1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/chromeos/net/onc_utils.h"
7 #include "base/bind_helpers.h"
8 #include "base/json/json_writer.h"
9 #include "base/logging.h"
10 #include "base/prefs/pref_service.h"
11 #include "base/values.h"
12 #include "chrome/browser/chromeos/login/user.h"
13 #include "chrome/browser/chromeos/login/user_manager.h"
14 #include "chrome/browser/chromeos/ui_proxy_config.h"
15 #include "chrome/browser/prefs/proxy_config_dictionary.h"
16 #include "chrome/common/pref_names.h"
17 #include "chromeos/network/favorite_state.h"
18 #include "chromeos/network/managed_network_configuration_handler.h"
19 #include "chromeos/network/network_configuration_handler.h"
20 #include "chromeos/network/network_handler.h"
21 #include "chromeos/network/network_profile.h"
22 #include "chromeos/network/network_profile_handler.h"
23 #include "chromeos/network/network_state.h"
24 #include "chromeos/network/network_state_handler.h"
25 #include "chromeos/network/network_ui_data.h"
26 #include "chromeos/network/onc/onc_normalizer.h"
27 #include "chromeos/network/onc/onc_signature.h"
28 #include "chromeos/network/onc/onc_translator.h"
29 #include "chromeos/network/onc/onc_utils.h"
30 #include "net/base/host_port_pair.h"
31 #include "net/proxy/proxy_bypass_rules.h"
32 #include "net/proxy/proxy_server.h"
33 #include "third_party/cros_system_api/dbus/service_constants.h"
41 net::ProxyServer ConvertOncProxyLocationToHostPort(
42 net::ProxyServer::Scheme default_proxy_scheme,
43 const base::DictionaryValue& onc_proxy_location) {
45 onc_proxy_location.GetStringWithoutPathExpansion(::onc::proxy::kHost, &host);
46 // Parse |host| according to the format [<scheme>"://"]<server>[":"<port>].
47 net::ProxyServer proxy_server =
48 net::ProxyServer::FromURI(host, default_proxy_scheme);
50 onc_proxy_location.GetIntegerWithoutPathExpansion(::onc::proxy::kPort, &port);
52 // Replace the port parsed from |host| by the provided |port|.
53 return net::ProxyServer(
54 proxy_server.scheme(),
55 net::HostPortPair(proxy_server.host_port_pair().host(),
56 static_cast<uint16>(port)));
59 void AppendProxyServerForScheme(
60 const base::DictionaryValue& onc_manual,
61 const std::string& onc_scheme,
63 const base::DictionaryValue* onc_proxy_location = NULL;
64 if (!onc_manual.GetDictionaryWithoutPathExpansion(onc_scheme,
65 &onc_proxy_location)) {
69 net::ProxyServer::Scheme default_proxy_scheme = net::ProxyServer::SCHEME_HTTP;
70 std::string url_scheme;
71 if (onc_scheme == ::onc::proxy::kFtp) {
73 } else if (onc_scheme == ::onc::proxy::kHttp) {
75 } else if (onc_scheme == ::onc::proxy::kHttps) {
77 } else if (onc_scheme == ::onc::proxy::kSocks) {
78 default_proxy_scheme = net::ProxyServer::SCHEME_SOCKS4;
84 net::ProxyServer proxy_server = ConvertOncProxyLocationToHostPort(
85 default_proxy_scheme, *onc_proxy_location);
87 UIProxyConfig::EncodeAndAppendProxyServer(url_scheme, proxy_server, spec);
90 net::ProxyBypassRules ConvertOncExcludeDomainsToBypassRules(
91 const base::ListValue& onc_exclude_domains) {
92 net::ProxyBypassRules rules;
93 for (base::ListValue::const_iterator it = onc_exclude_domains.begin();
94 it != onc_exclude_domains.end(); ++it) {
96 (*it)->GetAsString(&rule);
97 rules.AddRuleFromString(rule);
104 scoped_ptr<base::DictionaryValue> ConvertOncProxySettingsToProxyConfig(
105 const base::DictionaryValue& onc_proxy_settings) {
107 onc_proxy_settings.GetStringWithoutPathExpansion(::onc::proxy::kType, &type);
108 scoped_ptr<base::DictionaryValue> proxy_dict;
110 if (type == ::onc::proxy::kDirect) {
111 proxy_dict.reset(ProxyConfigDictionary::CreateDirect());
112 } else if (type == ::onc::proxy::kWPAD) {
113 proxy_dict.reset(ProxyConfigDictionary::CreateAutoDetect());
114 } else if (type == ::onc::proxy::kPAC) {
116 onc_proxy_settings.GetStringWithoutPathExpansion(::onc::proxy::kPAC,
119 DCHECK(url.is_valid())
120 << "PAC field is invalid for this ProxySettings.Type";
121 proxy_dict.reset(ProxyConfigDictionary::CreatePacScript(url.spec(),
123 } else if (type == ::onc::proxy::kManual) {
124 const base::DictionaryValue* manual_dict = NULL;
125 onc_proxy_settings.GetDictionaryWithoutPathExpansion(::onc::proxy::kManual,
127 std::string manual_spec;
128 AppendProxyServerForScheme(*manual_dict, ::onc::proxy::kFtp, &manual_spec);
129 AppendProxyServerForScheme(*manual_dict, ::onc::proxy::kHttp, &manual_spec);
130 AppendProxyServerForScheme(*manual_dict, ::onc::proxy::kSocks,
132 AppendProxyServerForScheme(*manual_dict, ::onc::proxy::kHttps,
135 const base::ListValue* exclude_domains = NULL;
136 net::ProxyBypassRules bypass_rules;
137 if (onc_proxy_settings.GetListWithoutPathExpansion(
138 ::onc::proxy::kExcludeDomains, &exclude_domains)) {
139 bypass_rules.AssignFrom(
140 ConvertOncExcludeDomainsToBypassRules(*exclude_domains));
142 proxy_dict.reset(ProxyConfigDictionary::CreateFixedServers(
143 manual_spec, bypass_rules.ToString()));
147 return proxy_dict.Pass();
152 // This class defines which string placeholders of ONC are replaced by which
154 class UserStringSubstitution : public chromeos::onc::StringSubstitution {
156 explicit UserStringSubstitution(const chromeos::User* user) : user_(user) {}
157 virtual ~UserStringSubstitution() {}
159 virtual bool GetSubstitute(const std::string& placeholder,
160 std::string* substitute) const OVERRIDE {
161 if (placeholder == ::onc::substitutes::kLoginIDField)
162 *substitute = user_->GetAccountName(false);
163 else if (placeholder == ::onc::substitutes::kEmailField)
164 *substitute = user_->email();
171 const chromeos::User* user_;
173 DISALLOW_COPY_AND_ASSIGN(UserStringSubstitution);
178 void ExpandStringPlaceholdersInNetworksForUser(
179 const chromeos::User* user,
180 base::ListValue* network_configs) {
182 // In tests no user may be logged in. It's not harmful if we just don't
183 // expand the strings.
186 UserStringSubstitution substitution(user);
187 chromeos::onc::ExpandStringsInNetworks(substitution, network_configs);
190 void ImportNetworksForUser(const chromeos::User* user,
191 const base::ListValue& network_configs,
192 std::string* error) {
195 scoped_ptr<base::ListValue> expanded_networks(network_configs.DeepCopy());
196 ExpandStringPlaceholdersInNetworksForUser(user, expanded_networks.get());
198 const NetworkProfile* profile =
199 NetworkHandler::Get()->network_profile_handler()->GetProfileForUserhash(
200 user->username_hash());
202 *error = "User profile doesn't exist.";
206 bool ethernet_not_found = false;
207 for (base::ListValue::const_iterator it = expanded_networks->begin();
208 it != expanded_networks->end();
210 const base::DictionaryValue* network = NULL;
211 (*it)->GetAsDictionary(&network);
214 // Remove irrelevant fields.
215 onc::Normalizer normalizer(true /* remove recommended fields */);
216 scoped_ptr<base::DictionaryValue> normalized_network =
217 normalizer.NormalizeObject(&onc::kNetworkConfigurationSignature,
220 scoped_ptr<base::DictionaryValue> shill_dict =
221 onc::TranslateONCObjectToShill(&onc::kNetworkConfigurationSignature,
222 *normalized_network);
224 scoped_ptr<NetworkUIData> ui_data = NetworkUIData::CreateFromONC(
225 ::onc::ONC_SOURCE_USER_IMPORT, *normalized_network);
226 base::DictionaryValue ui_data_dict;
227 ui_data->FillDictionary(&ui_data_dict);
228 std::string ui_data_json;
229 base::JSONWriter::Write(&ui_data_dict, &ui_data_json);
230 shill_dict->SetStringWithoutPathExpansion(shill::kUIDataProperty,
233 shill_dict->SetStringWithoutPathExpansion(shill::kProfileProperty,
237 shill_dict->GetStringWithoutPathExpansion(shill::kTypeProperty, &type);
238 NetworkConfigurationHandler* config_handler =
239 NetworkHandler::Get()->network_configuration_handler();
240 if (NetworkTypePattern::Ethernet().MatchesType(type)) {
241 // Ethernet has to be configured using an existing Ethernet service.
242 const NetworkState* ethernet =
243 NetworkHandler::Get()->network_state_handler()->FirstNetworkByType(
244 NetworkTypePattern::Ethernet());
246 config_handler->SetProperties(ethernet->path(),
249 network_handler::ErrorCallback());
251 ethernet_not_found = true;
255 config_handler->CreateConfiguration(
257 network_handler::StringResultCallback(),
258 network_handler::ErrorCallback());
262 if (ethernet_not_found)
263 *error = "No Ethernet available to configure.";
266 const base::DictionaryValue* FindPolicyForActiveUser(
267 const std::string& guid,
268 ::onc::ONCSource* onc_source) {
269 const User* user = UserManager::Get()->GetActiveUser();
270 std::string username_hash = user ? user->username_hash() : std::string();
271 return NetworkHandler::Get()->managed_network_configuration_handler()->
272 FindPolicyByGUID(username_hash, guid, onc_source);
275 const base::DictionaryValue* GetGlobalConfigFromPolicy(bool for_active_user) {
276 std::string username_hash;
277 if (for_active_user) {
278 const User* user = UserManager::Get()->GetActiveUser();
280 LOG(ERROR) << "No user logged in yet.";
283 username_hash = user->username_hash();
285 return NetworkHandler::Get()->managed_network_configuration_handler()->
286 GetGlobalConfigFromPolicy(username_hash);
289 bool PolicyAllowsOnlyPolicyNetworksToAutoconnect(bool for_active_user) {
290 const base::DictionaryValue* global_config =
291 GetGlobalConfigFromPolicy(for_active_user);
293 return false; // By default, all networks are allowed to autoconnect.
295 bool only_policy_autoconnect = false;
296 global_config->GetBooleanWithoutPathExpansion(
297 ::onc::global_network_config::kAllowOnlyPolicyNetworksToAutoconnect,
298 &only_policy_autoconnect);
299 return only_policy_autoconnect;
304 const base::DictionaryValue* GetNetworkConfigByGUID(
305 const base::ListValue& network_configs,
306 const std::string& guid) {
307 for (base::ListValue::const_iterator it = network_configs.begin();
308 it != network_configs.end(); ++it) {
309 const base::DictionaryValue* network = NULL;
310 (*it)->GetAsDictionary(&network);
313 std::string current_guid;
314 network->GetStringWithoutPathExpansion(::onc::network_config::kGUID,
316 if (current_guid == guid)
322 const base::DictionaryValue* GetNetworkConfigForEthernetWithoutEAP(
323 const base::ListValue& network_configs) {
324 VLOG(2) << "Search for ethernet policy without EAP.";
325 for (base::ListValue::const_iterator it = network_configs.begin();
326 it != network_configs.end(); ++it) {
327 const base::DictionaryValue* network = NULL;
328 (*it)->GetAsDictionary(&network);
332 network->GetStringWithoutPathExpansion(::onc::network_config::kType, &type);
333 if (type != ::onc::network_type::kEthernet)
336 const base::DictionaryValue* ethernet = NULL;
337 network->GetDictionaryWithoutPathExpansion(::onc::network_config::kEthernet,
341 ethernet->GetStringWithoutPathExpansion(::onc::ethernet::kAuthentication,
343 if (auth == ::onc::ethernet::kNone)
349 const base::DictionaryValue* GetNetworkConfigForNetworkFromOnc(
350 const base::ListValue& network_configs,
351 const FavoriteState& favorite) {
352 // In all cases except Ethernet, we use the GUID of |network|.
353 if (!favorite.Matches(NetworkTypePattern::Ethernet()))
354 return GetNetworkConfigByGUID(network_configs, favorite.guid());
356 // Ethernet is always shared and thus cannot store a GUID per user. Thus we
357 // search for any Ethernet policy intead of a matching GUID.
358 // EthernetEAP service contains only the EAP parameters and stores the GUID of
359 // the respective ONC policy. The EthernetEAP service itself is however never
360 // in state "connected". An EthernetEAP policy must be applied, if an Ethernet
361 // service is connected using the EAP parameters.
362 const FavoriteState* ethernet_eap = NULL;
363 if (NetworkHandler::IsInitialized()) {
365 NetworkHandler::Get()->network_state_handler()->GetEAPForEthernet(
369 // The GUID associated with the EthernetEAP service refers to the ONC policy
370 // with "Authentication: 8021X".
372 return GetNetworkConfigByGUID(network_configs, ethernet_eap->guid());
374 // Otherwise, EAP is not used and instead the Ethernet policy with
375 // "Authentication: None" applies.
376 return GetNetworkConfigForEthernetWithoutEAP(network_configs);
379 const base::DictionaryValue* GetPolicyForNetworkFromPref(
380 const PrefService* pref_service,
381 const char* pref_name,
382 const FavoriteState& favorite) {
384 VLOG(2) << "No pref service";
388 const PrefService::Preference* preference =
389 pref_service->FindPreference(pref_name);
391 VLOG(2) << "No preference " << pref_name;
392 // The preference may not exist in tests.
396 // User prefs are not stored in this Preference yet but only the policy.
398 // The policy server incorrectly configures the OpenNetworkConfiguration user
399 // policy as Recommended. To work around that, we handle the Recommended and
400 // the Mandatory value in the same way.
401 // TODO(pneubeck): Remove this workaround, once the server is fixed. See
402 // http://crbug.com/280553 .
403 if (preference->IsDefaultValue()) {
404 VLOG(2) << "Preference has no recommended or mandatory value.";
408 VLOG(2) << "Preference with policy found.";
409 const base::Value* onc_policy_value = preference->GetValue();
410 DCHECK(onc_policy_value);
412 const base::ListValue* onc_policy = NULL;
413 onc_policy_value->GetAsList(&onc_policy);
416 return GetNetworkConfigForNetworkFromOnc(*onc_policy, favorite);
421 const base::DictionaryValue* GetPolicyForFavoriteNetwork(
422 const PrefService* profile_prefs,
423 const PrefService* local_state_prefs,
424 const FavoriteState& favorite,
425 ::onc::ONCSource* onc_source) {
426 VLOG(2) << "GetPolicyForFavoriteNetwork: " << favorite.path();
427 *onc_source = ::onc::ONC_SOURCE_NONE;
429 const base::DictionaryValue* network_policy = GetPolicyForNetworkFromPref(
430 profile_prefs, prefs::kOpenNetworkConfiguration, favorite);
431 if (network_policy) {
432 VLOG(1) << "Network " << favorite.path() << " is managed by user policy.";
433 *onc_source = ::onc::ONC_SOURCE_USER_POLICY;
434 return network_policy;
436 network_policy = GetPolicyForNetworkFromPref(
437 local_state_prefs, prefs::kDeviceOpenNetworkConfiguration, favorite);
438 if (network_policy) {
439 VLOG(1) << "Network " << favorite.path() << " is managed by device policy.";
440 *onc_source = ::onc::ONC_SOURCE_DEVICE_POLICY;
441 return network_policy;
443 VLOG(2) << "Network " << favorite.path() << " is unmanaged.";
447 bool HasPolicyForFavoriteNetwork(const PrefService* profile_prefs,
448 const PrefService* local_state_prefs,
449 const FavoriteState& network) {
450 ::onc::ONCSource ignored_onc_source;
451 const base::DictionaryValue* policy = onc::GetPolicyForFavoriteNetwork(
452 profile_prefs, local_state_prefs, network, &ignored_onc_source);
453 return policy != NULL;
457 } // namespace chromeos