OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 // | 4 // |
5 // This file implements a standalone host process for Me2Me. | 5 // This file implements a standalone host process for Me2Me. |
6 | 6 |
7 #include <stddef.h> | 7 #include <stddef.h> |
8 | 8 |
9 #include <cstdint> | 9 #include <cstdint> |
10 #include <memory> | 10 #include <memory> |
(...skipping 269 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
280 // Tear down resources that run on the UI thread. | 280 // Tear down resources that run on the UI thread. |
281 void ShutdownOnUiThread(); | 281 void ShutdownOnUiThread(); |
282 | 282 |
283 // Applies the host config, returning true if successful. | 283 // Applies the host config, returning true if successful. |
284 bool ApplyConfig(const base::DictionaryValue& config); | 284 bool ApplyConfig(const base::DictionaryValue& config); |
285 | 285 |
286 // Handles policy updates, by calling On*PolicyUpdate methods. | 286 // Handles policy updates, by calling On*PolicyUpdate methods. |
287 void OnPolicyUpdate(std::unique_ptr<base::DictionaryValue> policies); | 287 void OnPolicyUpdate(std::unique_ptr<base::DictionaryValue> policies); |
288 void OnPolicyError(); | 288 void OnPolicyError(); |
289 void ReportPolicyErrorAndRestartHost(); | 289 void ReportPolicyErrorAndRestartHost(); |
290 void HostDomainPolicyHelper(const std::vector<std::string>& domains); | |
290 void ApplyHostDomainPolicy(); | 291 void ApplyHostDomainPolicy(); |
291 void ApplyUsernamePolicy(); | 292 void ApplyUsernamePolicy(); |
292 bool OnClientDomainPolicyUpdate(base::DictionaryValue* policies); | 293 bool OnClientDomainPolicyUpdate(base::DictionaryValue* policies); |
294 bool OnClientDomainListPolicyUpdate(base::DictionaryValue* policies); | |
293 bool OnHostDomainPolicyUpdate(base::DictionaryValue* policies); | 295 bool OnHostDomainPolicyUpdate(base::DictionaryValue* policies); |
296 bool OnHostDomainListPolicyUpdate(base::DictionaryValue* policies); | |
294 bool OnUsernamePolicyUpdate(base::DictionaryValue* policies); | 297 bool OnUsernamePolicyUpdate(base::DictionaryValue* policies); |
295 bool OnNatPolicyUpdate(base::DictionaryValue* policies); | 298 bool OnNatPolicyUpdate(base::DictionaryValue* policies); |
296 bool OnRelayPolicyUpdate(base::DictionaryValue* policies); | 299 bool OnRelayPolicyUpdate(base::DictionaryValue* policies); |
297 bool OnUdpPortPolicyUpdate(base::DictionaryValue* policies); | 300 bool OnUdpPortPolicyUpdate(base::DictionaryValue* policies); |
298 bool OnCurtainPolicyUpdate(base::DictionaryValue* policies); | 301 bool OnCurtainPolicyUpdate(base::DictionaryValue* policies); |
299 bool OnHostTalkGadgetPrefixPolicyUpdate(base::DictionaryValue* policies); | 302 bool OnHostTalkGadgetPrefixPolicyUpdate(base::DictionaryValue* policies); |
300 bool OnHostTokenUrlPolicyUpdate(base::DictionaryValue* policies); | 303 bool OnHostTokenUrlPolicyUpdate(base::DictionaryValue* policies); |
301 bool OnPairingPolicyUpdate(base::DictionaryValue* policies); | 304 bool OnPairingPolicyUpdate(base::DictionaryValue* policies); |
302 bool OnGnubbyAuthPolicyUpdate(base::DictionaryValue* policies); | 305 bool OnGnubbyAuthPolicyUpdate(base::DictionaryValue* policies); |
303 | 306 |
(...skipping 58 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
362 std::string oauth_refresh_token_; | 365 std::string oauth_refresh_token_; |
363 std::string serialized_config_; | 366 std::string serialized_config_; |
364 std::string host_owner_; | 367 std::string host_owner_; |
365 std::string host_owner_email_; | 368 std::string host_owner_email_; |
366 bool use_service_account_ = false; | 369 bool use_service_account_ = false; |
367 bool enable_vp9_ = false; | 370 bool enable_vp9_ = false; |
368 | 371 |
369 std::unique_ptr<PolicyWatcher> policy_watcher_; | 372 std::unique_ptr<PolicyWatcher> policy_watcher_; |
370 PolicyState policy_state_ = POLICY_INITIALIZING; | 373 PolicyState policy_state_ = POLICY_INITIALIZING; |
371 std::string client_domain_; | 374 std::string client_domain_; |
375 std::vector<std::string> client_domain_list_; | |
372 std::string host_domain_; | 376 std::string host_domain_; |
377 std::vector<std::string> host_domain_list_; | |
373 bool host_username_match_required_ = false; | 378 bool host_username_match_required_ = false; |
374 bool allow_nat_traversal_ = true; | 379 bool allow_nat_traversal_ = true; |
375 bool allow_relay_ = true; | 380 bool allow_relay_ = true; |
376 PortRange udp_port_range_; | 381 PortRange udp_port_range_; |
377 std::string talkgadget_prefix_; | 382 std::string talkgadget_prefix_; |
378 bool allow_pairing_ = true; | 383 bool allow_pairing_ = true; |
379 | 384 |
380 DesktopEnvironmentOptions desktop_environment_options_; | 385 DesktopEnvironmentOptions desktop_environment_options_; |
381 ThirdPartyAuthConfig third_party_auth_config_; | 386 ThirdPartyAuthConfig third_party_auth_config_; |
382 bool security_key_auth_policy_enabled_ = false; | 387 bool security_key_auth_policy_enabled_ = false; |
(...skipping 624 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1007 if (!context_->network_task_runner()->BelongsToCurrentThread()) { | 1012 if (!context_->network_task_runner()->BelongsToCurrentThread()) { |
1008 context_->network_task_runner()->PostTask( | 1013 context_->network_task_runner()->PostTask( |
1009 FROM_HERE, base::Bind(&HostProcess::OnPolicyUpdate, this, | 1014 FROM_HERE, base::Bind(&HostProcess::OnPolicyUpdate, this, |
1010 base::Passed(&policies))); | 1015 base::Passed(&policies))); |
1011 return; | 1016 return; |
1012 } | 1017 } |
1013 | 1018 |
1014 bool restart_required = false; | 1019 bool restart_required = false; |
1015 restart_required |= OnClientDomainPolicyUpdate(policies.get()); | 1020 restart_required |= OnClientDomainPolicyUpdate(policies.get()); |
1016 restart_required |= OnHostDomainPolicyUpdate(policies.get()); | 1021 restart_required |= OnHostDomainPolicyUpdate(policies.get()); |
1022 restart_required |= OnHostDomainListPolicyUpdate(policies.get()); | |
1017 restart_required |= OnCurtainPolicyUpdate(policies.get()); | 1023 restart_required |= OnCurtainPolicyUpdate(policies.get()); |
1018 // Note: UsernamePolicyUpdate must run after OnCurtainPolicyUpdate. | 1024 // Note: UsernamePolicyUpdate must run after OnCurtainPolicyUpdate. |
1019 restart_required |= OnUsernamePolicyUpdate(policies.get()); | 1025 restart_required |= OnUsernamePolicyUpdate(policies.get()); |
1020 restart_required |= OnNatPolicyUpdate(policies.get()); | 1026 restart_required |= OnNatPolicyUpdate(policies.get()); |
1021 restart_required |= OnRelayPolicyUpdate(policies.get()); | 1027 restart_required |= OnRelayPolicyUpdate(policies.get()); |
1022 restart_required |= OnUdpPortPolicyUpdate(policies.get()); | 1028 restart_required |= OnUdpPortPolicyUpdate(policies.get()); |
1023 restart_required |= OnHostTalkGadgetPrefixPolicyUpdate(policies.get()); | 1029 restart_required |= OnHostTalkGadgetPrefixPolicyUpdate(policies.get()); |
1024 restart_required |= OnHostTokenUrlPolicyUpdate(policies.get()); | 1030 restart_required |= OnHostTokenUrlPolicyUpdate(policies.get()); |
1025 restart_required |= OnPairingPolicyUpdate(policies.get()); | 1031 restart_required |= OnPairingPolicyUpdate(policies.get()); |
1026 restart_required |= OnGnubbyAuthPolicyUpdate(policies.get()); | 1032 restart_required |= OnGnubbyAuthPolicyUpdate(policies.get()); |
(...skipping 28 matching lines...) Expand all Loading... | |
1055 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); | 1061 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); |
1056 DCHECK(!serialized_config_.empty()); | 1062 DCHECK(!serialized_config_.empty()); |
1057 | 1063 |
1058 DCHECK_EQ(policy_state_, POLICY_ERROR_REPORT_PENDING); | 1064 DCHECK_EQ(policy_state_, POLICY_ERROR_REPORT_PENDING); |
1059 policy_state_ = POLICY_ERROR_REPORTED; | 1065 policy_state_ = POLICY_ERROR_REPORTED; |
1060 | 1066 |
1061 HOST_LOG << "Restarting the host due to policy errors."; | 1067 HOST_LOG << "Restarting the host due to policy errors."; |
1062 RestartHost(kHostOfflineReasonPolicyReadError); | 1068 RestartHost(kHostOfflineReasonPolicyReadError); |
1063 } | 1069 } |
1064 | 1070 |
1065 void HostProcess::ApplyHostDomainPolicy() { | 1071 template<typename T> struct S; |
1072 | |
1073 void HostProcess::HostDomainPolicyHelper( | |
Sergey Ulanov
2017/02/10 22:25:13
Maybe call this VerifyHostDomain()?
In general mos
| |
1074 const std::vector<std::string>& domains) { | |
1066 if (state_ != HOST_STARTED) | 1075 if (state_ != HOST_STARTED) |
1067 return; | 1076 return; |
1068 | 1077 |
1069 HOST_LOG << "Policy sets host domain: " << host_domain_; | 1078 HOST_LOG << "Policy sets host domains: " << base::JoinString(domains, ", "); |
1070 | 1079 |
1080 // If the user does not have a Google email, their client JID will not be | |
1081 // based on their email. In that case, the username/host domain policies | |
1082 // would be meaningless, since there is no way to check that the JID | |
1083 // trying to connect actually corresponds to the owner email in question. | |
1084 if (host_owner_ != host_owner_email_) { | |
1085 LOG(ERROR) << "The username and host domain policies cannot be enabled " | |
1086 << "for accounts with a non-Google email."; | |
1087 ShutdownHost(kInvalidHostDomainExitCode); | |
1088 return; | |
1089 } | |
1090 | |
1091 bool matched = false; | |
1092 for (const std::string& domain : domains) { | |
1093 if (base::EndsWith(host_owner_, std::string("@") + domain, | |
1094 base::CompareCase::INSENSITIVE_ASCII)) { | |
1095 matched = true; | |
1096 } | |
1097 } | |
1098 if (!matched) { | |
1099 LOG(ERROR) << "The host domain does not match the policy."; | |
1100 ShutdownHost(kInvalidHostDomainExitCode); | |
1101 } | |
1102 } | |
1103 | |
1104 void HostProcess::ApplyHostDomainPolicy() { | |
1071 if (!host_domain_.empty()) { | 1105 if (!host_domain_.empty()) { |
1072 // If the user does not have a Google email, their client JID will not be | 1106 HostDomainPolicyHelper({host_domain_}); |
1073 // based on their email. In that case, the username/host domain policies | 1107 } |
1074 // would be meaningless, since there is no way to check that the JID | 1108 if (!host_domain_list_.empty()) { |
1075 // trying to connect actually corresponds to the owner email in question. | 1109 HostDomainPolicyHelper(host_domain_list_); |
1076 if (host_owner_ != host_owner_email_) { | |
1077 LOG(ERROR) << "The username and host domain policies cannot be enabled " | |
1078 << "for accounts with a non-Google email."; | |
1079 ShutdownHost(kInvalidHostDomainExitCode); | |
1080 } | |
1081 | |
1082 if (!base::EndsWith(host_owner_, std::string("@") + host_domain_, | |
1083 base::CompareCase::INSENSITIVE_ASCII)) { | |
1084 LOG(ERROR) << "The host domain does not match the policy."; | |
1085 ShutdownHost(kInvalidHostDomainExitCode); | |
1086 } | |
1087 } | 1110 } |
1088 } | 1111 } |
1089 | 1112 |
1090 bool HostProcess::OnHostDomainPolicyUpdate(base::DictionaryValue* policies) { | 1113 bool HostProcess::OnHostDomainPolicyUpdate(base::DictionaryValue* policies) { |
1091 // Returns true if the host has to be restarted after this policy update. | 1114 // Returns true if the host has to be restarted after this policy update. |
1092 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); | 1115 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); |
1093 | 1116 |
1094 if (!policies->GetString(policy::key::kRemoteAccessHostDomain, | 1117 if (!policies->GetString(policy::key::kRemoteAccessHostDomain, |
1095 &host_domain_)) { | 1118 &host_domain_)) { |
1096 return false; | 1119 return false; |
1097 } | 1120 } |
1098 | 1121 |
1099 ApplyHostDomainPolicy(); | 1122 if (!host_domain_.empty()) { |
1123 HostDomainPolicyHelper({host_domain_}); | |
1124 } | |
1100 return false; | 1125 return false; |
1101 } | 1126 } |
1102 | 1127 |
1128 bool HostProcess::OnHostDomainListPolicyUpdate( | |
1129 base::DictionaryValue* policies) { | |
1130 // Returns true if the host has to be restarted after this policy update. | |
1131 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); | |
1132 | |
1133 const base::ListValue* list; | |
1134 if (!policies->GetList(policy::key::kRemoteAccessHostDomainList, &list)) { | |
1135 return false; | |
1136 } | |
1137 | |
1138 host_domain_list_.clear(); | |
1139 for (const auto &value : *list) { | |
Sergey Ulanov
2017/02/10 22:25:13
Space goes after '&, not before it, i.e. 'const au
| |
1140 const base::StringValue* domain; | |
1141 if(!value->GetAsString(&domain)) { | |
1142 // Should be prevented by policy validation | |
1143 DCHECK(false); | |
1144 continue; | |
1145 } | |
1146 host_domain_list_.push_back(domain->GetString()); | |
1147 } | |
1148 | |
1149 if (!host_domain_list_.empty()) { | |
1150 HostDomainPolicyHelper(host_domain_list_); | |
1151 } | |
1152 return false; | |
1153 } | |
1154 | |
1103 bool HostProcess::OnClientDomainPolicyUpdate(base::DictionaryValue* policies) { | 1155 bool HostProcess::OnClientDomainPolicyUpdate(base::DictionaryValue* policies) { |
1104 // Returns true if the host has to be restarted after this policy update. | 1156 // Returns true if the host has to be restarted after this policy update. |
1105 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); | 1157 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); |
1106 return policies->GetString(policy::key::kRemoteAccessHostClientDomain, | 1158 return policies->GetString(policy::key::kRemoteAccessHostClientDomain, |
1107 &client_domain_); | 1159 &client_domain_); |
1108 } | 1160 } |
1109 | 1161 |
1110 void HostProcess::ApplyUsernamePolicy() { | 1162 void HostProcess::ApplyUsernamePolicy() { |
1111 if (state_ != HOST_STARTED) | 1163 if (state_ != HOST_STARTED) |
1112 return; | 1164 return; |
(...skipping 542 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1655 base::TimeDelta::FromSeconds(kShutdownTimeoutSeconds)); | 1707 base::TimeDelta::FromSeconds(kShutdownTimeoutSeconds)); |
1656 new HostProcess(std::move(context), &exit_code, &shutdown_watchdog); | 1708 new HostProcess(std::move(context), &exit_code, &shutdown_watchdog); |
1657 | 1709 |
1658 // Run the main (also UI) message loop until the host no longer needs it. | 1710 // Run the main (also UI) message loop until the host no longer needs it. |
1659 base::RunLoop().Run(); | 1711 base::RunLoop().Run(); |
1660 | 1712 |
1661 return exit_code; | 1713 return exit_code; |
1662 } | 1714 } |
1663 | 1715 |
1664 } // namespace remoting | 1716 } // namespace remoting |
OLD | NEW |