Load enrollment token from legacy registry path as fallback.
CBCM still pushes the enrollment token to the legacy path so we need continue to support it. Bug: 1455212 Change-Id: Ic57687063daf177dbccbd6a62d109374aaea2e8f Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4630331 Code-Coverage: Findit <findit-for-me@appspot.gserviceaccount.com> Reviewed-by: S Ganesh <ganesh@chromium.org> Commit-Queue: Xiaoling Bao <xiaolingbao@chromium.org> Reviewed-by: Sorin Jianu <sorin@chromium.org> Cr-Commit-Position: refs/heads/main@{#1160360}
This commit is contained in:

committed by
Chromium LUCI CQ

parent
08307aaf87
commit
ce1867a6be
chrome/updater
docs/updater
@ -7,6 +7,7 @@
|
||||
|
||||
#include "base/files/file_util.h"
|
||||
#include "base/files/scoped_temp_dir.h"
|
||||
#include "base/memory/scoped_refptr.h"
|
||||
#include "build/build_config.h"
|
||||
#include "chrome/updater/device_management/dm_cached_policy_info.h"
|
||||
#include "chrome/updater/device_management/dm_storage.h"
|
||||
@ -15,6 +16,13 @@
|
||||
#include "components/policy/proto/device_management_backend.pb.h"
|
||||
#include "testing/gtest/include/gtest/gtest.h"
|
||||
|
||||
#if BUILDFLAG(IS_WIN)
|
||||
#include "base/test/test_reg_util_win.h"
|
||||
#include "base/win/registry.h"
|
||||
#include "chrome/updater/util/win_util.h"
|
||||
#include "chrome/updater/win/win_constants.h"
|
||||
#endif // BUILDFLAG(IS_WIN)
|
||||
|
||||
namespace updater {
|
||||
|
||||
namespace {
|
||||
@ -97,15 +105,61 @@ std::string CannedOmahaPolicyFetchResponse() {
|
||||
} // namespace
|
||||
|
||||
#if BUILDFLAG(IS_MAC)
|
||||
|
||||
TEST(DMStorage, LoadDeviceID) {
|
||||
auto storage = base::MakeRefCounted<DMStorage>(
|
||||
base::FilePath(FILE_PATH_LITERAL("/TestPolicyCacheRoot")));
|
||||
EXPECT_FALSE(storage->GetDeviceID().empty());
|
||||
}
|
||||
|
||||
#endif // BUILDFLAG(IS_MAC)
|
||||
|
||||
#if BUILDFLAG(IS_WIN)
|
||||
TEST(DMStorage, LoadEnrollmentToken) {
|
||||
registry_util::RegistryOverrideManager registry_overrides;
|
||||
ASSERT_NO_FATAL_FAILURE(
|
||||
registry_overrides.OverrideRegistry(HKEY_LOCAL_MACHINE));
|
||||
|
||||
base::ScopedTempDir cache_root;
|
||||
ASSERT_TRUE(cache_root.CreateUniqueTempDir());
|
||||
auto storage = base::MakeRefCounted<DMStorage>(cache_root.GetPath());
|
||||
EXPECT_TRUE(storage->GetEnrollmentToken().empty());
|
||||
|
||||
base::win::RegKey legacy_key;
|
||||
EXPECT_EQ(
|
||||
legacy_key.Create(HKEY_LOCAL_MACHINE, kRegKeyCompanyLegacyCloudManagement,
|
||||
Wow6432(KEY_WRITE)),
|
||||
ERROR_SUCCESS);
|
||||
EXPECT_EQ(legacy_key.WriteValue(kRegValueCloudManagementEnrollmentToken,
|
||||
L"legacy_test_enrollment_token"),
|
||||
ERROR_SUCCESS);
|
||||
EXPECT_EQ(storage->GetEnrollmentToken(), "legacy_test_enrollment_token");
|
||||
|
||||
base::win::RegKey key;
|
||||
EXPECT_EQ(key.Create(HKEY_LOCAL_MACHINE, kRegKeyCompanyCloudManagement,
|
||||
Wow6432(KEY_WRITE)),
|
||||
ERROR_SUCCESS);
|
||||
EXPECT_EQ(key.WriteValue(kRegValueEnrollmentToken, L"test_enrollment_token"),
|
||||
ERROR_SUCCESS);
|
||||
EXPECT_EQ(storage->GetEnrollmentToken(), "test_enrollment_token");
|
||||
}
|
||||
|
||||
TEST(DMStorage, StoreEnrollmentToken) {
|
||||
registry_util::RegistryOverrideManager registry_overrides;
|
||||
ASSERT_NO_FATAL_FAILURE(
|
||||
registry_overrides.OverrideRegistry(HKEY_LOCAL_MACHINE));
|
||||
|
||||
base::ScopedTempDir cache_root;
|
||||
ASSERT_TRUE(cache_root.CreateUniqueTempDir());
|
||||
auto storage = base::MakeRefCounted<DMStorage>(cache_root.GetPath());
|
||||
EXPECT_TRUE(storage->GetEnrollmentToken().empty());
|
||||
|
||||
EXPECT_TRUE(storage->StoreEnrollmentToken("enrollment_token"));
|
||||
EXPECT_EQ(storage->GetEnrollmentToken(), "enrollment_token");
|
||||
|
||||
EXPECT_TRUE(storage->StoreEnrollmentToken("new_enrollment_token"));
|
||||
EXPECT_EQ(storage->GetEnrollmentToken(), "new_enrollment_token");
|
||||
}
|
||||
#endif // BUILDFLAG(IS_WIN)
|
||||
|
||||
TEST(DMStorage, DMToken) {
|
||||
base::ScopedTempDir cache_root;
|
||||
ASSERT_TRUE(cache_root.CreateUniqueTempDir());
|
||||
|
@ -73,14 +73,22 @@ bool TokenService::StoreEnrollmentToken(const std::string& token) {
|
||||
|
||||
std::string TokenService::GetEnrollmentToken() const {
|
||||
std::wstring token;
|
||||
base::win::RegKey key;
|
||||
if (key.Open(HKEY_LOCAL_MACHINE, kRegKeyCompanyCloudManagement,
|
||||
Wow6432(KEY_READ)) != ERROR_SUCCESS ||
|
||||
key.ReadValue(kRegValueEnrollmentToken, &token) != ERROR_SUCCESS) {
|
||||
return std::string();
|
||||
|
||||
if (base::win::RegKey key;
|
||||
key.Open(HKEY_LOCAL_MACHINE, kRegKeyCompanyCloudManagement,
|
||||
Wow6432(KEY_READ)) == ERROR_SUCCESS &&
|
||||
key.ReadValue(kRegValueEnrollmentToken, &token) == ERROR_SUCCESS) {
|
||||
return base::SysWideToUTF8(token);
|
||||
}
|
||||
|
||||
return base::SysWideToUTF8(token);
|
||||
if (base::win::RegKey key;
|
||||
key.Open(HKEY_LOCAL_MACHINE, kRegKeyCompanyLegacyCloudManagement,
|
||||
Wow6432(KEY_READ)) == ERROR_SUCCESS &&
|
||||
key.ReadValue(kRegValueCloudManagementEnrollmentToken, &token) ==
|
||||
ERROR_SUCCESS) {
|
||||
return base::SysWideToUTF8(token);
|
||||
}
|
||||
return {};
|
||||
}
|
||||
|
||||
bool TokenService::StoreDmToken(const std::string& token) {
|
||||
|
@ -50,6 +50,11 @@ const wchar_t kRegKeyCompanyCloudManagement[] =
|
||||
COMPANY_POLICIES_KEY L"CloudManagement\\";
|
||||
const wchar_t kRegValueEnrollmentToken[] = L"EnrollmentToken";
|
||||
|
||||
const wchar_t kRegKeyCompanyLegacyCloudManagement[] =
|
||||
COMPANY_POLICIES_KEY BROWSER_NAME_STRING L"\\";
|
||||
const wchar_t kRegValueCloudManagementEnrollmentToken[] =
|
||||
L"CloudManagementEnrollmentToken";
|
||||
|
||||
const wchar_t kRegValueEnrollmentMandatory[] = L"EnrollmentMandatory";
|
||||
|
||||
const wchar_t kRegKeyCompanyEnrollment[] = COMPANY_KEY L"Enrollment\\";
|
||||
|
@ -91,6 +91,10 @@ extern const wchar_t kRegValueAutoRunOnOSUpgrade[];
|
||||
extern const wchar_t kRegKeyCompanyCloudManagement[];
|
||||
extern const wchar_t kRegValueEnrollmentToken[];
|
||||
|
||||
// Legacy registry for enrollment token.
|
||||
extern const wchar_t kRegKeyCompanyLegacyCloudManagement[];
|
||||
extern const wchar_t kRegValueCloudManagementEnrollmentToken[];
|
||||
|
||||
// The name of the policy indicating that enrollment in cloud-based device
|
||||
// management is mandatory.
|
||||
extern const wchar_t kRegValueEnrollmentMandatory[];
|
||||
|
@ -578,8 +578,11 @@ The updater also checks for policy updates when the `RunPeriodicTasks` RPC is
|
||||
invoked at periodic intervals.
|
||||
|
||||
#### Windows
|
||||
The `EnrollmentToken` REG_SZ value is read from
|
||||
`HKLM\Software\Policies\{COMPANY_SHORTNAME}\CloudManagement`.
|
||||
The enrollment token is searched in the order:
|
||||
* The `EnrollmentToken` REG_SZ value from
|
||||
`HKLM\Software\Policies\{COMPANY_SHORTNAME}\CloudManagement`
|
||||
* The `CloudManagementEnrollmentToken` REG_SZ value from
|
||||
`HKLM\Software\Policies\{COMPANY_SHORTNAME}\{BROWSER_NAME}`
|
||||
|
||||
The `EnrollmentMandatory` REG_DWORD value is also read from
|
||||
`HKLM\Software\Policies\{COMPANY_SHORTNAME}\CloudManagement`.
|
||||
|
Reference in New Issue
Block a user