"Lock on idle and suspend": Log out instead if session cannot be locked

chrome/browser/chromeos/login/screen_locker.cc

Index: chrome/browser/chromeos/login/screen_locker.cc
diff --git a/chrome/browser/chromeos/login/screen_locker.cc b/chrome/browser/chromeos/login/screen_locker.cc
index 8fb34537294a5a91f9a3844ff40a14f6f94377a6..d002223409cc1e7705d7fff0d0c1cfce53a21e4e 100644
--- a/chrome/browser/chromeos/login/screen_locker.cc
+++ b/chrome/browser/chromeos/login/screen_locker.cc
@@ -95,13 +95,15 @@ class ScreenLockObserver : public chromeos::SessionManagerClient::Observer,
 
   virtual void LockScreen() OVERRIDE {
     VLOG(1) << "Received LockScreen D-Bus signal from session manager";
-    if (session_started_) {
+    if (session_started_ &&
+        chromeos::UserManager::Get()->CanCurrentUserLock()) {

[Nikita (slow), 2013/01/09 12:55:35]

I'm not sure that making logout in this case makes sense for all such cases.

It might be the case for public accounts but not for Guest session.

For Guest session we make sure that we never get here.
But even if we got here it should be a nop not a logout.

       chromeos::ScreenLocker::Show();
     } else {
-      // If the user has not completed the sign in we will log them out. This
-      // avoids complications with displaying the lock screen over the login
-      // screen while remaining secure in the case that they walk away during
-      // the signin steps. See crbug.com/112225 and crbug.com/110933.
+      // If the current user's session cannot be locked or the user has not
+      // completed all sign-in steps yet, log out instead. The latter is done to
+      // avoid complications with displaying the lock screen over the login
+      // screen while remaining secure in the case the user walks away during
+      // the sign-in steps. See crbug.com/112225 and crbug.com/110933.
       VLOG(1) << "Calling session manager's StopSession D-Bus method";
       chromeos::DBusThreadManager::Get()->
           GetSessionManagerClient()->StopSession();