Make sure the device recovers from policy loss in the consumer case.

chrome/browser/chromeos/login/existing_user_controller.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/login/existing_user_controller.h"
 
 #include <vector>
 
 #include "base/bind.h"
 #include "base/bind_helpers.h"
@@ skipping 74 matching lines @@
 // accessibility is enabled).
 const char kChromeVoxTutorialURLPattern[] =
     "http://www.chromevox.com/tutorial/index.html?lang=%s";
 
 // Landing URL when launching Guest mode to fix captive portal.
 const char kCaptivePortalLaunchURL[] = "http://www.google.com/";
 
 // Delay for transferring the auth cache to the system profile.
 const long int kAuthCacheTransferDelayMs = 2000;
 
+// Delay for rebooting the machine if safe-mode login has failed.

[Chris Masone, 2012/03/22 16:18:25]

s/reboot/logout/

Or something that's not 'reboot', since we're not rebooting anymore :-)  In the
kOnstant name too.

[pastarmovj, 2012/03/23 13:00:25]

Done.

+const long int kSafeModeRebootDelayMs = 30000;
+
 // Makes a call to the policy subsystem to reload the policy when we detect
 // authentication change.
 void RefreshPoliciesOnUIThread() {
   if (g_browser_process->browser_policy_connector())
     g_browser_process->browser_policy_connector()->RefreshPolicies();
 }
 
 // Copies any authentication details that were entered in the login profile in
 // the mail profile to make sure all subsystems of Chrome can access the network
 // with the provided authentication which are possibly for a proxy server.
@@ skipping 360 matching lines @@
 // ExistingUserController, LoginPerformer::Delegate implementation:
 //
 
 void ExistingUserController::OnLoginFailure(const LoginFailure& failure) {
   is_login_in_progress_ = false;
   offline_failed_ = true;
 
   guest_mode_url_ = GURL::EmptyGURL();
   std::string error = failure.GetErrorString();
 
-  if (!online_succeeded_for_.empty()) {
+  if (failure.reason() == LoginFailure::OWNER_REQUIRED) {
+    ShowError(IDS_LOGIN_ERROR_OWNER_REQUIRED, error);
+    content::BrowserThread::PostDelayedTask(
+        content::BrowserThread::UI, FROM_HERE,
+        base::Bind(&SessionManagerClient::StopSession,
+                   base::Unretained(DBusThreadManager::Get()->
+                                    GetSessionManagerClient())),
+        kSafeModeRebootDelayMs);
+  } else if (!online_succeeded_for_.empty()) {
     ShowGaiaPasswordChanged(online_succeeded_for_);
   } else {
     // Check networking after trying to login in case user is
     // cached locally or the local admin account.
     bool is_known_user =
         UserManager::Get()->IsKnownUser(last_login_attempt_username_);
     NetworkLibrary* network = CrosLibrary::Get()->GetNetworkLibrary();
     if (!network) {
       ShowError(IDS_LOGIN_ERROR_NO_NETWORK_LIBRARY, error);
     } else if (!network->Connected()) {
@@ skipping 317 matching lines @@
   // changed.
   UserManager::Get()->SaveUserOAuthStatus(username,
                                           User::OAUTH_TOKEN_STATUS_INVALID);
 
   login_display_->SetUIEnabled(true);
   SetStatusAreaEnabled(true);
   login_display_->ShowGaiaPasswordChanged(username);
 }
 
 }  // namespace chromeos