OLD | NEW |
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/chromeos/login/user_manager_impl.h" | 5 #include "chrome/browser/chromeos/login/user_manager_impl.h" |
6 | 6 |
7 #include <cstddef> | 7 #include <cstddef> |
8 #include <set> | 8 #include <set> |
9 | 9 |
10 #include "ash/shell.h" | 10 #include "ash/shell.h" |
(...skipping 17 matching lines...) Expand all Loading... |
28 #include "chrome/browser/chromeos/cros/cros_library.h" | 28 #include "chrome/browser/chromeos/cros/cros_library.h" |
29 #include "chrome/browser/chromeos/login/default_pinned_apps_field_trial.h" | 29 #include "chrome/browser/chromeos/login/default_pinned_apps_field_trial.h" |
30 #include "chrome/browser/chromeos/login/login_display.h" | 30 #include "chrome/browser/chromeos/login/login_display.h" |
31 #include "chrome/browser/chromeos/login/login_utils.h" | 31 #include "chrome/browser/chromeos/login/login_utils.h" |
32 #include "chrome/browser/chromeos/login/remove_user_delegate.h" | 32 #include "chrome/browser/chromeos/login/remove_user_delegate.h" |
33 #include "chrome/browser/chromeos/login/user_image_manager_impl.h" | 33 #include "chrome/browser/chromeos/login/user_image_manager_impl.h" |
34 #include "chrome/browser/chromeos/login/wizard_controller.h" | 34 #include "chrome/browser/chromeos/login/wizard_controller.h" |
35 #include "chrome/browser/chromeos/policy/device_local_account.h" | 35 #include "chrome/browser/chromeos/policy/device_local_account.h" |
36 #include "chrome/browser/chromeos/session_length_limiter.h" | 36 #include "chrome/browser/chromeos/session_length_limiter.h" |
37 #include "chrome/browser/chromeos/settings/cros_settings_names.h" | 37 #include "chrome/browser/chromeos/settings/cros_settings_names.h" |
| 38 #include "chrome/browser/managed_mode/managed_user_service.h" |
38 #include "chrome/browser/policy/browser_policy_connector.h" | 39 #include "chrome/browser/policy/browser_policy_connector.h" |
39 #include "chrome/browser/prefs/scoped_user_pref_update.h" | 40 #include "chrome/browser/prefs/scoped_user_pref_update.h" |
40 #include "chrome/browser/profiles/profile_manager.h" | 41 #include "chrome/browser/profiles/profile_manager.h" |
41 #include "chrome/browser/sync/profile_sync_service.h" | 42 #include "chrome/browser/sync/profile_sync_service.h" |
42 #include "chrome/browser/sync/profile_sync_service_factory.h" | 43 #include "chrome/browser/sync/profile_sync_service_factory.h" |
43 #include "chrome/common/chrome_notification_types.h" | 44 #include "chrome/common/chrome_notification_types.h" |
44 #include "chrome/common/chrome_switches.h" | 45 #include "chrome/common/chrome_switches.h" |
45 #include "chrome/common/pref_names.h" | 46 #include "chrome/common/pref_names.h" |
46 #include "chromeos/chromeos_switches.h" | 47 #include "chromeos/chromeos_switches.h" |
47 #include "chromeos/cryptohome/async_method_caller.h" | 48 #include "chromeos/cryptohome/async_method_caller.h" |
(...skipping 150 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
198 : cros_settings_(CrosSettings::Get()), | 199 : cros_settings_(CrosSettings::Get()), |
199 device_local_account_policy_service_(NULL), | 200 device_local_account_policy_service_(NULL), |
200 users_loaded_(false), | 201 users_loaded_(false), |
201 active_user_(NULL), | 202 active_user_(NULL), |
202 session_started_(false), | 203 session_started_(false), |
203 user_sessions_restored_(false), | 204 user_sessions_restored_(false), |
204 is_current_user_owner_(false), | 205 is_current_user_owner_(false), |
205 is_current_user_new_(false), | 206 is_current_user_new_(false), |
206 is_current_user_ephemeral_regular_user_(false), | 207 is_current_user_ephemeral_regular_user_(false), |
207 ephemeral_users_enabled_(false), | 208 ephemeral_users_enabled_(false), |
| 209 locally_managed_users_enabled_by_policy_(false), |
208 merge_session_state_(MERGE_STATUS_NOT_STARTED), | 210 merge_session_state_(MERGE_STATUS_NOT_STARTED), |
209 observed_sync_service_(NULL), | 211 observed_sync_service_(NULL), |
210 user_image_manager_(new UserImageManagerImpl) { | 212 user_image_manager_(new UserImageManagerImpl) { |
211 // UserManager instance should be used only on UI thread. | 213 // UserManager instance should be used only on UI thread. |
212 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 214 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
213 registrar_.Add(this, chrome::NOTIFICATION_OWNERSHIP_STATUS_CHANGED, | 215 registrar_.Add(this, chrome::NOTIFICATION_OWNERSHIP_STATUS_CHANGED, |
214 content::NotificationService::AllSources()); | 216 content::NotificationService::AllSources()); |
215 registrar_.Add(this, chrome::NOTIFICATION_LOGIN_USER_PROFILE_PREPARED, | 217 registrar_.Add(this, chrome::NOTIFICATION_LOGIN_USER_PROFILE_PREPARED, |
216 content::NotificationService::AllSources()); | 218 content::NotificationService::AllSources()); |
217 RetrieveTrustedDevicePolicies(); | 219 RetrieveTrustedDevicePolicies(); |
| 220 cros_settings_->AddSettingsObserver(kAccountsPrefDeviceLocalAccounts, |
| 221 this); |
| 222 cros_settings_->AddSettingsObserver(kAccountsPrefSupervisedUsersEnabled, |
| 223 this); |
218 UpdateLoginState(); | 224 UpdateLoginState(); |
219 } | 225 } |
220 | 226 |
221 UserManagerImpl::~UserManagerImpl() { | 227 UserManagerImpl::~UserManagerImpl() { |
222 // Can't use STLDeleteElements because of the private destructor of User. | 228 // Can't use STLDeleteElements because of the private destructor of User. |
223 for (UserList::iterator it = users_.begin(); it != users_.end(); | 229 for (UserList::iterator it = users_.begin(); it != users_.end(); |
224 it = users_.erase(it)) { | 230 it = users_.erase(it)) { |
225 if (active_user_ == *it) | 231 if (active_user_ == *it) |
226 active_user_ = NULL; | 232 active_user_ = NULL; |
227 delete *it; | 233 delete *it; |
228 } | 234 } |
229 // These are pointers to the same User instances that were in users_ list. | 235 // These are pointers to the same User instances that were in users_ list. |
230 logged_in_users_.clear(); | 236 logged_in_users_.clear(); |
231 lru_logged_in_users_.clear(); | 237 lru_logged_in_users_.clear(); |
232 | 238 |
233 delete active_user_; | 239 delete active_user_; |
234 } | 240 } |
235 | 241 |
236 void UserManagerImpl::Shutdown() { | 242 void UserManagerImpl::Shutdown() { |
237 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 243 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
238 cros_settings_->RemoveSettingsObserver(kAccountsPrefDeviceLocalAccounts, | 244 cros_settings_->RemoveSettingsObserver(kAccountsPrefDeviceLocalAccounts, |
239 this); | 245 this); |
| 246 cros_settings_->RemoveSettingsObserver( |
| 247 kAccountsPrefSupervisedUsersEnabled, |
| 248 this); |
240 // Stop the session length limiter. | 249 // Stop the session length limiter. |
241 session_length_limiter_.reset(); | 250 session_length_limiter_.reset(); |
242 | 251 |
243 if (device_local_account_policy_service_) | 252 if (device_local_account_policy_service_) |
244 device_local_account_policy_service_->RemoveObserver(this); | 253 device_local_account_policy_service_->RemoveObserver(this); |
245 | 254 |
246 if (observed_sync_service_) | 255 if (observed_sync_service_) |
247 observed_sync_service_->RemoveObserver(this); | 256 observed_sync_service_->RemoveObserver(this); |
248 } | 257 } |
249 | 258 |
(...skipping 456 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
706 HasSwitch(::switches::kMultiProfiles)) { | 715 HasSwitch(::switches::kMultiProfiles)) { |
707 DCHECK(NULL == observed_sync_service_); | 716 DCHECK(NULL == observed_sync_service_); |
708 observed_sync_service_ = | 717 observed_sync_service_ = |
709 ProfileSyncServiceFactory::GetForProfile(profile); | 718 ProfileSyncServiceFactory::GetForProfile(profile); |
710 if (observed_sync_service_) | 719 if (observed_sync_service_) |
711 observed_sync_service_->AddObserver(this); | 720 observed_sync_service_->AddObserver(this); |
712 } | 721 } |
713 } | 722 } |
714 } | 723 } |
715 break; | 724 break; |
716 case chrome::NOTIFICATION_SYSTEM_SETTING_CHANGED: | 725 case chrome::NOTIFICATION_SYSTEM_SETTING_CHANGED: { |
717 DCHECK_EQ(*content::Details<const std::string>(details).ptr(), | 726 std::string changed_setting = |
718 kAccountsPrefDeviceLocalAccounts); | 727 *content::Details<const std::string>(details).ptr(); |
| 728 DCHECK(changed_setting == kAccountsPrefDeviceLocalAccounts || |
| 729 changed_setting == kAccountsPrefSupervisedUsersEnabled); |
719 RetrieveTrustedDevicePolicies(); | 730 RetrieveTrustedDevicePolicies(); |
720 break; | 731 break; |
| 732 } |
721 default: | 733 default: |
722 NOTREACHED(); | 734 NOTREACHED(); |
723 } | 735 } |
724 } | 736 } |
725 | 737 |
726 void UserManagerImpl::OnStateChanged() { | 738 void UserManagerImpl::OnStateChanged() { |
727 DCHECK(IsLoggedInAsRegularUser()); | 739 DCHECK(IsLoggedInAsRegularUser()); |
728 GoogleServiceAuthError::State state = | 740 GoogleServiceAuthError::State state = |
729 observed_sync_service_->GetAuthError().state(); | 741 observed_sync_service_->GetAuthError().state(); |
730 if (state != GoogleServiceAuthError::NONE && | 742 if (state != GoogleServiceAuthError::NONE && |
(...skipping 272 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1003 it != public_accounts.end(); ++it) { | 1015 it != public_accounts.end(); ++it) { |
1004 users_.push_back(User::CreatePublicAccountUser(*it)); | 1016 users_.push_back(User::CreatePublicAccountUser(*it)); |
1005 UpdatePublicAccountDisplayName(*it); | 1017 UpdatePublicAccountDisplayName(*it); |
1006 } | 1018 } |
1007 | 1019 |
1008 user_image_manager_->LoadUserImages(users_); | 1020 user_image_manager_->LoadUserImages(users_); |
1009 } | 1021 } |
1010 | 1022 |
1011 void UserManagerImpl::RetrieveTrustedDevicePolicies() { | 1023 void UserManagerImpl::RetrieveTrustedDevicePolicies() { |
1012 ephemeral_users_enabled_ = false; | 1024 ephemeral_users_enabled_ = false; |
| 1025 locally_managed_users_enabled_by_policy_ = false; |
1013 owner_email_ = ""; | 1026 owner_email_ = ""; |
1014 | 1027 |
1015 // Schedule a callback if device policy has not yet been verified. | 1028 // Schedule a callback if device policy has not yet been verified. |
1016 if (CrosSettingsProvider::TRUSTED != cros_settings_->PrepareTrustedValues( | 1029 if (CrosSettingsProvider::TRUSTED != cros_settings_->PrepareTrustedValues( |
1017 base::Bind(&UserManagerImpl::RetrieveTrustedDevicePolicies, | 1030 base::Bind(&UserManagerImpl::RetrieveTrustedDevicePolicies, |
1018 base::Unretained(this)))) { | 1031 base::Unretained(this)))) { |
1019 return; | 1032 return; |
1020 } | 1033 } |
1021 | 1034 |
1022 cros_settings_->GetBoolean(kAccountsPrefEphemeralUsersEnabled, | 1035 cros_settings_->GetBoolean(kAccountsPrefEphemeralUsersEnabled, |
1023 &ephemeral_users_enabled_); | 1036 &ephemeral_users_enabled_); |
| 1037 cros_settings_->GetBoolean(kAccountsPrefSupervisedUsersEnabled, |
| 1038 &locally_managed_users_enabled_by_policy_); |
1024 cros_settings_->GetString(kDeviceOwner, &owner_email_); | 1039 cros_settings_->GetString(kDeviceOwner, &owner_email_); |
1025 | 1040 |
1026 EnsureUsersLoaded(); | 1041 EnsureUsersLoaded(); |
1027 | 1042 |
1028 bool changed = UpdateAndCleanUpPublicAccounts( | 1043 bool changed = UpdateAndCleanUpPublicAccounts( |
1029 policy::GetDeviceLocalAccounts(cros_settings_)); | 1044 policy::GetDeviceLocalAccounts(cros_settings_)); |
1030 | 1045 |
1031 // If ephemeral users are enabled and we are on the login screen, take this | 1046 // If ephemeral users are enabled and we are on the login screen, take this |
1032 // opportunity to clean up by removing all regular users except the owner. | 1047 // opportunity to clean up by removing all regular users except the owner. |
1033 if (ephemeral_users_enabled_ && !IsUserLoggedIn()) { | 1048 if (ephemeral_users_enabled_ && !IsUserLoggedIn()) { |
(...skipping 11 matching lines...) Expand all Loading... |
1045 } else { | 1060 } else { |
1046 if ((*it)->GetType() != User::USER_TYPE_PUBLIC_ACCOUNT) | 1061 if ((*it)->GetType() != User::USER_TYPE_PUBLIC_ACCOUNT) |
1047 prefs_users_update->Append(new base::StringValue(user_email)); | 1062 prefs_users_update->Append(new base::StringValue(user_email)); |
1048 ++it; | 1063 ++it; |
1049 } | 1064 } |
1050 } | 1065 } |
1051 } | 1066 } |
1052 | 1067 |
1053 if (changed) | 1068 if (changed) |
1054 NotifyUserListChanged(); | 1069 NotifyUserListChanged(); |
1055 | |
1056 cros_settings_->AddSettingsObserver(kAccountsPrefDeviceLocalAccounts, | |
1057 this); | |
1058 } | 1070 } |
1059 | 1071 |
1060 bool UserManagerImpl::AreEphemeralUsersEnabled() const { | 1072 bool UserManagerImpl::AreEphemeralUsersEnabled() const { |
1061 return ephemeral_users_enabled_ && | 1073 return ephemeral_users_enabled_ && |
1062 (g_browser_process->browser_policy_connector()->IsEnterpriseManaged() || | 1074 (g_browser_process->browser_policy_connector()->IsEnterpriseManaged() || |
1063 !owner_email_.empty()); | 1075 !owner_email_.empty()); |
1064 } | 1076 } |
1065 | 1077 |
1066 UserList& UserManagerImpl::GetUsersAndModify() { | 1078 UserList& UserManagerImpl::GetUsersAndModify() { |
1067 EnsureUsersLoaded(); | 1079 EnsureUsersLoaded(); |
(...skipping 511 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1579 void UserManagerImpl::SetAppModeChromeClientOAuthInfo( | 1591 void UserManagerImpl::SetAppModeChromeClientOAuthInfo( |
1580 const std::string& chrome_client_id, | 1592 const std::string& chrome_client_id, |
1581 const std::string& chrome_client_secret) { | 1593 const std::string& chrome_client_secret) { |
1582 if (!chrome::IsRunningInForcedAppMode()) | 1594 if (!chrome::IsRunningInForcedAppMode()) |
1583 return; | 1595 return; |
1584 | 1596 |
1585 chrome_client_id_ = chrome_client_id; | 1597 chrome_client_id_ = chrome_client_id; |
1586 chrome_client_secret_ = chrome_client_secret; | 1598 chrome_client_secret_ = chrome_client_secret; |
1587 } | 1599 } |
1588 | 1600 |
| 1601 bool UserManagerImpl::AreLocallyManagedUsersAllowed() const { |
| 1602 return ManagedUserService::AreManagedUsersEnabled() && |
| 1603 (locally_managed_users_enabled_by_policy_ || |
| 1604 !g_browser_process->browser_policy_connector()->IsEnterpriseManaged()); |
| 1605 } |
| 1606 |
1589 UserFlow* UserManagerImpl::GetDefaultUserFlow() const { | 1607 UserFlow* UserManagerImpl::GetDefaultUserFlow() const { |
1590 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 1608 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
1591 if (!default_flow_.get()) | 1609 if (!default_flow_.get()) |
1592 default_flow_.reset(new DefaultUserFlow()); | 1610 default_flow_.reset(new DefaultUserFlow()); |
1593 return default_flow_.get(); | 1611 return default_flow_.get(); |
1594 } | 1612 } |
1595 | 1613 |
1596 void UserManagerImpl::NotifyUserListChanged() { | 1614 void UserManagerImpl::NotifyUserListChanged() { |
1597 content::NotificationService::current()->Notify( | 1615 content::NotificationService::current()->Notify( |
1598 chrome::NOTIFICATION_USER_LIST_CHANGED, | 1616 chrome::NOTIFICATION_USER_LIST_CHANGED, |
(...skipping 129 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1728 false, // using_oauth | 1746 false, // using_oauth |
1729 false, // has_cookies | 1747 false, // has_cookies |
1730 true, // has_active_session | 1748 true, // has_active_session |
1731 this); | 1749 this); |
1732 } else { | 1750 } else { |
1733 RestorePendingUserSessions(); | 1751 RestorePendingUserSessions(); |
1734 } | 1752 } |
1735 } | 1753 } |
1736 | 1754 |
1737 } // namespace chromeos | 1755 } // namespace chromeos |
OLD | NEW |