| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "remoting/host/it2me/it2me_host.h" | 5 #include "remoting/host/it2me/it2me_host.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <cstdint> |
| 8 | 8 #include <memory> |
| 9 #include <string> |
| 9 #include <utility> | 10 #include <utility> |
| 10 | 11 |
| 11 #include "base/bind.h" | 12 #include "base/bind.h" |
| 12 #include "base/callback_helpers.h" | 13 #include "base/callback_helpers.h" |
| 13 #include "base/memory/ptr_util.h" | 14 #include "base/memory/ptr_util.h" |
| 14 #include "base/strings/string_util.h" | 15 #include "base/strings/string_util.h" |
| 15 #include "base/threading/platform_thread.h" | 16 #include "base/threading/platform_thread.h" |
| 16 #include "components/policy/policy_constants.h" | 17 #include "components/policy/policy_constants.h" |
| 17 #include "net/socket/client_socket_factory.h" | 18 #include "net/socket/client_socket_factory.h" |
| 18 #include "net/url_request/url_request_context_getter.h" | 19 #include "net/url_request/url_request_context_getter.h" |
| (...skipping 11 matching lines...) Expand all Loading... |
| 30 #include "remoting/host/policy_watcher.h" | 31 #include "remoting/host/policy_watcher.h" |
| 31 #include "remoting/host/register_support_host_request.h" | 32 #include "remoting/host/register_support_host_request.h" |
| 32 #include "remoting/host/service_urls.h" | 33 #include "remoting/host/service_urls.h" |
| 33 #include "remoting/protocol/auth_util.h" | 34 #include "remoting/protocol/auth_util.h" |
| 34 #include "remoting/protocol/chromium_port_allocator_factory.h" | 35 #include "remoting/protocol/chromium_port_allocator_factory.h" |
| 35 #include "remoting/protocol/ice_transport.h" | 36 #include "remoting/protocol/ice_transport.h" |
| 36 #include "remoting/protocol/it2me_host_authenticator_factory.h" | 37 #include "remoting/protocol/it2me_host_authenticator_factory.h" |
| 37 #include "remoting/protocol/jingle_session_manager.h" | 38 #include "remoting/protocol/jingle_session_manager.h" |
| 38 #include "remoting/protocol/network_settings.h" | 39 #include "remoting/protocol/network_settings.h" |
| 39 #include "remoting/protocol/transport_context.h" | 40 #include "remoting/protocol/transport_context.h" |
| 41 #include "remoting/protocol/validating_authenticator.h" |
| 42 #include "remoting/signaling/jid_util.h" |
| 40 #include "remoting/signaling/server_log_entry.h" | 43 #include "remoting/signaling/server_log_entry.h" |
| 41 | 44 |
| 42 namespace remoting { | 45 namespace remoting { |
| 43 | 46 |
| 44 namespace { | 47 namespace { |
| 45 | 48 |
| 46 // This is used for tagging system event logs. | 49 // This is used for tagging system event logs. |
| 47 const char kApplicationName[] = "chromoting"; | 50 const char kApplicationName[] = "chromoting"; |
| 48 const int kMaxLoginAttempts = 5; | 51 const int kMaxLoginAttempts = 5; |
| 49 | 52 |
| 53 using protocol::ValidatingAuthenticator; |
| 54 typedef ValidatingAuthenticator::Result ValidationResult; |
| 55 typedef ValidatingAuthenticator::ValidationCallback ValidationCallback; |
| 56 |
| 50 } // namespace | 57 } // namespace |
| 51 | 58 |
| 52 It2MeHost::It2MeHost( | 59 It2MeHost::It2MeHost( |
| 53 std::unique_ptr<ChromotingHostContext> host_context, | 60 std::unique_ptr<ChromotingHostContext> host_context, |
| 54 std::unique_ptr<PolicyWatcher> policy_watcher, | 61 std::unique_ptr<PolicyWatcher> policy_watcher, |
| 55 std::unique_ptr<It2MeConfirmationDialogFactory> confirmation_dialog_factory, | 62 std::unique_ptr<It2MeConfirmationDialogFactory> confirmation_dialog_factory, |
| 56 base::WeakPtr<It2MeHost::Observer> observer, | 63 base::WeakPtr<It2MeHost::Observer> observer, |
| 57 const XmppSignalStrategy::XmppServerConfig& xmpp_server_config, | 64 const XmppSignalStrategy::XmppServerConfig& xmpp_server_config, |
| 58 const std::string& directory_bot_jid) | 65 const std::string& directory_bot_jid) |
| 59 : host_context_(std::move(host_context)), | 66 : host_context_(std::move(host_context)), |
| 60 task_runner_(host_context_->ui_task_runner()), | 67 task_runner_(host_context_->ui_task_runner()), |
| 61 observer_(observer), | 68 observer_(observer), |
| 62 xmpp_server_config_(xmpp_server_config), | 69 xmpp_server_config_(xmpp_server_config), |
| 63 directory_bot_jid_(directory_bot_jid), | 70 directory_bot_jid_(directory_bot_jid), |
| 64 state_(kDisconnected), | 71 state_(kDisconnected), |
| 65 failed_login_attempts_(0), | 72 failed_login_attempts_(0), |
| 66 policy_watcher_(std::move(policy_watcher)), | 73 policy_watcher_(std::move(policy_watcher)), |
| 67 confirmation_dialog_factory_(std::move(confirmation_dialog_factory)), | 74 confirmation_dialog_factory_(std::move(confirmation_dialog_factory)), |
| 68 nat_traversal_enabled_(false), | 75 nat_traversal_enabled_(false), |
| 69 policy_received_(false) { | 76 policy_received_(false) { |
| 70 DCHECK(task_runner_->BelongsToCurrentThread()); | 77 DCHECK(task_runner_->BelongsToCurrentThread()); |
| 71 } | 78 } |
| 72 | 79 |
| 80 It2MeHost::~It2MeHost() { |
| 81 // Check that resources that need to be torn down on the UI thread are gone. |
| 82 DCHECK(!desktop_environment_factory_.get()); |
| 83 DCHECK(!policy_watcher_.get()); |
| 84 } |
| 85 |
| 73 void It2MeHost::Connect() { | 86 void It2MeHost::Connect() { |
| 74 if (!host_context_->ui_task_runner()->BelongsToCurrentThread()) { | 87 if (!host_context_->ui_task_runner()->BelongsToCurrentThread()) { |
| 75 DCHECK(task_runner_->BelongsToCurrentThread()); | 88 DCHECK(task_runner_->BelongsToCurrentThread()); |
| 76 host_context_->ui_task_runner()->PostTask( | 89 host_context_->ui_task_runner()->PostTask( |
| 77 FROM_HERE, base::Bind(&It2MeHost::Connect, this)); | 90 FROM_HERE, base::Bind(&It2MeHost::Connect, this)); |
| 78 return; | 91 return; |
| 79 } | 92 } |
| 80 | 93 |
| 81 desktop_environment_factory_.reset(new It2MeDesktopEnvironmentFactory( | 94 desktop_environment_factory_.reset(new It2MeDesktopEnvironmentFactory( |
| 82 host_context_->network_task_runner(), | 95 host_context_->network_task_runner(), |
| (...skipping 233 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 316 | 329 |
| 317 SetState(kConnected, ""); | 330 SetState(kConnected, ""); |
| 318 } | 331 } |
| 319 | 332 |
| 320 void It2MeHost::OnClientDisconnected(const std::string& jid) { | 333 void It2MeHost::OnClientDisconnected(const std::string& jid) { |
| 321 DCHECK(host_context_->network_task_runner()->BelongsToCurrentThread()); | 334 DCHECK(host_context_->network_task_runner()->BelongsToCurrentThread()); |
| 322 | 335 |
| 323 DisconnectOnNetworkThread(); | 336 DisconnectOnNetworkThread(); |
| 324 } | 337 } |
| 325 | 338 |
| 339 void It2MeHost::SetPolicyForTesting( |
| 340 std::unique_ptr<base::DictionaryValue> policies, |
| 341 const base::Closure& done_callback) { |
| 342 host_context_->network_task_runner()->PostTaskAndReply( |
| 343 FROM_HERE, |
| 344 base::Bind(&It2MeHost::OnPolicyUpdate, this, base::Passed(&policies)), |
| 345 done_callback); |
| 346 } |
| 347 |
| 348 ValidationCallback It2MeHost::GetValidationCallbackForTesting() { |
| 349 return base::Bind(&It2MeHost::ValidateConnectionDetails, |
| 350 base::Unretained(this)); |
| 351 } |
| 352 |
| 326 void It2MeHost::OnPolicyUpdate( | 353 void It2MeHost::OnPolicyUpdate( |
| 327 std::unique_ptr<base::DictionaryValue> policies) { | 354 std::unique_ptr<base::DictionaryValue> policies) { |
| 328 // The policy watcher runs on the |ui_task_runner|. | 355 // The policy watcher runs on the |ui_task_runner|. |
| 329 if (!host_context_->network_task_runner()->BelongsToCurrentThread()) { | 356 if (!host_context_->network_task_runner()->BelongsToCurrentThread()) { |
| 330 host_context_->network_task_runner()->PostTask( | 357 host_context_->network_task_runner()->PostTask( |
| 331 FROM_HERE, | 358 FROM_HERE, |
| 332 base::Bind(&It2MeHost::OnPolicyUpdate, this, base::Passed(&policies))); | 359 base::Bind(&It2MeHost::OnPolicyUpdate, this, base::Passed(&policies))); |
| 333 return; | 360 return; |
| 334 } | 361 } |
| 335 | 362 |
| (...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 398 VLOG(2) << "UpdateClientDomainPolicy: " << client_domain; | 425 VLOG(2) << "UpdateClientDomainPolicy: " << client_domain; |
| 399 | 426 |
| 400 // When setting a client domain policy, disconnect any existing session. | 427 // When setting a client domain policy, disconnect any existing session. |
| 401 if (!client_domain.empty() && IsConnected()) { | 428 if (!client_domain.empty() && IsConnected()) { |
| 402 DisconnectOnNetworkThread(); | 429 DisconnectOnNetworkThread(); |
| 403 } | 430 } |
| 404 | 431 |
| 405 required_client_domain_ = client_domain; | 432 required_client_domain_ = client_domain; |
| 406 } | 433 } |
| 407 | 434 |
| 408 It2MeHost::~It2MeHost() { | |
| 409 // Check that resources that need to be torn down on the UI thread are gone. | |
| 410 DCHECK(!desktop_environment_factory_.get()); | |
| 411 DCHECK(!policy_watcher_.get()); | |
| 412 } | |
| 413 | |
| 414 void It2MeHost::SetState(It2MeHostState state, | 435 void It2MeHost::SetState(It2MeHostState state, |
| 415 const std::string& error_message) { | 436 const std::string& error_message) { |
| 416 DCHECK(host_context_->network_task_runner()->BelongsToCurrentThread()); | 437 DCHECK(host_context_->network_task_runner()->BelongsToCurrentThread()); |
| 417 | 438 |
| 418 switch (state_) { | 439 switch (state_) { |
| 419 case kDisconnected: | 440 case kDisconnected: |
| 420 DCHECK(state == kStarting || | 441 DCHECK(state == kStarting || |
| 421 state == kError) << state; | 442 state == kError) << state; |
| 422 break; | 443 break; |
| 423 case kStarting: | 444 case kStarting: |
| (...skipping 59 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 483 std::string error_message = "Failed to generate host certificate."; | 504 std::string error_message = "Failed to generate host certificate."; |
| 484 LOG(ERROR) << error_message; | 505 LOG(ERROR) << error_message; |
| 485 SetState(kError, error_message); | 506 SetState(kError, error_message); |
| 486 DisconnectOnNetworkThread(); | 507 DisconnectOnNetworkThread(); |
| 487 return; | 508 return; |
| 488 } | 509 } |
| 489 | 510 |
| 490 std::unique_ptr<protocol::AuthenticatorFactory> factory( | 511 std::unique_ptr<protocol::AuthenticatorFactory> factory( |
| 491 new protocol::It2MeHostAuthenticatorFactory( | 512 new protocol::It2MeHostAuthenticatorFactory( |
| 492 local_certificate, host_key_pair_, access_code_hash, | 513 local_certificate, host_key_pair_, access_code_hash, |
| 493 required_client_domain_)); | 514 base::Bind(&It2MeHost::ValidateConnectionDetails, |
| 515 base::Unretained(this)))); |
| 494 host_->SetAuthenticatorFactory(std::move(factory)); | 516 host_->SetAuthenticatorFactory(std::move(factory)); |
| 495 | 517 |
| 496 // Pass the Access Code to the script object before changing state. | 518 // Pass the Access Code to the script object before changing state. |
| 497 task_runner_->PostTask( | 519 task_runner_->PostTask( |
| 498 FROM_HERE, base::Bind(&It2MeHost::Observer::OnStoreAccessCode, | 520 FROM_HERE, base::Bind(&It2MeHost::Observer::OnStoreAccessCode, |
| 499 observer_, access_code, lifetime)); | 521 observer_, access_code, lifetime)); |
| 500 | 522 |
| 501 SetState(kReceivedAccessCode, ""); | 523 SetState(kReceivedAccessCode, ""); |
| 502 } | 524 } |
| 503 | 525 |
| 526 void It2MeHost::ValidateConnectionDetails( |
| 527 const std::string& remote_jid, |
| 528 const protocol::ValidatingAuthenticator::ResultCallback& result_callback) { |
| 529 // Check the client domain policy. |
| 530 if (!required_client_domain_.empty()) { |
| 531 std::string client_username; |
| 532 if (!SplitJidResource(remote_jid, &client_username, /*resource=*/nullptr)) { |
| 533 LOG(ERROR) << "Rejecting incoming connection from " << remote_jid |
| 534 << ": Invalid JID."; |
| 535 result_callback.Run(ValidationResult::ERROR_INVALID_ACCOUNT); |
| 536 return; |
| 537 } |
| 538 if (!base::EndsWith(client_username, |
| 539 std::string("@") + required_client_domain_, |
| 540 base::CompareCase::INSENSITIVE_ASCII)) { |
| 541 LOG(ERROR) << "Rejecting incoming connection from " << remote_jid |
| 542 << ": Domain mismatch."; |
| 543 result_callback.Run(ValidationResult::ERROR_INVALID_ACCOUNT); |
| 544 return; |
| 545 } |
| 546 } |
| 547 |
| 548 result_callback.Run(ValidationResult::SUCCESS); |
| 549 } |
| 550 |
| 504 It2MeHostFactory::It2MeHostFactory() : policy_service_(nullptr) { | 551 It2MeHostFactory::It2MeHostFactory() : policy_service_(nullptr) { |
| 505 } | 552 } |
| 506 | 553 |
| 507 It2MeHostFactory::~It2MeHostFactory() {} | 554 It2MeHostFactory::~It2MeHostFactory() {} |
| 508 | 555 |
| 509 void It2MeHostFactory::set_policy_service( | 556 void It2MeHostFactory::set_policy_service( |
| 510 policy::PolicyService* policy_service) { | 557 policy::PolicyService* policy_service) { |
| 511 DCHECK(policy_service); | 558 DCHECK(policy_service); |
| 512 DCHECK(!policy_service_) << "|policy_service| can only be set once."; | 559 DCHECK(!policy_service_) << "|policy_service| can only be set once."; |
| 513 policy_service_ = policy_service; | 560 policy_service_ = policy_service; |
| 514 } | 561 } |
| 515 | 562 |
| 516 scoped_refptr<It2MeHost> It2MeHostFactory::CreateIt2MeHost( | 563 scoped_refptr<It2MeHost> It2MeHostFactory::CreateIt2MeHost( |
| 517 std::unique_ptr<ChromotingHostContext> context, | 564 std::unique_ptr<ChromotingHostContext> context, |
| 518 base::WeakPtr<It2MeHost::Observer> observer, | 565 base::WeakPtr<It2MeHost::Observer> observer, |
| 519 const XmppSignalStrategy::XmppServerConfig& xmpp_server_config, | 566 const XmppSignalStrategy::XmppServerConfig& xmpp_server_config, |
| 520 const std::string& directory_bot_jid) { | 567 const std::string& directory_bot_jid) { |
| 521 DCHECK(context->ui_task_runner()->BelongsToCurrentThread()); | 568 DCHECK(context->ui_task_runner()->BelongsToCurrentThread()); |
| 522 | 569 |
| 523 std::unique_ptr<It2MeConfirmationDialogFactory> confirmation_dialog_factory( | 570 std::unique_ptr<It2MeConfirmationDialogFactory> confirmation_dialog_factory( |
| 524 new It2MeConfirmationDialogFactory()); | 571 new It2MeConfirmationDialogFactory()); |
| 525 std::unique_ptr<PolicyWatcher> policy_watcher = | 572 std::unique_ptr<PolicyWatcher> policy_watcher = |
| 526 PolicyWatcher::Create(policy_service_, context->file_task_runner()); | 573 PolicyWatcher::Create(policy_service_, context->file_task_runner()); |
| 527 return new It2MeHost(std::move(context), std::move(policy_watcher), | 574 return new It2MeHost(std::move(context), std::move(policy_watcher), |
| 528 std::move(confirmation_dialog_factory), observer, | 575 std::move(confirmation_dialog_factory), observer, |
| 529 xmpp_server_config, directory_bot_jid); | 576 xmpp_server_config, directory_bot_jid); |
| 530 } | 577 } |
| 531 | 578 |
| 532 } // namespace remoting | 579 } // namespace remoting |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2271933002:
Updating It2Me to use the new ValidatingAuthenticator class (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@authenticator