| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "remoting/host/policy_watcher.h" | 5 #include "remoting/host/policy_watcher.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/json/json_writer.h" | 8 #include "base/json/json_writer.h" |
| 9 #include "base/macros.h" | 9 #include "base/macros.h" |
| 10 #include "base/memory/ptr_util.h" | 10 #include "base/memory/ptr_util.h" |
| (...skipping 130 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 141 "https://token.com"); | 141 "https://token.com"); |
| 142 third_party_auth_partial_.SetString( | 142 third_party_auth_partial_.SetString( |
| 143 key::kRemoteAccessHostTokenValidationUrl, "https://validation.com"); | 143 key::kRemoteAccessHostTokenValidationUrl, "https://validation.com"); |
| 144 third_party_auth_full_.MergeDictionary(&third_party_auth_partial_); | 144 third_party_auth_full_.MergeDictionary(&third_party_auth_partial_); |
| 145 third_party_auth_full_.SetString( | 145 third_party_auth_full_.SetString( |
| 146 key::kRemoteAccessHostTokenValidationCertificateIssuer, | 146 key::kRemoteAccessHostTokenValidationCertificateIssuer, |
| 147 "certificate subject"); | 147 "certificate subject"); |
| 148 third_party_auth_cert_empty_.MergeDictionary(&third_party_auth_partial_); | 148 third_party_auth_cert_empty_.MergeDictionary(&third_party_auth_partial_); |
| 149 third_party_auth_cert_empty_.SetString( | 149 third_party_auth_cert_empty_.SetString( |
| 150 key::kRemoteAccessHostTokenValidationCertificateIssuer, ""); | 150 key::kRemoteAccessHostTokenValidationCertificateIssuer, ""); |
| 151 remote_assistance_uiaccess_true_.SetBoolean( |
| 152 key::kRemoteAssistanceHostAllowUiAccess, true); |
| 153 remote_assistance_uiaccess_false_.SetBoolean( |
| 154 key::kRemoteAssistanceHostAllowUiAccess, false); |
| 151 } | 155 } |
| 152 | 156 |
| 153 void TearDown() override { | 157 void TearDown() override { |
| 154 policy_watcher_.reset(); | 158 policy_watcher_.reset(); |
| 155 policy_loader_ = nullptr; | 159 policy_loader_ = nullptr; |
| 156 base::RunLoop().RunUntilIdle(); | 160 base::RunLoop().RunUntilIdle(); |
| 157 } | 161 } |
| 158 | 162 |
| 159 protected: | 163 protected: |
| 160 void StartWatching() { | 164 void StartWatching() { |
| (...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 231 base::DictionaryValue port_range_malformed_; | 235 base::DictionaryValue port_range_malformed_; |
| 232 base::DictionaryValue port_range_malformed_domain_full_; | 236 base::DictionaryValue port_range_malformed_domain_full_; |
| 233 base::DictionaryValue curtain_true_; | 237 base::DictionaryValue curtain_true_; |
| 234 base::DictionaryValue curtain_false_; | 238 base::DictionaryValue curtain_false_; |
| 235 base::DictionaryValue username_true_; | 239 base::DictionaryValue username_true_; |
| 236 base::DictionaryValue username_false_; | 240 base::DictionaryValue username_false_; |
| 237 base::DictionaryValue talk_gadget_blah_; | 241 base::DictionaryValue talk_gadget_blah_; |
| 238 base::DictionaryValue third_party_auth_full_; | 242 base::DictionaryValue third_party_auth_full_; |
| 239 base::DictionaryValue third_party_auth_partial_; | 243 base::DictionaryValue third_party_auth_partial_; |
| 240 base::DictionaryValue third_party_auth_cert_empty_; | 244 base::DictionaryValue third_party_auth_cert_empty_; |
| 245 base::DictionaryValue remote_assistance_uiaccess_true_; |
| 246 base::DictionaryValue remote_assistance_uiaccess_false_; |
| 241 | 247 |
| 242 private: | 248 private: |
| 243 void SetDefaults(base::DictionaryValue& dict) { | 249 void SetDefaults(base::DictionaryValue& dict) { |
| 244 dict.SetBoolean(key::kRemoteAccessHostFirewallTraversal, true); | 250 dict.SetBoolean(key::kRemoteAccessHostFirewallTraversal, true); |
| 245 dict.SetBoolean(key::kRemoteAccessHostAllowRelayedConnection, true); | 251 dict.SetBoolean(key::kRemoteAccessHostAllowRelayedConnection, true); |
| 246 dict.SetString(key::kRemoteAccessHostUdpPortRange, ""); | 252 dict.SetString(key::kRemoteAccessHostUdpPortRange, ""); |
| 247 dict.SetString(key::kRemoteAccessHostClientDomain, std::string()); | 253 dict.SetString(key::kRemoteAccessHostClientDomain, std::string()); |
| 248 dict.SetString(key::kRemoteAccessHostDomain, std::string()); | 254 dict.SetString(key::kRemoteAccessHostDomain, std::string()); |
| 249 dict.SetBoolean(key::kRemoteAccessHostMatchUsername, false); | 255 dict.SetBoolean(key::kRemoteAccessHostMatchUsername, false); |
| 250 dict.SetString(key::kRemoteAccessHostTalkGadgetPrefix, | 256 dict.SetString(key::kRemoteAccessHostTalkGadgetPrefix, |
| 251 kDefaultHostTalkGadgetPrefix); | 257 kDefaultHostTalkGadgetPrefix); |
| 252 dict.SetBoolean(key::kRemoteAccessHostRequireCurtain, false); | 258 dict.SetBoolean(key::kRemoteAccessHostRequireCurtain, false); |
| 253 dict.SetString(key::kRemoteAccessHostTokenUrl, ""); | 259 dict.SetString(key::kRemoteAccessHostTokenUrl, ""); |
| 254 dict.SetString(key::kRemoteAccessHostTokenValidationUrl, ""); | 260 dict.SetString(key::kRemoteAccessHostTokenValidationUrl, ""); |
| 255 dict.SetString(key::kRemoteAccessHostTokenValidationCertificateIssuer, ""); | 261 dict.SetString(key::kRemoteAccessHostTokenValidationCertificateIssuer, ""); |
| 256 dict.SetBoolean(key::kRemoteAccessHostAllowClientPairing, true); | 262 dict.SetBoolean(key::kRemoteAccessHostAllowClientPairing, true); |
| 257 dict.SetBoolean(key::kRemoteAccessHostAllowGnubbyAuth, true); | 263 dict.SetBoolean(key::kRemoteAccessHostAllowGnubbyAuth, true); |
| 264 dict.SetBoolean(key::kRemoteAssistanceHostAllowUiAccess, false); |
| 258 | 265 |
| 259 ASSERT_THAT(&dict, IsPolicies(&GetDefaultValues())) | 266 ASSERT_THAT(&dict, IsPolicies(&GetDefaultValues())) |
| 260 << "Sanity check that defaults expected by the test code " | 267 << "Sanity check that defaults expected by the test code " |
| 261 << "match what is stored in PolicyWatcher::default_values_"; | 268 << "match what is stored in PolicyWatcher::default_values_"; |
| 262 } | 269 } |
| 263 }; | 270 }; |
| 264 | 271 |
| 265 const char* PolicyWatcherTest::kHostDomain = "google.com"; | 272 const char* PolicyWatcherTest::kHostDomain = "google.com"; |
| 266 const char* PolicyWatcherTest::kPortRange = "12400-12409"; | 273 const char* PolicyWatcherTest::kPortRange = "12400-12409"; |
| 267 | 274 |
| (...skipping 216 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 484 OnPolicyUpdatePtr(IsPolicies(&gnubby_auth_false_))); | 491 OnPolicyUpdatePtr(IsPolicies(&gnubby_auth_false_))); |
| 485 EXPECT_CALL(mock_policy_callback_, | 492 EXPECT_CALL(mock_policy_callback_, |
| 486 OnPolicyUpdatePtr(IsPolicies(&gnubby_auth_true_))); | 493 OnPolicyUpdatePtr(IsPolicies(&gnubby_auth_true_))); |
| 487 | 494 |
| 488 SetPolicies(empty_); | 495 SetPolicies(empty_); |
| 489 StartWatching(); | 496 StartWatching(); |
| 490 SetPolicies(gnubby_auth_false_); | 497 SetPolicies(gnubby_auth_false_); |
| 491 SetPolicies(gnubby_auth_true_); | 498 SetPolicies(gnubby_auth_true_); |
| 492 } | 499 } |
| 493 | 500 |
| 501 TEST_F(PolicyWatcherTest, RemoteAssistanceUiAccess) { |
| 502 testing::InSequence sequence; |
| 503 EXPECT_CALL(mock_policy_callback_, |
| 504 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_))); |
| 505 #if defined(OS_WIN) |
| 506 // This setting only affects Windows, it is ignored on other platforms so the |
| 507 // 2 SetPolicies calls won't result in any calls to OnPolicyUpdate. |
| 508 EXPECT_CALL(mock_policy_callback_, |
| 509 OnPolicyUpdatePtr(IsPolicies(&remote_assistance_uiaccess_true_))); |
| 510 EXPECT_CALL( |
| 511 mock_policy_callback_, |
| 512 OnPolicyUpdatePtr(IsPolicies(&remote_assistance_uiaccess_false_))); |
| 513 #endif // defined(OS_WIN) |
| 514 |
| 515 SetPolicies(empty_); |
| 516 StartWatching(); |
| 517 SetPolicies(remote_assistance_uiaccess_true_); |
| 518 SetPolicies(remote_assistance_uiaccess_false_); |
| 519 } |
| 520 |
| 494 TEST_F(PolicyWatcherTest, Relay) { | 521 TEST_F(PolicyWatcherTest, Relay) { |
| 495 testing::InSequence sequence; | 522 testing::InSequence sequence; |
| 496 EXPECT_CALL(mock_policy_callback_, | 523 EXPECT_CALL(mock_policy_callback_, |
| 497 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_))); | 524 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_))); |
| 498 EXPECT_CALL(mock_policy_callback_, | 525 EXPECT_CALL(mock_policy_callback_, |
| 499 OnPolicyUpdatePtr(IsPolicies(&relay_false_))); | 526 OnPolicyUpdatePtr(IsPolicies(&relay_false_))); |
| 500 EXPECT_CALL(mock_policy_callback_, | 527 EXPECT_CALL(mock_policy_callback_, |
| 501 OnPolicyUpdatePtr(IsPolicies(&relay_true_))); | 528 OnPolicyUpdatePtr(IsPolicies(&relay_true_))); |
| 502 | 529 |
| 503 SetPolicies(empty_); | 530 SetPolicies(empty_); |
| (...skipping 105 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 609 | 636 |
| 610 std::map<std::string, base::Value::Type> expected_schema; | 637 std::map<std::string, base::Value::Type> expected_schema; |
| 611 for (base::DictionaryValue::Iterator i(GetDefaultValues()); !i.IsAtEnd(); | 638 for (base::DictionaryValue::Iterator i(GetDefaultValues()); !i.IsAtEnd(); |
| 612 i.Advance()) { | 639 i.Advance()) { |
| 613 expected_schema[i.key()] = i.value().GetType(); | 640 expected_schema[i.key()] = i.value().GetType(); |
| 614 } | 641 } |
| 615 #if defined(OS_WIN) | 642 #if defined(OS_WIN) |
| 616 // RemoteAccessHostMatchUsername is marked in policy_templates.json as not | 643 // RemoteAccessHostMatchUsername is marked in policy_templates.json as not |
| 617 // supported on Windows and therefore is (by design) excluded from the schema. | 644 // supported on Windows and therefore is (by design) excluded from the schema. |
| 618 expected_schema.erase(key::kRemoteAccessHostMatchUsername); | 645 expected_schema.erase(key::kRemoteAccessHostMatchUsername); |
| 646 #else // !defined(OS_WIN) |
| 647 // RemoteAssistanceHostAllowUiAccess does not exist on non-Windows platforms. |
| 648 expected_schema.erase(key::kRemoteAssistanceHostAllowUiAccess); |
| 619 #endif | 649 #endif |
| 620 | 650 |
| 621 std::map<std::string, base::Value::Type> actual_schema; | 651 std::map<std::string, base::Value::Type> actual_schema; |
| 622 const policy::Schema* schema = GetPolicySchema(); | 652 const policy::Schema* schema = GetPolicySchema(); |
| 623 ASSERT_TRUE(schema->valid()); | 653 ASSERT_TRUE(schema->valid()); |
| 624 for (auto it = schema->GetPropertiesIterator(); !it.IsAtEnd(); it.Advance()) { | 654 for (auto it = schema->GetPropertiesIterator(); !it.IsAtEnd(); it.Advance()) { |
| 625 std::string key = it.key(); | 655 std::string key = it.key(); |
| 626 if (key.find("RemoteAccessHost") == std::string::npos) { | 656 if (key.find("RemoteAccessHost") == std::string::npos && |
| 657 key.find("RemoteAssistanceHost") == std::string::npos) { |
| 627 // For now PolicyWatcher::GetPolicySchema() mixes Chrome and Chromoting | 658 // For now PolicyWatcher::GetPolicySchema() mixes Chrome and Chromoting |
| 628 // policies, so we have to skip them here. | 659 // policies, so we have to skip them here. |
| 629 continue; | 660 continue; |
| 630 } | 661 } |
| 631 actual_schema[key] = it.schema().type(); | 662 actual_schema[key] = it.schema().type(); |
| 632 } | 663 } |
| 633 | 664 |
| 634 EXPECT_THAT(actual_schema, testing::ContainerEq(expected_schema)); | 665 EXPECT_THAT(actual_schema, testing::ContainerEq(expected_schema)); |
| 635 } | 666 } |
| 636 | 667 |
| (...skipping 10 matching lines...) Expand all Loading... |
| 647 | 678 |
| 648 // And check one, random "boolean" policy to see if the type propagated | 679 // And check one, random "boolean" policy to see if the type propagated |
| 649 // correctly from policy_templates.json file. | 680 // correctly from policy_templates.json file. |
| 650 const policy::Schema boolean_schema = | 681 const policy::Schema boolean_schema = |
| 651 schema->GetKnownProperty("RemoteAccessHostRequireCurtain"); | 682 schema->GetKnownProperty("RemoteAccessHostRequireCurtain"); |
| 652 EXPECT_TRUE(boolean_schema.valid()); | 683 EXPECT_TRUE(boolean_schema.valid()); |
| 653 EXPECT_EQ(boolean_schema.type(), base::Value::Type::TYPE_BOOLEAN); | 684 EXPECT_EQ(boolean_schema.type(), base::Value::Type::TYPE_BOOLEAN); |
| 654 } | 685 } |
| 655 | 686 |
| 656 } // namespace remoting | 687 } // namespace remoting |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2252243002:
Adding a policy for using the uiAccess enabled It2Me binary on Windows (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master