OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/policy/device_policy_identity_strategy.h" | 5 #include "chrome/browser/policy/device_policy_identity_strategy.h" |
6 | 6 |
7 #include "chrome/browser/browser_process.h" | 7 #include "chrome/browser/browser_process.h" |
8 #include "chrome/browser/chromeos/login/ownership_service.h" | 8 #include "chrome/browser/chromeos/login/ownership_service.h" |
9 #include "chrome/browser/chromeos/login/user_manager.h" | 9 #include "chrome/browser/chromeos/login/user_manager.h" |
10 #include "chrome/browser/net/gaia/token_service.h" | 10 #include "chrome/browser/net/gaia/token_service.h" |
| 11 #include "chrome/browser/policy/proto/device_management_constants.h" |
11 #include "chrome/browser/profiles/profile.h" | 12 #include "chrome/browser/profiles/profile.h" |
12 #include "chrome/browser/profiles/profile_manager.h" | 13 #include "chrome/browser/profiles/profile_manager.h" |
| 14 #include "chrome/common/guid.h" |
13 #include "chrome/common/net/gaia/gaia_constants.h" | 15 #include "chrome/common/net/gaia/gaia_constants.h" |
14 #include "chrome/common/notification_service.h" | 16 #include "chrome/common/notification_service.h" |
15 #include "chrome/common/notification_type.h" | 17 #include "chrome/common/notification_type.h" |
16 | 18 |
17 namespace policy { | 19 namespace policy { |
18 | 20 |
| 21 // Responsible for querying device ownership on the FILE thread. |
| 22 class DevicePolicyIdentityStrategy::OwnershipChecker |
| 23 : public base::RefCountedThreadSafe< |
| 24 DevicePolicyIdentityStrategy::OwnershipChecker> { |
| 25 public: |
| 26 explicit OwnershipChecker( |
| 27 const base::WeakPtr<DevicePolicyIdentityStrategy>& strategy) |
| 28 : strategy_(strategy) {} |
| 29 |
| 30 // Initiates a query on the file thread to check if the currently logged in |
| 31 // user is the owner. |
| 32 void CheckCurrentUserIsOwner(); |
| 33 |
| 34 private: |
| 35 void CheckOnFileThread(); |
| 36 void CallbackOnUIThread(bool current_user_is_owner); |
| 37 |
| 38 private: |
| 39 friend class base::RefCountedThreadSafe<OwnershipChecker>; |
| 40 |
| 41 ~OwnershipChecker() {} |
| 42 |
| 43 // The object to be called back with the result. |
| 44 base::WeakPtr<DevicePolicyIdentityStrategy> strategy_; |
| 45 |
| 46 DISALLOW_COPY_AND_ASSIGN(OwnershipChecker); |
| 47 }; |
| 48 |
| 49 void DevicePolicyIdentityStrategy::OwnershipChecker::CheckCurrentUserIsOwner() { |
| 50 if (!strategy_.get()) |
| 51 return; |
| 52 BrowserThread::PostTask( |
| 53 BrowserThread::FILE, |
| 54 FROM_HERE, |
| 55 NewRunnableMethod( |
| 56 this, |
| 57 &DevicePolicyIdentityStrategy::OwnershipChecker::CheckOnFileThread)); |
| 58 } |
| 59 |
| 60 void DevicePolicyIdentityStrategy::OwnershipChecker::CheckOnFileThread() { |
| 61 bool current_user_is_owner = |
| 62 chromeos::OwnershipService::GetSharedInstance()->CurrentUserIsOwner(); |
| 63 BrowserThread::PostTask( |
| 64 BrowserThread::UI, |
| 65 FROM_HERE, |
| 66 NewRunnableMethod( |
| 67 this, |
| 68 &DevicePolicyIdentityStrategy::OwnershipChecker::CallbackOnUIThread, |
| 69 current_user_is_owner)); |
| 70 } |
| 71 |
| 72 void DevicePolicyIdentityStrategy::OwnershipChecker::CallbackOnUIThread( |
| 73 bool current_user_is_owner) { |
| 74 if (strategy_.get()) { |
| 75 strategy_->OnOwnershipInformationAvailable(current_user_is_owner); |
| 76 strategy_.reset(); |
| 77 } |
| 78 } |
| 79 |
19 DevicePolicyIdentityStrategy::DevicePolicyIdentityStrategy() | 80 DevicePolicyIdentityStrategy::DevicePolicyIdentityStrategy() |
20 : should_register_(false) { | 81 : current_user_is_owner_(false), |
| 82 ownership_checker_(NULL), |
| 83 ALLOW_THIS_IN_INITIALIZER_LIST(weak_ptr_factory_(this)) { |
21 registrar_.Add(this, | 84 registrar_.Add(this, |
22 NotificationType::TOKEN_AVAILABLE, | 85 NotificationType::TOKEN_AVAILABLE, |
23 NotificationService::AllSources()); | 86 NotificationService::AllSources()); |
24 registrar_.Add(this, | 87 registrar_.Add(this, |
25 NotificationType::LOGIN_USER_CHANGED, | 88 NotificationType::LOGIN_USER_CHANGED, |
26 NotificationService::AllSources()); | 89 NotificationService::AllSources()); |
27 registrar_.Add(this, | 90 registrar_.Add(this, |
28 NotificationType::OWNERSHIP_TAKEN, | |
29 NotificationService::AllSources()); | |
30 registrar_.Add(this, | |
31 NotificationType::OWNER_KEY_FETCH_ATTEMPT_SUCCEEDED, | 91 NotificationType::OWNER_KEY_FETCH_ATTEMPT_SUCCEEDED, |
32 NotificationService::AllSources()); | 92 NotificationService::AllSources()); |
33 | 93 |
34 // TODO(mnissler): Figure out how to read the machine id. | 94 // TODO(mnissler): Figure out how to read the machine id. |
35 machine_id_ = "dummy-cros-machine-ID"; | 95 machine_id_ = "dummy-cros-machine-ID"; |
36 } | 96 } |
37 | 97 |
| 98 DevicePolicyIdentityStrategy::~DevicePolicyIdentityStrategy() { |
| 99 } |
| 100 |
| 101 void DevicePolicyIdentityStrategy::OnOwnershipInformationAvailable( |
| 102 bool current_user_is_owner) { |
| 103 current_user_is_owner_ = current_user_is_owner; |
| 104 CheckAndTriggerFetch(); |
| 105 } |
| 106 |
| 107 void DevicePolicyIdentityStrategy::CheckOwnershipAndTriggerFetch() { |
| 108 // TODO(gfeher): Avoid firing a new query if the answer is already known. |
| 109 |
| 110 // Cancel any pending queries. |
| 111 weak_ptr_factory_.InvalidateWeakPtrs(); |
| 112 // Set to false until we know that the current user is the owner. |
| 113 current_user_is_owner_ = false; |
| 114 // Issue a new query. |
| 115 ownership_checker_ = new OwnershipChecker(weak_ptr_factory_.GetWeakPtr()); |
| 116 // The following will call back to CheckTriggerFetch(). |
| 117 ownership_checker_->CheckCurrentUserIsOwner(); |
| 118 } |
| 119 |
38 std::string DevicePolicyIdentityStrategy::GetDeviceToken() { | 120 std::string DevicePolicyIdentityStrategy::GetDeviceToken() { |
39 return device_token_; | 121 return device_token_; |
40 } | 122 } |
41 | 123 |
42 std::string DevicePolicyIdentityStrategy::GetDeviceID() { | 124 std::string DevicePolicyIdentityStrategy::GetDeviceID() { |
| 125 return device_id_; |
| 126 } |
| 127 |
| 128 std::string DevicePolicyIdentityStrategy::GetMachineID() { |
43 return machine_id_; | 129 return machine_id_; |
44 } | 130 } |
45 | 131 |
| 132 em::DeviceRegisterRequest_Type |
| 133 DevicePolicyIdentityStrategy::GetPolicyRegisterType() { |
| 134 return em::DeviceRegisterRequest::DEVICE; |
| 135 } |
| 136 |
| 137 std::string DevicePolicyIdentityStrategy::GetPolicyType() { |
| 138 return kChromeDevicePolicyType; |
| 139 } |
| 140 |
46 bool DevicePolicyIdentityStrategy::GetCredentials(std::string* username, | 141 bool DevicePolicyIdentityStrategy::GetCredentials(std::string* username, |
47 std::string* auth_token) { | 142 std::string* auth_token) { |
48 // Only register if requested. | |
49 if (!should_register_) | |
50 return false; | |
51 | |
52 // Need to know the machine id. | 143 // Need to know the machine id. |
53 if (machine_id_.empty()) | 144 if (machine_id_.empty()) |
54 return false; | 145 return false; |
55 | 146 |
56 // Only fetch credentials (and, subsequently, token/policy) when the owner | 147 // Only fetch credentials (and, subsequently, token/policy) when the owner |
57 // is logged in. | 148 // is logged in. |
58 if (!chromeos::OwnershipService::GetSharedInstance()->CurrentUserIsOwner()) | 149 if (!current_user_is_owner_) |
59 return false; | 150 return false; |
60 | 151 |
61 // We need to know about the profile of the logged in user. | 152 // We need to know about the profile of the logged in user. |
62 Profile* profile = g_browser_process->profile_manager()->GetDefaultProfile(); | 153 Profile* profile = g_browser_process->profile_manager()->GetDefaultProfile(); |
63 if (!profile) { | 154 if (!profile) { |
64 NOTREACHED() << "Current user profile inaccessible"; | 155 NOTREACHED() << "Current user profile inaccessible"; |
65 return false; | 156 return false; |
66 } | 157 } |
67 | 158 |
68 *username = chromeos::UserManager::Get()->logged_in_user().email(); | 159 *username = chromeos::UserManager::Get()->logged_in_user().email(); |
69 *auth_token = profile->GetTokenService()->GetTokenForService( | 160 *auth_token = profile->GetTokenService()->GetTokenForService( |
70 GaiaConstants::kDeviceManagementService); | 161 GaiaConstants::kDeviceManagementService); |
71 | 162 |
72 return !username->empty() && !auth_token->empty(); | 163 return !username->empty() && !auth_token->empty(); |
73 } | 164 } |
74 | 165 |
75 void DevicePolicyIdentityStrategy::OnDeviceTokenAvailable( | 166 void DevicePolicyIdentityStrategy::OnDeviceTokenAvailable( |
76 const std::string& token) { | 167 const std::string& token) { |
77 DCHECK(!machine_id_.empty()); | 168 DCHECK(!machine_id_.empty()); |
78 | 169 |
79 // Reset registration flag, so we only attempt registration once. | |
80 should_register_ = false; | |
81 | |
82 device_token_ = token; | 170 device_token_ = token; |
83 NotifyDeviceTokenChanged(); | 171 NotifyDeviceTokenChanged(); |
84 } | 172 } |
85 | 173 |
86 void DevicePolicyIdentityStrategy::CheckAndTriggerFetch() { | 174 void DevicePolicyIdentityStrategy::CheckAndTriggerFetch() { |
87 std::string username; | 175 std::string username; |
88 std::string auth_token; | 176 std::string auth_token; |
89 if (GetCredentials(&username, &auth_token)) | 177 if (GetCredentials(&username, &auth_token)) { |
| 178 device_id_ = guid::GenerateGUID(); |
90 NotifyAuthChanged(); | 179 NotifyAuthChanged(); |
| 180 } |
91 } | 181 } |
92 | 182 |
93 void DevicePolicyIdentityStrategy::Observe(NotificationType type, | 183 void DevicePolicyIdentityStrategy::Observe(NotificationType type, |
94 const NotificationSource& source, | 184 const NotificationSource& source, |
95 const NotificationDetails& details) { | 185 const NotificationDetails& details) { |
96 if (type == NotificationType::TOKEN_AVAILABLE) { | 186 if (type == NotificationType::TOKEN_AVAILABLE) { |
97 const TokenService::TokenAvailableDetails* token_details = | 187 const TokenService::TokenAvailableDetails* token_details = |
98 Details<const TokenService::TokenAvailableDetails>(details).ptr(); | 188 Details<const TokenService::TokenAvailableDetails>(details).ptr(); |
99 if (token_details->service() == GaiaConstants::kDeviceManagementService) | 189 if (token_details->service() == GaiaConstants::kDeviceManagementService) |
100 CheckAndTriggerFetch(); | 190 CheckOwnershipAndTriggerFetch(); |
101 } else if (type == NotificationType::LOGIN_USER_CHANGED) { | 191 } else if (type == NotificationType::LOGIN_USER_CHANGED) { |
102 should_register_ = false; | 192 CheckOwnershipAndTriggerFetch(); |
103 CheckAndTriggerFetch(); | |
104 } else if (type == NotificationType::OWNERSHIP_TAKEN) { | |
105 should_register_ = true; | |
106 CheckAndTriggerFetch(); | |
107 } else if (type == NotificationType::OWNER_KEY_FETCH_ATTEMPT_SUCCEEDED) { | 193 } else if (type == NotificationType::OWNER_KEY_FETCH_ATTEMPT_SUCCEEDED) { |
108 CheckAndTriggerFetch(); | 194 CheckOwnershipAndTriggerFetch(); |
109 } else { | 195 } else { |
110 NOTREACHED(); | 196 NOTREACHED(); |
111 } | 197 } |
112 } | 198 } |
113 | 199 |
114 } // namespace policy | 200 } // namespace policy |
OLD | NEW |