search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
aw: Move SharedRendererState out of AwContents
[chromium-blink-merge.git] / chromeos / network / policy_applicator.cc
blob334c106149afe63b49a09069bb6548c1a2959d07
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chromeos/network/policy_applicator.h"
6
7 #include <utility>
8
9 #include "base/bind.h"
10 #include "base/location.h"
11 #include "base/logging.h"
12 #include "base/memory/scoped_ptr.h"
13 #include "base/stl_util.h"
14 #include "base/values.h"
15 #include "chromeos/dbus/dbus_thread_manager.h"
16 #include "chromeos/dbus/shill_profile_client.h"
17 #include "chromeos/network/network_type_pattern.h"
18 #include "chromeos/network/network_ui_data.h"
19 #include "chromeos/network/onc/onc_signature.h"
20 #include "chromeos/network/onc/onc_translator.h"
21 #include "chromeos/network/policy_util.h"
22 #include "chromeos/network/shill_property_util.h"
23 #include "components/onc/onc_constants.h"
24 #include "dbus/object_path.h"
25 #include "third_party/cros_system_api/dbus/service_constants.h"
26
27 namespace chromeos {
28
29 namespace {
30
31 void LogErrorMessage(const tracked_objects::Location& from_where,
32 const std::string& error_name,
33 const std::string& error_message) {
34 LOG(ERROR) << from_where.ToString() << ": " << error_message;
35 }
36
37 const base::DictionaryValue* GetByGUID(
38 const PolicyApplicator::GuidToPolicyMap& policies,
39 const std::string& guid) {
40 PolicyApplicator::GuidToPolicyMap::const_iterator it = policies.find(guid);
41 if (it == policies.end())
42 return NULL;
43 return it->second;
44 }
45
46 } // namespace
47
48 PolicyApplicator::PolicyApplicator(
49 const NetworkProfile& profile,
50 const GuidToPolicyMap& all_policies,
51 const base::DictionaryValue& global_network_config,
52 ConfigurationHandler* handler,
53 std::set<std::string>* modified_policies)
54 : handler_(handler), profile_(profile), weak_ptr_factory_(this) {
55 global_network_config_.MergeDictionary(&global_network_config);
56 remaining_policies_.swap(*modified_policies);
57 for (GuidToPolicyMap::const_iterator it = all_policies.begin();
58 it != all_policies.end(); ++it) {
59 all_policies_.insert(std::make_pair(it->first, it->second->DeepCopy()));
60 }
61 }
62
63 PolicyApplicator::~PolicyApplicator() {
64 STLDeleteValues(&all_policies_);
65 VLOG(1) << "Destroying PolicyApplicator for " << profile_.userhash;
66 }
67
68 void PolicyApplicator::Run() {
69 DBusThreadManager::Get()->GetShillProfileClient()->GetProperties(
70 dbus::ObjectPath(profile_.path),
71 base::Bind(&PolicyApplicator::GetProfilePropertiesCallback,
72 weak_ptr_factory_.GetWeakPtr()),
73 base::Bind(&PolicyApplicator::GetProfilePropertiesError,
74 weak_ptr_factory_.GetWeakPtr()));
75 }
76
77 void PolicyApplicator::ProfileEntryFinished(const std::string& entry) {
78 pending_get_entry_calls_.erase(entry);
79 if (pending_get_entry_calls_.empty()) {
80 ApplyRemainingPolicies();
81 NotifyConfigurationHandlerAndFinish();
82 }
83 }
84
85 void PolicyApplicator::GetProfilePropertiesCallback(
86 const base::DictionaryValue& profile_properties) {
87 VLOG(2) << "Received properties for profile " << profile_.ToDebugString();
88 const base::ListValue* entries = NULL;
89 if (!profile_properties.GetListWithoutPathExpansion(
90 shill::kEntriesProperty, &entries)) {
91 LOG(ERROR) << "Profile " << profile_.ToDebugString()
92 << " doesn't contain the property "
93 << shill::kEntriesProperty;
94 NotifyConfigurationHandlerAndFinish();
95 return;
96 }
97
98 for (base::ListValue::const_iterator it = entries->begin();
99 it != entries->end(); ++it) {
100 std::string entry;
101 (*it)->GetAsString(&entry);
102
103 pending_get_entry_calls_.insert(entry);
104 DBusThreadManager::Get()->GetShillProfileClient()->GetEntry(
105 dbus::ObjectPath(profile_.path),
106 entry,
107 base::Bind(&PolicyApplicator::GetEntryCallback,
108 weak_ptr_factory_.GetWeakPtr(),
109 entry),
110 base::Bind(&PolicyApplicator::GetEntryError,
111 weak_ptr_factory_.GetWeakPtr(),
112 entry));
113 }
114 if (pending_get_entry_calls_.empty()) {
115 ApplyRemainingPolicies();
116 NotifyConfigurationHandlerAndFinish();
117 }
118 }
119
120 void PolicyApplicator::GetProfilePropertiesError(
121 const std::string& error_name,
122 const std::string& error_message) {
123 LOG(ERROR) << "Could not retrieve properties of profile " << profile_.path
124 << ": " << error_message;
125 NotifyConfigurationHandlerAndFinish();
126 }
127
128 void PolicyApplicator::GetEntryCallback(
129 const std::string& entry,
130 const base::DictionaryValue& entry_properties) {
131 VLOG(2) << "Received properties for entry " << entry << " of profile "
132 << profile_.ToDebugString();
133
134 scoped_ptr<base::DictionaryValue> onc_part(
135 onc::TranslateShillServiceToONCPart(entry_properties,
136 ::onc::ONC_SOURCE_UNKNOWN,
137 &onc::kNetworkWithStateSignature));
138
139 std::string old_guid;
140 if (!onc_part->GetStringWithoutPathExpansion(::onc::network_config::kGUID,
141 &old_guid)) {
142 VLOG(1) << "Entry " << entry << " of profile " << profile_.ToDebugString()
143 << " doesn't contain a GUID.";
144 // This might be an entry of an older ChromeOS version. Assume it to be
145 // unmanaged.
146 }
147
148 scoped_ptr<NetworkUIData> ui_data =
149 shill_property_util::GetUIDataFromProperties(entry_properties);
150 if (!ui_data) {
151 VLOG(1) << "Entry " << entry << " of profile " << profile_.ToDebugString()
152 << " contains no or no valid UIData.";
153 // This might be an entry of an older ChromeOS version. Assume it to be
154 // unmanaged. It's an inconsistency if there is a GUID but no UIData, thus
155 // clear the GUID just in case.
156 old_guid.clear();
157 }
158
159 bool was_managed = !old_guid.empty() && ui_data &&
160 (ui_data->onc_source() ==
161 ::onc::ONC_SOURCE_DEVICE_POLICY ||
162 ui_data->onc_source() == ::onc::ONC_SOURCE_USER_POLICY);
163
164 const base::DictionaryValue* new_policy = NULL;
165 if (was_managed) {
166 // If we have a GUID that might match a current policy, do a lookup using
167 // that GUID at first. In particular this is necessary, as some networks
168 // can't be matched to policies by properties (e.g. VPN).
169 new_policy = GetByGUID(all_policies_, old_guid);
170 }
171
172 if (!new_policy) {
173 // If we didn't find a policy by GUID, still a new policy might match.
174 new_policy = policy_util::FindMatchingPolicy(all_policies_, *onc_part);
175 }
176
177 if (new_policy) {
178 std::string new_guid;
179 new_policy->GetStringWithoutPathExpansion(::onc::network_config::kGUID,
180 &new_guid);
181
182 VLOG_IF(1, was_managed && old_guid != new_guid)
183 << "Updating configuration previously managed by policy " << old_guid
184 << " with new policy " << new_guid << ".";
185 VLOG_IF(1, !was_managed) << "Applying policy " << new_guid
186 << " to previously unmanaged "
187 << "configuration.";
188
189 if (old_guid == new_guid &&
190 remaining_policies_.find(new_guid) == remaining_policies_.end()) {
191 VLOG(1) << "Not updating existing managed configuration with guid "
192 << new_guid << " because the policy didn't change.";
193 } else {
194 const base::DictionaryValue* user_settings =
195 ui_data ? ui_data->user_settings() : NULL;
196 scoped_ptr<base::DictionaryValue> new_shill_properties =
197 policy_util::CreateShillConfiguration(profile_,
198 new_guid,
199 &global_network_config_,
200 new_policy,
201 user_settings);
202 // A new policy has to be applied to this profile entry. In order to keep
203 // implicit state of Shill like "connected successfully before", keep the
204 // entry if a policy is reapplied (e.g. after reboot) or is updated.
205 // However, some Shill properties are used to identify the network and
206 // cannot be modified after initial configuration, so we have to delete
207 // the profile entry in these cases. Also, keeping Shill's state if the
208 // SSID changed might not be a good idea anyways. If the policy GUID
209 // changed, or there was no policy before, we delete the entry at first to
210 // ensure that no old configuration remains.
211 if (old_guid == new_guid &&
212 shill_property_util::DoIdentifyingPropertiesMatch(
213 *new_shill_properties, entry_properties)) {
214 VLOG(1) << "Updating previously managed configuration with the "
215 << "updated policy " << new_guid << ".";
216 } else {
217 VLOG(1) << "Deleting profile entry before writing new policy "
218 << new_guid << " because of identifying properties changed.";
219 DeleteEntry(entry);
220 }
221
222 // In general, old entries should at first be deleted before new
223 // configurations are written to prevent inconsistencies. Therefore, we
224 // delay the writing of the new config here until ~PolicyApplicator.
225 // E.g. one problematic case is if a policy { {GUID=X, SSID=Y} } is
226 // applied to the profile entries
227 // { ENTRY1 = {GUID=X, SSID=X, USER_SETTINGS=X},
228 // ENTRY2 = {SSID=Y, ... } }.
229 // At first ENTRY1 and ENTRY2 should be removed, then the new config be
230 // written and the result should be:
231 // { {GUID=X, SSID=Y, USER_SETTINGS=X} }
232 WriteNewShillConfiguration(
233 *new_shill_properties, *new_policy, true /* write later */);
234 remaining_policies_.erase(new_guid);
235 }
236 } else if (was_managed) {
237 VLOG(1) << "Removing configuration previously managed by policy "
238 << old_guid << ", because the policy was removed.";
239
240 // Remove the entry, because the network was managed but isn't anymore.
241 // Note: An alternative might be to preserve the user settings, but it's
242 // unclear which values originating the policy should be removed.
243 DeleteEntry(entry);
244 } else {
245 // The entry wasn't managed and doesn't match any current policy. Global
246 // network settings have to be applied.
247 base::DictionaryValue shill_properties_to_update;
248 policy_util::SetShillPropertiesForGlobalPolicy(
249 entry_properties, global_network_config_, &shill_properties_to_update);
250 if (shill_properties_to_update.empty()) {
251 VLOG(2) << "Ignore unmanaged entry.";
252 // Calling a SetProperties of Shill with an empty dictionary is a no op.
253 } else {
254 VLOG(2) << "Apply global network config to unmanaged entry.";
255 handler_->UpdateExistingConfigurationWithPropertiesFromPolicy(
256 entry_properties, shill_properties_to_update);
257 }
258 }
259
260 ProfileEntryFinished(entry);
261 }
262
263 void PolicyApplicator::GetEntryError(const std::string& entry,
264 const std::string& error_name,
265 const std::string& error_message) {
266 LOG(ERROR) << "Could not retrieve entry " << entry << " of profile "
267 << profile_.path << ": " << error_message;
268 ProfileEntryFinished(entry);
269 }
270
271 void PolicyApplicator::DeleteEntry(const std::string& entry) {
272 DBusThreadManager::Get()->GetShillProfileClient()->DeleteEntry(
273 dbus::ObjectPath(profile_.path),
274 entry,
275 base::Bind(&base::DoNothing),
276 base::Bind(&LogErrorMessage, FROM_HERE));
277 }
278
279 void PolicyApplicator::WriteNewShillConfiguration(
280 const base::DictionaryValue& shill_dictionary,
281 const base::DictionaryValue& policy,
282 bool write_later) {
283 // Ethernet (non EAP) settings, like GUID or UIData, cannot be stored per
284 // user. Abort in that case.
285 std::string type;
286 policy.GetStringWithoutPathExpansion(::onc::network_config::kType, &type);
287 if (type == ::onc::network_type::kEthernet &&
288 profile_.type() == NetworkProfile::TYPE_USER) {
289 const base::DictionaryValue* ethernet = NULL;
290 policy.GetDictionaryWithoutPathExpansion(::onc::network_config::kEthernet,
291 &ethernet);
292 std::string auth;
293 ethernet->GetStringWithoutPathExpansion(::onc::ethernet::kAuthentication,
294 &auth);
295 if (auth == ::onc::ethernet::kAuthenticationNone)
296 return;
297 }
298
299 if (write_later)
300 new_shill_configurations_.push_back(shill_dictionary.DeepCopy());
301 else
302 handler_->CreateConfigurationFromPolicy(shill_dictionary);
303 }
304
305 void PolicyApplicator::ApplyRemainingPolicies() {
306 DCHECK(pending_get_entry_calls_.empty());
307
308 // Write all queued configurations now.
309 for (ScopedVector<base::DictionaryValue>::const_iterator it =
310 new_shill_configurations_.begin();
311 it != new_shill_configurations_.end();
312 ++it) {
313 handler_->CreateConfigurationFromPolicy(**it);
314 }
315 new_shill_configurations_.clear();
316
317 VLOG_IF(2, !remaining_policies_.empty())
318 << "Create new managed network configurations in profile"
319 << profile_.ToDebugString() << ".";
320
321 // All profile entries were compared to policies. |remaining_policies_|
322 // contains all modified policies that didn't match any entry. For these
323 // remaining policies, new configurations have to be created.
324 for (std::set<std::string>::iterator it = remaining_policies_.begin();
325 it != remaining_policies_.end(); ++it) {
326 const base::DictionaryValue* network_policy = GetByGUID(all_policies_, *it);
327 DCHECK(network_policy);
328
329 VLOG(1) << "Creating new configuration managed by policy " << *it
330 << " in profile " << profile_.ToDebugString() << ".";
331
332 scoped_ptr<base::DictionaryValue> shill_dictionary =
333 policy_util::CreateShillConfiguration(profile_,
334 *it,
335 &global_network_config_,
336 network_policy,
337 NULL /* no user settings */);
338 WriteNewShillConfiguration(
339 *shill_dictionary, *network_policy, false /* write now */);
340 }
341 remaining_policies_.clear();
342 }
343
344 void PolicyApplicator::NotifyConfigurationHandlerAndFinish() {
345 weak_ptr_factory_.InvalidateWeakPtrs();
346 handler_->OnPoliciesApplied(profile_);
347 }
348
349 } // namespace chromeos