device_local_account_policy_service.h revision 2a99a7e74a7f215066514fe81d2bfa6639d9eddd
1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef CHROME_BROWSER_CHROMEOS_POLICY_DEVICE_LOCAL_ACCOUNT_POLICY_SERVICE_H_ 6#define CHROME_BROWSER_CHROMEOS_POLICY_DEVICE_LOCAL_ACCOUNT_POLICY_SERVICE_H_ 7 8#include <map> 9#include <string> 10 11#include "base/basictypes.h" 12#include "base/callback_forward.h" 13#include "base/compiler_specific.h" 14#include "base/memory/scoped_ptr.h" 15#include "base/observer_list.h" 16#include "chrome/browser/chromeos/settings/device_settings_service.h" 17#include "chrome/browser/policy/cloud/cloud_policy_core.h" 18#include "chrome/browser/policy/cloud/cloud_policy_store.h" 19 20namespace chromeos { 21class SessionManagerClient; 22} 23 24namespace policy { 25 26class CloudPolicyClient; 27class DeviceLocalAccountPolicyStore; 28class DeviceManagementService; 29 30// The main switching central that downloads, caches, refreshes, etc. policy for 31// a single device-local account. 32class DeviceLocalAccountPolicyBroker { 33 public: 34 explicit DeviceLocalAccountPolicyBroker( 35 scoped_ptr<DeviceLocalAccountPolicyStore> store); 36 ~DeviceLocalAccountPolicyBroker(); 37 38 const std::string& account_id() const; 39 40 CloudPolicyCore* core() { return &core_; } 41 const CloudPolicyCore* core() const { return &core_; } 42 43 // Establish a cloud connection for the service. 44 void Connect(scoped_ptr<CloudPolicyClient> client); 45 46 // Destroy the cloud connection, stopping policy refreshes. 47 void Disconnect(); 48 49 // Reads the refresh delay from policy and configures the refresh scheduler. 50 void UpdateRefreshDelay(); 51 52 // Retrieves the display name for the account as stored in policy. Returns an 53 // empty string if the policy is not present. 54 std::string GetDisplayName() const; 55 56 private: 57 const std::string account_id_; 58 scoped_ptr<DeviceLocalAccountPolicyStore> store_; 59 CloudPolicyCore core_; 60 61 DISALLOW_COPY_AND_ASSIGN(DeviceLocalAccountPolicyBroker); 62}; 63 64// Manages user policy blobs for device-local accounts present on the device. 65// The actual policy blobs are brokered by session_manager (to prevent file 66// manipulation), and we're making signature checks on the policy blobs to 67// ensure they're issued by the device owner. 68class DeviceLocalAccountPolicyService 69 : public chromeos::DeviceSettingsService::Observer, 70 public CloudPolicyStore::Observer { 71 public: 72 // Interface for interested parties to observe policy changes. 73 class Observer { 74 public: 75 virtual ~Observer() {} 76 77 // Policy for the given account has changed. 78 virtual void OnPolicyUpdated(const std::string& account_id) = 0; 79 80 // The list of accounts has been updated. 81 virtual void OnDeviceLocalAccountsChanged() = 0; 82 }; 83 84 DeviceLocalAccountPolicyService( 85 chromeos::SessionManagerClient* session_manager_client, 86 chromeos::DeviceSettingsService* device_settings_service); 87 virtual ~DeviceLocalAccountPolicyService(); 88 89 // Initializes the cloud policy service connection. 90 void Connect(DeviceManagementService* device_management_service); 91 92 // Prevents further policy fetches from the cloud. 93 void Disconnect(); 94 95 // Get the policy broker for a given account. Returns NULL if that account is 96 // not valid. 97 DeviceLocalAccountPolicyBroker* GetBrokerForAccount( 98 const std::string& account_id); 99 100 // Indicates whether policy has been successfully fetched for the given 101 // account. 102 bool IsPolicyAvailableForAccount(const std::string& account_id); 103 104 void AddObserver(Observer* observer); 105 void RemoveObserver(Observer* observer); 106 107 // DeviceSettingsService::Observer: 108 virtual void OwnershipStatusChanged() OVERRIDE; 109 virtual void DeviceSettingsUpdated() OVERRIDE; 110 111 // CloudPolicyStore::Observer: 112 virtual void OnStoreLoaded(CloudPolicyStore* store) OVERRIDE; 113 virtual void OnStoreError(CloudPolicyStore* store) OVERRIDE; 114 115 private: 116 typedef std::map<std::string, DeviceLocalAccountPolicyBroker*> 117 PolicyBrokerMap; 118 119 // Re-queries the list of defined device-local accounts from device settings 120 // and updates |policy_brokers_| to match that list. 121 void UpdateAccountList( 122 const enterprise_management::ChromeDeviceSettingsProto& device_settings); 123 124 // Creates a broker for the given account ID. 125 scoped_ptr<DeviceLocalAccountPolicyBroker> CreateBroker( 126 const std::string& account_id); 127 128 // Deletes brokers in |map| and clears it. 129 void DeleteBrokers(PolicyBrokerMap* map); 130 131 // Find the broker for a given |store|. Returns NULL if |store| is unknown. 132 DeviceLocalAccountPolicyBroker* GetBrokerForStore(CloudPolicyStore* store); 133 134 // Creates and initializes a cloud policy client for |account_id|. Returns 135 // NULL if the device doesn't have credentials in device settings (i.e. is not 136 // enterprise-enrolled). 137 scoped_ptr<CloudPolicyClient> CreateClientForAccount( 138 const std::string& account_id); 139 140 chromeos::SessionManagerClient* session_manager_client_; 141 chromeos::DeviceSettingsService* device_settings_service_; 142 143 DeviceManagementService* device_management_service_; 144 145 // The device-local account policy brokers, keyed by account ID. 146 PolicyBrokerMap policy_brokers_; 147 148 ObserverList<Observer, true> observers_; 149 150 DISALLOW_COPY_AND_ASSIGN(DeviceLocalAccountPolicyService); 151}; 152 153} // namespace policy 154 155#endif // CHROME_BROWSER_CHROMEOS_POLICY_DEVICE_LOCAL_ACCOUNT_POLICY_SERVICE_H_ 156