OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 // | 4 // |
5 // This file implements a standalone host process for Me2Me. | 5 // This file implements a standalone host process for Me2Me. |
6 | 6 |
7 #include <string> | 7 #include <string> |
8 | 8 |
9 #include "base/at_exit.h" | 9 #include "base/at_exit.h" |
10 #include "base/bind.h" | 10 #include "base/bind.h" |
(...skipping 16 matching lines...) Expand all Loading... | |
27 #include "crypto/nss_util.h" | 27 #include "crypto/nss_util.h" |
28 #include "ipc/ipc_channel.h" | 28 #include "ipc/ipc_channel.h" |
29 #include "ipc/ipc_channel_proxy.h" | 29 #include "ipc/ipc_channel_proxy.h" |
30 #include "ipc/ipc_listener.h" | 30 #include "ipc/ipc_listener.h" |
31 #include "net/base/network_change_notifier.h" | 31 #include "net/base/network_change_notifier.h" |
32 #include "net/socket/ssl_server_socket.h" | 32 #include "net/socket/ssl_server_socket.h" |
33 #include "net/url_request/url_fetcher.h" | 33 #include "net/url_request/url_fetcher.h" |
34 #include "remoting/base/auto_thread_task_runner.h" | 34 #include "remoting/base/auto_thread_task_runner.h" |
35 #include "remoting/base/breakpad.h" | 35 #include "remoting/base/breakpad.h" |
36 #include "remoting/base/constants.h" | 36 #include "remoting/base/constants.h" |
37 #include "remoting/base/rsa_key_pair.h" | |
37 #include "remoting/base/util.h" | 38 #include "remoting/base/util.h" |
38 #include "remoting/host/branding.h" | 39 #include "remoting/host/branding.h" |
39 #include "remoting/host/chromoting_host.h" | 40 #include "remoting/host/chromoting_host.h" |
40 #include "remoting/host/chromoting_host_context.h" | 41 #include "remoting/host/chromoting_host_context.h" |
41 #include "remoting/host/chromoting_messages.h" | 42 #include "remoting/host/chromoting_messages.h" |
42 #include "remoting/host/config_file_watcher.h" | 43 #include "remoting/host/config_file_watcher.h" |
43 #include "remoting/host/curtain_mode.h" | 44 #include "remoting/host/curtain_mode.h" |
44 #include "remoting/host/curtaining_host_observer.h" | 45 #include "remoting/host/curtaining_host_observer.h" |
45 #include "remoting/host/desktop_environment.h" | 46 #include "remoting/host/desktop_environment.h" |
46 #include "remoting/host/desktop_session_connector.h" | 47 #include "remoting/host/desktop_session_connector.h" |
(...skipping 11 matching lines...) Expand all Loading... | |
58 #include "remoting/host/json_host_config.h" | 59 #include "remoting/host/json_host_config.h" |
59 #include "remoting/host/log_to_server.h" | 60 #include "remoting/host/log_to_server.h" |
60 #include "remoting/host/logging.h" | 61 #include "remoting/host/logging.h" |
61 #include "remoting/host/me2me_desktop_environment.h" | 62 #include "remoting/host/me2me_desktop_environment.h" |
62 #include "remoting/host/network_settings.h" | 63 #include "remoting/host/network_settings.h" |
63 #include "remoting/host/policy_hack/policy_watcher.h" | 64 #include "remoting/host/policy_hack/policy_watcher.h" |
64 #include "remoting/host/service_urls.h" | 65 #include "remoting/host/service_urls.h" |
65 #include "remoting/host/session_manager_factory.h" | 66 #include "remoting/host/session_manager_factory.h" |
66 #include "remoting/host/signaling_connector.h" | 67 #include "remoting/host/signaling_connector.h" |
67 #include "remoting/host/ui_strings.h" | 68 #include "remoting/host/ui_strings.h" |
69 #include "remoting/host/url_fetcher_token_validator_factory.h" | |
68 #include "remoting/host/usage_stats_consent.h" | 70 #include "remoting/host/usage_stats_consent.h" |
69 #include "remoting/jingle_glue/xmpp_signal_strategy.h" | 71 #include "remoting/jingle_glue/xmpp_signal_strategy.h" |
70 #include "remoting/protocol/me2me_host_authenticator_factory.h" | 72 #include "remoting/protocol/me2me_host_authenticator_factory.h" |
71 | 73 |
72 #if defined(OS_POSIX) | 74 #if defined(OS_POSIX) |
73 #include <signal.h> | 75 #include <signal.h> |
74 #include "base/file_descriptor_posix.h" | 76 #include "base/file_descriptor_posix.h" |
75 #include "remoting/host/pam_authorization_factory_posix.h" | 77 #include "remoting/host/pam_authorization_factory_posix.h" |
76 #include "remoting/host/posix/signal_handler.h" | 78 #include "remoting/host/posix/signal_handler.h" |
77 #endif // defined(OS_POSIX) | 79 #endif // defined(OS_POSIX) |
(...skipping 120 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
198 | 200 |
199 // Applies the host config, returning true if successful. | 201 // Applies the host config, returning true if successful. |
200 bool ApplyConfig(scoped_ptr<JsonHostConfig> config); | 202 bool ApplyConfig(scoped_ptr<JsonHostConfig> config); |
201 | 203 |
202 void OnPolicyUpdate(scoped_ptr<base::DictionaryValue> policies); | 204 void OnPolicyUpdate(scoped_ptr<base::DictionaryValue> policies); |
203 bool OnHostDomainPolicyUpdate(const std::string& host_domain); | 205 bool OnHostDomainPolicyUpdate(const std::string& host_domain); |
204 bool OnUsernamePolicyUpdate(bool username_match_required); | 206 bool OnUsernamePolicyUpdate(bool username_match_required); |
205 bool OnNatPolicyUpdate(bool nat_traversal_enabled); | 207 bool OnNatPolicyUpdate(bool nat_traversal_enabled); |
206 bool OnCurtainPolicyUpdate(bool curtain_required); | 208 bool OnCurtainPolicyUpdate(bool curtain_required); |
207 bool OnHostTalkGadgetPrefixPolicyUpdate(const std::string& talkgadget_prefix); | 209 bool OnHostTalkGadgetPrefixPolicyUpdate(const std::string& talkgadget_prefix); |
210 bool OnHostTokenUrlPolicyUpdate(const GURL& token_url, | |
211 const GURL& token_validation_url); | |
208 | 212 |
209 void StartHost(); | 213 void StartHost(); |
210 | 214 |
211 void OnAuthFailed(); | 215 void OnAuthFailed(); |
212 | 216 |
213 void OnCurtainModeFailed(); | 217 void OnCurtainModeFailed(); |
214 | 218 |
215 void OnRemoteSessionSwitchedToConsole(); | 219 void OnRemoteSessionSwitchedToConsole(); |
216 | 220 |
217 // Invoked when the user uses the Disconnect windows to terminate | 221 // Invoked when the user uses the Disconnect windows to terminate |
(...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
261 std::string xmpp_login_; | 265 std::string xmpp_login_; |
262 std::string xmpp_auth_token_; | 266 std::string xmpp_auth_token_; |
263 std::string xmpp_auth_service_; | 267 std::string xmpp_auth_service_; |
264 scoped_ptr<policy_hack::PolicyWatcher> policy_watcher_; | 268 scoped_ptr<policy_hack::PolicyWatcher> policy_watcher_; |
265 bool allow_nat_traversal_; | 269 bool allow_nat_traversal_; |
266 std::string talkgadget_prefix_; | 270 std::string talkgadget_prefix_; |
267 | 271 |
268 scoped_ptr<CurtainMode> curtain_; | 272 scoped_ptr<CurtainMode> curtain_; |
269 scoped_ptr<CurtainingHostObserver> curtaining_host_observer_; | 273 scoped_ptr<CurtainingHostObserver> curtaining_host_observer_; |
270 bool curtain_required_; | 274 bool curtain_required_; |
275 GURL token_url_; | |
276 GURL token_validation_url_; | |
271 | 277 |
272 scoped_ptr<XmppSignalStrategy> signal_strategy_; | 278 scoped_ptr<XmppSignalStrategy> signal_strategy_; |
273 scoped_ptr<SignalingConnector> signaling_connector_; | 279 scoped_ptr<SignalingConnector> signaling_connector_; |
274 scoped_ptr<HeartbeatSender> heartbeat_sender_; | 280 scoped_ptr<HeartbeatSender> heartbeat_sender_; |
275 scoped_ptr<HostChangeNotificationListener> host_change_notification_listener_; | 281 scoped_ptr<HostChangeNotificationListener> host_change_notification_listener_; |
276 scoped_ptr<LogToServer> log_to_server_; | 282 scoped_ptr<LogToServer> log_to_server_; |
277 scoped_ptr<HostEventLogger> host_event_logger_; | 283 scoped_ptr<HostEventLogger> host_event_logger_; |
278 | 284 |
279 // Created on the UI thread and used on the network thread. | 285 // Created on the UI thread and used on the network thread. |
280 scoped_ptr<HostUserInterface> host_user_interface_; | 286 scoped_ptr<HostUserInterface> host_user_interface_; |
(...skipping 194 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
475 if (state_ != HOST_STARTED) | 481 if (state_ != HOST_STARTED) |
476 return; | 482 return; |
477 | 483 |
478 std::string local_certificate = key_pair_->GenerateCertificate(); | 484 std::string local_certificate = key_pair_->GenerateCertificate(); |
479 if (local_certificate.empty()) { | 485 if (local_certificate.empty()) { |
480 LOG(ERROR) << "Failed to generate host certificate."; | 486 LOG(ERROR) << "Failed to generate host certificate."; |
481 ShutdownHost(kInitializationFailed); | 487 ShutdownHost(kInitializationFailed); |
482 return; | 488 return; |
483 } | 489 } |
484 | 490 |
491 // Create the validator factory for third-party token authentication. | |
492 scoped_ptr<protocol::ThirdPartyHostAuthenticator::TokenValidatorFactory> | |
493 token_validator_factory(new UrlFetcherTokenValidatorFactory( | |
494 token_url_, token_validation_url_, key_pair_, | |
495 context_->url_request_context_getter())); | |
496 | |
485 scoped_ptr<protocol::AuthenticatorFactory> factory( | 497 scoped_ptr<protocol::AuthenticatorFactory> factory( |
486 new protocol::Me2MeHostAuthenticatorFactory( | 498 new protocol::Me2MeHostAuthenticatorFactory( |
487 local_certificate, key_pair_, host_secret_hash_)); | 499 local_certificate, key_pair_, host_secret_hash_, |
500 token_validator_factory.Pass())); | |
501 | |
488 #if defined(OS_POSIX) | 502 #if defined(OS_POSIX) |
489 // On Linux and Mac, perform a PAM authorization step after authentication. | 503 // On Linux and Mac, perform a PAM authorization step after authentication. |
490 factory.reset(new PamAuthorizationFactory(factory.Pass())); | 504 factory.reset(new PamAuthorizationFactory(factory.Pass())); |
491 #endif | 505 #endif |
492 host_->SetAuthenticatorFactory(factory.Pass()); | 506 host_->SetAuthenticatorFactory(factory.Pass()); |
493 } | 507 } |
494 | 508 |
495 // IPC::Listener implementation. | 509 // IPC::Listener implementation. |
496 bool HostProcess::OnMessageReceived(const IPC::Message& message) { | 510 bool HostProcess::OnMessageReceived(const IPC::Message& message) { |
497 DCHECK(context_->ui_task_runner()->BelongsToCurrentThread()); | 511 DCHECK(context_->ui_task_runner()->BelongsToCurrentThread()); |
(...skipping 237 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
735 if (policies->GetString( | 749 if (policies->GetString( |
736 policy_hack::PolicyWatcher::kHostTalkGadgetPrefixPolicyName, | 750 policy_hack::PolicyWatcher::kHostTalkGadgetPrefixPolicyName, |
737 &string_value)) { | 751 &string_value)) { |
738 restart_required |= OnHostTalkGadgetPrefixPolicyUpdate(string_value); | 752 restart_required |= OnHostTalkGadgetPrefixPolicyUpdate(string_value); |
739 } | 753 } |
740 if (policies->GetBoolean( | 754 if (policies->GetBoolean( |
741 policy_hack::PolicyWatcher::kHostRequireCurtainPolicyName, | 755 policy_hack::PolicyWatcher::kHostRequireCurtainPolicyName, |
742 &bool_value)) { | 756 &bool_value)) { |
743 restart_required |= OnCurtainPolicyUpdate(bool_value); | 757 restart_required |= OnCurtainPolicyUpdate(bool_value); |
744 } | 758 } |
759 std::string token_url_string, token_validation_url_string; | |
760 if (policies->GetString( | |
Sergey Ulanov
2013/04/05 20:28:34
not related to this CL, so not worth fixing here:
rmsousa
2013/04/06 00:37:25
Done.
| |
761 policy_hack::PolicyWatcher::kHostTokenUrlPolicyName, | |
762 &token_url_string) && | |
763 policies->GetString( | |
764 policy_hack::PolicyWatcher::kHostTokenValidationUrlPolicyName, | |
765 &token_validation_url_string)) { | |
766 restart_required |= OnHostTokenUrlPolicyUpdate( | |
767 GURL(token_url_string), GURL(token_validation_url_string)); | |
768 } | |
745 | 769 |
746 if (state_ == HOST_INITIALIZING) { | 770 if (state_ == HOST_INITIALIZING) { |
747 StartHost(); | 771 StartHost(); |
748 } else if (state_ == HOST_STARTED && restart_required) { | 772 } else if (state_ == HOST_STARTED && restart_required) { |
749 RestartHost(); | 773 RestartHost(); |
750 } | 774 } |
751 } | 775 } |
752 | 776 |
753 bool HostProcess::OnHostDomainPolicyUpdate(const std::string& host_domain) { | 777 bool HostProcess::OnHostDomainPolicyUpdate(const std::string& host_domain) { |
754 // Returns true if the host has to be restarted after this policy update. | 778 // Returns true if the host has to be restarted after this policy update. |
(...skipping 103 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
858 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); | 882 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); |
859 | 883 |
860 if (talkgadget_prefix != talkgadget_prefix_) { | 884 if (talkgadget_prefix != talkgadget_prefix_) { |
861 LOG(INFO) << "Policy sets talkgadget prefix: " << talkgadget_prefix; | 885 LOG(INFO) << "Policy sets talkgadget prefix: " << talkgadget_prefix; |
862 talkgadget_prefix_ = talkgadget_prefix; | 886 talkgadget_prefix_ = talkgadget_prefix; |
863 return true; | 887 return true; |
864 } | 888 } |
865 return false; | 889 return false; |
866 } | 890 } |
867 | 891 |
892 bool HostProcess::OnHostTokenUrlPolicyUpdate( | |
893 const GURL& token_url, | |
894 const GURL& token_validation_url) { | |
895 // Returns true if the host has to be restarted after this policy update. | |
896 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); | |
897 | |
898 if (token_url_ != token_url || | |
899 token_validation_url_ != token_validation_url) { | |
900 if (token_url.is_empty() && token_validation_url.is_empty()) { | |
901 LOG(INFO) << "Policy disables third-party authentication"; | |
902 } else if ((!token_url.is_valid() || !token_validation_url.is_valid())) { | |
903 LOG(ERROR) << "One of the third-party token URLs is empty or invalid. " | |
904 << "TokenUrl: " << token_url << ", " | |
Sergey Ulanov
2013/04/05 20:28:34
nit: << should be aligned with << on the previous
rmsousa
2013/04/06 00:37:25
Done.
| |
905 << "TokenValidationUrl: " << token_validation_url; | |
906 } else { | |
907 LOG(INFO) << "Policy sets third-party token URLs: " | |
908 << "TokenUrl: " << token_url << ", " | |
909 << "TokenValidationUrl: " << token_validation_url; | |
910 } | |
911 | |
912 token_url_ = token_url; | |
913 token_validation_url_ = token_validation_url; | |
914 return true; | |
915 } | |
916 | |
917 return false; | |
918 } | |
919 | |
868 void HostProcess::StartHost() { | 920 void HostProcess::StartHost() { |
869 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); | 921 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); |
870 DCHECK(!host_); | 922 DCHECK(!host_); |
871 DCHECK(!signal_strategy_.get()); | 923 DCHECK(!signal_strategy_.get()); |
872 DCHECK(state_ == HOST_INITIALIZING || state_ == HOST_STOPPING_TO_RESTART || | 924 DCHECK(state_ == HOST_INITIALIZING || state_ == HOST_STOPPING_TO_RESTART || |
873 state_ == HOST_STOPPED) << state_; | 925 state_ == HOST_STOPPED) << state_; |
874 state_ = HOST_STARTED; | 926 state_ = HOST_STARTED; |
875 | 927 |
876 signal_strategy_.reset( | 928 signal_strategy_.reset( |
877 new XmppSignalStrategy(context_->url_request_context_getter(), | 929 new XmppSignalStrategy(context_->url_request_context_getter(), |
(...skipping 239 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1117 return exit_code; | 1169 return exit_code; |
1118 } | 1170 } |
1119 | 1171 |
1120 } // namespace remoting | 1172 } // namespace remoting |
1121 | 1173 |
1122 #if !defined(OS_WIN) | 1174 #if !defined(OS_WIN) |
1123 int main(int argc, char** argv) { | 1175 int main(int argc, char** argv) { |
1124 return remoting::HostMain(argc, argv); | 1176 return remoting::HostMain(argc, argv); |
1125 } | 1177 } |
1126 #endif // !defined(OS_WIN) | 1178 #endif // !defined(OS_WIN) |
OLD | NEW |