diff options
| author | joaodasilva@chromium.org <joaodasilva@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-09-07 15:02:41 +0000 |
|---|---|---|
| committer | joaodasilva@chromium.org <joaodasilva@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-09-07 15:02:41 +0000 |
| commit | bfeb6ce8dd3bbccdb048939158c13320cefc35e6 (patch) | |
| tree | 564fb1d5639344c6694db0451b5400a49b6a26ce | |
| parent | ab754fed310c4b16a375368f16dd3b14a38ae997 (diff) | |
| download | chromium_src-bfeb6ce8dd3bbccdb048939158c13320cefc35e6.zip chromium_src-bfeb6ce8dd3bbccdb048939158c13320cefc35e6.tar.gz chromium_src-bfeb6ce8dd3bbccdb048939158c13320cefc35e6.tar.bz2 | |
Only import certificates with Web trust from ONC if the user is managed and matches the enterprise domain of the device.
BUG=chromium-os:33879
Review URL: https://chromiumcodereview.appspot.com/10868076
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@155390 0039d316-1c4b-4281-b951-d872f2087c98
19 files changed, 114 insertions, 32 deletions
diff --git a/chrome/browser/chromeos/chrome_browser_main_chromeos.cc b/chrome/browser/chromeos/chrome_browser_main_chromeos.cc index 1fdaeda..dbea8c9 100644 --- a/chrome/browser/chromeos/chrome_browser_main_chromeos.cc +++ b/chrome/browser/chromeos/chrome_browser_main_chromeos.cc @@ -62,7 +62,6 @@ #include "chrome/browser/metrics/metrics_service.h" #include "chrome/browser/net/chrome_network_delegate.h" #include "chrome/browser/policy/browser_policy_connector.h" -#include "chrome/browser/policy/network_configuration_updater.h" #include "chrome/browser/prefs/pref_service.h" #include "chrome/browser/profiles/profile.h" #include "chrome/browser/profiles/profile_manager.h" @@ -419,12 +418,15 @@ void ChromeBrowserMainPartsChromeos::PostProfileInit() { // -- This used to be in ChromeBrowserMainParts::PreMainMessageLoopRun() // -- just after CreateProfile(). + policy::BrowserPolicyConnector* connector = + g_browser_process->browser_policy_connector(); + if (parsed_command_line().HasSwitch(switches::kLoginUser) && !parsed_command_line().HasSwitch(switches::kLoginPassword)) { // Pass the TokenService pointer to the policy connector so user policy can // grab a token and register with the policy server. // TODO(mnissler): Remove once OAuth is the only authentication mechanism. - g_browser_process->browser_policy_connector()->SetUserPolicyTokenService( + connector->SetUserPolicyTokenService( TokenServiceFactory::GetForProfile(profile())); // Make sure we flip every profile to not share proxies if the user hasn't @@ -435,10 +437,9 @@ void ChromeBrowserMainPartsChromeos::PostProfileInit() { profile()->GetPrefs()->SetBoolean(prefs::kUseSharedProxies, false); } - network_config_updater_.reset( - new policy::NetworkConfigurationUpdater( - g_browser_process->policy_service(), - chromeos::CrosLibrary::Get()->GetNetworkLibrary())); + // Make sure the NetworkConfigurationUpdater is ready so that it pushes ONC + // configuration before login. + connector->GetNetworkConfigurationUpdater(); // Make sure that wallpaper boot transition and other delays in OOBE // are disabled for tests by default. @@ -561,9 +562,7 @@ void ChromeBrowserMainPartsChromeos::PostMainMessageLoopRun() { power_button_observer_.reset(); screen_dimming_observer_.reset(); - // Delete NetworkConfigurationUpdater and ContactManager while - // |g_browser_process| is still alive. - network_config_updater_.reset(); + // Delete ContactManager while |g_browser_process| is still alive. contact_manager_.reset(); ChromeBrowserMainPartsLinux::PostMainMessageLoopRun(); diff --git a/chrome/browser/chromeos/chrome_browser_main_chromeos.h b/chrome/browser/chromeos/chrome_browser_main_chromeos.h index cb0ddd1..29972a4 100644 --- a/chrome/browser/chromeos/chrome_browser_main_chromeos.h +++ b/chrome/browser/chromeos/chrome_browser_main_chromeos.h @@ -27,10 +27,6 @@ namespace contacts { class ContactManager; } // namespace contacts -namespace policy { -class NetworkConfigurationUpdater; -} // namespace policy - class ChromeBrowserMainPartsChromeos : public ChromeBrowserMainPartsLinux { public: explicit ChromeBrowserMainPartsChromeos( @@ -67,7 +63,6 @@ class ChromeBrowserMainPartsChromeos : public ChromeBrowserMainPartsLinux { scoped_ptr<chromeos::UserActivityNotifier> user_activity_notifier_; scoped_ptr<chromeos::VideoActivityNotifier> video_activity_notifier_; scoped_ptr<chromeos::ScreenDimmingObserver> screen_dimming_observer_; - scoped_ptr<policy::NetworkConfigurationUpdater> network_config_updater_; scoped_refptr<chromeos::MediaDeviceNotifications> media_device_notifications_; DISALLOW_COPY_AND_ASSIGN(ChromeBrowserMainPartsChromeos); diff --git a/chrome/browser/chromeos/cros/mock_network_library.h b/chrome/browser/chromeos/cros/mock_network_library.h index f140757..c6fedcb 100644 --- a/chrome/browser/chromeos/cros/mock_network_library.h +++ b/chrome/browser/chromeos/cros/mock_network_library.h @@ -189,9 +189,10 @@ class MockNetworkLibrary : public NetworkLibrary { const std::string&, int)); MOCK_METHOD0(SwitchToPreferredNetwork, void(void)); - MOCK_METHOD4(LoadOncNetworks, bool(const std::string&, + MOCK_METHOD5(LoadOncNetworks, bool(const std::string&, const std::string&, NetworkUIData::ONCSource, + bool, std::string*)); MOCK_METHOD2(SetActiveNetwork, bool(ConnectionType, const std::string&)); }; diff --git a/chrome/browser/chromeos/cros/network_library.h b/chrome/browser/chromeos/cros/network_library.h index c8f2acdc..40dbc86 100644 --- a/chrome/browser/chromeos/cros/network_library.h +++ b/chrome/browser/chromeos/cros/network_library.h @@ -1693,6 +1693,7 @@ class NetworkLibrary { virtual bool LoadOncNetworks(const std::string& onc_blob, const std::string& passcode, NetworkUIData::ONCSource source, + bool allow_web_trust_from_policy, std::string* error) = 0; // This sets the active network for the network type. Note: priority order diff --git a/chrome/browser/chromeos/cros/network_library_impl_base.cc b/chrome/browser/chromeos/cros/network_library_impl_base.cc index 4df7501..4b59bfe 100644 --- a/chrome/browser/chromeos/cros/network_library_impl_base.cc +++ b/chrome/browser/chromeos/cros/network_library_impl_base.cc @@ -1152,8 +1152,10 @@ void NetworkLibraryImplBase::SwitchToPreferredNetwork() { bool NetworkLibraryImplBase::LoadOncNetworks(const std::string& onc_blob, const std::string& passphrase, NetworkUIData::ONCSource source, + bool allow_web_trust_from_policy, std::string* error) { OncNetworkParser parser(onc_blob, passphrase, source); + parser.set_allow_web_trust_from_policy(allow_web_trust_from_policy); if (!parser.parse_error().empty()) { if (error) @@ -1163,7 +1165,8 @@ bool NetworkLibraryImplBase::LoadOncNetworks(const std::string& onc_blob, for (int i = 0; i < parser.GetCertificatesSize(); i++) { // Insert each of the available certs into the certificate DB. - if (parser.ParseCertificate(i).get() == NULL) { + if (parser.ParseCertificate(i).get() == NULL && + !parser.parse_error().empty()) { DLOG(WARNING) << "Cannot parse certificate in ONC file"; if (error) *error = parser.parse_error(); diff --git a/chrome/browser/chromeos/cros/network_library_impl_base.h b/chrome/browser/chromeos/cros/network_library_impl_base.h index f7a3c4d..29bebfd 100644 --- a/chrome/browser/chromeos/cros/network_library_impl_base.h +++ b/chrome/browser/chromeos/cros/network_library_impl_base.h @@ -241,6 +241,7 @@ class NetworkLibraryImplBase : public NetworkLibrary { virtual bool LoadOncNetworks(const std::string& onc_blob, const std::string& passphrase, NetworkUIData::ONCSource source, + bool allow_web_trust_from_policy, std::string* error) OVERRIDE; virtual bool SetActiveNetwork(ConnectionType type, const std::string& service_path) OVERRIDE; diff --git a/chrome/browser/chromeos/cros/onc_network_parser.cc b/chrome/browser/chromeos/cros/onc_network_parser.cc index 8814d0c..648bdbd 100644 --- a/chrome/browser/chromeos/cros/onc_network_parser.cc +++ b/chrome/browser/chromeos/cros/onc_network_parser.cc @@ -282,6 +282,7 @@ OncNetworkParser::OncNetworkParser(const std::string& onc_blob, NetworkUIData::ONCSource onc_source) : NetworkParser(get_onc_mapper()), onc_source_(onc_source), + allow_web_trust_from_policy_(false), network_configs_(NULL), certificates_(NULL) { VLOG(2) << __func__ << ": OncNetworkParser called on " << onc_blob; @@ -822,7 +823,13 @@ OncNetworkParser::ParseServerOrCaCertificate( const std::string& cert_type, const std::string& guid, base::DictionaryValue* certificate) { - net::CertDatabase cert_database; + // Device policy can't import certificates. + if (onc_source_ == NetworkUIData::ONC_SOURCE_DEVICE_POLICY) { + LOG(WARNING) << "Refusing to import certificate from device policy"; + // This isn't a parsing error, so just return NULL here. + return NULL; + } + bool web_trust = false; base::ListValue* trust_list = NULL; if (certificate->GetList("Trust", &trust_list)) { @@ -850,6 +857,14 @@ OncNetworkParser::ParseServerOrCaCertificate( } } + // Web trust is only granted to certificates imported for a managed user + // on a managed device. + if (onc_source_ == NetworkUIData::ONC_SOURCE_USER_POLICY && + web_trust && !allow_web_trust_from_policy_) { + LOG(WARNING) << "Web trust not granted for certificate: " << guid; + web_trust = false; + } + std::string x509_data; if (!certificate->GetString("X509", &x509_data) || x509_data.empty()) { LOG(WARNING) << "ONC File: certificate missing appropriate " @@ -915,6 +930,7 @@ OncNetworkParser::ParseServerOrCaCertificate( // TODO(mnissler, gspencer): We should probably switch to a mode where we // keep our own database for mapping GUIDs to certs in order to enable several // GUIDs to map to the same cert. See http://crosbug.com/26073. + net::CertDatabase cert_database; if (x509_cert->os_cert_handle()->isperm) { if (!cert_database.DeleteCertAndKey(x509_cert.get())) { parse_error_ = l10n_util::GetStringUTF8( diff --git a/chrome/browser/chromeos/cros/onc_network_parser.h b/chrome/browser/chromeos/cros/onc_network_parser.h index af8fd28..c819035 100644 --- a/chrome/browser/chromeos/cros/onc_network_parser.h +++ b/chrome/browser/chromeos/cros/onc_network_parser.h @@ -60,6 +60,12 @@ class OncNetworkParser : public NetworkParser { virtual ~OncNetworkParser(); static const EnumMapper<PropertyIndex>* property_mapper(); + // Certificates pushed from a policy source with Web trust are only imported + // with ParseCertificate() if this permission is granted. + void set_allow_web_trust_from_policy(bool allow) { + allow_web_trust_from_policy_ = allow; + } + // Returns the number of networks in the "NetworkConfigs" list. int GetNetworkConfigsSize() const; @@ -226,6 +232,10 @@ class OncNetworkParser : public NetworkParser { // Where the ONC blob comes from. NetworkUIData::ONCSource onc_source_; + // Whether certificates with Web trust should be stored when pushed from a + // policy source. + bool allow_web_trust_from_policy_; + scoped_ptr<base::DictionaryValue> root_dict_; base::ListValue* network_configs_; base::ListValue* certificates_; diff --git a/chrome/browser/chromeos/login/existing_user_controller_browsertest.cc b/chrome/browser/chromeos/login/existing_user_controller_browsertest.cc index 2cddcda..c589c8e 100644 --- a/chrome/browser/chromeos/login/existing_user_controller_browsertest.cc +++ b/chrome/browser/chromeos/login/existing_user_controller_browsertest.cc @@ -134,7 +134,7 @@ class ExistingUserControllerTest : public CrosInProcessBrowserTest { mock_network_library_ = cros_mock_->mock_network_library(); EXPECT_CALL(*mock_network_library_, AddUserActionObserver(_)) .Times(AnyNumber()); - EXPECT_CALL(*mock_network_library_, LoadOncNetworks(_, _, _, _)) + EXPECT_CALL(*mock_network_library_, LoadOncNetworks(_, _, _, _, _)) .WillRepeatedly(Return(true)); MockSessionManagerClient* mock_session_manager_client = diff --git a/chrome/browser/chromeos/login/login_browsertest.cc b/chrome/browser/chromeos/login/login_browsertest.cc index 0e1503d..25f1b36 100644 --- a/chrome/browser/chromeos/login/login_browsertest.cc +++ b/chrome/browser/chromeos/login/login_browsertest.cc @@ -40,7 +40,7 @@ class LoginTestBase : public CrosInProcessBrowserTest { .WillRepeatedly(Return(false)); EXPECT_CALL(*mock_network_library_, AddUserActionObserver(_)) .Times(AnyNumber()); - EXPECT_CALL(*mock_network_library_, LoadOncNetworks(_, _, _, _)) + EXPECT_CALL(*mock_network_library_, LoadOncNetworks(_, _, _, _, _)) .WillRepeatedly(Return(true)); } diff --git a/chrome/browser/chromeos/login/network_screen_browsertest.cc b/chrome/browser/chromeos/login/network_screen_browsertest.cc index a47f332..638af2d 100644 --- a/chrome/browser/chromeos/login/network_screen_browsertest.cc +++ b/chrome/browser/chromeos/login/network_screen_browsertest.cc @@ -69,7 +69,7 @@ class NetworkScreenTest : public WizardInProcessBrowserTest { .Times(AnyNumber()); EXPECT_CALL(*mock_network_library_, FindEthernetDevice()) .Times(AnyNumber()); - EXPECT_CALL(*mock_network_library_, LoadOncNetworks(_, _, _, _)) + EXPECT_CALL(*mock_network_library_, LoadOncNetworks(_, _, _, _, _)) .WillRepeatedly(Return(true)); cros_mock_->SetStatusAreaMocksExpectations(); diff --git a/chrome/browser/chromeos/login/screen_locker_browsertest.cc b/chrome/browser/chromeos/login/screen_locker_browsertest.cc index 9fb5f1e..981e31e 100644 --- a/chrome/browser/chromeos/login/screen_locker_browsertest.cc +++ b/chrome/browser/chromeos/login/screen_locker_browsertest.cc @@ -128,7 +128,7 @@ class ScreenLockerTest : public CrosInProcessBrowserTest { cros_mock_->mock_network_library(); EXPECT_CALL(*mock_network_library, AddUserActionObserver(_)) .Times(AnyNumber()); - EXPECT_CALL(*mock_network_library, LoadOncNetworks(_, _, _, _)) + EXPECT_CALL(*mock_network_library, LoadOncNetworks(_, _, _, _, _)) .WillRepeatedly(Return(true)); } diff --git a/chrome/browser/chromeos/login/update_screen_browsertest.cc b/chrome/browser/chromeos/login/update_screen_browsertest.cc index 58bda64..6442f1c 100644 --- a/chrome/browser/chromeos/login/update_screen_browsertest.cc +++ b/chrome/browser/chromeos/login/update_screen_browsertest.cc @@ -83,7 +83,7 @@ class UpdateScreenTest : public WizardInProcessBrowserTest { .Times(AnyNumber()); EXPECT_CALL(*mock_network_library_, FindEthernetDevice()) .Times(AnyNumber()); - EXPECT_CALL(*mock_network_library_, LoadOncNetworks(_, _, _, _)) + EXPECT_CALL(*mock_network_library_, LoadOncNetworks(_, _, _, _, _)) .WillRepeatedly(Return(true)); } diff --git a/chrome/browser/policy/browser_policy_connector.cc b/chrome/browser/policy/browser_policy_connector.cc index c748796..463c1f4 100644 --- a/chrome/browser/policy/browser_policy_connector.cc +++ b/chrome/browser/policy/browser_policy_connector.cc @@ -56,6 +56,7 @@ #include "chrome/browser/policy/app_pack_updater.h" #include "chrome/browser/policy/cros_user_policy_cache.h" #include "chrome/browser/policy/device_policy_cache.h" +#include "chrome/browser/policy/network_configuration_updater.h" #include "chromeos/dbus/dbus_thread_manager.h" #endif @@ -178,10 +179,10 @@ scoped_ptr<UserCloudPolicyManager> // TODO(mnissler): Revisit once Chrome OS gains multi-profiles support. // Don't wait for a policy fetch if there's no logged in user. if (chromeos::UserManager::Get()->IsUserLoggedIn()) { + std::string email = + chromeos::UserManager::Get()->GetLoggedInUser().email(); wait_for_policy_fetch = - g_browser_process->browser_policy_connector()->GetUserAffiliation( - chromeos::UserManager::Get()->GetLoggedInUser().email()) == - policy::USER_AFFILIATION_MANAGED; + GetUserAffiliation(email) == USER_AFFILIATION_MANAGED; } #else // On desktop, there's no way to figure out if a user is logged in yet @@ -346,6 +347,14 @@ void BrowserPolicyConnector::ScheduleServiceInitialization( void BrowserPolicyConnector::InitializeUserPolicy( const std::string& user_name, bool wait_for_policy_fetch) { +#if defined(OS_CHROMEOS) + // If the user is managed then importing certificates from ONC policy is + // allowed, otherwise it's not. Update this flag once the user has signed in, + // and before user policy is loaded. + GetNetworkConfigurationUpdater()->set_allow_web_trust( + GetUserAffiliation(user_name) == USER_AFFILIATION_MANAGED); +#endif + // Throw away the old backend. user_cloud_policy_subsystem_.reset(); user_policy_token_cache_.reset(); @@ -485,6 +494,20 @@ AppPackUpdater* BrowserPolicyConnector::GetAppPackUpdater() { #endif } +NetworkConfigurationUpdater* + BrowserPolicyConnector::GetNetworkConfigurationUpdater() { +#if defined(OS_CHROMEOS) + if (!network_configuration_updater_.get()) { + network_configuration_updater_.reset(new NetworkConfigurationUpdater( + g_browser_process->policy_service(), + chromeos::CrosLibrary::Get()->GetNetworkLibrary())); + } + return network_configuration_updater_.get(); +#else + return NULL; +#endif +} + // static void BrowserPolicyConnector::SetPolicyProviderForTesting( ConfigurationPolicyProvider* provider) { diff --git a/chrome/browser/policy/browser_policy_connector.h b/chrome/browser/policy/browser_policy_connector.h index fc38904..17b3450 100644 --- a/chrome/browser/policy/browser_policy_connector.h +++ b/chrome/browser/policy/browser_policy_connector.h @@ -28,6 +28,7 @@ class CloudPolicyProvider; class CloudPolicySubsystem; class ConfigurationPolicyProvider; class DeviceManagementService; +class NetworkConfigurationUpdater; class PolicyService; class UserCloudPolicyManager; class UserPolicyTokenCache; @@ -145,6 +146,8 @@ class BrowserPolicyConnector : public content::NotificationObserver { AppPackUpdater* GetAppPackUpdater(); + NetworkConfigurationUpdater* GetNetworkConfigurationUpdater(); + DeviceManagementService* device_management_service() { return device_management_service_.get(); } @@ -220,6 +223,7 @@ class BrowserPolicyConnector : public content::NotificationObserver { #if defined(OS_CHROMEOS) scoped_ptr<AppPackUpdater> app_pack_updater_; + scoped_ptr<NetworkConfigurationUpdater> network_configuration_updater_; #endif DISALLOW_COPY_AND_ASSIGN(BrowserPolicyConnector); diff --git a/chrome/browser/policy/network_configuration_updater.cc b/chrome/browser/policy/network_configuration_updater.cc index dcc2ead..68439a3 100644 --- a/chrome/browser/policy/network_configuration_updater.cc +++ b/chrome/browser/policy/network_configuration_updater.cc @@ -22,7 +22,8 @@ NetworkConfigurationUpdater::NetworkConfigurationUpdater( chromeos::NetworkLibrary* network_library) : policy_change_registrar_( policy_service, POLICY_DOMAIN_CHROME, std::string()), - network_library_(network_library) { + network_library_(network_library), + allow_web_trust_(false) { DCHECK(network_library_); policy_change_registrar_.Observe( key::kDeviceOpenNetworkConfiguration, @@ -77,7 +78,7 @@ void NetworkConfigurationUpdater::ApplyNetworkConfiguration( *cached_value = new_network_config; std::string error; if (!network_library_->LoadOncNetworks(new_network_config, "", onc_source, - &error)) { + allow_web_trust_, &error)) { LOG(WARNING) << "Network library failed to load ONC configuration:" << error; } diff --git a/chrome/browser/policy/network_configuration_updater.h b/chrome/browser/policy/network_configuration_updater.h index 325d10f..b83818f 100644 --- a/chrome/browser/policy/network_configuration_updater.h +++ b/chrome/browser/policy/network_configuration_updater.h @@ -30,6 +30,11 @@ class NetworkConfigurationUpdater { chromeos::NetworkLibrary* network_library); virtual ~NetworkConfigurationUpdater(); + // Web trust isn't given to certificates imported from ONC by default. + // Setting |allow_web_trust| to true allows giving Web trust to the + // certificates that request it. + void set_allow_web_trust(bool allow) { allow_web_trust_ = allow; } + // Empty network configuration blob. static const char kEmptyConfiguration[]; @@ -48,6 +53,9 @@ class NetworkConfigurationUpdater { // Network library to write network configuration to. chromeos::NetworkLibrary* network_library_; + // Whether Web trust is allowed or not. + bool allow_web_trust_; + // Current settings. std::string device_network_config_; std::string user_network_config_; diff --git a/chrome/browser/policy/network_configuration_updater_unittest.cc b/chrome/browser/policy/network_configuration_updater_unittest.cc index a61a1c2..51ae40f9 100644 --- a/chrome/browser/policy/network_configuration_updater_unittest.cc +++ b/chrome/browser/policy/network_configuration_updater_unittest.cc @@ -25,7 +25,7 @@ class NetworkConfigurationUpdaterTest : public testing::TestWithParam<const char*> { protected: virtual void SetUp() OVERRIDE { - EXPECT_CALL(network_library_, LoadOncNetworks(_, "", _, _)) + EXPECT_CALL(network_library_, LoadOncNetworks(_, "", _, _, _)) .WillRepeatedly(Return(true)); EXPECT_CALL(provider_, IsInitializationComplete()) .WillRepeatedly(Return(true)); @@ -56,19 +56,37 @@ TEST_P(NetworkConfigurationUpdaterTest, InitialUpdate) { provider_.UpdateChromePolicy(policy); EXPECT_CALL(network_library_, - LoadOncNetworks(kFakeONC, "", NameToONCSource(GetParam()), _)) + LoadOncNetworks(kFakeONC, "", NameToONCSource(GetParam()), + false, _)) .WillOnce(Return(true)); NetworkConfigurationUpdater updater(policy_service_.get(), &network_library_); Mock::VerifyAndClearExpectations(&network_library_); } +TEST_P(NetworkConfigurationUpdaterTest, AllowWebTrust) { + NetworkConfigurationUpdater updater(policy_service_.get(), &network_library_); + updater.set_allow_web_trust(true); + + EXPECT_CALL(network_library_, + LoadOncNetworks(kFakeONC, "", NameToONCSource(GetParam()), + true, _)) + .WillOnce(Return(true)); + + PolicyMap policy; + policy.Set(GetParam(), POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER, + Value::CreateStringValue(kFakeONC)); + provider_.UpdateChromePolicy(policy); + Mock::VerifyAndClearExpectations(&network_library_); +} + TEST_P(NetworkConfigurationUpdaterTest, PolicyChange) { NetworkConfigurationUpdater updater(policy_service_.get(), &network_library_); // We should update if policy changes. EXPECT_CALL(network_library_, - LoadOncNetworks(kFakeONC, "", NameToONCSource(GetParam()), _)) + LoadOncNetworks(kFakeONC, "", NameToONCSource(GetParam()), + false, _)) .WillOnce(Return(true)); PolicyMap policy; policy.Set(GetParam(), POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER, @@ -78,7 +96,8 @@ TEST_P(NetworkConfigurationUpdaterTest, PolicyChange) { // No update if the set the same value again. EXPECT_CALL(network_library_, - LoadOncNetworks(kFakeONC, "", NameToONCSource(GetParam()), _)) + LoadOncNetworks(kFakeONC, "", NameToONCSource(GetParam()), + false, _)) .Times(0); provider_.UpdateChromePolicy(policy); Mock::VerifyAndClearExpectations(&network_library_); @@ -86,7 +105,7 @@ TEST_P(NetworkConfigurationUpdaterTest, PolicyChange) { // Another update is expected if the policy goes away. EXPECT_CALL(network_library_, LoadOncNetworks(NetworkConfigurationUpdater::kEmptyConfiguration, - "", NameToONCSource(GetParam()), _)) + "", NameToONCSource(GetParam()), false, _)) .WillOnce(Return(true)); policy.Erase(GetParam()); provider_.UpdateChromePolicy(policy); diff --git a/chrome/browser/ui/webui/net_internals/net_internals_ui.cc b/chrome/browser/ui/webui/net_internals/net_internals_ui.cc index 34f7b1b..613b5277 100644 --- a/chrome/browser/ui/webui/net_internals/net_internals_ui.cc +++ b/chrome/browser/ui/webui/net_internals/net_internals_ui.cc @@ -1389,6 +1389,7 @@ void NetInternalsMessageHandler::OnImportONCFile(const ListValue* list) { chromeos::CrosLibrary::Get()->GetNetworkLibrary(); cros_network->LoadOncNetworks(onc_blob, passcode, chromeos::NetworkUIData::ONC_SOURCE_USER_IMPORT, + false, // allow_web_trust_from_policy &error); // Now that we've added the networks, we need to rescan them so they'll be |