1 // Copyright 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h" 6 7 #include "base/memory/singleton.h" 8 #include "base/prefs/pref_registry_simple.h" 9 #include "base/prefs/pref_service.h" 10 #include "base/prefs/scoped_user_pref_update.h" 11 #include "chrome/browser/browser_process.h" 12 #include "chrome/browser/chromeos/policy/policy_cert_service.h" 13 #include "chrome/browser/chromeos/policy/policy_cert_verifier.h" 14 #include "chrome/browser/chromeos/policy/user_network_configuration_updater_factory.h" 15 #include "chrome/browser/chromeos/profiles/profile_helper.h" 16 #include "chrome/browser/lifetime/application_lifetime.h" 17 #include "chrome/browser/profiles/incognito_helpers.h" 18 #include "chrome/browser/profiles/profile.h" 19 #include "chrome/common/pref_names.h" 20 #include "components/keyed_service/content/browser_context_dependency_manager.h" 21 #include "components/pref_registry/pref_registry_syncable.h" 22 #include "components/user_manager/user_manager.h" 23 24 namespace policy { 25 26 // static 27 PolicyCertService* PolicyCertServiceFactory::GetForProfile(Profile* profile) { 28 return static_cast<PolicyCertService*>( 29 GetInstance()->GetServiceForBrowserContext(profile, false)); 30 } 31 32 // static 33 scoped_ptr<PolicyCertVerifier> PolicyCertServiceFactory::CreateForProfile( 34 Profile* profile) { 35 DCHECK(!GetInstance()->GetServiceForBrowserContext(profile, false)); 36 PolicyCertService* service = static_cast<PolicyCertService*>( 37 GetInstance()->GetServiceForBrowserContext(profile, true)); 38 if (!service) 39 return scoped_ptr<PolicyCertVerifier>(); 40 return service->CreatePolicyCertVerifier(); 41 } 42 43 // static 44 PolicyCertServiceFactory* PolicyCertServiceFactory::GetInstance() { 45 return Singleton<PolicyCertServiceFactory>::get(); 46 } 47 48 // static 49 void PolicyCertServiceFactory::SetUsedPolicyCertificates( 50 const std::string& user_id) { 51 if (UsedPolicyCertificates(user_id)) 52 return; 53 ListPrefUpdate update(g_browser_process->local_state(), 54 prefs::kUsedPolicyCertificates); 55 update->AppendString(user_id); 56 } 57 58 // static 59 void PolicyCertServiceFactory::ClearUsedPolicyCertificates( 60 const std::string& user_id) { 61 ListPrefUpdate update(g_browser_process->local_state(), 62 prefs::kUsedPolicyCertificates); 63 update->Remove(base::StringValue(user_id), NULL); 64 } 65 66 // static 67 bool PolicyCertServiceFactory::UsedPolicyCertificates( 68 const std::string& user_id) { 69 base::StringValue value(user_id); 70 const base::ListValue* list = 71 g_browser_process->local_state()->GetList(prefs::kUsedPolicyCertificates); 72 if (!list) { 73 NOTREACHED(); 74 return false; 75 } 76 return list->Find(value) != list->end(); 77 } 78 79 // static 80 void PolicyCertServiceFactory::RegisterPrefs(PrefRegistrySimple* local_state) { 81 local_state->RegisterListPref(prefs::kUsedPolicyCertificates); 82 } 83 84 PolicyCertServiceFactory::PolicyCertServiceFactory() 85 : BrowserContextKeyedServiceFactory( 86 "PolicyCertService", 87 BrowserContextDependencyManager::GetInstance()) { 88 DependsOn(UserNetworkConfigurationUpdaterFactory::GetInstance()); 89 } 90 91 PolicyCertServiceFactory::~PolicyCertServiceFactory() {} 92 93 KeyedService* PolicyCertServiceFactory::BuildServiceInstanceFor( 94 content::BrowserContext* context) const { 95 Profile* profile = static_cast<Profile*>(context); 96 97 user_manager::UserManager* user_manager = user_manager::UserManager::Get(); 98 user_manager::User* user = chromeos::ProfileHelper::Get()->GetUserByProfile( 99 profile->GetOriginalProfile()); 100 if (!user) 101 return NULL; 102 103 // Backwards compatibility: profiles that used policy-pushed certificates used 104 // to have this condition marked in their prefs. This signal has moved to 105 // local_state though, to support checking it before the profile is loaded. 106 // Check the profile here and update the local_state, if appropriate. 107 // TODO(joaodasilva): remove this, eventually. 108 PrefService* prefs = profile->GetOriginalProfile()->GetPrefs(); 109 if (prefs->GetBoolean(prefs::kUsedPolicyCertificatesOnce)) { 110 SetUsedPolicyCertificates(user->email()); 111 prefs->ClearPref(prefs::kUsedPolicyCertificatesOnce); 112 113 if (user_manager->GetLoggedInUsers().size() > 1u) { 114 // This login should not have been allowed. After rebooting, local_state 115 // will contain the updated list of users that used policy-pushed 116 // certificates and this won't happen again. 117 // Note that a user becomes logged in before his profile is created. 118 LOG(ERROR) << "Shutdown session because a tainted profile was added."; 119 g_browser_process->local_state()->CommitPendingWrite(); 120 prefs->CommitPendingWrite(); 121 chrome::AttemptUserExit(); 122 } 123 } 124 125 UserNetworkConfigurationUpdater* net_conf_updater = 126 UserNetworkConfigurationUpdaterFactory::GetForProfile(profile); 127 if (!net_conf_updater) 128 return NULL; 129 130 return new PolicyCertService(user->email(), net_conf_updater, user_manager); 131 } 132 133 content::BrowserContext* PolicyCertServiceFactory::GetBrowserContextToUse( 134 content::BrowserContext* context) const { 135 return chrome::GetBrowserContextOwnInstanceInIncognito(context); 136 } 137 138 void PolicyCertServiceFactory::RegisterProfilePrefs( 139 user_prefs::PrefRegistrySyncable* registry) { 140 // TODO(joaodasilva): this is used for backwards compatibility. 141 // Remove once it's not necessary anymore. 142 registry->RegisterBooleanPref( 143 prefs::kUsedPolicyCertificatesOnce, 144 false, 145 user_prefs::PrefRegistrySyncable::UNSYNCABLE_PREF); 146 } 147 148 bool PolicyCertServiceFactory::ServiceIsNULLWhileTesting() const { 149 return true; 150 } 151 152 } // namespace policy 153