summaryrefslogtreecommitdiffstats
path: root/chrome/browser/policy/configuration_policy_handler_chromeos.cc
blob: 2ad265556af51388961617b4304726ec11a2cb06 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128

// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "chrome/browser/policy/configuration_policy_handler_chromeos.h"

#include <string>

#include "base/json/json_reader.h"
#include "base/json/json_writer.h"
#include "base/memory/scoped_ptr.h"
#include "base/string_util.h"
#include "chrome/browser/chromeos/cros/onc_network_parser.h"
#include "chrome/browser/policy/policy_error_map.h"
#include "chrome/browser/policy/policy_map.h"
#include "grit/generated_resources.h"

namespace policy {

NetworkConfigurationPolicyHandler::NetworkConfigurationPolicyHandler(
    const char* policy_name,
    chromeos::NetworkUIData::ONCSource onc_source)
    : TypeCheckingPolicyHandler(policy_name, Value::TYPE_STRING),
      onc_source_(onc_source) {}

NetworkConfigurationPolicyHandler::~NetworkConfigurationPolicyHandler() {}

bool NetworkConfigurationPolicyHandler::CheckPolicySettings(
    const PolicyMap& policies,
    PolicyErrorMap* errors) {
  const Value* value;
  if (!CheckAndGetValue(policies, errors, &value))
    return false;

  if (value) {
    std::string onc_blob;
    value->GetAsString(&onc_blob);
    // Policy-based ONC blobs cannot have a passphrase.
    chromeos::OncNetworkParser parser(onc_blob, "", onc_source_);
    if (!parser.parse_error().empty()) {
      errors->AddError(policy_name(),
                       IDS_POLICY_NETWORK_CONFIG_PARSE_ERROR,
                       parser.parse_error());
      return false;
    }
  }

  return true;
}

void NetworkConfigurationPolicyHandler::ApplyPolicySettings(
    const PolicyMap& policies,
    PrefValueMap* prefs) {
  // Network policy is read directly from the provider and injected into
  // NetworkLibrary, so no need to convert the policy settings into prefs.
}

void NetworkConfigurationPolicyHandler::PrepareForDisplaying(
    PolicyMap* policies) const {
  const PolicyMap::Entry* entry = policies->Get(policy_name());
  if (!entry)
    return;
  Value* sanitized_config = SanitizeNetworkConfig(entry->value);
  if (!sanitized_config)
    sanitized_config = Value::CreateNullValue();

  policies->Set(policy_name(), entry->level, entry->scope, sanitized_config);
}

// static
Value* NetworkConfigurationPolicyHandler::SanitizeNetworkConfig(
    const Value* config) {
  std::string json_string;
  if (!config->GetAsString(&json_string))
    return NULL;

  scoped_ptr<Value> json_value(
      base::JSONReader::Read(json_string, base::JSON_ALLOW_TRAILING_COMMAS));
  if (!json_value.get() || !json_value->IsType(base::Value::TYPE_DICTIONARY))
    return NULL;

  DictionaryValue* config_dict =
      static_cast<DictionaryValue*>(json_value.get());

  // Strip any sensitive information from the JSON dictionary.
  base::ListValue* config_list = NULL;
  if (config_dict->GetList("NetworkConfigurations", &config_list)) {
    for (base::ListValue::const_iterator network_entry = config_list->begin();
         network_entry != config_list->end();
         ++network_entry) {
      if ((*network_entry) &&
          (*network_entry)->IsType(base::Value::TYPE_DICTIONARY)) {
        StripSensitiveValues(static_cast<DictionaryValue*>(*network_entry));
      }
    }
  }

  // Convert back to a string, pretty printing the contents.
  base::JSONWriter::WriteWithOptions(config_dict,
                                     base::JSONWriter::OPTIONS_DO_NOT_ESCAPE |
                                         base::JSONWriter::OPTIONS_PRETTY_PRINT,
                                     &json_string);
  return Value::CreateStringValue(json_string);
}

// static
void NetworkConfigurationPolicyHandler::StripSensitiveValues(
    DictionaryValue* network_dict) {
  // List of settings we filter from the network dictionary.
  static const char* kFilteredSettings[] = {
    "WiFi.Passphrase",
    "IPsec.EAP.Password",
    "IPsec.EAP.Password",
    "IPsec.XAUTH.Password",
    "L2TP.Password",
  };
  // Placeholder to insert in place of the filtered setting.
  static const char kPlaceholder[] = "********";

  for (size_t i = 0; i < arraysize(kFilteredSettings); ++i) {
    if (network_dict->Remove(kFilteredSettings[i], NULL)) {
      network_dict->Set(kFilteredSettings[i],
                        Value::CreateStringValue(kPlaceholder));
    }
  }
}

}  // namespace policy
generated by cgit v1.1 at 2025-02-12 21:14:10 +0000