Parse ONC for ${PASSWORD} and set a flag to indicate that shill should

use the login password if this substitution variable exists. BUG=chromium:386606 Change-Id: I8b4a804dbee1ebf38afcbc7a381d5f4df515a8da Reviewed-on: https://chromium-review.googlesource.com/868507 Commit-Queue: May Lippert <maybelle@chromium.org> Reviewed-by: Zentaro Kavanagh <zentaro@chromium.org> Reviewed-by: Steven Bennetts <stevenjb@chromium.org> Cr-Commit-Position: refs/heads/master@{#532076}

Parse ONC for ${PASSWORD} and set a flag to indicate that shill should
use the login password if this substitution variable exists. BUG=chromium:386606 Change-Id: I8b4a804dbee1ebf38afcbc7a381d5f4df515a8da Reviewed-on: https://chromium-review.googlesource.com/868507 Commit-Queue: May Lippert <maybelle@chromium.org> Reviewed-by: Zentaro Kavanagh <zentaro@chromium.org> Reviewed-by: Steven Bennetts <stevenjb@chromium.org> Cr-Commit-Position: refs/heads/master@{#532076}
40ed6ba3 · May Lippert · Commit Bot · ec669fd0 · 40ed6ba3 · 40ed6ba3
Commit 40ed6ba3 authored Jan 26, 2018 by May Lippert Committed by Commit Bot Jan 26, 2018
8 changed files
--- a/chromeos/network/onc/onc_translator_onc_to_shill.cc
+++ b/chromeos/network/onc/onc_translator_onc_to_shill.cc
@@ -318,6 +318,16 @@ void LocalTranslator::TranslateEAP() {
  SetClientCertProperties(client_cert::CONFIG_TYPE_EAP, onc_object_,
                          shill_dictionary_);
+  // Set shill::kEapUseLoginPasswordProperty according to whether or not the
+  // password substitution variable is set.
+  const base::Value* password_field =
+      onc_object_->FindKey(::onc::eap::kPassword);
+  if (password_field &&
+      password_field->GetString() == ::onc::substitutes::kPasswordField) {
+    shill_dictionary_->SetKey(shill::kEapUseLoginPasswordProperty,
+                              base::Value(true));
+  }
  CopyFieldsAccordingToSignature();
 }

--- a/chromeos/network/onc/onc_translator_shill_to_onc.cc
+++ b/chromeos/network/onc/onc_translator_shill_to_onc.cc
@@ -700,6 +700,14 @@ void ShillToONCTranslator::TranslateEap() {
    onc_object_->SetKey(::onc::client_cert::kClientCertPKCS11Id,
                        base::Value(shill_cert_id));
  }
+  bool use_login_password = false;
+  if (shill_dictionary_->GetBooleanWithoutPathExpansion(
+          shill::kEapUseLoginPasswordProperty, &use_login_password) &&
+      use_login_password) {
+    onc_object_->SetKey(::onc::eap::kPassword,
+                        base::Value(::onc::substitutes::kPasswordField));
+  }
 }
 void ShillToONCTranslator::TranslateAndAddNestedObject(

--- a/chromeos/network/onc/onc_translator_unittest.cc
+++ b/chromeos/network/onc/onc_translator_unittest.cc
@@ -72,7 +72,11 @@ INSTANTIATE_TEST_CASE_P(
        std::make_pair("cellular.onc", "shill_cellular.json"),
        std::make_pair("wimax.onc", "shill_wimax.json"),
        std::make_pair("third_party_vpn.onc", "shill_third_party_vpn.json"),
-        std::make_pair("arc_vpn.onc", "shill_arc_vpn.json")));
+        std::make_pair("arc_vpn.onc", "shill_arc_vpn.json"),
+        std::make_pair("wifi_eap_ttls_with_password_variable.onc",
+                       "shill_wifi_eap_ttls_with_password_variable.json"),
+        std::make_pair("wifi_eap_ttls_with_hardcoded_password.onc",
+                       "shill_wifi_eap_ttls_with_hardcoded_password.json")));
 // First parameter: Filename of source Shill json.
 // Second parameter: Filename of expected translated ONC network part.
@@ -142,7 +146,13 @@ INSTANTIATE_TEST_CASE_P(
        std::make_pair("shill_wimax_with_state.json",
                       "translation_of_shill_wimax_with_state.onc"),
        std::make_pair("shill_output_third_party_vpn.json",
-                       "third_party_vpn.onc")));
+                       "third_party_vpn.onc"),
+        std::make_pair(
+            "shill_wifi_eap_ttls_with_password_variable.json",
+            "translation_of_shill_wifi_eap_ttls_with_password_variable.onc"),
+        std::make_pair(
+            "shill_wifi_eap_ttls_with_hardcoded_password.json",
+            "translation_of_shill_wifi_eap_ttls_with_hardcoded_password.onc")));
 }  // namespace onc
 }  // namespace chromeos
--- a/chromeos/network/onc/onc_utils.cc
+++ b/chromeos/network/onc/onc_utils.cc
@@ -359,6 +359,13 @@ class OncMaskValues : public Mapper {
      bool* found_unknown_field,
      bool* error) override {
    if (FieldIsCredential(object_signature, field_name)) {
+      // If it's the password field and the substitution string is used, don't
+      // mask it.
+      if (&object_signature == &kEAPSignature && field_name == eap::kPassword &&
+          onc_value.GetString() == substitutes::kPasswordField) {
+        return Mapper::MapField(field_name, object_signature, onc_value,
+                                found_unknown_field, error);
+      }
      return std::unique_ptr<base::Value>(new base::Value(mask_));
    } else {
      return Mapper::MapField(field_name, object_signature, onc_value,

--- a/chromeos/test/data/network/shill_wifi_eap_ttls_with_hardcoded_password.json
+++ b/chromeos/test/data/network/shill_wifi_eap_ttls_with_hardcoded_password.json
+{
+   "EAP.EAP": "TTLS",
+   "EAP.Identity": "my_identity",
+   "EAP.InnerEAP": "auth=MSCHAPV2",
+   "EAP.UseSystemCAs": true,
+   "EAP.Password": "my_password",
+   "GUID": "{77db0089-0bc8-4358-929c-123xcv}",
+   "Mode": "managed",
+   "SaveCredentials": true,
+   "SecurityClass": "802_1x",
+   "Type": "wifi"
+}
--- a/chromeos/test/data/network/shill_wifi_eap_ttls_with_password_variable.json
+++ b/chromeos/test/data/network/shill_wifi_eap_ttls_with_password_variable.json
+{
+   "EAP.EAP": "TTLS",
+   "EAP.Identity": "my_identity",
+   "EAP.InnerEAP": "auth=MSCHAPV2",
+   "EAP.UseSystemCAs": true,
+   "EAP.Password": "${PASSWORD}",
+   "EAP.UseLoginPassword": true,
+   "GUID": "{77db0089-0bc8-4358-929c-123xcv}",
+   "Mode": "managed",
+   "SaveCredentials": true,
+   "SecurityClass": "802_1x",
+   "Type": "wifi"
+}
--- a/chromeos/test/data/network/translation_of_shill_wifi_eap_ttls_with_hardcoded_password.onc
+++ b/chromeos/test/data/network/translation_of_shill_wifi_eap_ttls_with_hardcoded_password.onc
+{
+  "GUID": "{77db0089-0bc8-4358-929c-123xcv}",
+  "Type": "WiFi",
+  "Name": "",
+  "WiFi": {
+    "Security": "WPA-EAP",
+    "EAP": {
+      "Outer": "EAP-TTLS",
+      "Inner": "MSCHAPv2",
+      "Identity": "my_identity",
+      "Password": "my_password",
+      "UseSystemCAs": true,
+      "SaveCredentials": true
+    }
+  },
+}
--- a/chromeos/test/data/network/translation_of_shill_wifi_eap_ttls_with_password_variable.onc
+++ b/chromeos/test/data/network/translation_of_shill_wifi_eap_ttls_with_password_variable.onc
+{
+  "GUID": "{77db0089-0bc8-4358-929c-123xcv}",
+  "Type": "WiFi",
+  "Name": "",
+  "WiFi": {
+    "Security": "WPA-EAP",
+    "EAP": {
+      "Outer": "EAP-TTLS",
+      "Inner": "MSCHAPv2",
+      "Identity": "my_identity",
+      "Password": "${PASSWORD}",
+      "UseSystemCAs": true,
+      "SaveCredentials": true
+    }
+  },
+}