OLD | NEW |
---|---|
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/chromeos/login/enrollment/enterprise_enrollment_helper_ impl.h" | 5 #include "chrome/browser/chromeos/login/enrollment/enterprise_enrollment_helper_ impl.h" |
6 | 6 |
7 #include "base/bind.h" | 7 #include "base/bind.h" |
8 #include "base/command_line.h" | |
8 #include "base/location.h" | 9 #include "base/location.h" |
9 #include "base/logging.h" | 10 #include "base/logging.h" |
10 #include "base/macros.h" | 11 #include "base/macros.h" |
11 #include "base/single_thread_task_runner.h" | 12 #include "base/single_thread_task_runner.h" |
12 #include "base/threading/thread_task_runner_handle.h" | 13 #include "base/threading/thread_task_runner_handle.h" |
13 #include "chrome/browser/browser_process.h" | 14 #include "chrome/browser/browser_process.h" |
14 #include "chrome/browser/browser_process_platform_part.h" | 15 #include "chrome/browser/browser_process_platform_part.h" |
15 #include "chrome/browser/chromeos/login/enrollment/enrollment_uma.h" | 16 #include "chrome/browser/chromeos/login/enrollment/enrollment_uma.h" |
16 #include "chrome/browser/chromeos/login/startup_utils.h" | 17 #include "chrome/browser/chromeos/login/startup_utils.h" |
17 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h" | 18 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h" |
18 #include "chrome/browser/chromeos/policy/device_cloud_policy_initializer.h" | 19 #include "chrome/browser/chromeos/policy/device_cloud_policy_initializer.h" |
19 #include "chrome/browser/chromeos/policy/enrollment_status_chromeos.h" | 20 #include "chrome/browser/chromeos/policy/enrollment_status_chromeos.h" |
20 #include "chrome/browser/chromeos/policy/policy_oauth2_token_fetcher.h" | 21 #include "chrome/browser/chromeos/policy/policy_oauth2_token_fetcher.h" |
21 #include "chrome/browser/chromeos/profiles/profile_helper.h" | 22 #include "chrome/browser/chromeos/profiles/profile_helper.h" |
23 #include "chromeos/chromeos_switches.h" | |
22 #include "chromeos/dbus/dbus_thread_manager.h" | 24 #include "chromeos/dbus/dbus_thread_manager.h" |
23 #include "components/policy/core/common/cloud/cloud_policy_constants.h" | 25 #include "components/policy/core/common/cloud/cloud_policy_constants.h" |
24 #include "google_apis/gaia/gaia_auth_consumer.h" | 26 #include "google_apis/gaia/gaia_auth_consumer.h" |
25 #include "google_apis/gaia/gaia_auth_fetcher.h" | 27 #include "google_apis/gaia/gaia_auth_fetcher.h" |
26 #include "google_apis/gaia/gaia_constants.h" | 28 #include "google_apis/gaia/gaia_constants.h" |
27 | 29 |
28 namespace { | 30 namespace { |
29 | 31 |
30 // A helper class that takes care of asynchronously revoking a given token. | 32 // A helper class that takes care of asynchronously revoking a given token. |
31 class TokenRevoker : public GaiaAuthConsumer { | 33 class TokenRevoker : public GaiaAuthConsumer { |
(...skipping 121 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
153 connector->GetEnterpriseDomain() != enrolling_user_domain_) { | 155 connector->GetEnterpriseDomain() != enrolling_user_domain_) { |
154 LOG(ERROR) << "Trying to re-enroll to a different domain than " | 156 LOG(ERROR) << "Trying to re-enroll to a different domain than " |
155 << connector->GetEnterpriseDomain(); | 157 << connector->GetEnterpriseDomain(); |
156 UMA(policy::kMetricEnrollmentPrecheckDomainMismatch); | 158 UMA(policy::kMetricEnrollmentPrecheckDomainMismatch); |
157 if (oauth_status_ != OAUTH_NOT_STARTED) | 159 if (oauth_status_ != OAUTH_NOT_STARTED) |
158 oauth_status_ = OAUTH_FINISHED; | 160 oauth_status_ = OAUTH_FINISHED; |
159 status_consumer()->OnOtherError(OTHER_ERROR_DOMAIN_MISMATCH); | 161 status_consumer()->OnOtherError(OTHER_ERROR_DOMAIN_MISMATCH); |
160 return; | 162 return; |
161 } | 163 } |
162 | 164 |
165 bool check_license_type = false; | |
166 if (!enrollment_config_.is_mode_attestation()) { | |
emaxx
2017/07/21 12:57:29
I'm unaware of what the "attestation-based enrollm
Denis Kuznetsov (DE-MUC)
2017/07/25 21:51:05
Attestation-based enrollment is also called "Zero
emaxx
2017/08/01 14:41:39
Could you please leave this hint as a short commen
Denis Kuznetsov (DE-MUC)
2017/08/02 18:19:37
Done.
| |
167 base::CommandLine* command_line = base::CommandLine::ForCurrentProcess(); | |
168 if (command_line->HasSwitch( | |
169 chromeos::switches::kEnterpriseEnableLicenseTypeSelection)) { | |
170 check_license_type = true; | |
171 } | |
172 } | |
173 | |
163 connector->ScheduleServiceInitialization(0); | 174 connector->ScheduleServiceInitialization(0); |
164 policy::DeviceCloudPolicyInitializer* dcp_initializer = | 175 policy::DeviceCloudPolicyInitializer* dcp_initializer = |
165 connector->GetDeviceCloudPolicyInitializer(); | 176 connector->GetDeviceCloudPolicyInitializer(); |
166 CHECK(dcp_initializer); | 177 CHECK(dcp_initializer); |
167 dcp_initializer->StartEnrollment( | 178 dcp_initializer->PrepareEnrollment( |
emaxx
2017/07/21 12:57:29
Introducing this "half-step" of enrollment prepara
Denis Kuznetsov (DE-MUC)
2017/07/25 21:51:05
Still it makes semantics much more clear - instead
emaxx
2017/08/01 14:41:39
Hmm, I'm not sure, maybe we're talking about diffe
Denis Kuznetsov (DE-MUC)
2017/08/02 18:19:37
Picking the license IS the part of enrollment flow
emaxx
2017/08/03 18:31:49
OK.
| |
168 connector->device_management_service(), ad_join_delegate_, | 179 connector->device_management_service(), ad_join_delegate_, |
169 enrollment_config_, token, | 180 enrollment_config_, token, |
170 base::Bind(&EnterpriseEnrollmentHelperImpl::OnEnrollmentFinished, | 181 base::Bind(&EnterpriseEnrollmentHelperImpl::OnEnrollmentFinished, |
171 weak_ptr_factory_.GetWeakPtr())); | 182 weak_ptr_factory_.GetWeakPtr())); |
183 if (check_license_type) { | |
184 dcp_initializer->CheckAvailableLicenses( | |
185 base::Bind(&EnterpriseEnrollmentHelperImpl::OnMultipleLicensesAvailable, | |
186 weak_ptr_factory_.GetWeakPtr())); | |
187 } else { | |
188 dcp_initializer->StartEnrollment(); | |
189 } | |
190 } | |
191 | |
192 void EnterpriseEnrollmentHelperImpl::UseLicenseType(policy::LicenseType type) { | |
193 DCHECK(type != policy::LicenseType::UNKNOWN); | |
194 | |
195 policy::BrowserPolicyConnectorChromeOS* connector = | |
196 g_browser_process->platform_part()->browser_policy_connector_chromeos(); | |
197 policy::DeviceCloudPolicyInitializer* dcp_initializer = | |
198 connector->GetDeviceCloudPolicyInitializer(); | |
199 CHECK(dcp_initializer); | |
200 dcp_initializer->StartEnrollmentWithLicense(type); | |
172 } | 201 } |
173 | 202 |
174 void EnterpriseEnrollmentHelperImpl::GetDeviceAttributeUpdatePermission() { | 203 void EnterpriseEnrollmentHelperImpl::GetDeviceAttributeUpdatePermission() { |
175 // TODO(pbond): remove this LOG once http://crbug.com/586961 is fixed. | 204 // TODO(pbond): remove this LOG once http://crbug.com/586961 is fixed. |
176 LOG(WARNING) << "Get device attribute update permission"; | 205 LOG(WARNING) << "Get device attribute update permission"; |
177 policy::BrowserPolicyConnectorChromeOS* connector = | 206 policy::BrowserPolicyConnectorChromeOS* connector = |
178 g_browser_process->platform_part()->browser_policy_connector_chromeos(); | 207 g_browser_process->platform_part()->browser_policy_connector_chromeos(); |
179 // Don't update device attributes for Active Directory management. | 208 // Don't update device attributes for Active Directory management. |
180 if (connector->IsActiveDirectoryManaged()) { | 209 if (connector->IsActiveDirectoryManaged()) { |
181 OnDeviceAttributeUpdatePermission(false); | 210 OnDeviceAttributeUpdatePermission(false); |
(...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
243 oauth_status_ = OAUTH_FINISHED; | 272 oauth_status_ = OAUTH_FINISHED; |
244 if (status.status() == policy::EnrollmentStatus::SUCCESS) { | 273 if (status.status() == policy::EnrollmentStatus::SUCCESS) { |
245 success_ = true; | 274 success_ = true; |
246 StartupUtils::MarkOobeCompleted(); | 275 StartupUtils::MarkOobeCompleted(); |
247 status_consumer()->OnDeviceEnrolled(additional_token_); | 276 status_consumer()->OnDeviceEnrolled(additional_token_); |
248 } else { | 277 } else { |
249 status_consumer()->OnEnrollmentError(status); | 278 status_consumer()->OnEnrollmentError(status); |
250 } | 279 } |
251 } | 280 } |
252 | 281 |
282 void EnterpriseEnrollmentHelperImpl::OnMultipleLicensesAvailable( | |
emaxx
2017/07/21 12:57:29
nit: Maybe rename this to something like "OnLicens
Denis Kuznetsov (DE-MUC)
2017/07/25 21:51:05
Done.
| |
283 const EnrollmentLicenseMap& licenses) { | |
284 int count = 0; | |
285 policy::LicenseType license_type = policy::LicenseType::UNKNOWN; | |
286 for (auto it = licenses.begin(); it != licenses.end(); it++) { | |
emaxx
2017/07/21 12:57:29
nit: Use range-based for?
Denis Kuznetsov (DE-MUC)
2017/07/25 21:51:05
Done.
| |
287 if (it->second > 0) { | |
288 count++; | |
289 license_type = it->first; | |
290 } | |
291 } | |
292 if (count == 0) { | |
293 // No user license type selection allowed, start usual enrollment. | |
294 policy::BrowserPolicyConnectorChromeOS* connector = | |
295 g_browser_process->platform_part()->browser_policy_connector_chromeos(); | |
296 policy::DeviceCloudPolicyInitializer* dcp_initializer = | |
297 connector->GetDeviceCloudPolicyInitializer(); | |
298 CHECK(dcp_initializer); | |
299 dcp_initializer->StartEnrollment(); | |
300 } else if (count == 1) { | |
301 UseLicenseType(license_type); | |
302 } else { | |
303 status_consumer()->OnMultipleLicensesAvailable(licenses); | |
304 } | |
305 } | |
306 | |
253 void EnterpriseEnrollmentHelperImpl::OnDeviceAttributeUpdatePermission( | 307 void EnterpriseEnrollmentHelperImpl::OnDeviceAttributeUpdatePermission( |
254 bool granted) { | 308 bool granted) { |
255 // TODO(pbond): remove this LOG once http://crbug.com/586961 is fixed. | 309 // TODO(pbond): remove this LOG once http://crbug.com/586961 is fixed. |
256 LOG(WARNING) << "Device attribute update permission granted=" << granted; | 310 LOG(WARNING) << "Device attribute update permission granted=" << granted; |
257 status_consumer()->OnDeviceAttributeUpdatePermission(granted); | 311 status_consumer()->OnDeviceAttributeUpdatePermission(granted); |
258 } | 312 } |
259 | 313 |
260 void EnterpriseEnrollmentHelperImpl::OnDeviceAttributeUploadCompleted( | 314 void EnterpriseEnrollmentHelperImpl::OnDeviceAttributeUploadCompleted( |
261 bool success) { | 315 bool success) { |
262 status_consumer()->OnDeviceAttributeUploadCompleted(success); | 316 status_consumer()->OnDeviceAttributeUploadCompleted(success); |
(...skipping 180 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
443 EnrollmentUMA(sample, enrollment_config_.mode); | 497 EnrollmentUMA(sample, enrollment_config_.mode); |
444 } | 498 } |
445 | 499 |
446 void EnterpriseEnrollmentHelperImpl::OnSigninProfileCleared( | 500 void EnterpriseEnrollmentHelperImpl::OnSigninProfileCleared( |
447 const base::Closure& callback) { | 501 const base::Closure& callback) { |
448 oauth_data_cleared_ = true; | 502 oauth_data_cleared_ = true; |
449 callback.Run(); | 503 callback.Run(); |
450 } | 504 } |
451 | 505 |
452 } // namespace chromeos | 506 } // namespace chromeos |
OLD | NEW |