Chromium Code Reviews Chromium Code Reviews
Issue 9403010:
Add support for kiosk mode on the client. Make sure the settings are written in the lockbox. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: chrome/browser/policy/enterprise_install_attributes.cc |
| diff --git a/chrome/browser/policy/enterprise_install_attributes.cc b/chrome/browser/policy/enterprise_install_attributes.cc |
| index 6d897228622f529fd412a8a5ebf7dea2a9477eaa..cdd185cc547847b47ae788ba8326258e8bbcb4f5 100644 |
| --- a/chrome/browser/policy/enterprise_install_attributes.cc |
| +++ b/chrome/browser/policy/enterprise_install_attributes.cc |
| @@ -1,4 +1,4 @@ |
| -// Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| +// Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| @@ -7,22 +7,74 @@ |
| #include "base/logging.h" |
| #include "chrome/browser/chromeos/cros/cryptohome_library.h" |
| +namespace em = enterprise_management; |
| + |
| +namespace policy { |
| + |
| namespace { |
| +// Constants for the possible device modes that can be stored in the lockbox. |
| +const char kEndUserDeviceMode[] = "end_user"; |
|
Mattias Nissler (ping if slow)
2012/02/16 10:36:27
s/end user/consumer/
pastarmovj
2012/02/17 13:59:47
Done.
|
| +const char kEnterpiseDeviceMode[] = "enterprise"; |
| +const char kKioskDeviceMode[] = "kiosk"; |
| +const char kUnknownDeviceMode[] = "unknown"; |
| +// Field names in the lockbox. |
| const char kAttrEnterpriseOwned[] = "enterprise.owned"; |
| const char kAttrEnterpriseUser[] = "enterprise.user"; |
| +const char kAttrEnterpriseDomain[] = "enterprise.domain"; |
| +const char kAttrEnterpriseMode[] = "enterprise.mode"; |
| +const char kAttrEnterpriseDeviceId[] = "enterprise.device_id"; |
| + |
| +// Extract the domain from a given email. |
| +std::string ExtractDomainName(const std::string& email) { |
| + size_t separator_pos = email.find('@'); |
| + if (separator_pos != email.npos && separator_pos < email.length() - 1) |
| + return email.substr(separator_pos + 1); |
| + else |
| + NOTREACHED() << "Not a proper email address: " << email; |
| + return std::string(); |
| +} |
| -} // namespace |
| +// Translates DeviceMode constants to strings used in the lockbox. |
| +std::string GetDeviceModeString(EnterpriseInstallAttributes::DeviceMode mode) { |
| + switch (mode) { |
| + case EnterpriseInstallAttributes::END_USER_DEVICE: |
| + return kEndUserDeviceMode; |
| + case EnterpriseInstallAttributes::ENTERPRISE_DEVICE: |
| + return kEnterpiseDeviceMode; |
| + case EnterpriseInstallAttributes::KIOSK_DEVICE: |
| + return kKioskDeviceMode; |
| + case EnterpriseInstallAttributes::UNKNOWN_DEVICE: |
| + NOTREACHED() << "Invalid device mode."; |
| + return kUnknownDeviceMode; |
| + } |
|
Mattias Nissler (ping if slow)
2012/02/16 10:36:27
put a NOTREACHED here. In fact, just move the UNKN
pastarmovj
2012/02/17 13:59:47
Done.
|
| +} |
| -namespace policy { |
| +// Translates strings used in the lockbox to DeviceMode values. |
| +EnterpriseInstallAttributes::DeviceMode GetDeviceModeFromString( |
| + const std::string& mode) { |
| + if (mode == kEndUserDeviceMode) |
| + return EnterpriseInstallAttributes::END_USER_DEVICE; |
| + else if (mode == kEnterpiseDeviceMode) |
| + return EnterpriseInstallAttributes::ENTERPRISE_DEVICE; |
| + else if (mode == kKioskDeviceMode) |
| + return EnterpriseInstallAttributes::KIOSK_DEVICE; |
| + NOTREACHED() << "Unknown device mode string: " << mode; |
| + return EnterpriseInstallAttributes::UNKNOWN_DEVICE; |
| +} |
| + |
| +} // namespace |
| EnterpriseInstallAttributes::EnterpriseInstallAttributes( |
| chromeos::CryptohomeLibrary* cryptohome) |
| : cryptohome_(cryptohome), |
| - device_locked_(false) {} |
| + device_locked_(false), |
| + registration_mode_(UNKNOWN_DEVICE) {} |
| EnterpriseInstallAttributes::LockResult EnterpriseInstallAttributes::LockDevice( |
| - const std::string& user) { |
| + const std::string& user, |
| + EnterpriseInstallAttributes::DeviceMode device_mode, |
| + const std::string& device_id) { |
|
Mattias Nissler (ping if slow)
2012/02/16 10:36:27
I think we should CHECK here for device_mode != UN
pastarmovj
2012/02/17 13:59:47
Done.
|
| // Check for existing lock first. |
| if (device_locked_) { |
| return !registration_user_.empty() && user == registration_user_ ? |
| @@ -48,9 +100,15 @@ EnterpriseInstallAttributes::LockResult EnterpriseInstallAttributes::LockDevice( |
| if (!cryptohome_->InstallAttributesIsFirstInstall()) |
| return LOCK_WRONG_USER; |
| + std::string domain = ExtractDomainName(user); |
| + std::string mode = GetDeviceModeString(device_mode); |
| + |
| // Set values in the InstallAttrs and lock it. |
| if (!cryptohome_->InstallAttributesSet(kAttrEnterpriseOwned, "true") || |
| - !cryptohome_->InstallAttributesSet(kAttrEnterpriseUser, user)) { |
| + !cryptohome_->InstallAttributesSet(kAttrEnterpriseUser, user) || |
| + !cryptohome_->InstallAttributesSet(kAttrEnterpriseDomain, domain) || |
| + !cryptohome_->InstallAttributesSet(kAttrEnterpriseMode, mode) || |
| + !cryptohome_->InstallAttributesSet(kAttrEnterpriseDeviceId, device_id)) { |
| LOG(ERROR) << "Failed writing attributes"; |
| return LOCK_BACKEND_ERROR; |
| } |
| @@ -83,12 +141,23 @@ std::string EnterpriseInstallAttributes::GetDomain() { |
| if (!IsEnterpriseDevice()) |
| return std::string(); |
| - std::string domain; |
| - size_t pos = registration_user_.find('@'); |
| - if (pos != std::string::npos) |
| - domain = registration_user_.substr(pos + 1); |
| + return registration_domain_; |
| +} |
| + |
| +std::string EnterpriseInstallAttributes::GetDeviceId() { |
| + if (!IsEnterpriseDevice()) |
| + return std::string(); |
| + |
| + return registration_device_id_; |
| +} |
| + |
| +EnterpriseInstallAttributes::DeviceMode EnterpriseInstallAttributes::GetMode() { |
| + ReadImmutableAttributes(); |
| + // |registration_user_| is empty on end user devices. |
|
Mattias Nissler (ping if slow)
2012/02/16 10:36:27
s/end user/consumer/
pastarmovj
2012/02/17 13:59:47
Done.
|
| + if (device_locked_ && registration_user_.empty()) |
| + return END_USER_DEVICE; |
| - return domain; |
| + return registration_mode_; |
| } |
| void EnterpriseInstallAttributes::ReadImmutableAttributes() { |
| @@ -109,6 +178,23 @@ void EnterpriseInstallAttributes::ReadImmutableAttributes() { |
| enterprise_owned == "true" && |
| !enterprise_user.empty()) { |
| registration_user_ = enterprise_user; |
| + // Initialize the mode to the legacy enterprise mode here and update below |
| + // if more information is present. |
| + registration_mode_ = ENTERPRISE_DEVICE; |
| + // If we could extract basic setting we should try to extract the extended |
| + // ones too. We try to set those to defaults as good as possible if not |
| + // present. |
| + if (!cryptohome_->InstallAttributesGet(kAttrEnterpriseDomain, |
| + ®istration_domain_)) { |
| + registration_domain_ = ExtractDomainName(registration_user_); |
| + } |
| + if (!cryptohome_->InstallAttributesGet(kAttrEnterpriseDeviceId, |
| + ®istration_device_id_)) { |
| + registration_device_id_.clear(); |
| + } |
| + std::string mode; |
| + if (cryptohome_->InstallAttributesGet(kAttrEnterpriseMode, &mode)) |
| + registration_mode_ = GetDeviceModeFromString(mode); |
| } |
| } |
| } |
