chromeos/network/network_connection_handler.cc - Issue 1461823002: Handle device ONC AllowOnlyPolicyNetworksToConnect

Unified Diff: chromeos/network/network_connection_handler.cc

Issue 1461823002: Handle device ONC AllowOnlyPolicyNetworksToConnect (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 5 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: chromeos/network/network_connection_handler.cc

diff --git a/chromeos/network/network_connection_handler.cc b/chromeos/network/network_connection_handler.cc

index e8c49396ba43b295dd1b3b19259b8d0cb5c92a66..47c1f6be5bc0ed3bad3687954fe0adccff134eca 100644

--- a/chromeos/network/network_connection_handler.cc

+++ b/chromeos/network/network_connection_handler.cc

@@ -115,6 +115,8 @@ const char NetworkConnectionHandler::kErrorConnectCanceled[] =

"connect-canceled";

const char NetworkConnectionHandler::kErrorCertLoadTimeout[] =

"cert-load-timeout";

+const char NetworkConnectionHandler::kErrorUnmanagedNetwork[] =

+ "unmanaged-network";

struct NetworkConnectionHandler::ConnectRequest {

ConnectRequest(const std::string& service_path,

@@ -285,6 +287,11 @@ void NetworkConnectionHandler::ConnectToNetwork(

// Connect immediately to 'connectable' networks.

// TODO(stevenjb): Shill needs to properly set Connectable for VPN.

if (network && network->connectable() && network->type() != shill::kTypeVPN) {

+ if (IsNetworkProhibitedByPolicy(network->guid(), network->profile_path())) {

+ ErrorCallbackForPendingRequest(service_path, kErrorUnmanagedNetwork);

+ return;

+ }

CallShillConnect(service_path);

return;

}

@@ -416,6 +423,11 @@ void NetworkConnectionHandler::VerifyConfiguredAndConnect(

const base::DictionaryValue* user_policy =

managed_configuration_handler_->FindPolicyByGuidAndProfile(guid, profile);

+ if (IsNetworkProhibitedByPolicy(guid, profile)) {

+ ErrorCallbackForPendingRequest(service_path, kErrorUnmanagedNetwork);

+ return;

+ }

client_cert::ClientCertConfig cert_config_from_policy;

if (user_policy)

client_cert::OncToClientCertConfig(*user_policy, &cert_config_from_policy);

@@ -523,6 +535,27 @@ void NetworkConnectionHandler::VerifyConfiguredAndConnect(

CallShillConnect(service_path);

}

+bool NetworkConnectionHandler::IsNetworkProhibitedByPolicy(

+ const std::string& guid,

+ const std::string& profile_path) {

+ if (!logged_in_)

+ return false;

+ const base::DictionaryValue* global_network_config =

+ managed_configuration_handler_->GetGlobalConfigFromPolicy(

+ std::string() /* no username hash, device policy */);

+ if (!global_network_config)

+ return false;

+ bool policy_prohibites = false;

+ if (!global_network_config->GetBooleanWithoutPathExpansion(

+ ::onc::global_network_config::kAllowOnlyPolicyNetworksToConnect,

+ &policy_prohibites) ||

+ !policy_prohibites) {

+ return false;

+ }

+ return !managed_configuration_handler_->FindPolicyByGuidAndProfile(

+ guid, profile_path);

void NetworkConnectionHandler::QueueConnectRequest(

const std::string& service_path) {

ConnectRequest* request = GetPendingRequest(service_path);

« no previous file with comments | « chromeos/network/network_connection_handler.h ('k') | chromeos/network/network_connection_handler_unittest.cc » ('j') | no next file with comments »