Add gnubby authentication to remoting host

remoting/host/remoting_me2me_host.cc

Index: remoting/host/remoting_me2me_host.cc
diff --git a/remoting/host/remoting_me2me_host.cc b/remoting/host/remoting_me2me_host.cc
index b4ab023aec71ba40e330b94eb16c68b1db2f74eb..bba684e706c7a61b60207e70a94a5496df69365a 100644
--- a/remoting/host/remoting_me2me_host.cc
+++ b/remoting/host/remoting_me2me_host.cc
@@ -106,6 +106,10 @@ const char kApplicationName[] = "chromoting";
 // The command line switch used to pass name of the pipe to capture audio on
 // linux.
 const char kAudioPipeSwitchName[] = "audio-pipe-name";
+
+// The command line switch used to pass name of the unix domain socket used to
+// listen for gnubby requests.
+const char kAuthSocknameSwitchName[] = "ssh-auth-sockname";
 #endif  // defined(OS_LINUX)
 
 // The command line switch used by the parent to request the host to signal it
@@ -216,6 +220,7 @@ class HostProcess
       const GURL& token_validation_url,
       const std::string& token_validation_cert_issuer);
   bool OnPairingPolicyUpdate(bool pairing_enabled);
+  bool OnGnubbyAuthPolicyUpdate(bool enable_gnubby_auth);
 
   void StartHost();
 
@@ -273,6 +278,7 @@ class HostProcess
 
   bool curtain_required_;
   ThirdPartyAuthConfig third_party_auth_config_;
+  bool enable_gnubby_auth_;
 
   scoped_ptr<XmppSignalStrategy> signal_strategy_;
   scoped_ptr<SignalingConnector> signaling_connector_;
@@ -303,6 +309,7 @@ HostProcess::HostProcess(scoped_ptr<ChromotingHostContext> context,
       allow_nat_traversal_(true),
       allow_pairing_(true),
       curtain_required_(false),
+      enable_gnubby_auth_(false),
 #if defined(REMOTING_MULTI_PROCESS)
       desktop_session_connector_(NULL),
 #endif  // defined(REMOTING_MULTI_PROCESS)
@@ -607,6 +614,12 @@ void HostProcess::StartOnUiThread() {
     remoting::AudioCapturerLinux::InitializePipeReader(
         context_->audio_task_runner(), audio_pipe_name);
   }
+
+  base::FilePath gnubby_socket_name = CommandLine::ForCurrentProcess()->
+      GetSwitchValuePath(kAuthSocknameSwitchName);
+  if (!gnubby_socket_name.empty()) {

[Sergey Ulanov, 2014/02/11 08:20:38]

nit: remove {} in single-line if statement (I do realize this file is not super
consistent about it)

[psj, 2014/02/12 09:01:01]

Done.

+    remoting::GnubbyAuthHandler::SetGnubbySocketName(gnubby_socket_name);
+  }
 #endif  // defined(OS_LINUX)
 
   // Create a desktop environment factory appropriate to the build type &
@@ -629,6 +642,7 @@ void HostProcess::StartOnUiThread() {
 #endif  // !defined(OS_WIN)
 
   desktop_environment_factory_.reset(desktop_environment_factory);
+  desktop_environment_factory_->SetEnableGnubbyAuth(enable_gnubby_auth_);
 
   context_->network_task_runner()->PostTask(
       FROM_HERE,
@@ -800,6 +814,11 @@ void HostProcess::OnPolicyUpdate(scoped_ptr<base::DictionaryValue> policies) {
           &bool_value)) {
     restart_required |= OnPairingPolicyUpdate(bool_value);
   }
+  if (policies->GetBoolean(
+          policy_hack::PolicyWatcher::kHostAllowGnubbyAuthPolicyName,
+          &bool_value)) {
+    restart_required |= OnGnubbyAuthPolicyUpdate(bool_value);
+  }
 
   if (state_ == HOST_INITIALIZING) {
     StartHost();
@@ -965,6 +984,26 @@ bool HostProcess::OnPairingPolicyUpdate(bool allow_pairing) {
   return true;
 }
 
+bool HostProcess::OnGnubbyAuthPolicyUpdate(bool enable_gnubby_auth) {
+  DCHECK(context_->network_task_runner()->BelongsToCurrentThread());
+
+  if (desktop_environment_factory_) {

[Sergey Ulanov, 2014/02/11 08:20:38]

nit: move this after the if statement in line 994.
remove {} here for consistency with the following if.

[psj, 2014/02/12 09:01:01]

Done.

+    desktop_environment_factory_->SetEnableGnubbyAuth(enable_gnubby_auth);
+  }
+
+  if (enable_gnubby_auth_ == enable_gnubby_auth)
+    return false;
+
+  if (enable_gnubby_auth) {
+    HOST_LOG << "Policy enables gnubby auth.";
+  } else {
+    HOST_LOG << "Policy disables gnubby auth.";
+  }
+  enable_gnubby_auth_ = enable_gnubby_auth;
+
+  return true;
+}
+
 void HostProcess::StartHost() {
   DCHECK(context_->network_task_runner()->BelongsToCurrentThread());
   DCHECK(!host_);