Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(410)

Side by Side Diff: chrome/browser/chromeos/login/enrollment/enterprise_enrollment_helper_impl.cc

Issue 2977033002: Mixed Licenses Enrollment (Closed)
Patch Set: Created 3 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/chromeos/login/enrollment/enterprise_enrollment_helper_ impl.h" 5 #include "chrome/browser/chromeos/login/enrollment/enterprise_enrollment_helper_ impl.h"
6 6
7 #include "base/bind.h" 7 #include "base/bind.h"
8 #include "base/command_line.h"
8 #include "base/location.h" 9 #include "base/location.h"
9 #include "base/logging.h" 10 #include "base/logging.h"
10 #include "base/macros.h" 11 #include "base/macros.h"
11 #include "base/single_thread_task_runner.h" 12 #include "base/single_thread_task_runner.h"
12 #include "base/threading/thread_task_runner_handle.h" 13 #include "base/threading/thread_task_runner_handle.h"
13 #include "chrome/browser/browser_process.h" 14 #include "chrome/browser/browser_process.h"
14 #include "chrome/browser/browser_process_platform_part.h" 15 #include "chrome/browser/browser_process_platform_part.h"
15 #include "chrome/browser/chromeos/login/enrollment/enrollment_uma.h" 16 #include "chrome/browser/chromeos/login/enrollment/enrollment_uma.h"
16 #include "chrome/browser/chromeos/login/startup_utils.h" 17 #include "chrome/browser/chromeos/login/startup_utils.h"
17 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h" 18 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
18 #include "chrome/browser/chromeos/policy/device_cloud_policy_initializer.h" 19 #include "chrome/browser/chromeos/policy/device_cloud_policy_initializer.h"
19 #include "chrome/browser/chromeos/policy/enrollment_status_chromeos.h" 20 #include "chrome/browser/chromeos/policy/enrollment_status_chromeos.h"
20 #include "chrome/browser/chromeos/policy/policy_oauth2_token_fetcher.h" 21 #include "chrome/browser/chromeos/policy/policy_oauth2_token_fetcher.h"
21 #include "chrome/browser/chromeos/profiles/profile_helper.h" 22 #include "chrome/browser/chromeos/profiles/profile_helper.h"
23 #include "chromeos/chromeos_switches.h"
22 #include "chromeos/dbus/dbus_thread_manager.h" 24 #include "chromeos/dbus/dbus_thread_manager.h"
23 #include "components/policy/core/common/cloud/cloud_policy_constants.h" 25 #include "components/policy/core/common/cloud/cloud_policy_constants.h"
24 #include "google_apis/gaia/gaia_auth_consumer.h" 26 #include "google_apis/gaia/gaia_auth_consumer.h"
25 #include "google_apis/gaia/gaia_auth_fetcher.h" 27 #include "google_apis/gaia/gaia_auth_fetcher.h"
26 #include "google_apis/gaia/gaia_constants.h" 28 #include "google_apis/gaia/gaia_constants.h"
27 29
28 namespace { 30 namespace {
29 31
30 // A helper class that takes care of asynchronously revoking a given token. 32 // A helper class that takes care of asynchronously revoking a given token.
31 class TokenRevoker : public GaiaAuthConsumer { 33 class TokenRevoker : public GaiaAuthConsumer {
(...skipping 121 matching lines...) Expand 10 before | Expand all | Expand 10 after
153 connector->GetEnterpriseDomain() != enrolling_user_domain_) { 155 connector->GetEnterpriseDomain() != enrolling_user_domain_) {
154 LOG(ERROR) << "Trying to re-enroll to a different domain than " 156 LOG(ERROR) << "Trying to re-enroll to a different domain than "
155 << connector->GetEnterpriseDomain(); 157 << connector->GetEnterpriseDomain();
156 UMA(policy::kMetricEnrollmentPrecheckDomainMismatch); 158 UMA(policy::kMetricEnrollmentPrecheckDomainMismatch);
157 if (oauth_status_ != OAUTH_NOT_STARTED) 159 if (oauth_status_ != OAUTH_NOT_STARTED)
158 oauth_status_ = OAUTH_FINISHED; 160 oauth_status_ = OAUTH_FINISHED;
159 status_consumer()->OnOtherError(OTHER_ERROR_DOMAIN_MISMATCH); 161 status_consumer()->OnOtherError(OTHER_ERROR_DOMAIN_MISMATCH);
160 return; 162 return;
161 } 163 }
162 164
165 bool check_license_type = false;
166 if (!enrollment_config_.is_mode_attestation()) {
emaxx 2017/07/21 12:57:29 I'm unaware of what the "attestation-based enrollm
Denis Kuznetsov (DE-MUC) 2017/07/25 21:51:05 Attestation-based enrollment is also called "Zero
emaxx 2017/08/01 14:41:39 Could you please leave this hint as a short commen
Denis Kuznetsov (DE-MUC) 2017/08/02 18:19:37 Done.
167 base::CommandLine* command_line = base::CommandLine::ForCurrentProcess();
168 if (command_line->HasSwitch(
169 chromeos::switches::kEnterpriseEnableLicenseTypeSelection)) {
170 check_license_type = true;
171 }
172 }
173
163 connector->ScheduleServiceInitialization(0); 174 connector->ScheduleServiceInitialization(0);
164 policy::DeviceCloudPolicyInitializer* dcp_initializer = 175 policy::DeviceCloudPolicyInitializer* dcp_initializer =
165 connector->GetDeviceCloudPolicyInitializer(); 176 connector->GetDeviceCloudPolicyInitializer();
166 CHECK(dcp_initializer); 177 CHECK(dcp_initializer);
167 dcp_initializer->StartEnrollment( 178 dcp_initializer->PrepareEnrollment(
emaxx 2017/07/21 12:57:29 Introducing this "half-step" of enrollment prepara
Denis Kuznetsov (DE-MUC) 2017/07/25 21:51:05 Still it makes semantics much more clear - instead
emaxx 2017/08/01 14:41:39 Hmm, I'm not sure, maybe we're talking about diffe
Denis Kuznetsov (DE-MUC) 2017/08/02 18:19:37 Picking the license IS the part of enrollment flow
emaxx 2017/08/03 18:31:49 OK.
168 connector->device_management_service(), ad_join_delegate_, 179 connector->device_management_service(), ad_join_delegate_,
169 enrollment_config_, token, 180 enrollment_config_, token,
170 base::Bind(&EnterpriseEnrollmentHelperImpl::OnEnrollmentFinished, 181 base::Bind(&EnterpriseEnrollmentHelperImpl::OnEnrollmentFinished,
171 weak_ptr_factory_.GetWeakPtr())); 182 weak_ptr_factory_.GetWeakPtr()));
183 if (check_license_type) {
184 dcp_initializer->CheckAvailableLicenses(
185 base::Bind(&EnterpriseEnrollmentHelperImpl::OnMultipleLicensesAvailable,
186 weak_ptr_factory_.GetWeakPtr()));
187 } else {
188 dcp_initializer->StartEnrollment();
189 }
190 }
191
192 void EnterpriseEnrollmentHelperImpl::UseLicenseType(policy::LicenseType type) {
193 DCHECK(type != policy::LicenseType::UNKNOWN);
194
195 policy::BrowserPolicyConnectorChromeOS* connector =
196 g_browser_process->platform_part()->browser_policy_connector_chromeos();
197 policy::DeviceCloudPolicyInitializer* dcp_initializer =
198 connector->GetDeviceCloudPolicyInitializer();
199 CHECK(dcp_initializer);
200 dcp_initializer->StartEnrollmentWithLicense(type);
172 } 201 }
173 202
174 void EnterpriseEnrollmentHelperImpl::GetDeviceAttributeUpdatePermission() { 203 void EnterpriseEnrollmentHelperImpl::GetDeviceAttributeUpdatePermission() {
175 // TODO(pbond): remove this LOG once http://crbug.com/586961 is fixed. 204 // TODO(pbond): remove this LOG once http://crbug.com/586961 is fixed.
176 LOG(WARNING) << "Get device attribute update permission"; 205 LOG(WARNING) << "Get device attribute update permission";
177 policy::BrowserPolicyConnectorChromeOS* connector = 206 policy::BrowserPolicyConnectorChromeOS* connector =
178 g_browser_process->platform_part()->browser_policy_connector_chromeos(); 207 g_browser_process->platform_part()->browser_policy_connector_chromeos();
179 // Don't update device attributes for Active Directory management. 208 // Don't update device attributes for Active Directory management.
180 if (connector->IsActiveDirectoryManaged()) { 209 if (connector->IsActiveDirectoryManaged()) {
181 OnDeviceAttributeUpdatePermission(false); 210 OnDeviceAttributeUpdatePermission(false);
(...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after
243 oauth_status_ = OAUTH_FINISHED; 272 oauth_status_ = OAUTH_FINISHED;
244 if (status.status() == policy::EnrollmentStatus::SUCCESS) { 273 if (status.status() == policy::EnrollmentStatus::SUCCESS) {
245 success_ = true; 274 success_ = true;
246 StartupUtils::MarkOobeCompleted(); 275 StartupUtils::MarkOobeCompleted();
247 status_consumer()->OnDeviceEnrolled(additional_token_); 276 status_consumer()->OnDeviceEnrolled(additional_token_);
248 } else { 277 } else {
249 status_consumer()->OnEnrollmentError(status); 278 status_consumer()->OnEnrollmentError(status);
250 } 279 }
251 } 280 }
252 281
282 void EnterpriseEnrollmentHelperImpl::OnMultipleLicensesAvailable(
emaxx 2017/07/21 12:57:29 nit: Maybe rename this to something like "OnLicens
Denis Kuznetsov (DE-MUC) 2017/07/25 21:51:05 Done.
283 const EnrollmentLicenseMap& licenses) {
284 int count = 0;
285 policy::LicenseType license_type = policy::LicenseType::UNKNOWN;
286 for (auto it = licenses.begin(); it != licenses.end(); it++) {
emaxx 2017/07/21 12:57:29 nit: Use range-based for?
Denis Kuznetsov (DE-MUC) 2017/07/25 21:51:05 Done.
287 if (it->second > 0) {
288 count++;
289 license_type = it->first;
290 }
291 }
292 if (count == 0) {
293 // No user license type selection allowed, start usual enrollment.
294 policy::BrowserPolicyConnectorChromeOS* connector =
295 g_browser_process->platform_part()->browser_policy_connector_chromeos();
296 policy::DeviceCloudPolicyInitializer* dcp_initializer =
297 connector->GetDeviceCloudPolicyInitializer();
298 CHECK(dcp_initializer);
299 dcp_initializer->StartEnrollment();
300 } else if (count == 1) {
301 UseLicenseType(license_type);
302 } else {
303 status_consumer()->OnMultipleLicensesAvailable(licenses);
304 }
305 }
306
253 void EnterpriseEnrollmentHelperImpl::OnDeviceAttributeUpdatePermission( 307 void EnterpriseEnrollmentHelperImpl::OnDeviceAttributeUpdatePermission(
254 bool granted) { 308 bool granted) {
255 // TODO(pbond): remove this LOG once http://crbug.com/586961 is fixed. 309 // TODO(pbond): remove this LOG once http://crbug.com/586961 is fixed.
256 LOG(WARNING) << "Device attribute update permission granted=" << granted; 310 LOG(WARNING) << "Device attribute update permission granted=" << granted;
257 status_consumer()->OnDeviceAttributeUpdatePermission(granted); 311 status_consumer()->OnDeviceAttributeUpdatePermission(granted);
258 } 312 }
259 313
260 void EnterpriseEnrollmentHelperImpl::OnDeviceAttributeUploadCompleted( 314 void EnterpriseEnrollmentHelperImpl::OnDeviceAttributeUploadCompleted(
261 bool success) { 315 bool success) {
262 status_consumer()->OnDeviceAttributeUploadCompleted(success); 316 status_consumer()->OnDeviceAttributeUploadCompleted(success);
(...skipping 180 matching lines...) Expand 10 before | Expand all | Expand 10 after
443 EnrollmentUMA(sample, enrollment_config_.mode); 497 EnrollmentUMA(sample, enrollment_config_.mode);
444 } 498 }
445 499
446 void EnterpriseEnrollmentHelperImpl::OnSigninProfileCleared( 500 void EnterpriseEnrollmentHelperImpl::OnSigninProfileCleared(
447 const base::Closure& callback) { 501 const base::Closure& callback) {
448 oauth_data_cleared_ = true; 502 oauth_data_cleared_ = true;
449 callback.Run(); 503 callback.Run();
450 } 504 }
451 505
452 } // namespace chromeos 506 } // namespace chromeos
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698