| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/policy/enrollment_handler_chromeos.h" | 5 #include "chrome/browser/chromeos/policy/enrollment_handler_chromeos.h" |
| 6 | 6 |
| 7 #include <utility> | 7 #include <utility> |
| 8 | 8 |
| 9 #include "base/bind.h" | 9 #include "base/bind.h" |
| 10 #include "base/command_line.h" | 10 #include "base/command_line.h" |
| 11 #include "base/location.h" | 11 #include "base/location.h" |
| 12 #include "base/logging.h" | 12 #include "base/logging.h" |
| 13 #include "base/single_thread_task_runner.h" | 13 #include "base/single_thread_task_runner.h" |
| 14 #include "base/threading/thread_task_runner_handle.h" | 14 #include "base/threading/thread_task_runner_handle.h" |
| 15 #include "chrome/browser/browser_process.h" | 15 #include "chrome/browser/browser_process.h" |
| 16 #include "chrome/browser/chromeos/login/enrollment/auto_enrollment_controller.h" | 16 #include "chrome/browser/chromeos/login/enrollment/auto_enrollment_controller.h" |
| 17 #include "chrome/browser/chromeos/ownership/owner_settings_service_chromeos.h" | 17 #include "chrome/browser/chromeos/ownership/owner_settings_service_chromeos.h" |
| 18 #include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h" | 18 #include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h" |
| 19 #include "chrome/browser/chromeos/policy/enrollment_status_chromeos.h" | 19 #include "chrome/browser/chromeos/policy/enrollment_status_chromeos.h" |
| 20 #include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h" | 20 #include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h" |
| 21 #include "chrome/browser/chromeos/policy/server_backed_state_keys_broker.h" | 21 #include "chrome/browser/chromeos/policy/server_backed_state_keys_broker.h" |
| 22 #include "chrome/browser/chromeos/profiles/profile_helper.h" | 22 #include "chrome/browser/chromeos/profiles/profile_helper.h" |
| 23 #include "chrome/browser/chromeos/settings/device_oauth2_token_service.h" | 23 #include "chrome/browser/chromeos/settings/device_oauth2_token_service.h" |
| 24 #include "chrome/browser/chromeos/settings/device_oauth2_token_service_factory.h
" | 24 #include "chrome/browser/chromeos/settings/device_oauth2_token_service_factory.h
" |
| 25 #include "chrome/browser/profiles/profile.h" | 25 #include "chrome/browser/profiles/profile.h" |
| 26 #include "chromeos/attestation/attestation_flow.h" | 26 #include "chromeos/attestation/attestation_flow.h" |
| 27 #include "chromeos/chromeos_switches.h" | 27 #include "chromeos/chromeos_switches.h" |
| 28 #include "chromeos/dbus/auth_policy_client.h" |
| 29 #include "chromeos/dbus/dbus_thread_manager.h" |
| 28 #include "google_apis/gaia/gaia_auth_util.h" | 30 #include "google_apis/gaia/gaia_auth_util.h" |
| 29 #include "google_apis/gaia/gaia_urls.h" | 31 #include "google_apis/gaia/gaia_urls.h" |
| 30 #include "net/http/http_status_code.h" | 32 #include "net/http/http_status_code.h" |
| 31 | 33 |
| 32 namespace em = enterprise_management; | 34 namespace em = enterprise_management; |
| 33 | 35 |
| 34 namespace policy { | 36 namespace policy { |
| 35 | 37 |
| 36 namespace { | 38 namespace { |
| 37 | 39 |
| (...skipping 205 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 243 void EnrollmentHandlerChromeOS::OnStoreError(CloudPolicyStore* store) { | 245 void EnrollmentHandlerChromeOS::OnStoreError(CloudPolicyStore* store) { |
| 244 DCHECK_EQ(store_, store); | 246 DCHECK_EQ(store_, store); |
| 245 if (enrollment_step_ == STEP_STORE_TOKEN_AND_ID) { | 247 if (enrollment_step_ == STEP_STORE_TOKEN_AND_ID) { |
| 246 // Calling OwnerSettingsServiceChromeOS::SetManagementSettings() | 248 // Calling OwnerSettingsServiceChromeOS::SetManagementSettings() |
| 247 // on a non- enterprise-managed device will fail as | 249 // on a non- enterprise-managed device will fail as |
| 248 // DeviceCloudPolicyStore listens to all changes on device | 250 // DeviceCloudPolicyStore listens to all changes on device |
| 249 // settings, and it calls OnStoreError() when the device is not | 251 // settings, and it calls OnStoreError() when the device is not |
| 250 // enterprise-managed. | 252 // enterprise-managed. |
| 251 return; | 253 return; |
| 252 } | 254 } |
| 255 LOG(ERROR) << "Error in device policy store."; |
| 253 ReportResult(EnrollmentStatus::ForStoreError(store_->status(), | 256 ReportResult(EnrollmentStatus::ForStoreError(store_->status(), |
| 254 store_->validation_status())); | 257 store_->validation_status())); |
| 255 } | 258 } |
| 256 | 259 |
| 257 void EnrollmentHandlerChromeOS::HandleStateKeysResult( | 260 void EnrollmentHandlerChromeOS::HandleStateKeysResult( |
| 258 const std::vector<std::string>& state_keys) { | 261 const std::vector<std::string>& state_keys) { |
| 259 CHECK_EQ(STEP_STATE_KEYS, enrollment_step_); | 262 CHECK_EQ(STEP_STATE_KEYS, enrollment_step_); |
| 260 | 263 |
| 261 // Make sure state keys are available if forced re-enrollment is on. | 264 // Make sure state keys are available if forced re-enrollment is on. |
| 262 if (chromeos::AutoEnrollmentController::GetMode() == | 265 if (chromeos::AutoEnrollmentController::GetMode() == |
| (...skipping 218 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 481 void EnrollmentHandlerChromeOS::HandleStoreRobotAuthTokenResult(bool result) { | 484 void EnrollmentHandlerChromeOS::HandleStoreRobotAuthTokenResult(bool result) { |
| 482 CHECK_EQ(STEP_STORE_ROBOT_AUTH, enrollment_step_); | 485 CHECK_EQ(STEP_STORE_ROBOT_AUTH, enrollment_step_); |
| 483 | 486 |
| 484 if (!result) { | 487 if (!result) { |
| 485 LOG(ERROR) << "Failed to store API refresh token."; | 488 LOG(ERROR) << "Failed to store API refresh token."; |
| 486 ReportResult(EnrollmentStatus::ForStatus( | 489 ReportResult(EnrollmentStatus::ForStatus( |
| 487 EnrollmentStatus::STATUS_ROBOT_REFRESH_STORE_FAILED)); | 490 EnrollmentStatus::STATUS_ROBOT_REFRESH_STORE_FAILED)); |
| 488 return; | 491 return; |
| 489 } | 492 } |
| 490 | 493 |
| 494 SetStep(STEP_STORE_POLICY); |
| 491 if (device_mode_ == policy::DEVICE_MODE_ENTERPRISE_AD) { | 495 if (device_mode_ == policy::DEVICE_MODE_ENTERPRISE_AD) { |
| 492 ReportResult(EnrollmentStatus::ForStatus(EnrollmentStatus::STATUS_SUCCESS)); | 496 CHECK(install_attributes_->IsActiveDirectoryManaged()); |
| 497 // Update device settings so that in case of Active Directory unsigned |
| 498 // policy is accepted. |
| 499 chromeos::DeviceSettingsService::Get()->SetDeviceMode( |
| 500 install_attributes_->GetMode()); |
| 501 chromeos::DBusThreadManager::Get() |
| 502 ->GetAuthPolicyClient() |
| 503 ->RefreshDevicePolicy(base::Bind( |
| 504 &EnrollmentHandlerChromeOS::HandleActiveDirectoryPolicyRefreshed, |
| 505 weak_ptr_factory_.GetWeakPtr())); |
| 493 } else { | 506 } else { |
| 494 SetStep(STEP_STORE_POLICY); | |
| 495 store_->InstallInitialPolicy(*policy_); | 507 store_->InstallInitialPolicy(*policy_); |
| 496 } | 508 } |
| 497 } | 509 } |
| 498 | 510 |
| 511 void EnrollmentHandlerChromeOS::HandleActiveDirectoryPolicyRefreshed( |
| 512 bool success) { |
| 513 DCHECK_EQ(STEP_STORE_POLICY, enrollment_step_); |
| 514 |
| 515 if (!success) { |
| 516 LOG(ERROR) << "Failed to load Active Directory policy."; |
| 517 ReportResult(EnrollmentStatus::ForStatus( |
| 518 EnrollmentStatus::STATUS_ACTIVE_DIRECTORY_POLICY_FETCH_FAILED)); |
| 519 return; |
| 520 } |
| 521 |
| 522 // After that, the enrollment flow continues in one of the OnStore* observers. |
| 523 store_->Load(); |
| 524 } |
| 525 |
| 499 void EnrollmentHandlerChromeOS::Stop() { | 526 void EnrollmentHandlerChromeOS::Stop() { |
| 500 if (client_.get()) | 527 if (client_.get()) |
| 501 client_->RemoveObserver(this); | 528 client_->RemoveObserver(this); |
| 502 SetStep(STEP_FINISHED); | 529 SetStep(STEP_FINISHED); |
| 503 weak_ptr_factory_.InvalidateWeakPtrs(); | 530 weak_ptr_factory_.InvalidateWeakPtrs(); |
| 504 completion_callback_.Reset(); | 531 completion_callback_.Reset(); |
| 505 } | 532 } |
| 506 | 533 |
| 507 void EnrollmentHandlerChromeOS::ReportResult(EnrollmentStatus status) { | 534 void EnrollmentHandlerChromeOS::ReportResult(EnrollmentStatus status) { |
| 508 EnrollmentCallback callback = completion_callback_; | 535 EnrollmentCallback callback = completion_callback_; |
| (...skipping 11 matching lines...) Expand all Loading... |
| 520 callback.Run(status); | 547 callback.Run(status); |
| 521 } | 548 } |
| 522 | 549 |
| 523 void EnrollmentHandlerChromeOS::SetStep(EnrollmentStep step) { | 550 void EnrollmentHandlerChromeOS::SetStep(EnrollmentStep step) { |
| 524 DCHECK_LE(enrollment_step_, step); | 551 DCHECK_LE(enrollment_step_, step); |
| 525 VLOG(1) << "Step: " << step; | 552 VLOG(1) << "Step: " << step; |
| 526 enrollment_step_ = step; | 553 enrollment_step_ = step; |
| 527 } | 554 } |
| 528 | 555 |
| 529 } // namespace policy | 556 } // namespace policy |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2544773002:
Fetch policy from Active Directory at the end of enrollment (Closed)
