserNetworkConfigurationUpdater* net_conf_updater = 125 UserNetworkConfigurationUpdaterFactory::GetForProfile(profile); 126 if (!net_conf_updater) 127 return NULL; 128 129 return new PolicyCertService(user->email(), net_conf_updater, user_manager); 130 } 131 132 content::BrowserContext* PolicyCertServiceFactory::GetBrowserContextToUse( 133 content::BrowserContext* context) const { 134 return chrome::GetBrowserContextOwnInstanceInIncognito(context); 135 } 136 137 void PolicyCertServiceFactory::RegisterProfilePrefs( 138 user_prefs::PrefRegistrySyncable* registry) { 139 // TODO(joaodasilva): this is used for backwards compatibility. 140 // Remove once it's not necessary anymore. 141 registry->RegisterBooleanPref( 142 prefs::kUsedPolicyCertificatesOnce, 143 false, 144 user_prefs::PrefRegistrySyncable::UNSYNCABLE_PREF); 145 } 146 147 bool PolicyCertServiceFactory::ServiceIsNULLWhileTesting() const { 148 return true; 149 } 150 151 } // namespace policy 152
