15821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Copyright (c) 2012 The Chromium Authors. All rights reserved. 25821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 35821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// found in the LICENSE file. 45821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 52a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#ifndef CHROME_BROWSER_CHROMEOS_POLICY_ENTERPRISE_INSTALL_ATTRIBUTES_H_ 62a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#define CHROME_BROWSER_CHROMEOS_POLICY_ENTERPRISE_INSTALL_ATTRIBUTES_H_ 75821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 82a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#include <map> 95821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <string> 105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "base/basictypes.h" 12c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "base/callback.h" 135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "base/compiler_specific.h" 142a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#include "base/files/file_path.h" 15116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch#include "base/gtest_prod_util.h" 16c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "base/memory/weak_ptr.h" 17c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "chromeos/dbus/cryptohome_client.h" 18c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "chromeos/dbus/dbus_method_call_status.h" 19a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)#include "components/policy/core/common/cloud/cloud_policy_constants.h" 205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)namespace policy { 225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Brokers access to the enterprise-related installation-time attributes on 245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// ChromeOS. 257d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles)// TODO(zelidrag, mnissler): Rename + move this class - http://crbug.com/249513. 265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)class EnterpriseInstallAttributes { 275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) public: 285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Return codes for LockDevice(). 295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) enum LockResult { 305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LOCK_SUCCESS, 315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LOCK_NOT_READY, 325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LOCK_BACKEND_ERROR, 335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LOCK_WRONG_USER, 345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) }; 355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 36c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // A callback to handle responses of methods returning a LockResult value. 37c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) typedef base::Callback<void(LockResult lock_result)> LockResultCallback; 38c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 39116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch // Return serialized InstallAttributes of an enterprise-owned configuration. 40116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch static std::string GetEnterpriseOwnedInstallAttributesBlobForTesting( 41116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch const std::string& user_name); 422a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 434e180b6a0b4720a9b8e9e959a882386f690f08ffTorne (Richard Coles) explicit EnterpriseInstallAttributes( 44c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) chromeos::CryptohomeClient* cryptohome_client); 45c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) ~EnterpriseInstallAttributes(); 465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 47cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) // Reads data from the cache file which is created early during the boot 48cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) // process. The cache file is used to work around slow cryptohome startup, 49cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) // which takes a while to register its DBus interface. See 50cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) // http://crosbug.com/37367 for background on this. 512a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) void ReadCacheFile(const base::FilePath& cache_file); 522a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 532a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) // Makes sure the local caches for enterprise-related install attributes are 54c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // up-to-date with what cryptohome has. This method checks the readiness of 55c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // attributes and read them if ready. Actual read will be performed in 56c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // ReadAttributesIfReady(). 57c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) void ReadImmutableAttributes(const base::Closure& callback); 582a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Locks the device to be an enterprise device registered by the given user. 605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // This can also be called after the lock has already been taken, in which 615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // case it checks that the passed user agrees with the locked attribute. 62c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // |callback| must not be null and is called with the result. 63c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) void LockDevice(const std::string& user, 64c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) DeviceMode device_mode, 65c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) const std::string& device_id, 66c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) const LockResultCallback& callback); 675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Checks whether this is an enterprise device. 695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool IsEnterpriseDevice(); 705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 717d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles) // Checks whether this is a consumer kiosk enabled device. 725d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) bool IsConsumerKioskDeviceWithAutoLaunch(); 737d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles) 745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Gets the domain this device belongs to or an empty string if the device is 755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // not an enterprise device. 765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) std::string GetDomain(); 775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Gets the user that registered the device. Returns an empty string if the 795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // device is not an enterprise device. 805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) std::string GetRegistrationUser(); 815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Gets the device id that was generated when the device was registered. 835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Returns an empty string if the device is not an enterprise device or the 845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // device id was not stored in the lockbox (prior to R19). 855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) std::string GetDeviceId(); 865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Gets the mode the device was enrolled to. The return value for devices that 885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // are not locked yet will be DEVICE_MODE_UNKNOWN. 895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DeviceMode GetMode(); 905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 91b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) protected: 92b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) bool device_locked_; 93b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) std::string registration_user_; 94b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) std::string registration_domain_; 95b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) std::string registration_device_id_; 96b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) DeviceMode registration_mode_; 97b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) private: 99116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch FRIEND_TEST_ALL_PREFIXES(EnterpriseInstallAttributesTest, 100116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch DeviceLockedFromOlderVersion); 101116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch FRIEND_TEST_ALL_PREFIXES(EnterpriseInstallAttributesTest, 102116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch ReadCacheFile); 103116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch FRIEND_TEST_ALL_PREFIXES(EnterpriseInstallAttributesTest, 104116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch ReadCacheFileForConsumerKiosk); 105116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch FRIEND_TEST_ALL_PREFIXES(EnterpriseInstallAttributesTest, 106116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch VerifyFakeInstallAttributesCache); 107116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch 108116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch // Constants for the possible device modes that can be stored in the lockbox. 109116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch static const char kConsumerDeviceMode[]; 110116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch static const char kEnterpriseDeviceMode[]; 111116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch static const char kRetailKioskDeviceMode[]; 112116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch static const char kConsumerKioskDeviceMode[]; 113116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch static const char kUnknownDeviceMode[]; 114116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch 115116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch // Field names in the lockbox. 116116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch static const char kAttrEnterpriseDeviceId[]; 117116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch static const char kAttrEnterpriseDomain[]; 118116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch static const char kAttrEnterpriseMode[]; 119116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch static const char kAttrEnterpriseOwned[]; 120116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch static const char kAttrEnterpriseUser[]; 121116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch static const char kAttrConsumerKioskEnabled[]; 122116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch 123116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch // Translates DeviceMode constants to strings used in the lockbox. 124116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch std::string GetDeviceModeString(DeviceMode mode); 125116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch 126116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch // Translates strings used in the lockbox to DeviceMode values. 127116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch DeviceMode GetDeviceModeFromString(const std::string& mode); 128116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch 1292a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) // Decodes the install attributes provided in |attr_map|. 1302a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) void DecodeInstallAttributes( 1312a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) const std::map<std::string, std::string>& attr_map); 1325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 133c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // Helper for ReadImmutableAttributes. 134c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) void ReadAttributesIfReady( 135c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) const base::Closure& callback, 136c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) chromeos::DBusMethodCallStatus call_status, 137c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) bool result); 138c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 139c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // Helper for LockDevice(). Handles the result of InstallAttributesIsReady() 140c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // and continue processing LockDevice if the result is true. 141c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) void LockDeviceIfAttributesIsReady( 142c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) const std::string& user, 143c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) DeviceMode device_mode, 144c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) const std::string& device_id, 145c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) const LockResultCallback& callback, 146c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) chromeos::DBusMethodCallStatus call_status, 147c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) bool result); 148c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 149c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // Confirms the registered user and invoke the callback. 150c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) void OnReadImmutableAttributes(const std::string& user, 151c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) const LockResultCallback& callback); 152c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 153c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) chromeos::CryptohomeClient* cryptohome_client_; 1545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 155c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) base::WeakPtrFactory<EnterpriseInstallAttributes> weak_ptr_factory_; 1565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DISALLOW_COPY_AND_ASSIGN(EnterpriseInstallAttributes); 1585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)}; 1595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} // namespace policy 1615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1622a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#endif // CHROME_BROWSER_CHROMEOS_POLICY_ENTERPRISE_INSTALL_ATTRIBUTES_H_ 163