chromeos/network/managed_network_configuration_handler.cc - Issue 14192017: Extract certificate policy application from NetworkLibrary.

Side by Side Diff: chromeos/network/managed_network_configuration_handler.cc

Issue 14192017: Extract certificate policy application from NetworkLibrary. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Initial patch. Created 7 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

« chromeos/network/certificate_handler.cc ('K') | « chromeos/network/managed_network_configuration_handler.h ('k') | chromeos/network/managed_network_configuration_handler_unittest.cc » ('j') | chromeos/network/onc/onc_utils.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "chromeos/network/managed_network_configuration_handler.h"	5 #include "chromeos/network/managed_network_configuration_handler.h"

6	6

7 #include <string>	7 #include <string>

8 #include <vector>	8 #include <vector>

9	9

10 #include "base/bind.h"	10 #include "base/bind.h"

(...skipping 781 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
792	792

793 std::set<std::string> remaining_policies_;	793 std::set<std::string> remaining_policies_;

794 base::WeakPtr<ManagedNetworkConfigurationHandler> handler_;	794 base::WeakPtr<ManagedNetworkConfigurationHandler> handler_;

795 std::string profile_path_;	795 std::string profile_path_;

796	796

797 DISALLOW_COPY_AND_ASSIGN(PolicyApplicator);	797 DISALLOW_COPY_AND_ASSIGN(PolicyApplicator);

798 };	798 };

799	799

800 void ManagedNetworkConfigurationHandler::SetPolicy(	800 void ManagedNetworkConfigurationHandler::SetPolicy(

801 onc::ONCSource onc_source,	801 onc::ONCSource onc_source,

802 const base::DictionaryValue& toplevel_onc) {	802 const base::ListValue& network_configs_onc) {

803 VLOG(1) << "Setting policies for ONC source "	803 VLOG(1) << "Setting policies for ONC source "

804 << onc::GetSourceAsString(onc_source) << ".";	804 << onc::GetSourceAsString(onc_source) << ".";

805	805

806 // Validate the ONC dictionary. We are liberal and ignore unknown field

807 // names and ignore invalid field names in kRecommended arrays.

808 onc::Validator validator(false, // Ignore unknown fields.

809 false, // Ignore invalid recommended field names.

810 true, // Fail on missing fields.

811 true); // This ONC comes from policy.

812 validator.SetOncSource(onc_source);

813

814 onc::Validator::Result validation_result;

815 scoped_ptr<base::DictionaryValue> onc_validated =

816 validator.ValidateAndRepairObject(

817 &onc::kToplevelConfigurationSignature,

818 toplevel_onc,

819 &validation_result);

820

821 if (validation_result == onc::Validator::VALID_WITH_WARNINGS) {

822 LOG(WARNING) << "ONC from " << onc::GetSourceAsString(onc_source)

823 << " produced warnings.";

824 } else if (validation_result == onc::Validator::INVALID \|\|

825 onc_validated == NULL) {

826 LOG(ERROR) << "ONC from " << onc::GetSourceAsString(onc_source)

827 << " is invalid and couldn't be repaired.";

828 return;

829 }

830

831 PolicyMap* policies;	806 PolicyMap* policies;

832 std::string profile;	807 std::string profile;

833 if (onc_source == chromeos::onc::ONC_SOURCE_USER_POLICY) {	808 if (onc_source == chromeos::onc::ONC_SOURCE_USER_POLICY) {

834 policies = &user_policies_by_guid_;	809 policies = &user_policies_by_guid_;

835 profile = kUserProfilePath;	810 profile = kUserProfilePath;

836 user_policies_initialized_ = true;	811 user_policies_initialized_ = true;

837 } else {	812 } else {

838 policies = &device_policies_by_guid_;	813 policies = &device_policies_by_guid_;

839 profile = kSharedProfilePath;	814 profile = kSharedProfilePath;

840 device_policies_initialized_ = true;	815 device_policies_initialized_ = true;

841 }	816 }

842	817

843 PolicyMap old_policies;	818 PolicyMap old_policies;

844 policies->swap(old_policies);	819 policies->swap(old_policies);

845	820

846 // This stores all GUIDs of policies that have changed or are new.	821 // This stores all GUIDs of policies that have changed or are new.

847 std::set<std::string> modified_policies;	822 std::set<std::string> modified_policies;

848	823

849 base::ListValue* network_configurations = NULL;	824 for (base::ListValue::const_iterator it = network_configs_onc.begin();

850 onc_validated->GetListWithoutPathExpansion(	825 it != network_configs_onc.end(); ++it) {

851 onc::toplevel_config::kNetworkConfigurations,	826 const base::DictionaryValue* network = NULL;

852 &network_configurations);	827 (*it)->GetAsDictionary(&network);
	stevenjb 2013/04/22 16:53:41 Need to handle if (!GetAsDictionary()) here. Need to handle if (!GetAsDictionary()) here. pneubeck (no reviews) 2013/04/23 18:05:25 The ONC must be validated before calling this func Show quoted text On 2013/04/22 16:53:41, stevenjb (chromium) wrote: > Need to handle if (!GetAsDictionary()) here. The ONC must be validated before calling this function. If this call still doesn't succeed, it will immediately segfault in the next statement. stevenjb 2013/04/23 20:02:59 nit: add DCHECK(network) to document that. Show quoted text On 2013/04/23 18:05:25, pneubeck wrote: > On 2013/04/22 16:53:41, stevenjb (chromium) wrote: > > Need to handle if (!GetAsDictionary()) here. > The ONC must be validated before calling this function. If this call still > doesn't succeed, it will immediately segfault in the next statement. nit: add DCHECK(network) to document that. pneubeck (no reviews) 2013/04/24 11:25:10 Done. Show quoted text On 2013/04/23 20:02:59, stevenjb (chromium) wrote: > On 2013/04/23 18:05:25, pneubeck wrote: > > On 2013/04/22 16:53:41, stevenjb (chromium) wrote: > > > Need to handle if (!GetAsDictionary()) here. > > The ONC must be validated before calling this function. If this call still > > doesn't succeed, it will immediately segfault in the next statement. > nit: add DCHECK(network) to document that. Done.
	828 std::string guid;

	829 network->GetStringWithoutPathExpansion(onc::network_config::kGUID, &guid);
	stevenjb 2013/04/22 16:53:41 Not clear that the logic below will handle an empt Not clear that the logic below will handle an empty guid correctly. You may want to handle !GetStringWithoutPathExpansion() explicitly. pneubeck (no reviews) 2013/04/23 18:05:25 Empty GUIDs are not allowed in ONC. Since this is Show quoted text On 2013/04/22 16:53:41, stevenjb (chromium) wrote: > Not clear that the logic below will handle an empty guid correctly. You may want > to handle !GetStringWithoutPathExpansion() explicitly. Empty GUIDs are not allowed in ONC. Since this is a more implicit rule and wouldn't lead to an immediate crash, I added a DCHECK.
853	830

854 if (network_configurations) {	831 const base::DictionaryValue* old_entry = old_policies[guid];

855 while (!network_configurations->empty()) {	832 const base::DictionaryValue& new_entry = (policies)[guid];

856 base::Value* network_value = NULL;	833 if (new_entry) {
	stevenjb 2013/04/22 16:53:41 This is headache inducing and relies on [] implici This is headache inducing and relies on [] implicitly inserting a NULL entry. I'd prefer something along the lines of 'if (policies->count(guid) > 0) { LOG(ERROR)...; delete policies[guid]; }' pneubeck (no reviews) 2013/04/23 18:05:25 Done. Show quoted text On 2013/04/22 16:53:41, stevenjb (chromium) wrote: > This is headache inducing and relies on [] implicitly inserting a NULL entry. > I'd prefer something along the lines of 'if (policies->count(guid) > 0) { > LOG(ERROR)...; delete policies[guid]; }' Done.
857 // Passes ownership of network_value.	834 LOG(ERROR) << "ONC from " << onc::GetSourceAsString(onc_source)

858 network_configurations->Remove(network_configurations->GetSize() - 1,	835 << " contains several entries for the same GUID "

859 &network_value);	836 << guid << ".";

860 const base::DictionaryValue* network = NULL;	837 delete new_entry;

861 network_value->GetAsDictionary(&network);	838 }

862 std::string guid;	839 new_entry = network->DeepCopy();

863 network->GetStringWithoutPathExpansion(onc::network_config::kGUID,

864 &guid);

865	840

866 const base::DictionaryValue* old_entry = old_policies[guid];	841 if (!old_entry \|\| !old_entry->Equals(new_entry)) {

867 const base::DictionaryValue& new_entry = (policies)[guid];	842 modified_policies.insert(guid);

868 if (new_entry) {

869 LOG(ERROR) << "ONC from " << onc::GetSourceAsString(onc_source)

870 << " contains several entries for the same GUID "

871 << guid << ".";

872 delete new_entry;

873 }

874 new_entry = network;

875

876 if (!old_entry \|\| !old_entry->Equals(new_entry)) {

877 modified_policies.insert(guid);

878 }

879 }	843 }
	stevenjb 2013/04/22 16:53:41 nit: no {} nit: no {} pneubeck (no reviews) 2013/04/23 18:05:25 Done. Show quoted text On 2013/04/22 16:53:41, stevenjb (chromium) wrote: > nit: no {} Done.
880 }	844 }

881	845

882 STLDeleteValues(&old_policies);	846 STLDeleteValues(&old_policies);

883	847

884 scoped_refptr<PolicyApplicator> applicator = new PolicyApplicator(	848 scoped_refptr<PolicyApplicator> applicator = new PolicyApplicator(

885 weak_ptr_factory_.GetWeakPtr(),	849 weak_ptr_factory_.GetWeakPtr(),

886 profile,	850 profile,

887 &modified_policies);	851 &modified_policies);

888 applicator->Run();	852 applicator->Run();

889 }	853 }

(...skipping 15 matching lines...) Expand all Loading...
905 device_policies_initialized_(false),	869 device_policies_initialized_(false),

906 weak_ptr_factory_(ALLOW_THIS_IN_INITIALIZER_LIST(this)) {	870 weak_ptr_factory_(ALLOW_THIS_IN_INITIALIZER_LIST(this)) {

907 }	871 }

908	872

909 ManagedNetworkConfigurationHandler::~ManagedNetworkConfigurationHandler() {	873 ManagedNetworkConfigurationHandler::~ManagedNetworkConfigurationHandler() {

910 STLDeleteValues(&user_policies_by_guid_);	874 STLDeleteValues(&user_policies_by_guid_);

911 STLDeleteValues(&device_policies_by_guid_);	875 STLDeleteValues(&device_policies_by_guid_);

912 }	876 }

913	877

914 } // namespace chromeos	878 } // namespace chromeos

OLD	NEW