device_local_account_policy_service.h revision 68043e1e95eeb07d5cae7aca370b26518b0867d6
1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef CHROME_BROWSER_CHROMEOS_POLICY_DEVICE_LOCAL_ACCOUNT_POLICY_SERVICE_H_ 6#define CHROME_BROWSER_CHROMEOS_POLICY_DEVICE_LOCAL_ACCOUNT_POLICY_SERVICE_H_ 7 8#include <map> 9#include <string> 10 11#include "base/basictypes.h" 12#include "base/compiler_specific.h" 13#include "base/memory/ref_counted.h" 14#include "base/memory/scoped_ptr.h" 15#include "base/memory/weak_ptr.h" 16#include "base/observer_list.h" 17#include "chrome/browser/chromeos/settings/cros_settings.h" 18#include "chrome/browser/policy/cloud/cloud_policy_core.h" 19#include "chrome/browser/policy/cloud/cloud_policy_store.h" 20 21namespace base { 22class SequencedTaskRunner; 23} 24 25namespace chromeos { 26class CrosSettings; 27class DeviceSettingsService; 28class SessionManagerClient; 29} 30 31namespace policy { 32 33class CloudPolicyClient; 34class DeviceLocalAccountPolicyStore; 35class DeviceManagementService; 36 37// The main switching central that downloads, caches, refreshes, etc. policy for 38// a single device-local account. 39class DeviceLocalAccountPolicyBroker { 40 public: 41 // |task_runner| is the runner for policy refresh tasks. 42 explicit DeviceLocalAccountPolicyBroker( 43 const std::string& user_id, 44 scoped_ptr<DeviceLocalAccountPolicyStore> store, 45 const scoped_refptr<base::SequencedTaskRunner>& task_runner); 46 ~DeviceLocalAccountPolicyBroker(); 47 48 const std::string& user_id() const { return user_id_; } 49 50 CloudPolicyCore* core() { return &core_; } 51 const CloudPolicyCore* core() const { return &core_; } 52 53 // Establish a cloud connection for the service. 54 void Connect(scoped_ptr<CloudPolicyClient> client); 55 56 // Destroy the cloud connection, stopping policy refreshes. 57 void Disconnect(); 58 59 // Reads the refresh delay from policy and configures the refresh scheduler. 60 void UpdateRefreshDelay(); 61 62 // Retrieves the display name for the account as stored in policy. Returns an 63 // empty string if the policy is not present. 64 std::string GetDisplayName() const; 65 66 private: 67 const std::string user_id_; 68 scoped_ptr<DeviceLocalAccountPolicyStore> store_; 69 CloudPolicyCore core_; 70 71 DISALLOW_COPY_AND_ASSIGN(DeviceLocalAccountPolicyBroker); 72}; 73 74// Manages user policy blobs for device-local accounts present on the device. 75// The actual policy blobs are brokered by session_manager (to prevent file 76// manipulation), and we're making signature checks on the policy blobs to 77// ensure they're issued by the device owner. 78class DeviceLocalAccountPolicyService : public CloudPolicyStore::Observer { 79 public: 80 // Interface for interested parties to observe policy changes. 81 class Observer { 82 public: 83 virtual ~Observer() {} 84 85 // Policy for the given |user_id| has changed. 86 virtual void OnPolicyUpdated(const std::string& user_id) = 0; 87 88 // The list of accounts has been updated. 89 virtual void OnDeviceLocalAccountsChanged() = 0; 90 }; 91 92 DeviceLocalAccountPolicyService( 93 chromeos::SessionManagerClient* session_manager_client, 94 chromeos::DeviceSettingsService* device_settings_service, 95 chromeos::CrosSettings* cros_settings); 96 virtual ~DeviceLocalAccountPolicyService(); 97 98 // Initializes the cloud policy service connection. 99 void Connect(DeviceManagementService* device_management_service); 100 101 // Prevents further policy fetches from the cloud. 102 void Disconnect(); 103 104 // Get the policy broker for a given |user_id|. Returns NULL if that |user_id| 105 // does not belong to an existing device-local account. 106 DeviceLocalAccountPolicyBroker* GetBrokerForUser(const std::string& user_id); 107 108 // Indicates whether policy has been successfully fetched for the given 109 // |user_id|. 110 bool IsPolicyAvailableForUser(const std::string& user_id); 111 112 void AddObserver(Observer* observer); 113 void RemoveObserver(Observer* observer); 114 115 // CloudPolicyStore::Observer: 116 virtual void OnStoreLoaded(CloudPolicyStore* store) OVERRIDE; 117 virtual void OnStoreError(CloudPolicyStore* store) OVERRIDE; 118 119 private: 120 struct PolicyBrokerWrapper { 121 PolicyBrokerWrapper(); 122 123 // Return the |broker|, creating it first if necessary. 124 DeviceLocalAccountPolicyBroker* GetBroker(); 125 126 // Fire up the cloud connection for fetching policy for the account from the 127 // cloud if this is an enterprise-managed device. 128 void ConnectIfPossible(); 129 130 // Destroy the cloud connection. 131 void Disconnect(); 132 133 // Delete the broker. 134 void DeleteBroker(); 135 136 std::string user_id; 137 std::string account_id; 138 DeviceLocalAccountPolicyService* parent; 139 DeviceLocalAccountPolicyBroker* broker; 140 }; 141 142 typedef std::map<std::string, PolicyBrokerWrapper> PolicyBrokerMap; 143 144 // Re-queries the list of defined device-local accounts from device settings 145 // and updates |policy_brokers_| to match that list. 146 void UpdateAccountList(); 147 148 // Calls |UpdateAccountList| if there are no previous calls pending. 149 void UpdateAccountListIfNonePending(); 150 151 // Deletes brokers in |map| and clears it. 152 void DeleteBrokers(PolicyBrokerMap* map); 153 154 // Find the broker for a given |store|. Returns NULL if |store| is unknown. 155 DeviceLocalAccountPolicyBroker* GetBrokerForStore(CloudPolicyStore* store); 156 157 chromeos::SessionManagerClient* session_manager_client_; 158 chromeos::DeviceSettingsService* device_settings_service_; 159 chromeos::CrosSettings* cros_settings_; 160 161 DeviceManagementService* device_management_service_; 162 163 // The device-local account policy brokers, keyed by user ID. 164 PolicyBrokerMap policy_brokers_; 165 166 ObserverList<Observer, true> observers_; 167 168 scoped_ptr<chromeos::CrosSettings::ObserverSubscription> 169 local_accounts_subscription_; 170 171 // Weak pointer factory for cros_settings_->PrepareTrustedValues() callbacks. 172 base::WeakPtrFactory<DeviceLocalAccountPolicyService> 173 cros_settings_callback_factory_; 174 175 DISALLOW_COPY_AND_ASSIGN(DeviceLocalAccountPolicyService); 176}; 177 178} // namespace policy 179 180#endif // CHROME_BROWSER_CHROMEOS_POLICY_DEVICE_LOCAL_ACCOUNT_POLICY_SERVICE_H_ 181