Chromium Code Reviews Chromium Code Reviews
Issue 6821075:
Chrome-side lockbox bindings (Closed)
Base URL: http://git.chromium.org/git/chromium.git@trunk| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/login/enterprise_enrollment_screen.h" | 5 #include "chrome/browser/chromeos/login/enterprise_enrollment_screen.h" |
| 6 | 6 |
| 7 #include "base/logging.h" | 7 #include "base/logging.h" |
| 8 #include "chrome/browser/browser_process.h" | 8 #include "chrome/browser/browser_process.h" |
| 9 #include "chrome/browser/chromeos/cros/cros_library.h" | |
| 10 #include "chrome/browser/chromeos/cros/cryptohome_library.h" | |
| 9 #include "chrome/browser/chromeos/login/screen_observer.h" | 11 #include "chrome/browser/chromeos/login/screen_observer.h" |
| 10 #include "chrome/browser/policy/browser_policy_connector.h" | 12 #include "chrome/browser/policy/browser_policy_connector.h" |
| 11 #include "chrome/common/net/gaia/gaia_constants.h" | 13 #include "chrome/common/net/gaia/gaia_constants.h" |
| 12 | 14 |
| 13 namespace chromeos { | 15 namespace chromeos { |
| 14 | 16 |
| 17 // Retry for lockbox initialization every 500ms. | |
| 18 const int kLockboxRetryIntervalMs = 500; | |
| 19 | |
| 15 EnterpriseEnrollmentScreen::EnterpriseEnrollmentScreen( | 20 EnterpriseEnrollmentScreen::EnterpriseEnrollmentScreen( |
| 16 WizardScreenDelegate* delegate) | 21 WizardScreenDelegate* delegate) |
| 17 : ViewScreen<EnterpriseEnrollmentView>(delegate) {} | 22 : ViewScreen<EnterpriseEnrollmentView>(delegate), |
| 23 ALLOW_THIS_IN_INITIALIZER_LIST(runnable_method_factory_(this)) { | |
| 24 // Init lockbox if it has not been done until now (in debug build we might | |
| 25 // have not domne that yet). | |
|
Mattias Nissler (ping if slow)
2011/04/15 18:17:58
s/domne/done/
pastarmovj
2011/04/15 18:44:49
Done.
| |
| 26 chromeos::CryptohomeLibrary* cryptohome = | |
| 27 chromeos::CrosLibrary::Get()->GetCryptohomeLibrary(); | |
| 28 if (cryptohome) { | |
| 29 if (cryptohome->TpmIsEnabled() && !cryptohome->TpmIsBeingOwned() && | |
|
Mattias Nissler (ping if slow)
2011/04/15 18:17:58
for readability ,you might want to break after the
pastarmovj
2011/04/15 18:44:49
Done.
| |
| 30 !cryptohome->TpmIsOwned()) { | |
| 31 cryptohome->TpmCanAttemptOwnership(); | |
| 32 } | |
| 33 } | |
| 34 } | |
| 18 | 35 |
| 19 EnterpriseEnrollmentScreen::~EnterpriseEnrollmentScreen() {} | 36 EnterpriseEnrollmentScreen::~EnterpriseEnrollmentScreen() {} |
| 20 | 37 |
| 21 void EnterpriseEnrollmentScreen::Authenticate(const std::string& user, | 38 void EnterpriseEnrollmentScreen::Authenticate(const std::string& user, |
| 22 const std::string& password, | 39 const std::string& password, |
| 23 const std::string& captcha, | 40 const std::string& captcha, |
| 24 const std::string& access_code) { | 41 const std::string& access_code) { |
| 25 captcha_token_.clear(); | 42 captcha_token_.clear(); |
| 26 user_ = user; | 43 user_ = user; |
| 27 auth_fetcher_.reset( | 44 auth_fetcher_.reset( |
| (...skipping 20 matching lines...) Expand all Loading... | |
| 48 ScreenObserver* observer = delegate()->GetObserver(this); | 65 ScreenObserver* observer = delegate()->GetObserver(this); |
| 49 observer->OnExit(ScreenObserver::ENTERPRISE_ENROLLMENT_CANCELLED); | 66 observer->OnExit(ScreenObserver::ENTERPRISE_ENROLLMENT_CANCELLED); |
| 50 } | 67 } |
| 51 | 68 |
| 52 void EnterpriseEnrollmentScreen::CloseConfirmation() { | 69 void EnterpriseEnrollmentScreen::CloseConfirmation() { |
| 53 auth_fetcher_.reset(); | 70 auth_fetcher_.reset(); |
| 54 ScreenObserver* observer = delegate()->GetObserver(this); | 71 ScreenObserver* observer = delegate()->GetObserver(this); |
| 55 observer->OnExit(ScreenObserver::ENTERPRISE_ENROLLMENT_COMPLETED); | 72 observer->OnExit(ScreenObserver::ENTERPRISE_ENROLLMENT_COMPLETED); |
| 56 } | 73 } |
| 57 | 74 |
| 75 bool EnterpriseEnrollmentScreen::GetInitialUser(std::string* user) { | |
| 76 chromeos::CryptohomeLibrary* cryptohome = | |
| 77 chromeos::CrosLibrary::Get()->GetCryptohomeLibrary(); | |
| 78 if (cryptohome && cryptohome->InstallAttributesIsReady() && | |
| 79 !cryptohome->InstallAttributesIsFirstInstall()) { | |
|
Mattias Nissler (ping if slow)
2011/04/15 18:17:58
same here.
pastarmovj
2011/04/15 18:44:49
Done.
| |
| 80 std::string value; | |
| 81 if (cryptohome->InstallAttributesGet("enterprise.owned", &value) && | |
| 82 0 == value.compare("true")) { | |
|
Mattias Nissler (ping if slow)
2011/04/15 18:17:58
value == "true"?
pastarmovj
2011/04/15 18:44:49
Done.
| |
| 83 if (cryptohome->InstallAttributesGet("enterprise.user", &value)) { | |
| 84 // If we landed in the enrollment dialogue with a locked lockbox this | |
| 85 // would mean we might only want to reenroll with the DMServer so lock | |
| 86 // the username to what has been stored in the lockbox already. | |
| 87 *user = value; | |
| 88 view()->editable_user(false); | |
|
Mattias Nissler (ping if slow)
2011/04/15 18:17:58
make it set_editable_user :)
Mattias Nissler (ping if slow)
2011/04/15 18:17:58
Please wrap in if (view())
pastarmovj
2011/04/15 18:44:49
Done.
pastarmovj
2011/04/15 18:44:49
Done.
| |
| 89 return true; | |
| 90 } | |
| 91 } | |
| 92 LOG(ERROR) << "Enrollment will not finish because the lockbox has been " | |
| 93 << "locked already but does not contain valid data."; | |
| 94 } | |
| 95 return false; | |
| 96 } | |
| 97 | |
| 58 void EnterpriseEnrollmentScreen::OnClientLoginSuccess( | 98 void EnterpriseEnrollmentScreen::OnClientLoginSuccess( |
| 59 const ClientLoginResult& result) { | 99 const ClientLoginResult& result) { |
| 60 auth_fetcher_->StartIssueAuthToken(result.sid, result.lsid, | 100 WriteInstallAttributesData(result); |
| 61 GaiaConstants::kDeviceManagementService); | |
| 62 } | 101 } |
| 63 | 102 |
| 64 void EnterpriseEnrollmentScreen::OnClientLoginFailure( | 103 void EnterpriseEnrollmentScreen::OnClientLoginFailure( |
| 65 const GoogleServiceAuthError& error) { | 104 const GoogleServiceAuthError& error) { |
| 66 HandleAuthError(error); | 105 HandleAuthError(error); |
| 67 } | 106 } |
| 68 | 107 |
| 69 void EnterpriseEnrollmentScreen::OnIssueAuthTokenSuccess( | 108 void EnterpriseEnrollmentScreen::OnIssueAuthTokenSuccess( |
| 70 const std::string& service, | 109 const std::string& service, |
| 71 const std::string& auth_token) { | 110 const std::string& auth_token) { |
| (...skipping 98 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 170 // fall through. | 209 // fall through. |
| 171 case GoogleServiceAuthError::REQUEST_CANCELED: | 210 case GoogleServiceAuthError::REQUEST_CANCELED: |
| 172 LOG(ERROR) << "Unexpected GAIA auth error: " << error.state(); | 211 LOG(ERROR) << "Unexpected GAIA auth error: " << error.state(); |
| 173 view()->ShowFatalAuthError(); | 212 view()->ShowFatalAuthError(); |
| 174 return; | 213 return; |
| 175 } | 214 } |
| 176 | 215 |
| 177 NOTREACHED() << error.state(); | 216 NOTREACHED() << error.state(); |
| 178 } | 217 } |
| 179 | 218 |
| 219 void EnterpriseEnrollmentScreen::WriteInstallAttributesData( | |
| 220 const ClientLoginResult& result) { | |
| 221 // Since this method is also called directly. | |
| 222 runnable_method_factory_.RevokeAll(); | |
| 223 | |
|
Mattias Nissler (ping if slow)
2011/04/15 18:17:58
if (!view())
return;
pastarmovj
2011/04/15 18:44:49
Done.
| |
| 224 chromeos::CryptohomeLibrary* cryptohome = | |
| 225 chromeos::CrosLibrary::Get()->GetCryptohomeLibrary(); | |
| 226 if (!cryptohome) { | |
| 227 LOG(ERROR) << "Enrollment can not proceed because the lockbox can not " | |
| 228 << "be accessed."; | |
| 229 view()->ShowFatalEnrollmentError(); | |
| 230 return; | |
| 231 } | |
| 232 | |
| 233 if (!cryptohome->InstallAttributesIsReady()) { | |
| 234 // Lockbox is not ready yet, reschedule pulling. | |
| 235 LOG(WARNING) << "Lockbox is not ready yet will retry in " | |
| 236 << kLockboxRetryIntervalMs << "ms."; | |
| 237 MessageLoop::current()->PostDelayedTask( | |
| 238 FROM_HERE, | |
| 239 runnable_method_factory_.NewRunnableMethod( | |
| 240 &EnterpriseEnrollmentScreen::WriteInstallAttributesData, result), | |
| 241 kLockboxRetryIntervalMs); | |
|
Mattias Nissler (ping if slow)
2011/04/15 18:17:58
early return and remove block below?
pastarmovj
2011/04/15 18:44:49
Done.
| |
| 242 } else { | |
| 243 // Clearing the TPM password seems to be always a good deal. | |
| 244 if (cryptohome->TpmIsEnabled() && !cryptohome->TpmIsBeingOwned() && | |
|
Mattias Nissler (ping if slow)
2011/04/15 18:17:58
line break condition breaking?
pastarmovj
2011/04/15 18:44:49
Done.
| |
| 245 cryptohome->TpmIsOwned()) { | |
| 246 cryptohome->TpmClearStoredPassword(); | |
| 247 } | |
| 248 // Make sure we really have a working lockbox. | |
| 249 if (cryptohome->InstallAttributesIsInvalid()) { | |
| 250 LOG(ERROR) << "Enrollment can not proceed because the lockbox " | |
| 251 << "is corrupt or failed to initialize!"; | |
| 252 view()->ShowFatalEnrollmentError(); | |
|
Mattias Nissler (ping if slow)
2011/04/15 18:17:58
return;
pastarmovj
2011/04/15 18:44:49
Done.
| |
| 253 } | |
| 254 if (!cryptohome->InstallAttributesIsFirstInstall()) { | |
| 255 std::string value; | |
| 256 if (cryptohome->InstallAttributesGet("enterprise.owned", &value) && | |
| 257 0 == value.compare("true")) { | |
|
Mattias Nissler (ping if slow)
2011/04/15 18:17:58
value == "true". Might want to introduce a char co
pastarmovj
2011/04/15 18:44:49
Done the == but for now i don't see much need in i
| |
| 258 if (cryptohome->InstallAttributesGet("enterprise.user", &value)) { | |
| 259 if (value == user_) { | |
| 260 // If we landed here with a locked lockbox this would mean we might | |
| 261 // only want to reenroll with the DMServer so lock just continue. | |
| 262 auth_fetcher_->StartIssueAuthToken( | |
| 263 result.sid, result.lsid, | |
| 264 GaiaConstants::kDeviceManagementService); | |
| 265 return; | |
| 266 } | |
| 267 } | |
| 268 } | |
| 269 | |
| 270 LOG(ERROR) << "Enrollment can not proceed because the lockbox " | |
| 271 << "has been locked already!"; | |
| 272 view()->ShowFatalEnrollmentError(); | |
|
Mattias Nissler (ping if slow)
2011/04/15 18:17:58
early return and remove else block?
pastarmovj
2011/04/15 18:44:49
Done.
| |
| 273 } else { | |
| 274 // Set values in the lockbox and lock it. | |
| 275 DCHECK(cryptohome->InstallAttributesIsFirstInstall()); | |
| 276 cryptohome->InstallAttributesSet("enterprise.owned", "true"); | |
| 277 cryptohome->InstallAttributesSet("enterprise.user", user_); | |
| 278 DCHECK(cryptohome->InstallAttributesCount() == 2); | |
| 279 cryptohome->InstallAttributesFinalize(); | |
| 280 if (cryptohome->InstallAttributesIsFirstInstall()) { | |
| 281 LOG(ERROR) << "Enrollment can not proceed because the lockbox " | |
| 282 << "can not be sealed!"; | |
| 283 view()->ShowFatalEnrollmentError(); | |
| 284 } else { | |
| 285 auth_fetcher_->StartIssueAuthToken( | |
| 286 result.sid, result.lsid, GaiaConstants::kDeviceManagementService); | |
| 287 } | |
| 288 } | |
| 289 } | |
| 290 } | |
| 291 | |
| 180 } // namespace chromeos | 292 } // namespace chromeos |
| OLD | NEW |
