Add gnubby authentication to remoting host

remoting/host/remoting_me2me_host.cc

Index: remoting/host/remoting_me2me_host.cc
diff --git a/remoting/host/remoting_me2me_host.cc b/remoting/host/remoting_me2me_host.cc
index b4ab023aec71ba40e330b94eb16c68b1db2f74eb..b48b4132b52d12e325a17c29c625ccd626db67c0 100644
--- a/remoting/host/remoting_me2me_host.cc
+++ b/remoting/host/remoting_me2me_host.cc
@@ -106,6 +106,10 @@ const char kApplicationName[] = "chromoting";
 // The command line switch used to pass name of the pipe to capture audio on
 // linux.
 const char kAudioPipeSwitchName[] = "audio-pipe-name";
+
+// The command line switch used to pass name of the unix domain socket used to
+// listen for gnubby requests.
+const char kAuthSocknameSwitchName[] = "ssh-auth-sockname";

[Sergey Ulanov, 2014/02/09 22:29:54]

can it be called gnubby-auth-sockname (because it has nothing to do with SSH).

[psj, 2014/02/10 22:57:22]

I proposed a name with gnubby, but Wez preferred this as it matches the value of
the SSH_AUTH_SOCK environment variable set in the script.

 #endif  // defined(OS_LINUX)
 
 // The command line switch used by the parent to request the host to signal it
@@ -216,6 +220,7 @@ class HostProcess
       const GURL& token_validation_url,
       const std::string& token_validation_cert_issuer);
   bool OnPairingPolicyUpdate(bool pairing_enabled);
+  bool OnGnubbyAuthPolicyUpdate(bool enable_gnubby_auth);
 
   void StartHost();
 
@@ -273,6 +278,7 @@ class HostProcess
 
   bool curtain_required_;
   ThirdPartyAuthConfig third_party_auth_config_;
+  bool enable_gnubby_auth_;
 
   scoped_ptr<XmppSignalStrategy> signal_strategy_;
   scoped_ptr<SignalingConnector> signaling_connector_;
@@ -303,6 +309,7 @@ HostProcess::HostProcess(scoped_ptr<ChromotingHostContext> context,
       allow_nat_traversal_(true),
       allow_pairing_(true),
       curtain_required_(false),
+      enable_gnubby_auth_(false),
 #if defined(REMOTING_MULTI_PROCESS)
       desktop_session_connector_(NULL),
 #endif  // defined(REMOTING_MULTI_PROCESS)
@@ -607,6 +614,12 @@ void HostProcess::StartOnUiThread() {
     remoting::AudioCapturerLinux::InitializePipeReader(
         context_->audio_task_runner(), audio_pipe_name);
   }
+
+  base::FilePath gnubby_socket_name_name = CommandLine::ForCurrentProcess()->
+      GetSwitchValuePath(kAuthSocknameSwitchName);
+  if (!gnubby_socket_name_name.empty()) {
+    remoting::GnubbyAuthHandler::SetGnubbySocketName(gnubby_socket_name_name);
+  }
 #endif  // defined(OS_LINUX)
 
   // Create a desktop environment factory appropriate to the build type &
@@ -800,6 +813,11 @@ void HostProcess::OnPolicyUpdate(scoped_ptr<base::DictionaryValue> policies) {
           &bool_value)) {
     restart_required |= OnPairingPolicyUpdate(bool_value);
   }
+  if (policies->GetBoolean(
+          policy_hack::PolicyWatcher::kHostAllowGnubbyAuthPolicyName,
+          &bool_value)) {
+    restart_required |= OnGnubbyAuthPolicyUpdate(bool_value);
+  }
 
   if (state_ == HOST_INITIALIZING) {
     StartHost();
@@ -965,6 +983,22 @@ bool HostProcess::OnPairingPolicyUpdate(bool allow_pairing) {
   return true;
 }
 
+bool HostProcess::OnGnubbyAuthPolicyUpdate(bool enable_gnubby_auth) {
+  DCHECK(context_->network_task_runner()->BelongsToCurrentThread());
+
+  if (enable_gnubby_auth_ == enable_gnubby_auth)
+    return false;
+
+  if (enable_gnubby_auth) {
+    HOST_LOG << "Policy enables gnubby auth.";
+  } else {
+    HOST_LOG << "Policy disables gnubby auth.";
+  }
+  enable_gnubby_auth_ = enable_gnubby_auth;
+
+  return true;
+}
+
 void HostProcess::StartHost() {
   DCHECK(context_->network_task_runner()->BelongsToCurrentThread());
   DCHECK(!host_);
@@ -1049,6 +1083,7 @@ void HostProcess::StartHost() {
 #endif  // !defined(REMOTING_MULTI_PROCESS)
 
   host_->SetEnableCurtaining(curtain_required_);
+  host_->SetEnableGnubbyAuth(enable_gnubby_auth_);
   host_->Start(host_owner_);
 
   CreateAuthenticatorFactory();