Add gnubby authentication to remoting host

remoting/host/remoting_me2me_host.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 //
 // This file implements a standalone host process for Me2Me.
 
 #include <string>
 
 #include "base/at_exit.h"
 #include "base/bind.h"
@@ skipping 88 matching lines @@
 #include "ui/gfx/gtk_util.h"
 #endif  // defined(TOOLKIT_GTK)
 
 // This is used for tagging system event logs.
 const char kApplicationName[] = "chromoting";
 
 #if defined(OS_LINUX)
 // The command line switch used to pass name of the pipe to capture audio on
 // linux.
 const char kAudioPipeSwitchName[] = "audio-pipe-name";
+
+// The command line switch used to pass name of the unix domain socket used to
+// listen for gnubby requests.
+const char kAuthSocknameSwitchName[] = "ssh-auth-sockname";

[Sergey Ulanov, 2014/02/09 22:29:54]

can it be called gnubby-auth-sockname (because it has nothing to do with SSH).

[psj, 2014/02/10 22:57:22]

I proposed a name with gnubby, but Wez preferred this as it matches the value of
the SSH_AUTH_SOCK environment variable set in the script.

 #endif  // defined(OS_LINUX)
 
 // The command line switch used by the parent to request the host to signal it
 // when it is successfully started.
 const char kSignalParentSwitchName[] = "signal-parent";
 
 // Value used for --host-config option to indicate that the path must be read
 // from stdin.
 const char kStdinConfigPath[] = "-";
 
@@ skipping 90 matching lines @@
   bool OnUsernamePolicyUpdate(bool curtain_required,
                               bool username_match_required);
   bool OnNatPolicyUpdate(bool nat_traversal_enabled);
   void OnCurtainPolicyUpdate(bool curtain_required);
   bool OnHostTalkGadgetPrefixPolicyUpdate(const std::string& talkgadget_prefix);
   bool OnHostTokenUrlPolicyUpdate(
       const GURL& token_url,
       const GURL& token_validation_url,
       const std::string& token_validation_cert_issuer);
   bool OnPairingPolicyUpdate(bool pairing_enabled);
+  bool OnGnubbyAuthPolicyUpdate(bool enable_gnubby_auth);
 
   void StartHost();
 
   void OnAuthFailed();
 
   void RestartHost();
 
   // Stops the host and shuts down the process with the specified |exit_code|.
   void ShutdownHost(HostExitCodes exit_code);
 
@@ skipping 37 matching lines @@
   std::string serialized_config_;
   std::string host_owner_;
   bool use_service_account_;
   scoped_ptr<policy_hack::PolicyWatcher> policy_watcher_;
   bool allow_nat_traversal_;
   std::string talkgadget_prefix_;
   bool allow_pairing_;
 
   bool curtain_required_;
   ThirdPartyAuthConfig third_party_auth_config_;
+  bool enable_gnubby_auth_;
 
   scoped_ptr<XmppSignalStrategy> signal_strategy_;
   scoped_ptr<SignalingConnector> signaling_connector_;
   scoped_ptr<HeartbeatSender> heartbeat_sender_;
   scoped_ptr<HostStatusSender> host_status_sender_;
   scoped_ptr<HostChangeNotificationListener> host_change_notification_listener_;
   scoped_ptr<LogToServer> log_to_server_;
   scoped_ptr<HostEventLogger> host_event_logger_;
 
   scoped_ptr<ChromotingHost> host_;
@@ skipping 10 matching lines @@
 };
 
 HostProcess::HostProcess(scoped_ptr<ChromotingHostContext> context,
                          int* exit_code_out)
     : context_(context.Pass()),
       state_(HOST_INITIALIZING),
       use_service_account_(false),
       allow_nat_traversal_(true),
       allow_pairing_(true),
       curtain_required_(false),
+      enable_gnubby_auth_(false),
 #if defined(REMOTING_MULTI_PROCESS)
       desktop_session_connector_(NULL),
 #endif  // defined(REMOTING_MULTI_PROCESS)
       self_(this),
       exit_code_out_(exit_code_out),
       signal_parent_(false) {
   StartOnUiThread();
 }
 
 HostProcess::~HostProcess() {
@@ skipping 284 matching lines @@
 
 #if defined(OS_LINUX)
   // If an audio pipe is specific on the command-line then initialize
   // AudioCapturerLinux to capture from it.
   base::FilePath audio_pipe_name = CommandLine::ForCurrentProcess()->
       GetSwitchValuePath(kAudioPipeSwitchName);
   if (!audio_pipe_name.empty()) {
     remoting::AudioCapturerLinux::InitializePipeReader(
         context_->audio_task_runner(), audio_pipe_name);
   }
+
+  base::FilePath gnubby_socket_name_name = CommandLine::ForCurrentProcess()->
+      GetSwitchValuePath(kAuthSocknameSwitchName);
+  if (!gnubby_socket_name_name.empty()) {
+    remoting::GnubbyAuthHandler::SetGnubbySocketName(gnubby_socket_name_name);
+  }
 #endif  // defined(OS_LINUX)
 
   // Create a desktop environment factory appropriate to the build type &
   // platform.
 #if defined(OS_WIN)
   IpcDesktopEnvironmentFactory* desktop_environment_factory =
       new IpcDesktopEnvironmentFactory(
           context_->audio_task_runner(),
           context_->network_task_runner(),
           context_->video_capture_task_runner(),
@@ skipping 173 matching lines @@
           &token_validation_cert_issuer)) {
     restart_required |= OnHostTokenUrlPolicyUpdate(
         GURL(token_url_string), GURL(token_validation_url_string),
         token_validation_cert_issuer);
   }
   if (policies->GetBoolean(
           policy_hack::PolicyWatcher::kHostAllowClientPairing,
           &bool_value)) {
     restart_required |= OnPairingPolicyUpdate(bool_value);
   }
+  if (policies->GetBoolean(
+          policy_hack::PolicyWatcher::kHostAllowGnubbyAuthPolicyName,
+          &bool_value)) {
+    restart_required |= OnGnubbyAuthPolicyUpdate(bool_value);
+  }
 
   if (state_ == HOST_INITIALIZING) {
     StartHost();
   } else if (state_ == HOST_STARTED && restart_required) {
     RestartHost();
   }
 }
 
 bool HostProcess::OnHostDomainPolicyUpdate(const std::string& host_domain) {
   // Returns true if the host has to be restarted after this policy update.
@@ skipping 145 matching lines @@
     return false;
 
   if (allow_pairing)
     HOST_LOG << "Policy enables client pairing.";
   else
     HOST_LOG << "Policy disables client pairing.";
   allow_pairing_ = allow_pairing;
   return true;
 }
 
+bool HostProcess::OnGnubbyAuthPolicyUpdate(bool enable_gnubby_auth) {
+  DCHECK(context_->network_task_runner()->BelongsToCurrentThread());
+
+  if (enable_gnubby_auth_ == enable_gnubby_auth)
+    return false;
+
+  if (enable_gnubby_auth) {
+    HOST_LOG << "Policy enables gnubby auth.";
+  } else {
+    HOST_LOG << "Policy disables gnubby auth.";
+  }
+  enable_gnubby_auth_ = enable_gnubby_auth;
+
+  return true;
+}
+
 void HostProcess::StartHost() {
   DCHECK(context_->network_task_runner()->BelongsToCurrentThread());
   DCHECK(!host_);
   DCHECK(!signal_strategy_.get());
   DCHECK(state_ == HOST_INITIALIZING || state_ == HOST_STOPPING_TO_RESTART ||
          state_ == HOST_STOPPED) << state_;
   state_ = HOST_STARTED;
 
   signal_strategy_.reset(
       new XmppSignalStrategy(net::ClientSocketFactory::GetDefaultFactory(),
@@ skipping 64 matching lines @@
   // Set up repoting the host status notifications.
 #if defined(REMOTING_MULTI_PROCESS)
   host_event_logger_.reset(
       new IpcHostEventLogger(host_->AsWeakPtr(), daemon_channel_.get()));
 #else  // !defined(REMOTING_MULTI_PROCESS)
   host_event_logger_ =
       HostEventLogger::Create(host_->AsWeakPtr(), kApplicationName);
 #endif  // !defined(REMOTING_MULTI_PROCESS)
 
   host_->SetEnableCurtaining(curtain_required_);
+  host_->SetEnableGnubbyAuth(enable_gnubby_auth_);
   host_->Start(host_owner_);
 
   CreateAuthenticatorFactory();
 }
 
 void HostProcess::OnAuthFailed() {
   ShutdownHost(kInvalidOauthCredentialsExitCode);
 }
 
 void HostProcess::RestartHost() {
@@ skipping 127 matching lines @@
   return exit_code;
 }
 
 }  // namespace remoting
 
 #if !defined(OS_WIN)
 int main(int argc, char** argv) {
   return remoting::HostMain(argc, argv);
 }
 #endif  // !defined(OS_WIN)