Index: remoting/host/remoting_me2me_host.cc |
diff --git a/remoting/host/remoting_me2me_host.cc b/remoting/host/remoting_me2me_host.cc |
index 033d9d82b9c2ae28ecfb7168bbba35e579d730ff..7501e50f657f1b0ae31227e5c539240641e79543 100644 |
--- a/remoting/host/remoting_me2me_host.cc |
+++ b/remoting/host/remoting_me2me_host.cc |
@@ -54,6 +54,7 @@ |
#include "remoting/host/host_config.h" |
#include "remoting/host/host_event_logger.h" |
#include "remoting/host/host_exit_codes.h" |
+#include "remoting/host/host_token_validator_factory.h" |
#include "remoting/host/host_user_interface.h" |
#include "remoting/host/ipc_constants.h" |
#include "remoting/host/ipc_desktop_environment.h" |
@@ -69,6 +70,7 @@ |
#include "remoting/host/ui_strings.h" |
#include "remoting/host/usage_stats_consent.h" |
#include "remoting/jingle_glue/xmpp_signal_strategy.h" |
+#include "remoting/protocol/key_pair.h" |
#include "remoting/protocol/me2me_host_authenticator_factory.h" |
#if defined(OS_POSIX) |
@@ -241,6 +243,8 @@ class HostProcess |
bool OnNatPolicyUpdate(bool nat_traversal_enabled); |
bool OnCurtainPolicyUpdate(bool curtain_required); |
bool OnHostTalkGadgetPrefixPolicyUpdate(const std::string& talkgadget_prefix); |
+ bool OnHostTokenUrlPolicyUpdate(const std::string& token_issue_url, |
+ const std::string& token_verification_url); |
void StartHost(); |
@@ -304,9 +308,12 @@ class HostProcess |
scoped_ptr<CurtainMode> curtain_; |
scoped_ptr<CurtainingHostObserver> curtaining_host_observer_; |
bool curtain_required_; |
+ std::string token_issue_url_; |
+ std::string token_verification_url_; |
scoped_ptr<DesktopResizer> desktop_resizer_; |
scoped_ptr<ResizingHostObserver> resizing_host_observer_; |
+ scoped_ptr<HostTokenValidatorFactory> host_token_validator_factory_; |
scoped_ptr<XmppSignalStrategy> signal_strategy_; |
scoped_ptr<SignalingConnector> signaling_connector_; |
scoped_ptr<HeartbeatSender> heartbeat_sender_; |
@@ -352,6 +359,9 @@ HostProcess::HostProcess(scoped_ptr<ChromotingHostContext> context, |
base::Bind(&HostProcess::OnCurtainModeFailed, |
base::Unretained(this))); |
+ host_token_validator_factory_.reset( |
Wez
2013/03/06 01:01:08
nit: Comment e.g. "Create factory for third-party
rmsousa
2013/03/25 22:45:58
Done.
|
+ new HostTokenValidatorFactory(context_->url_request_context_getter())); |
+ |
StartOnUiThread(); |
} |
@@ -524,7 +534,8 @@ void HostProcess::CreateAuthenticatorFactory() { |
scoped_ptr<protocol::AuthenticatorFactory> factory( |
new protocol::Me2MeHostAuthenticatorFactory( |
local_certificate, key_pair_.Copy(), host_secret_hash_, |
- "", "", NULL)); |
+ token_issue_url_, token_verification_url_, |
+ host_token_validator_factory_.get())); |
Wez
2013/03/06 01:01:08
Remind me, will this become Pass()?
rmsousa
2013/03/25 22:45:58
"It's complicated". Basically, NegotiatingAuthenti
|
#if defined(OS_POSIX) |
// On Linux and Mac, perform a PAM authorization step after authentication. |
factory.reset(new PamAuthorizationFactory(factory.Pass())); |
@@ -767,7 +778,18 @@ void HostProcess::OnPolicyUpdate(scoped_ptr<base::DictionaryValue> policies) { |
&bool_value)) { |
restart_required |= OnCurtainPolicyUpdate(bool_value); |
} |
+ std::string token_issue_url, token_verification_url; |
+ if (policies->GetString( |
+ policy_hack::PolicyWatcher::kHostTokenIssueUrlPolicyName, |
+ &token_issue_url) && |
+ policies->GetString( |
+ policy_hack::PolicyWatcher::kHostTokenVerificationUrlPolicyName, |
+ &token_verification_url)) { |
+ restart_required |= OnHostTokenUrlPolicyUpdate(token_issue_url, |
+ token_verification_url); |
+ } |
+ // TODO(rmsousa): Read token URL policies. |
Wez
2013/03/06 01:01:08
Remove this TODO
rmsousa
2013/03/25 22:45:58
Done.
|
if (state_ == HOST_INITIALIZING) { |
StartHost(); |
} else if (state_ == HOST_STARTED && restart_required) { |
@@ -880,6 +902,30 @@ bool HostProcess::OnHostTalkGadgetPrefixPolicyUpdate( |
return false; |
} |
+bool HostProcess::OnHostTokenUrlPolicyUpdate( |
+ const std::string& token_issue_url, |
+ const std::string& token_verification_url) { |
+ // Returns true if the host has to be restarted after this policy update. |
+ DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); |
+ |
+ if (token_issue_url != token_issue_url_ || |
+ token_verification_url != token_verification_url_) { |
+ LOG(INFO) << "Policy sets token urls: " << token_issue_url << ", " << |
+ token_verification_url; |
+ if ((token_issue_url.empty() || token_verification_url.empty()) && |
+ token_issue_url != token_verification_url) { |
Wez
2013/03/06 01:01:08
I think it's clearer to structure this with a chec
rmsousa
2013/03/25 22:45:58
Done.
|
+ LOG(ERROR) << |
+ "Only one token URL set. Token authentication will be disabled. " << |
+ "TokenIssueUrl: " << token_issue_url << ", " |
+ "TokenVerificationUrl: " << token_verification_url; |
+ } |
Wez
2013/03/06 01:01:08
nit: Blank line after this.
rmsousa
2013/03/25 22:45:58
Done.
|
+ token_issue_url_ = token_issue_url; |
+ token_verification_url_ = token_verification_url; |
Wez
2013/03/06 01:01:08
nit: Blank line after this
rmsousa
2013/03/25 22:45:58
Done.
|
+ return true; |
+ } |
+ return false; |
+} |
+ |
void HostProcess::StartHost() { |
DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); |
DCHECK(!host_); |