Framework to allow Chromoting host to respect NAT traversal policy in linux.

remoting/host/plugin/host_script_object.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "remoting/host/plugin/host_script_object.h"
 
 #include "base/bind.h"
 #include "base/message_loop.h"
 #include "base/threading/platform_thread.h"
 #include "remoting/base/auth_token_util.h"
 #include "remoting/base/util.h"
 #include "remoting/host/chromoting_host.h"
 #include "remoting/host/chromoting_host_context.h"
 #include "remoting/host/desktop_environment.h"
 #include "remoting/host/host_config.h"
 #include "remoting/host/host_key_pair.h"
 #include "remoting/host/in_memory_host_config.h"
 #include "remoting/host/plugin/host_plugin_utils.h"
+#include "remoting/host/plugin/policy_hack/nat_policy.h"
 #include "remoting/host/register_support_host_request.h"
 #include "remoting/host/support_access_verifier.h"
 
 namespace remoting {
 
 // Supported Javascript interface:
 // readonly attribute string accessCode;
 // readonly attribute int accessCodeLifetime;
 // readonly attribute string client;
 // readonly attribute int state;
@@ skipping 46 matching lines @@
 static logging::LogMessageHandlerFunction g_logging_old_handler = NULL;
 
 HostNPScriptObject::HostNPScriptObject(NPP plugin, NPObject* parent)
     : plugin_(plugin),
       parent_(parent),
       state_(kDisconnected),
       log_debug_info_func_(NULL),
       on_state_changed_func_(NULL),
       np_thread_id_(base::PlatformThread::CurrentId()),
       failed_login_attempts_(0),
-      disconnected_event_(true, false) {
+      disconnected_event_(true, false),
+      nat_traversal_enabled_(false),

[dmac, 2011/08/11 18:42:55]

isn't nat_traversal_enabled by default?

[awong, 2011/08/11 19:04:07]

I want the policy code to own the on-off logic, so the having a neutral state of
borked seems like a good thing. :)

+      policy_received_(false) {
   // Set up log message handler.
   // Note that this approach doesn't quite support having multiple instances
   // of Chromoting running. In that case, the most recently opened tab will
   // grab all the debug log messages, and when any Chromoting tab is closed
   // the logging handler will go away.
   // Since having multiple Chromoting tabs is not a primary use case, and this
   // is just debug logging, we're punting improving debug log support for that
   // case.
   if (g_logging_old_handler == NULL)
     g_logging_old_handler = logging::GetLogMessageHandler();
   logging::SetLogMessageHandler(&LogToUI);
   g_logging_scriptable_object = this;
 
   VLOG(2) << "HostNPScriptObject";
   host_context_.SetUITaskPostFunction(base::Bind(
       &HostNPScriptObject::PostTaskToNPThread, base::Unretained(this)));
 }
 
 HostNPScriptObject::~HostNPScriptObject() {
   CHECK_EQ(base::PlatformThread::CurrentId(), np_thread_id_);
 
   // Shutdown DesktopEnvironment first so that it doesn't try to post
   // tasks on the UI thread while we are stopping the host.
   desktop_environment_->Shutdown();
 
   logging::SetLogMessageHandler(g_logging_old_handler);
   g_logging_old_handler = NULL;
   g_logging_scriptable_object = NULL;
 
+  // Stop listening for policy updates.
+  if (nat_policy_.get()) {
+    base::WaitableEvent nat_policy_stopped_(true, false);
+    nat_policy_->StopWatching(&nat_policy_stopped_);
+    nat_policy_stopped_.Wait();
+    nat_policy_.reset();
+  }
+
   // Disconnect synchronously. We cannot disconnect asynchronously
   // here because |host_context_| needs to be stopped on the plugin
   // thread, but the plugin thread may not exist after the instance
   // is destroyed.
   destructing_.Set();
   disconnected_event_.Reset();
   DisconnectInternal();
   disconnected_event_.Wait();
 
   // Stop all threads.
   host_context_.Stop();
 
   if (log_debug_info_func_) {
     g_npnetscape_funcs->releaseobject(log_debug_info_func_);
   }
   if (on_state_changed_func_) {
     g_npnetscape_funcs->releaseobject(on_state_changed_func_);
   }
 }
 
 bool HostNPScriptObject::Init() {
   VLOG(2) << "Init";
   // TODO(wez): This starts a bunch of threads, which might fail.
   host_context_.Start();
+  nat_policy_.reset(policy_hack::NatPolicy::Create(
+      host_context_.network_message_loop(),
+      base::Bind(&HostNPScriptObject::OnNatPolicyUpdate,
+                 base::Unretained(this))));
+  nat_policy_->StartWatching();
   return true;
 }
 
 bool HostNPScriptObject::HasMethod(const std::string& method_name) {
   VLOG(2) << "HasMethod " << method_name;
   CHECK_EQ(base::PlatformThread::CurrentId(), np_thread_id_);
   return (method_name == kFuncNameConnect ||
           method_name == kFuncNameDisconnect);
 }
 
@@ skipping 221 matching lines @@
   std::string auth_service_with_token = StringFromNPVariant(args[1]);
   std::string auth_token;
   std::string auth_service;
   ParseAuthTokenWithService(auth_service_with_token, &auth_token,
                             &auth_service);
   if (auth_token.empty()) {
     SetException("connect: auth_service_with_token argument has empty token");
     return false;
   }
 
-  ConnectInternal(uid, auth_token, auth_service);
+  ReadPolicyAndConnect(uid, auth_token, auth_service);
 
   return true;
 }
 
+void HostNPScriptObject::ReadPolicyAndConnect(const std::string& uid,
+                                              const std::string& auth_token,
+                                              const std::string& auth_service) {
+  if (MessageLoop::current() != host_context_.main_message_loop()) {
+    host_context_.main_message_loop()->PostTask(
+        FROM_HERE, base::Bind(
+            &HostNPScriptObject::ReadPolicyAndConnect, base::Unretained(this),
+            uid, auth_token, auth_service));
+    return;
+  }
+
+  // Only proceed to ConnectInternal() if at least one policy update has been
+  // received.
+  if (policy_received_) {
+    ConnectInternal(uid, auth_token, auth_service);
+  } else {
+    // Otherwise, create the policy watcher, and thunk the connect.
+    pending_connect_ =
+        base::Bind(&HostNPScriptObject::ConnectInternal,
+                   base::Unretained(this), uid, auth_token, auth_service);
+  }
+}
+
 void HostNPScriptObject::ConnectInternal(
     const std::string& uid,
     const std::string& auth_token,
     const std::string& auth_service) {
   if (MessageLoop::current() != host_context_.main_message_loop()) {
     host_context_.main_message_loop()->PostTask(
         FROM_HERE, base::Bind(
             &HostNPScriptObject::ConnectInternal, base::Unretained(this),
             uid, auth_token, auth_service));
     return;
@@ skipping 27 matching lines @@
   }
 
   // Nothing went wrong, so lets save the host, config and request.
   host_config_ = host_config;
   register_request_.reset(register_request.release());
 
   // Create DesktopEnvironment.
   desktop_environment_.reset(DesktopEnvironment::Create(&host_context_));
 
   // Create the Host.
-  // TODO(sergeyu): Use firewall traversal policy settings here.
+  LOG(INFO) << "Connecting with NAT state: " << nat_traversal_enabled_;
   host_ = ChromotingHost::Create(
       &host_context_, host_config_, desktop_environment_.get(),
-      access_verifier.release(), false);
+      access_verifier.release(), nat_traversal_enabled_);
   host_->AddStatusObserver(this);
   host_->AddStatusObserver(register_request_.get());
   host_->set_it2me(true);
 
   // Start the Host.
   host_->Start();
 
   OnStateChanged(kRequestedAccessCode);
   return;
 }
@@ skipping 31 matching lines @@
 
 void HostNPScriptObject::OnShutdownFinished() {
   DCHECK_EQ(MessageLoop::current(), host_context_.main_message_loop());
 
   host_ = NULL;
   register_request_.reset();
   host_config_ = NULL;
   disconnected_event_.Signal();
 }
 
+void HostNPScriptObject::OnNatPolicyUpdate(bool nat_traversal_enabled) {
+  if (MessageLoop::current() != host_context_.main_message_loop()) {
+    host_context_.main_message_loop()->PostTask(
+        FROM_HERE,
+        base::Bind(&HostNPScriptObject::OnNatPolicyUpdate,
+                   base::Unretained(this), nat_traversal_enabled));
+    return;
+  }
+
+  VLOG(2) << "OnNatPolicyUpdate: " << nat_traversal_enabled;
+
+  // When transitioning from true to false, force a disconnect.

[Wez, 2011/08/11 20:00:27]

nit: true->enabled, false->disabled, force a disconnect -> disconnect any
existing session.

[awong, 2011/08/11 23:54:54]

Done.

+  if (nat_traversal_enabled_ && !nat_traversal_enabled) {
+    // TODO(ajwong): Do we need to do any weird synchronization?

[dmac, 2011/08/11 18:42:55]

synchronization of what?

[awong, 2011/08/11 19:04:07]

Stale comment. was wondering if we needed to signal the UI. We don't.
DisconnectInternal does that.

+    DisconnectInternal();
+  }
+
+  policy_received_ = true;
+  nat_traversal_enabled_ = nat_traversal_enabled;
+
+  if (!pending_connect_.is_null()) {
+    pending_connect_.Run();
+    pending_connect_.Reset();
+  }
+}
+
 void HostNPScriptObject::OnReceivedSupportID(
     SupportAccessVerifier* access_verifier,
     bool success,
     const std::string& support_id,
     const base::TimeDelta& lifetime) {
   CHECK_NE(base::PlatformThread::CurrentId(), np_thread_id_);
 
   if (!success) {
     // TODO(wez): Replace the success/fail flag with full error reporting.
     DisconnectInternal();
@@ skipping 104 matching lines @@
 }
 
 // static
 void HostNPScriptObject::NPTaskSpringboard(void* task) {
   base::Closure* real_task = reinterpret_cast<base::Closure*>(task);
   real_task->Run();
   delete real_task;
 }
 
 }  // namespace remoting