Add support for kiosk mode on the client. Make sure the settings are written in the lockbox.

chrome/browser/policy/enterprise_install_attributes.cc

-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/policy/enterprise_install_attributes.h"
 
 #include "base/logging.h"
 #include "chrome/browser/chromeos/cros/cryptohome_library.h"
 
+namespace em = enterprise_management;
+
 namespace {
 
 const char kAttrEnterpriseOwned[] = "enterprise.owned";
 const char kAttrEnterpriseUser[] = "enterprise.user";
+const char kAttrEnterpriseDomain[] = "enterprise.domain";
+const char kAttrEnterpriseMode[] = "enterprise.mode";
+const char kAttrEnterpriseDeviceId[] = "enterprise.device_id";
+
+// Extract the domain from a given email.
+std::string ExtractDomainName(const std::string& email) {
+  size_t separator_pos = email.find('@');
+  if (separator_pos != email.npos && separator_pos < email.length()-1)

[Mattias Nissler (ping if slow), 2012/02/15 15:32:03]

spaces around -

[pastarmovj, 2012/02/15 17:40:14]

Done.

+    return email.substr(separator_pos + 1);
+  else
+    NOTREACHED() << "|user| is not a proper email address.";

[Mattias Nissler (ping if slow), 2012/02/15 15:32:03]

Change this to "Not a proper email: " << email;

[pastarmovj, 2012/02/15 17:40:14]

Done.

+  return std::string();
+}
 
 }  // namespace
 
 namespace policy {
 
+const char kEnterpiseDeviceMode[] = "enterprise";
+const char kKioskDeviceMode[] = "kiosk";
+
 EnterpriseInstallAttributes::EnterpriseInstallAttributes(
     chromeos::CryptohomeLibrary* cryptohome)
     : cryptohome_(cryptohome),
-      device_locked_(false) {}
+      device_locked_(false),
+      registration_mode_(em::DeviceRegisterResponse::ENTERPRISE) {}
 
 EnterpriseInstallAttributes::LockResult EnterpriseInstallAttributes::LockDevice(
-    const std::string& user) {
+    const std::string& user,
+    em::DeviceRegisterResponse_DeviceMode device_mode,
+    const std::string& device_id) {
   // Check for existing lock first.
   if (device_locked_) {
     return !registration_user_.empty() && user == registration_user_ ?
         LOCK_SUCCESS : LOCK_WRONG_USER;
   }
 
   if (!cryptohome_ || !cryptohome_->InstallAttributesIsReady())
     return LOCK_NOT_READY;
 
   // Clearing the TPM password seems to be always a good deal.
   if (cryptohome_->TpmIsEnabled() &&
       !cryptohome_->TpmIsBeingOwned() &&
       cryptohome_->TpmIsOwned()) {
     cryptohome_->TpmClearStoredPassword();
   }
 
   // Make sure we really have a working InstallAttrs.
   if (cryptohome_->InstallAttributesIsInvalid()) {
     LOG(ERROR) << "Install attributes invalid.";
     return LOCK_BACKEND_ERROR;
   }
 
   if (!cryptohome_->InstallAttributesIsFirstInstall())
     return LOCK_WRONG_USER;
 
+  std::string domain = ExtractDomainName(user);
+  std::string mode;
+  switch (device_mode) {
+    case em::DeviceRegisterResponse::ENTERPRISE:
+      mode = kEnterpiseDeviceMode;
+      break;
+    case em::DeviceRegisterResponse::KIOSK:
+      mode = kKioskDeviceMode;
+      break;
+    default:
+      NOTREACHED() << "Unknown device mode: " << device_mode;

[Mattias Nissler (ping if slow), 2012/02/15 15:32:03]

a function for translating to the string would be better, since then we can have
bot the NOTREACHED and no default branch, so we get both the compile time error
and the NOTREACHED() at run time.

[pastarmovj, 2012/02/15 17:40:14]

Done.

+  }
+
   // Set values in the InstallAttrs and lock it.
   if (!cryptohome_->InstallAttributesSet(kAttrEnterpriseOwned, "true") ||
-      !cryptohome_->InstallAttributesSet(kAttrEnterpriseUser, user)) {
+      !cryptohome_->InstallAttributesSet(kAttrEnterpriseUser, user) ||
+      !cryptohome_->InstallAttributesSet(kAttrEnterpriseDomain, domain) ||
+      !cryptohome_->InstallAttributesSet(kAttrEnterpriseMode, mode) ||
+      !cryptohome_->InstallAttributesSet(kAttrEnterpriseDeviceId, device_id)) {
     LOG(ERROR) << "Failed writing attributes";
     return LOCK_BACKEND_ERROR;
   }
 
   if (!cryptohome_->InstallAttributesFinalize() ||
       cryptohome_->InstallAttributesIsFirstInstall() ||
       GetRegistrationUser() != user) {
     LOG(ERROR) << "Failed locking.";
     return LOCK_BACKEND_ERROR;
   }
@@ skipping 12 matching lines @@
   if (!device_locked_)
     return std::string();
 
   return registration_user_;
 }
 
 std::string EnterpriseInstallAttributes::GetDomain() {
   if (!IsEnterpriseDevice())
     return std::string();
 
-  std::string domain;
-  size_t pos = registration_user_.find('@');
-  if (pos != std::string::npos)
-    domain = registration_user_.substr(pos + 1);
+  return registration_domain_;
+}
 
-  return domain;
+std::string EnterpriseInstallAttributes::GetDeviceId() {
+  if (!IsEnterpriseDevice())
+    return std::string();
+
+  return registration_device_id_;
+}
+
+em::DeviceRegisterResponse_DeviceMode EnterpriseInstallAttributes::GetMode() {
+  if (!IsEnterpriseDevice())
+    VLOG(1) << "Calling GetMode on non-enrolled device";

[Mattias Nissler (ping if slow), 2012/02/15 15:32:03]

VLOG_IF

[pastarmovj, 2012/02/15 17:40:14]

Not needed.

+
+  return registration_mode_;
 }
 
 void EnterpriseInstallAttributes::ReadImmutableAttributes() {
   if (device_locked_)
     return;
 
   if (cryptohome_ &&
       cryptohome_->InstallAttributesIsReady() &&
       !cryptohome_->InstallAttributesIsInvalid() &&
       !cryptohome_->InstallAttributesIsFirstInstall()) {
     device_locked_ = true;
     std::string enterprise_owned;
     std::string enterprise_user;
     if (cryptohome_->InstallAttributesGet(kAttrEnterpriseOwned,
                                           &enterprise_owned) &&
         cryptohome_->InstallAttributesGet(kAttrEnterpriseUser,
                                           &enterprise_user) &&
         enterprise_owned == "true" &&
         !enterprise_user.empty()) {
       registration_user_ = enterprise_user;
+      // If we could extract basic setting we should try to extract the extended
+      // ones too. We try to set those to defaults as good as possible if not
+      // present.
+      if (!cryptohome_->InstallAttributesGet(kAttrEnterpriseDomain,
+                                             &registration_domain_)) {
+        registration_domain_ = ExtractDomainName(registration_user_);
+      }
+      if (!cryptohome_->InstallAttributesGet(kAttrEnterpriseDeviceId,
+                                             &registration_device_id_)) {
+        registration_device_id_.clear();
+      }
+      std::string enterprise_mode;
+      if (cryptohome_->InstallAttributesGet(kAttrEnterpriseMode,
+                                            &enterprise_mode)) {
+        if (enterprise_mode == kEnterpiseDeviceMode)
+          registration_mode_ = em::DeviceRegisterResponse::ENTERPRISE;
+        else if (enterprise_mode == kKioskDeviceMode)
+          registration_mode_ = em::DeviceRegisterResponse::KIOSK;
+        else
+          NOTREACHED() << "Unknown enterprise mode : " << enterprise_mode;

[Mattias Nissler (ping if slow), 2012/02/15 15:32:03]

same here, use a function for translating.

[pastarmovj, 2012/02/15 17:40:14]

Done.

+      }
     }
   }
 }
 
 }  // namespace policy