Chromium Code Reviews Chromium Code Reviews
Issue 11469026:
Extending ONC validator's logging. Completing toplevel validation. (Closed)
Base URL: http://git.chromium.org/chromium/src.git@add_error_handling_to_validator| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/cros/network_library_impl_base.h" | 5 #include "chrome/browser/chromeos/cros/network_library_impl_base.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/json/json_reader.h" | 8 #include "base/json/json_reader.h" |
| 9 #include "base/memory/scoped_vector.h" | 9 #include "base/memory/scoped_vector.h" |
| 10 #include "base/stl_util.h" | 10 #include "base/stl_util.h" |
| (...skipping 1007 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1018 ConnectToWifiNetwork(wifi); | 1018 ConnectToWifiNetwork(wifi); |
| 1019 break; | 1019 break; |
| 1020 } | 1020 } |
| 1021 } | 1021 } |
| 1022 } | 1022 } |
| 1023 | 1023 |
| 1024 bool NetworkLibraryImplBase::LoadOncNetworks(const std::string& onc_blob, | 1024 bool NetworkLibraryImplBase::LoadOncNetworks(const std::string& onc_blob, |
| 1025 const std::string& passphrase, | 1025 const std::string& passphrase, |
| 1026 onc::ONCSource source, | 1026 onc::ONCSource source, |
| 1027 bool allow_web_trust_from_policy) { | 1027 bool allow_web_trust_from_policy) { |
| 1028 VLOG(2) << __func__ << ": called on " << onc_blob; | |
| 1028 NetworkProfile* profile = NULL; | 1029 NetworkProfile* profile = NULL; |
| 1029 bool from_policy = (source == onc::ONC_SOURCE_USER_POLICY || | 1030 bool from_policy = (source == onc::ONC_SOURCE_USER_POLICY || |
| 1030 source == onc::ONC_SOURCE_DEVICE_POLICY); | 1031 source == onc::ONC_SOURCE_DEVICE_POLICY); |
| 1031 | 1032 |
| 1032 // Policies are applied to a specific Shill profile. User ONC import however | 1033 // Policies are applied to a specific Shill profile. User ONC import however |
| 1033 // is applied to whatever profile Shill chooses. This should be the profile | 1034 // is applied to whatever profile Shill chooses. This should be the profile |
| 1034 // that is already associated with a network and if no profile is associated | 1035 // that is already associated with a network and if no profile is associated |
| 1035 // yet, it should be the user profile. | 1036 // yet, it should be the user profile. |
| 1036 if (from_policy) { | 1037 if (from_policy) { |
| 1037 profile = GetProfileForType(GetProfileTypeForSource(source)); | 1038 profile = GetProfileForType(GetProfileTypeForSource(source)); |
| 1038 if (profile == NULL) { | 1039 if (profile == NULL) { |
| 1039 DLOG(WARNING) << "Profile for ONC source " | 1040 VLOG(2) << "Profile for ONC source " << onc::GetSourceAsString(source) |
| 1040 << onc::GetSourceAsString(source) | 1041 << " doesn't exist."; |
| 1041 << " doesn't exist."; | 1042 return true; |
|
pastarmovj
2012/12/13 10:15:44
Is this correct change?
pneubeck (no reviews)
2012/12/13 14:10:03
Yes. That case occurs regularly (depending on whic
| |
| 1042 return false; | |
| 1043 } | 1043 } |
| 1044 } | 1044 } |
| 1045 | 1045 |
| 1046 VLOG(2) << __func__ << ": called on " << onc_blob; | |
| 1047 scoped_ptr<base::DictionaryValue> root_dict = | 1046 scoped_ptr<base::DictionaryValue> root_dict = |
| 1048 onc::ReadDictionaryFromJson(onc_blob); | 1047 onc::ReadDictionaryFromJson(onc_blob); |
| 1049 if (root_dict.get() == NULL) { | 1048 if (root_dict.get() == NULL) { |
| 1050 LOG(WARNING) << "ONC loaded from " << onc::GetSourceAsString(source) | 1049 LOG(ERROR) << "ONC loaded from " << onc::GetSourceAsString(source) |
| 1051 << " is not a valid JSON dictionary."; | 1050 << " is not a valid JSON dictionary."; |
| 1052 return false; | 1051 return false; |
| 1053 } | 1052 } |
| 1054 | 1053 |
| 1055 // Check and see if this is an encrypted ONC file. If so, decrypt it. | 1054 // Check and see if this is an encrypted ONC file. If so, decrypt it. |
| 1056 std::string onc_type; | 1055 std::string onc_type; |
| 1057 root_dict->GetStringWithoutPathExpansion(onc::kType, &onc_type); | 1056 root_dict->GetStringWithoutPathExpansion(onc::kType, &onc_type); |
| 1058 if (onc_type == onc::kEncryptedConfiguration) { | 1057 if (onc_type == onc::kEncryptedConfiguration) { |
| 1059 root_dict = onc::Decrypt(passphrase, *root_dict); | 1058 root_dict = onc::Decrypt(passphrase, *root_dict); |
| 1060 if (root_dict.get() == NULL) { | 1059 if (root_dict.get() == NULL) { |
| 1061 LOG(WARNING) << "Couldn't decrypt the ONC from " | 1060 LOG(ERROR) << "Couldn't decrypt the ONC from " |
| 1062 << onc::GetSourceAsString(source); | 1061 << onc::GetSourceAsString(source); |
| 1063 return false; | 1062 return false; |
| 1064 } | 1063 } |
| 1065 } | 1064 } |
| 1066 | 1065 |
| 1067 // Validate the ONC dictionary. We are liberal and ignore unknown field | 1066 // Validate the ONC dictionary. We are liberal and ignore unknown field |
| 1068 // names and ignore invalid field names in kRecommended arrays. | 1067 // names and ignore invalid field names in kRecommended arrays. |
| 1069 onc::Validator validator(false, // Ignore unknown fields. | 1068 onc::Validator validator(false, // Ignore unknown fields. |
| 1070 false, // Ignore invalid recommended field names. | 1069 false, // Ignore invalid recommended field names. |
| 1071 true, // Fail on missing fields. | 1070 true, // Fail on missing fields. |
| 1072 from_policy); | 1071 from_policy); |
| 1073 | 1072 |
| 1074 // Unknown fields are removed from the result. | 1073 // Unknown fields are removed from the result. |
| 1074 onc::Validator::Result validation_result; | |
| 1075 root_dict = validator.ValidateAndRepairObject( | 1075 root_dict = validator.ValidateAndRepairObject( |
| 1076 &onc::kUnencryptedConfigurationSignature, | 1076 &onc::kToplevelConfigurationSignature, *root_dict, &validation_result); |
| 1077 *root_dict); | |
| 1078 | 1077 |
| 1079 if (root_dict.get() == NULL) { | 1078 if (validation_result == onc::Validator::VALID_WITH_WARNINGS) { |
| 1080 LOG(WARNING) << "ONC from source " << source | 1079 LOG(WARNING) << "ONC from " << onc::GetSourceAsString(source) |
| 1081 << " is invalid and couldn't be repaired."; | 1080 << " produced warnings."; |
| 1081 } else if (validation_result == onc::Validator::INVALID || | |
| 1082 root_dict.get() == NULL) { | |
| 1083 LOG(ERROR) << "ONC from " << onc::GetSourceAsString(source) | |
| 1084 << " is invalid and couldn't be repaired."; | |
| 1082 return false; | 1085 return false; |
| 1083 } | 1086 } |
| 1084 | 1087 |
| 1085 const base::ListValue* certificates; | 1088 const base::ListValue* certificates; |
| 1086 bool has_certificates = | 1089 bool has_certificates = |
| 1087 root_dict->GetListWithoutPathExpansion(onc::kCertificates, &certificates); | 1090 root_dict->GetListWithoutPathExpansion(onc::kCertificates, &certificates); |
| 1088 | 1091 |
| 1089 const base::ListValue* network_configs; | 1092 const base::ListValue* network_configs; |
| 1090 bool has_network_configurations = root_dict->GetListWithoutPathExpansion( | 1093 bool has_network_configurations = root_dict->GetListWithoutPathExpansion( |
| 1091 onc::kNetworkConfigurations, | 1094 onc::kNetworkConfigurations, |
| 1092 &network_configs); | 1095 &network_configs); |
| 1093 | 1096 |
| 1094 // At least one of NetworkConfigurations or Certificates is required. | |
| 1095 LOG_IF(WARNING, (!has_network_configurations && !has_certificates)) | |
| 1096 << "ONC from source " << source | |
| 1097 << " has neither NetworkConfigurations nor Certificates."; | |
| 1098 | |
| 1099 if (has_certificates) { | 1097 if (has_certificates) { |
| 1100 VLOG(2) << "ONC file has " << certificates->GetSize() << " certificates"; | 1098 VLOG(2) << "ONC file has " << certificates->GetSize() << " certificates"; |
| 1101 | 1099 |
| 1102 onc::CertificateImporter cert_importer(source, allow_web_trust_from_policy); | 1100 onc::CertificateImporter cert_importer(source, allow_web_trust_from_policy); |
| 1103 if (cert_importer.ParseAndStoreCertificates(*certificates) != | 1101 if (cert_importer.ParseAndStoreCertificates(*certificates) != |
| 1104 onc::CertificateImporter::IMPORT_OK) { | 1102 onc::CertificateImporter::IMPORT_OK) { |
| 1105 LOG(WARNING) << "Cannot parse some of the certificates in the ONC from " | 1103 LOG(ERROR) << "Cannot parse some of the certificates in the ONC from " |
| 1106 << onc::GetSourceAsString(source); | 1104 << onc::GetSourceAsString(source); |
|
Joao da Silva
2012/12/13 09:51:35
nit: indent
pastarmovj
2012/12/13 10:15:44
Align the <<
pneubeck (no reviews)
2012/12/13 14:10:03
Done.
pneubeck (no reviews)
2012/12/13 14:10:03
Done.
| |
| 1107 return false; | 1105 return false; |
| 1108 } | 1106 } |
| 1109 } | 1107 } |
| 1110 | 1108 |
| 1111 std::set<std::string> removal_ids; | 1109 std::set<std::string> removal_ids; |
| 1112 std::set<std::string>& network_ids(network_source_map_[source]); | 1110 std::set<std::string>& network_ids(network_source_map_[source]); |
| 1113 network_ids.clear(); | 1111 network_ids.clear(); |
| 1114 if (has_network_configurations) { | 1112 if (has_network_configurations) { |
| 1115 VLOG(2) << "ONC file has " << network_configs->GetSize() << " networks"; | 1113 VLOG(2) << "ONC file has " << network_configs->GetSize() << " networks"; |
| 1116 OncNetworkParser parser(*network_configs, source); | 1114 OncNetworkParser parser(*network_configs, source); |
| 1117 | 1115 |
| 1118 // Parse all networks. Bail out if that fails. | 1116 // Parse all networks. Bail out if that fails. |
| 1119 NetworkOncMap added_onc_map; | 1117 NetworkOncMap added_onc_map; |
| 1120 ScopedVector<Network> networks; | 1118 ScopedVector<Network> networks; |
| 1121 for (int i = 0; i < parser.GetNetworkConfigsSize(); i++) { | 1119 for (int i = 0; i < parser.GetNetworkConfigsSize(); i++) { |
| 1122 // Parse Open Network Configuration blob into a temporary Network object. | 1120 // Parse Open Network Configuration blob into a temporary Network object. |
| 1123 bool marked_for_removal = false; | 1121 bool marked_for_removal = false; |
| 1124 Network* network = parser.ParseNetwork(i, &marked_for_removal); | 1122 Network* network = parser.ParseNetwork(i, &marked_for_removal); |
| 1125 if (!network) { | 1123 if (!network) { |
| 1126 LOG(WARNING) << "Error during parsing network at index " << i | 1124 LOG(ERROR) << "Error during ONC parsing network at index " << i |
|
pastarmovj
2012/12/13 10:15:44
Ditto.
pneubeck (no reviews)
2012/12/13 14:10:03
Done.
| |
| 1127 << " from ONC source " << onc::GetSourceAsString(source); | 1125 << " from " << onc::GetSourceAsString(source); |
|
Joao da Silva
2012/12/13 09:51:35
nit: indent
pneubeck (no reviews)
2012/12/13 14:10:03
Done.
| |
| 1128 return false; | 1126 return false; |
| 1129 } | 1127 } |
| 1130 | 1128 |
| 1131 // Disallow anything but WiFi and Ethernet for device-level policy (which | 1129 // Disallow anything but WiFi and Ethernet for device-level policy (which |
| 1132 // corresponds to shared networks). See also http://crosbug.com/28741. | 1130 // corresponds to shared networks). See also http://crosbug.com/28741. |
| 1133 if (source == onc::ONC_SOURCE_DEVICE_POLICY && | 1131 if (source == onc::ONC_SOURCE_DEVICE_POLICY && |
| 1134 network->type() != TYPE_WIFI && | 1132 network->type() != TYPE_WIFI && |
| 1135 network->type() != TYPE_ETHERNET) { | 1133 network->type() != TYPE_ETHERNET) { |
| 1136 LOG(WARNING) << "Ignoring device-level policy-pushed network of type " | 1134 LOG(WARNING) << "Ignoring device-level policy-pushed network of type " |
| 1137 << network->type(); | 1135 << network->type(); |
| (...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1188 // Set the appropriate profile for |source|. | 1186 // Set the appropriate profile for |source|. |
| 1189 if (profile != NULL) | 1187 if (profile != NULL) |
| 1190 dict.SetString(flimflam::kProfileProperty, profile->path); | 1188 dict.SetString(flimflam::kProfileProperty, profile->path); |
| 1191 | 1189 |
| 1192 // For Ethernet networks, apply them to the current Ethernet service. | 1190 // For Ethernet networks, apply them to the current Ethernet service. |
| 1193 if (network->type() == TYPE_ETHERNET) { | 1191 if (network->type() == TYPE_ETHERNET) { |
| 1194 const EthernetNetwork* ethernet = ethernet_network(); | 1192 const EthernetNetwork* ethernet = ethernet_network(); |
| 1195 if (ethernet) { | 1193 if (ethernet) { |
| 1196 CallConfigureService(ethernet->unique_id(), &dict); | 1194 CallConfigureService(ethernet->unique_id(), &dict); |
| 1197 } else { | 1195 } else { |
| 1198 DLOG(WARNING) << "Tried to import ONC with an Ethernet network when " | 1196 LOG(WARNING) << "Tried to import ONC with an Ethernet network when " |
| 1199 << "there is no active Ethernet connection."; | 1197 << "there is no active Ethernet connection."; |
| 1200 } | 1198 } |
| 1201 } else { | 1199 } else { |
| 1202 CallConfigureService(network->unique_id(), &dict); | 1200 CallConfigureService(network->unique_id(), &dict); |
| 1203 } | 1201 } |
| 1204 | 1202 |
| 1205 network_ids.insert(network->unique_id()); | 1203 network_ids.insert(network->unique_id()); |
| 1206 } | 1204 } |
| 1207 } | 1205 } |
| 1208 | 1206 |
| 1209 if (from_policy) { | 1207 if (from_policy) { |
| (...skipping 526 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1736 GetTpmInfo(); | 1734 GetTpmInfo(); |
| 1737 return tpm_slot_; | 1735 return tpm_slot_; |
| 1738 } | 1736 } |
| 1739 | 1737 |
| 1740 const std::string& NetworkLibraryImplBase::GetTpmPin() { | 1738 const std::string& NetworkLibraryImplBase::GetTpmPin() { |
| 1741 GetTpmInfo(); | 1739 GetTpmInfo(); |
| 1742 return tpm_pin_; | 1740 return tpm_pin_; |
| 1743 } | 1741 } |
| 1744 | 1742 |
| 1745 } // namespace chromeos | 1743 } // namespace chromeos |
| OLD | NEW |
