Chromium Code Reviews Chromium Code Reviews
Issue 2727713003:
Update FWMP in TPM (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/policy/enrollment_handler_chromeos.h" | 5 #include "chrome/browser/chromeos/policy/enrollment_handler_chromeos.h" |
| 6 | 6 |
| 7 #include <utility> | 7 #include <utility> |
| 8 | 8 |
| 9 #include "base/bind.h" | 9 #include "base/bind.h" |
| 10 #include "base/command_line.h" | 10 #include "base/command_line.h" |
| (...skipping 11 matching lines...) Expand all Loading... | |
| 22 #include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h" | 22 #include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h" |
| 23 #include "chrome/browser/chromeos/policy/server_backed_state_keys_broker.h" | 23 #include "chrome/browser/chromeos/policy/server_backed_state_keys_broker.h" |
| 24 #include "chrome/browser/chromeos/profiles/profile_helper.h" | 24 #include "chrome/browser/chromeos/profiles/profile_helper.h" |
| 25 #include "chrome/browser/chromeos/settings/device_oauth2_token_service.h" | 25 #include "chrome/browser/chromeos/settings/device_oauth2_token_service.h" |
| 26 #include "chrome/browser/chromeos/settings/device_oauth2_token_service_factory.h " | 26 #include "chrome/browser/chromeos/settings/device_oauth2_token_service_factory.h " |
| 27 #include "chrome/browser/profiles/profile.h" | 27 #include "chrome/browser/profiles/profile.h" |
| 28 #include "chrome/common/channel_info.h" | 28 #include "chrome/common/channel_info.h" |
| 29 #include "chromeos/attestation/attestation_flow.h" | 29 #include "chromeos/attestation/attestation_flow.h" |
| 30 #include "chromeos/chromeos_switches.h" | 30 #include "chromeos/chromeos_switches.h" |
| 31 #include "chromeos/dbus/auth_policy_client.h" | 31 #include "chromeos/dbus/auth_policy_client.h" |
| 32 #include "chromeos/dbus/cryptohome/rpc.pb.h" | |
| 32 #include "chromeos/dbus/dbus_thread_manager.h" | 33 #include "chromeos/dbus/dbus_thread_manager.h" |
| 33 #include "chromeos/dbus/upstart_client.h" | 34 #include "chromeos/dbus/upstart_client.h" |
| 34 #include "components/version_info/version_info.h" | 35 #include "components/version_info/version_info.h" |
| 35 #include "google_apis/gaia/gaia_auth_util.h" | 36 #include "google_apis/gaia/gaia_auth_util.h" |
| 36 #include "google_apis/gaia/gaia_urls.h" | 37 #include "google_apis/gaia/gaia_urls.h" |
| 37 #include "net/http/http_status_code.h" | 38 #include "net/http/http_status_code.h" |
| 38 | 39 |
| 39 namespace em = enterprise_management; | 40 namespace em = enterprise_management; |
| 40 | 41 |
| 41 namespace policy { | 42 namespace policy { |
| (...skipping 344 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 386 | 387 |
| 387 // GaiaOAuthClient::Delegate callback for OAuth2 refresh token fetched. | 388 // GaiaOAuthClient::Delegate callback for OAuth2 refresh token fetched. |
| 388 void EnrollmentHandlerChromeOS::OnGetTokensResponse( | 389 void EnrollmentHandlerChromeOS::OnGetTokensResponse( |
| 389 const std::string& refresh_token, | 390 const std::string& refresh_token, |
| 390 const std::string& access_token, | 391 const std::string& access_token, |
| 391 int expires_in_seconds) { | 392 int expires_in_seconds) { |
| 392 CHECK_EQ(STEP_ROBOT_AUTH_REFRESH, enrollment_step_); | 393 CHECK_EQ(STEP_ROBOT_AUTH_REFRESH, enrollment_step_); |
| 393 | 394 |
| 394 robot_refresh_token_ = refresh_token; | 395 robot_refresh_token_ = refresh_token; |
| 395 | 396 |
| 397 SetStep(STEP_SET_FWMP_DATA); | |
| 398 SetFirmwareManagementParametersData(); | |
| 399 } | |
| 400 | |
| 401 void EnrollmentHandlerChromeOS::SetFirmwareManagementParametersData() { | |
| 402 DCHECK_EQ(STEP_SET_FWMP_DATA, enrollment_step_); | |
| 403 | |
| 404 install_attributes_->SetBlockDevmodeInTpm( | |
| 405 GetBlockDevmode(), | |
| 406 base::Bind( | |
| 407 &EnrollmentHandlerChromeOS::OnFirmwareManagementParametersDataSet, | |
| 408 weak_ptr_factory_.GetWeakPtr())); | |
| 409 } | |
| 410 | |
| 411 void EnrollmentHandlerChromeOS::OnFirmwareManagementParametersDataSet( | |
| 412 chromeos::DBusMethodCallStatus call_status, | |
| 413 bool result, | |
| 414 const cryptohome::BaseReply& reply) { | |
| 415 DCHECK_EQ(STEP_SET_FWMP_DATA, enrollment_step_); | |
| 416 if (!result) { | |
| 417 LOG(ERROR) | |
| 418 << "Failed to update firmware management parameters in TPM, error: " | |
| 419 << reply.error(); | |
| 420 } | |
| 421 | |
| 396 SetStep(STEP_AD_DOMAIN_JOIN); | 422 SetStep(STEP_AD_DOMAIN_JOIN); |
| 397 StartJoinAdDomain(); | 423 StartJoinAdDomain(); |
| 398 } | 424 } |
| 399 | 425 |
| 426 bool EnrollmentHandlerChromeOS::GetBlockDevmode() { | |
| 427 auto policy_data = base::MakeUnique<em::PolicyData>(); | |
|
Thiemo Nagel
2017/03/23 17:23:52
Please add a CHECK or a DCHECK that policy_ is not
igorcov
2017/03/24 13:29:15
Done.
| |
| 428 if (!policy_data->ParseFromString(policy_->policy_data())) { | |
| 429 LOG(ERROR) << "Failed to parse policy data"; | |
| 430 return false; | |
| 431 } | |
| 432 | |
| 433 std::unique_ptr<em::ChromeDeviceSettingsProto> payload( | |
|
Thiemo Nagel
2017/03/23 17:23:52
What's the purpose of the unique_ptr here? I thin
igorcov
2017/03/24 13:29:15
Done.
| |
| 434 new em::ChromeDeviceSettingsProto()); | |
| 435 if (!payload->ParseFromString(policy_data->policy_value())) { | |
| 436 LOG(ERROR) << "Failed to parse policy value"; | |
| 437 return false; | |
| 438 } | |
| 439 | |
| 440 bool block_devmode = false; | |
| 441 if (payload->has_system_settings()) { | |
| 442 const em::SystemSettingsProto& container = payload->system_settings(); | |
| 443 if (container.has_block_devmode()) { | |
| 444 block_devmode = container.block_devmode(); | |
| 445 } | |
| 446 } | |
| 447 | |
| 448 return block_devmode; | |
| 449 } | |
| 450 | |
| 400 // GaiaOAuthClient::Delegate | 451 // GaiaOAuthClient::Delegate |
| 401 void EnrollmentHandlerChromeOS::OnRefreshTokenResponse( | 452 void EnrollmentHandlerChromeOS::OnRefreshTokenResponse( |
| 402 const std::string& access_token, | 453 const std::string& access_token, |
| 403 int expires_in_seconds) { | 454 int expires_in_seconds) { |
| 404 // We never use the code that should trigger this callback. | 455 // We never use the code that should trigger this callback. |
| 405 LOG(FATAL) << "Unexpected callback invoked."; | 456 LOG(FATAL) << "Unexpected callback invoked."; |
| 406 } | 457 } |
| 407 | 458 |
| 408 // GaiaOAuthClient::Delegate OAuth2 error when fetching refresh token request. | 459 // GaiaOAuthClient::Delegate OAuth2 error when fetching refresh token request. |
| 409 void EnrollmentHandlerChromeOS::OnOAuthError() { | 460 void EnrollmentHandlerChromeOS::OnOAuthError() { |
| (...skipping 189 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 599 callback.Run(status); | 650 callback.Run(status); |
| 600 } | 651 } |
| 601 | 652 |
| 602 void EnrollmentHandlerChromeOS::SetStep(EnrollmentStep step) { | 653 void EnrollmentHandlerChromeOS::SetStep(EnrollmentStep step) { |
| 603 DCHECK_LE(enrollment_step_, step); | 654 DCHECK_LE(enrollment_step_, step); |
| 604 VLOG(1) << "Step: " << step; | 655 VLOG(1) << "Step: " << step; |
| 605 enrollment_step_ = step; | 656 enrollment_step_ = step; |
| 606 } | 657 } |
| 607 | 658 |
| 608 } // namespace policy | 659 } // namespace policy |
| OLD | NEW |
