| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/policy/enrollment_handler_chromeos.h" | 5 #include "chrome/browser/chromeos/policy/enrollment_handler_chromeos.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/command_line.h" | 8 #include "base/command_line.h" |
| 9 #include "base/logging.h" | 9 #include "base/logging.h" |
| 10 #include "base/message_loop/message_loop.h" | 10 #include "base/message_loop/message_loop.h" |
| 11 #include "chrome/browser/browser_process.h" | 11 #include "chrome/browser/browser_process.h" |
| 12 #include "chrome/browser/chromeos/login/enrollment/auto_enrollment_controller.h" | 12 #include "chrome/browser/chromeos/login/enrollment/auto_enrollment_controller.h" |
| 13 #include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h" | 13 #include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h" |
| 14 #include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h" | 14 #include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h" |
| 15 #include "chrome/browser/chromeos/policy/server_backed_state_keys_broker.h" | 15 #include "chrome/browser/chromeos/policy/server_backed_state_keys_broker.h" |
| 16 #include "chrome/browser/chromeos/settings/device_oauth2_token_service.h" | 16 #include "chrome/browser/chromeos/settings/device_oauth2_token_service.h" |
| 17 #include "chrome/browser/chromeos/settings/device_oauth2_token_service_factory.h
" | 17 #include "chrome/browser/chromeos/settings/device_oauth2_token_service_factory.h
" |
| 18 #include "chrome/browser/chromeos/settings/device_settings_service.h" | 18 #include "chrome/browser/chromeos/settings/device_settings_service.h" |
| 19 #include "chromeos/chromeos_switches.h" | 19 #include "chromeos/chromeos_switches.h" |
| 20 #include "components/policy/core/common/cloud/cloud_policy_constants.h" | |
| 21 #include "google_apis/gaia/gaia_urls.h" | 20 #include "google_apis/gaia/gaia_urls.h" |
| 22 #include "net/http/http_status_code.h" | 21 #include "net/http/http_status_code.h" |
| 23 | 22 |
| 24 namespace em = enterprise_management; | 23 namespace em = enterprise_management; |
| 25 | 24 |
| 26 namespace policy { | 25 namespace policy { |
| 27 | 26 |
| 28 namespace { | 27 namespace { |
| 29 | 28 |
| 30 // Retry for InstallAttrs initialization every 500ms. | 29 // Retry for InstallAttrs initialization every 500ms. |
| (...skipping 13 matching lines...) Expand all Loading... |
| 44 EnterpriseInstallAttributes* install_attributes, | 43 EnterpriseInstallAttributes* install_attributes, |
| 45 ServerBackedStateKeysBroker* state_keys_broker, | 44 ServerBackedStateKeysBroker* state_keys_broker, |
| 46 chromeos::DeviceSettingsService* device_settings_service, | 45 chromeos::DeviceSettingsService* device_settings_service, |
| 47 scoped_ptr<CloudPolicyClient> client, | 46 scoped_ptr<CloudPolicyClient> client, |
| 48 scoped_refptr<base::SequencedTaskRunner> background_task_runner, | 47 scoped_refptr<base::SequencedTaskRunner> background_task_runner, |
| 49 const std::string& auth_token, | 48 const std::string& auth_token, |
| 50 const std::string& client_id, | 49 const std::string& client_id, |
| 51 bool is_auto_enrollment, | 50 bool is_auto_enrollment, |
| 52 const std::string& requisition, | 51 const std::string& requisition, |
| 53 const AllowedDeviceModes& allowed_device_modes, | 52 const AllowedDeviceModes& allowed_device_modes, |
| 54 em::PolicyData::ManagementMode management_mode, | 53 ManagementMode management_mode, |
| 55 const EnrollmentCallback& completion_callback) | 54 const EnrollmentCallback& completion_callback) |
| 56 : store_(store), | 55 : store_(store), |
| 57 install_attributes_(install_attributes), | 56 install_attributes_(install_attributes), |
| 58 state_keys_broker_(state_keys_broker), | 57 state_keys_broker_(state_keys_broker), |
| 59 device_settings_service_(device_settings_service), | 58 device_settings_service_(device_settings_service), |
| 60 client_(client.Pass()), | 59 client_(client.Pass()), |
| 61 background_task_runner_(background_task_runner), | 60 background_task_runner_(background_task_runner), |
| 62 auth_token_(auth_token), | 61 auth_token_(auth_token), |
| 63 client_id_(client_id), | 62 client_id_(client_id), |
| 64 is_auto_enrollment_(is_auto_enrollment), | 63 is_auto_enrollment_(is_auto_enrollment), |
| 65 requisition_(requisition), | 64 requisition_(requisition), |
| 66 allowed_device_modes_(allowed_device_modes), | 65 allowed_device_modes_(allowed_device_modes), |
| 67 management_mode_(management_mode), | 66 management_mode_(management_mode), |
| 68 completion_callback_(completion_callback), | 67 completion_callback_(completion_callback), |
| 69 device_mode_(DEVICE_MODE_NOT_SET), | 68 device_mode_(DEVICE_MODE_NOT_SET), |
| 70 enrollment_step_(STEP_PENDING), | 69 enrollment_step_(STEP_PENDING), |
| 71 lockbox_init_duration_(0), | 70 lockbox_init_duration_(0), |
| 72 weak_ptr_factory_(this) { | 71 weak_ptr_factory_(this) { |
| 73 CHECK(!client_->is_registered()); | 72 CHECK(!client_->is_registered()); |
| 74 CHECK_EQ(DM_STATUS_SUCCESS, client_->status()); | 73 CHECK_EQ(DM_STATUS_SUCCESS, client_->status()); |
| 75 CHECK(management_mode_ == em::PolicyData::ENTERPRISE_MANAGED || | 74 CHECK(management_mode_ == MANAGEMENT_MODE_ENTERPRISE || |
| 76 management_mode_ == em::PolicyData::CONSUMER_MANAGED); | 75 management_mode_ == MANAGEMENT_MODE_CONSUMER); |
| 77 store_->AddObserver(this); | 76 store_->AddObserver(this); |
| 78 client_->AddObserver(this); | 77 client_->AddObserver(this); |
| 79 client_->AddNamespaceToFetch(PolicyNamespaceKey( | 78 client_->AddNamespaceToFetch(PolicyNamespaceKey( |
| 80 dm_protocol::kChromeDevicePolicyType, std::string())); | 79 dm_protocol::kChromeDevicePolicyType, std::string())); |
| 81 } | 80 } |
| 82 | 81 |
| 83 EnrollmentHandlerChromeOS::~EnrollmentHandlerChromeOS() { | 82 EnrollmentHandlerChromeOS::~EnrollmentHandlerChromeOS() { |
| 84 Stop(); | 83 Stop(); |
| 85 store_->RemoveObserver(this); | 84 store_->RemoveObserver(this); |
| 86 } | 85 } |
| (...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 126 // previously-enrolled domain. | 125 // previously-enrolled domain. |
| 127 std::string domain; | 126 std::string domain; |
| 128 if (install_attributes_->IsEnterpriseDevice()) { | 127 if (install_attributes_->IsEnterpriseDevice()) { |
| 129 domain = install_attributes_->GetDomain(); | 128 domain = install_attributes_->GetDomain(); |
| 130 validator->ValidateDomain(domain); | 129 validator->ValidateDomain(domain); |
| 131 } | 130 } |
| 132 validator->ValidateDMToken(client->dm_token(), | 131 validator->ValidateDMToken(client->dm_token(), |
| 133 CloudPolicyValidatorBase::DM_TOKEN_REQUIRED); | 132 CloudPolicyValidatorBase::DM_TOKEN_REQUIRED); |
| 134 validator->ValidatePolicyType(dm_protocol::kChromeDevicePolicyType); | 133 validator->ValidatePolicyType(dm_protocol::kChromeDevicePolicyType); |
| 135 validator->ValidatePayload(); | 134 validator->ValidatePayload(); |
| 136 if (management_mode_ == em::PolicyData::CONSUMER_MANAGED) { | 135 if (management_mode_ == MANAGEMENT_MODE_CONSUMER) { |
| 137 // For consumer-managed devices, although we don't store the policy, we | 136 // For consumer-managed devices, although we don't store the policy, we |
| 138 // still need to verify its integrity since we use the request token in it. | 137 // still need to verify its integrity since we use the request token in it. |
| 139 // The consumer device management server does not have the verification | 138 // The consumer device management server does not have the verification |
| 140 // key, and we need to skip checking on that by passing an empty key to | 139 // key, and we need to skip checking on that by passing an empty key to |
| 141 // ValidateInitialKey(). ValidateInitialKey() still checks that the policy | 140 // ValidateInitialKey(). ValidateInitialKey() still checks that the policy |
| 142 // data is correctly signed by the new public key when the verification key | 141 // data is correctly signed by the new public key when the verification key |
| 143 // is empty. | 142 // is empty. |
| 144 validator->ValidateInitialKey("", ""); | 143 validator->ValidateInitialKey("", ""); |
| 145 } else { | 144 } else { |
| 146 // If |domain| is empty here, the policy validation code will just use the | 145 // If |domain| is empty here, the policy validation code will just use the |
| (...skipping 189 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 336 << response_code; | 335 << response_code; |
| 337 ReportResult( | 336 ReportResult( |
| 338 EnrollmentStatus::ForRobotRefreshFetchError(response_code)); | 337 EnrollmentStatus::ForRobotRefreshFetchError(response_code)); |
| 339 } | 338 } |
| 340 | 339 |
| 341 void EnrollmentHandlerChromeOS::StartLockDevice() { | 340 void EnrollmentHandlerChromeOS::StartLockDevice() { |
| 342 CHECK_EQ(STEP_LOCK_DEVICE, enrollment_step_); | 341 CHECK_EQ(STEP_LOCK_DEVICE, enrollment_step_); |
| 343 // Since this method is also called directly. | 342 // Since this method is also called directly. |
| 344 weak_ptr_factory_.InvalidateWeakPtrs(); | 343 weak_ptr_factory_.InvalidateWeakPtrs(); |
| 345 | 344 |
| 346 if (management_mode_ == em::PolicyData::CONSUMER_MANAGED) { | 345 if (management_mode_ == MANAGEMENT_MODE_CONSUMER) { |
| 347 // Consumer device enrollment doesn't use install attributes. Instead, | 346 // Consumer device enrollment doesn't use install attributes. Instead, |
| 348 // we put the information in the owners settings. | 347 // we put the information in the owners settings. |
| 349 enrollment_step_ = STEP_STORE_TOKEN_AND_ID; | 348 enrollment_step_ = STEP_STORE_TOKEN_AND_ID; |
| 350 device_settings_service_->SetManagementSettings( | 349 device_settings_service_->SetManagementSettings( |
| 351 management_mode_, request_token_, device_id_, | 350 em::PolicyData::CONSUMER_MANAGED, request_token_, device_id_, |
| 352 base::Bind(&EnrollmentHandlerChromeOS::HandleSetManagementSettingsDone, | 351 base::Bind(&EnrollmentHandlerChromeOS::HandleSetManagementSettingsDone, |
| 353 weak_ptr_factory_.GetWeakPtr())); | 352 weak_ptr_factory_.GetWeakPtr())); |
| 354 } else { | 353 } else { |
| 355 install_attributes_->LockDevice( | 354 install_attributes_->LockDevice( |
| 356 username_, device_mode_, device_id_, | 355 username_, device_mode_, device_id_, |
| 357 base::Bind(&EnrollmentHandlerChromeOS::HandleLockDeviceResult, | 356 base::Bind(&EnrollmentHandlerChromeOS::HandleLockDeviceResult, |
| 358 weak_ptr_factory_.GetWeakPtr())); | 357 weak_ptr_factory_.GetWeakPtr())); |
| 359 } | 358 } |
| 360 } | 359 } |
| 361 | 360 |
| (...skipping 57 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 419 void EnrollmentHandlerChromeOS::HandleStoreRobotAuthTokenResult(bool result) { | 418 void EnrollmentHandlerChromeOS::HandleStoreRobotAuthTokenResult(bool result) { |
| 420 CHECK_EQ(STEP_STORE_ROBOT_AUTH, enrollment_step_); | 419 CHECK_EQ(STEP_STORE_ROBOT_AUTH, enrollment_step_); |
| 421 | 420 |
| 422 if (!result) { | 421 if (!result) { |
| 423 LOG(ERROR) << "Failed to store API refresh token."; | 422 LOG(ERROR) << "Failed to store API refresh token."; |
| 424 ReportResult(EnrollmentStatus::ForStatus( | 423 ReportResult(EnrollmentStatus::ForStatus( |
| 425 EnrollmentStatus::STATUS_ROBOT_REFRESH_STORE_FAILED)); | 424 EnrollmentStatus::STATUS_ROBOT_REFRESH_STORE_FAILED)); |
| 426 return; | 425 return; |
| 427 } | 426 } |
| 428 | 427 |
| 429 if (management_mode_ == em::PolicyData::CONSUMER_MANAGED) { | 428 if (management_mode_ == MANAGEMENT_MODE_CONSUMER) { |
| 430 // For consumer management enrollment, we don't store the policy. | 429 // For consumer management enrollment, we don't store the policy. |
| 431 ReportResult(EnrollmentStatus::ForStatus(EnrollmentStatus::STATUS_SUCCESS)); | 430 ReportResult(EnrollmentStatus::ForStatus(EnrollmentStatus::STATUS_SUCCESS)); |
| 432 return; | 431 return; |
| 433 } | 432 } |
| 434 | 433 |
| 435 enrollment_step_ = STEP_STORE_POLICY; | 434 enrollment_step_ = STEP_STORE_POLICY; |
| 436 store_->InstallInitialPolicy(*policy_); | 435 store_->InstallInitialPolicy(*policy_); |
| 437 } | 436 } |
| 438 | 437 |
| 439 void EnrollmentHandlerChromeOS::Stop() { | 438 void EnrollmentHandlerChromeOS::Stop() { |
| (...skipping 14 matching lines...) Expand all Loading... |
| 454 << ", validation: " << status.validation_status() | 453 << ", validation: " << status.validation_status() |
| 455 << ", store: " << status.store_status() | 454 << ", store: " << status.store_status() |
| 456 << ", lock: " << status.lock_status(); | 455 << ", lock: " << status.lock_status(); |
| 457 } | 456 } |
| 458 | 457 |
| 459 if (!callback.is_null()) | 458 if (!callback.is_null()) |
| 460 callback.Run(status); | 459 callback.Run(status); |
| 461 } | 460 } |
| 462 | 461 |
| 463 } // namespace policy | 462 } // namespace policy |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 742513006:
Add ManagementMode enum and GetManagementMode(). (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master