Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(7450)

Unified Diff: chrome/browser/policy/browser_policy_connector.cc

Issue 10868076: Only import certificates with Web trust from ONC if the user is managed and matches the enterprise … (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: rebaesd Created 8 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: chrome/browser/policy/browser_policy_connector.cc
diff --git a/chrome/browser/policy/browser_policy_connector.cc b/chrome/browser/policy/browser_policy_connector.cc
index c74879619b113b955b2c470c1949dbb4de749385..463c1f4dbe310fe4bcffd77398dd8e9a45047c4f 100644
--- a/chrome/browser/policy/browser_policy_connector.cc
+++ b/chrome/browser/policy/browser_policy_connector.cc
@@ -56,6 +56,7 @@
#include "chrome/browser/policy/app_pack_updater.h"
#include "chrome/browser/policy/cros_user_policy_cache.h"
#include "chrome/browser/policy/device_policy_cache.h"
+#include "chrome/browser/policy/network_configuration_updater.h"
#include "chromeos/dbus/dbus_thread_manager.h"
#endif
@@ -178,10 +179,10 @@ scoped_ptr<UserCloudPolicyManager>
// TODO(mnissler): Revisit once Chrome OS gains multi-profiles support.
// Don't wait for a policy fetch if there's no logged in user.
if (chromeos::UserManager::Get()->IsUserLoggedIn()) {
+ std::string email =
+ chromeos::UserManager::Get()->GetLoggedInUser().email();
wait_for_policy_fetch =
- g_browser_process->browser_policy_connector()->GetUserAffiliation(
- chromeos::UserManager::Get()->GetLoggedInUser().email()) ==
- policy::USER_AFFILIATION_MANAGED;
+ GetUserAffiliation(email) == USER_AFFILIATION_MANAGED;
}
#else
// On desktop, there's no way to figure out if a user is logged in yet
@@ -346,6 +347,14 @@ void BrowserPolicyConnector::ScheduleServiceInitialization(
void BrowserPolicyConnector::InitializeUserPolicy(
const std::string& user_name,
bool wait_for_policy_fetch) {
+#if defined(OS_CHROMEOS)
+ // If the user is managed then importing certificates from ONC policy is
+ // allowed, otherwise it's not. Update this flag once the user has signed in,
+ // and before user policy is loaded.
+ GetNetworkConfigurationUpdater()->set_allow_web_trust(
+ GetUserAffiliation(user_name) == USER_AFFILIATION_MANAGED);
+#endif
+
// Throw away the old backend.
user_cloud_policy_subsystem_.reset();
user_policy_token_cache_.reset();
@@ -485,6 +494,20 @@ AppPackUpdater* BrowserPolicyConnector::GetAppPackUpdater() {
#endif
}
+NetworkConfigurationUpdater*
+ BrowserPolicyConnector::GetNetworkConfigurationUpdater() {
+#if defined(OS_CHROMEOS)
+ if (!network_configuration_updater_.get()) {
+ network_configuration_updater_.reset(new NetworkConfigurationUpdater(
+ g_browser_process->policy_service(),
+ chromeos::CrosLibrary::Get()->GetNetworkLibrary()));
+ }
+ return network_configuration_updater_.get();
+#else
+ return NULL;
+#endif
+}
+
// static
void BrowserPolicyConnector::SetPolicyProviderForTesting(
ConfigurationPolicyProvider* provider) {
« no previous file with comments | « chrome/browser/policy/browser_policy_connector.h ('k') | chrome/browser/policy/network_configuration_updater.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698