OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "remoting/host/it2me/it2me_host.h" | 5 #include "remoting/host/it2me/it2me_host.h" |
6 | 6 |
7 #include <cstdint> | 7 #include <cstdint> |
8 #include <memory> | 8 #include <memory> |
9 #include <string> | 9 #include <string> |
10 #include <utility> | 10 #include <utility> |
(...skipping 162 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
173 } | 173 } |
174 | 174 |
175 // Check the host domain policy. | 175 // Check the host domain policy. |
176 if (!required_host_domain_.empty() && | 176 if (!required_host_domain_.empty() && |
177 !base::EndsWith(username_, std::string("@") + required_host_domain_, | 177 !base::EndsWith(username_, std::string("@") + required_host_domain_, |
178 base::CompareCase::INSENSITIVE_ASCII)) { | 178 base::CompareCase::INSENSITIVE_ASCII)) { |
179 SetState(kInvalidDomainError, ""); | 179 SetState(kInvalidDomainError, ""); |
180 return; | 180 return; |
181 } | 181 } |
182 | 182 |
| 183 if (!required_host_domain_list_.empty()) { |
| 184 bool matched = false; |
| 185 for (const std::string& domain : required_client_domain_list_) { |
| 186 if (base::EndsWith(username_, std::string("@") + domain, |
| 187 base::CompareCase::INSENSITIVE_ASCII)) { |
| 188 matched = true; |
| 189 break; |
| 190 } |
| 191 } |
| 192 if (!matched) { |
| 193 SetState(kInvalidDomainError, ""); |
| 194 return; |
| 195 } |
| 196 } |
| 197 |
183 // Generate a key pair for the Host to use. | 198 // Generate a key pair for the Host to use. |
184 // TODO(wez): Move this to the worker thread. | 199 // TODO(wez): Move this to the worker thread. |
185 host_key_pair_ = RsaKeyPair::Generate(); | 200 host_key_pair_ = RsaKeyPair::Generate(); |
186 | 201 |
187 // Request registration of the host for support. | 202 // Request registration of the host for support. |
188 std::unique_ptr<RegisterSupportHostRequest> register_request( | 203 std::unique_ptr<RegisterSupportHostRequest> register_request( |
189 new RegisterSupportHostRequest( | 204 new RegisterSupportHostRequest( |
190 signal_strategy_.get(), host_key_pair_, directory_bot_jid_, | 205 signal_strategy_.get(), host_key_pair_, directory_bot_jid_, |
191 base::Bind(&It2MeHost::OnReceivedSupportID, base::Unretained(this)))); | 206 base::Bind(&It2MeHost::OnReceivedSupportID, base::Unretained(this)))); |
192 | 207 |
(...skipping 121 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
314 | 329 |
315 bool nat_policy; | 330 bool nat_policy; |
316 if (policies->GetBoolean(policy::key::kRemoteAccessHostFirewallTraversal, | 331 if (policies->GetBoolean(policy::key::kRemoteAccessHostFirewallTraversal, |
317 &nat_policy)) { | 332 &nat_policy)) { |
318 UpdateNatPolicy(nat_policy); | 333 UpdateNatPolicy(nat_policy); |
319 } | 334 } |
320 std::string host_domain; | 335 std::string host_domain; |
321 if (policies->GetString(policy::key::kRemoteAccessHostDomain, &host_domain)) { | 336 if (policies->GetString(policy::key::kRemoteAccessHostDomain, &host_domain)) { |
322 UpdateHostDomainPolicy(host_domain); | 337 UpdateHostDomainPolicy(host_domain); |
323 } | 338 } |
| 339 const base::ListValue* host_domain_list; |
| 340 if (policies->GetList(policy::key::kRemoteAccessHostDomainList, |
| 341 &host_domain_list)) { |
| 342 std::vector<std::string> host_domain_list_vector; |
| 343 for (const auto& value : *host_domain_list) { |
| 344 const base::StringValue* domain; |
| 345 if(!value->GetAsString(&domain)) { |
| 346 // Should be prevented by policy validation |
| 347 DCHECK(false); |
| 348 continue; |
| 349 } |
| 350 host_domain_list_vector.push_back(domain->GetString()); |
| 351 } |
| 352 UpdateHostDomainListPolicy(std::move(host_domain_list_vector)); |
| 353 } |
324 std::string client_domain; | 354 std::string client_domain; |
325 if (policies->GetString(policy::key::kRemoteAccessHostClientDomain, | 355 if (policies->GetString(policy::key::kRemoteAccessHostClientDomain, |
326 &client_domain)) { | 356 &client_domain)) { |
327 UpdateClientDomainPolicy(client_domain); | 357 UpdateClientDomainPolicy(client_domain); |
328 } | 358 } |
| 359 const base::ListValue* client_domain_list; |
| 360 if (policies->GetList(policy::key::kRemoteAccessHostClientDomainList, |
| 361 &client_domain_list)) { |
| 362 std::vector<std::string> client_domain_list_vector; |
| 363 for (const auto& value : *client_domain_list) { |
| 364 const base::StringValue* domain; |
| 365 if(!value->GetAsString(&domain)) { |
| 366 // Should be prevented by policy validation |
| 367 DCHECK(false); |
| 368 continue; |
| 369 } |
| 370 client_domain_list_vector.push_back(domain->GetString()); |
| 371 } |
| 372 UpdateClientDomainListPolicy(std::move(client_domain_list_vector)); |
| 373 } |
329 | 374 |
330 policy_received_ = true; | 375 policy_received_ = true; |
331 | 376 |
332 if (!pending_connect_.is_null()) { | 377 if (!pending_connect_.is_null()) { |
333 base::ResetAndReturn(&pending_connect_).Run(); | 378 base::ResetAndReturn(&pending_connect_).Run(); |
334 } | 379 } |
335 } | 380 } |
336 | 381 |
337 void It2MeHost::OnPolicyError() { | 382 void It2MeHost::OnPolicyError() { |
338 // TODO(lukasza): Report the policy error to the user. crbug.com/433009 | 383 // TODO(lukasza): Report the policy error to the user. crbug.com/433009 |
(...skipping 25 matching lines...) Expand all Loading... |
364 VLOG(2) << "UpdateHostDomainPolicy: " << host_domain; | 409 VLOG(2) << "UpdateHostDomainPolicy: " << host_domain; |
365 | 410 |
366 // When setting a host domain policy, force disconnect any existing session. | 411 // When setting a host domain policy, force disconnect any existing session. |
367 if (!host_domain.empty() && IsRunning()) { | 412 if (!host_domain.empty() && IsRunning()) { |
368 DisconnectOnNetworkThread(); | 413 DisconnectOnNetworkThread(); |
369 } | 414 } |
370 | 415 |
371 required_host_domain_ = host_domain; | 416 required_host_domain_ = host_domain; |
372 } | 417 } |
373 | 418 |
| 419 void It2MeHost::UpdateHostDomainListPolicy( |
| 420 std::vector<std::string> host_domain_list) { |
| 421 DCHECK(host_context_->network_task_runner()->BelongsToCurrentThread()); |
| 422 |
| 423 VLOG(2) << "UpdateHostDomainListPolicy: " |
| 424 << base::JoinString(host_domain_list, ", "); |
| 425 |
| 426 // When setting a host domain policy, force disconnect any existing session. |
| 427 if (!host_domain_list.empty() && IsRunning()) { |
| 428 DisconnectOnNetworkThread(); |
| 429 } |
| 430 |
| 431 required_host_domain_list_ = std::move(host_domain_list); |
| 432 } |
| 433 |
374 void It2MeHost::UpdateClientDomainPolicy(const std::string& client_domain) { | 434 void It2MeHost::UpdateClientDomainPolicy(const std::string& client_domain) { |
375 DCHECK(host_context_->network_task_runner()->BelongsToCurrentThread()); | 435 DCHECK(host_context_->network_task_runner()->BelongsToCurrentThread()); |
376 | 436 |
377 VLOG(2) << "UpdateClientDomainPolicy: " << client_domain; | 437 VLOG(2) << "UpdateClientDomainPolicy: " << client_domain; |
378 | 438 |
379 // When setting a client domain policy, disconnect any existing session. | 439 // When setting a client domain policy, disconnect any existing session. |
380 if (!client_domain.empty() && IsRunning()) { | 440 if (!client_domain.empty() && IsRunning()) { |
381 DisconnectOnNetworkThread(); | 441 DisconnectOnNetworkThread(); |
382 } | 442 } |
383 | 443 |
384 required_client_domain_ = client_domain; | 444 required_client_domain_ = client_domain; |
385 } | 445 } |
386 | 446 |
| 447 void It2MeHost::UpdateClientDomainListPolicy( |
| 448 std::vector<std::string> client_domain_list) { |
| 449 DCHECK(host_context_->network_task_runner()->BelongsToCurrentThread()); |
| 450 |
| 451 VLOG(2) << "UpdateClientDomainListPolicy: " |
| 452 << base::JoinString(client_domain_list, ", "); |
| 453 |
| 454 // When setting a client domain policy, disconnect any existing session. |
| 455 if (!client_domain_list.empty() && IsRunning()) { |
| 456 DisconnectOnNetworkThread(); |
| 457 } |
| 458 |
| 459 required_client_domain_list_ = std::move(client_domain_list); |
| 460 } |
| 461 |
387 void It2MeHost::SetState(It2MeHostState state, | 462 void It2MeHost::SetState(It2MeHostState state, |
388 const std::string& error_message) { | 463 const std::string& error_message) { |
389 DCHECK(host_context_->network_task_runner()->BelongsToCurrentThread()); | 464 DCHECK(host_context_->network_task_runner()->BelongsToCurrentThread()); |
390 | 465 |
391 switch (state_) { | 466 switch (state_) { |
392 case kDisconnected: | 467 case kDisconnected: |
393 DCHECK(state == kStarting || | 468 DCHECK(state == kStarting || |
394 state == kError) << state; | 469 state == kError) << state; |
395 break; | 470 break; |
396 case kStarting: | 471 case kStarting: |
(...skipping 113 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
510 std::string("@") + required_client_domain_, | 585 std::string("@") + required_client_domain_, |
511 base::CompareCase::INSENSITIVE_ASCII)) { | 586 base::CompareCase::INSENSITIVE_ASCII)) { |
512 LOG(ERROR) << "Rejecting incoming connection from " << remote_jid | 587 LOG(ERROR) << "Rejecting incoming connection from " << remote_jid |
513 << ": Domain mismatch."; | 588 << ": Domain mismatch."; |
514 result_callback.Run(ValidationResult::ERROR_INVALID_ACCOUNT); | 589 result_callback.Run(ValidationResult::ERROR_INVALID_ACCOUNT); |
515 DisconnectOnNetworkThread(); | 590 DisconnectOnNetworkThread(); |
516 return; | 591 return; |
517 } | 592 } |
518 } | 593 } |
519 | 594 |
| 595 if (!required_client_domain_list_.empty()) { |
| 596 bool matched = false; |
| 597 for (const std::string& domain : required_client_domain_list_) { |
| 598 if (base::EndsWith(client_username, std::string("@") + domain, |
| 599 base::CompareCase::INSENSITIVE_ASCII)) { |
| 600 matched = true; |
| 601 break; |
| 602 } |
| 603 } |
| 604 if (!matched) { |
| 605 LOG(ERROR) << "Rejecting incoming connection from " << remote_jid |
| 606 << ": Domain not allowed."; |
| 607 result_callback.Run(ValidationResult::ERROR_INVALID_ACCOUNT); |
| 608 DisconnectOnNetworkThread(); |
| 609 return; |
| 610 } |
| 611 } |
| 612 |
520 HOST_LOG << "Client " << client_username << " connecting."; | 613 HOST_LOG << "Client " << client_username << " connecting."; |
521 SetState(kConnecting, std::string()); | 614 SetState(kConnecting, std::string()); |
522 | 615 |
523 // Show a confirmation dialog to the user to allow them to confirm/reject it. | 616 // Show a confirmation dialog to the user to allow them to confirm/reject it. |
524 confirmation_dialog_proxy_.reset(new It2MeConfirmationDialogProxy( | 617 confirmation_dialog_proxy_.reset(new It2MeConfirmationDialogProxy( |
525 host_context_->ui_task_runner(), std::move(confirmation_dialog_))); | 618 host_context_->ui_task_runner(), std::move(confirmation_dialog_))); |
526 | 619 |
527 confirmation_dialog_proxy_->Show( | 620 confirmation_dialog_proxy_->Show( |
528 client_username, base::Bind(&It2MeHost::OnConfirmationResult, | 621 client_username, base::Bind(&It2MeHost::OnConfirmationResult, |
529 base::Unretained(this), result_callback)); | 622 base::Unretained(this), result_callback)); |
(...skipping 30 matching lines...) Expand all Loading... |
560 DCHECK(context->ui_task_runner()->BelongsToCurrentThread()); | 653 DCHECK(context->ui_task_runner()->BelongsToCurrentThread()); |
561 | 654 |
562 std::unique_ptr<PolicyWatcher> policy_watcher = | 655 std::unique_ptr<PolicyWatcher> policy_watcher = |
563 PolicyWatcher::Create(policy_service, context->file_task_runner()); | 656 PolicyWatcher::Create(policy_service, context->file_task_runner()); |
564 return new It2MeHost(std::move(context), std::move(policy_watcher), | 657 return new It2MeHost(std::move(context), std::move(policy_watcher), |
565 It2MeConfirmationDialog::Create(), observer, | 658 It2MeConfirmationDialog::Create(), observer, |
566 std::move(signal_strategy), username, directory_bot_jid); | 659 std::move(signal_strategy), username, directory_bot_jid); |
567 } | 660 } |
568 | 661 |
569 } // namespace remoting | 662 } // namespace remoting |
OLD | NEW |