Add support for multiple allowed domains

remoting/host/remoting_me2me_host.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 //
 // This file implements a standalone host process for Me2Me.
 
 #include <stddef.h>
 
 #include <cstdint>
 #include <memory>
@@ skipping 269 matching lines @@
   // Tear down resources that run on the UI thread.
   void ShutdownOnUiThread();
 
   // Applies the host config, returning true if successful.
   bool ApplyConfig(const base::DictionaryValue& config);
 
   // Handles policy updates, by calling On*PolicyUpdate methods.
   void OnPolicyUpdate(std::unique_ptr<base::DictionaryValue> policies);
   void OnPolicyError();
   void ReportPolicyErrorAndRestartHost();
+  void HostDomainPolicyHelper(const std::vector<std::string>& domains);
   void ApplyHostDomainPolicy();
   void ApplyUsernamePolicy();
   bool OnClientDomainPolicyUpdate(base::DictionaryValue* policies);
+  bool OnClientDomainListPolicyUpdate(base::DictionaryValue* policies);
   bool OnHostDomainPolicyUpdate(base::DictionaryValue* policies);
+  bool OnHostDomainListPolicyUpdate(base::DictionaryValue* policies);
   bool OnUsernamePolicyUpdate(base::DictionaryValue* policies);
   bool OnNatPolicyUpdate(base::DictionaryValue* policies);
   bool OnRelayPolicyUpdate(base::DictionaryValue* policies);
   bool OnUdpPortPolicyUpdate(base::DictionaryValue* policies);
   bool OnCurtainPolicyUpdate(base::DictionaryValue* policies);
   bool OnHostTalkGadgetPrefixPolicyUpdate(base::DictionaryValue* policies);
   bool OnHostTokenUrlPolicyUpdate(base::DictionaryValue* policies);
   bool OnPairingPolicyUpdate(base::DictionaryValue* policies);
   bool OnGnubbyAuthPolicyUpdate(base::DictionaryValue* policies);
 
@@ skipping 58 matching lines @@
   std::string oauth_refresh_token_;
   std::string serialized_config_;
   std::string host_owner_;
   std::string host_owner_email_;
   bool use_service_account_ = false;
   bool enable_vp9_ = false;
 
   std::unique_ptr<PolicyWatcher> policy_watcher_;
   PolicyState policy_state_ = POLICY_INITIALIZING;
   std::string client_domain_;
+  std::vector<std::string> client_domain_list_;
   std::string host_domain_;
+  std::vector<std::string> host_domain_list_;
   bool host_username_match_required_ = false;
   bool allow_nat_traversal_ = true;
   bool allow_relay_ = true;
   PortRange udp_port_range_;
   std::string talkgadget_prefix_;
   bool allow_pairing_ = true;
 
   DesktopEnvironmentOptions desktop_environment_options_;
   ThirdPartyAuthConfig third_party_auth_config_;
   bool security_key_auth_policy_enabled_ = false;
@@ skipping 624 matching lines @@
   if (!context_->network_task_runner()->BelongsToCurrentThread()) {
     context_->network_task_runner()->PostTask(
         FROM_HERE, base::Bind(&HostProcess::OnPolicyUpdate, this,
                               base::Passed(&policies)));
     return;
   }
 
   bool restart_required = false;
   restart_required |= OnClientDomainPolicyUpdate(policies.get());
   restart_required |= OnHostDomainPolicyUpdate(policies.get());
+  restart_required |= OnHostDomainListPolicyUpdate(policies.get());
   restart_required |= OnCurtainPolicyUpdate(policies.get());
   // Note: UsernamePolicyUpdate must run after OnCurtainPolicyUpdate.
   restart_required |= OnUsernamePolicyUpdate(policies.get());
   restart_required |= OnNatPolicyUpdate(policies.get());
   restart_required |= OnRelayPolicyUpdate(policies.get());
   restart_required |= OnUdpPortPolicyUpdate(policies.get());
   restart_required |= OnHostTalkGadgetPrefixPolicyUpdate(policies.get());
   restart_required |= OnHostTokenUrlPolicyUpdate(policies.get());
   restart_required |= OnPairingPolicyUpdate(policies.get());
   restart_required |= OnGnubbyAuthPolicyUpdate(policies.get());
@@ skipping 28 matching lines @@
   DCHECK(context_->network_task_runner()->BelongsToCurrentThread());
   DCHECK(!serialized_config_.empty());
 
   DCHECK_EQ(policy_state_, POLICY_ERROR_REPORT_PENDING);
   policy_state_ = POLICY_ERROR_REPORTED;
 
   HOST_LOG << "Restarting the host due to policy errors.";
   RestartHost(kHostOfflineReasonPolicyReadError);
 }
 
-void HostProcess::ApplyHostDomainPolicy() {
+template<typename T> struct S;
+
+void HostProcess::HostDomainPolicyHelper(

[Sergey Ulanov, 2017/02/10 22:25:13]

Maybe call this VerifyHostDomain()?
In general most function names should be verbs, except events handlers (e.g.
OnClick()).

I think the logic in this file could be much simpler if we avoid adding a new
policy and instead allow comma-separated list for the policy we already have.

+    const std::vector<std::string>& domains) {
   if (state_ != HOST_STARTED)
     return;
 
-  HOST_LOG << "Policy sets host domain: " << host_domain_;
+  HOST_LOG << "Policy sets host domains: " << base::JoinString(domains, ", ");
 
+  // If the user does not have a Google email, their client JID will not be
+  // based on their email. In that case, the username/host domain policies
+  // would be meaningless, since there is no way to check that the JID
+  // trying to connect actually corresponds to the owner email in question.
+  if (host_owner_ != host_owner_email_) {
+    LOG(ERROR) << "The username and host domain policies cannot be enabled "
+               << "for accounts with a non-Google email.";
+    ShutdownHost(kInvalidHostDomainExitCode);
+    return;
+  }
+
+  bool matched = false;
+  for (const std::string& domain : domains) {
+    if (base::EndsWith(host_owner_, std::string("@") + domain,
+                       base::CompareCase::INSENSITIVE_ASCII)) {
+      matched = true;
+    }
+  }
+  if (!matched) {
+    LOG(ERROR) << "The host domain does not match the policy.";
+    ShutdownHost(kInvalidHostDomainExitCode);
+  }
+}
+
+void HostProcess::ApplyHostDomainPolicy() {
   if (!host_domain_.empty()) {
-    // If the user does not have a Google email, their client JID will not be
-    // based on their email. In that case, the username/host domain policies
-    // would be meaningless, since there is no way to check that the JID
-    // trying to connect actually corresponds to the owner email in question.
-    if (host_owner_ != host_owner_email_) {
-      LOG(ERROR) << "The username and host domain policies cannot be enabled "
-                 << "for accounts with a non-Google email.";
-      ShutdownHost(kInvalidHostDomainExitCode);
-    }
-
-    if (!base::EndsWith(host_owner_, std::string("@") + host_domain_,
-                        base::CompareCase::INSENSITIVE_ASCII)) {
-      LOG(ERROR) << "The host domain does not match the policy.";
-      ShutdownHost(kInvalidHostDomainExitCode);
-    }
+    HostDomainPolicyHelper({host_domain_});
+  }
+  if (!host_domain_list_.empty()) {
+    HostDomainPolicyHelper(host_domain_list_);
   }
 }
 
 bool HostProcess::OnHostDomainPolicyUpdate(base::DictionaryValue* policies) {
   // Returns true if the host has to be restarted after this policy update.
   DCHECK(context_->network_task_runner()->BelongsToCurrentThread());
 
   if (!policies->GetString(policy::key::kRemoteAccessHostDomain,
                            &host_domain_)) {
     return false;
   }
 
-  ApplyHostDomainPolicy();
+  if (!host_domain_.empty()) {
+    HostDomainPolicyHelper({host_domain_});
+  }
   return false;
 }
 
+bool HostProcess::OnHostDomainListPolicyUpdate(
+    base::DictionaryValue* policies) {
+  // Returns true if the host has to be restarted after this policy update.
+  DCHECK(context_->network_task_runner()->BelongsToCurrentThread());
+
+  const base::ListValue* list;
+  if (!policies->GetList(policy::key::kRemoteAccessHostDomainList, &list)) {
+    return false;
+  }
+
+  host_domain_list_.clear();
+  for (const auto &value : *list) {

[Sergey Ulanov, 2017/02/10 22:25:13]

Space goes after '&, not before it, i.e. 'const auto& value'.

+    const base::StringValue* domain;
+    if(!value->GetAsString(&domain)) {
+      // Should be prevented by policy validation
+      DCHECK(false);
+      continue;
+    }
+    host_domain_list_.push_back(domain->GetString());
+  }
+
+  if (!host_domain_list_.empty()) {
+    HostDomainPolicyHelper(host_domain_list_);
+  }
+  return false;
+}
+
 bool HostProcess::OnClientDomainPolicyUpdate(base::DictionaryValue* policies) {
   // Returns true if the host has to be restarted after this policy update.
   DCHECK(context_->network_task_runner()->BelongsToCurrentThread());
   return policies->GetString(policy::key::kRemoteAccessHostClientDomain,
                              &client_domain_);
 }
 
 void HostProcess::ApplyUsernamePolicy() {
   if (state_ != HOST_STARTED)
     return;
@@ skipping 542 matching lines @@
       base::TimeDelta::FromSeconds(kShutdownTimeoutSeconds));
   new HostProcess(std::move(context), &exit_code, &shutdown_watchdog);
 
   // Run the main (also UI) message loop until the host no longer needs it.
   base::RunLoop().Run();
 
   return exit_code;
 }
 
 }  // namespace remoting