src/chrome/browser/chromeos/net/onc_utils.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/chromeos/net/onc_utils.h"
   6
   7 #include "base/bind_helpers.h"
   8 #include "base/json/json_writer.h"
   9 #include "base/logging.h"
  10 #include "base/prefs/pref_service.h"
  11 #include "base/values.h"
  12 #include "chrome/browser/chromeos/login/user.h"
  13 #include "chrome/browser/chromeos/login/user_manager.h"
  14 #include "chrome/browser/chromeos/ui_proxy_config.h"
  15 #include "chrome/browser/prefs/proxy_config_dictionary.h"
  16 #include "chrome/common/pref_names.h"
  17 #include "chromeos/network/favorite_state.h"
  18 #include "chromeos/network/managed_network_configuration_handler.h"
  19 #include "chromeos/network/network_configuration_handler.h"
  20 #include "chromeos/network/network_handler.h"
  21 #include "chromeos/network/network_profile.h"
  22 #include "chromeos/network/network_profile_handler.h"
  23 #include "chromeos/network/network_state.h"
  24 #include "chromeos/network/network_state_handler.h"
  25 #include "chromeos/network/network_ui_data.h"
  26 #include "chromeos/network/onc/onc_normalizer.h"
  27 #include "chromeos/network/onc/onc_signature.h"
  28 #include "chromeos/network/onc/onc_translator.h"
  29 #include "chromeos/network/onc/onc_utils.h"
  30 #include "chromeos/network/shill_property_util.h"
  31 #include "net/base/host_port_pair.h"
  32 #include "net/proxy/proxy_bypass_rules.h"
  33 #include "net/proxy/proxy_server.h"
  34 #include "third_party/cros_system_api/dbus/service_constants.h"
  35 #include "url/gurl.h"
  36
  37 namespace chromeos {
  38 namespace onc {
  39
  40 namespace {
  41
  42 net::ProxyServer ConvertOncProxyLocationToHostPort(
  43     net::ProxyServer::Scheme default_proxy_scheme,
  44     const base::DictionaryValue& onc_proxy_location) {
  45   std::string host;
  46   onc_proxy_location.GetStringWithoutPathExpansion(::onc::proxy::kHost, &host);
  47   // Parse |host| according to the format [<scheme>"://"]<server>[":"<port>].
  48   net::ProxyServer proxy_server =
  49       net::ProxyServer::FromURI(host, default_proxy_scheme);
  50   int port = 0;
  51   onc_proxy_location.GetIntegerWithoutPathExpansion(::onc::proxy::kPort, &port);
  52
  53   // Replace the port parsed from |host| by the provided |port|.
  54   return net::ProxyServer(
  55       proxy_server.scheme(),
  56       net::HostPortPair(proxy_server.host_port_pair().host(),
  57                         static_cast<uint16>(port)));
  58 }
  59
  60 void AppendProxyServerForScheme(
  61     const base::DictionaryValue& onc_manual,
  62     const std::string& onc_scheme,
  63     std::string* spec) {
  64   const base::DictionaryValue* onc_proxy_location = NULL;
  65   if (!onc_manual.GetDictionaryWithoutPathExpansion(onc_scheme,
  66                                                     &onc_proxy_location)) {
  67     return;
  68   }
  69
  70   net::ProxyServer::Scheme default_proxy_scheme = net::ProxyServer::SCHEME_HTTP;
  71   std::string url_scheme;
  72   if (onc_scheme == ::onc::proxy::kFtp) {
  73     url_scheme = "ftp";
  74   } else if (onc_scheme == ::onc::proxy::kHttp) {
  75     url_scheme = "http";
  76   } else if (onc_scheme == ::onc::proxy::kHttps) {
  77     url_scheme = "https";
  78   } else if (onc_scheme == ::onc::proxy::kSocks) {
  79     default_proxy_scheme = net::ProxyServer::SCHEME_SOCKS4;
  80     url_scheme = "socks";
  81   } else {
  82     NOTREACHED();
  83   }
  84
  85   net::ProxyServer proxy_server = ConvertOncProxyLocationToHostPort(
  86       default_proxy_scheme, *onc_proxy_location);
  87
  88   UIProxyConfig::EncodeAndAppendProxyServer(url_scheme, proxy_server, spec);
  89 }
  90
  91 net::ProxyBypassRules ConvertOncExcludeDomainsToBypassRules(
  92     const base::ListValue& onc_exclude_domains) {
  93   net::ProxyBypassRules rules;
  94   for (base::ListValue::const_iterator it = onc_exclude_domains.begin();
  95        it != onc_exclude_domains.end(); ++it) {
  96     std::string rule;
  97     (*it)->GetAsString(&rule);
  98     rules.AddRuleFromString(rule);
  99   }
 100   return rules;
 101 }
 102
 103 }  // namespace
 104
 105 scoped_ptr<base::DictionaryValue> ConvertOncProxySettingsToProxyConfig(
 106     const base::DictionaryValue& onc_proxy_settings) {
 107   std::string type;
 108   onc_proxy_settings.GetStringWithoutPathExpansion(::onc::proxy::kType, &type);
 109   scoped_ptr<DictionaryValue> proxy_dict;
 110
 111   if (type == ::onc::proxy::kDirect) {
 112     proxy_dict.reset(ProxyConfigDictionary::CreateDirect());
 113   } else if (type == ::onc::proxy::kWPAD) {
 114     proxy_dict.reset(ProxyConfigDictionary::CreateAutoDetect());
 115   } else if (type == ::onc::proxy::kPAC) {
 116     std::string pac_url;
 117     onc_proxy_settings.GetStringWithoutPathExpansion(::onc::proxy::kPAC,
 118                                                      &pac_url);
 119     GURL url(pac_url);
 120     DCHECK(url.is_valid())
 121         << "PAC field is invalid for this ProxySettings.Type";
 122     proxy_dict.reset(ProxyConfigDictionary::CreatePacScript(url.spec(),
 123                                                             false));
 124   } else if (type == ::onc::proxy::kManual) {
 125     const base::DictionaryValue* manual_dict = NULL;
 126     onc_proxy_settings.GetDictionaryWithoutPathExpansion(::onc::proxy::kManual,
 127                                                          &manual_dict);
 128     std::string manual_spec;
 129     AppendProxyServerForScheme(*manual_dict, ::onc::proxy::kFtp, &manual_spec);
 130     AppendProxyServerForScheme(*manual_dict, ::onc::proxy::kHttp, &manual_spec);
 131     AppendProxyServerForScheme(*manual_dict, ::onc::proxy::kSocks,
 132                                &manual_spec);
 133     AppendProxyServerForScheme(*manual_dict, ::onc::proxy::kHttps,
 134                                &manual_spec);
 135
 136     const base::ListValue* exclude_domains = NULL;
 137     net::ProxyBypassRules bypass_rules;
 138     if (onc_proxy_settings.GetListWithoutPathExpansion(
 139             ::onc::proxy::kExcludeDomains, &exclude_domains)) {
 140       bypass_rules.AssignFrom(
 141           ConvertOncExcludeDomainsToBypassRules(*exclude_domains));
 142     }
 143     proxy_dict.reset(ProxyConfigDictionary::CreateFixedServers(
 144         manual_spec, bypass_rules.ToString()));
 145   } else {
 146     NOTREACHED();
 147   }
 148   return proxy_dict.Pass();
 149 }
 150
 151 namespace {
 152
 153 // This class defines which string placeholders of ONC are replaced by which
 154 // user attribute.
 155 class UserStringSubstitution : public chromeos::onc::StringSubstitution {
 156  public:
 157   explicit UserStringSubstitution(const chromeos::User* user) : user_(user) {}
 158   virtual ~UserStringSubstitution() {}
 159
 160   virtual bool GetSubstitute(const std::string& placeholder,
 161                              std::string* substitute) const OVERRIDE {
 162     if (placeholder == ::onc::substitutes::kLoginIDField)
 163       *substitute = user_->GetAccountName(false);
 164     else if (placeholder == ::onc::substitutes::kEmailField)
 165       *substitute = user_->email();
 166     else
 167       return false;
 168     return true;
 169   }
 170
 171  private:
 172   const chromeos::User* user_;
 173
 174   DISALLOW_COPY_AND_ASSIGN(UserStringSubstitution);
 175 };
 176
 177 }  // namespace
 178
 179 void ExpandStringPlaceholdersInNetworksForUser(
 180     const chromeos::User* user,
 181     base::ListValue* network_configs) {
 182   if (!user) {
 183     // In tests no user may be logged in. It's not harmful if we just don't
 184     // expand the strings.
 185     return;
 186   }
 187   UserStringSubstitution substitution(user);
 188   chromeos::onc::ExpandStringsInNetworks(substitution, network_configs);
 189 }
 190
 191 void ImportNetworksForUser(const chromeos::User* user,
 192                            const base::ListValue& network_configs,
 193                            std::string* error) {
 194   error->clear();
 195
 196   scoped_ptr<base::ListValue> expanded_networks(network_configs.DeepCopy());
 197   ExpandStringPlaceholdersInNetworksForUser(user, expanded_networks.get());
 198
 199   const NetworkProfile* profile =
 200       NetworkHandler::Get()->network_profile_handler()->GetProfileForUserhash(
 201           user->username_hash());
 202   if (!profile) {
 203     *error = "User profile doesn't exist.";
 204     return;
 205   }
 206
 207   bool ethernet_not_found = false;
 208   for (base::ListValue::const_iterator it = expanded_networks->begin();
 209        it != expanded_networks->end();
 210        ++it) {
 211     const base::DictionaryValue* network = NULL;
 212     (*it)->GetAsDictionary(&network);
 213     DCHECK(network);
 214
 215     // Remove irrelevant fields.
 216     onc::Normalizer normalizer(true /* remove recommended fields */);
 217     scoped_ptr<base::DictionaryValue> normalized_network =
 218         normalizer.NormalizeObject(&onc::kNetworkConfigurationSignature,
 219                                    *network);
 220
 221     scoped_ptr<base::DictionaryValue> shill_dict =
 222         onc::TranslateONCObjectToShill(&onc::kNetworkConfigurationSignature,
 223                                        *normalized_network);
 224
 225     scoped_ptr<NetworkUIData> ui_data = NetworkUIData::CreateFromONC(
 226         ::onc::ONC_SOURCE_USER_IMPORT, *normalized_network);
 227     base::DictionaryValue ui_data_dict;
 228     ui_data->FillDictionary(&ui_data_dict);
 229     std::string ui_data_json;
 230     base::JSONWriter::Write(&ui_data_dict, &ui_data_json);
 231     shill_dict->SetStringWithoutPathExpansion(shill::kUIDataProperty,
 232                                               ui_data_json);
 233
 234     shill_dict->SetStringWithoutPathExpansion(shill::kProfileProperty,
 235                                               profile->path);
 236
 237     std::string type;
 238     shill_dict->GetStringWithoutPathExpansion(shill::kTypeProperty, &type);
 239     NetworkConfigurationHandler* config_handler =
 240         NetworkHandler::Get()->network_configuration_handler();
 241     if (NetworkTypePattern::Ethernet().MatchesType(type)) {
 242       // Ethernet has to be configured using an existing Ethernet service.
 243       const NetworkState* ethernet =
 244           NetworkHandler::Get()->network_state_handler()->FirstNetworkByType(
 245               NetworkTypePattern::Ethernet());
 246       if (ethernet) {
 247         config_handler->SetProperties(ethernet->path(),
 248                                       *shill_dict,
 249                                       base::Closure(),
 250                                       network_handler::ErrorCallback());
 251       } else {
 252         ethernet_not_found = true;
 253       }
 254
 255     } else {
 256       config_handler->CreateConfiguration(
 257           *shill_dict,
 258           network_handler::StringResultCallback(),
 259           network_handler::ErrorCallback());
 260     }
 261   }
 262
 263   if (ethernet_not_found)
 264     *error = "No Ethernet available to configure.";
 265 }
 266
 267 const base::DictionaryValue* FindPolicyForActiveUser(
 268     const std::string& guid,
 269     ::onc::ONCSource* onc_source) {
 270   const User* user = UserManager::Get()->GetActiveUser();
 271   std::string username_hash = user ? user->username_hash() : std::string();
 272   return NetworkHandler::Get()->managed_network_configuration_handler()->
 273       FindPolicyByGUID(username_hash, guid, onc_source);
 274 }
 275
 276 const base::DictionaryValue* GetGlobalConfigFromPolicy(bool for_active_user) {
 277   std::string username_hash;
 278   if (for_active_user) {
 279     const User* user = UserManager::Get()->GetActiveUser();
 280     if (!user) {
 281       LOG(ERROR) << "No user logged in yet.";
 282       return NULL;
 283     }
 284     username_hash = user->username_hash();
 285   }
 286   return NetworkHandler::Get()->managed_network_configuration_handler()->
 287       GetGlobalConfigFromPolicy(username_hash);
 288 }
 289
 290 bool PolicyAllowsOnlyPolicyNetworksToAutoconnect(bool for_active_user) {
 291   const base::DictionaryValue* global_config =
 292       GetGlobalConfigFromPolicy(for_active_user);
 293   if (!global_config)
 294     return false;  // By default, all networks are allowed to autoconnect.
 295
 296   bool only_policy_autoconnect = false;
 297   global_config->GetBooleanWithoutPathExpansion(
 298       ::onc::global_network_config::kAllowOnlyPolicyNetworksToAutoconnect,
 299       &only_policy_autoconnect);
 300   return only_policy_autoconnect;
 301 }
 302
 303 namespace {
 304
 305 const base::DictionaryValue* GetNetworkConfigByGUID(
 306     const base::ListValue& network_configs,
 307     const std::string& guid) {
 308   for (base::ListValue::const_iterator it = network_configs.begin();
 309        it != network_configs.end(); ++it) {
 310     const base::DictionaryValue* network = NULL;
 311     (*it)->GetAsDictionary(&network);
 312     DCHECK(network);
 313
 314     std::string current_guid;
 315     network->GetStringWithoutPathExpansion(::onc::network_config::kGUID,
 316                                            &current_guid);
 317     if (current_guid == guid)
 318       return network;
 319   }
 320   return NULL;
 321 }
 322
 323 const base::DictionaryValue* GetNetworkConfigForEthernetWithoutEAP(
 324     const base::ListValue& network_configs) {
 325   VLOG(2) << "Search for ethernet policy without EAP.";
 326   for (base::ListValue::const_iterator it = network_configs.begin();
 327        it != network_configs.end(); ++it) {
 328     const base::DictionaryValue* network = NULL;
 329     (*it)->GetAsDictionary(&network);
 330     DCHECK(network);
 331
 332     std::string type;
 333     network->GetStringWithoutPathExpansion(::onc::network_config::kType, &type);
 334     if (type != ::onc::network_type::kEthernet)
 335       continue;
 336
 337     const base::DictionaryValue* ethernet = NULL;
 338     network->GetDictionaryWithoutPathExpansion(::onc::network_config::kEthernet,
 339                                                &ethernet);
 340
 341     std::string auth;
 342     ethernet->GetStringWithoutPathExpansion(::onc::ethernet::kAuthentication,
 343                                             &auth);
 344     if (auth == ::onc::ethernet::kNone)
 345       return network;
 346   }
 347   return NULL;
 348 }
 349
 350 const base::DictionaryValue* GetNetworkConfigForNetworkFromOnc(
 351     const base::ListValue& network_configs,
 352     const FavoriteState& favorite) {
 353   // In all cases except Ethernet, we use the GUID of |network|.
 354   if (!favorite.Matches(NetworkTypePattern::Ethernet()))
 355     return GetNetworkConfigByGUID(network_configs, favorite.guid());
 356
 357   // Ethernet is always shared and thus cannot store a GUID per user. Thus we
 358   // search for any Ethernet policy intead of a matching GUID.
 359   // EthernetEAP service contains only the EAP parameters and stores the GUID of
 360   // the respective ONC policy. The EthernetEAP service itself is however never
 361   // in state "connected". An EthernetEAP policy must be applied, if an Ethernet
 362   // service is connected using the EAP parameters.
 363   const FavoriteState* ethernet_eap = NULL;
 364   if (NetworkHandler::IsInitialized()) {
 365     ethernet_eap =
 366         NetworkHandler::Get()->network_state_handler()->GetEAPForEthernet(
 367             favorite.path());
 368   }
 369
 370   // The GUID associated with the EthernetEAP service refers to the ONC policy
 371   // with "Authentication: 8021X".
 372   if (ethernet_eap)
 373     return GetNetworkConfigByGUID(network_configs, ethernet_eap->guid());
 374
 375   // Otherwise, EAP is not used and instead the Ethernet policy with
 376   // "Authentication: None" applies.
 377   return GetNetworkConfigForEthernetWithoutEAP(network_configs);
 378 }
 379
 380 const base::DictionaryValue* GetPolicyForNetworkFromPref(
 381     const PrefService* pref_service,
 382     const char* pref_name,
 383     const FavoriteState& favorite) {
 384   if (!pref_service) {
 385     VLOG(2) << "No pref service";
 386     return NULL;
 387   }
 388
 389   const PrefService::Preference* preference =
 390       pref_service->FindPreference(pref_name);
 391   if (!preference) {
 392     VLOG(2) << "No preference " << pref_name;
 393     // The preference may not exist in tests.
 394     return NULL;
 395   }
 396
 397   // User prefs are not stored in this Preference yet but only the policy.
 398   //
 399   // The policy server incorrectly configures the OpenNetworkConfiguration user
 400   // policy as Recommended. To work around that, we handle the Recommended and
 401   // the Mandatory value in the same way.
 402   // TODO(pneubeck): Remove this workaround, once the server is fixed. See
 403   // http://crbug.com/280553 .
 404   if (preference->IsDefaultValue()) {
 405     VLOG(2) << "Preference has no recommended or mandatory value.";
 406     // No policy set.
 407     return NULL;
 408   }
 409   VLOG(2) << "Preference with policy found.";
 410   const base::Value* onc_policy_value = preference->GetValue();
 411   DCHECK(onc_policy_value);
 412
 413   const base::ListValue* onc_policy = NULL;
 414   onc_policy_value->GetAsList(&onc_policy);
 415   DCHECK(onc_policy);
 416
 417   return GetNetworkConfigForNetworkFromOnc(*onc_policy, favorite);
 418 }
 419
 420 }  // namespace
 421
 422 const base::DictionaryValue* GetPolicyForFavoriteNetwork(
 423     const PrefService* profile_prefs,
 424     const PrefService* local_state_prefs,
 425     const FavoriteState& favorite,
 426     ::onc::ONCSource* onc_source) {
 427   VLOG(2) << "GetPolicyForFavoriteNetwork: " << favorite.path();
 428   *onc_source = ::onc::ONC_SOURCE_NONE;
 429
 430   const base::DictionaryValue* network_policy = GetPolicyForNetworkFromPref(
 431       profile_prefs, prefs::kOpenNetworkConfiguration, favorite);
 432   if (network_policy) {
 433     VLOG(1) << "Network " << favorite.path() << " is managed by user policy.";
 434     *onc_source = ::onc::ONC_SOURCE_USER_POLICY;
 435     return network_policy;
 436   }
 437   network_policy = GetPolicyForNetworkFromPref(
 438       local_state_prefs, prefs::kDeviceOpenNetworkConfiguration, favorite);
 439   if (network_policy) {
 440     VLOG(1) << "Network " << favorite.path() << " is managed by device policy.";
 441     *onc_source = ::onc::ONC_SOURCE_DEVICE_POLICY;
 442     return network_policy;
 443   }
 444   VLOG(2) << "Network " << favorite.path() << " is unmanaged.";
 445   return NULL;
 446 }
 447
 448 bool HasPolicyForFavoriteNetwork(const PrefService* profile_prefs,
 449                                  const PrefService* local_state_prefs,
 450                                  const FavoriteState& network) {
 451   ::onc::ONCSource ignored_onc_source;
 452   const base::DictionaryValue* policy = onc::GetPolicyForFavoriteNetwork(
 453       profile_prefs, local_state_prefs, network, &ignored_onc_source);
 454   return policy != NULL;
 455 }
 456
 457 }  // namespace onc
 458 }  // namespace chromeos