Chromium Code Reviews Chromium Code Reviews
Issue 10823234:
Fix ONC password filtering in about:policy. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/policy/configuration_policy_handler_chromeos.h" | 5 #include "chrome/browser/policy/configuration_policy_handler_chromeos.h" |
| 6 | 6 |
| 7 #include <algorithm> | |
| 7 #include <string> | 8 #include <string> |
| 9 #include <vector> | |
|
Joao da Silva
2012/08/09 09:24:52
Nit: <algorithm> and <vector> not used anymore
Mattias Nissler (ping if slow)
2012/08/09 11:32:42
Done.
| |
| 8 | 10 |
| 9 #include "base/json/json_reader.h" | 11 #include "base/json/json_reader.h" |
| 10 #include "base/json/json_writer.h" | 12 #include "base/json/json_writer.h" |
| 11 #include "base/memory/scoped_ptr.h" | 13 #include "base/memory/scoped_ptr.h" |
| 12 #include "base/string_util.h" | 14 #include "base/string_util.h" |
| 15 #include "base/values.h" | |
| 16 #include "chrome/browser/chromeos/cros/onc_constants.h" | |
| 13 #include "chrome/browser/chromeos/cros/onc_network_parser.h" | 17 #include "chrome/browser/chromeos/cros/onc_network_parser.h" |
| 14 #include "chrome/browser/policy/policy_error_map.h" | 18 #include "chrome/browser/policy/policy_error_map.h" |
| 15 #include "chrome/browser/policy/policy_map.h" | 19 #include "chrome/browser/policy/policy_map.h" |
| 16 #include "chrome/browser/prefs/pref_value_map.h" | 20 #include "chrome/browser/prefs/pref_value_map.h" |
| 17 #include "chrome/browser/ui/ash/chrome_launcher_prefs.h" | 21 #include "chrome/browser/ui/ash/chrome_launcher_prefs.h" |
| 18 #include "chrome/common/pref_names.h" | 22 #include "chrome/common/pref_names.h" |
| 19 #include "grit/generated_resources.h" | 23 #include "grit/generated_resources.h" |
| 20 #include "policy/policy_constants.h" | 24 #include "policy/policy_constants.h" |
| 21 | 25 |
| 26 namespace onc = chromeos::onc; | |
| 27 | |
| 22 namespace policy { | 28 namespace policy { |
| 23 | 29 |
| 24 NetworkConfigurationPolicyHandler::NetworkConfigurationPolicyHandler( | 30 NetworkConfigurationPolicyHandler::NetworkConfigurationPolicyHandler( |
| 25 const char* policy_name, | 31 const char* policy_name, |
| 26 chromeos::NetworkUIData::ONCSource onc_source) | 32 chromeos::NetworkUIData::ONCSource onc_source) |
| 27 : TypeCheckingPolicyHandler(policy_name, Value::TYPE_STRING), | 33 : TypeCheckingPolicyHandler(policy_name, base::Value::TYPE_STRING), |
| 28 onc_source_(onc_source) {} | 34 onc_source_(onc_source) {} |
| 29 | 35 |
| 30 NetworkConfigurationPolicyHandler::~NetworkConfigurationPolicyHandler() {} | 36 NetworkConfigurationPolicyHandler::~NetworkConfigurationPolicyHandler() {} |
| 31 | 37 |
| 32 bool NetworkConfigurationPolicyHandler::CheckPolicySettings( | 38 bool NetworkConfigurationPolicyHandler::CheckPolicySettings( |
| 33 const PolicyMap& policies, | 39 const PolicyMap& policies, |
| 34 PolicyErrorMap* errors) { | 40 PolicyErrorMap* errors) { |
| 35 const Value* value; | 41 const base::Value* value; |
| 36 if (!CheckAndGetValue(policies, errors, &value)) | 42 if (!CheckAndGetValue(policies, errors, &value)) |
| 37 return false; | 43 return false; |
| 38 | 44 |
| 39 if (value) { | 45 if (value) { |
| 40 std::string onc_blob; | 46 std::string onc_blob; |
| 41 value->GetAsString(&onc_blob); | 47 value->GetAsString(&onc_blob); |
| 42 // Policy-based ONC blobs cannot have a passphrase. | 48 // Policy-based ONC blobs cannot have a passphrase. |
| 43 chromeos::OncNetworkParser parser(onc_blob, "", onc_source_); | 49 chromeos::OncNetworkParser parser(onc_blob, "", onc_source_); |
| 44 if (!parser.parse_error().empty()) { | 50 if (!parser.parse_error().empty()) { |
| 45 errors->AddError(policy_name(), | 51 errors->AddError(policy_name(), |
| (...skipping 11 matching lines...) Expand all Loading... | |
| 57 PrefValueMap* prefs) { | 63 PrefValueMap* prefs) { |
| 58 // Network policy is read directly from the provider and injected into | 64 // Network policy is read directly from the provider and injected into |
| 59 // NetworkLibrary, so no need to convert the policy settings into prefs. | 65 // NetworkLibrary, so no need to convert the policy settings into prefs. |
| 60 } | 66 } |
| 61 | 67 |
| 62 void NetworkConfigurationPolicyHandler::PrepareForDisplaying( | 68 void NetworkConfigurationPolicyHandler::PrepareForDisplaying( |
| 63 PolicyMap* policies) const { | 69 PolicyMap* policies) const { |
| 64 const PolicyMap::Entry* entry = policies->Get(policy_name()); | 70 const PolicyMap::Entry* entry = policies->Get(policy_name()); |
| 65 if (!entry) | 71 if (!entry) |
| 66 return; | 72 return; |
| 67 Value* sanitized_config = SanitizeNetworkConfig(entry->value); | 73 base::Value* sanitized_config = SanitizeNetworkConfig(entry->value); |
| 68 if (!sanitized_config) | 74 if (!sanitized_config) |
| 69 sanitized_config = Value::CreateNullValue(); | 75 sanitized_config = base::Value::CreateNullValue(); |
| 70 | 76 |
| 71 policies->Set(policy_name(), entry->level, entry->scope, sanitized_config); | 77 policies->Set(policy_name(), entry->level, entry->scope, sanitized_config); |
| 72 } | 78 } |
| 73 | 79 |
| 74 // static | 80 // static |
| 75 Value* NetworkConfigurationPolicyHandler::SanitizeNetworkConfig( | 81 base::Value* NetworkConfigurationPolicyHandler::SanitizeNetworkConfig( |
| 76 const Value* config) { | 82 const base::Value* config) { |
| 77 std::string json_string; | 83 std::string json_string; |
| 78 if (!config->GetAsString(&json_string)) | 84 if (!config->GetAsString(&json_string)) |
| 79 return NULL; | 85 return NULL; |
| 80 | 86 |
| 81 scoped_ptr<Value> json_value( | 87 scoped_ptr<Value> json_value( |
| 82 base::JSONReader::Read(json_string, base::JSON_ALLOW_TRAILING_COMMAS)); | 88 base::JSONReader::Read(json_string, base::JSON_ALLOW_TRAILING_COMMAS)); |
| 83 if (!json_value.get() || !json_value->IsType(base::Value::TYPE_DICTIONARY)) | 89 if (!json_value.get() || !json_value->IsType(base::Value::TYPE_DICTIONARY)) |
| 84 return NULL; | 90 return NULL; |
| 85 | 91 |
| 86 DictionaryValue* config_dict = | 92 DictionaryValue* config_dict = |
|
Joao da Silva
2012/08/09 09:24:52
Nit: base::
Mattias Nissler (ping if slow)
2012/08/09 11:32:42
Done.
| |
| 87 static_cast<DictionaryValue*>(json_value.get()); | 93 static_cast<DictionaryValue*>(json_value.get()); |
|
Joao da Silva
2012/08/09 09:24:52
Nit: base::
Mattias Nissler (ping if slow)
2012/08/09 11:32:42
Done.
| |
| 88 | 94 |
| 89 // Strip any sensitive information from the JSON dictionary. | 95 // Strip any sensitive information from the JSON dictionary. |
| 90 base::ListValue* config_list = NULL; | 96 base::ListValue* config_list = NULL; |
| 91 if (config_dict->GetList("NetworkConfigurations", &config_list)) { | 97 if (config_dict->GetList("NetworkConfigurations", &config_list)) { |
| 92 for (base::ListValue::const_iterator network_entry = config_list->begin(); | 98 for (base::ListValue::const_iterator network_entry = config_list->begin(); |
| 93 network_entry != config_list->end(); | 99 network_entry != config_list->end(); |
| 94 ++network_entry) { | 100 ++network_entry) { |
| 95 if ((*network_entry) && | 101 if ((*network_entry) && |
| 96 (*network_entry)->IsType(base::Value::TYPE_DICTIONARY)) { | 102 (*network_entry)->IsType(base::Value::TYPE_DICTIONARY)) { |
| 97 StripSensitiveValues(static_cast<DictionaryValue*>(*network_entry)); | 103 MaskSensitiveValues(static_cast<DictionaryValue*>(*network_entry)); |
|
Joao da Silva
2012/08/09 09:24:52
Nit: base::
Mattias Nissler (ping if slow)
2012/08/09 11:32:42
Done.
| |
| 98 } | 104 } |
| 99 } | 105 } |
| 100 } | 106 } |
| 101 | 107 |
| 102 // Convert back to a string, pretty printing the contents. | 108 // Convert back to a string, pretty printing the contents. |
| 103 base::JSONWriter::WriteWithOptions(config_dict, | 109 base::JSONWriter::WriteWithOptions(config_dict, |
| 104 base::JSONWriter::OPTIONS_DO_NOT_ESCAPE | | 110 base::JSONWriter::OPTIONS_DO_NOT_ESCAPE | |
| 105 base::JSONWriter::OPTIONS_PRETTY_PRINT, | 111 base::JSONWriter::OPTIONS_PRETTY_PRINT, |
| 106 &json_string); | 112 &json_string); |
| 107 return Value::CreateStringValue(json_string); | 113 return Value::CreateStringValue(json_string); |
|
Joao da Silva
2012/08/09 09:24:52
Nit: base::
Mattias Nissler (ping if slow)
2012/08/09 11:32:42
Done.
| |
| 108 } | 114 } |
| 109 | 115 |
| 110 // static | 116 // static |
| 111 void NetworkConfigurationPolicyHandler::StripSensitiveValues( | 117 void NetworkConfigurationPolicyHandler::MaskSensitiveValues( |
| 112 DictionaryValue* network_dict) { | 118 DictionaryValue* network_dict) { |
|
Joao da Silva
2012/08/09 09:24:52
Nit: base::
Mattias Nissler (ping if slow)
2012/08/09 11:32:42
Done.
| |
| 113 // List of settings we filter from the network dictionary. | 119 // Paths of the properties to be replaced by the placeholder. Each entry |
| 114 static const char* kFilteredSettings[] = { | 120 // specifies dictionary key paths and must be terminated by a NULL element. |
| 115 "WiFi.Passphrase", | 121 static const int kMaxComponents = 4; |
| 116 "IPsec.EAP.Password", | 122 static const char* kFilteredSettings[][kMaxComponents] = { |
| 117 "IPsec.EAP.Password", | 123 { onc::kEthernet, onc::ethernet::kEAP, onc::eap::kPassword }, |
| 118 "IPsec.XAUTH.Password", | 124 { onc::kVPN, onc::vpn::kIPsec, onc::vpn::kPSK }, |
| 119 "L2TP.Password", | 125 { onc::kVPN, onc::vpn::kL2TP, onc::vpn::kPassword }, |
| 126 { onc::kVPN, onc::vpn::kOpenVPN, onc::vpn::kPassword }, | |
| 127 { onc::kWiFi, onc::wifi::kEAP, onc::eap::kPassword }, | |
| 128 { onc::kWiFi, onc::wifi::kPassphrase }, | |
| 120 }; | 129 }; |
| 130 | |
| 121 // Placeholder to insert in place of the filtered setting. | 131 // Placeholder to insert in place of the filtered setting. |
| 122 static const char kPlaceholder[] = "********"; | 132 static const char kPlaceholder[] = "********"; |
| 123 | 133 |
| 124 for (size_t i = 0; i < arraysize(kFilteredSettings); ++i) { | 134 for (size_t i = 0; i < arraysize(kFilteredSettings); ++i) { |
| 125 if (network_dict->Remove(kFilteredSettings[i], NULL)) { | 135 const char** path = kFilteredSettings[i]; |
| 126 network_dict->Set(kFilteredSettings[i], | 136 base::DictionaryValue* dict = network_dict; |
| 127 Value::CreateStringValue(kPlaceholder)); | 137 int j = 0; |
| 138 for (j = 0; path[j + 1] != NULL; ++j) { | |
| 139 if (!dict->GetDictionaryWithoutPathExpansion(path[j], &dict)) { | |
| 140 dict = NULL; | |
| 141 break; | |
| 142 } | |
| 143 } | |
| 144 if (dict && dict->RemoveWithoutPathExpansion(path[j], NULL)) { | |
| 145 dict->SetWithoutPathExpansion( | |
| 146 path[j], base::Value::CreateStringValue(kPlaceholder)); | |
| 128 } | 147 } |
| 129 } | 148 } |
| 130 } | 149 } |
| 131 | 150 |
| 132 PinnedLauncherAppsPolicyHandler::PinnedLauncherAppsPolicyHandler() | 151 PinnedLauncherAppsPolicyHandler::PinnedLauncherAppsPolicyHandler() |
| 133 : ExtensionListPolicyHandler(key::kPinnedLauncherApps, | 152 : ExtensionListPolicyHandler(key::kPinnedLauncherApps, |
| 134 prefs::kPinnedLauncherApps, | 153 prefs::kPinnedLauncherApps, |
| 135 false) {} | 154 false) {} |
| 136 | 155 |
| 137 PinnedLauncherAppsPolicyHandler::~PinnedLauncherAppsPolicyHandler() {} | 156 PinnedLauncherAppsPolicyHandler::~PinnedLauncherAppsPolicyHandler() {} |
| (...skipping 13 matching lines...) Expand all Loading... | |
| 151 base::DictionaryValue* app_dict = new base::DictionaryValue(); | 170 base::DictionaryValue* app_dict = new base::DictionaryValue(); |
| 152 app_dict->SetString(ash::kPinnedAppsPrefAppIDPath, id); | 171 app_dict->SetString(ash::kPinnedAppsPrefAppIDPath, id); |
| 153 pinned_apps_list->Append(app_dict); | 172 pinned_apps_list->Append(app_dict); |
| 154 } | 173 } |
| 155 } | 174 } |
| 156 prefs->SetValue(pref_path(), pinned_apps_list); | 175 prefs->SetValue(pref_path(), pinned_apps_list); |
| 157 } | 176 } |
| 158 } | 177 } |
| 159 | 178 |
| 160 } // namespace policy | 179 } // namespace policy |
| OLD | NEW |
