Chromium Code Reviews Chromium Code Reviews
Issue 117263002:
Prevent ONC-pushed certificates from being used with multiprofiles. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/policy/policy_cert_service.h" | 5 #include "chrome/browser/chromeos/policy/policy_cert_service.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/bind_helpers.h" | 8 #include "base/bind_helpers.h" |
| 9 #include "base/logging.h" | 9 #include "base/logging.h" |
| 10 #include "base/prefs/pref_service.h" | 10 #include "chrome/browser/chromeos/login/user_manager.h" |
| 11 #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h" | |
| 11 #include "chrome/browser/chromeos/policy/policy_cert_verifier.h" | 12 #include "chrome/browser/chromeos/policy/policy_cert_verifier.h" |
| 12 #include "chrome/common/pref_names.h" | |
| 13 #include "content/public/browser/browser_thread.h" | 13 #include "content/public/browser/browser_thread.h" |
| 14 #include "net/cert/x509_certificate.h" | 14 #include "net/cert/x509_certificate.h" |
| 15 | 15 |
| 16 namespace policy { | 16 namespace policy { |
| 17 | 17 |
| 18 PolicyCertService::~PolicyCertService() { | 18 PolicyCertService::~PolicyCertService() { |
| 19 DCHECK(cert_verifier_) | 19 DCHECK(cert_verifier_) |
| 20 << "CreatePolicyCertVerifier() must be called after construction."; | 20 << "CreatePolicyCertVerifier() must be called after construction."; |
| 21 } | 21 } |
| 22 | 22 |
| 23 PolicyCertService::PolicyCertService( | 23 PolicyCertService::PolicyCertService( |
| 24 UserNetworkConfigurationUpdater* net_conf_updater, | 24 UserNetworkConfigurationUpdater* net_conf_updater, |
| 25 PrefService* user_prefs) | 25 const std::string& user_id, |
| 26 chromeos::UserManager* user_manager) | |
| 26 : cert_verifier_(NULL), | 27 : cert_verifier_(NULL), |
| 27 net_conf_updater_(net_conf_updater), | 28 net_conf_updater_(net_conf_updater), |
| 28 user_prefs_(user_prefs), | 29 user_id_(user_id), |
| 30 user_manager_(user_manager), | |
| 31 has_trust_anchors_(false), | |
| 29 weak_ptr_factory_(this) { | 32 weak_ptr_factory_(this) { |
| 30 DCHECK(net_conf_updater_); | 33 DCHECK(net_conf_updater_); |
|
pneubeck (no reviews)
2013/12/17 15:25:31
nit:
DCHECK(user_manager)
Joao da Silva
2013/12/17 16:36:41
Done.
| |
| 31 DCHECK(user_prefs_); | |
| 32 } | 34 } |
| 33 | 35 |
| 34 scoped_ptr<PolicyCertVerifier> PolicyCertService::CreatePolicyCertVerifier() { | 36 scoped_ptr<PolicyCertVerifier> PolicyCertService::CreatePolicyCertVerifier() { |
| 35 base::Closure callback = | 37 base::Closure callback = base::Bind( |
| 36 base::Bind(&PolicyCertService::SetUsedPolicyCertificatesOnce, | 38 &PolicyCertServiceFactory::SetUsedPolicyCertificates, user_id_); |
| 37 weak_ptr_factory_.GetWeakPtr()); | |
| 38 cert_verifier_ = new PolicyCertVerifier( | 39 cert_verifier_ = new PolicyCertVerifier( |
| 39 base::Bind(base::IgnoreResult(&content::BrowserThread::PostTask), | 40 base::Bind(base::IgnoreResult(&content::BrowserThread::PostTask), |
| 40 content::BrowserThread::UI, | 41 content::BrowserThread::UI, |
| 41 FROM_HERE, | 42 FROM_HERE, |
| 42 callback)); | 43 callback)); |
| 43 // Certs are forwarded to |cert_verifier_|, thus register here after | 44 // Certs are forwarded to |cert_verifier_|, thus register here after |
| 44 // |cert_verifier_| is created. | 45 // |cert_verifier_| is created. |
| 45 net_conf_updater_->AddTrustedCertsObserver(this); | 46 net_conf_updater_->AddTrustedCertsObserver(this); |
| 46 | 47 |
| 47 // Set the current list of trust anchors. | 48 // Set the current list of trust anchors. |
| 48 net::CertificateList trust_anchors; | 49 net::CertificateList trust_anchors; |
| 49 net_conf_updater_->GetWebTrustedCertificates(&trust_anchors); | 50 net_conf_updater_->GetWebTrustedCertificates(&trust_anchors); |
| 50 OnTrustAnchorsChanged(trust_anchors); | 51 OnTrustAnchorsChanged(trust_anchors); |
| 51 | 52 |
| 52 return make_scoped_ptr(cert_verifier_); | 53 return make_scoped_ptr(cert_verifier_); |
| 53 } | 54 } |
| 54 | 55 |
| 55 void PolicyCertService::OnTrustAnchorsChanged( | 56 void PolicyCertService::OnTrustAnchorsChanged( |
| 56 const net::CertificateList& trust_anchors) { | 57 const net::CertificateList& trust_anchors) { |
| 57 DCHECK(cert_verifier_); | 58 DCHECK(cert_verifier_); |
| 59 | |
| 60 // Do not use certificates installed via ONC policy if the current session has | |
| 61 // multiple profiles. This is important to make sure that any possibly tainted | |
| 62 // data is absolutely confined to the managed profile and never, ever leaks to | |
| 63 // any other profile. | |
| 64 if (user_manager_->GetLoggedInUsers().size() > 1u) { | |
| 65 LOG(ERROR) << "Ignoring ONC-pushed certificates update because multiple " | |
| 66 << "users are logged in."; | |
| 67 return; | |
| 68 } | |
| 69 | |
| 70 has_trust_anchors_ = !trust_anchors.empty(); | |
| 71 | |
| 58 // It's safe to use base::Unretained here, because it's guaranteed that | 72 // It's safe to use base::Unretained here, because it's guaranteed that |
| 59 // |cert_verifier_| outlives this object (see description of | 73 // |cert_verifier_| outlives this object (see description of |
| 60 // CreatePolicyCertVerifier). | 74 // CreatePolicyCertVerifier). |
| 61 // Note: ProfileIOData, which owns the CertVerifier is deleted by a | 75 // Note: ProfileIOData, which owns the CertVerifier is deleted by a |
| 62 // DeleteSoon on IO, i.e. after all pending tasks on IO are finished. | 76 // DeleteSoon on IO, i.e. after all pending tasks on IO are finished. |
| 63 content::BrowserThread::PostTask( | 77 content::BrowserThread::PostTask( |
| 64 content::BrowserThread::IO, | 78 content::BrowserThread::IO, |
| 65 FROM_HERE, | 79 FROM_HERE, |
| 66 base::Bind(&PolicyCertVerifier::SetTrustAnchors, | 80 base::Bind(&PolicyCertVerifier::SetTrustAnchors, |
| 67 base::Unretained(cert_verifier_), | 81 base::Unretained(cert_verifier_), |
| 68 trust_anchors)); | 82 trust_anchors)); |
| 69 } | 83 } |
| 70 | 84 |
| 71 bool PolicyCertService::UsedPolicyCertificates() const { | 85 bool PolicyCertService::UsedPolicyCertificates() const { |
| 72 return user_prefs_->GetBoolean(prefs::kUsedPolicyCertificatesOnce); | 86 return PolicyCertServiceFactory::UsedPolicyCertificates(user_id_); |
| 87 } | |
| 88 | |
| 89 bool PolicyCertService::IsTainted() const { | |
| 90 return has_trust_anchors_ || UsedPolicyCertificates(); | |
| 73 } | 91 } |
| 74 | 92 |
| 75 void PolicyCertService::Shutdown() { | 93 void PolicyCertService::Shutdown() { |
| 76 weak_ptr_factory_.InvalidateWeakPtrs(); | 94 weak_ptr_factory_.InvalidateWeakPtrs(); |
| 77 net_conf_updater_->RemoveTrustedCertsObserver(this); | 95 net_conf_updater_->RemoveTrustedCertsObserver(this); |
| 78 OnTrustAnchorsChanged(net::CertificateList()); | 96 OnTrustAnchorsChanged(net::CertificateList()); |
| 79 net_conf_updater_ = NULL; | 97 net_conf_updater_ = NULL; |
| 80 user_prefs_ = NULL; | |
| 81 } | |
| 82 | |
| 83 void PolicyCertService::SetUsedPolicyCertificatesOnce() { | |
| 84 user_prefs_->SetBoolean(prefs::kUsedPolicyCertificatesOnce, true); | |
| 85 } | 98 } |
| 86 | 99 |
| 87 } // namespace policy | 100 } // namespace policy |
| OLD | NEW |
