| Index: remoting/host/it2me/it2me_host.cc
|
| diff --git a/remoting/host/it2me/it2me_host.cc b/remoting/host/it2me/it2me_host.cc
|
| index d286c0967612cb4b22e1addf1352d0151b3a375b..5009b8ea37bf04aeabe81eb45cfc5ba3aa6a3196 100644
|
| --- a/remoting/host/it2me/it2me_host.cc
|
| +++ b/remoting/host/it2me/it2me_host.cc
|
| @@ -4,8 +4,9 @@
|
|
|
| #include "remoting/host/it2me/it2me_host.h"
|
|
|
| -#include <stddef.h>
|
| -
|
| +#include <cstdint>
|
| +#include <memory>
|
| +#include <string>
|
| #include <utility>
|
|
|
| #include "base/bind.h"
|
| @@ -37,6 +38,8 @@
|
| #include "remoting/protocol/jingle_session_manager.h"
|
| #include "remoting/protocol/network_settings.h"
|
| #include "remoting/protocol/transport_context.h"
|
| +#include "remoting/protocol/validating_authenticator.h"
|
| +#include "remoting/signaling/jid_util.h"
|
| #include "remoting/signaling/server_log_entry.h"
|
|
|
| namespace remoting {
|
| @@ -47,6 +50,8 @@ namespace {
|
| const char kApplicationName[] = "chromoting";
|
| const int kMaxLoginAttempts = 5;
|
|
|
| +typedef protocol::ValidatingAuthenticator::Result ValidationResult;
|
| +
|
| } // namespace
|
|
|
| It2MeHost::It2MeHost(
|
| @@ -68,6 +73,14 @@ It2MeHost::It2MeHost(
|
| nat_traversal_enabled_(false),
|
| policy_received_(false) {
|
| DCHECK(task_runner_->BelongsToCurrentThread());
|
| + validation_callback_ =
|
| + base::Bind(&It2MeHost::ValidateConnectionDetails, base::Unretained(this));
|
| +}
|
| +
|
| +It2MeHost::~It2MeHost() {
|
| + // Check that resources that need to be torn down on the UI thread are gone.
|
| + DCHECK(!desktop_environment_factory_.get());
|
| + DCHECK(!policy_watcher_.get());
|
| }
|
|
|
| void It2MeHost::Connect() {
|
| @@ -323,6 +336,15 @@ void It2MeHost::OnClientDisconnected(const std::string& jid) {
|
| DisconnectOnNetworkThread();
|
| }
|
|
|
| +void It2MeHost::SetPolicyForTesting(
|
| + std::unique_ptr<base::DictionaryValue> policies,
|
| + const base::Closure& done_callback) {
|
| + host_context_->network_task_runner()->PostTaskAndReply(
|
| + FROM_HERE,
|
| + base::Bind(&It2MeHost::OnPolicyUpdate, this, base::Passed(&policies)),
|
| + done_callback);
|
| +}
|
| +
|
| void It2MeHost::OnPolicyUpdate(
|
| std::unique_ptr<base::DictionaryValue> policies) {
|
| // The policy watcher runs on the |ui_task_runner|.
|
| @@ -405,12 +427,6 @@ void It2MeHost::UpdateClientDomainPolicy(const std::string& client_domain) {
|
| required_client_domain_ = client_domain;
|
| }
|
|
|
| -It2MeHost::~It2MeHost() {
|
| - // Check that resources that need to be torn down on the UI thread are gone.
|
| - DCHECK(!desktop_environment_factory_.get());
|
| - DCHECK(!policy_watcher_.get());
|
| -}
|
| -
|
| void It2MeHost::SetState(It2MeHostState state,
|
| const std::string& error_message) {
|
| DCHECK(host_context_->network_task_runner()->BelongsToCurrentThread());
|
| @@ -490,7 +506,7 @@ void It2MeHost::OnReceivedSupportID(
|
| std::unique_ptr<protocol::AuthenticatorFactory> factory(
|
| new protocol::It2MeHostAuthenticatorFactory(
|
| local_certificate, host_key_pair_, access_code_hash,
|
| - required_client_domain_));
|
| + validation_callback_));
|
| host_->SetAuthenticatorFactory(std::move(factory));
|
|
|
| // Pass the Access Code to the script object before changing state.
|
| @@ -501,6 +517,31 @@ void It2MeHost::OnReceivedSupportID(
|
| SetState(kReceivedAccessCode, "");
|
| }
|
|
|
| +void It2MeHost::ValidateConnectionDetails(
|
| + const std::string& remote_jid,
|
| + const protocol::ValidatingAuthenticator::ResultCallback& result_callback) {
|
| + // Check the client domain policy.
|
| + if (!required_client_domain_.empty()) {
|
| + std::string client_username;
|
| + if (!SplitJidResource(remote_jid, &client_username, /*resource=*/nullptr)) {
|
| + LOG(ERROR) << "Rejecting incoming connection from " << remote_jid
|
| + << ": Invalid JID.";
|
| + result_callback.Run(ValidationResult::ERROR_INVALID_ACCOUNT);
|
| + return;
|
| + }
|
| + if (!base::EndsWith(client_username,
|
| + std::string("@") + required_client_domain_,
|
| + base::CompareCase::INSENSITIVE_ASCII)) {
|
| + LOG(ERROR) << "Rejecting incoming connection from " << remote_jid
|
| + << ": Domain mismatch.";
|
| + result_callback.Run(ValidationResult::ERROR_INVALID_ACCOUNT);
|
| + return;
|
| + }
|
| + }
|
| +
|
| + result_callback.Run(ValidationResult::SUCCESS);
|
| +}
|
| +
|
| It2MeHostFactory::It2MeHostFactory() : policy_service_(nullptr) {
|
| }
|
|
|
|
|
Chromium Code Reviews
Issue 2271933002:
Updating It2Me to use the new ValidatingAuthenticator class (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@authenticator