Implement exponential backoff for failed Me2Me authentication attempts

remoting/host/chromoting_host.cc

Index: remoting/host/chromoting_host.cc
diff --git a/remoting/host/chromoting_host.cc b/remoting/host/chromoting_host.cc
index 63216a465fe6de430e811ecfaec60fe59adf381a..109a306c17e5979f1fabda82e303bf70c5953e4a 100644
--- a/remoting/host/chromoting_host.cc
+++ b/remoting/host/chromoting_host.cc
@@ -31,6 +31,33 @@ using remoting::protocol::InputStub;
 
 namespace remoting {
 
+namespace {
+
+const net::BackoffEntry::Policy kDefaultBackoffPolicy = {
+  // Number of initial errors (in sequence) to ignore before applying
+  // exponential back-off rules.
+  0,
+
+  // Initial delay for exponential back-off in ms.
+  2000,
+
+  // Factor by which the waiting time will be multiplied.
+  2,
+
+  // Fuzzing percentage. ex: 10% will spread requests randomly
+  // between 90%-100% of the calculated time.
+  0,
+
+  // Maximum amount of time we are willing to delay our request in ms.
+  -1,
+
+  // Time to keep an entry from being discarded even when it
+  // has no significant state, -1 to never discard.
+  -1,
+};
+
+}  // namespace
+
 ChromotingHost::ChromotingHost(
     ChromotingHostContext* context,
     SignalStrategy* signal_strategy,
@@ -43,6 +70,7 @@ ChromotingHost::ChromotingHost(
       stopping_recorders_(0),
       state_(kInitial),
       protocol_config_(protocol::CandidateSessionConfig::CreateDefault()),
+      login_backoff_(&kDefaultBackoffPolicy),
       authenticating_client_(false),
       reject_authenticating_client_(false) {
   DCHECK(context_);
@@ -137,7 +165,7 @@ void ChromotingHost::SetAuthenticatorFactory(
 void ChromotingHost::OnSessionAuthenticated(ClientSession* client) {
   DCHECK(context_->network_message_loop()->BelongsToCurrentThread());
 
-  // TODO(sergeyu): Update BackoffEntry here.
+  login_backoff_.Reset();
 }
 
 void ChromotingHost::OnSessionChannelsConnected(ClientSession* client) {
@@ -251,6 +279,17 @@ void ChromotingHost::OnIncomingSession(
     return;
   }
 
+  if (login_backoff_.ShouldRejectRequest()) {
+    *response = protocol::SessionManager::DISABLED;
+    return;
+  }
+
+  // Backoff incoming connections until the new connection is
+  // authenticated. Is is neccessary to prevent the attack when
+  // multiple connections are initiated at the same time and all of
+  // them try to authenticate simultaneously.

[Wez, 2012/03/27 16:23:56]

nit: Suggest rewording:
"We treat each incoming connection as a failure to authenticate, and clear the
backoff when a connection successfully authenticates. This allows the backoff to
protect from parallel connection attempts as well as sequential ones."

[Sergey Ulanov, 2012/03/27 18:00:52]

Done.

+  login_backoff_.InformOfRequest(false);
+
   protocol::SessionConfig config;
   if (!protocol_config_->Select(session->candidate_config(), &config)) {
     LOG(WARNING) << "Rejecting connection from " << session->jid()