Host-side third party token validation

remoting/host/remoting_me2me_host.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 //
 // This file implements a standalone host process for Me2Me.
 
 #include "remoting/host/remoting_me2me_host.h"
 
 #include <string>
 
@@ skipping 36 matching lines @@
 #include "remoting/host/desktop_environment.h"
 #include "remoting/host/desktop_resizer.h"
 #include "remoting/host/desktop_session_connector.h"
 #include "remoting/host/dns_blackhole_checker.h"
 #include "remoting/host/event_executor.h"
 #include "remoting/host/heartbeat_sender.h"
 #include "remoting/host/host_change_notification_listener.h"
 #include "remoting/host/host_config.h"
 #include "remoting/host/host_event_logger.h"
 #include "remoting/host/host_exit_codes.h"
+#include "remoting/host/host_token_validator_factory.h"
 #include "remoting/host/host_user_interface.h"
 #include "remoting/host/ipc_constants.h"
 #include "remoting/host/ipc_desktop_environment.h"
 #include "remoting/host/json_host_config.h"
 #include "remoting/host/log_to_server.h"
 #include "remoting/host/logging.h"
 #include "remoting/host/network_settings.h"
 #include "remoting/host/policy_hack/policy_watcher.h"
 #include "remoting/host/resizing_host_observer.h"
 #include "remoting/host/service_urls.h"
 #include "remoting/host/session_manager_factory.h"
 #include "remoting/host/signaling_connector.h"
 #include "remoting/host/ui_strings.h"
 #include "remoting/host/usage_stats_consent.h"
 #include "remoting/jingle_glue/xmpp_signal_strategy.h"
+#include "remoting/protocol/key_pair.h"
 #include "remoting/protocol/me2me_host_authenticator_factory.h"
 
 #if defined(OS_POSIX)
 #include <pwd.h>
 #include <signal.h>
 #include "base/file_descriptor_posix.h"
 #include "remoting/host/pam_authorization_factory_posix.h"
 #include "remoting/host/posix/signal_handler.h"
 #endif  // defined(OS_POSIX)
 
@@ skipping 152 matching lines @@
 
   // Applies the host config, returning true if successful.
   bool ApplyConfig(scoped_ptr<JsonHostConfig> config);
 
   void OnPolicyUpdate(scoped_ptr<base::DictionaryValue> policies);
   bool OnHostDomainPolicyUpdate(const std::string& host_domain);
   bool OnUsernamePolicyUpdate(bool username_match_required);
   bool OnNatPolicyUpdate(bool nat_traversal_enabled);
   bool OnCurtainPolicyUpdate(bool curtain_required);
   bool OnHostTalkGadgetPrefixPolicyUpdate(const std::string& talkgadget_prefix);
+  bool OnHostTokenUrlPolicyUpdate(const std::string& token_issue_url,
+                                  const std::string& token_verification_url);
 
   void StartHost();
 
   void OnAuthFailed();
 
   void OnCurtainModeFailed();
 
   void OnRemoteSessionSwitchedToConsole();
 
   // Invoked when the user uses the Disconnect windows to terminate
@@ skipping 43 matching lines @@
   std::string xmpp_login_;
   std::string xmpp_auth_token_;
   std::string xmpp_auth_service_;
   scoped_ptr<policy_hack::PolicyWatcher> policy_watcher_;
   bool allow_nat_traversal_;
   std::string talkgadget_prefix_;
 
   scoped_ptr<CurtainMode> curtain_;
   scoped_ptr<CurtainingHostObserver> curtaining_host_observer_;
   bool curtain_required_;
+  std::string token_issue_url_;
+  std::string token_verification_url_;
 
   scoped_ptr<DesktopResizer> desktop_resizer_;
   scoped_ptr<ResizingHostObserver> resizing_host_observer_;
+  scoped_ptr<HostTokenValidatorFactory> host_token_validator_factory_;
   scoped_ptr<XmppSignalStrategy> signal_strategy_;
   scoped_ptr<SignalingConnector> signaling_connector_;
   scoped_ptr<HeartbeatSender> heartbeat_sender_;
   scoped_ptr<HostChangeNotificationListener> host_change_notification_listener_;
   scoped_ptr<LogToServer> log_to_server_;
   scoped_ptr<HostEventLogger> host_event_logger_;
 
   // Created on the UI thread and used on the network thread.
   scoped_ptr<HostUserInterface> host_user_interface_;
 
@@ skipping 25 matching lines @@
   network_change_notifier_.reset(net::NetworkChangeNotifier::Create());
 
   // Create the platform-specific curtain-mode implementation.
   // TODO(wez): Create this on the network thread?
   curtain_ = CurtainMode::Create(
       base::Bind(&HostProcess::OnRemoteSessionSwitchedToConsole,
                  base::Unretained(this)),
       base::Bind(&HostProcess::OnCurtainModeFailed,
                  base::Unretained(this)));
 
+  host_token_validator_factory_.reset(

[Wez, 2013/03/06 01:01:08]

nit: Comment e.g. "Create factory for third-party token authentication."

[rmsousa, 2013/03/25 22:45:58]

Done.

+      new HostTokenValidatorFactory(context_->url_request_context_getter()));
+
   StartOnUiThread();
 }
 
 HostProcess::~HostProcess() {
   // Verify that UI components have been torn down.
   DCHECK(!config_watcher_);
   DCHECK(!daemon_channel_);
   DCHECK(!desktop_environment_factory_);
   DCHECK(!host_user_interface_);
 
@@ skipping 152 matching lines @@
   std::string local_certificate = key_pair_.GenerateCertificate();
   if (local_certificate.empty()) {
     LOG(ERROR) << "Failed to generate host certificate.";
     ShutdownHost(kInitializationFailed);
     return;
   }
 
   scoped_ptr<protocol::AuthenticatorFactory> factory(
       new protocol::Me2MeHostAuthenticatorFactory(
           local_certificate, key_pair_.Copy(), host_secret_hash_,
-          "", "", NULL));
+          token_issue_url_, token_verification_url_,
+          host_token_validator_factory_.get()));

[Wez, 2013/03/06 01:01:08]

Remind me, will this become Pass()?

[rmsousa, 2013/03/25 22:45:58]

"It's complicated". Basically, NegotiatingAuthenticator needs to have a
reference to the factory (because it may need to create more than authenticator,
and each authenticator owns its own validator). Me2MeAuthenticatorFactory
doesn't own the NegotiatingAuthenticator, and is not guaranteed to outlive it
(it may be that it currently does, but it's not explicitly designed to), so
Me2MeAuthenticatorFactory can't own the TokenValidatorFactory and give
NegotiatingAuthenticator a reference, otherwise that reference may be pulled
from the NegotiatingAuthenticator's feet.
So the options are: Make the TokenValidatorFactory a global, stateless object,
and have all the policy/config parameters be passed as parameters to its
CreateValidator() method, or have the TokenValidatorFactory be stateful and
refcounted. We don't seem to like refcounting random objects in our code unless
we need to, so I went with the global/stateless approach (the refcounted
approach is still in this CL's history, see PatchSet #3 if you're curious).

 #if defined(OS_POSIX)
   // On Linux and Mac, perform a PAM authorization step after authentication.
   factory.reset(new PamAuthorizationFactory(factory.Pass()));
 #endif
   host_->SetAuthenticatorFactory(factory.Pass());
 }
 
 // IPC::Listener implementation.
 bool HostProcess::OnMessageReceived(const IPC::Message& message) {
   DCHECK(context_->ui_task_runner()->BelongsToCurrentThread());
@@ skipping 222 matching lines @@
   if (policies->GetString(
           policy_hack::PolicyWatcher::kHostTalkGadgetPrefixPolicyName,
           &string_value)) {
     restart_required |= OnHostTalkGadgetPrefixPolicyUpdate(string_value);
   }
   if (policies->GetBoolean(
           policy_hack::PolicyWatcher::kHostRequireCurtainPolicyName,
           &bool_value)) {
     restart_required |= OnCurtainPolicyUpdate(bool_value);
   }
+  std::string token_issue_url, token_verification_url;
+  if (policies->GetString(
+          policy_hack::PolicyWatcher::kHostTokenIssueUrlPolicyName,
+          &token_issue_url) &&
+      policies->GetString(
+          policy_hack::PolicyWatcher::kHostTokenVerificationUrlPolicyName,
+          &token_verification_url)) {
+    restart_required |= OnHostTokenUrlPolicyUpdate(token_issue_url,
+                                                   token_verification_url);
+  }
 
+  // TODO(rmsousa): Read token URL policies.

[Wez, 2013/03/06 01:01:08]

Remove this TODO

[rmsousa, 2013/03/25 22:45:58]

Done.

   if (state_ == HOST_INITIALIZING) {
     StartHost();
   } else if (state_ == HOST_STARTED && restart_required) {
     RestartHost();
   }
 }
 
 bool HostProcess::OnHostDomainPolicyUpdate(const std::string& host_domain) {
   // Returns true if the host has to be restarted after this policy update.
   DCHECK(context_->network_task_runner()->BelongsToCurrentThread());
@@ skipping 92 matching lines @@
   DCHECK(context_->network_task_runner()->BelongsToCurrentThread());
 
   if (talkgadget_prefix != talkgadget_prefix_) {
     LOG(INFO) << "Policy sets talkgadget prefix: " << talkgadget_prefix;
     talkgadget_prefix_ = talkgadget_prefix;
     return true;
   }
   return false;
 }
 
+bool HostProcess::OnHostTokenUrlPolicyUpdate(
+    const std::string& token_issue_url,
+    const std::string& token_verification_url) {
+  // Returns true if the host has to be restarted after this policy update.
+  DCHECK(context_->network_task_runner()->BelongsToCurrentThread());
+
+  if (token_issue_url != token_issue_url_ ||
+      token_verification_url != token_verification_url_) {
+    LOG(INFO) << "Policy sets token urls: " << token_issue_url << ", " <<
+        token_verification_url;
+    if ((token_issue_url.empty() || token_verification_url.empty()) &&
+        token_issue_url != token_verification_url) {

[Wez, 2013/03/06 01:01:08]

I think it's clearer to structure this with a check for either being empty, and
saying "one or other is empty", with an else that displays the two values.

[rmsousa, 2013/03/25 22:45:58]

Done.

+      LOG(ERROR) <<
+          "Only one token URL set. Token authentication will be disabled. " <<
+          "TokenIssueUrl: " << token_issue_url << ", "
+          "TokenVerificationUrl: " << token_verification_url;
+    }

[Wez, 2013/03/06 01:01:08]

nit: Blank line after this.

[rmsousa, 2013/03/25 22:45:58]

Done.

+    token_issue_url_ = token_issue_url;
+    token_verification_url_ = token_verification_url;

[Wez, 2013/03/06 01:01:08]

nit: Blank line after this

[rmsousa, 2013/03/25 22:45:58]

Done.

+    return true;
+  }
+  return false;
+}
+
 void HostProcess::StartHost() {
   DCHECK(context_->network_task_runner()->BelongsToCurrentThread());
   DCHECK(!host_);
   DCHECK(!signal_strategy_.get());
   DCHECK(state_ == HOST_INITIALIZING || state_ == HOST_STOPPING_TO_RESTART ||
          state_ == HOST_STOPPED) << state_;
   state_ = HOST_STARTED;
 
   signal_strategy_.reset(
       new XmppSignalStrategy(context_->url_request_context_getter(),
@@ skipping 265 matching lines @@
   return exit_code;
 }
 
 }  // namespace remoting
 
 #if !defined(OS_WIN)
 int main(int argc, char** argv) {
   return remoting::HostProcessMain(argc, argv);
 }
 #endif  // !defined(OS_WIN)