Enable crOS Account Manager for Active Directory accounts

Bug: 820046 Change-Id: I01bc0f92f4c81ec314e4f775593c7bacf4213183 Reviewed-on: https://chromium-review.googlesource.com/c/1348065Reviewed-by: Xiyuan Xia <xiyuan@chromium.org> Reviewed-by: Lutz Justen <ljusten@chromium.org> Commit-Queue: Kush Sinha <sinhak@chromium.org> Cr-Commit-Position: refs/heads/master@{#613131}

Enable crOS Account Manager for Active Directory accounts
Bug: 820046 Change-Id: I01bc0f92f4c81ec314e4f775593c7bacf4213183 Reviewed-on: https://chromium-review.googlesource.com/c/1348065Reviewed-by: Xiyuan Xia <xiyuan@chromium.org> Reviewed-by: Lutz Justen <ljusten@chromium.org> Commit-Queue: Kush Sinha <sinhak@chromium.org> Cr-Commit-Position: refs/heads/master@{#613131}
354bbdb6 · Kush Sinha · Commit Bot · 8869ba95 · 354bbdb6 · 354bbdb6
Commit 354bbdb6 authored Dec 03, 2018 by Kush Sinha Committed by Commit Bot Dec 03, 2018
2 changed files
--- a/chrome/browser/chromeos/authpolicy/auth_policy_credentials_manager.cc
+++ b/chrome/browser/chromeos/authpolicy/auth_policy_credentials_manager.cc
@@ -4,6 +4,9 @@
 #include "chrome/browser/chromeos/authpolicy/auth_policy_credentials_manager.h"
+#include <memory>
+#include <utility>
 #include "ash/public/cpp/notification_utils.h"
 #include "ash/public/cpp/vector_icons/vector_icons.h"
 #include "base/files/important_file_writer.h"
@@ -20,22 +23,29 @@
 #include "chrome/browser/notifications/notification_display_service.h"
 #include "chrome/browser/notifications/notification_display_service_factory.h"
 #include "chrome/browser/profiles/profile.h"
+#include "chrome/browser/signin/profile_oauth2_token_service_factory.h"
 #include "chrome/common/pref_names.h"
 #include "chrome/grit/chromium_strings.h"
 #include "chrome/grit/generated_resources.h"
 #include "chrome/grit/theme_resources.h"
+#include "chromeos/account_manager/account_manager.h"
+#include "chromeos/account_manager/account_manager_factory.h"
+#include "chromeos/chromeos_switches.h"
 #include "chromeos/dbus/auth_policy_client.h"
 #include "chromeos/dbus/dbus_thread_manager.h"
 #include "chromeos/network/network_handler.h"
 #include "chromeos/network/network_state.h"
 #include "chromeos/network/network_state_handler.h"
 #include "components/keyed_service/content/browser_context_dependency_manager.h"
+#include "components/signin/core/browser/profile_oauth2_token_service.h"
 #include "dbus/message.h"
 #include "ui/base/l10n/l10n_util.h"
 #include "ui/base/resource/resource_bundle.h"
 #include "ui/message_center/public/cpp/notification.h"
 #include "ui/message_center/public/cpp/notification_delegate.h"
+namespace chromeos {
 namespace {
 constexpr base::TimeDelta kGetUserStatusCallsInterval =
@@ -78,14 +88,39 @@ void WriteFile(const std::string& file_name, const std::string& blob) {
 // dns_canonicalize_hostname below, it would get overridden.
 std::string AdjustConfig(const std::string& config, bool is_dns_cname_enabled) {
  std::string adjusted_config = base::StringPrintf(
-      chromeos::kKrb5CnameSettings, is_dns_cname_enabled ? "true" : "false");
+      kKrb5CnameSettings, is_dns_cname_enabled ? "true" : "false");
  adjusted_config.append(config);
  return adjusted_config;
 }
-}  // namespace
+// Sets up Chrome OS Account Manager and starts |ProfileOAuth2TokenService|.
+// |profile| is a non-owning pointer to |Profile|.
+// |object_guid| is the Active Directory Object GUID for the Device Account.
+void SetupAccountManager(Profile* profile, const std::string& object_guid) {
+  if (!switches::IsAccountManagerEnabled())
+    return;
-namespace chromeos {
+  AccountManagerFactory* factory =
+      g_browser_process->platform_part()->GetAccountManagerFactory();
+  DCHECK(factory);
+  AccountManager* account_manager =
+      factory->GetAccountManager(profile->GetPath().value());
+  DCHECK(account_manager);
+  // |AccountManager::UpsertToken| is idempotent and safe to call multiple
+  // times.
+  account_manager->UpsertToken(
+      AccountManager::AccountKey{
+          object_guid,
+          account_manager::AccountType::ACCOUNT_TYPE_ACTIVE_DIRECTORY},
+      AccountManager::kActiveDirectoryDummyToken);
+  // Needed to work with Secondary Accounts in Chrome OS Account Manager. The
+  // value of |primary_account_id| doesn't matter.
+  ProfileOAuth2TokenServiceFactory::GetForProfile(profile)->LoadCredentials(
+      std::string() /* primary_account_id */);
+}
+}  // namespace
 const char* kKrb5CnameSettings =
    "[libdefaults]\n"
@@ -95,7 +130,7 @@ const char* kKrb5CnameSettings =
 AuthPolicyCredentialsManager::AuthPolicyCredentialsManager(Profile* profile)
    : profile_(profile) {
  const user_manager::User* user =
-      chromeos::ProfileHelper::Get()->GetUserByProfile(profile);
+      ProfileHelper::Get()->GetUserByProfile(profile);
  CHECK(user && user->IsActiveDirectoryUser());
  StartObserveNetwork();
  account_id_ = user->GetAccountId();
@@ -119,13 +154,15 @@ AuthPolicyCredentialsManager::AuthPolicyCredentialsManager(Profile* profile)
  // Connecting to the signal sent by authpolicyd notifying that Kerberos files
  // have changed.
-  chromeos::DBusThreadManager::Get()->GetAuthPolicyClient()->ConnectToSignal(
+  DBusThreadManager::Get()->GetAuthPolicyClient()->ConnectToSignal(
      authpolicy::kUserKerberosFilesChangedSignal,
      base::Bind(
          &AuthPolicyCredentialsManager::OnUserKerberosFilesChangedCallback,
          weak_factory_.GetWeakPtr()),
      base::Bind(&AuthPolicyCredentialsManager::OnSignalConnectedCallback,
                 weak_factory_.GetWeakPtr()));
+  SetupAccountManager(profile, user->GetAccountId().GetObjGuid());
 }
 AuthPolicyCredentialsManager::~AuthPolicyCredentialsManager() {}
@@ -135,12 +172,12 @@ void AuthPolicyCredentialsManager::Shutdown() {
 }
 void AuthPolicyCredentialsManager::DefaultNetworkChanged(
-    const chromeos::NetworkState* network) {
+    const NetworkState* network) {
  GetUserStatusIfConnected(network);
 }
 void AuthPolicyCredentialsManager::NetworkConnectionStateChanged(
-    const chromeos::NetworkState* network) {
+    const NetworkState* network) {
  GetUserStatusIfConnected(network);
 }
@@ -156,7 +193,7 @@ void AuthPolicyCredentialsManager::GetUserStatus() {
  authpolicy::GetUserStatusRequest request;
  request.set_user_principal_name(account_id_.GetUserEmail());
  request.set_account_id(account_id_.GetObjGuid());
-  chromeos::DBusThreadManager::Get()->GetAuthPolicyClient()->GetUserStatus(
+  DBusThreadManager::Get()->GetAuthPolicyClient()->GetUserStatus(
      request,
      base::BindOnce(&AuthPolicyCredentialsManager::OnGetUserStatusCallback,
                     weak_factory_.GetWeakPtr()));
@@ -219,9 +256,7 @@ void AuthPolicyCredentialsManager::OnGetUserStatusCallback(
 }
 void AuthPolicyCredentialsManager::GetUserKerberosFiles() {
-  chromeos::DBusThreadManager::Get()
+  DBusThreadManager::Get()->GetAuthPolicyClient()->GetUserKerberosFiles(
-      ->GetAuthPolicyClient()
-      ->GetUserKerberosFiles(
      account_id_.GetObjGuid(),
      base::BindOnce(
          &AuthPolicyCredentialsManager::OnGetUserKerberosFilesCallback,
@@ -264,21 +299,20 @@ void AuthPolicyCredentialsManager::ScheduleGetUserStatus() {
 }
 void AuthPolicyCredentialsManager::StartObserveNetwork() {
-  DCHECK(chromeos::NetworkHandler::IsInitialized());
+  DCHECK(NetworkHandler::IsInitialized());
  if (is_observing_network_)
    return;
  is_observing_network_ = true;
-  chromeos::NetworkHandler::Get()->network_state_handler()->AddObserver(
+  NetworkHandler::Get()->network_state_handler()->AddObserver(this, FROM_HERE);
-      this, FROM_HERE);
 }
 void AuthPolicyCredentialsManager::StopObserveNetwork() {
  if (!is_observing_network_)
    return;
-  DCHECK(chromeos::NetworkHandler::IsInitialized());
+  DCHECK(NetworkHandler::IsInitialized());
  is_observing_network_ = false;
-  chromeos::NetworkHandler::Get()->network_state_handler()->RemoveObserver(
+  NetworkHandler::Get()->network_state_handler()->RemoveObserver(this,
-      this, FROM_HERE);
+                                                                 FROM_HERE);
 }
 void AuthPolicyCredentialsManager::UpdateDisplayAndGivenName(
@@ -338,7 +372,7 @@ void AuthPolicyCredentialsManager::ShowNotification(int message_id) {
 }
 void AuthPolicyCredentialsManager::GetUserStatusIfConnected(
-    const chromeos::NetworkState* network) {
+    const NetworkState* network) {
  if (!network || !network->IsConnectedState())
    return;
  if (is_get_status_in_progress_) {
@@ -378,7 +412,9 @@ AuthPolicyCredentialsManagerFactory::GetInstance() {
 AuthPolicyCredentialsManagerFactory::AuthPolicyCredentialsManagerFactory()
    : BrowserContextKeyedServiceFactory(
          "AuthPolicyCredentialsManager",
-          BrowserContextDependencyManager::GetInstance()) {}
+          BrowserContextDependencyManager::GetInstance()) {
+  DependsOn(ProfileOAuth2TokenServiceFactory::GetInstance());
+}
 AuthPolicyCredentialsManagerFactory::~AuthPolicyCredentialsManagerFactory() {}
@@ -394,7 +430,7 @@ KeyedService* AuthPolicyCredentialsManagerFactory::BuildServiceInstanceFor(
    return nullptr;
  Profile* profile = Profile::FromBrowserContext(context);
  const user_manager::User* user =
-      chromeos::ProfileHelper::Get()->GetUserByProfile(profile);
+      ProfileHelper::Get()->GetUserByProfile(profile);
  if (!user || !user->IsActiveDirectoryUser())
    return nullptr;
  return new AuthPolicyCredentialsManager(profile);

--- a/chrome/browser/chromeos/authpolicy/auth_policy_credentials_manager.h
+++ b/chrome/browser/chromeos/authpolicy/auth_policy_credentials_manager.h
@@ -6,6 +6,7 @@
 #define CHROME_BROWSER_CHROMEOS_AUTHPOLICY_AUTH_POLICY_CREDENTIALS_MANAGER_H_
 #include <set>
+#include <string>
 #include "base/cancelable_callback.h"
 #include "base/memory/weak_ptr.h"