Chromium Code Reviews Chromium Code Reviews
Issue 2433363004:
Chromad: added AD Join ui, authpolicy_client (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/policy/enrollment_handler_chromeos.h" | 5 #include "chrome/browser/chromeos/policy/enrollment_handler_chromeos.h" |
| 6 | 6 |
| 7 #include <utility> | 7 #include <utility> |
| 8 | 8 |
| 9 #include "base/bind.h" | 9 #include "base/bind.h" |
| 10 #include "base/command_line.h" | |
| 10 #include "base/location.h" | 11 #include "base/location.h" |
| 11 #include "base/logging.h" | 12 #include "base/logging.h" |
| 12 #include "base/single_thread_task_runner.h" | 13 #include "base/single_thread_task_runner.h" |
| 13 #include "base/threading/thread_task_runner_handle.h" | 14 #include "base/threading/thread_task_runner_handle.h" |
| 14 #include "chrome/browser/browser_process.h" | 15 #include "chrome/browser/browser_process.h" |
| 15 #include "chrome/browser/chromeos/login/enrollment/auto_enrollment_controller.h" | 16 #include "chrome/browser/chromeos/login/enrollment/auto_enrollment_controller.h" |
| 16 #include "chrome/browser/chromeos/ownership/owner_settings_service_chromeos.h" | 17 #include "chrome/browser/chromeos/ownership/owner_settings_service_chromeos.h" |
| 17 #include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h" | 18 #include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h" |
| 18 #include "chrome/browser/chromeos/policy/enrollment_status_chromeos.h" | 19 #include "chrome/browser/chromeos/policy/enrollment_status_chromeos.h" |
| 19 #include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h" | 20 #include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h" |
| 20 #include "chrome/browser/chromeos/policy/server_backed_state_keys_broker.h" | 21 #include "chrome/browser/chromeos/policy/server_backed_state_keys_broker.h" |
| 21 #include "chrome/browser/chromeos/profiles/profile_helper.h" | 22 #include "chrome/browser/chromeos/profiles/profile_helper.h" |
| 22 #include "chrome/browser/chromeos/settings/device_oauth2_token_service.h" | 23 #include "chrome/browser/chromeos/settings/device_oauth2_token_service.h" |
| 23 #include "chrome/browser/chromeos/settings/device_oauth2_token_service_factory.h " | 24 #include "chrome/browser/chromeos/settings/device_oauth2_token_service_factory.h " |
| 24 #include "chrome/browser/profiles/profile.h" | 25 #include "chrome/browser/profiles/profile.h" |
| 25 #include "chromeos/attestation/attestation_flow.h" | 26 #include "chromeos/attestation/attestation_flow.h" |
| 27 #include "chromeos/chromeos_switches.h" | |
| 26 #include "google_apis/gaia/gaia_auth_util.h" | 28 #include "google_apis/gaia/gaia_auth_util.h" |
| 27 #include "google_apis/gaia/gaia_urls.h" | 29 #include "google_apis/gaia/gaia_urls.h" |
| 28 #include "net/http/http_status_code.h" | 30 #include "net/http/http_status_code.h" |
| 29 | 31 |
| 30 namespace em = enterprise_management; | 32 namespace em = enterprise_management; |
| 31 | 33 |
| 32 namespace policy { | 34 namespace policy { |
| 33 | 35 |
| 34 namespace { | 36 namespace { |
| 35 | 37 |
| (...skipping 152 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 188 validator.release()->StartValidation( | 190 validator.release()->StartValidation( |
| 189 base::Bind(&EnrollmentHandlerChromeOS::HandlePolicyValidationResult, | 191 base::Bind(&EnrollmentHandlerChromeOS::HandlePolicyValidationResult, |
| 190 weak_ptr_factory_.GetWeakPtr())); | 192 weak_ptr_factory_.GetWeakPtr())); |
| 191 } | 193 } |
| 192 | 194 |
| 193 void EnrollmentHandlerChromeOS::OnRegistrationStateChanged( | 195 void EnrollmentHandlerChromeOS::OnRegistrationStateChanged( |
| 194 CloudPolicyClient* client) { | 196 CloudPolicyClient* client) { |
| 195 DCHECK_EQ(client_.get(), client); | 197 DCHECK_EQ(client_.get(), client); |
| 196 | 198 |
| 197 if (enrollment_step_ == STEP_REGISTRATION && client_->is_registered()) { | 199 if (enrollment_step_ == STEP_REGISTRATION && client_->is_registered()) { |
| 198 enrollment_step_ = STEP_POLICY_FETCH, | 200 enrollment_step_ = STEP_POLICY_FETCH; |
| 199 device_mode_ = client_->device_mode(); | 201 device_mode_ = client_->device_mode(); |
| 200 if (device_mode_ != DEVICE_MODE_ENTERPRISE) { | 202 // TODO(rsorokin): remove after have proper test server. |
| 203 if (base::CommandLine::ForCurrentProcess()->HasSwitch( | |
| 204 chromeos::switches::kEnableAD)) { | |
| 205 device_mode_ = DEVICE_MODE_ENTERPRISE_AD; | |
| 206 } | |
| 207 if (device_mode_ != DEVICE_MODE_ENTERPRISE && | |
| 208 device_mode_ != DEVICE_MODE_ENTERPRISE_AD) { | |
| 201 LOG(ERROR) << "Bad device mode " << device_mode_; | 209 LOG(ERROR) << "Bad device mode " << device_mode_; |
| 202 ReportResult(EnrollmentStatus::ForStatus( | 210 ReportResult(EnrollmentStatus::ForStatus( |
| 203 EnrollmentStatus::STATUS_REGISTRATION_BAD_MODE)); | 211 EnrollmentStatus::STATUS_REGISTRATION_BAD_MODE)); |
| 204 return; | 212 return; |
| 205 } | 213 } |
| 206 client_->FetchPolicy(); | 214 client_->FetchPolicy(); |
| 207 } else { | 215 } else { |
| 208 LOG(FATAL) << "Registration state changed to " << client_->is_registered() | 216 LOG(FATAL) << "Registration state changed to " << client_->is_registered() |
| 209 << " in step " << enrollment_step_ << "."; | 217 << " in step " << enrollment_step_ << "."; |
| 210 } | 218 } |
| (...skipping 100 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 311 else | 319 else |
| 312 ReportResult(EnrollmentStatus::ForStatus( | 320 ReportResult(EnrollmentStatus::ForStatus( |
| 313 EnrollmentStatus::STATUS_REGISTRATION_CERTIFICATE_FETCH_FAILED)); | 321 EnrollmentStatus::STATUS_REGISTRATION_CERTIFICATE_FETCH_FAILED)); |
| 314 } | 322 } |
| 315 | 323 |
| 316 void EnrollmentHandlerChromeOS::HandlePolicyValidationResult( | 324 void EnrollmentHandlerChromeOS::HandlePolicyValidationResult( |
| 317 DeviceCloudPolicyValidator* validator) { | 325 DeviceCloudPolicyValidator* validator) { |
| 318 CHECK_EQ(STEP_VALIDATION, enrollment_step_); | 326 CHECK_EQ(STEP_VALIDATION, enrollment_step_); |
| 319 if (validator->success()) { | 327 if (validator->success()) { |
| 320 std::string username = validator->policy_data()->username(); | 328 std::string username = validator->policy_data()->username(); |
| 321 domain_ = gaia::ExtractDomainName(gaia::CanonicalizeEmail(username)); | 329 // TODO(rsorokin): remove that when lock the device with both realm and |
|
Alexander Alekseev
2016/10/28 10:49:11
"that" -> "device_mode_ check"?
"When device is lo
Roman Sorokin (ftl)
2016/10/28 12:35:28
Done.
| |
| 330 // domain. | |
| 331 if (device_mode_ != DEVICE_MODE_ENTERPRISE_AD) | |
| 332 domain_ = gaia::ExtractDomainName(gaia::CanonicalizeEmail(username)); | |
| 322 device_id_ = validator->policy_data()->device_id(); | 333 device_id_ = validator->policy_data()->device_id(); |
| 323 policy_ = std::move(validator->policy()); | 334 policy_ = std::move(validator->policy()); |
| 324 enrollment_step_ = STEP_ROBOT_AUTH_FETCH; | 335 enrollment_step_ = STEP_ROBOT_AUTH_FETCH; |
| 325 client_->FetchRobotAuthCodes(auth_token_); | 336 client_->FetchRobotAuthCodes(auth_token_); |
| 326 } else { | 337 } else { |
| 327 ReportResult(EnrollmentStatus::ForValidationError(validator->status())); | 338 ReportResult(EnrollmentStatus::ForValidationError(validator->status())); |
| 328 } | 339 } |
| 329 } | 340 } |
| 330 | 341 |
| 331 void EnrollmentHandlerChromeOS::OnRobotAuthCodesFetched( | 342 void EnrollmentHandlerChromeOS::OnRobotAuthCodesFetched( |
| (...skipping 67 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 399 ReportResult( | 410 ReportResult( |
| 400 EnrollmentStatus::ForRobotRefreshFetchError(response_code)); | 411 EnrollmentStatus::ForRobotRefreshFetchError(response_code)); |
| 401 } | 412 } |
| 402 | 413 |
| 403 void EnrollmentHandlerChromeOS::StartLockDevice() { | 414 void EnrollmentHandlerChromeOS::StartLockDevice() { |
| 404 CHECK_EQ(STEP_LOCK_DEVICE, enrollment_step_); | 415 CHECK_EQ(STEP_LOCK_DEVICE, enrollment_step_); |
| 405 // Since this method is also called directly. | 416 // Since this method is also called directly. |
| 406 weak_ptr_factory_.InvalidateWeakPtrs(); | 417 weak_ptr_factory_.InvalidateWeakPtrs(); |
| 407 | 418 |
| 408 install_attributes_->LockDevice( | 419 install_attributes_->LockDevice( |
| 409 device_mode_, domain_, std::string() /* realm */, device_id_, | 420 device_mode_, domain_, enrollment_config_.management_realm, device_id_, |
| 410 base::Bind(&EnrollmentHandlerChromeOS::HandleLockDeviceResult, | 421 base::Bind(&EnrollmentHandlerChromeOS::HandleLockDeviceResult, |
| 411 weak_ptr_factory_.GetWeakPtr())); | 422 weak_ptr_factory_.GetWeakPtr())); |
| 412 } | 423 } |
| 413 | 424 |
| 414 void EnrollmentHandlerChromeOS::HandleSetManagementSettingsDone(bool success) { | 425 void EnrollmentHandlerChromeOS::HandleSetManagementSettingsDone(bool success) { |
| 415 CHECK_EQ(STEP_STORE_TOKEN_AND_ID, enrollment_step_); | 426 CHECK_EQ(STEP_STORE_TOKEN_AND_ID, enrollment_step_); |
| 416 if (!success) { | 427 if (!success) { |
| 417 ReportResult(EnrollmentStatus::ForStatus( | 428 ReportResult(EnrollmentStatus::ForStatus( |
| 418 EnrollmentStatus::STATUS_STORE_TOKEN_AND_ID_FAILED)); | 429 EnrollmentStatus::STATUS_STORE_TOKEN_AND_ID_FAILED)); |
| 419 return; | 430 return; |
| (...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 476 void EnrollmentHandlerChromeOS::HandleStoreRobotAuthTokenResult(bool result) { | 487 void EnrollmentHandlerChromeOS::HandleStoreRobotAuthTokenResult(bool result) { |
| 477 CHECK_EQ(STEP_STORE_ROBOT_AUTH, enrollment_step_); | 488 CHECK_EQ(STEP_STORE_ROBOT_AUTH, enrollment_step_); |
| 478 | 489 |
| 479 if (!result) { | 490 if (!result) { |
| 480 LOG(ERROR) << "Failed to store API refresh token."; | 491 LOG(ERROR) << "Failed to store API refresh token."; |
| 481 ReportResult(EnrollmentStatus::ForStatus( | 492 ReportResult(EnrollmentStatus::ForStatus( |
| 482 EnrollmentStatus::STATUS_ROBOT_REFRESH_STORE_FAILED)); | 493 EnrollmentStatus::STATUS_ROBOT_REFRESH_STORE_FAILED)); |
| 483 return; | 494 return; |
| 484 } | 495 } |
| 485 | 496 |
| 486 enrollment_step_ = STEP_STORE_POLICY; | 497 if (device_mode_ == policy::DEVICE_MODE_ENTERPRISE_AD) { |
| 487 store_->InstallInitialPolicy(*policy_); | 498 ReportResult(EnrollmentStatus::ForStatus(EnrollmentStatus::STATUS_SUCCESS)); |
| 499 } else { | |
| 500 enrollment_step_ = STEP_STORE_POLICY; | |
| 501 store_->InstallInitialPolicy(*policy_); | |
| 502 } | |
| 488 } | 503 } |
| 489 | 504 |
| 490 void EnrollmentHandlerChromeOS::Stop() { | 505 void EnrollmentHandlerChromeOS::Stop() { |
| 491 if (client_.get()) | 506 if (client_.get()) |
| 492 client_->RemoveObserver(this); | 507 client_->RemoveObserver(this); |
| 493 enrollment_step_ = STEP_FINISHED; | 508 enrollment_step_ = STEP_FINISHED; |
| 494 weak_ptr_factory_.InvalidateWeakPtrs(); | 509 weak_ptr_factory_.InvalidateWeakPtrs(); |
| 495 completion_callback_.Reset(); | 510 completion_callback_.Reset(); |
| 496 } | 511 } |
| 497 | 512 |
| 498 void EnrollmentHandlerChromeOS::ReportResult(EnrollmentStatus status) { | 513 void EnrollmentHandlerChromeOS::ReportResult(EnrollmentStatus status) { |
| 499 EnrollmentCallback callback = completion_callback_; | 514 EnrollmentCallback callback = completion_callback_; |
| 500 Stop(); | 515 Stop(); |
| 501 | 516 |
| 502 if (status.status() != EnrollmentStatus::STATUS_SUCCESS) { | 517 if (status.status() != EnrollmentStatus::STATUS_SUCCESS) { |
| 503 LOG(WARNING) << "Enrollment failed: " << status.status() | 518 LOG(WARNING) << "Enrollment failed: " << status.status() |
| 504 << ", client: " << status.client_status() | 519 << ", client: " << status.client_status() |
| 505 << ", validation: " << status.validation_status() | 520 << ", validation: " << status.validation_status() |
| 506 << ", store: " << status.store_status() | 521 << ", store: " << status.store_status() |
| 507 << ", lock: " << status.lock_status(); | 522 << ", lock: " << status.lock_status(); |
| 508 } | 523 } |
| 509 | 524 |
| 510 if (!callback.is_null()) | 525 if (!callback.is_null()) |
| 511 callback.Run(status); | 526 callback.Run(status); |
| 512 } | 527 } |
| 513 | 528 |
| 514 } // namespace policy | 529 } // namespace policy |
| OLD | NEW |
