Chromium Code Reviews Chromium Code Reviews
Issue 220933003:
Only perform forced re-enrollment in official builds. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/login/enrollment/auto_enrollment_controller.h" | 5 #include "chrome/browser/chromeos/login/enrollment/auto_enrollment_controller.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/bind_helpers.h" | 8 #include "base/bind_helpers.h" |
| 9 #include "base/command_line.h" | 9 #include "base/command_line.h" |
| 10 #include "base/logging.h" | 10 #include "base/logging.h" |
| (...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 42 LOG(ERROR) << "Switch \"" << switch_name << "\" can't be greater than " | 42 LOG(ERROR) << "Switch \"" << switch_name << "\" can't be greater than " |
| 43 << policy::AutoEnrollmentClient::kMaximumPower << ". Using " | 43 << policy::AutoEnrollmentClient::kMaximumPower << ". Using " |
| 44 << policy::AutoEnrollmentClient::kMaximumPower; | 44 << policy::AutoEnrollmentClient::kMaximumPower; |
| 45 return policy::AutoEnrollmentClient::kMaximumPower; | 45 return policy::AutoEnrollmentClient::kMaximumPower; |
| 46 } | 46 } |
| 47 return int_value; | 47 return int_value; |
| 48 } | 48 } |
| 49 | 49 |
| 50 } // namespace | 50 } // namespace |
| 51 | 51 |
| 52 const char AutoEnrollmentController::kForcedReEnrollmentAlways[] = "always"; | |
| 53 const char AutoEnrollmentController::kForcedReEnrollmentLegacy[] = "legacy"; | |
| 54 const char AutoEnrollmentController::kForcedReEnrollmentNever[] = "never"; | |
| 55 const char AutoEnrollmentController::kForcedReEnrollmentOfficialBuild[] = | |
| 56 "official"; | |
| 57 | |
| 58 AutoEnrollmentController::Mode AutoEnrollmentController::GetMode() { | |
| 59 CommandLine* command_line = CommandLine::ForCurrentProcess(); | |
| 60 | |
| 61 if (!command_line->HasSwitch(switches::kEnterpriseEnableForcedReEnrollment)) | |
| 62 return MODE_LEGACY_AUTO_ENROLLMENT; | |
| 63 | |
| 64 std::string command_line_mode = command_line->GetSwitchValueASCII( | |
| 65 switches::kEnterpriseEnableForcedReEnrollment); | |
| 66 if (command_line_mode.empty() || | |
|
Joao da Silva
2014/04/02 07:41:45
Why?
Mattias Nissler (ping if slow)
2014/04/02 07:45:00
Because that's the original behavior of the flag a
Joao da Silva
2014/04/02 07:48:05
Right, the flag could be used before without a val
Mattias Nissler (ping if slow)
2014/04/02 13:10:39
But in fact, it should only switch on FRE on offic
| |
| 67 command_line_mode == kForcedReEnrollmentAlways) { | |
| 68 return MODE_FORCED_RE_ENROLLMENT; | |
| 69 } else if (command_line_mode == kForcedReEnrollmentOfficialBuild) { | |
| 70 #if defined(OFFICIAL_BUILD) | |
| 71 return MODE_FORCED_RE_ENROLLMENT; | |
| 72 #else | |
| 73 return MODE_NONE; | |
| 74 #endif | |
| 75 } else if (command_line_mode == kForcedReEnrollmentLegacy) { | |
| 76 return MODE_LEGACY_AUTO_ENROLLMENT; | |
| 77 } | |
| 78 | |
| 79 return MODE_NONE; | |
| 80 } | |
| 81 | |
| 52 AutoEnrollmentController::AutoEnrollmentController() | 82 AutoEnrollmentController::AutoEnrollmentController() |
| 53 : state_(policy::AUTO_ENROLLMENT_STATE_IDLE), | 83 : state_(policy::AUTO_ENROLLMENT_STATE_IDLE), |
| 54 weak_factory_(this) {} | 84 weak_factory_(this) {} |
| 55 | 85 |
| 56 AutoEnrollmentController::~AutoEnrollmentController() {} | 86 AutoEnrollmentController::~AutoEnrollmentController() {} |
| 57 | 87 |
| 58 void AutoEnrollmentController::Start() { | 88 void AutoEnrollmentController::Start() { |
| 59 // This method is called at the point in the OOBE/login flow at which the | 89 // This method is called at the point in the OOBE/login flow at which the |
| 60 // auto-enrollment check can start. This happens either after the EULA is | 90 // auto-enrollment check can start. This happens either after the EULA is |
| 61 // accepted, or right after a reboot if the EULA has already been accepted. | 91 // accepted, or right after a reboot if the EULA has already been accepted. |
| 62 | 92 |
| 63 // Do not communicate auto-enrollment data to the server if | 93 // Do not communicate auto-enrollment data to the server if |
| 64 // 1. we are running integration or perf tests with telemetry. | 94 // 1. we are running integration or perf tests with telemetry. |
| 65 // 2. modulus configuration is not present. | 95 // 2. modulus configuration is not present. |
| 96 // 3. Auto-enrollment is disabled via the command line. | |
| 97 | |
| 66 CommandLine* command_line = CommandLine::ForCurrentProcess(); | 98 CommandLine* command_line = CommandLine::ForCurrentProcess(); |
| 67 if (command_line->HasSwitch(chromeos::switches::kOobeSkipPostLogin) || | 99 if (command_line->HasSwitch(chromeos::switches::kOobeSkipPostLogin) || |
| 68 (!command_line->HasSwitch( | 100 (!command_line->HasSwitch( |
| 69 chromeos::switches::kEnterpriseEnrollmentInitialModulus) && | 101 chromeos::switches::kEnterpriseEnrollmentInitialModulus) && |
| 70 !command_line->HasSwitch( | 102 !command_line->HasSwitch( |
| 71 chromeos::switches::kEnterpriseEnrollmentModulusLimit))) { | 103 chromeos::switches::kEnterpriseEnrollmentModulusLimit)) || |
| 104 GetMode() == MODE_NONE) { | |
| 72 VLOG(1) << "Auto-enrollment disabled."; | 105 VLOG(1) << "Auto-enrollment disabled."; |
| 73 UpdateState(policy::AUTO_ENROLLMENT_STATE_NO_ENROLLMENT); | 106 UpdateState(policy::AUTO_ENROLLMENT_STATE_NO_ENROLLMENT); |
| 74 return; | 107 return; |
| 75 } | 108 } |
| 76 | 109 |
| 77 // If there already is a client, bail out. | 110 // If there already is a client, bail out. |
| 78 if (client_) | 111 if (client_) |
| 79 return; | 112 return; |
| 80 | 113 |
| 81 // Start by checking if the device has already been owned. | 114 // Start by checking if the device has already been owned. |
| (...skipping 17 matching lines...) Expand all Loading... | |
| 99 client_->Retry(); | 132 client_->Retry(); |
| 100 } | 133 } |
| 101 | 134 |
| 102 scoped_ptr<AutoEnrollmentController::ProgressCallbackList::Subscription> | 135 scoped_ptr<AutoEnrollmentController::ProgressCallbackList::Subscription> |
| 103 AutoEnrollmentController::RegisterProgressCallback( | 136 AutoEnrollmentController::RegisterProgressCallback( |
| 104 const ProgressCallbackList::CallbackType& callback) { | 137 const ProgressCallbackList::CallbackType& callback) { |
| 105 return progress_callbacks_.Add(callback); | 138 return progress_callbacks_.Add(callback); |
| 106 } | 139 } |
| 107 | 140 |
| 108 bool AutoEnrollmentController::ShouldEnrollSilently() { | 141 bool AutoEnrollmentController::ShouldEnrollSilently() { |
| 109 return !CommandLine::ForCurrentProcess()->HasSwitch( | 142 return state_ == policy::AUTO_ENROLLMENT_STATE_TRIGGER_ENROLLMENT && |
| 110 chromeos::switches::kEnterpriseEnableForcedReEnrollment) && | 143 GetMode() == MODE_LEGACY_AUTO_ENROLLMENT; |
| 111 state_ == policy::AUTO_ENROLLMENT_STATE_TRIGGER_ENROLLMENT; | |
| 112 } | 144 } |
| 113 | 145 |
| 114 void AutoEnrollmentController::OnOwnershipStatusCheckDone( | 146 void AutoEnrollmentController::OnOwnershipStatusCheckDone( |
| 115 DeviceSettingsService::OwnershipStatus status) { | 147 DeviceSettingsService::OwnershipStatus status) { |
| 116 if (status != DeviceSettingsService::OWNERSHIP_NONE) { | 148 if (status != DeviceSettingsService::OWNERSHIP_NONE) { |
| 117 // The device is already owned. No need for auto-enrollment checks. | 149 // The device is already owned. No need for auto-enrollment checks. |
| 118 VLOG(1) << "Device already owned, skipping auto-enrollment check"; | 150 VLOG(1) << "Device already owned, skipping auto-enrollment check"; |
| 119 UpdateState(policy::AUTO_ENROLLMENT_STATE_NO_ENROLLMENT); | 151 UpdateState(policy::AUTO_ENROLLMENT_STATE_NO_ENROLLMENT); |
| 120 return; | 152 return; |
| 121 } | 153 } |
| 122 | 154 |
| 123 policy::BrowserPolicyConnector* connector = | 155 policy::BrowserPolicyConnector* connector = |
| 124 g_browser_process->browser_policy_connector(); | 156 g_browser_process->browser_policy_connector(); |
| 125 policy::DeviceManagementService* service = | 157 policy::DeviceManagementService* service = |
| 126 connector->device_management_service(); | 158 connector->device_management_service(); |
| 127 service->ScheduleInitialization(0); | 159 service->ScheduleInitialization(0); |
| 128 | 160 |
| 129 int power_initial = GetSanitizedArg( | 161 int power_initial = GetSanitizedArg( |
| 130 chromeos::switches::kEnterpriseEnrollmentInitialModulus); | 162 chromeos::switches::kEnterpriseEnrollmentInitialModulus); |
| 131 int power_limit = GetSanitizedArg( | 163 int power_limit = GetSanitizedArg( |
| 132 chromeos::switches::kEnterpriseEnrollmentModulusLimit); | 164 chromeos::switches::kEnterpriseEnrollmentModulusLimit); |
| 133 if (power_initial > power_limit) { | 165 if (power_initial > power_limit) { |
| 134 LOG(ERROR) << "Initial auto-enrollment modulus is larger than the limit, " | 166 LOG(ERROR) << "Initial auto-enrollment modulus is larger than the limit, " |
| 135 << "clamping to the limit."; | 167 << "clamping to the limit."; |
| 136 power_initial = power_limit; | 168 power_initial = power_limit; |
| 137 } | 169 } |
| 138 | 170 |
| 139 bool retrieve_device_state = false; | 171 bool retrieve_device_state = false; |
| 140 std::string device_id; | 172 std::string device_id; |
| 141 if (CommandLine::ForCurrentProcess()->HasSwitch( | 173 if (GetMode() == MODE_FORCED_RE_ENROLLMENT) { |
| 142 chromeos::switches::kEnterpriseEnableForcedReEnrollment)) { | |
| 143 retrieve_device_state = true; | 174 retrieve_device_state = true; |
| 144 device_id = | 175 device_id = |
| 145 policy::DeviceCloudPolicyManagerChromeOS::GetCurrentDeviceStateKey(); | 176 policy::DeviceCloudPolicyManagerChromeOS::GetCurrentDeviceStateKey(); |
| 146 } else { | 177 } else { |
| 147 device_id = policy::DeviceCloudPolicyManagerChromeOS::GetMachineID(); | 178 device_id = policy::DeviceCloudPolicyManagerChromeOS::GetMachineID(); |
| 148 } | 179 } |
| 149 | 180 |
| 150 client_.reset(new policy::AutoEnrollmentClient( | 181 client_.reset(new policy::AutoEnrollmentClient( |
| 151 base::Bind(&AutoEnrollmentController::UpdateState, | 182 base::Bind(&AutoEnrollmentController::UpdateState, |
| 152 base::Unretained(this)), | 183 base::Unretained(this)), |
| 153 service, | 184 service, |
| 154 g_browser_process->local_state(), | 185 g_browser_process->local_state(), |
| 155 g_browser_process->system_request_context(), | 186 g_browser_process->system_request_context(), |
| 156 device_id, | 187 device_id, |
| 157 retrieve_device_state, | 188 retrieve_device_state, |
| 158 power_initial, | 189 power_initial, |
| 159 power_limit)); | 190 power_limit)); |
| 160 | 191 |
| 161 VLOG(1) << "Starting auto-enrollment client."; | 192 VLOG(1) << "Starting auto-enrollment client."; |
| 162 client_->Start(); | 193 client_->Start(); |
| 163 } | 194 } |
| 164 | 195 |
| 165 void AutoEnrollmentController::UpdateState( | 196 void AutoEnrollmentController::UpdateState( |
| 166 policy::AutoEnrollmentState new_state) { | 197 policy::AutoEnrollmentState new_state) { |
| 167 state_ = new_state; | 198 state_ = new_state; |
| 168 progress_callbacks_.Notify(state_); | 199 progress_callbacks_.Notify(state_); |
| 169 } | 200 } |
| 170 | 201 |
| 171 } // namespace chromeos | 202 } // namespace chromeos |
| OLD | NEW |
