| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "chrome/browser/policy/enterprise_install_attributes.h" |
| 6 |
| 7 #include "base/logging.h" |
| 8 #include "chrome/browser/chromeos/cros/cryptohome_library.h" |
| 9 |
| 10 static const char kAttrEnterpriseOwned[] = "enterprise.owned"; |
| 11 static const char kAttrEnterpriseUser[] = "enterprise.user"; |
| 12 |
| 13 namespace policy { |
| 14 |
| 15 EnterpriseInstallAttributes::EnterpriseInstallAttributes( |
| 16 chromeos::CryptohomeLibrary* cryptohome) |
| 17 : cryptohome_(cryptohome), |
| 18 device_locked_(false) {} |
| 19 |
| 20 EnterpriseInstallAttributes::LockResult EnterpriseInstallAttributes::LockDevice( |
| 21 const std::string& user) { |
| 22 // Check for existing lock first. |
| 23 if (device_locked_) { |
| 24 return !registration_user_.empty() && user == registration_user_ ? |
| 25 LOCK_SUCCESS : LOCK_WRONG_USER; |
| 26 } |
| 27 |
| 28 if (!cryptohome_->InstallAttributesIsReady()) |
| 29 return LOCK_NOT_READY; |
| 30 |
| 31 // Clearing the TPM password seems to be always a good deal. |
| 32 if (cryptohome_->TpmIsEnabled() && |
| 33 !cryptohome_->TpmIsBeingOwned() && |
| 34 cryptohome_->TpmIsOwned()) { |
| 35 cryptohome_->TpmClearStoredPassword(); |
| 36 } |
| 37 |
| 38 // Make sure we really have a working InstallAttrs. |
| 39 if (cryptohome_->InstallAttributesIsInvalid()) { |
| 40 LOG(ERROR) << "Install attributes invalid."; |
| 41 return LOCK_BACKEND_ERROR; |
| 42 } |
| 43 |
| 44 if (!cryptohome_->InstallAttributesIsFirstInstall()) |
| 45 return LOCK_WRONG_USER; |
| 46 |
| 47 // Set values in the InstallAttrs and lock it. |
| 48 if (!cryptohome_->InstallAttributesSet(kAttrEnterpriseOwned, "true") || |
| 49 !cryptohome_->InstallAttributesSet(kAttrEnterpriseUser, user)) { |
| 50 LOG(ERROR) << "Failed writing attributes"; |
| 51 return LOCK_BACKEND_ERROR; |
| 52 } |
| 53 |
| 54 if (!cryptohome_->InstallAttributesFinalize() || |
| 55 cryptohome_->InstallAttributesIsFirstInstall() || |
| 56 GetRegistrationUser() != user) { |
| 57 LOG(ERROR) << "Failed locking."; |
| 58 return LOCK_BACKEND_ERROR; |
| 59 } |
| 60 |
| 61 return LOCK_SUCCESS; |
| 62 } |
| 63 |
| 64 bool EnterpriseInstallAttributes::IsEnterpriseDevice() { |
| 65 ReadImmutableAttributes(); |
| 66 return device_locked_ && !registration_user_.empty(); |
| 67 } |
| 68 |
| 69 std::string EnterpriseInstallAttributes::GetRegistrationUser() { |
| 70 ReadImmutableAttributes(); |
| 71 |
| 72 if (!device_locked_) |
| 73 return std::string(); |
| 74 |
| 75 return registration_user_; |
| 76 } |
| 77 |
| 78 std::string EnterpriseInstallAttributes::GetDomain() { |
| 79 if (!IsEnterpriseDevice()) |
| 80 return std::string(); |
| 81 |
| 82 std::string domain; |
| 83 size_t pos = registration_user_.find('@'); |
| 84 if (pos != std::string::npos) |
| 85 domain = registration_user_.substr(pos + 1); |
| 86 |
| 87 return domain; |
| 88 } |
| 89 |
| 90 void EnterpriseInstallAttributes::ReadImmutableAttributes() { |
| 91 if (device_locked_) |
| 92 return; |
| 93 |
| 94 if (cryptohome_ && |
| 95 cryptohome_->InstallAttributesIsReady() && |
| 96 !cryptohome_->InstallAttributesIsInvalid() && |
| 97 !cryptohome_->InstallAttributesIsFirstInstall()) { |
| 98 device_locked_ = true; |
| 99 std::string enterprise_owned; |
| 100 std::string enterprise_user; |
| 101 if (cryptohome_->InstallAttributesGet(kAttrEnterpriseOwned, |
| 102 &enterprise_owned) && |
| 103 cryptohome_->InstallAttributesGet(kAttrEnterpriseUser, |
| 104 &enterprise_user) && |
| 105 enterprise_owned == "true" && |
| 106 !enterprise_user.empty()) { |
| 107 registration_user_ = enterprise_user; |
| 108 } |
| 109 } |
| 110 } |
| 111 |
| 112 } // namespace policy |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 6869042:
Add immutable settings checks when handling policy. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src