Chromium Code Reviews Chromium Code Reviews
Issue 20864002:
Added PIN-less auth policy. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 // | 4 // |
| 5 // This file implements a standalone host process for Me2Me. | 5 // This file implements a standalone host process for Me2Me. |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 | 8 |
| 9 #include "base/at_exit.h" | 9 #include "base/at_exit.h" |
| 10 #include "base/bind.h" | 10 #include "base/bind.h" |
| (...skipping 196 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 207 | 207 |
| 208 void OnPolicyUpdate(scoped_ptr<base::DictionaryValue> policies); | 208 void OnPolicyUpdate(scoped_ptr<base::DictionaryValue> policies); |
| 209 bool OnHostDomainPolicyUpdate(const std::string& host_domain); | 209 bool OnHostDomainPolicyUpdate(const std::string& host_domain); |
| 210 bool OnUsernamePolicyUpdate(bool curtain_required, | 210 bool OnUsernamePolicyUpdate(bool curtain_required, |
| 211 bool username_match_required); | 211 bool username_match_required); |
| 212 bool OnNatPolicyUpdate(bool nat_traversal_enabled); | 212 bool OnNatPolicyUpdate(bool nat_traversal_enabled); |
| 213 void OnCurtainPolicyUpdate(bool curtain_required); | 213 void OnCurtainPolicyUpdate(bool curtain_required); |
| 214 bool OnHostTalkGadgetPrefixPolicyUpdate(const std::string& talkgadget_prefix); | 214 bool OnHostTalkGadgetPrefixPolicyUpdate(const std::string& talkgadget_prefix); |
| 215 bool OnHostTokenUrlPolicyUpdate(const GURL& token_url, | 215 bool OnHostTokenUrlPolicyUpdate(const GURL& token_url, |
| 216 const GURL& token_validation_url); | 216 const GURL& token_validation_url); |
| 217 bool OnPairingPolicyUpdate(bool pairing_enabled); | |
| 217 | 218 |
| 218 void StartHost(); | 219 void StartHost(); |
| 219 | 220 |
| 220 void OnAuthFailed(); | 221 void OnAuthFailed(); |
| 221 | 222 |
| 222 void RestartHost(); | 223 void RestartHost(); |
| 223 | 224 |
| 224 // Stops the host and shuts down the process with the specified |exit_code|. | 225 // Stops the host and shuts down the process with the specified |exit_code|. |
| 225 void ShutdownHost(HostExitCodes exit_code); | 226 void ShutdownHost(HostExitCodes exit_code); |
| 226 | 227 |
| (...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 260 protocol::SharedSecretHash host_secret_hash_; | 261 protocol::SharedSecretHash host_secret_hash_; |
| 261 scoped_refptr<RsaKeyPair> key_pair_; | 262 scoped_refptr<RsaKeyPair> key_pair_; |
| 262 std::string oauth_refresh_token_; | 263 std::string oauth_refresh_token_; |
| 263 std::string serialized_config_; | 264 std::string serialized_config_; |
| 264 std::string xmpp_login_; | 265 std::string xmpp_login_; |
| 265 std::string xmpp_auth_token_; | 266 std::string xmpp_auth_token_; |
| 266 std::string xmpp_auth_service_; | 267 std::string xmpp_auth_service_; |
| 267 scoped_ptr<policy_hack::PolicyWatcher> policy_watcher_; | 268 scoped_ptr<policy_hack::PolicyWatcher> policy_watcher_; |
| 268 bool allow_nat_traversal_; | 269 bool allow_nat_traversal_; |
| 269 std::string talkgadget_prefix_; | 270 std::string talkgadget_prefix_; |
| 271 bool allow_pairing_; | |
| 270 | 272 |
| 271 bool curtain_required_; | 273 bool curtain_required_; |
| 272 GURL token_url_; | 274 GURL token_url_; |
| 273 GURL token_validation_url_; | 275 GURL token_validation_url_; |
| 274 | 276 |
| 275 scoped_ptr<XmppSignalStrategy> signal_strategy_; | 277 scoped_ptr<XmppSignalStrategy> signal_strategy_; |
| 276 scoped_ptr<SignalingConnector> signaling_connector_; | 278 scoped_ptr<SignalingConnector> signaling_connector_; |
| 277 scoped_ptr<HeartbeatSender> heartbeat_sender_; | 279 scoped_ptr<HeartbeatSender> heartbeat_sender_; |
| 278 scoped_ptr<HostStatusSender> host_status_sender_; | 280 scoped_ptr<HostStatusSender> host_status_sender_; |
| 279 scoped_ptr<HostChangeNotificationListener> host_change_notification_listener_; | 281 scoped_ptr<HostChangeNotificationListener> host_change_notification_listener_; |
| (...skipping 11 matching lines...) Expand all Loading... | |
| 291 | 293 |
| 292 int* exit_code_out_; | 294 int* exit_code_out_; |
| 293 bool signal_parent_; | 295 bool signal_parent_; |
| 294 }; | 296 }; |
| 295 | 297 |
| 296 HostProcess::HostProcess(scoped_ptr<ChromotingHostContext> context, | 298 HostProcess::HostProcess(scoped_ptr<ChromotingHostContext> context, |
| 297 int* exit_code_out) | 299 int* exit_code_out) |
| 298 : context_(context.Pass()), | 300 : context_(context.Pass()), |
| 299 state_(HOST_INITIALIZING), | 301 state_(HOST_INITIALIZING), |
| 300 allow_nat_traversal_(true), | 302 allow_nat_traversal_(true), |
| 303 allow_pairing_(true), | |
| 301 curtain_required_(false), | 304 curtain_required_(false), |
| 302 #if defined(REMOTING_MULTI_PROCESS) | 305 #if defined(REMOTING_MULTI_PROCESS) |
| 303 desktop_session_connector_(NULL), | 306 desktop_session_connector_(NULL), |
| 304 #endif // defined(REMOTING_MULTI_PROCESS) | 307 #endif // defined(REMOTING_MULTI_PROCESS) |
| 305 self_(this), | 308 self_(this), |
| 306 exit_code_out_(exit_code_out), | 309 exit_code_out_(exit_code_out), |
| 307 signal_parent_(false) { | 310 signal_parent_(false) { |
| 308 StartOnUiThread(); | 311 StartOnUiThread(); |
| 309 } | 312 } |
| 310 | 313 |
| (...skipping 164 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 475 return; | 478 return; |
| 476 | 479 |
| 477 std::string local_certificate = key_pair_->GenerateCertificate(); | 480 std::string local_certificate = key_pair_->GenerateCertificate(); |
| 478 if (local_certificate.empty()) { | 481 if (local_certificate.empty()) { |
| 479 LOG(ERROR) << "Failed to generate host certificate."; | 482 LOG(ERROR) << "Failed to generate host certificate."; |
| 480 ShutdownHost(kInitializationFailed); | 483 ShutdownHost(kInitializationFailed); |
| 481 return; | 484 return; |
| 482 } | 485 } |
| 483 | 486 |
| 484 scoped_refptr<protocol::PairingRegistry> pairing_registry = NULL; | 487 scoped_refptr<protocol::PairingRegistry> pairing_registry = NULL; |
| 485 scoped_ptr<protocol::PairingRegistry::Delegate> delegate( | 488 if (allow_pairing_) { |
|
alexeypa (please no reviews)
2013/07/26 23:40:25
nit:
if (!allow_pairing_)
return;
Jamie
2013/07/27 00:26:22
We still need to create the authenticator factory.
| |
| 486 CreatePairingRegistryDelegate(context_->file_task_runner())); | 489 scoped_ptr<protocol::PairingRegistry::Delegate> delegate( |
| 487 if (delegate) { | 490 CreatePairingRegistryDelegate(context_->file_task_runner())); |
| 488 pairing_registry = new protocol::PairingRegistry(delegate.Pass()); | 491 if (delegate) { |
|
alexeypa (please no reviews)
2013/07/26 23:40:25
nit: no need for brackets here.
Jamie
2013/07/27 00:26:22
Done.
| |
| 492 pairing_registry = new protocol::PairingRegistry(delegate.Pass()); | |
| 493 } | |
| 489 } | 494 } |
| 490 | 495 |
| 491 scoped_ptr<protocol::AuthenticatorFactory> factory; | 496 scoped_ptr<protocol::AuthenticatorFactory> factory; |
| 492 | 497 |
| 493 if (token_url_.is_empty() && token_validation_url_.is_empty()) { | 498 if (token_url_.is_empty() && token_validation_url_.is_empty()) { |
| 494 factory = protocol::Me2MeHostAuthenticatorFactory::CreateWithSharedSecret( | 499 factory = protocol::Me2MeHostAuthenticatorFactory::CreateWithSharedSecret( |
| 495 local_certificate, key_pair_, host_secret_hash_, pairing_registry); | 500 local_certificate, key_pair_, host_secret_hash_, pairing_registry); |
| 496 | 501 |
| 497 } else if (token_url_.is_valid() && token_validation_url_.is_valid()) { | 502 } else if (token_url_.is_valid() && token_validation_url_.is_valid()) { |
| 498 scoped_ptr<protocol::ThirdPartyHostAuthenticator::TokenValidatorFactory> | 503 scoped_ptr<protocol::ThirdPartyHostAuthenticator::TokenValidatorFactory> |
| (...skipping 249 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 748 std::string token_url_string, token_validation_url_string; | 753 std::string token_url_string, token_validation_url_string; |
| 749 if (policies->GetString( | 754 if (policies->GetString( |
| 750 policy_hack::PolicyWatcher::kHostTokenUrlPolicyName, | 755 policy_hack::PolicyWatcher::kHostTokenUrlPolicyName, |
| 751 &token_url_string) && | 756 &token_url_string) && |
| 752 policies->GetString( | 757 policies->GetString( |
| 753 policy_hack::PolicyWatcher::kHostTokenValidationUrlPolicyName, | 758 policy_hack::PolicyWatcher::kHostTokenValidationUrlPolicyName, |
| 754 &token_validation_url_string)) { | 759 &token_validation_url_string)) { |
| 755 restart_required |= OnHostTokenUrlPolicyUpdate( | 760 restart_required |= OnHostTokenUrlPolicyUpdate( |
| 756 GURL(token_url_string), GURL(token_validation_url_string)); | 761 GURL(token_url_string), GURL(token_validation_url_string)); |
| 757 } | 762 } |
| 763 if (policies->GetBoolean( | |
| 764 policy_hack::PolicyWatcher::kHostAllowClientPairing, | |
|
alexeypa (please no reviews)
2013/07/26 23:40:25
nit: The code directly above uses different indent
Jamie
2013/07/27 00:26:22
Done.
| |
| 765 &bool_value)) { | |
| 766 restart_required |= OnPairingPolicyUpdate(bool_value); | |
| 767 } | |
| 758 | 768 |
| 759 if (state_ == HOST_INITIALIZING) { | 769 if (state_ == HOST_INITIALIZING) { |
| 760 StartHost(); | 770 StartHost(); |
| 761 } else if (state_ == HOST_STARTED && restart_required) { | 771 } else if (state_ == HOST_STARTED && restart_required) { |
| 762 RestartHost(); | 772 RestartHost(); |
| 763 } | 773 } |
| 764 } | 774 } |
| 765 | 775 |
| 766 bool HostProcess::OnHostDomainPolicyUpdate(const std::string& host_domain) { | 776 bool HostProcess::OnHostDomainPolicyUpdate(const std::string& host_domain) { |
| 767 // Returns true if the host has to be restarted after this policy update. | 777 // Returns true if the host has to be restarted after this policy update. |
| (...skipping 125 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 893 << "TokenValidationUrl: " << token_validation_url; | 903 << "TokenValidationUrl: " << token_validation_url; |
| 894 | 904 |
| 895 token_url_ = token_url; | 905 token_url_ = token_url; |
| 896 token_validation_url_ = token_validation_url; | 906 token_validation_url_ = token_validation_url; |
| 897 return true; | 907 return true; |
| 898 } | 908 } |
| 899 | 909 |
| 900 return false; | 910 return false; |
| 901 } | 911 } |
| 902 | 912 |
| 913 bool HostProcess::OnPairingPolicyUpdate(bool allow_pairing) { | |
| 914 // Returns true if the host has to be restarted after this policy update. | |
|
alexeypa (please no reviews)
2013/07/26 23:40:25
nit: This comment should be next to the method dec
Jamie
2013/07/27 00:26:22
I've just removed it. I don't think it adds anythi
| |
| 915 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); | |
| 916 | |
| 917 if (allow_pairing_ != allow_pairing) { | |
|
alexeypa (please no reviews)
2013/07/26 23:40:25
nit: You can early |return false;| here. It makes
Jamie
2013/07/27 00:26:22
Done.
| |
| 918 if (allow_pairing) | |
| 919 LOG(INFO) << "Policy enables client pairing."; | |
| 920 else | |
| 921 LOG(INFO) << "Policy disables client pairing."; | |
| 922 allow_pairing_ = allow_pairing; | |
| 923 return true; | |
| 924 } | |
| 925 return false; | |
| 926 } | |
| 927 | |
| 903 void HostProcess::StartHost() { | 928 void HostProcess::StartHost() { |
| 904 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); | 929 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); |
| 905 DCHECK(!host_); | 930 DCHECK(!host_); |
| 906 DCHECK(!signal_strategy_.get()); | 931 DCHECK(!signal_strategy_.get()); |
| 907 DCHECK(state_ == HOST_INITIALIZING || state_ == HOST_STOPPING_TO_RESTART || | 932 DCHECK(state_ == HOST_INITIALIZING || state_ == HOST_STOPPING_TO_RESTART || |
| 908 state_ == HOST_STOPPED) << state_; | 933 state_ == HOST_STOPPED) << state_; |
| 909 state_ = HOST_STARTED; | 934 state_ = HOST_STARTED; |
| 910 | 935 |
| 911 signal_strategy_.reset( | 936 signal_strategy_.reset( |
| 912 new XmppSignalStrategy(context_->url_request_context_getter(), | 937 new XmppSignalStrategy(context_->url_request_context_getter(), |
| (...skipping 206 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1119 return exit_code; | 1144 return exit_code; |
| 1120 } | 1145 } |
| 1121 | 1146 |
| 1122 } // namespace remoting | 1147 } // namespace remoting |
| 1123 | 1148 |
| 1124 #if !defined(OS_WIN) | 1149 #if !defined(OS_WIN) |
| 1125 int main(int argc, char** argv) { | 1150 int main(int argc, char** argv) { |
| 1126 return remoting::HostMain(argc, argv); | 1151 return remoting::HostMain(argc, argv); |
| 1127 } | 1152 } |
| 1128 #endif // !defined(OS_WIN) | 1153 #endif // !defined(OS_WIN) |
| OLD | NEW |
