Index: remoting/host/it2me/it2me_host.cc |
diff --git a/remoting/host/it2me/it2me_host.cc b/remoting/host/it2me/it2me_host.cc |
index 99f317713f54e45f9839916f3be60ad08accafd9..84b9e72d03c233ca01c3f1388b6fe9f4a2dd7854 100644 |
--- a/remoting/host/it2me/it2me_host.cc |
+++ b/remoting/host/it2me/it2me_host.cc |
@@ -298,6 +298,15 @@ void It2MeHost::OnClientConnected(const std::string& jid) { |
if (pos != std::string::npos) |
client_username.replace(pos, std::string::npos, ""); |
+ // Check the client domain policy. |
Jamie
2016/01/28 01:02:22
Is there a better place to test this? Doing it her
Sergey Ulanov
2016/01/28 19:42:46
I think the best approach would be to put this che
Jamie
2016/01/29 02:23:27
Done.
|
+ if (!required_client_domain_.empty() && |
+ !base::EndsWith(client_username, |
+ std::string("@") + required_client_domain_, |
+ base::CompareCase::INSENSITIVE_ASCII)) { |
+ SetState(kInvalidDomainError, "Client domain mismatch"); |
+ return; |
+ } |
+ |
HOST_LOG << "Client " << client_username << " connected."; |
// Pass the client user name to the script object before changing state. |
@@ -332,6 +341,11 @@ void It2MeHost::OnPolicyUpdate(scoped_ptr<base::DictionaryValue> policies) { |
if (policies->GetString(policy::key::kRemoteAccessHostDomain, &host_domain)) { |
UpdateHostDomainPolicy(host_domain); |
} |
+ std::string client_domain; |
+ if (policies->GetString(policy::key::kRemoteAccessHostClientDomain, |
+ &client_domain)) { |
+ UpdateClientDomainPolicy(client_domain); |
+ } |
policy_received_ = true; |
@@ -377,6 +391,19 @@ void It2MeHost::UpdateHostDomainPolicy(const std::string& host_domain) { |
required_host_domain_ = host_domain; |
} |
+void It2MeHost::UpdateClientDomainPolicy(const std::string& client_domain) { |
+ DCHECK(host_context_->network_task_runner()->BelongsToCurrentThread()); |
+ |
+ VLOG(2) << "UpdateClientDomainPolicy: " << client_domain; |
+ |
+ // When setting a host domain policy, force disconnect any existing session. |
+ if (!client_domain.empty() && IsConnected()) { |
+ Shutdown(); |
+ } |
+ |
+ required_client_domain_ = client_domain; |
+} |
+ |
It2MeHost::~It2MeHost() { |
// Check that resources that need to be torn down on the UI thread are gone. |
DCHECK(!desktop_environment_factory_.get()); |
@@ -406,7 +433,8 @@ void It2MeHost::SetState(It2MeHostState state, |
case kReceivedAccessCode: |
DCHECK(state == kConnected || |
state == kDisconnected || |
- state == kError) << state; |
+ state == kError || |
+ state == kInvalidDomainError) << state; |
break; |
case kConnected: |
DCHECK(state == kDisconnected || |