diff options
| author | pneubeck@chromium.org <pneubeck@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-10-21 21:07:53 +0000 |
|---|---|---|
| committer | pneubeck@chromium.org <pneubeck@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-10-21 21:07:53 +0000 |
| commit | e5ed56ebda5c89cdb26eb6a7c31b41d2a4fd321b (patch) | |
| tree | ac7a2418f316a497081ebf9ab86a46dba202ccbb /chromeos | |
| parent | dc6097a75946a1d8ec46cd8fd4773fe5bf19af9f (diff) | |
| download | chromium_src-e5ed56ebda5c89cdb26eb6a7c31b41d2a4fd321b.zip chromium_src-e5ed56ebda5c89cdb26eb6a7c31b41d2a4fd321b.tar.gz chromium_src-e5ed56ebda5c89cdb26eb6a7c31b41d2a4fd321b.tar.bz2 | |
Autoconnect policy for CrOS.
This adds an autoconnect policy that disables autoconnect of unmanaged networks. As a device policy this applies to all shared networks. As a user policy it applies to all networks of this user.
With this commit the policy is applied on each restart and login. UI lockdown is still missing.
Configurations affecting several networks were not supported previously by ONC. Therefore, this commit adds the new toplevel section "GlobalNetworkConfiguration" to ONC.
BUG=280146
For API change:
R=bartfab@chromium.org
TBR=eroman@chromium.org
Review URL: https://codereview.chromium.org/23526016
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@229910 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chromeos')
26 files changed, 361 insertions, 118 deletions
diff --git a/chromeos/network/client_cert_resolver_unittest.cc b/chromeos/network/client_cert_resolver_unittest.cc index b802bf3..beaa096 100644 --- a/chromeos/network/client_cert_resolver_unittest.cc +++ b/chromeos/network/client_cert_resolver_unittest.cc @@ -11,6 +11,7 @@ #include "base/json/json_reader.h" #include "base/run_loop.h" #include "base/strings/stringprintf.h" +#include "base/values.h" #include "chromeos/dbus/dbus_thread_manager.h" #include "chromeos/dbus/shill_profile_client.h" #include "chromeos/dbus/shill_service_client.h" @@ -187,7 +188,10 @@ class ClientCertResolverTest : public testing::Test { ASSERT_TRUE(policy_value->GetAsList(&policy)); managed_config_handler_->SetPolicy( - onc::ONC_SOURCE_USER_POLICY, kUserHash, *policy); + onc::ONC_SOURCE_USER_POLICY, + kUserHash, + *policy, + base::DictionaryValue() /* no global network config */); } void GetClientCertProperties(std::string* pkcs11_id) { diff --git a/chromeos/network/managed_network_configuration_handler.h b/chromeos/network/managed_network_configuration_handler.h index 39107f8..ea7a446 100644 --- a/chromeos/network/managed_network_configuration_handler.h +++ b/chromeos/network/managed_network_configuration_handler.h @@ -101,15 +101,17 @@ class CHROMEOS_EXPORT ManagedNetworkConfigurationHandler { const base::Closure& callback, const network_handler::ErrorCallback& error_callback) const = 0; - // Only to be called by NetworkConfigurationUpdater or from tests. Sets - // |network_configs_onc| as the current policy of |onc_source|. The network - // configurations of the policy will be applied (not necessarily immediately) - // to Shill's profiles and enforced in future configurations until the policy - // associated with |onc_source| is changed again with this function. For - // device policies, |userhash| must be empty. - virtual void SetPolicy(::onc::ONCSource onc_source, - const std::string& userhash, - const base::ListValue& network_configs_onc) = 0; + // Only to be called by NetworkConfigurationUpdater or from tests. Sets + // |network_configs_onc| and |global_network_config| as the current policy of + // |userhash| and |onc_source|. The policy will be applied (not necessarily + // immediately) to Shill's profiles and enforced in future configurations + // until the policy associated with |userhash| and |onc_source| is changed + // again with this function. For device policies, |userhash| must be empty. + virtual void SetPolicy( + ::onc::ONCSource onc_source, + const std::string& userhash, + const base::ListValue& network_configs_onc, + const base::DictionaryValue& global_network_config) = 0; // Returns the user policy for user |userhash| or device policy, which has // |guid|. If |userhash| is empty, only looks for a device policy. If such diff --git a/chromeos/network/managed_network_configuration_handler_impl.cc b/chromeos/network/managed_network_configuration_handler_impl.cc index 647568e..c3c3242 100644 --- a/chromeos/network/managed_network_configuration_handler_impl.cc +++ b/chromeos/network/managed_network_configuration_handler_impl.cc @@ -39,6 +39,8 @@ namespace chromeos { namespace { +typedef std::map<std::string, const base::DictionaryValue*> GuidToPolicyMap; + // These are error strings used for error callbacks. None of these error // messages are user-facing: they should only appear in logs. const char kInvalidUserSettingsMessage[] = "User settings are invalid."; @@ -83,11 +85,9 @@ void LogErrorWithDict(const tracked_objects::Location& from_where, LOG(ERROR) << from_where.ToString() << ": " << error_name; } -const base::DictionaryValue* GetByGUID( - const ManagedNetworkConfigurationHandlerImpl::GuidToPolicyMap& policies, - const std::string& guid) { - ManagedNetworkConfigurationHandlerImpl::GuidToPolicyMap::const_iterator it = - policies.find(guid); +const base::DictionaryValue* GetByGUID(const GuidToPolicyMap& policies, + const std::string& guid) { + GuidToPolicyMap::const_iterator it = policies.find(guid); if (it == policies.end()) return NULL; return it->second; @@ -106,6 +106,17 @@ void TranslatePropertiesToOncAndRunCallback( } // namespace +struct ManagedNetworkConfigurationHandlerImpl::Policies { + ~Policies(); + + GuidToPolicyMap per_network_config; + base::DictionaryValue global_network_config; +}; + +ManagedNetworkConfigurationHandlerImpl::Policies::~Policies() { + STLDeleteValues(&per_network_config); +} + void ManagedNetworkConfigurationHandlerImpl::AddObserver( NetworkPolicyObserver* observer) { observers_.AddObserver(observer); @@ -186,7 +197,7 @@ void ManagedNetworkConfigurationHandlerImpl::GetManagedPropertiesCallback( const base::DictionaryValue* user_policy = NULL; const base::DictionaryValue* device_policy = NULL; if (!guid.empty() && profile) { - const GuidToPolicyMap* policies = GetPoliciesForProfile(*profile); + const Policies* policies = GetPoliciesForProfile(*profile); if (!policies) { RunErrorCallback(service_path, kPoliciesNotInitialized, @@ -194,7 +205,8 @@ void ManagedNetworkConfigurationHandlerImpl::GetManagedPropertiesCallback( error_callback); return; } - const base::DictionaryValue* policy = GetByGUID(*policies, guid); + const base::DictionaryValue* policy = + GetByGUID(policies->per_network_config, guid); if (profile->type() == NetworkProfile::TYPE_SHARED) device_policy = policy; else if (profile->type() == NetworkProfile::TYPE_USER) @@ -267,7 +279,7 @@ void ManagedNetworkConfigurationHandlerImpl::SetProperties( VLOG(2) << "SetProperties: Found GUID " << guid << " and profile " << profile->ToDebugString(); - const GuidToPolicyMap* policies = GetPoliciesForProfile(*profile); + const Policies* policies = GetPoliciesForProfile(*profile); if (!policies) { RunErrorCallback(service_path, kPoliciesNotInitialized, @@ -300,7 +312,8 @@ void ManagedNetworkConfigurationHandlerImpl::SetProperties( if (validation_result == onc::Validator::VALID_WITH_WARNINGS) LOG(WARNING) << "Validation of ONC user settings produced warnings."; - const base::DictionaryValue* policy = GetByGUID(*policies, guid); + const base::DictionaryValue* policy = + GetByGUID(policies->per_network_config, guid); VLOG(2) << "This configuration is " << (policy ? "" : "not ") << "managed."; scoped_ptr<base::DictionaryValue> shill_dictionary( @@ -316,7 +329,7 @@ void ManagedNetworkConfigurationHandlerImpl::CreateConfiguration( const base::DictionaryValue& properties, const network_handler::StringResultCallback& callback, const network_handler::ErrorCallback& error_callback) const { - const GuidToPolicyMap* policies = GetPoliciesForUser(userhash); + const Policies* policies = GetPoliciesForUser(userhash); if (!policies) { RunErrorCallback("", kPoliciesNotInitialized, @@ -325,7 +338,8 @@ void ManagedNetworkConfigurationHandlerImpl::CreateConfiguration( return; } - if (policy_util::FindMatchingPolicy(*policies, properties)) { + if (policy_util::FindMatchingPolicy(policies->per_network_config, + properties)) { RunErrorCallback("", kNetworkAlreadyConfigured, kNetworkAlreadyConfiguredMessage, @@ -367,17 +381,26 @@ void ManagedNetworkConfigurationHandlerImpl::RemoveConfiguration( void ManagedNetworkConfigurationHandlerImpl::SetPolicy( ::onc::ONCSource onc_source, const std::string& userhash, - const base::ListValue& network_configs_onc) { + const base::ListValue& network_configs_onc, + const base::DictionaryValue& global_network_config) { VLOG(1) << "Setting policies from " << ToDebugString(onc_source, userhash) << "."; // |userhash| must be empty for device policies. DCHECK(onc_source != ::onc::ONC_SOURCE_DEVICE_POLICY || userhash.empty()); - GuidToPolicyMap& policies = policies_by_user_[userhash]; + Policies* policies = NULL; + if (ContainsKey(policies_by_user_, userhash)) { + policies = policies_by_user_[userhash].get(); + } else { + policies = new Policies; + policies_by_user_[userhash] = make_linked_ptr(policies); + } - GuidToPolicyMap old_policies; - policies.swap(old_policies); + policies->global_network_config.MergeDictionary(&global_network_config); + + GuidToPolicyMap old_per_network_config; + policies->per_network_config.swap(old_per_network_config); // This stores all GUIDs of policies that have changed or are new. std::set<std::string> modified_policies; @@ -392,21 +415,21 @@ void ManagedNetworkConfigurationHandlerImpl::SetPolicy( network->GetStringWithoutPathExpansion(::onc::network_config::kGUID, &guid); DCHECK(!guid.empty()); - if (policies.count(guid) > 0) { + if (policies->per_network_config.count(guid) > 0) { LOG(ERROR) << "ONC from " << ToDebugString(onc_source, userhash) << " contains several entries for the same GUID " << guid << "."; - delete policies[guid]; + delete policies->per_network_config[guid]; } const base::DictionaryValue* new_entry = network->DeepCopy(); - policies[guid] = new_entry; + policies->per_network_config[guid] = new_entry; - const base::DictionaryValue* old_entry = old_policies[guid]; + const base::DictionaryValue* old_entry = old_per_network_config[guid]; if (!old_entry || !old_entry->Equals(new_entry)) modified_policies.insert(guid); } - STLDeleteValues(&old_policies); + STLDeleteValues(&old_per_network_config); const NetworkProfile* profile = network_profile_handler_->GetProfileForUserhash(userhash); @@ -416,8 +439,12 @@ void ManagedNetworkConfigurationHandlerImpl::SetPolicy( return; } - scoped_refptr<PolicyApplicator> applicator = new PolicyApplicator( - weak_ptr_factory_.GetWeakPtr(), *profile, policies, &modified_policies); + scoped_refptr<PolicyApplicator> applicator = + new PolicyApplicator(weak_ptr_factory_.GetWeakPtr(), + *profile, + policies->per_network_config, + policies->global_network_config, + &modified_policies); applicator->Run(); } @@ -425,7 +452,7 @@ void ManagedNetworkConfigurationHandlerImpl::OnProfileAdded( const NetworkProfile& profile) { VLOG(1) << "Adding profile " << profile.ToDebugString() << "'."; - const GuidToPolicyMap* policies = GetPoliciesForProfile(profile); + const Policies* policies = GetPoliciesForProfile(profile); if (!policies) { VLOG(1) << "The relevant policy is not initialized, " << "postponing policy application."; @@ -433,13 +460,18 @@ void ManagedNetworkConfigurationHandlerImpl::OnProfileAdded( } std::set<std::string> policy_guids; - for (GuidToPolicyMap::const_iterator it = policies->begin(); - it != policies->end(); ++it) { + for (GuidToPolicyMap::const_iterator it = + policies->per_network_config.begin(); + it != policies->per_network_config.end(); ++it) { policy_guids.insert(it->first); } - scoped_refptr<PolicyApplicator> applicator = new PolicyApplicator( - weak_ptr_factory_.GetWeakPtr(), profile, *policies, &policy_guids); + scoped_refptr<PolicyApplicator> applicator = + new PolicyApplicator(weak_ptr_factory_.GetWeakPtr(), + profile, + policies->per_network_config, + policies->global_network_config, + &policy_guids); applicator->Run(); } @@ -457,6 +489,36 @@ void ManagedNetworkConfigurationHandlerImpl::CreateConfigurationFromPolicy( base::Bind(&LogErrorWithDict, FROM_HERE)); } +void ManagedNetworkConfigurationHandlerImpl:: + UpdateExistingConfigurationWithPropertiesFromPolicy( + const base::DictionaryValue& existing_properties, + const base::DictionaryValue& new_properties) { + base::DictionaryValue shill_properties; + + std::string profile; + existing_properties.GetStringWithoutPathExpansion(shill::kProfileProperty, + &profile); + if (profile.empty()) { + LOG(ERROR) << "Missing profile property."; + return; + } + shill_properties.SetStringWithoutPathExpansion(shill::kProfileProperty, + profile); + + if (!shill_property_util::CopyIdentifyingProperties(existing_properties, + &shill_properties)) { + LOG(ERROR) << "Missing identifying properties."; + } + + shill_properties.MergeDictionary(&new_properties); + + network_configuration_handler_->CreateConfiguration( + shill_properties, + base::Bind(&ManagedNetworkConfigurationHandlerImpl::OnPolicyApplied, + weak_ptr_factory_.GetWeakPtr()), + base::Bind(&LogErrorWithDict, FROM_HERE)); +} + const base::DictionaryValue* ManagedNetworkConfigurationHandlerImpl::FindPolicyByGUID( const std::string userhash, @@ -465,22 +527,24 @@ ManagedNetworkConfigurationHandlerImpl::FindPolicyByGUID( *onc_source = ::onc::ONC_SOURCE_NONE; if (!userhash.empty()) { - const GuidToPolicyMap* user_policies = GetPoliciesForUser(userhash); + const Policies* user_policies = GetPoliciesForUser(userhash); if (user_policies) { - GuidToPolicyMap::const_iterator found = user_policies->find(guid); - if (found != user_policies->end()) { + const base::DictionaryValue* policy = + GetByGUID(user_policies->per_network_config, guid); + if (policy) { *onc_source = ::onc::ONC_SOURCE_USER_POLICY; - return found->second; + return policy; } } } - const GuidToPolicyMap* device_policies = GetPoliciesForUser(std::string()); + const Policies* device_policies = GetPoliciesForUser(std::string()); if (device_policies) { - GuidToPolicyMap::const_iterator found = device_policies->find(guid); - if (found != device_policies->end()) { + const base::DictionaryValue* policy = + GetByGUID(device_policies->per_network_config, guid); + if (policy) { *onc_source = ::onc::ONC_SOURCE_DEVICE_POLICY; - return found->second; + return policy; } } @@ -498,26 +562,23 @@ ManagedNetworkConfigurationHandlerImpl::FindPolicyByGuidAndProfile( return NULL; } - const GuidToPolicyMap* policies = GetPoliciesForProfile(*profile); + const Policies* policies = GetPoliciesForProfile(*profile); if (!policies) return NULL; - GuidToPolicyMap::const_iterator it = policies->find(guid); - if (it == policies->end()) - return NULL; - return it->second; + return GetByGUID(policies->per_network_config, guid); } -const ManagedNetworkConfigurationHandlerImpl::GuidToPolicyMap* +const ManagedNetworkConfigurationHandlerImpl::Policies* ManagedNetworkConfigurationHandlerImpl::GetPoliciesForUser( const std::string& userhash) const { UserToPoliciesMap::const_iterator it = policies_by_user_.find(userhash); if (it == policies_by_user_.end()) return NULL; - return &it->second; + return it->second.get(); } -const ManagedNetworkConfigurationHandlerImpl::GuidToPolicyMap* +const ManagedNetworkConfigurationHandlerImpl::Policies* ManagedNetworkConfigurationHandlerImpl::GetPoliciesForProfile( const NetworkProfile& profile) const { DCHECK(profile.type() != NetworkProfile::TYPE_SHARED || @@ -534,10 +595,6 @@ ManagedNetworkConfigurationHandlerImpl::ManagedNetworkConfigurationHandlerImpl() ManagedNetworkConfigurationHandlerImpl:: ~ManagedNetworkConfigurationHandlerImpl() { network_profile_handler_->RemoveObserver(this); - for (UserToPoliciesMap::iterator it = policies_by_user_.begin(); - it != policies_by_user_.end(); ++it) { - STLDeleteValues(&it->second); - } } void ManagedNetworkConfigurationHandlerImpl::Init( diff --git a/chromeos/network/managed_network_configuration_handler_impl.h b/chromeos/network/managed_network_configuration_handler_impl.h index fbe5b67..95593b3 100644 --- a/chromeos/network/managed_network_configuration_handler_impl.h +++ b/chromeos/network/managed_network_configuration_handler_impl.h @@ -10,6 +10,7 @@ #include "base/basictypes.h" #include "base/compiler_specific.h" +#include "base/memory/linked_ptr.h" #include "base/memory/weak_ptr.h" #include "chromeos/chromeos_export.h" #include "chromeos/network/managed_network_configuration_handler.h" @@ -33,9 +34,6 @@ class CHROMEOS_EXPORT ManagedNetworkConfigurationHandlerImpl public NetworkProfileObserver, public PolicyApplicator::ConfigurationHandler { public: - typedef std::map<std::string, const base::DictionaryValue*> GuidToPolicyMap; - typedef std::map<std::string, GuidToPolicyMap> UserToPoliciesMap; - virtual ~ManagedNetworkConfigurationHandlerImpl(); // ManagedNetworkConfigurationHandler overrides @@ -70,9 +68,11 @@ class CHROMEOS_EXPORT ManagedNetworkConfigurationHandlerImpl const base::Closure& callback, const network_handler::ErrorCallback& error_callback) const OVERRIDE; - virtual void SetPolicy(onc::ONCSource onc_source, - const std::string& userhash, - const base::ListValue& network_configs_onc) OVERRIDE; + virtual void SetPolicy( + onc::ONCSource onc_source, + const std::string& userhash, + const base::ListValue& network_configs_onc, + const base::DictionaryValue& global_network_config) OVERRIDE; virtual const base::DictionaryValue* FindPolicyByGUID( const std::string userhash, @@ -91,11 +91,18 @@ class CHROMEOS_EXPORT ManagedNetworkConfigurationHandlerImpl virtual void CreateConfigurationFromPolicy( const base::DictionaryValue& shill_properties) OVERRIDE; + virtual void UpdateExistingConfigurationWithPropertiesFromPolicy( + const base::DictionaryValue& existing_properties, + const base::DictionaryValue& new_properties) OVERRIDE; + private: friend class ClientCertResolverTest; friend class NetworkHandler; friend class ManagedNetworkConfigurationHandlerTest; + struct Policies; + typedef std::map<std::string, linked_ptr<Policies> > UserToPoliciesMap; + ManagedNetworkConfigurationHandlerImpl(); void Init(NetworkStateHandler* network_state_handler, @@ -108,15 +115,12 @@ class CHROMEOS_EXPORT ManagedNetworkConfigurationHandlerImpl const std::string& service_path, const base::DictionaryValue& shill_properties); - const GuidToPolicyMap* GetPoliciesForUser(const std::string& userhash) const; - const GuidToPolicyMap* GetPoliciesForProfile( - const NetworkProfile& profile) const; + const Policies* GetPoliciesForUser(const std::string& userhash) const; + const Policies* GetPoliciesForProfile(const NetworkProfile& profile) const; void OnPolicyApplied(const std::string& service_path); - // The DictionaryValues of the nested maps are owned by this class and are - // explicitly deleted where necessary. If present, the empty string maps to - // the device policy. + // If present, the empty string maps to the device policy. UserToPoliciesMap policies_by_user_; // Local references to the associated handler instances. diff --git a/chromeos/network/managed_network_configuration_handler_unittest.cc b/chromeos/network/managed_network_configuration_handler_unittest.cc index 1a91686..0f87729 100644 --- a/chromeos/network/managed_network_configuration_handler_unittest.cc +++ b/chromeos/network/managed_network_configuration_handler_unittest.cc @@ -7,6 +7,7 @@ #include "base/memory/scoped_ptr.h" #include "base/message_loop/message_loop.h" +#include "base/stl_util.h" #include "chromeos/dbus/dbus_thread_manager.h" #include "chromeos/dbus/mock_dbus_thread_manager.h" #include "chromeos/dbus/mock_shill_manager_client.h" @@ -101,7 +102,7 @@ class ShillProfileTestClient { entry_paths->AppendString(it.key()); } - ASSERT_GT(profile_to_user_.count(profile_path.value()), 0UL); + ASSERT_TRUE(ContainsKey(profile_to_user_, profile_path.value())); const std::string& userhash = profile_to_user_[profile_path.value()]; result->SetStringWithoutPathExpansion(shill::kUserHashProperty, userhash); @@ -229,12 +230,19 @@ class ManagedNetworkConfigurationHandlerTest : public testing::Test { else policy = test_utils::ReadTestDictionary(path_to_onc); - base::ListValue* network_configs = NULL; + base::ListValue empty_network_configs; + base::ListValue* network_configs = &empty_network_configs; policy->GetListWithoutPathExpansion( ::onc::toplevel_config::kNetworkConfigurations, &network_configs); + base::DictionaryValue empty_global_config; + base::DictionaryValue* global_network_config = &empty_global_config; + policy->GetDictionaryWithoutPathExpansion( + ::onc::toplevel_config::kGlobalNetworkConfiguration, + &global_network_config); + managed_handler()->SetPolicy( - ::onc::ONC_SOURCE_USER_POLICY, userhash, *network_configs); + onc_source, userhash, *network_configs, *global_network_config); } void SetNetworkConfigurationHandlerExpectations() { @@ -326,7 +334,7 @@ TEST_F(ManagedNetworkConfigurationHandlerTest, // Also setup an unrelated WiFi configuration to verify that the right entry // is matched. - SetUpEntry("policy/shill_unmanaged_user_wifi1.json", + SetUpEntry("policy/shill_unmanaged_wifi1.json", kUser1ProfilePath, "wifi_entry"); @@ -361,7 +369,7 @@ TEST_F(ManagedNetworkConfigurationHandlerTest, SetPolicyIgnoreUnmodified) { message_loop_.RunUntilIdle(); VerifyAndClearExpectations(); - SetUpEntry("policy/shill_policy_on_unmanaged_user_wifi1.json", + SetUpEntry("policy/shill_policy_on_unmanaged_wifi1.json", kUser1ProfilePath, "some_entry_path"); @@ -377,13 +385,13 @@ TEST_F(ManagedNetworkConfigurationHandlerTest, SetPolicyIgnoreUnmodified) { TEST_F(ManagedNetworkConfigurationHandlerTest, SetPolicyManageUnmanaged) { InitializeStandardProfiles(); - SetUpEntry("policy/shill_unmanaged_user_wifi1.json", + SetUpEntry("policy/shill_unmanaged_wifi1.json", kUser1ProfilePath, "old_entry_path"); scoped_ptr<base::DictionaryValue> expected_shill_properties = test_utils::ReadTestDictionary( - "policy/shill_policy_on_unmanaged_user_wifi1.json"); + "policy/shill_policy_on_unmanaged_wifi1.json"); EXPECT_CALL(mock_profile_client_, GetProperties(dbus::ObjectPath(kUser1ProfilePath), _, _)); @@ -410,13 +418,13 @@ TEST_F(ManagedNetworkConfigurationHandlerTest, SetPolicyManageUnmanaged) { TEST_F(ManagedNetworkConfigurationHandlerTest, SetPolicyManageUnmanagedWithoutUIData) { InitializeStandardProfiles(); - SetUpEntry("policy/shill_unmanaged_user_wifi1.json", + SetUpEntry("policy/shill_unmanaged_wifi1.json", kUser1ProfilePath, "old_entry_path"); scoped_ptr<base::DictionaryValue> expected_shill_properties = test_utils::ReadTestDictionary( - "policy/shill_policy_on_unmanaged_user_wifi1.json"); + "policy/shill_policy_on_unmanaged_wifi1.json"); EXPECT_CALL(mock_profile_client_, GetProperties(dbus::ObjectPath(kUser1ProfilePath), _, _)); @@ -447,7 +455,7 @@ TEST_F(ManagedNetworkConfigurationHandlerTest, SetPolicyUpdateManagedNewGUID) { scoped_ptr<base::DictionaryValue> expected_shill_properties = test_utils::ReadTestDictionary( - "policy/shill_policy_on_unmanaged_user_wifi1.json"); + "policy/shill_policy_on_unmanaged_wifi1.json"); // The passphrase isn't sent again, because it's configured by the user and // Shill doesn't sent it on GetProperties calls. @@ -477,13 +485,13 @@ TEST_F(ManagedNetworkConfigurationHandlerTest, SetPolicyUpdateManagedNewGUID) { TEST_F(ManagedNetworkConfigurationHandlerTest, SetPolicyReapplyToManaged) { InitializeStandardProfiles(); - SetUpEntry("policy/shill_policy_on_unmanaged_user_wifi1.json", + SetUpEntry("policy/shill_policy_on_unmanaged_wifi1.json", kUser1ProfilePath, "old_entry_path"); scoped_ptr<base::DictionaryValue> expected_shill_properties = test_utils::ReadTestDictionary( - "policy/shill_policy_on_unmanaged_user_wifi1.json"); + "policy/shill_policy_on_unmanaged_wifi1.json"); // The passphrase isn't sent again, because it's configured by the user and // Shill doesn't sent it on GetProperties calls. @@ -522,7 +530,7 @@ TEST_F(ManagedNetworkConfigurationHandlerTest, SetPolicyReapplyToManaged) { TEST_F(ManagedNetworkConfigurationHandlerTest, SetPolicyUnmanageManaged) { InitializeStandardProfiles(); - SetUpEntry("policy/shill_policy_on_unmanaged_user_wifi1.json", + SetUpEntry("policy/shill_policy_on_unmanaged_wifi1.json", kUser1ProfilePath, "old_entry_path"); @@ -545,7 +553,7 @@ TEST_F(ManagedNetworkConfigurationHandlerTest, SetPolicyUnmanageManaged) { TEST_F(ManagedNetworkConfigurationHandlerTest, SetEmptyPolicyIgnoreUnmanaged) { InitializeStandardProfiles(); - SetUpEntry("policy/shill_unmanaged_user_wifi1.json", + SetUpEntry("policy/shill_unmanaged_wifi1.json", kUser1ProfilePath, "old_entry_path"); @@ -563,7 +571,7 @@ TEST_F(ManagedNetworkConfigurationHandlerTest, SetEmptyPolicyIgnoreUnmanaged) { TEST_F(ManagedNetworkConfigurationHandlerTest, SetPolicyIgnoreUnmanaged) { InitializeStandardProfiles(); - SetUpEntry("policy/shill_unmanaged_user_wifi2.json", + SetUpEntry("policy/shill_unmanaged_wifi2.json", kUser1ProfilePath, "wifi2_entry_path"); @@ -588,6 +596,35 @@ TEST_F(ManagedNetworkConfigurationHandlerTest, SetPolicyIgnoreUnmanaged) { message_loop_.RunUntilIdle(); } +TEST_F(ManagedNetworkConfigurationHandlerTest, AutoConnectDisallowed) { + InitializeStandardProfiles(); + SetUpEntry("policy/shill_unmanaged_wifi2.json", + kUser1ProfilePath, + "wifi2_entry_path"); + + EXPECT_CALL(mock_profile_client_, + GetProperties(dbus::ObjectPath(kUser1ProfilePath), _, _)); + + EXPECT_CALL( + mock_profile_client_, + GetEntry(dbus::ObjectPath(kUser1ProfilePath), "wifi2_entry_path", _, _)); + + scoped_ptr<base::DictionaryValue> expected_shill_properties = + test_utils::ReadTestDictionary( + "policy/shill_disallow_autoconnect_on_unmanaged_wifi2.json"); + + EXPECT_CALL(mock_manager_client_, + ConfigureServiceForProfile( + dbus::ObjectPath(kUser1ProfilePath), + IsEqualTo(expected_shill_properties.get()), + _, _)); + + SetPolicy(::onc::ONC_SOURCE_USER_POLICY, + kUser1, + "policy/policy_disallow_autoconnect.onc"); + message_loop_.RunUntilIdle(); +} + TEST_F(ManagedNetworkConfigurationHandlerTest, LateProfileLoading) { SetPolicy(::onc::ONC_SOURCE_USER_POLICY, kUser1, "policy/policy_wifi1.onc"); diff --git a/chromeos/network/mock_managed_network_configuration_handler.h b/chromeos/network/mock_managed_network_configuration_handler.h index e8dd9e9..e73e598 100644 --- a/chromeos/network/mock_managed_network_configuration_handler.h +++ b/chromeos/network/mock_managed_network_configuration_handler.h @@ -49,10 +49,11 @@ class CHROMEOS_EXPORT MockManagedNetworkConfigurationHandler void(const std::string& service_path, const base::Closure& callback, const network_handler::ErrorCallback& error_callback)); - MOCK_METHOD3(SetPolicy, + MOCK_METHOD4(SetPolicy, void(::onc::ONCSource onc_source, const std::string& userhash, - const base::ListValue& network_configs_onc)); + const base::ListValue& network_configs_onc, + const base::DictionaryValue& global_network_config)); MOCK_CONST_METHOD3(FindPolicyByGUID, const base::DictionaryValue*( const std::string userhash, diff --git a/chromeos/network/onc/onc_signature.cc b/chromeos/network/onc/onc_signature.cc index fc7bf2f..4996ae2 100644 --- a/chromeos/network/onc/onc_signature.cc +++ b/chromeos/network/onc/onc_signature.cc @@ -263,6 +263,11 @@ const OncFieldSignature network_with_state_fields[] = { { ::onc::network_config::kWiFi, &kWiFiWithStateSignature}, {NULL}}; +const OncFieldSignature global_network_configuration_fields[] = { + { ::onc::global_network_config::kAllowOnlyPolicyNetworksToAutoconnect, + &kBoolSignature}, + {NULL}}; + const OncFieldSignature certificate_fields[] = { { ::onc::certificate::kGUID, &kStringSignature}, { ::onc::certificate::kPKCS12, &kStringSignature}, @@ -276,6 +281,8 @@ const OncFieldSignature toplevel_configuration_fields[] = { { ::onc::toplevel_config::kCertificates, &kCertificateListSignature}, { ::onc::toplevel_config::kNetworkConfigurations, &kNetworkConfigurationListSignature}, + { ::onc::toplevel_config::kGlobalNetworkConfiguration, + &kGlobalNetworkConfigurationSignature}, { ::onc::toplevel_config::kType, &kStringSignature}, { ::onc::encrypted::kCipher, &kStringSignature}, { ::onc::encrypted::kCiphertext, &kStringSignature}, @@ -336,6 +343,9 @@ const OncValueSignature kCertificateSignature = { const OncValueSignature kNetworkConfigurationSignature = { Value::TYPE_DICTIONARY, network_configuration_fields, NULL }; +const OncValueSignature kGlobalNetworkConfigurationSignature = { + Value::TYPE_DICTIONARY, global_network_configuration_fields, NULL +}; const OncValueSignature kCertificateListSignature = { Value::TYPE_LIST, NULL, &kCertificateSignature }; diff --git a/chromeos/network/onc/onc_signature.h b/chromeos/network/onc/onc_signature.h index 7fc327e..9799d6e 100644 --- a/chromeos/network/onc/onc_signature.h +++ b/chromeos/network/onc/onc_signature.h @@ -51,6 +51,8 @@ CHROMEOS_EXPORT extern const OncValueSignature kProxySettingsSignature; CHROMEOS_EXPORT extern const OncValueSignature kWiFiSignature; CHROMEOS_EXPORT extern const OncValueSignature kCertificateSignature; CHROMEOS_EXPORT extern const OncValueSignature kNetworkConfigurationSignature; +CHROMEOS_EXPORT extern const OncValueSignature + kGlobalNetworkConfigurationSignature; CHROMEOS_EXPORT extern const OncValueSignature kCertificateListSignature; CHROMEOS_EXPORT extern const OncValueSignature kNetworkConfigurationListSignature; diff --git a/chromeos/network/onc/onc_utils.cc b/chromeos/network/onc/onc_utils.cc index 75d9e52..586907d 100644 --- a/chromeos/network/onc/onc_utils.cc +++ b/chromeos/network/onc/onc_utils.cc @@ -350,9 +350,11 @@ bool ParseAndValidateOncForImport(const std::string& onc_blob, ONCSource onc_source, const std::string& passphrase, base::ListValue* network_configs, + base::DictionaryValue* global_network_config, base::ListValue* certificates) { - certificates->Clear(); network_configs->Clear(); + global_network_config->Clear(); + certificates->Clear(); if (onc_blob.empty()) return true; @@ -433,6 +435,13 @@ bool ParseAndValidateOncForImport(const std::string& onc_blob, network_configs->Swap(validated_networks); } + base::DictionaryValue* validated_global_config = NULL; + if (toplevel_onc->GetDictionaryWithoutPathExpansion( + toplevel_config::kGlobalNetworkConfiguration, + &validated_global_config)) { + global_network_config->Swap(validated_global_config); + } + return success; } diff --git a/chromeos/network/onc/onc_utils.h b/chromeos/network/onc/onc_utils.h index e36f97a..ec001b0 100644 --- a/chromeos/network/onc/onc_utils.h +++ b/chromeos/network/onc/onc_utils.h @@ -90,16 +90,18 @@ CHROMEOS_EXPORT scoped_ptr<base::DictionaryValue> MaskCredentialsInOncObject( const base::DictionaryValue& onc_object, const std::string& mask); -// Decrypts |onc_blob| with |passphrase| if necessary. Clears |network_configs| -// and |certificates| and fills them with the validated NetworkConfigurations -// and Certificates of |onc_blob|. Returns false if any validation errors or -// warnings occurred. Still, some networks or certificates might be added to the -// output lists and should be further processed by the caller. +// Decrypts |onc_blob| with |passphrase| if necessary. Clears |network_configs|, +// |global_network_config| and |certificates| and fills them with the validated +// NetworkConfigurations, GlobalNetworkConfiguration and Certificates of +// |onc_blob|. Returns false if any validation errors or warnings occurred. +// Still, some configuration might be added to the output arguments and should +// be further processed by the caller. CHROMEOS_EXPORT bool ParseAndValidateOncForImport( const std::string& onc_blob, ::onc::ONCSource onc_source, const std::string& passphrase, base::ListValue* network_configs, + base::DictionaryValue* global_network_config, base::ListValue* certificates); // Parse the given PEM encoded certificate |pem_encoded| and create a diff --git a/chromeos/network/onc/onc_validator.cc b/chromeos/network/onc/onc_validator.cc index cb2d4b4..29e58ac 100644 --- a/chromeos/network/onc/onc_validator.cc +++ b/chromeos/network/onc/onc_validator.cc @@ -385,9 +385,7 @@ bool Validator::RequireField(const base::DictionaryValue& dict, return false; } -// Prohibit certificate patterns for device policy ONC so that an unmanaged user -// won't have a certificate presented for them involuntarily. -bool Validator::CertPatternInDevicePolicy(const std::string& cert_type) { +bool Validator::IsCertPatternInDevicePolicy(const std::string& cert_type) { if (cert_type == ::onc::certificate::kPattern && onc_source_ == ::onc::ONC_SOURCE_DEVICE_POLICY) { error_or_warning_found_ = true; @@ -398,6 +396,18 @@ bool Validator::CertPatternInDevicePolicy(const std::string& cert_type) { return false; } +bool Validator::IsGlobalNetworkConfigInUserImport( + const base::DictionaryValue& onc_object) { + if (onc_source_ == ::onc::ONC_SOURCE_USER_IMPORT && + onc_object.HasKey(::onc::toplevel_config::kGlobalNetworkConfiguration)) { + error_or_warning_found_ = true; + LOG(ERROR) << MessageHeader() << "GlobalNetworkConfiguration is prohibited " + << "in ONC user imports"; + return true; + } + return false; +} + bool Validator::ValidateToplevelConfiguration( const base::DictionaryValue& onc_object, base::DictionaryValue* result) { @@ -429,6 +439,9 @@ bool Validator::ValidateToplevelConfiguration( allRequiredExist = false; } + if (IsGlobalNetworkConfigInUserImport(*result)) + return false; + return !error_on_missing_field_ || allRequiredExist; } @@ -609,7 +622,7 @@ bool Validator::ValidateIPsec( result->GetStringWithoutPathExpansion(::onc::vpn::kClientCertType, &cert_type); - if (CertPatternInDevicePolicy(cert_type)) + if (IsCertPatternInDevicePolicy(cert_type)) return false; if (cert_type == kPattern) @@ -648,7 +661,7 @@ bool Validator::ValidateOpenVPN( result->GetStringWithoutPathExpansion(::onc::vpn::kClientCertType, &cert_type); - if (CertPatternInDevicePolicy(cert_type)) + if (IsCertPatternInDevicePolicy(cert_type)) return false; if (cert_type == kPattern) @@ -734,7 +747,7 @@ bool Validator::ValidateEAP(const base::DictionaryValue& onc_object, std::string cert_type; result->GetStringWithoutPathExpansion(kClientCertType, &cert_type); - if (CertPatternInDevicePolicy(cert_type)) + if (IsCertPatternInDevicePolicy(cert_type)) return false; if (cert_type == kPattern) diff --git a/chromeos/network/onc/onc_validator.h b/chromeos/network/onc/onc_validator.h index ef19260..ab3452c 100644 --- a/chromeos/network/onc/onc_validator.h +++ b/chromeos/network/onc/onc_validator.h @@ -215,7 +215,13 @@ class CHROMEOS_EXPORT Validator : public Mapper { bool RequireField(const base::DictionaryValue& dict, const std::string& key); - bool CertPatternInDevicePolicy(const std::string& cert_type); + // Prohibit certificate patterns for device policy ONC so that an unmanaged + // user won't have a certificate presented for them involuntarily. + bool IsCertPatternInDevicePolicy(const std::string& cert_type); + + // Prohibit global network configuration in user ONC imports. + bool IsGlobalNetworkConfigInUserImport( + const base::DictionaryValue& onc_object); std::string MessageHeader(); diff --git a/chromeos/network/onc/onc_validator_unittest.cc b/chromeos/network/onc/onc_validator_unittest.cc index 0972685..4500d11 100644 --- a/chromeos/network/onc/onc_validator_unittest.cc +++ b/chromeos/network/onc/onc_validator_unittest.cc @@ -139,6 +139,9 @@ INSTANTIATE_TEST_CASE_P( OncParams("managed_toplevel2.onc", &kToplevelConfigurationSignature, true), + OncParams("managed_toplevel_with_global_config.onc", + &kToplevelConfigurationSignature, + true), // Check that at least one configuration is accepted for // device policies. OncParams("managed_toplevel_wifi_peap.onc", diff --git a/chromeos/network/policy_applicator.cc b/chromeos/network/policy_applicator.cc index ce236b0..462caee 100644 --- a/chromeos/network/policy_applicator.cc +++ b/chromeos/network/policy_applicator.cc @@ -43,11 +43,14 @@ const base::DictionaryValue* GetByGUID( } // namespace -PolicyApplicator::PolicyApplicator(base::WeakPtr<ConfigurationHandler> handler, - const NetworkProfile& profile, - const GuidToPolicyMap& all_policies, - std::set<std::string>* modified_policies) +PolicyApplicator::PolicyApplicator( + base::WeakPtr<ConfigurationHandler> handler, + const NetworkProfile& profile, + const GuidToPolicyMap& all_policies, + const base::DictionaryValue& global_network_config, + std::set<std::string>* modified_policies) : handler_(handler), profile_(profile) { + global_network_config_.MergeDictionary(&global_network_config); remaining_policies_.swap(*modified_policies); for (GuidToPolicyMap::const_iterator it = all_policies.begin(); it != all_policies.end(); ++it) { @@ -191,10 +194,20 @@ void PolicyApplicator::GetEntryCallback( // unclear which values originating the policy should be removed. DeleteEntry(entry); } else { - VLOG(2) << "Ignore unmanaged entry."; - - // The entry wasn't managed and doesn't match any current policy. Thus - // leave it as it is. + // The entry wasn't managed and doesn't match any current policy. Global + // network settings have to be applied. + + base::DictionaryValue shill_properties_to_update; + GetPropertiesForUnmanagedEntry(entry_properties, + &shill_properties_to_update); + if (shill_properties_to_update.empty()) { + VLOG(2) << "Ignore unmanaged entry."; + // Calling a SetProperties of Shill with an empty dictionary is a no op. + } else { + VLOG(2) << "Apply global network config to unmanaged entry."; + handler_->UpdateExistingConfigurationWithPropertiesFromPolicy( + entry_properties, shill_properties_to_update); + } } } @@ -232,6 +245,37 @@ void PolicyApplicator::CreateAndWriteNewShillConfiguration( handler_->CreateConfigurationFromPolicy(*shill_dictionary); } +void PolicyApplicator::GetPropertiesForUnmanagedEntry( + const base::DictionaryValue& entry_properties, + base::DictionaryValue* properties_to_update) const { + // kAllowOnlyPolicyNetworksToAutoconnect is currently the only global config. + + std::string type; + entry_properties.GetStringWithoutPathExpansion(shill::kTypeProperty, &type); + if (NetworkTypePattern::Ethernet().MatchesType(type)) + return; // Autoconnect for Ethernet cannot be configured. + + // By default all networks are allowed to autoconnect. + bool only_policy_autoconnect = false; + global_network_config_.GetBooleanWithoutPathExpansion( + ::onc::global_network_config::kAllowOnlyPolicyNetworksToAutoconnect, + &only_policy_autoconnect); + if (!only_policy_autoconnect) + return; + + bool old_autoconnect = false; + if (entry_properties.GetBooleanWithoutPathExpansion( + shill::kAutoConnectProperty, &old_autoconnect) && + !old_autoconnect) { + // Autoconnect is already explictly disabled. No need to set it again. + return; + } + // If autconnect is not explicitly set yet, it might automatically be enabled + // by Shill. To prevent that, disable it explicitly. + properties_to_update->SetBooleanWithoutPathExpansion( + shill::kAutoConnectProperty, false); +} + PolicyApplicator::~PolicyApplicator() { ApplyRemainingPolicies(); STLDeleteValues(&all_policies_); diff --git a/chromeos/network/policy_applicator.h b/chromeos/network/policy_applicator.h index ea423f6..facb378 100644 --- a/chromeos/network/policy_applicator.h +++ b/chromeos/network/policy_applicator.h @@ -11,12 +11,9 @@ #include "base/memory/ref_counted.h" #include "base/memory/weak_ptr.h" +#include "base/values.h" #include "chromeos/network/network_profile.h" -namespace base { -class DictionaryValue; -} - namespace chromeos { // This class compares (entry point is Run()) |modified_policies| with the @@ -36,6 +33,10 @@ class PolicyApplicator : public base::RefCounted<PolicyApplicator> { virtual void CreateConfigurationFromPolicy( const base::DictionaryValue& shill_properties) = 0; + virtual void UpdateExistingConfigurationWithPropertiesFromPolicy( + const base::DictionaryValue& existing_properties, + const base::DictionaryValue& new_properties) = 0; + private: DISALLOW_ASSIGN(ConfigurationHandler); }; @@ -46,6 +47,7 @@ class PolicyApplicator : public base::RefCounted<PolicyApplicator> { PolicyApplicator(base::WeakPtr<ConfigurationHandler> handler, const NetworkProfile& profile, const GuidToPolicyMap& all_policies, + const base::DictionaryValue& global_network_config, std::set<std::string>* modified_policies); void Run(); @@ -74,6 +76,14 @@ class PolicyApplicator : public base::RefCounted<PolicyApplicator> { const base::DictionaryValue& policy, const base::DictionaryValue* user_settings); + // Adds properties to |properties_to_update|, which are enforced on an + // unamaged network by the global network config of the policy. + // |entry_properties| are the network's current properties read from its + // profile entry. + void GetPropertiesForUnmanagedEntry( + const base::DictionaryValue& entry_properties, + base::DictionaryValue* properties_to_update) const; + // Called once all Profile entries are processed. Calls // ApplyRemainingPolicies. virtual ~PolicyApplicator(); @@ -86,6 +96,7 @@ class PolicyApplicator : public base::RefCounted<PolicyApplicator> { base::WeakPtr<ConfigurationHandler> handler_; NetworkProfile profile_; GuidToPolicyMap all_policies_; + base::DictionaryValue global_network_config_; DISALLOW_COPY_AND_ASSIGN(PolicyApplicator); }; diff --git a/chromeos/test/data/network/managed_toplevel_with_global_config.onc b/chromeos/test/data/network/managed_toplevel_with_global_config.onc new file mode 100644 index 0000000..3a832be8 --- /dev/null +++ b/chromeos/test/data/network/managed_toplevel_with_global_config.onc @@ -0,0 +1,15 @@ +{ + "GlobalNetworkConfiguration":{ + "AllowOnlyPolicyNetworksToAutoconnect": true + }, + "NetworkConfigurations":[ + { + "Ethernet":{ + "Authentication":"None" + }, + "GUID":"guid", + "Name":"name", + "Type":"Ethernet" + } + ] +} diff --git a/chromeos/test/data/network/policy/policy_disallow_autoconnect.onc b/chromeos/test/data/network/policy/policy_disallow_autoconnect.onc new file mode 100644 index 0000000..dbf20fe --- /dev/null +++ b/chromeos/test/data/network/policy/policy_disallow_autoconnect.onc @@ -0,0 +1,8 @@ +{ + "NetworkConfigurations": [ + ], + "GlobalNetworkConfiguration": { + "AllowOnlyPolicyNetworksToAutoconnect": true + }, + "Type": "UnencryptedConfiguration" +} diff --git a/chromeos/test/data/network/policy/shill_disallow_autoconnect_on_unmanaged_wifi2.json b/chromeos/test/data/network/policy/shill_disallow_autoconnect_on_unmanaged_wifi2.json new file mode 100644 index 0000000..d21b704 --- /dev/null +++ b/chromeos/test/data/network/policy/shill_disallow_autoconnect_on_unmanaged_wifi2.json @@ -0,0 +1,8 @@ +{ + "AutoConnect": false, + "Mode": "managed", + "Profile": "/profile/user1/shill", + "Security": "psk", + "Type": "wifi", + "WiFi.HexSSID": "7769666932" // "wifi2" +} diff --git a/chromeos/test/data/network/policy/shill_managed_wifi1.json b/chromeos/test/data/network/policy/shill_managed_wifi1.json index c138013..469251c 100644 --- a/chromeos/test/data/network/policy/shill_managed_wifi1.json +++ b/chromeos/test/data/network/policy/shill_managed_wifi1.json @@ -5,7 +5,7 @@ "GUID": "policy2_wifi1", "Mode": "managed", "Passphrase": "user's passphrase", - "Profile": "/profile/chronos/shill", + "Profile": "/profile/user1/shill", "Security": "802_1x", "Type": "wifi", "UIData": "{\"onc_source\":\"user_policy\",\"user_settings\":{\"WiFi\":{\"Passphrase\":\"FAKE_CREDENTIAL_VPaJDV9x\"}}}", diff --git a/chromeos/test/data/network/policy/shill_policy_on_unmanaged_user_wifi1.json b/chromeos/test/data/network/policy/shill_policy_on_unmanaged_wifi1.json index 7c9c4bc..7c9c4bc 100644 --- a/chromeos/test/data/network/policy/shill_policy_on_unmanaged_user_wifi1.json +++ b/chromeos/test/data/network/policy/shill_policy_on_unmanaged_wifi1.json diff --git a/chromeos/test/data/network/policy/shill_policy_on_unmanaged_user_wifi1_wo_uidata.json b/chromeos/test/data/network/policy/shill_policy_on_unmanaged_wifi1_wo_uidata.json index 9df16c0..9df16c0 100644 --- a/chromeos/test/data/network/policy/shill_policy_on_unmanaged_user_wifi1_wo_uidata.json +++ b/chromeos/test/data/network/policy/shill_policy_on_unmanaged_wifi1_wo_uidata.json diff --git a/chromeos/test/data/network/policy/shill_unmanaged_user_wifi1.json b/chromeos/test/data/network/policy/shill_unmanaged_wifi1.json index ebf81ef..a83b2ed 100644 --- a/chromeos/test/data/network/policy/shill_unmanaged_user_wifi1.json +++ b/chromeos/test/data/network/policy/shill_unmanaged_wifi1.json @@ -2,7 +2,7 @@ "GUID": "{unmanaged_user_wifi1}", "Mode": "managed", "Passphrase": "user's passphrase", - "Profile": "/profile/chronos/shill", + "Profile": "/profile/user1/shill", "WiFi.HexSSID": "7769666931", // "wifi1" "Security": "psk", "Type": "wifi", diff --git a/chromeos/test/data/network/policy/shill_unmanaged_user_wifi1_wo_uidata.json b/chromeos/test/data/network/policy/shill_unmanaged_wifi1_wo_uidata.json index f7a1e1f..6028b6b 100644 --- a/chromeos/test/data/network/policy/shill_unmanaged_user_wifi1_wo_uidata.json +++ b/chromeos/test/data/network/policy/shill_unmanaged_wifi1_wo_uidata.json @@ -2,7 +2,7 @@ "GUID": "{unmanaged_user_wifi1}", "Mode": "managed", "Passphrase": "user's passphrase", - "Profile": "/profile/chronos/shill", + "Profile": "/profile/user1/shill", "Security": "psk", "Type": "wifi", "WiFi.HexSSID": "7769666931" // "wifi1" diff --git a/chromeos/test/data/network/policy/shill_unmanaged_user_wifi2.json b/chromeos/test/data/network/policy/shill_unmanaged_wifi2.json index af7b56f..74b3d63 100644 --- a/chromeos/test/data/network/policy/shill_unmanaged_user_wifi2.json +++ b/chromeos/test/data/network/policy/shill_unmanaged_wifi2.json @@ -1,8 +1,8 @@ { - "GUID": "{unmanaged_user_wifi2}", + "AutoConnect": true, "Mode": "managed", "Passphrase": "user's passphrase", - "Profile": "/profile/chronos/shill", + "Profile": "/profile/user1/shill", "Security": "psk", "Type": "wifi", "WiFi.HexSSID": "7769666932" // "wifi2" diff --git a/chromeos/test/data/network/repaired_toplevel_partially_invalid.onc b/chromeos/test/data/network/repaired_toplevel_partially_invalid.onc index 5af8c2e..a2bce87 100644 --- a/chromeos/test/data/network/repaired_toplevel_partially_invalid.onc +++ b/chromeos/test/data/network/repaired_toplevel_partially_invalid.onc @@ -46,5 +46,8 @@ "PKCS12": "ERROR MIIGUQIBAzCCBhcGCSqGSIb3DQEHAaCCBggEggYEMIIGADCCAv8GCSqGSIb3DQEHBqCCAvAwggLsAgEAMIIC5QYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIHnFaWM2Y0BgCAggAgIICuG4ou9mxkhpus8WictLJe+JOnSQrdNXV3FMQr4pPJ6aJJFBMKZ80W2GpR8XNY/SSKkdaNr1puDm1bDBFGaHQuCKXYcWO8ynBQ1uoZaFaTTFxWbbHo89Jrvw+gIrgpoOHQ0KECEbh5vOZCjGHoaQb4QZOkw/6Cuc4QRoCPJAI3pbSPG44kRbOuOaTZvBHSIPkGf3+R6byTvZ3Yiuw7IIzxUp2fYjtpCWd/NvtI70heJCWdb5hwCeNafIEpX+MTVuhUegysIFkOMMlUBIQSI5ky8kjx0Yi82BT/dpz9QgrqFL8NnTMXp0JlKFGLQwsIQhvGjw/E52fEWRy85B5eezgNsD4QOLeZkF0bQAz8kXfLi+0djxsHvH9W9X2pwaFiAveXR15/v+wfCwQGSsRhISGLzg/gO1agbQdaexI9GlEeZW0FEY7TblarKh8TVGNrauU7GCGDmD2w7wx2HTXfo9SbViFoYVKuxcrpHGGEtBffnIeAwN6BBee4v11jxv0i/QUdK5G6FbHqlD1AhHsm0YvidYKqJ0cnN262xIJH7dhKq/qUiAT+qk3+d3/obqxbvVY+bDoJQ10Gzj1ASMy4zcSL7KW1l99xxMr6OlKr4Sr23oGw4BIN73FB8S8qMzz/VzL4azDUyGpPkzWl0yXPsHpFWh1nZlsQehyknyWDH/waKrrG8tVWxHZLgq+zrFxQTh63UHXSD+TXB+AQg2xmQMeWlfvRcsKL8titZ6PnWCHTmZY+3ibv5avDsg7He6OcZOi9ZmYMx82QHuzb4aZ/T+OC05oA97nVNbTN6t8okkRtBamMvVhtTJANVpsdPi8saEaVF8e9liwmpq2w7pqXnzgdzvjSUpPAa4dZBjWnZJvFOHuxZqiRzQdZbeh9+bXwsQJhRNe+d4EgFwuqebQOczeUi4NVTHTFiuPEjCCAvkGCSqGSIb3DQEHAaCCAuoEggLmMIIC4jCCAt4GCyqGSIb3DQEMCgECoIICpjCCAqIwHAYKKoZIhvcNAQwBAzAOBAi0znbEekG/MgICCAAEggKAJfFPaQyYYLohEA1ruAZfepwMVrR8eLMx00kkfXN9EoZeFPj2q7TGdqmbkUSqXnZK1ums7pFCPLgP1CsPlsq/4ZPDT2LLVFZNLOgmdQBOSTvycfsj0iKYrwRC55wJI2OXsc062sT7oa99apkgrEyHq7JbOhszfnv5+aVy/6O115dncqFPW2ei4CBzLEZyYa+Mka6CGqSdm97WVmv0emDKTFEP/FN4TH/tS8Qm6Y7DTKGCujC+hb6lTRFYJAD4uld132dv0xQFkwDZGfdnuGJuNZBDC0gZk3BYvOaCUD8Y9UB5IjfGJax2yrurY1wSGSlTurafDTPrKqIdBovwCPsad2xz1YHC2Yy0h1FyR+2uitDyNfTiETfug3bFbjwodu9wmt31A2ZFn4JpUrTYoZ3LZXngC3nNTayU0Tkd1ICMep2GbCReL3ajOlgOKGFVoOm/qDnhiH6W/ebtAQXqVpuKut8uY0X0Ocmx7mTpmxlfDSRiBY9rvnrGfnpfLMxtFeF9jv3n8vSwvA0Xn0okAv1FWYLStiCpNxnD6lmXQvcmL/skAlJJpHY9/58qt/e5sGYrkKBw3jnX40zaK4W7GeJvhij0MRr6yUL2lvaEcWDnK6K1F90G/ybKRCTHBCJzyBe7yHhZCc+ZcvKK6DTi83fELTyupy08BkXt7oPdapxmKlZxTldo9FpPXSqrdRtAWhDkEkIEf8dMf8QrQr3glCWfbcQ047URYX45AHRnLTLLkJfdY8+Y3KsHoqL2UrOrct+J1u0mmnLbonN3pB2B4nd9X9vf9/uSFrgvk0iPO0Ro3UPRUIIYEP2Kx51pZZVDd++hl5gXtqe0NIpphGhxLycIdzElMCMGCSqGSIb3DQEJFTEWBBR1uVpGjHRddIEYuJhz/FgG4Onh6jAxMCEwCQYFKw4DAhoFAAQU1M+0WRDkoVGbGg1jj7q2fI67qHIECBzRYESpgt5iAgIIAA==", "Type": "Client" } - ] + ], + "GlobalNetworkConfiguration": { + "AllowOnlyPolicyNetworksToAutoconnect": true + } } diff --git a/chromeos/test/data/network/toplevel_partially_invalid.onc b/chromeos/test/data/network/toplevel_partially_invalid.onc index 8afb809..f9c0f55 100644 --- a/chromeos/test/data/network/toplevel_partially_invalid.onc +++ b/chromeos/test/data/network/toplevel_partially_invalid.onc @@ -53,5 +53,9 @@ "PKCS12": "ERROR MIIGUQIBAzCCBhcGCSqGSIb3DQEHAaCCBggEggYEMIIGADCCAv8GCSqGSIb3DQEHBqCCAvAwggLsAgEAMIIC5QYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIHnFaWM2Y0BgCAggAgIICuG4ou9mxkhpus8WictLJe+JOnSQrdNXV3FMQr4pPJ6aJJFBMKZ80W2GpR8XNY/SSKkdaNr1puDm1bDBFGaHQuCKXYcWO8ynBQ1uoZaFaTTFxWbbHo89Jrvw+gIrgpoOHQ0KECEbh5vOZCjGHoaQb4QZOkw/6Cuc4QRoCPJAI3pbSPG44kRbOuOaTZvBHSIPkGf3+R6byTvZ3Yiuw7IIzxUp2fYjtpCWd/NvtI70heJCWdb5hwCeNafIEpX+MTVuhUegysIFkOMMlUBIQSI5ky8kjx0Yi82BT/dpz9QgrqFL8NnTMXp0JlKFGLQwsIQhvGjw/E52fEWRy85B5eezgNsD4QOLeZkF0bQAz8kXfLi+0djxsHvH9W9X2pwaFiAveXR15/v+wfCwQGSsRhISGLzg/gO1agbQdaexI9GlEeZW0FEY7TblarKh8TVGNrauU7GCGDmD2w7wx2HTXfo9SbViFoYVKuxcrpHGGEtBffnIeAwN6BBee4v11jxv0i/QUdK5G6FbHqlD1AhHsm0YvidYKqJ0cnN262xIJH7dhKq/qUiAT+qk3+d3/obqxbvVY+bDoJQ10Gzj1ASMy4zcSL7KW1l99xxMr6OlKr4Sr23oGw4BIN73FB8S8qMzz/VzL4azDUyGpPkzWl0yXPsHpFWh1nZlsQehyknyWDH/waKrrG8tVWxHZLgq+zrFxQTh63UHXSD+TXB+AQg2xmQMeWlfvRcsKL8titZ6PnWCHTmZY+3ibv5avDsg7He6OcZOi9ZmYMx82QHuzb4aZ/T+OC05oA97nVNbTN6t8okkRtBamMvVhtTJANVpsdPi8saEaVF8e9liwmpq2w7pqXnzgdzvjSUpPAa4dZBjWnZJvFOHuxZqiRzQdZbeh9+bXwsQJhRNe+d4EgFwuqebQOczeUi4NVTHTFiuPEjCCAvkGCSqGSIb3DQEHAaCCAuoEggLmMIIC4jCCAt4GCyqGSIb3DQEMCgECoIICpjCCAqIwHAYKKoZIhvcNAQwBAzAOBAi0znbEekG/MgICCAAEggKAJfFPaQyYYLohEA1ruAZfepwMVrR8eLMx00kkfXN9EoZeFPj2q7TGdqmbkUSqXnZK1ums7pFCPLgP1CsPlsq/4ZPDT2LLVFZNLOgmdQBOSTvycfsj0iKYrwRC55wJI2OXsc062sT7oa99apkgrEyHq7JbOhszfnv5+aVy/6O115dncqFPW2ei4CBzLEZyYa+Mka6CGqSdm97WVmv0emDKTFEP/FN4TH/tS8Qm6Y7DTKGCujC+hb6lTRFYJAD4uld132dv0xQFkwDZGfdnuGJuNZBDC0gZk3BYvOaCUD8Y9UB5IjfGJax2yrurY1wSGSlTurafDTPrKqIdBovwCPsad2xz1YHC2Yy0h1FyR+2uitDyNfTiETfug3bFbjwodu9wmt31A2ZFn4JpUrTYoZ3LZXngC3nNTayU0Tkd1ICMep2GbCReL3ajOlgOKGFVoOm/qDnhiH6W/ebtAQXqVpuKut8uY0X0Ocmx7mTpmxlfDSRiBY9rvnrGfnpfLMxtFeF9jv3n8vSwvA0Xn0okAv1FWYLStiCpNxnD6lmXQvcmL/skAlJJpHY9/58qt/e5sGYrkKBw3jnX40zaK4W7GeJvhij0MRr6yUL2lvaEcWDnK6K1F90G/ybKRCTHBCJzyBe7yHhZCc+ZcvKK6DTi83fELTyupy08BkXt7oPdapxmKlZxTldo9FpPXSqrdRtAWhDkEkIEf8dMf8QrQr3glCWfbcQ047URYX45AHRnLTLLkJfdY8+Y3KsHoqL2UrOrct+J1u0mmnLbonN3pB2B4nd9X9vf9/uSFrgvk0iPO0Ro3UPRUIIYEP2Kx51pZZVDd++hl5gXtqe0NIpphGhxLycIdzElMCMGCSqGSIb3DQEJFTEWBBR1uVpGjHRddIEYuJhz/FgG4Onh6jAxMCEwCQYFKw4DAhoFAAQU1M+0WRDkoVGbGg1jj7q2fI67qHIECBzRYESpgt5iAgIIAA==", "Type": "Client" } - ] + ], + "GlobalNetworkConfiguration": { + "AllowOnlyPolicyNetworksToAutoconnect": true, + "Unknown option": "abc" + } } |