Fix device policy recovery on CrOS login

chrome/browser/chromeos/login/parallel_authenticator.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/login/parallel_authenticator.h"
 
 #include "base/bind.h"
 #include "base/command_line.h"
 #include "base/files/file_path.h"
 #include "base/logging.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/strings/string_util.h"
 #include "chrome/browser/chrome_notification_types.h"
 #include "chrome/browser/chromeos/boot_times_loader.h"
 #include "chrome/browser/chromeos/cros/cert_library.h"
 #include "chrome/browser/chromeos/login/authentication_notification_details.h"
 #include "chrome/browser/chromeos/login/login_status_consumer.h"
 #include "chrome/browser/chromeos/login/user.h"
 #include "chrome/browser/chromeos/login/user_manager.h"
 #include "chrome/browser/chromeos/settings/cros_settings.h"
 #include "chrome/common/chrome_switches.h"
 #include "chromeos/cryptohome/async_method_caller.h"
 #include "chromeos/cryptohome/cryptohome_library.h"
 #include "chromeos/dbus/cryptohome_client.h"
 #include "chromeos/dbus/dbus_thread_manager.h"
+#include "chromeos/login/login_state.h"
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/notification_service.h"
 #include "crypto/sha2.h"
 #include "google_apis/gaia/gaia_auth_util.h"
 #include "third_party/cros_system_api/dbus/service_constants.h"
 
 using content::BrowserThread;
 
 namespace chromeos {
 
@@ skipping 475 matching lines @@
   CrosSettings::Get()->GetBoolean(kPolicyMissingMitigationMode, &is_safe_mode);
   if (!is_safe_mode) {
     // Now we can continue with the login and report mount success.
     user_can_login_ = true;
     owner_is_verified_ = true;
     return true;
   }
   // Now we can continue reading the private key.
   DeviceSettingsService::Get()->SetUsername(
       current_state_->user_context.username);
-  DeviceSettingsService::Get()->GetOwnershipStatusAsync(
+  // This should trigger certificate loading, which is needed in order to
+  // correctly determine if the current user is the owner.
+  if (LoginState::IsInitialized()) {
+    LoginState::Get()->SetLoggedInState(LoginState::LOGGED_IN_SAFE_MODE,
+                                        LoginState::LOGGED_IN_USER_NONE);
+  }
+  DeviceSettingsService::Get()->IsCurrentUserOwnerAsync(
       base::Bind(&ParallelAuthenticator::OnOwnershipChecked, this));
   return false;
 }
 
-void ParallelAuthenticator::OnOwnershipChecked(
-    DeviceSettingsService::OwnershipStatus status) {
+void ParallelAuthenticator::OnOwnershipChecked(bool is_owner) {
   // Now we can check if this user is the owner.
-  // TODO(tbarzic): This is broken. At this point, DeviceSettingsService will
-  // never have private key loaded (http://crbug.com/285450).
-  user_can_login_ = DeviceSettingsService::Get()->HasPrivateOwnerKey();
+  user_can_login_ = is_owner;
   owner_is_verified_ = true;
   Resolve();
 }
 
 void ParallelAuthenticator::Resolve() {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
   bool request_pending = false;
   int mount_flags = cryptohome::MOUNT_FLAGS_NONE;
   ParallelAuthenticator::AuthState state = ResolveState();
   VLOG(1) << "Resolved state to: " << state;
@@ skipping 294 matching lines @@
   Resolve();
 }
 
 void ParallelAuthenticator::SetOwnerState(bool owner_check_finished,
                                           bool check_result) {
   owner_is_verified_ = owner_check_finished;
   user_can_login_ = check_result;
 }
 
 }  // namespace chromeos