OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 // | 4 // |
5 // This file implements a standalone host process for Me2Me. | 5 // This file implements a standalone host process for Me2Me. |
6 | 6 |
7 #include <string> | 7 #include <string> |
8 | 8 |
9 #include "base/at_exit.h" | 9 #include "base/at_exit.h" |
10 #include "base/bind.h" | 10 #include "base/bind.h" |
(...skipping 16 matching lines...) Expand all Loading... |
27 #include "crypto/nss_util.h" | 27 #include "crypto/nss_util.h" |
28 #include "ipc/ipc_channel.h" | 28 #include "ipc/ipc_channel.h" |
29 #include "ipc/ipc_channel_proxy.h" | 29 #include "ipc/ipc_channel_proxy.h" |
30 #include "ipc/ipc_listener.h" | 30 #include "ipc/ipc_listener.h" |
31 #include "net/base/network_change_notifier.h" | 31 #include "net/base/network_change_notifier.h" |
32 #include "net/socket/ssl_server_socket.h" | 32 #include "net/socket/ssl_server_socket.h" |
33 #include "net/url_request/url_fetcher.h" | 33 #include "net/url_request/url_fetcher.h" |
34 #include "remoting/base/auto_thread_task_runner.h" | 34 #include "remoting/base/auto_thread_task_runner.h" |
35 #include "remoting/base/breakpad.h" | 35 #include "remoting/base/breakpad.h" |
36 #include "remoting/base/constants.h" | 36 #include "remoting/base/constants.h" |
| 37 #include "remoting/base/rsa_key_pair.h" |
37 #include "remoting/host/branding.h" | 38 #include "remoting/host/branding.h" |
38 #include "remoting/host/chromoting_host.h" | 39 #include "remoting/host/chromoting_host.h" |
39 #include "remoting/host/chromoting_host_context.h" | 40 #include "remoting/host/chromoting_host_context.h" |
40 #include "remoting/host/chromoting_messages.h" | 41 #include "remoting/host/chromoting_messages.h" |
41 #include "remoting/host/config_file_watcher.h" | 42 #include "remoting/host/config_file_watcher.h" |
42 #include "remoting/host/curtain_mode.h" | 43 #include "remoting/host/curtain_mode.h" |
43 #include "remoting/host/curtaining_host_observer.h" | 44 #include "remoting/host/curtaining_host_observer.h" |
44 #include "remoting/host/desktop_environment.h" | 45 #include "remoting/host/desktop_environment.h" |
45 #include "remoting/host/desktop_session_connector.h" | 46 #include "remoting/host/desktop_session_connector.h" |
46 #include "remoting/host/dns_blackhole_checker.h" | 47 #include "remoting/host/dns_blackhole_checker.h" |
(...skipping 11 matching lines...) Expand all Loading... |
58 #include "remoting/host/json_host_config.h" | 59 #include "remoting/host/json_host_config.h" |
59 #include "remoting/host/log_to_server.h" | 60 #include "remoting/host/log_to_server.h" |
60 #include "remoting/host/logging.h" | 61 #include "remoting/host/logging.h" |
61 #include "remoting/host/me2me_desktop_environment.h" | 62 #include "remoting/host/me2me_desktop_environment.h" |
62 #include "remoting/host/network_settings.h" | 63 #include "remoting/host/network_settings.h" |
63 #include "remoting/host/policy_hack/policy_watcher.h" | 64 #include "remoting/host/policy_hack/policy_watcher.h" |
64 #include "remoting/host/service_urls.h" | 65 #include "remoting/host/service_urls.h" |
65 #include "remoting/host/session_manager_factory.h" | 66 #include "remoting/host/session_manager_factory.h" |
66 #include "remoting/host/signaling_connector.h" | 67 #include "remoting/host/signaling_connector.h" |
67 #include "remoting/host/ui_strings.h" | 68 #include "remoting/host/ui_strings.h" |
| 69 #include "remoting/host/url_fetcher_token_validator_factory.h" |
68 #include "remoting/host/usage_stats_consent.h" | 70 #include "remoting/host/usage_stats_consent.h" |
69 #include "remoting/jingle_glue/xmpp_signal_strategy.h" | 71 #include "remoting/jingle_glue/xmpp_signal_strategy.h" |
70 #include "remoting/protocol/me2me_host_authenticator_factory.h" | 72 #include "remoting/protocol/me2me_host_authenticator_factory.h" |
71 | 73 |
72 #if defined(OS_POSIX) | 74 #if defined(OS_POSIX) |
73 #include <pwd.h> | 75 #include <pwd.h> |
74 #include <signal.h> | 76 #include <signal.h> |
75 #include "base/file_descriptor_posix.h" | 77 #include "base/file_descriptor_posix.h" |
76 #include "remoting/host/pam_authorization_factory_posix.h" | 78 #include "remoting/host/pam_authorization_factory_posix.h" |
77 #include "remoting/host/posix/signal_handler.h" | 79 #include "remoting/host/posix/signal_handler.h" |
(...skipping 150 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
228 | 230 |
229 // Applies the host config, returning true if successful. | 231 // Applies the host config, returning true if successful. |
230 bool ApplyConfig(scoped_ptr<JsonHostConfig> config); | 232 bool ApplyConfig(scoped_ptr<JsonHostConfig> config); |
231 | 233 |
232 void OnPolicyUpdate(scoped_ptr<base::DictionaryValue> policies); | 234 void OnPolicyUpdate(scoped_ptr<base::DictionaryValue> policies); |
233 bool OnHostDomainPolicyUpdate(const std::string& host_domain); | 235 bool OnHostDomainPolicyUpdate(const std::string& host_domain); |
234 bool OnUsernamePolicyUpdate(bool username_match_required); | 236 bool OnUsernamePolicyUpdate(bool username_match_required); |
235 bool OnNatPolicyUpdate(bool nat_traversal_enabled); | 237 bool OnNatPolicyUpdate(bool nat_traversal_enabled); |
236 bool OnCurtainPolicyUpdate(bool curtain_required); | 238 bool OnCurtainPolicyUpdate(bool curtain_required); |
237 bool OnHostTalkGadgetPrefixPolicyUpdate(const std::string& talkgadget_prefix); | 239 bool OnHostTalkGadgetPrefixPolicyUpdate(const std::string& talkgadget_prefix); |
| 240 bool OnHostTokenUrlPolicyUpdate(const GURL& token_url, |
| 241 const GURL& token_validation_url); |
238 | 242 |
239 void StartHost(); | 243 void StartHost(); |
240 | 244 |
241 void OnAuthFailed(); | 245 void OnAuthFailed(); |
242 | 246 |
243 void OnCurtainModeFailed(); | 247 void OnCurtainModeFailed(); |
244 | 248 |
245 void OnRemoteSessionSwitchedToConsole(); | 249 void OnRemoteSessionSwitchedToConsole(); |
246 | 250 |
247 // Invoked when the user uses the Disconnect windows to terminate | 251 // Invoked when the user uses the Disconnect windows to terminate |
(...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
291 std::string xmpp_login_; | 295 std::string xmpp_login_; |
292 std::string xmpp_auth_token_; | 296 std::string xmpp_auth_token_; |
293 std::string xmpp_auth_service_; | 297 std::string xmpp_auth_service_; |
294 scoped_ptr<policy_hack::PolicyWatcher> policy_watcher_; | 298 scoped_ptr<policy_hack::PolicyWatcher> policy_watcher_; |
295 bool allow_nat_traversal_; | 299 bool allow_nat_traversal_; |
296 std::string talkgadget_prefix_; | 300 std::string talkgadget_prefix_; |
297 | 301 |
298 scoped_ptr<CurtainMode> curtain_; | 302 scoped_ptr<CurtainMode> curtain_; |
299 scoped_ptr<CurtainingHostObserver> curtaining_host_observer_; | 303 scoped_ptr<CurtainingHostObserver> curtaining_host_observer_; |
300 bool curtain_required_; | 304 bool curtain_required_; |
| 305 GURL token_url_; |
| 306 GURL token_validation_url_; |
301 | 307 |
302 scoped_ptr<XmppSignalStrategy> signal_strategy_; | 308 scoped_ptr<XmppSignalStrategy> signal_strategy_; |
303 scoped_ptr<SignalingConnector> signaling_connector_; | 309 scoped_ptr<SignalingConnector> signaling_connector_; |
304 scoped_ptr<HeartbeatSender> heartbeat_sender_; | 310 scoped_ptr<HeartbeatSender> heartbeat_sender_; |
305 scoped_ptr<HostChangeNotificationListener> host_change_notification_listener_; | 311 scoped_ptr<HostChangeNotificationListener> host_change_notification_listener_; |
306 scoped_ptr<LogToServer> log_to_server_; | 312 scoped_ptr<LogToServer> log_to_server_; |
307 scoped_ptr<HostEventLogger> host_event_logger_; | 313 scoped_ptr<HostEventLogger> host_event_logger_; |
308 | 314 |
309 // Created on the UI thread and used on the network thread. | 315 // Created on the UI thread and used on the network thread. |
310 scoped_ptr<HostUserInterface> host_user_interface_; | 316 scoped_ptr<HostUserInterface> host_user_interface_; |
(...skipping 197 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
508 if (state_ != HOST_STARTED) | 514 if (state_ != HOST_STARTED) |
509 return; | 515 return; |
510 | 516 |
511 std::string local_certificate = key_pair_->GenerateCertificate(); | 517 std::string local_certificate = key_pair_->GenerateCertificate(); |
512 if (local_certificate.empty()) { | 518 if (local_certificate.empty()) { |
513 LOG(ERROR) << "Failed to generate host certificate."; | 519 LOG(ERROR) << "Failed to generate host certificate."; |
514 ShutdownHost(kInitializationFailed); | 520 ShutdownHost(kInitializationFailed); |
515 return; | 521 return; |
516 } | 522 } |
517 | 523 |
| 524 scoped_refptr<UrlFetcherTokenValidatorFactory> token_validator_factory = |
| 525 new UrlFetcherTokenValidatorFactory( |
| 526 token_url_, token_validation_url_, key_pair_, |
| 527 context_->url_request_context_getter()); |
| 528 |
518 scoped_ptr<protocol::AuthenticatorFactory> factory( | 529 scoped_ptr<protocol::AuthenticatorFactory> factory( |
519 new protocol::Me2MeHostAuthenticatorFactory( | 530 new protocol::Me2MeHostAuthenticatorFactory( |
520 local_certificate, key_pair_, host_secret_hash_)); | 531 local_certificate, key_pair_, host_secret_hash_, |
| 532 token_validator_factory)); |
521 #if defined(OS_POSIX) | 533 #if defined(OS_POSIX) |
522 // On Linux and Mac, perform a PAM authorization step after authentication. | 534 // On Linux and Mac, perform a PAM authorization step after authentication. |
523 factory.reset(new PamAuthorizationFactory(factory.Pass())); | 535 factory.reset(new PamAuthorizationFactory(factory.Pass())); |
524 #endif | 536 #endif |
525 host_->SetAuthenticatorFactory(factory.Pass()); | 537 host_->SetAuthenticatorFactory(factory.Pass()); |
526 } | 538 } |
527 | 539 |
528 // IPC::Listener implementation. | 540 // IPC::Listener implementation. |
529 bool HostProcess::OnMessageReceived(const IPC::Message& message) { | 541 bool HostProcess::OnMessageReceived(const IPC::Message& message) { |
530 DCHECK(context_->ui_task_runner()->BelongsToCurrentThread()); | 542 DCHECK(context_->ui_task_runner()->BelongsToCurrentThread()); |
(...skipping 229 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
760 if (policies->GetString( | 772 if (policies->GetString( |
761 policy_hack::PolicyWatcher::kHostTalkGadgetPrefixPolicyName, | 773 policy_hack::PolicyWatcher::kHostTalkGadgetPrefixPolicyName, |
762 &string_value)) { | 774 &string_value)) { |
763 restart_required |= OnHostTalkGadgetPrefixPolicyUpdate(string_value); | 775 restart_required |= OnHostTalkGadgetPrefixPolicyUpdate(string_value); |
764 } | 776 } |
765 if (policies->GetBoolean( | 777 if (policies->GetBoolean( |
766 policy_hack::PolicyWatcher::kHostRequireCurtainPolicyName, | 778 policy_hack::PolicyWatcher::kHostRequireCurtainPolicyName, |
767 &bool_value)) { | 779 &bool_value)) { |
768 restart_required |= OnCurtainPolicyUpdate(bool_value); | 780 restart_required |= OnCurtainPolicyUpdate(bool_value); |
769 } | 781 } |
| 782 std::string token_url_string, token_validation_url_string; |
| 783 if (policies->GetString( |
| 784 policy_hack::PolicyWatcher::kHostTokenUrlPolicyName, |
| 785 &token_url_string) && |
| 786 policies->GetString( |
| 787 policy_hack::PolicyWatcher::kHostTokenValidationUrlPolicyName, |
| 788 &token_validation_url_string)) { |
| 789 restart_required |= OnHostTokenUrlPolicyUpdate( |
| 790 GURL(token_url_string), GURL(token_validation_url_string)); |
| 791 } |
770 | 792 |
771 if (state_ == HOST_INITIALIZING) { | 793 if (state_ == HOST_INITIALIZING) { |
772 StartHost(); | 794 StartHost(); |
773 } else if (state_ == HOST_STARTED && restart_required) { | 795 } else if (state_ == HOST_STARTED && restart_required) { |
774 RestartHost(); | 796 RestartHost(); |
775 } | 797 } |
776 } | 798 } |
777 | 799 |
778 bool HostProcess::OnHostDomainPolicyUpdate(const std::string& host_domain) { | 800 bool HostProcess::OnHostDomainPolicyUpdate(const std::string& host_domain) { |
779 // Returns true if the host has to be restarted after this policy update. | 801 // Returns true if the host has to be restarted after this policy update. |
(...skipping 102 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
882 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); | 904 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); |
883 | 905 |
884 if (talkgadget_prefix != talkgadget_prefix_) { | 906 if (talkgadget_prefix != talkgadget_prefix_) { |
885 LOG(INFO) << "Policy sets talkgadget prefix: " << talkgadget_prefix; | 907 LOG(INFO) << "Policy sets talkgadget prefix: " << talkgadget_prefix; |
886 talkgadget_prefix_ = talkgadget_prefix; | 908 talkgadget_prefix_ = talkgadget_prefix; |
887 return true; | 909 return true; |
888 } | 910 } |
889 return false; | 911 return false; |
890 } | 912 } |
891 | 913 |
| 914 bool HostProcess::OnHostTokenUrlPolicyUpdate( |
| 915 const GURL& token_url, |
| 916 const GURL& token_validation_url) { |
| 917 // Returns true if the host has to be restarted after this policy update. |
| 918 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); |
| 919 |
| 920 if (token_url_ != token_url || |
| 921 token_validation_url_ != token_validation_url) { |
| 922 if (token_url.is_empty() && token_validation_url.is_empty()) { |
| 923 LOG(INFO) << "Policy disables third-party authentication"; |
| 924 } else if ((!token_url.is_valid() || !token_validation_url.is_valid())) { |
| 925 LOG(ERROR) << "One of the third-party token URLs is empty or invalid. " |
| 926 << "TokenUrl: " << token_url << ", " |
| 927 << "TokenValidationUrl: " << token_validation_url; |
| 928 } else { |
| 929 LOG(INFO) << "Policy sets third-party token URLs: " |
| 930 << "TokenUrl: " << token_url << ", " |
| 931 << "TokenValidationUrl: " << token_validation_url; |
| 932 } |
| 933 |
| 934 token_url_ = token_url; |
| 935 token_validation_url_ = token_validation_url; |
| 936 return true; |
| 937 } |
| 938 |
| 939 return false; |
| 940 } |
| 941 |
892 void HostProcess::StartHost() { | 942 void HostProcess::StartHost() { |
893 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); | 943 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); |
894 DCHECK(!host_); | 944 DCHECK(!host_); |
895 DCHECK(!signal_strategy_.get()); | 945 DCHECK(!signal_strategy_.get()); |
896 DCHECK(state_ == HOST_INITIALIZING || state_ == HOST_STOPPING_TO_RESTART || | 946 DCHECK(state_ == HOST_INITIALIZING || state_ == HOST_STOPPING_TO_RESTART || |
897 state_ == HOST_STOPPED) << state_; | 947 state_ == HOST_STOPPED) << state_; |
898 state_ = HOST_STARTED; | 948 state_ = HOST_STARTED; |
899 | 949 |
900 signal_strategy_.reset( | 950 signal_strategy_.reset( |
901 new XmppSignalStrategy(context_->url_request_context_getter(), | 951 new XmppSignalStrategy(context_->url_request_context_getter(), |
(...skipping 235 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1137 return exit_code; | 1187 return exit_code; |
1138 } | 1188 } |
1139 | 1189 |
1140 } // namespace remoting | 1190 } // namespace remoting |
1141 | 1191 |
1142 #if !defined(OS_WIN) | 1192 #if !defined(OS_WIN) |
1143 int main(int argc, char** argv) { | 1193 int main(int argc, char** argv) { |
1144 return remoting::HostMain(argc, argv); | 1194 return remoting::HostMain(argc, argv); |
1145 } | 1195 } |
1146 #endif // !defined(OS_WIN) | 1196 #endif // !defined(OS_WIN) |
OLD | NEW |