Chromium Code Reviews| Index: chrome/browser/chromeos/chrome_browser_main_chromeos.cc |
| diff --git a/chrome/browser/chromeos/chrome_browser_main_chromeos.cc b/chrome/browser/chromeos/chrome_browser_main_chromeos.cc |
| index 8fcf8ee3c3d82148e8c283f16238c25050a2f60f..f1afbff25620953d0998dd5915355e63869a1153 100644 |
| --- a/chrome/browser/chromeos/chrome_browser_main_chromeos.cc |
| +++ b/chrome/browser/chromeos/chrome_browser_main_chromeos.cc |
| @@ -419,12 +419,15 @@ void ChromeBrowserMainPartsChromeos::PostProfileInit() { |
| // -- This used to be in ChromeBrowserMainParts::PreMainMessageLoopRun() |
| // -- just after CreateProfile(). |
| + policy::BrowserPolicyConnector* connector = |
| + g_browser_process->browser_policy_connector(); |
| + |
| if (parsed_command_line().HasSwitch(switches::kLoginUser) && |
| !parsed_command_line().HasSwitch(switches::kLoginPassword)) { |
| // Pass the TokenService pointer to the policy connector so user policy can |
| // grab a token and register with the policy server. |
| // TODO(mnissler): Remove once OAuth is the only authentication mechanism. |
| - g_browser_process->browser_policy_connector()->SetUserPolicyTokenService( |
| + connector->SetUserPolicyTokenService( |
| TokenServiceFactory::GetForProfile(profile())); |
| // Make sure we flip every profile to not share proxies if the user hasn't |
| @@ -435,10 +438,18 @@ void ChromeBrowserMainPartsChromeos::PostProfileInit() { |
| profile()->GetPrefs()->SetBoolean(prefs::kUseSharedProxies, false); |
| } |
| + // Web trust certificates are only allowed for managed users on managed |
| + // devices of the same domain. |
| + chromeos::UserManager* user_manager = chromeos::UserManager::Get(); |
| + const std::string email = user_manager->GetLoggedInUser().email(); |
| + const bool allow_web_trust_from_policy = |
| + !user_manager->IsLoggedInAsGuest() && |
|
Mattias Nissler (ping if slow)
2012/09/04 09:57:04
I guess we should rather check of regular logins t
Joao da Silva
2012/09/04 12:52:55
Yes, that's more future-proof :-) With the NCU in
|
| + connector->GetUserAffiliation(email) == policy::USER_AFFILIATION_MANAGED; |
| network_config_updater_.reset( |
| new policy::NetworkConfigurationUpdater( |
| g_browser_process->policy_service(), |
| - chromeos::CrosLibrary::Get()->GetNetworkLibrary())); |
| + chromeos::CrosLibrary::Get()->GetNetworkLibrary(), |
| + allow_web_trust_from_policy)); |
| // Make sure that wallpaper boot transition and other delays in OOBE |
| // are disabled for tests by default. |