ONC policy: Support SSID and Security change.

chromeos/network/policy_applicator.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chromeos/network/policy_applicator.h"
 
 #include <utility>
 
 #include "base/bind.h"
 #include "base/location.h"
 #include "base/logging.h"
+#include "base/memory/scoped_ptr.h"
 #include "base/stl_util.h"
 #include "base/values.h"
 #include "chromeos/dbus/dbus_thread_manager.h"
 #include "chromeos/dbus/shill_profile_client.h"
 #include "chromeos/network/network_ui_data.h"
 #include "chromeos/network/onc/onc_signature.h"
 #include "chromeos/network/onc/onc_translator.h"
 #include "chromeos/network/policy_util.h"
 #include "chromeos/network/shill_property_util.h"
 #include "components/onc/onc_constants.h"
@@ skipping 138 matching lines @@
         << " with new policy " << new_guid << ".";
     VLOG_IF(1, !was_managed) << "Applying policy " << new_guid
                              << " to previously unmanaged "
                              << "configuration.";
 
     if (old_guid == new_guid &&
         remaining_policies_.find(new_guid) == remaining_policies_.end()) {
       VLOG(1) << "Not updating existing managed configuration with guid "
               << new_guid << " because the policy didn't change.";
     } else {
-      // Delete the entry to ensure that no old configuration remains.
-      // Don't do this if a policy is reapplied (e.g. after reboot) or updated
-      // (i.e. the GUID didn't change), in order to keep implicit state of
-      // Shill like "connected successfully before".
-      if (old_guid == new_guid) {
+      const base::DictionaryValue* user_settings =
+          ui_data ? ui_data->user_settings() : NULL;
+      scoped_ptr<base::DictionaryValue> new_shill_properties =
+          policy_util::CreateShillConfiguration(
+              profile_, new_guid, new_policy, user_settings);
+      // A new policy has to be applied to this profile entry. In order to keep
+      // implicit state of Shill like "connected successfully before", keep the
+      // entry if a policy is reapplied (e.g. after reboot) or is updated.
+      // However, some Shill properties are used to identify the network and
+      // cannot be modified after initial configuration, so we have to delete
+      // the profile entry in these cases. Also, keeping Shill's state if the
+      // SSID changed might not be a good idea anyways. If the policy GUID
+      // changed, or there was no policy before, we delete the entry at first to
+      // ensure that no old configuration remains.
+      if (old_guid == new_guid &&
+          shill_property_util::DoIdentifyingPropertiesMatch(
+              *new_shill_properties, entry_properties)) {
         VLOG(1) << "Updating previously managed configuration with the "
                 << "updated policy " << new_guid << ".";
       } else {
+        VLOG(1) << "Deleting profile entry before writing new policy "
+                << new_guid << " because of identifying properties changed.";
         DeleteEntry(entry);
       }
 
-      const base::DictionaryValue* user_settings =
-          ui_data ? ui_data->user_settings() : NULL;
-
-      // Write the new configuration.
-      CreateAndWriteNewShillConfiguration(new_guid, *new_policy, user_settings);
+      WriteNewShillConfiguration(*new_shill_properties, *new_policy);
       remaining_policies_.erase(new_guid);
     }
   } else if (was_managed) {
     VLOG(1) << "Removing configuration previously managed by policy "
             << old_guid << ", because the policy was removed.";
 
     // Remove the entry, because the network was managed but isn't anymore.
     // Note: An alternative might be to preserve the user settings, but it's
     // unclear which values originating the policy should be removed.
     DeleteEntry(entry);
   } else {
     // The entry wasn't managed and doesn't match any current policy. Global
     // network settings have to be applied.
-
     base::DictionaryValue shill_properties_to_update;
     GetPropertiesForUnmanagedEntry(entry_properties,
                                    &shill_properties_to_update);
     if (shill_properties_to_update.empty()) {
       VLOG(2) << "Ignore unmanaged entry.";
       // Calling a SetProperties of Shill with an empty dictionary is a no op.
     } else {
       VLOG(2) << "Apply global network config to unmanaged entry.";
       handler_->UpdateExistingConfigurationWithPropertiesFromPolicy(
           entry_properties, shill_properties_to_update);
     }
   }
 }
 
 void PolicyApplicator::DeleteEntry(const std::string& entry) {
   DBusThreadManager::Get()->GetShillProfileClient()->DeleteEntry(
       dbus::ObjectPath(profile_.path),
       entry,
       base::Bind(&base::DoNothing),
       base::Bind(&LogErrorMessage, FROM_HERE));
 }
 
-void PolicyApplicator::CreateAndWriteNewShillConfiguration(
-    const std::string& guid,
-    const base::DictionaryValue& policy,
-    const base::DictionaryValue* user_settings) {
+void PolicyApplicator::WriteNewShillConfiguration(
+    const base::DictionaryValue& shill_dictionary,
+    const base::DictionaryValue& policy) {
   // Ethernet (non EAP) settings, like GUID or UIData, cannot be stored per
   // user. Abort in that case.
   std::string type;
   policy.GetStringWithoutPathExpansion(::onc::network_config::kType, &type);
   if (type == ::onc::network_type::kEthernet &&
       profile_.type() == NetworkProfile::TYPE_USER) {
     const base::DictionaryValue* ethernet = NULL;
     policy.GetDictionaryWithoutPathExpansion(::onc::network_config::kEthernet,
                                              &ethernet);
     std::string auth;
     ethernet->GetStringWithoutPathExpansion(::onc::ethernet::kAuthentication,
                                             &auth);
     if (auth == ::onc::ethernet::kNone)
       return;
   }
 
-  scoped_ptr<base::DictionaryValue> shill_dictionary =
-      policy_util::CreateShillConfiguration(
-          profile_, guid, &policy, user_settings);
-  handler_->CreateConfigurationFromPolicy(*shill_dictionary);
+  handler_->CreateConfigurationFromPolicy(shill_dictionary);
 }
 
 void PolicyApplicator::GetPropertiesForUnmanagedEntry(
     const base::DictionaryValue& entry_properties,
     base::DictionaryValue* properties_to_update) const {
   // kAllowOnlyPolicyNetworksToAutoconnect is currently the only global config.
 
   std::string type;
   entry_properties.GetStringWithoutPathExpansion(shill::kTypeProperty, &type);
   if (NetworkTypePattern::Ethernet().MatchesType(type))
@@ skipping 41 matching lines @@
   // contains all modified policies that didn't match any entry. For these
   // remaining policies, new configurations have to be created.
   for (std::set<std::string>::iterator it = remaining_policies_.begin();
        it != remaining_policies_.end(); ++it) {
     const base::DictionaryValue* policy = GetByGUID(all_policies_, *it);
     DCHECK(policy);
 
     VLOG(1) << "Creating new configuration managed by policy " << *it
             << " in profile " << profile_.ToDebugString() << ".";
 
-    CreateAndWriteNewShillConfiguration(
-        *it, *policy, NULL /* no user settings */);
+    scoped_ptr<base::DictionaryValue> shill_dictionary =
+        policy_util::CreateShillConfiguration(profile_, *it, policy, NULL);
+    WriteNewShillConfiguration(*shill_dictionary, *policy);
   }
 }
 
 }  // namespace chromeos