diff options
author | mnissler@chromium.org <mnissler@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-03-28 18:44:20 +0000 |
---|---|---|
committer | mnissler@chromium.org <mnissler@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-03-28 18:44:20 +0000 |
commit | aa61fb7124b239850775f142d31f57b48c47eafb (patch) | |
tree | 4a6682f4303bb810fdc887ab3eedd4bfe7b93239 | |
parent | fb666d0d819d77f397cf4591fa7de4bf437a6bbc (diff) | |
download | chromium_src-aa61fb7124b239850775f142d31f57b48c47eafb.zip chromium_src-aa61fb7124b239850775f142d31f57b48c47eafb.tar.gz chromium_src-aa61fb7124b239850775f142d31f57b48c47eafb.tar.bz2 |
Add error message for domain mismatch on re-enrollment.
This error shows up if the server indicates to the client that
enrollment got rejected due to the device belonging do a different
domain (as indicated by the client-provided state key).
BUG=chromium:357207
TEST=Manual, check that the error message shows up on domain mismatch.
R=asvitkine@chromium.org, dpolukhin@chromium.org, joaodasilva@chromium.org
Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=260102
Review URL: https://codereview.chromium.org/214963002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@260216 0039d316-1c4b-4281-b951-d872f2087c98
11 files changed, 34 insertions, 2 deletions
diff --git a/build/ios/grit_whitelist.txt b/build/ios/grit_whitelist.txt index 6583829..666af97 100644 --- a/build/ios/grit_whitelist.txt +++ b/build/ios/grit_whitelist.txt @@ -700,6 +700,7 @@ IDS_POLICY_DM_STATUS_SERVICE_ACTIVATION_PENDING IDS_POLICY_DM_STATUS_SERVICE_DEPROVISIONED IDS_POLICY_DM_STATUS_SERVICE_DEVICE_ID_CONFLICT IDS_POLICY_DM_STATUS_SERVICE_DEVICE_NOT_FOUND +IDS_POLICY_DM_STATUS_SERVICE_DOMAIN_MISMATCH IDS_POLICY_DM_STATUS_SERVICE_INVALID_SERIAL_NUMBER IDS_POLICY_DM_STATUS_SERVICE_MANAGEMENT_NOT_SUPPORTED IDS_POLICY_DM_STATUS_SERVICE_MANAGEMENT_TOKEN_INVALID diff --git a/chrome/app/chromeos_strings.grdp b/chrome/app/chromeos_strings.grdp index 40d5e94..e2cca2c 100644 --- a/chrome/app/chromeos_strings.grdp +++ b/chrome/app/chromeos_strings.grdp @@ -5244,6 +5244,9 @@ All users must sign out to continue. <message name="IDS_ENTERPRISE_ENROLLMENT_DEPROVISIONED_ERROR" desc="Error message to show when enrollment fails because the administrator has deprovisioned the device on the server side."> This device has been placed into a deprovisioned state by the administrator. To enable it for enrollment, please have your administrator place the device into a pending state. </message> + <message name="IDS_ENTERPRISE_ENROLLMENT_DOMAIN_MISMATCH_ERROR" desc="Error message shown when the device doesn't belong to the domain the user tried to enroll it to."> + This device cannot be enrolled to the domain your account belongs to because the device is marked for management by a different domain. + </message> <message name="IDS_ENTERPRISE_ENROLLMENT_SCREEN_TITLE" desc="The title on the enterprise enrollment dialog."> Enterprise enrollment </message> diff --git a/chrome/browser/chromeos/login/enrollment/enrollment_screen.cc b/chrome/browser/chromeos/login/enrollment/enrollment_screen.cc index e9f78d5..a4f3f9e 100644 --- a/chrome/browser/chromeos/login/enrollment/enrollment_screen.cc +++ b/chrome/browser/chromeos/login/enrollment/enrollment_screen.cc @@ -255,6 +255,9 @@ void EnrollmentScreen::ReportEnrollmentStatus( case policy::DM_STATUS_SERVICE_DEPROVISIONED: UMAFailure(policy::kMetricEnrollmentDeprovisioned); return; + case policy::DM_STATUS_SERVICE_DOMAIN_MISMATCH: + UMAFailure(policy::kMetricEnrollmentDomainMismatch); + return; } break; case policy::EnrollmentStatus::STATUS_REGISTRATION_BAD_MODE: diff --git a/chrome/browser/ui/webui/chromeos/login/enrollment_screen_handler.cc b/chrome/browser/ui/webui/chromeos/login/enrollment_screen_handler.cc index 3511638..6af9d52 100644 --- a/chrome/browser/ui/webui/chromeos/login/enrollment_screen_handler.cc +++ b/chrome/browser/ui/webui/chromeos/login/enrollment_screen_handler.cc @@ -239,14 +239,17 @@ void EnrollmentScreenHandler::ShowEnrollmentStatus( case policy::EnrollmentStatus::STATUS_REGISTRATION_FAILED: // Some special cases for generating a nicer message that's more helpful. switch (status.client_status()) { + case policy::DM_STATUS_SERVICE_MANAGEMENT_NOT_SUPPORTED: + ShowError(IDS_ENTERPRISE_ENROLLMENT_ACCOUNT_ERROR, true); + break; case policy::DM_STATUS_SERVICE_MISSING_LICENSES: ShowError(IDS_ENTERPRISE_ENROLLMENT_MISSING_LICENSES_ERROR, true); break; case policy::DM_STATUS_SERVICE_DEPROVISIONED: ShowError(IDS_ENTERPRISE_ENROLLMENT_DEPROVISIONED_ERROR, true); break; - case policy::DM_STATUS_SERVICE_MANAGEMENT_NOT_SUPPORTED: - ShowError(IDS_ENTERPRISE_ENROLLMENT_ACCOUNT_ERROR, true); + case policy::DM_STATUS_SERVICE_DOMAIN_MISMATCH: + ShowError(IDS_ENTERPRISE_ENROLLMENT_DOMAIN_MISMATCH_ERROR, true); break; default: ShowErrorMessage( diff --git a/components/policy/core/browser/cloud/message_util.cc b/components/policy/core/browser/cloud/message_util.cc index f394762..ea9f65e 100644 --- a/components/policy/core/browser/cloud/message_util.cc +++ b/components/policy/core/browser/cloud/message_util.cc @@ -42,6 +42,8 @@ int GetIDSForDMStatus(DeviceManagementStatus status) { return IDS_POLICY_DM_STATUS_SERVICE_MISSING_LICENSES; case DM_STATUS_SERVICE_DEPROVISIONED: return IDS_POLICY_DM_STATUS_SERVICE_DEPROVISIONED; + case DM_STATUS_SERVICE_DOMAIN_MISMATCH: + return IDS_POLICY_DM_STATUS_SERVICE_DOMAIN_MISMATCH; case DM_STATUS_SERVICE_POLICY_NOT_FOUND: return IDS_POLICY_DM_STATUS_SERVICE_POLICY_NOT_FOUND; } diff --git a/components/policy/core/common/cloud/cloud_policy_constants.h b/components/policy/core/common/cloud/cloud_policy_constants.h index 4f67f45..350cb42 100644 --- a/components/policy/core/common/cloud/cloud_policy_constants.h +++ b/components/policy/core/common/cloud/cloud_policy_constants.h @@ -95,6 +95,8 @@ enum DeviceManagementStatus { DM_STATUS_SERVICE_MISSING_LICENSES, // Service error: The administrator has deprovisioned this client. DM_STATUS_SERVICE_DEPROVISIONED, + // Service error: Device registration for the wrong domain. + DM_STATUS_SERVICE_DOMAIN_MISMATCH, // Service error: Policy not found. Error code defined by the DM folks. DM_STATUS_SERVICE_POLICY_NOT_FOUND = 902, }; diff --git a/components/policy/core/common/cloud/cloud_policy_refresh_scheduler.cc b/components/policy/core/common/cloud/cloud_policy_refresh_scheduler.cc index ad221d1..9bc4a32 100644 --- a/components/policy/core/common/cloud/cloud_policy_refresh_scheduler.cc +++ b/components/policy/core/common/cloud/cloud_policy_refresh_scheduler.cc @@ -304,6 +304,7 @@ void CloudPolicyRefreshScheduler::ScheduleRefresh() { case DM_STATUS_SERVICE_DEVICE_ID_CONFLICT: case DM_STATUS_SERVICE_MISSING_LICENSES: case DM_STATUS_SERVICE_DEPROVISIONED: + case DM_STATUS_SERVICE_DOMAIN_MISMATCH: // Need a re-registration, no use in retrying. refresh_callback_.Cancel(); return; diff --git a/components/policy/core/common/cloud/device_management_service.cc b/components/policy/core/common/cloud/device_management_service.cc index 95b9c3c..5d01ff8 100644 --- a/components/policy/core/common/cloud/device_management_service.cc +++ b/components/policy/core/common/cloud/device_management_service.cc @@ -41,6 +41,7 @@ const int kMissingLicenses = 402; const int kDeviceManagementNotAllowed = 403; const int kInvalidURL = 404; // This error is not coming from the GFE. const int kInvalidSerialNumber = 405; +const int kDomainMismatch = 406; const int kDeviceIdConflict = 409; const int kDeviceNotFound = 410; const int kPendingApproval = 412; @@ -259,6 +260,9 @@ void DeviceManagementRequestJobImpl::HandleResponse( case kInvalidSerialNumber: ReportError(DM_STATUS_SERVICE_INVALID_SERIAL_NUMBER); return; + case kDomainMismatch: + ReportError(DM_STATUS_SERVICE_DOMAIN_MISMATCH); + return; case kDeprovisioned: ReportError(DM_STATUS_SERVICE_DEPROVISIONED); return; diff --git a/components/policy/core/common/cloud/enterprise_metrics.h b/components/policy/core/common/cloud/enterprise_metrics.h index 7d5108e..f3af080 100644 --- a/components/policy/core/common/cloud/enterprise_metrics.h +++ b/components/policy/core/common/cloud/enterprise_metrics.h @@ -165,6 +165,8 @@ enum MetricEnrollment { kMetricEnrollmentRobotRefreshTokenStoreFailed, // Enrollment failed because the administrator has deprovisioned the device. kMetricEnrollmentDeprovisioned, + // Enrollment failed because the device doesn't belong to the domain. + kMetricEnrollmentDomainMismatch, kMetricEnrollmentSize // Must be the last. }; diff --git a/components/policy_strings.grdp b/components/policy_strings.grdp index c7a667c..bca17e8 100644 --- a/components/policy_strings.grdp +++ b/components/policy_strings.grdp @@ -309,4 +309,12 @@ </message> </if> + <!-- TODO(mnissler): Move this message up to the other IDS_POLICY_DM_STATUS + messages in the file. It's here because there's a problem with the + Android build failing component_unittests due to string constant + mismatches between the code and the resources. --> + <message name="IDS_POLICY_DM_STATUS_SERVICE_DOMAIN_MISMATCH" desc="Message indicating this client cannot be registered with the specified domain."> + Domain mismatch + </message> + </grit-part> diff --git a/tools/metrics/histograms/histograms.xml b/tools/metrics/histograms/histograms.xml index 2972396..006e55e 100644 --- a/tools/metrics/histograms/histograms.xml +++ b/tools/metrics/histograms/histograms.xml @@ -31185,6 +31185,9 @@ other types of suffix sets. <int value="22" label="Deprovisioned device"> Enrollment failed because the administrator has deprovisioned the device. </int> + <int value="23" label="Domain mismatch"> + Enrollment failed because the device belongs to a different domain. + </int> </enum> <enum name="EnterprisePolicies" type="int"> |