| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/login/enterprise_enrollment_screen.h" | 5 #include "chrome/browser/chromeos/login/enterprise_enrollment_screen.h" |
| 6 | 6 |
| 7 #include "base/logging.h" | 7 #include "base/logging.h" |
| 8 #include "chrome/browser/browser_process.h" | 8 #include "chrome/browser/browser_process.h" |
| 9 #include "chrome/browser/chromeos/cros/cros_library.h" |
| 10 #include "chrome/browser/chromeos/cros/cryptohome_library.h" |
| 9 #include "chrome/browser/chromeos/login/screen_observer.h" | 11 #include "chrome/browser/chromeos/login/screen_observer.h" |
| 10 #include "chrome/browser/policy/browser_policy_connector.h" | 12 #include "chrome/browser/policy/browser_policy_connector.h" |
| 11 #include "chrome/common/net/gaia/gaia_constants.h" | 13 #include "chrome/common/net/gaia/gaia_constants.h" |
| 12 | 14 |
| 13 namespace chromeos { | 15 namespace chromeos { |
| 14 | 16 |
| 17 // Retry for InstallAttrs initialization every 500ms. |
| 18 const int kLockboxRetryIntervalMs = 500; |
| 19 |
| 15 EnterpriseEnrollmentScreen::EnterpriseEnrollmentScreen( | 20 EnterpriseEnrollmentScreen::EnterpriseEnrollmentScreen( |
| 16 WizardScreenDelegate* delegate) | 21 WizardScreenDelegate* delegate) |
| 17 : ViewScreen<EnterpriseEnrollmentView>(delegate) {} | 22 : ViewScreen<EnterpriseEnrollmentView>(delegate), |
| 23 ALLOW_THIS_IN_INITIALIZER_LIST(runnable_method_factory_(this)) { |
| 24 // Init the TPM if it has not been done until now (in debug build we might |
| 25 // have not done that yet). |
| 26 chromeos::CryptohomeLibrary* cryptohome = |
| 27 chromeos::CrosLibrary::Get()->GetCryptohomeLibrary(); |
| 28 if (cryptohome) { |
| 29 if (cryptohome->TpmIsEnabled() && |
| 30 !cryptohome->TpmIsBeingOwned() && |
| 31 !cryptohome->TpmIsOwned()) { |
| 32 cryptohome->TpmCanAttemptOwnership(); |
| 33 } |
| 34 } |
| 35 } |
| 18 | 36 |
| 19 EnterpriseEnrollmentScreen::~EnterpriseEnrollmentScreen() {} | 37 EnterpriseEnrollmentScreen::~EnterpriseEnrollmentScreen() {} |
| 20 | 38 |
| 21 void EnterpriseEnrollmentScreen::Authenticate(const std::string& user, | 39 void EnterpriseEnrollmentScreen::Authenticate(const std::string& user, |
| 22 const std::string& password, | 40 const std::string& password, |
| 23 const std::string& captcha, | 41 const std::string& captcha, |
| 24 const std::string& access_code) { | 42 const std::string& access_code) { |
| 25 captcha_token_.clear(); | 43 captcha_token_.clear(); |
| 26 user_ = user; | 44 user_ = user; |
| 27 auth_fetcher_.reset( | 45 auth_fetcher_.reset( |
| (...skipping 20 matching lines...) Expand all Loading... |
| 48 ScreenObserver* observer = delegate()->GetObserver(this); | 66 ScreenObserver* observer = delegate()->GetObserver(this); |
| 49 observer->OnExit(ScreenObserver::ENTERPRISE_ENROLLMENT_CANCELLED); | 67 observer->OnExit(ScreenObserver::ENTERPRISE_ENROLLMENT_CANCELLED); |
| 50 } | 68 } |
| 51 | 69 |
| 52 void EnterpriseEnrollmentScreen::CloseConfirmation() { | 70 void EnterpriseEnrollmentScreen::CloseConfirmation() { |
| 53 auth_fetcher_.reset(); | 71 auth_fetcher_.reset(); |
| 54 ScreenObserver* observer = delegate()->GetObserver(this); | 72 ScreenObserver* observer = delegate()->GetObserver(this); |
| 55 observer->OnExit(ScreenObserver::ENTERPRISE_ENROLLMENT_COMPLETED); | 73 observer->OnExit(ScreenObserver::ENTERPRISE_ENROLLMENT_COMPLETED); |
| 56 } | 74 } |
| 57 | 75 |
| 76 bool EnterpriseEnrollmentScreen::GetInitialUser(std::string* user) { |
| 77 chromeos::CryptohomeLibrary* cryptohome = |
| 78 chromeos::CrosLibrary::Get()->GetCryptohomeLibrary(); |
| 79 if (cryptohome && |
| 80 cryptohome->InstallAttributesIsReady() && |
| 81 !cryptohome->InstallAttributesIsFirstInstall()) { |
| 82 std::string value; |
| 83 if (cryptohome->InstallAttributesGet("enterprise.owned", &value) && |
| 84 value == "true") { |
| 85 if (cryptohome->InstallAttributesGet("enterprise.user", &value)) { |
| 86 // If we landed in the enrollment dialogue with a locked InstallAttrs |
| 87 // this means we might only want to reenroll with the DMServer so lock |
| 88 // the username to what has been stored in the InstallAttrs already. |
| 89 *user = value; |
| 90 if (view()) |
| 91 view()->set_editable_user(false); |
| 92 return true; |
| 93 } |
| 94 } |
| 95 LOG(ERROR) << "Enrollment will not finish because the InstallAttrs has " |
| 96 << "been locked already but does not contain valid data."; |
| 97 } |
| 98 return false; |
| 99 } |
| 100 |
| 58 void EnterpriseEnrollmentScreen::OnClientLoginSuccess( | 101 void EnterpriseEnrollmentScreen::OnClientLoginSuccess( |
| 59 const ClientLoginResult& result) { | 102 const ClientLoginResult& result) { |
| 60 auth_fetcher_->StartIssueAuthToken(result.sid, result.lsid, | 103 WriteInstallAttributesData(result); |
| 61 GaiaConstants::kDeviceManagementService); | |
| 62 } | 104 } |
| 63 | 105 |
| 64 void EnterpriseEnrollmentScreen::OnClientLoginFailure( | 106 void EnterpriseEnrollmentScreen::OnClientLoginFailure( |
| 65 const GoogleServiceAuthError& error) { | 107 const GoogleServiceAuthError& error) { |
| 66 HandleAuthError(error); | 108 HandleAuthError(error); |
| 67 } | 109 } |
| 68 | 110 |
| 69 void EnterpriseEnrollmentScreen::OnIssueAuthTokenSuccess( | 111 void EnterpriseEnrollmentScreen::OnIssueAuthTokenSuccess( |
| 70 const std::string& service, | 112 const std::string& service, |
| 71 const std::string& auth_token) { | 113 const std::string& auth_token) { |
| (...skipping 98 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 170 // fall through. | 212 // fall through. |
| 171 case GoogleServiceAuthError::REQUEST_CANCELED: | 213 case GoogleServiceAuthError::REQUEST_CANCELED: |
| 172 LOG(ERROR) << "Unexpected GAIA auth error: " << error.state(); | 214 LOG(ERROR) << "Unexpected GAIA auth error: " << error.state(); |
| 173 view()->ShowFatalAuthError(); | 215 view()->ShowFatalAuthError(); |
| 174 return; | 216 return; |
| 175 } | 217 } |
| 176 | 218 |
| 177 NOTREACHED() << error.state(); | 219 NOTREACHED() << error.state(); |
| 178 } | 220 } |
| 179 | 221 |
| 222 void EnterpriseEnrollmentScreen::WriteInstallAttributesData( |
| 223 const ClientLoginResult& result) { |
| 224 // Since this method is also called directly. |
| 225 runnable_method_factory_.RevokeAll(); |
| 226 |
| 227 if (!view()) |
| 228 return; |
| 229 |
| 230 chromeos::CryptohomeLibrary* cryptohome = |
| 231 chromeos::CrosLibrary::Get()->GetCryptohomeLibrary(); |
| 232 if (!cryptohome) { |
| 233 LOG(ERROR) << "Enrollment can not proceed because the InstallAttrs can not " |
| 234 << "be accessed."; |
| 235 view()->ShowFatalEnrollmentError(); |
| 236 return; |
| 237 } |
| 238 |
| 239 if (!cryptohome->InstallAttributesIsReady()) { |
| 240 // Lockbox is not ready yet, retry later. |
| 241 LOG(WARNING) << "Lockbox is not ready yet will retry in " |
| 242 << kLockboxRetryIntervalMs << "ms."; |
| 243 MessageLoop::current()->PostDelayedTask( |
| 244 FROM_HERE, |
| 245 runnable_method_factory_.NewRunnableMethod( |
| 246 &EnterpriseEnrollmentScreen::WriteInstallAttributesData, result), |
| 247 kLockboxRetryIntervalMs); |
| 248 return; |
| 249 } |
| 250 |
| 251 // Clearing the TPM password seems to be always a good deal. |
| 252 if (cryptohome->TpmIsEnabled() && |
| 253 !cryptohome->TpmIsBeingOwned() && |
| 254 cryptohome->TpmIsOwned()) { |
| 255 cryptohome->TpmClearStoredPassword(); |
| 256 } |
| 257 |
| 258 // Make sure we really have a working InstallAttrs. |
| 259 if (cryptohome->InstallAttributesIsInvalid()) { |
| 260 LOG(ERROR) << "Enrollment can not proceed because the InstallAttrs " |
| 261 << "is corrupt or failed to initialize!"; |
| 262 view()->ShowFatalEnrollmentError(); |
| 263 return; |
| 264 } |
| 265 if (!cryptohome->InstallAttributesIsFirstInstall()) { |
| 266 std::string value; |
| 267 if (cryptohome->InstallAttributesGet("enterprise.owned", &value) && |
| 268 value == "true") { |
| 269 if (cryptohome->InstallAttributesGet("enterprise.user", &value)) { |
| 270 if (value == user_) { |
| 271 // If we landed here with a locked InstallAttrs this would mean we |
| 272 // only want to reenroll with the DMServer so lock just continue. |
| 273 auth_fetcher_->StartIssueAuthToken( |
| 274 result.sid, result.lsid, |
| 275 GaiaConstants::kDeviceManagementService); |
| 276 return; |
| 277 } |
| 278 } |
| 279 } |
| 280 |
| 281 LOG(ERROR) << "Enrollment can not proceed because the InstallAttrs " |
| 282 << "has been locked already!"; |
| 283 view()->ShowFatalEnrollmentError(); |
| 284 return; |
| 285 } |
| 286 |
| 287 // Set values in the InstallAttrs and lock it. |
| 288 DCHECK(cryptohome->InstallAttributesIsFirstInstall()); |
| 289 cryptohome->InstallAttributesSet("enterprise.owned", "true"); |
| 290 cryptohome->InstallAttributesSet("enterprise.user", user_); |
| 291 DCHECK(cryptohome->InstallAttributesCount() == 2); |
| 292 cryptohome->InstallAttributesFinalize(); |
| 293 if (cryptohome->InstallAttributesIsFirstInstall()) { |
| 294 LOG(ERROR) << "Enrollment can not proceed because the InstallAttrs " |
| 295 << "can not be sealed!"; |
| 296 view()->ShowFatalEnrollmentError(); |
| 297 return; |
| 298 } |
| 299 |
| 300 // Proceed with register and policy fetch. |
| 301 auth_fetcher_->StartIssueAuthToken( |
| 302 result.sid, result.lsid, GaiaConstants::kDeviceManagementService); |
| 303 } |
| 304 |
| 180 } // namespace chromeos | 305 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 6821075:
Chrome-side lockbox bindings (Closed)
Base URL: http://git.chromium.org/git/chromium.git@trunk