Autoconnect policy for CrOS.

chromeos/network/policy_applicator.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chromeos/network/policy_applicator.h"
 
 #include <utility>
 
 #include "base/bind.h"
 #include "base/location.h"
@@ skipping 25 matching lines @@
     const PolicyApplicator::GuidToPolicyMap& policies,
     const std::string& guid) {
   PolicyApplicator::GuidToPolicyMap::const_iterator it = policies.find(guid);
   if (it == policies.end())
     return NULL;
   return it->second;
 }
 
 }  // namespace
 
-PolicyApplicator::PolicyApplicator(base::WeakPtr<ConfigurationHandler> handler,
-                                   const NetworkProfile& profile,
-                                   const GuidToPolicyMap& all_policies,
-                                   std::set<std::string>* modified_policies)
+PolicyApplicator::PolicyApplicator(
+    base::WeakPtr<ConfigurationHandler> handler,
+    const NetworkProfile& profile,
+    const GuidToPolicyMap& all_policies,
+    const base::DictionaryValue& global_network_config,
+    std::set<std::string>* modified_policies)
     : handler_(handler), profile_(profile) {
+  global_network_config_.MergeDictionary(&global_network_config);
   remaining_policies_.swap(*modified_policies);
   for (GuidToPolicyMap::const_iterator it = all_policies.begin();
        it != all_policies.end(); ++it) {
     all_policies_.insert(std::make_pair(it->first, it->second->DeepCopy()));
   }
 }
 
 void PolicyApplicator::Run() {
   DBusThreadManager::Get()->GetShillProfileClient()->GetProperties(
       dbus::ObjectPath(profile_.path),
@@ skipping 123 matching lines @@
     }
   } else if (was_managed) {
     VLOG(1) << "Removing configuration previously managed by policy "
             << old_guid << ", because the policy was removed.";
 
     // Remove the entry, because the network was managed but isn't anymore.
     // Note: An alternative might be to preserve the user settings, but it's
     // unclear which values originating the policy should be removed.
     DeleteEntry(entry);
   } else {
-    VLOG(2) << "Ignore unmanaged entry.";
+    // The entry wasn't managed and doesn't match any current policy. Global
+    // network settings have to be applied.
 
-    // The entry wasn't managed and doesn't match any current policy. Thus
-    // leave it as it is.
+    base::DictionaryValue shill_properties_to_update;
+    GetPropertiesForUnmanagedEntry(entry_properties,
+                                   &shill_properties_to_update);
+    if (shill_properties_to_update.empty()) {
+      VLOG(2) << "Ignore unmanaged entry.";
+    } else {
+      VLOG(2) << "Apply global network config to unmanaged entry.";
+      handler_->UpdateExistingConfigurationWithPropertiesFromPolicy(
+          entry_properties, shill_properties_to_update);
+    }
   }
 }
 
 void PolicyApplicator::DeleteEntry(const std::string& entry) {
   DBusThreadManager::Get()->GetShillProfileClient()->DeleteEntry(
       dbus::ObjectPath(profile_.path),
       entry,
       base::Bind(&base::DoNothing),
       base::Bind(&LogErrorMessage, FROM_HERE));
 }
@@ skipping 17 matching lines @@
     if (auth == ::onc::ethernet::kNone)
       return;
   }
 
   scoped_ptr<base::DictionaryValue> shill_dictionary =
       policy_util::CreateShillConfiguration(
           profile_, guid, &policy, user_settings);
   handler_->CreateConfigurationFromPolicy(*shill_dictionary);
 }
 
+void PolicyApplicator::GetPropertiesForUnmanagedEntry(

[bartfab (slow), 2013/10/16 12:40:31]

Could you comment this method a bit? It was not clear to me how it works until
we discussed it offline. I am also not sure whether
!properties_to_update.empty() is the best way to signal that an update is
necessary. Maybe the method could return a bool to explicitly indicate an update
is needed?

[pneubeck (no reviews), 2013/10/17 10:22:26]

Done.

+    const base::DictionaryValue& entry_properties,
+    base::DictionaryValue* properties_to_update) const {
+  // kAllowAutoconnect is currently the only global config.
+
+  std::string type;
+  entry_properties.GetStringWithoutPathExpansion(shill::kTypeProperty, &type);
+  if (NetworkTypePattern::Ethernet().MatchesType(type))
+    return; // Autoconnect for Ethernet cannot be configured.

[bartfab (slow), 2013/10/16 12:40:31]

Nit: There should be two spaces before a trailing comment.

[pneubeck (no reviews), 2013/10/17 10:22:26]

Done.

+
+  bool autoconnect_allowed = true;
+  global_network_config_.GetBooleanWithoutPathExpansion(
+      ::onc::global_network_config::kAllowAutoconnect, &autoconnect_allowed);
+  if (autoconnect_allowed)
+    return;
+
+  bool old_autoconnect = false;
+  entry_properties.GetBooleanWithoutPathExpansion(shill::kAutoConnectProperty,

[pneubeck (no reviews), 2013/10/16 12:38:20]

if entry doesn't exist, we have to set to false explicitly. Otherwise Shill
might silently switch it to true.

[pneubeck (no reviews), 2013/10/17 10:22:26]

Done.

+                                                  &old_autoconnect);
+  if (old_autoconnect) {
+    properties_to_update->SetBooleanWithoutPathExpansion(
+        shill::kAutoConnectProperty, false);
+  }
+}
+
 PolicyApplicator::~PolicyApplicator() {
   ApplyRemainingPolicies();
   STLDeleteValues(&all_policies_);
 }
 
 void PolicyApplicator::ApplyRemainingPolicies() {
   if (!handler_) {
     LOG(WARNING) << "Handler destructed during policy application to profile "
                  << profile_.ToDebugString();
     return;
@@ skipping 14 matching lines @@
 
     VLOG(1) << "Creating new configuration managed by policy " << *it
             << " in profile " << profile_.ToDebugString() << ".";
 
     CreateAndWriteNewShillConfiguration(
         *it, *policy, NULL /* no user settings */);
   }
 }
 
 }  // namespace chromeos