1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_USER_CLOUD_POLICY_STORE_CHROMEOS_H_ 6 #define CHROME_BROWSER_CHROMEOS_POLICY_USER_CLOUD_POLICY_STORE_CHROMEOS_H_ 7 8 #include <string> 9 #include <vector> 10 11 #include "base/basictypes.h" 12 #include "base/compiler_specific.h" 13 #include "base/files/file_path.h" 14 #include "base/memory/ref_counted.h" 15 #include "base/memory/scoped_ptr.h" 16 #include "base/memory/weak_ptr.h" 17 #include "chromeos/dbus/dbus_method_call_status.h" 18 #include "components/policy/core/common/cloud/cloud_policy_validator.h" 19 #include "components/policy/core/common/cloud/user_cloud_policy_store_base.h" 20 21 namespace base { 22 class SequencedTaskRunner; 23 } 24 25 namespace chromeos { 26 class CryptohomeClient; 27 class SessionManagerClient; 28 } 29 30 namespace policy { 31 32 class LegacyPolicyCacheLoader; 33 34 // Implements a cloud policy store backed by the Chrome OS' session_manager, 35 // which takes care of persisting policy to disk and is accessed via DBus calls 36 // through SessionManagerClient. 37 // 38 // Additionally, this class drives legacy UserPolicyTokenCache and 39 // UserPolicyDiskCache instances, migrating policy from these to session_manager 40 // storage on the fly. 41 class UserCloudPolicyStoreChromeOS : public UserCloudPolicyStoreBase { 42 public: 43 UserCloudPolicyStoreChromeOS( 44 chromeos::CryptohomeClient* cryptohome_client, 45 chromeos::SessionManagerClient* session_manager_client, 46 scoped_refptr<base::SequencedTaskRunner> background_task_runner, 47 const std::string& username, 48 const base::FilePath& user_policy_key_dir, 49 const base::FilePath& legacy_token_cache_file, 50 const base::FilePath& legacy_policy_cache_file); 51 virtual ~UserCloudPolicyStoreChromeOS(); 52 53 // CloudPolicyStore: 54 virtual void Store( 55 const enterprise_management::PolicyFetchResponse& policy) OVERRIDE; 56 virtual void Load() OVERRIDE; 57 58 // Loads the policy synchronously on the current thread. 59 void LoadImmediately(); 60 61 private: 62 // Starts validation of |policy| before storing it. 63 void ValidatePolicyForStore( 64 scoped_ptr<enterprise_management::PolicyFetchResponse> policy); 65 66 // Completion handler for policy validation on the Store() path. 67 // Starts a store operation if the validation succeeded. 68 void OnPolicyToStoreValidated(UserCloudPolicyValidator* validator); 69 70 // Called back from SessionManagerClient for policy store operations. 71 void OnPolicyStored(bool); 72 73 // Called back from SessionManagerClient for policy load operations. 74 void OnPolicyRetrieved(const std::string& policy_blob); 75 76 // Starts validation of the loaded |policy| before installing it. 77 void ValidateRetrievedPolicy( 78 scoped_ptr<enterprise_management::PolicyFetchResponse> policy); 79 80 // Completion handler for policy validation on the Load() path. Installs the 81 // policy and publishes it if validation succeeded. 82 void OnRetrievedPolicyValidated(UserCloudPolicyValidator* validator); 83 84 // Callback for loading legacy caches. 85 void OnLegacyLoadFinished( 86 const std::string& dm_token, 87 const std::string& device_id, 88 Status status, 89 scoped_ptr<enterprise_management::PolicyFetchResponse>); 90 91 // Completion callback for legacy policy validation. 92 void OnLegacyPolicyValidated(const std::string& dm_token, 93 const std::string& device_id, 94 UserCloudPolicyValidator* validator); 95 96 // Installs legacy tokens. 97 void InstallLegacyTokens(const std::string& dm_token, 98 const std::string& device_id); 99 100 // Removes the passed-in legacy cache directory. 101 static void RemoveLegacyCacheDir(const base::FilePath& dir); 102 103 // Invokes |callback| after reloading |policy_key_|. 104 void ReloadPolicyKey(const base::Closure& callback); 105 106 // Reads the contents of |path| into |key|. 107 static void LoadPolicyKey(const base::FilePath& path, 108 std::string* key); 109 110 // Callback for the key reloading. 111 void OnPolicyKeyReloaded(std::string* key, 112 const base::Closure& callback); 113 114 // Invokes |callback| after creating |policy_key_|, if it hasn't been created 115 // yet; otherwise invokes |callback| immediately. 116 void EnsurePolicyKeyLoaded(const base::Closure& callback); 117 118 // Callback for getting the sanitized username from |cryptohome_client_|. 119 void OnGetSanitizedUsername(const base::Closure& callback, 120 chromeos::DBusMethodCallStatus call_status, 121 const std::string& sanitized_username); 122 123 scoped_ptr<UserCloudPolicyValidator> CreateValidatorForLoad( 124 scoped_ptr<enterprise_management::PolicyFetchResponse> policy); 125 126 chromeos::CryptohomeClient* cryptohome_client_; 127 chromeos::SessionManagerClient* session_manager_client_; 128 const std::string username_; 129 base::FilePath user_policy_key_dir_; 130 131 // TODO(mnissler): Remove all the legacy policy support members below after 132 // the number of pre-M20 clients drops back to zero. 133 base::FilePath legacy_cache_dir_; 134 scoped_ptr<LegacyPolicyCacheLoader> legacy_loader_; 135 bool legacy_caches_loaded_; 136 137 bool policy_key_loaded_; 138 base::FilePath policy_key_path_; 139 std::string policy_key_; 140 141 base::WeakPtrFactory<UserCloudPolicyStoreChromeOS> weak_factory_; 142 143 DISALLOW_COPY_AND_ASSIGN(UserCloudPolicyStoreChromeOS); 144 }; 145 146 } // namespace policy 147 148 #endif // CHROME_BROWSER_CHROMEOS_POLICY_USER_CLOUD_POLICY_STORE_CHROMEOS_H_ 149