Block event processing on host/client until the client has authenticated.

remoting/protocol/host_message_dispatcher.cc

Index: remoting/protocol/host_message_dispatcher.cc
diff --git a/remoting/protocol/host_message_dispatcher.cc b/remoting/protocol/host_message_dispatcher.cc
index 1e1eea89d95b43973e4fa6815d8eee5bbe7edbd1..00f72c7a24b49e6fef8c5d8eed30fe7bd780eb5c 100644
--- a/remoting/protocol/host_message_dispatcher.cc
+++ b/remoting/protocol/host_message_dispatcher.cc
@@ -48,30 +48,46 @@ void HostMessageDispatcher::Initialize(
 
 void HostMessageDispatcher::OnControlMessageReceived(
     ControlMessage* message, Task* done_task) {
-  // TODO(sergeyu): Add message validation.
-  if (message->has_suggest_resolution()) {
-    host_stub_->SuggestResolution(&message->suggest_resolution(), done_task);
-  } else if (message->has_begin_session_request()) {
-    host_stub_->BeginSessionRequest(
-        &message->begin_session_request().credentials(), done_task);
+  if (!host_stub_->enabled()) {
+    // When the client has not authenticated with the host, we restrict the
+    // control messages that we support.
+    if (message->has_begin_session_request()) {
+      host_stub_->BeginSessionRequest(
+          &message->begin_session_request().credentials(), done_task);
+      return;
+    } else {
+      LOG(WARNING) << "Invalid control message received "
+                   << "(client not authenticated).";
+    }
   } else {
-    LOG(WARNING) << "Invalid control message received.";
-    done_task->Run();
-    delete done_task;
+    // TODO(sergeyu): Add message validation.
+    if (message->has_suggest_resolution()) {
+      host_stub_->SuggestResolution(&message->suggest_resolution(), done_task);
+      return;
+    } else if (message->has_begin_session_request()) {
+      LOG(WARNING) << "BeginSessionRequest sent after client already "
+                   << "authorized.";
+    } else {
+      LOG(WARNING) << "Invalid control message received.";
+    }
   }
+  done_task->Run();
+  delete done_task;
 }
 
 void HostMessageDispatcher::OnEventMessageReceived(
     EventMessage* message, Task* done_task) {
-  // TODO(sergeyu): Add message validation.
-  if (message->has_key_event()) {
-    input_stub_->InjectKeyEvent(&message->key_event(), done_task);
-  } else if (message->has_mouse_event()) {
-    input_stub_->InjectMouseEvent(&message->mouse_event(), done_task);
-  } else {
-    LOG(WARNING) << "Invalid event message received.";
-    done_task->Run();
-    delete done_task;
+  if (input_stub_->enabled()) {
+    // TODO(sergeyu): Add message validation.
+    if (message->has_key_event()) {
+      input_stub_->InjectKeyEvent(&message->key_event(), done_task);
+    } else if (message->has_mouse_event()) {
+      input_stub_->InjectMouseEvent(&message->mouse_event(), done_task);
+    } else {
+      LOG(WARNING) << "Invalid event message received.";
+      done_task->Run();
+      delete done_task;
+    }

[Wez, 2011/03/04 12:09:38]

Why do we store whether the "stubs" are enabled/disabled in each stub, and then
enforce whether they accept messages in a different class?  That seems kinda
complicated.
Could we instead have a completed separate Dispatcher prior to authentication,
and once authenticated switch to the main Dispatcher, so that there is a
completely clear separation of code paths before and after authentication?

[garykac, 2011/03/04 20:28:02]

My initial approach was to do everything at the stub level, but it was suggested
that it would be better to:
(1) cut off processing as early as possible and
(2) have 1 central place to enable/disable, namely connection_to_host (or
client).

Ideally, I would have liked to cut off message decoding, but I can't do that for
the control channel.  For the input channel, if I defer creation of the input
stub (as you suggest elsewhere) then that would address that.

I'm not sure a separate dispatcher is needed since all it does is replace an
if-statement and it spreads the message handling across multiple files. But I'm
open to arguments (although I don't think it's worth doing for this CL).

   }
 }