remoting/host/policy_hack/policy_watcher.h

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef REMOTING_HOST_POLICY_HACK_POLICY_WATCHER_H_
   6 #define REMOTING_HOST_POLICY_HACK_POLICY_WATCHER_H_
   7
   8 #include "base/callback.h"
   9 #include "base/memory/weak_ptr.h"
  10 #include "base/values.h"
  11 #include "components/policy/core/common/policy_service.h"
  12
  13 namespace base {
  14 class SingleThreadTaskRunner;
  15 class TimeDelta;
  16 class WaitableEvent;
  17 }  // namespace base
  18
  19 namespace remoting {
  20 namespace policy_hack {
  21
  22 // Watches for changes to the managed remote access host policies.
  23 // If StartWatching() has been called, then before this object can be deleted,
  24 // StopWatching() have completed (the provided |done| event must be signaled).
  25 class PolicyWatcher {
  26  public:
  27   // Called first with all policies, and subsequently with any changed policies.
  28   typedef base::Callback<void(scoped_ptr<base::DictionaryValue>)>
  29       PolicyUpdatedCallback;
  30
  31   // Called after detecting malformed policies.
  32   typedef base::Callback<void()> PolicyErrorCallback;
  33
  34   explicit PolicyWatcher(
  35       scoped_refptr<base::SingleThreadTaskRunner> task_runner);
  36   virtual ~PolicyWatcher();
  37
  38   // This guarantees that the |policy_updated_callback| is called at least once
  39   // with the current policies.  After that, |policy_updated_callback| will be
  40   // called whenever a change to any policy is detected. It will then be called
  41   // only with the changed policies.
  42   //
  43   // |policy_error_callback| will be called when malformed policies are detected
  44   // (i.e. wrong type of policy value, or unparseable files under
  45   // /etc/opt/chrome/policies/managed).
  46   // When called, the |policy_error_callback| is responsible for mitigating the
  47   // security risk of running with incorrectly formulated policies (by either
  48   // shutting down or locking down the host).
  49   // After calling |policy_error_callback| PolicyWatcher will continue watching
  50   // for policy changes and will call |policy_updated_callback| when the error
  51   // is recovered from and may call |policy_error_callback| when new errors are
  52   // found.
  53   virtual void StartWatching(
  54       const PolicyUpdatedCallback& policy_updated_callback,
  55       const PolicyErrorCallback& policy_error_callback);
  56
  57   // Should be called after StartWatching() before the object is deleted. Calls
  58   // should wait for |stopped_callback| to be called before deleting it.
  59   virtual void StopWatching(const base::Closure& stopped_callback);
  60
  61   // Implemented by each platform.  |task_runner| should be an IO message loop.
  62   // |policy_service| is currently only used on ChromeOS.  The caller must
  63   // ensure that |policy_service| remains valid for the lifetime of
  64   // PolicyWatcher.
  65   static scoped_ptr<PolicyWatcher> Create(
  66       policy::PolicyService* policy_service,
  67       scoped_refptr<base::SingleThreadTaskRunner> task_runner);
  68
  69   // The name of the NAT traversal policy.
  70   static const char kNatPolicyName[];
  71
  72   // The name of the policy for requiring 2-factor authentication.
  73   static const char kHostRequireTwoFactorPolicyName[];
  74
  75   // The name of the host domain policy.
  76   static const char kHostDomainPolicyName[];
  77
  78   // The name of the username policy. This policy is ignored on Windows.
  79   // This policy is currently considered 'internal only' and so is not
  80   // documented in policy_templates.json.
  81   static const char kHostMatchUsernamePolicyName[];
  82
  83   // The name of the policy that controls the host talkgadget prefix.
  84   static const char kHostTalkGadgetPrefixPolicyName[];
  85
  86   // The name of the policy for requiring curtain-mode.
  87   static const char kHostRequireCurtainPolicyName[];
  88
  89   // The names of the policies for token authentication URLs.
  90   static const char kHostTokenUrlPolicyName[];
  91   static const char kHostTokenValidationUrlPolicyName[];
  92   static const char kHostTokenValidationCertIssuerPolicyName[];
  93
  94   // The name of the policy for disabling PIN-less authentication.
  95   static const char kHostAllowClientPairing[];
  96
  97   // The name of the policy for disabling gnubbyd forwarding.
  98   static const char kHostAllowGnubbyAuthPolicyName[];
  99
 100   // The name of the policy for allowing use of relay servers.
 101   static const char kRelayPolicyName[];
 102
 103   // The name of the policy that restricts the range of host UDP ports.
 104   static const char kUdpPortRangePolicyName[];
 105
 106   // The name of the policy for overriding policies, for use in testing.
 107   static const char kHostDebugOverridePoliciesName[];
 108
 109  protected:
 110   virtual void StartWatchingInternal() = 0;
 111   virtual void StopWatchingInternal() = 0;
 112   virtual void Reload() = 0;
 113
 114   // Used to check if the class is on the right thread.
 115   bool OnPolicyWatcherThread() const;
 116
 117   // Takes the policy dictionary from the OS specific store and extracts the
 118   // relevant policies.
 119   void UpdatePolicies(const base::DictionaryValue* new_policy);
 120
 121   // Signals policy error to the registered |PolicyErrorCallback|.
 122   void SignalPolicyError();
 123
 124   // Called whenever a transient error occurs during reading of policy files.
 125   // This will increment a counter, and will trigger a call to
 126   // SignalPolicyError() only after a threshold count is reached.
 127   // The counter is reset whenever policy has been successfully read.
 128   void SignalTransientPolicyError();
 129
 130   // Used for time-based reloads in case something goes wrong with the
 131   // notification system.
 132   void ScheduleFallbackReloadTask();
 133   void ScheduleReloadTask(const base::TimeDelta& delay);
 134
 135   // Returns a DictionaryValue containing the default values for each policy.
 136   const base::DictionaryValue& Defaults() const;
 137
 138  private:
 139   void StopWatchingOnPolicyWatcherThread();
 140   scoped_refptr<base::SingleThreadTaskRunner> task_runner_;
 141
 142   PolicyUpdatedCallback policy_updated_callback_;
 143   PolicyErrorCallback policy_error_callback_;
 144   int transient_policy_error_retry_counter_;
 145
 146   scoped_ptr<base::DictionaryValue> old_policies_;
 147   scoped_ptr<base::DictionaryValue> default_values_;
 148   scoped_ptr<base::DictionaryValue> bad_type_values_;
 149
 150   // Allows us to cancel any inflight FileWatcher events or scheduled reloads.
 151   base::WeakPtrFactory<PolicyWatcher> weak_factory_;
 152 };
 153
 154 }  // namespace policy_hack
 155 }  // namespace remoting
 156
 157 #endif  // REMOTING_HOST_POLICY_HACK_POLICY_WATCHER_H_