| OLD | NEW |
|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chromeos/network/network_connection_handler.h" | 5 #include "chromeos/network/network_connection_handler.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/json/json_reader.h" | 8 #include "base/json/json_reader.h" |
| 9 #include "base/location.h" | 9 #include "base/location.h" |
| 10 #include "base/single_thread_task_runner.h" | 10 #include "base/single_thread_task_runner.h" |
| (...skipping 404 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 415 ErrorCallbackForPendingRequest(service_path, kErrorConfigurationRequired); | 415 ErrorCallbackForPendingRequest(service_path, kErrorConfigurationRequired); |
| 416 return; | 416 return; |
| 417 } | 417 } |
| 418 } | 418 } |
| 419 | 419 |
| 420 std::string guid; | 420 std::string guid; |
| 421 service_properties.GetStringWithoutPathExpansion(shill::kGuidProperty, &guid); | 421 service_properties.GetStringWithoutPathExpansion(shill::kGuidProperty, &guid); |
| 422 std::string profile; | 422 std::string profile; |
| 423 service_properties.GetStringWithoutPathExpansion(shill::kProfileProperty, | 423 service_properties.GetStringWithoutPathExpansion(shill::kProfileProperty, |
| 424 &profile); | 424 &profile); |
| 425 const base::DictionaryValue* user_policy = | 425 ::onc::ONCSource onc_source = onc::ONC_SOURCE_NONE; |
| 426 managed_configuration_handler_->FindPolicyByGuidAndProfile(guid, profile); | 426 const base::DictionaryValue* policy = |
| 427 managed_configuration_handler_->FindPolicyByGuidAndProfile(guid, profile, |
| 428 &onc_source); |
| 427 | 429 |
| 428 if (IsNetworkProhibitedByPolicy(type, guid, profile)) { | 430 if (IsNetworkProhibitedByPolicy(type, guid, profile)) { |
| 429 ErrorCallbackForPendingRequest(service_path, kErrorUnmanagedNetwork); | 431 ErrorCallbackForPendingRequest(service_path, kErrorUnmanagedNetwork); |
| 430 return; | 432 return; |
| 431 } | 433 } |
| 432 | 434 |
| 433 client_cert::ClientCertConfig cert_config_from_policy; | 435 client_cert::ClientCertConfig cert_config_from_policy; |
| 434 if (user_policy) | 436 if (policy) { |
| 435 client_cert::OncToClientCertConfig(*user_policy, &cert_config_from_policy); | 437 client_cert::OncToClientCertConfig(onc_source, *policy, |
| 438 &cert_config_from_policy); |
| 439 } |
| 436 | 440 |
| 437 client_cert::ConfigType client_cert_type = client_cert::CONFIG_TYPE_NONE; | 441 client_cert::ConfigType client_cert_type = client_cert::CONFIG_TYPE_NONE; |
| 438 if (type == shill::kTypeVPN) { | 442 if (type == shill::kTypeVPN) { |
| 439 if (vpn_provider_type == shill::kProviderOpenVpn) { | 443 if (vpn_provider_type == shill::kProviderOpenVpn) { |
| 440 client_cert_type = client_cert::CONFIG_TYPE_OPENVPN; | 444 client_cert_type = client_cert::CONFIG_TYPE_OPENVPN; |
| 441 } else { | 445 } else { |
| 442 // L2TP/IPSec only requires a certificate if one is specified in ONC | 446 // L2TP/IPSec only requires a certificate if one is specified in ONC |
| 443 // or one was configured by the UI. Otherwise it is L2TP/IPSec with | 447 // or one was configured by the UI. Otherwise it is L2TP/IPSec with |
| 444 // PSK and doesn't require a certificate. | 448 // PSK and doesn't require a certificate. |
| 445 // | 449 // |
| (...skipping 28 matching lines...) Expand all Loading... |
| 474 if (!certificates_loaded_) { | 478 if (!certificates_loaded_) { |
| 475 NET_LOG_EVENT("Certificates not loaded", ""); | 479 NET_LOG_EVENT("Certificates not loaded", ""); |
| 476 QueueConnectRequest(service_path); | 480 QueueConnectRequest(service_path); |
| 477 return; | 481 return; |
| 478 } | 482 } |
| 479 | 483 |
| 480 // Check certificate properties from policy. | 484 // Check certificate properties from policy. |
| 481 if (cert_config_from_policy.client_cert_type == | 485 if (cert_config_from_policy.client_cert_type == |
| 482 onc::client_cert::kPattern) { | 486 onc::client_cert::kPattern) { |
| 483 if (!ClientCertResolver::ResolveCertificatePatternSync( | 487 if (!ClientCertResolver::ResolveCertificatePatternSync( |
| 484 client_cert_type, | 488 client_cert_type, cert_config_from_policy, &config_properties)) { |
| 485 cert_config_from_policy.pattern, | |
| 486 &config_properties)) { | |
| 487 ErrorCallbackForPendingRequest(service_path, kErrorCertificateRequired); | 489 ErrorCallbackForPendingRequest(service_path, kErrorCertificateRequired); |
| 488 return; | 490 return; |
| 489 } | 491 } |
| 490 } else if (check_error_state && | 492 } else if (check_error_state && |
| 491 !client_cert::IsCertificateConfigured(client_cert_type, | 493 !client_cert::IsCertificateConfigured(client_cert_type, |
| 492 service_properties)) { | 494 service_properties)) { |
| 493 // Network may not be configured. | 495 // Network may not be configured. |
| 494 ErrorCallbackForPendingRequest(service_path, kErrorConfigurationRequired); | 496 ErrorCallbackForPendingRequest(service_path, kErrorConfigurationRequired); |
| 495 return; | 497 return; |
| 496 } | 498 } |
| (...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 551 if (!global_network_config) | 553 if (!global_network_config) |
| 552 return false; | 554 return false; |
| 553 bool policy_prohibites = false; | 555 bool policy_prohibites = false; |
| 554 if (!global_network_config->GetBooleanWithoutPathExpansion( | 556 if (!global_network_config->GetBooleanWithoutPathExpansion( |
| 555 ::onc::global_network_config::kAllowOnlyPolicyNetworksToConnect, | 557 ::onc::global_network_config::kAllowOnlyPolicyNetworksToConnect, |
| 556 &policy_prohibites) || | 558 &policy_prohibites) || |
| 557 !policy_prohibites) { | 559 !policy_prohibites) { |
| 558 return false; | 560 return false; |
| 559 } | 561 } |
| 560 return !managed_configuration_handler_->FindPolicyByGuidAndProfile( | 562 return !managed_configuration_handler_->FindPolicyByGuidAndProfile( |
| 561 guid, profile_path); | 563 guid, profile_path, nullptr /* onc_source */); |
| 562 } | 564 } |
| 563 | 565 |
| 564 void NetworkConnectionHandler::QueueConnectRequest( | 566 void NetworkConnectionHandler::QueueConnectRequest( |
| 565 const std::string& service_path) { | 567 const std::string& service_path) { |
| 566 ConnectRequest* request = GetPendingRequest(service_path); | 568 ConnectRequest* request = GetPendingRequest(service_path); |
| 567 if (!request) { | 569 if (!request) { |
| 568 NET_LOG_ERROR("No pending request to queue", service_path); | 570 NET_LOG_ERROR("No pending request to queue", service_path); |
| 569 return; | 571 return; |
| 570 } | 572 } |
| 571 | 573 |
| (...skipping 238 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 810 | 812 |
| 811 void NetworkConnectionHandler::HandleShillDisconnectSuccess( | 813 void NetworkConnectionHandler::HandleShillDisconnectSuccess( |
| 812 const std::string& service_path, | 814 const std::string& service_path, |
| 813 const base::Closure& success_callback) { | 815 const base::Closure& success_callback) { |
| 814 NET_LOG_EVENT("Disconnect Request Sent", service_path); | 816 NET_LOG_EVENT("Disconnect Request Sent", service_path); |
| 815 if (!success_callback.is_null()) | 817 if (!success_callback.is_null()) |
| 816 success_callback.Run(); | 818 success_callback.Run(); |
| 817 } | 819 } |
| 818 | 820 |
| 819 } // namespace chromeos | 821 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2828713002:
Enable client certificate patterns in device ONC policy (Closed)
