remoting/protocol/it2me_host_authenticator_factory.cc - Issue 1643793002: Add policy to restrict client domain for Me2Me.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: remoting/protocol/it2me_host_authenticator_factory.cc

Issue 1643793002: Add policy to restrict client domain for Me2Me. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Fix remoting_perftests compile. Created 4 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: remoting/protocol/it2me_host_authenticator_factory.cc

diff --git a/remoting/protocol/it2me_host_authenticator_factory.cc b/remoting/protocol/it2me_host_authenticator_factory.cc

index d20f2e8a5769ca69be530d15ca2bc26eff647a03..6bc05fbd3410cdaf340d165106ad48f6460393e6 100644

--- a/remoting/protocol/it2me_host_authenticator_factory.cc

+++ b/remoting/protocol/it2me_host_authenticator_factory.cc

@@ -5,8 +5,10 @@

#include "remoting/protocol/it2me_host_authenticator_factory.h"

#include "base/logging.h"

+#include "base/strings/string_util.h"

#include "remoting/base/rsa_key_pair.h"

#include "remoting/protocol/negotiating_host_authenticator.h"

+#include "remoting/protocol/rejecting_authenticator.h"

namespace remoting {

namespace protocol {

@@ -14,10 +16,12 @@ namespace protocol {

It2MeHostAuthenticatorFactory::It2MeHostAuthenticatorFactory(

const std::string& local_cert,

scoped_refptr<RsaKeyPair> key_pair,

- const std::string& shared_secret)

+ const std::string& shared_secret,

+ const std::string& required_client_domain)

: local_cert_(local_cert),

key_pair_(key_pair),

- shared_secret_(shared_secret) {

+ shared_secret_(shared_secret),

+ required_client_domain_(required_client_domain) {

}

It2MeHostAuthenticatorFactory::~It2MeHostAuthenticatorFactory() {

@@ -27,6 +31,23 @@ scoped_ptr<Authenticator> It2MeHostAuthenticatorFactory::CreateAuthenticator(

const std::string& local_jid,

const std::string& remote_jid,

const buzz::XmlElement* first_message) {

+ // Check the client domain policy.

+ if (!required_client_domain_.empty()) {

+ std::string client_username = remote_jid;

+ size_t pos = client_username.find('/');

+ if (pos != std::string::npos) {

+ client_username.replace(pos, std::string::npos, "");

+ }

+ if (!base::EndsWith(client_username,

+ std::string("@") + required_client_domain_,

+ base::CompareCase::INSENSITIVE_ASCII)) {

+ LOG(ERROR) << "Rejecting incoming connection from " << remote_jid

+ << ": Domain mismatch.";

+ return make_scoped_ptr(

+ new RejectingAuthenticator(Authenticator::INVALID_CREDENTIALS));

+ }

return NegotiatingHostAuthenticator::CreateWithSharedSecret(

local_cert_, key_pair_, shared_secret_, AuthenticationMethod::NONE,

nullptr);

« no previous file with comments | « remoting/protocol/it2me_host_authenticator_factory.h ('k') | remoting/protocol/me2me_host_authenticator_factory.h » ('j') | no next file with comments »