Load cloud management enrollment option on Windows.

The option is read from the Registry with the same key as the enrollment token. The value is CloudManagementBlockOnFailureEnabled. Bug: 904983 Change-Id: Ia8bada4e79d236fb9f85320e38ed6588f34a5ad8 Reviewed-on: https://chromium-review.googlesource.com/c/1345211Reviewed-by: Greg Thompson <grt@chromium.org> Commit-Queue: Owen Min <zmin@chromium.org> Cr-Commit-Position: refs/heads/master@{#610251}

Load cloud management enrollment option on Windows.
The option is read from the Registry with the same key as the enrollment token. The value is CloudManagementBlockOnFailureEnabled. Bug: 904983 Change-Id: Ia8bada4e79d236fb9f85320e38ed6588f34a5ad8 Reviewed-on: https://chromium-review.googlesource.com/c/1345211Reviewed-by: Greg Thompson <grt@chromium.org> Commit-Queue: Owen Min <zmin@chromium.org> Cr-Commit-Position: refs/heads/master@{#610251}
4a129a00 · Owen Min · Commit Bot · fe5e2508 · 4a129a00 · 4a129a00
Commit 4a129a00 authored Nov 21, 2018 by Owen Min Committed by Commit Bot Nov 21, 2018
3 changed files
--- a/chrome/browser/policy/browser_dm_token_storage_win.cc
+++ b/chrome/browser/policy/browser_dm_token_storage_win.cc
@@ -191,8 +191,7 @@ std::string BrowserDMTokenStorageWin::InitDMToken() {
 }

 bool BrowserDMTokenStorageWin::InitEnrollmentErrorOption() {
-  // TODO(crbug/904983): Load the policy value for this option.
-  return true;
+  return InstallUtil::ShouldCloudManagementBlockOnFailure();
 }

 void BrowserDMTokenStorageWin::SaveDMToken(const std::string& token) {

--- a/chrome/installer/util/install_util.cc
+++ b/chrome/installer/util/install_util.cc
@@ -120,6 +120,24 @@ HWND CreateUACForegroundWindow() {
  return foreground_window;
 }

+// Returns Regstiry key path of Chrome policies. This is used by the policies
+// that are shared between Chrome and installer.
+base::string16 GetChromePoliciesRegistryPath() {
+  base::string16 key_path = L"SOFTWARE\\Policies\\";
+  install_static::AppendChromeInstallSubDirectory(
+      install_static::InstallDetails::Get().mode(), false /* !include_suffix */,
+      &key_path);
+  return key_path;
+}
+
+// Retruns the registry key path and value name where the cloud management
+// enrollment option is stored.
+void GetCloudManagementBlockOnFailureRegistryPath(base::string16* key_path,
+                                                  base::string16* value_name) {
+  *key_path = GetChromePoliciesRegistryPath();
+  *value_name = L"CloudManagementEnrollmentMandatory";
+}
+
 }  // namespace

 void InstallUtil::TriggerActiveSetupCommand() {
@@ -627,22 +645,19 @@ void InstallUtil::AddUpdateDowngradeVersionItem(

 // static
 void InstallUtil::GetMachineLevelUserCloudPolicyEnrollmentTokenRegistryPath(
-    std::wstring* key_path,
-    std::wstring* value_name) {
+    base::string16* key_path,
+    base::string16* value_name) {
  // This token applies to all installs on the machine, even though only a
  // system install can set it.  This is to prevent users from doing a user
  // install of chrome to get around policies.
-  *key_path = L"SOFTWARE\\Policies\\";
-  install_static::AppendChromeInstallSubDirectory(
-      install_static::InstallDetails::Get().mode(), false /* !include_suffix */,
-      key_path);
+  *key_path = GetChromePoliciesRegistryPath();
  *value_name = L"MachineLevelUserCloudPolicyEnrollmentToken";
 }

 // static
 void InstallUtil::GetMachineLevelUserCloudPolicyDMTokenRegistryPath(
-    std::wstring* key_path,
-    std::wstring* value_name) {
+    base::string16* key_path,
+    base::string16* value_name) {
  // This token applies to all installs on the machine, even though only a
  // system install can set it.  This is to prevent users from doing a user
  // install of chrome to get around policies.
@@ -655,7 +670,7 @@ void InstallUtil::GetMachineLevelUserCloudPolicyDMTokenRegistryPath(
 }

 // static
-std::wstring InstallUtil::GetMachineLevelUserCloudPolicyEnrollmentToken() {
+base::string16 InstallUtil::GetMachineLevelUserCloudPolicyEnrollmentToken() {
  // Because chrome needs to know if machine level user cloud policies must be
  // initialized even before the entire policy service is brought up, this
  // helper function exists to directly read the token from the system policies.
@@ -665,31 +680,31 @@ std::wstring InstallUtil::GetMachineLevelUserCloudPolicyEnrollmentToken() {
  // this token via SCCM.
  // TODO(rogerta): This may not be the best place for the helpers dealing with
  // the enrollment and/or DM tokens.  See crbug.com/823852 for details.
-  std::wstring key_path;
-  std::wstring value_name;
+  base::string16 key_path;
+  base::string16 value_name;
  GetMachineLevelUserCloudPolicyEnrollmentTokenRegistryPath(&key_path,
                                                            &value_name);

-  RegKey key;
-  LONG result = key.Open(HKEY_LOCAL_MACHINE, key_path.c_str(), KEY_QUERY_VALUE);
-  if (result != ERROR_SUCCESS) {
-    if (result != ERROR_FILE_NOT_FOUND) {
-      ::SetLastError(result);
-      PLOG(ERROR) << "Failed to open HKLM\\" << key_path;
-    }
-    return std::wstring();
-  }
-
-  std::wstring value;
-  result = key.ReadValue(value_name.c_str(), &value);
-  if (result != ERROR_SUCCESS) {
-    ::SetLastError(result);
-    PLOG(ERROR) << "Failed to read HKLM\\" << key_path << "\\" << value_name;
-  }
+  base::string16 value;
+  RegKey key(HKEY_LOCAL_MACHINE, key_path.c_str(), KEY_QUERY_VALUE);
+  key.ReadValue(value_name.c_str(), &value);

  return value;
 }

+// static
+bool InstallUtil::ShouldCloudManagementBlockOnFailure() {
+  base::string16 key_path;
+  base::string16 value_name;
+  GetCloudManagementBlockOnFailureRegistryPath(&key_path, &value_name);
+
+  DWORD value = 0;
+  RegKey(HKEY_LOCAL_MACHINE, key_path.c_str(), KEY_QUERY_VALUE)
+      .ReadValueDW(value_name.c_str(), &value);
+
+  return value != 0;
+}
+
 // static
 base::string16 InstallUtil::GetDisplayName() {
  return GetShortcutName();

--- a/chrome/installer/util/install_util.h
+++ b/chrome/installer/util/install_util.h
@@ -181,19 +181,22 @@ class InstallUtil {
  // Returns the registry key path and value name where the enrollment token is
  // stored for machine level user cloud policies.
  static void GetMachineLevelUserCloudPolicyEnrollmentTokenRegistryPath(
-      std::wstring* key_path,
-      std::wstring* value_name);
+      base::string16* key_path,
+      base::string16* value_name);

  // Returns the registry key path and value name where the enrollment token is
  // stored for machine level user cloud policies.
  static void GetMachineLevelUserCloudPolicyDMTokenRegistryPath(
-      std::wstring* key_path,
-      std::wstring* value_name);
+      base::string16* key_path,
+      base::string16* value_name);

  // Returns the token used to enroll this chrome instance for machine level
  // user cloud policies.  Returns an empty string if this machine should not
  // be enrolled.
-  static std::wstring GetMachineLevelUserCloudPolicyEnrollmentToken();
+  static base::string16 GetMachineLevelUserCloudPolicyEnrollmentToken();
+
+  // Returns true if cloud management enrollment is mandatory.
+  static bool ShouldCloudManagementBlockOnFailure();

  // Returns the localized name of the browser.
  static base::string16 GetDisplayName();