system-proxy: Propagate KerberosEnabled for user traffic

Also fix a use case where user credentials are always being sent for user traffic, regardless of the `ArcEnabled` setting. Bug: 1139905 Test: unit test Change-Id: Ia010653ea13cedd87049ca5537efbd107905151a Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2485091Reviewed-by: Andreea-Elena Costinas <acostinas@google.com> Reviewed-by: Pavol Marko <pmarko@chromium.org> Reviewed-by: Omar Morsi <omorsi@google.com> Commit-Queue: Andreea-Elena Costinas <acostinas@google.com> Cr-Commit-Position: refs/heads/master@{#820798}

system-proxy: Propagate KerberosEnabled for user traffic
Also fix a use case where user credentials are always being sent for user traffic, regardless of the `ArcEnabled` setting. Bug: 1139905 Test: unit test Change-Id: Ia010653ea13cedd87049ca5537efbd107905151a Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2485091Reviewed-by: Andreea-Elena Costinas <acostinas@google.com> Reviewed-by: Pavol Marko <pmarko@chromium.org> Reviewed-by: Omar Morsi <omorsi@google.com> Commit-Queue: Andreea-Elena Costinas <acostinas@google.com> Cr-Commit-Position: refs/heads/master@{#820798}
937339bb · Andreea Costinas · Commit Bot · 436a0339 · 937339bb · 937339bb
Commit 937339bb authored Oct 26, 2020 by Andreea Costinas Committed by Commit Bot Oct 26, 2020
2 changed files
--- a/chrome/browser/chromeos/policy/system_proxy_manager.cc
+++ b/chrome/browser/chromeos/policy/system_proxy_manager.cc
@@ -207,6 +207,11 @@ void SystemProxyManager::OnArcEnabledChanged() {
    return;
  }

+  if (local_state_->GetBoolean(prefs::kKerberosEnabled)) {
+    SendKerberosAuthenticationDetails();
+    return;
+  }
+
  system_proxy::SetAuthenticationDetailsRequest request;
  request.set_traffic_type(system_proxy::TrafficOrigin::USER);
  chromeos::SystemProxyClient::Get()->SetAuthenticationDetails(
@@ -235,7 +240,9 @@ void SystemProxyManager::SendUserAuthenticationCredentials(
  user_credentials.set_password(password);

  system_proxy::SetAuthenticationDetailsRequest request;
-  request.set_traffic_type(system_proxy::TrafficOrigin::ALL);
+  request.set_traffic_type(IsArcEnabled()
+                               ? system_proxy::TrafficOrigin::ALL
+                               : system_proxy::TrafficOrigin::SYSTEM);
  *request.mutable_credentials() = user_credentials;
  *request.mutable_protection_space() = protection_space;

@@ -250,7 +257,9 @@ void SystemProxyManager::SendKerberosAuthenticationDetails() {
  }

  system_proxy::SetAuthenticationDetailsRequest request;
-  request.set_traffic_type(system_proxy::TrafficOrigin::SYSTEM);
+  request.set_traffic_type(IsArcEnabled()
+                               ? system_proxy::TrafficOrigin::ALL
+                               : system_proxy::TrafficOrigin::SYSTEM);
  request.set_kerberos_enabled(
      local_state_->GetBoolean(prefs::kKerberosEnabled));
  if (primary_profile_) {

--- a/chrome/browser/chromeos/policy/system_proxy_manager_unittest.cc
+++ b/chrome/browser/chromeos/policy/system_proxy_manager_unittest.cc
@@ -160,22 +160,35 @@ TEST_F(SystemProxyManagerTest, ShutDownDaemon) {
 // Tests that |SystemProxyManager| sends the correct Kerberos details and
 // updates to System-proxy.
 TEST_F(SystemProxyManagerTest, KerberosConfig) {
+  int expected_set_auth_details_call_count = 0;
  SetPolicy(true /* system_proxy_enabled */, "" /* system_services_username */,
            "" /* system_services_password */);
+  EXPECT_EQ(++expected_set_auth_details_call_count,
+            client_test_interface()->GetSetAuthenticationDetailsCallCount());
+
  local_state_.Get()->SetBoolean(prefs::kKerberosEnabled, true);
-  EXPECT_EQ(2, client_test_interface()->GetSetAuthenticationDetailsCallCount());
+  EXPECT_EQ(++expected_set_auth_details_call_count,
+            client_test_interface()->GetSetAuthenticationDetailsCallCount());

  system_proxy::SetAuthenticationDetailsRequest request =
      client_test_interface()->GetLastAuthenticationDetailsRequest();
  EXPECT_FALSE(request.has_credentials());
  EXPECT_TRUE(request.kerberos_enabled());
+  EXPECT_EQ(request.traffic_type(), system_proxy::TrafficOrigin::SYSTEM);

  // Set an active principal name.
  profile_->GetPrefs()->SetString(prefs::kKerberosActivePrincipalName,
                                  kKerberosActivePrincipalName);
-  EXPECT_EQ(3, client_test_interface()->GetSetAuthenticationDetailsCallCount());
+  EXPECT_EQ(++expected_set_auth_details_call_count,
+            client_test_interface()->GetSetAuthenticationDetailsCallCount());
+
+  profile_->GetPrefs()->SetBoolean(arc::prefs::kArcEnabled, true);
+  EXPECT_EQ(++expected_set_auth_details_call_count,
+            client_test_interface()->GetSetAuthenticationDetailsCallCount());
+
  request = client_test_interface()->GetLastAuthenticationDetailsRequest();
  EXPECT_EQ(kKerberosActivePrincipalName, request.active_principal_name());
+  EXPECT_EQ(request.traffic_type(), system_proxy::TrafficOrigin::ALL);

  // Remove the active principal name.
  profile_->GetPrefs()->SetString(prefs::kKerberosActivePrincipalName, "");
@@ -269,6 +282,16 @@ TEST_F(SystemProxyManagerTest, UserCredentialsRequestedFromNetworkService) {
  ASSERT_TRUE(request.has_credentials());
  EXPECT_EQ(kBrowserUsername, request.credentials().username());
  EXPECT_EQ(kBrowserPassword, request.credentials().password());
+  EXPECT_EQ(request.traffic_type(), system_proxy::TrafficOrigin::SYSTEM);
+
+  // Enable ARC and verify that the credentials are sent both for user and
+  // system traffic.
+  profile_->GetPrefs()->SetBoolean(arc::prefs::kArcEnabled, true);
+  task_environment_.RunUntilIdle();
+  client_test_interface()->SendAuthenticationRequiredSignal(details);
+  task_environment_.RunUntilIdle();
+  request = client_test_interface()->GetLastAuthenticationDetailsRequest();
+  EXPECT_EQ(request.traffic_type(), system_proxy::TrafficOrigin::ALL);
 }

 // Tests that |SystemProxyManager| sends requests to start and shut down the