1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
|
// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CHROME_BROWSER_CHROMEOS_POLICY_USER_CLOUD_POLICY_MANAGER_CHROMEOS_H_
#define CHROME_BROWSER_CHROMEOS_POLICY_USER_CLOUD_POLICY_MANAGER_CHROMEOS_H_
#include <string>
#include "base/basictypes.h"
#include "base/compiler_specific.h"
#include "base/files/file_path.h"
#include "base/memory/ref_counted.h"
#include "base/memory/scoped_ptr.h"
#include "base/time/time.h"
#include "base/timer/timer.h"
#include "components/keyed_service/core/keyed_service.h"
#include "components/policy/core/common/cloud/cloud_policy_client.h"
#include "components/policy/core/common/cloud/cloud_policy_constants.h"
#include "components/policy/core/common/cloud/cloud_policy_manager.h"
#include "components/policy/core/common/cloud/cloud_policy_service.h"
class GoogleServiceAuthError;
class PrefService;
namespace base {
class SequencedTaskRunner;
}
namespace net {
class URLRequestContextGetter;
}
namespace policy {
class CloudExternalDataManager;
class DeviceManagementService;
class PolicyOAuth2TokenFetcher;
class WildcardLoginChecker;
// UserCloudPolicyManagerChromeOS implements logic for initializing user policy
// on Chrome OS.
class UserCloudPolicyManagerChromeOS : public CloudPolicyManager,
public CloudPolicyClient::Observer,
public CloudPolicyService::Observer,
public KeyedService {
public:
// If |wait_for_policy_fetch| is true, IsInitializationComplete() will return
// false as long as there hasn't been a successful policy fetch.
// |task_runner| is the runner for policy refresh tasks.
// |file_task_runner| is used for file operations. Currently this must be the
// FILE BrowserThread.
// |io_task_runner| is used for network IO. Currently this must be the IO
// BrowserThread.
UserCloudPolicyManagerChromeOS(
scoped_ptr<CloudPolicyStore> store,
scoped_ptr<CloudExternalDataManager> external_data_manager,
const base::FilePath& component_policy_cache_path,
bool wait_for_policy_fetch,
base::TimeDelta initial_policy_fetch_timeout,
const scoped_refptr<base::SequencedTaskRunner>& task_runner,
const scoped_refptr<base::SequencedTaskRunner>& file_task_runner,
const scoped_refptr<base::SequencedTaskRunner>& io_task_runner);
virtual ~UserCloudPolicyManagerChromeOS();
// Initializes the cloud connection. |local_state| and
// |device_management_service| must stay valid until this object is deleted.
void Connect(
PrefService* local_state,
DeviceManagementService* device_management_service,
scoped_refptr<net::URLRequestContextGetter> system_request_context,
UserAffiliation user_affiliation);
// This class is one of the policy providers, and must be ready for the
// creation of the Profile's PrefService; all the other
// KeyedServices depend on the PrefService, so this class can't
// depend on other BCKS to avoid a circular dependency. So instead of using
// the ProfileOAuth2TokenService directly to get the access token, a 3rd
// service (UserCloudPolicyTokenForwarder) will fetch it later and pass it
// to this method once available.
// The |access_token| can then be used to authenticate the registration
// request to the DMServer.
void OnAccessTokenAvailable(const std::string& access_token);
// Returns true if the underlying CloudPolicyClient is already registered.
bool IsClientRegistered() const;
// Indicates a wildcard login check should be performed once an access token
// is available.
void EnableWildcardLoginCheck(const std::string& username);
// ConfigurationPolicyProvider:
virtual void Shutdown() override;
virtual bool IsInitializationComplete(PolicyDomain domain) const override;
// CloudPolicyService::Observer:
virtual void OnInitializationCompleted(CloudPolicyService* service) override;
// CloudPolicyClient::Observer:
virtual void OnPolicyFetched(CloudPolicyClient* client) override;
virtual void OnRegistrationStateChanged(CloudPolicyClient* client) override;
virtual void OnClientError(CloudPolicyClient* client) override;
// ComponentCloudPolicyService::Delegate:
virtual void OnComponentCloudPolicyUpdated() override;
protected:
// CloudPolicyManager:
virtual void GetChromePolicy(PolicyMap* policy_map) override;
private:
// Fetches a policy token using the authentication context of the signin
// Profile, and calls back to OnOAuth2PolicyTokenFetched when done.
void FetchPolicyOAuthTokenUsingSigninProfile();
// Called once the policy access token is available, and starts the
// registration with the policy server if the token was successfully fetched.
void OnOAuth2PolicyTokenFetched(const std::string& policy_token,
const GoogleServiceAuthError& error);
// Completion handler for the explicit policy fetch triggered on startup in
// case |wait_for_policy_fetch_| is true. |success| is true if the fetch was
// successful.
void OnInitialPolicyFetchComplete(bool success);
// Called when |policy_fetch_timeout_| times out, to cancel the blocking
// wait for the initial policy fetch.
void OnBlockingFetchTimeout();
// Cancels waiting for the policy fetch and flags the
// ConfigurationPolicyProvider ready (assuming all other initialization tasks
// have completed).
void CancelWaitForPolicyFetch();
void StartRefreshSchedulerIfReady();
// Owns the store, note that CloudPolicyManager just keeps a plain pointer.
scoped_ptr<CloudPolicyStore> store_;
// Manages external data referenced by policies.
scoped_ptr<CloudExternalDataManager> external_data_manager_;
// Username for the wildcard login check if applicable, empty otherwise.
std::string wildcard_username_;
// Path where policy for components will be cached.
base::FilePath component_policy_cache_path_;
// Whether to wait for a policy fetch to complete before reporting
// IsInitializationComplete().
bool wait_for_policy_fetch_;
// A timer that puts a hard limit on the maximum time to wait for the initial
// policy fetch.
base::Timer policy_fetch_timeout_;
// The pref service to pass to the refresh scheduler on initialization.
PrefService* local_state_;
// Used to fetch the policy OAuth token, when necessary. This object holds
// a callback with an unretained reference to the manager, when it exists.
scoped_ptr<PolicyOAuth2TokenFetcher> token_fetcher_;
// Keeps alive the wildcard checker while its running.
scoped_ptr<WildcardLoginChecker> wildcard_login_checker_;
// The access token passed to OnAccessTokenAvailable. It is stored here so
// that it can be used if OnInitializationCompleted is called later.
std::string access_token_;
// Timestamps for collecting timing UMA stats.
base::Time time_init_started_;
base::Time time_init_completed_;
base::Time time_token_available_;
base::Time time_client_registered_;
DISALLOW_COPY_AND_ASSIGN(UserCloudPolicyManagerChromeOS);
};
} // namespace policy
#endif // CHROME_BROWSER_CHROMEOS_POLICY_USER_CLOUD_POLICY_MANAGER_CHROMEOS_H_
|
