Chromium Code Reviews Chromium Code Reviews
Issue 138753005:
Add gnubby authentication to remoting host (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| (Empty) | |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "remoting/host/gnubby_auth_handler.h" | |
| 6 | |
| 7 #include "base/file_util.h" | |
| 8 #include "base/json/json_reader.h" | |
| 9 #include "base/lazy_instance.h" | |
| 10 #include "base/strings/string_number_conversions.h" | |
| 11 #include "base/values.h" | |
| 12 #include "net/socket/unix_domain_socket_posix.h" | |
| 13 #include "remoting/base/logging.h" | |
| 14 #include "remoting/host/gnubby_utils.h" | |
| 15 #include "remoting/proto/control.pb.h" | |
| 16 #include "remoting/protocol/client_stub.h" | |
| 17 | |
| 18 namespace remoting { | |
| 19 | |
| 20 namespace { | |
| 21 | |
| 22 // The name of the socket to listen for gnubby requests on. | |
| 23 base::LazyInstance<base::FilePath>::Leaky g_gnubby_socket_name = | |
| 24 LAZY_INSTANCE_INITIALIZER; | |
| 25 | |
| 26 // STL predicate to match by a StreamListenSocket pointer. | |
| 27 class CompareSocket { | |
| 28 public: | |
| 29 explicit CompareSocket(net::StreamListenSocket* socket) : socket_(socket) {} | |
| 30 | |
| 31 bool operator()(const std::pair<net::StreamListenSocket*, int> element) | |
| 32 const { | |
| 33 return socket_ == element.first; | |
| 34 } | |
| 35 | |
| 36 private: | |
| 37 net::StreamListenSocket* socket_; | |
| 38 }; | |
| 39 | |
| 40 // STL predicate to match by a connection id. | |
| 41 class CompareConnection { | |
| 42 public: | |
| 43 explicit CompareConnection(int connection_id) | |
| 44 : connection_id_(connection_id) {} | |
| 45 | |
| 46 bool operator()(const std::pair<net::StreamListenSocket*, int> element) | |
| 47 const { | |
| 48 return connection_id_ == element.second; | |
| 49 } | |
| 50 | |
| 51 private: | |
| 52 int connection_id_; | |
| 53 }; | |
| 54 | |
| 55 } // namespace | |
| 56 | |
| 57 GnubbyAuthHandler::GnubbyAuthHandler(protocol::ClientStub* client_stub) | |
| 58 : client_stub_(client_stub), current_connection_id_(0) { | |
| 59 DCHECK(client_stub_); | |
| 60 } | |
| 61 | |
| 62 GnubbyAuthHandler::~GnubbyAuthHandler() { | |
| 63 for (ActiveSockets::iterator iter = active_sockets_.begin(); | |
|
Sergey Ulanov
2014/02/09 22:29:54
STLDeleteContainerPairFirstPointers() from stl_uti
psj
2014/02/10 22:57:22
Done.
| |
| 64 iter != active_sockets_.end(); | |
| 65 ++iter) { | |
| 66 delete iter->first; | |
| 67 } | |
| 68 } | |
| 69 | |
| 70 void GnubbyAuthHandler::DidAccept(net::StreamListenSocket* server, | |
| 71 scoped_ptr<net::StreamListenSocket> socket) { | |
| 72 DCHECK(CalledOnValidThread()); | |
| 73 | |
| 74 active_sockets_.push_back( | |
| 75 std::make_pair(socket.release(), ++current_connection_id_)); | |
| 76 } | |
| 77 | |
| 78 void GnubbyAuthHandler::DidRead(net::StreamListenSocket* socket, | |
| 79 const char* data, | |
| 80 int len) { | |
| 81 DCHECK(CalledOnValidThread()); | |
| 82 | |
| 83 ActiveSockets::iterator iter = std::find_if( | |
| 84 active_sockets_.begin(), active_sockets_.end(), CompareSocket(socket)); | |
| 85 if (iter != active_sockets_.end()) { | |
| 86 std::string json; | |
| 87 if (GnubbyUtils::GetJsonFromRequest(data, len, &json)) { | |
| 88 HOST_LOG << "Received gnubby request"; | |
| 89 DeliverHostDataMessage(iter->second, json); | |
| 90 } else { | |
| 91 HOST_LOG << "Could not decode blob"; | |
| 92 } | |
| 93 } | |
| 94 } | |
| 95 | |
| 96 void GnubbyAuthHandler::DidClose(net::StreamListenSocket* socket) { | |
| 97 DCHECK(CalledOnValidThread()); | |
| 98 | |
| 99 ActiveSockets::iterator iter = std::find_if( | |
| 100 active_sockets_.begin(), active_sockets_.end(), CompareSocket(socket)); | |
| 101 if (iter != active_sockets_.end()) { | |
| 102 delete iter->first; | |
| 103 active_sockets_.erase(iter); | |
| 104 } | |
| 105 } | |
| 106 | |
| 107 void GnubbyAuthHandler::DeliverClientMessage(const std::string message) { | |
| 108 DCHECK(CalledOnValidThread()); | |
| 109 | |
| 110 scoped_ptr<base::Value> value(base::JSONReader::Read(message)); | |
| 111 base::ListValue* list = NULL; | |
| 112 bool result = value->GetAsList(&list); | |
| 113 | |
| 114 std::string auth_message_type; | |
| 115 result = result && list->GetString(0, &auth_message_type); | |
| 116 if (result && auth_message_type == "control") { | |
| 117 std::string payload; | |
| 118 result = list->GetString(1, &payload); | |
| 119 if (result && payload == "auth-v1") { | |
| 120 CreateAuthorizationSocket(); | |
| 121 } | |
| 122 } else if (result && auth_message_type == "data") { | |
| 123 std::string connection_id_str; | |
| 124 std::string payload; | |
| 125 result = list->GetString(1, &connection_id_str); | |
| 126 result = result && list->GetString(2, &payload); | |
| 127 if (result) { | |
| 128 int connection_id = 0; | |
| 129 base::StringToInt(connection_id_str, &connection_id); | |
| 130 | |
| 131 ActiveSockets::iterator iter = | |
| 132 std::find_if(active_sockets_.begin(), | |
| 133 active_sockets_.end(), | |
| 134 CompareConnection(connection_id)); | |
| 135 if (iter != active_sockets_.end()) { | |
| 136 HOST_LOG << "Sending gnubby response"; | |
| 137 | |
| 138 std::string reply; | |
| 139 GnubbyUtils::GetResponseFromJson(payload, &reply); | |
| 140 | |
| 141 iter->first->Send(reply); | |
| 142 } | |
| 143 } | |
| 144 } | |
| 145 } | |
| 146 | |
| 147 void GnubbyAuthHandler::DeliverHostControlMessage( | |
| 148 const std::string control_type, | |
| 149 const std::string data) const { | |
| 150 DCHECK(CalledOnValidThread()); | |
| 151 | |
| 152 protocol::ExtensionMessage message; | |
| 153 message.set_type("gnubby-auth"); | |
| 154 message.set_data("control " + control_type + " " + data); | |
|
Sergey Ulanov
2014/02/09 22:29:54
It seems strange to use JSON to encode message typ
psj
2014/02/10 22:57:22
They aren't so different as they are both a space-
Sergey Ulanov
2014/02/11 08:20:37
I was pointing at DeliverClientMessage() - that me
psj
2014/02/12 09:01:01
Ah, I see what you mean now. This is due to the ex
| |
| 155 | |
| 156 client_stub_->DeliverHostMessage(message); | |
| 157 } | |
| 158 | |
| 159 void GnubbyAuthHandler::DeliverHostDataMessage(int connection_id, | |
| 160 const std::string data) const { | |
| 161 DCHECK(CalledOnValidThread()); | |
| 162 | |
| 163 protocol::ExtensionMessage message; | |
| 164 message.set_type("gnubby-auth"); | |
| 165 message.set_data("data " + base::IntToString(connection_id) + " " + data); | |
| 166 | |
| 167 client_stub_->DeliverHostMessage(message); | |
| 168 } | |
| 169 | |
| 170 void GnubbyAuthHandler::SetGnubbySocketName(base::FilePath gnubby_socket_name) { | |
| 171 g_gnubby_socket_name.Get() = gnubby_socket_name; | |
| 172 } | |
| 173 | |
| 174 bool GnubbyAuthHandler::HasActiveSocketForTesting( | |
| 175 net::StreamListenSocket* socket) const { | |
| 176 return std::find_if(active_sockets_.begin(), | |
| 177 active_sockets_.end(), | |
| 178 CompareSocket(socket)) != active_sockets_.end(); | |
| 179 } | |
| 180 | |
| 181 void GnubbyAuthHandler::CreateAuthorizationSocket() { | |
| 182 DCHECK(CalledOnValidThread()); | |
| 183 | |
| 184 if (!g_gnubby_socket_name.Get().empty()) { | |
| 185 // If the file already exists, a socket in use error is returned. | |
| 186 base::DeleteFile(g_gnubby_socket_name.Get(), false); | |
| 187 | |
| 188 HOST_LOG << "Listening for gnubby requests on " | |
| 189 << g_gnubby_socket_name.Get().value(); | |
| 190 | |
| 191 auth_socket_ = net::UnixDomainSocket::CreateAndListen( | |
| 192 g_gnubby_socket_name.Get().value(), | |
| 193 this, | |
| 194 net::UnixDomainSocket::NoAuthentication()); | |
| 195 if (!auth_socket_.get()) { | |
| 196 HOST_LOG << "Failed to open socket for gnubby requests"; | |
| 197 } | |
| 198 } else { | |
| 199 HOST_LOG << "No gnubby socket name specified"; | |
| 200 } | |
| 201 } | |
| 202 | |
| 203 } // namespace remoting | |
| OLD | NEW |
