Chromad: added AD Join ui, authpolicy_client

chrome/browser/ui/webui/chromeos/login/enrollment_screen_handler.cc

Index: chrome/browser/ui/webui/chromeos/login/enrollment_screen_handler.cc
diff --git a/chrome/browser/ui/webui/chromeos/login/enrollment_screen_handler.cc b/chrome/browser/ui/webui/chromeos/login/enrollment_screen_handler.cc
index 6290366c1af5ac39a296da7cd2c64efaab4868a6..3a1260fda2978d0912b9468a7d1efb66a9eb4dcd 100644
--- a/chrome/browser/ui/webui/chromeos/login/enrollment_screen_handler.cc
+++ b/chrome/browser/ui/webui/chromeos/login/enrollment_screen_handler.cc
@@ -9,6 +9,8 @@
 #include "ash/common/system/chromeos/devicetype_utils.h"
 #include "base/bind.h"
 #include "base/bind_helpers.h"
+#include "base/command_line.h"

[xiyuan, 2016/10/26 22:03:16]

nit: not used?

[Roman Sorokin (ftl), 2016/10/27 13:10:46]

Done.

+#include "base/files/file_util.h"
 #include "base/logging.h"
 #include "base/macros.h"
 #include "base/strings/stringprintf.h"
@@ -24,10 +26,13 @@
 #include "chrome/browser/chromeos/policy/policy_oauth2_token_fetcher.h"
 #include "chrome/browser/ui/webui/chromeos/login/oobe_screen.h"
 #include "chrome/grit/generated_resources.h"
+#include "chromeos/dbus/auth_policy_client.h"
+#include "chromeos/dbus/dbus_thread_manager.h"
 #include "chromeos/network/network_state.h"
 #include "chromeos/network/network_state_handler.h"
 #include "components/login/localized_values_builder.h"
 #include "components/policy/core/browser/cloud/message_util.h"
+#include "content/public/browser/browser_thread.h"

[xiyuan, 2016/10/26 22:03:16]

nit: remove if we don't use.

[Roman Sorokin (ftl), 2016/10/27 13:10:46]

Done.

 #include "google_apis/gaia/gaia_auth_util.h"
 #include "google_apis/gaia/gaia_urls.h"
 #include "google_apis/gaia/google_service_auth_error.h"
@@ -40,6 +45,7 @@ const char kJsScreenPath[] = "login.OAuthEnrollmentScreen";
 
 // Enrollment step names.
 const char kEnrollmentStepSignin[] = "signin";
+const char kEnrollmentStepADJoin[] = "ad-join";
 const char kEnrollmentStepSuccess[] = "success";
 const char kEnrollmentStepWorking[] = "working";
 
@@ -139,6 +145,8 @@ void EnrollmentScreenHandler::RegisterMessages() {
               &EnrollmentScreenHandler::HandleClose);
   AddCallback("oauthEnrollCompleteLogin",
               &EnrollmentScreenHandler::HandleCompleteLogin);
+  AddCallback("oauthEnrollADCompleteLogin",
+              &EnrollmentScreenHandler::HandleADCompleteLogin);
   AddCallback("oauthEnrollRetry",
               &EnrollmentScreenHandler::HandleRetry);
   AddCallback("frameLoadingCompleted",
@@ -178,6 +186,11 @@ void EnrollmentScreenHandler::ShowSigninScreen() {
   ShowStep(kEnrollmentStepSignin);
 }
 
+void EnrollmentScreenHandler::ShowADJoin() {
+  observe_network_failure_ = false;
+  ShowStep(kEnrollmentStepADJoin);
+}
+
 void EnrollmentScreenHandler::ShowAttributePromptScreen(
     const std::string& asset_id,
     const std::string& location) {
@@ -386,6 +399,12 @@ void EnrollmentScreenHandler::DeclareLocalizedValues(
   builder->Add("oauthEnrollWorking", IDS_ENTERPRISE_ENROLLMENT_WORKING_MESSAGE);
   // Do not use AddF for this string as it will be rendered by the JS code.
   builder->Add("oauthEnrollAbeSuccess", IDS_ENTERPRISE_ENROLLMENT_ABE_SUCCESS);
+  builder->Add("oauthEnrollADMachineNameInput",
+               IDS_AD_MACHINE_NAME_INPUT_LABEL);
+  builder->Add("oauthEnrollADDomainJoinWelcomeMessage",
+               IDS_AD_DOMAIN_JOIN_WELCOME_MESSAGE);
+  builder->Add("ADLoginUser", IDS_AD_LOGIN_USER);

[xiyuan, 2016/10/26 22:03:16]

nit: ADLoginUser -> adLoginUser, similarly for ADLoginPassword

[Roman Sorokin (ftl), 2016/10/27 13:10:46]

Done.

+  builder->Add("ADLoginPassword", IDS_AD_LOGIN_PASSWORD);
 }
 
 bool EnrollmentScreenHandler::IsOnEnrollmentScreen() const {
@@ -515,6 +534,49 @@ void EnrollmentScreenHandler::HandleCompleteLogin(
   controller_->OnLoginDone(gaia::SanitizeEmail(user), auth_code);
 }
 
+void EnrollmentScreenHandler::HandleADCompleteLogin(
+    const std::string& machine_name,
+    const std::string& user,
+    const std::string& password) {
+  observe_network_failure_ = false;
+  DCHECK(controller_);
+  chromeos::AuthPolicyClient* client =
+      chromeos::DBusThreadManager::Get()->GetAuthPolicyClient();
+  int pipe_fds[2];
+  if (!base::CreateLocalNonBlockingPipe(pipe_fds)) {

[xiyuan, 2016/10/26 22:03:16]

Are we allowed to do this (and the write on Line 553) on UI thread? If we have
to do it on UI thread, let's add a base::ThreadRestrictions::ScopedAllowIO with
a comment.

[Roman Sorokin (ftl), 2016/10/27 13:10:45]

Moved onto BlockingPool

+    LOG(ERROR) << "Failed to create pipes";
+    return;
+  }
+  base::ScopedFD pipe_read_end(pipe_fds[0]);
+  base::ScopedFD pipe_write_end(pipe_fds[1]);
+
+  if (!base::WriteFileDescriptor(pipe_write_end.get(),
+                                 password.c_str(),
+                                 password.size())) {
+    LOG(ERROR) << "Failed to write to pipe";
+    return;
+  }
+
+  client->JoinADDomain(machine_name,
+                       user,
+                       pipe_read_end.get(),
+                       base::Bind(&EnrollmentScreenHandler::HandleADDomainJoin,
+                                  weak_ptr_factory_.GetWeakPtr(),
+                                  machine_name,
+                                  user));
+}
+
+void EnrollmentScreenHandler::HandleADDomainJoin(
+    const std::string& machine_name,
+    const std::string& user,
+    int code) {
+  if (code == 0) {
+    controller_->OnADJoined(gaia::ExtractDomainName(user));
+  } else {
+    CallJS("invalidateAD", machine_name, user);

[xiyuan, 2016/10/26 22:03:16]

Does this mean the join fails? Do we need to show an error or something to the
user?

[Roman Sorokin (ftl), 2016/10/27 13:10:45]

Yes! But we don't have list of errors just yet. Added TODO and BUG to fix that.

+  }
+}
+
 void EnrollmentScreenHandler::HandleRetry() {
   DCHECK(controller_);
   controller_->OnRetry();