Implement ephemeral users

chrome/browser/chromeos/login/user_manager.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/login/user_manager.h"
 
 #include <vector>
 
 #include "base/bind.h"
 #include "base/command_line.h"
@@ skipping 18 matching lines @@
 #include "chrome/browser/chromeos/cryptohome/async_method_caller.h"
 #include "chrome/browser/chromeos/dbus/cryptohome_client.h"
 #include "chrome/browser/chromeos/dbus/dbus_thread_manager.h"
 #include "chrome/browser/chromeos/input_method/input_method_manager.h"
 #include "chrome/browser/chromeos/login/default_user_images.h"
 #include "chrome/browser/chromeos/login/helper.h"
 #include "chrome/browser/chromeos/login/login_display.h"
 #include "chrome/browser/chromeos/login/ownership_service.h"
 #include "chrome/browser/chromeos/login/remove_user_delegate.h"
 #include "chrome/browser/chromeos/system/runtime_environment.h"
+#include "chrome/browser/policy/browser_policy_connector.h"
 #include "chrome/browser/prefs/pref_service.h"
 #include "chrome/browser/prefs/scoped_user_pref_update.h"
 #include "chrome/browser/profiles/profile_downloader.h"
 #include "chrome/browser/profiles/profile_manager.h"
 #include "chrome/browser/sync/profile_sync_service.h"
 #include "chrome/browser/sync/profile_sync_service_factory.h"
 #include "chrome/browser/ui/webui/web_ui_util.h"
 #include "chrome/common/chrome_notification_types.h"
 #include "chrome/common/chrome_paths.h"
 #include "chrome/common/chrome_switches.h"
@@ skipping 266 matching lines @@
   const_cast<UserManager*>(this)->EnsureUsersLoaded();
   return users_;
 }
 
 void UserManager::UserLoggedIn(const std::string& email) {
   DCHECK(!user_is_logged_in_);
 
   user_is_logged_in_ = true;
 
   if (email == kGuestUser) {
+    current_user_is_ephemeral_ = true;
     GuestUserLoggedIn();
     return;
   }
 
   if (email == kDemoUser) {
+    current_user_is_ephemeral_ = true;
     DemoUserLoggedIn();
     return;
   }
 
+  if (IsEphemeralUser(email)) {
+    current_user_is_ephemeral_ = true;
+    logged_in_user_ = CreateUser(email);
+    NotifyOnLogin();
+    return;
+  }
+
   EnsureUsersLoaded();
 
   // Clear the prefs view of the users.
   PrefService* prefs = g_browser_process->local_state();
   ListPrefUpdate prefs_users_update(prefs, kLoggedInUsers);
   prefs_users_update->Clear();
 
   // Make sure this user is first.
   prefs_users_update->Append(Value::CreateStringValue(email));
   UserList::iterator logged_in_user = users_.end();
@@ skipping 76 matching lines @@
 
   // Sanity check: do not allow the logged-in user to remove himself.
   if (logged_in_user_ && logged_in_user_->email() == email)
     return;
 
   RemoveUserInternal(email, delegate);
 }
 
 void UserManager::RemoveUserFromList(const std::string& email) {
   EnsureUsersLoaded();
-
-  // Clear the prefs view of the users.
-  PrefService* prefs = g_browser_process->local_state();
-  ListPrefUpdate prefs_users_update(prefs, kLoggedInUsers);
-  prefs_users_update->Clear();
-
-  UserList::iterator user_to_remove = users_.end();
-  for (UserList::iterator it = users_.begin(); it != users_.end(); ++it) {
-    std::string user_email = (*it)->email();
-    // Skip user that we would like to delete.
-    if (email != user_email)
-      prefs_users_update->Append(Value::CreateStringValue(user_email));
-    else
-      user_to_remove = it;
-  }
-
-  DictionaryPrefUpdate prefs_images_update(prefs, kUserImages);
-  std::string image_path_string;
-  prefs_images_update->GetStringWithoutPathExpansion(email, &image_path_string);
-  prefs_images_update->RemoveWithoutPathExpansion(email, NULL);
-
-  DictionaryPrefUpdate prefs_oauth_update(prefs, kUserOAuthTokenStatus);
-  int oauth_status;
-  prefs_oauth_update->GetIntegerWithoutPathExpansion(email, &oauth_status);
-  prefs_oauth_update->RemoveWithoutPathExpansion(email, NULL);
-
-  DictionaryPrefUpdate prefs_display_email_update(prefs, kUserDisplayEmail);
-  prefs_display_email_update->RemoveWithoutPathExpansion(email, NULL);
-
-  if (user_to_remove != users_.end()) {
-    --display_name_count_[(*user_to_remove)->GetDisplayName()];
-    delete *user_to_remove;
-    users_.erase(user_to_remove);
-  }
-
-  int default_image_id = User::kInvalidImageIndex;
-  if (!image_path_string.empty() &&
-      !IsDefaultImagePath(image_path_string, &default_image_id)) {
-    FilePath image_path(image_path_string);
-    BrowserThread::PostTask(
-        BrowserThread::FILE,
-        FROM_HERE,
-        base::Bind(&UserManager::DeleteUserImage,
-                   base::Unretained(this),
-                   image_path));
-  }
+  RemoveUserFromListInternal(email);
 }
 
 bool UserManager::IsKnownUser(const std::string& email) const {
   return FindUser(email) != NULL;
 }
 
 const User* UserManager::FindUser(const std::string& email) const {
-  // Speed up search by checking the logged-in user first.
   if (logged_in_user_ && logged_in_user_->email() == email)
     return logged_in_user_;
-  const UserList& users = GetUsers();
-  for (UserList::const_iterator it = users.begin(); it != users.end(); ++it) {
-    if ((*it)->email() == email)
-      return *it;
-  }
-  return NULL;
+  return FindUserInList(email);
 }
 
 bool UserManager::IsDisplayNameUnique(const std::string& display_name) const {
   return display_name_count_[display_name] < 2;
 }
 
 void UserManager::SaveUserOAuthStatus(
     const std::string& username,
     User::OAuthTokenStatus oauth_token_status) {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
-  PrefService* local_state = g_browser_process->local_state();
-  DictionaryPrefUpdate oauth_status_update(local_state, kUserOAuthTokenStatus);
-  oauth_status_update->SetWithoutPathExpansion(username,
-      new base::FundamentalValue(static_cast<int>(oauth_token_status)));
+
   DVLOG(1) << "Saving user OAuth token status in Local State";
   User* user = const_cast<User*>(FindUser(username));
   if (user)
     user->set_oauth_token_status(oauth_token_status);
+
+  // Do not update local store if the user is ephemeral.
+  if (IsEphemeralUser(username))
+    return;
+
+  PrefService* local_state = g_browser_process->local_state();
+
+  DictionaryPrefUpdate oauth_status_update(local_state, kUserOAuthTokenStatus);
+  oauth_status_update->SetWithoutPathExpansion(username,
+      new base::FundamentalValue(static_cast<int>(oauth_token_status)));
 }
 
 User::OAuthTokenStatus UserManager::LoadUserOAuthStatus(
     const std::string& username) const {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
 
   if (CommandLine::ForCurrentProcess()->HasSwitch(
       switches::kSkipOAuthLogin)) {
     // Use OAUTH_TOKEN_STATUS_VALID flag if kSkipOAuthLogin is present.
     return User::OAUTH_TOKEN_STATUS_VALID;
@@ skipping 16 matching lines @@
 void UserManager::SaveUserDisplayEmail(const std::string& username,
                                        const std::string& display_email) {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
 
   User* user = const_cast<User*>(FindUser(username));
   if (!user)
     return;  // Ignore if there is no such user.
 
   user->set_display_email(display_email);
 
+  // Do not update local store if the user is ephemeral.
+  if (IsEphemeralUser(username))
+    return;
+
   PrefService* local_state = g_browser_process->local_state();
 
   DictionaryPrefUpdate display_email_update(local_state, kUserDisplayEmail);
   display_email_update->SetWithoutPathExpansion(
       username,
       base::Value::CreateStringValue(display_email));
 }
 
 std::string UserManager::GetUserDisplayEmail(
     const std::string& username) const {
@@ skipping 51 matching lines @@
 }
 
 void UserManager::Observe(int type,
                           const content::NotificationSource& source,
                           const content::NotificationDetails& details) {
   switch (type) {
     case chrome::NOTIFICATION_OWNER_KEY_FETCH_ATTEMPT_SUCCEEDED:
       BrowserThread::PostTask(BrowserThread::FILE, FROM_HERE,
                               base::Bind(&UserManager::CheckOwnership,
                                          base::Unretained(this)));
+      BrowserThread::PostTask(BrowserThread::UI, FROM_HERE,
+          base::Bind(&UserManager::RetrieveTrustedDevicePolicies,
+          base::Unretained(this)));
       break;
     case chrome::NOTIFICATION_PROFILE_ADDED:
       if (user_is_logged_in() && !IsLoggedInAsGuest()) {
         Profile* profile = content::Source<Profile>(source).ptr();
         if (!profile->IsOffTheRecord() &&
             profile == ProfileManager::GetDefaultProfile()) {
           DCHECK(NULL == observed_sync_service_);
           observed_sync_service_ =
               ProfileSyncServiceFactory::GetForProfile(profile);
           if (observed_sync_service_)
@@ skipping 54 matching lines @@
 
 // Protected constructor and destructor.
 UserManager::UserManager()
     : ALLOW_THIS_IN_INITIALIZER_LIST(image_loader_(new UserImageLoader)),
       demo_user_(kDemoUser, false),
       guest_user_(kGuestUser, true),
       stub_user_(kStubUser, false),
       logged_in_user_(NULL),
       current_user_is_owner_(false),
       current_user_is_new_(false),
+      current_user_is_ephemeral_(false),
       user_is_logged_in_(false),
+      ephemeral_users_enabled_(false),
       observed_sync_service_(NULL),
       last_image_set_async_(false),
       downloaded_profile_image_data_url_(chrome::kAboutBlankURL) {
   // Use stub as the logged-in user for test paths without login.
   if (!system::runtime_environment::IsRunningOnChromeOS())
     StubUserLoggedIn();
   registrar_.Add(this, chrome::NOTIFICATION_OWNER_KEY_FETCH_ATTEMPT_SUCCEEDED,
       content::NotificationService::AllSources());
   registrar_.Add(this, chrome::NOTIFICATION_PROFILE_ADDED,
       content::NotificationService::AllSources());
+  RetrieveTrustedDevicePolicies();
 }
 
 UserManager::~UserManager() {
 }
 
 FilePath UserManager::GetImagePathForUser(const std::string& username) {
   std::string filename = username + ".png";
   FilePath user_data_dir;
   PathService::Get(chrome::DIR_USER_DATA, &user_data_dir);
   return user_data_dir.AppendASCII(filename);
@@ skipping 75 matching lines @@
         if (prefs_display_emails &&
             prefs_display_emails->GetStringWithoutPathExpansion(
                 email, &display_email)) {
           user->set_display_email(display_email);
         }
       }
     }
   }
 }
 
+void UserManager::RetrieveTrustedDevicePolicies() {
+  ephemeral_users_enabled_ = false;
+  owner_email_ = "";
+
+  CrosSettings* cros_settings = CrosSettings::Get();
+  // Schedule a callback if device policy has not yet been verified.
+  if (!cros_settings->GetTrusted(
+      kAccountsPrefEphemeralUsersEnabled,
+      base::Bind(&UserManager::RetrieveTrustedDevicePolicies,
+                 base::Unretained(this)))) {
+    return;
+  }
+
+  cros_settings->GetBoolean(kAccountsPrefEphemeralUsersEnabled,
+                            &ephemeral_users_enabled_);
+  if (g_browser_process->browser_policy_connector()->IsEnterpriseManaged())
+    owner_email_ = "";

[Nikita (slow), 2012/03/07 10:03:04]

You could always call 
cros_settings->GetString(kDeviceOwner, &owner_email_);

In case of enterprise managed device it will return empty string.

[use bartfab instead, 2012/03/07 11:10:08]

Done.

+  else
+    cros_settings->GetString(kDeviceOwner, &owner_email_);
+
+  // If ephemeral users are enabled, remove all users except the owner.
+  if (ephemeral_users_enabled_) {
+    scoped_ptr<base::ListValue> users(
+        g_browser_process->local_state()->GetList(kLoggedInUsers)->DeepCopy());
+
+    bool changed = false;
+    for (base::ListValue::const_iterator user = users->begin();
+        user != users->end(); ++user) {
+      std::string user_email;
+      (*user)->GetAsString(&user_email);
+      if (user_email != owner_email_) {
+        RemoveUserFromListInternal(user_email);
+        changed = true;
+      }
+    }
+
+    if (changed) {
+      // Trigger a redraw of the login window.
+      content::NotificationService::current()->Notify(
+          chrome::NOTIFICATION_SYSTEM_SETTING_CHANGED,
+          content::Source<UserManager>(this),
+          content::NotificationService::NoDetails());
+    }
+  }
+}
+
+bool UserManager::AreEphemeralUsersEnabled() const {
+  return ephemeral_users_enabled_ &&
+      (g_browser_process->browser_policy_connector()->IsEnterpriseManaged() ||
+      !owner_email_.empty());
+}
+
+bool UserManager::IsEphemeralUser(const std::string& email) const {
+  // The guest user always is ephemeral.
+  if (email == guest_user_.email())
+    return true;
+
+  // The currently logged-in user is ephemeral iff logged in as ephemeral.
+  if (logged_in_user_ && (email == logged_in_user_->email()))
+    return current_user_is_ephemeral_;
+
+  // Any other user is ephemeral iff ephemeral users are enabled, the user is
+  // not the owner and is not in the persistent list.
+  return AreEphemeralUsersEnabled() &&
+      (email != owner_email_) &&
+      !FindUserInList(email);
+}
+
+const User* UserManager::FindUserInList(const std::string& email) const {
+  const UserList& users = GetUsers();
+  for (UserList::const_iterator it = users.begin(); it != users.end(); ++it) {
+    if ((*it)->email() == email)
+      return *it;
+  }
+  return NULL;
+}
+
 void UserManager::StubUserLoggedIn() {
   logged_in_user_ = &stub_user_;
   stub_user_.SetImage(GetDefaultImage(kStubDefaultImageIndex),
                       kStubDefaultImageIndex);
 }
 
 void UserManager::NotifyOnLogin() {
   CHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
   content::NotificationService::current()->Notify(
       chrome::NOTIFICATION_LOGIN_USER_CHANGED,
@@ skipping 19 matching lines @@
     // Note: this calls crypto::EnsureTPMTokenReady()
     cert_library->RequestCertificates();
   }
 
   // Schedules current user ownership check on file thread.
   BrowserThread::PostTask(BrowserThread::FILE, FROM_HERE,
                           base::Bind(&UserManager::CheckOwnership,
                                      base::Unretained(this)));
 }
 
+void UserManager::LogoutForTest() {
+  if (logged_in_user_ && current_user_is_ephemeral_)
+    delete logged_in_user_;
+  logged_in_user_ = NULL;
+  current_user_is_owner_ = false;
+  current_user_is_new_ = false;
+  current_user_is_ephemeral_ = false;
+  user_is_logged_in_ = false;
+}
+
 void UserManager::SetInitialUserImage(const std::string& username) {
   // Choose a random default image.
   int image_id = base::RandInt(0, kDefaultImagesCount - 1);
   SaveUserDefaultImageIndex(username, image_id);
 }
 
 void UserManager::SetUserImage(const std::string& username,
                                int image_index,
                                const SkBitmap& image) {
   User* user = const_cast<User*>(FindUser(username));
@@ skipping 23 matching lines @@
   }
 }
 
 void UserManager::SaveUserImageInternal(const std::string& username,
                                         int image_index,
                                         const SkBitmap& image) {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
 
   SetUserImage(username, image_index, image);
 
+  // Ignore for ephemeral users.
+  if (IsEphemeralUser(username))
+    return;
+
   FilePath image_path = GetImagePathForUser(username);
   DVLOG(1) << "Saving user image to " << image_path.value();
 
   last_image_set_async_ = true;
 
   BrowserThread::PostTask(
       BrowserThread::FILE,
       FROM_HERE,
       base::Bind(&UserManager::SaveImageToFile,
                  base::Unretained(this),
@@ skipping 26 matching lines @@
                  base::Unretained(this),
                  username, image_path.value(), image_index, true));
 }
 
 void UserManager::SaveImageToLocalState(const std::string& username,
                                         const std::string& image_path,
                                         int image_index,
                                         bool is_async) {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
 
+  // Ignore for ephemeral users.
+  if (IsEphemeralUser(username))
+    return;
+
   // TODO(ivankr): use unique filenames for user images each time
   // a new image is set so that only the last image update is saved
   // to Local State and notified.
   if (is_async && !last_image_set_async_) {
     DVLOG(1) << "Ignoring saved image because it has changed";
     return;
   } else if (!is_async) {
     // Reset the async image save flag if called directly from the UI thread.
     last_image_set_async_ = false;
   }
@@ skipping 131 matching lines @@
 }
 
 User* UserManager::CreateUser(const std::string& email) const {
   User* user = new User(email, email == kGuestUser);
   user->set_oauth_token_status(LoadUserOAuthStatus(email));
   // Used to determine whether user's display name is unique.
   ++display_name_count_[user->GetDisplayName()];
   return user;
 }
 
+void UserManager::RemoveUserFromListInternal(const std::string& email) {
+  // Clear the prefs view of the users.
+  PrefService* prefs = g_browser_process->local_state();
+  ListPrefUpdate prefs_users_update(prefs, kLoggedInUsers);
+  prefs_users_update->Clear();
+
+  UserList::iterator user_to_remove = users_.end();
+  for (UserList::iterator it = users_.begin(); it != users_.end(); ++it) {
+    std::string user_email = (*it)->email();
+    // Skip user that we would like to delete.
+    if (email != user_email)
+      prefs_users_update->Append(Value::CreateStringValue(user_email));
+    else
+      user_to_remove = it;
+  }
+
+  DictionaryPrefUpdate prefs_images_update(prefs, kUserImages);
+  std::string image_path_string;
+  prefs_images_update->GetStringWithoutPathExpansion(email, &image_path_string);
+  prefs_images_update->RemoveWithoutPathExpansion(email, NULL);
+
+  DictionaryPrefUpdate prefs_oauth_update(prefs, kUserOAuthTokenStatus);
+  int oauth_status;
+  prefs_oauth_update->GetIntegerWithoutPathExpansion(email, &oauth_status);
+  prefs_oauth_update->RemoveWithoutPathExpansion(email, NULL);
+
+  DictionaryPrefUpdate prefs_display_email_update(prefs, kUserDisplayEmail);
+  prefs_display_email_update->RemoveWithoutPathExpansion(email, NULL);
+
+  if (user_to_remove != users_.end()) {
+    --display_name_count_[(*user_to_remove)->GetDisplayName()];
+    delete *user_to_remove;
+    users_.erase(user_to_remove);
+  }
+
+  int default_image_id = User::kInvalidImageIndex;
+  if (!image_path_string.empty() &&
+      !IsDefaultImagePath(image_path_string, &default_image_id)) {
+    FilePath image_path(image_path_string);
+    BrowserThread::PostTask(
+        BrowserThread::FILE,
+        FROM_HERE,
+        base::Bind(&UserManager::DeleteUserImage,
+                   base::Unretained(this),
+                   image_path));
+  }
+}
+
 }  // namespace chromeos