| OLD | NEW |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chromeos/network/onc/onc_merger.h" | 5 #include "chromeos/network/onc/onc_merger.h" |
| 6 | 6 |
| 7 #include <set> | 7 #include <set> |
| 8 #include <string> | 8 #include <string> |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| 11 #include "base/basictypes.h" | 11 #include "base/basictypes.h" |
| 12 #include "base/logging.h" | 12 #include "base/logging.h" |
| 13 #include "base/values.h" | 13 #include "base/values.h" |
| 14 #include "chromeos/network/onc/onc_signature.h" | 14 #include "chromeos/network/onc/onc_signature.h" |
| 15 #include "components/onc/onc_constants.h" | 15 #include "components/onc/onc_constants.h" |
| 16 | 16 |
| 17 namespace chromeos { | 17 namespace chromeos { |
| 18 namespace onc { | 18 namespace onc { |
| 19 namespace { | 19 namespace { |
| 20 | 20 |
| 21 typedef scoped_ptr<base::DictionaryValue> DictionaryPtr; | 21 typedef scoped_ptr<base::DictionaryValue> DictionaryPtr; |
| 22 | 22 |
| 23 // Returns true if the field is the identifier of a configuration, i.e. the GUID |
| 24 // of a network or a certificate. These can be special handled during merging |
| 25 // because they are always identical for the various setting sources. |
| 26 bool IsIdentifierField(const OncValueSignature& value_signature, |
| 27 const std::string& field_name) { |
| 28 if (&value_signature == &kNetworkConfigurationSignature) |
| 29 return field_name == ::onc::network_config::kGUID; |
| 30 if (&value_signature == &kCertificateSignature) |
| 31 return field_name == ::onc::certificate::kGUID; |
| 32 return false; |
| 33 } |
| 34 |
| 23 // Inserts |true| at every field name in |result| that is recommended in | 35 // Inserts |true| at every field name in |result| that is recommended in |
| 24 // |policy|. | 36 // |policy|. |
| 25 void MarkRecommendedFieldnames(const base::DictionaryValue& policy, | 37 void MarkRecommendedFieldnames(const base::DictionaryValue& policy, |
| 26 base::DictionaryValue* result) { | 38 base::DictionaryValue* result) { |
| 27 const base::ListValue* recommended_value = NULL; | 39 const base::ListValue* recommended_value = NULL; |
| 28 if (!policy.GetListWithoutPathExpansion(::onc::kRecommended, | 40 if (!policy.GetListWithoutPathExpansion(::onc::kRecommended, |
| 29 &recommended_value)) | 41 &recommended_value)) |
| 30 return; | 42 return; |
| 31 for (base::ListValue::const_iterator it = recommended_value->begin(); | 43 for (base::ListValue::const_iterator it = recommended_value->begin(); |
| 32 it != recommended_value->end(); ++it) { | 44 it != recommended_value->end(); ++it) { |
| (...skipping 262 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 295 const std::string& key, | 307 const std::string& key, |
| 296 const ValueParams& values) OVERRIDE { | 308 const ValueParams& values) OVERRIDE { |
| 297 std::string which; | 309 std::string which; |
| 298 return MergeValues(key, values, &which); | 310 return MergeValues(key, values, &which); |
| 299 } | 311 } |
| 300 | 312 |
| 301 private: | 313 private: |
| 302 DISALLOW_COPY_AND_ASSIGN(MergeToEffective); | 314 DISALLOW_COPY_AND_ASSIGN(MergeToEffective); |
| 303 }; | 315 }; |
| 304 | 316 |
| 317 namespace { |
| 318 |
| 319 // Returns true if all not-null values in |values| are equal to |value|. |
| 320 bool AllPresentValuesEqual(const MergeSettingsAndPolicies::ValueParams& values, |
| 321 const base::Value& value) { |
| 322 if (values.user_policy && !value.Equals(values.user_policy)) |
| 323 return false; |
| 324 if (values.device_policy && !value.Equals(values.device_policy)) |
| 325 return false; |
| 326 if (values.user_setting && !value.Equals(values.user_setting)) |
| 327 return false; |
| 328 if (values.shared_setting && !value.Equals(values.shared_setting)) |
| 329 return false; |
| 330 if (values.active_setting && !value.Equals(values.active_setting)) |
| 331 return false; |
| 332 return true; |
| 333 } |
| 334 |
| 335 } // namespace |
| 336 |
| 305 // Call MergeDictionaries to merge policies and settings to an augmented | 337 // Call MergeDictionaries to merge policies and settings to an augmented |
| 306 // dictionary which contains a dictionary for each value in the original | 338 // dictionary which contains a dictionary for each value in the original |
| 307 // dictionaries. See the description of MergeSettingsAndPoliciesToAugmented. | 339 // dictionaries. See the description of MergeSettingsAndPoliciesToAugmented. |
| 308 class MergeToAugmented : public MergeToEffective { | 340 class MergeToAugmented : public MergeToEffective { |
| 309 public: | 341 public: |
| 310 MergeToAugmented() {} | 342 MergeToAugmented() {} |
| 311 | 343 |
| 312 DictionaryPtr MergeDictionaries( | 344 DictionaryPtr MergeDictionaries( |
| 313 const OncValueSignature& signature, | 345 const OncValueSignature& signature, |
| 314 const base::DictionaryValue* user_policy, | 346 const base::DictionaryValue* user_policy, |
| 315 const base::DictionaryValue* device_policy, | 347 const base::DictionaryValue* device_policy, |
| 316 const base::DictionaryValue* user_settings, | 348 const base::DictionaryValue* user_settings, |
| 317 const base::DictionaryValue* shared_settings, | 349 const base::DictionaryValue* shared_settings, |
| 318 const base::DictionaryValue* active_settings) { | 350 const base::DictionaryValue* active_settings) { |
| 319 signature_ = &signature; | 351 signature_ = &signature; |
| 320 return MergeToEffective::MergeDictionaries(user_policy, | 352 return MergeToEffective::MergeDictionaries(user_policy, |
| 321 device_policy, | 353 device_policy, |
| 322 user_settings, | 354 user_settings, |
| 323 shared_settings, | 355 shared_settings, |
| 324 active_settings); | 356 active_settings); |
| 325 } | 357 } |
| 326 | 358 |
| 327 protected: | 359 protected: |
| 328 // MergeSettingsAndPolicies override. | 360 // MergeSettingsAndPolicies override. |
| 329 virtual scoped_ptr<base::Value> MergeValues( | 361 virtual scoped_ptr<base::Value> MergeValues( |
| 330 const std::string& key, | 362 const std::string& key, |
| 331 const ValueParams& values) OVERRIDE { | 363 const ValueParams& values) OVERRIDE { |
| 332 scoped_ptr<base::DictionaryValue> result(new base::DictionaryValue); | 364 scoped_ptr<base::DictionaryValue> augmented_value( |
| 365 new base::DictionaryValue); |
| 333 if (values.active_setting) { | 366 if (values.active_setting) { |
| 334 result->SetWithoutPathExpansion(::onc::kAugmentationActiveSetting, | 367 augmented_value->SetWithoutPathExpansion( |
| 335 values.active_setting->DeepCopy()); | 368 ::onc::kAugmentationActiveSetting, values.active_setting->DeepCopy()); |
| 336 } | 369 } |
| 337 | 370 |
| 338 const OncFieldSignature* field = NULL; | 371 const OncFieldSignature* field = NULL; |
| 339 if (signature_) | 372 if (signature_) |
| 340 field = GetFieldSignature(*signature_, key); | 373 field = GetFieldSignature(*signature_, key); |
| 341 | 374 |
| 342 if (field) { | 375 if (field) { |
| 343 // This field is part of the provided ONCSignature, thus it can be | 376 // This field is part of the provided ONCSignature, thus it can be |
| 344 // controlled by policy. | 377 // controlled by policy. |
| 345 std::string which_effective; | 378 std::string which_effective; |
| 346 MergeToEffective::MergeValues(key, values, &which_effective).reset(); | 379 scoped_ptr<base::Value> effective_value = |
| 380 MergeToEffective::MergeValues(key, values, &which_effective); |
| 381 |
| 382 if (IsIdentifierField(*signature_, key)) { |
| 383 // Don't augment the GUID but write the plain value. |
| 384 DCHECK(effective_value); |
| 385 |
| 386 // DCHECK that all provided GUIDs are identical. |
| 387 DCHECK(AllPresentValuesEqual(values, *effective_value)); |
| 388 |
| 389 // Return the un-augmented GUID. |
| 390 return effective_value.Pass(); |
| 391 } |
| 392 |
| 347 if (!which_effective.empty()) { | 393 if (!which_effective.empty()) { |
| 348 result->SetStringWithoutPathExpansion( | 394 augmented_value->SetStringWithoutPathExpansion( |
| 349 ::onc::kAugmentationEffectiveSetting, which_effective); | 395 ::onc::kAugmentationEffectiveSetting, which_effective); |
| 350 } | 396 } |
| 351 bool is_credential = onc::FieldIsCredential(*signature_, key); | 397 bool is_credential = onc::FieldIsCredential(*signature_, key); |
| 352 | 398 |
| 353 // Prevent credentials from being forwarded in cleartext to | 399 // Prevent credentials from being forwarded in cleartext to |
| 354 // UI. User/shared credentials are not stored separately, so they cannot | 400 // UI. User/shared credentials are not stored separately, so they cannot |
| 355 // leak here. | 401 // leak here. |
| 356 if (!is_credential) { | 402 if (!is_credential) { |
| 357 if (values.user_policy) { | 403 if (values.user_policy) { |
| 358 result->SetWithoutPathExpansion(::onc::kAugmentationUserPolicy, | 404 augmented_value->SetWithoutPathExpansion( |
| 359 values.user_policy->DeepCopy()); | 405 ::onc::kAugmentationUserPolicy, values.user_policy->DeepCopy()); |
| 360 } | 406 } |
| 361 if (values.device_policy) { | 407 if (values.device_policy) { |
| 362 result->SetWithoutPathExpansion(::onc::kAugmentationDevicePolicy, | 408 augmented_value->SetWithoutPathExpansion( |
| 363 values.device_policy->DeepCopy()); | 409 ::onc::kAugmentationDevicePolicy, |
| 410 values.device_policy->DeepCopy()); |
| 364 } | 411 } |
| 365 } | 412 } |
| 366 if (values.user_setting) { | 413 if (values.user_setting) { |
| 367 result->SetWithoutPathExpansion(::onc::kAugmentationUserSetting, | 414 augmented_value->SetWithoutPathExpansion( |
| 368 values.user_setting->DeepCopy()); | 415 ::onc::kAugmentationUserSetting, values.user_setting->DeepCopy()); |
| 369 } | 416 } |
| 370 if (values.shared_setting) { | 417 if (values.shared_setting) { |
| 371 result->SetWithoutPathExpansion(::onc::kAugmentationSharedSetting, | 418 augmented_value->SetWithoutPathExpansion( |
| 372 values.shared_setting->DeepCopy()); | 419 ::onc::kAugmentationSharedSetting, |
| 420 values.shared_setting->DeepCopy()); |
| 373 } | 421 } |
| 374 if (HasUserPolicy() && values.user_editable) { | 422 if (HasUserPolicy() && values.user_editable) { |
| 375 result->SetBooleanWithoutPathExpansion(::onc::kAugmentationUserEditable, | 423 augmented_value->SetBooleanWithoutPathExpansion( |
| 376 true); | 424 ::onc::kAugmentationUserEditable, true); |
| 377 } | 425 } |
| 378 if (HasDevicePolicy() && values.device_editable) { | 426 if (HasDevicePolicy() && values.device_editable) { |
| 379 result->SetBooleanWithoutPathExpansion( | 427 augmented_value->SetBooleanWithoutPathExpansion( |
| 380 ::onc::kAugmentationDeviceEditable, true); | 428 ::onc::kAugmentationDeviceEditable, true); |
| 381 } | 429 } |
| 382 } else { | 430 } else { |
| 383 // This field is not part of the provided ONCSignature, thus it cannot be | 431 // This field is not part of the provided ONCSignature, thus it cannot be |
| 384 // controlled by policy. | 432 // controlled by policy. |
| 385 result->SetStringWithoutPathExpansion( | 433 augmented_value->SetStringWithoutPathExpansion( |
| 386 ::onc::kAugmentationEffectiveSetting, ::onc::kAugmentationUnmanaged); | 434 ::onc::kAugmentationEffectiveSetting, ::onc::kAugmentationUnmanaged); |
| 387 } | 435 } |
| 388 if (result->empty()) | 436 if (augmented_value->empty()) |
| 389 result.reset(); | 437 augmented_value.reset(); |
| 390 return result.PassAs<base::Value>(); | 438 return augmented_value.PassAs<base::Value>(); |
| 391 } | 439 } |
| 392 | 440 |
| 393 // MergeListOfDictionaries override. | 441 // MergeListOfDictionaries override. |
| 394 virtual DictionaryPtr MergeNestedDictionaries( | 442 virtual DictionaryPtr MergeNestedDictionaries( |
| 395 const std::string& key, | 443 const std::string& key, |
| 396 const DictPtrs &dicts) OVERRIDE { | 444 const DictPtrs &dicts) OVERRIDE { |
| 397 DictionaryPtr result; | 445 DictionaryPtr result; |
| 398 if (signature_) { | 446 if (signature_) { |
| 399 const OncValueSignature* enclosing_signature = signature_; | 447 const OncValueSignature* enclosing_signature = signature_; |
| 400 signature_ = NULL; | 448 signature_ = NULL; |
| (...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 437 const base::DictionaryValue* shared_settings, | 485 const base::DictionaryValue* shared_settings, |
| 438 const base::DictionaryValue* active_settings) { | 486 const base::DictionaryValue* active_settings) { |
| 439 MergeToAugmented merger; | 487 MergeToAugmented merger; |
| 440 return merger.MergeDictionaries( | 488 return merger.MergeDictionaries( |
| 441 signature, user_policy, device_policy, user_settings, shared_settings, | 489 signature, user_policy, device_policy, user_settings, shared_settings, |
| 442 active_settings); | 490 active_settings); |
| 443 } | 491 } |
| 444 | 492 |
| 445 } // namespace onc | 493 } // namespace onc |
| 446 } // namespace chromeos | 494 } // namespace chromeos |
| OLD | NEW |