Implement exponential backoff for failed Me2Me authentication attempts

remoting/host/chromoting_host.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "remoting/host/chromoting_host.h"
 
 #include "base/bind.h"
 #include "base/callback.h"
 #include "base/logging.h"
 #include "base/message_loop_proxy.h"
@@ skipping 13 matching lines @@
 #include "remoting/protocol/input_stub.h"
 #include "remoting/protocol/jingle_session_manager.h"
 #include "remoting/protocol/libjingle_transport_factory.h"
 #include "remoting/protocol/session_config.h"
 
 using remoting::protocol::ConnectionToClient;
 using remoting::protocol::InputStub;
 
 namespace remoting {
 
+namespace {
+
+const net::BackoffEntry::Policy kDefaultBackoffPolicy = {
+  // Number of initial errors (in sequence) to ignore before applying
+  // exponential back-off rules.
+  0,
+
+  // Initial delay for exponential back-off in ms.
+  2000,
+
+  // Factor by which the waiting time will be multiplied.
+  2,
+
+  // Fuzzing percentage. ex: 10% will spread requests randomly
+  // between 90%-100% of the calculated time.
+  0,
+
+  // Maximum amount of time we are willing to delay our request in ms.
+  -1,
+
+  // Time to keep an entry from being discarded even when it
+  // has no significant state, -1 to never discard.
+  -1,
+};
+
+}  // namespace
+
 ChromotingHost::ChromotingHost(
     ChromotingHostContext* context,
     SignalStrategy* signal_strategy,
     DesktopEnvironment* environment,
     const protocol::NetworkSettings& network_settings)
     : context_(context),
       desktop_environment_(environment),
       network_settings_(network_settings),
       signal_strategy_(signal_strategy),
       stopping_recorders_(0),
       state_(kInitial),
       protocol_config_(protocol::CandidateSessionConfig::CreateDefault()),
+      login_backoff_(&kDefaultBackoffPolicy),
       authenticating_client_(false),
       reject_authenticating_client_(false) {
   DCHECK(context_);
   DCHECK(signal_strategy);
   DCHECK(desktop_environment_);
   DCHECK(context_->network_message_loop()->BelongsToCurrentThread());
   desktop_environment_->set_host(this);
 }
 
 ChromotingHost::~ChromotingHost() {
@@ skipping 74 matching lines @@
     scoped_ptr<protocol::AuthenticatorFactory> authenticator_factory) {
   DCHECK(context_->network_message_loop()->BelongsToCurrentThread());
   session_manager_->set_authenticator_factory(authenticator_factory.Pass());
 }
 
 ////////////////////////////////////////////////////////////////////////////
 // protocol::ClientSession::EventHandler implementation.
 void ChromotingHost::OnSessionAuthenticated(ClientSession* client) {
   DCHECK(context_->network_message_loop()->BelongsToCurrentThread());
 
-  // TODO(sergeyu): Update BackoffEntry here.
+  login_backoff_.Reset();
 }
 
 void ChromotingHost::OnSessionChannelsConnected(ClientSession* client) {
   DCHECK(context_->network_message_loop()->BelongsToCurrentThread());
 
   // Disconnect all other clients.
   // Iterate over a copy of the list of clients, to avoid mutating the list
   // while iterating over it.
   ClientList clients_copy(clients_);
   for (ClientList::const_iterator other_client = clients_copy.begin();
@@ skipping 93 matching lines @@
 void ChromotingHost::OnIncomingSession(
       protocol::Session* session,
       protocol::SessionManager::IncomingSessionResponse* response) {
   DCHECK(context_->network_message_loop()->BelongsToCurrentThread());
 
   if (state_ != kStarted) {
     *response = protocol::SessionManager::DECLINE;
     return;
   }
 
+  if (login_backoff_.ShouldRejectRequest()) {
+    *response = protocol::SessionManager::DISABLED;
+    return;
+  }
+
+  // Backoff incoming connections until the new connection is
+  // authenticated. Is is neccessary to prevent the attack when
+  // multiple connections are initiated at the same time and all of
+  // them try to authenticate simultaneously.

[Wez, 2012/03/27 16:23:56]

nit: Suggest rewording:
"We treat each incoming connection as a failure to authenticate, and clear the
backoff when a connection successfully authenticates. This allows the backoff to
protect from parallel connection attempts as well as sequential ones."

[Sergey Ulanov, 2012/03/27 18:00:52]

Done.

+  login_backoff_.InformOfRequest(false);
+
   protocol::SessionConfig config;
   if (!protocol_config_->Select(session->candidate_config(), &config)) {
     LOG(WARNING) << "Rejecting connection from " << session->jid()
                  << " because no compatible configuration has been found.";
     *response = protocol::SessionManager::INCOMPATIBLE;
     return;
   }
 
   session->set_config(config);
 
@@ skipping 106 matching lines @@
                     OnShutdown());
 
   for (std::vector<base::Closure>::iterator it = shutdown_tasks_.begin();
        it != shutdown_tasks_.end(); ++it) {
     it->Run();
   }
   shutdown_tasks_.clear();
 }
 
 }  // namespace remoting