• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include "chrome/browser/policy/enterprise_install_attributes.h"
6 
7 #include "base/logging.h"
8 #include "chrome/browser/chromeos/cros/cryptohome_library.h"
9 
10 static const char kAttrEnterpriseOwned[] = "enterprise.owned";
11 static const char kAttrEnterpriseUser[] = "enterprise.user";
12 
13 namespace policy {
14 
EnterpriseInstallAttributes(chromeos::CryptohomeLibrary * cryptohome)15 EnterpriseInstallAttributes::EnterpriseInstallAttributes(
16     chromeos::CryptohomeLibrary* cryptohome)
17     : cryptohome_(cryptohome),
18       device_locked_(false) {}
19 
LockDevice(const std::string & user)20 EnterpriseInstallAttributes::LockResult EnterpriseInstallAttributes::LockDevice(
21     const std::string& user) {
22   // Check for existing lock first.
23   if (device_locked_) {
24     return !registration_user_.empty() && user == registration_user_ ?
25         LOCK_SUCCESS : LOCK_WRONG_USER;
26   }
27 
28   if (!cryptohome_->InstallAttributesIsReady())
29     return LOCK_NOT_READY;
30 
31   // Clearing the TPM password seems to be always a good deal.
32   if (cryptohome_->TpmIsEnabled() &&
33       !cryptohome_->TpmIsBeingOwned() &&
34       cryptohome_->TpmIsOwned()) {
35     cryptohome_->TpmClearStoredPassword();
36   }
37 
38   // Make sure we really have a working InstallAttrs.
39   if (cryptohome_->InstallAttributesIsInvalid()) {
40     LOG(ERROR) << "Install attributes invalid.";
41     return LOCK_BACKEND_ERROR;
42   }
43 
44   if (!cryptohome_->InstallAttributesIsFirstInstall())
45     return LOCK_WRONG_USER;
46 
47   // Set values in the InstallAttrs and lock it.
48   if (!cryptohome_->InstallAttributesSet(kAttrEnterpriseOwned, "true") ||
49       !cryptohome_->InstallAttributesSet(kAttrEnterpriseUser, user)) {
50     LOG(ERROR) << "Failed writing attributes";
51     return LOCK_BACKEND_ERROR;
52   }
53 
54   if (!cryptohome_->InstallAttributesFinalize() ||
55       cryptohome_->InstallAttributesIsFirstInstall() ||
56       GetRegistrationUser() != user) {
57     LOG(ERROR) << "Failed locking.";
58     return LOCK_BACKEND_ERROR;
59   }
60 
61   return LOCK_SUCCESS;
62 }
63 
IsEnterpriseDevice()64 bool EnterpriseInstallAttributes::IsEnterpriseDevice() {
65   ReadImmutableAttributes();
66   return device_locked_ && !registration_user_.empty();
67 }
68 
GetRegistrationUser()69 std::string EnterpriseInstallAttributes::GetRegistrationUser() {
70   ReadImmutableAttributes();
71 
72   if (!device_locked_)
73     return std::string();
74 
75   return registration_user_;
76 }
77 
GetDomain()78 std::string EnterpriseInstallAttributes::GetDomain() {
79   if (!IsEnterpriseDevice())
80     return std::string();
81 
82   std::string domain;
83   size_t pos = registration_user_.find('@');
84   if (pos != std::string::npos)
85     domain = registration_user_.substr(pos + 1);
86 
87   return domain;
88 }
89 
ReadImmutableAttributes()90 void EnterpriseInstallAttributes::ReadImmutableAttributes() {
91   if (device_locked_)
92     return;
93 
94   if (cryptohome_ &&
95       cryptohome_->InstallAttributesIsReady() &&
96       !cryptohome_->InstallAttributesIsInvalid() &&
97       !cryptohome_->InstallAttributesIsFirstInstall()) {
98     device_locked_ = true;
99     std::string enterprise_owned;
100     std::string enterprise_user;
101     if (cryptohome_->InstallAttributesGet(kAttrEnterpriseOwned,
102                                           &enterprise_owned) &&
103         cryptohome_->InstallAttributesGet(kAttrEnterpriseUser,
104                                           &enterprise_user) &&
105         enterprise_owned == "true" &&
106         !enterprise_user.empty()) {
107       registration_user_ = enterprise_user;
108     }
109   }
110 }
111 
112 }  // namespace policy
113