Issue 2085353004: Update GnubbyAuthHandler to use the current session ID

Issue 2085353004: Update GnubbyAuthHandler to use the current session ID (Closed)

Created:
4 years, 6 months ago by joedow

Modified:
4 years, 5 months ago

Reviewers:
*Sergey Ulanov, Hzj_jie

CC:
chromium-reviews, chromium-apps-reviews_chromium.org, extensions-reviews_chromium.org, chromoting-reviews_chromium.org

Base URL:
https://chromium.googlesource.com/chromium/src.git@host_extension

Target Ref:
refs/pending/heads/master

Project:
chromium

Visibility:
Public.

More Reviews

Description

Update GnubbyAuthHandler to use the current session ID This CL plumbs the SessionID value through to the Security Key HostExtension. It also updates the logic in the method which handles SK IPC channel connection which prevents requests being made from sessions which we are not remoted. BUG=591746 Committed: https://crrev.com/76487d64faec882985665a1cb6b838b7b12b4150 Cr-Commit-Position: refs/heads/master@{#403045}

Patch Set 1 #

Patch Set 2 : Merging with ToT #

Patch Set 3 : Merging changes from dependent patchsets #

Patch Set 4 : Adding logic to RemoteSecurityKeyIpcServerImpl class #

Patch Set 5 : Fixing a crash found during testing #

Patch Set 6 : Fixing a non-windows build break and some additional cleanup #

Total comments: 5

Patch Set 7 : Updated GnubbyAuthHandler classes to receive ClientSessionDetails instead of a callback. #

Patch Set 8 : Fixing a build break #

Total comments: 8

Patch Set 9 : Addressing CR feedback #

Patch Set 10 : Updating a comment #

Created: 4 years, 5 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+367 lines, -105 lines)			Patch
M	remoting/host/host_extension_session.h	View	1 2 3	1 chunk	+0 lines, -5 lines	0 comments	Download
M	remoting/host/host_mock_objects.h	View	1 2 3 4 5 6	1 chunk	+1 line, -0 lines	0 comments	Download
M	remoting/host/security_key/fake_remote_security_key_ipc_client.h	View	1 2 3 4 5	2 chunks	+5 lines, -0 lines	0 comments	Download
M	remoting/host/security_key/fake_remote_security_key_ipc_client.cc	View	1 2 3	1 chunk	+2 lines, -0 lines	0 comments	Download
M	remoting/host/security_key/fake_remote_security_key_ipc_server.h	View	1 2 3 4 5	3 chunks	+3 lines, -0 lines	0 comments	Download
M	remoting/host/security_key/fake_remote_security_key_ipc_server.cc	View	1 2 3 4 5	3 chunks	+6 lines, -1 line	0 comments	Download
M	remoting/host/security_key/gnubby_auth_handler.h	View	1 2 3 4 5 6 7 8 9	2 chunks	+8 lines, -4 lines	0 comments	Download
M	remoting/host/security_key/gnubby_auth_handler_android.cc	View	1 2 3 4 5 6	1 chunk	+2 lines, -1 line	0 comments	Download
M	remoting/host/security_key/gnubby_auth_handler_linux.cc	View	1 2 3 4 5 6	1 chunk	+3 lines, -2 lines	0 comments	Download
M	remoting/host/security_key/gnubby_auth_handler_linux_unittest.cc	View	1 2 3 4 5 6	1 chunk	+2 lines, -1 line	0 comments	Download
M	remoting/host/security_key/gnubby_auth_handler_mac.cc	View	1 2 3 4 5 6	1 chunk	+2 lines, -1 line	0 comments	Download
M	remoting/host/security_key/gnubby_auth_handler_win.cc	View	1 2 3 4 5 6 7 8	6 chunks	+44 lines, -11 lines	0 comments	Download
M	remoting/host/security_key/gnubby_auth_handler_win_unittest.cc	View	1 2 3 4 5 6 7	6 chunks	+46 lines, -3 lines	0 comments	Download
M	remoting/host/security_key/gnubby_extension.cc	View	1 2 3 4 5	1 chunk	+3 lines, -4 lines	0 comments	Download
M	remoting/host/security_key/gnubby_extension_session.h	View	1 2 3 4 5 6	2 chunks	+3 lines, -1 line	0 comments	Download
M	remoting/host/security_key/gnubby_extension_session.cc	View	1 2 3 4 5 6	2 chunks	+6 lines, -2 lines	0 comments	Download
M	remoting/host/security_key/gnubby_extension_session_unittest.cc	View	1 2 3 4 5 6	4 chunks	+114 lines, -60 lines	0 comments	Download
M	remoting/host/security_key/remote_security_key_ipc_client_unittest.cc	View	1 2 3 4 5	1 chunk	+1 line, -0 lines	0 comments	Download
M	remoting/host/security_key/remote_security_key_ipc_server.h	View	1 2 3	3 chunks	+3 lines, -0 lines	0 comments	Download
M	remoting/host/security_key/remote_security_key_ipc_server.cc	View	1 2 3	2 chunks	+7 lines, -4 lines	0 comments	Download
M	remoting/host/security_key/remote_security_key_ipc_server_impl.h	View	1 2 3 4 5 6 7 8	4 chunks	+11 lines, -0 lines	0 comments	Download
M	remoting/host/security_key/remote_security_key_ipc_server_impl.cc	View	1 2 3 4 5 6 7 8	5 chunks	+36 lines, -1 line	0 comments	Download
M	remoting/host/security_key/remote_security_key_ipc_server_unittest.cc	View	1 2 3	12 chunks	+59 lines, -4 lines	0 comments	Download

Depends on Patchset:

Issue 2091553002 Patch 60001

Messages

Total messages: 17 (5 generated)

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages

joedow

This is the last of the CLs to use the Windows session ID to restrict ...

4 years, 5 months ago (2016-06-27 19:01:36 UTC) #3

Sergey Ulanov

https://codereview.chromium.org/2085353004/diff/100001/remoting/host/security_key/gnubby_auth_handler.h File remoting/host/security_key/gnubby_auth_handler.h (right): https://codereview.chromium.org/2085353004/diff/100001/remoting/host/security_key/gnubby_auth_handler.h#newcode41 remoting/host/security_key/gnubby_auth_handler.h:41: const SessionIdCallback& session_id_callback); Why does the callback need to ...

4 years, 5 months ago (2016-06-27 23:51:58 UTC) #4

joedow

4 years, 5 months ago (2016-06-28 01:27:34 UTC) #5

Sergey Ulanov

4 years, 5 months ago (2016-06-28 18:08:03 UTC) #6

joedow

4 years, 5 months ago (2016-06-28 21:36:22 UTC) #7

https://codereview.chromium.org/2085353004/diff/100001/remoting/host/security...
File remoting/host/security_key/gnubby_auth_handler.h (right):

https://codereview.chromium.org/2085353004/diff/100001/remoting/host/security...
remoting/host/security_key/gnubby_auth_handler.h:41: const SessionIdCallback&
session_id_callback);
On 2016/06/28 18:08:03, Sergey Ulanov wrote:
> On 2016/06/28 01:27:34, joedow wrote:
> > On 2016/06/27 23:51:58, Sergey Ulanov wrote:
> > > Why does the callback need to be passed to Create() given that you have
> > > SetSessionIdCallback()?
> > > Also do we need a callback at all? I.e. why SetSessionId(id) is not
enough?
> > 
> > The session ID can change at any time (e.g. when a user signs into a Windows
> > session when in curtain mode, we will switch from the RD session into the
> logged
> > on user session).
> 
> Even if session ID may change it doesn't mean we need a callback here. With
> SetSessionId() instead of the callback the handler implementation will need to
> be notified whenever session-id changes by calling SetSessionId(). And if I
> understand correctly the host knows when session id can change. But I'm not
sure
> which approach is simpler here.
> 
> > 
> > I think that is a fair point about the callback being set in Create and in a
> > method.  I'll see if I can make this a bit cleaner.
> 

The host definitely knows when the session id is changing, the complexity comes
from *which* object in the host knows.  AFAICT the DesktopSessionConnector is
the object which handles messages from the Daemon to attach/detach different
desktops.  This interface is implemented by the IpcDesktopEnvironmentFactory. 
The ClientSession (which owns the HostExtensionManager and HostExtensions) has
no knowledge of these events.  Plumbing the events to the ClientSession or
updating it when the session changes feels like the wrong approach. 

The session id is a property that may never be queried/needed unless security
key functionality is enabled and an attempt to connect to the IPC channel is
made so I feel like a lazy/JIT request to get the current id if needed is the
most efficient.

The main problem in this CL is the amount of churn needed due to the callback. 
If additional session details are needed in the future, then I think there is a
valid concern that another round of changes like this would be required.

I should be able to update the design without relying on the callback which
should make this cleaner and easier to maintain later on.

joedow

Removed the SessionId callback and now pass the ClientSessionDetails interface* to the GnubbyAuthHandler. PTAL! Thanks, ...

4 years, 5 months ago (2016-06-29 16:07:38 UTC) #8

Sergey Ulanov

LGTM when my comments are addressed https://codereview.chromium.org/2085353004/diff/140001/remoting/host/security_key/gnubby_auth_handler.h File remoting/host/security_key/gnubby_auth_handler.h (right): https://codereview.chromium.org/2085353004/diff/140001/remoting/host/security_key/gnubby_auth_handler.h#newcode33 remoting/host/security_key/gnubby_auth_handler.h:33: // All invocations ...

4 years, 5 months ago (2016-06-29 22:36:46 UTC) #9

joedow

Thanks! https://codereview.chromium.org/2085353004/diff/140001/remoting/host/security_key/gnubby_auth_handler.h File remoting/host/security_key/gnubby_auth_handler.h (right): https://codereview.chromium.org/2085353004/diff/140001/remoting/host/security_key/gnubby_auth_handler.h#newcode33 remoting/host/security_key/gnubby_auth_handler.h:33: // All invocations of the callbacks are guaranteed ...

4 years, 5 months ago (2016-06-30 00:10:08 UTC) #10

Thanks!

https://codereview.chromium.org/2085353004/diff/140001/remoting/host/security...
File remoting/host/security_key/gnubby_auth_handler.h (right):

https://codereview.chromium.org/2085353004/diff/140001/remoting/host/security...
remoting/host/security_key/gnubby_auth_handler.h:33: // All invocations of the
callbacks are guaranteed to occur before the
On 2016/06/29 22:36:46, Sergey Ulanov wrote:
> rephrase this, now that there is only one callback and client_session_details.

Done.

https://codereview.chromium.org/2085353004/diff/140001/remoting/host/security...
File remoting/host/security_key/gnubby_auth_handler_win.cc (right):

https://codereview.chromium.org/2085353004/diff/140001/remoting/host/security...
remoting/host/security_key/gnubby_auth_handler_win.cc:307: uint32_t
GnubbyAuthHandlerWin::GetDesktopSessionId() const {
On 2016/06/29 22:36:46, Sergey Ulanov wrote:
> Do you really need this method? It's only one line and called in only one
place

Done.

https://codereview.chromium.org/2085353004/diff/140001/remoting/host/security...
File remoting/host/security_key/remote_security_key_ipc_server_impl.cc (right):

https://codereview.chromium.org/2085353004/diff/140001/remoting/host/security...
remoting/host/security_key/remote_security_key_ipc_server_impl.cc:149:
base::ThreadTaskRunnerHandle::Get()->PostTask(
On 2016/06/29 22:36:46, Sergey Ulanov wrote:
> This duplicates the PostTask() call above. Structure this call to avoid
> duplication?
> 
> bool close_connection = true;
> if (!ProcessIdToSessionId()) {
>   PLOG ...
> } else if (peer_session_id != peer_session_id_) {
>   LOG...
> } else {
>   close_connection = false;
> }
> if (close_connection) {
>   PostTask
>   return;
> }

Done.

https://codereview.chromium.org/2085353004/diff/140001/remoting/host/security...
remoting/host/security_key/remote_security_key_ipc_server_impl.cc:149:
base::ThreadTaskRunnerHandle::Get()->PostTask(
On 2016/06/29 22:36:46, Sergey Ulanov wrote:
> Should we also close the channel here? Otherwise there is a chance that
> ChromotingRemoteSecurityKeyToNetworkMsg_Request will be executed before this
> task.

I think that is a good idea, I'll add a member bool to track whether there is a
pending close operation and ignore IPC messages received if that is the case.

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2085353004/180001

4 years, 5 months ago (2016-06-30 00:11:58 UTC) #13

commit-bot: I haz the power

4 years, 5 months ago (2016-06-30 01:00:32 UTC) #17

Message was sent while issue was closed.

Patchset 10 (id:??) landed as
https://crrev.com/76487d64faec882985665a1cb6b838b7b12b4150
Cr-Commit-Position: refs/heads/master@{#403045}

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages