Enable RDP integration by default when the curtain mode is enabled by the policy.

remoting/host/remoting_me2me_host.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 //
 // This file implements a standalone host process for Me2Me.
 
 #include <string>
 
 #include "base/at_exit.h"
 #include "base/bind.h"
@@ skipping 706 matching lines @@
     return;
   }
 
   bool restart_required = false;
   bool bool_value;
   std::string string_value;
   if (policies->GetString(policy_hack::PolicyWatcher::kHostDomainPolicyName,
                           &string_value)) {
     restart_required |= OnHostDomainPolicyUpdate(string_value);
   }
+  // The curtain mode policy should be handled before the username matching
+  // setting.

[Wez, 2013/04/15 19:01:35]

Why?  Requiring a specific ordering to policy application seems fragile...

[alexeypa (please no reviews), 2013/04/15 19:10:01]

Done.

+  if (policies->GetBoolean(
+          policy_hack::PolicyWatcher::kHostRequireCurtainPolicyName,
+          &bool_value)) {
+    restart_required |= OnCurtainPolicyUpdate(bool_value);
+  }
   if (policies->GetBoolean(
       policy_hack::PolicyWatcher::kHostMatchUsernamePolicyName,
       &bool_value)) {
     restart_required |= OnUsernamePolicyUpdate(bool_value);
   }
   if (policies->GetBoolean(policy_hack::PolicyWatcher::kNatPolicyName,
                            &bool_value)) {
     restart_required |= OnNatPolicyUpdate(bool_value);
   }
   if (policies->GetString(
           policy_hack::PolicyWatcher::kHostTalkGadgetPrefixPolicyName,
           &string_value)) {
     restart_required |= OnHostTalkGadgetPrefixPolicyUpdate(string_value);
   }
-  if (policies->GetBoolean(
-          policy_hack::PolicyWatcher::kHostRequireCurtainPolicyName,
-          &bool_value)) {
-    restart_required |= OnCurtainPolicyUpdate(bool_value);
-  }
   std::string token_url_string, token_validation_url_string;
   if (policies->GetString(
           policy_hack::PolicyWatcher::kHostTokenUrlPolicyName,
           &token_url_string) &&
       policies->GetString(
           policy_hack::PolicyWatcher::kHostTokenValidationUrlPolicyName,
           &token_validation_url_string)) {
     restart_required |= OnHostTokenUrlPolicyUpdate(
         GURL(token_url_string), GURL(token_validation_url_string));
   }
@@ skipping 31 matching lines @@
 
 #if defined(OS_MACOSX)
     // On Mac, we run as root at the login screen, so the username won't match.
     // However, there's no need to enforce the policy at the login screen, as
     // the client will have to reconnect if a login occurs.
     if (shutdown && getuid() == 0) {
       shutdown = false;
     }
 #endif
 
+    // The RDP sessions make the connected user to enter the OS credential

[Wez, 2013/04/15 19:01:35]

nit: Suggest reword:

"Curtain-mode on Windows presents the standard OS login prompt to the user for
each connection, removing the need for an explicit user-name matching check."

[alexeypa (please no reviews), 2013/04/15 19:10:01]

Done.

+    // before he or she can access the machine meaning that the username
+    // matching policy can be safely if the curtain is required.
+#if defined(OS_WIN) && defined(REMOTING_RDP_SESSION)
+    if (curtain_required_)
+      return false;
+#endif  // defined(OS_WIN) && defined(REMOTING_RDP_SESSION)
+
+    // Shutdown the host if the username does not match.
     if (shutdown) {
       LOG(ERROR) << "The host username does not match.";
       ShutdownHost(kUsernameMismatchExitCode);
     }
   } else {
     LOG(INFO) << "Policy does not require host username match.";
   }
 
   return false;
 }
@@ skipping 336 matching lines @@
   return exit_code;
 }
 
 }  // namespace remoting
 
 #if !defined(OS_WIN)
 int main(int argc, char** argv) {
   return remoting::HostMain(argc, argv);
 }
 #endif  // !defined(OS_WIN)