Fix ONC password filtering in about:policy.

chrome/browser/policy/configuration_policy_handler_chromeos.cc

Index: chrome/browser/policy/configuration_policy_handler_chromeos.cc
diff --git a/chrome/browser/policy/configuration_policy_handler_chromeos.cc b/chrome/browser/policy/configuration_policy_handler_chromeos.cc
index d9edc6f439443d3e652c1ff08454baa6cde7692a..72493b06d74183f990694d78fac724c254c5c030 100644
--- a/chrome/browser/policy/configuration_policy_handler_chromeos.cc
+++ b/chrome/browser/policy/configuration_policy_handler_chromeos.cc
@@ -4,12 +4,16 @@
 
 #include "chrome/browser/policy/configuration_policy_handler_chromeos.h"
 
+#include <algorithm>
 #include <string>
+#include <vector>

[Joao da Silva, 2012/08/09 09:24:52]

Nit: <algorithm> and <vector> not used anymore

[Mattias Nissler (ping if slow), 2012/08/09 11:32:42]

Done.

 
 #include "base/json/json_reader.h"
 #include "base/json/json_writer.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/string_util.h"
+#include "base/values.h"
+#include "chrome/browser/chromeos/cros/onc_constants.h"
 #include "chrome/browser/chromeos/cros/onc_network_parser.h"
 #include "chrome/browser/policy/policy_error_map.h"
 #include "chrome/browser/policy/policy_map.h"
@@ -19,12 +23,14 @@
 #include "grit/generated_resources.h"
 #include "policy/policy_constants.h"
 
+namespace onc = chromeos::onc;
+
 namespace policy {
 
 NetworkConfigurationPolicyHandler::NetworkConfigurationPolicyHandler(
     const char* policy_name,
     chromeos::NetworkUIData::ONCSource onc_source)
-    : TypeCheckingPolicyHandler(policy_name, Value::TYPE_STRING),
+    : TypeCheckingPolicyHandler(policy_name, base::Value::TYPE_STRING),
       onc_source_(onc_source) {}
 
 NetworkConfigurationPolicyHandler::~NetworkConfigurationPolicyHandler() {}
@@ -32,7 +38,7 @@ NetworkConfigurationPolicyHandler::~NetworkConfigurationPolicyHandler() {}
 bool NetworkConfigurationPolicyHandler::CheckPolicySettings(
     const PolicyMap& policies,
     PolicyErrorMap* errors) {
-  const Value* value;
+  const base::Value* value;
   if (!CheckAndGetValue(policies, errors, &value))
     return false;
 
@@ -64,16 +70,16 @@ void NetworkConfigurationPolicyHandler::PrepareForDisplaying(
   const PolicyMap::Entry* entry = policies->Get(policy_name());
   if (!entry)
     return;
-  Value* sanitized_config = SanitizeNetworkConfig(entry->value);
+  base::Value* sanitized_config = SanitizeNetworkConfig(entry->value);
   if (!sanitized_config)
-    sanitized_config = Value::CreateNullValue();
+    sanitized_config = base::Value::CreateNullValue();
 
   policies->Set(policy_name(), entry->level, entry->scope, sanitized_config);
 }
 
 // static
-Value* NetworkConfigurationPolicyHandler::SanitizeNetworkConfig(
-    const Value* config) {
+base::Value* NetworkConfigurationPolicyHandler::SanitizeNetworkConfig(
+    const base::Value* config) {
   std::string json_string;
   if (!config->GetAsString(&json_string))
     return NULL;
@@ -94,7 +100,7 @@ Value* NetworkConfigurationPolicyHandler::SanitizeNetworkConfig(
          ++network_entry) {
       if ((*network_entry) &&
           (*network_entry)->IsType(base::Value::TYPE_DICTIONARY)) {
-        StripSensitiveValues(static_cast<DictionaryValue*>(*network_entry));
+        MaskSensitiveValues(static_cast<DictionaryValue*>(*network_entry));

[Joao da Silva, 2012/08/09 09:24:52]

Nit: base::

[Mattias Nissler (ping if slow), 2012/08/09 11:32:42]

Done.

       }
     }
   }
@@ -108,23 +114,36 @@ Value* NetworkConfigurationPolicyHandler::SanitizeNetworkConfig(
 }
 
 // static
-void NetworkConfigurationPolicyHandler::StripSensitiveValues(
+void NetworkConfigurationPolicyHandler::MaskSensitiveValues(
     DictionaryValue* network_dict) {

[Joao da Silva, 2012/08/09 09:24:52]

Nit: base::

[Mattias Nissler (ping if slow), 2012/08/09 11:32:42]

Done.

-  // List of settings we filter from the network dictionary.
-  static const char* kFilteredSettings[] = {
-    "WiFi.Passphrase",
-    "IPsec.EAP.Password",
-    "IPsec.EAP.Password",
-    "IPsec.XAUTH.Password",
-    "L2TP.Password",
+  // Paths of the properties to be replaced by the placeholder. Each entry
+  // specifies dictionary key paths and must be terminated by a NULL element.
+  static const int kMaxComponents = 4;
+  static const char* kFilteredSettings[][kMaxComponents] = {
+    { onc::kEthernet, onc::ethernet::kEAP, onc::eap::kPassword },
+    { onc::kVPN, onc::vpn::kIPsec, onc::vpn::kPSK },
+    { onc::kVPN, onc::vpn::kL2TP, onc::vpn::kPassword },
+    { onc::kVPN, onc::vpn::kOpenVPN, onc::vpn::kPassword },
+    { onc::kWiFi, onc::wifi::kEAP, onc::eap::kPassword },
+    { onc::kWiFi, onc::wifi::kPassphrase },
   };
+
   // Placeholder to insert in place of the filtered setting.
   static const char kPlaceholder[] = "********";
 
   for (size_t i = 0; i < arraysize(kFilteredSettings); ++i) {
-    if (network_dict->Remove(kFilteredSettings[i], NULL)) {
-      network_dict->Set(kFilteredSettings[i],
-                        Value::CreateStringValue(kPlaceholder));
+    const char** path = kFilteredSettings[i];
+    base::DictionaryValue* dict = network_dict;
+    int j = 0;
+    for (j = 0; path[j + 1] != NULL; ++j) {
+      if (!dict->GetDictionaryWithoutPathExpansion(path[j], &dict)) {
+        dict = NULL;
+        break;
+      }
+    }
+    if (dict && dict->RemoveWithoutPathExpansion(path[j], NULL)) {
+      dict->SetWithoutPathExpansion(
+          path[j], base::Value::CreateStringValue(kPlaceholder));
     }
   }
 }