Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(556)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/chromeos/cros/network_library_impl_base.cc

Issue 11578005: Rejecting networks/certificates independently on ONC import and policy loading. (Closed) Base URL: http://git.chromium.org/chromium/src.git@reject_network_independently
Patch Set: Initial patch. Created 8 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « chrome/browser/chromeos/cros/network_library.h ('k') | chrome/browser/policy/network_configuration_updater.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/chromeos/cros/network_library_impl_base.h" 5 #include "chrome/browser/chromeos/cros/network_library_impl_base.h"
6 6
7 #include "base/bind.h" 7 #include "base/bind.h"
8 #include "base/json/json_reader.h" 8 #include "base/json/json_reader.h"
9 #include "base/memory/scoped_vector.h" 9 #include "base/memory/scoped_vector.h"
10 #include "base/stl_util.h" 10 #include "base/stl_util.h"
(...skipping 1067 matching lines...) Expand 10 before | Expand all | Expand 10 after
1078 if (validation_result == onc::Validator::VALID_WITH_WARNINGS) { 1078 if (validation_result == onc::Validator::VALID_WITH_WARNINGS) {
1079 LOG(WARNING) << "ONC from " << onc::GetSourceAsString(source) 1079 LOG(WARNING) << "ONC from " << onc::GetSourceAsString(source)
1080 << " produced warnings."; 1080 << " produced warnings.";
1081 } else if (validation_result == onc::Validator::INVALID || 1081 } else if (validation_result == onc::Validator::INVALID ||
1082 root_dict.get() == NULL) { 1082 root_dict.get() == NULL) {
1083 LOG(ERROR) << "ONC from " << onc::GetSourceAsString(source) 1083 LOG(ERROR) << "ONC from " << onc::GetSourceAsString(source)
1084 << " is invalid and couldn't be repaired."; 1084 << " is invalid and couldn't be repaired.";
1085 return false; 1085 return false;
1086 } 1086 }
1087 1087
1088 bool error_occurred = false;
stevenjb 2012/12/14 01:09:16 nit: 'success = true' would match the return value
1089
1088 const base::ListValue* certificates; 1090 const base::ListValue* certificates;
1089 bool has_certificates = 1091 bool has_certificates =
1090 root_dict->GetListWithoutPathExpansion(onc::kCertificates, &certificates); 1092 root_dict->GetListWithoutPathExpansion(onc::kCertificates, &certificates);
1091 1093
1092 const base::ListValue* network_configs; 1094 const base::ListValue* network_configs;
1093 bool has_network_configurations = root_dict->GetListWithoutPathExpansion( 1095 bool has_network_configurations = root_dict->GetListWithoutPathExpansion(
1094 onc::kNetworkConfigurations, 1096 onc::kNetworkConfigurations,
1095 &network_configs); 1097 &network_configs);
1096 1098
1097 if (has_certificates) { 1099 if (has_certificates) {
1098 VLOG(2) << "ONC file has " << certificates->GetSize() << " certificates"; 1100 VLOG(2) << "ONC file has " << certificates->GetSize() << " certificates";
1099 1101
1100 onc::CertificateImporter cert_importer(source, allow_web_trust_from_policy); 1102 onc::CertificateImporter cert_importer(source, allow_web_trust_from_policy);
1101 if (cert_importer.ParseAndStoreCertificates(*certificates) != 1103 if (cert_importer.ParseAndStoreCertificates(*certificates) !=
1102 onc::CertificateImporter::IMPORT_OK) { 1104 onc::CertificateImporter::IMPORT_OK) {
1103 LOG(ERROR) << "Cannot parse some of the certificates in the ONC from " 1105 LOG(ERROR) << "Cannot parse some of the certificates in the ONC from "
1104 << onc::GetSourceAsString(source); 1106 << onc::GetSourceAsString(source);
1105 return false; 1107 error_occurred = true;
1106 } 1108 }
1107 } 1109 }
1108 1110
1109 std::set<std::string> removal_ids; 1111 std::set<std::string> removal_ids;
1110 std::set<std::string>& network_ids(network_source_map_[source]); 1112 std::set<std::string>& network_ids(network_source_map_[source]);
1111 network_ids.clear(); 1113 network_ids.clear();
1112 if (has_network_configurations) { 1114 if (has_network_configurations) {
1113 VLOG(2) << "ONC file has " << network_configs->GetSize() << " networks"; 1115 VLOG(2) << "ONC file has " << network_configs->GetSize() << " networks";
1114 OncNetworkParser parser(*network_configs, source); 1116 OncNetworkParser parser(*network_configs, source);
1115 1117
1116 // Parse all networks. Bail out if that fails. 1118 // Parse all networks. Bail out if that fails.
1117 NetworkOncMap added_onc_map; 1119 NetworkOncMap added_onc_map;
1118 ScopedVector<Network> networks; 1120 ScopedVector<Network> networks;
1119 for (int i = 0; i < parser.GetNetworkConfigsSize(); i++) { 1121 for (int i = 0; i < parser.GetNetworkConfigsSize(); i++) {
1120 // Parse Open Network Configuration blob into a temporary Network object. 1122 // Parse Open Network Configuration blob into a temporary Network object.
1121 bool marked_for_removal = false; 1123 bool marked_for_removal = false;
1122 Network* network = parser.ParseNetwork(i, &marked_for_removal); 1124 Network* network = parser.ParseNetwork(i, &marked_for_removal);
1123 if (!network) { 1125 if (!network) {
1124 LOG(ERROR) << "Error during ONC parsing network at index " << i 1126 LOG(ERROR) << "Error during ONC parsing network at index " << i
1125 << " from " << onc::GetSourceAsString(source); 1127 << " from " << onc::GetSourceAsString(source);
1126 return false; 1128 error_occurred = true;
1129 continue;
1127 } 1130 }
1128 1131
1129 // Disallow anything but WiFi and Ethernet for device-level policy (which 1132 // Disallow anything but WiFi and Ethernet for device-level policy (which
1130 // corresponds to shared networks). See also http://crosbug.com/28741. 1133 // corresponds to shared networks). See also http://crosbug.com/28741.
1131 if (source == onc::ONC_SOURCE_DEVICE_POLICY && 1134 if (source == onc::ONC_SOURCE_DEVICE_POLICY &&
1132 network->type() != TYPE_WIFI && 1135 network->type() != TYPE_WIFI &&
1133 network->type() != TYPE_ETHERNET) { 1136 network->type() != TYPE_ETHERNET) {
1134 LOG(WARNING) << "Ignoring device-level policy-pushed network of type " 1137 LOG(WARNING) << "Ignoring device-level policy-pushed network of type "
1135 << network->type(); 1138 << network->type();
1136 delete network; 1139 delete network;
(...skipping 66 matching lines...) Expand 10 before | Expand all | Expand 10 after
1203 network_ids.insert(network->unique_id()); 1206 network_ids.insert(network->unique_id());
1204 } 1207 }
1205 } 1208 }
1206 1209
1207 if (from_policy) { 1210 if (from_policy) {
1208 // For policy-managed networks, go through the list of existing remembered 1211 // For policy-managed networks, go through the list of existing remembered
1209 // networks and clean out the ones that no longer have a definition in the 1212 // networks and clean out the ones that no longer have a definition in the
1210 // ONC blob. We first collect the networks and do the actual deletion later 1213 // ONC blob. We first collect the networks and do the actual deletion later
1211 // because ForgetNetwork() changes the remembered network vectors. 1214 // because ForgetNetwork() changes the remembered network vectors.
1212 ForgetNetworksById(source, network_ids, false); 1215 ForgetNetworksById(source, network_ids, false);
1213 } else if (source == onc::ONC_SOURCE_USER_IMPORT) { 1216 } else if (source == onc::ONC_SOURCE_USER_IMPORT && !removal_ids.empty()) {
1214 if (removal_ids.empty())
1215 return true;
1216
1217 ForgetNetworksById(source, removal_ids, true); 1217 ForgetNetworksById(source, removal_ids, true);
1218 } 1218 }
1219 1219
1220 return true; 1220 return !error_occurred;
1221 } 1221 }
1222 1222
1223 //////////////////////////////////////////////////////////////////////////// 1223 ////////////////////////////////////////////////////////////////////////////
1224 // Testing functions. 1224 // Testing functions.
1225 1225
1226 bool NetworkLibraryImplBase::SetActiveNetwork( 1226 bool NetworkLibraryImplBase::SetActiveNetwork(
1227 ConnectionType type, const std::string& service_path) { 1227 ConnectionType type, const std::string& service_path) {
1228 Network* network = NULL; 1228 Network* network = NULL;
1229 if (!service_path.empty()) 1229 if (!service_path.empty())
1230 network = FindNetworkByPath(service_path); 1230 network = FindNetworkByPath(service_path);
(...skipping 503 matching lines...) Expand 10 before | Expand all | Expand 10 after
1734 GetTpmInfo(); 1734 GetTpmInfo();
1735 return tpm_slot_; 1735 return tpm_slot_;
1736 } 1736 }
1737 1737
1738 const std::string& NetworkLibraryImplBase::GetTpmPin() { 1738 const std::string& NetworkLibraryImplBase::GetTpmPin() {
1739 GetTpmInfo(); 1739 GetTpmInfo();
1740 return tpm_pin_; 1740 return tpm_pin_;
1741 } 1741 }
1742 1742
1743 } // namespace chromeos 1743 } // namespace chromeos
OLDNEW
« no previous file with comments | « chrome/browser/chromeos/cros/network_library.h ('k') | chrome/browser/policy/network_configuration_updater.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698