configuration_policy_handler_chromeos.cc revision ca12bfac764ba476d6cd062bf1dde12cc64c3f40 
1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "chrome/browser/chromeos/policy/configuration_policy_handler_chromeos.h"
6
7#include <string>
8
9#include "ash/magnifier/magnifier_constants.h"
10#include "base/callback.h"
11#include "base/json/json_reader.h"
12#include "base/json/json_writer.h"
13#include "base/memory/scoped_ptr.h"
14#include "base/prefs/pref_value_map.h"
15#include "base/strings/string_util.h"
16#include "base/values.h"
17#include "chrome/browser/chromeos/policy/login_screen_power_management_policy.h"
18#include "chrome/browser/policy/external_data_fetcher.h"
19#include "chrome/browser/policy/policy_error_map.h"
20#include "chrome/browser/policy/policy_map.h"
21#include "chrome/browser/ui/ash/chrome_launcher_prefs.h"
22#include "chrome/common/pref_names.h"
23#include "chromeos/network/onc/onc_constants.h"
24#include "chromeos/network/onc/onc_signature.h"
25#include "chromeos/network/onc/onc_utils.h"
26#include "chromeos/network/onc/onc_validator.h"
27#include "grit/generated_resources.h"
28#include "policy/policy_constants.h"
29
30namespace onc = chromeos::onc;
31
32namespace policy {
33
34// static
35NetworkConfigurationPolicyHandler*
36NetworkConfigurationPolicyHandler::CreateForUserPolicy() {
37  return new NetworkConfigurationPolicyHandler(
38      key::kOpenNetworkConfiguration,
39      onc::ONC_SOURCE_USER_POLICY,
40      prefs::kOpenNetworkConfiguration);
41}
42
43// static
44NetworkConfigurationPolicyHandler*
45NetworkConfigurationPolicyHandler::CreateForDevicePolicy() {
46  return new NetworkConfigurationPolicyHandler(
47      key::kDeviceOpenNetworkConfiguration,
48      onc::ONC_SOURCE_DEVICE_POLICY,
49      prefs::kDeviceOpenNetworkConfiguration);
50}
51
52NetworkConfigurationPolicyHandler::~NetworkConfigurationPolicyHandler() {}
53
54bool NetworkConfigurationPolicyHandler::CheckPolicySettings(
55    const PolicyMap& policies,
56    PolicyErrorMap* errors) {
57  const base::Value* value;
58  if (!CheckAndGetValue(policies, errors, &value))
59    return false;
60
61  if (value) {
62    std::string onc_blob;
63    value->GetAsString(&onc_blob);
64    scoped_ptr<base::DictionaryValue> root_dict =
65        onc::ReadDictionaryFromJson(onc_blob);
66    if (root_dict.get() == NULL) {
67      errors->AddError(policy_name(), IDS_POLICY_NETWORK_CONFIG_PARSE_FAILED);
68      return false;
69    }
70
71    // Validate the ONC dictionary. We are liberal and ignore unknown field
72    // names and ignore invalid field names in kRecommended arrays.
73    onc::Validator validator(false,  // Ignore unknown fields.
74                             false,  // Ignore invalid recommended field names.
75                             true,  // Fail on missing fields.
76                             true);  // Validate for managed ONC
77    validator.SetOncSource(onc_source_);
78
79    // ONC policies are always unencrypted.
80    onc::Validator::Result validation_result;
81    root_dict = validator.ValidateAndRepairObject(
82        &onc::kToplevelConfigurationSignature, *root_dict, &validation_result);
83    if (validation_result == onc::Validator::VALID_WITH_WARNINGS)
84      errors->AddError(policy_name(), IDS_POLICY_NETWORK_CONFIG_IMPORT_PARTIAL);
85    else if (validation_result == onc::Validator::INVALID)
86      errors->AddError(policy_name(), IDS_POLICY_NETWORK_CONFIG_IMPORT_FAILED);
87
88    // In any case, don't reject the policy as some networks or certificates
89    // could still be applied.
90  }
91
92  return true;
93}
94
95void NetworkConfigurationPolicyHandler::ApplyPolicySettings(
96    const PolicyMap& policies,
97    PrefValueMap* prefs) {
98  const base::Value* value = policies.GetValue(policy_name());
99  if (!value)
100    return;
101
102  std::string onc_blob;
103  value->GetAsString(&onc_blob);
104
105  scoped_ptr<base::ListValue> network_configs(new base::ListValue);
106  base::ListValue certificates;
107  chromeos::onc::ParseAndValidateOncForImport(
108      onc_blob, onc_source_, "", network_configs.get(), &certificates);
109
110  prefs->SetValue(pref_path_, network_configs.release());
111}
112
113void NetworkConfigurationPolicyHandler::PrepareForDisplaying(
114    PolicyMap* policies) const {
115  const PolicyMap::Entry* entry = policies->Get(policy_name());
116  if (!entry)
117    return;
118  base::Value* sanitized_config = SanitizeNetworkConfig(entry->value);
119  if (!sanitized_config)
120    sanitized_config = base::Value::CreateNullValue();
121
122  policies->Set(policy_name(), entry->level, entry->scope,
123                sanitized_config, NULL);
124}
125
126NetworkConfigurationPolicyHandler::NetworkConfigurationPolicyHandler(
127    const char* policy_name,
128    chromeos::onc::ONCSource onc_source,
129    const char* pref_path)
130    : TypeCheckingPolicyHandler(policy_name, base::Value::TYPE_STRING),
131      onc_source_(onc_source),
132      pref_path_(pref_path) {
133}
134
135// static
136base::Value* NetworkConfigurationPolicyHandler::SanitizeNetworkConfig(
137    const base::Value* config) {
138  std::string json_string;
139  if (!config->GetAsString(&json_string))
140    return NULL;
141
142  scoped_ptr<base::DictionaryValue> toplevel_dict =
143      onc::ReadDictionaryFromJson(json_string);
144  if (!toplevel_dict)
145    return NULL;
146
147  // Placeholder to insert in place of the filtered setting.
148  const char kPlaceholder[] = "********";
149
150  toplevel_dict = onc::MaskCredentialsInOncObject(
151      onc::kToplevelConfigurationSignature,
152      *toplevel_dict,
153      kPlaceholder);
154
155  base::JSONWriter::WriteWithOptions(toplevel_dict.get(),
156                                     base::JSONWriter::OPTIONS_DO_NOT_ESCAPE |
157                                         base::JSONWriter::OPTIONS_PRETTY_PRINT,
158                                     &json_string);
159  return base::Value::CreateStringValue(json_string);
160}
161
162PinnedLauncherAppsPolicyHandler::PinnedLauncherAppsPolicyHandler()
163    : ExtensionListPolicyHandler(key::kPinnedLauncherApps,
164                                 prefs::kPinnedLauncherApps,
165                                 false) {}
166
167PinnedLauncherAppsPolicyHandler::~PinnedLauncherAppsPolicyHandler() {}
168
169void PinnedLauncherAppsPolicyHandler::ApplyPolicySettings(
170    const PolicyMap& policies,
171    PrefValueMap* prefs) {
172  PolicyErrorMap errors;
173  const base::Value* policy_value = policies.GetValue(policy_name());
174  const base::ListValue* policy_list = NULL;
175  if (policy_value && policy_value->GetAsList(&policy_list) && policy_list) {
176    base::ListValue* pinned_apps_list = new base::ListValue();
177    for (base::ListValue::const_iterator entry(policy_list->begin());
178         entry != policy_list->end(); ++entry) {
179      std::string id;
180      if ((*entry)->GetAsString(&id)) {
181        base::DictionaryValue* app_dict = new base::DictionaryValue();
182        app_dict->SetString(ash::kPinnedAppsPrefAppIDPath, id);
183        pinned_apps_list->Append(app_dict);
184      }
185    }
186    prefs->SetValue(pref_path(), pinned_apps_list);
187  }
188}
189
190ScreenMagnifierPolicyHandler::ScreenMagnifierPolicyHandler()
191    : IntRangePolicyHandlerBase(key::kScreenMagnifierType,
192                                0, ash::MAGNIFIER_FULL, false) {
193}
194
195ScreenMagnifierPolicyHandler::~ScreenMagnifierPolicyHandler() {
196}
197
198void ScreenMagnifierPolicyHandler::ApplyPolicySettings(
199    const PolicyMap& policies,
200    PrefValueMap* prefs) {
201  const base::Value* value = policies.GetValue(policy_name());
202  int value_in_range;
203  if (value && EnsureInRange(value, &value_in_range, NULL)) {
204    prefs->SetValue(prefs::kScreenMagnifierEnabled,
205                    base::Value::CreateBooleanValue(value_in_range != 0));
206    prefs->SetValue(prefs::kScreenMagnifierType,
207                    base::Value::CreateIntegerValue(value_in_range));
208  }
209}
210
211LoginScreenPowerManagementPolicyHandler::
212    LoginScreenPowerManagementPolicyHandler()
213    : TypeCheckingPolicyHandler(key::kDeviceLoginScreenPowerManagement,
214                                base::Value::TYPE_STRING) {
215}
216
217LoginScreenPowerManagementPolicyHandler::
218    ~LoginScreenPowerManagementPolicyHandler() {
219}
220
221bool LoginScreenPowerManagementPolicyHandler::CheckPolicySettings(
222    const PolicyMap& policies,
223    PolicyErrorMap* errors) {
224  const base::Value* value;
225  if (!CheckAndGetValue(policies, errors, &value))
226    return false;
227
228  if (!value)
229    return true;
230
231  std::string json;
232  value->GetAsString(&json);
233  return LoginScreenPowerManagementPolicy().Init(json, errors);
234}
235
236void LoginScreenPowerManagementPolicyHandler::ApplyPolicySettings(
237    const PolicyMap& policies,
238    PrefValueMap* prefs) {
239}
240
241}  // namespace policy
242