X-Git-Url: http://review.tizen.org/git/?a=blobdiff_plain;f=src%2Fchrome%2Fbrowser%2Fchromeos%2Fpolicy%2Fenrollment_handler_chromeos.cc;h=334f49f122689a8c0a4f6e710d8352d1700c6fb9;hb=ff3e2503a20db9193d323c1d19c38c68004dec4a;hp=56b013c7a6182ab71d123bae413166f17494feaa;hpb=7338fba38ba696536d1cc9d389afd716a6ab2fe6;p=platform%2Fframework%2Fweb%2Fcrosswalk.git

diff --git a/src/chrome/browser/chromeos/policy/enrollment_handler_chromeos.cc b/src/chrome/browser/chromeos/policy/enrollment_handler_chromeos.cc
index 56b013c..334f49f 100644
--- a/src/chrome/browser/chromeos/policy/enrollment_handler_chromeos.cc
+++ b/src/chrome/browser/chromeos/policy/enrollment_handler_chromeos.cc
@@ -109,13 +109,24 @@ void EnrollmentHandlerChromeOS::OnPolicyFetched(CloudPolicyClient* client) {
 
   validator->ValidateTimestamp(base::Time(), base::Time::NowFromSystemTime(),
                                CloudPolicyValidatorBase::TIMESTAMP_REQUIRED);
-  if (install_attributes_->IsEnterpriseDevice())
-    validator->ValidateDomain(install_attributes_->GetDomain());
+
+  // If this is re-enrollment, make sure that the new policy matches the
+  // previously-enrolled domain.
+  std::string domain;
+  if (install_attributes_->IsEnterpriseDevice()) {
+    domain = install_attributes_->GetDomain();
+    validator->ValidateDomain(domain);
+  }
   validator->ValidateDMToken(client->dm_token(),
                              CloudPolicyValidatorBase::DM_TOKEN_REQUIRED);
   validator->ValidatePolicyType(dm_protocol::kChromeDevicePolicyType);
   validator->ValidatePayload();
-  validator->ValidateInitialKey();
+  // If |domain| is empty here, the policy validation code will just use the
+  // domain from the username field in the policy itself to do key validation.
+  // TODO(mnissler): Plumb the enrolling user's username into this object so
+  // we can validate the username on the resulting policy, and use the domain
+  // from that username to validate the key below (http://crbug.com/343074).
+  validator->ValidateInitialKey(GetPolicyVerificationKey(), domain);
   validator.release()->StartValidation(
       base::Bind(&EnrollmentHandlerChromeOS::PolicyValidated,
                  weak_ptr_factory_.GetWeakPtr()));