Chromad: added AD Join ui, authpolicy_client

chrome/browser/ui/webui/chromeos/login/enrollment_screen_handler.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ui/webui/chromeos/login/enrollment_screen_handler.h"
 
 #include <algorithm>
 
 #include "ash/common/system/chromeos/devicetype_utils.h"
 #include "base/bind.h"
 #include "base/bind_helpers.h"
+#include "base/command_line.h"

[xiyuan, 2016/10/26 22:03:16]

nit: not used?

[Roman Sorokin (ftl), 2016/10/27 13:10:46]

Done.

+#include "base/files/file_util.h"
 #include "base/logging.h"
 #include "base/macros.h"
 #include "base/strings/stringprintf.h"
 #include "base/values.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/browser_process_platform_part.h"
 #include "chrome/browser/chromeos/login/error_screens_histogram_helper.h"
 #include "chrome/browser/chromeos/login/help_app_launcher.h"
 #include "chrome/browser/chromeos/login/screens/network_error.h"
 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
 #include "chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h"
 #include "chrome/browser/chromeos/policy/enrollment_status_chromeos.h"
 #include "chrome/browser/chromeos/policy/policy_oauth2_token_fetcher.h"
 #include "chrome/browser/ui/webui/chromeos/login/oobe_screen.h"
 #include "chrome/grit/generated_resources.h"
+#include "chromeos/dbus/auth_policy_client.h"
+#include "chromeos/dbus/dbus_thread_manager.h"
 #include "chromeos/network/network_state.h"
 #include "chromeos/network/network_state_handler.h"
 #include "components/login/localized_values_builder.h"
 #include "components/policy/core/browser/cloud/message_util.h"
+#include "content/public/browser/browser_thread.h"

[xiyuan, 2016/10/26 22:03:16]

nit: remove if we don't use.

[Roman Sorokin (ftl), 2016/10/27 13:10:46]

Done.

 #include "google_apis/gaia/gaia_auth_util.h"
 #include "google_apis/gaia/gaia_urls.h"
 #include "google_apis/gaia/google_service_auth_error.h"
 #include "ui/base/l10n/l10n_util.h"
 
 namespace chromeos {
 namespace {
 
 const char kJsScreenPath[] = "login.OAuthEnrollmentScreen";
 
 // Enrollment step names.
 const char kEnrollmentStepSignin[] = "signin";
+const char kEnrollmentStepADJoin[] = "ad-join";
 const char kEnrollmentStepSuccess[] = "success";
 const char kEnrollmentStepWorking[] = "working";
 
 // Enrollment mode constants used in the UI. This needs to be kept in sync with
 // oobe_screen_oauth_enrollment.js.
 const char kEnrollmentModeUIForced[] = "forced";
 const char kEnrollmentModeUIManual[] = "manual";
 const char kEnrollmentModeUIRecovery[] = "recovery";
 
 // Converts |mode| to a mode identifier for the UI.
@@ skipping 79 matching lines @@
 
 // EnrollmentScreenHandler, WebUIMessageHandler implementation --
 
 void EnrollmentScreenHandler::RegisterMessages() {
   AddCallback("toggleFakeEnrollment",
               &EnrollmentScreenHandler::HandleToggleFakeEnrollment);
   AddCallback("oauthEnrollClose",
               &EnrollmentScreenHandler::HandleClose);
   AddCallback("oauthEnrollCompleteLogin",
               &EnrollmentScreenHandler::HandleCompleteLogin);
+  AddCallback("oauthEnrollADCompleteLogin",
+              &EnrollmentScreenHandler::HandleADCompleteLogin);
   AddCallback("oauthEnrollRetry",
               &EnrollmentScreenHandler::HandleRetry);
   AddCallback("frameLoadingCompleted",
               &EnrollmentScreenHandler::HandleFrameLoadingCompleted);
   AddCallback("oauthEnrollAttributes",
               &EnrollmentScreenHandler::HandleDeviceAttributesProvided);
   AddCallback("oauthEnrollOnLearnMore",
               &EnrollmentScreenHandler::HandleOnLearnMore);
 }
 
@@ skipping 19 matching lines @@
 }
 
 void EnrollmentScreenHandler::Hide() {
 }
 
 void EnrollmentScreenHandler::ShowSigninScreen() {
   observe_network_failure_ = true;
   ShowStep(kEnrollmentStepSignin);
 }
 
+void EnrollmentScreenHandler::ShowADJoin() {
+  observe_network_failure_ = false;
+  ShowStep(kEnrollmentStepADJoin);
+}
+
 void EnrollmentScreenHandler::ShowAttributePromptScreen(
     const std::string& asset_id,
     const std::string& location) {
   CallJS("showAttributePromptStep", asset_id, location);
 }
 
 void EnrollmentScreenHandler::ShowEnrollmentSpinnerScreen() {
   ShowStep(kEnrollmentStepWorking);
 }
 
@@ skipping 188 matching lines @@
                IDS_ENTERPRISE_ENROLLMENT_EXPLAIN_ATTRIBUTE_LINK);
   builder->Add("oauthEnrollAttributeExplanation",
                IDS_ENTERPRISE_ENROLLMENT_ATTRIBUTE_EXPLANATION);
   builder->Add("oauthEnrollAssetIdLabel",
                IDS_ENTERPRISE_ENROLLMENT_ASSET_ID_LABEL);
   builder->Add("oauthEnrollLocationLabel",
                IDS_ENTERPRISE_ENROLLMENT_LOCATION_LABEL);
   builder->Add("oauthEnrollWorking", IDS_ENTERPRISE_ENROLLMENT_WORKING_MESSAGE);
   // Do not use AddF for this string as it will be rendered by the JS code.
   builder->Add("oauthEnrollAbeSuccess", IDS_ENTERPRISE_ENROLLMENT_ABE_SUCCESS);
+  builder->Add("oauthEnrollADMachineNameInput",
+               IDS_AD_MACHINE_NAME_INPUT_LABEL);
+  builder->Add("oauthEnrollADDomainJoinWelcomeMessage",
+               IDS_AD_DOMAIN_JOIN_WELCOME_MESSAGE);
+  builder->Add("ADLoginUser", IDS_AD_LOGIN_USER);

[xiyuan, 2016/10/26 22:03:16]

nit: ADLoginUser -> adLoginUser, similarly for ADLoginPassword

[Roman Sorokin (ftl), 2016/10/27 13:10:46]

Done.

+  builder->Add("ADLoginPassword", IDS_AD_LOGIN_PASSWORD);
 }
 
 bool EnrollmentScreenHandler::IsOnEnrollmentScreen() const {
   return (GetCurrentScreen() == OobeScreen::SCREEN_OOBE_ENROLLMENT);
 }
 
 bool EnrollmentScreenHandler::IsEnrollmentScreenHiddenByError() const {
   return (GetCurrentScreen() == OobeScreen::SCREEN_ERROR_MESSAGE &&
           network_error_model_->GetParentScreen() ==
               OobeScreen::SCREEN_OOBE_ENROLLMENT);
@@ skipping 109 matching lines @@
 }
 
 void EnrollmentScreenHandler::HandleCompleteLogin(
     const std::string& user,
     const std::string& auth_code) {
   observe_network_failure_ = false;
   DCHECK(controller_);
   controller_->OnLoginDone(gaia::SanitizeEmail(user), auth_code);
 }
 
+void EnrollmentScreenHandler::HandleADCompleteLogin(
+    const std::string& machine_name,
+    const std::string& user,
+    const std::string& password) {
+  observe_network_failure_ = false;
+  DCHECK(controller_);
+  chromeos::AuthPolicyClient* client =
+      chromeos::DBusThreadManager::Get()->GetAuthPolicyClient();
+  int pipe_fds[2];
+  if (!base::CreateLocalNonBlockingPipe(pipe_fds)) {

[xiyuan, 2016/10/26 22:03:16]

Are we allowed to do this (and the write on Line 553) on UI thread? If we have
to do it on UI thread, let's add a base::ThreadRestrictions::ScopedAllowIO with
a comment.

[Roman Sorokin (ftl), 2016/10/27 13:10:45]

Moved onto BlockingPool

+    LOG(ERROR) << "Failed to create pipes";
+    return;
+  }
+  base::ScopedFD pipe_read_end(pipe_fds[0]);
+  base::ScopedFD pipe_write_end(pipe_fds[1]);
+
+  if (!base::WriteFileDescriptor(pipe_write_end.get(),
+                                 password.c_str(),
+                                 password.size())) {
+    LOG(ERROR) << "Failed to write to pipe";
+    return;
+  }
+
+  client->JoinADDomain(machine_name,
+                       user,
+                       pipe_read_end.get(),
+                       base::Bind(&EnrollmentScreenHandler::HandleADDomainJoin,
+                                  weak_ptr_factory_.GetWeakPtr(),
+                                  machine_name,
+                                  user));
+}
+
+void EnrollmentScreenHandler::HandleADDomainJoin(
+    const std::string& machine_name,
+    const std::string& user,
+    int code) {
+  if (code == 0) {
+    controller_->OnADJoined(gaia::ExtractDomainName(user));
+  } else {
+    CallJS("invalidateAD", machine_name, user);

[xiyuan, 2016/10/26 22:03:16]

Does this mean the join fails? Do we need to show an error or something to the
user?

[Roman Sorokin (ftl), 2016/10/27 13:10:45]

Yes! But we don't have list of errors just yet. Added TODO and BUG to fix that.

+  }
+}
+
 void EnrollmentScreenHandler::HandleRetry() {
   DCHECK(controller_);
   controller_->OnRetry();
 }
 
 void EnrollmentScreenHandler::HandleFrameLoadingCompleted() {
   if (network_state_informer_->state() != NetworkStateInformer::ONLINE)
     return;
 
   UpdateState(NetworkError::ERROR_REASON_UPDATE);
@@ skipping 48 matching lines @@
 
   ShowScreenWithData(OobeScreen::SCREEN_OOBE_ENROLLMENT, &screen_data);
   if (first_show_) {
     first_show_ = false;
     UpdateStateInternal(NetworkError::ERROR_REASON_UPDATE, true);
   }
   histogram_helper_->OnScreenShow();
 }
 
 }  // namespace chromeos