Support for remote enrollment.

BUG=374990 TEST=manual Review URL: https://codereview.chromium.org/390443006 Cr-Commit-Position: refs/heads/master@{#291782}

Support for remote enrollment.
BUG=374990 TEST=manual Review URL: https://codereview.chromium.org/390443006 Cr-Commit-Position: refs/heads/master@{#291782}
5f3f02ea · achuith · Commit bot · 485e5fd6 · 5f3f02ea · 5f3f02ea
Commit 5f3f02ea authored Aug 25, 2014 by achuith Committed by Commit bot Aug 25, 2014
4 changed files
--- a/chrome/browser/chromeos/login/enrollment/enrollment_screen.cc
+++ b/chrome/browser/chromeos/login/enrollment/enrollment_screen.cc
@@ -10,6 +10,7 @@
 #include "base/message_loop/message_loop.h"
 #include "base/metrics/histogram.h"
 #include "chrome/browser/browser_process.h"
+#include "chrome/browser/browser_process_platform_part.h"
 #include "chrome/browser/chromeos/login/login_utils.h"
 #include "chrome/browser/chromeos/login/screens/screen_observer.h"
 #include "chrome/browser/chromeos/login/startup_utils.h"
@@ -17,6 +18,7 @@
 #include "chrome/browser/chromeos/policy/auto_enrollment_client.h"
 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
 #include "chrome/browser/chromeos/policy/device_cloud_policy_initializer.h"
+#include "chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h"
 #include "chromeos/dbus/cryptohome_client.h"
 #include "chromeos/dbus/dbus_method_call_status.h"
 #include "chromeos/dbus/dbus_thread_manager.h"
@@ -34,6 +36,7 @@ EnrollmentScreen::EnrollmentScreen(
      actor_(actor),
      enrollment_mode_(EnrollmentScreenActor::ENROLLMENT_MODE_MANUAL),
      enrollment_failed_once_(false),
+      remora_token_sent_(false),
      lockbox_init_duration_(0),
      weak_ptr_factory_(this) {
  // Init the TPM if it has not been done until now (in debug build we might
@@ -47,9 +50,11 @@ EnrollmentScreen::~EnrollmentScreen() {}
 void EnrollmentScreen::SetParameters(
    EnrollmentScreenActor::EnrollmentMode enrollment_mode,
    const std::string& management_domain,
-    const std::string& user) {
+    const std::string& user,
+    const std::string& auth_token) {
  enrollment_mode_ = enrollment_mode;
  user_ = user.empty() ? user : gaia::CanonicalizeEmail(user);
+  auth_token_ = auth_token;
  actor_->SetParameters(this, enrollment_mode_, management_domain);
 }

@@ -63,10 +68,14 @@ void EnrollmentScreen::Show() {
    UMA(policy::kMetricEnrollmentAutoStarted);
    actor_->ShowEnrollmentSpinnerScreen();
    actor_->FetchOAuthToken();
-  } else {
+  } else if (auth_token_.empty()) {
    UMA(policy::kMetricEnrollmentTriggered);
    actor_->ResetAuth(base::Bind(&EnrollmentScreen::ShowSigninScreen,
                                 weak_ptr_factory_.GetWeakPtr()));
+  } else {
+    actor_->Show();
+    actor_->ShowEnrollmentSpinnerScreen();
+    OnOAuthTokenAvailable(auth_token_);
  }
 }

@@ -129,7 +138,19 @@ void EnrollmentScreen::OnAuthError(const GoogleServiceAuthError& error) {
 }

 void EnrollmentScreen::OnOAuthTokenAvailable(const std::string& token) {
-  RegisterForDevicePolicy(token);
+  VLOG(1) << "OnOAuthTokenAvailable " << token;
+  const bool is_shark =
+      g_browser_process->platform_part()->browser_policy_connector_chromeos()->
+          GetDeviceCloudPolicyManager()->IsSharkRequisition();
+
+  if (is_shark && !remora_token_sent_) {
+    // Fetch a second token for shark devices.
+    remora_token_sent_ = true;
+    SendEnrollmentAuthToken(token);
+    actor_->FetchOAuthToken();
+  } else {
+    RegisterForDevicePolicy(token);
+  }
 }

 void EnrollmentScreen::OnRetry() {
@@ -212,6 +233,10 @@ void EnrollmentScreen::RegisterForDevicePolicy(const std::string& token) {
                 weak_ptr_factory_.GetWeakPtr()));
 }

+void EnrollmentScreen::SendEnrollmentAuthToken(const std::string& token) {
+  // TODO(achuith, zork): Send token via Bluetooth to remote device.
+}
+
 void EnrollmentScreen::ShowEnrollmentStatusOnSuccess(
    const policy::EnrollmentStatus& status) {
  actor_->ShowEnrollmentStatus(status);

--- a/chrome/browser/chromeos/login/enrollment/enrollment_screen.h
+++ b/chrome/browser/chromeos/login/enrollment/enrollment_screen.h
@@ -32,7 +32,8 @@ class EnrollmentScreen

  void SetParameters(EnrollmentScreenActor::EnrollmentMode enrollment_mode,
                     const std::string& management_domain,
-                     const std::string& enrollment_user);
+                     const std::string& enrollment_user,
+                     const std::string& auth_token);

  // WizardScreen implementation:
  virtual void PrepareToShow() OVERRIDE;
@@ -62,6 +63,9 @@ class EnrollmentScreen
  // Kicks off the policy infrastructure to register with the service.
  void RegisterForDevicePolicy(const std::string& token);

+  // Sends an enrollment access token to a remote device.
+  void SendEnrollmentAuthToken(const std::string& token);
+
  // Handles enrollment completion. Logs a UMA sample and requests the actor to
  // show the specified enrollment status.
  void ReportEnrollmentStatus(policy::EnrollmentStatus status);
@@ -91,7 +95,9 @@ class EnrollmentScreen
  EnrollmentScreenActor* actor_;
  EnrollmentScreenActor::EnrollmentMode enrollment_mode_;
  bool enrollment_failed_once_;
+  bool remora_token_sent_;
  std::string user_;
+  std::string auth_token_;
  int lockbox_init_duration_;
  base::WeakPtrFactory<EnrollmentScreen> weak_ptr_factory_;


--- a/chrome/browser/chromeos/login/wizard_controller.cc
+++ b/chrome/browser/chromeos/login/wizard_controller.cc
@@ -493,7 +493,7 @@ void WizardController::ShowEnrollmentScreen() {
    mode = EnrollmentScreenActor::ENROLLMENT_MODE_FORCED;
  }

-  screen->SetParameters(mode, enrollment_domain, user);
+  screen->SetParameters(mode, enrollment_domain, user, auth_token_);
  SetCurrentScreen(screen);
 }

@@ -636,6 +636,10 @@ void WizardController::OnUpdateCompleted() {
    ShowControllerPairingScreen();
  } else if (ShouldShowHostPairingScreen()) {
    ShowHostPairingScreen();
+  } else if (!auth_token_.empty()) {
+    // TODO(achuith): There is an issue with the auto enrollment check and
+    // remote enrollment. crbug.com/403147.
+    ShowEnrollmentScreen();
  } else {
    ShowAutoEnrollmentCheckScreen();
  }
@@ -1282,4 +1286,18 @@ bool WizardController::SetOnTimeZoneResolvedForTesting(
  return true;
 }

+void WizardController::OnEnrollmentAuthTokenReceived(
+    const std::string& token) {
+  // TODO(achuith, zork): This will be called via Bluetooth from a remote
+  // controller.
+  VLOG(1) << "OnEnrollmentAuthTokenReceived " << token;
+  if (ShouldAutoStartEnrollment() || ShouldRecoverEnrollment()) {
+    StartupUtils::MarkEulaAccepted();
+    auth_token_ = token;
+    InitiateOOBEUpdate();
+  } else {
+    LOG(WARNING) << "Not in device enrollment.";
+  }
+}
+
 }  // namespace chromeos
--- a/chrome/browser/chromeos/login/wizard_controller.h
+++ b/chrome/browser/chromeos/login/wizard_controller.h
@@ -312,6 +312,9 @@ class WizardController : public ScreenObserver {
  // Returns false if timezone has already been resolved.
  bool SetOnTimeZoneResolvedForTesting(const base::Closure& callback);

+  // Callback for enrollment auth token.
+  void OnEnrollmentAuthTokenReceived(const std::string& auth_token);
+
  // Whether to skip any screens that may normally be shown after login
  // (registration, Terms of Service, user image selection).
  static bool skip_post_login_screens_;
@@ -344,6 +347,7 @@ class WizardController : public ScreenObserver {

  std::string username_;
  std::string password_;
+  std::string auth_token_;

  // True if running official BUILD.
  bool is_official_build_;