Added PIN-less auth policy.

remoting/host/remoting_me2me_host.cc

Index: remoting/host/remoting_me2me_host.cc
diff --git a/remoting/host/remoting_me2me_host.cc b/remoting/host/remoting_me2me_host.cc
index 7b7d3e3bb09cc8985738c476e40603ebbaee2262..ac653d194afa939f9fbb9cc44c2ffa948c483486 100644
--- a/remoting/host/remoting_me2me_host.cc
+++ b/remoting/host/remoting_me2me_host.cc
@@ -214,6 +214,7 @@ class HostProcess
   bool OnHostTalkGadgetPrefixPolicyUpdate(const std::string& talkgadget_prefix);
   bool OnHostTokenUrlPolicyUpdate(const GURL& token_url,
                                   const GURL& token_validation_url);
+  bool OnPairingPolicyUpdate(bool pairing_enabled);
 
   void StartHost();
 
@@ -267,6 +268,7 @@ class HostProcess
   scoped_ptr<policy_hack::PolicyWatcher> policy_watcher_;
   bool allow_nat_traversal_;
   std::string talkgadget_prefix_;
+  bool allow_pairing_;
 
   bool curtain_required_;
   GURL token_url_;
@@ -298,6 +300,7 @@ HostProcess::HostProcess(scoped_ptr<ChromotingHostContext> context,
     : context_(context.Pass()),
       state_(HOST_INITIALIZING),
       allow_nat_traversal_(true),
+      allow_pairing_(true),
       curtain_required_(false),
 #if defined(REMOTING_MULTI_PROCESS)
       desktop_session_connector_(NULL),
@@ -482,10 +485,12 @@ void HostProcess::CreateAuthenticatorFactory() {
   }
 
   scoped_refptr<protocol::PairingRegistry> pairing_registry = NULL;
-  scoped_ptr<protocol::PairingRegistry::Delegate> delegate(
-      CreatePairingRegistryDelegate(context_->file_task_runner()));
-  if (delegate) {
-    pairing_registry = new protocol::PairingRegistry(delegate.Pass());
+  if (allow_pairing_) {

[alexeypa (please no reviews), 2013/07/26 23:40:25]

nit:

if (!allow_pairing_)
  return;

[Jamie, 2013/07/27 00:26:22]

We still need to create the authenticator factory.

+    scoped_ptr<protocol::PairingRegistry::Delegate> delegate(
+        CreatePairingRegistryDelegate(context_->file_task_runner()));
+    if (delegate) {

[alexeypa (please no reviews), 2013/07/26 23:40:25]

nit: no need for brackets here.

[Jamie, 2013/07/27 00:26:22]

Done.

+      pairing_registry = new protocol::PairingRegistry(delegate.Pass());
+    }
   }
 
   scoped_ptr<protocol::AuthenticatorFactory> factory;
@@ -755,6 +760,11 @@ void HostProcess::OnPolicyUpdate(scoped_ptr<base::DictionaryValue> policies) {
     restart_required |= OnHostTokenUrlPolicyUpdate(
         GURL(token_url_string), GURL(token_validation_url_string));
   }
+  if (policies->GetBoolean(
+      policy_hack::PolicyWatcher::kHostAllowClientPairing,

[alexeypa (please no reviews), 2013/07/26 23:40:25]

nit: The code directly above uses different indentation for the parameters.

[Jamie, 2013/07/27 00:26:22]

Done.

+      &bool_value)) {
+    restart_required |= OnPairingPolicyUpdate(bool_value);
+  }
 
   if (state_ == HOST_INITIALIZING) {
     StartHost();
@@ -900,6 +910,21 @@ bool HostProcess::OnHostTokenUrlPolicyUpdate(
   return false;
 }
 
+bool HostProcess::OnPairingPolicyUpdate(bool allow_pairing) {
+  // Returns true if the host has to be restarted after this policy update.

[alexeypa (please no reviews), 2013/07/26 23:40:25]

nit: This comment should be next to the method declaration, not here.

[Jamie, 2013/07/27 00:26:22]

I've just removed it. I don't think it adds anything.

+  DCHECK(context_->network_task_runner()->BelongsToCurrentThread());
+
+  if (allow_pairing_ != allow_pairing) {

[alexeypa (please no reviews), 2013/07/26 23:40:25]

nit: You can early |return false;| here. It makes the two branches nicely
separated blocks of code.

[Jamie, 2013/07/27 00:26:22]

Done.

+    if (allow_pairing)
+      LOG(INFO) << "Policy enables client pairing.";
+    else
+      LOG(INFO) << "Policy disables client pairing.";
+    allow_pairing_ = allow_pairing;
+    return true;
+  }
+  return false;
+}
+
 void HostProcess::StartHost() {
   DCHECK(context_->network_task_runner()->BelongsToCurrentThread());
   DCHECK(!host_);