Chromium Code Reviews Chromium Code Reviews
Issue 10868113:
Disable certificate patterns for device policy ONC files (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/cros/network_library.h" | 5 #include "chrome/browser/chromeos/cros/network_library.h" |
| 6 | 6 |
| 7 #include <dbus/dbus-glib.h> | 7 #include <dbus/dbus-glib.h> |
| 8 | 8 |
| 9 #include "base/i18n/icu_encoding_detection.h" | 9 #include "base/i18n/icu_encoding_detection.h" |
| 10 #include "base/i18n/icu_string_conversions.h" | 10 #include "base/i18n/icu_string_conversions.h" |
| (...skipping 711 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 722 SetOrClearStringProperty(flimflam::kL2tpIpsecClientCertSlotProperty, | 722 SetOrClearStringProperty(flimflam::kL2tpIpsecClientCertSlotProperty, |
| 723 slot, NULL); | 723 slot, NULL); |
| 724 SetOrClearStringProperty(flimflam::kL2tpIpsecPinProperty, pin, NULL); | 724 SetOrClearStringProperty(flimflam::kL2tpIpsecPinProperty, pin, NULL); |
| 725 } | 725 } |
| 726 } | 726 } |
| 727 | 727 |
| 728 void VirtualNetwork::MatchCertificatePattern(bool allow_enroll, | 728 void VirtualNetwork::MatchCertificatePattern(bool allow_enroll, |
| 729 const base::Closure& connect) { | 729 const base::Closure& connect) { |
| 730 DCHECK(client_cert_type() == CLIENT_CERT_TYPE_PATTERN); | 730 DCHECK(client_cert_type() == CLIENT_CERT_TYPE_PATTERN); |
| 731 DCHECK(!client_cert_pattern().Empty()); | 731 DCHECK(!client_cert_pattern().Empty()); |
| 732 if (client_cert_pattern().Empty()) { | 732 |
| 733 // We skip certificate patterns for device policy ONC so that an unmanaged | |
| 734 // user can't get to the place where a cert is presented for them | |
| 735 // involuntarily. | |
| 736 if (client_cert_pattern().Empty() || | |
| 737 ui_data().onc_source() == NetworkUIData::ONC_SOURCE_DEVICE_POLICY) { | |
|
Greg Spencer (Chromium)
2012/08/27 21:22:52
I added this check in addition to the ONC file loa
| |
| 733 connect.Run(); | 738 connect.Run(); |
| 734 return; | 739 return; |
| 735 } | 740 } |
| 736 | 741 |
| 737 scoped_refptr<net::X509Certificate> matching_cert = | 742 scoped_refptr<net::X509Certificate> matching_cert = |
| 738 client_cert_pattern().GetMatch(); | 743 client_cert_pattern().GetMatch(); |
| 739 if (matching_cert.get()) { | 744 if (matching_cert.get()) { |
| 740 std::string client_cert_id = | 745 std::string client_cert_id = |
| 741 x509_certificate_model::GetPkcs11Id(matching_cert->os_cert_handle()); | 746 x509_certificate_model::GetPkcs11Id(matching_cert->os_cert_handle()); |
| 742 if (provider_type() == PROVIDER_TYPE_OPEN_VPN) { | 747 if (provider_type() == PROVIDER_TYPE_OPEN_VPN) { |
| 743 SetStringProperty(flimflam::kOpenVPNClientCertIdProperty, | 748 SetStringProperty(flimflam::kOpenVPNClientCertIdProperty, |
| 744 client_cert_id, &client_cert_id_); | 749 client_cert_id, &client_cert_id_); |
| 745 } else { | 750 } else { |
| 746 SetStringProperty(flimflam::kL2tpIpsecClientCertIdProperty, | 751 SetStringProperty(flimflam::kL2tpIpsecClientCertIdProperty, |
| 747 client_cert_id, &client_cert_id_); | 752 client_cert_id, &client_cert_id_); |
| 748 } | 753 } |
| 749 } else { | 754 } else { |
| 750 if (allow_enroll && enrollment_delegate()) { | 755 if (allow_enroll && enrollment_delegate()) { |
| 751 // Wrap the closure in another callback so that we can retry the | 756 // Wrap the closure in another callback so that we can retry the |
| 752 // certificate match again before actually connecting. | 757 // certificate match again before actually connecting. |
| 753 base::Closure wrapped_connect = | 758 base::Closure wrapped_connect = |
| 754 base::Bind(&VirtualNetwork::MatchCertificatePattern, | 759 base::Bind(&VirtualNetwork::MatchCertificatePattern, |
| 755 weak_pointer_factory_.GetWeakPtr(), | 760 weak_pointer_factory_.GetWeakPtr(), |
| 756 false, | 761 false, |
| 757 connect); | 762 connect); |
| 758 | 763 |
| 759 enrollment_delegate()->Enroll(client_cert_pattern().enrollment_uri_list(), | 764 enrollment_delegate()->Enroll(client_cert_pattern().enrollment_uri_list(), |
| 760 wrapped_connect); | 765 wrapped_connect); |
| 761 // Enrollment delegate will take care of running the closure at the | 766 // Enrollment delegate will take care of running the closure at the |
| 762 // appropriate time, if the user doesn't cancel. | 767 // appropriate time, if the user doesn't cancel. |
| 763 return; | 768 return; |
| 764 } | 769 } |
| 765 } | 770 } |
| 766 connect.Run(); | 771 connect.Run(); |
| 767 } | 772 } |
| 768 | 773 |
| 769 //////////////////////////////////////////////////////////////////////////////// | 774 //////////////////////////////////////////////////////////////////////////////// |
| 770 // WirelessNetwork | 775 // WirelessNetwork |
| (...skipping 567 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1338 NetworkLibrary* impl; | 1343 NetworkLibrary* impl; |
| 1339 if (stub) | 1344 if (stub) |
| 1340 impl = new NetworkLibraryImplStub(); | 1345 impl = new NetworkLibraryImplStub(); |
| 1341 else | 1346 else |
| 1342 impl = new NetworkLibraryImplCros(); | 1347 impl = new NetworkLibraryImplCros(); |
| 1343 impl->Init(); | 1348 impl->Init(); |
| 1344 return impl; | 1349 return impl; |
| 1345 } | 1350 } |
| 1346 | 1351 |
| 1347 } // namespace chromeos | 1352 } // namespace chromeos |
| OLD | NEW |
