configuration_policy_handler_chromeos.cc revision ca12bfac764ba476d6cd062bf1dde12cc64c3f40
1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "chrome/browser/chromeos/policy/configuration_policy_handler_chromeos.h" 6 7#include <string> 8 9#include "ash/magnifier/magnifier_constants.h" 10#include "base/callback.h" 11#include "base/json/json_reader.h" 12#include "base/json/json_writer.h" 13#include "base/memory/scoped_ptr.h" 14#include "base/prefs/pref_value_map.h" 15#include "base/strings/string_util.h" 16#include "base/values.h" 17#include "chrome/browser/chromeos/policy/login_screen_power_management_policy.h" 18#include "chrome/browser/policy/external_data_fetcher.h" 19#include "chrome/browser/policy/policy_error_map.h" 20#include "chrome/browser/policy/policy_map.h" 21#include "chrome/browser/ui/ash/chrome_launcher_prefs.h" 22#include "chrome/common/pref_names.h" 23#include "chromeos/network/onc/onc_constants.h" 24#include "chromeos/network/onc/onc_signature.h" 25#include "chromeos/network/onc/onc_utils.h" 26#include "chromeos/network/onc/onc_validator.h" 27#include "grit/generated_resources.h" 28#include "policy/policy_constants.h" 29 30namespace onc = chromeos::onc; 31 32namespace policy { 33 34// static 35NetworkConfigurationPolicyHandler* 36NetworkConfigurationPolicyHandler::CreateForUserPolicy() { 37 return new NetworkConfigurationPolicyHandler( 38 key::kOpenNetworkConfiguration, 39 onc::ONC_SOURCE_USER_POLICY, 40 prefs::kOpenNetworkConfiguration); 41} 42 43// static 44NetworkConfigurationPolicyHandler* 45NetworkConfigurationPolicyHandler::CreateForDevicePolicy() { 46 return new NetworkConfigurationPolicyHandler( 47 key::kDeviceOpenNetworkConfiguration, 48 onc::ONC_SOURCE_DEVICE_POLICY, 49 prefs::kDeviceOpenNetworkConfiguration); 50} 51 52NetworkConfigurationPolicyHandler::~NetworkConfigurationPolicyHandler() {} 53 54bool NetworkConfigurationPolicyHandler::CheckPolicySettings( 55 const PolicyMap& policies, 56 PolicyErrorMap* errors) { 57 const base::Value* value; 58 if (!CheckAndGetValue(policies, errors, &value)) 59 return false; 60 61 if (value) { 62 std::string onc_blob; 63 value->GetAsString(&onc_blob); 64 scoped_ptr<base::DictionaryValue> root_dict = 65 onc::ReadDictionaryFromJson(onc_blob); 66 if (root_dict.get() == NULL) { 67 errors->AddError(policy_name(), IDS_POLICY_NETWORK_CONFIG_PARSE_FAILED); 68 return false; 69 } 70 71 // Validate the ONC dictionary. We are liberal and ignore unknown field 72 // names and ignore invalid field names in kRecommended arrays. 73 onc::Validator validator(false, // Ignore unknown fields. 74 false, // Ignore invalid recommended field names. 75 true, // Fail on missing fields. 76 true); // Validate for managed ONC 77 validator.SetOncSource(onc_source_); 78 79 // ONC policies are always unencrypted. 80 onc::Validator::Result validation_result; 81 root_dict = validator.ValidateAndRepairObject( 82 &onc::kToplevelConfigurationSignature, *root_dict, &validation_result); 83 if (validation_result == onc::Validator::VALID_WITH_WARNINGS) 84 errors->AddError(policy_name(), IDS_POLICY_NETWORK_CONFIG_IMPORT_PARTIAL); 85 else if (validation_result == onc::Validator::INVALID) 86 errors->AddError(policy_name(), IDS_POLICY_NETWORK_CONFIG_IMPORT_FAILED); 87 88 // In any case, don't reject the policy as some networks or certificates 89 // could still be applied. 90 } 91 92 return true; 93} 94 95void NetworkConfigurationPolicyHandler::ApplyPolicySettings( 96 const PolicyMap& policies, 97 PrefValueMap* prefs) { 98 const base::Value* value = policies.GetValue(policy_name()); 99 if (!value) 100 return; 101 102 std::string onc_blob; 103 value->GetAsString(&onc_blob); 104 105 scoped_ptr<base::ListValue> network_configs(new base::ListValue); 106 base::ListValue certificates; 107 chromeos::onc::ParseAndValidateOncForImport( 108 onc_blob, onc_source_, "", network_configs.get(), &certificates); 109 110 prefs->SetValue(pref_path_, network_configs.release()); 111} 112 113void NetworkConfigurationPolicyHandler::PrepareForDisplaying( 114 PolicyMap* policies) const { 115 const PolicyMap::Entry* entry = policies->Get(policy_name()); 116 if (!entry) 117 return; 118 base::Value* sanitized_config = SanitizeNetworkConfig(entry->value); 119 if (!sanitized_config) 120 sanitized_config = base::Value::CreateNullValue(); 121 122 policies->Set(policy_name(), entry->level, entry->scope, 123 sanitized_config, NULL); 124} 125 126NetworkConfigurationPolicyHandler::NetworkConfigurationPolicyHandler( 127 const char* policy_name, 128 chromeos::onc::ONCSource onc_source, 129 const char* pref_path) 130 : TypeCheckingPolicyHandler(policy_name, base::Value::TYPE_STRING), 131 onc_source_(onc_source), 132 pref_path_(pref_path) { 133} 134 135// static 136base::Value* NetworkConfigurationPolicyHandler::SanitizeNetworkConfig( 137 const base::Value* config) { 138 std::string json_string; 139 if (!config->GetAsString(&json_string)) 140 return NULL; 141 142 scoped_ptr<base::DictionaryValue> toplevel_dict = 143 onc::ReadDictionaryFromJson(json_string); 144 if (!toplevel_dict) 145 return NULL; 146 147 // Placeholder to insert in place of the filtered setting. 148 const char kPlaceholder[] = "********"; 149 150 toplevel_dict = onc::MaskCredentialsInOncObject( 151 onc::kToplevelConfigurationSignature, 152 *toplevel_dict, 153 kPlaceholder); 154 155 base::JSONWriter::WriteWithOptions(toplevel_dict.get(), 156 base::JSONWriter::OPTIONS_DO_NOT_ESCAPE | 157 base::JSONWriter::OPTIONS_PRETTY_PRINT, 158 &json_string); 159 return base::Value::CreateStringValue(json_string); 160} 161 162PinnedLauncherAppsPolicyHandler::PinnedLauncherAppsPolicyHandler() 163 : ExtensionListPolicyHandler(key::kPinnedLauncherApps, 164 prefs::kPinnedLauncherApps, 165 false) {} 166 167PinnedLauncherAppsPolicyHandler::~PinnedLauncherAppsPolicyHandler() {} 168 169void PinnedLauncherAppsPolicyHandler::ApplyPolicySettings( 170 const PolicyMap& policies, 171 PrefValueMap* prefs) { 172 PolicyErrorMap errors; 173 const base::Value* policy_value = policies.GetValue(policy_name()); 174 const base::ListValue* policy_list = NULL; 175 if (policy_value && policy_value->GetAsList(&policy_list) && policy_list) { 176 base::ListValue* pinned_apps_list = new base::ListValue(); 177 for (base::ListValue::const_iterator entry(policy_list->begin()); 178 entry != policy_list->end(); ++entry) { 179 std::string id; 180 if ((*entry)->GetAsString(&id)) { 181 base::DictionaryValue* app_dict = new base::DictionaryValue(); 182 app_dict->SetString(ash::kPinnedAppsPrefAppIDPath, id); 183 pinned_apps_list->Append(app_dict); 184 } 185 } 186 prefs->SetValue(pref_path(), pinned_apps_list); 187 } 188} 189 190ScreenMagnifierPolicyHandler::ScreenMagnifierPolicyHandler() 191 : IntRangePolicyHandlerBase(key::kScreenMagnifierType, 192 0, ash::MAGNIFIER_FULL, false) { 193} 194 195ScreenMagnifierPolicyHandler::~ScreenMagnifierPolicyHandler() { 196} 197 198void ScreenMagnifierPolicyHandler::ApplyPolicySettings( 199 const PolicyMap& policies, 200 PrefValueMap* prefs) { 201 const base::Value* value = policies.GetValue(policy_name()); 202 int value_in_range; 203 if (value && EnsureInRange(value, &value_in_range, NULL)) { 204 prefs->SetValue(prefs::kScreenMagnifierEnabled, 205 base::Value::CreateBooleanValue(value_in_range != 0)); 206 prefs->SetValue(prefs::kScreenMagnifierType, 207 base::Value::CreateIntegerValue(value_in_range)); 208 } 209} 210 211LoginScreenPowerManagementPolicyHandler:: 212 LoginScreenPowerManagementPolicyHandler() 213 : TypeCheckingPolicyHandler(key::kDeviceLoginScreenPowerManagement, 214 base::Value::TYPE_STRING) { 215} 216 217LoginScreenPowerManagementPolicyHandler:: 218 ~LoginScreenPowerManagementPolicyHandler() { 219} 220 221bool LoginScreenPowerManagementPolicyHandler::CheckPolicySettings( 222 const PolicyMap& policies, 223 PolicyErrorMap* errors) { 224 const base::Value* value; 225 if (!CheckAndGetValue(policies, errors, &value)) 226 return false; 227 228 if (!value) 229 return true; 230 231 std::string json; 232 value->GetAsString(&json); 233 return LoginScreenPowerManagementPolicy().Init(json, errors); 234} 235 236void LoginScreenPowerManagementPolicyHandler::ApplyPolicySettings( 237 const PolicyMap& policies, 238 PrefValueMap* prefs) { 239} 240 241} // namespace policy 242