Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(890)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: remoting/host/remoting_me2me_host.cc

Issue 1643793002: Add policy to restrict client domain for Me2Me. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Update policy documentation. Created 4 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « remoting/host/policy_watcher.cc ('k') | remoting/protocol/it2me_host_authenticator_factory.h » ('j') | remoting/protocol/rejecting_authenticator.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: remoting/host/remoting_me2me_host.cc
diff --git a/remoting/host/remoting_me2me_host.cc b/remoting/host/remoting_me2me_host.cc
index 589c24b29e6b62132ed507ff98ac7f79641f0167..7dbebc5f9adca5c6d23dca1d528e41426940ccfc 100644
--- a/remoting/host/remoting_me2me_host.cc
+++ b/remoting/host/remoting_me2me_host.cc
@@ -338,6 +338,7 @@ class HostProcess : public ConfigWatcher::Delegate,
void ReportPolicyErrorAndRestartHost();
void ApplyHostDomainPolicy();
void ApplyUsernamePolicy();
+ bool OnClientDomainPolicyUpdate(base::DictionaryValue* policies);
bool OnHostDomainPolicyUpdate(base::DictionaryValue* policies);
bool OnUsernamePolicyUpdate(base::DictionaryValue* policies);
bool OnNatPolicyUpdate(base::DictionaryValue* policies);
@@ -412,6 +413,7 @@ class HostProcess : public ConfigWatcher::Delegate,
scoped_ptr<PolicyWatcher> policy_watcher_;
PolicyState policy_state_;
+ std::string client_domain_;
std::string host_domain_;
bool host_username_match_required_;
bool allow_nat_traversal_;
@@ -794,7 +796,7 @@ void HostProcess::CreateAuthenticatorFactory() {
factory = protocol::Me2MeHostAuthenticatorFactory::CreateWithSharedSecret(
use_service_account_, host_owner_, local_certificate, key_pair_,
- host_secret_hash_, pairing_registry);
+ client_domain_, host_secret_hash_, pairing_registry);
host_->set_pairing_registry(pairing_registry);
} else {
@@ -807,7 +809,7 @@ void HostProcess::CreateAuthenticatorFactory() {
key_pair_, context_->url_request_context_getter()));
factory = protocol::Me2MeHostAuthenticatorFactory::CreateWithThirdPartyAuth(
use_service_account_, host_owner_, local_certificate, key_pair_,
- std::move(token_validator_factory));
+ client_domain_, std::move(token_validator_factory));
}
#if defined(OS_POSIX)
@@ -1104,6 +1106,7 @@ void HostProcess::OnPolicyUpdate(scoped_ptr<base::DictionaryValue> policies) {
}
bool restart_required = false;
+ restart_required |= OnClientDomainPolicyUpdate(policies.get());
restart_required |= OnHostDomainPolicyUpdate(policies.get());
restart_required |= OnCurtainPolicyUpdate(policies.get());
// Note: UsernamePolicyUpdate must run after OnCurtainPolicyUpdate.
@@ -1191,6 +1194,13 @@ bool HostProcess::OnHostDomainPolicyUpdate(base::DictionaryValue* policies) {
return false;
}
+bool HostProcess::OnClientDomainPolicyUpdate(base::DictionaryValue* policies) {
+ // Returns true if the host has to be restarted after this policy update.
+ DCHECK(context_->network_task_runner()->BelongsToCurrentThread());
+ return policies->GetString(policy::key::kRemoteAccessHostClientDomain,
+ &client_domain_);
+}
+
void HostProcess::ApplyUsernamePolicy() {
if (state_ != HOST_STARTED)
return;
« no previous file with comments | « remoting/host/policy_watcher.cc ('k') | remoting/protocol/it2me_host_authenticator_factory.h » ('j') | remoting/protocol/rejecting_authenticator.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698