Chromium Code Reviews Chromium Code Reviews
Issue 291553006:
Don't augment GUID in ONC merging. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chromeos/network/onc/onc_merger.h" | 5 #include "chromeos/network/onc/onc_merger.h" |
| 6 | 6 |
| 7 #include <set> | 7 #include <set> |
| 8 #include <string> | 8 #include <string> |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| 11 #include "base/basictypes.h" | 11 #include "base/basictypes.h" |
| 12 #include "base/logging.h" | 12 #include "base/logging.h" |
| 13 #include "base/values.h" | 13 #include "base/values.h" |
| 14 #include "chromeos/network/onc/onc_signature.h" | 14 #include "chromeos/network/onc/onc_signature.h" |
| 15 #include "components/onc/onc_constants.h" | 15 #include "components/onc/onc_constants.h" |
| 16 | 16 |
| 17 namespace chromeos { | 17 namespace chromeos { |
| 18 namespace onc { | 18 namespace onc { |
| 19 namespace { | 19 namespace { |
| 20 | 20 |
| 21 typedef scoped_ptr<base::DictionaryValue> DictionaryPtr; | 21 typedef scoped_ptr<base::DictionaryValue> DictionaryPtr; |
| 22 | 22 |
| 23 // Returns true if the field is the identifier of a configuration, i.e. the GUID | |
| 24 // of a network or a certificate. These can be special handled during merging | |
| 25 // because they are always identical for the various setting sources. | |
| 26 bool IsIdentifierField(const OncValueSignature& value_signature, | |
| 27 const std::string& field_name) { | |
| 28 if (&value_signature == &kNetworkConfigurationSignature) | |
| 29 return field_name == ::onc::network_config::kGUID; | |
| 30 if (&value_signature == &kCertificateSignature) | |
| 31 return field_name == ::onc::certificate::kGUID; | |
| 32 return false; | |
| 33 } | |
| 34 | |
| 23 // Inserts |true| at every field name in |result| that is recommended in | 35 // Inserts |true| at every field name in |result| that is recommended in |
| 24 // |policy|. | 36 // |policy|. |
| 25 void MarkRecommendedFieldnames(const base::DictionaryValue& policy, | 37 void MarkRecommendedFieldnames(const base::DictionaryValue& policy, |
| 26 base::DictionaryValue* result) { | 38 base::DictionaryValue* result) { |
| 27 const base::ListValue* recommended_value = NULL; | 39 const base::ListValue* recommended_value = NULL; |
| 28 if (!policy.GetListWithoutPathExpansion(::onc::kRecommended, | 40 if (!policy.GetListWithoutPathExpansion(::onc::kRecommended, |
| 29 &recommended_value)) | 41 &recommended_value)) |
| 30 return; | 42 return; |
| 31 for (base::ListValue::const_iterator it = recommended_value->begin(); | 43 for (base::ListValue::const_iterator it = recommended_value->begin(); |
| 32 it != recommended_value->end(); ++it) { | 44 it != recommended_value->end(); ++it) { |
| (...skipping 289 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 322 user_settings, | 334 user_settings, |
| 323 shared_settings, | 335 shared_settings, |
| 324 active_settings); | 336 active_settings); |
| 325 } | 337 } |
| 326 | 338 |
| 327 protected: | 339 protected: |
| 328 // MergeSettingsAndPolicies override. | 340 // MergeSettingsAndPolicies override. |
| 329 virtual scoped_ptr<base::Value> MergeValues( | 341 virtual scoped_ptr<base::Value> MergeValues( |
| 330 const std::string& key, | 342 const std::string& key, |
| 331 const ValueParams& values) OVERRIDE { | 343 const ValueParams& values) OVERRIDE { |
| 332 scoped_ptr<base::DictionaryValue> result(new base::DictionaryValue); | 344 scoped_ptr<base::DictionaryValue> augmented_value( |
| 345 new base::DictionaryValue); | |
| 333 if (values.active_setting) { | 346 if (values.active_setting) { |
| 334 result->SetWithoutPathExpansion(::onc::kAugmentationActiveSetting, | 347 augmented_value->SetWithoutPathExpansion( |
| 335 values.active_setting->DeepCopy()); | 348 ::onc::kAugmentationActiveSetting, values.active_setting->DeepCopy()); |
| 336 } | 349 } |
| 337 | 350 |
| 338 const OncFieldSignature* field = NULL; | 351 const OncFieldSignature* field = NULL; |
| 339 if (signature_) | 352 if (signature_) |
| 340 field = GetFieldSignature(*signature_, key); | 353 field = GetFieldSignature(*signature_, key); |
| 341 | 354 |
| 342 if (field) { | 355 if (field) { |
| 343 // This field is part of the provided ONCSignature, thus it can be | 356 // This field is part of the provided ONCSignature, thus it can be |
| 344 // controlled by policy. | 357 // controlled by policy. |
| 345 std::string which_effective; | 358 std::string which_effective; |
| 346 MergeToEffective::MergeValues(key, values, &which_effective).reset(); | 359 scoped_ptr<base::Value> effective_value = |
| 360 MergeToEffective::MergeValues(key, values, &which_effective); | |
| 361 | |
| 362 if (IsIdentifierField(*signature_, key)) { | |
| 363 // Don't augment the GUID but write the plain value. | |
| 364 DCHECK(effective_value); | |
| 365 | |
| 366 // DCHECK that all provided GUIDs are identical. | |
| 367 DCHECK(!values.user_policy || | |
| 368 effective_value->Equals(values.user_policy)); | |
| 369 DCHECK(!values.device_policy || | |
| 370 effective_value->Equals(values.device_policy)); | |
| 371 DCHECK(!values.user_setting || | |
| 372 effective_value->Equals(values.user_setting)); | |
| 373 DCHECK(!values.shared_setting || | |
| 374 effective_value->Equals(values.shared_setting)); | |
| 375 DCHECK(!values.active_setting || | |
| 376 effective_value->Equals(values.active_setting)); | |
|
stevenjb
2014/05/27 15:38:43
nit: Maybe wrap all of these checks into a helper
pneubeck (no reviews)
2014/06/03 16:21:29
Done.
| |
| 377 | |
| 378 // Return the un-augmented GUID. | |
| 379 return effective_value.Pass(); | |
| 380 } | |
| 381 | |
| 347 if (!which_effective.empty()) { | 382 if (!which_effective.empty()) { |
| 348 result->SetStringWithoutPathExpansion( | 383 augmented_value->SetStringWithoutPathExpansion( |
| 349 ::onc::kAugmentationEffectiveSetting, which_effective); | 384 ::onc::kAugmentationEffectiveSetting, which_effective); |
| 350 } | 385 } |
| 351 bool is_credential = onc::FieldIsCredential(*signature_, key); | 386 bool is_credential = onc::FieldIsCredential(*signature_, key); |
| 352 | 387 |
| 353 // Prevent credentials from being forwarded in cleartext to | 388 // Prevent credentials from being forwarded in cleartext to |
| 354 // UI. User/shared credentials are not stored separately, so they cannot | 389 // UI. User/shared credentials are not stored separately, so they cannot |
| 355 // leak here. | 390 // leak here. |
| 356 if (!is_credential) { | 391 if (!is_credential) { |
| 357 if (values.user_policy) { | 392 if (values.user_policy) { |
| 358 result->SetWithoutPathExpansion(::onc::kAugmentationUserPolicy, | 393 augmented_value->SetWithoutPathExpansion( |
| 359 values.user_policy->DeepCopy()); | 394 ::onc::kAugmentationUserPolicy, values.user_policy->DeepCopy()); |
| 360 } | 395 } |
| 361 if (values.device_policy) { | 396 if (values.device_policy) { |
| 362 result->SetWithoutPathExpansion(::onc::kAugmentationDevicePolicy, | 397 augmented_value->SetWithoutPathExpansion( |
| 363 values.device_policy->DeepCopy()); | 398 ::onc::kAugmentationDevicePolicy, |
| 399 values.device_policy->DeepCopy()); | |
| 364 } | 400 } |
| 365 } | 401 } |
| 366 if (values.user_setting) { | 402 if (values.user_setting) { |
| 367 result->SetWithoutPathExpansion(::onc::kAugmentationUserSetting, | 403 augmented_value->SetWithoutPathExpansion( |
| 368 values.user_setting->DeepCopy()); | 404 ::onc::kAugmentationUserSetting, values.user_setting->DeepCopy()); |
| 369 } | 405 } |
| 370 if (values.shared_setting) { | 406 if (values.shared_setting) { |
| 371 result->SetWithoutPathExpansion(::onc::kAugmentationSharedSetting, | 407 augmented_value->SetWithoutPathExpansion( |
| 372 values.shared_setting->DeepCopy()); | 408 ::onc::kAugmentationSharedSetting, |
| 409 values.shared_setting->DeepCopy()); | |
| 373 } | 410 } |
| 374 if (HasUserPolicy() && values.user_editable) { | 411 if (HasUserPolicy() && values.user_editable) { |
| 375 result->SetBooleanWithoutPathExpansion(::onc::kAugmentationUserEditable, | 412 augmented_value->SetBooleanWithoutPathExpansion( |
| 376 true); | 413 ::onc::kAugmentationUserEditable, true); |
| 377 } | 414 } |
| 378 if (HasDevicePolicy() && values.device_editable) { | 415 if (HasDevicePolicy() && values.device_editable) { |
| 379 result->SetBooleanWithoutPathExpansion( | 416 augmented_value->SetBooleanWithoutPathExpansion( |
| 380 ::onc::kAugmentationDeviceEditable, true); | 417 ::onc::kAugmentationDeviceEditable, true); |
| 381 } | 418 } |
| 382 } else { | 419 } else { |
| 383 // This field is not part of the provided ONCSignature, thus it cannot be | 420 // This field is not part of the provided ONCSignature, thus it cannot be |
| 384 // controlled by policy. | 421 // controlled by policy. |
| 385 result->SetStringWithoutPathExpansion( | 422 augmented_value->SetStringWithoutPathExpansion( |
| 386 ::onc::kAugmentationEffectiveSetting, ::onc::kAugmentationUnmanaged); | 423 ::onc::kAugmentationEffectiveSetting, ::onc::kAugmentationUnmanaged); |
| 387 } | 424 } |
| 388 if (result->empty()) | 425 if (augmented_value->empty()) |
| 389 result.reset(); | 426 augmented_value.reset(); |
| 390 return result.PassAs<base::Value>(); | 427 return augmented_value.PassAs<base::Value>(); |
| 391 } | 428 } |
| 392 | 429 |
| 393 // MergeListOfDictionaries override. | 430 // MergeListOfDictionaries override. |
| 394 virtual DictionaryPtr MergeNestedDictionaries( | 431 virtual DictionaryPtr MergeNestedDictionaries( |
| 395 const std::string& key, | 432 const std::string& key, |
| 396 const DictPtrs &dicts) OVERRIDE { | 433 const DictPtrs &dicts) OVERRIDE { |
| 397 DictionaryPtr result; | 434 DictionaryPtr result; |
| 398 if (signature_) { | 435 if (signature_) { |
| 399 const OncValueSignature* enclosing_signature = signature_; | 436 const OncValueSignature* enclosing_signature = signature_; |
| 400 signature_ = NULL; | 437 signature_ = NULL; |
| (...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 437 const base::DictionaryValue* shared_settings, | 474 const base::DictionaryValue* shared_settings, |
| 438 const base::DictionaryValue* active_settings) { | 475 const base::DictionaryValue* active_settings) { |
| 439 MergeToAugmented merger; | 476 MergeToAugmented merger; |
| 440 return merger.MergeDictionaries( | 477 return merger.MergeDictionaries( |
| 441 signature, user_policy, device_policy, user_settings, shared_settings, | 478 signature, user_policy, device_policy, user_settings, shared_settings, |
| 442 active_settings); | 479 active_settings); |
| 443 } | 480 } |
| 444 | 481 |
| 445 } // namespace onc | 482 } // namespace onc |
| 446 } // namespace chromeos | 483 } // namespace chromeos |
| OLD | NEW |
