Enforce the RemoteAccessHostRequireCurtain policy on all platforms.

remoting/host/remoting_me2me_host.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 //
 // This file implements a standalone host process for Me2Me.
 
 #include <string>
 
 #include "base/at_exit.h"
 #include "base/bind.h"
@@ skipping 225 matching lines @@
   std::string xmpp_login_;
   std::string xmpp_auth_token_;
   std::string xmpp_auth_service_;
 
   scoped_ptr<policy_hack::PolicyWatcher> policy_watcher_;
   bool allow_nat_traversal_;
   std::string talkgadget_prefix_;
 
   scoped_ptr<CurtainMode> curtain_;
   scoped_ptr<CurtainingHostObserver> curtaining_host_observer_;
+  bool curtain_required_;
 
   bool restarting_;
   bool shutting_down_;
 
   scoped_ptr<DesktopEnvironmentFactory> desktop_environment_factory_;
   scoped_ptr<DesktopResizer> desktop_resizer_;
   scoped_ptr<ResizingHostObserver> resizing_host_observer_;
   scoped_ptr<XmppSignalStrategy> signal_strategy_;
   scoped_ptr<SignalingConnector> signaling_connector_;
   scoped_ptr<HeartbeatSender> heartbeat_sender_;
   scoped_ptr<LogToServer> log_to_server_;
   scoped_ptr<HostEventLogger> host_event_logger_;
 
   scoped_ptr<HostUserInterface> host_user_interface_;
 
   scoped_refptr<ChromotingHost> host_;
 
 #if defined(REMOTING_MULTI_PROCESS)
   DesktopSessionConnector* desktop_session_connector_;
 #endif  // defined(REMOTING_MULTI_PROCESS)
 
   int exit_code_;
 };
 
 HostProcess::HostProcess(scoped_ptr<ChromotingHostContext> context)
     : context_(context.Pass()),
       allow_nat_traversal_(true),
+      curtain_required_(false),
       restarting_(false),
       shutting_down_(false),
       desktop_resizer_(DesktopResizer::Create()),
 #if defined(REMOTING_MULTI_PROCESS)
       desktop_session_connector_(NULL),
 #endif  // defined(REMOTING_MULTI_PROCESS)
       exit_code_(kSuccessExitCode) {
   network_change_notifier_.reset(net::NetworkChangeNotifier::Create());
   curtain_ = CurtainMode::Create(
       base::Bind(&HostProcess::OnDisconnectRequested,
@@ skipping 420 matching lines @@
     LOG(INFO) << "Updated NAT policy.";
     return true;
   }
   return false;
 }
 
 bool HostProcess::OnCurtainPolicyUpdate(bool curtain_required) {
   // Returns true if the host has to be restarted after this policy update.
   DCHECK(context_->network_task_runner()->BelongsToCurrentThread());
 
-#if defined(OS_MACOSX)
-  if (curtain_required) {
-    // If curtain mode is required, then we can't currently support remoting
-    // the login screen. This is because we don't curtain the login screen
-    // and the current daemon architecture means that the connction is closed
-    // immediately after login, leaving the host system uncurtained.
-    //
-    // TODO(jamiewalch): Fix this once we have implemented the multi-process
-    // daemon architecture (crbug.com/134894)
-    if (getuid() == 0) {
-      Shutdown(kLoginScreenNotSupportedExitCode);
-      return false;
-    }
-  }
-#endif
-  if (curtain_->required() != curtain_required) {
+  if (curtain_required_ != curtain_required) {
+    curtain_required_ = curtain_required;
     LOG(INFO) << "Updated curtain policy.";

[Jamie, 2012/11/07 00:27:49]

While you're here, it would be useful to log the new value.

[Wez, 2012/11/07 02:37:32]

I'll be following up shortly to add an ignore-policies policy, so I'll add
printout of policy values there.

[Wez, 2012/11/07 02:37:32]

I've update the logging of all the policy values, rather than single this one
out for special treatment.

-    curtain_->set_required(curtain_required);
+    curtaining_host_observer_->SetEnableCurtaining(curtain_required_);

[rmsousa, 2012/11/07 00:19:16]

Note that the RestartHost immediately after this will kick out all the remote
clients. So doing this immediately here and also curtaining the local console
seems a bit redundant.

[Wez, 2012/11/07 02:37:32]

It'll curtain the local console iff there's a connection active to it, which is
correct wrt the intent of the policy.

     return true;
   }
   return false;
 }
 
 bool HostProcess::OnHostTalkGadgetPrefixPolicyUpdate(
     const std::string& talkgadget_prefix) {
   // Returns true if the host has to be restarted after this policy update.
   DCHECK(context_->network_task_runner()->BelongsToCurrentThread());
 
@@ skipping 67 matching lines @@
   host_event_logger_ = HostEventLogger::Create(host_, kApplicationName);
 
 #if defined(OS_LINUX)
   // Desktop resizing is implemented on all three platforms, but may not be
   // the right thing to do for non-virtual desktops. Disable it until we can
   // implement a configuration UI.
   resizing_host_observer_.reset(
       new ResizingHostObserver(desktop_resizer_.get(), host_));
 #endif
 
-  // Curtain mode is currently broken on Mac (the only supported platform),
-  // so it's disabled until we've had time to fully investigate.
-  //    curtaining_host_observer_.reset(new CurtainingHostObserver(
-  //          curtain_.get(), host_));
+  // Create a host observer to enable/disable curtain mode as clients connect
+  // and disconnect.
+  curtaining_host_observer_.reset(new CurtainingHostObserver(

[rmsousa, 2012/11/07 00:19:16]

You need to SetEnableCurtaining again in the new object.

[Wez, 2012/11/07 02:37:32]

Done.

+                                  curtain_.get(), host_));
 
   if (host_user_interface_.get()) {
     host_user_interface_->Start(
         host_, base::Bind(&HostProcess::OnDisconnectRequested,
                           base::Unretained(this)));
   }
 
   host_->Start(xmpp_login_);
 
   CreateAuthenticatorFactory();
@@ skipping 186 matching lines @@
             user32.GetFunctionPointer("SetProcessDPIAware"));
     set_process_dpi_aware();
   }
 
   // CommandLine::Init() ignores the passed |argc| and |argv| on Windows getting
   // the command line from GetCommandLineW(), so we can safely pass NULL here.
   return main(0, NULL);
 }
 
 #endif  // defined(OS_WIN)