[Chromoting] Implement the host domain policy.

remoting/host/plugin/host_script_object.cc

Index: remoting/host/plugin/host_script_object.cc
diff --git a/remoting/host/plugin/host_script_object.cc b/remoting/host/plugin/host_script_object.cc
index de067551234ef7e53a4351c236206955c704cf8e..5ebe5fd05fb7f21c55e53faa3b2dfda1016306f8 100644
--- a/remoting/host/plugin/host_script_object.cc
+++ b/remoting/host/plugin/host_script_object.cc
@@ -78,6 +78,14 @@ const int kMaxLoginAttempts = 5;
 // more than 2 threads.
 const int kMaxWorkerPoolThreads = 2;
 
+// Whether a given string ends with a given suffix.
+bool EndsWith(std::string s, std::string suffix) {

[Sergey Ulanov, 2012/07/31 20:59:53]

reuse base::EndsWith()?

[simonmorris, 2012/07/31 23:16:10]

Done.

+  if (s.length() < suffix.length()) {
+    return false;
+  }
+  return s.compare(s.length() - suffix.length(), suffix.length(), suffix) == 0;
+}
+
 }  // namespace
 
 HostNPScriptObject::HostNPScriptObject(
@@ -542,6 +550,13 @@ void HostNPScriptObject::FinishConnectNetworkThread(
     return;
   }
 
+  // Check the host domain policy.
+  if (!host_domain_.empty() &&
+      !EndsWith(uid, std::string("@") + host_domain_)) {
+    SetState(kError);
+    return;
+  }
+
   // Verify that DesktopEnvironment has been created.
   if (desktop_environment_.get() == NULL) {
     SetState(kError);
@@ -876,11 +891,14 @@ void HostNPScriptObject::DisconnectInternal() {
       return;
 
     default:
-      DCHECK(host_);
       SetState(kDisconnecting);
 
+      if (!host_) {
+        OnShutdownFinished();
+        return;
+      }
       // ChromotingHost::Shutdown() may destroy SignalStrategy
-      // synchronously, bug SignalStrategy::Listener handlers are not
+      // synchronously, but SignalStrategy::Listener handlers are not
       // allowed to destroy SignalStrategy, so post task to call
       // Shutdown() later.
       host_context_->network_task_runner()->PostTask(
@@ -888,6 +906,7 @@ void HostNPScriptObject::DisconnectInternal() {
               &ChromotingHost::Shutdown, host_,
               base::Bind(&HostNPScriptObject::OnShutdownFinished,
                          base::Unretained(this))));
+      return;
   }
 }
 
@@ -908,22 +927,26 @@ void HostNPScriptObject::OnPolicyUpdate(
   }
 
   bool bool_value;
+  std::string string_value;

[Sergey Ulanov, 2012/07/31 20:59:53]

move this below to where it's used. Also use a better name for it, e.g.
domain_policy?

[simonmorris, 2012/07/31 23:16:10]

Done.

   if (policies->GetBoolean(policy_hack::PolicyWatcher::kNatPolicyName,
                            &bool_value)) {
-    OnNatPolicyUpdate(bool_value);
+    UpdateNatPolicy(bool_value);
+  }
+  if (policies->GetString(policy_hack::PolicyWatcher::kHostDomainPolicyName,

[Sergey Ulanov, 2012/07/31 20:59:53]

We always expect this value to be present - DCHECK if it's not there?
Same with kNatPolicyName

[simonmorris, 2012/07/31 23:16:10]

PolicyWatcher only emits changed policy values, so that its clients don't have
to compare new values to old values. So this value is only guaranteed to exist
the first time OnPolicyUpdate is called.

+                          &string_value)) {
+    UpdateHostDomainPolicy(string_value);
   }
-}
 
-void HostNPScriptObject::OnNatPolicyUpdate(bool nat_traversal_enabled) {
-  if (!host_context_->network_task_runner()->BelongsToCurrentThread()) {
-    host_context_->network_task_runner()->PostTask(
-        FROM_HERE,
-        base::Bind(&HostNPScriptObject::OnNatPolicyUpdate,
-                   base::Unretained(this), nat_traversal_enabled));
-    return;
+  if (!pending_connect_.is_null()) {
+    pending_connect_.Run();
+    pending_connect_.Reset();
   }
+}
 
-  VLOG(2) << "OnNatPolicyUpdate: " << nat_traversal_enabled;
+void HostNPScriptObject::UpdateNatPolicy(bool nat_traversal_enabled) {
+  DCHECK(host_context_->network_task_runner()->BelongsToCurrentThread());
+
+  VLOG(2) << "UpdateNatPolicy: " << nat_traversal_enabled;
 
   // When transitioning from enabled to disabled, force disconnect any
   // existing session.
@@ -938,11 +961,20 @@ void HostNPScriptObject::OnNatPolicyUpdate(bool nat_traversal_enabled) {
   }
 
   UpdateWebappNatPolicy(nat_traversal_enabled_);
+}
 
-  if (!pending_connect_.is_null()) {
-    pending_connect_.Run();
-    pending_connect_.Reset();
+void HostNPScriptObject::UpdateHostDomainPolicy(
+    const std::string& host_domain) {
+  DCHECK(host_context_->network_task_runner()->BelongsToCurrentThread());
+
+  VLOG(2) << "UpdateHostDomainPolicy: " << host_domain;
+
+  // When setting a host domain policy, force disconnect any existing session.
+  if (!host_domain.empty() && state_ != kStarting) {

[Sergey Ulanov, 2012/07/31 20:59:53]

hm. This will disconnect all connection even when domain hasn't changed. add
host_domain_ != host_domain condition?

[simonmorris, 2012/07/31 23:16:10]

If the domain hasn't changed, the PolicyWatcher won't pass it to
OnPolicyUpdate().

+    DisconnectInternal();
   }
+
+  host_domain_ = host_domain;
 }
 
 void HostNPScriptObject::OnReceivedSupportID(