Index: remoting/host/remoting_me2me_host.cc |
diff --git a/remoting/host/remoting_me2me_host.cc b/remoting/host/remoting_me2me_host.cc |
index 25a4ef1a45290788dbabf8096c78303e11f37b9c..664fe69192f2878bf39750dd05e578dea156500c 100644 |
--- a/remoting/host/remoting_me2me_host.cc |
+++ b/remoting/host/remoting_me2me_host.cc |
@@ -258,7 +258,9 @@ class HostProcess |
scoped_refptr<RsaKeyPair> key_pair_; |
std::string oauth_refresh_token_; |
std::string serialized_config_; |
+ std::string host_owner_; |
std::string xmpp_login_; |
+ bool use_service_account_; |
std::string xmpp_auth_token_; |
std::string xmpp_auth_service_; |
scoped_ptr<policy_hack::PolicyWatcher> policy_watcher_; |
@@ -293,6 +295,7 @@ HostProcess::HostProcess(scoped_ptr<ChromotingHostContext> context, |
int* exit_code_out) |
: context_(context.Pass()), |
state_(HOST_INITIALIZING), |
+ use_service_account_(false), |
allow_nat_traversal_(true), |
curtain_required_(false), |
#if defined(REMOTING_MULTI_PROCESS) |
@@ -485,7 +488,8 @@ void HostProcess::CreateAuthenticatorFactory() { |
if (token_url_.is_empty() && token_validation_url_.is_empty()) { |
factory = protocol::Me2MeHostAuthenticatorFactory::CreateWithSharedSecret( |
- local_certificate, key_pair_, host_secret_hash_, pairing_registry); |
+ host_owner_, local_certificate, key_pair_, host_secret_hash_, |
+ pairing_registry); |
} else if (token_url_.is_valid() && token_validation_url_.is_valid()) { |
scoped_ptr<protocol::ThirdPartyHostAuthenticator::TokenValidatorFactory> |
@@ -493,7 +497,8 @@ void HostProcess::CreateAuthenticatorFactory() { |
token_url_, token_validation_url_, key_pair_, |
context_->url_request_context_getter())); |
factory = protocol::Me2MeHostAuthenticatorFactory::CreateWithThirdPartyAuth( |
- local_certificate, key_pair_, token_validator_factory.Pass()); |
+ host_owner_, local_certificate, key_pair_, |
+ token_validator_factory.Pass()); |
} else { |
// TODO(rmsousa): If the policy is bad the host should not go online. It |
@@ -696,6 +701,15 @@ bool HostProcess::ApplyConfig(scoped_ptr<JsonHostConfig> config) { |
// request an OAuth2 access token. |
xmpp_auth_service_ = kChromotingTokenDefaultServiceName; |
} |
+ |
+ if (config->GetString(kHostOwnerConfigPath, &host_owner_)) { |
+ // Service account configs have a host_owner, different from the xmpp_login. |
+ use_service_account_ = true; |
+ } else { |
+ // User credential configs only have an xmpp_login, which is also the owner. |
+ host_owner_ = xmpp_login_; |
+ use_service_account_ = false; |
+ } |
return true; |
} |
@@ -763,7 +777,7 @@ bool HostProcess::OnHostDomainPolicyUpdate(const std::string& host_domain) { |
LOG(INFO) << "Policy sets host domain: " << host_domain; |
if (!host_domain.empty() && |
- !EndsWith(xmpp_login_, std::string("@") + host_domain, false)) { |
+ !EndsWith(host_owner_, std::string("@") + host_domain, false)) { |
ShutdownHost(kInvalidHostDomainExitCode); |
} |
return false; |
@@ -778,7 +792,7 @@ bool HostProcess::OnUsernamePolicyUpdate(bool curtain_required, |
LOG(INFO) << "Policy requires host username match."; |
std::string username = GetUsername(); |
bool shutdown = username.empty() || |
- !StartsWithASCII(xmpp_login_, username + std::string("@"), |
+ !StartsWithASCII(host_owner_, username + std::string("@"), |
false); |
#if defined(OS_MACOSX) |
@@ -922,7 +936,7 @@ void HostProcess::StartHost() { |
if (!oauth_refresh_token_.empty()) { |
scoped_ptr<SignalingConnector::OAuthCredentials> oauth_credentials( |
new SignalingConnector::OAuthCredentials( |
- xmpp_login_, oauth_refresh_token_)); |
+ xmpp_login_, oauth_refresh_token_, use_service_account_)); |
signaling_connector_->EnableOAuth(oauth_credentials.Pass()); |
} |
@@ -973,7 +987,7 @@ void HostProcess::StartHost() { |
#endif // !defined(REMOTING_MULTI_PROCESS) |
host_->SetEnableCurtaining(curtain_required_); |
- host_->Start(xmpp_login_); |
+ host_->Start(host_owner_); |
CreateAuthenticatorFactory(); |
} |