Chromium Code Reviews Chromium Code Reviews
Issue 2862003002:
Enable policy-imported root CA certificates for kiosk and AD sessions (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/policy/user_network_configuration_updater_fact ory.h" | 5 #include "chrome/browser/chromeos/policy/user_network_configuration_updater_fact ory.h" |
| 6 | 6 |
| 7 #include "base/memory/singleton.h" | 7 #include "base/memory/singleton.h" |
| 8 #include "chrome/browser/chromeos/policy/user_network_configuration_updater.h" | 8 #include "chrome/browser/chromeos/policy/user_network_configuration_updater.h" |
| 9 #include "chrome/browser/chromeos/profiles/profile_helper.h" | 9 #include "chrome/browser/chromeos/profiles/profile_helper.h" |
| 10 #include "chrome/browser/policy/profile_policy_connector.h" | 10 #include "chrome/browser/policy/profile_policy_connector.h" |
| (...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 65 return NULL; // On the login screen only device network policies apply. | 65 return NULL; // On the login screen only device network policies apply. |
| 66 | 66 |
| 67 const user_manager::User* user = | 67 const user_manager::User* user = |
| 68 chromeos::ProfileHelper::Get()->GetUserByProfile(profile); | 68 chromeos::ProfileHelper::Get()->GetUserByProfile(profile); |
| 69 DCHECK(user); | 69 DCHECK(user); |
| 70 // Currently, only the network policy of the primary user is supported. See | 70 // Currently, only the network policy of the primary user is supported. See |
| 71 // also http://crbug.com/310685 . | 71 // also http://crbug.com/310685 . |
| 72 if (user != user_manager::UserManager::Get()->GetPrimaryUser()) | 72 if (user != user_manager::UserManager::Get()->GetPrimaryUser()) |
| 73 return NULL; | 73 return NULL; |
| 74 | 74 |
| 75 const bool allow_trusted_certs_from_policy = user->HasGaiaAccount(); | 75 // Disallow trusted root certs for public sessions. |
| 76 const bool allow_trusted_certs_from_policy = | |
| 77 user->GetType() != user_manager::USER_TYPE_PUBLIC_ACCOUNT; | |
|
Andrew T Wilson (Slow)
2017/05/17 15:03:54
To be clear - what behavior does this expose for g
pmarko
2017/05/17 15:18:07
This is only relevant for user policy, and guest s
| |
| 76 | 78 |
| 77 ProfilePolicyConnector* profile_connector = | 79 ProfilePolicyConnector* profile_connector = |
| 78 ProfilePolicyConnectorFactory::GetForBrowserContext(context); | 80 ProfilePolicyConnectorFactory::GetForBrowserContext(context); |
| 79 | 81 |
| 80 return UserNetworkConfigurationUpdater::CreateForUserPolicy( | 82 return UserNetworkConfigurationUpdater::CreateForUserPolicy( |
| 81 profile, | 83 profile, |
| 82 allow_trusted_certs_from_policy, | 84 allow_trusted_certs_from_policy, |
| 83 *user, | 85 *user, |
| 84 profile_connector->policy_service(), | 86 profile_connector->policy_service(), |
| 85 chromeos::NetworkHandler::Get()->managed_network_configuration_handler()) | 87 chromeos::NetworkHandler::Get()->managed_network_configuration_handler()) |
| 86 .release(); | 88 .release(); |
| 87 } | 89 } |
| 88 | 90 |
| 89 } // namespace policy | 91 } // namespace policy |
| OLD | NEW |
