Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(286)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: remoting/host/it2me/it2me_host.cc

Issue 1643793002: Add policy to restrict client domain for Me2Me. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Use kInvalidDomainError instead of generic kError. Created 4 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« components/policy/resources/policy_templates.json ('K') | « remoting/host/it2me/it2me_host.h ('k') | remoting/host/policy_watcher.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: remoting/host/it2me/it2me_host.cc
diff --git a/remoting/host/it2me/it2me_host.cc b/remoting/host/it2me/it2me_host.cc
index 99f317713f54e45f9839916f3be60ad08accafd9..84b9e72d03c233ca01c3f1388b6fe9f4a2dd7854 100644
--- a/remoting/host/it2me/it2me_host.cc
+++ b/remoting/host/it2me/it2me_host.cc
@@ -298,6 +298,15 @@ void It2MeHost::OnClientConnected(const std::string& jid) {
if (pos != std::string::npos)
client_username.replace(pos, std::string::npos, "");
+ // Check the client domain policy.
Jamie 2016/01/28 01:02:22 Is there a better place to test this? Doing it her
Sergey Ulanov 2016/01/28 19:42:46 I think the best approach would be to put this che
Jamie 2016/01/29 02:23:27 Done.
+ if (!required_client_domain_.empty() &&
+ !base::EndsWith(client_username,
+ std::string("@") + required_client_domain_,
+ base::CompareCase::INSENSITIVE_ASCII)) {
+ SetState(kInvalidDomainError, "Client domain mismatch");
+ return;
+ }
+
HOST_LOG << "Client " << client_username << " connected.";
// Pass the client user name to the script object before changing state.
@@ -332,6 +341,11 @@ void It2MeHost::OnPolicyUpdate(scoped_ptr<base::DictionaryValue> policies) {
if (policies->GetString(policy::key::kRemoteAccessHostDomain, &host_domain)) {
UpdateHostDomainPolicy(host_domain);
}
+ std::string client_domain;
+ if (policies->GetString(policy::key::kRemoteAccessHostClientDomain,
+ &client_domain)) {
+ UpdateClientDomainPolicy(client_domain);
+ }
policy_received_ = true;
@@ -377,6 +391,19 @@ void It2MeHost::UpdateHostDomainPolicy(const std::string& host_domain) {
required_host_domain_ = host_domain;
}
+void It2MeHost::UpdateClientDomainPolicy(const std::string& client_domain) {
+ DCHECK(host_context_->network_task_runner()->BelongsToCurrentThread());
+
+ VLOG(2) << "UpdateClientDomainPolicy: " << client_domain;
+
+ // When setting a host domain policy, force disconnect any existing session.
+ if (!client_domain.empty() && IsConnected()) {
+ Shutdown();
+ }
+
+ required_client_domain_ = client_domain;
+}
+
It2MeHost::~It2MeHost() {
// Check that resources that need to be torn down on the UI thread are gone.
DCHECK(!desktop_environment_factory_.get());
@@ -406,7 +433,8 @@ void It2MeHost::SetState(It2MeHostState state,
case kReceivedAccessCode:
DCHECK(state == kConnected ||
state == kDisconnected ||
- state == kError) << state;
+ state == kError ||
+ state == kInvalidDomainError) << state;
break;
case kConnected:
DCHECK(state == kDisconnected ||
« components/policy/resources/policy_templates.json ('K') | « remoting/host/it2me/it2me_host.h ('k') | remoting/host/policy_watcher.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698