| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/policy/enrollment_handler_chromeos.h" | 5 #include "chrome/browser/chromeos/policy/enrollment_handler_chromeos.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/command_line.h" | 8 #include "base/command_line.h" |
| 9 #include "base/logging.h" | 9 #include "base/logging.h" |
| 10 #include "base/message_loop/message_loop.h" | 10 #include "base/message_loop/message_loop.h" |
| (...skipping 71 matching lines...) Loading... |
| 82 | 82 |
| 83 EnrollmentHandlerChromeOS::~EnrollmentHandlerChromeOS() { | 83 EnrollmentHandlerChromeOS::~EnrollmentHandlerChromeOS() { |
| 84 Stop(); | 84 Stop(); |
| 85 store_->RemoveObserver(this); | 85 store_->RemoveObserver(this); |
| 86 } | 86 } |
| 87 | 87 |
| 88 void EnrollmentHandlerChromeOS::StartEnrollment() { | 88 void EnrollmentHandlerChromeOS::StartEnrollment() { |
| 89 CHECK_EQ(STEP_PENDING, enrollment_step_); | 89 CHECK_EQ(STEP_PENDING, enrollment_step_); |
| 90 enrollment_step_ = STEP_STATE_KEYS; | 90 enrollment_step_ = STEP_STATE_KEYS; |
| 91 state_keys_broker_->RequestStateKeys( | 91 state_keys_broker_->RequestStateKeys( |
| 92 base::Bind(&EnrollmentHandlerChromeOS::HandleStateKeysResult, | 92 base::Bind(&EnrollmentHandlerChromeOS::CheckStateKeys, |
| 93 weak_ptr_factory_.GetWeakPtr())); | 93 weak_ptr_factory_.GetWeakPtr())); |
| 94 } | 94 } |
| 95 | 95 |
| 96 scoped_ptr<CloudPolicyClient> EnrollmentHandlerChromeOS::ReleaseClient() { | 96 scoped_ptr<CloudPolicyClient> EnrollmentHandlerChromeOS::ReleaseClient() { |
| 97 Stop(); | 97 Stop(); |
| 98 return client_.Pass(); | 98 return client_.Pass(); |
| 99 } | 99 } |
| 100 | 100 |
| 101 void EnrollmentHandlerChromeOS::OnPolicyFetched(CloudPolicyClient* client) { | 101 void EnrollmentHandlerChromeOS::OnPolicyFetched(CloudPolicyClient* client) { |
| 102 DCHECK_EQ(client_.get(), client); | 102 DCHECK_EQ(client_.get(), client); |
| (...skipping 30 matching lines...) Loading... |
| 133 CloudPolicyValidatorBase::DM_TOKEN_REQUIRED); | 133 CloudPolicyValidatorBase::DM_TOKEN_REQUIRED); |
| 134 validator->ValidatePolicyType(dm_protocol::kChromeDevicePolicyType); | 134 validator->ValidatePolicyType(dm_protocol::kChromeDevicePolicyType); |
| 135 validator->ValidatePayload(); | 135 validator->ValidatePayload(); |
| 136 // If |domain| is empty here, the policy validation code will just use the | 136 // If |domain| is empty here, the policy validation code will just use the |
| 137 // domain from the username field in the policy itself to do key validation. | 137 // domain from the username field in the policy itself to do key validation. |
| 138 // TODO(mnissler): Plumb the enrolling user's username into this object so | 138 // TODO(mnissler): Plumb the enrolling user's username into this object so |
| 139 // we can validate the username on the resulting policy, and use the domain | 139 // we can validate the username on the resulting policy, and use the domain |
| 140 // from that username to validate the key below (http://crbug.com/343074). | 140 // from that username to validate the key below (http://crbug.com/343074). |
| 141 validator->ValidateInitialKey(GetPolicyVerificationKey(), domain); | 141 validator->ValidateInitialKey(GetPolicyVerificationKey(), domain); |
| 142 validator.release()->StartValidation( | 142 validator.release()->StartValidation( |
| 143 base::Bind(&EnrollmentHandlerChromeOS::HandlePolicyValidationResult, | 143 base::Bind(&EnrollmentHandlerChromeOS::PolicyValidated, |
| 144 weak_ptr_factory_.GetWeakPtr())); | 144 weak_ptr_factory_.GetWeakPtr())); |
| 145 } | 145 } |
| 146 | 146 |
| 147 void EnrollmentHandlerChromeOS::OnRegistrationStateChanged( | 147 void EnrollmentHandlerChromeOS::OnRegistrationStateChanged( |
| 148 CloudPolicyClient* client) { | 148 CloudPolicyClient* client) { |
| 149 DCHECK_EQ(client_.get(), client); | 149 DCHECK_EQ(client_.get(), client); |
| 150 | 150 |
| 151 if (enrollment_step_ == STEP_REGISTRATION && client_->is_registered()) { | 151 if (enrollment_step_ == STEP_REGISTRATION && client_->is_registered()) { |
| 152 enrollment_step_ = STEP_POLICY_FETCH, | 152 enrollment_step_ = STEP_POLICY_FETCH, |
| 153 device_mode_ = client_->device_mode(); | 153 device_mode_ = client_->device_mode(); |
| 154 if (device_mode_ == DEVICE_MODE_NOT_SET) | 154 if (device_mode_ == DEVICE_MODE_NOT_SET) |
| 155 device_mode_ = DEVICE_MODE_ENTERPRISE; | 155 device_mode_ = DEVICE_MODE_ENTERPRISE; |
| 156 if (!allowed_device_modes_.test(device_mode_)) { | 156 if (!allowed_device_modes_.test(device_mode_)) { |
| 157 LOG(ERROR) << "Bad device mode " << device_mode_; | 157 LOG(ERROR) << "Bad device mode " << device_mode_; |
| 158 ReportResult(EnrollmentStatus::ForStatus( | 158 ReportResult(EnrollmentStatus::ForStatus( |
| 159 EnrollmentStatus::STATUS_REGISTRATION_BAD_MODE)); | 159 EnrollmentStatus::STATUS_REGISTRATION_BAD_MODE)); |
| 160 return; | 160 return; |
| 161 } | 161 } |
| 162 client_->FetchPolicy(); | 162 client_->FetchPolicy(); |
| 163 } else { | 163 } else { |
| 164 LOG(FATAL) << "Registration state changed to " << client_->is_registered() | 164 LOG(FATAL) << "Registration state changed to " << client_->is_registered() |
| 165 << " in step " << enrollment_step_ << "."; | 165 << " in step " << enrollment_step_; |
| 166 } | 166 } |
| 167 } | 167 } |
| 168 | 168 |
| 169 void EnrollmentHandlerChromeOS::OnClientError(CloudPolicyClient* client) { | 169 void EnrollmentHandlerChromeOS::OnClientError(CloudPolicyClient* client) { |
| 170 DCHECK_EQ(client_.get(), client); | 170 DCHECK_EQ(client_.get(), client); |
| 171 | 171 |
| 172 if (enrollment_step_ == STEP_ROBOT_AUTH_FETCH) { | 172 if (enrollment_step_ == STEP_ROBOT_AUTH_FETCH) { |
| 173 LOG(ERROR) << "API authentication code fetch failed: " | 173 LOG(ERROR) << "API authentication code fetch failed: " |
| 174 << client_->status(); | 174 << client_->status(); |
| 175 ReportResult(EnrollmentStatus::ForRobotAuthFetchError(client_->status())); | 175 ReportResult(EnrollmentStatus::ForRobotAuthFetchError(client_->status())); |
| 176 } else if (enrollment_step_ < STEP_POLICY_FETCH) { | 176 } else if (enrollment_step_ < STEP_POLICY_FETCH) { |
| 177 ReportResult(EnrollmentStatus::ForRegistrationError(client_->status())); | 177 ReportResult(EnrollmentStatus::ForRegistrationError(client_->status())); |
| 178 } else { | 178 } else { |
| 179 ReportResult(EnrollmentStatus::ForFetchError(client_->status())); | 179 ReportResult(EnrollmentStatus::ForFetchError(client_->status())); |
| 180 } | 180 } |
| 181 } | 181 } |
| 182 | 182 |
| 183 void EnrollmentHandlerChromeOS::OnStoreLoaded(CloudPolicyStore* store) { | 183 void EnrollmentHandlerChromeOS::OnStoreLoaded(CloudPolicyStore* store) { |
| 184 DCHECK_EQ(store_, store); | 184 DCHECK_EQ(store_, store); |
| 185 | 185 |
| 186 if (enrollment_step_ == STEP_LOADING_STORE) { | 186 if (enrollment_step_ == STEP_LOADING_STORE) { |
| 187 // If the |store_| wasn't initialized when StartEnrollment() was called, | 187 // If the |store_| wasn't initialized when StartEnrollment() was |
| 188 // then StartRegistration() bails silently. This gets registration rolling | 188 // called, then AttemptRegistration() bails silently. This gets |
| 189 // again after the store finishes loading. | 189 // registration rolling again after the store finishes loading. |
| 190 StartRegistration(); | 190 AttemptRegistration(); |
| 191 } else if (enrollment_step_ == STEP_STORE_POLICY) { | 191 } else if (enrollment_step_ == STEP_STORE_POLICY) { |
| 192 ReportResult(EnrollmentStatus::ForStatus(EnrollmentStatus::STATUS_SUCCESS)); | 192 ReportResult(EnrollmentStatus::ForStatus(EnrollmentStatus::STATUS_SUCCESS)); |
| 193 } | 193 } |
| 194 } | 194 } |
| 195 | 195 |
| 196 void EnrollmentHandlerChromeOS::OnStoreError(CloudPolicyStore* store) { | 196 void EnrollmentHandlerChromeOS::OnStoreError(CloudPolicyStore* store) { |
| 197 DCHECK_EQ(store_, store); | 197 DCHECK_EQ(store_, store); |
| 198 if (enrollment_step_ == STEP_STORE_TOKEN_AND_ID) { | 198 if (enrollment_step_ == STEP_STORE_TOKEN_AND_ID) { |
| 199 // Calling DeviceSettingsService::SetManagementSettings() on a non- | 199 // Calling DeviceSettingsService::SetManagementSettings() on a non- |
| 200 // enterprise-managed device will trigger OnStoreError(), as | 200 // enterprise-managed device will trigger OnStoreError(), as |
| 201 // DeviceCloudPolicyStore listens to all changes on DeviceSettingsService, | 201 // DeviceCloudPolicyStore listens to all changes on DeviceSettingsService, |
| 202 // and it calls OnStoreError() when the device is not enterprise-managed. | 202 // and it calls OnStoreError() when the device is not enterprise-managed. |
| 203 return; | 203 return; |
| 204 } | 204 } |
| 205 ReportResult(EnrollmentStatus::ForStoreError(store_->status(), | 205 ReportResult(EnrollmentStatus::ForStoreError(store_->status(), |
| 206 store_->validation_status())); | 206 store_->validation_status())); |
| 207 } | 207 } |
| 208 | 208 |
| 209 void EnrollmentHandlerChromeOS::HandleStateKeysResult( | 209 void EnrollmentHandlerChromeOS::CheckStateKeys( |
| 210 const std::vector<std::string>& state_keys, bool /* first_boot */) { | 210 const std::vector<std::string>& state_keys, bool /* first_boot */) { |
| 211 CHECK_EQ(STEP_STATE_KEYS, enrollment_step_); | 211 CHECK_EQ(STEP_STATE_KEYS, enrollment_step_); |
| 212 | 212 |
| 213 // Make sure state keys are available if forced re-enrollment is on. | 213 // Make sure state keys are available if forced re-enrollment is on. |
| 214 if (chromeos::AutoEnrollmentController::GetMode() == | 214 if (chromeos::AutoEnrollmentController::GetMode() == |
| 215 chromeos::AutoEnrollmentController::MODE_FORCED_RE_ENROLLMENT) { | 215 chromeos::AutoEnrollmentController::MODE_FORCED_RE_ENROLLMENT) { |
| 216 client_->SetStateKeysToUpload(state_keys); | 216 if (state_keys.empty()) { |
| 217 current_state_key_ = state_keys_broker_->current_state_key(); | |
| 218 if (state_keys.empty() || current_state_key_.empty()) { | |
| 219 ReportResult( | 217 ReportResult( |
| 220 EnrollmentStatus::ForStatus(EnrollmentStatus::STATUS_NO_STATE_KEYS)); | 218 EnrollmentStatus::ForStatus(EnrollmentStatus::STATUS_NO_STATE_KEYS)); |
| 221 return; | 219 return; |
| 222 } | 220 } |
| 221 client_->SetStateKeysToUpload(state_keys); |
| 222 current_state_key_ = state_keys_broker_->current_state_key(); |
| 223 } | 223 } |
| 224 | 224 |
| 225 enrollment_step_ = STEP_LOADING_STORE; | 225 enrollment_step_ = STEP_LOADING_STORE; |
| 226 StartRegistration(); | 226 AttemptRegistration(); |
| 227 } | 227 } |
| 228 | 228 |
| 229 void EnrollmentHandlerChromeOS::StartRegistration() { | 229 void EnrollmentHandlerChromeOS::AttemptRegistration() { |
| 230 CHECK_EQ(STEP_LOADING_STORE, enrollment_step_); | 230 CHECK_EQ(STEP_LOADING_STORE, enrollment_step_); |
| 231 if (store_->is_initialized()) { | 231 if (store_->is_initialized()) { |
| 232 enrollment_step_ = STEP_REGISTRATION; | 232 enrollment_step_ = STEP_REGISTRATION; |
| 233 client_->Register(em::DeviceRegisterRequest::DEVICE, | 233 client_->Register(em::DeviceRegisterRequest::DEVICE, |
| 234 auth_token_, client_id_, is_auto_enrollment_, | 234 auth_token_, client_id_, is_auto_enrollment_, |
| 235 requisition_, current_state_key_); | 235 requisition_, current_state_key_); |
| 236 } else { | |
| 237 // Do nothing. StartRegistration() will be called again from OnStoreLoaded() | |
| 238 // after the CloudPolicyStore has initialized. | |
| 239 } | 236 } |
| 240 } | 237 } |
| 241 | 238 |
| 242 void EnrollmentHandlerChromeOS::HandlePolicyValidationResult( | 239 void EnrollmentHandlerChromeOS::PolicyValidated( |
| 243 DeviceCloudPolicyValidator* validator) { | 240 DeviceCloudPolicyValidator* validator) { |
| 244 CHECK_EQ(STEP_VALIDATION, enrollment_step_); | 241 CHECK_EQ(STEP_VALIDATION, enrollment_step_); |
| 245 if (validator->success()) { | 242 if (validator->success()) { |
| 246 policy_ = validator->policy().Pass(); | 243 policy_ = validator->policy().Pass(); |
| 247 username_ = validator->policy_data()->username(); | 244 username_ = validator->policy_data()->username(); |
| 248 device_id_ = validator->policy_data()->device_id(); | 245 device_id_ = validator->policy_data()->device_id(); |
| 249 request_token_ = validator->policy_data()->request_token(); | 246 request_token_ = validator->policy_data()->request_token(); |
| 250 | 247 |
| 251 if (CommandLine::ForCurrentProcess()->HasSwitch( | 248 if (CommandLine::ForCurrentProcess()->HasSwitch( |
| 252 chromeos::switches::kEnterpriseEnrollmentSkipRobotAuth)) { | 249 chromeos::switches::kEnterpriseEnrollmentSkipRobotAuth)) { |
| (...skipping 45 matching lines...) Loading... |
| 298 | 295 |
| 299 enrollment_step_ = STEP_LOCK_DEVICE; | 296 enrollment_step_ = STEP_LOCK_DEVICE; |
| 300 StartLockDevice(); | 297 StartLockDevice(); |
| 301 } | 298 } |
| 302 | 299 |
| 303 // GaiaOAuthClient::Delegate | 300 // GaiaOAuthClient::Delegate |
| 304 void EnrollmentHandlerChromeOS::OnRefreshTokenResponse( | 301 void EnrollmentHandlerChromeOS::OnRefreshTokenResponse( |
| 305 const std::string& access_token, | 302 const std::string& access_token, |
| 306 int expires_in_seconds) { | 303 int expires_in_seconds) { |
| 307 // We never use the code that should trigger this callback. | 304 // We never use the code that should trigger this callback. |
| 308 LOG(FATAL) << "Unexpected callback invoked."; | 305 LOG(FATAL) << "Unexpected callback invoked"; |
| 309 } | 306 } |
| 310 | 307 |
| 311 // GaiaOAuthClient::Delegate OAuth2 error when fetching refresh token request. | 308 // GaiaOAuthClient::Delegate OAuth2 error when fetching refresh token request. |
| 312 void EnrollmentHandlerChromeOS::OnOAuthError() { | 309 void EnrollmentHandlerChromeOS::OnOAuthError() { |
| 313 CHECK_EQ(STEP_ROBOT_AUTH_REFRESH, enrollment_step_); | 310 CHECK_EQ(STEP_ROBOT_AUTH_REFRESH, enrollment_step_); |
| 314 // OnOAuthError is only called if the request is bad (malformed) or the | 311 // OnOAuthError is only called if the request is bad (malformed) or the |
| 315 // response is bad (empty access token returned). | 312 // response is bad (empty access token returned). |
| 316 LOG(ERROR) << "OAuth protocol error while fetching API refresh token."; | 313 LOG(ERROR) << "OAuth protocol error while fetching API refresh token."; |
| 317 ReportResult( | 314 ReportResult( |
| 318 EnrollmentStatus::ForRobotRefreshFetchError(net::HTTP_BAD_REQUEST)); | 315 EnrollmentStatus::ForRobotRefreshFetchError(net::HTTP_BAD_REQUEST)); |
| (...skipping 12 matching lines...) Loading... |
| 331 CHECK_EQ(STEP_LOCK_DEVICE, enrollment_step_); | 328 CHECK_EQ(STEP_LOCK_DEVICE, enrollment_step_); |
| 332 // Since this method is also called directly. | 329 // Since this method is also called directly. |
| 333 weak_ptr_factory_.InvalidateWeakPtrs(); | 330 weak_ptr_factory_.InvalidateWeakPtrs(); |
| 334 | 331 |
| 335 if (management_mode_ == em::PolicyData::CONSUMER_MANAGED) { | 332 if (management_mode_ == em::PolicyData::CONSUMER_MANAGED) { |
| 336 // Consumer device enrollment doesn't use install attributes. Instead, | 333 // Consumer device enrollment doesn't use install attributes. Instead, |
| 337 // we put the information in the owners settings. | 334 // we put the information in the owners settings. |
| 338 enrollment_step_ = STEP_STORE_TOKEN_AND_ID; | 335 enrollment_step_ = STEP_STORE_TOKEN_AND_ID; |
| 339 device_settings_service_->SetManagementSettings( | 336 device_settings_service_->SetManagementSettings( |
| 340 management_mode_, request_token_, device_id_, | 337 management_mode_, request_token_, device_id_, |
| 341 base::Bind(&EnrollmentHandlerChromeOS::HandleSetManagementSettingsDone, | 338 base::Bind(&EnrollmentHandlerChromeOS::OnSetManagementSettingsDone, |
| 342 weak_ptr_factory_.GetWeakPtr())); | 339 weak_ptr_factory_.GetWeakPtr())); |
| 343 } else { | 340 } else { |
| 344 install_attributes_->LockDevice( | 341 install_attributes_->LockDevice( |
| 345 username_, device_mode_, device_id_, | 342 username_, device_mode_, device_id_, |
| 346 base::Bind(&EnrollmentHandlerChromeOS::HandleLockDeviceResult, | 343 base::Bind(&EnrollmentHandlerChromeOS::HandleLockDeviceResult, |
| 347 weak_ptr_factory_.GetWeakPtr())); | 344 weak_ptr_factory_.GetWeakPtr())); |
| 348 } | 345 } |
| 349 } | 346 } |
| 350 | 347 |
| 351 void EnrollmentHandlerChromeOS::HandleSetManagementSettingsDone() { | 348 void EnrollmentHandlerChromeOS::OnSetManagementSettingsDone() { |
| 352 CHECK_EQ(STEP_STORE_TOKEN_AND_ID, enrollment_step_); | 349 CHECK_EQ(STEP_STORE_TOKEN_AND_ID, enrollment_step_); |
| 353 if (device_settings_service_->status() != | 350 if (device_settings_service_->status() != |
| 354 chromeos::DeviceSettingsService::STORE_SUCCESS) { | 351 chromeos::DeviceSettingsService::STORE_SUCCESS) { |
| 355 ReportResult(EnrollmentStatus::ForStatus( | 352 ReportResult(EnrollmentStatus::ForStatus( |
| 356 EnrollmentStatus::STATUS_STORE_TOKEN_AND_ID_FAILED)); | 353 EnrollmentStatus::STATUS_STORE_TOKEN_AND_ID_FAILED)); |
| 357 return; | 354 return; |
| 358 } | 355 } |
| 359 | 356 |
| 360 StartStoreRobotAuth(); | 357 StoreRobotAuth(); |
| 361 } | 358 } |
| 362 | 359 |
| 363 void EnrollmentHandlerChromeOS::HandleLockDeviceResult( | 360 void EnrollmentHandlerChromeOS::HandleLockDeviceResult( |
| 364 EnterpriseInstallAttributes::LockResult lock_result) { | 361 EnterpriseInstallAttributes::LockResult lock_result) { |
| 365 CHECK_EQ(STEP_LOCK_DEVICE, enrollment_step_); | 362 CHECK_EQ(STEP_LOCK_DEVICE, enrollment_step_); |
| 366 switch (lock_result) { | 363 switch (lock_result) { |
| 367 case EnterpriseInstallAttributes::LOCK_SUCCESS: | 364 case EnterpriseInstallAttributes::LOCK_SUCCESS: |
| 368 StartStoreRobotAuth(); | 365 StoreRobotAuth(); |
| 369 break; | 366 return; |
| 370 case EnterpriseInstallAttributes::LOCK_NOT_READY: | 367 case EnterpriseInstallAttributes::LOCK_NOT_READY: |
| 371 // We wait up to |kLockRetryTimeoutMs| milliseconds and if it hasn't | 368 // We wait up to |kLockRetryTimeoutMs| milliseconds and if it hasn't |
| 372 // succeeded by then show an error to the user and stop the enrollment. | 369 // succeeded by then show an error to the user and stop the enrollment. |
| 373 if (lockbox_init_duration_ < kLockRetryTimeoutMs) { | 370 if (lockbox_init_duration_ < kLockRetryTimeoutMs) { |
| 374 // InstallAttributes not ready yet, retry later. | 371 // InstallAttributes not ready yet, retry later. |
| 375 LOG(WARNING) << "Install Attributes not ready yet will retry in " | 372 LOG(WARNING) << "Install Attributes not ready yet will retry in " |
| 376 << kLockRetryIntervalMs << "ms."; | 373 << kLockRetryIntervalMs << "ms."; |
| 377 base::MessageLoop::current()->PostDelayedTask( | 374 base::MessageLoop::current()->PostDelayedTask( |
| 378 FROM_HERE, | 375 FROM_HERE, |
| 379 base::Bind(&EnrollmentHandlerChromeOS::StartLockDevice, | 376 base::Bind(&EnrollmentHandlerChromeOS::StartLockDevice, |
| 380 weak_ptr_factory_.GetWeakPtr()), | 377 weak_ptr_factory_.GetWeakPtr()), |
| 381 base::TimeDelta::FromMilliseconds(kLockRetryIntervalMs)); | 378 base::TimeDelta::FromMilliseconds(kLockRetryIntervalMs)); |
| 382 lockbox_init_duration_ += kLockRetryIntervalMs; | 379 lockbox_init_duration_ += kLockRetryIntervalMs; |
| 383 } else { | 380 } else { |
| 384 ReportResult(EnrollmentStatus::ForStatus( | 381 ReportResult(EnrollmentStatus::ForStatus( |
| 385 EnrollmentStatus::STATUS_LOCK_TIMEOUT)); | 382 EnrollmentStatus::STATUS_LOCK_TIMEOUT)); |
| 386 } | 383 } |
| 387 break; | 384 return; |
| 388 case EnterpriseInstallAttributes::LOCK_BACKEND_ERROR: | 385 case EnterpriseInstallAttributes::LOCK_BACKEND_ERROR: |
| 389 ReportResult(EnrollmentStatus::ForStatus( | 386 ReportResult(EnrollmentStatus::ForStatus( |
| 390 EnrollmentStatus::STATUS_LOCK_ERROR)); | 387 EnrollmentStatus::STATUS_LOCK_ERROR)); |
| 391 break; | 388 return; |
| 392 case EnterpriseInstallAttributes::LOCK_WRONG_USER: | 389 case EnterpriseInstallAttributes::LOCK_WRONG_USER: |
| 393 LOG(ERROR) << "Enrollment cannot proceed because the InstallAttrs " | 390 LOG(ERROR) << "Enrollment cannot proceed because the InstallAttrs " |
| 394 << "has been locked already!"; | 391 << "has been locked already!"; |
| 395 ReportResult(EnrollmentStatus::ForStatus( | 392 ReportResult(EnrollmentStatus::ForStatus( |
| 396 EnrollmentStatus::STATUS_LOCK_WRONG_USER)); | 393 EnrollmentStatus::STATUS_LOCK_WRONG_USER)); |
| 397 break; | 394 return; |
| 398 } | 395 } |
| 396 |
| 397 NOTREACHED() << "Invalid lock result " << lock_result; |
| 398 ReportResult(EnrollmentStatus::ForStatus( |
| 399 EnrollmentStatus::STATUS_LOCK_ERROR)); |
| 399 } | 400 } |
| 400 | 401 |
| 401 void EnrollmentHandlerChromeOS::StartStoreRobotAuth() { | 402 void EnrollmentHandlerChromeOS::StoreRobotAuth() { |
| 402 // Get the token service so we can store our robot refresh token. | 403 // Get the token service so we can store our robot refresh token. |
| 403 enrollment_step_ = STEP_STORE_ROBOT_AUTH; | 404 enrollment_step_ = STEP_STORE_ROBOT_AUTH; |
| 404 chromeos::DeviceOAuth2TokenServiceFactory::Get()->SetAndSaveRefreshToken( | 405 chromeos::DeviceOAuth2TokenServiceFactory::Get()->SetAndSaveRefreshToken( |
| 405 refresh_token_, | 406 refresh_token_, |
| 406 base::Bind(&EnrollmentHandlerChromeOS::HandleStoreRobotAuthTokenResult, | 407 base::Bind(&EnrollmentHandlerChromeOS::HandleRobotAuthTokenStored, |
| 407 weak_ptr_factory_.GetWeakPtr())); | 408 weak_ptr_factory_.GetWeakPtr())); |
| 408 } | 409 } |
| 409 | 410 |
| 410 void EnrollmentHandlerChromeOS::HandleStoreRobotAuthTokenResult(bool result) { | 411 void EnrollmentHandlerChromeOS::HandleRobotAuthTokenStored(bool result) { |
| 411 CHECK_EQ(STEP_STORE_ROBOT_AUTH, enrollment_step_); | 412 CHECK_EQ(STEP_STORE_ROBOT_AUTH, enrollment_step_); |
| 412 | 413 |
| 413 if (!result) { | 414 if (!result) { |
| 414 LOG(ERROR) << "Failed to store API refresh token."; | 415 LOG(ERROR) << "Failed to store API refresh token."; |
| 415 ReportResult(EnrollmentStatus::ForStatus( | 416 ReportResult(EnrollmentStatus::ForStatus( |
| 416 EnrollmentStatus::STATUS_ROBOT_REFRESH_STORE_FAILED)); | 417 EnrollmentStatus::STATUS_ROBOT_REFRESH_STORE_FAILED)); |
| 417 return; | 418 return; |
| 418 } | 419 } |
| 419 | 420 |
| 420 if (management_mode_ == em::PolicyData::CONSUMER_MANAGED) { | 421 if (management_mode_ == em::PolicyData::CONSUMER_MANAGED) { |
| (...skipping 13 matching lines...) Loading... |
| 434 weak_ptr_factory_.InvalidateWeakPtrs(); | 435 weak_ptr_factory_.InvalidateWeakPtrs(); |
| 435 completion_callback_.Reset(); | 436 completion_callback_.Reset(); |
| 436 } | 437 } |
| 437 | 438 |
| 438 void EnrollmentHandlerChromeOS::ReportResult(EnrollmentStatus status) { | 439 void EnrollmentHandlerChromeOS::ReportResult(EnrollmentStatus status) { |
| 439 EnrollmentCallback callback = completion_callback_; | 440 EnrollmentCallback callback = completion_callback_; |
| 440 Stop(); | 441 Stop(); |
| 441 | 442 |
| 442 if (status.status() != EnrollmentStatus::STATUS_SUCCESS) { | 443 if (status.status() != EnrollmentStatus::STATUS_SUCCESS) { |
| 443 LOG(WARNING) << "Enrollment failed: " << status.status() | 444 LOG(WARNING) << "Enrollment failed: " << status.status() |
| 444 << ", client: " << status.client_status() | 445 << " " << status.client_status() |
| 445 << ", validation: " << status.validation_status() | 446 << " " << status.validation_status() |
| 446 << ", store: " << status.store_status(); | 447 << " " << status.store_status(); |
| 447 } | 448 } |
| 448 | 449 |
| 449 if (!callback.is_null()) | 450 if (!callback.is_null()) |
| 450 callback.Run(status); | 451 callback.Run(status); |
| 451 } | 452 } |
| 452 | 453 |
| 453 } // namespace policy | 454 } // namespace policy |
| OLD | NEW |
|---|
Chromium Code Reviews