Update Windows It2Me to allow remote users to interact with elevated windows

remoting/host/it2me/it2me_native_messaging_host.h

Index: remoting/host/it2me/it2me_native_messaging_host.h
diff --git a/remoting/host/it2me/it2me_native_messaging_host.h b/remoting/host/it2me/it2me_native_messaging_host.h
index 3d246c1f614f534a43d5ff8cc2923d5835e3a1ec..5a71a541a28ca7fd5bd38890c68f83383e50ffbd 100644
--- a/remoting/host/it2me/it2me_native_messaging_host.h
+++ b/remoting/host/it2me/it2me_native_messaging_host.h
@@ -28,12 +28,16 @@ class SingleThreadTaskRunner;
 namespace remoting {
 
 class ChromotingHostContext;
+class ElevatedNativeMessagingHost;
+class PolicyWatcher;
 
 // Implementation of the native messaging host process.
 class It2MeNativeMessagingHost : public It2MeHost::Observer,
                                  public extensions::NativeMessageHost {
  public:
-  It2MeNativeMessagingHost(std::unique_ptr<ChromotingHostContext> host_context,
+  It2MeNativeMessagingHost(bool needs_elevation,
+                           policy::PolicyService* policy_service,
+                           std::unique_ptr<ChromotingHostContext> host_context,
                            std::unique_ptr<It2MeHostFactory> host_factory);
   ~It2MeNativeMessagingHost() override;
 
@@ -57,17 +61,33 @@ class It2MeNativeMessagingHost : public It2MeHost::Observer,
   // These "Process.." methods handle specific request types. The |response|
   // dictionary is pre-filled by ProcessMessage() with the parts of the
   // response already known ("id" and "type" fields).
-  void ProcessHello(const base::DictionaryValue& message,
+  void ProcessHello(std::unique_ptr<base::DictionaryValue> message,
                     std::unique_ptr<base::DictionaryValue> response) const;
-  void ProcessConnect(const base::DictionaryValue& message,
+  void ProcessConnect(std::unique_ptr<base::DictionaryValue> message,
                       std::unique_ptr<base::DictionaryValue> response);
-  void ProcessDisconnect(const base::DictionaryValue& message,
+  void ProcessDisconnect(std::unique_ptr<base::DictionaryValue> message,
                          std::unique_ptr<base::DictionaryValue> response);
   void SendErrorAndExit(std::unique_ptr<base::DictionaryValue> response,
                         const std::string& description) const;
   void SendMessageToClient(std::unique_ptr<base::Value> message) const;
 
-  Client* client_;
+  // Called when initial policies are read.
+  void OnPolicyUpdate(std::unique_ptr<base::DictionaryValue> policies);
+
+  // Returns whether the request was successfully sent to the elevated host.
+  bool DelegateToElevatedHost(std::unique_ptr<base::DictionaryValue> message);
+
+  // Used to determine whether to create and pass messages to an elevated host.
+  bool needs_elevation_ = false;
+
+#if defined(OS_WIN)
+  // Controls the lifetime of the elevated native messaging host process.
+  // Note: 'elevated' in this instance means having the UiAccess privilege, not
+  // being run as a higher privilege user.
+  std::unique_ptr<ElevatedNativeMessagingHost> elevated_host_;
+#endif  // defined(OS_WIN)
+
+  Client* client_ = nullptr;
   std::unique_ptr<ChromotingHostContext> host_context_;
   std::unique_ptr<It2MeHostFactory> factory_;
   scoped_refptr<It2MeHost> it2me_host_;
@@ -90,6 +110,22 @@ class It2MeNativeMessagingHost : public It2MeHost::Observer,
   // Chromoting Bot JID used by |it2me_host_| to register the host.
   std::string directory_bot_jid_;
 
+  // Indicates whether or not a policy has ever been read. This is to ensure
+  // that on startup, we do not accidentally start a connection before we have
+  // queried our policy restrictions.
+  bool policy_received_ = false;

[Sergey Ulanov, 2016/09/02 23:21:14]

nit: make this const and remove default initializer. That way the compiler will
verify that it gets initialized in the constructor. Same for policy_service.

[joedow, 2016/09/06 22:51:59]

Acknowledged.  |policy_received_| is modified so I can't make it const.  I can
mark |policy_service_| const, but I would need to use const_cast to remove the
const'ness before using it.

+
+  policy::PolicyService* policy_service_ = nullptr;
+
+  // Used to retrieve Chrome policies set for the local machine.
+  std::unique_ptr<PolicyWatcher> policy_watcher_;
+
+  // On startup, it is possible to have Connect() called before the policy read
+  // is completed.  Rather than just failing, we thunk the connection call so
+  // it can be executed after at least one successful policy read. This
+  // variable contains the thunk if it is necessary.
+  base::Closure pending_connect_;
+
   base::WeakPtr<It2MeNativeMessagingHost> weak_ptr_;
   base::WeakPtrFactory<It2MeNativeMessagingHost> weak_factory_;