OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 // | 4 // |
5 // This file implements a standalone host process for Me2Me. | 5 // This file implements a standalone host process for Me2Me. |
6 | 6 |
7 #include <stddef.h> | 7 #include <stddef.h> |
8 #include <stdint.h> | 8 #include <stdint.h> |
9 | 9 |
10 #include <string> | 10 #include <string> |
(...skipping 320 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
331 | 331 |
332 // Applies the host config, returning true if successful. | 332 // Applies the host config, returning true if successful. |
333 bool ApplyConfig(const base::DictionaryValue& config); | 333 bool ApplyConfig(const base::DictionaryValue& config); |
334 | 334 |
335 // Handles policy updates, by calling On*PolicyUpdate methods. | 335 // Handles policy updates, by calling On*PolicyUpdate methods. |
336 void OnPolicyUpdate(scoped_ptr<base::DictionaryValue> policies); | 336 void OnPolicyUpdate(scoped_ptr<base::DictionaryValue> policies); |
337 void OnPolicyError(); | 337 void OnPolicyError(); |
338 void ReportPolicyErrorAndRestartHost(); | 338 void ReportPolicyErrorAndRestartHost(); |
339 void ApplyHostDomainPolicy(); | 339 void ApplyHostDomainPolicy(); |
340 void ApplyUsernamePolicy(); | 340 void ApplyUsernamePolicy(); |
| 341 bool OnClientDomainPolicyUpdate(base::DictionaryValue* policies); |
341 bool OnHostDomainPolicyUpdate(base::DictionaryValue* policies); | 342 bool OnHostDomainPolicyUpdate(base::DictionaryValue* policies); |
342 bool OnUsernamePolicyUpdate(base::DictionaryValue* policies); | 343 bool OnUsernamePolicyUpdate(base::DictionaryValue* policies); |
343 bool OnNatPolicyUpdate(base::DictionaryValue* policies); | 344 bool OnNatPolicyUpdate(base::DictionaryValue* policies); |
344 bool OnRelayPolicyUpdate(base::DictionaryValue* policies); | 345 bool OnRelayPolicyUpdate(base::DictionaryValue* policies); |
345 bool OnUdpPortPolicyUpdate(base::DictionaryValue* policies); | 346 bool OnUdpPortPolicyUpdate(base::DictionaryValue* policies); |
346 bool OnCurtainPolicyUpdate(base::DictionaryValue* policies); | 347 bool OnCurtainPolicyUpdate(base::DictionaryValue* policies); |
347 bool OnHostTalkGadgetPrefixPolicyUpdate(base::DictionaryValue* policies); | 348 bool OnHostTalkGadgetPrefixPolicyUpdate(base::DictionaryValue* policies); |
348 bool OnHostTokenUrlPolicyUpdate(base::DictionaryValue* policies); | 349 bool OnHostTokenUrlPolicyUpdate(base::DictionaryValue* policies); |
349 bool OnPairingPolicyUpdate(base::DictionaryValue* policies); | 350 bool OnPairingPolicyUpdate(base::DictionaryValue* policies); |
350 bool OnGnubbyAuthPolicyUpdate(base::DictionaryValue* policies); | 351 bool OnGnubbyAuthPolicyUpdate(base::DictionaryValue* policies); |
(...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
405 std::string oauth_refresh_token_; | 406 std::string oauth_refresh_token_; |
406 std::string serialized_config_; | 407 std::string serialized_config_; |
407 std::string host_owner_; | 408 std::string host_owner_; |
408 std::string host_owner_email_; | 409 std::string host_owner_email_; |
409 bool use_service_account_; | 410 bool use_service_account_; |
410 bool enable_vp9_; | 411 bool enable_vp9_; |
411 int64_t frame_recorder_buffer_size_; | 412 int64_t frame_recorder_buffer_size_; |
412 | 413 |
413 scoped_ptr<PolicyWatcher> policy_watcher_; | 414 scoped_ptr<PolicyWatcher> policy_watcher_; |
414 PolicyState policy_state_; | 415 PolicyState policy_state_; |
| 416 std::string client_domain_; |
415 std::string host_domain_; | 417 std::string host_domain_; |
416 bool host_username_match_required_; | 418 bool host_username_match_required_; |
417 bool allow_nat_traversal_; | 419 bool allow_nat_traversal_; |
418 bool allow_relay_; | 420 bool allow_relay_; |
419 PortRange udp_port_range_; | 421 PortRange udp_port_range_; |
420 std::string talkgadget_prefix_; | 422 std::string talkgadget_prefix_; |
421 bool allow_pairing_; | 423 bool allow_pairing_; |
422 | 424 |
423 bool curtain_required_; | 425 bool curtain_required_; |
424 ThirdPartyAuthConfig third_party_auth_config_; | 426 ThirdPartyAuthConfig third_party_auth_config_; |
(...skipping 362 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
787 pairing_registry_ = new PairingRegistry(context_->file_task_runner(), | 789 pairing_registry_ = new PairingRegistry(context_->file_task_runner(), |
788 std::move(delegate)); | 790 std::move(delegate)); |
789 } | 791 } |
790 #endif // defined(OS_WIN) | 792 #endif // defined(OS_WIN) |
791 | 793 |
792 pairing_registry = pairing_registry_; | 794 pairing_registry = pairing_registry_; |
793 } | 795 } |
794 | 796 |
795 factory = protocol::Me2MeHostAuthenticatorFactory::CreateWithSharedSecret( | 797 factory = protocol::Me2MeHostAuthenticatorFactory::CreateWithSharedSecret( |
796 use_service_account_, host_owner_, local_certificate, key_pair_, | 798 use_service_account_, host_owner_, local_certificate, key_pair_, |
797 host_secret_hash_, pairing_registry); | 799 client_domain_, host_secret_hash_, pairing_registry); |
798 | 800 |
799 host_->set_pairing_registry(pairing_registry); | 801 host_->set_pairing_registry(pairing_registry); |
800 } else { | 802 } else { |
801 DCHECK(third_party_auth_config_.token_url.is_valid()); | 803 DCHECK(third_party_auth_config_.token_url.is_valid()); |
802 DCHECK(third_party_auth_config_.token_validation_url.is_valid()); | 804 DCHECK(third_party_auth_config_.token_validation_url.is_valid()); |
803 | 805 |
804 scoped_ptr<protocol::TokenValidatorFactory> token_validator_factory( | 806 scoped_ptr<protocol::TokenValidatorFactory> token_validator_factory( |
805 new TokenValidatorFactoryImpl( | 807 new TokenValidatorFactoryImpl( |
806 third_party_auth_config_, | 808 third_party_auth_config_, |
807 key_pair_, context_->url_request_context_getter())); | 809 key_pair_, context_->url_request_context_getter())); |
808 factory = protocol::Me2MeHostAuthenticatorFactory::CreateWithThirdPartyAuth( | 810 factory = protocol::Me2MeHostAuthenticatorFactory::CreateWithThirdPartyAuth( |
809 use_service_account_, host_owner_, local_certificate, key_pair_, | 811 use_service_account_, host_owner_, local_certificate, key_pair_, |
810 std::move(token_validator_factory)); | 812 client_domain_, std::move(token_validator_factory)); |
811 } | 813 } |
812 | 814 |
813 #if defined(OS_POSIX) | 815 #if defined(OS_POSIX) |
814 // On Linux and Mac, perform a PAM authorization step after authentication. | 816 // On Linux and Mac, perform a PAM authorization step after authentication. |
815 factory.reset(new PamAuthorizationFactory(std::move(factory))); | 817 factory.reset(new PamAuthorizationFactory(std::move(factory))); |
816 #endif | 818 #endif |
817 host_->SetAuthenticatorFactory(std::move(factory)); | 819 host_->SetAuthenticatorFactory(std::move(factory)); |
818 } | 820 } |
819 | 821 |
820 // IPC::Listener implementation. | 822 // IPC::Listener implementation. |
(...skipping 276 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1097 | 1099 |
1098 void HostProcess::OnPolicyUpdate(scoped_ptr<base::DictionaryValue> policies) { | 1100 void HostProcess::OnPolicyUpdate(scoped_ptr<base::DictionaryValue> policies) { |
1099 if (!context_->network_task_runner()->BelongsToCurrentThread()) { | 1101 if (!context_->network_task_runner()->BelongsToCurrentThread()) { |
1100 context_->network_task_runner()->PostTask( | 1102 context_->network_task_runner()->PostTask( |
1101 FROM_HERE, base::Bind(&HostProcess::OnPolicyUpdate, this, | 1103 FROM_HERE, base::Bind(&HostProcess::OnPolicyUpdate, this, |
1102 base::Passed(&policies))); | 1104 base::Passed(&policies))); |
1103 return; | 1105 return; |
1104 } | 1106 } |
1105 | 1107 |
1106 bool restart_required = false; | 1108 bool restart_required = false; |
| 1109 restart_required |= OnClientDomainPolicyUpdate(policies.get()); |
1107 restart_required |= OnHostDomainPolicyUpdate(policies.get()); | 1110 restart_required |= OnHostDomainPolicyUpdate(policies.get()); |
1108 restart_required |= OnCurtainPolicyUpdate(policies.get()); | 1111 restart_required |= OnCurtainPolicyUpdate(policies.get()); |
1109 // Note: UsernamePolicyUpdate must run after OnCurtainPolicyUpdate. | 1112 // Note: UsernamePolicyUpdate must run after OnCurtainPolicyUpdate. |
1110 restart_required |= OnUsernamePolicyUpdate(policies.get()); | 1113 restart_required |= OnUsernamePolicyUpdate(policies.get()); |
1111 restart_required |= OnNatPolicyUpdate(policies.get()); | 1114 restart_required |= OnNatPolicyUpdate(policies.get()); |
1112 restart_required |= OnRelayPolicyUpdate(policies.get()); | 1115 restart_required |= OnRelayPolicyUpdate(policies.get()); |
1113 restart_required |= OnUdpPortPolicyUpdate(policies.get()); | 1116 restart_required |= OnUdpPortPolicyUpdate(policies.get()); |
1114 restart_required |= OnHostTalkGadgetPrefixPolicyUpdate(policies.get()); | 1117 restart_required |= OnHostTalkGadgetPrefixPolicyUpdate(policies.get()); |
1115 restart_required |= OnHostTokenUrlPolicyUpdate(policies.get()); | 1118 restart_required |= OnHostTokenUrlPolicyUpdate(policies.get()); |
1116 restart_required |= OnPairingPolicyUpdate(policies.get()); | 1119 restart_required |= OnPairingPolicyUpdate(policies.get()); |
(...skipping 67 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1184 | 1187 |
1185 if (!policies->GetString(policy::key::kRemoteAccessHostDomain, | 1188 if (!policies->GetString(policy::key::kRemoteAccessHostDomain, |
1186 &host_domain_)) { | 1189 &host_domain_)) { |
1187 return false; | 1190 return false; |
1188 } | 1191 } |
1189 | 1192 |
1190 ApplyHostDomainPolicy(); | 1193 ApplyHostDomainPolicy(); |
1191 return false; | 1194 return false; |
1192 } | 1195 } |
1193 | 1196 |
| 1197 bool HostProcess::OnClientDomainPolicyUpdate(base::DictionaryValue* policies) { |
| 1198 // Returns true if the host has to be restarted after this policy update. |
| 1199 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); |
| 1200 return policies->GetString(policy::key::kRemoteAccessHostClientDomain, |
| 1201 &client_domain_); |
| 1202 } |
| 1203 |
1194 void HostProcess::ApplyUsernamePolicy() { | 1204 void HostProcess::ApplyUsernamePolicy() { |
1195 if (state_ != HOST_STARTED) | 1205 if (state_ != HOST_STARTED) |
1196 return; | 1206 return; |
1197 | 1207 |
1198 if (host_username_match_required_) { | 1208 if (host_username_match_required_) { |
1199 HOST_LOG << "Policy requires host username match."; | 1209 HOST_LOG << "Policy requires host username match."; |
1200 | 1210 |
1201 // See comment in ApplyHostDomainPolicy. | 1211 // See comment in ApplyHostDomainPolicy. |
1202 if (host_owner_ != host_owner_email_) { | 1212 if (host_owner_ != host_owner_email_) { |
1203 LOG(ERROR) << "The username and host domain policies cannot be enabled " | 1213 LOG(ERROR) << "The username and host domain policies cannot be enabled " |
(...skipping 535 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1739 base::TimeDelta::FromSeconds(kShutdownTimeoutSeconds)); | 1749 base::TimeDelta::FromSeconds(kShutdownTimeoutSeconds)); |
1740 new HostProcess(std::move(context), &exit_code, &shutdown_watchdog); | 1750 new HostProcess(std::move(context), &exit_code, &shutdown_watchdog); |
1741 | 1751 |
1742 // Run the main (also UI) message loop until the host no longer needs it. | 1752 // Run the main (also UI) message loop until the host no longer needs it. |
1743 message_loop.Run(); | 1753 message_loop.Run(); |
1744 | 1754 |
1745 return exit_code; | 1755 return exit_code; |
1746 } | 1756 } |
1747 | 1757 |
1748 } // namespace remoting | 1758 } // namespace remoting |
OLD | NEW |