| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/policy/device_cloud_policy_initializer.h" | 5 #include "chrome/browser/chromeos/policy/device_cloud_policy_initializer.h" |
| 6 | 6 |
| 7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
| 8 #include "base/memory/ptr_util.h" | 8 #include "base/memory/ptr_util.h" |
| 9 #include "base/values.h" | 9 #include "base/values.h" |
| 10 #include "chrome/browser/chromeos/policy/enrollment_config.h" | 10 #include "chrome/browser/chromeos/policy/enrollment_config.h" |
| 11 #include "chrome/browser/chromeos/policy/server_backed_device_state.h" | 11 #include "chrome/browser/chromeos/policy/server_backed_device_state.h" |
| 12 #include "chrome/browser/chromeos/policy/stub_enterprise_install_attributes.h" | 12 #include "chrome/browser/chromeos/policy/stub_enterprise_install_attributes.h" |
| 13 #include "chrome/browser/prefs/browser_prefs.h" | 13 #include "chrome/browser/prefs/browser_prefs.h" |
| 14 #include "chrome/common/pref_names.h" | 14 #include "chrome/common/pref_names.h" |
| 15 #include "chromeos/attestation/mock_attestation_flow.h" | 15 #include "chromeos/attestation/mock_attestation_flow.h" |
| 16 #include "chromeos/chromeos_switches.h" | 16 #include "chromeos/chromeos_switches.h" |
| 17 #include "chromeos/system/fake_statistics_provider.h" | 17 #include "chromeos/system/fake_statistics_provider.h" |
| 18 #include "chromeos/system/statistics_provider.h" | 18 #include "chromeos/system/statistics_provider.h" |
| 19 #include "components/prefs/testing_pref_service.h" | 19 #include "components/prefs/testing_pref_service.h" |
| 20 #include "testing/gtest/include/gtest/gtest.h" | 20 #include "testing/gtest/include/gtest/gtest.h" |
| 21 | 21 |
| 22 namespace policy { | 22 namespace policy { |
| 23 | 23 |
| 24 struct ZeroTouchParam { | 24 struct ZeroTouchParam { |
| 25 const char* enable_zero_touch_flag; | 25 const char* enable_zero_touch_flag; |
| 26 EnrollmentConfig::AuthMechanism auth_mechanism; | 26 EnrollmentConfig::AuthMechanism auth_mechanism; |
| 27 EnrollmentConfig::AuthMechanism auth_mechanism_after_oobe; |
| 27 | 28 |
| 28 ZeroTouchParam(const char* flag, EnrollmentConfig::AuthMechanism auth) | 29 ZeroTouchParam(const char* flag, |
| 29 : enable_zero_touch_flag(flag), auth_mechanism(auth) {} | 30 EnrollmentConfig::AuthMechanism auth, |
| 31 EnrollmentConfig::AuthMechanism auth_after_oobe) |
| 32 : enable_zero_touch_flag(flag), |
| 33 auth_mechanism(auth), |
| 34 auth_mechanism_after_oobe(auth_after_oobe) {} |
| 30 }; | 35 }; |
| 31 | 36 |
| 32 class DeviceCloudPolicyInitializerTest | 37 class DeviceCloudPolicyInitializerTest |
| 33 : public testing::TestWithParam<ZeroTouchParam> { | 38 : public testing::TestWithParam<ZeroTouchParam> { |
| 34 protected: | 39 protected: |
| 35 DeviceCloudPolicyInitializerTest() | 40 DeviceCloudPolicyInitializerTest() |
| 36 : device_cloud_policy_initializer_( | 41 : device_cloud_policy_initializer_( |
| 37 &local_state_, | 42 &local_state_, |
| 38 nullptr, | 43 nullptr, |
| 39 nullptr, | 44 nullptr, |
| (...skipping 102 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 142 GetPrescribedEnrollmentConfigAfterOOBE) { | 147 GetPrescribedEnrollmentConfigAfterOOBE) { |
| 143 SetupZeroTouchFlag(); | 148 SetupZeroTouchFlag(); |
| 144 | 149 |
| 145 // If OOBE is complete, we may re-enroll to the domain configured in install | 150 // If OOBE is complete, we may re-enroll to the domain configured in install |
| 146 // attributes. This is only enforced after detecting enrollment loss. | 151 // attributes. This is only enforced after detecting enrollment loss. |
| 147 local_state_.SetBoolean(prefs::kOobeComplete, true); | 152 local_state_.SetBoolean(prefs::kOobeComplete, true); |
| 148 EnrollmentConfig config = | 153 EnrollmentConfig config = |
| 149 device_cloud_policy_initializer_.GetPrescribedEnrollmentConfig(); | 154 device_cloud_policy_initializer_.GetPrescribedEnrollmentConfig(); |
| 150 EXPECT_EQ(EnrollmentConfig::MODE_NONE, config.mode); | 155 EXPECT_EQ(EnrollmentConfig::MODE_NONE, config.mode); |
| 151 EXPECT_TRUE(config.management_domain.empty()); | 156 EXPECT_TRUE(config.management_domain.empty()); |
| 152 EXPECT_EQ(GetParam().auth_mechanism, config.auth_mechanism); | 157 EXPECT_EQ(GetParam().auth_mechanism_after_oobe, config.auth_mechanism); |
| 153 | 158 |
| 154 // Advertised enrollment gets ignored. | 159 // Advertised enrollment gets ignored. |
| 155 local_state_.SetBoolean(prefs::kDeviceEnrollmentAutoStart, true); | 160 local_state_.SetBoolean(prefs::kDeviceEnrollmentAutoStart, true); |
| 156 statistics_provider_.SetMachineFlag( | 161 statistics_provider_.SetMachineFlag( |
| 157 chromeos::system::kOemIsEnterpriseManagedKey, true); | 162 chromeos::system::kOemIsEnterpriseManagedKey, true); |
| 158 config = device_cloud_policy_initializer_.GetPrescribedEnrollmentConfig(); | 163 config = device_cloud_policy_initializer_.GetPrescribedEnrollmentConfig(); |
| 159 EXPECT_EQ(EnrollmentConfig::MODE_NONE, config.mode); | 164 EXPECT_EQ(EnrollmentConfig::MODE_NONE, config.mode); |
| 160 EXPECT_TRUE(config.management_domain.empty()); | 165 EXPECT_TRUE(config.management_domain.empty()); |
| 161 EXPECT_EQ(GetParam().auth_mechanism, config.auth_mechanism); | 166 EXPECT_EQ(GetParam().auth_mechanism_after_oobe, config.auth_mechanism); |
| 162 | 167 |
| 163 // If the device is enterprise-managed, the management domain gets pulled from | 168 // If the device is enterprise-managed, the management domain gets pulled from |
| 164 // install attributes. | 169 // install attributes. |
| 165 install_attributes_.SetRegistrationUser("user@example.com"); | 170 install_attributes_.SetRegistrationUser("user@example.com"); |
| 166 install_attributes_.SetDomain("example.com"); | 171 install_attributes_.SetDomain("example.com"); |
| 167 config = device_cloud_policy_initializer_.GetPrescribedEnrollmentConfig(); | 172 config = device_cloud_policy_initializer_.GetPrescribedEnrollmentConfig(); |
| 168 EXPECT_EQ(EnrollmentConfig::MODE_NONE, config.mode); | 173 EXPECT_EQ(EnrollmentConfig::MODE_NONE, config.mode); |
| 169 EXPECT_EQ("example.com", config.management_domain); | 174 EXPECT_EQ("example.com", config.management_domain); |
| 170 EXPECT_EQ(GetParam().auth_mechanism, config.auth_mechanism); | 175 EXPECT_EQ(GetParam().auth_mechanism_after_oobe, config.auth_mechanism); |
| 171 | 176 |
| 172 // If enrollment recovery is on, this is signaled in |config.mode|. | 177 // If enrollment recovery is on, this is signaled in |config.mode|. |
| 173 local_state_.SetBoolean(prefs::kEnrollmentRecoveryRequired, true); | 178 local_state_.SetBoolean(prefs::kEnrollmentRecoveryRequired, true); |
| 174 config = device_cloud_policy_initializer_.GetPrescribedEnrollmentConfig(); | 179 config = device_cloud_policy_initializer_.GetPrescribedEnrollmentConfig(); |
| 175 EXPECT_EQ(EnrollmentConfig::MODE_RECOVERY, config.mode); | 180 EXPECT_EQ(EnrollmentConfig::MODE_RECOVERY, config.mode); |
| 176 EXPECT_EQ("example.com", config.management_domain); | 181 EXPECT_EQ("example.com", config.management_domain); |
| 177 EXPECT_EQ(GetParam().auth_mechanism, config.auth_mechanism); | 182 EXPECT_EQ(GetParam().auth_mechanism_after_oobe, config.auth_mechanism); |
| 178 } | 183 } |
| 179 | 184 |
| 180 INSTANTIATE_TEST_CASE_P( | 185 INSTANTIATE_TEST_CASE_P( |
| 181 ZeroTouchFlag, | 186 ZeroTouchFlag, |
| 182 DeviceCloudPolicyInitializerTest, | 187 DeviceCloudPolicyInitializerTest, |
| 183 ::testing::Values( | 188 ::testing::Values( |
| 184 ZeroTouchParam(nullptr, // No flag set. | 189 ZeroTouchParam(nullptr, // No flag set. |
| 190 EnrollmentConfig::AUTH_MECHANISM_INTERACTIVE, |
| 185 EnrollmentConfig::AUTH_MECHANISM_INTERACTIVE), | 191 EnrollmentConfig::AUTH_MECHANISM_INTERACTIVE), |
| 186 ZeroTouchParam("", // Flag set without a set value. | 192 ZeroTouchParam("", // Flag set without a set value. |
| 187 EnrollmentConfig::AUTH_MECHANISM_BEST_AVAILABLE), | 193 EnrollmentConfig::AUTH_MECHANISM_BEST_AVAILABLE, |
| 194 EnrollmentConfig::AUTH_MECHANISM_INTERACTIVE), |
| 188 ZeroTouchParam("forced", | 195 ZeroTouchParam("forced", |
| 196 EnrollmentConfig::AUTH_MECHANISM_ATTESTATION, |
| 189 EnrollmentConfig::AUTH_MECHANISM_ATTESTATION))); | 197 EnrollmentConfig::AUTH_MECHANISM_ATTESTATION))); |
| 190 | 198 |
| 191 } // namespace policy | 199 } // namespace policy |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2340933004:
Do not try to enroll past OOBE/enrollment. (Closed)
