1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
|
// Copyright 2013 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "chrome/browser/chromeos/policy/policy_cert_service_factory.h"
#include "base/memory/singleton.h"
#include "base/prefs/pref_registry_simple.h"
#include "base/prefs/pref_service.h"
#include "base/prefs/scoped_user_pref_update.h"
#include "chrome/browser/browser_process.h"
#include "chrome/browser/chromeos/login/users/user_manager.h"
#include "chrome/browser/chromeos/policy/policy_cert_service.h"
#include "chrome/browser/chromeos/policy/policy_cert_verifier.h"
#include "chrome/browser/chromeos/policy/user_network_configuration_updater_factory.h"
#include "chrome/browser/lifetime/application_lifetime.h"
#include "chrome/browser/profiles/incognito_helpers.h"
#include "chrome/browser/profiles/profile.h"
#include "chrome/common/pref_names.h"
#include "components/keyed_service/content/browser_context_dependency_manager.h"
#include "components/pref_registry/pref_registry_syncable.h"
namespace policy {
// static
PolicyCertService* PolicyCertServiceFactory::GetForProfile(Profile* profile) {
return static_cast<PolicyCertService*>(
GetInstance()->GetServiceForBrowserContext(profile, false));
}
// static
scoped_ptr<PolicyCertVerifier> PolicyCertServiceFactory::CreateForProfile(
Profile* profile) {
DCHECK(!GetInstance()->GetServiceForBrowserContext(profile, false));
PolicyCertService* service = static_cast<PolicyCertService*>(
GetInstance()->GetServiceForBrowserContext(profile, true));
if (!service)
return scoped_ptr<PolicyCertVerifier>();
return service->CreatePolicyCertVerifier();
}
// static
PolicyCertServiceFactory* PolicyCertServiceFactory::GetInstance() {
return Singleton<PolicyCertServiceFactory>::get();
}
// static
void PolicyCertServiceFactory::SetUsedPolicyCertificates(
const std::string& user_id) {
if (UsedPolicyCertificates(user_id))
return;
ListPrefUpdate update(g_browser_process->local_state(),
prefs::kUsedPolicyCertificates);
update->AppendString(user_id);
}
// static
void PolicyCertServiceFactory::ClearUsedPolicyCertificates(
const std::string& user_id) {
ListPrefUpdate update(g_browser_process->local_state(),
prefs::kUsedPolicyCertificates);
update->Remove(base::StringValue(user_id), NULL);
}
// static
bool PolicyCertServiceFactory::UsedPolicyCertificates(
const std::string& user_id) {
base::StringValue value(user_id);
const base::ListValue* list =
g_browser_process->local_state()->GetList(prefs::kUsedPolicyCertificates);
if (!list) {
NOTREACHED();
return false;
}
return list->Find(value) != list->end();
}
// static
void PolicyCertServiceFactory::RegisterPrefs(PrefRegistrySimple* local_state) {
local_state->RegisterListPref(prefs::kUsedPolicyCertificates);
}
PolicyCertServiceFactory::PolicyCertServiceFactory()
: BrowserContextKeyedServiceFactory(
"PolicyCertService",
BrowserContextDependencyManager::GetInstance()) {
DependsOn(UserNetworkConfigurationUpdaterFactory::GetInstance());
}
PolicyCertServiceFactory::~PolicyCertServiceFactory() {}
KeyedService* PolicyCertServiceFactory::BuildServiceInstanceFor(
content::BrowserContext* context) const {
Profile* profile = static_cast<Profile*>(context);
chromeos::UserManager* user_manager = chromeos::UserManager::Get();
chromeos::User* user =
user_manager->GetUserByProfile(profile->GetOriginalProfile());
if (!user)
return NULL;
// Backwards compatibility: profiles that used policy-pushed certificates used
// to have this condition marked in their prefs. This signal has moved to
// local_state though, to support checking it before the profile is loaded.
// Check the profile here and update the local_state, if appropriate.
// TODO(joaodasilva): remove this, eventually.
PrefService* prefs = profile->GetOriginalProfile()->GetPrefs();
if (prefs->GetBoolean(prefs::kUsedPolicyCertificatesOnce)) {
SetUsedPolicyCertificates(user->email());
prefs->ClearPref(prefs::kUsedPolicyCertificatesOnce);
if (user_manager->GetLoggedInUsers().size() > 1u) {
// This login should not have been allowed. After rebooting, local_state
// will contain the updated list of users that used policy-pushed
// certificates and this won't happen again.
// Note that a user becomes logged in before his profile is created.
LOG(ERROR) << "Shutdown session because a tainted profile was added.";
g_browser_process->local_state()->CommitPendingWrite();
prefs->CommitPendingWrite();
chrome::AttemptUserExit();
}
}
UserNetworkConfigurationUpdater* net_conf_updater =
UserNetworkConfigurationUpdaterFactory::GetForProfile(profile);
if (!net_conf_updater)
return NULL;
return new PolicyCertService(user->email(), net_conf_updater, user_manager);
}
content::BrowserContext* PolicyCertServiceFactory::GetBrowserContextToUse(
content::BrowserContext* context) const {
return chrome::GetBrowserContextOwnInstanceInIncognito(context);
}
void PolicyCertServiceFactory::RegisterProfilePrefs(
user_prefs::PrefRegistrySyncable* registry) {
// TODO(joaodasilva): this is used for backwards compatibility.
// Remove once it's not necessary anymore.
registry->RegisterBooleanPref(
prefs::kUsedPolicyCertificatesOnce,
false,
user_prefs::PrefRegistrySyncable::UNSYNCABLE_PREF);
}
bool PolicyCertServiceFactory::ServiceIsNULLWhileTesting() const {
return true;
}
} // namespace policy
|
