Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(576)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/chromeos/policy/enrollment_handler_chromeos.cc

Issue 2677563005: Chromad: Use DM server reply to determine enrollment type (Closed)
Patch Set: Created 3 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« chrome/browser/chromeos/policy/enrollment_handler_chromeos.h ('K') | « chrome/browser/chromeos/policy/enrollment_handler_chromeos.h ('k') | chrome/browser/ui/webui/chromeos/login/enrollment_screen_handler.h » ('j') | chrome/browser/ui/webui/chromeos/login/enrollment_screen_handler.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/chromeos/policy/enrollment_handler_chromeos.cc
diff --git a/chrome/browser/chromeos/policy/enrollment_handler_chromeos.cc b/chrome/browser/chromeos/policy/enrollment_handler_chromeos.cc
index 1596d0af84ed6709f839f94aac13d113b4330849..5f00d2a663bb397af5f35b4c223cde9b2f6562ad 100644
--- a/chrome/browser/chromeos/policy/enrollment_handler_chromeos.cc
+++ b/chrome/browser/chromeos/policy/enrollment_handler_chromeos.cc
@@ -14,6 +14,8 @@
#include "base/threading/thread_task_runner_handle.h"
#include "chrome/browser/browser_process.h"
#include "chrome/browser/chromeos/login/enrollment/auto_enrollment_controller.h"
+#include "chrome/browser/chromeos/login/enrollment/enrollment_screen_actor.h"
+#include "chrome/browser/chromeos/login/ui/login_display_host.h"
#include "chrome/browser/chromeos/ownership/owner_settings_service_chromeos.h"
#include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h"
#include "chrome/browser/chromeos/policy/dm_token_storage.h"
@@ -24,10 +26,14 @@
#include "chrome/browser/chromeos/settings/device_oauth2_token_service.h"
#include "chrome/browser/chromeos/settings/device_oauth2_token_service_factory.h"
#include "chrome/browser/profiles/profile.h"
+#include "chrome/browser/ui/webui/chromeos/login/oobe_ui.h"
+#include "chrome/common/channel_info.h"
#include "chromeos/attestation/attestation_flow.h"
#include "chromeos/chromeos_switches.h"
#include "chromeos/dbus/auth_policy_client.h"
#include "chromeos/dbus/dbus_thread_manager.h"
+#include "chromeos/dbus/upstart_client.h"
+#include "components/version_info/version_info.h"
#include "google_apis/gaia/gaia_auth_util.h"
#include "google_apis/gaia/gaia_urls.h"
#include "net/http/http_status_code.h"
@@ -202,10 +208,20 @@ void EnrollmentHandlerChromeOS::OnRegistrationStateChanged(
if (enrollment_step_ == STEP_REGISTRATION && client_->is_registered()) {
SetStep(STEP_POLICY_FETCH);
device_mode_ = client_->device_mode();
- if (!((device_mode_ == DEVICE_MODE_ENTERPRISE &&
- enrollment_config_.management_realm.empty()) ||
- (device_mode_ == DEVICE_MODE_ENTERPRISE_AD &&
- !enrollment_config_.management_realm.empty()))) {
+ if (device_mode_ == DEVICE_MODE_ENTERPRISE_AD) {
+ if (chrome::GetChannel() == version_info::Channel::BETA ||
+ chrome::GetChannel() == version_info::Channel::STABLE) {
+ LOG(ERROR) << "Bad device mode " << device_mode_;
achuithb 2017/02/07 20:27:16 This error message is unclear. This device mode sh
Roman Sorokin (ftl) 2017/02/10 14:57:10 Done.
+ ReportResult(EnrollmentStatus::ForStatus(
+ EnrollmentStatus::REGISTRATION_BAD_MODE));
+ return;
+ }
+ chromeos::DBusThreadManager::Get()
+ ->GetUpstartClient()
+ ->StartAuthPolicyService();
+ }
+ if (device_mode_ != DEVICE_MODE_ENTERPRISE &&
+ device_mode_ != DEVICE_MODE_ENTERPRISE_AD) {
LOG(ERROR) << "Bad device mode " << device_mode_;
achuithb 2017/02/07 20:27:16 Make this more explicit/clear too.
Roman Sorokin (ftl) 2017/02/10 14:57:10 Done.
ReportResult(
EnrollmentStatus::ForStatus(EnrollmentStatus::REGISTRATION_BAD_MODE));
@@ -324,8 +340,8 @@ void EnrollmentHandlerChromeOS::HandlePolicyValidationResult(
if (device_mode_ == DEVICE_MODE_ENTERPRISE_AD) {
// Don't use robot account for the Active Directory managed devices.
skip_robot_auth_ = true;
- SetStep(STEP_LOCK_DEVICE);
- StartLockDevice();
+ SetStep(STEP_AD_DOMAIN_JOIN);
+ StartJoinAdDomain();
} else {
domain_ = gaia::ExtractDomainName(gaia::CanonicalizeEmail(username));
SetStep(STEP_ROBOT_AUTH_FETCH);
@@ -346,8 +362,8 @@ void EnrollmentHandlerChromeOS::OnRobotAuthCodesFetched(
// This allows clients running against the test server to transparently skip
// robot auth.
skip_robot_auth_ = true;
- SetStep(STEP_LOCK_DEVICE);
- StartLockDevice();
+ SetStep(STEP_AD_DOMAIN_JOIN);
+ StartJoinAdDomain();
return;
}
@@ -376,8 +392,8 @@ void EnrollmentHandlerChromeOS::OnGetTokensResponse(
robot_refresh_token_ = refresh_token;
- SetStep(STEP_LOCK_DEVICE);
- StartLockDevice();
+ SetStep(STEP_AD_DOMAIN_JOIN);
+ StartJoinAdDomain();
}
// GaiaOAuthClient::Delegate
@@ -407,13 +423,35 @@ void EnrollmentHandlerChromeOS::OnNetworkError(int response_code) {
EnrollmentStatus::ForRobotRefreshFetchError(response_code));
}
+void EnrollmentHandlerChromeOS::StartJoinAdDomain() {
+ DCHECK_EQ(STEP_AD_DOMAIN_JOIN, enrollment_step_);
+ if (device_mode_ != DEVICE_MODE_ENTERPRISE_AD) {
+ SetStep(STEP_LOCK_DEVICE);
+ StartLockDevice();
+ return;
+ }
+ chromeos::LoginDisplayHost::default_host()
+ ->GetOobeUI()
+ ->GetEnrollmentScreenActor()
Roman Sorokin (ftl) 2017/02/03 15:02:43 Not sure if it's a good way to start showing AD ui
achuithb 2017/02/07 20:27:16 Pretty sure it's not.
Roman Sorokin (ftl) 2017/02/07 21:41:05 You got any idea of a proper way to do that? Shoul
achuithb 2017/02/07 21:50:50 Off the top of my head, I don't; I'd have to resea
Roman Sorokin (ftl) 2017/02/10 14:57:10 Created ActiveDirectoryJoinDelegate
achuithb 2017/02/13 13:39:02 Acknowledged.
+ ->ShowAdJoin(base::BindOnce(&EnrollmentHandlerChromeOS::OnAdDomainJoined,
+ weak_ptr_factory_.GetWeakPtr()));
+}
+
+void EnrollmentHandlerChromeOS::OnAdDomainJoined(std::string realm) {
+ DCHECK_EQ(STEP_AD_DOMAIN_JOIN, enrollment_step_);
+ CHECK(!realm.empty());
+ realm_ = std::move(realm);
achuithb 2017/02/07 20:27:16 Why not realm_ = realm;
Roman Sorokin (ftl) 2017/02/10 14:57:10 Done.
+ SetStep(STEP_LOCK_DEVICE);
+ StartLockDevice();
+}
+
void EnrollmentHandlerChromeOS::StartLockDevice() {
DCHECK_EQ(STEP_LOCK_DEVICE, enrollment_step_);
// Since this method is also called directly.
weak_ptr_factory_.InvalidateWeakPtrs();
install_attributes_->LockDevice(
- device_mode_, domain_, enrollment_config_.management_realm, device_id_,
+ device_mode_, domain_, realm_, device_id_,
base::Bind(&EnrollmentHandlerChromeOS::HandleLockDeviceResult,
weak_ptr_factory_.GetWeakPtr()));
}
« chrome/browser/chromeos/policy/enrollment_handler_chromeos.h ('K') | « chrome/browser/chromeos/policy/enrollment_handler_chromeos.h ('k') | chrome/browser/ui/webui/chromeos/login/enrollment_screen_handler.h » ('j') | chrome/browser/ui/webui/chromeos/login/enrollment_screen_handler.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698