OLD | NEW |
1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_ACTIVE_DIRECTORY_POLICY_MANAGER_H_ | 5 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_ACTIVE_DIRECTORY_POLICY_MANAGER_H_ |
6 #define CHROME_BROWSER_CHROMEOS_POLICY_ACTIVE_DIRECTORY_POLICY_MANAGER_H_ | 6 #define CHROME_BROWSER_CHROMEOS_POLICY_ACTIVE_DIRECTORY_POLICY_MANAGER_H_ |
7 | 7 |
8 #include <memory> | 8 #include <memory> |
9 | 9 |
| 10 #include "base/bind.h" |
10 #include "base/macros.h" | 11 #include "base/macros.h" |
11 #include "base/memory/weak_ptr.h" | 12 #include "base/memory/weak_ptr.h" |
| 13 #include "base/time/time.h" |
| 14 #include "base/timer/timer.h" |
12 #include "components/policy/core/common/cloud/cloud_policy_store.h" | 15 #include "components/policy/core/common/cloud/cloud_policy_store.h" |
13 #include "components/policy/core/common/configuration_policy_provider.h" | 16 #include "components/policy/core/common/configuration_policy_provider.h" |
14 #include "components/policy/core/common/policy_scheduler.h" | 17 #include "components/policy/core/common/policy_scheduler.h" |
15 #include "components/signin/core/account_id/account_id.h" | 18 #include "components/signin/core/account_id/account_id.h" |
16 | 19 |
17 namespace policy { | 20 namespace policy { |
18 | 21 |
19 // ConfigurationPolicyProvider for device or user policy from Active Directory. | 22 // ConfigurationPolicyProvider for device or user policy from Active Directory. |
20 // The choice of constructor determines whether device or user policy is | 23 // The choice of constructor determines whether device or user policy is |
21 // provided. The policy is fetched from the Domain Controller by authpolicyd | 24 // provided. |
22 // which stores it in session manager and from where it is loaded by | 25 // Data flow: Triggered by DoPolicyFetch(), policy is fetched by authpolicyd and |
23 // ActiveDirectoryPolicyManager. | 26 // stored in session manager with completion indicated by OnPolicyFetched(). |
| 27 // From there policy load from session manager is triggered, completion of which |
| 28 // is notified via OnStoreLoaded()/OnStoreError(). |
24 class ActiveDirectoryPolicyManager : public ConfigurationPolicyProvider, | 29 class ActiveDirectoryPolicyManager : public ConfigurationPolicyProvider, |
25 public CloudPolicyStore::Observer { | 30 public CloudPolicyStore::Observer { |
26 public: | 31 public: |
27 ~ActiveDirectoryPolicyManager() override; | 32 ~ActiveDirectoryPolicyManager() override; |
28 | 33 |
29 // Create manager for device policy. | 34 // Create manager for device policy. |
30 static std::unique_ptr<ActiveDirectoryPolicyManager> CreateForDevicePolicy( | 35 static std::unique_ptr<ActiveDirectoryPolicyManager> CreateForDevicePolicy( |
31 std::unique_ptr<CloudPolicyStore> store); | 36 std::unique_ptr<CloudPolicyStore> store); |
32 | 37 |
33 // Create manager for |accound_id| user policy. | 38 // Create manager for |accound_id| user policy. |
34 static std::unique_ptr<ActiveDirectoryPolicyManager> CreateForUserPolicy( | 39 static std::unique_ptr<ActiveDirectoryPolicyManager> CreateForUserPolicy( |
35 const AccountId& account_id, | 40 const AccountId& account_id, |
| 41 base::TimeDelta initial_policy_fetch_timeout, |
| 42 base::OnceClosure exit_session, |
36 std::unique_ptr<CloudPolicyStore> store); | 43 std::unique_ptr<CloudPolicyStore> store); |
37 | 44 |
38 // ConfigurationPolicyProvider: | 45 // ConfigurationPolicyProvider: |
39 void Init(SchemaRegistry* registry) override; | 46 void Init(SchemaRegistry* registry) override; |
40 void Shutdown() override; | 47 void Shutdown() override; |
41 bool IsInitializationComplete(PolicyDomain domain) const override; | 48 bool IsInitializationComplete(PolicyDomain domain) const override; |
42 void RefreshPolicies() override; | 49 void RefreshPolicies() override; |
43 | 50 |
44 // CloudPolicyStore::Observer: | 51 // CloudPolicyStore::Observer: |
45 void OnStoreLoaded(CloudPolicyStore* cloud_policy_store) override; | 52 void OnStoreLoaded(CloudPolicyStore* cloud_policy_store) override; |
46 void OnStoreError(CloudPolicyStore* cloud_policy_store) override; | 53 void OnStoreError(CloudPolicyStore* cloud_policy_store) override; |
47 | 54 |
48 CloudPolicyStore* store() const { return store_.get(); } | 55 CloudPolicyStore* store() const { return store_.get(); } |
49 | 56 |
| 57 // Helper function to force a policy fetch timeout. |
| 58 void ForceTimeoutForTest(); |
| 59 |
50 private: | 60 private: |
51 // |account_id| specifies the user to manage policy for. If |account_id| is | 61 // |account_id| specifies the user to manage policy for. If |account_id| is |
52 // empty, device policy is managed. | 62 // empty, device policy is managed. |
| 63 // |
| 64 // The following applies to user policy only: If |
| 65 // |initial_policy_fetch_timeout| is non-zero, IsInitializationComplete() is |
| 66 // forced to false until either there has been a successful policy fetch from |
| 67 // the server and a subsequent successful load from session manager or |
| 68 // |initial_policy_fetch_timeout| has expired and there has been a successful |
| 69 // load from session manager. The timeout may be set to TimeDelta::Max() to |
| 70 // enforce successful policy fetch. In case the conditions for signaling |
| 71 // initialization complete are not met, the user session is aborted by calling |
| 72 // |exit_session|. |
53 ActiveDirectoryPolicyManager(const AccountId& account_id, | 73 ActiveDirectoryPolicyManager(const AccountId& account_id, |
| 74 base::TimeDelta initial_policy_fetch_timeout, |
| 75 base::OnceClosure exit_session, |
54 std::unique_ptr<CloudPolicyStore> store); | 76 std::unique_ptr<CloudPolicyStore> store); |
55 | 77 |
56 // Publish the policy that's currently cached in the store. | 78 // Publish the policy that's currently cached in the store. |
57 void PublishPolicy(); | 79 void PublishPolicy(); |
58 | 80 |
59 // Calls into authpolicyd to fetch policy. Reports success or failure via | 81 // Calls into authpolicyd to fetch policy. Reports success or failure via |
60 // |callback|. | 82 // |callback|. |
61 void DoFetch(PolicyScheduler::TaskCallback callback); | 83 void DoPolicyFetch(PolicyScheduler::TaskCallback callback); |
62 | 84 |
63 // Called by scheduler with result of policy fetch. | 85 // Called by scheduler with result of policy fetch. This covers policy |
| 86 // download, parsing and storing into session manager. (To access and publish |
| 87 // the policy, the store needs to be reloaded from session manager.) |
64 void OnPolicyFetched(bool success); | 88 void OnPolicyFetched(bool success); |
65 | 89 |
| 90 // Called when |initial_policy_timeout_| times out, to cancel the blocking |
| 91 // wait for the initial policy fetch. |
| 92 void OnBlockingFetchTimeout(); |
| 93 |
| 94 // Cancels waiting for the initial policy fetch/load and flags the |
| 95 // ConfigurationPolicyProvider ready (assuming all other initialization tasks |
| 96 // have completed) or exits the session in case the requirements to continue |
| 97 // have not been met. |success| denotes whether the policy fetch was |
| 98 // successful. |
| 99 void CancelWaitForInitialPolicy(bool success); |
| 100 |
66 const AccountId account_id_; | 101 const AccountId account_id_; |
| 102 |
| 103 // Whether we're waiting for a policy fetch to complete before reporting |
| 104 // IsInitializationComplete(). |
| 105 bool waiting_for_initial_policy_fetch_; |
| 106 |
| 107 // Whether the user session is continued in case of failure of initial policy |
| 108 // fetch. |
| 109 bool initial_policy_fetch_may_fail_; |
| 110 |
| 111 // Whether policy fetch has ever been reported as completed by authpolicyd. |
| 112 bool fetch_ever_completed_ = false; |
| 113 |
| 114 // Whether policy fetch has ever been reported as successful by authpolicyd. |
| 115 bool fetch_ever_succeeded_ = false; |
| 116 |
| 117 // A timer that puts a hard limit on the maximum time to wait for the initial |
| 118 // policy fetch/load. |
| 119 base::Timer initial_policy_timeout_{false /* retain_user_task */, |
| 120 false /* is_repeating */}; |
| 121 |
| 122 // Callback to exit the session. |
| 123 base::OnceClosure exit_session_; |
| 124 |
67 std::unique_ptr<CloudPolicyStore> store_; | 125 std::unique_ptr<CloudPolicyStore> store_; |
68 | |
69 std::unique_ptr<PolicyScheduler> scheduler_; | 126 std::unique_ptr<PolicyScheduler> scheduler_; |
70 | 127 |
71 // Must be last member. | 128 // Must be last member. |
72 base::WeakPtrFactory<ActiveDirectoryPolicyManager> weak_ptr_factory_{this}; | 129 base::WeakPtrFactory<ActiveDirectoryPolicyManager> weak_ptr_factory_{this}; |
73 | 130 |
74 DISALLOW_COPY_AND_ASSIGN(ActiveDirectoryPolicyManager); | 131 DISALLOW_COPY_AND_ASSIGN(ActiveDirectoryPolicyManager); |
75 }; | 132 }; |
76 | 133 |
77 } // namespace policy | 134 } // namespace policy |
78 | 135 |
79 #endif // CHROME_BROWSER_CHROMEOS_POLICY_ACTIVE_DIRECTORY_POLICY_MANAGER_H_ | 136 #endif // CHROME_BROWSER_CHROMEOS_POLICY_ACTIVE_DIRECTORY_POLICY_MANAGER_H_ |
OLD | NEW |