| Index: chrome/browser/chromeos/login/enterprise_enrollment_screen.cc
|
| diff --git a/chrome/browser/chromeos/login/enterprise_enrollment_screen.cc b/chrome/browser/chromeos/login/enterprise_enrollment_screen.cc
|
| index 4f6e477d269eab81df7e88e4f181ece9e4302f2d..48ed015b725d00ce1edc4b2b46241da470bc6723 100644
|
| --- a/chrome/browser/chromeos/login/enterprise_enrollment_screen.cc
|
| +++ b/chrome/browser/chromeos/login/enterprise_enrollment_screen.cc
|
| @@ -15,7 +15,7 @@
|
| namespace chromeos {
|
|
|
| // Retry for InstallAttrs initialization every 500ms.
|
| -const int kLockboxRetryIntervalMs = 500;
|
| +const int kLockRetryIntervalMs = 500;
|
|
|
| EnterpriseEnrollmentScreen::EnterpriseEnrollmentScreen(
|
| WizardScreenDelegate* delegate)
|
| @@ -227,79 +227,33 @@ void EnterpriseEnrollmentScreen::WriteInstallAttributesData(
|
| if (!view())
|
| return;
|
|
|
| - chromeos::CryptohomeLibrary* cryptohome =
|
| - chromeos::CrosLibrary::Get()->GetCryptohomeLibrary();
|
| - if (!cryptohome) {
|
| - LOG(ERROR) << "Enrollment can not proceed because the InstallAttrs can not "
|
| - << "be accessed.";
|
| - view()->ShowFatalEnrollmentError();
|
| - return;
|
| - }
|
| -
|
| - if (!cryptohome->InstallAttributesIsReady()) {
|
| - // Lockbox is not ready yet, retry later.
|
| - LOG(WARNING) << "Lockbox is not ready yet will retry in "
|
| - << kLockboxRetryIntervalMs << "ms.";
|
| - MessageLoop::current()->PostDelayedTask(
|
| - FROM_HERE,
|
| - runnable_method_factory_.NewRunnableMethod(
|
| - &EnterpriseEnrollmentScreen::WriteInstallAttributesData, result),
|
| - kLockboxRetryIntervalMs);
|
| - return;
|
| - }
|
| -
|
| - // Clearing the TPM password seems to be always a good deal.
|
| - if (cryptohome->TpmIsEnabled() &&
|
| - !cryptohome->TpmIsBeingOwned() &&
|
| - cryptohome->TpmIsOwned()) {
|
| - cryptohome->TpmClearStoredPassword();
|
| - }
|
| -
|
| - // Make sure we really have a working InstallAttrs.
|
| - if (cryptohome->InstallAttributesIsInvalid()) {
|
| - LOG(ERROR) << "Enrollment can not proceed because the InstallAttrs "
|
| - << "is corrupt or failed to initialize!";
|
| - view()->ShowFatalEnrollmentError();
|
| - return;
|
| - }
|
| - if (!cryptohome->InstallAttributesIsFirstInstall()) {
|
| - std::string value;
|
| - if (cryptohome->InstallAttributesGet("enterprise.owned", &value) &&
|
| - value == "true") {
|
| - if (cryptohome->InstallAttributesGet("enterprise.user", &value)) {
|
| - if (value == user_) {
|
| - // If we landed here with a locked InstallAttrs this would mean we
|
| - // only want to reenroll with the DMServer so lock just continue.
|
| - auth_fetcher_->StartIssueAuthToken(
|
| - result.sid, result.lsid,
|
| - GaiaConstants::kDeviceManagementService);
|
| - return;
|
| - }
|
| - }
|
| - }
|
| -
|
| - LOG(ERROR) << "Enrollment can not proceed because the InstallAttrs "
|
| - << "has been locked already!";
|
| - view()->ShowFatalEnrollmentError();
|
| - return;
|
| - }
|
| -
|
| - // Set values in the InstallAttrs and lock it.
|
| - DCHECK(cryptohome->InstallAttributesIsFirstInstall());
|
| - cryptohome->InstallAttributesSet("enterprise.owned", "true");
|
| - cryptohome->InstallAttributesSet("enterprise.user", user_);
|
| - DCHECK(cryptohome->InstallAttributesCount() == 2);
|
| - cryptohome->InstallAttributesFinalize();
|
| - if (cryptohome->InstallAttributesIsFirstInstall()) {
|
| - LOG(ERROR) << "Enrollment can not proceed because the InstallAttrs "
|
| - << "can not be sealed!";
|
| - view()->ShowFatalEnrollmentError();
|
| - return;
|
| + switch (g_browser_process->browser_policy_connector()->LockDevice(user_)) {
|
| + case policy::EnterpriseInstallAttributes::LOCK_SUCCESS:
|
| + // Proceed with register and policy fetch.
|
| + auth_fetcher_->StartIssueAuthToken(
|
| + result.sid, result.lsid, GaiaConstants::kDeviceManagementService);
|
| + return;
|
| + case policy::EnterpriseInstallAttributes::LOCK_NOT_READY:
|
| + // InstallAttributes not ready yet, retry later.
|
| + LOG(WARNING) << "Install Attributes not ready yet will retry in "
|
| + << kLockRetryIntervalMs << "ms.";
|
| + MessageLoop::current()->PostDelayedTask(
|
| + FROM_HERE,
|
| + runnable_method_factory_.NewRunnableMethod(
|
| + &EnterpriseEnrollmentScreen::WriteInstallAttributesData, result),
|
| + kLockRetryIntervalMs);
|
| + return;
|
| + case policy::EnterpriseInstallAttributes::LOCK_BACKEND_ERROR:
|
| + view()->ShowFatalEnrollmentError();
|
| + return;
|
| + case policy::EnterpriseInstallAttributes::LOCK_WRONG_USER:
|
| + LOG(ERROR) << "Enrollment can not proceed because the InstallAttrs "
|
| + << "has been locked already!";
|
| + view()->ShowFatalEnrollmentError();
|
| + return;
|
| }
|
|
|
| - // Proceed with register and policy fetch.
|
| - auth_fetcher_->StartIssueAuthToken(
|
| - result.sid, result.lsid, GaiaConstants::kDeviceManagementService);
|
| + NOTREACHED();
|
| }
|
|
|
| } // namespace chromeos
|
|
|
Chromium Code Reviews
Issue 6869042:
Add immutable settings checks when handling policy. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src