| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/policy/user_network_configuration_updater_fact
ory.h" | 5 #include "chrome/browser/chromeos/policy/user_network_configuration_updater_fact
ory.h" |
| 6 | 6 |
| 7 #include "base/memory/singleton.h" | 7 #include "base/memory/singleton.h" |
| 8 #include "chrome/browser/chromeos/policy/user_network_configuration_updater.h" | 8 #include "chrome/browser/chromeos/policy/user_network_configuration_updater.h" |
| 9 #include "chrome/browser/chromeos/profiles/profile_helper.h" | 9 #include "chrome/browser/chromeos/profiles/profile_helper.h" |
| 10 #include "chrome/browser/policy/profile_policy_connector.h" | 10 #include "chrome/browser/policy/profile_policy_connector.h" |
| (...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 65 return NULL; // On the login screen only device network policies apply. | 65 return NULL; // On the login screen only device network policies apply. |
| 66 | 66 |
| 67 const user_manager::User* user = | 67 const user_manager::User* user = |
| 68 chromeos::ProfileHelper::Get()->GetUserByProfile(profile); | 68 chromeos::ProfileHelper::Get()->GetUserByProfile(profile); |
| 69 DCHECK(user); | 69 DCHECK(user); |
| 70 // Currently, only the network policy of the primary user is supported. See | 70 // Currently, only the network policy of the primary user is supported. See |
| 71 // also http://crbug.com/310685 . | 71 // also http://crbug.com/310685 . |
| 72 if (user != user_manager::UserManager::Get()->GetPrimaryUser()) | 72 if (user != user_manager::UserManager::Get()->GetPrimaryUser()) |
| 73 return NULL; | 73 return NULL; |
| 74 | 74 |
| 75 const bool allow_trusted_certs_from_policy = user->HasGaiaAccount(); | |
| 76 | |
| 77 ProfilePolicyConnector* profile_connector = | 75 ProfilePolicyConnector* profile_connector = |
| 78 ProfilePolicyConnectorFactory::GetForBrowserContext(context); | 76 ProfilePolicyConnectorFactory::GetForBrowserContext(context); |
| 79 | 77 |
| 80 return UserNetworkConfigurationUpdater::CreateForUserPolicy( | 78 return UserNetworkConfigurationUpdater::CreateForUserPolicy( |
| 81 profile, | 79 profile, AllowTrustedCertsFromPolicy(user), *user, |
| 82 allow_trusted_certs_from_policy, | 80 profile_connector->policy_service(), |
| 83 *user, | 81 chromeos::NetworkHandler::Get() |
| 84 profile_connector->policy_service(), | 82 ->managed_network_configuration_handler()) |
| 85 chromeos::NetworkHandler::Get()->managed_network_configuration_handler()) | |
| 86 .release(); | 83 .release(); |
| 87 } | 84 } |
| 88 | 85 |
| 86 // static |
| 87 bool UserNetworkConfigurationUpdaterFactory::AllowTrustedCertsFromPolicy( |
| 88 const user_manager::User* user) { |
| 89 user_manager::UserType user_type = user->GetType(); |
| 90 |
| 91 // Disallow trusted root certs for public sessions. |
| 92 // Also, guest sessions don't get user policy, but a |
| 93 // UserNetworkCofnigurationUpdater can be created for them anyway. |
| 94 return user_type != user_manager::USER_TYPE_GUEST && |
| 95 user_type != user_manager::USER_TYPE_PUBLIC_ACCOUNT; |
| 96 } |
| 97 |
| 89 } // namespace policy | 98 } // namespace policy |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2862003002:
Enable policy-imported root CA certificates for kiosk and AD sessions (Closed)
