0

Load enrollment token from legacy registry path as fallback.

CBCM still pushes the enrollment token to the legacy path so we need
continue to support it.

Bug: 1455212
Change-Id: Ic57687063daf177dbccbd6a62d109374aaea2e8f
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4630331
Code-Coverage: Findit <findit-for-me@appspot.gserviceaccount.com>
Reviewed-by: S Ganesh <ganesh@chromium.org>
Commit-Queue: Xiaoling Bao <xiaolingbao@chromium.org>
Reviewed-by: Sorin Jianu <sorin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1160360}
This commit is contained in:
Xiaoling Bao
2023-06-20 23:46:35 +00:00
committed by Chromium LUCI CQ
parent 08307aaf87
commit ce1867a6be
5 changed files with 84 additions and 10 deletions

@ -7,6 +7,7 @@
#include "base/files/file_util.h"
#include "base/files/scoped_temp_dir.h"
#include "base/memory/scoped_refptr.h"
#include "build/build_config.h"
#include "chrome/updater/device_management/dm_cached_policy_info.h"
#include "chrome/updater/device_management/dm_storage.h"
@ -15,6 +16,13 @@
#include "components/policy/proto/device_management_backend.pb.h"
#include "testing/gtest/include/gtest/gtest.h"
#if BUILDFLAG(IS_WIN)
#include "base/test/test_reg_util_win.h"
#include "base/win/registry.h"
#include "chrome/updater/util/win_util.h"
#include "chrome/updater/win/win_constants.h"
#endif // BUILDFLAG(IS_WIN)
namespace updater {
namespace {
@ -97,15 +105,61 @@ std::string CannedOmahaPolicyFetchResponse() {
} // namespace
#if BUILDFLAG(IS_MAC)
TEST(DMStorage, LoadDeviceID) {
auto storage = base::MakeRefCounted<DMStorage>(
base::FilePath(FILE_PATH_LITERAL("/TestPolicyCacheRoot")));
EXPECT_FALSE(storage->GetDeviceID().empty());
}
#endif // BUILDFLAG(IS_MAC)
#if BUILDFLAG(IS_WIN)
TEST(DMStorage, LoadEnrollmentToken) {
registry_util::RegistryOverrideManager registry_overrides;
ASSERT_NO_FATAL_FAILURE(
registry_overrides.OverrideRegistry(HKEY_LOCAL_MACHINE));
base::ScopedTempDir cache_root;
ASSERT_TRUE(cache_root.CreateUniqueTempDir());
auto storage = base::MakeRefCounted<DMStorage>(cache_root.GetPath());
EXPECT_TRUE(storage->GetEnrollmentToken().empty());
base::win::RegKey legacy_key;
EXPECT_EQ(
legacy_key.Create(HKEY_LOCAL_MACHINE, kRegKeyCompanyLegacyCloudManagement,
Wow6432(KEY_WRITE)),
ERROR_SUCCESS);
EXPECT_EQ(legacy_key.WriteValue(kRegValueCloudManagementEnrollmentToken,
L"legacy_test_enrollment_token"),
ERROR_SUCCESS);
EXPECT_EQ(storage->GetEnrollmentToken(), "legacy_test_enrollment_token");
base::win::RegKey key;
EXPECT_EQ(key.Create(HKEY_LOCAL_MACHINE, kRegKeyCompanyCloudManagement,
Wow6432(KEY_WRITE)),
ERROR_SUCCESS);
EXPECT_EQ(key.WriteValue(kRegValueEnrollmentToken, L"test_enrollment_token"),
ERROR_SUCCESS);
EXPECT_EQ(storage->GetEnrollmentToken(), "test_enrollment_token");
}
TEST(DMStorage, StoreEnrollmentToken) {
registry_util::RegistryOverrideManager registry_overrides;
ASSERT_NO_FATAL_FAILURE(
registry_overrides.OverrideRegistry(HKEY_LOCAL_MACHINE));
base::ScopedTempDir cache_root;
ASSERT_TRUE(cache_root.CreateUniqueTempDir());
auto storage = base::MakeRefCounted<DMStorage>(cache_root.GetPath());
EXPECT_TRUE(storage->GetEnrollmentToken().empty());
EXPECT_TRUE(storage->StoreEnrollmentToken("enrollment_token"));
EXPECT_EQ(storage->GetEnrollmentToken(), "enrollment_token");
EXPECT_TRUE(storage->StoreEnrollmentToken("new_enrollment_token"));
EXPECT_EQ(storage->GetEnrollmentToken(), "new_enrollment_token");
}
#endif // BUILDFLAG(IS_WIN)
TEST(DMStorage, DMToken) {
base::ScopedTempDir cache_root;
ASSERT_TRUE(cache_root.CreateUniqueTempDir());

@ -73,14 +73,22 @@ bool TokenService::StoreEnrollmentToken(const std::string& token) {
std::string TokenService::GetEnrollmentToken() const {
std::wstring token;
base::win::RegKey key;
if (key.Open(HKEY_LOCAL_MACHINE, kRegKeyCompanyCloudManagement,
Wow6432(KEY_READ)) != ERROR_SUCCESS ||
key.ReadValue(kRegValueEnrollmentToken, &token) != ERROR_SUCCESS) {
return std::string();
if (base::win::RegKey key;
key.Open(HKEY_LOCAL_MACHINE, kRegKeyCompanyCloudManagement,
Wow6432(KEY_READ)) == ERROR_SUCCESS &&
key.ReadValue(kRegValueEnrollmentToken, &token) == ERROR_SUCCESS) {
return base::SysWideToUTF8(token);
}
return base::SysWideToUTF8(token);
if (base::win::RegKey key;
key.Open(HKEY_LOCAL_MACHINE, kRegKeyCompanyLegacyCloudManagement,
Wow6432(KEY_READ)) == ERROR_SUCCESS &&
key.ReadValue(kRegValueCloudManagementEnrollmentToken, &token) ==
ERROR_SUCCESS) {
return base::SysWideToUTF8(token);
}
return {};
}
bool TokenService::StoreDmToken(const std::string& token) {

@ -50,6 +50,11 @@ const wchar_t kRegKeyCompanyCloudManagement[] =
COMPANY_POLICIES_KEY L"CloudManagement\\";
const wchar_t kRegValueEnrollmentToken[] = L"EnrollmentToken";
const wchar_t kRegKeyCompanyLegacyCloudManagement[] =
COMPANY_POLICIES_KEY BROWSER_NAME_STRING L"\\";
const wchar_t kRegValueCloudManagementEnrollmentToken[] =
L"CloudManagementEnrollmentToken";
const wchar_t kRegValueEnrollmentMandatory[] = L"EnrollmentMandatory";
const wchar_t kRegKeyCompanyEnrollment[] = COMPANY_KEY L"Enrollment\\";

@ -91,6 +91,10 @@ extern const wchar_t kRegValueAutoRunOnOSUpgrade[];
extern const wchar_t kRegKeyCompanyCloudManagement[];
extern const wchar_t kRegValueEnrollmentToken[];
// Legacy registry for enrollment token.
extern const wchar_t kRegKeyCompanyLegacyCloudManagement[];
extern const wchar_t kRegValueCloudManagementEnrollmentToken[];
// The name of the policy indicating that enrollment in cloud-based device
// management is mandatory.
extern const wchar_t kRegValueEnrollmentMandatory[];

@ -578,8 +578,11 @@ The updater also checks for policy updates when the `RunPeriodicTasks` RPC is
invoked at periodic intervals.
#### Windows
The `EnrollmentToken` REG_SZ value is read from
`HKLM\Software\Policies\{COMPANY_SHORTNAME}\CloudManagement`.
The enrollment token is searched in the order:
* The `EnrollmentToken` REG_SZ value from
`HKLM\Software\Policies\{COMPANY_SHORTNAME}\CloudManagement`
* The `CloudManagementEnrollmentToken` REG_SZ value from
`HKLM\Software\Policies\{COMPANY_SHORTNAME}\{BROWSER_NAME}`
The `EnrollmentMandatory` REG_DWORD value is also read from
`HKLM\Software\Policies\{COMPANY_SHORTNAME}\CloudManagement`.