Chromad: added AD Join ui, authpolicy_client

chrome/browser/ui/webui/chromeos/login/enrollment_screen_handler.cc

Index: chrome/browser/ui/webui/chromeos/login/enrollment_screen_handler.cc
diff --git a/chrome/browser/ui/webui/chromeos/login/enrollment_screen_handler.cc b/chrome/browser/ui/webui/chromeos/login/enrollment_screen_handler.cc
index 6290366c1af5ac39a296da7cd2c64efaab4868a6..5146fada7c0ac260d62205f58375004fb20d565b 100644
--- a/chrome/browser/ui/webui/chromeos/login/enrollment_screen_handler.cc
+++ b/chrome/browser/ui/webui/chromeos/login/enrollment_screen_handler.cc
@@ -9,6 +9,7 @@
 #include "ash/common/system/chromeos/devicetype_utils.h"
 #include "base/bind.h"
 #include "base/bind_helpers.h"
+#include "base/files/file_util.h"
 #include "base/logging.h"
 #include "base/macros.h"
 #include "base/strings/stringprintf.h"
@@ -24,10 +25,13 @@
 #include "chrome/browser/chromeos/policy/policy_oauth2_token_fetcher.h"
 #include "chrome/browser/ui/webui/chromeos/login/oobe_screen.h"
 #include "chrome/grit/generated_resources.h"
+#include "chromeos/dbus/auth_policy_client.h"
+#include "chromeos/dbus/dbus_thread_manager.h"
 #include "chromeos/network/network_state.h"
 #include "chromeos/network/network_state_handler.h"
 #include "components/login/localized_values_builder.h"
 #include "components/policy/core/browser/cloud/message_util.h"
+#include "content/public/browser/browser_thread.h"
 #include "google_apis/gaia/gaia_auth_util.h"
 #include "google_apis/gaia/gaia_urls.h"
 #include "google_apis/gaia/google_service_auth_error.h"
@@ -40,6 +44,7 @@ const char kJsScreenPath[] = "login.OAuthEnrollmentScreen";
 
 // Enrollment step names.
 const char kEnrollmentStepSignin[] = "signin";
+const char kEnrollmentStepADJoin[] = "ad-join";
 const char kEnrollmentStepSuccess[] = "success";
 const char kEnrollmentStepWorking[] = "working";
 
@@ -103,6 +108,25 @@ std::string GetEnterpriseDomain() {
   return connector->GetEnterpriseDomain();
 }
 
+// Returns reading end of pipe with the password to read.

[Alexander Alekseev, 2016/10/28 10:49:11]

nit: Returns file descriptor of a pipe, open for reading. Pipe keeps user
password, which can be read from the returned descriptor.

[Roman Sorokin (ftl), 2016/10/28 12:35:29]

Done.

+base::ScopedFD GetPasswordReadPipe(const std::string& password) {

[Alexander Alekseev, 2016/10/28 10:49:11]

Add DCHECK that this function is rinnung on a BlockingPool.

[Roman Sorokin (ftl), 2016/10/28 12:35:29]

Hm, How to check that? DCHECK_CURRENTLY_ON accepts only names threads, which
blockingpool is not.

[Alexander Alekseev, 2016/10/28 13:00:59]

DCHECK(BrowserThread::GetBlockingPool()->RunsTasksOnCurrentThread());

[Roman Sorokin (ftl), 2016/10/28 14:07:13]

Done.

+  int pipe_fds[2];
+  if (!base::CreateLocalNonBlockingPipe(pipe_fds)) {
+    LOG(ERROR) << "Failed to create pipes";

[Alexander Alekseev, 2016/10/28 10:49:11]

nit: pipe

[Roman Sorokin (ftl), 2016/10/28 12:35:29]

Done.

+    return base::ScopedFD();
+  }
+  base::ScopedFD pipe_read_end(pipe_fds[0]);
+  base::ScopedFD pipe_write_end(pipe_fds[1]);
+
+  if (!base::WriteFileDescriptor(pipe_write_end.get(),
+                                 password.c_str(),
+                                 password.size())) {
+    LOG(ERROR) << "Failed to write to pipe";
+    return base::ScopedFD();
+  }
+  return pipe_read_end;
+}
+
 }  // namespace
 
 // EnrollmentScreenHandler, public ------------------------------
@@ -139,6 +163,8 @@ void EnrollmentScreenHandler::RegisterMessages() {
               &EnrollmentScreenHandler::HandleClose);
   AddCallback("oauthEnrollCompleteLogin",
               &EnrollmentScreenHandler::HandleCompleteLogin);
+  AddCallback("oauthEnrollADCompleteLogin",
+              &EnrollmentScreenHandler::HandleADCompleteLogin);
   AddCallback("oauthEnrollRetry",
               &EnrollmentScreenHandler::HandleRetry);
   AddCallback("frameLoadingCompleted",
@@ -178,6 +204,11 @@ void EnrollmentScreenHandler::ShowSigninScreen() {
   ShowStep(kEnrollmentStepSignin);
 }
 
+void EnrollmentScreenHandler::ShowADJoin() {
+  observe_network_failure_ = false;
+  ShowStep(kEnrollmentStepADJoin);
+}
+
 void EnrollmentScreenHandler::ShowAttributePromptScreen(
     const std::string& asset_id,
     const std::string& location) {
@@ -386,6 +417,12 @@ void EnrollmentScreenHandler::DeclareLocalizedValues(
   builder->Add("oauthEnrollWorking", IDS_ENTERPRISE_ENROLLMENT_WORKING_MESSAGE);
   // Do not use AddF for this string as it will be rendered by the JS code.
   builder->Add("oauthEnrollAbeSuccess", IDS_ENTERPRISE_ENROLLMENT_ABE_SUCCESS);
+  builder->Add("oauthEnrollADMachineNameInput",
+               IDS_AD_MACHINE_NAME_INPUT_LABEL);
+  builder->Add("oauthEnrollADDomainJoinWelcomeMessage",
+               IDS_AD_DOMAIN_JOIN_WELCOME_MESSAGE);
+  builder->Add("adLoginUser", IDS_AD_LOGIN_USER);
+  builder->Add("adLoginPassword", IDS_AD_LOGIN_PASSWORD);
 }
 
 bool EnrollmentScreenHandler::IsOnEnrollmentScreen() const {
@@ -515,6 +552,51 @@ void EnrollmentScreenHandler::HandleCompleteLogin(
   controller_->OnLoginDone(gaia::SanitizeEmail(user), auth_code);
 }
 
+void EnrollmentScreenHandler::HandleADCompleteLogin(
+    const std::string& machine_name,
+    const std::string& user,
+    const std::string& password) {
+  observe_network_failure_ = false;
+  DCHECK(controller_);
+  base::PostTaskAndReplyWithResult(
+      content::BrowserThread::GetBlockingPool(), FROM_HERE,
+      base::Bind(&GetPasswordReadPipe, password),
+      base::Bind(&EnrollmentScreenHandler::OnPasswordPipeReady,
+                 weak_ptr_factory_.GetWeakPtr(), machine_name, user));
+}
+
+void EnrollmentScreenHandler::OnPasswordPipeReady(
+    const std::string& machine_name,
+    const std::string& user,
+    base::ScopedFD password_fd) {

[Alexander Alekseev, 2016/10/28 10:49:11]

Add DCHECK for UI thread.

[Roman Sorokin (ftl), 2016/10/28 12:35:28]

Done.

+  if (!password_fd.is_valid()) {
+    LOG(ERROR) << "Got invalid password_fd";
+    return;
+  }
+  chromeos::AuthPolicyClient* client =
+      chromeos::DBusThreadManager::Get()->GetAuthPolicyClient();
+
+  client->JoinADDomain(machine_name,
+                       user,
+                       password_fd.get(),
+                       base::Bind(&EnrollmentScreenHandler::HandleADDomainJoin,
+                                  weak_ptr_factory_.GetWeakPtr(),
+                                  machine_name,
+                                  user));
+}
+
+void EnrollmentScreenHandler::HandleADDomainJoin(
+    const std::string& machine_name,
+    const std::string& user,
+    int code) {
+  if (code == 0) {
+    controller_->OnADJoined(gaia::ExtractDomainName(user));

[Alexander Alekseev, 2016/10/28 10:49:11]

return here?

[Roman Sorokin (ftl), 2016/10/28 12:35:29]

Done.

+  } else {
+    // TODO(rsorokin,659984): Add passing/displaying error codes.

[Alexander Alekseev, 2016/10/28 10:49:11]

Could you, please, add issues as full URL?
Like crbug.com/659984 . This makes it simpler to open.

[Roman Sorokin (ftl), 2016/10/28 12:35:29]

Done.

+    CallJS("invalidateAD", machine_name, user);
+  }
+}
+
 void EnrollmentScreenHandler::HandleRetry() {
   DCHECK(controller_);
   controller_->OnRetry();