forked from chromium/chromium
-
Notifications
You must be signed in to change notification settings - Fork 0
/
auth_policy_client.h
89 lines (72 loc) · 3.88 KB
/
auth_policy_client.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
// Copyright 2016 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CHROMEOS_DBUS_AUTH_POLICY_CLIENT_H_
#define CHROMEOS_DBUS_AUTH_POLICY_CLIENT_H_
#include <string>
#include "base/callback.h"
#include "chromeos/chromeos_export.h"
#include "chromeos/dbus/authpolicy/active_directory_info.pb.h"
#include "chromeos/dbus/dbus_client.h"
#include "third_party/cros_system_api/dbus/service_constants.h"
class AccountId;
namespace chromeos {
// AuthPolicyClient is used to communicate with the org.chromium.AuthPolicy
// sevice. All method should be called from the origin thread (UI thread) which
// initializes the DBusThreadManager instance.
class CHROMEOS_EXPORT AuthPolicyClient : public DBusClient {
public:
using AuthCallback = base::OnceCallback<void(
authpolicy::ErrorType error,
const authpolicy::ActiveDirectoryAccountInfo& account_info)>;
using GetUserStatusCallback = base::OnceCallback<void(
authpolicy::ErrorType error,
const authpolicy::ActiveDirectoryUserStatus& user_status)>;
using JoinCallback = base::OnceCallback<void(authpolicy::ErrorType error)>;
using RefreshPolicyCallback = base::OnceCallback<void(bool success)>;
~AuthPolicyClient() override;
// Factory function, creates a new instance and returns ownership.
// For normal usage, access the singleton via DBusThreadManager::Get().
static AuthPolicyClient* Create();
// Calls JoinADDomain. It runs "net ads join ..." which joins machine to
// Active directory domain.
// |machine_name| is a name for a local machine. |user_principal_name|,
// |password_fd| are credentials of the Active directory account which has
// right to join the machine to the domain. |password_fd| is a file descriptor
// password is read from. The caller should close it after the call.
// |callback| is called after getting (or failing to get) D-BUS response.
virtual void JoinAdDomain(const std::string& machine_name,
const std::string& user_principal_name,
int password_fd,
JoinCallback callback) = 0;
// Calls AuthenticateUser. It runs "kinit <user_principal_name> .. " which
// does kerberos authentication against Active Directory server. If
// |object_guid| is not empty authpolicy service first does ldap search by
// that |object_guid| for samAccountName and uses it for kinit. |password_fd|
// is similar to the one in the JoinAdDomain. |callback| is called after
// getting (or failing to get) D-BUS response.
virtual void AuthenticateUser(const std::string& user_principal_name,
const std::string& object_guid,
int password_fd,
AuthCallback callback) = 0;
// Calls GetUserStatus. If Active Directory server is online it fetches
// ActiveDirectoryUserStatus for the user specified by |object_guid|.
// |callback| is called after getting (or failing to get) D-Bus response.
virtual void GetUserStatus(const std::string& object_guid,
GetUserStatusCallback callback) = 0;
// Calls RefreshDevicePolicy - handle policy for the device.
// Fetch GPO files from Active directory server, parse it, encode it into
// protobuf and send to SessionManager. Callback is called after that.
virtual void RefreshDevicePolicy(RefreshPolicyCallback callback) = 0;
// Calls RefreshUserPolicy - handle policy for the user specified by
// |account_id|. Similar to RefreshDevicePolicy.
virtual void RefreshUserPolicy(const AccountId& account_id,
RefreshPolicyCallback callback) = 0;
protected:
// Create() should be used instead.
AuthPolicyClient();
private:
DISALLOW_COPY_AND_ASSIGN(AuthPolicyClient);
};
} // namespace chromeos
#endif // CHROMEOS_DBUS_AUTH_POLICY_CLIENT_H_