Framework to allow Chromoting host to respect NAT traversal policy in linux.

remoting/host/plugin/policy_hack/nat_policy_linux.cc

+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.

[Wez, 2011/08/11 20:00:27]

Is this brand-new code, or cribbed from the main Chrome app?

[awong, 2011/08/11 23:54:54]

Mostly cribbed, but it's an amalgamation of a bunch of different files.

[Wez, 2011/08/12 00:54:42]

Perhaps add a comment indicating where it's cribbed from, assuming it's not too
many, for future reference?

[awong, 2011/08/12 00:57:03]

Done.

+
+#include <set>
+
+#include "base/bind.h"
+#include "base/compiler_specific.h"
+#include "base/file_path.h"
+#include "base/file_util.h"
+#include "base/files/file_path_watcher.h"
+#include "base/memory/weak_ptr.h"
+#include "base/message_loop.h"
+#include "base/scoped_ptr.h"
+#include "base/synchronization/waitable_event.h"
+#include "base/time.h"
+#include "base/values.h"
+#include "content/common/json_value_serializer.h"
+#include "remoting/host/plugin/policy_hack/nat_policy.h"

[dmac, 2011/08/11 18:42:55]

should this include be at the top (given that it is the "class" include?

[awong, 2011/08/11 19:04:07]

Done.

+
+namespace remoting {
+namespace policy_hack {
+
+namespace {
+
+#if defined(GOOGLE_CHROME_BUILD)
+const FilePath::CharType kPolicyDir[] =
+    FILE_PATH_LITERAL("/etc/opt/chrome/policies/managed");
+#else
+const FilePath::CharType kPolicyDir[] =
+    FILE_PATH_LITERAL("/etc/chromium/policies/managed");
+#endif
+
+// The time interval for rechecking policy. This is our fallback in case the
+// delegate never reports a change to the ReloadObserver.
+const int kFallbackReloadDelayMinutes = 15;
+
+// Amount of time we wait for the files on disk to settle before trying to load
+// them. This alleviates the problem of reading partially written files and
+// makes it possible to batch quasi-simultaneous changes.
+const int kSettleIntervalSeconds = 5;
+
+}  // namespace
+
+class NatPolicyLinux : public NatPolicy {
+ public:
+  NatPolicyLinux(MessageLoop* message_loop,
+                 const FilePath& config_dir,
+                 const NatPolicy::NatEnabledCallback& nat_enabled_cb)
+      : message_loop_(message_loop),
+        config_dir_(config_dir),
+        nat_enabled_cb_(nat_enabled_cb),
+        current_nat_enabled_state_(false),
+        first_state_published_(false),
+        ALLOW_THIS_IN_INITIALIZER_LIST(weak_factory_(this)) {
+    // Detach the factory cause we handle ensure that only the message_loop_

[dmac, 2011/08/11 18:42:55]

s/cause/because/
handle ensure?
s/uses/threads/?

[awong, 2011/08/11 19:04:07]

Rewrote.

+    // thread ever calls methods on this, and that all uses are ended before
+    // we destroy this object.  This allows us to create/destroy
+    // NatPolicyLinux on any thread.
+    weak_factory_.DetachFromThread();
+  }
+
+  virtual ~NatPolicyLinux() {
+  }

[dmac, 2011/08/11 18:42:55]

NIT: standard seems to be to put {} on one line...

[awong, 2011/08/11 19:04:07]

I don't think there is actually a standard on this one.  But moved cause I don't
care :)

+
+  virtual void StartWatching() OVERRIDE {
+    if (MessageLoop::current() != message_loop_) {
+      message_loop_->PostTask(FROM_HERE,
+                              base::Bind(&NatPolicyLinux::StartWatching,
+                                         base::Unretained(this)));
+      return;
+    }
+
+    watcher_.reset(new base::files::FilePathWatcher());
+
+    if (!config_dir_.empty() &&
+        !watcher_->Watch(
+            config_dir_,
+            new FilePathWatcherDelegate(weak_factory_.GetWeakPtr()))) {
+      OnFilePathError(config_dir_);
+    }
+
+    // There might have been changes to the directory in the time between
+    // construction of the loader and initialization of the watcher. Call reload
+    // to detect if that is the case.
+    Reload();
+
+    ScheduleFallbackReloadTask();
+  }
+
+  virtual void StopWatching(base::WaitableEvent* done) OVERRIDE {
+    if (MessageLoop::current() != message_loop_) {
+      message_loop_->PostTask(FROM_HERE,
+                              base::Bind(&NatPolicyLinux::StopWatching,
+                                         base::Unretained(this), done));
+      return;
+    }
+
+    // Cancel any inflight requests.
+    weak_factory_.InvalidateWeakPtrs();
+    watcher_.reset();
+
+    done->Signal();
+  }
+
+  // Called by FilePathWatcherDelegate.
+  virtual void OnFilePathError(const FilePath& path) {
+    LOG(ERROR) << "NatPolicyLinux on " << path.value()
+               << " failed.";
+  }
+
+  // Called by FilePathWatcherDelegate.
+  virtual void OnFilePathChanged(const FilePath& path) {
+    DCHECK_EQ(MessageLoop::current(), message_loop_);
+
+    Reload();
+  }
+
+ private:
+  // Needed since NatPolicyLinux ends up getting its refcount from

[dmac, 2011/08/11 18:42:55]

NatPolicyLinux ends up getting its refcount from NatPolicyLinux? I'm confused.

[awong, 2011/08/11 19:04:07]

Again stale.  Originally, itw as getting its refcount from NatPolicy.

But I managed to keep NatPolicyLinux unrefcounted.

+  // NatPolicyLinux.
+  class FilePathWatcherDelegate :
+    public base::files::FilePathWatcher::Delegate {
+   public:
+    FilePathWatcherDelegate(base::WeakPtr<NatPolicyLinux> policy_watcher)
+        : policy_watcher_(policy_watcher) {
+    }
+
+    virtual void OnFilePathError(const FilePath& path) {
+      if (policy_watcher_) {
+        policy_watcher_->OnFilePathError(path);
+      }
+    }
+
+    virtual void OnFilePathChanged(const FilePath& path) {
+      if (policy_watcher_) {
+        policy_watcher_->OnFilePathChanged(path);
+      }
+    }
+
+   private:
+    base::WeakPtr<NatPolicyLinux> policy_watcher_;
+  };
+
+  void ScheduleFallbackReloadTask() {
+    DCHECK_EQ(MessageLoop::current(), message_loop_);
+    ScheduleReloadTask(
+        base::TimeDelta::FromMinutes(kFallbackReloadDelayMinutes));
+  }
+
+  void ScheduleReloadTask(const base::TimeDelta& delay) {
+    DCHECK_EQ(MessageLoop::current(), message_loop_);
+    message_loop_->PostDelayedTask(
+        FROM_HERE,
+        base::Bind(&NatPolicyLinux::Reload, weak_factory_.GetWeakPtr()),
+        delay.InMilliseconds());
+  }
+
+  base::Time GetLastModification() {
+    DCHECK_EQ(MessageLoop::current(), message_loop_);
+    base::Time last_modification = base::Time();
+    base::PlatformFileInfo file_info;
+
+    // If the path does not exist or points to a directory, it's safe to load.
+    if (!file_util::GetFileInfo(config_dir_, &file_info) ||
+        !file_info.is_directory) {
+      return last_modification;
+    }
+
+    // Enumerate the files and find the most recent modification timestamp.
+    file_util::FileEnumerator file_enumerator(config_dir_,
+                                              false,
+                                              file_util::FileEnumerator::FILES);
+    for (FilePath config_file = file_enumerator.Next();
+         !config_file.empty();
+         config_file = file_enumerator.Next()) {
+      if (file_util::GetFileInfo(config_file, &file_info) &&
+          !file_info.is_directory) {
+        last_modification = std::max(last_modification,
+                                     file_info.last_modified);
+      }
+    }
+
+    return last_modification;
+  }
+
+  // Caller owns the value.
+  DictionaryValue* Load() {
+    DCHECK_EQ(MessageLoop::current(), message_loop_);
+    // Enumerate the files and sort them lexicographically.
+    std::set<FilePath> files;
+    file_util::FileEnumerator file_enumerator(config_dir_, false,
+                                              file_util::FileEnumerator::FILES);
+    for (FilePath config_file_path = file_enumerator.Next();
+         !config_file_path.empty(); config_file_path = file_enumerator.Next())
+      files.insert(config_file_path);
+
+    // Start with an empty dictionary and merge the files' contents.
+    DictionaryValue* policy = new DictionaryValue;
+    for (std::set<FilePath>::iterator config_file_iter = files.begin();
+         config_file_iter != files.end(); ++config_file_iter) {
+      JSONFileValueSerializer deserializer(*config_file_iter);
+      int error_code = 0;
+      std::string error_msg;
+      scoped_ptr<Value> value(
+          deserializer.Deserialize(&error_code, &error_msg));
+      if (!value.get()) {
+        LOG(WARNING) << "Failed to read configuration file "
+                     << config_file_iter->value() << ": " << error_msg;
+        continue;
+      }
+      if (!value->IsType(Value::TYPE_DICTIONARY)) {
+        LOG(WARNING) << "Expected JSON dictionary in configuration file "
+                     << config_file_iter->value();
+        continue;
+      }
+      policy->MergeDictionary(static_cast<DictionaryValue*>(value.get()));
+    }
+
+    return policy;
+  }
+
+  void Reload() {
+    DCHECK_EQ(MessageLoop::current(), message_loop_);
+    // Check the directory time in order to see whether a reload is required.
+    base::TimeDelta delay;
+    base::Time now = base::Time::Now();
+    if (!IsSafeToReloadPolicy(now, &delay)) {
+      ScheduleReloadTask(delay);
+      return;
+    }
+
+    // Load the policy definitions.
+    scoped_ptr<DictionaryValue> new_policy(Load());
+
+    // Check again in case the directory has changed while reading it.
+    if (!IsSafeToReloadPolicy(now, &delay)) {
+      ScheduleReloadTask(delay);
+      return;
+    }
+
+    // Read out just the host firewall traversal policy.  Name of policy taken
+    // from the generated policy/policy_constants.h file.
+    bool new_nat_enabled_state = false;
+    if (!new_policy->HasKey("RemoteAccessHostFirewallTraversal")) {
+      // If unspecified, the default value of this policy is true.
+      new_nat_enabled_state = true;
+    } else {
+      // Otherwise, try to parse the value and only change from false if we get
+      // a successful read.
+      base::Value* value;
+      if (new_policy->Get("RemoteAccessHostFirewallTraversal", &value) &&
+          value->IsType(base::Value::TYPE_BOOLEAN)) {
+        CHECK(value->GetAsBoolean(&new_nat_enabled_state));
+      }
+    }
+
+    if (!first_state_published_ ||
+        (new_nat_enabled_state != current_nat_enabled_state_)) {
+      first_state_published_ = true;
+      current_nat_enabled_state_ = new_nat_enabled_state;
+      nat_enabled_cb_.Run(current_nat_enabled_state_);
+    }
+
+    ScheduleFallbackReloadTask();
+  }
+
+  bool IsSafeToReloadPolicy(const base::Time& now, base::TimeDelta* delay) {
+    DCHECK_EQ(MessageLoop::current(), message_loop_);
+    DCHECK(delay);
+    const base::TimeDelta kSettleInterval =
+        base::TimeDelta::FromSeconds(kSettleIntervalSeconds);
+
+    base::Time last_modification = GetLastModification();
+    if (last_modification.is_null())
+      return true;
+
+    // If there was a change since the last recorded modification, wait some
+    // more.
+    if (last_modification != last_modification_file_) {
+      last_modification_file_ = last_modification;
+      last_modification_clock_ = now;
+      *delay = kSettleInterval;
+      return false;
+    }
+
+    // Check whether the settle interval has elapsed.
+    base::TimeDelta age = now - last_modification_clock_;
+    if (age < kSettleInterval) {
+      *delay = kSettleInterval - age;
+      return false;
+    }
+
+    return true;
+  }
+
+  // Managed with a scoped_ptr rather than being declared as an inline member to
+  // decouple the watcher's life cycle from the NatPolicyLinux. This decoupling
+  // makes it possible to destroy the watcher before the loader's destructor is
+  // called (e.g. during Stop), since |watcher_| internally holds a reference to
+  // the loader and keeps it alive.
+  scoped_ptr<base::files::FilePathWatcher> watcher_;
+
+  // Records last known modification timestamp of |config_dir_|.
+  base::Time last_modification_file_;
+
+  // The wall clock time at which the last modification timestamp was
+  // recorded.  It's better to not assume the file notification time and the
+  // wall clock times come from the same source, just in case there is some
+  // non-local filesystem involved.
+  base::Time last_modification_clock_;
+
+  MessageLoop* message_loop_;
+  const FilePath config_dir_;
+  NatEnabledCallback nat_enabled_cb_;
+
+  bool current_nat_enabled_state_;
+  bool first_state_published_;
+
+  // Allows us to cancel any inflight FileWatcher events or scheduled reloads.
+  base::WeakPtrFactory<NatPolicyLinux> weak_factory_;
+};
+
+NatPolicy* NatPolicy::Create(MessageLoop* message_loop,
+                             const NatEnabledCallback& nat_enabled_cb) {
+  FilePath policy_dir(kPolicyDir);
+  return new NatPolicyLinux(message_loop, policy_dir, nat_enabled_cb);
+}
+
+}  // namespace policy_hack
+}  // namespace remoting