This source file includes following definitions.
- RemoveFakeCredentials
- IsPolicyMatching
- CreateShillConfiguration
- FindMatchingPolicy
#include "chromeos/network/policy_util.h"
#include "base/logging.h"
#include "base/values.h"
#include "chromeos/network/network_profile.h"
#include "chromeos/network/network_ui_data.h"
#include "chromeos/network/onc/onc_merger.h"
#include "chromeos/network/onc/onc_normalizer.h"
#include "chromeos/network/onc/onc_signature.h"
#include "chromeos/network/onc/onc_translator.h"
#include "chromeos/network/onc/onc_utils.h"
#include "chromeos/network/shill_property_util.h"
#include "components/onc/onc_constants.h"
#include "third_party/cros_system_api/dbus/service_constants.h"
namespace chromeos {
namespace policy_util {
namespace {
const char kFakeCredential[] = "FAKE_CREDENTIAL_VPaJDV9x";
void RemoveFakeCredentials(
const onc::OncValueSignature& signature,
base::DictionaryValue* onc_object) {
base::DictionaryValue::Iterator it(*onc_object);
while (!it.IsAtEnd()) {
base::Value* value = NULL;
std::string field_name = it.key();
onc_object->GetWithoutPathExpansion(field_name, &value);
it.Advance();
base::DictionaryValue* nested_object = NULL;
if (value->GetAsDictionary(&nested_object)) {
const onc::OncFieldSignature* field_signature =
onc::GetFieldSignature(signature, field_name);
if (field_signature)
RemoveFakeCredentials(*field_signature->value_signature, nested_object);
else
LOG(ERROR) << "ONC has unrecoginzed field: " << field_name;
continue;
}
std::string string_value;
if (value->GetAsString(&string_value) &&
onc::FieldIsCredential(signature, field_name)) {
if (string_value == kFakeCredential) {
onc_object->RemoveWithoutPathExpansion(field_name, NULL);
}
}
}
}
bool IsPolicyMatching(const base::DictionaryValue& policy,
const base::DictionaryValue& actual_network) {
std::string policy_type;
policy.GetStringWithoutPathExpansion(::onc::network_config::kType,
&policy_type);
std::string actual_network_type;
actual_network.GetStringWithoutPathExpansion(::onc::network_config::kType,
&actual_network_type);
if (policy_type != actual_network_type)
return false;
if (actual_network_type == ::onc::network_type::kEthernet) {
const base::DictionaryValue* policy_ethernet = NULL;
policy.GetDictionaryWithoutPathExpansion(::onc::network_config::kEthernet,
&policy_ethernet);
const base::DictionaryValue* actual_ethernet = NULL;
actual_network.GetDictionaryWithoutPathExpansion(
::onc::network_config::kEthernet, &actual_ethernet);
if (!policy_ethernet || !actual_ethernet)
return false;
std::string policy_auth;
policy_ethernet->GetStringWithoutPathExpansion(
::onc::ethernet::kAuthentication, &policy_auth);
std::string actual_auth;
actual_ethernet->GetStringWithoutPathExpansion(
::onc::ethernet::kAuthentication, &actual_auth);
return policy_auth == actual_auth;
} else if (actual_network_type == ::onc::network_type::kWiFi) {
const base::DictionaryValue* policy_wifi = NULL;
policy.GetDictionaryWithoutPathExpansion(::onc::network_config::kWiFi,
&policy_wifi);
const base::DictionaryValue* actual_wifi = NULL;
actual_network.GetDictionaryWithoutPathExpansion(
::onc::network_config::kWiFi,
&actual_wifi);
if (!policy_wifi || !actual_wifi)
return false;
std::string policy_ssid;
policy_wifi->GetStringWithoutPathExpansion(::onc::wifi::kSSID,
&policy_ssid);
std::string actual_ssid;
actual_wifi->GetStringWithoutPathExpansion(::onc::wifi::kSSID,
&actual_ssid);
return (policy_ssid == actual_ssid);
}
return false;
}
}
scoped_ptr<base::DictionaryValue> CreateShillConfiguration(
const NetworkProfile& profile,
const std::string& guid,
const base::DictionaryValue* policy,
const base::DictionaryValue* settings) {
scoped_ptr<base::DictionaryValue> effective;
::onc::ONCSource onc_source = ::onc::ONC_SOURCE_NONE;
if (policy) {
if (profile.type() == NetworkProfile::TYPE_SHARED) {
effective = onc::MergeSettingsAndPoliciesToEffective(
NULL,
policy,
NULL,
settings);
onc_source = ::onc::ONC_SOURCE_DEVICE_POLICY;
} else if (profile.type() == NetworkProfile::TYPE_USER) {
effective = onc::MergeSettingsAndPoliciesToEffective(
policy,
NULL,
settings,
NULL);
onc_source = ::onc::ONC_SOURCE_USER_POLICY;
} else {
NOTREACHED();
}
} else if (settings) {
effective.reset(settings->DeepCopy());
onc_source = ::onc::ONC_SOURCE_NONE;
} else {
NOTREACHED();
onc_source = ::onc::ONC_SOURCE_NONE;
}
RemoveFakeCredentials(onc::kNetworkConfigurationSignature,
effective.get());
effective->SetStringWithoutPathExpansion(::onc::network_config::kGUID, guid);
onc::Normalizer normalizer(true );
effective = normalizer.NormalizeObject(&onc::kNetworkConfigurationSignature,
*effective);
scoped_ptr<base::DictionaryValue> shill_dictionary(
onc::TranslateONCObjectToShill(&onc::kNetworkConfigurationSignature,
*effective));
shill_dictionary->SetStringWithoutPathExpansion(shill::kProfileProperty,
profile.path);
scoped_ptr<NetworkUIData> ui_data;
if (policy)
ui_data = NetworkUIData::CreateFromONC(onc_source, *policy);
else
ui_data.reset(new NetworkUIData());
if (settings) {
scoped_ptr<base::DictionaryValue> sanitized_settings(
onc::MaskCredentialsInOncObject(onc::kNetworkConfigurationSignature,
*settings,
kFakeCredential));
ui_data->set_user_settings(sanitized_settings.Pass());
}
shill_property_util::SetUIData(*ui_data, shill_dictionary.get());
VLOG(2) << "Created Shill properties: " << *shill_dictionary;
return shill_dictionary.Pass();
}
const base::DictionaryValue* FindMatchingPolicy(
const GuidToPolicyMap& policies,
const base::DictionaryValue& actual_network) {
for (GuidToPolicyMap::const_iterator it = policies.begin();
it != policies.end(); ++it) {
if (IsPolicyMatching(*it->second, actual_network))
return it->second;
}
return NULL;
}
}
}