| OLD | NEW |
|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "remoting/host/security_key/security_key_auth_handler.h" | 5 #include "remoting/host/security_key/security_key_auth_handler.h" |
| 6 | 6 |
| 7 #include <unistd.h> | 7 #include <unistd.h> |
| 8 | 8 |
| 9 #include <cstdint> | 9 #include <cstdint> |
| 10 #include <map> | 10 #include <map> |
| (...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 51 // Returns the command code (the first byte of the data) if it exists, or -1 if | 51 // Returns the command code (the first byte of the data) if it exists, or -1 if |
| 52 // the data is empty. | 52 // the data is empty. |
| 53 unsigned int GetCommandCode(const std::string& data) { | 53 unsigned int GetCommandCode(const std::string& data) { |
| 54 return data.empty() ? -1 : static_cast<unsigned int>(data[0]); | 54 return data.empty() ? -1 : static_cast<unsigned int>(data[0]); |
| 55 } | 55 } |
| 56 | 56 |
| 57 } // namespace | 57 } // namespace |
| 58 | 58 |
| 59 namespace remoting { | 59 namespace remoting { |
| 60 | 60 |
| 61 class SecurityKeyAuthHandlerLinux : public SecurityKeyAuthHandler { | 61 class SecurityKeyAuthHandlerPosix : public SecurityKeyAuthHandler { |
| 62 public: | 62 public: |
| 63 explicit SecurityKeyAuthHandlerLinux( | 63 explicit SecurityKeyAuthHandlerPosix( |
| 64 scoped_refptr<base::SingleThreadTaskRunner> file_task_runner); | 64 scoped_refptr<base::SingleThreadTaskRunner> file_task_runner); |
| 65 ~SecurityKeyAuthHandlerLinux() override; | 65 ~SecurityKeyAuthHandlerPosix() override; |
| 66 | 66 |
| 67 private: | 67 private: |
| 68 typedef std::map<int, std::unique_ptr<SecurityKeySocket>> ActiveSockets; | 68 typedef std::map<int, std::unique_ptr<SecurityKeySocket>> ActiveSockets; |
| 69 | 69 |
| 70 // SecurityKeyAuthHandler interface. | 70 // SecurityKeyAuthHandler interface. |
| 71 void CreateSecurityKeyConnection() override; | 71 void CreateSecurityKeyConnection() override; |
| 72 bool IsValidConnectionId(int security_key_connection_id) const override; | 72 bool IsValidConnectionId(int security_key_connection_id) const override; |
| 73 void SendClientResponse(int security_key_connection_id, | 73 void SendClientResponse(int security_key_connection_id, |
| 74 const std::string& response) override; | 74 const std::string& response) override; |
| 75 void SendErrorAndCloseConnection(int security_key_connection_id) override; | 75 void SendErrorAndCloseConnection(int security_key_connection_id) override; |
| (...skipping 16 matching lines...) Expand all Loading... |
| 92 // Gets an active socket iterator for |security_key_connection_id|. | 92 // Gets an active socket iterator for |security_key_connection_id|. |
| 93 ActiveSockets::const_iterator GetSocketForConnectionId( | 93 ActiveSockets::const_iterator GetSocketForConnectionId( |
| 94 int security_key_connection_id) const; | 94 int security_key_connection_id) const; |
| 95 | 95 |
| 96 // Send an error and closes an active socket. | 96 // Send an error and closes an active socket. |
| 97 void SendErrorAndCloseActiveSocket(const ActiveSockets::const_iterator& iter); | 97 void SendErrorAndCloseActiveSocket(const ActiveSockets::const_iterator& iter); |
| 98 | 98 |
| 99 // A request timed out. | 99 // A request timed out. |
| 100 void RequestTimedOut(int security_key_connection_id); | 100 void RequestTimedOut(int security_key_connection_id); |
| 101 | 101 |
| 102 // Ensures SecurityKeyAuthHandlerLinux methods are called on the same thread. | 102 // Ensures SecurityKeyAuthHandlerPosix methods are called on the same thread. |
| 103 base::ThreadChecker thread_checker_; | 103 base::ThreadChecker thread_checker_; |
| 104 | 104 |
| 105 // Socket used to listen for authorization requests. | 105 // Socket used to listen for authorization requests. |
| 106 std::unique_ptr<net::UnixDomainServerSocket> auth_socket_; | 106 std::unique_ptr<net::UnixDomainServerSocket> auth_socket_; |
| 107 | 107 |
| 108 // A temporary holder for an accepted connection. | 108 // A temporary holder for an accepted connection. |
| 109 std::unique_ptr<net::StreamSocket> accept_socket_; | 109 std::unique_ptr<net::StreamSocket> accept_socket_; |
| 110 | 110 |
| 111 // Used to pass security key extension messages to the client. | 111 // Used to pass security key extension messages to the client. |
| 112 SendMessageCallback send_message_callback_; | 112 SendMessageCallback send_message_callback_; |
| 113 | 113 |
| 114 // The last assigned security key connection id. | 114 // The last assigned security key connection id. |
| 115 int last_connection_id_ = 0; | 115 int last_connection_id_ = 0; |
| 116 | 116 |
| 117 // Sockets by connection id used to process gnubbyd requests. | 117 // Sockets by connection id used to process gnubbyd requests. |
| 118 ActiveSockets active_sockets_; | 118 ActiveSockets active_sockets_; |
| 119 | 119 |
| 120 // Used to perform blocking File IO. | 120 // Used to perform blocking File IO. |
| 121 scoped_refptr<base::SingleThreadTaskRunner> file_task_runner_; | 121 scoped_refptr<base::SingleThreadTaskRunner> file_task_runner_; |
| 122 | 122 |
| 123 // Timeout used for a request. | 123 // Timeout used for a request. |
| 124 base::TimeDelta request_timeout_; | 124 base::TimeDelta request_timeout_; |
| 125 | 125 |
| 126 base::WeakPtrFactory<SecurityKeyAuthHandlerLinux> weak_factory_; | 126 base::WeakPtrFactory<SecurityKeyAuthHandlerPosix> weak_factory_; |
| 127 | 127 |
| 128 DISALLOW_COPY_AND_ASSIGN(SecurityKeyAuthHandlerLinux); | 128 DISALLOW_COPY_AND_ASSIGN(SecurityKeyAuthHandlerPosix); |
| 129 }; | 129 }; |
| 130 | 130 |
| 131 std::unique_ptr<SecurityKeyAuthHandler> SecurityKeyAuthHandler::Create( | 131 std::unique_ptr<SecurityKeyAuthHandler> SecurityKeyAuthHandler::Create( |
| 132 ClientSessionDetails* client_session_details, | 132 ClientSessionDetails* client_session_details, |
| 133 const SendMessageCallback& send_message_callback, | 133 const SendMessageCallback& send_message_callback, |
| 134 scoped_refptr<base::SingleThreadTaskRunner> file_task_runner) { | 134 scoped_refptr<base::SingleThreadTaskRunner> file_task_runner) { |
| 135 std::unique_ptr<SecurityKeyAuthHandler> auth_handler( | 135 std::unique_ptr<SecurityKeyAuthHandler> auth_handler( |
| 136 new SecurityKeyAuthHandlerLinux(file_task_runner)); | 136 new SecurityKeyAuthHandlerPosix(file_task_runner)); |
| 137 auth_handler->SetSendMessageCallback(send_message_callback); | 137 auth_handler->SetSendMessageCallback(send_message_callback); |
| 138 return auth_handler; | 138 return auth_handler; |
| 139 } | 139 } |
| 140 | 140 |
| 141 void SecurityKeyAuthHandler::SetSecurityKeySocketName( | 141 void SecurityKeyAuthHandler::SetSecurityKeySocketName( |
| 142 const base::FilePath& security_key_socket_name) { | 142 const base::FilePath& security_key_socket_name) { |
| 143 g_security_key_socket_name.Get() = security_key_socket_name; | 143 g_security_key_socket_name.Get() = security_key_socket_name; |
| 144 } | 144 } |
| 145 | 145 |
| 146 SecurityKeyAuthHandlerLinux::SecurityKeyAuthHandlerLinux( | 146 SecurityKeyAuthHandlerPosix::SecurityKeyAuthHandlerPosix( |
| 147 scoped_refptr<base::SingleThreadTaskRunner> file_task_runner) | 147 scoped_refptr<base::SingleThreadTaskRunner> file_task_runner) |
| 148 : file_task_runner_(file_task_runner), | 148 : file_task_runner_(file_task_runner), |
| 149 request_timeout_( | 149 request_timeout_( |
| 150 base::TimeDelta::FromSeconds(kDefaultRequestTimeoutSeconds)), | 150 base::TimeDelta::FromSeconds(kDefaultRequestTimeoutSeconds)), |
| 151 weak_factory_(this) {} | 151 weak_factory_(this) {} |
| 152 | 152 |
| 153 SecurityKeyAuthHandlerLinux::~SecurityKeyAuthHandlerLinux() {} | 153 SecurityKeyAuthHandlerPosix::~SecurityKeyAuthHandlerPosix() {} |
| 154 | 154 |
| 155 void SecurityKeyAuthHandlerLinux::CreateSecurityKeyConnection() { | 155 void SecurityKeyAuthHandlerPosix::CreateSecurityKeyConnection() { |
| 156 DCHECK(thread_checker_.CalledOnValidThread()); | 156 DCHECK(thread_checker_.CalledOnValidThread()); |
| 157 DCHECK(!g_security_key_socket_name.Get().empty()); | 157 DCHECK(!g_security_key_socket_name.Get().empty()); |
| 158 | 158 |
| 159 // We need to run the DeleteFile method on |file_task_runner_| as it is a | 159 // We need to run the DeleteFile method on |file_task_runner_| as it is a |
| 160 // blocking function call which cannot be run on the main thread. Once | 160 // blocking function call which cannot be run on the main thread. Once |
| 161 // that task has completed, the main thread will be called back and we will | 161 // that task has completed, the main thread will be called back and we will |
| 162 // resume setting up our security key auth socket there. | 162 // resume setting up our security key auth socket there. |
| 163 file_task_runner_->PostTaskAndReply( | 163 file_task_runner_->PostTaskAndReply( |
| 164 FROM_HERE, base::Bind(base::IgnoreResult(&base::DeleteFile), | 164 FROM_HERE, base::Bind(base::IgnoreResult(&base::DeleteFile), |
| 165 g_security_key_socket_name.Get(), false), | 165 g_security_key_socket_name.Get(), false), |
| 166 base::Bind(&SecurityKeyAuthHandlerLinux::CreateSocket, | 166 base::Bind(&SecurityKeyAuthHandlerPosix::CreateSocket, |
| 167 weak_factory_.GetWeakPtr())); | 167 weak_factory_.GetWeakPtr())); |
| 168 } | 168 } |
| 169 | 169 |
| 170 void SecurityKeyAuthHandlerLinux::CreateSocket() { | 170 void SecurityKeyAuthHandlerPosix::CreateSocket() { |
| 171 DCHECK(thread_checker_.CalledOnValidThread()); | 171 DCHECK(thread_checker_.CalledOnValidThread()); |
| 172 HOST_LOG << "Listening for security key requests on " | 172 HOST_LOG << "Listening for security key requests on " |
| 173 << g_security_key_socket_name.Get().value(); | 173 << g_security_key_socket_name.Get().value(); |
| 174 | 174 |
| 175 auth_socket_.reset( | 175 auth_socket_.reset( |
| 176 new net::UnixDomainServerSocket(base::Bind(MatchUid), false)); | 176 new net::UnixDomainServerSocket(base::Bind(MatchUid), false)); |
| 177 int rv = auth_socket_->BindAndListen(g_security_key_socket_name.Get().value(), | 177 int rv = auth_socket_->BindAndListen(g_security_key_socket_name.Get().value(), |
| 178 /*backlog=*/1); | 178 /*backlog=*/1); |
| 179 if (rv != net::OK) { | 179 if (rv != net::OK) { |
| 180 LOG(ERROR) << "Failed to open socket for auth requests: '" << rv << "'"; | 180 LOG(ERROR) << "Failed to open socket for auth requests: '" << rv << "'"; |
| 181 return; | 181 return; |
| 182 } | 182 } |
| 183 DoAccept(); | 183 DoAccept(); |
| 184 } | 184 } |
| 185 | 185 |
| 186 bool SecurityKeyAuthHandlerLinux::IsValidConnectionId( | 186 bool SecurityKeyAuthHandlerPosix::IsValidConnectionId( |
| 187 int security_key_connection_id) const { | 187 int security_key_connection_id) const { |
| 188 return GetSocketForConnectionId(security_key_connection_id) != | 188 return GetSocketForConnectionId(security_key_connection_id) != |
| 189 active_sockets_.end(); | 189 active_sockets_.end(); |
| 190 } | 190 } |
| 191 | 191 |
| 192 void SecurityKeyAuthHandlerLinux::SendClientResponse( | 192 void SecurityKeyAuthHandlerPosix::SendClientResponse( |
| 193 int security_key_connection_id, | 193 int security_key_connection_id, |
| 194 const std::string& response) { | 194 const std::string& response) { |
| 195 ActiveSockets::const_iterator iter = | 195 ActiveSockets::const_iterator iter = |
| 196 GetSocketForConnectionId(security_key_connection_id); | 196 GetSocketForConnectionId(security_key_connection_id); |
| 197 if (iter != active_sockets_.end()) { | 197 if (iter != active_sockets_.end()) { |
| 198 iter->second->SendResponse(response); | 198 iter->second->SendResponse(response); |
| 199 } else { | 199 } else { |
| 200 LOG(WARNING) << "Unknown gnubby-auth data connection: '" | 200 LOG(WARNING) << "Unknown gnubby-auth data connection: '" |
| 201 << security_key_connection_id << "'"; | 201 << security_key_connection_id << "'"; |
| 202 } | 202 } |
| 203 } | 203 } |
| 204 | 204 |
| 205 void SecurityKeyAuthHandlerLinux::SendErrorAndCloseConnection( | 205 void SecurityKeyAuthHandlerPosix::SendErrorAndCloseConnection( |
| 206 int security_key_connection_id) { | 206 int security_key_connection_id) { |
| 207 ActiveSockets::const_iterator iter = | 207 ActiveSockets::const_iterator iter = |
| 208 GetSocketForConnectionId(security_key_connection_id); | 208 GetSocketForConnectionId(security_key_connection_id); |
| 209 if (iter != active_sockets_.end()) { | 209 if (iter != active_sockets_.end()) { |
| 210 HOST_LOG << "Sending security key error"; | 210 HOST_LOG << "Sending security key error"; |
| 211 SendErrorAndCloseActiveSocket(iter); | 211 SendErrorAndCloseActiveSocket(iter); |
| 212 } else { | 212 } else { |
| 213 LOG(WARNING) << "Unknown gnubby-auth data connection: '" | 213 LOG(WARNING) << "Unknown gnubby-auth data connection: '" |
| 214 << security_key_connection_id << "'"; | 214 << security_key_connection_id << "'"; |
| 215 } | 215 } |
| 216 } | 216 } |
| 217 | 217 |
| 218 void SecurityKeyAuthHandlerLinux::SetSendMessageCallback( | 218 void SecurityKeyAuthHandlerPosix::SetSendMessageCallback( |
| 219 const SendMessageCallback& callback) { | 219 const SendMessageCallback& callback) { |
| 220 send_message_callback_ = callback; | 220 send_message_callback_ = callback; |
| 221 } | 221 } |
| 222 | 222 |
| 223 size_t SecurityKeyAuthHandlerLinux::GetActiveConnectionCountForTest() const { | 223 size_t SecurityKeyAuthHandlerPosix::GetActiveConnectionCountForTest() const { |
| 224 return active_sockets_.size(); | 224 return active_sockets_.size(); |
| 225 } | 225 } |
| 226 | 226 |
| 227 void SecurityKeyAuthHandlerLinux::SetRequestTimeoutForTest( | 227 void SecurityKeyAuthHandlerPosix::SetRequestTimeoutForTest( |
| 228 base::TimeDelta timeout) { | 228 base::TimeDelta timeout) { |
| 229 request_timeout_ = timeout; | 229 request_timeout_ = timeout; |
| 230 } | 230 } |
| 231 | 231 |
| 232 void SecurityKeyAuthHandlerLinux::DoAccept() { | 232 void SecurityKeyAuthHandlerPosix::DoAccept() { |
| 233 DCHECK(thread_checker_.CalledOnValidThread()); | 233 DCHECK(thread_checker_.CalledOnValidThread()); |
| 234 int result = auth_socket_->Accept( | 234 int result = auth_socket_->Accept( |
| 235 &accept_socket_, base::Bind(&SecurityKeyAuthHandlerLinux::OnAccepted, | 235 &accept_socket_, base::Bind(&SecurityKeyAuthHandlerPosix::OnAccepted, |
| 236 base::Unretained(this))); | 236 base::Unretained(this))); |
| 237 if (result != net::ERR_IO_PENDING) | 237 if (result != net::ERR_IO_PENDING) |
| 238 OnAccepted(result); | 238 OnAccepted(result); |
| 239 } | 239 } |
| 240 | 240 |
| 241 void SecurityKeyAuthHandlerLinux::OnAccepted(int result) { | 241 void SecurityKeyAuthHandlerPosix::OnAccepted(int result) { |
| 242 DCHECK(thread_checker_.CalledOnValidThread()); | 242 DCHECK(thread_checker_.CalledOnValidThread()); |
| 243 DCHECK_NE(net::ERR_IO_PENDING, result); | 243 DCHECK_NE(net::ERR_IO_PENDING, result); |
| 244 | 244 |
| 245 if (result < 0) { | 245 if (result < 0) { |
| 246 LOG(ERROR) << "Error in accepting a new connection"; | 246 LOG(ERROR) << "Error in accepting a new connection"; |
| 247 return; | 247 return; |
| 248 } | 248 } |
| 249 | 249 |
| 250 int security_key_connection_id = ++last_connection_id_; | 250 int security_key_connection_id = ++last_connection_id_; |
| 251 SecurityKeySocket* socket = new SecurityKeySocket( | 251 SecurityKeySocket* socket = new SecurityKeySocket( |
| 252 std::move(accept_socket_), request_timeout_, | 252 std::move(accept_socket_), request_timeout_, |
| 253 base::Bind(&SecurityKeyAuthHandlerLinux::RequestTimedOut, | 253 base::Bind(&SecurityKeyAuthHandlerPosix::RequestTimedOut, |
| 254 base::Unretained(this), security_key_connection_id)); | 254 base::Unretained(this), security_key_connection_id)); |
| 255 active_sockets_[security_key_connection_id] = base::WrapUnique(socket); | 255 active_sockets_[security_key_connection_id] = base::WrapUnique(socket); |
| 256 socket->StartReadingRequest( | 256 socket->StartReadingRequest( |
| 257 base::Bind(&SecurityKeyAuthHandlerLinux::OnReadComplete, | 257 base::Bind(&SecurityKeyAuthHandlerPosix::OnReadComplete, |
| 258 base::Unretained(this), security_key_connection_id)); | 258 base::Unretained(this), security_key_connection_id)); |
| 259 | 259 |
| 260 // Continue accepting new connections. | 260 // Continue accepting new connections. |
| 261 DoAccept(); | 261 DoAccept(); |
| 262 } | 262 } |
| 263 | 263 |
| 264 void SecurityKeyAuthHandlerLinux::OnReadComplete( | 264 void SecurityKeyAuthHandlerPosix::OnReadComplete( |
| 265 int security_key_connection_id) { | 265 int security_key_connection_id) { |
| 266 DCHECK(thread_checker_.CalledOnValidThread()); | 266 DCHECK(thread_checker_.CalledOnValidThread()); |
| 267 | 267 |
| 268 ActiveSockets::const_iterator iter = | 268 ActiveSockets::const_iterator iter = |
| 269 active_sockets_.find(security_key_connection_id); | 269 active_sockets_.find(security_key_connection_id); |
| 270 DCHECK(iter != active_sockets_.end()); | 270 DCHECK(iter != active_sockets_.end()); |
| 271 std::string request_data; | 271 std::string request_data; |
| 272 if (!iter->second->GetAndClearRequestData(&request_data)) { | 272 if (!iter->second->GetAndClearRequestData(&request_data)) { |
| 273 SendErrorAndCloseActiveSocket(iter); | 273 SendErrorAndCloseActiveSocket(iter); |
| 274 return; | 274 return; |
| 275 } | 275 } |
| 276 | 276 |
| 277 HOST_LOG << "Received security key request: " << GetCommandCode(request_data); | 277 HOST_LOG << "Received security key request: " << GetCommandCode(request_data); |
| 278 send_message_callback_.Run(security_key_connection_id, request_data); | 278 send_message_callback_.Run(security_key_connection_id, request_data); |
| 279 | 279 |
| 280 iter->second->StartReadingRequest( | 280 iter->second->StartReadingRequest( |
| 281 base::Bind(&SecurityKeyAuthHandlerLinux::OnReadComplete, | 281 base::Bind(&SecurityKeyAuthHandlerPosix::OnReadComplete, |
| 282 base::Unretained(this), security_key_connection_id)); | 282 base::Unretained(this), security_key_connection_id)); |
| 283 } | 283 } |
| 284 | 284 |
| 285 SecurityKeyAuthHandlerLinux::ActiveSockets::const_iterator | 285 SecurityKeyAuthHandlerPosix::ActiveSockets::const_iterator |
| 286 SecurityKeyAuthHandlerLinux::GetSocketForConnectionId( | 286 SecurityKeyAuthHandlerPosix::GetSocketForConnectionId( |
| 287 int security_key_connection_id) const { | 287 int security_key_connection_id) const { |
| 288 return active_sockets_.find(security_key_connection_id); | 288 return active_sockets_.find(security_key_connection_id); |
| 289 } | 289 } |
| 290 | 290 |
| 291 void SecurityKeyAuthHandlerLinux::SendErrorAndCloseActiveSocket( | 291 void SecurityKeyAuthHandlerPosix::SendErrorAndCloseActiveSocket( |
| 292 const ActiveSockets::const_iterator& iter) { | 292 const ActiveSockets::const_iterator& iter) { |
| 293 iter->second->SendSshError(); | 293 iter->second->SendSshError(); |
| 294 active_sockets_.erase(iter); | 294 active_sockets_.erase(iter); |
| 295 } | 295 } |
| 296 | 296 |
| 297 void SecurityKeyAuthHandlerLinux::RequestTimedOut( | 297 void SecurityKeyAuthHandlerPosix::RequestTimedOut( |
| 298 int security_key_connection_id) { | 298 int security_key_connection_id) { |
| 299 HOST_LOG << "SecurityKey request timed out"; | 299 HOST_LOG << "SecurityKey request timed out"; |
| 300 ActiveSockets::const_iterator iter = | 300 ActiveSockets::const_iterator iter = |
| 301 active_sockets_.find(security_key_connection_id); | 301 active_sockets_.find(security_key_connection_id); |
| 302 if (iter != active_sockets_.end()) | 302 if (iter != active_sockets_.end()) |
| 303 SendErrorAndCloseActiveSocket(iter); | 303 SendErrorAndCloseActiveSocket(iter); |
| 304 } | 304 } |
| 305 | 305 |
| 306 } // namespace remoting | 306 } // namespace remoting |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2202733004:
Renaming Linux security key auth handler (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master