remoting/host/access_verifier.cc - Issue 6518012: Use case-insensitive comparison when comparing JIDs.

Side by Side Diff: remoting/host/access_verifier.cc

Issue 6518012: Use case-insensitive comparison when comparing JIDs. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/remoting/host

Patch Set: added test Created 9 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "remoting/host/access_verifier.h"	5 #include "remoting/host/access_verifier.h"

6	6

7 #include "base/logging.h"	7 #include "base/logging.h"

8 #include "base/string_util.h"	8 #include "base/string_util.h"

9 #include "remoting/host/host_config.h"	9 #include "remoting/host/host_config.h"

10 #include "remoting/proto/auth.pb.h"	10 #include "remoting/proto/auth.pb.h"

(...skipping 17 matching lines...) Expand all Loading...
28 initialized_ = true;	28 initialized_ = true;

29	29

30 return true;	30 return true;

31 }	31 }

32	32

33 bool AccessVerifier::VerifyPermissions(	33 bool AccessVerifier::VerifyPermissions(

34 const std::string& client_jid,	34 const std::string& client_jid,

35 const std::string& encoded_access_token) {	35 const std::string& encoded_access_token) {

36 CHECK(initialized_);	36 CHECK(initialized_);

37 // Check that the client has the same bare jid as the host, i.e.	37 // Check that the client has the same bare jid as the host, i.e.

38 // client's full jid starts with host's bare jid.	38 // client's full JID starts with host's bare jid. Comparison is case

39 if (!StartsWithASCII(client_jid, host_jid_prefix_, true)) {	39 // insensitive.

	40 if (!StartsWithASCII(client_jid, host_jid_prefix_, false)) {
	awong 2011/02/14 20:25:54 I'm thinking that we should preface this with an I I'm thinking that we should preface this with an IsStringASCII check. Reading through the jingle docs, it seems like they might not always be ascii if we're outside of the google talk network (eg., federated XMPP user). Sergey Ulanov 2011/02/14 21:38:20 Added IsStringASCII() verification, not sure if it Show quoted text On 2011/02/14 20:25:54, awong wrote: > I'm thinking that we should preface this with an IsStringASCII check. > > Reading through the jingle docs, it seems like they might not always be ascii if > we're outside of the google talk network (eg., federated XMPP user). Added IsStringASCII() verification, not sure if it matters though: StartsWithASCII() should ignore case only for ASCII characters. awong 2011/02/14 21:59:06 I'm not 100% sure it does... It falls down to strn Show quoted text On 2011/02/14 21:38:20, sergeyu wrote: > On 2011/02/14 20:25:54, awong wrote: > > I'm thinking that we should preface this with an IsStringASCII check. > > > > Reading through the jingle docs, it seems like they might not always be ascii > if > > we're outside of the google talk network (eg., federated XMPP user). > Added IsStringASCII() verification, not sure if it matters though: > StartsWithASCII() should ignore case only for ASCII characters. I'm not 100% sure it does... It falls down to strncasecmp which I would expect understands locale and can do all sorts of fun things. Sergey Ulanov 2011/02/14 22:05:36 Yes, you are right. Thanks for catching this! Show quoted text On 2011/02/14 21:59:06, awong wrote: > On 2011/02/14 21:38:20, sergeyu wrote: > > On 2011/02/14 20:25:54, awong wrote: > > > I'm thinking that we should preface this with an IsStringASCII check. > > > > > > Reading through the jingle docs, it seems like they might not always be > ascii > > if > > > we're outside of the google talk network (eg., federated XMPP user). > > Added IsStringASCII() verification, not sure if it matters though: > > StartsWithASCII() should ignore case only for ASCII characters. > > I'm not 100% sure it does... It falls down to strncasecmp which I would expect > understands locale and can do all sorts of fun things. Yes, you are right. Thanks for catching this!
40 return false;	41 return false;

41 }	42 }

42	43

43 // Decode the auth token.	44 // Decode the auth token.

44 protocol::ClientAuthToken client_token;	45 protocol::ClientAuthToken client_token;

45 if (!DecodeClientAuthToken(encoded_access_token, &client_token)) {	46 if (!DecodeClientAuthToken(encoded_access_token, &client_token)) {

46 return false;	47 return false;

47 }	48 }

48	49

49 // Kick off directory access permissions.	50 // Kick off directory access permissions.

50 // TODO(ajwong): Actually implement this.	51 // TODO(ajwong): Actually implement this.

51 return true;	52 return true;

52 }	53 }

53	54

54 bool AccessVerifier::DecodeClientAuthToken(	55 bool AccessVerifier::DecodeClientAuthToken(

55 const std::string& encoded_client_token,	56 const std::string& encoded_client_token,

56 protocol::ClientAuthToken* client_token) {	57 protocol::ClientAuthToken* client_token) {

57 // TODO(ajwong): Implement this.	58 // TODO(ajwong): Implement this.

58 NOTIMPLEMENTED();	59 NOTIMPLEMENTED();

59 return true;	60 return true;

60 }	61 }

61	62

62 } // namespace remoting	63 } // namespace remoting

OLD	NEW

« no previous file with comments | « no previous file | remoting/host/access_verifier_unittest.cc » ('j') | no next file with comments »