Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1348)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: remoting/host/it2me/it2me_host.cc

Issue 2271933002: Updating It2Me to use the new ValidatingAuthenticator class (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@authenticator
Patch Set: Merging upstream changes Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « remoting/host/it2me/it2me_host.h ('k') | remoting/host/it2me/it2me_host_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: remoting/host/it2me/it2me_host.cc
diff --git a/remoting/host/it2me/it2me_host.cc b/remoting/host/it2me/it2me_host.cc
index d286c0967612cb4b22e1addf1352d0151b3a375b..64fb58a221080c5a5e3294781da9d7ed4fde1373 100644
--- a/remoting/host/it2me/it2me_host.cc
+++ b/remoting/host/it2me/it2me_host.cc
@@ -4,8 +4,9 @@
#include "remoting/host/it2me/it2me_host.h"
-#include <stddef.h>
-
+#include <cstdint>
+#include <memory>
+#include <string>
#include <utility>
#include "base/bind.h"
@@ -37,6 +38,8 @@
#include "remoting/protocol/jingle_session_manager.h"
#include "remoting/protocol/network_settings.h"
#include "remoting/protocol/transport_context.h"
+#include "remoting/protocol/validating_authenticator.h"
+#include "remoting/signaling/jid_util.h"
#include "remoting/signaling/server_log_entry.h"
namespace remoting {
@@ -47,6 +50,10 @@ namespace {
const char kApplicationName[] = "chromoting";
const int kMaxLoginAttempts = 5;
+using protocol::ValidatingAuthenticator;
+typedef ValidatingAuthenticator::Result ValidationResult;
+typedef ValidatingAuthenticator::ValidationCallback ValidationCallback;
+
} // namespace
It2MeHost::It2MeHost(
@@ -70,6 +77,12 @@ It2MeHost::It2MeHost(
DCHECK(task_runner_->BelongsToCurrentThread());
}
+It2MeHost::~It2MeHost() {
+ // Check that resources that need to be torn down on the UI thread are gone.
+ DCHECK(!desktop_environment_factory_.get());
+ DCHECK(!policy_watcher_.get());
+}
+
void It2MeHost::Connect() {
if (!host_context_->ui_task_runner()->BelongsToCurrentThread()) {
DCHECK(task_runner_->BelongsToCurrentThread());
@@ -323,6 +336,20 @@ void It2MeHost::OnClientDisconnected(const std::string& jid) {
DisconnectOnNetworkThread();
}
+void It2MeHost::SetPolicyForTesting(
+ std::unique_ptr<base::DictionaryValue> policies,
+ const base::Closure& done_callback) {
+ host_context_->network_task_runner()->PostTaskAndReply(
+ FROM_HERE,
+ base::Bind(&It2MeHost::OnPolicyUpdate, this, base::Passed(&policies)),
+ done_callback);
+}
+
+ValidationCallback It2MeHost::GetValidationCallbackForTesting() {
+ return base::Bind(&It2MeHost::ValidateConnectionDetails,
+ base::Unretained(this));
+}
+
void It2MeHost::OnPolicyUpdate(
std::unique_ptr<base::DictionaryValue> policies) {
// The policy watcher runs on the |ui_task_runner|.
@@ -405,12 +432,6 @@ void It2MeHost::UpdateClientDomainPolicy(const std::string& client_domain) {
required_client_domain_ = client_domain;
}
-It2MeHost::~It2MeHost() {
- // Check that resources that need to be torn down on the UI thread are gone.
- DCHECK(!desktop_environment_factory_.get());
- DCHECK(!policy_watcher_.get());
-}
-
void It2MeHost::SetState(It2MeHostState state,
const std::string& error_message) {
DCHECK(host_context_->network_task_runner()->BelongsToCurrentThread());
@@ -490,7 +511,8 @@ void It2MeHost::OnReceivedSupportID(
std::unique_ptr<protocol::AuthenticatorFactory> factory(
new protocol::It2MeHostAuthenticatorFactory(
local_certificate, host_key_pair_, access_code_hash,
- required_client_domain_));
+ base::Bind(&It2MeHost::ValidateConnectionDetails,
+ base::Unretained(this))));
host_->SetAuthenticatorFactory(std::move(factory));
// Pass the Access Code to the script object before changing state.
@@ -501,6 +523,31 @@ void It2MeHost::OnReceivedSupportID(
SetState(kReceivedAccessCode, "");
}
+void It2MeHost::ValidateConnectionDetails(
+ const std::string& remote_jid,
+ const protocol::ValidatingAuthenticator::ResultCallback& result_callback) {
+ // Check the client domain policy.
+ if (!required_client_domain_.empty()) {
+ std::string client_username;
+ if (!SplitJidResource(remote_jid, &client_username, /*resource=*/nullptr)) {
+ LOG(ERROR) << "Rejecting incoming connection from " << remote_jid
+ << ": Invalid JID.";
+ result_callback.Run(ValidationResult::ERROR_INVALID_ACCOUNT);
+ return;
+ }
+ if (!base::EndsWith(client_username,
+ std::string("@") + required_client_domain_,
+ base::CompareCase::INSENSITIVE_ASCII)) {
+ LOG(ERROR) << "Rejecting incoming connection from " << remote_jid
+ << ": Domain mismatch.";
+ result_callback.Run(ValidationResult::ERROR_INVALID_ACCOUNT);
+ return;
+ }
+ }
+
+ result_callback.Run(ValidationResult::SUCCESS);
+}
+
It2MeHostFactory::It2MeHostFactory() : policy_service_(nullptr) {
}
« no previous file with comments | « remoting/host/it2me/it2me_host.h ('k') | remoting/host/it2me/it2me_host_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698