device_local_account_policy_service.h revision 90dce4d38c5ff5333bea97d859d4e484e27edf0c
1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef CHROME_BROWSER_CHROMEOS_POLICY_DEVICE_LOCAL_ACCOUNT_POLICY_SERVICE_H_ 6#define CHROME_BROWSER_CHROMEOS_POLICY_DEVICE_LOCAL_ACCOUNT_POLICY_SERVICE_H_ 7 8#include <map> 9#include <string> 10 11#include "base/basictypes.h" 12#include "base/compiler_specific.h" 13#include "base/memory/scoped_ptr.h" 14#include "base/memory/weak_ptr.h" 15#include "base/observer_list.h" 16#include "chrome/browser/policy/cloud/cloud_policy_core.h" 17#include "chrome/browser/policy/cloud/cloud_policy_store.h" 18#include "content/public/browser/notification_observer.h" 19 20namespace chromeos { 21class CrosSettings; 22class DeviceSettingsService; 23class SessionManagerClient; 24} 25 26namespace policy { 27 28class CloudPolicyClient; 29class DeviceLocalAccountPolicyStore; 30class DeviceManagementService; 31 32// The main switching central that downloads, caches, refreshes, etc. policy for 33// a single device-local account. 34class DeviceLocalAccountPolicyBroker { 35 public: 36 explicit DeviceLocalAccountPolicyBroker( 37 const std::string& user_id, 38 scoped_ptr<DeviceLocalAccountPolicyStore> store); 39 ~DeviceLocalAccountPolicyBroker(); 40 41 const std::string& user_id() const { return user_id_; } 42 43 CloudPolicyCore* core() { return &core_; } 44 const CloudPolicyCore* core() const { return &core_; } 45 46 // Establish a cloud connection for the service. 47 void Connect(scoped_ptr<CloudPolicyClient> client); 48 49 // Destroy the cloud connection, stopping policy refreshes. 50 void Disconnect(); 51 52 // Reads the refresh delay from policy and configures the refresh scheduler. 53 void UpdateRefreshDelay(); 54 55 // Retrieves the display name for the account as stored in policy. Returns an 56 // empty string if the policy is not present. 57 std::string GetDisplayName() const; 58 59 private: 60 const std::string user_id_; 61 scoped_ptr<DeviceLocalAccountPolicyStore> store_; 62 CloudPolicyCore core_; 63 64 DISALLOW_COPY_AND_ASSIGN(DeviceLocalAccountPolicyBroker); 65}; 66 67// Manages user policy blobs for device-local accounts present on the device. 68// The actual policy blobs are brokered by session_manager (to prevent file 69// manipulation), and we're making signature checks on the policy blobs to 70// ensure they're issued by the device owner. 71class DeviceLocalAccountPolicyService : public content::NotificationObserver, 72 public CloudPolicyStore::Observer { 73 public: 74 // Interface for interested parties to observe policy changes. 75 class Observer { 76 public: 77 virtual ~Observer() {} 78 79 // Policy for the given |user_id| has changed. 80 virtual void OnPolicyUpdated(const std::string& user_id) = 0; 81 82 // The list of accounts has been updated. 83 virtual void OnDeviceLocalAccountsChanged() = 0; 84 }; 85 86 DeviceLocalAccountPolicyService( 87 chromeos::SessionManagerClient* session_manager_client, 88 chromeos::DeviceSettingsService* device_settings_service, 89 chromeos::CrosSettings* cros_settings); 90 virtual ~DeviceLocalAccountPolicyService(); 91 92 // Initializes the cloud policy service connection. 93 void Connect(DeviceManagementService* device_management_service); 94 95 // Prevents further policy fetches from the cloud. 96 void Disconnect(); 97 98 // Get the policy broker for a given |user_id|. Returns NULL if that |user_id| 99 // does not belong to an existing device-local account. 100 DeviceLocalAccountPolicyBroker* GetBrokerForUser(const std::string& user_id); 101 102 // Indicates whether policy has been successfully fetched for the given 103 // |user_id|. 104 bool IsPolicyAvailableForUser(const std::string& user_id); 105 106 void AddObserver(Observer* observer); 107 void RemoveObserver(Observer* observer); 108 109 // NotificationObserver: 110 virtual void Observe(int type, 111 const content::NotificationSource& source, 112 const content::NotificationDetails& details) OVERRIDE; 113 114 // CloudPolicyStore::Observer: 115 virtual void OnStoreLoaded(CloudPolicyStore* store) OVERRIDE; 116 virtual void OnStoreError(CloudPolicyStore* store) OVERRIDE; 117 118 private: 119 struct PolicyBrokerWrapper { 120 PolicyBrokerWrapper(); 121 122 // Return the |broker|, creating it first if necessary. 123 DeviceLocalAccountPolicyBroker* GetBroker(); 124 125 // Fire up the cloud connection for fetching policy for the account from the 126 // cloud if this is an enterprise-managed device. 127 void ConnectIfPossible(); 128 129 // Destroy the cloud connection. 130 void Disconnect(); 131 132 // Delete the broker. 133 void DeleteBroker(); 134 135 std::string user_id; 136 std::string account_id; 137 DeviceLocalAccountPolicyService* parent; 138 DeviceLocalAccountPolicyBroker* broker; 139 }; 140 141 typedef std::map<std::string, PolicyBrokerWrapper> PolicyBrokerMap; 142 143 // Re-queries the list of defined device-local accounts from device settings 144 // and updates |policy_brokers_| to match that list. 145 void UpdateAccountList(); 146 147 // Deletes brokers in |map| and clears it. 148 void DeleteBrokers(PolicyBrokerMap* map); 149 150 // Find the broker for a given |store|. Returns NULL if |store| is unknown. 151 DeviceLocalAccountPolicyBroker* GetBrokerForStore(CloudPolicyStore* store); 152 153 chromeos::SessionManagerClient* session_manager_client_; 154 chromeos::DeviceSettingsService* device_settings_service_; 155 chromeos::CrosSettings* cros_settings_; 156 157 DeviceManagementService* device_management_service_; 158 159 // The device-local account policy brokers, keyed by user ID. 160 PolicyBrokerMap policy_brokers_; 161 162 ObserverList<Observer, true> observers_; 163 164 // Weak pointer factory for cros_settings_->PrepareTrustedValues() callbacks. 165 base::WeakPtrFactory<DeviceLocalAccountPolicyService> 166 cros_settings_callback_factory_; 167 168 DISALLOW_COPY_AND_ASSIGN(DeviceLocalAccountPolicyService); 169}; 170 171} // namespace policy 172 173#endif // CHROME_BROWSER_CHROMEOS_POLICY_DEVICE_LOCAL_ACCOUNT_POLICY_SERVICE_H_ 174