Index: chrome/browser/policy/enterprise_install_attributes.cc |
diff --git a/chrome/browser/policy/enterprise_install_attributes.cc b/chrome/browser/policy/enterprise_install_attributes.cc |
new file mode 100644 |
index 0000000000000000000000000000000000000000..0fec96f96c9e59bff532b520be30947150cb74aa |
--- /dev/null |
+++ b/chrome/browser/policy/enterprise_install_attributes.cc |
@@ -0,0 +1,112 @@ |
+// Copyright (c) 2011 The Chromium Authors. All rights reserved. |
+// Use of this source code is governed by a BSD-style license that can be |
+// found in the LICENSE file. |
+ |
+#include "chrome/browser/policy/enterprise_install_attributes.h" |
+ |
+#include "base/logging.h" |
+#include "chrome/browser/chromeos/cros/cryptohome_library.h" |
+ |
+static const char kAttrEnterpriseOwned[] = "enterprise.owned"; |
+static const char kAttrEnterpriseUser[] = "enterprise.user"; |
+ |
+namespace policy { |
+ |
+EnterpriseInstallAttributes::EnterpriseInstallAttributes( |
+ chromeos::CryptohomeLibrary* cryptohome) |
+ : cryptohome_(cryptohome), |
+ device_locked_(false) {} |
+ |
+EnterpriseInstallAttributes::LockResult EnterpriseInstallAttributes::LockDevice( |
+ const std::string& user) { |
+ // Check for existing lock first. |
+ if (device_locked_) { |
+ return !registration_user_.empty() && user == registration_user_ ? |
+ LOCK_SUCCESS : LOCK_WRONG_USER; |
+ } |
+ |
+ if (!cryptohome_->InstallAttributesIsReady()) |
+ return LOCK_NOT_READY; |
+ |
+ // Clearing the TPM password seems to be always a good deal. |
+ if (cryptohome_->TpmIsEnabled() && |
+ !cryptohome_->TpmIsBeingOwned() && |
+ cryptohome_->TpmIsOwned()) { |
+ cryptohome_->TpmClearStoredPassword(); |
+ } |
+ |
+ // Make sure we really have a working InstallAttrs. |
+ if (cryptohome_->InstallAttributesIsInvalid()) { |
+ LOG(ERROR) << "Install attributes invalid."; |
+ return LOCK_BACKEND_ERROR; |
+ } |
+ |
+ if (!cryptohome_->InstallAttributesIsFirstInstall()) |
+ return LOCK_WRONG_USER; |
+ |
+ // Set values in the InstallAttrs and lock it. |
+ if (!cryptohome_->InstallAttributesSet(kAttrEnterpriseOwned, "true") || |
+ !cryptohome_->InstallAttributesSet(kAttrEnterpriseUser, user)) { |
+ LOG(ERROR) << "Failed writing attributes"; |
+ return LOCK_BACKEND_ERROR; |
+ } |
+ |
+ if (!cryptohome_->InstallAttributesFinalize() || |
+ cryptohome_->InstallAttributesIsFirstInstall() || |
+ GetRegistrationUser() != user) { |
+ LOG(ERROR) << "Failed locking."; |
+ return LOCK_BACKEND_ERROR; |
+ } |
+ |
+ return LOCK_SUCCESS; |
+} |
+ |
+bool EnterpriseInstallAttributes::IsEnterpriseDevice() { |
+ ReadImmutableAttributes(); |
+ return device_locked_ && !registration_user_.empty(); |
+} |
+ |
+std::string EnterpriseInstallAttributes::GetRegistrationUser() { |
+ ReadImmutableAttributes(); |
+ |
+ if (!device_locked_) |
+ return std::string(); |
+ |
+ return registration_user_; |
+} |
+ |
+std::string EnterpriseInstallAttributes::GetDomain() { |
+ if (!IsEnterpriseDevice()) |
+ return std::string(); |
+ |
+ std::string domain; |
+ size_t pos = registration_user_.find('@'); |
+ if (pos != std::string::npos) |
+ domain = registration_user_.substr(pos + 1); |
+ |
+ return domain; |
+} |
+ |
+void EnterpriseInstallAttributes::ReadImmutableAttributes() { |
+ if (device_locked_) |
+ return; |
+ |
+ if (cryptohome_ && |
+ cryptohome_->InstallAttributesIsReady() && |
+ !cryptohome_->InstallAttributesIsInvalid() && |
+ !cryptohome_->InstallAttributesIsFirstInstall()) { |
+ device_locked_ = true; |
+ std::string enterprise_owned; |
+ std::string enterprise_user; |
+ if (cryptohome_->InstallAttributesGet(kAttrEnterpriseOwned, |
+ &enterprise_owned) && |
+ cryptohome_->InstallAttributesGet(kAttrEnterpriseUser, |
+ &enterprise_user) && |
+ enterprise_owned == "true" && |
+ !enterprise_user.empty()) { |
+ registration_user_ = enterprise_user; |
+ } |
+ } |
+} |
+ |
+} // namespace policy |