Enforce autoconnect policy in the network dialogs.

This disables autoconnect in the dialog for configuring new or existing networks in CrOS if the new Autoconnect policy is set.

Depends on: https://codereview.chromium.org/23526016/

BUG=280146

Review URL: https://codereview.chromium.org/27273006

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@229998 0039d316-1c4b-4281-b951-d872f2087c98

10 files changed, 140 insertions, 23 deletions

diff --git a/chrome/browser/chromeos/net/onc_utils.cc b/chrome/browser/chromeos/net/onc_utils.cc
index 4a52464..32d88f4 100644
--- a/chrome/browser/chromeos/net/onc_utils.cc
+++ b/chrome/browser/chromeos/net/onc_utils.cc
@@ -248,6 +248,33 @@ const base::DictionaryValue* FindPolicyForActiveUser(
       FindPolicyByGUID(username_hash, guid, onc_source);
 }
 
+const base::DictionaryValue* GetGlobalConfigFromPolicy(bool for_active_user) {
+  std::string username_hash;
+  if (for_active_user) {
+    const User* user = UserManager::Get()->GetActiveUser();
+    if (!user) {
+      LOG(ERROR) << "No user logged in yet.";
+      return NULL;
+    }
+    username_hash = user->username_hash();
+  }
+  return NetworkHandler::Get()->managed_network_configuration_handler()->
+      GetGlobalConfigFromPolicy(username_hash);
+}
+
+bool PolicyAllowsOnlyPolicyNetworksToAutoconnect(bool for_active_user) {
+  const base::DictionaryValue* global_config =
+      GetGlobalConfigFromPolicy(for_active_user);
+  if (!global_config)
+    return false;  // By default, all networks are allowed to autoconnect.
+
+  bool only_policy_autoconnect = false;
+  global_config->GetBooleanWithoutPathExpansion(
+      ::onc::global_network_config::kAllowOnlyPolicyNetworksToAutoconnect,
+      &only_policy_autoconnect);
+  return only_policy_autoconnect;
+}
+
 namespace {
 
 const base::DictionaryValue* GetNetworkConfigByGUID(
diff --git a/chrome/browser/chromeos/net/onc_utils.h b/chrome/browser/chromeos/net/onc_utils.h
index 35d0762..4fa8784 100644
--- a/chrome/browser/chromeos/net/onc_utils.h
+++ b/chrome/browser/chromeos/net/onc_utils.h
@@ -47,11 +47,22 @@ void ImportNetworksForUser(const chromeos::User* user,
                            std::string* error);
 
 // Looks up the policy for |guid| for the current active user and sets
-// |onc_source| accordingly.
+// |global_config| (if not NULL) and |onc_source| (if not NULL) accordingly. If
+// |guid| is empty, returns NULL and sets the |global_config| and |onc_source|
+// if a policy is found.
 const base::DictionaryValue* FindPolicyForActiveUser(
     const std::string& guid,
     ::onc::ONCSource* onc_source);
 
+// Returns the global network configuration section of the active user's network
+// policy (if |for_active_user| is true) or of the device policy.
+const base::DictionaryValue* GetGlobalConfigFromPolicy(bool for_active_user);
+
+// Convenvience function to retrieve the "AllowOnlyPolicyNetworksToAutoconnect"
+// setting from the global network configuration (see
+// GetGlobalConfigFromPolicy).
+bool PolicyAllowsOnlyPolicyNetworksToAutoconnect(bool for_active_user);
+
 // Returns the effective (user or device) policy for network |favorite|. Both
 // |profile_prefs| and |local_state_prefs| might be NULL. Returns NULL if no
 // applicable policy is found. Sets |onc_source| accordingly.
diff --git a/chrome/browser/chromeos/options/vpn_config_view.cc b/chrome/browser/chromeos/options/vpn_config_view.cc
index 5286805..ddb6c2d 100644
--- a/chrome/browser/chromeos/options/vpn_config_view.cc
+++ b/chrome/browser/chromeos/options/vpn_config_view.cc
@@ -373,6 +373,14 @@ bool VPNConfigView::Login() {
 
     SetConfigProperties(&properties);
     bool shared = !LoginState::Get()->IsUserAuthenticated();
+
+    bool only_policy_autoconnect =
+        onc::PolicyAllowsOnlyPolicyNetworksToAutoconnect(!shared);
+    if (only_policy_autoconnect) {
+      properties.SetBooleanWithoutPathExpansion(shill::kAutoConnectProperty,
+                                                false);
+    }
+
     ash::network_connect::CreateConfigurationAndConnect(&properties, shared);
   } else {
     const NetworkState* vpn = NetworkHandler::Get()->network_state_handler()->
diff --git a/chrome/browser/chromeos/options/wifi_config_view.cc b/chrome/browser/chromeos/options/wifi_config_view.cc
index f5190ae..19cfbbc 100644
--- a/chrome/browser/chromeos/options/wifi_config_view.cc
+++ b/chrome/browser/chromeos/options/wifi_config_view.cc
@@ -648,9 +648,19 @@ void WifiConfigView::OnCertificatesLoaded(bool initial_load) {
 
 bool WifiConfigView::Login() {
   const bool share_default = true;
+
+  // Set configuration properties.
+  base::DictionaryValue properties;
+  bool share_network = GetShareNetwork(share_default);
+
+  bool only_policy_autoconnect =
+      onc::PolicyAllowsOnlyPolicyNetworksToAutoconnect(!share_network);
+  if (only_policy_autoconnect) {
+    properties.SetBooleanWithoutPathExpansion(shill::kAutoConnectProperty,
+                                              false);
+  }
+
   if (service_path_.empty()) {
-    // Set configuration properties.
-    base::DictionaryValue properties;
     properties.SetStringWithoutPathExpansion(
         shill::kTypeProperty, shill::kTypeWifi);
     shill_property_util::SetSSID(GetSsid(), &properties);
@@ -686,8 +696,8 @@ bool WifiConfigView::Login() {
         shill::kSecurityProperty, security);
 
     // Configure and connect to network.
-    bool shared = GetShareNetwork(share_default);
-    ash::network_connect::CreateConfigurationAndConnect(&properties, shared);
+    ash::network_connect::CreateConfigurationAndConnect(&properties,
+                                                        share_network);
   } else {
     const NetworkState* wifi = NetworkHandler::Get()->network_state_handler()->
         GetNetworkState(service_path_);
@@ -697,7 +707,6 @@ bool WifiConfigView::Login() {
       NET_LOG_ERROR("Network not found", service_path_);
       return true;  // Close dialog
     }
-    base::DictionaryValue properties;
     if (eap_method_combobox_) {
       // Visible 802.1X EAP Wi-Fi connection.
       SetEapProperties(&properties);
@@ -711,7 +720,6 @@ bool WifiConfigView::Login() {
             shill::kPassphraseProperty, passphrase);
       }
     }
-    bool share_network = GetShareNetwork(share_default);
     ash::network_connect::ConfigureNetworkAndConnect(
         service_path_, properties, share_network);
   }
diff --git a/chrome/browser/chromeos/options/wimax_config_view.cc b/chrome/browser/chromeos/options/wimax_config_view.cc
index b197935..c1b715f 100644
--- a/chrome/browser/chromeos/options/wimax_config_view.cc
+++ b/chrome/browser/chromeos/options/wimax_config_view.cc
@@ -10,6 +10,7 @@
 #include "base/strings/utf_string_conversions.h"
 #include "chrome/browser/chromeos/enrollment_dialog_view.h"
 #include "chrome/browser/chromeos/login/startup_utils.h"
+#include "chrome/browser/chromeos/net/onc_utils.h"
 #include "chrome/browser/profiles/profile_manager.h"
 #include "chromeos/login/login_state.h"
 #include "chromeos/network/network_configuration_handler.h"
@@ -158,6 +159,14 @@ bool WimaxConfigView::Login() {
 
   const bool share_default = true;
   bool share_network = GetShareNetwork(share_default);
+
+  bool only_policy_autoconnect =
+      onc::PolicyAllowsOnlyPolicyNetworksToAutoconnect(!share_network);
+  if (only_policy_autoconnect) {
+    properties.SetBooleanWithoutPathExpansion(shill::kAutoConnectProperty,
+                                              false);
+  }
+
   ash::network_connect::ConfigureNetworkAndConnect(
       service_path_, properties, share_network);
   return true;  // dialog will be closed
@@ -192,11 +201,11 @@ void WimaxConfigView::Init() {
   DCHECK(wimax && wimax->type() == shill::kTypeWimax);
 
   WifiConfigView::ParseWiFiEAPUIProperty(
-      &save_credentials_ui_data_, wimax, onc::eap::kSaveCredentials);
+      &save_credentials_ui_data_, wimax, ::onc::eap::kSaveCredentials);
   WifiConfigView::ParseWiFiEAPUIProperty(
-      &identity_ui_data_, wimax, onc::eap::kIdentity);
+      &identity_ui_data_, wimax, ::onc::eap::kIdentity);
   WifiConfigView::ParseWiFiUIProperty(
-      &passphrase_ui_data_, wimax, onc::wifi::kPassphrase);
+      &passphrase_ui_data_, wimax, ::onc::wifi::kPassphrase);
 
   views::GridLayout* layout = views::GridLayout::CreatePanel(this);
   SetLayoutManager(layout);
diff --git a/chrome/browser/ui/webui/options/chromeos/internet_options_handler.cc b/chrome/browser/ui/webui/options/chromeos/internet_options_handler.cc
index dd40856..5fc6abc 100644
--- a/chrome/browser/ui/webui/options/chromeos/internet_options_handler.cc
+++ b/chrome/browser/ui/webui/options/chromeos/internet_options_handler.cc
@@ -543,18 +543,32 @@ base::DictionaryValue* BuildIPInfoDictionary(
   return ip_info_dict.release();
 }
 
-static bool CanForgetNetworkType(const std::string& type) {
+bool CanForgetNetworkType(const std::string& type) {
   return type == shill::kTypeWifi ||
          type == shill::kTypeWimax ||
          type == shill::kTypeVPN;
 }
 
-static bool CanAddNetworkType(const std::string& type) {
+bool CanAddNetworkType(const std::string& type) {
   return type == shill::kTypeWifi ||
          type == shill::kTypeVPN ||
          type == shill::kTypeCellular;
 }
 
+// Decorate dictionary |value_dict| with policy information from |ui_data|.
+void DecorateValueDictionary(const NetworkPropertyUIData& ui_data,
+                             const base::Value& value,
+                             base::DictionaryValue* value_dict) {
+  const base::Value* recommended_value = ui_data.default_value();
+  if (ui_data.IsManaged())
+    value_dict->SetString(kTagControlledBy, kTagPolicy);
+  else if (recommended_value && recommended_value->Equals(&value))
+    value_dict->SetString(kTagControlledBy, kTagRecommended);
+
+  if (recommended_value)
+    value_dict->Set(kTagRecommendedValue, recommended_value->DeepCopy());
+}
+
 // Decorate pref value as CoreOptionsHandler::CreateValueForPref() does and
 // store it under |key| in |settings|. Takes ownership of |value|.
 void SetValueDictionary(base::DictionaryValue* settings,
@@ -564,15 +578,34 @@ void SetValueDictionary(base::DictionaryValue* settings,
   base::DictionaryValue* dict = new base::DictionaryValue();
   // DictionaryValue::Set() takes ownership of |value|.
   dict->Set(kTagValue, value);
-  const base::Value* recommended_value = ui_data.default_value();
-  if (ui_data.IsManaged())
-    dict->SetString(kTagControlledBy, kTagPolicy);
-  else if (recommended_value && recommended_value->Equals(value))
-    dict->SetString(kTagControlledBy, kTagRecommended);
-
-  if (recommended_value)
-    dict->Set(kTagRecommendedValue, recommended_value->DeepCopy());
   settings->Set(key, dict);
+  DecorateValueDictionary(ui_data, *value, dict);
+}
+
+// Creates a decorated dictionary like SetValueDictionary does, but extended for
+// the Autoconnect property, which respects additionally global network policy.
+void SetAutoconnectValueDictionary(bool network_is_private,
+                                   ::onc::ONCSource onc_source,
+                                   bool current_autoconnect,
+                                   const NetworkPropertyUIData& ui_data,
+                                   base::DictionaryValue* settings) {
+  base::DictionaryValue* dict = new base::DictionaryValue();
+  base::Value* value = new base::FundamentalValue(current_autoconnect);
+  // DictionaryValue::Set() takes ownership of |value|.
+  dict->Set(kTagValue, value);
+  settings->Set(kTagAutoConnect, dict);
+  if (onc_source != ::onc::ONC_SOURCE_USER_POLICY &&
+      onc_source != ::onc::ONC_SOURCE_DEVICE_POLICY) {
+    // Autoconnect can be controlled by the GlobalNetworkConfiguration of the
+    // ONC policy.
+    bool only_policy_autoconnect =
+        onc::PolicyAllowsOnlyPolicyNetworksToAutoconnect(network_is_private);
+    if (only_policy_autoconnect) {
+      dict->SetString(kTagControlledBy, kTagPolicy);
+      return;
+    }
+  }
+  DecorateValueDictionary(ui_data, *value, dict);
 }
 
 std::string CopyStringFromDictionary(const base::DictionaryValue& source,
@@ -1584,9 +1617,11 @@ void InternetOptionsHandler::PopulateDictionaryDetailsCallback(
   bool auto_connect = false;
   shill_properties.GetBooleanWithoutPathExpansion(
       shill::kAutoConnectProperty, &auto_connect);
-  SetValueDictionary(&dictionary, kTagAutoConnect,
-                     new base::FundamentalValue(auto_connect),
-                     auto_connect_ui_data);
+  SetAutoconnectValueDictionary(network->IsPrivate(),
+                                onc_source,
+                                auto_connect,
+                                auto_connect_ui_data,
+                                &dictionary);
 
   PopulateConnectionDetails(network, shill_properties, &dictionary);
 
diff --git a/chromeos/network/managed_network_configuration_handler.h b/chromeos/network/managed_network_configuration_handler.h
index ea7a446..bc58492 100644
--- a/chromeos/network/managed_network_configuration_handler.h
+++ b/chromeos/network/managed_network_configuration_handler.h
@@ -121,6 +121,11 @@ class CHROMEOS_EXPORT ManagedNetworkConfigurationHandler {
       const std::string& guid,
       ::onc::ONCSource* onc_source) const = 0;
 
+  // Returns the global configuration of the policy of user |userhash| or device
+  // policy if |userhash| is empty.
+  virtual const base::DictionaryValue* GetGlobalConfigFromPolicy(
+      const std::string userhash) const = 0;
+
   // Returns the policy with |guid| for profile |profile_path|. If such
   // doesn't exist, returns NULL.
   virtual const base::DictionaryValue* FindPolicyByGuidAndProfile(
diff --git a/chromeos/network/managed_network_configuration_handler_impl.cc b/chromeos/network/managed_network_configuration_handler_impl.cc
index c3c3242..73e5e07 100644
--- a/chromeos/network/managed_network_configuration_handler_impl.cc
+++ b/chromeos/network/managed_network_configuration_handler_impl.cc
@@ -552,6 +552,15 @@ ManagedNetworkConfigurationHandlerImpl::FindPolicyByGUID(
 }
 
 const base::DictionaryValue*
+ManagedNetworkConfigurationHandlerImpl::GetGlobalConfigFromPolicy(
+    const std::string userhash) const {
+  const Policies* policies = GetPoliciesForUser(userhash);
+  if (!policies)
+    return NULL;
+
+  return &policies->global_network_config;
+}
+const base::DictionaryValue*
 ManagedNetworkConfigurationHandlerImpl::FindPolicyByGuidAndProfile(
     const std::string& guid,
     const std::string& profile_path) const {
diff --git a/chromeos/network/managed_network_configuration_handler_impl.h b/chromeos/network/managed_network_configuration_handler_impl.h
index 95593b3..19b8eb8 100644
--- a/chromeos/network/managed_network_configuration_handler_impl.h
+++ b/chromeos/network/managed_network_configuration_handler_impl.h
@@ -79,6 +79,9 @@ class CHROMEOS_EXPORT ManagedNetworkConfigurationHandlerImpl
       const std::string& guid,
       onc::ONCSource* onc_source) const OVERRIDE;
 
+  virtual const base::DictionaryValue* GetGlobalConfigFromPolicy(
+      const std::string userhash) const OVERRIDE;
+
   virtual const base::DictionaryValue* FindPolicyByGuidAndProfile(
       const std::string& guid,
       const std::string& profile_path) const OVERRIDE;
diff --git a/chromeos/network/mock_managed_network_configuration_handler.h b/chromeos/network/mock_managed_network_configuration_handler.h
index e73e598..4bde68d 100644
--- a/chromeos/network/mock_managed_network_configuration_handler.h
+++ b/chromeos/network/mock_managed_network_configuration_handler.h
@@ -59,6 +59,8 @@ class CHROMEOS_EXPORT MockManagedNetworkConfigurationHandler
                          const std::string userhash,
                          const std::string& guid,
                          ::onc::ONCSource* onc_source));
+  MOCK_CONST_METHOD1(GetGlobalConfigFromPolicy,
+                     const base::DictionaryValue*(const std::string userhash));
   MOCK_CONST_METHOD2(
       FindPolicyByGuidAndProfile,
       const base::DictionaryValue*(const std::string& guid,