SetManagementSettings() is moved to OwnerSettingsServiceChromeOS.

chrome/browser/chromeos/ownership/owner_settings_service_chromeos.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/ownership/owner_settings_service_chromeos.h"
 
 #include <string>
 
 #include "base/bind.h"
 #include "base/bind_helpers.h"
 #include "base/callback.h"
 #include "base/command_line.h"
 #include "base/prefs/pref_service.h"
 #include "base/threading/thread_checker.h"
 #include "chrome/browser/chrome_notification_types.h"
 #include "chrome/browser/chromeos/profiles/profile_helper.h"
 #include "chrome/browser/chromeos/profiles/profile_helper.h"
 #include "chrome/browser/chromeos/settings/cros_settings.h"
 #include "chrome/browser/chromeos/settings/device_settings_provider.h"
 #include "chrome/browser/chromeos/settings/session_manager_operation.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chromeos/dbus/dbus_thread_manager.h"
 #include "chromeos/tpm_token_loader.h"
 #include "components/ownership/owner_key_util.h"
-#include "components/policy/core/common/cloud/cloud_policy_constants.h"
 #include "components/user_manager/user.h"
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/notification_details.h"
 #include "content/public/browser/notification_service.h"
 #include "content/public/browser/notification_source.h"
 #include "content/public/common/content_switches.h"
 #include "crypto/nss_util.h"
 #include "crypto/nss_util_internal.h"
 #include "crypto/rsa_private_key.h"
 #include "crypto/scoped_nss_types.h"
@@ skipping 105 matching lines @@
   scoped_refptr<base::TaskRunner> task_runner =
       BrowserThread::GetBlockingPool()->GetTaskRunnerWithShutdownBehavior(
           base::SequencedWorkerPool::SKIP_ON_SHUTDOWN);
   base::PostTaskAndReplyWithResult(
       task_runner.get(),
       FROM_HERE,
       base::Bind(&DoesPrivateKeyExistAsyncHelper, owner_key_util),
       callback);
 }
 
+// Returns true if it is okay to transfer from the current mode to the new
+// mode. This function should be called in SetManagementMode().
+bool CheckManagementModeTransition(policy::ManagementMode current_mode,
+                                   policy::ManagementMode new_mode) {
+  // Mode is not changed.
+  if (current_mode == new_mode)
+    return true;
+
+  switch (current_mode) {
+    case policy::MANAGEMENT_MODE_LOCAL_OWNER:
+      // For consumer management enrollment.
+      return new_mode == policy::MANAGEMENT_MODE_CONSUMER_MANAGED;
+
+    case policy::MANAGEMENT_MODE_ENTERPRISE_MANAGED:
+      // Management mode cannot be set when it is currently ENTERPRISE_MANAGED.
+      return false;
+
+    case policy::MANAGEMENT_MODE_CONSUMER_MANAGED:
+      // For consumer management unenrollment.
+      return new_mode == policy::MANAGEMENT_MODE_LOCAL_OWNER;
+  }
+
+  NOTREACHED();
+  return false;
+}
+
 }  // namespace
 
+OwnerSettingsServiceChromeOS::ManagementSettings::ManagementSettings() {
+}
+
+OwnerSettingsServiceChromeOS::ManagementSettings::~ManagementSettings() {
+}
+
 OwnerSettingsServiceChromeOS::OwnerSettingsServiceChromeOS(
     DeviceSettingsService* device_settings_service,
     Profile* profile,
     const scoped_refptr<OwnerKeyUtil>& owner_key_util)
     : ownership::OwnerSettingsService(owner_key_util),
       device_settings_service_(device_settings_service),
       profile_(profile),
       waiting_for_profile_creation_(true),
       waiting_for_tpm_token_(true),
+      has_pending_management_settings_(false),
       weak_factory_(this),
       store_settings_factory_(this) {
   if (TPMTokenLoader::IsInitialized()) {
     TPMTokenLoader::TPMTokenStatus tpm_token_status =
         TPMTokenLoader::Get()->IsTPMTokenEnabled(
             base::Bind(&OwnerSettingsServiceChromeOS::OnTPMTokenReady,
                        weak_factory_.GetWeakPtr()));
     waiting_for_tpm_token_ =
         tpm_token_status == TPMTokenLoader::TPM_TOKEN_STATUS_UNDETERMINED;
   }
@@ skipping 110 matching lines @@
 
 void OwnerSettingsServiceChromeOS::DeviceSettingsUpdated() {
   DCHECK(thread_checker_.CalledOnValidThread());
   StorePendingChanges();
 }
 
 void OwnerSettingsServiceChromeOS::OnDeviceSettingsServiceShutdown() {
   device_settings_service_ = nullptr;
 }
 
+void OwnerSettingsServiceChromeOS::SetManagementSettings(
+    const ManagementSettings& settings,
+    const OnManagementSettingsSetCallback& callback) {
+  if ((!IsOwner() && !IsOwnerInTests(user_id_))) {
+    if (!callback.is_null())
+      callback.Run(false /* success */);
+    return;
+  }
+
+  policy::ManagementMode current_mode = policy::MANAGEMENT_MODE_LOCAL_OWNER;
+  if (has_pending_management_settings_) {
+    current_mode = pending_management_settings_.management_mode;
+  } else if (device_settings_service_ &&
+             device_settings_service_->policy_data()) {
+    current_mode =
+        policy::GetManagementMode(*device_settings_service_->policy_data());
+  }
+
+  if (!CheckManagementModeTransition(current_mode, settings.management_mode)) {
+    LOG(ERROR) << "Invalid management mode transition: current mode = "
+               << current_mode << ", new mode = " << settings.management_mode;
+    if (!callback.is_null())
+      callback.Run(false /* success */);
+    return;
+  }
+
+  pending_management_settings_ = settings;
+  has_pending_management_settings_ = true;
+  pending_management_settings_callbacks_.push_back(callback);
+  StorePendingChanges();
+}
+
 // static
 void OwnerSettingsServiceChromeOS::IsOwnerForSafeModeAsync(
     const std::string& user_hash,
     const scoped_refptr<OwnerKeyUtil>& owner_key_util,
     const IsOwnerCallback& callback) {
   CHECK(chromeos::LoginState::Get()->IsInSafeMode());
 
   // Make sure NSS is initialized and NSS DB is loaded for the user before
   // searching for the owner key.
   BrowserThread::PostTaskAndReply(
@@ skipping 308 matching lines @@
   } else {
     return;
   }
 
   for (const auto& change : pending_changes_)
     UpdateDeviceSettings(change.first, *change.second, settings);
   pending_changes_.clear();
 
   scoped_ptr<em::PolicyData> policy = AssemblePolicy(
       user_id_, device_settings_service_->policy_data(), &settings);
+
+  if (has_pending_management_settings_) {
+    policy::SetManagementMode(*policy,
+                              pending_management_settings_.management_mode);
+    policy->set_request_token(pending_management_settings_.request_token);
+    policy->set_device_id(pending_management_settings_.device_id);
+  }
+  has_pending_management_settings_ = false;
+
   bool rv = AssembleAndSignPolicyAsync(
       content::BrowserThread::GetBlockingPool(), policy.Pass(),
       base::Bind(&OwnerSettingsServiceChromeOS::OnPolicyAssembledAndSigned,
                  store_settings_factory_.GetWeakPtr()));
   if (!rv)
     ReportStatusAndContinueStoring(false /* success */);
 }
 
 void OwnerSettingsServiceChromeOS::OnPolicyAssembledAndSigned(
     scoped_ptr<em::PolicyFetchResponse> policy_response) {
   if (!policy_response.get() || !device_settings_service_) {
     ReportStatusAndContinueStoring(false /* success */);
     return;
   }
   device_settings_service_->Store(
       policy_response.Pass(),
       base::Bind(&OwnerSettingsServiceChromeOS::OnSignedPolicyStored,
                  store_settings_factory_.GetWeakPtr(),
                  true /* success */));
 }
 
 void OwnerSettingsServiceChromeOS::OnSignedPolicyStored(bool success) {
   CHECK(device_settings_service_);
   ReportStatusAndContinueStoring(success &&
-                                 device_settings_service_->status() !=
+                                 device_settings_service_->status() ==
                                      DeviceSettingsService::STORE_SUCCESS);
 }
 
 void OwnerSettingsServiceChromeOS::ReportStatusAndContinueStoring(
     bool success) {
   store_settings_factory_.InvalidateWeakPtrs();
   FOR_EACH_OBSERVER(OwnerSettingsService::Observer, observers_,
                     OnSignedPolicyStored(success));
+  for (const auto& callback : pending_management_settings_callbacks_) {

[Mattias Nissler (ping if slow), 2014/12/04 13:05:46]

Suggestion: Declare a temporary callbacks vector, swap with
|pending_management_settings_callbacks_|. This will prevent issues when the
callback calls SetManagementSettings again and thus modifies
pending_management_settings_callbacks_.

[ygorshenin1, 2014/12/05 09:31:48]

Thanks for the suggestion! Done.

+    if (!callback.is_null())
+      callback.Run(success);
+  }
+  pending_management_settings_callbacks_.clear();
   StorePendingChanges();
 }
 
 }  // namespace chromeos