device_local_account_policy_service.h revision 2a99a7e74a7f215066514fe81d2bfa6639d9eddd 
1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef CHROME_BROWSER_CHROMEOS_POLICY_DEVICE_LOCAL_ACCOUNT_POLICY_SERVICE_H_
6#define CHROME_BROWSER_CHROMEOS_POLICY_DEVICE_LOCAL_ACCOUNT_POLICY_SERVICE_H_
7
8#include <map>
9#include <string>
10
11#include "base/basictypes.h"
12#include "base/callback_forward.h"
13#include "base/compiler_specific.h"
14#include "base/memory/scoped_ptr.h"
15#include "base/observer_list.h"
16#include "chrome/browser/chromeos/settings/device_settings_service.h"
17#include "chrome/browser/policy/cloud/cloud_policy_core.h"
18#include "chrome/browser/policy/cloud/cloud_policy_store.h"
19
20namespace chromeos {
21class SessionManagerClient;
22}
23
24namespace policy {
25
26class CloudPolicyClient;
27class DeviceLocalAccountPolicyStore;
28class DeviceManagementService;
29
30// The main switching central that downloads, caches, refreshes, etc. policy for
31// a single device-local account.
32class DeviceLocalAccountPolicyBroker {
33 public:
34  explicit DeviceLocalAccountPolicyBroker(
35      scoped_ptr<DeviceLocalAccountPolicyStore> store);
36  ~DeviceLocalAccountPolicyBroker();
37
38  const std::string& account_id() const;
39
40  CloudPolicyCore* core() { return &core_; }
41  const CloudPolicyCore* core() const { return &core_; }
42
43  // Establish a cloud connection for the service.
44  void Connect(scoped_ptr<CloudPolicyClient> client);
45
46  // Destroy the cloud connection, stopping policy refreshes.
47  void Disconnect();
48
49  // Reads the refresh delay from policy and configures the refresh scheduler.
50  void UpdateRefreshDelay();
51
52  // Retrieves the display name for the account as stored in policy. Returns an
53  // empty string if the policy is not present.
54  std::string GetDisplayName() const;
55
56 private:
57  const std::string account_id_;
58  scoped_ptr<DeviceLocalAccountPolicyStore> store_;
59  CloudPolicyCore core_;
60
61  DISALLOW_COPY_AND_ASSIGN(DeviceLocalAccountPolicyBroker);
62};
63
64// Manages user policy blobs for device-local accounts present on the device.
65// The actual policy blobs are brokered by session_manager (to prevent file
66// manipulation), and we're making signature checks on the policy blobs to
67// ensure they're issued by the device owner.
68class DeviceLocalAccountPolicyService
69    : public chromeos::DeviceSettingsService::Observer,
70      public CloudPolicyStore::Observer {
71 public:
72  // Interface for interested parties to observe policy changes.
73  class Observer {
74   public:
75    virtual ~Observer() {}
76
77    // Policy for the given account has changed.
78    virtual void OnPolicyUpdated(const std::string& account_id) = 0;
79
80    // The list of accounts has been updated.
81    virtual void OnDeviceLocalAccountsChanged() = 0;
82  };
83
84  DeviceLocalAccountPolicyService(
85      chromeos::SessionManagerClient* session_manager_client,
86      chromeos::DeviceSettingsService* device_settings_service);
87  virtual ~DeviceLocalAccountPolicyService();
88
89  // Initializes the cloud policy service connection.
90  void Connect(DeviceManagementService* device_management_service);
91
92  // Prevents further policy fetches from the cloud.
93  void Disconnect();
94
95  // Get the policy broker for a given account. Returns NULL if that account is
96  // not valid.
97  DeviceLocalAccountPolicyBroker* GetBrokerForAccount(
98      const std::string& account_id);
99
100  // Indicates whether policy has been successfully fetched for the given
101  // account.
102  bool IsPolicyAvailableForAccount(const std::string& account_id);
103
104  void AddObserver(Observer* observer);
105  void RemoveObserver(Observer* observer);
106
107  // DeviceSettingsService::Observer:
108  virtual void OwnershipStatusChanged() OVERRIDE;
109  virtual void DeviceSettingsUpdated() OVERRIDE;
110
111  // CloudPolicyStore::Observer:
112  virtual void OnStoreLoaded(CloudPolicyStore* store) OVERRIDE;
113  virtual void OnStoreError(CloudPolicyStore* store) OVERRIDE;
114
115 private:
116  typedef std::map<std::string, DeviceLocalAccountPolicyBroker*>
117      PolicyBrokerMap;
118
119  // Re-queries the list of defined device-local accounts from device settings
120  // and updates |policy_brokers_| to match that list.
121  void UpdateAccountList(
122      const enterprise_management::ChromeDeviceSettingsProto& device_settings);
123
124  // Creates a broker for the given account ID.
125  scoped_ptr<DeviceLocalAccountPolicyBroker> CreateBroker(
126      const std::string& account_id);
127
128  // Deletes brokers in |map| and clears it.
129  void DeleteBrokers(PolicyBrokerMap* map);
130
131  // Find the broker for a given |store|. Returns NULL if |store| is unknown.
132  DeviceLocalAccountPolicyBroker* GetBrokerForStore(CloudPolicyStore* store);
133
134  // Creates and initializes a cloud policy client for |account_id|. Returns
135  // NULL if the device doesn't have credentials in device settings (i.e. is not
136  // enterprise-enrolled).
137  scoped_ptr<CloudPolicyClient> CreateClientForAccount(
138      const std::string& account_id);
139
140  chromeos::SessionManagerClient* session_manager_client_;
141  chromeos::DeviceSettingsService* device_settings_service_;
142
143  DeviceManagementService* device_management_service_;
144
145  // The device-local account policy brokers, keyed by account ID.
146  PolicyBrokerMap policy_brokers_;
147
148  ObserverList<Observer, true> observers_;
149
150  DISALLOW_COPY_AND_ASSIGN(DeviceLocalAccountPolicyService);
151};
152
153}  // namespace policy
154
155#endif  // CHROME_BROWSER_CHROMEOS_POLICY_DEVICE_LOCAL_ACCOUNT_POLICY_SERVICE_H_
156