Implement exponential backoff for failed Me2Me authentication attempts

remoting/host/chromoting_host.cc

Index: remoting/host/chromoting_host.cc
diff --git a/remoting/host/chromoting_host.cc b/remoting/host/chromoting_host.cc
index 7a26a8ac6bd70fba0fbf5435c30fca030ef044f1..8ff02a6d6b8b8d02caefd0581d7b1c5aeb2fd6ab 100644
--- a/remoting/host/chromoting_host.cc
+++ b/remoting/host/chromoting_host.cc
@@ -31,6 +31,33 @@ using remoting::protocol::InputStub;
 
 namespace remoting {
 
+namespace {
+
+const net::BackoffEntry::Policy kDefaultBackoffPolicy = {
+  // Number of initial errors (in sequence) to ignore before applying
+  // exponential back-off rules.
+  0,
+
+  // Initial delay for exponential back-off in ms.
+  2000,
+
+  // Factor by which the waiting time will be multiplied.
+  2,
+
+  // Fuzzing percentage. ex: 10% will spread requests randomly
+  // between 90%-100% of the calculated time.
+  0,
+
+  // Maximum amount of time we are willing to delay our request in ms.
+  -1,
+
+  // Time to keep an entry from being discarded even when it
+  // has no significant state, -1 to never discard.
+  -1,
+};
+
+}  // namespace
+
 ChromotingHost::ChromotingHost(
     ChromotingHostContext* context,
     SignalStrategy* signal_strategy,
@@ -43,6 +70,7 @@ ChromotingHost::ChromotingHost(
       stopping_recorders_(0),
       state_(kInitial),
       protocol_config_(protocol::CandidateSessionConfig::CreateDefault()),
+      login_backoff_(&kDefaultBackoffPolicy),
       authenticating_client_(false),
       reject_authenticating_client_(false) {
   DCHECK(context_);
@@ -137,7 +165,7 @@ void ChromotingHost::SetAuthenticatorFactory(
 void ChromotingHost::OnSessionAuthenticated(ClientSession* client) {
   DCHECK(context_->network_message_loop()->BelongsToCurrentThread());
 
-  // TODO(sergeyu): Update BackoffEntry here.
+  login_backoff_.Reset();
 }
 
 void ChromotingHost::OnSessionAuthenticatedAndConnected(ClientSession* client) {
@@ -251,6 +279,13 @@ void ChromotingHost::OnIncomingSession(
     return;
   }
 
+  if (login_backoff_.ShouldRejectRequest()) {
+    *response = protocol::SessionManager::DISABLED;
+    return;
+  }
+
+  login_backoff_.InformOfRequest(false);

[Jói, 2012/03/26 12:31:56]

It's confusing to me that this is unconditionally false (i.e. considered an
error event for the BackoffEntry).  Is this correct?  If it is, I would suggest
adding a comment to explain.

I guess perhaps the idea is to assume an error here until you get into
OnSessionAuthenticated at which point you Reset(), but this isn't immediately
obvious since the semantics of an InformOfRequest(false) call would normally be
understood to indicate an actual error rather than an
assumed-error-until-proven-otherwise error.

[Sergey Ulanov, 2012/03/26 23:00:32]

Yes, that's the idea. This method is called when a new client is connected but
not authenticated yet. We want to prevent attacks when multiple connections are
made simultaneously and then all try to authenticate. Added comments about it.

+
   protocol::SessionConfig config;
   if (!protocol_config_->Select(session->candidate_config(), &config)) {
     LOG(WARNING) << "Rejecting connection from " << session->jid()