• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef COMPONENTS_POLICY_CORE_COMMON_POLICY_LOADER_WIN_H_
6 #define COMPONENTS_POLICY_CORE_COMMON_POLICY_LOADER_WIN_H_
7 
8 #include <windows.h>
9 #include <userenv.h>
10 
11 #include "base/basictypes.h"
12 #include "base/files/file_path.h"
13 #include "base/memory/ref_counted.h"
14 #include "base/memory/scoped_ptr.h"
15 #include "base/strings/string16.h"
16 #include "base/synchronization/waitable_event.h"
17 #include "base/win/object_watcher.h"
18 #include "components/policy/core/common/async_policy_loader.h"
19 #include "components/policy/core/common/policy_types.h"
20 #include "components/policy/policy_export.h"
21 
22 namespace base {
23 class SequencedTaskRunner;
24 }
25 
26 namespace policy {
27 
28 class AppliedGPOListProvider;
29 class PolicyLoadStatusSample;
30 class PolicyMap;
31 class RegistryDict;
32 
33 // Interface for mocking out GPO enumeration in tests.
34 class POLICY_EXPORT AppliedGPOListProvider {
35  public:
~AppliedGPOListProvider()36   virtual ~AppliedGPOListProvider() {}
37   virtual DWORD GetAppliedGPOList(DWORD flags,
38                                   LPCTSTR machine_name,
39                                   PSID sid_user,
40                                   GUID* extension_guid,
41                                   PGROUP_POLICY_OBJECT* gpo_list) = 0;
42   virtual BOOL FreeGPOList(PGROUP_POLICY_OBJECT gpo_list) = 0;
43 };
44 
45 // Loads policies from the Windows registry, and watches for Group Policy
46 // notifications to trigger reloads.
47 class POLICY_EXPORT PolicyLoaderWin
48     : public AsyncPolicyLoader,
49       public base::win::ObjectWatcher::Delegate {
50  public:
51   // The PReg file name used by GPO.
52   static const base::FilePath::CharType kPRegFileName[];
53 
54   PolicyLoaderWin(scoped_refptr<base::SequencedTaskRunner> task_runner,
55                   const base::string16& chrome_policy_key,
56                   AppliedGPOListProvider* gpo_provider);
57   virtual ~PolicyLoaderWin();
58 
59   // Creates a policy loader that uses the Win API to access GPO.
60   static scoped_ptr<PolicyLoaderWin> Create(
61       scoped_refptr<base::SequencedTaskRunner> task_runner,
62       const base::string16& chrome_policy_key);
63 
64   // AsyncPolicyLoader implementation.
65   virtual void InitOnBackgroundThread() OVERRIDE;
66   virtual scoped_ptr<PolicyBundle> Load() OVERRIDE;
67 
68  private:
69   // Reads Chrome Policy from a PReg file at the given path and stores the
70   // result in |policy|.
71   bool ReadPRegFile(const base::FilePath& preg_file,
72                     RegistryDict* policy,
73                     PolicyLoadStatusSample *status);
74 
75   // Loads and parses GPO policy in |policy_object_list| for scope |scope|. If
76   // successful, stores the result in |policy| and returns true. Returns false
77   // on failure reading the policy, indicating that policy loading should fall
78   // back to reading the registry.
79   bool LoadGPOPolicy(PolicyScope scope,
80                      PGROUP_POLICY_OBJECT policy_object_list,
81                      RegistryDict* policy,
82                      PolicyLoadStatusSample *status);
83 
84   // Queries Windows for applied group policy and writes the result to |policy|.
85   // This is the preferred way to obtain GPO data, there are reports of abuse
86   // of the registry GPO keys by 3rd-party software.
87   bool ReadPolicyFromGPO(PolicyScope scope,
88                          RegistryDict* policy,
89                          PolicyLoadStatusSample *status);
90 
91   // Parses Chrome policy from |gpo_dict| for the given |scope| and |level| and
92   // merges it into |chrome_policy_map|.
93   void LoadChromePolicy(const RegistryDict* gpo_dict,
94                         PolicyLevel level,
95                         PolicyScope scope,
96                         PolicyMap* chrome_policy_map);
97 
98   // Loads 3rd-party policy from |gpo_dict| and merges it into |bundle|.
99   void Load3rdPartyPolicy(const RegistryDict* gpo_dict,
100                           PolicyScope scope,
101                           PolicyBundle* bundle);
102 
103   // Installs the watchers for the Group Policy update events.
104   void SetupWatches();
105 
106   // ObjectWatcher::Delegate overrides:
107   virtual void OnObjectSignaled(HANDLE object) OVERRIDE;
108 
109   bool is_initialized_;
110   const base::string16 chrome_policy_key_;
111   class AppliedGPOListProvider* gpo_provider_;
112 
113   base::WaitableEvent user_policy_changed_event_;
114   base::WaitableEvent machine_policy_changed_event_;
115   base::win::ObjectWatcher user_policy_watcher_;
116   base::win::ObjectWatcher machine_policy_watcher_;
117   bool user_policy_watcher_failed_;
118   bool machine_policy_watcher_failed_;
119 
120   DISALLOW_COPY_AND_ASSIGN(PolicyLoaderWin);
121 };
122 
123 }  // namespace policy
124 
125 #endif  // COMPONENTS_POLICY_CORE_COMMON_POLICY_LOADER_WIN_H_
126