Chromium Code Reviews Chromium Code Reviews
Issue 6821075:
Chrome-side lockbox bindings (Closed)
Base URL: http://git.chromium.org/git/chromium.git@trunk| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/login/enterprise_enrollment_screen.h" | 5 #include "chrome/browser/chromeos/login/enterprise_enrollment_screen.h" |
| 6 | 6 |
| 7 #include "base/logging.h" | 7 #include "base/logging.h" |
| 8 #include "chrome/browser/browser_process.h" | 8 #include "chrome/browser/browser_process.h" |
| 9 #include "chrome/browser/chromeos/cros/cros_library.h" | |
| 10 #include "chrome/browser/chromeos/cros/cryptohome_library.h" | |
| 9 #include "chrome/browser/chromeos/login/screen_observer.h" | 11 #include "chrome/browser/chromeos/login/screen_observer.h" |
| 10 #include "chrome/browser/policy/browser_policy_connector.h" | 12 #include "chrome/browser/policy/browser_policy_connector.h" |
| 11 #include "chrome/common/net/gaia/gaia_constants.h" | 13 #include "chrome/common/net/gaia/gaia_constants.h" |
| 12 | 14 |
| 13 namespace chromeos { | 15 namespace chromeos { |
| 14 | 16 |
| 17 // Retry for lockbox initialization every 500ms. | |
| 18 const int kLockboxRetryIntervalMs = 500; | |
| 19 | |
| 15 EnterpriseEnrollmentScreen::EnterpriseEnrollmentScreen( | 20 EnterpriseEnrollmentScreen::EnterpriseEnrollmentScreen( |
| 16 WizardScreenDelegate* delegate) | 21 WizardScreenDelegate* delegate) |
| 17 : ViewScreen<EnterpriseEnrollmentView>(delegate) {} | 22 : ViewScreen<EnterpriseEnrollmentView>(delegate), |
| 23 ALLOW_THIS_IN_INITIALIZER_LIST(runnable_method_factory_(this)) {} | |
| 18 | 24 |
| 19 EnterpriseEnrollmentScreen::~EnterpriseEnrollmentScreen() {} | 25 EnterpriseEnrollmentScreen::~EnterpriseEnrollmentScreen() {} |
| 20 | 26 |
| 21 void EnterpriseEnrollmentScreen::Authenticate(const std::string& user, | 27 void EnterpriseEnrollmentScreen::Authenticate(const std::string& user, |
| 22 const std::string& password, | 28 const std::string& password, |
| 23 const std::string& captcha, | 29 const std::string& captcha, |
| 24 const std::string& access_code) { | 30 const std::string& access_code) { |
| 25 captcha_token_.clear(); | 31 captcha_token_.clear(); |
| 26 user_ = user; | 32 user_ = user; |
| 27 auth_fetcher_.reset( | 33 auth_fetcher_.reset( |
| (...skipping 22 matching lines...) Expand all Loading... | |
| 50 } | 56 } |
| 51 | 57 |
| 52 void EnterpriseEnrollmentScreen::CloseConfirmation() { | 58 void EnterpriseEnrollmentScreen::CloseConfirmation() { |
| 53 auth_fetcher_.reset(); | 59 auth_fetcher_.reset(); |
| 54 ScreenObserver* observer = delegate()->GetObserver(this); | 60 ScreenObserver* observer = delegate()->GetObserver(this); |
| 55 observer->OnExit(ScreenObserver::ENTERPRISE_ENROLLMENT_COMPLETED); | 61 observer->OnExit(ScreenObserver::ENTERPRISE_ENROLLMENT_COMPLETED); |
| 56 } | 62 } |
| 57 | 63 |
| 58 void EnterpriseEnrollmentScreen::OnClientLoginSuccess( | 64 void EnterpriseEnrollmentScreen::OnClientLoginSuccess( |
| 59 const ClientLoginResult& result) { | 65 const ClientLoginResult& result) { |
| 60 auth_fetcher_->StartIssueAuthToken(result.sid, result.lsid, | 66 WriteLockboxData(result); |
| 61 GaiaConstants::kDeviceManagementService); | |
| 62 } | 67 } |
| 63 | 68 |
| 64 void EnterpriseEnrollmentScreen::OnClientLoginFailure( | 69 void EnterpriseEnrollmentScreen::OnClientLoginFailure( |
| 65 const GoogleServiceAuthError& error) { | 70 const GoogleServiceAuthError& error) { |
| 66 HandleAuthError(error); | 71 HandleAuthError(error); |
| 67 } | 72 } |
| 68 | 73 |
| 69 void EnterpriseEnrollmentScreen::OnIssueAuthTokenSuccess( | 74 void EnterpriseEnrollmentScreen::OnIssueAuthTokenSuccess( |
| 70 const std::string& service, | 75 const std::string& service, |
| 71 const std::string& auth_token) { | 76 const std::string& auth_token) { |
| (...skipping 98 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 170 // fall through. | 175 // fall through. |
| 171 case GoogleServiceAuthError::REQUEST_CANCELED: | 176 case GoogleServiceAuthError::REQUEST_CANCELED: |
| 172 LOG(ERROR) << "Unexpected GAIA auth error: " << error.state(); | 177 LOG(ERROR) << "Unexpected GAIA auth error: " << error.state(); |
| 173 view()->ShowFatalAuthError(); | 178 view()->ShowFatalAuthError(); |
| 174 return; | 179 return; |
| 175 } | 180 } |
| 176 | 181 |
| 177 NOTREACHED() << error.state(); | 182 NOTREACHED() << error.state(); |
| 178 } | 183 } |
| 179 | 184 |
| 185 void EnterpriseEnrollmentScreen::WriteLockboxData( | |
| 186 const ClientLoginResult& result) { | |
| 187 // Since this method is also called directly. | |
| 188 runnable_method_factory_.RevokeAll(); | |
| 189 | |
| 190 chromeos::CryptohomeLibrary* cryptohome = | |
| 191 chromeos::CrosLibrary::Get()->GetCryptohomeLibrary(); | |
| 192 if (!cryptohome->InstallAttributesIsReady()) { | |
| 193 // Lockbox is not read yet, reschedule pulling. | |
|
kmixter1
2011/04/15 02:06:51
ready
pastarmovj
2011/04/15 10:05:01
Done.
| |
| 194 LOG(WARNING) << "Lockbox is not ready yet will retry in " | |
| 195 << kLockboxRetryIntervalMs << "ms."; | |
| 196 MessageLoop::current()->PostDelayedTask( | |
| 197 FROM_HERE, | |
| 198 runnable_method_factory_.NewRunnableMethod( | |
| 199 &EnterpriseEnrollmentScreen::WriteLockboxData, result), | |
| 200 kLockboxRetryIntervalMs); | |
| 201 } else { | |
| 202 // Clearing the TPM password seems to be always a good deal. | |
| 203 if (cryptohome->TpmIsEnabled() && !cryptohome->TpmIsBeingOwned() && | |
| 204 cryptohome->TpmIsOwned()) { | |
| 205 cryptohome->TpmClearStoredPassword(); | |
| 206 } | |
| 207 // Make sure we really have a working lockbox. | |
| 208 if (cryptohome->InstallAttributesIsInvalid()) { | |
| 209 LOG(ERROR) << "Enrollment can not proceed because the lockbox " | |
| 210 << "is corrupt or failed to initialize!"; | |
| 211 view()->ShowFatalEnrollmentError(); | |
| 212 } | |
| 213 if (!cryptohome->InstallAttributesIsFirstInstall()) { | |
| 214 LOG(ERROR) << "Enrollment can not proceed because the lockbox " | |
| 215 << "has been altered already!"; | |
|
Will Drewry
2011/04/15 02:38:19
s/altered/finalized (or locked :)
pastarmovj
2011/04/15 10:05:01
Done.
| |
| 216 view()->ShowFatalEnrollmentError(); | |
| 217 } | |
| 218 // Set values in the lockbox and lock it. | |
| 219 DCHECK(cryptohome->InstallAttributesIsFirstInstall()); | |
| 220 cryptohome->InstallAttributesSet("enterprise.owned", "true"); | |
| 221 cryptohome->InstallAttributesSet("enterprise.user", user_); | |
| 222 DCHECK(cryptohome->InstallAttributesCount() == 2); | |
| 223 cryptohome->InstallAttributesFinalize(); | |
| 224 if (cryptohome->InstallAttributesIsFirstInstall()) { | |
| 225 LOG(ERROR) << "Enrollment can not proceed because the lockbox " | |
| 226 << "can not be sealed!"; | |
| 227 view()->ShowFatalEnrollmentError(); | |
| 228 } else { | |
| 229 auth_fetcher_->StartIssueAuthToken( | |
| 230 result.sid, result.lsid, GaiaConstants::kDeviceManagementService); | |
| 231 } | |
| 232 } | |
| 233 } | |
| 234 | |
| 180 } // namespace chromeos | 235 } // namespace chromeos |
| OLD | NEW |
