Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(5411)

Unified Diff: chrome/browser/chromeos/chrome_browser_main_chromeos.cc

Issue 10868076: Only import certificates with Web trust from ONC if the user is managed and matches the enterprise … (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Fixed upload Created 8 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: chrome/browser/chromeos/chrome_browser_main_chromeos.cc
diff --git a/chrome/browser/chromeos/chrome_browser_main_chromeos.cc b/chrome/browser/chromeos/chrome_browser_main_chromeos.cc
index 8fcf8ee3c3d82148e8c283f16238c25050a2f60f..f1afbff25620953d0998dd5915355e63869a1153 100644
--- a/chrome/browser/chromeos/chrome_browser_main_chromeos.cc
+++ b/chrome/browser/chromeos/chrome_browser_main_chromeos.cc
@@ -419,12 +419,15 @@ void ChromeBrowserMainPartsChromeos::PostProfileInit() {
// -- This used to be in ChromeBrowserMainParts::PreMainMessageLoopRun()
// -- just after CreateProfile().
+ policy::BrowserPolicyConnector* connector =
+ g_browser_process->browser_policy_connector();
+
if (parsed_command_line().HasSwitch(switches::kLoginUser) &&
!parsed_command_line().HasSwitch(switches::kLoginPassword)) {
// Pass the TokenService pointer to the policy connector so user policy can
// grab a token and register with the policy server.
// TODO(mnissler): Remove once OAuth is the only authentication mechanism.
- g_browser_process->browser_policy_connector()->SetUserPolicyTokenService(
+ connector->SetUserPolicyTokenService(
TokenServiceFactory::GetForProfile(profile()));
// Make sure we flip every profile to not share proxies if the user hasn't
@@ -435,10 +438,18 @@ void ChromeBrowserMainPartsChromeos::PostProfileInit() {
profile()->GetPrefs()->SetBoolean(prefs::kUseSharedProxies, false);
}
+ // Web trust certificates are only allowed for managed users on managed
+ // devices of the same domain.
+ chromeos::UserManager* user_manager = chromeos::UserManager::Get();
+ const std::string email = user_manager->GetLoggedInUser().email();
+ const bool allow_web_trust_from_policy =
+ !user_manager->IsLoggedInAsGuest() &&
Mattias Nissler (ping if slow) 2012/09/04 09:57:04 I guess we should rather check of regular logins t
Joao da Silva 2012/09/04 12:52:55 Yes, that's more future-proof :-) With the NCU in
+ connector->GetUserAffiliation(email) == policy::USER_AFFILIATION_MANAGED;
network_config_updater_.reset(
new policy::NetworkConfigurationUpdater(
g_browser_process->policy_service(),
- chromeos::CrosLibrary::Get()->GetNetworkLibrary()));
+ chromeos::CrosLibrary::Get()->GetNetworkLibrary(),
+ allow_web_trust_from_policy));
// Make sure that wallpaper boot transition and other delays in OOBE
// are disabled for tests by default.
« no previous file with comments | « no previous file | chrome/browser/chromeos/cros/mock_network_library.h » ('j') | chrome/browser/chromeos/cros/onc_network_parser.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698