diff options
author | cschuet <cschuet@chromium.org> | 2015-09-07 09:51:26 -0700 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2015-09-07 16:52:04 +0000 |
commit | 0002215abc92c2b723c802d147372a48a62d7413 (patch) | |
tree | 4ce688e09a86251ba55a754f638740b86a271598 /chromeos/network | |
parent | d8ed85742313f6a3b7db1d81277e01c3f5d23bf7 (diff) | |
download | chromium_src-0002215abc92c2b723c802d147372a48a62d7413.zip chromium_src-0002215abc92c2b723c802d147372a48a62d7413.tar.gz chromium_src-0002215abc92c2b723c802d147372a48a62d7413.tar.bz2 |
Add an ONC property for disabling net technologies
This CL maps an ONC property for disabling network technologies.
BUG=426390
Review URL: https://codereview.chromium.org/1306813008
Cr-Commit-Position: refs/heads/master@{#347638}
Diffstat (limited to 'chromeos/network')
-rw-r--r-- | chromeos/network/onc/onc_signature.cc | 1 | ||||
-rw-r--r-- | chromeos/network/onc/onc_validator.cc | 83 | ||||
-rw-r--r-- | chromeos/network/onc/onc_validator.h | 8 | ||||
-rw-r--r-- | chromeos/network/onc/onc_validator_unittest.cc | 9 |
4 files changed, 89 insertions, 12 deletions
diff --git a/chromeos/network/onc/onc_signature.cc b/chromeos/network/onc/onc_signature.cc index 65df396..562730c 100644 --- a/chromeos/network/onc/onc_signature.cc +++ b/chromeos/network/onc/onc_signature.cc @@ -341,6 +341,7 @@ const OncFieldSignature network_with_state_fields[] = { const OncFieldSignature global_network_configuration_fields[] = { {::onc::global_network_config::kAllowOnlyPolicyNetworksToAutoconnect, &kBoolSignature}, + {::onc::global_network_config::kDisableNetworkTypes, &kStringListSignature}, {NULL}}; const OncFieldSignature certificate_fields[] = { diff --git a/chromeos/network/onc/onc_validator.cc b/chromeos/network/onc/onc_validator.cc index 4c2067a..cb4acf9 100644 --- a/chromeos/network/onc/onc_validator.cc +++ b/chromeos/network/onc/onc_validator.cc @@ -128,6 +128,8 @@ scoped_ptr<base::DictionaryValue> Validator::MapObject( valid = ValidateVerifyX509(repaired.get()); } else if (&signature == &kCertificatePatternSignature) { valid = ValidateCertificatePattern(repaired.get()); + } else if (&signature == &kGlobalNetworkConfigurationSignature) { + valid = ValidateGlobalNetworkConfiguration(repaired.get()); } else if (&signature == &kProxySettingsSignature) { valid = ValidateProxySettings(repaired.get()); } else if (&signature == &kProxyLocationSignature) { @@ -330,6 +332,20 @@ std::string JoinStringRange(const std::vector<const char*>& strings, } // namespace +bool Validator::IsValidValue(const std::string& field_value, + const std::vector<const char*>& valid_values) { + for (const char* it : valid_values) { + if (field_value == it) + return true; + } + error_or_warning_found_ = true; + const std::string valid_values_str = + "[" + JoinStringRange(valid_values, ", ") + "]"; + LOG(ERROR) << MessageHeader() << "Found value '" << field_value + << "', but expected one of the values " << valid_values_str; + return false; +} + bool Validator::FieldExistsAndHasNoValidValue( const base::DictionaryValue& object, const std::string& field_name, @@ -338,20 +354,10 @@ bool Validator::FieldExistsAndHasNoValidValue( if (!object.GetStringWithoutPathExpansion(field_name, &actual_value)) return false; - for (std::vector<const char*>::const_iterator it = valid_values.begin(); - it != valid_values.end(); - ++it) { - if (actual_value == *it) - return false; - } - error_or_warning_found_ = true; - std::string valid_values_str = - "[" + JoinStringRange(valid_values, ", ") + "]"; path_.push_back(field_name); - LOG(ERROR) << MessageHeader() << "Found value '" << actual_value << - "', but expected one of the values " << valid_values_str; + const bool valid = IsValidValue(actual_value, valid_values); path_.pop_back(); - return true; + return !valid; } bool Validator::FieldExistsAndIsNotInRange(const base::DictionaryValue& object, @@ -399,6 +405,29 @@ bool Validator::FieldExistsAndIsEmpty(const base::DictionaryValue& object, return true; } +bool Validator::ListFieldContainsValidValues( + const base::DictionaryValue& object, + const std::string& field_name, + const std::vector<const char*>& valid_values) { + const base::ListValue* list = NULL; + if (object.GetListWithoutPathExpansion(field_name, &list)) { + path_.push_back(field_name); + for (const base::Value* entry : *list) { + std::string value; + if (!entry->GetAsString(&value)) { + NOTREACHED(); // The types of field values are already verified. + continue; + } + if (!IsValidValue(value, valid_values)) { + path_.pop_back(); + return false; + } + } + path_.pop_back(); + } + return true; +} + bool Validator::ValidateSSIDAndHexSSID(base::DictionaryValue* object) { // Check SSID validity. std::string ssid_string; @@ -849,6 +878,36 @@ bool Validator::ValidateCertificatePattern(base::DictionaryValue* result) { return !error_on_missing_field_ || all_required_exist; } +bool Validator::ValidateGlobalNetworkConfiguration( + base::DictionaryValue* result) { + using namespace ::onc::global_network_config; + using namespace ::onc::network_config; + + // Validate kDisableNetworkTypes field. + const base::ListValue* disabled_network_types = NULL; + if (result->GetListWithoutPathExpansion(kDisableNetworkTypes, + &disabled_network_types)) { + // The kDisableNetworkTypes field is only allowed in user policy. + if (!disabled_network_types->empty() && + onc_source_ != ::onc::ONC_SOURCE_USER_POLICY) { + error_or_warning_found_ = true; + LOG(ERROR) << "Disabled network types only allowed in user policy."; + return false; + } + } + + // Ensure the list contains only legitimate network type identifiers. + const char* const kValidNetworkTypeValues[] = {kCellular, kEthernet, kWiFi, + kWimax}; + const std::vector<const char*> valid_network_type_values( + toVector(kValidNetworkTypeValues)); + if (!ListFieldContainsValidValues(*result, kDisableNetworkTypes, + valid_network_type_values)) { + return false; + } + return true; +} + bool Validator::ValidateProxySettings(base::DictionaryValue* result) { using namespace ::onc::proxy; diff --git a/chromeos/network/onc/onc_validator.h b/chromeos/network/onc/onc_validator.h index 424f7eb..adacbda 100644 --- a/chromeos/network/onc/onc_validator.h +++ b/chromeos/network/onc/onc_validator.h @@ -163,11 +163,14 @@ class CHROMEOS_EXPORT Validator : public Mapper { bool ValidateThirdPartyVPN(base::DictionaryValue* result); bool ValidateVerifyX509(base::DictionaryValue* result); bool ValidateCertificatePattern(base::DictionaryValue* result); + bool ValidateGlobalNetworkConfiguration(base::DictionaryValue* result); bool ValidateProxySettings(base::DictionaryValue* result); bool ValidateProxyLocation(base::DictionaryValue* result); bool ValidateEAP(base::DictionaryValue* result); bool ValidateCertificate(base::DictionaryValue* result); + bool IsValidValue(const std::string& field_value, + const std::vector<const char*>& valid_values); bool FieldExistsAndHasNoValidValue( const base::DictionaryValue& object, const std::string& field_name, @@ -181,6 +184,11 @@ class CHROMEOS_EXPORT Validator : public Mapper { bool FieldExistsAndIsEmpty(const base::DictionaryValue& object, const std::string& field_name); + bool ListFieldContainsValidValues( + const base::DictionaryValue& object, + const std::string& field_name, + const std::vector<const char*>& valid_values); + bool ValidateSSIDAndHexSSID(base::DictionaryValue* object); // Returns true if |key| is a key of |dict|. Otherwise, returns false and, diff --git a/chromeos/network/onc/onc_validator_unittest.cc b/chromeos/network/onc/onc_validator_unittest.cc index 8517f71..05c0df1 100644 --- a/chromeos/network/onc/onc_validator_unittest.cc +++ b/chromeos/network/onc/onc_validator_unittest.cc @@ -149,6 +149,11 @@ INSTANTIATE_TEST_CASE_P( &kToplevelConfigurationSignature, true, ::onc::ONC_SOURCE_DEVICE_POLICY), + // Disabled technologies are only allowed for user policies. + OncParams("managed_toplevel_with_disabled_technologies.onc", + &kToplevelConfigurationSignature, + true, + ::onc::ONC_SOURCE_USER_POLICY), OncParams("managed_toplevel_l2tpipsec.onc", &kToplevelConfigurationSignature, true), @@ -474,6 +479,10 @@ INSTANTIATE_TEST_CASE_P( StrictAndLiberalInvalid, ONCValidatorTestRepairable, ::testing::Values( + std::make_pair(OncParams("global-disabled-technologies", + &kGlobalNetworkConfigurationSignature, + false), + ExpectBothNotValid("", "")), std::make_pair(OncParams("network-unknown-value", &kNetworkConfigurationSignature, false), |