OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/chromeos/policy/enrollment_handler_chromeos.h" | 5 #include "chrome/browser/chromeos/policy/enrollment_handler_chromeos.h" |
6 | 6 |
7 #include "base/bind.h" | 7 #include "base/bind.h" |
8 #include "base/logging.h" | 8 #include "base/logging.h" |
9 #include "base/message_loop/message_loop.h" | 9 #include "base/message_loop/message_loop.h" |
10 #include "chrome/browser/browser_process.h" | 10 #include "chrome/browser/browser_process.h" |
(...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
46 background_task_runner_(background_task_runner), | 46 background_task_runner_(background_task_runner), |
47 auth_token_(auth_token), | 47 auth_token_(auth_token), |
48 client_id_(client_id), | 48 client_id_(client_id), |
49 is_auto_enrollment_(is_auto_enrollment), | 49 is_auto_enrollment_(is_auto_enrollment), |
50 requisition_(requisition), | 50 requisition_(requisition), |
51 allowed_device_modes_(allowed_device_modes), | 51 allowed_device_modes_(allowed_device_modes), |
52 completion_callback_(completion_callback), | 52 completion_callback_(completion_callback), |
53 device_mode_(DEVICE_MODE_NOT_SET), | 53 device_mode_(DEVICE_MODE_NOT_SET), |
54 enrollment_step_(STEP_PENDING), | 54 enrollment_step_(STEP_PENDING), |
55 lockbox_init_duration_(0), | 55 lockbox_init_duration_(0), |
56 weak_factory_(this) { | 56 lock_weak_factory_(this), |
| 57 token_weak_factory_(this) { |
57 CHECK(!client_->is_registered()); | 58 CHECK(!client_->is_registered()); |
58 CHECK_EQ(DM_STATUS_SUCCESS, client_->status()); | 59 CHECK_EQ(DM_STATUS_SUCCESS, client_->status()); |
59 store_->AddObserver(this); | 60 store_->AddObserver(this); |
60 client_->AddObserver(this); | 61 client_->AddObserver(this); |
61 client_->AddNamespaceToFetch(PolicyNamespaceKey( | 62 client_->AddNamespaceToFetch(PolicyNamespaceKey( |
62 dm_protocol::kChromeDevicePolicyType, std::string())); | 63 dm_protocol::kChromeDevicePolicyType, std::string())); |
63 } | 64 } |
64 | 65 |
65 EnrollmentHandlerChromeOS::~EnrollmentHandlerChromeOS() { | 66 EnrollmentHandlerChromeOS::~EnrollmentHandlerChromeOS() { |
66 Stop(); | 67 Stop(); |
(...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
103 CloudPolicyValidatorBase::TIMESTAMP_REQUIRED); | 104 CloudPolicyValidatorBase::TIMESTAMP_REQUIRED); |
104 if (install_attributes_->IsEnterpriseDevice()) | 105 if (install_attributes_->IsEnterpriseDevice()) |
105 validator->ValidateDomain(install_attributes_->GetDomain()); | 106 validator->ValidateDomain(install_attributes_->GetDomain()); |
106 validator->ValidateDMToken(client->dm_token(), | 107 validator->ValidateDMToken(client->dm_token(), |
107 CloudPolicyValidatorBase::DM_TOKEN_REQUIRED); | 108 CloudPolicyValidatorBase::DM_TOKEN_REQUIRED); |
108 validator->ValidatePolicyType(dm_protocol::kChromeDevicePolicyType); | 109 validator->ValidatePolicyType(dm_protocol::kChromeDevicePolicyType); |
109 validator->ValidatePayload(); | 110 validator->ValidatePayload(); |
110 validator->ValidateInitialKey(); | 111 validator->ValidateInitialKey(); |
111 validator.release()->StartValidation( | 112 validator.release()->StartValidation( |
112 base::Bind(&EnrollmentHandlerChromeOS::PolicyValidated, | 113 base::Bind(&EnrollmentHandlerChromeOS::PolicyValidated, |
113 weak_factory_.GetWeakPtr())); | 114 lock_weak_factory_.GetWeakPtr())); |
114 } | 115 } |
115 | 116 |
116 void EnrollmentHandlerChromeOS::OnRegistrationStateChanged( | 117 void EnrollmentHandlerChromeOS::OnRegistrationStateChanged( |
117 CloudPolicyClient* client) { | 118 CloudPolicyClient* client) { |
118 DCHECK_EQ(client_.get(), client); | 119 DCHECK_EQ(client_.get(), client); |
119 | 120 |
120 if (enrollment_step_ == STEP_REGISTRATION && client_->is_registered()) { | 121 if (enrollment_step_ == STEP_REGISTRATION && client_->is_registered()) { |
121 enrollment_step_ = STEP_POLICY_FETCH, | 122 enrollment_step_ = STEP_POLICY_FETCH, |
122 device_mode_ = client_->device_mode(); | 123 device_mode_ = client_->device_mode(); |
123 if (device_mode_ == DEVICE_MODE_NOT_SET) | 124 if (device_mode_ == DEVICE_MODE_NOT_SET) |
(...skipping 30 matching lines...) Expand all Loading... |
154 | 155 |
155 void EnrollmentHandlerChromeOS::OnStoreLoaded(CloudPolicyStore* store) { | 156 void EnrollmentHandlerChromeOS::OnStoreLoaded(CloudPolicyStore* store) { |
156 DCHECK_EQ(store_, store); | 157 DCHECK_EQ(store_, store); |
157 | 158 |
158 if (enrollment_step_ == STEP_LOADING_STORE) { | 159 if (enrollment_step_ == STEP_LOADING_STORE) { |
159 // If the |store_| wasn't initialized when StartEnrollment() was | 160 // If the |store_| wasn't initialized when StartEnrollment() was |
160 // called, then AttemptRegistration() bails silently. This gets | 161 // called, then AttemptRegistration() bails silently. This gets |
161 // registration rolling again after the store finishes loading. | 162 // registration rolling again after the store finishes loading. |
162 AttemptRegistration(); | 163 AttemptRegistration(); |
163 } else if (enrollment_step_ == STEP_STORE_POLICY) { | 164 } else if (enrollment_step_ == STEP_STORE_POLICY) { |
164 // Store the robot API auth refresh token. | 165 chromeos::DeviceOAuth2TokenServiceFactory::Get( |
165 // Currently optional, so always return success. | 166 base::Bind(&EnrollmentHandlerChromeOS::DidGetTokenService, |
166 chromeos::DeviceOAuth2TokenService* token_service = | 167 token_weak_factory_.GetWeakPtr())); |
167 chromeos::DeviceOAuth2TokenServiceFactory::Get(); | 168 } |
168 if (token_service && !robot_refresh_token_.empty()) { | 169 } |
169 token_service->SetAndSaveRefreshToken(robot_refresh_token_); | |
170 | 170 |
171 } | 171 void EnrollmentHandlerChromeOS::DidGetTokenService( |
172 ReportResult(EnrollmentStatus::ForStatus(EnrollmentStatus::STATUS_SUCCESS)); | 172 chromeos::DeviceOAuth2TokenService* token_service) { |
173 } | 173 // Store the robot API auth refresh token. |
| 174 // Currently optional, so always return success. |
| 175 if (token_service && !robot_refresh_token_.empty()) |
| 176 token_service->SetAndSaveRefreshToken(robot_refresh_token_); |
| 177 ReportResult(EnrollmentStatus::ForStatus(EnrollmentStatus::STATUS_SUCCESS)); |
174 } | 178 } |
175 | 179 |
176 void EnrollmentHandlerChromeOS::OnStoreError(CloudPolicyStore* store) { | 180 void EnrollmentHandlerChromeOS::OnStoreError(CloudPolicyStore* store) { |
177 DCHECK_EQ(store_, store); | 181 DCHECK_EQ(store_, store); |
178 ReportResult(EnrollmentStatus::ForStoreError(store_->status(), | 182 ReportResult(EnrollmentStatus::ForStoreError(store_->status(), |
179 store_->validation_status())); | 183 store_->validation_status())); |
180 } | 184 } |
181 | 185 |
182 void EnrollmentHandlerChromeOS::AttemptRegistration() { | 186 void EnrollmentHandlerChromeOS::AttemptRegistration() { |
183 CHECK_EQ(STEP_LOADING_STORE, enrollment_step_); | 187 CHECK_EQ(STEP_LOADING_STORE, enrollment_step_); |
(...skipping 80 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
264 CHECK_EQ(STEP_ROBOT_AUTH_REFRESH, enrollment_step_); | 268 CHECK_EQ(STEP_ROBOT_AUTH_REFRESH, enrollment_step_); |
265 DoLockDeviceStep(); | 269 DoLockDeviceStep(); |
266 } | 270 } |
267 | 271 |
268 void EnrollmentHandlerChromeOS::StartLockDevice( | 272 void EnrollmentHandlerChromeOS::StartLockDevice( |
269 const std::string& user, | 273 const std::string& user, |
270 DeviceMode device_mode, | 274 DeviceMode device_mode, |
271 const std::string& device_id) { | 275 const std::string& device_id) { |
272 CHECK_EQ(STEP_LOCK_DEVICE, enrollment_step_); | 276 CHECK_EQ(STEP_LOCK_DEVICE, enrollment_step_); |
273 // Since this method is also called directly. | 277 // Since this method is also called directly. |
274 weak_factory_.InvalidateWeakPtrs(); | 278 lock_weak_factory_.InvalidateWeakPtrs(); |
275 | 279 |
276 install_attributes_->LockDevice( | 280 install_attributes_->LockDevice( |
277 user, device_mode, device_id, | 281 user, device_mode, device_id, |
278 base::Bind(&EnrollmentHandlerChromeOS::HandleLockDeviceResult, | 282 base::Bind(&EnrollmentHandlerChromeOS::HandleLockDeviceResult, |
279 weak_factory_.GetWeakPtr(), | 283 lock_weak_factory_.GetWeakPtr(), |
280 user, | 284 user, |
281 device_mode, | 285 device_mode, |
282 device_id)); | 286 device_id)); |
283 } | 287 } |
284 | 288 |
285 void EnrollmentHandlerChromeOS::HandleLockDeviceResult( | 289 void EnrollmentHandlerChromeOS::HandleLockDeviceResult( |
286 const std::string& user, | 290 const std::string& user, |
287 DeviceMode device_mode, | 291 DeviceMode device_mode, |
288 const std::string& device_id, | 292 const std::string& device_id, |
289 EnterpriseInstallAttributes::LockResult lock_result) { | 293 EnterpriseInstallAttributes::LockResult lock_result) { |
290 CHECK_EQ(STEP_LOCK_DEVICE, enrollment_step_); | 294 CHECK_EQ(STEP_LOCK_DEVICE, enrollment_step_); |
291 switch (lock_result) { | 295 switch (lock_result) { |
292 case EnterpriseInstallAttributes::LOCK_SUCCESS: | 296 case EnterpriseInstallAttributes::LOCK_SUCCESS: |
293 enrollment_step_ = STEP_STORE_POLICY; | 297 enrollment_step_ = STEP_STORE_POLICY; |
294 store_->InstallInitialPolicy(*policy_); | 298 store_->InstallInitialPolicy(*policy_); |
295 return; | 299 return; |
296 case EnterpriseInstallAttributes::LOCK_NOT_READY: | 300 case EnterpriseInstallAttributes::LOCK_NOT_READY: |
297 // We wait up to |kLockRetryTimeoutMs| milliseconds and if it hasn't | 301 // We wait up to |kLockRetryTimeoutMs| milliseconds and if it hasn't |
298 // succeeded by then show an error to the user and stop the enrollment. | 302 // succeeded by then show an error to the user and stop the enrollment. |
299 if (lockbox_init_duration_ < kLockRetryTimeoutMs) { | 303 if (lockbox_init_duration_ < kLockRetryTimeoutMs) { |
300 // InstallAttributes not ready yet, retry later. | 304 // InstallAttributes not ready yet, retry later. |
301 LOG(WARNING) << "Install Attributes not ready yet will retry in " | 305 LOG(WARNING) << "Install Attributes not ready yet will retry in " |
302 << kLockRetryIntervalMs << "ms."; | 306 << kLockRetryIntervalMs << "ms."; |
303 base::MessageLoop::current()->PostDelayedTask( | 307 base::MessageLoop::current()->PostDelayedTask( |
304 FROM_HERE, | 308 FROM_HERE, |
305 base::Bind(&EnrollmentHandlerChromeOS::StartLockDevice, | 309 base::Bind(&EnrollmentHandlerChromeOS::StartLockDevice, |
306 weak_factory_.GetWeakPtr(), | 310 lock_weak_factory_.GetWeakPtr(), |
307 user, device_mode, device_id), | 311 user, device_mode, device_id), |
308 base::TimeDelta::FromMilliseconds(kLockRetryIntervalMs)); | 312 base::TimeDelta::FromMilliseconds(kLockRetryIntervalMs)); |
309 lockbox_init_duration_ += kLockRetryIntervalMs; | 313 lockbox_init_duration_ += kLockRetryIntervalMs; |
310 } else { | 314 } else { |
311 ReportResult(EnrollmentStatus::ForStatus( | 315 ReportResult(EnrollmentStatus::ForStatus( |
312 EnrollmentStatus::STATUS_LOCK_TIMEOUT)); | 316 EnrollmentStatus::STATUS_LOCK_TIMEOUT)); |
313 } | 317 } |
314 return; | 318 return; |
315 case EnterpriseInstallAttributes::LOCK_BACKEND_ERROR: | 319 case EnterpriseInstallAttributes::LOCK_BACKEND_ERROR: |
316 ReportResult(EnrollmentStatus::ForStatus( | 320 ReportResult(EnrollmentStatus::ForStatus( |
317 EnrollmentStatus::STATUS_LOCK_ERROR)); | 321 EnrollmentStatus::STATUS_LOCK_ERROR)); |
318 return; | 322 return; |
319 case EnterpriseInstallAttributes::LOCK_WRONG_USER: | 323 case EnterpriseInstallAttributes::LOCK_WRONG_USER: |
320 LOG(ERROR) << "Enrollment cannot proceed because the InstallAttrs " | 324 LOG(ERROR) << "Enrollment cannot proceed because the InstallAttrs " |
321 << "has been locked already!"; | 325 << "has been locked already!"; |
322 ReportResult(EnrollmentStatus::ForStatus( | 326 ReportResult(EnrollmentStatus::ForStatus( |
323 EnrollmentStatus::STATUS_LOCK_WRONG_USER)); | 327 EnrollmentStatus::STATUS_LOCK_WRONG_USER)); |
324 return; | 328 return; |
325 } | 329 } |
326 | 330 |
327 NOTREACHED() << "Invalid lock result " << lock_result; | 331 NOTREACHED() << "Invalid lock result " << lock_result; |
328 ReportResult(EnrollmentStatus::ForStatus( | 332 ReportResult(EnrollmentStatus::ForStatus( |
329 EnrollmentStatus::STATUS_LOCK_ERROR)); | 333 EnrollmentStatus::STATUS_LOCK_ERROR)); |
330 } | 334 } |
331 | 335 |
332 void EnrollmentHandlerChromeOS::Stop() { | 336 void EnrollmentHandlerChromeOS::Stop() { |
333 if (client_.get()) | 337 if (client_.get()) |
334 client_->RemoveObserver(this); | 338 client_->RemoveObserver(this); |
335 enrollment_step_ = STEP_FINISHED; | 339 enrollment_step_ = STEP_FINISHED; |
336 weak_factory_.InvalidateWeakPtrs(); | 340 lock_weak_factory_.InvalidateWeakPtrs(); |
337 completion_callback_.Reset(); | 341 completion_callback_.Reset(); |
338 } | 342 } |
339 | 343 |
340 void EnrollmentHandlerChromeOS::ReportResult(EnrollmentStatus status) { | 344 void EnrollmentHandlerChromeOS::ReportResult(EnrollmentStatus status) { |
341 EnrollmentCallback callback = completion_callback_; | 345 EnrollmentCallback callback = completion_callback_; |
342 Stop(); | 346 Stop(); |
343 | 347 |
344 if (status.status() != EnrollmentStatus::STATUS_SUCCESS) { | 348 if (status.status() != EnrollmentStatus::STATUS_SUCCESS) { |
345 LOG(WARNING) << "Enrollment failed: " << status.status() | 349 LOG(WARNING) << "Enrollment failed: " << status.status() |
346 << " " << status.client_status() | 350 << " " << status.client_status() |
347 << " " << status.validation_status() | 351 << " " << status.validation_status() |
348 << " " << status.store_status(); | 352 << " " << status.store_status(); |
349 } | 353 } |
350 | 354 |
351 if (!callback.is_null()) | 355 if (!callback.is_null()) |
352 callback.Run(status); | 356 callback.Run(status); |
353 } | 357 } |
354 | 358 |
355 } // namespace policy | 359 } // namespace policy |
OLD | NEW |