| OLD | NEW |
|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/login/user_manager_impl.h" | 5 #include "chrome/browser/chromeos/login/user_manager_impl.h" |
| 6 | 6 |
| 7 #include <cstddef> | 7 #include <cstddef> |
| 8 #include <set> | 8 #include <set> |
| 9 | 9 |
| 10 #include "ash/shell.h" | 10 #include "ash/shell.h" |
| (...skipping 17 matching lines...) Expand all Loading... |
| 28 #include "chrome/browser/chromeos/cros/cros_library.h" | 28 #include "chrome/browser/chromeos/cros/cros_library.h" |
| 29 #include "chrome/browser/chromeos/login/default_pinned_apps_field_trial.h" | 29 #include "chrome/browser/chromeos/login/default_pinned_apps_field_trial.h" |
| 30 #include "chrome/browser/chromeos/login/login_display.h" | 30 #include "chrome/browser/chromeos/login/login_display.h" |
| 31 #include "chrome/browser/chromeos/login/login_utils.h" | 31 #include "chrome/browser/chromeos/login/login_utils.h" |
| 32 #include "chrome/browser/chromeos/login/remove_user_delegate.h" | 32 #include "chrome/browser/chromeos/login/remove_user_delegate.h" |
| 33 #include "chrome/browser/chromeos/login/user_image_manager_impl.h" | 33 #include "chrome/browser/chromeos/login/user_image_manager_impl.h" |
| 34 #include "chrome/browser/chromeos/login/wizard_controller.h" | 34 #include "chrome/browser/chromeos/login/wizard_controller.h" |
| 35 #include "chrome/browser/chromeos/policy/device_local_account.h" | 35 #include "chrome/browser/chromeos/policy/device_local_account.h" |
| 36 #include "chrome/browser/chromeos/session_length_limiter.h" | 36 #include "chrome/browser/chromeos/session_length_limiter.h" |
| 37 #include "chrome/browser/chromeos/settings/cros_settings_names.h" | 37 #include "chrome/browser/chromeos/settings/cros_settings_names.h" |
| 38 #include "chrome/browser/managed_mode/managed_user_service.h" |
| 38 #include "chrome/browser/policy/browser_policy_connector.h" | 39 #include "chrome/browser/policy/browser_policy_connector.h" |
| 39 #include "chrome/browser/prefs/scoped_user_pref_update.h" | 40 #include "chrome/browser/prefs/scoped_user_pref_update.h" |
| 40 #include "chrome/browser/profiles/profile_manager.h" | 41 #include "chrome/browser/profiles/profile_manager.h" |
| 41 #include "chrome/browser/sync/profile_sync_service.h" | 42 #include "chrome/browser/sync/profile_sync_service.h" |
| 42 #include "chrome/browser/sync/profile_sync_service_factory.h" | 43 #include "chrome/browser/sync/profile_sync_service_factory.h" |
| 43 #include "chrome/common/chrome_notification_types.h" | 44 #include "chrome/common/chrome_notification_types.h" |
| 44 #include "chrome/common/chrome_switches.h" | 45 #include "chrome/common/chrome_switches.h" |
| 45 #include "chrome/common/pref_names.h" | 46 #include "chrome/common/pref_names.h" |
| 46 #include "chromeos/chromeos_switches.h" | 47 #include "chromeos/chromeos_switches.h" |
| 47 #include "chromeos/cryptohome/async_method_caller.h" | 48 #include "chromeos/cryptohome/async_method_caller.h" |
| (...skipping 150 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 198 : cros_settings_(CrosSettings::Get()), | 199 : cros_settings_(CrosSettings::Get()), |
| 199 device_local_account_policy_service_(NULL), | 200 device_local_account_policy_service_(NULL), |
| 200 users_loaded_(false), | 201 users_loaded_(false), |
| 201 active_user_(NULL), | 202 active_user_(NULL), |
| 202 session_started_(false), | 203 session_started_(false), |
| 203 user_sessions_restored_(false), | 204 user_sessions_restored_(false), |
| 204 is_current_user_owner_(false), | 205 is_current_user_owner_(false), |
| 205 is_current_user_new_(false), | 206 is_current_user_new_(false), |
| 206 is_current_user_ephemeral_regular_user_(false), | 207 is_current_user_ephemeral_regular_user_(false), |
| 207 ephemeral_users_enabled_(false), | 208 ephemeral_users_enabled_(false), |
| 209 locally_managed_users_enabled_by_policy_(false), |
| 208 merge_session_state_(MERGE_STATUS_NOT_STARTED), | 210 merge_session_state_(MERGE_STATUS_NOT_STARTED), |
| 209 observed_sync_service_(NULL), | 211 observed_sync_service_(NULL), |
| 210 user_image_manager_(new UserImageManagerImpl) { | 212 user_image_manager_(new UserImageManagerImpl) { |
| 211 // UserManager instance should be used only on UI thread. | 213 // UserManager instance should be used only on UI thread. |
| 212 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 214 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
| 213 registrar_.Add(this, chrome::NOTIFICATION_OWNERSHIP_STATUS_CHANGED, | 215 registrar_.Add(this, chrome::NOTIFICATION_OWNERSHIP_STATUS_CHANGED, |
| 214 content::NotificationService::AllSources()); | 216 content::NotificationService::AllSources()); |
| 215 registrar_.Add(this, chrome::NOTIFICATION_LOGIN_USER_PROFILE_PREPARED, | 217 registrar_.Add(this, chrome::NOTIFICATION_LOGIN_USER_PROFILE_PREPARED, |
| 216 content::NotificationService::AllSources()); | 218 content::NotificationService::AllSources()); |
| 217 RetrieveTrustedDevicePolicies(); | 219 RetrieveTrustedDevicePolicies(); |
| 220 cros_settings_->AddSettingsObserver(kAccountsPrefDeviceLocalAccounts, |
| 221 this); |
| 222 cros_settings_->AddSettingsObserver(kAccountsPrefSupervisedUsersEnabled, |
| 223 this); |
| 218 UpdateLoginState(); | 224 UpdateLoginState(); |
| 219 } | 225 } |
| 220 | 226 |
| 221 UserManagerImpl::~UserManagerImpl() { | 227 UserManagerImpl::~UserManagerImpl() { |
| 222 // Can't use STLDeleteElements because of the private destructor of User. | 228 // Can't use STLDeleteElements because of the private destructor of User. |
| 223 for (UserList::iterator it = users_.begin(); it != users_.end(); | 229 for (UserList::iterator it = users_.begin(); it != users_.end(); |
| 224 it = users_.erase(it)) { | 230 it = users_.erase(it)) { |
| 225 if (active_user_ == *it) | 231 if (active_user_ == *it) |
| 226 active_user_ = NULL; | 232 active_user_ = NULL; |
| 227 delete *it; | 233 delete *it; |
| 228 } | 234 } |
| 229 // These are pointers to the same User instances that were in users_ list. | 235 // These are pointers to the same User instances that were in users_ list. |
| 230 logged_in_users_.clear(); | 236 logged_in_users_.clear(); |
| 231 lru_logged_in_users_.clear(); | 237 lru_logged_in_users_.clear(); |
| 232 | 238 |
| 233 delete active_user_; | 239 delete active_user_; |
| 234 } | 240 } |
| 235 | 241 |
| 236 void UserManagerImpl::Shutdown() { | 242 void UserManagerImpl::Shutdown() { |
| 237 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 243 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
| 238 cros_settings_->RemoveSettingsObserver(kAccountsPrefDeviceLocalAccounts, | 244 cros_settings_->RemoveSettingsObserver(kAccountsPrefDeviceLocalAccounts, |
| 239 this); | 245 this); |
| 246 cros_settings_->RemoveSettingsObserver( |
| 247 kAccountsPrefSupervisedUsersEnabled, |
| 248 this); |
| 240 // Stop the session length limiter. | 249 // Stop the session length limiter. |
| 241 session_length_limiter_.reset(); | 250 session_length_limiter_.reset(); |
| 242 | 251 |
| 243 if (device_local_account_policy_service_) | 252 if (device_local_account_policy_service_) |
| 244 device_local_account_policy_service_->RemoveObserver(this); | 253 device_local_account_policy_service_->RemoveObserver(this); |
| 245 | 254 |
| 246 if (observed_sync_service_) | 255 if (observed_sync_service_) |
| 247 observed_sync_service_->RemoveObserver(this); | 256 observed_sync_service_->RemoveObserver(this); |
| 248 } | 257 } |
| 249 | 258 |
| (...skipping 456 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 706 HasSwitch(::switches::kMultiProfiles)) { | 715 HasSwitch(::switches::kMultiProfiles)) { |
| 707 DCHECK(NULL == observed_sync_service_); | 716 DCHECK(NULL == observed_sync_service_); |
| 708 observed_sync_service_ = | 717 observed_sync_service_ = |
| 709 ProfileSyncServiceFactory::GetForProfile(profile); | 718 ProfileSyncServiceFactory::GetForProfile(profile); |
| 710 if (observed_sync_service_) | 719 if (observed_sync_service_) |
| 711 observed_sync_service_->AddObserver(this); | 720 observed_sync_service_->AddObserver(this); |
| 712 } | 721 } |
| 713 } | 722 } |
| 714 } | 723 } |
| 715 break; | 724 break; |
| 716 case chrome::NOTIFICATION_SYSTEM_SETTING_CHANGED: | 725 case chrome::NOTIFICATION_SYSTEM_SETTING_CHANGED: { |
| 717 DCHECK_EQ(*content::Details<const std::string>(details).ptr(), | 726 std::string changed_setting = |
| 718 kAccountsPrefDeviceLocalAccounts); | 727 *content::Details<const std::string>(details).ptr(); |
| 728 DCHECK(changed_setting == kAccountsPrefDeviceLocalAccounts || |
| 729 changed_setting == kAccountsPrefSupervisedUsersEnabled); |
| 719 RetrieveTrustedDevicePolicies(); | 730 RetrieveTrustedDevicePolicies(); |
| 720 break; | 731 break; |
| 732 } |
| 721 default: | 733 default: |
| 722 NOTREACHED(); | 734 NOTREACHED(); |
| 723 } | 735 } |
| 724 } | 736 } |
| 725 | 737 |
| 726 void UserManagerImpl::OnStateChanged() { | 738 void UserManagerImpl::OnStateChanged() { |
| 727 DCHECK(IsLoggedInAsRegularUser()); | 739 DCHECK(IsLoggedInAsRegularUser()); |
| 728 GoogleServiceAuthError::State state = | 740 GoogleServiceAuthError::State state = |
| 729 observed_sync_service_->GetAuthError().state(); | 741 observed_sync_service_->GetAuthError().state(); |
| 730 if (state != GoogleServiceAuthError::NONE && | 742 if (state != GoogleServiceAuthError::NONE && |
| (...skipping 272 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1003 it != public_accounts.end(); ++it) { | 1015 it != public_accounts.end(); ++it) { |
| 1004 users_.push_back(User::CreatePublicAccountUser(*it)); | 1016 users_.push_back(User::CreatePublicAccountUser(*it)); |
| 1005 UpdatePublicAccountDisplayName(*it); | 1017 UpdatePublicAccountDisplayName(*it); |
| 1006 } | 1018 } |
| 1007 | 1019 |
| 1008 user_image_manager_->LoadUserImages(users_); | 1020 user_image_manager_->LoadUserImages(users_); |
| 1009 } | 1021 } |
| 1010 | 1022 |
| 1011 void UserManagerImpl::RetrieveTrustedDevicePolicies() { | 1023 void UserManagerImpl::RetrieveTrustedDevicePolicies() { |
| 1012 ephemeral_users_enabled_ = false; | 1024 ephemeral_users_enabled_ = false; |
| 1025 locally_managed_users_enabled_by_policy_ = false; |
| 1013 owner_email_ = ""; | 1026 owner_email_ = ""; |
| 1014 | 1027 |
| 1015 // Schedule a callback if device policy has not yet been verified. | 1028 // Schedule a callback if device policy has not yet been verified. |
| 1016 if (CrosSettingsProvider::TRUSTED != cros_settings_->PrepareTrustedValues( | 1029 if (CrosSettingsProvider::TRUSTED != cros_settings_->PrepareTrustedValues( |
| 1017 base::Bind(&UserManagerImpl::RetrieveTrustedDevicePolicies, | 1030 base::Bind(&UserManagerImpl::RetrieveTrustedDevicePolicies, |
| 1018 base::Unretained(this)))) { | 1031 base::Unretained(this)))) { |
| 1019 return; | 1032 return; |
| 1020 } | 1033 } |
| 1021 | 1034 |
| 1022 cros_settings_->GetBoolean(kAccountsPrefEphemeralUsersEnabled, | 1035 cros_settings_->GetBoolean(kAccountsPrefEphemeralUsersEnabled, |
| 1023 &ephemeral_users_enabled_); | 1036 &ephemeral_users_enabled_); |
| 1037 cros_settings_->GetBoolean(kAccountsPrefSupervisedUsersEnabled, |
| 1038 &locally_managed_users_enabled_by_policy_); |
| 1024 cros_settings_->GetString(kDeviceOwner, &owner_email_); | 1039 cros_settings_->GetString(kDeviceOwner, &owner_email_); |
| 1025 | 1040 |
| 1026 EnsureUsersLoaded(); | 1041 EnsureUsersLoaded(); |
| 1027 | 1042 |
| 1028 bool changed = UpdateAndCleanUpPublicAccounts( | 1043 bool changed = UpdateAndCleanUpPublicAccounts( |
| 1029 policy::GetDeviceLocalAccounts(cros_settings_)); | 1044 policy::GetDeviceLocalAccounts(cros_settings_)); |
| 1030 | 1045 |
| 1031 // If ephemeral users are enabled and we are on the login screen, take this | 1046 // If ephemeral users are enabled and we are on the login screen, take this |
| 1032 // opportunity to clean up by removing all regular users except the owner. | 1047 // opportunity to clean up by removing all regular users except the owner. |
| 1033 if (ephemeral_users_enabled_ && !IsUserLoggedIn()) { | 1048 if (ephemeral_users_enabled_ && !IsUserLoggedIn()) { |
| (...skipping 11 matching lines...) Expand all Loading... |
| 1045 } else { | 1060 } else { |
| 1046 if ((*it)->GetType() != User::USER_TYPE_PUBLIC_ACCOUNT) | 1061 if ((*it)->GetType() != User::USER_TYPE_PUBLIC_ACCOUNT) |
| 1047 prefs_users_update->Append(new base::StringValue(user_email)); | 1062 prefs_users_update->Append(new base::StringValue(user_email)); |
| 1048 ++it; | 1063 ++it; |
| 1049 } | 1064 } |
| 1050 } | 1065 } |
| 1051 } | 1066 } |
| 1052 | 1067 |
| 1053 if (changed) | 1068 if (changed) |
| 1054 NotifyUserListChanged(); | 1069 NotifyUserListChanged(); |
| 1055 | |
| 1056 cros_settings_->AddSettingsObserver(kAccountsPrefDeviceLocalAccounts, | |
| 1057 this); | |
| 1058 } | 1070 } |
| 1059 | 1071 |
| 1060 bool UserManagerImpl::AreEphemeralUsersEnabled() const { | 1072 bool UserManagerImpl::AreEphemeralUsersEnabled() const { |
| 1061 return ephemeral_users_enabled_ && | 1073 return ephemeral_users_enabled_ && |
| 1062 (g_browser_process->browser_policy_connector()->IsEnterpriseManaged() || | 1074 (g_browser_process->browser_policy_connector()->IsEnterpriseManaged() || |
| 1063 !owner_email_.empty()); | 1075 !owner_email_.empty()); |
| 1064 } | 1076 } |
| 1065 | 1077 |
| 1066 UserList& UserManagerImpl::GetUsersAndModify() { | 1078 UserList& UserManagerImpl::GetUsersAndModify() { |
| 1067 EnsureUsersLoaded(); | 1079 EnsureUsersLoaded(); |
| (...skipping 511 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1579 void UserManagerImpl::SetAppModeChromeClientOAuthInfo( | 1591 void UserManagerImpl::SetAppModeChromeClientOAuthInfo( |
| 1580 const std::string& chrome_client_id, | 1592 const std::string& chrome_client_id, |
| 1581 const std::string& chrome_client_secret) { | 1593 const std::string& chrome_client_secret) { |
| 1582 if (!chrome::IsRunningInForcedAppMode()) | 1594 if (!chrome::IsRunningInForcedAppMode()) |
| 1583 return; | 1595 return; |
| 1584 | 1596 |
| 1585 chrome_client_id_ = chrome_client_id; | 1597 chrome_client_id_ = chrome_client_id; |
| 1586 chrome_client_secret_ = chrome_client_secret; | 1598 chrome_client_secret_ = chrome_client_secret; |
| 1587 } | 1599 } |
| 1588 | 1600 |
| 1601 bool UserManagerImpl::AreLocallyManagedUsersAllowed() const { |
| 1602 return ManagedUserService::AreManagedUsersEnabled() && |
| 1603 (locally_managed_users_enabled_by_policy_ || |
| 1604 !g_browser_process->browser_policy_connector()->IsEnterpriseManaged()); |
| 1605 } |
| 1606 |
| 1589 UserFlow* UserManagerImpl::GetDefaultUserFlow() const { | 1607 UserFlow* UserManagerImpl::GetDefaultUserFlow() const { |
| 1590 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 1608 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
| 1591 if (!default_flow_.get()) | 1609 if (!default_flow_.get()) |
| 1592 default_flow_.reset(new DefaultUserFlow()); | 1610 default_flow_.reset(new DefaultUserFlow()); |
| 1593 return default_flow_.get(); | 1611 return default_flow_.get(); |
| 1594 } | 1612 } |
| 1595 | 1613 |
| 1596 void UserManagerImpl::NotifyUserListChanged() { | 1614 void UserManagerImpl::NotifyUserListChanged() { |
| 1597 content::NotificationService::current()->Notify( | 1615 content::NotificationService::current()->Notify( |
| 1598 chrome::NOTIFICATION_USER_LIST_CHANGED, | 1616 chrome::NOTIFICATION_USER_LIST_CHANGED, |
| (...skipping 129 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1728 false, // using_oauth | 1746 false, // using_oauth |
| 1729 false, // has_cookies | 1747 false, // has_cookies |
| 1730 true, // has_active_session | 1748 true, // has_active_session |
| 1731 this); | 1749 this); |
| 1732 } else { | 1750 } else { |
| 1733 RestorePendingUserSessions(); | 1751 RestorePendingUserSessions(); |
| 1734 } | 1752 } |
| 1735 } | 1753 } |
| 1736 | 1754 |
| 1737 } // namespace chromeos | 1755 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 17546004:
Added policy for disabling locally managed users. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src