| OLD | NEW |
| (Empty) |
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "remoting/host/support_access_verifier.h" | |
| 6 | |
| 7 #include <stdlib.h> | |
| 8 #include <vector> | |
| 9 | |
| 10 #include "base/logging.h" | |
| 11 #include "base/rand_util.h" | |
| 12 #include "base/string_util.h" | |
| 13 #include "remoting/host/host_config.h" | |
| 14 #include "remoting/protocol/auth_util.h" | |
| 15 | |
| 16 namespace remoting { | |
| 17 | |
| 18 namespace { | |
| 19 // 5 digits means 100K possible host secrets with uniform distribution, which | |
| 20 // should be enough for short-term passwords, given that we rate-limit guesses | |
| 21 // in the cloud and expire access codes after a small number of attempts. | |
| 22 const int kHostSecretLength = 5; | |
| 23 const char kHostSecretAlphabet[] = "0123456789"; | |
| 24 | |
| 25 // Generates cryptographically strong random number in the range [0, max). | |
| 26 int CryptoRandomInt(int max) { | |
| 27 uint32 random_int32; | |
| 28 base::RandBytes(&random_int32, sizeof(random_int32)); | |
| 29 return random_int32 % max; | |
| 30 } | |
| 31 | |
| 32 std::string GenerateRandomHostSecret() { | |
| 33 std::vector<char> result; | |
| 34 int alphabet_size = strlen(kHostSecretAlphabet); | |
| 35 result.resize(kHostSecretLength); | |
| 36 for (int i = 0; i < kHostSecretLength; ++i) { | |
| 37 result[i] = kHostSecretAlphabet[CryptoRandomInt(alphabet_size)]; | |
| 38 } | |
| 39 return std::string(result.begin(), result.end()); | |
| 40 } | |
| 41 | |
| 42 } // namespace | |
| 43 | |
| 44 SupportAccessVerifier::SupportAccessVerifier() { | |
| 45 host_secret_ = GenerateRandomHostSecret(); | |
| 46 } | |
| 47 | |
| 48 SupportAccessVerifier::~SupportAccessVerifier() { } | |
| 49 | |
| 50 bool SupportAccessVerifier::VerifyPermissions( | |
| 51 const std::string& client_jid, | |
| 52 const std::string& encoded_access_token) { | |
| 53 if (support_id_.empty()) | |
| 54 return false; | |
| 55 std::string access_code = support_id_ + host_secret_; | |
| 56 return protocol::VerifySupportAuthToken( | |
| 57 client_jid, access_code, encoded_access_token); | |
| 58 } | |
| 59 | |
| 60 void SupportAccessVerifier::OnIT2MeHostRegistered( | |
| 61 bool successful, const std::string& support_id) { | |
| 62 if (successful) { | |
| 63 support_id_ = support_id; | |
| 64 } else { | |
| 65 LOG(ERROR) << "Failed to register support host"; | |
| 66 } | |
| 67 } | |
| 68 | |
| 69 } // namespace remoting | |
| OLD | NEW |