Index: chromeos/network/onc/onc_validator.cc |
diff --git a/chromeos/network/onc/onc_validator.cc b/chromeos/network/onc/onc_validator.cc |
index cb2d4b4a0006ed92c924a063f8eb81b3643164b9..9032b6b6f94270a66fc2c251ca8be7ea3f4c6f12 100644 |
--- a/chromeos/network/onc/onc_validator.cc |
+++ b/chromeos/network/onc/onc_validator.cc |
@@ -385,8 +385,6 @@ bool Validator::RequireField(const base::DictionaryValue& dict, |
return false; |
} |
-// Prohibit certificate patterns for device policy ONC so that an unmanaged user |
-// won't have a certificate presented for them involuntarily. |
bool Validator::CertPatternInDevicePolicy(const std::string& cert_type) { |
if (cert_type == ::onc::certificate::kPattern && |
onc_source_ == ::onc::ONC_SOURCE_DEVICE_POLICY) { |
@@ -398,6 +396,18 @@ bool Validator::CertPatternInDevicePolicy(const std::string& cert_type) { |
return false; |
} |
+bool Validator::GlobalNetworkConfigInUserImport( |
+ const base::DictionaryValue& onc_object) { |
+ if (onc_source_ == ::onc::ONC_SOURCE_USER_IMPORT && |
+ onc_object.HasKey(::onc::toplevel_config::kGlobalNetworkConfiguration)) { |
+ error_or_warning_found_ = true; |
+ LOG(ERROR) << MessageHeader() << "GlobalNetworkConfiguration is prohibited " |
+ << "in ONC user imports"; |
+ return true; |
+ } |
+ return false; |
+} |
+ |
bool Validator::ValidateToplevelConfiguration( |
const base::DictionaryValue& onc_object, |
base::DictionaryValue* result) { |
@@ -429,6 +439,9 @@ bool Validator::ValidateToplevelConfiguration( |
allRequiredExist = false; |
} |
+ if (GlobalNetworkConfigInUserImport(*result)) |
+ return false; |
+ |
return !error_on_missing_field_ || allRequiredExist; |
} |