chrome/browser/chromeos/enrollment_dialog_view.cc - Issue 2828713002: Enable client certificate patterns in device ONC policy

Side by Side Diff: chrome/browser/chromeos/enrollment_dialog_view.cc

Issue 2828713002: Enable client certificate patterns in device ONC policy (Closed)

Patch Set: Rebase. Created 3 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "chrome/browser/chromeos/enrollment_dialog_view.h"	5 #include "chrome/browser/chromeos/enrollment_dialog_view.h"

6	6

7 #include "base/bind.h"	7 #include "base/bind.h"

8 #include "base/callback.h"	8 #include "base/callback.h"

9 #include "base/macros.h"	9 #include "base/macros.h"

10 #include "base/strings/utf_string_conversions.h"	10 #include "base/strings/utf_string_conversions.h"

(...skipping 252 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
263 const NetworkState* network =	263 const NetworkState* network =

264 NetworkHandler::Get()->network_state_handler()->GetNetworkStateFromGuid(	264 NetworkHandler::Get()->network_state_handler()->GetNetworkStateFromGuid(

265 network_id);	265 network_id);

266 if (!network) {	266 if (!network) {

267 NET_LOG_ERROR("Enrolling Unknown network", network_id);	267 NET_LOG_ERROR("Enrolling Unknown network", network_id);

268 return false;	268 return false;

269 }	269 }

270 Browser* browser = chrome::FindBrowserWithWindow(owning_window);	270 Browser* browser = chrome::FindBrowserWithWindow(owning_window);

271 Profile* profile =	271 Profile* profile =

272 browser ? browser->profile() : ProfileManager::GetPrimaryUserProfile();	272 browser ? browser->profile() : ProfileManager::GetPrimaryUserProfile();

	273 if (chromeos::ProfileHelper::IsSigninProfile(profile)) {

	274 NET_LOG_EVENT("Skipping enrollment on sign-in profile", network_id);
	emaxx 2017/04/20 20:10:39 Is this log message really helpful? Is this log message really helpful? pmarko 2017/04/24 14:49:55 Done. (No, removed :-) ) Show quoted text On 2017/04/20 20:10:39, emaxx wrote: > Is this log message really helpful? Done. (No, removed :-) )
	275 return false;

	276 }

273 std::string username_hash = ProfileHelper::GetUserIdHashFromProfile(profile);	277 std::string username_hash = ProfileHelper::GetUserIdHashFromProfile(profile);

274	278

275 onc::ONCSource onc_source = onc::ONC_SOURCE_NONE;	279 onc::ONCSource onc_source = onc::ONC_SOURCE_NONE;

276 const base::DictionaryValue* policy =	280 const base::DictionaryValue* policy =

277 NetworkHandler::Get()	281 NetworkHandler::Get()

278 ->managed_network_configuration_handler()	282 ->managed_network_configuration_handler()

279 ->FindPolicyByGUID(username_hash, network_id, &onc_source);	283 ->FindPolicyByGUID(username_hash, network_id, &onc_source);

280	284

281 // We skip certificate patterns for device policy ONC so that an unmanaged

282 // user can't get to the place where a cert is presented for them

283 // involuntarily.

284 if (!policy \|\| onc_source == onc::ONC_SOURCE_DEVICE_POLICY)
emaxx 2017/04/20 20:10:39 We should also check whether the enrollment dialog We should also check whether the enrollment dialog should be suppressed in some use cases, like kiosks - don't know whether this dialog would make sense for them (need to check the product side and the technical side effects, like not having ability to access browser in kiosks). emaxx 2017/04/20 20:10:39 Shouldn't the "!policy" exit route be preserved? T Shouldn't the "!policy" exit route be preserved? The policy pointer is even dereferenced in the next couple of lines. pmarko 2017/04/24 14:49:55 Whoops. Done. Show quoted text On 2017/04/20 20:10:39, emaxx wrote: > Shouldn't the "!policy" exit route be preserved? > The policy pointer is even dereferenced in the next couple of lines. Whoops. Done.
285 return false;

286

287 client_cert::ClientCertConfig cert_config;	285 client_cert::ClientCertConfig cert_config;

288 OncToClientCertConfig(*policy, &cert_config);	286 OncToClientCertConfig(onc_source, *policy, &cert_config);

289	287

290 if (cert_config.client_cert_type != onc::client_cert::kPattern)	288 if (cert_config.client_cert_type != onc::client_cert::kPattern)

291 return false;	289 return false;

292	290

293 if (cert_config.pattern.Empty())	291 if (cert_config.pattern.Empty())

294 NET_LOG_ERROR("Certificate pattern is empty", network_id);	292 NET_LOG_ERROR("Certificate pattern is empty", network_id);

295	293

296 if (cert_config.pattern.enrollment_uri_list().empty()) {	294 if (cert_config.pattern.enrollment_uri_list().empty()) {

297 NET_LOG_EVENT("No enrollment URIs", network_id);	295 NET_LOG_EVENT("No enrollment URIs", network_id);

298 return false;	296 return false;

299 }	297 }

300	298

301 NET_LOG_USER("Enrolling", network_id);	299 NET_LOG_USER("Enrolling", network_id);

302	300

303 DialogEnrollmentDelegate* enrollment =	301 DialogEnrollmentDelegate* enrollment =

304 new DialogEnrollmentDelegate(owning_window, network->name(), profile);	302 new DialogEnrollmentDelegate(owning_window, network->name(), profile);

305 return enrollment->Enroll(cert_config.pattern.enrollment_uri_list(),	303 return enrollment->Enroll(cert_config.pattern.enrollment_uri_list(),

306 base::Bind(&EnrollmentComplete, network_id));	304 base::Bind(&EnrollmentComplete, network_id));

307 }	305 }

308	306

309 } // namespace enrollment	307 } // namespace enrollment

310	308

311 } // namespace chromeos	309 } // namespace chromeos

OLD	NEW

« ash/system/network/network_list.cc ('K') | « ash/system/network/network_list.cc ('k') | chromeos/cert_loader.h » ('j') | chromeos/cert_loader.h » ('J')