1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 // Most of this code is copied from:
6 // src/chrome/browser/policy/asynchronous_policy_loader.{h,cc}
8 #include "remoting/host/policy_watcher.h"
10 #include "base/bind.h"
11 #include "base/compiler_specific.h"
12 #include "base/files/file_path.h"
13 #include "base/location.h"
14 #include "base/single_thread_task_runner.h"
15 #include "base/values.h"
16 #include "components/policy/core/common/async_policy_loader.h"
17 #include "components/policy/core/common/async_policy_provider.h"
18 #include "components/policy/core/common/policy_namespace.h"
19 #include "components/policy/core/common/policy_service_impl.h"
20 #include "components/policy/core/common/schema.h"
21 #include "components/policy/core/common/schema_registry.h"
22 #include "policy/policy_constants.h"
23 #include "remoting/host/dns_blackhole_checker.h"
24 #include "remoting/host/third_party_auth_config.h"
25 #include "remoting/protocol/port_range.h"
28 #include "base/json/json_reader.h"
32 #include "components/policy/core/common/policy_loader_win.h"
33 #elif defined(OS_MACOSX)
34 #include "components/policy/core/common/policy_loader_mac.h"
35 #include "components/policy/core/common/preferences_mac.h"
36 #elif defined(OS_POSIX) && !defined(OS_ANDROID)
37 #include "components/policy/core/common/config_dir_policy_loader.h"
42 namespace key
= ::policy::key
;
46 // Copies all policy values from one dictionary to another, using values from
47 // |default_values| if they are not set in |from|.
48 scoped_ptr
<base::DictionaryValue
> CopyValuesAndAddDefaults(
49 const base::DictionaryValue
& from
,
50 const base::DictionaryValue
& default_values
) {
51 scoped_ptr
<base::DictionaryValue
> to(default_values
.DeepCopy());
52 for (base::DictionaryValue::Iterator
i(default_values
); !i
.IsAtEnd();
54 const base::Value
* value
= nullptr;
56 // If the policy isn't in |from|, use the default.
57 if (!from
.Get(i
.key(), &value
)) {
61 CHECK(value
->IsType(i
.value().GetType()));
62 to
->Set(i
.key(), value
->DeepCopy());
66 // Replace values with those specified in DebugOverridePolicies, if present.
67 std::string policy_overrides
;
68 if (from
.GetString(key::kRemoteAccessHostDebugOverridePolicies
,
70 scoped_ptr
<base::Value
> value(base::JSONReader::Read(policy_overrides
));
71 const base::DictionaryValue
* override_values
;
72 if (value
&& value
->GetAsDictionary(&override_values
)) {
73 to
->MergeDictionary(override_values
);
76 #endif // defined(NDEBUG)
81 policy::PolicyNamespace
GetPolicyNamespace() {
82 return policy::PolicyNamespace(policy::POLICY_DOMAIN_CHROME
, std::string());
85 scoped_ptr
<policy::SchemaRegistry
> CreateSchemaRegistry() {
86 // TODO(lukasza): Schema below should ideally only cover Chromoting-specific
87 // policies (expecting perf and maintanability improvement, but no functional
89 policy::Schema schema
= policy::Schema::Wrap(policy::GetChromeSchemaData());
91 scoped_ptr
<policy::SchemaRegistry
> schema_registry(
92 new policy::SchemaRegistry());
93 schema_registry
->RegisterComponent(GetPolicyNamespace(), schema
);
94 return schema_registry
.Pass();
97 scoped_ptr
<base::DictionaryValue
> CopyChromotingPoliciesIntoDictionary(
98 const policy::PolicyMap
& current
) {
99 const char kPolicyNameSubstring
[] = "RemoteAccessHost";
100 scoped_ptr
<base::DictionaryValue
> policy_dict(new base::DictionaryValue());
101 for (auto it
= current
.begin(); it
!= current
.end(); ++it
) {
102 const std::string
& key
= it
->first
;
103 const base::Value
* value
= it
->second
.value
;
105 // Copying only Chromoting-specific policies helps avoid false alarms
106 // raised by NormalizePolicies below (such alarms shutdown the host).
107 // TODO(lukasza): Removing this somewhat brittle filtering will be possible
108 // after having separate, Chromoting-specific schema.
109 if (key
.find(kPolicyNameSubstring
) != std::string::npos
) {
110 policy_dict
->Set(key
, value
->DeepCopy());
114 return policy_dict
.Pass();
117 // Takes a dictionary containing only 1) recognized policy names and 2)
118 // well-typed policy values and further verifies policy contents.
119 bool VerifyWellformedness(const base::DictionaryValue
& changed_policies
) {
120 // Verify ThirdPartyAuthConfig policy.
121 ThirdPartyAuthConfig not_used
;
122 switch (ThirdPartyAuthConfig::Parse(changed_policies
, ¬_used
)) {
123 case ThirdPartyAuthConfig::NoPolicy
:
124 case ThirdPartyAuthConfig::ParsingSuccess
:
125 break; // Well-formed.
126 case ThirdPartyAuthConfig::InvalidPolicy
:
127 return false; // Malformed.
133 // Verify UdpPortRange policy.
134 std::string udp_port_range_string
;
135 PortRange udp_port_range
;
136 if (changed_policies
.GetString(policy::key::kRemoteAccessHostUdpPortRange
,
137 &udp_port_range_string
)) {
138 if (!PortRange::Parse(udp_port_range_string
, &udp_port_range
)) {
143 // Report that all the policies were well-formed.
149 void PolicyWatcher::StartWatching(
150 const PolicyUpdatedCallback
& policy_updated_callback
,
151 const PolicyErrorCallback
& policy_error_callback
) {
152 DCHECK(CalledOnValidThread());
153 DCHECK(!policy_updated_callback
.is_null());
154 DCHECK(!policy_error_callback
.is_null());
155 DCHECK(policy_updated_callback_
.is_null());
157 policy_updated_callback_
= policy_updated_callback
;
158 policy_error_callback_
= policy_error_callback
;
160 // Listen for future policy changes.
161 policy_service_
->AddObserver(policy::POLICY_DOMAIN_CHROME
, this);
163 // Process current policy state.
164 if (policy_service_
->IsInitializationComplete(policy::POLICY_DOMAIN_CHROME
)) {
165 OnPolicyServiceInitialized(policy::POLICY_DOMAIN_CHROME
);
169 void PolicyWatcher::SignalPolicyError() {
170 old_policies_
->Clear();
171 policy_error_callback_
.Run();
174 PolicyWatcher::PolicyWatcher(
175 policy::PolicyService
* policy_service
,
176 scoped_ptr
<policy::PolicyService
> owned_policy_service
,
177 scoped_ptr
<policy::ConfigurationPolicyProvider
> owned_policy_provider
,
178 scoped_ptr
<policy::SchemaRegistry
> owned_schema_registry
)
179 : old_policies_(new base::DictionaryValue()),
180 default_values_(new base::DictionaryValue()),
181 policy_service_(policy_service
),
182 owned_schema_registry_(owned_schema_registry
.Pass()),
183 owned_policy_provider_(owned_policy_provider
.Pass()),
184 owned_policy_service_(owned_policy_service
.Pass()) {
185 DCHECK(policy_service_
);
186 DCHECK(owned_schema_registry_
);
188 // Initialize the default values for each policy.
189 default_values_
->SetBoolean(key::kRemoteAccessHostFirewallTraversal
, true);
190 default_values_
->SetBoolean(key::kRemoteAccessHostRequireCurtain
, false);
191 default_values_
->SetBoolean(key::kRemoteAccessHostMatchUsername
, false);
192 default_values_
->SetString(key::kRemoteAccessHostDomain
, std::string());
193 default_values_
->SetString(key::kRemoteAccessHostTalkGadgetPrefix
,
194 kDefaultHostTalkGadgetPrefix
);
195 default_values_
->SetString(key::kRemoteAccessHostTokenUrl
, std::string());
196 default_values_
->SetString(key::kRemoteAccessHostTokenValidationUrl
,
198 default_values_
->SetString(
199 key::kRemoteAccessHostTokenValidationCertificateIssuer
, std::string());
200 default_values_
->SetBoolean(key::kRemoteAccessHostAllowClientPairing
, true);
201 default_values_
->SetBoolean(key::kRemoteAccessHostAllowGnubbyAuth
, true);
202 default_values_
->SetBoolean(key::kRemoteAccessHostAllowRelayedConnection
,
204 default_values_
->SetString(key::kRemoteAccessHostUdpPortRange
, "");
206 default_values_
->SetString(key::kRemoteAccessHostDebugOverridePolicies
,
211 PolicyWatcher::~PolicyWatcher() {
212 // Stop observing |policy_service_| if StartWatching() has been called.
213 if (!policy_updated_callback_
.is_null()) {
214 policy_service_
->RemoveObserver(policy::POLICY_DOMAIN_CHROME
, this);
217 if (owned_policy_provider_
) {
218 owned_policy_provider_
->Shutdown();
222 const policy::Schema
* PolicyWatcher::GetPolicySchema() const {
223 return owned_schema_registry_
->schema_map()->GetSchema(GetPolicyNamespace());
226 bool PolicyWatcher::NormalizePolicies(base::DictionaryValue
* policy_dict
) {
227 // Allowing unrecognized policy names allows presence of
228 // 1) comments (i.e. JSON of the form: { "_comment": "blah", ... }),
229 // 2) policies intended for future/newer versions of the host,
230 // 3) policies not supported on all OS-s (i.e. RemoteAccessHostMatchUsername
231 // is not supported on Windows and therefore policy_templates.json omits
232 // schema for this policy on this particular platform).
233 auto strategy
= policy::SCHEMA_ALLOW_UNKNOWN_TOPLEVEL
;
237 bool changed
= false;
238 const policy::Schema
* schema
= GetPolicySchema();
239 if (schema
->Normalize(policy_dict
, strategy
, &path
, &error
, &changed
)) {
241 LOG(WARNING
) << "Unknown (unrecognized or unsupported) policy: " << path
246 LOG(ERROR
) << "Invalid policy contents: " << path
<< ": " << error
;
252 void CopyDictionaryValue(const base::DictionaryValue
& from
,
253 base::DictionaryValue
& to
,
255 const base::Value
* value
;
256 if (from
.Get(key
, &value
)) {
257 to
.Set(key
, value
->DeepCopy());
262 scoped_ptr
<base::DictionaryValue
>
263 PolicyWatcher::StoreNewAndReturnChangedPolicies(
264 scoped_ptr
<base::DictionaryValue
> new_policies
) {
265 // Find the changed policies.
266 scoped_ptr
<base::DictionaryValue
> changed_policies(
267 new base::DictionaryValue());
268 base::DictionaryValue::Iterator
iter(*new_policies
);
269 while (!iter
.IsAtEnd()) {
270 base::Value
* old_policy
;
271 if (!(old_policies_
->Get(iter
.key(), &old_policy
) &&
272 old_policy
->Equals(&iter
.value()))) {
273 changed_policies
->Set(iter
.key(), iter
.value().DeepCopy());
278 // If one of ThirdPartyAuthConfig policies changed, we need to include all.
279 if (changed_policies
->HasKey(key::kRemoteAccessHostTokenUrl
) ||
280 changed_policies
->HasKey(key::kRemoteAccessHostTokenValidationUrl
) ||
281 changed_policies
->HasKey(
282 key::kRemoteAccessHostTokenValidationCertificateIssuer
)) {
283 CopyDictionaryValue(*new_policies
, *changed_policies
,
284 key::kRemoteAccessHostTokenUrl
);
285 CopyDictionaryValue(*new_policies
, *changed_policies
,
286 key::kRemoteAccessHostTokenValidationUrl
);
287 CopyDictionaryValue(*new_policies
, *changed_policies
,
288 key::kRemoteAccessHostTokenValidationCertificateIssuer
);
291 // Save the new policies.
292 old_policies_
.swap(new_policies
);
294 return changed_policies
.Pass();
297 void PolicyWatcher::OnPolicyUpdated(const policy::PolicyNamespace
& ns
,
298 const policy::PolicyMap
& previous
,
299 const policy::PolicyMap
& current
) {
300 scoped_ptr
<base::DictionaryValue
> new_policies
=
301 CopyChromotingPoliciesIntoDictionary(current
);
303 // Check for mistyped values and get rid of unknown policies.
304 if (!NormalizePolicies(new_policies
.get())) {
309 // Use default values for any missing policies.
310 scoped_ptr
<base::DictionaryValue
> filled_policies
=
311 CopyValuesAndAddDefaults(*new_policies
, *default_values_
);
313 // Limit reporting to only the policies that were changed.
314 scoped_ptr
<base::DictionaryValue
> changed_policies
=
315 StoreNewAndReturnChangedPolicies(filled_policies
.Pass());
316 if (changed_policies
->empty()) {
320 // Verify that we are calling the callback with valid policies.
321 if (!VerifyWellformedness(*changed_policies
)) {
326 // Notify our client of the changed policies.
327 policy_updated_callback_
.Run(changed_policies
.Pass());
330 void PolicyWatcher::OnPolicyServiceInitialized(policy::PolicyDomain domain
) {
331 policy::PolicyNamespace ns
= GetPolicyNamespace();
332 const policy::PolicyMap
& current
= policy_service_
->GetPolicies(ns
);
333 OnPolicyUpdated(ns
, current
, current
);
336 scoped_ptr
<PolicyWatcher
> PolicyWatcher::CreateFromPolicyLoader(
337 scoped_ptr
<policy::AsyncPolicyLoader
> async_policy_loader
) {
338 scoped_ptr
<policy::SchemaRegistry
> schema_registry
= CreateSchemaRegistry();
339 scoped_ptr
<policy::AsyncPolicyProvider
> policy_provider(
340 new policy::AsyncPolicyProvider(schema_registry
.get(),
341 async_policy_loader
.Pass()));
342 policy_provider
->Init(schema_registry
.get());
344 policy::PolicyServiceImpl::Providers providers
;
345 providers
.push_back(policy_provider
.get());
346 scoped_ptr
<policy::PolicyService
> policy_service(
347 new policy::PolicyServiceImpl(providers
));
349 policy::PolicyService
* borrowed_policy_service
= policy_service
.get();
350 return make_scoped_ptr(
351 new PolicyWatcher(borrowed_policy_service
, policy_service
.Pass(),
352 policy_provider
.Pass(), schema_registry
.Pass()));
355 scoped_ptr
<PolicyWatcher
> PolicyWatcher::Create(
356 policy::PolicyService
* policy_service
,
357 const scoped_refptr
<base::SingleThreadTaskRunner
>& file_task_runner
) {
358 #if defined(OS_CHROMEOS)
359 // On Chrome OS the PolicyService is owned by the browser.
360 DCHECK(policy_service
);
361 return make_scoped_ptr(new PolicyWatcher(policy_service
, nullptr, nullptr,
362 CreateSchemaRegistry()));
363 #else // !defined(OS_CHROMEOS)
364 DCHECK(!policy_service
);
366 // Create platform-specific PolicyLoader. Always read the Chrome policies
367 // (even on Chromium) so that policy enforcement can't be bypassed by running
369 scoped_ptr
<policy::AsyncPolicyLoader
> policy_loader
;
371 policy_loader
.reset(new policy::PolicyLoaderWin(
372 file_task_runner
, L
"SOFTWARE\\Policies\\Google\\Chrome",
373 nullptr)); // nullptr = don't use GPO / always read from the registry.
374 #elif defined(OS_MACOSX)
375 CFStringRef bundle_id
= CFSTR("com.google.Chrome");
376 policy_loader
.reset(new policy::PolicyLoaderMac(
378 policy::PolicyLoaderMac::GetManagedPolicyPath(bundle_id
),
379 new MacPreferences(), bundle_id
));
380 #elif defined(OS_POSIX) && !defined(OS_ANDROID)
381 policy_loader
.reset(new policy::ConfigDirPolicyLoader(
383 base::FilePath(FILE_PATH_LITERAL("/etc/opt/chrome/policies")),
384 policy::POLICY_SCOPE_MACHINE
));
386 #error OS that is not yet supported by PolicyWatcher code.
389 return PolicyWatcher::CreateFromPolicyLoader(policy_loader
.Pass());
390 #endif // !(OS_CHROMEOS)
393 } // namespace remoting