Set Service property ManagedCredentials for managed networks.

This allows autoconnect to policy pushed networks without the user having to manually trigger a successful connect once. BUG=424036 Review URL: https://codereview.chromium.org/647783005 Cr-Commit-Position: refs/heads/master@{#302433}

Set Service property ManagedCredentials for managed networks.
This allows autoconnect to policy pushed networks without the user having to manually trigger a successful connect once. BUG=424036 Review URL: https://codereview.chromium.org/647783005 Cr-Commit-Position: refs/heads/master@{#302433}
1ff2e0f5 · pneubeck · Commit bot · ed76c99e · 1ff2e0f5 · 1ff2e0f5
Commit 1ff2e0f5 authored Nov 03, 2014 by pneubeck Committed by Commit bot Nov 03, 2014
7 changed files
--- a/chromeos/network/managed_network_configuration_handler_unittest.cc
+++ b/chromeos/network/managed_network_configuration_handler_unittest.cc
@@ -417,6 +417,46 @@ TEST_F(ManagedNetworkConfigurationHandlerTest, SetPolicyManageUnconfigured) {
  message_loop_.RunUntilIdle();
 }
+TEST_F(ManagedNetworkConfigurationHandlerTest, EnableManagedCredentialsWiFi) {
+  InitializeStandardProfiles();
+  scoped_ptr<base::DictionaryValue> expected_shill_properties =
+      test_utils::ReadTestDictionary(
+          "policy/shill_policy_autoconnect_on_unconfigured_wifi1.json");
+  EXPECT_CALL(*mock_profile_client_,
+              GetProperties(dbus::ObjectPath(kUser1ProfilePath), _, _));
+  EXPECT_CALL(*mock_manager_client_,
+              ConfigureServiceForProfile(
+                  dbus::ObjectPath(kUser1ProfilePath),
+                  IsEqualTo(expected_shill_properties.get()),
+                  _, _));
+  SetPolicy(::onc::ONC_SOURCE_USER_POLICY, kUser1,
+            "policy/policy_wifi1_autoconnect.onc");
+  message_loop_.RunUntilIdle();
+}
+TEST_F(ManagedNetworkConfigurationHandlerTest, EnableManagedCredentialsVPN) {
+  InitializeStandardProfiles();
+  scoped_ptr<base::DictionaryValue> expected_shill_properties =
+      test_utils::ReadTestDictionary(
+          "policy/shill_policy_autoconnect_on_unconfigured_vpn.json");
+  EXPECT_CALL(*mock_profile_client_,
+              GetProperties(dbus::ObjectPath(kUser1ProfilePath), _, _));
+  EXPECT_CALL(*mock_manager_client_,
+              ConfigureServiceForProfile(
+                  dbus::ObjectPath(kUser1ProfilePath),
+                  IsEqualTo(expected_shill_properties.get()),
+                  _, _));
+  SetPolicy(::onc::ONC_SOURCE_USER_POLICY, kUser1,
+            "policy/policy_vpn_autoconnect.onc");
+  message_loop_.RunUntilIdle();
+}
 // Ensure that EAP settings for ethernet are matched with the right profile
 // entry and written to the dedicated EthernetEAP service.
 TEST_F(ManagedNetworkConfigurationHandlerTest,

--- a/chromeos/network/policy_util.cc
+++ b/chromeos/network/policy_util.cc
@@ -125,6 +125,38 @@ bool IsPolicyMatching(const base::DictionaryValue& policy,
  return false;
 }
+// Returns true if AutoConnect is enabled by |policy| (as mandatory or
+// recommended setting). Otherwise and on error returns false.
+bool IsAutoConnectEnabledInPolicy(const base::DictionaryValue& policy) {
+  std::string type;
+  policy.GetStringWithoutPathExpansion(::onc::network_config::kType, &type);
+  std::string autoconnect_key;
+  std::string network_dict_key;
+  if (type == ::onc::network_type::kWiFi) {
+    network_dict_key = ::onc::network_config::kWiFi;
+    autoconnect_key = ::onc::wifi::kAutoConnect;
+  } else if (type == ::onc::network_type::kVPN) {
+    network_dict_key = ::onc::network_config::kVPN;
+    autoconnect_key = ::onc::vpn::kAutoConnect;
+  } else {
+    VLOG(2) << "Network type without autoconnect property.";
+    return false;
+  }
+  const base::DictionaryValue* network_dict = NULL;
+  policy.GetDictionaryWithoutPathExpansion(network_dict_key, &network_dict);
+  if (!network_dict) {
+    LOG(ERROR) << "ONC doesn't contain a " << network_dict_key
+               << " dictionary.";
+    return false;
+  }
+  bool autoconnect = false;
+  network_dict->GetBooleanWithoutPathExpansion(autoconnect_key, &autoconnect);
+  return autoconnect;
+}
 base::DictionaryValue* GetOrCreateDictionary(const std::string& key,
                                             base::DictionaryValue* dict) {
  base::DictionaryValue* inner_dict = NULL;
@@ -324,6 +356,21 @@ scoped_ptr<base::DictionaryValue> CreateShillConfiguration(
  shill_dictionary->SetStringWithoutPathExpansion(shill::kProfileProperty,
                                                  profile.path);
+  // If AutoConnect is enabled by policy, set the ManagedCredentials property to
+  // indicate to Shill that this network can be used for autoconnect even
+  // without a manual and successful connection attempt.
+  // Note that this is only an indicator for the administrator's true intention,
+  // i.e. when the administrator enables AutoConnect, we assume that the network
+  // is indeed connectable.
+  // Ideally, we would know whether the (policy) provided credentials are
+  // complete and only set ManagedCredentials in that case.
+  if (network_policy && IsAutoConnectEnabledInPolicy(*network_policy)) {
+    VLOG(1) << "Enable ManagedCredentials for managed network with GUID "
+            << guid;
+    shill_dictionary->SetBooleanWithoutPathExpansion(
+        shill::kManagedCredentialsProperty, true);
+  }
  if (!network_policy && global_policy) {
    // The network isn't managed. Global network policies have to be applied.
    SetShillPropertiesForGlobalPolicy(

--- a/chromeos/test/data/network/policy/policy_vpn_autoconnect.onc
+++ b/chromeos/test/data/network/policy/policy_vpn_autoconnect.onc
+{
+  "NetworkConfigurations":[
+    {
+      "GUID":"{a3860e83-f03d-4cb1-bafa-b22c9e746950}",
+      "Name":"my vpn",
+      "Type":"VPN",
+      "VPN":{
+        "AutoConnect":true,
+        "Host":"vpn.my.domain.com",
+        "OpenVPN":{
+          "Password":"some password",
+          "Port":443,
+          "Proto":"udp",
+          "SaveCredentials":false,
+          "UserAuthenticationType":"Password",
+          "Username":"abc ${LOGIN_EMAIL} def"
+        },
+        "Type":"OpenVPN"
+      }
+    }
+  ],
+  "Type":"UnencryptedConfiguration"
+}
--- a/chromeos/test/data/network/policy/policy_wifi1_autoconnect.onc
+++ b/chromeos/test/data/network/policy/policy_wifi1_autoconnect.onc
+{
+  "NetworkConfigurations": [
+    {
+      "GUID": "policy_wifi1",
+      "Type": "WiFi",
+      "Name": "Managed wifi1",
+      "WiFi": {
+        "AutoConnect": true,
+        "Passphrase": "policy's passphrase",
+        "Recommended": [ "Passphrase" ],
+        "SSID": "wifi1",
+        "Security": "WPA-PSK"
+      }
+    }
+  ],
+  "Type": "UnencryptedConfiguration"
+}
--- a/chromeos/test/data/network/policy/shill_policy_autoconnect_on_unconfigured_vpn.json
+++ b/chromeos/test/data/network/policy/shill_policy_autoconnect_on_unconfigured_vpn.json
+{
+  "AutoConnect": true,
+  "GUID":"{a3860e83-f03d-4cb1-bafa-b22c9e746950}",
+  "ManagedCredentials": true,
+  "Name":"my vpn",
+  "OpenVPN.Password":"some password",
+  "OpenVPN.Port":"443",
+  "OpenVPN.Proto":"udp",
+  "OpenVPN.User":"abc ${LOGIN_EMAIL} def",
+  "Provider.Host":"vpn.my.domain.com",
+  "Provider.Type":"openvpn",
+  "Profile": "/profile/user1/shill",
+  "UIData": "{\"onc_source\":\"user_policy\"}",
+  "SaveCredentials":false,
+  "Type":"vpn"
+}
--- a/chromeos/test/data/network/policy/shill_policy_autoconnect_on_unconfigured_wifi1.json
+++ b/chromeos/test/data/network/policy/shill_policy_autoconnect_on_unconfigured_wifi1.json
+{
+  "AutoConnect": true,
+  "GUID": "policy_wifi1",
+  "ManagedCredentials": true,
+  "Mode": "managed",
+  "Passphrase": "policy's passphrase",
+  "Profile": "/profile/user1/shill",
+  "Security": "psk",
+  "Type": "wifi",
+  "UIData": "{\"onc_source\":\"user_policy\"}",
+  "WiFi.HexSSID": "7769666931"  // "wifi1"
+}
--- a/chromeos/test/data/network/policy/shill_policy_on_managed_vpn.json
+++ b/chromeos/test/data/network/policy/shill_policy_on_managed_vpn.json
@@ -14,4 +14,3 @@
  "SaveCredentials":false,
  "Type":"vpn"
 }