Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(112)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/chromeos/cros/onc_network_parser.cc

Issue 10868113: Disable certificate patterns for device policy ONC files (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 8 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« chrome/browser/chromeos/cros/network_library.cc ('K') | « chrome/browser/chromeos/cros/network_library.cc ('k') | chrome/browser/chromeos/cros/onc_network_parser_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/chromeos/cros/onc_network_parser.cc
diff --git a/chrome/browser/chromeos/cros/onc_network_parser.cc b/chrome/browser/chromeos/cros/onc_network_parser.cc
index 8814d0cb3d1dddf57500882a572486c78d74a33e..0453cbbd0bb8badf13ae041cbec3b1106ada2201 100644
--- a/chrome/browser/chromeos/cros/onc_network_parser.cc
+++ b/chrome/browser/chromeos/cros/onc_network_parser.cc
@@ -1374,10 +1374,15 @@ bool OncNetworkParser::ParseClientCertPattern(OncNetworkParser* parser,
return false;
}
+ // Below, we fail when parsing certificate patterns for device policy ONC so
+ // that an unmanaged user can't get to the place where a cert is presented for
+ // them involuntarily.
+
switch (index) {
case PROPERTY_INDEX_ONC_CERTIFICATE_PATTERN_ENROLLMENT_URI: {
std::vector<std::string> resulting_list;
- if (!GetAsListOfStrings(value, &resulting_list))
+ if (!GetAsListOfStrings(value, &resulting_list) ||
+ parser->onc_source() == NetworkUIData::ONC_SOURCE_DEVICE_POLICY)
Mattias Nissler (ping if slow) 2012/08/28 11:38:09 nit: Other code in this file seems to add curly br
Greg Spencer (Chromium) 2012/09/17 18:25:44 Done.
return false;
CertificatePattern pattern = network->client_cert_pattern();
pattern.set_enrollment_uri_list(resulting_list);
@@ -1386,7 +1391,8 @@ bool OncNetworkParser::ParseClientCertPattern(OncNetworkParser* parser,
}
case PROPERTY_INDEX_ONC_CERTIFICATE_PATTERN_ISSUER_CA_REF: {
std::vector<std::string> resulting_list;
- if (!GetAsListOfStrings(value, &resulting_list))
+ if (!GetAsListOfStrings(value, &resulting_list) ||
+ parser->onc_source() == NetworkUIData::ONC_SOURCE_DEVICE_POLICY)
return false;
CertificatePattern pattern = network->client_cert_pattern();
pattern.set_issuer_ca_ref_list(resulting_list);
@@ -1417,7 +1423,8 @@ bool OncNetworkParser::ParseIssuerPattern(OncNetworkParser* parser,
const base::Value& value,
Network* network) {
IssuerSubjectPattern pattern;
- if (ParseIssuerSubjectPattern(&pattern, parser, index, value, network)) {
+ if (ParseIssuerSubjectPattern(&pattern, parser, index, value, network) &&
+ parser->onc_source() != NetworkUIData::ONC_SOURCE_DEVICE_POLICY) {
CertificatePattern cert_pattern = network->client_cert_pattern();
cert_pattern.set_issuer(pattern);
network->set_client_cert_pattern(cert_pattern);
@@ -1432,7 +1439,8 @@ bool OncNetworkParser::ParseSubjectPattern(OncNetworkParser* parser,
const base::Value& value,
Network* network) {
IssuerSubjectPattern pattern;
- if (ParseIssuerSubjectPattern(&pattern, parser, index, value, network)) {
+ if (ParseIssuerSubjectPattern(&pattern, parser, index, value, network) &&
+ parser->onc_source() != NetworkUIData::ONC_SOURCE_DEVICE_POLICY) {
CertificatePattern cert_pattern = network->client_cert_pattern();
cert_pattern.set_subject(pattern);
network->set_client_cert_pattern(cert_pattern);
« chrome/browser/chromeos/cros/network_library.cc ('K') | « chrome/browser/chromeos/cros/network_library.cc ('k') | chrome/browser/chromeos/cros/onc_network_parser_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698