Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(330)

Side by Side Diff: chrome/browser/chromeos/login/enterprise_enrollment_screen.cc

Issue 6821075: Chrome-side lockbox bindings (Closed) Base URL: http://git.chromium.org/git/chromium.git@trunk
Patch Set: Addressed Ken's nits. Created 9 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/chromeos/login/enterprise_enrollment_screen.h" 5 #include "chrome/browser/chromeos/login/enterprise_enrollment_screen.h"
6 6
7 #include "base/logging.h" 7 #include "base/logging.h"
8 #include "chrome/browser/browser_process.h" 8 #include "chrome/browser/browser_process.h"
9 #include "chrome/browser/chromeos/cros/cros_library.h"
10 #include "chrome/browser/chromeos/cros/cryptohome_library.h"
9 #include "chrome/browser/chromeos/login/screen_observer.h" 11 #include "chrome/browser/chromeos/login/screen_observer.h"
10 #include "chrome/browser/policy/browser_policy_connector.h" 12 #include "chrome/browser/policy/browser_policy_connector.h"
11 #include "chrome/common/net/gaia/gaia_constants.h" 13 #include "chrome/common/net/gaia/gaia_constants.h"
12 14
13 namespace chromeos { 15 namespace chromeos {
14 16
17 // Retry for InstallAttrs initialization every 500ms.
18 const int kLockboxRetryIntervalMs = 500;
19
15 EnterpriseEnrollmentScreen::EnterpriseEnrollmentScreen( 20 EnterpriseEnrollmentScreen::EnterpriseEnrollmentScreen(
16 WizardScreenDelegate* delegate) 21 WizardScreenDelegate* delegate)
17 : ViewScreen<EnterpriseEnrollmentView>(delegate) {} 22 : ViewScreen<EnterpriseEnrollmentView>(delegate),
23 ALLOW_THIS_IN_INITIALIZER_LIST(runnable_method_factory_(this)) {
24 // Init the TPM if it has not been done until now (in debug build we might
25 // have not done that yet).
26 chromeos::CryptohomeLibrary* cryptohome =
27 chromeos::CrosLibrary::Get()->GetCryptohomeLibrary();
28 if (cryptohome) {
29 if (cryptohome->TpmIsEnabled() &&
30 !cryptohome->TpmIsBeingOwned() &&
31 !cryptohome->TpmIsOwned()) {
32 cryptohome->TpmCanAttemptOwnership();
33 }
34 }
35 }
18 36
19 EnterpriseEnrollmentScreen::~EnterpriseEnrollmentScreen() {} 37 EnterpriseEnrollmentScreen::~EnterpriseEnrollmentScreen() {}
20 38
21 void EnterpriseEnrollmentScreen::Authenticate(const std::string& user, 39 void EnterpriseEnrollmentScreen::Authenticate(const std::string& user,
22 const std::string& password, 40 const std::string& password,
23 const std::string& captcha, 41 const std::string& captcha,
24 const std::string& access_code) { 42 const std::string& access_code) {
25 captcha_token_.clear(); 43 captcha_token_.clear();
26 user_ = user; 44 user_ = user;
27 auth_fetcher_.reset( 45 auth_fetcher_.reset(
(...skipping 20 matching lines...) Expand all
48 ScreenObserver* observer = delegate()->GetObserver(this); 66 ScreenObserver* observer = delegate()->GetObserver(this);
49 observer->OnExit(ScreenObserver::ENTERPRISE_ENROLLMENT_CANCELLED); 67 observer->OnExit(ScreenObserver::ENTERPRISE_ENROLLMENT_CANCELLED);
50 } 68 }
51 69
52 void EnterpriseEnrollmentScreen::CloseConfirmation() { 70 void EnterpriseEnrollmentScreen::CloseConfirmation() {
53 auth_fetcher_.reset(); 71 auth_fetcher_.reset();
54 ScreenObserver* observer = delegate()->GetObserver(this); 72 ScreenObserver* observer = delegate()->GetObserver(this);
55 observer->OnExit(ScreenObserver::ENTERPRISE_ENROLLMENT_COMPLETED); 73 observer->OnExit(ScreenObserver::ENTERPRISE_ENROLLMENT_COMPLETED);
56 } 74 }
57 75
76 bool EnterpriseEnrollmentScreen::GetInitialUser(std::string* user) {
77 chromeos::CryptohomeLibrary* cryptohome =
78 chromeos::CrosLibrary::Get()->GetCryptohomeLibrary();
79 if (cryptohome &&
80 cryptohome->InstallAttributesIsReady() &&
81 !cryptohome->InstallAttributesIsFirstInstall()) {
82 std::string value;
83 if (cryptohome->InstallAttributesGet("enterprise.owned", &value) &&
84 value == "true") {
85 if (cryptohome->InstallAttributesGet("enterprise.user", &value)) {
86 // If we landed in the enrollment dialogue with a locked InstallAttrs
87 // this means we might only want to reenroll with the DMServer so lock
88 // the username to what has been stored in the InstallAttrs already.
89 *user = value;
90 if (view())
91 view()->set_editable_user(false);
92 return true;
93 }
94 }
95 LOG(ERROR) << "Enrollment will not finish because the InstallAttrs has "
96 << "been locked already but does not contain valid data.";
97 }
98 return false;
99 }
100
58 void EnterpriseEnrollmentScreen::OnClientLoginSuccess( 101 void EnterpriseEnrollmentScreen::OnClientLoginSuccess(
59 const ClientLoginResult& result) { 102 const ClientLoginResult& result) {
60 auth_fetcher_->StartIssueAuthToken(result.sid, result.lsid, 103 WriteInstallAttributesData(result);
61 GaiaConstants::kDeviceManagementService);
62 } 104 }
63 105
64 void EnterpriseEnrollmentScreen::OnClientLoginFailure( 106 void EnterpriseEnrollmentScreen::OnClientLoginFailure(
65 const GoogleServiceAuthError& error) { 107 const GoogleServiceAuthError& error) {
66 HandleAuthError(error); 108 HandleAuthError(error);
67 } 109 }
68 110
69 void EnterpriseEnrollmentScreen::OnIssueAuthTokenSuccess( 111 void EnterpriseEnrollmentScreen::OnIssueAuthTokenSuccess(
70 const std::string& service, 112 const std::string& service,
71 const std::string& auth_token) { 113 const std::string& auth_token) {
(...skipping 98 matching lines...) Expand 10 before | Expand all | Expand 10 after
170 // fall through. 212 // fall through.
171 case GoogleServiceAuthError::REQUEST_CANCELED: 213 case GoogleServiceAuthError::REQUEST_CANCELED:
172 LOG(ERROR) << "Unexpected GAIA auth error: " << error.state(); 214 LOG(ERROR) << "Unexpected GAIA auth error: " << error.state();
173 view()->ShowFatalAuthError(); 215 view()->ShowFatalAuthError();
174 return; 216 return;
175 } 217 }
176 218
177 NOTREACHED() << error.state(); 219 NOTREACHED() << error.state();
178 } 220 }
179 221
222 void EnterpriseEnrollmentScreen::WriteInstallAttributesData(
223 const ClientLoginResult& result) {
224 // Since this method is also called directly.
225 runnable_method_factory_.RevokeAll();
226
227 if (!view())
228 return;
229
230 chromeos::CryptohomeLibrary* cryptohome =
231 chromeos::CrosLibrary::Get()->GetCryptohomeLibrary();
232 if (!cryptohome) {
233 LOG(ERROR) << "Enrollment can not proceed because the InstallAttrs can not "
234 << "be accessed.";
235 view()->ShowFatalEnrollmentError();
236 return;
237 }
238
239 if (!cryptohome->InstallAttributesIsReady()) {
240 // Lockbox is not ready yet, retry later.
241 LOG(WARNING) << "Lockbox is not ready yet will retry in "
242 << kLockboxRetryIntervalMs << "ms.";
243 MessageLoop::current()->PostDelayedTask(
244 FROM_HERE,
245 runnable_method_factory_.NewRunnableMethod(
246 &EnterpriseEnrollmentScreen::WriteInstallAttributesData, result),
247 kLockboxRetryIntervalMs);
248 return;
249 }
250
251 // Clearing the TPM password seems to be always a good deal.
252 if (cryptohome->TpmIsEnabled() &&
253 !cryptohome->TpmIsBeingOwned() &&
254 cryptohome->TpmIsOwned()) {
255 cryptohome->TpmClearStoredPassword();
256 }
257
258 // Make sure we really have a working InstallAttrs.
259 if (cryptohome->InstallAttributesIsInvalid()) {
260 LOG(ERROR) << "Enrollment can not proceed because the InstallAttrs "
261 << "is corrupt or failed to initialize!";
262 view()->ShowFatalEnrollmentError();
263 return;
264 }
265 if (!cryptohome->InstallAttributesIsFirstInstall()) {
266 std::string value;
267 if (cryptohome->InstallAttributesGet("enterprise.owned", &value) &&
268 value == "true") {
269 if (cryptohome->InstallAttributesGet("enterprise.user", &value)) {
270 if (value == user_) {
271 // If we landed here with a locked InstallAttrs this would mean we
272 // only want to reenroll with the DMServer so lock just continue.
273 auth_fetcher_->StartIssueAuthToken(
274 result.sid, result.lsid,
275 GaiaConstants::kDeviceManagementService);
276 return;
277 }
278 }
279 }
280
281 LOG(ERROR) << "Enrollment can not proceed because the InstallAttrs "
282 << "has been locked already!";
283 view()->ShowFatalEnrollmentError();
284 return;
285 }
286
287 // Set values in the InstallAttrs and lock it.
288 DCHECK(cryptohome->InstallAttributesIsFirstInstall());
289 cryptohome->InstallAttributesSet("enterprise.owned", "true");
290 cryptohome->InstallAttributesSet("enterprise.user", user_);
291 DCHECK(cryptohome->InstallAttributesCount() == 2);
292 cryptohome->InstallAttributesFinalize();
293 if (cryptohome->InstallAttributesIsFirstInstall()) {
294 LOG(ERROR) << "Enrollment can not proceed because the InstallAttrs "
295 << "can not be sealed!";
296 view()->ShowFatalEnrollmentError();
297 return;
298 }
299
300 // Proceed with register and policy fetch.
301 auth_fetcher_->StartIssueAuthToken(
302 result.sid, result.lsid, GaiaConstants::kDeviceManagementService);
303 }
304
180 } // namespace chromeos 305 } // namespace chromeos
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698