Restart the host when the third party auth certificate changes

remoting/host/remoting_me2me_host.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 //
 // This file implements a standalone host process for Me2Me.
 
 #include <stddef.h>
 #include <stdint.h>
 
 #include <string>
@@ skipping 97 matching lines @@
 #if defined(OS_MACOSX)
 #include "base/mac/scoped_cftyperef.h"
 #endif  // defined(OS_MACOSX)
 
 #if defined(OS_LINUX)
 #include <gtk/gtk.h>
 #include <X11/Xlib.h>
 #undef Status  // Xlib.h #defines this, which breaks protobuf headers.
 #include <base/linux_util.h>
 #include "remoting/host/audio_capturer_linux.h"
+#include "remoting/host/linux/certificate_watcher.h"
 #endif  // defined(OS_LINUX)
 
 #if defined(OS_WIN)
 #include <commctrl.h>
 #include "base/win/registry.h"
 #include "base/win/scoped_handle.h"
 #include "remoting/host/pairing_registry_delegate_win.h"
 #include "remoting/host/win/session_desktop_environment.h"
 #endif  // defined(OS_WIN)
 
@@ skipping 44 matching lines @@
 const char kDisableAuthenticationSwitchName[] = "disable-authentication";
 
 // Maximum time to wait for clean shutdown to occur, before forcing termination
 // of the process.
 const int kShutdownTimeoutSeconds = 15;
 
 // Maximum time to wait for reporting host-offline-reason to the service,
 // before continuing normal process shutdown.
 const int kHostOfflineReasonTimeoutSeconds = 10;
 
+// Delay time to shutdown the host when a change of NSS database is detected.
+// This is to repeating restarts when continuous writes to the database occur.
+const int kCertUpdateShutdownDelaySeconds = 2;
+
 // Host offline reasons not associated with shutting down the host process
 // and therefore not expressible through HostExitCodes enum.
 const char kHostOfflineReasonPolicyReadError[] = "POLICY_READ_ERROR";
 const char kHostOfflineReasonPolicyChangeRequiresRestart[] =
     "POLICY_CHANGE_REQUIRES_RESTART";
 
 }  // namespace
 
 namespace remoting {
 
@@ skipping 71 matching lines @@
   // HostChangeNotificationListener::Listener overrides.
   void OnHostDeleted() override;
 
   // Handler of the ChromotingDaemonNetworkMsg_InitializePairingRegistry IPC
   // message.
   void OnInitializePairingRegistry(
       IPC::PlatformFileForTransit privileged_key,
       IPC::PlatformFileForTransit unprivileged_key);
 
  private:
+

[Sergey Ulanov, 2016/03/30 21:02:46]

don't need this empty line.

[Yuwei, 2016/03/31 17:40:06]

Done.

   // See SetState method for a list of allowed state transitions.
   enum HostState {
     // Waiting for valid config and policies to be read from the disk.
     // Either the host process has just been started, or it is trying to start
     // again after temporarily going offline due to policy change or error.
     HOST_STARTING,
 
     // Host is started and running.
     HOST_STARTED,
 
@@ skipping 76 matching lines @@
   void StartHostIfReady();
   void StartHost();
 
   // Error handler for HeartbeatSender.
   void OnHeartbeatSuccessful();
   void OnUnknownHostIdError();
 
   // Error handler for SignalingConnector.
   void OnAuthFailed();
 
+  // Handler for NSS certificate update event when the host is running.

[Sergey Ulanov, 2016/03/30 21:02:46]

Suggest not referring to NSS in this file. The host needs to be restarted when
client certs are changed. The fact that NSS is used to read the certs is an
uninteresting detail here.

[Yuwei, 2016/03/31 17:40:06]

Done.

+  void OnNSSCertificateUpdate();

[Sergey Ulanov, 2016/03/30 21:02:46]

Suggest renaming to "OnHostRestartRequested".

[Yuwei, 2016/03/31 17:40:06]

Done.

+
   void RestartHost(const std::string& host_offline_reason);
   void ShutdownHost(HostExitCodes exit_code);
 
   // Helper methods doing the work needed by RestartHost and ShutdownHost.
   void GoOffline(const std::string& host_offline_reason);
   void OnHostOfflineReasonAck(bool success);
 
 #if defined(OS_WIN)
   // Initializes the pairing registry on Windows. This should be invoked on the
   // network thread.
   void InitializePairingRegistry(
       IPC::PlatformFileForTransit privileged_key,
       IPC::PlatformFileForTransit unprivileged_key);
 #endif  // defined(OS_WIN)
 
   // Crashes the process in response to a daemon's request. The daemon passes
   // the location of the code that detected the fatal error resulted in this
   // request.
   void OnCrash(const std::string& function_name,
                const std::string& file_name,
                const int& line_number);
 
   scoped_ptr<ChromotingHostContext> context_;
 
+#if defined(OS_LINUX)
+  // Watch for NSS database changes and kill the host when changes occur
+  CertificateWatcher cert_watcher_;
+#endif
+
   // XMPP server/remoting bot configuration (initialized from the command line).
   XmppSignalStrategy::XmppServerConfig xmpp_server_config_;
   std::string directory_bot_jid_;
 
   // Created on the UI thread but used from the network thread.
   base::FilePath host_config_path_;
   std::string host_config_;
   scoped_ptr<DesktopEnvironmentFactory> desktop_environment_factory_;
 
   // Accessed on the network thread.
@@ skipping 73 matching lines @@
 
   ShutdownWatchdog* shutdown_watchdog_;
 
   DISALLOW_COPY_AND_ASSIGN(HostProcess);
 };
 
 HostProcess::HostProcess(scoped_ptr<ChromotingHostContext> context,
                          int* exit_code_out,
                          ShutdownWatchdog* shutdown_watchdog)
     : context_(std::move(context)),
+#if defined(OS_LINUX)
+      cert_watcher_(kCertUpdateShutdownDelaySeconds,
+                    base::Bind(&HostProcess::OnNSSCertificateUpdate, this)),
+#endif
       state_(HOST_STARTING),
       use_service_account_(false),
       enable_vp9_(false),
       frame_recorder_buffer_size_(0),
       policy_state_(POLICY_INITIALIZING),
       host_username_match_required_(false),
       allow_nat_traversal_(true),
       allow_relay_(true),
       allow_pairing_(true),
       curtain_required_(false),
@@ skipping 304 matching lines @@
         use_service_account_, host_owner_, local_certificate, key_pair_,
         client_domain_, pin_hash_, pairing_registry);
 
     host_->set_pairing_registry(pairing_registry);
   } else {
     // ThirdPartyAuthConfig::Parse() leaves the config in a valid state, so
     // these URLs are both valid.
     DCHECK(third_party_auth_config_.token_url.is_valid());
     DCHECK(third_party_auth_config_.token_validation_url.is_valid());
 
+#if defined(OS_LINUX)
+    cert_watcher_.StartOn(context_->file_task_runner(), host_->AsWeakPtr());
+#endif
+
     scoped_refptr<protocol::TokenValidatorFactory> token_validator_factory =
         new TokenValidatorFactoryImpl(third_party_auth_config_, key_pair_,
                                       context_->url_request_context_getter());
     factory = protocol::Me2MeHostAuthenticatorFactory::CreateWithThirdPartyAuth(
         use_service_account_, host_owner_, local_certificate, key_pair_,
         client_domain_, token_validator_factory);
   }
 
 #if defined(OS_POSIX)
   // On Linux and Mac, perform a PAM authorization step after authentication.
@@ skipping 878 matching lines @@
   char message[1024];
   base::snprintf(message, sizeof(message),
                  "Requested by %s at %s, line %d.",
                  function_name.c_str(), file_name.c_str(), line_number);
   base::debug::Alias(message);
 
   // The daemon requested us to crash the process.
   CHECK(false) << message;
 }
 
+void HostProcess::OnNSSCertificateUpdate() {
+  // restarts(shutdowns) the server when the certificate is updated
+  if (!context_->network_task_runner()->BelongsToCurrentThread()) {
+    context_->network_task_runner()->PostTask(FROM_HERE,
+        base::Bind(&HostProcess::OnNSSCertificateUpdate, this));
+    return;
+  }
+  ShutdownHost(kSuccessExitCode);
+}
+
 int HostProcessMain() {
   HOST_LOG << "Starting host process: version " << STRINGIZE(VERSION);
 
 #if defined(OS_LINUX)
   // Required in order for us to run multiple X11 threads.
   XInitThreads();
 
   // Required for any calls into GTK functions, such as the Disconnect and
   // Continue windows, though these should not be used for the Me2Me case
   // (crbug.com/104377).
@@ skipping 28 matching lines @@
       base::TimeDelta::FromSeconds(kShutdownTimeoutSeconds));
   new HostProcess(std::move(context), &exit_code, &shutdown_watchdog);
 
   // Run the main (also UI) message loop until the host no longer needs it.
   message_loop.Run();
 
   return exit_code;
 }
 
 }  // namespace remoting