Add policy to restrict client domain for Me2Me.

remoting/host/it2me/it2me_host.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "remoting/host/it2me/it2me_host.h"
 
 #include <stddef.h>
 
 #include <utility>
 
@@ skipping 314 matching lines @@
 
   bool nat_policy;
   if (policies->GetBoolean(policy::key::kRemoteAccessHostFirewallTraversal,
                            &nat_policy)) {
     UpdateNatPolicy(nat_policy);
   }
   std::string host_domain;
   if (policies->GetString(policy::key::kRemoteAccessHostDomain, &host_domain)) {
     UpdateHostDomainPolicy(host_domain);
   }
+  std::string client_domain;
+  if (policies->GetString(policy::key::kRemoteAccessHostClientDomain,
+                          &client_domain)) {
+    UpdateClientDomainPolicy(client_domain);
+  }
 
   policy_received_ = true;
 
   if (!pending_connect_.is_null()) {
     base::ResetAndReturn(&pending_connect_).Run();
   }
 }
 
 void It2MeHost::OnPolicyError() {
   // TODO(lukasza): Report the policy error to the user.  crbug.com/433009
@@ skipping 25 matching lines @@
   VLOG(2) << "UpdateHostDomainPolicy: " << host_domain;
 
   // When setting a host domain policy, force disconnect any existing session.
   if (!host_domain.empty() && IsConnected()) {
     Shutdown();
   }
 
   required_host_domain_ = host_domain;
 }
 
+void It2MeHost::UpdateClientDomainPolicy(const std::string& client_domain) {
+  DCHECK(host_context_->network_task_runner()->BelongsToCurrentThread());
+
+  VLOG(2) << "UpdateClientDomainPolicy: " << client_domain;
+
+  // When setting a client  domain policy, disconnect any existing session.
+  if (!client_domain.empty() && IsConnected()) {
+    Shutdown();
+  }
+
+  required_client_domain_ = client_domain;
+}
+
 It2MeHost::~It2MeHost() {
   // Check that resources that need to be torn down on the UI thread are gone.
   DCHECK(!desktop_environment_factory_.get());
   DCHECK(!policy_watcher_.get());
 }
 
 void It2MeHost::SetState(It2MeHostState state,
                          const std::string& error_message) {
   DCHECK(host_context_->network_task_runner()->BelongsToCurrentThread());
 
@@ skipping 62 matching lines @@
   if (local_certificate.empty()) {
     std::string error_message = "Failed to generate host certificate.";
     LOG(ERROR) << error_message;
     SetState(kError, error_message);
     Shutdown();
     return;
   }
 
   scoped_ptr<protocol::AuthenticatorFactory> factory(
       new protocol::It2MeHostAuthenticatorFactory(
-          local_certificate, host_key_pair_, access_code));
+          local_certificate, host_key_pair_, access_code,
+          required_client_domain_));
   host_->SetAuthenticatorFactory(std::move(factory));
 
   // Pass the Access Code to the script object before changing state.
   task_runner_->PostTask(
       FROM_HERE, base::Bind(&It2MeHost::Observer::OnStoreAccessCode,
                             observer_, access_code, lifetime));
 
   SetState(kReceivedAccessCode, "");
 }
 
@@ skipping 19 matching lines @@
   scoped_ptr<It2MeConfirmationDialogFactory> confirmation_dialog_factory(
       new It2MeConfirmationDialogFactory());
   scoped_ptr<PolicyWatcher> policy_watcher =
       PolicyWatcher::Create(policy_service_, context->file_task_runner());
   return new It2MeHost(std::move(context), std::move(policy_watcher),
                        std::move(confirmation_dialog_factory), observer,
                        xmpp_server_config, directory_bot_jid);
 }
 
 }  // namespace remoting