OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/chromeos/login/enterprise_enrollment_screen.h" | 5 #include "chrome/browser/chromeos/login/enterprise_enrollment_screen.h" |
6 | 6 |
7 #include "base/logging.h" | 7 #include "base/logging.h" |
8 #include "chrome/browser/browser_process.h" | 8 #include "chrome/browser/browser_process.h" |
9 #include "chrome/browser/chromeos/cros/cros_library.h" | 9 #include "chrome/browser/chromeos/cros/cros_library.h" |
10 #include "chrome/browser/chromeos/cros/cryptohome_library.h" | 10 #include "chrome/browser/chromeos/cros/cryptohome_library.h" |
11 #include "chrome/browser/chromeos/login/screen_observer.h" | 11 #include "chrome/browser/chromeos/login/screen_observer.h" |
12 #include "chrome/browser/policy/browser_policy_connector.h" | 12 #include "chrome/browser/policy/browser_policy_connector.h" |
13 #include "chrome/common/net/gaia/gaia_constants.h" | 13 #include "chrome/common/net/gaia/gaia_constants.h" |
14 | 14 |
15 namespace chromeos { | 15 namespace chromeos { |
16 | 16 |
17 // Retry for InstallAttrs initialization every 500ms. | 17 // Retry for InstallAttrs initialization every 500ms. |
18 const int kLockboxRetryIntervalMs = 500; | 18 const int kLockRetryIntervalMs = 500; |
19 | 19 |
20 EnterpriseEnrollmentScreen::EnterpriseEnrollmentScreen( | 20 EnterpriseEnrollmentScreen::EnterpriseEnrollmentScreen( |
21 WizardScreenDelegate* delegate) | 21 WizardScreenDelegate* delegate) |
22 : ViewScreen<EnterpriseEnrollmentView>(delegate), | 22 : ViewScreen<EnterpriseEnrollmentView>(delegate), |
23 ALLOW_THIS_IN_INITIALIZER_LIST(runnable_method_factory_(this)) { | 23 ALLOW_THIS_IN_INITIALIZER_LIST(runnable_method_factory_(this)) { |
24 // Init the TPM if it has not been done until now (in debug build we might | 24 // Init the TPM if it has not been done until now (in debug build we might |
25 // have not done that yet). | 25 // have not done that yet). |
26 chromeos::CryptohomeLibrary* cryptohome = | 26 chromeos::CryptohomeLibrary* cryptohome = |
27 chromeos::CrosLibrary::Get()->GetCryptohomeLibrary(); | 27 chromeos::CrosLibrary::Get()->GetCryptohomeLibrary(); |
28 if (cryptohome) { | 28 if (cryptohome) { |
(...skipping 191 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
220 } | 220 } |
221 | 221 |
222 void EnterpriseEnrollmentScreen::WriteInstallAttributesData( | 222 void EnterpriseEnrollmentScreen::WriteInstallAttributesData( |
223 const ClientLoginResult& result) { | 223 const ClientLoginResult& result) { |
224 // Since this method is also called directly. | 224 // Since this method is also called directly. |
225 runnable_method_factory_.RevokeAll(); | 225 runnable_method_factory_.RevokeAll(); |
226 | 226 |
227 if (!view()) | 227 if (!view()) |
228 return; | 228 return; |
229 | 229 |
230 chromeos::CryptohomeLibrary* cryptohome = | 230 switch (g_browser_process->browser_policy_connector()->LockDevice(user_)) { |
231 chromeos::CrosLibrary::Get()->GetCryptohomeLibrary(); | 231 case policy::EnterpriseInstallAttributes::LOCK_SUCCESS: |
232 if (!cryptohome) { | 232 // Proceed with register and policy fetch. |
233 LOG(ERROR) << "Enrollment can not proceed because the InstallAttrs can not " | 233 auth_fetcher_->StartIssueAuthToken( |
234 << "be accessed."; | 234 result.sid, result.lsid, GaiaConstants::kDeviceManagementService); |
235 view()->ShowFatalEnrollmentError(); | 235 return; |
236 return; | 236 case policy::EnterpriseInstallAttributes::LOCK_NOT_READY: |
| 237 // InstallAttributes not ready yet, retry later. |
| 238 LOG(WARNING) << "Install Attributes not ready yet will retry in " |
| 239 << kLockRetryIntervalMs << "ms."; |
| 240 MessageLoop::current()->PostDelayedTask( |
| 241 FROM_HERE, |
| 242 runnable_method_factory_.NewRunnableMethod( |
| 243 &EnterpriseEnrollmentScreen::WriteInstallAttributesData, result), |
| 244 kLockRetryIntervalMs); |
| 245 return; |
| 246 case policy::EnterpriseInstallAttributes::LOCK_BACKEND_ERROR: |
| 247 view()->ShowFatalEnrollmentError(); |
| 248 return; |
| 249 case policy::EnterpriseInstallAttributes::LOCK_WRONG_USER: |
| 250 LOG(ERROR) << "Enrollment can not proceed because the InstallAttrs " |
| 251 << "has been locked already!"; |
| 252 view()->ShowFatalEnrollmentError(); |
| 253 return; |
237 } | 254 } |
238 | 255 |
239 if (!cryptohome->InstallAttributesIsReady()) { | 256 NOTREACHED(); |
240 // Lockbox is not ready yet, retry later. | |
241 LOG(WARNING) << "Lockbox is not ready yet will retry in " | |
242 << kLockboxRetryIntervalMs << "ms."; | |
243 MessageLoop::current()->PostDelayedTask( | |
244 FROM_HERE, | |
245 runnable_method_factory_.NewRunnableMethod( | |
246 &EnterpriseEnrollmentScreen::WriteInstallAttributesData, result), | |
247 kLockboxRetryIntervalMs); | |
248 return; | |
249 } | |
250 | |
251 // Clearing the TPM password seems to be always a good deal. | |
252 if (cryptohome->TpmIsEnabled() && | |
253 !cryptohome->TpmIsBeingOwned() && | |
254 cryptohome->TpmIsOwned()) { | |
255 cryptohome->TpmClearStoredPassword(); | |
256 } | |
257 | |
258 // Make sure we really have a working InstallAttrs. | |
259 if (cryptohome->InstallAttributesIsInvalid()) { | |
260 LOG(ERROR) << "Enrollment can not proceed because the InstallAttrs " | |
261 << "is corrupt or failed to initialize!"; | |
262 view()->ShowFatalEnrollmentError(); | |
263 return; | |
264 } | |
265 if (!cryptohome->InstallAttributesIsFirstInstall()) { | |
266 std::string value; | |
267 if (cryptohome->InstallAttributesGet("enterprise.owned", &value) && | |
268 value == "true") { | |
269 if (cryptohome->InstallAttributesGet("enterprise.user", &value)) { | |
270 if (value == user_) { | |
271 // If we landed here with a locked InstallAttrs this would mean we | |
272 // only want to reenroll with the DMServer so lock just continue. | |
273 auth_fetcher_->StartIssueAuthToken( | |
274 result.sid, result.lsid, | |
275 GaiaConstants::kDeviceManagementService); | |
276 return; | |
277 } | |
278 } | |
279 } | |
280 | |
281 LOG(ERROR) << "Enrollment can not proceed because the InstallAttrs " | |
282 << "has been locked already!"; | |
283 view()->ShowFatalEnrollmentError(); | |
284 return; | |
285 } | |
286 | |
287 // Set values in the InstallAttrs and lock it. | |
288 DCHECK(cryptohome->InstallAttributesIsFirstInstall()); | |
289 cryptohome->InstallAttributesSet("enterprise.owned", "true"); | |
290 cryptohome->InstallAttributesSet("enterprise.user", user_); | |
291 DCHECK(cryptohome->InstallAttributesCount() == 2); | |
292 cryptohome->InstallAttributesFinalize(); | |
293 if (cryptohome->InstallAttributesIsFirstInstall()) { | |
294 LOG(ERROR) << "Enrollment can not proceed because the InstallAttrs " | |
295 << "can not be sealed!"; | |
296 view()->ShowFatalEnrollmentError(); | |
297 return; | |
298 } | |
299 | |
300 // Proceed with register and policy fetch. | |
301 auth_fetcher_->StartIssueAuthToken( | |
302 result.sid, result.lsid, GaiaConstants::kDeviceManagementService); | |
303 } | 257 } |
304 | 258 |
305 } // namespace chromeos | 259 } // namespace chromeos |
OLD | NEW |