Enable crOS Account Manager for Active Directory accounts

Bug: 820046
Change-Id: I01bc0f92f4c81ec314e4f775593c7bacf4213183
Reviewed-on: https://chromium-review.googlesource.com/c/1348065Reviewed-by: Xiyuan Xia <xiyuan@chromium.org>
Reviewed-by: Lutz Justen <ljusten@chromium.org>
Commit-Queue: Kush Sinha <sinhak@chromium.org>
Cr-Commit-Position: refs/heads/master@{#613131}

chrome/browser/chromeos/authpolicy/auth_policy_credentials_manager.cc

@@ -4,6 +4,9 @@
 
 #include "chrome/browser/chromeos/authpolicy/auth_policy_credentials_manager.h"
 
+#include <memory>
+#include <utility>
+
 #include "ash/public/cpp/notification_utils.h"
 #include "ash/public/cpp/vector_icons/vector_icons.h"
 #include "base/files/important_file_writer.h"
@@ -20,22 +23,29 @@
 #include "chrome/browser/notifications/notification_display_service.h"
 #include "chrome/browser/notifications/notification_display_service_factory.h"
 #include "chrome/browser/profiles/profile.h"
+#include "chrome/browser/signin/profile_oauth2_token_service_factory.h"
 #include "chrome/common/pref_names.h"
 #include "chrome/grit/chromium_strings.h"
 #include "chrome/grit/generated_resources.h"
 #include "chrome/grit/theme_resources.h"
+#include "chromeos/account_manager/account_manager.h"
+#include "chromeos/account_manager/account_manager_factory.h"
+#include "chromeos/chromeos_switches.h"
 #include "chromeos/dbus/auth_policy_client.h"
 #include "chromeos/dbus/dbus_thread_manager.h"
 #include "chromeos/network/network_handler.h"
 #include "chromeos/network/network_state.h"
 #include "chromeos/network/network_state_handler.h"
 #include "components/keyed_service/content/browser_context_dependency_manager.h"
+#include "components/signin/core/browser/profile_oauth2_token_service.h"
 #include "dbus/message.h"
 #include "ui/base/l10n/l10n_util.h"
 #include "ui/base/resource/resource_bundle.h"
 #include "ui/message_center/public/cpp/notification.h"
 #include "ui/message_center/public/cpp/notification_delegate.h"
 
+namespace chromeos {
+
 namespace {
 
 constexpr base::TimeDelta kGetUserStatusCallsInterval =
@@ -78,14 +88,39 @@ void WriteFile(const std::string& file_name, const std::string& blob) {
 // dns_canonicalize_hostname below, it would get overridden.
 std::string AdjustConfig(const std::string& config, bool is_dns_cname_enabled) {
   std::string adjusted_config = base::StringPrintf(
-      chromeos::kKrb5CnameSettings, is_dns_cname_enabled ? "true" : "false");
+      kKrb5CnameSettings, is_dns_cname_enabled ? "true" : "false");
   adjusted_config.append(config);
   return adjusted_config;
 }
 
-}  // namespace
+// Sets up Chrome OS Account Manager and starts |ProfileOAuth2TokenService|.
+// |profile| is a non-owning pointer to |Profile|.
+// |object_guid| is the Active Directory Object GUID for the Device Account.
+void SetupAccountManager(Profile* profile, const std::string& object_guid) {
+  if (!switches::IsAccountManagerEnabled())
+    return;
 
-namespace chromeos {
+  AccountManagerFactory* factory =
+      g_browser_process->platform_part()->GetAccountManagerFactory();
+  DCHECK(factory);
+  AccountManager* account_manager =
+      factory->GetAccountManager(profile->GetPath().value());
+  DCHECK(account_manager);
+  // |AccountManager::UpsertToken| is idempotent and safe to call multiple
+  // times.
+  account_manager->UpsertToken(
+      AccountManager::AccountKey{
+          object_guid,
+          account_manager::AccountType::ACCOUNT_TYPE_ACTIVE_DIRECTORY},
+      AccountManager::kActiveDirectoryDummyToken);
+
+  // Needed to work with Secondary Accounts in Chrome OS Account Manager. The
+  // value of |primary_account_id| doesn't matter.
+  ProfileOAuth2TokenServiceFactory::GetForProfile(profile)->LoadCredentials(
+      std::string() /* primary_account_id */);
+}
+
+}  // namespace
 
 const char* kKrb5CnameSettings =
     "[libdefaults]\n"
@@ -95,7 +130,7 @@ const char* kKrb5CnameSettings =
 AuthPolicyCredentialsManager::AuthPolicyCredentialsManager(Profile* profile)
     : profile_(profile) {
   const user_manager::User* user =
-      chromeos::ProfileHelper::Get()->GetUserByProfile(profile);
+      ProfileHelper::Get()->GetUserByProfile(profile);
   CHECK(user && user->IsActiveDirectoryUser());
   StartObserveNetwork();
   account_id_ = user->GetAccountId();
@@ -119,13 +154,15 @@ AuthPolicyCredentialsManager::AuthPolicyCredentialsManager(Profile* profile)
 
   // Connecting to the signal sent by authpolicyd notifying that Kerberos files
   // have changed.
-  chromeos::DBusThreadManager::Get()->GetAuthPolicyClient()->ConnectToSignal(
+  DBusThreadManager::Get()->GetAuthPolicyClient()->ConnectToSignal(
       authpolicy::kUserKerberosFilesChangedSignal,
       base::Bind(
           &AuthPolicyCredentialsManager::OnUserKerberosFilesChangedCallback,
           weak_factory_.GetWeakPtr()),
       base::Bind(&AuthPolicyCredentialsManager::OnSignalConnectedCallback,
                  weak_factory_.GetWeakPtr()));
+
+  SetupAccountManager(profile, user->GetAccountId().GetObjGuid());
 }
 
 AuthPolicyCredentialsManager::~AuthPolicyCredentialsManager() {}
@@ -135,12 +172,12 @@ void AuthPolicyCredentialsManager::Shutdown() {
 }
 
 void AuthPolicyCredentialsManager::DefaultNetworkChanged(
-    const chromeos::NetworkState* network) {
+    const NetworkState* network) {
   GetUserStatusIfConnected(network);
 }
 
 void AuthPolicyCredentialsManager::NetworkConnectionStateChanged(
-    const chromeos::NetworkState* network) {
+    const NetworkState* network) {
   GetUserStatusIfConnected(network);
 }
 
@@ -156,7 +193,7 @@ void AuthPolicyCredentialsManager::GetUserStatus() {
   authpolicy::GetUserStatusRequest request;
   request.set_user_principal_name(account_id_.GetUserEmail());
   request.set_account_id(account_id_.GetObjGuid());
-  chromeos::DBusThreadManager::Get()->GetAuthPolicyClient()->GetUserStatus(
+  DBusThreadManager::Get()->GetAuthPolicyClient()->GetUserStatus(
       request,
       base::BindOnce(&AuthPolicyCredentialsManager::OnGetUserStatusCallback,
                      weak_factory_.GetWeakPtr()));
@@ -219,13 +256,11 @@ void AuthPolicyCredentialsManager::OnGetUserStatusCallback(
 }
 
 void AuthPolicyCredentialsManager::GetUserKerberosFiles() {
-  chromeos::DBusThreadManager::Get()
-      ->GetAuthPolicyClient()
-      ->GetUserKerberosFiles(
-          account_id_.GetObjGuid(),
-          base::BindOnce(
-              &AuthPolicyCredentialsManager::OnGetUserKerberosFilesCallback,
-              weak_factory_.GetWeakPtr()));
+  DBusThreadManager::Get()->GetAuthPolicyClient()->GetUserKerberosFiles(
+      account_id_.GetObjGuid(),
+      base::BindOnce(
+          &AuthPolicyCredentialsManager::OnGetUserKerberosFilesCallback,
+          weak_factory_.GetWeakPtr()));
 }
 
 void AuthPolicyCredentialsManager::OnGetUserKerberosFilesCallback(
@@ -264,21 +299,20 @@ void AuthPolicyCredentialsManager::ScheduleGetUserStatus() {
 }
 
 void AuthPolicyCredentialsManager::StartObserveNetwork() {
-  DCHECK(chromeos::NetworkHandler::IsInitialized());
+  DCHECK(NetworkHandler::IsInitialized());
   if (is_observing_network_)
     return;
   is_observing_network_ = true;
-  chromeos::NetworkHandler::Get()->network_state_handler()->AddObserver(
-      this, FROM_HERE);
+  NetworkHandler::Get()->network_state_handler()->AddObserver(this, FROM_HERE);
 }
 
 void AuthPolicyCredentialsManager::StopObserveNetwork() {
   if (!is_observing_network_)
     return;
-  DCHECK(chromeos::NetworkHandler::IsInitialized());
+  DCHECK(NetworkHandler::IsInitialized());
   is_observing_network_ = false;
-  chromeos::NetworkHandler::Get()->network_state_handler()->RemoveObserver(
-      this, FROM_HERE);
+  NetworkHandler::Get()->network_state_handler()->RemoveObserver(this,
+                                                                 FROM_HERE);
 }
 
 void AuthPolicyCredentialsManager::UpdateDisplayAndGivenName(
@@ -338,7 +372,7 @@ void AuthPolicyCredentialsManager::ShowNotification(int message_id) {
 }
 
 void AuthPolicyCredentialsManager::GetUserStatusIfConnected(
-    const chromeos::NetworkState* network) {
+    const NetworkState* network) {
   if (!network || !network->IsConnectedState())
     return;
   if (is_get_status_in_progress_) {
@@ -378,7 +412,9 @@ AuthPolicyCredentialsManagerFactory::GetInstance() {
 AuthPolicyCredentialsManagerFactory::AuthPolicyCredentialsManagerFactory()
     : BrowserContextKeyedServiceFactory(
           "AuthPolicyCredentialsManager",
-          BrowserContextDependencyManager::GetInstance()) {}
+          BrowserContextDependencyManager::GetInstance()) {
+  DependsOn(ProfileOAuth2TokenServiceFactory::GetInstance());
+}
 
 AuthPolicyCredentialsManagerFactory::~AuthPolicyCredentialsManagerFactory() {}
 
@@ -394,7 +430,7 @@ KeyedService* AuthPolicyCredentialsManagerFactory::BuildServiceInstanceFor(
     return nullptr;
   Profile* profile = Profile::FromBrowserContext(context);
   const user_manager::User* user =
-      chromeos::ProfileHelper::Get()->GetUserByProfile(profile);
+      ProfileHelper::Get()->GetUserByProfile(profile);
   if (!user || !user->IsActiveDirectoryUser())
     return nullptr;
   return new AuthPolicyCredentialsManager(profile);

chrome/browser/chromeos/authpolicy/auth_policy_credentials_manager.h

@@ -6,6 +6,7 @@
 #define CHROME_BROWSER_CHROMEOS_AUTHPOLICY_AUTH_POLICY_CREDENTIALS_MANAGER_H_
 
 #include <set>
+#include <string>
 
 #include "base/cancelable_callback.h"
 #include "base/memory/weak_ptr.h"