Chromad: added AD Join ui, authpolicy_client

chrome/browser/ui/webui/chromeos/login/enrollment_screen_handler.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ui/webui/chromeos/login/enrollment_screen_handler.h"
 
 #include <algorithm>
 
 #include "ash/common/system/chromeos/devicetype_utils.h"
 #include "base/bind.h"
 #include "base/bind_helpers.h"
+#include "base/files/file_util.h"
 #include "base/logging.h"
 #include "base/macros.h"
 #include "base/strings/stringprintf.h"
 #include "base/values.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/browser_process_platform_part.h"
 #include "chrome/browser/chromeos/login/error_screens_histogram_helper.h"
 #include "chrome/browser/chromeos/login/help_app_launcher.h"
 #include "chrome/browser/chromeos/login/screens/network_error.h"
 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
 #include "chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h"
 #include "chrome/browser/chromeos/policy/enrollment_status_chromeos.h"
 #include "chrome/browser/chromeos/policy/policy_oauth2_token_fetcher.h"
 #include "chrome/browser/ui/webui/chromeos/login/oobe_screen.h"
 #include "chrome/grit/generated_resources.h"
+#include "chromeos/dbus/auth_policy_client.h"
+#include "chromeos/dbus/dbus_thread_manager.h"
 #include "chromeos/network/network_state.h"
 #include "chromeos/network/network_state_handler.h"
 #include "components/login/localized_values_builder.h"
 #include "components/policy/core/browser/cloud/message_util.h"
+#include "content/public/browser/browser_thread.h"
 #include "google_apis/gaia/gaia_auth_util.h"
 #include "google_apis/gaia/gaia_urls.h"
 #include "google_apis/gaia/google_service_auth_error.h"
 #include "ui/base/l10n/l10n_util.h"
 
 namespace chromeos {
 namespace {
 
 const char kJsScreenPath[] = "login.OAuthEnrollmentScreen";
 
 // Enrollment step names.
 const char kEnrollmentStepSignin[] = "signin";
+const char kEnrollmentStepADJoin[] = "ad-join";
 const char kEnrollmentStepSuccess[] = "success";
 const char kEnrollmentStepWorking[] = "working";
 
 // Enrollment mode constants used in the UI. This needs to be kept in sync with
 // oobe_screen_oauth_enrollment.js.
 const char kEnrollmentModeUIForced[] = "forced";
 const char kEnrollmentModeUIManual[] = "manual";
 const char kEnrollmentModeUIRecovery[] = "recovery";
 
 // Converts |mode| to a mode identifier for the UI.
@@ skipping 43 matching lines @@
 }
 
 
 // Returns the enterprise domain after enrollment, or an empty string.
 std::string GetEnterpriseDomain() {
   policy::BrowserPolicyConnectorChromeOS* connector =
       g_browser_process->platform_part()->browser_policy_connector_chromeos();
   return connector->GetEnterpriseDomain();
 }
 
+// Returns file descriptor of a pipe, open for reading. Pipe keeps user
+// password, which can be read from the returned descriptor.
+base::ScopedFD GetPasswordReadPipe(const std::string& password) {
+  DCHECK(content::BrowserThread::GetBlockingPool()->RunsTasksOnCurrentThread());
+  int pipe_fds[2];
+  if (!base::CreateLocalNonBlockingPipe(pipe_fds)) {
+    LOG(ERROR) << "Failed to create pipe";
+    return base::ScopedFD();
+  }
+  base::ScopedFD pipe_read_end(pipe_fds[0]);
+  base::ScopedFD pipe_write_end(pipe_fds[1]);
+
+  if (!base::WriteFileDescriptor(pipe_write_end.get(),
+                                 password.c_str(),
+                                 password.size())) {
+    LOG(ERROR) << "Failed to write to pipe";

[Dan Beam, 2016/10/28 21:13:03]

do you want this in release builds?  this bloats the production binary, if that
matters

[Roman Sorokin (ftl), 2016/10/31 11:37:11]

I see there calls in the files. Would that matter if there is on more?

[Dan Beam, 2016/10/31 23:52:25]

yes, more calls = more bloat ;)

[Alexander Alekseev, 2016/11/01 06:18:32]

I'd vote for this error to stay. This may fail if user supplies too long
password (maybe we should add password length here too).

+    return base::ScopedFD();
+  }
+  return pipe_read_end;
+}
+
 }  // namespace
 
 // EnrollmentScreenHandler, public ------------------------------
 
 EnrollmentScreenHandler::EnrollmentScreenHandler(
     const scoped_refptr<NetworkStateInformer>& network_state_informer,
     NetworkErrorModel* network_error_model)
     : BaseScreenHandler(kJsScreenPath),
       controller_(NULL),
       show_on_init_(false),
@@ skipping 16 matching lines @@
 
 // EnrollmentScreenHandler, WebUIMessageHandler implementation --
 
 void EnrollmentScreenHandler::RegisterMessages() {
   AddCallback("toggleFakeEnrollment",
               &EnrollmentScreenHandler::HandleToggleFakeEnrollment);
   AddCallback("oauthEnrollClose",
               &EnrollmentScreenHandler::HandleClose);
   AddCallback("oauthEnrollCompleteLogin",
               &EnrollmentScreenHandler::HandleCompleteLogin);
+  AddCallback("oauthEnrollADCompleteLogin",
+              &EnrollmentScreenHandler::HandleADCompleteLogin);
   AddCallback("oauthEnrollRetry",
               &EnrollmentScreenHandler::HandleRetry);
   AddCallback("frameLoadingCompleted",
               &EnrollmentScreenHandler::HandleFrameLoadingCompleted);
   AddCallback("oauthEnrollAttributes",
               &EnrollmentScreenHandler::HandleDeviceAttributesProvided);
   AddCallback("oauthEnrollOnLearnMore",
               &EnrollmentScreenHandler::HandleOnLearnMore);
 }
 
@@ skipping 19 matching lines @@
 }
 
 void EnrollmentScreenHandler::Hide() {
 }
 
 void EnrollmentScreenHandler::ShowSigninScreen() {
   observe_network_failure_ = true;
   ShowStep(kEnrollmentStepSignin);
 }
 
+void EnrollmentScreenHandler::ShowADJoin() {
+  observe_network_failure_ = false;
+  ShowStep(kEnrollmentStepADJoin);
+}
+
 void EnrollmentScreenHandler::ShowAttributePromptScreen(
     const std::string& asset_id,
     const std::string& location) {
   CallJS("showAttributePromptStep", asset_id, location);
 }
 
 void EnrollmentScreenHandler::ShowEnrollmentSpinnerScreen() {
   ShowStep(kEnrollmentStepWorking);
 }
 
@@ skipping 188 matching lines @@
                IDS_ENTERPRISE_ENROLLMENT_EXPLAIN_ATTRIBUTE_LINK);
   builder->Add("oauthEnrollAttributeExplanation",
                IDS_ENTERPRISE_ENROLLMENT_ATTRIBUTE_EXPLANATION);
   builder->Add("oauthEnrollAssetIdLabel",
                IDS_ENTERPRISE_ENROLLMENT_ASSET_ID_LABEL);
   builder->Add("oauthEnrollLocationLabel",
                IDS_ENTERPRISE_ENROLLMENT_LOCATION_LABEL);
   builder->Add("oauthEnrollWorking", IDS_ENTERPRISE_ENROLLMENT_WORKING_MESSAGE);
   // Do not use AddF for this string as it will be rendered by the JS code.
   builder->Add("oauthEnrollAbeSuccess", IDS_ENTERPRISE_ENROLLMENT_ABE_SUCCESS);
+  builder->Add("oauthEnrollADMachineNameInput",
+               IDS_AD_MACHINE_NAME_INPUT_LABEL);
+  builder->Add("oauthEnrollADDomainJoinWelcomeMessage",
+               IDS_AD_DOMAIN_JOIN_WELCOME_MESSAGE);
+  builder->Add("adLoginUser", IDS_AD_LOGIN_USER);
+  builder->Add("adLoginPassword", IDS_AD_LOGIN_PASSWORD);
 }
 
 bool EnrollmentScreenHandler::IsOnEnrollmentScreen() const {
   return (GetCurrentScreen() == OobeScreen::SCREEN_OOBE_ENROLLMENT);
 }
 
 bool EnrollmentScreenHandler::IsEnrollmentScreenHiddenByError() const {
   return (GetCurrentScreen() == OobeScreen::SCREEN_ERROR_MESSAGE &&
           network_error_model_->GetParentScreen() ==
               OobeScreen::SCREEN_OOBE_ENROLLMENT);
@@ skipping 109 matching lines @@
 }
 
 void EnrollmentScreenHandler::HandleCompleteLogin(
     const std::string& user,
     const std::string& auth_code) {
   observe_network_failure_ = false;
   DCHECK(controller_);
   controller_->OnLoginDone(gaia::SanitizeEmail(user), auth_code);
 }
 
+void EnrollmentScreenHandler::HandleADCompleteLogin(
+    const std::string& machine_name,
+    const std::string& user,
+    const std::string& password) {
+  observe_network_failure_ = false;
+  DCHECK(controller_);
+  base::PostTaskAndReplyWithResult(
+      content::BrowserThread::GetBlockingPool(), FROM_HERE,
+      base::Bind(&GetPasswordReadPipe, password),
+      base::Bind(&EnrollmentScreenHandler::OnPasswordPipeReady,
+                 weak_ptr_factory_.GetWeakPtr(), machine_name, user));
+}
+
+void EnrollmentScreenHandler::OnPasswordPipeReady(
+    const std::string& machine_name,
+    const std::string& user,
+    base::ScopedFD password_fd) {
+  DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
+  if (!password_fd.is_valid()) {
+    LOG(ERROR) << "Got invalid password_fd";
+    return;
+  }
+  chromeos::AuthPolicyClient* client =
+      chromeos::DBusThreadManager::Get()->GetAuthPolicyClient();
+
+  client->JoinADDomain(machine_name,
+                       user,
+                       password_fd.get(),
+                       base::Bind(&EnrollmentScreenHandler::HandleADDomainJoin,
+                                  weak_ptr_factory_.GetWeakPtr(),
+                                  machine_name,
+                                  user));
+}
+
+void EnrollmentScreenHandler::HandleADDomainJoin(
+    const std::string& machine_name,
+    const std::string& user,
+    int code) {
+  if (code == 0) {
+    controller_->OnADJoined(gaia::ExtractDomainName(user));
+    return;
+  }
+  // TODO(rsorokin): Add passing/displaying error codes. (see crbug.com/659984)
+  CallJS("invalidateAD", machine_name, user);
+}
+
 void EnrollmentScreenHandler::HandleRetry() {
   DCHECK(controller_);
   controller_->OnRetry();
 }
 
 void EnrollmentScreenHandler::HandleFrameLoadingCompleted() {
   if (network_state_informer_->state() != NetworkStateInformer::ONLINE)
     return;
 
   UpdateState(NetworkError::ERROR_REASON_UPDATE);
@@ skipping 48 matching lines @@
 
   ShowScreenWithData(OobeScreen::SCREEN_OOBE_ENROLLMENT, &screen_data);
   if (first_show_) {
     first_show_ = false;
     UpdateStateInternal(NetworkError::ERROR_REASON_UPDATE, true);
   }
   histogram_helper_->OnScreenShow();
 }
 
 }  // namespace chromeos