Set Service property ManagedCredentials for managed networks.

chromeos/network/policy_util.cc

Index: chromeos/network/policy_util.cc
diff --git a/chromeos/network/policy_util.cc b/chromeos/network/policy_util.cc
index 33fc05a1053aeeb9d62e4820982bf8edea9891e4..c879be8b9c9d95251f21929fcb2a336bbf06589f 100644
--- a/chromeos/network/policy_util.cc
+++ b/chromeos/network/policy_util.cc
@@ -125,6 +125,38 @@ bool IsPolicyMatching(const base::DictionaryValue& policy,
   return false;
 }
 
+// Returns true if AutoConnect is enabled by |policy| (as mandatory or
+// recommended setting). Otherwise and on error returns false.
+bool IsAutoConnectEnabledInPolicy(const base::DictionaryValue& policy) {
+  std::string type;
+  policy.GetStringWithoutPathExpansion(::onc::network_config::kType, &type);
+
+  std::string autoconnect_key;
+  std::string network_dict_key;
+  if (type == ::onc::network_type::kWiFi) {
+    network_dict_key = ::onc::network_config::kWiFi;
+    autoconnect_key = ::onc::wifi::kAutoConnect;
+  } else if (type == ::onc::network_type::kVPN) {
+    network_dict_key = ::onc::network_config::kVPN;
+    autoconnect_key = ::onc::vpn::kAutoConnect;
+  } else {
+    VLOG(2) << "Network type without autoconnect property.";
+    return false;
+  }
+
+  const base::DictionaryValue* network_dict = NULL;
+  policy.GetDictionaryWithoutPathExpansion(network_dict_key, &network_dict);
+  if (!network_dict) {
+    LOG(ERROR) << "ONC doesn't contain a " << network_dict_key
+               << " dictionary.";
+    return false;
+  }
+
+  bool autoconnect = false;
+  network_dict->GetBooleanWithoutPathExpansion(autoconnect_key, &autoconnect);
+  return autoconnect;
+}
+
 base::DictionaryValue* GetOrCreateDictionary(const std::string& key,
                                              base::DictionaryValue* dict) {
   base::DictionaryValue* inner_dict = NULL;
@@ -324,6 +356,16 @@ scoped_ptr<base::DictionaryValue> CreateShillConfiguration(
   shill_dictionary->SetStringWithoutPathExpansion(shill::kProfileProperty,
                                                   profile.path);
 
+  // If AutoConnect is enabled by policy, set the ManagedCredentials property to
+  // indicate to Shill that this network can be used for autoconnect even
+  // without a manual and successful connection attempt.
+  if (network_policy && IsAutoConnectEnabledInPolicy(*network_policy)) {
+    VLOG(1) << "Enable ManagedCredentials for managed network with GUID "
+            << guid;
+    shill_dictionary->SetBooleanWithoutPathExpansion(
+        shill::kManagedCredentialsProperty, true);

[Paul Stewart, 2014/10/30 15:32:42]

It's okay to do this even if auto-connect is unset / set false.  The two are
orthogonal.

[pneubeck (no reviews), 2014/10/30 15:46:40]

The question is however, what behavior we want to trigger if policy didn't set
autoconnect and the user is setting autoconnect=true.
The current implementation should be the conservative choice in this case.

+  }
+
   if (!network_policy && global_policy) {
     // The network isn't managed. Global network policies have to be applied.
     SetShillPropertiesForGlobalPolicy(