Commit 4a129a00 authored by Owen Min's avatar Owen Min Committed by Commit Bot

Load cloud management enrollment option on Windows.

The option is read from the Registry with the same key as the enrollment
token. The value is CloudManagementBlockOnFailureEnabled.

Bug: 904983
Change-Id: Ia8bada4e79d236fb9f85320e38ed6588f34a5ad8
Reviewed-on: https://chromium-review.googlesource.com/c/1345211Reviewed-by: default avatarGreg Thompson <grt@chromium.org>
Commit-Queue: Owen Min <zmin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#610251}
parent fe5e2508
...@@ -191,8 +191,7 @@ std::string BrowserDMTokenStorageWin::InitDMToken() { ...@@ -191,8 +191,7 @@ std::string BrowserDMTokenStorageWin::InitDMToken() {
} }
bool BrowserDMTokenStorageWin::InitEnrollmentErrorOption() { bool BrowserDMTokenStorageWin::InitEnrollmentErrorOption() {
// TODO(crbug/904983): Load the policy value for this option. return InstallUtil::ShouldCloudManagementBlockOnFailure();
return true;
} }
void BrowserDMTokenStorageWin::SaveDMToken(const std::string& token) { void BrowserDMTokenStorageWin::SaveDMToken(const std::string& token) {
......
...@@ -120,6 +120,24 @@ HWND CreateUACForegroundWindow() { ...@@ -120,6 +120,24 @@ HWND CreateUACForegroundWindow() {
return foreground_window; return foreground_window;
} }
// Returns Regstiry key path of Chrome policies. This is used by the policies
// that are shared between Chrome and installer.
base::string16 GetChromePoliciesRegistryPath() {
base::string16 key_path = L"SOFTWARE\\Policies\\";
install_static::AppendChromeInstallSubDirectory(
install_static::InstallDetails::Get().mode(), false /* !include_suffix */,
&key_path);
return key_path;
}
// Retruns the registry key path and value name where the cloud management
// enrollment option is stored.
void GetCloudManagementBlockOnFailureRegistryPath(base::string16* key_path,
base::string16* value_name) {
*key_path = GetChromePoliciesRegistryPath();
*value_name = L"CloudManagementEnrollmentMandatory";
}
} // namespace } // namespace
void InstallUtil::TriggerActiveSetupCommand() { void InstallUtil::TriggerActiveSetupCommand() {
...@@ -627,22 +645,19 @@ void InstallUtil::AddUpdateDowngradeVersionItem( ...@@ -627,22 +645,19 @@ void InstallUtil::AddUpdateDowngradeVersionItem(
// static // static
void InstallUtil::GetMachineLevelUserCloudPolicyEnrollmentTokenRegistryPath( void InstallUtil::GetMachineLevelUserCloudPolicyEnrollmentTokenRegistryPath(
std::wstring* key_path, base::string16* key_path,
std::wstring* value_name) { base::string16* value_name) {
// This token applies to all installs on the machine, even though only a // This token applies to all installs on the machine, even though only a
// system install can set it. This is to prevent users from doing a user // system install can set it. This is to prevent users from doing a user
// install of chrome to get around policies. // install of chrome to get around policies.
*key_path = L"SOFTWARE\\Policies\\"; *key_path = GetChromePoliciesRegistryPath();
install_static::AppendChromeInstallSubDirectory(
install_static::InstallDetails::Get().mode(), false /* !include_suffix */,
key_path);
*value_name = L"MachineLevelUserCloudPolicyEnrollmentToken"; *value_name = L"MachineLevelUserCloudPolicyEnrollmentToken";
} }
// static // static
void InstallUtil::GetMachineLevelUserCloudPolicyDMTokenRegistryPath( void InstallUtil::GetMachineLevelUserCloudPolicyDMTokenRegistryPath(
std::wstring* key_path, base::string16* key_path,
std::wstring* value_name) { base::string16* value_name) {
// This token applies to all installs on the machine, even though only a // This token applies to all installs on the machine, even though only a
// system install can set it. This is to prevent users from doing a user // system install can set it. This is to prevent users from doing a user
// install of chrome to get around policies. // install of chrome to get around policies.
...@@ -655,7 +670,7 @@ void InstallUtil::GetMachineLevelUserCloudPolicyDMTokenRegistryPath( ...@@ -655,7 +670,7 @@ void InstallUtil::GetMachineLevelUserCloudPolicyDMTokenRegistryPath(
} }
// static // static
std::wstring InstallUtil::GetMachineLevelUserCloudPolicyEnrollmentToken() { base::string16 InstallUtil::GetMachineLevelUserCloudPolicyEnrollmentToken() {
// Because chrome needs to know if machine level user cloud policies must be // Because chrome needs to know if machine level user cloud policies must be
// initialized even before the entire policy service is brought up, this // initialized even before the entire policy service is brought up, this
// helper function exists to directly read the token from the system policies. // helper function exists to directly read the token from the system policies.
...@@ -665,31 +680,31 @@ std::wstring InstallUtil::GetMachineLevelUserCloudPolicyEnrollmentToken() { ...@@ -665,31 +680,31 @@ std::wstring InstallUtil::GetMachineLevelUserCloudPolicyEnrollmentToken() {
// this token via SCCM. // this token via SCCM.
// TODO(rogerta): This may not be the best place for the helpers dealing with // TODO(rogerta): This may not be the best place for the helpers dealing with
// the enrollment and/or DM tokens. See crbug.com/823852 for details. // the enrollment and/or DM tokens. See crbug.com/823852 for details.
std::wstring key_path; base::string16 key_path;
std::wstring value_name; base::string16 value_name;
GetMachineLevelUserCloudPolicyEnrollmentTokenRegistryPath(&key_path, GetMachineLevelUserCloudPolicyEnrollmentTokenRegistryPath(&key_path,
&value_name); &value_name);
RegKey key; base::string16 value;
LONG result = key.Open(HKEY_LOCAL_MACHINE, key_path.c_str(), KEY_QUERY_VALUE); RegKey key(HKEY_LOCAL_MACHINE, key_path.c_str(), KEY_QUERY_VALUE);
if (result != ERROR_SUCCESS) { key.ReadValue(value_name.c_str(), &value);
if (result != ERROR_FILE_NOT_FOUND) {
::SetLastError(result);
PLOG(ERROR) << "Failed to open HKLM\\" << key_path;
}
return std::wstring();
}
std::wstring value;
result = key.ReadValue(value_name.c_str(), &value);
if (result != ERROR_SUCCESS) {
::SetLastError(result);
PLOG(ERROR) << "Failed to read HKLM\\" << key_path << "\\" << value_name;
}
return value; return value;
} }
// static
bool InstallUtil::ShouldCloudManagementBlockOnFailure() {
base::string16 key_path;
base::string16 value_name;
GetCloudManagementBlockOnFailureRegistryPath(&key_path, &value_name);
DWORD value = 0;
RegKey(HKEY_LOCAL_MACHINE, key_path.c_str(), KEY_QUERY_VALUE)
.ReadValueDW(value_name.c_str(), &value);
return value != 0;
}
// static // static
base::string16 InstallUtil::GetDisplayName() { base::string16 InstallUtil::GetDisplayName() {
return GetShortcutName(); return GetShortcutName();
......
...@@ -181,19 +181,22 @@ class InstallUtil { ...@@ -181,19 +181,22 @@ class InstallUtil {
// Returns the registry key path and value name where the enrollment token is // Returns the registry key path and value name where the enrollment token is
// stored for machine level user cloud policies. // stored for machine level user cloud policies.
static void GetMachineLevelUserCloudPolicyEnrollmentTokenRegistryPath( static void GetMachineLevelUserCloudPolicyEnrollmentTokenRegistryPath(
std::wstring* key_path, base::string16* key_path,
std::wstring* value_name); base::string16* value_name);
// Returns the registry key path and value name where the enrollment token is // Returns the registry key path and value name where the enrollment token is
// stored for machine level user cloud policies. // stored for machine level user cloud policies.
static void GetMachineLevelUserCloudPolicyDMTokenRegistryPath( static void GetMachineLevelUserCloudPolicyDMTokenRegistryPath(
std::wstring* key_path, base::string16* key_path,
std::wstring* value_name); base::string16* value_name);
// Returns the token used to enroll this chrome instance for machine level // Returns the token used to enroll this chrome instance for machine level
// user cloud policies. Returns an empty string if this machine should not // user cloud policies. Returns an empty string if this machine should not
// be enrolled. // be enrolled.
static std::wstring GetMachineLevelUserCloudPolicyEnrollmentToken(); static base::string16 GetMachineLevelUserCloudPolicyEnrollmentToken();
// Returns true if cloud management enrollment is mandatory.
static bool ShouldCloudManagementBlockOnFailure();
// Returns the localized name of the browser. // Returns the localized name of the browser.
static base::string16 GetDisplayName(); static base::string16 GetDisplayName();
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment