| OLD | NEW |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chromeos/network/onc/onc_validator.h" | 5 #include "chromeos/network/onc/onc_validator.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <string> | 8 #include <string> |
| 9 | 9 |
| 10 #include "base/json/json_writer.h" | 10 #include "base/json/json_writer.h" |
| (...skipping 367 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 378 error_or_warning_found_ = true; | 378 error_or_warning_found_ = true; |
| 379 std::string message = MessageHeader() + "The required field '" + field_name + | 379 std::string message = MessageHeader() + "The required field '" + field_name + |
| 380 "' is missing."; | 380 "' is missing."; |
| 381 if (error_on_missing_field_) | 381 if (error_on_missing_field_) |
| 382 LOG(ERROR) << message; | 382 LOG(ERROR) << message; |
| 383 else | 383 else |
| 384 LOG(WARNING) << message; | 384 LOG(WARNING) << message; |
| 385 return false; | 385 return false; |
| 386 } | 386 } |
| 387 | 387 |
| 388 // Prohibit certificate patterns for device policy ONC so that an unmanaged user | |
| 389 // won't have a certificate presented for them involuntarily. | |
| 390 bool Validator::CertPatternInDevicePolicy(const std::string& cert_type) { | 388 bool Validator::CertPatternInDevicePolicy(const std::string& cert_type) { |
| 391 if (cert_type == ::onc::certificate::kPattern && | 389 if (cert_type == ::onc::certificate::kPattern && |
| 392 onc_source_ == ::onc::ONC_SOURCE_DEVICE_POLICY) { | 390 onc_source_ == ::onc::ONC_SOURCE_DEVICE_POLICY) { |
| 393 error_or_warning_found_ = true; | 391 error_or_warning_found_ = true; |
| 394 LOG(ERROR) << MessageHeader() << "Client certificate patterns are " | 392 LOG(ERROR) << MessageHeader() << "Client certificate patterns are " |
| 395 << "prohibited in ONC device policies."; | 393 << "prohibited in ONC device policies."; |
| 396 return true; | 394 return true; |
| 397 } | 395 } |
| 398 return false; | 396 return false; |
| 399 } | 397 } |
| 400 | 398 |
| 399 bool Validator::GlobalNetworkConfigInUserImport( |
| 400 const base::DictionaryValue& onc_object) { |
| 401 if (onc_source_ == ::onc::ONC_SOURCE_USER_IMPORT && |
| 402 onc_object.HasKey(::onc::toplevel_config::kGlobalNetworkConfiguration)) { |
| 403 error_or_warning_found_ = true; |
| 404 LOG(ERROR) << MessageHeader() << "GlobalNetworkConfiguration is prohibited " |
| 405 << "in ONC user imports"; |
| 406 return true; |
| 407 } |
| 408 return false; |
| 409 } |
| 410 |
| 401 bool Validator::ValidateToplevelConfiguration( | 411 bool Validator::ValidateToplevelConfiguration( |
| 402 const base::DictionaryValue& onc_object, | 412 const base::DictionaryValue& onc_object, |
| 403 base::DictionaryValue* result) { | 413 base::DictionaryValue* result) { |
| 404 using namespace ::onc::toplevel_config; | 414 using namespace ::onc::toplevel_config; |
| 405 | 415 |
| 406 static const char* kValidTypes[] = { kUnencryptedConfiguration, | 416 static const char* kValidTypes[] = { kUnencryptedConfiguration, |
| 407 kEncryptedConfiguration, | 417 kEncryptedConfiguration, |
| 408 NULL }; | 418 NULL }; |
| 409 if (FieldExistsAndHasNoValidValue(*result, kType, kValidTypes)) | 419 if (FieldExistsAndHasNoValidValue(*result, kType, kValidTypes)) |
| 410 return false; | 420 return false; |
| (...skipping 11 matching lines...) Expand all Loading... |
| 422 std::string message = MessageHeader() + "Neither the field '" + | 432 std::string message = MessageHeader() + "Neither the field '" + |
| 423 kNetworkConfigurations + "' nor '" + kCertificates + | 433 kNetworkConfigurations + "' nor '" + kCertificates + |
| 424 "is present, but at least one is required."; | 434 "is present, but at least one is required."; |
| 425 if (error_on_missing_field_) | 435 if (error_on_missing_field_) |
| 426 LOG(ERROR) << message; | 436 LOG(ERROR) << message; |
| 427 else | 437 else |
| 428 LOG(WARNING) << message; | 438 LOG(WARNING) << message; |
| 429 allRequiredExist = false; | 439 allRequiredExist = false; |
| 430 } | 440 } |
| 431 | 441 |
| 442 if (GlobalNetworkConfigInUserImport(*result)) |
| 443 return false; |
| 444 |
| 432 return !error_on_missing_field_ || allRequiredExist; | 445 return !error_on_missing_field_ || allRequiredExist; |
| 433 } | 446 } |
| 434 | 447 |
| 435 bool Validator::ValidateNetworkConfiguration( | 448 bool Validator::ValidateNetworkConfiguration( |
| 436 const base::DictionaryValue& onc_object, | 449 const base::DictionaryValue& onc_object, |
| 437 base::DictionaryValue* result) { | 450 base::DictionaryValue* result) { |
| 438 using namespace ::onc::network_config; | 451 using namespace ::onc::network_config; |
| 439 | 452 |
| 440 static const char* kValidTypes[] = { ::onc::network_type::kEthernet, | 453 static const char* kValidTypes[] = { ::onc::network_type::kEthernet, |
| 441 ::onc::network_type::kVPN, | 454 ::onc::network_type::kVPN, |
| (...skipping 341 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 783 } | 796 } |
| 784 | 797 |
| 785 std::string Validator::MessageHeader() { | 798 std::string Validator::MessageHeader() { |
| 786 std::string path = path_.empty() ? "toplevel" : JoinString(path_, "."); | 799 std::string path = path_.empty() ? "toplevel" : JoinString(path_, "."); |
| 787 std::string message = "At " + path + ": "; | 800 std::string message = "At " + path + ": "; |
| 788 return message; | 801 return message; |
| 789 } | 802 } |
| 790 | 803 |
| 791 } // namespace onc | 804 } // namespace onc |
| 792 } // namespace chromeos | 805 } // namespace chromeos |
| OLD | NEW |