Chromium Code Reviews Chromium Code Reviews
Issue 138753005:
Add gnubby authentication to remoting host (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 // | 4 // |
| 5 // This file implements a standalone host process for Me2Me. | 5 // This file implements a standalone host process for Me2Me. |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 | 8 |
| 9 #include "base/at_exit.h" | 9 #include "base/at_exit.h" |
| 10 #include "base/bind.h" | 10 #include "base/bind.h" |
| (...skipping 88 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 99 #include "ui/gfx/gtk_util.h" | 99 #include "ui/gfx/gtk_util.h" |
| 100 #endif // defined(TOOLKIT_GTK) | 100 #endif // defined(TOOLKIT_GTK) |
| 101 | 101 |
| 102 // This is used for tagging system event logs. | 102 // This is used for tagging system event logs. |
| 103 const char kApplicationName[] = "chromoting"; | 103 const char kApplicationName[] = "chromoting"; |
| 104 | 104 |
| 105 #if defined(OS_LINUX) | 105 #if defined(OS_LINUX) |
| 106 // The command line switch used to pass name of the pipe to capture audio on | 106 // The command line switch used to pass name of the pipe to capture audio on |
| 107 // linux. | 107 // linux. |
| 108 const char kAudioPipeSwitchName[] = "audio-pipe-name"; | 108 const char kAudioPipeSwitchName[] = "audio-pipe-name"; |
| 109 | |
| 110 // The command line switch used to pass name of the unix domain socket used to | |
| 111 // listen for gnubby requests. | |
| 112 const char kAuthSocknameSwitchName[] = "ssh-auth-sockname"; | |
| 109 #endif // defined(OS_LINUX) | 113 #endif // defined(OS_LINUX) |
| 110 | 114 |
| 111 // The command line switch used by the parent to request the host to signal it | 115 // The command line switch used by the parent to request the host to signal it |
| 112 // when it is successfully started. | 116 // when it is successfully started. |
| 113 const char kSignalParentSwitchName[] = "signal-parent"; | 117 const char kSignalParentSwitchName[] = "signal-parent"; |
| 114 | 118 |
| 115 // Value used for --host-config option to indicate that the path must be read | 119 // Value used for --host-config option to indicate that the path must be read |
| 116 // from stdin. | 120 // from stdin. |
| 117 const char kStdinConfigPath[] = "-"; | 121 const char kStdinConfigPath[] = "-"; |
| 118 | 122 |
| (...skipping 90 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 209 bool OnUsernamePolicyUpdate(bool curtain_required, | 213 bool OnUsernamePolicyUpdate(bool curtain_required, |
| 210 bool username_match_required); | 214 bool username_match_required); |
| 211 bool OnNatPolicyUpdate(bool nat_traversal_enabled); | 215 bool OnNatPolicyUpdate(bool nat_traversal_enabled); |
| 212 void OnCurtainPolicyUpdate(bool curtain_required); | 216 void OnCurtainPolicyUpdate(bool curtain_required); |
| 213 bool OnHostTalkGadgetPrefixPolicyUpdate(const std::string& talkgadget_prefix); | 217 bool OnHostTalkGadgetPrefixPolicyUpdate(const std::string& talkgadget_prefix); |
| 214 bool OnHostTokenUrlPolicyUpdate( | 218 bool OnHostTokenUrlPolicyUpdate( |
| 215 const GURL& token_url, | 219 const GURL& token_url, |
| 216 const GURL& token_validation_url, | 220 const GURL& token_validation_url, |
| 217 const std::string& token_validation_cert_issuer); | 221 const std::string& token_validation_cert_issuer); |
| 218 bool OnPairingPolicyUpdate(bool pairing_enabled); | 222 bool OnPairingPolicyUpdate(bool pairing_enabled); |
| 223 bool OnGnubbyAuthPolicyUpdate(bool enable_gnubby_auth); | |
| 219 | 224 |
| 220 void StartHost(); | 225 void StartHost(); |
| 221 | 226 |
| 222 void OnAuthFailed(); | 227 void OnAuthFailed(); |
| 223 | 228 |
| 224 void RestartHost(); | 229 void RestartHost(); |
| 225 | 230 |
| 226 // Stops the host and shuts down the process with the specified |exit_code|. | 231 // Stops the host and shuts down the process with the specified |exit_code|. |
| 227 void ShutdownHost(HostExitCodes exit_code); | 232 void ShutdownHost(HostExitCodes exit_code); |
| 228 | 233 |
| (...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 266 std::string serialized_config_; | 271 std::string serialized_config_; |
| 267 std::string host_owner_; | 272 std::string host_owner_; |
| 268 bool use_service_account_; | 273 bool use_service_account_; |
| 269 scoped_ptr<policy_hack::PolicyWatcher> policy_watcher_; | 274 scoped_ptr<policy_hack::PolicyWatcher> policy_watcher_; |
| 270 bool allow_nat_traversal_; | 275 bool allow_nat_traversal_; |
| 271 std::string talkgadget_prefix_; | 276 std::string talkgadget_prefix_; |
| 272 bool allow_pairing_; | 277 bool allow_pairing_; |
| 273 | 278 |
| 274 bool curtain_required_; | 279 bool curtain_required_; |
| 275 ThirdPartyAuthConfig third_party_auth_config_; | 280 ThirdPartyAuthConfig third_party_auth_config_; |
| 281 bool enable_gnubby_auth_; | |
| 276 | 282 |
| 277 scoped_ptr<XmppSignalStrategy> signal_strategy_; | 283 scoped_ptr<XmppSignalStrategy> signal_strategy_; |
| 278 scoped_ptr<SignalingConnector> signaling_connector_; | 284 scoped_ptr<SignalingConnector> signaling_connector_; |
| 279 scoped_ptr<HeartbeatSender> heartbeat_sender_; | 285 scoped_ptr<HeartbeatSender> heartbeat_sender_; |
| 280 scoped_ptr<HostStatusSender> host_status_sender_; | 286 scoped_ptr<HostStatusSender> host_status_sender_; |
| 281 scoped_ptr<HostChangeNotificationListener> host_change_notification_listener_; | 287 scoped_ptr<HostChangeNotificationListener> host_change_notification_listener_; |
| 282 scoped_ptr<LogToServer> log_to_server_; | 288 scoped_ptr<LogToServer> log_to_server_; |
| 283 scoped_ptr<HostEventLogger> host_event_logger_; | 289 scoped_ptr<HostEventLogger> host_event_logger_; |
| 284 | 290 |
| 285 scoped_ptr<ChromotingHost> host_; | 291 scoped_ptr<ChromotingHost> host_; |
| (...skipping 10 matching lines...) Expand all Loading... | |
| 296 }; | 302 }; |
| 297 | 303 |
| 298 HostProcess::HostProcess(scoped_ptr<ChromotingHostContext> context, | 304 HostProcess::HostProcess(scoped_ptr<ChromotingHostContext> context, |
| 299 int* exit_code_out) | 305 int* exit_code_out) |
| 300 : context_(context.Pass()), | 306 : context_(context.Pass()), |
| 301 state_(HOST_INITIALIZING), | 307 state_(HOST_INITIALIZING), |
| 302 use_service_account_(false), | 308 use_service_account_(false), |
| 303 allow_nat_traversal_(true), | 309 allow_nat_traversal_(true), |
| 304 allow_pairing_(true), | 310 allow_pairing_(true), |
| 305 curtain_required_(false), | 311 curtain_required_(false), |
| 312 enable_gnubby_auth_(false), | |
| 306 #if defined(REMOTING_MULTI_PROCESS) | 313 #if defined(REMOTING_MULTI_PROCESS) |
| 307 desktop_session_connector_(NULL), | 314 desktop_session_connector_(NULL), |
| 308 #endif // defined(REMOTING_MULTI_PROCESS) | 315 #endif // defined(REMOTING_MULTI_PROCESS) |
| 309 self_(this), | 316 self_(this), |
| 310 exit_code_out_(exit_code_out), | 317 exit_code_out_(exit_code_out), |
| 311 signal_parent_(false) { | 318 signal_parent_(false) { |
| 312 StartOnUiThread(); | 319 StartOnUiThread(); |
| 313 } | 320 } |
| 314 | 321 |
| 315 HostProcess::~HostProcess() { | 322 HostProcess::~HostProcess() { |
| (...skipping 284 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 600 | 607 |
| 601 #if defined(OS_LINUX) | 608 #if defined(OS_LINUX) |
| 602 // If an audio pipe is specific on the command-line then initialize | 609 // If an audio pipe is specific on the command-line then initialize |
| 603 // AudioCapturerLinux to capture from it. | 610 // AudioCapturerLinux to capture from it. |
| 604 base::FilePath audio_pipe_name = CommandLine::ForCurrentProcess()-> | 611 base::FilePath audio_pipe_name = CommandLine::ForCurrentProcess()-> |
| 605 GetSwitchValuePath(kAudioPipeSwitchName); | 612 GetSwitchValuePath(kAudioPipeSwitchName); |
| 606 if (!audio_pipe_name.empty()) { | 613 if (!audio_pipe_name.empty()) { |
| 607 remoting::AudioCapturerLinux::InitializePipeReader( | 614 remoting::AudioCapturerLinux::InitializePipeReader( |
| 608 context_->audio_task_runner(), audio_pipe_name); | 615 context_->audio_task_runner(), audio_pipe_name); |
| 609 } | 616 } |
| 617 | |
| 618 base::FilePath gnubby_socket_name = CommandLine::ForCurrentProcess()-> | |
| 619 GetSwitchValuePath(kAuthSocknameSwitchName); | |
| 620 if (!gnubby_socket_name.empty()) { | |
|
Sergey Ulanov
2014/02/11 08:20:38
nit: remove {} in single-line if statement (I do r
psj
2014/02/12 09:01:01
Done.
| |
| 621 remoting::GnubbyAuthHandler::SetGnubbySocketName(gnubby_socket_name); | |
| 622 } | |
| 610 #endif // defined(OS_LINUX) | 623 #endif // defined(OS_LINUX) |
| 611 | 624 |
| 612 // Create a desktop environment factory appropriate to the build type & | 625 // Create a desktop environment factory appropriate to the build type & |
| 613 // platform. | 626 // platform. |
| 614 #if defined(OS_WIN) | 627 #if defined(OS_WIN) |
| 615 IpcDesktopEnvironmentFactory* desktop_environment_factory = | 628 IpcDesktopEnvironmentFactory* desktop_environment_factory = |
| 616 new IpcDesktopEnvironmentFactory( | 629 new IpcDesktopEnvironmentFactory( |
| 617 context_->audio_task_runner(), | 630 context_->audio_task_runner(), |
| 618 context_->network_task_runner(), | 631 context_->network_task_runner(), |
| 619 context_->video_capture_task_runner(), | 632 context_->video_capture_task_runner(), |
| 620 context_->network_task_runner(), | 633 context_->network_task_runner(), |
| 621 daemon_channel_.get()); | 634 daemon_channel_.get()); |
| 622 desktop_session_connector_ = desktop_environment_factory; | 635 desktop_session_connector_ = desktop_environment_factory; |
| 623 #else // !defined(OS_WIN) | 636 #else // !defined(OS_WIN) |
| 624 DesktopEnvironmentFactory* desktop_environment_factory = | 637 DesktopEnvironmentFactory* desktop_environment_factory = |
| 625 new Me2MeDesktopEnvironmentFactory( | 638 new Me2MeDesktopEnvironmentFactory( |
| 626 context_->network_task_runner(), | 639 context_->network_task_runner(), |
| 627 context_->input_task_runner(), | 640 context_->input_task_runner(), |
| 628 context_->ui_task_runner()); | 641 context_->ui_task_runner()); |
| 629 #endif // !defined(OS_WIN) | 642 #endif // !defined(OS_WIN) |
| 630 | 643 |
| 631 desktop_environment_factory_.reset(desktop_environment_factory); | 644 desktop_environment_factory_.reset(desktop_environment_factory); |
| 645 desktop_environment_factory_->SetEnableGnubbyAuth(enable_gnubby_auth_); | |
| 632 | 646 |
| 633 context_->network_task_runner()->PostTask( | 647 context_->network_task_runner()->PostTask( |
| 634 FROM_HERE, | 648 FROM_HERE, |
| 635 base::Bind(&HostProcess::StartOnNetworkThread, this)); | 649 base::Bind(&HostProcess::StartOnNetworkThread, this)); |
| 636 } | 650 } |
| 637 | 651 |
| 638 void HostProcess::ShutdownOnUiThread() { | 652 void HostProcess::ShutdownOnUiThread() { |
| 639 DCHECK(context_->ui_task_runner()->BelongsToCurrentThread()); | 653 DCHECK(context_->ui_task_runner()->BelongsToCurrentThread()); |
| 640 | 654 |
| 641 // Tear down resources that need to be torn down on the UI thread. | 655 // Tear down resources that need to be torn down on the UI thread. |
| (...skipping 151 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 793 &token_validation_cert_issuer)) { | 807 &token_validation_cert_issuer)) { |
| 794 restart_required |= OnHostTokenUrlPolicyUpdate( | 808 restart_required |= OnHostTokenUrlPolicyUpdate( |
| 795 GURL(token_url_string), GURL(token_validation_url_string), | 809 GURL(token_url_string), GURL(token_validation_url_string), |
| 796 token_validation_cert_issuer); | 810 token_validation_cert_issuer); |
| 797 } | 811 } |
| 798 if (policies->GetBoolean( | 812 if (policies->GetBoolean( |
| 799 policy_hack::PolicyWatcher::kHostAllowClientPairing, | 813 policy_hack::PolicyWatcher::kHostAllowClientPairing, |
| 800 &bool_value)) { | 814 &bool_value)) { |
| 801 restart_required |= OnPairingPolicyUpdate(bool_value); | 815 restart_required |= OnPairingPolicyUpdate(bool_value); |
| 802 } | 816 } |
| 817 if (policies->GetBoolean( | |
| 818 policy_hack::PolicyWatcher::kHostAllowGnubbyAuthPolicyName, | |
| 819 &bool_value)) { | |
| 820 restart_required |= OnGnubbyAuthPolicyUpdate(bool_value); | |
| 821 } | |
| 803 | 822 |
| 804 if (state_ == HOST_INITIALIZING) { | 823 if (state_ == HOST_INITIALIZING) { |
| 805 StartHost(); | 824 StartHost(); |
| 806 } else if (state_ == HOST_STARTED && restart_required) { | 825 } else if (state_ == HOST_STARTED && restart_required) { |
| 807 RestartHost(); | 826 RestartHost(); |
| 808 } | 827 } |
| 809 } | 828 } |
| 810 | 829 |
| 811 bool HostProcess::OnHostDomainPolicyUpdate(const std::string& host_domain) { | 830 bool HostProcess::OnHostDomainPolicyUpdate(const std::string& host_domain) { |
| 812 // Returns true if the host has to be restarted after this policy update. | 831 // Returns true if the host has to be restarted after this policy update. |
| (...skipping 145 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 958 return false; | 977 return false; |
| 959 | 978 |
| 960 if (allow_pairing) | 979 if (allow_pairing) |
| 961 HOST_LOG << "Policy enables client pairing."; | 980 HOST_LOG << "Policy enables client pairing."; |
| 962 else | 981 else |
| 963 HOST_LOG << "Policy disables client pairing."; | 982 HOST_LOG << "Policy disables client pairing."; |
| 964 allow_pairing_ = allow_pairing; | 983 allow_pairing_ = allow_pairing; |
| 965 return true; | 984 return true; |
| 966 } | 985 } |
| 967 | 986 |
| 987 bool HostProcess::OnGnubbyAuthPolicyUpdate(bool enable_gnubby_auth) { | |
| 988 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); | |
| 989 | |
| 990 if (desktop_environment_factory_) { | |
|
Sergey Ulanov
2014/02/11 08:20:38
nit: move this after the if statement in line 994.
psj
2014/02/12 09:01:01
Done.
| |
| 991 desktop_environment_factory_->SetEnableGnubbyAuth(enable_gnubby_auth); | |
| 992 } | |
| 993 | |
| 994 if (enable_gnubby_auth_ == enable_gnubby_auth) | |
| 995 return false; | |
| 996 | |
| 997 if (enable_gnubby_auth) { | |
| 998 HOST_LOG << "Policy enables gnubby auth."; | |
| 999 } else { | |
| 1000 HOST_LOG << "Policy disables gnubby auth."; | |
| 1001 } | |
| 1002 enable_gnubby_auth_ = enable_gnubby_auth; | |
| 1003 | |
| 1004 return true; | |
| 1005 } | |
| 1006 | |
| 968 void HostProcess::StartHost() { | 1007 void HostProcess::StartHost() { |
| 969 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); | 1008 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); |
| 970 DCHECK(!host_); | 1009 DCHECK(!host_); |
| 971 DCHECK(!signal_strategy_.get()); | 1010 DCHECK(!signal_strategy_.get()); |
| 972 DCHECK(state_ == HOST_INITIALIZING || state_ == HOST_STOPPING_TO_RESTART || | 1011 DCHECK(state_ == HOST_INITIALIZING || state_ == HOST_STOPPING_TO_RESTART || |
| 973 state_ == HOST_STOPPED) << state_; | 1012 state_ == HOST_STOPPED) << state_; |
| 974 state_ = HOST_STARTED; | 1013 state_ = HOST_STARTED; |
| 975 | 1014 |
| 976 signal_strategy_.reset( | 1015 signal_strategy_.reset( |
| 977 new XmppSignalStrategy(net::ClientSocketFactory::GetDefaultFactory(), | 1016 new XmppSignalStrategy(net::ClientSocketFactory::GetDefaultFactory(), |
| (...skipping 211 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1189 return exit_code; | 1228 return exit_code; |
| 1190 } | 1229 } |
| 1191 | 1230 |
| 1192 } // namespace remoting | 1231 } // namespace remoting |
| 1193 | 1232 |
| 1194 #if !defined(OS_WIN) | 1233 #if !defined(OS_WIN) |
| 1195 int main(int argc, char** argv) { | 1234 int main(int argc, char** argv) { |
| 1196 return remoting::HostMain(argc, argv); | 1235 return remoting::HostMain(argc, argv); |
| 1197 } | 1236 } |
| 1198 #endif // !defined(OS_WIN) | 1237 #endif // !defined(OS_WIN) |
| OLD | NEW |
