Chromium Code Reviews Chromium Code Reviews
Issue 2486813002:
Add DeviceADPolicyManager to provide AD policy. (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_BROWSER_POLICY_CONNECTOR_CHROMEOS_H_ | 5 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_BROWSER_POLICY_CONNECTOR_CHROMEOS_H_ |
| 6 #define CHROME_BROWSER_CHROMEOS_POLICY_BROWSER_POLICY_CONNECTOR_CHROMEOS_H_ | 6 #define CHROME_BROWSER_CHROMEOS_POLICY_BROWSER_POLICY_CONNECTOR_CHROMEOS_H_ |
| 7 | 7 |
| 8 #include <memory> | 8 #include <memory> |
| 9 #include <set> | 9 #include <set> |
| 10 #include <string> | 10 #include <string> |
| (...skipping 21 matching lines...) Expand all Loading... | |
| 32 namespace net { | 32 namespace net { |
| 33 class URLRequestContextGetter; | 33 class URLRequestContextGetter; |
| 34 } | 34 } |
| 35 | 35 |
| 36 namespace policy { | 36 namespace policy { |
| 37 | 37 |
| 38 class AffiliatedCloudPolicyInvalidator; | 38 class AffiliatedCloudPolicyInvalidator; |
| 39 class AffiliatedInvalidationServiceProvider; | 39 class AffiliatedInvalidationServiceProvider; |
| 40 class AffiliatedRemoteCommandsInvalidator; | 40 class AffiliatedRemoteCommandsInvalidator; |
| 41 class BluetoothPolicyHandler; | 41 class BluetoothPolicyHandler; |
| 42 class DeviceADPolicyManager; | |
| 42 class DeviceCloudPolicyInitializer; | 43 class DeviceCloudPolicyInitializer; |
| 43 class DeviceLocalAccountPolicyService; | 44 class DeviceLocalAccountPolicyService; |
| 44 class DeviceManagementService; | 45 class DeviceManagementService; |
| 45 struct EnrollmentConfig; | 46 struct EnrollmentConfig; |
| 46 class NetworkConfigurationUpdater; | 47 class NetworkConfigurationUpdater; |
| 47 class ProxyPolicyProvider; | 48 class ProxyPolicyProvider; |
| 48 class ServerBackedStateKeysBroker; | 49 class ServerBackedStateKeysBroker; |
| 49 | 50 |
| 50 // Extends ChromeBrowserPolicyConnector with the setup specific to Chrome OS. | 51 // Extends ChromeBrowserPolicyConnector with the setup specific to Chrome OS. |
| 51 class BrowserPolicyConnectorChromeOS | 52 class BrowserPolicyConnectorChromeOS |
| (...skipping 16 matching lines...) Expand all Loading... | |
| 68 | 69 |
| 69 void Shutdown() override; | 70 void Shutdown() override; |
| 70 | 71 |
| 71 // Returns true if this device is managed by an enterprise (as opposed to | 72 // Returns true if this device is managed by an enterprise (as opposed to |
| 72 // a local owner). | 73 // a local owner). |
| 73 bool IsEnterpriseManaged() const; | 74 bool IsEnterpriseManaged() const; |
| 74 | 75 |
| 75 // Returns the enterprise domain if device is managed. | 76 // Returns the enterprise domain if device is managed. |
| 76 std::string GetEnterpriseDomain() const; | 77 std::string GetEnterpriseDomain() const; |
| 77 | 78 |
| 79 // Returns the Kerberos realm (aka Windows Domain) if the device is managed by | |
| 80 // Active Directory. | |
| 78 std::string GetRealm() const; | 81 std::string GetRealm() const; |
| 79 | 82 |
| 80 // Returns the device asset ID if it is set. | 83 // Returns the device asset ID if it is set. |
| 81 std::string GetDeviceAssetID() const; | 84 std::string GetDeviceAssetID() const; |
| 82 | 85 |
| 83 // Returns the cloud directory API ID or an empty string if it is not set. | 86 // Returns the cloud directory API ID or an empty string if it is not set. |
| 84 std::string GetDirectoryApiID() const; | 87 std::string GetDirectoryApiID() const; |
| 85 | 88 |
| 86 // Returns the device mode. For Chrome OS this function will return the mode | 89 // Returns the device mode. For Chrome OS this function will return the mode |
| 87 // stored in the lockbox, or DEVICE_MODE_CONSUMER if the lockbox has been | 90 // stored in the lockbox, or DEVICE_MODE_CONSUMER if the lockbox has been |
| 88 // locked empty, or DEVICE_MODE_UNKNOWN if the device has not been owned yet. | 91 // locked empty, or DEVICE_MODE_UNKNOWN if the device has not been owned yet. |
| 89 // For other OSes the function will always return DEVICE_MODE_CONSUMER. | 92 // For other OSes the function will always return DEVICE_MODE_CONSUMER. |
| 90 DeviceMode GetDeviceMode() const; | 93 DeviceMode GetDeviceMode() const; |
| 91 | 94 |
| 92 // Get the enrollment configuration for the device as decided by various | 95 // Get the enrollment configuration for the device as decided by various |
| 93 // factors. See DeviceCloudPolicyInitializer::GetPrescribedEnrollmentConfig() | 96 // factors. See DeviceCloudPolicyInitializer::GetPrescribedEnrollmentConfig() |
| 94 // for details. | 97 // for details. |
| 95 EnrollmentConfig GetPrescribedEnrollmentConfig() const; | 98 EnrollmentConfig GetPrescribedEnrollmentConfig() const; |
| 96 | 99 |
| 100 // May be nullptr, eg. for AD-managed devices. | |
|
emaxx
2016/11/11 15:25:08
nit: I think either "eg" or "e.g." should be used.
Thiemo Nagel
2016/11/16 19:11:01
Good point, I wasn't aware of that! I guess I'm g
| |
| 97 DeviceCloudPolicyManagerChromeOS* GetDeviceCloudPolicyManager() const { | 101 DeviceCloudPolicyManagerChromeOS* GetDeviceCloudPolicyManager() const { |
| 98 return device_cloud_policy_manager_; | 102 return device_cloud_policy_manager_; |
| 99 } | 103 } |
| 100 | 104 |
| 105 // May be nullptr, eg. for non-AD-managed devices. | |
| 106 DeviceADPolicyManager* GetDeviceADPolicyManager() const { | |
| 107 return device_ad_policy_manager_; | |
| 108 } | |
| 109 | |
| 110 // May be nullptr. | |
| 101 DeviceCloudPolicyInitializer* GetDeviceCloudPolicyInitializer() const { | 111 DeviceCloudPolicyInitializer* GetDeviceCloudPolicyInitializer() const { |
| 102 return device_cloud_policy_initializer_.get(); | 112 return device_cloud_policy_initializer_.get(); |
| 103 } | 113 } |
| 104 | 114 |
| 115 // May be nullptr, eg. for AD-managed devices. | |
| 105 DeviceLocalAccountPolicyService* GetDeviceLocalAccountPolicyService() const { | 116 DeviceLocalAccountPolicyService* GetDeviceLocalAccountPolicyService() const { |
| 106 return device_local_account_policy_service_.get(); | 117 return device_local_account_policy_service_.get(); |
| 107 } | 118 } |
| 108 | 119 |
| 109 chromeos::InstallAttributes* GetInstallAttributes() const { | 120 chromeos::InstallAttributes* GetInstallAttributes() const { |
| 110 return install_attributes_.get(); | 121 return install_attributes_.get(); |
| 111 } | 122 } |
| 112 | 123 |
| 124 // May be nullptr, eg. for AD-managed devices. | |
| 113 ServerBackedStateKeysBroker* GetStateKeysBroker() const { | 125 ServerBackedStateKeysBroker* GetStateKeysBroker() const { |
| 114 return state_keys_broker_.get(); | 126 return state_keys_broker_.get(); |
| 115 } | 127 } |
| 116 | 128 |
| 117 // The browser-global PolicyService is created before Profiles are ready, to | 129 // The browser-global PolicyService is created before Profiles are ready, to |
| 118 // provide managed values for the local state PrefService. It includes a | 130 // provide managed values for the local state PrefService. It includes a |
| 119 // policy provider that forwards policies from a delegate policy provider. | 131 // policy provider that forwards policies from a delegate policy provider. |
| 120 // This call can be used to set the user policy provider as that delegate | 132 // This call can be used to set the user policy provider as that delegate |
| 121 // once the Profile is ready, so that user policies can also affect local | 133 // once the Profile is ready, so that user policies can also affect local |
| 122 // state preferences. | 134 // state preferences. |
| (...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 156 // Creates an attestation flow using our async method handler and | 168 // Creates an attestation flow using our async method handler and |
| 157 // cryptohome client. | 169 // cryptohome client. |
| 158 std::unique_ptr<chromeos::attestation::AttestationFlow> | 170 std::unique_ptr<chromeos::attestation::AttestationFlow> |
| 159 CreateAttestationFlow(); | 171 CreateAttestationFlow(); |
| 160 | 172 |
| 161 // Components of the device cloud policy implementation. | 173 // Components of the device cloud policy implementation. |
| 162 std::unique_ptr<ServerBackedStateKeysBroker> state_keys_broker_; | 174 std::unique_ptr<ServerBackedStateKeysBroker> state_keys_broker_; |
| 163 std::unique_ptr<chromeos::InstallAttributes> install_attributes_; | 175 std::unique_ptr<chromeos::InstallAttributes> install_attributes_; |
| 164 std::unique_ptr<AffiliatedInvalidationServiceProvider> | 176 std::unique_ptr<AffiliatedInvalidationServiceProvider> |
| 165 affiliated_invalidation_service_provider_; | 177 affiliated_invalidation_service_provider_; |
| 166 DeviceCloudPolicyManagerChromeOS* device_cloud_policy_manager_; | 178 DeviceCloudPolicyManagerChromeOS* device_cloud_policy_manager_ = nullptr; |
| 179 DeviceADPolicyManager* device_ad_policy_manager_ = nullptr; | |
| 167 PrefService* local_state_; | 180 PrefService* local_state_; |
| 168 std::unique_ptr<DeviceCloudPolicyInitializer> | 181 std::unique_ptr<DeviceCloudPolicyInitializer> |
| 169 device_cloud_policy_initializer_; | 182 device_cloud_policy_initializer_; |
| 170 std::unique_ptr<DeviceLocalAccountPolicyService> | 183 std::unique_ptr<DeviceLocalAccountPolicyService> |
| 171 device_local_account_policy_service_; | 184 device_local_account_policy_service_; |
| 172 std::unique_ptr<AffiliatedCloudPolicyInvalidator> | 185 std::unique_ptr<AffiliatedCloudPolicyInvalidator> |
| 173 device_cloud_policy_invalidator_; | 186 device_cloud_policy_invalidator_; |
| 174 std::unique_ptr<AffiliatedRemoteCommandsInvalidator> | 187 std::unique_ptr<AffiliatedRemoteCommandsInvalidator> |
| 175 device_remote_commands_invalidator_; | 188 device_remote_commands_invalidator_; |
| 176 | 189 |
| 177 std::unique_ptr<BluetoothPolicyHandler> bluetooth_policy_handler_; | 190 std::unique_ptr<BluetoothPolicyHandler> bluetooth_policy_handler_; |
| 178 | 191 |
| 179 // This policy provider is used on Chrome OS to feed user policy into the | 192 // This policy provider is used on Chrome OS to feed user policy into the |
| 180 // global PolicyService instance. This works by installing the cloud policy | 193 // global PolicyService instance. This works by installing the cloud policy |
| 181 // provider of the primary profile as the delegate of the ProxyPolicyProvider, | 194 // provider of the primary profile as the delegate of the ProxyPolicyProvider, |
| 182 // after login. | 195 // after login. |
| 183 // The provider is owned by the base class; this field is just a typed weak | 196 // The provider is owned by the base class; this field is just a typed weak |
| 184 // pointer to get to the ProxyPolicyProvider at SetUserPolicyDelegate(). | 197 // pointer to get to the ProxyPolicyProvider at SetUserPolicyDelegate(). |
| 185 ProxyPolicyProvider* global_user_cloud_policy_provider_; | 198 ProxyPolicyProvider* global_user_cloud_policy_provider_ = nullptr; |
| 186 | 199 |
| 187 std::unique_ptr<NetworkConfigurationUpdater> network_configuration_updater_; | 200 std::unique_ptr<NetworkConfigurationUpdater> network_configuration_updater_; |
| 188 | 201 |
| 189 base::WeakPtrFactory<BrowserPolicyConnectorChromeOS> weak_ptr_factory_; | 202 base::WeakPtrFactory<BrowserPolicyConnectorChromeOS> weak_ptr_factory_; |
| 190 | 203 |
| 191 DISALLOW_COPY_AND_ASSIGN(BrowserPolicyConnectorChromeOS); | 204 DISALLOW_COPY_AND_ASSIGN(BrowserPolicyConnectorChromeOS); |
| 192 }; | 205 }; |
| 193 | 206 |
| 194 } // namespace policy | 207 } // namespace policy |
| 195 | 208 |
| 196 #endif // CHROME_BROWSER_CHROMEOS_POLICY_BROWSER_POLICY_CONNECTOR_CHROMEOS_H_ | 209 #endif // CHROME_BROWSER_CHROMEOS_POLICY_BROWSER_POLICY_CONNECTOR_CHROMEOS_H_ |
| OLD | NEW |
