device_cloud_policy_initializer.cc revision 116680a4aac90f2aa7413d9095a592090648e557 
1// Copyright 2014 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "chrome/browser/chromeos/policy/device_cloud_policy_initializer.h"
6
7#include "base/bind.h"
8#include "base/bind_helpers.h"
9#include "base/logging.h"
10#include "base/prefs/pref_service.h"
11#include "base/sequenced_task_runner.h"
12#include "base/values.h"
13#include "chrome/browser/browser_process.h"
14#include "chrome/browser/chromeos/login/startup_utils.h"
15#include "chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h"
16#include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h"
17#include "chrome/browser/chromeos/policy/device_status_collector.h"
18#include "chrome/browser/chromeos/policy/enrollment_handler_chromeos.h"
19#include "chrome/browser/chromeos/policy/enterprise_install_attributes.h"
20#include "chrome/browser/chromeos/policy/server_backed_device_state.h"
21#include "chrome/common/chrome_content_client.h"
22#include "chrome/common/pref_names.h"
23#include "chromeos/system/statistics_provider.h"
24#include "components/policy/core/common/cloud/cloud_policy_constants.h"
25#include "components/policy/core/common/cloud/cloud_policy_core.h"
26#include "components/policy/core/common/cloud/system_policy_request_context.h"
27#include "net/url_request/url_request_context_getter.h"
28#include "policy/proto/device_management_backend.pb.h"
29
30namespace em = enterprise_management;
31
32namespace policy {
33
34namespace {
35
36// Gets a machine flag from StatisticsProvider, returning the given
37// |default_value| if not present.
38bool GetMachineFlag(const std::string& key, bool default_value) {
39  bool value = default_value;
40  chromeos::system::StatisticsProvider* provider =
41      chromeos::system::StatisticsProvider::GetInstance();
42  if (!provider->GetMachineFlag(key, &value))
43    return default_value;
44
45  return value;
46}
47
48}  // namespace
49
50DeviceCloudPolicyInitializer::DeviceCloudPolicyInitializer(
51    PrefService* local_state,
52    DeviceManagementService* enterprise_service,
53    DeviceManagementService* consumer_service,
54    const scoped_refptr<base::SequencedTaskRunner>& background_task_runner,
55    EnterpriseInstallAttributes* install_attributes,
56    ServerBackedStateKeysBroker* state_keys_broker,
57    DeviceCloudPolicyStoreChromeOS* device_store,
58    DeviceCloudPolicyManagerChromeOS* manager,
59    const base::Closure& on_connected_callback)
60    : local_state_(local_state),
61      enterprise_service_(enterprise_service),
62      consumer_service_(consumer_service),
63      background_task_runner_(background_task_runner),
64      install_attributes_(install_attributes),
65      state_keys_broker_(state_keys_broker),
66      device_store_(device_store),
67      manager_(manager),
68      on_connected_callback_(on_connected_callback) {
69  device_store_->AddObserver(this);
70  state_keys_update_subscription_ = state_keys_broker_->RegisterUpdateCallback(
71      base::Bind(&DeviceCloudPolicyInitializer::TryToCreateClient,
72                 base::Unretained(this)));
73
74  device_status_provider_.reset(
75      new DeviceStatusCollector(
76          local_state_,
77          chromeos::system::StatisticsProvider::GetInstance(),
78          NULL));
79
80  TryToCreateClient();
81}
82
83DeviceCloudPolicyInitializer::~DeviceCloudPolicyInitializer() {
84}
85
86void DeviceCloudPolicyInitializer::Shutdown() {
87  device_store_->RemoveObserver(this);
88  device_status_provider_.reset();
89  enrollment_handler_.reset();
90  state_keys_update_subscription_.reset();
91}
92
93void DeviceCloudPolicyInitializer::StartEnrollment(
94    DeviceManagementService* device_management_service,
95    const std::string& auth_token,
96    bool is_auto_enrollment,
97    const AllowedDeviceModes& allowed_device_modes,
98    const EnrollmentCallback& enrollment_callback) {
99  CHECK(!enrollment_handler_);
100
101  manager_->core()->Disconnect();
102  enrollment_handler_.reset(new EnrollmentHandlerChromeOS(
103      device_store_,
104      install_attributes_,
105      state_keys_broker_,
106      CreateClient(device_management_service),
107      background_task_runner_,
108      auth_token,
109      install_attributes_->GetDeviceId(),
110      is_auto_enrollment,
111      manager_->GetDeviceRequisition(),
112      allowed_device_modes,
113      base::Bind(&DeviceCloudPolicyInitializer::EnrollmentCompleted,
114                 base::Unretained(this),
115                 enrollment_callback)));
116  enrollment_handler_->StartEnrollment();
117}
118
119bool DeviceCloudPolicyInitializer::ShouldAutoStartEnrollment() const {
120  std::string restore_mode = GetRestoreMode();
121  if (restore_mode == kDeviceStateRestoreModeReEnrollmentRequested ||
122      restore_mode == kDeviceStateRestoreModeReEnrollmentEnforced) {
123    return true;
124  }
125
126  if (local_state_->HasPrefPath(prefs::kDeviceEnrollmentAutoStart))
127    return local_state_->GetBoolean(prefs::kDeviceEnrollmentAutoStart);
128
129  return GetMachineFlag(chromeos::system::kOemIsEnterpriseManagedKey, false);
130}
131
132bool DeviceCloudPolicyInitializer::ShouldRecoverEnrollment() const {
133  if (install_attributes_->IsEnterpriseDevice() &&
134      chromeos::StartupUtils::IsEnrollmentRecoveryRequired()) {
135    LOG(WARNING) << "Enrollment recovery required according to pref.";
136    if (!DeviceCloudPolicyManagerChromeOS::GetMachineID().empty())
137      return true;
138    LOG(WARNING) << "Postponing recovery because machine id is missing.";
139  }
140  return false;
141}
142
143std::string DeviceCloudPolicyInitializer::GetEnrollmentRecoveryDomain() const {
144  return install_attributes_->GetDomain();
145}
146
147bool DeviceCloudPolicyInitializer::CanExitEnrollment() const {
148  if (GetRestoreMode() == kDeviceStateRestoreModeReEnrollmentEnforced)
149    return false;
150
151  if (local_state_->HasPrefPath(prefs::kDeviceEnrollmentCanExit))
152    return local_state_->GetBoolean(prefs::kDeviceEnrollmentCanExit);
153
154  return GetMachineFlag(chromeos::system::kOemCanExitEnterpriseEnrollmentKey,
155                        true);
156}
157
158std::string
159DeviceCloudPolicyInitializer::GetForcedEnrollmentDomain() const {
160  const base::DictionaryValue* device_state_dict =
161      local_state_->GetDictionary(prefs::kServerBackedDeviceState);
162  std::string management_domain;
163  device_state_dict->GetString(kDeviceStateManagementDomain,
164                               &management_domain);
165  return management_domain;
166}
167
168void DeviceCloudPolicyInitializer::OnStoreLoaded(CloudPolicyStore* store) {
169  TryToCreateClient();
170}
171
172void DeviceCloudPolicyInitializer::OnStoreError(CloudPolicyStore* store) {
173  // Do nothing.
174}
175
176void DeviceCloudPolicyInitializer::EnrollmentCompleted(
177    const EnrollmentCallback& enrollment_callback,
178    EnrollmentStatus status) {
179  scoped_ptr<CloudPolicyClient> client = enrollment_handler_->ReleaseClient();
180  enrollment_handler_.reset();
181
182  if (status.status() == EnrollmentStatus::STATUS_SUCCESS) {
183    StartConnection(client.Pass());
184  } else {
185    // Some attempts to create a client may be blocked because the enrollment
186    // was in progress. We give it a try again.
187    TryToCreateClient();
188  }
189
190  if (!enrollment_callback.is_null())
191    enrollment_callback.Run(status);
192}
193
194scoped_ptr<CloudPolicyClient> DeviceCloudPolicyInitializer::CreateClient(
195    DeviceManagementService* device_management_service) {
196  scoped_refptr<net::URLRequestContextGetter> request_context =
197      new SystemPolicyRequestContext(
198          g_browser_process->system_request_context(), GetUserAgent());
199
200  return make_scoped_ptr(
201      new CloudPolicyClient(DeviceCloudPolicyManagerChromeOS::GetMachineID(),
202                            DeviceCloudPolicyManagerChromeOS::GetMachineModel(),
203                            kPolicyVerificationKeyHash,
204                            USER_AFFILIATION_NONE,
205                            device_status_provider_.get(),
206                            device_management_service,
207                            request_context));
208}
209
210void DeviceCloudPolicyInitializer::TryToCreateClient() {
211  if (device_store_->is_initialized() &&
212      device_store_->has_policy() &&
213      !device_store_->policy()->request_token().empty() &&
214      !state_keys_broker_->pending() &&
215      !enrollment_handler_) {
216    DeviceManagementService* service;
217    if (device_store_->policy()->management_mode() ==
218        em::PolicyData::CONSUMER_MANAGED) {
219      service = consumer_service_;
220    } else {
221      service = enterprise_service_;
222    }
223    StartConnection(CreateClient(service));
224  }
225}
226
227void DeviceCloudPolicyInitializer::StartConnection(
228    scoped_ptr<CloudPolicyClient> client) {
229  if (!manager_->core()->service())
230    manager_->StartConnection(client.Pass(), device_status_provider_.Pass());
231
232  if (!on_connected_callback_.is_null()) {
233    on_connected_callback_.Run();
234    on_connected_callback_.Reset();
235  }
236}
237
238std::string DeviceCloudPolicyInitializer::GetRestoreMode() const {
239  const base::DictionaryValue* device_state_dict =
240      local_state_->GetDictionary(prefs::kServerBackedDeviceState);
241  std::string restore_mode;
242  device_state_dict->GetString(kDeviceStateRestoreMode, &restore_mode);
243  return restore_mode;
244}
245
246}  // namespace policy
247