| OLD | NEW |
| (Empty) | |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #ifndef CHROME_BROWSER_CHROMEOS_LOGIN_DEVICE_SETTINGS_SERVICE_H_ |
| 6 #define CHROME_BROWSER_CHROMEOS_LOGIN_DEVICE_SETTINGS_SERVICE_H_ |
| 7 |
| 8 #include <deque> |
| 9 #include <string> |
| 10 #include <vector> |
| 11 |
| 12 #include "base/basictypes.h" |
| 13 #include "base/callback.h" |
| 14 #include "base/memory/ref_counted.h" |
| 15 #include "base/memory/scoped_ptr.h" |
| 16 #include "base/observer_list.h" |
| 17 #include "base/synchronization/lock.h" |
| 18 #include "chrome/browser/policy/cloud_policy_validator.h" |
| 19 #include "chromeos/dbus/session_manager_client.h" |
| 20 |
| 21 namespace base { |
| 22 template <typename T> struct DefaultLazyInstanceTraits; |
| 23 } |
| 24 |
| 25 namespace crypto { |
| 26 class RSAPrivateKey; |
| 27 } |
| 28 |
| 29 namespace enterprise_management { |
| 30 class ChromeDeviceSettingsProto; |
| 31 class PolicyData; |
| 32 } |
| 33 |
| 34 namespace chromeos { |
| 35 |
| 36 class OwnerKeyUtil; |
| 37 class SessionManagerOperation; |
| 38 |
| 39 // Keeps the public and private halves of the owner key. Both may be missing, |
| 40 // but if the private key is present, the public half will be as well. This |
| 41 // class is immutable and refcounted in order to allow safe access from any |
| 42 // thread. |
| 43 class OwnerKey : public base::RefCountedThreadSafe<OwnerKey> { |
| 44 public: |
| 45 OwnerKey(scoped_ptr<std::vector<uint8> > public_key, |
| 46 scoped_ptr<crypto::RSAPrivateKey> private_key); |
| 47 ~OwnerKey(); |
| 48 |
| 49 const std::vector<uint8>* public_key() { |
| 50 return public_key_.get(); |
| 51 } |
| 52 crypto::RSAPrivateKey* private_key() { |
| 53 return private_key_.get(); |
| 54 } |
| 55 |
| 56 private: |
| 57 scoped_ptr<std::vector<uint8> > public_key_; |
| 58 scoped_ptr<crypto::RSAPrivateKey> private_key_; |
| 59 |
| 60 DISALLOW_COPY_AND_ASSIGN(OwnerKey); |
| 61 }; |
| 62 |
| 63 // Deals with the low-level interface to Chromium OS device settings. Device |
| 64 // settings are stored in a protobuf that's protected by a cryptographic |
| 65 // signature generated by a key in the device owner's possession. Key and |
| 66 // settings are brokered by the session_manager daemon. |
| 67 // |
| 68 // The purpose of DeviceSettingsService is to keep track of the current key and |
| 69 // settings blob. For reading and writing device settings, use CrosSettings |
| 70 // instead, which provides a high-level interface that allows for manipulation |
| 71 // of individual settings. |
| 72 // |
| 73 // DeviceSettingsService generates notifications for key and policy update |
| 74 // events so interested parties and reload state as appropriate. |
| 75 class DeviceSettingsService : public SessionManagerClient::Observer { |
| 76 public: |
| 77 // Indicates ownership status of the device. |
| 78 enum OwnershipStatus { |
| 79 // Listed in upgrade order. |
| 80 OWNERSHIP_UNKNOWN = 0, |
| 81 OWNERSHIP_NONE, |
| 82 OWNERSHIP_TAKEN |
| 83 }; |
| 84 |
| 85 typedef base::Callback<void(OwnershipStatus, bool)> OwnershipStatusCallback; |
| 86 |
| 87 // Status codes for Store(). |
| 88 enum Status { |
| 89 STORE_SUCCESS, |
| 90 STORE_KEY_UNAVAILABLE, // Owner key not yet configured. |
| 91 STORE_POLICY_ERROR, // Failure constructing the settings blob. |
| 92 STORE_OPERATION_FAILED, // IPC to session_manager daemon failed. |
| 93 STORE_NO_POLICY, // No settings blob present. |
| 94 STORE_INVALID_POLICY, // Invalid settings blob. |
| 95 STORE_VALIDATION_ERROR, // Policy validation failure. |
| 96 }; |
| 97 |
| 98 // Observer interface. |
| 99 class Observer { |
| 100 public: |
| 101 virtual ~Observer(); |
| 102 |
| 103 // Indicates device ownership status changes. |
| 104 virtual void OwnershipStatusChanged() = 0; |
| 105 |
| 106 // Gets call after updates to the device settings. |
| 107 virtual void DeviceSettingsUpdated() = 0; |
| 108 }; |
| 109 |
| 110 // Creates a device settings service instance. This is meant for unit tests, |
| 111 // production code uses the singleton returned by Get() below. |
| 112 DeviceSettingsService(); |
| 113 ~DeviceSettingsService(); |
| 114 |
| 115 // Returns the singleton instance. |
| 116 static DeviceSettingsService* Get(); |
| 117 |
| 118 // To be called on startup once threads are initialized and DBus is ready. |
| 119 void Initialize(SessionManagerClient* session_manager_client, |
| 120 scoped_refptr<OwnerKeyUtil> owner_key_util); |
| 121 void Shutdown(); |
| 122 |
| 123 // Returns the currently active device settings. Returns NULL if the device |
| 124 // settings have not yet been retrieved from session_manager yet. |
| 125 const enterprise_management::PolicyData* policy_data() { |
| 126 return policy_data_.get(); |
| 127 } |
| 128 const enterprise_management::ChromeDeviceSettingsProto* |
| 129 device_settings() const { |
| 130 return device_settings_.get(); |
| 131 } |
| 132 |
| 133 // Returns the currently used owner key. |
| 134 scoped_refptr<OwnerKey> GetOwnerKey(); |
| 135 |
| 136 // Returns the status generated by the last operation. |
| 137 Status status() { |
| 138 return store_status_; |
| 139 } |
| 140 |
| 141 // Triggers an attempt to pull the public half of the owner key from disk and |
| 142 // load the device settings. |
| 143 void Load(); |
| 144 |
| 145 // Signs |settings| with the private half of the owner key and sends the |
| 146 // resulting policy blob to session manager for storage. The result of the |
| 147 // operation is reported through |callback|. If successful, the updated device |
| 148 // settings are present in policy_data() and device_settings() when the |
| 149 // callback runs. |
| 150 void SignAndStore( |
| 151 scoped_ptr<enterprise_management::ChromeDeviceSettingsProto> settings, |
| 152 const base::Closure& callback); |
| 153 |
| 154 // Stores a policy blob to session_manager. The result of the operation is |
| 155 // reported through |callback|. If successful, the updated device settings are |
| 156 // present in policy_data() and device_settings() when the callback runs. |
| 157 void Store(const std::string& policy_blob, const base::Closure& callback); |
| 158 |
| 159 // This method can be run either on FILE or UI threads. If |blocking| flag |
| 160 // is specified then it is guaranteed to return either OWNERSHIP_NONE or |
| 161 // OWNERSHIP_TAKEN (and not OWNERSHIP_UNKNOWN), however in this case it may |
| 162 // occasionally block doing I/O. |
| 163 // |
| 164 // TODO(mnissler, pastarmovj): Remove the blocking flag and only allow this on |
| 165 // the UI thread. |
| 166 OwnershipStatus GetOwnershipStatus(bool blocking); |
| 167 |
| 168 // Determines the ownership status and reports the result to |callback|. This |
| 169 // is guaranteed to never return OWNERSHIP_UNKNOWN. |
| 170 void GetOwnershipStatusAsync(const OwnershipStatusCallback& callback); |
| 171 |
| 172 // Checks whether we have the private owner key. |
| 173 bool HasPrivateOwnerKey(); |
| 174 |
| 175 // Sets the identity of the user that's interacting with the service. This is |
| 176 // relevant only for writing settings through SignAndStore(). |
| 177 void SetUsername(const std::string& username); |
| 178 const std::string& GetUsername() const; |
| 179 |
| 180 // Adds an observer. |
| 181 void AddObserver(Observer* observer); |
| 182 // Removes and observer. |
| 183 void RemoveObserver(Observer* observer); |
| 184 |
| 185 // SessionManagerClient::Observer: |
| 186 void OwnerKeySet(bool success) OVERRIDE; |
| 187 void PropertyChangeComplete(bool success) OVERRIDE; |
| 188 |
| 189 private: |
| 190 // Enqueues a new operation. Takes ownership of |operation| and starts it |
| 191 // right away if there is no active operation currently. |
| 192 void Enqueue(SessionManagerOperation* operation); |
| 193 |
| 194 // Enqueues a load operation. |
| 195 void EnqueueLoad(bool force_key_load); |
| 196 |
| 197 // Makes sure there's a reload operation so changes to the settings (and key, |
| 198 // in case force_key_load is set) are getting picked up. |
| 199 void EnsureReload(bool force_key_load); |
| 200 |
| 201 // Runs the next pending operation. |
| 202 void RunNextOperation(); |
| 203 |
| 204 // Updates status, policy data and owner key from a finished operation. |
| 205 // Starts the next pending operation if available. |
| 206 void HandleCompletedOperation(const base::Closure& callback, |
| 207 SessionManagerOperation* operation, |
| 208 Status status); |
| 209 |
| 210 // Sets ownership status. May be called on either thread. |
| 211 void SetOwnershipStatus(OwnershipStatus new_status); |
| 212 |
| 213 SessionManagerClient* session_manager_client_; |
| 214 scoped_refptr<OwnerKeyUtil> owner_key_util_; |
| 215 |
| 216 base::WeakPtrFactory<DeviceSettingsService> weak_factory_; |
| 217 |
| 218 Status store_status_; |
| 219 |
| 220 OwnershipStatus ownership_status_; |
| 221 base::Lock ownership_status_lock_; |
| 222 std::vector<OwnershipStatusCallback> pending_ownership_status_callbacks_; |
| 223 |
| 224 std::string username_; |
| 225 scoped_refptr<OwnerKey> owner_key_; |
| 226 |
| 227 scoped_ptr<enterprise_management::PolicyData> policy_data_; |
| 228 scoped_ptr<enterprise_management::ChromeDeviceSettingsProto> device_settings_; |
| 229 |
| 230 // The queue of pending operations. The first operation on the queue is |
| 231 // currently active; it gets removed and destroyed once it completes. |
| 232 std::deque<SessionManagerOperation*> pending_operations_; |
| 233 |
| 234 ObserverList<Observer, true> observers_; |
| 235 |
| 236 DISALLOW_COPY_AND_ASSIGN(DeviceSettingsService); |
| 237 }; |
| 238 |
| 239 } // namespace chromeos |
| 240 |
| 241 #endif // CHROME_BROWSER_CHROMEOS_LOGIN_DEVICE_SETTINGS_SERVICE_H_ |
| OLD | NEW |