Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(229)

Side by Side Diff: remoting/host/it2me/it2me_host.cc

Issue 2682473003: Add support for multiple allowed domains (Closed)
Patch Set: Rework to follow a deprecation approach Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "remoting/host/it2me/it2me_host.h" 5 #include "remoting/host/it2me/it2me_host.h"
6 6
7 #include <cstdint> 7 #include <cstdint>
8 #include <memory> 8 #include <memory>
9 #include <string> 9 #include <string>
10 #include <utility> 10 #include <utility>
(...skipping 156 matching lines...) Expand 10 before | Expand all | Expand 10 after
167 167
168 void It2MeHost::FinishConnect() { 168 void It2MeHost::FinishConnect() {
169 DCHECK(host_context_->network_task_runner()->BelongsToCurrentThread()); 169 DCHECK(host_context_->network_task_runner()->BelongsToCurrentThread());
170 170
171 if (state_ != kStarting) { 171 if (state_ != kStarting) {
172 // Host has been stopped while we were fetching policy. 172 // Host has been stopped while we were fetching policy.
173 return; 173 return;
174 } 174 }
175 175
176 // Check the host domain policy. 176 // Check the host domain policy.
177 if (!required_host_domain_.empty() && 177 if (!required_host_domain_list_.empty()) {
178 !base::EndsWith(username_, std::string("@") + required_host_domain_, 178 bool matched = false;
179 base::CompareCase::INSENSITIVE_ASCII)) { 179 for (const std::string& domain : required_host_domain_list_) {
Jamie 2017/04/19 00:29:02 Can this be "const auto&"?
rkjnsn 2017/04/19 16:45:26 If you think that's more readable.
Jamie 2017/04/19 16:55:47 Being explicit about the type doesn't add to reada
rkjnsn 2017/04/19 18:24:06 The style guide says it is "permitted when it incr
180 SetState(kInvalidDomainError, ""); 180 if (base::EndsWith(username_, std::string("@") + domain,
181 return; 181 base::CompareCase::INSENSITIVE_ASCII)) {
182 matched = true;
183 break;
184 }
185 }
186 if (!matched) {
187 SetState(kInvalidDomainError, "");
188 return;
189 }
182 } 190 }
183 191
184 // Generate a key pair for the Host to use. 192 // Generate a key pair for the Host to use.
185 // TODO(wez): Move this to the worker thread. 193 // TODO(wez): Move this to the worker thread.
186 host_key_pair_ = RsaKeyPair::Generate(); 194 host_key_pair_ = RsaKeyPair::Generate();
187 195
188 // Request registration of the host for support. 196 // Request registration of the host for support.
189 std::unique_ptr<RegisterSupportHostRequest> register_request( 197 std::unique_ptr<RegisterSupportHostRequest> register_request(
190 new RegisterSupportHostRequest( 198 new RegisterSupportHostRequest(
191 signal_strategy_.get(), host_key_pair_, directory_bot_jid_, 199 signal_strategy_.get(), host_key_pair_, directory_bot_jid_,
(...skipping 115 matching lines...) Expand 10 before | Expand all | Expand 10 after
307 FROM_HERE, 315 FROM_HERE,
308 base::Bind(&It2MeHost::OnPolicyUpdate, this, base::Passed(&policies))); 316 base::Bind(&It2MeHost::OnPolicyUpdate, this, base::Passed(&policies)));
309 return; 317 return;
310 } 318 }
311 319
312 bool nat_policy; 320 bool nat_policy;
313 if (policies->GetBoolean(policy::key::kRemoteAccessHostFirewallTraversal, 321 if (policies->GetBoolean(policy::key::kRemoteAccessHostFirewallTraversal,
314 &nat_policy)) { 322 &nat_policy)) {
315 UpdateNatPolicy(nat_policy); 323 UpdateNatPolicy(nat_policy);
316 } 324 }
317 std::string host_domain; 325 const base::ListValue* host_domain_list;
318 if (policies->GetString(policy::key::kRemoteAccessHostDomain, &host_domain)) { 326 if (policies->GetList(policy::key::kRemoteAccessHostDomainList,
319 UpdateHostDomainPolicy(host_domain); 327 &host_domain_list)) {
328 std::vector<std::string> host_domain_list_vector;
329 for (const auto& value : *host_domain_list) {
330 host_domain_list_vector.push_back(value.GetString());
331 }
332 UpdateHostDomainListPolicy(std::move(host_domain_list_vector));
Jamie 2017/04/19 00:29:02 Don't need move() if you pass by const reference.
rkjnsn 2017/04/19 18:24:06 True, but that would guarantee that that vector wo
Jamie 2017/04/19 19:21:06 Thanks for the detailed follow-up. I am happy for
320 } 333 }
321 std::string client_domain; 334 const base::ListValue* client_domain_list;
322 if (policies->GetString(policy::key::kRemoteAccessHostClientDomain, 335 if (policies->GetList(policy::key::kRemoteAccessHostClientDomainList,
323 &client_domain)) { 336 &client_domain_list)) {
324 UpdateClientDomainPolicy(client_domain); 337 std::vector<std::string> client_domain_list_vector;
338 for (const auto& value : *client_domain_list) {
339 client_domain_list_vector.push_back(value.GetString());
340 }
341 UpdateClientDomainListPolicy(std::move(client_domain_list_vector));
325 } 342 }
326 343
327 policy_received_ = true; 344 policy_received_ = true;
328 345
329 if (!pending_connect_.is_null()) { 346 if (!pending_connect_.is_null()) {
330 base::ResetAndReturn(&pending_connect_).Run(); 347 base::ResetAndReturn(&pending_connect_).Run();
331 } 348 }
332 } 349 }
333 350
334 void It2MeHost::OnPolicyError() { 351 void It2MeHost::OnPolicyError() {
(...skipping 13 matching lines...) Expand all
348 } 365 }
349 366
350 nat_traversal_enabled_ = nat_traversal_enabled; 367 nat_traversal_enabled_ = nat_traversal_enabled;
351 368
352 // Notify the web-app of the policy setting. 369 // Notify the web-app of the policy setting.
353 host_context_->ui_task_runner()->PostTask( 370 host_context_->ui_task_runner()->PostTask(
354 FROM_HERE, base::Bind(&It2MeHost::Observer::OnNatPolicyChanged, observer_, 371 FROM_HERE, base::Bind(&It2MeHost::Observer::OnNatPolicyChanged, observer_,
355 nat_traversal_enabled_)); 372 nat_traversal_enabled_));
356 } 373 }
357 374
358 void It2MeHost::UpdateHostDomainPolicy(const std::string& host_domain) { 375 void It2MeHost::UpdateHostDomainListPolicy(
376 std::vector<std::string> host_domain_list) {
359 DCHECK(host_context_->network_task_runner()->BelongsToCurrentThread()); 377 DCHECK(host_context_->network_task_runner()->BelongsToCurrentThread());
360 378
361 VLOG(2) << "UpdateHostDomainPolicy: " << host_domain; 379 VLOG(2) << "UpdateHostDomainListPolicy: "
380 << base::JoinString(host_domain_list, ", ");
362 381
363 // When setting a host domain policy, force disconnect any existing session. 382 // When setting a host domain policy, force disconnect any existing session.
364 if (!host_domain.empty() && IsRunning()) { 383 if (!host_domain_list.empty() && IsRunning()) {
365 DisconnectOnNetworkThread(); 384 DisconnectOnNetworkThread();
366 } 385 }
367 386
368 required_host_domain_ = host_domain; 387 required_host_domain_list_ = std::move(host_domain_list);
369 } 388 }
370 389
371 void It2MeHost::UpdateClientDomainPolicy(const std::string& client_domain) { 390 void It2MeHost::UpdateClientDomainListPolicy(
391 std::vector<std::string> client_domain_list) {
372 DCHECK(host_context_->network_task_runner()->BelongsToCurrentThread()); 392 DCHECK(host_context_->network_task_runner()->BelongsToCurrentThread());
373 393
374 VLOG(2) << "UpdateClientDomainPolicy: " << client_domain; 394 VLOG(2) << "UpdateClientDomainPolicy: "
395 << base::JoinString(client_domain_list, ", ");
375 396
376 // When setting a client domain policy, disconnect any existing session. 397 // When setting a client domain policy, disconnect any existing session.
377 if (!client_domain.empty() && IsRunning()) { 398 if (!client_domain_list.empty() && IsRunning()) {
378 DisconnectOnNetworkThread(); 399 DisconnectOnNetworkThread();
379 } 400 }
380 401
381 required_client_domain_ = client_domain; 402 required_client_domain_list_ = client_domain_list;
382 } 403 }
383 404
384 void It2MeHost::SetState(It2MeHostState state, 405 void It2MeHost::SetState(It2MeHostState state,
385 const std::string& error_message) { 406 const std::string& error_message) {
386 DCHECK(host_context_->network_task_runner()->BelongsToCurrentThread()); 407 DCHECK(host_context_->network_task_runner()->BelongsToCurrentThread());
387 408
388 switch (state_) { 409 switch (state_) {
389 case kDisconnected: 410 case kDisconnected:
390 DCHECK(state == kStarting || 411 DCHECK(state == kStarting ||
391 state == kError) << state; 412 state == kError) << state;
(...skipping 103 matching lines...) Expand 10 before | Expand all | Expand 10 after
495 516
496 if (client_username.empty()) { 517 if (client_username.empty()) {
497 LOG(ERROR) << "Invalid user name passed in: " << remote_jid; 518 LOG(ERROR) << "Invalid user name passed in: " << remote_jid;
498 result_callback.Run( 519 result_callback.Run(
499 protocol::ValidatingAuthenticator::Result::ERROR_INVALID_ACCOUNT); 520 protocol::ValidatingAuthenticator::Result::ERROR_INVALID_ACCOUNT);
500 DisconnectOnNetworkThread(); 521 DisconnectOnNetworkThread();
501 return; 522 return;
502 } 523 }
503 524
504 // Check the client domain policy. 525 // Check the client domain policy.
505 if (!required_client_domain_.empty()) { 526 if (!required_client_domain_list_.empty()) {
506 if (!base::EndsWith(client_username, 527 bool matched = false;
507 std::string("@") + required_client_domain_, 528 for (const std::string& domain : required_client_domain_list_) {
Jamie 2017/04/19 00:29:02 auto?
508 base::CompareCase::INSENSITIVE_ASCII)) { 529 if (base::EndsWith(client_username, std::string("@") + domain,
530 base::CompareCase::INSENSITIVE_ASCII)) {
531 matched = true;
532 break;
533 }
534 }
535 if (!matched) {
509 LOG(ERROR) << "Rejecting incoming connection from " << remote_jid 536 LOG(ERROR) << "Rejecting incoming connection from " << remote_jid
510 << ": Domain mismatch."; 537 << ": Domain not allowed.";
511 result_callback.Run(ValidationResult::ERROR_INVALID_ACCOUNT); 538 result_callback.Run(ValidationResult::ERROR_INVALID_ACCOUNT);
512 DisconnectOnNetworkThread(); 539 DisconnectOnNetworkThread();
513 return; 540 return;
514 } 541 }
515 } 542 }
516 543
517 // If we receive valid connection details multiple times, then we don't know 544 // If we receive valid connection details multiple times, then we don't know
518 // which remote user (if either) is valid so disconnect everyone. 545 // which remote user (if either) is valid so disconnect everyone.
519 if (state_ != kReceivedAccessCode) { 546 if (state_ != kReceivedAccessCode) {
520 DCHECK_EQ(kConnecting, state_); 547 DCHECK_EQ(kConnecting, state_);
(...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after
570 597
571 std::unique_ptr<PolicyWatcher> policy_watcher = 598 std::unique_ptr<PolicyWatcher> policy_watcher =
572 PolicyWatcher::Create(policy_service, context->file_task_runner()); 599 PolicyWatcher::Create(policy_service, context->file_task_runner());
573 return new It2MeHost(std::move(context), std::move(policy_watcher), 600 return new It2MeHost(std::move(context), std::move(policy_watcher),
574 base::MakeUnique<It2MeConfirmationDialogFactory>(), 601 base::MakeUnique<It2MeConfirmationDialogFactory>(),
575 observer, std::move(signal_strategy), username, 602 observer, std::move(signal_strategy), username,
576 directory_bot_jid); 603 directory_bot_jid);
577 } 604 }
578 605
579 } // namespace remoting 606 } // namespace remoting
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698