OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_ENROLLMENT_CONFIG_H_ | 5 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_ENROLLMENT_CONFIG_H_ |
6 #define CHROME_BROWSER_CHROMEOS_POLICY_ENROLLMENT_CONFIG_H_ | 6 #define CHROME_BROWSER_CHROMEOS_POLICY_ENROLLMENT_CONFIG_H_ |
7 | 7 |
8 #include <string> | 8 #include <string> |
9 | 9 |
10 namespace policy { | 10 namespace policy { |
(...skipping 17 matching lines...) Expand all Loading... |
28 MODE_LOCAL_FORCED, | 28 MODE_LOCAL_FORCED, |
29 // Advertised enrollment triggered by local OEM manifest or device | 29 // Advertised enrollment triggered by local OEM manifest or device |
30 // requisition, user can skip. | 30 // requisition, user can skip. |
31 MODE_LOCAL_ADVERTISED, | 31 MODE_LOCAL_ADVERTISED, |
32 // Server-backed-state-triggered forced enrollment, user can't skip. | 32 // Server-backed-state-triggered forced enrollment, user can't skip. |
33 MODE_SERVER_FORCED, | 33 MODE_SERVER_FORCED, |
34 // Server-backed-state-triggered advertised enrollment, user can skip. | 34 // Server-backed-state-triggered advertised enrollment, user can skip. |
35 MODE_SERVER_ADVERTISED, | 35 MODE_SERVER_ADVERTISED, |
36 // Recover from "spontaneous unenrollment", user can't skip. | 36 // Recover from "spontaneous unenrollment", user can't skip. |
37 MODE_RECOVERY, | 37 MODE_RECOVERY, |
| 38 // Start attestation-based enrollment. |
| 39 MODE_ATTESTATION, |
| 40 // Start attestation-based enrollment and only uses that. |
| 41 MODE_ATTESTATION_FORCED, |
38 }; | 42 }; |
39 | 43 |
40 // An enumeration of authentication mechanisms that can be used for | 44 // An enumeration of authentication mechanisms that can be used for |
41 // enrollment. | 45 // enrollment. |
42 enum AuthMechanism { | 46 enum AuthMechanism { |
43 // Interactive authentication. | 47 // Interactive authentication. |
44 AUTH_MECHANISM_INTERACTIVE, | 48 AUTH_MECHANISM_INTERACTIVE, |
45 // Automatic authentication relying on the attestation process. | 49 // Automatic authentication relying on the attestation process. |
46 AUTH_MECHANISM_ATTESTATION, | 50 AUTH_MECHANISM_ATTESTATION, |
47 // Let the system determine the best mechanism (typically the one | 51 // Let the system determine the best mechanism (typically the one |
48 // that requires the least user interaction). | 52 // that requires the least user interaction). |
49 AUTH_MECHANISM_BEST_AVAILABLE, | 53 AUTH_MECHANISM_BEST_AVAILABLE, |
50 }; | 54 }; |
51 | 55 |
52 // Whether enrollment should be triggered. | 56 // Whether enrollment should be triggered. |
53 bool should_enroll() const { return mode != MODE_NONE; } | 57 bool should_enroll() const { |
| 58 return should_enroll_with_attestation() || should_enroll_interactively(); |
| 59 } |
| 60 |
| 61 // Whether attestation enrollment should be triggered. |
| 62 bool should_enroll_with_attestation() const { |
| 63 return auth_mechanism != AUTH_MECHANISM_INTERACTIVE; |
| 64 } |
| 65 |
| 66 // Whether interactive enrollment should be triggered. |
| 67 bool should_enroll_interactively() const { return mode != MODE_NONE; } |
54 | 68 |
55 // Whether enrollment is forced. The user can't skip the enrollment step | 69 // Whether enrollment is forced. The user can't skip the enrollment step |
56 // during OOBE if this returns true. | 70 // during OOBE if this returns true. |
57 bool is_forced() const { | 71 bool is_forced() const { |
58 return mode == MODE_LOCAL_FORCED || mode == MODE_SERVER_FORCED || | 72 return mode == MODE_LOCAL_FORCED || mode == MODE_SERVER_FORCED || |
59 mode == MODE_RECOVERY; | 73 mode == MODE_RECOVERY || is_attestation_forced(); |
| 74 } |
| 75 |
| 76 // Whether attestation-based enrollment is forced. The user can't skip |
| 77 // the enrollment step during OOBE if this returns true. |
| 78 bool is_attestation_forced() const { |
| 79 return auth_mechanism == AUTH_MECHANISM_ATTESTATION; |
| 80 } |
| 81 |
| 82 // Whether this configuration is in attestation mode. |
| 83 bool is_mode_attestation() const { |
| 84 return mode == MODE_ATTESTATION || mode == MODE_ATTESTATION_FORCED; |
| 85 } |
| 86 |
| 87 // Whether this configuration is in OAuth mode. |
| 88 bool is_mode_oauth() const { |
| 89 return mode != MODE_NONE && !is_mode_attestation(); |
60 } | 90 } |
61 | 91 |
62 // Indicates the enrollment flow variant to trigger during OOBE. | 92 // Indicates the enrollment flow variant to trigger during OOBE. |
63 Mode mode = MODE_NONE; | 93 Mode mode = MODE_NONE; |
64 | 94 |
65 // The domain to enroll the device to, if applicable. If this is not set, the | 95 // The domain to enroll the device to, if applicable. If this is not set, the |
66 // device may be enrolled to any domain. Note that for the case where the | 96 // device may be enrolled to any domain. Note that for the case where the |
67 // device is not already locked to a certain domain, this value is used for | 97 // device is not already locked to a certain domain, this value is used for |
68 // display purposes only and the server makes the final decision on which | 98 // display purposes only and the server makes the final decision on which |
69 // domain the device should be enrolled with. If the device is already locked | 99 // domain the device should be enrolled with. If the device is already locked |
70 // to a domain, policy validation during enrollment will verify the domains | 100 // to a domain, policy validation during enrollment will verify the domains |
71 // match. | 101 // match. |
72 std::string management_domain; | 102 std::string management_domain; |
73 | 103 |
74 // The authentication mechanism to use. | 104 // The authentication mechanism to use. |
75 // TODO(drcrash): Change to best available once ZTE is everywhere. | 105 // TODO(drcrash): Change to best available once ZTE is everywhere. |
76 AuthMechanism auth_mechanism = AUTH_MECHANISM_INTERACTIVE; | 106 AuthMechanism auth_mechanism = AUTH_MECHANISM_INTERACTIVE; |
77 }; | 107 }; |
78 | 108 |
79 } // namespace policy | 109 } // namespace policy |
80 | 110 |
81 #endif // CHROME_BROWSER_CHROMEOS_POLICY_ENROLLMENT_CONFIG_H_ | 111 #endif // CHROME_BROWSER_CHROMEOS_POLICY_ENROLLMENT_CONFIG_H_ |
OLD | NEW |