Add support for multiple allowed domains

remoting/host/remoting_me2me_host.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 //
 // This file implements a standalone host process for Me2Me.
 
 #include <stddef.h>
 
 #include <cstdint>
 #include <memory>
 #include <string>
 #include <utility>
+#include <vector>
 
 #include "base/bind.h"
 #include "base/callback.h"
 #include "base/command_line.h"
 #include "base/debug/alias.h"
 #include "base/files/file_path.h"
 #include "base/files/file_util.h"
 #include "base/macros.h"
 #include "base/memory/ptr_util.h"
 #include "base/message_loop/message_loop.h"
@@ skipping 265 matching lines @@
   // Tear down resources that run on the UI thread.
   void ShutdownOnUiThread();
 
   // Applies the host config, returning true if successful.
   bool ApplyConfig(const base::DictionaryValue& config);
 
   // Handles policy updates, by calling On*PolicyUpdate methods.
   void OnPolicyUpdate(std::unique_ptr<base::DictionaryValue> policies);
   void OnPolicyError();
   void ReportPolicyErrorAndRestartHost();
-  void ApplyHostDomainPolicy();
+  void ApplyHostDomainListPolicy();
   void ApplyUsernamePolicy();
-  bool OnClientDomainPolicyUpdate(base::DictionaryValue* policies);
-  bool OnHostDomainPolicyUpdate(base::DictionaryValue* policies);
+  bool OnClientDomainListPolicyUpdate(base::DictionaryValue* policies);
+  bool OnHostDomainListPolicyUpdate(base::DictionaryValue* policies);
   bool OnUsernamePolicyUpdate(base::DictionaryValue* policies);
   bool OnNatPolicyUpdate(base::DictionaryValue* policies);
   bool OnRelayPolicyUpdate(base::DictionaryValue* policies);
   bool OnUdpPortPolicyUpdate(base::DictionaryValue* policies);
   bool OnCurtainPolicyUpdate(base::DictionaryValue* policies);
   bool OnHostTalkGadgetPrefixPolicyUpdate(base::DictionaryValue* policies);
   bool OnHostTokenUrlPolicyUpdate(base::DictionaryValue* policies);
   bool OnPairingPolicyUpdate(base::DictionaryValue* policies);
   bool OnGnubbyAuthPolicyUpdate(base::DictionaryValue* policies);
 
@@ skipping 57 matching lines @@
   scoped_refptr<RsaKeyPair> key_pair_;
   std::string oauth_refresh_token_;
   std::string serialized_config_;
   std::string host_owner_;
   std::string host_owner_email_;
   bool use_service_account_ = false;
   bool enable_vp9_ = false;
 
   std::unique_ptr<PolicyWatcher> policy_watcher_;
   PolicyState policy_state_ = POLICY_INITIALIZING;
-  std::string client_domain_;
-  std::string host_domain_;
+  std::vector<std::string> client_domain_list_;
+  std::vector<std::string> host_domain_list_;
   bool host_username_match_required_ = false;
   bool allow_nat_traversal_ = true;
   bool allow_relay_ = true;
   PortRange udp_port_range_;
   std::string talkgadget_prefix_;
   bool allow_pairing_ = true;
 
   DesktopEnvironmentOptions desktop_environment_options_;
   ThirdPartyAuthConfig third_party_auth_config_;
   bool security_key_auth_policy_enabled_ = false;
@@ skipping 194 matching lines @@
     LOG(ERROR) << "Failed to apply the configuration.";
     ShutdownHost(kInvalidHostConfigurationExitCode);
     return;
   }
 
   if (state_ == HOST_STARTING) {
     StartHostIfReady();
   } else if (state_ == HOST_STARTED) {
     // Reapply policies that could be affected by a new config.
     DCHECK_EQ(policy_state_, POLICY_LOADED);
-    ApplyHostDomainPolicy();
+    ApplyHostDomainListPolicy();
     ApplyUsernamePolicy();
 
     // TODO(sergeyu): Here we assume that PIN is the only part of the config
     // that may change while the service is running. Change ApplyConfig() to
     // detect other changes in the config and restart host if necessary here.
     CreateAuthenticatorFactory();
   }
 }
 
 void HostProcess::OnConfigWatcherError() {
@@ skipping 112 matching lines @@
           pairing_registry_ = new PairingRegistry(context_->file_task_runner(),
                                                   std::move(delegate));
       }
 #endif  // defined(OS_WIN)
 
       pairing_registry = pairing_registry_;
     }
 
     factory = protocol::Me2MeHostAuthenticatorFactory::CreateWithPin(
         use_service_account_, host_owner_, local_certificate, key_pair_,
-        client_domain_, pin_hash_, pairing_registry);
+        client_domain_list_, pin_hash_, pairing_registry);
 
     host_->set_pairing_registry(pairing_registry);
   } else {
     // ThirdPartyAuthConfig::Parse() leaves the config in a valid state, so
     // these URLs are both valid.
     DCHECK(third_party_auth_config_.token_url.is_valid());
     DCHECK(third_party_auth_config_.token_validation_url.is_valid());
 
 #if defined(OS_LINUX)
     if (!cert_watcher_) {
       cert_watcher_.reset(new CertificateWatcher(
           base::Bind(&HostProcess::ShutdownHost, this, kSuccessExitCode),
           context_->file_task_runner()));
       cert_watcher_->Start();
     }
     cert_watcher_->SetMonitor(host_->AsWeakPtr());
 #endif
 
     scoped_refptr<protocol::TokenValidatorFactory> token_validator_factory =
         new TokenValidatorFactoryImpl(third_party_auth_config_, key_pair_,
                                       context_->url_request_context_getter());
     factory = protocol::Me2MeHostAuthenticatorFactory::CreateWithThirdPartyAuth(
         use_service_account_, host_owner_, local_certificate, key_pair_,
-        client_domain_, token_validator_factory);
+        client_domain_list_, token_validator_factory);
   }
 
 #if defined(OS_POSIX)
   // On Linux and Mac, perform a PAM authorization step after authentication.
   factory.reset(new PamAuthorizationFactory(std::move(factory)));
 #endif
   host_->SetAuthenticatorFactory(std::move(factory));
 }
 
 // IPC::Listener implementation.
@@ skipping 250 matching lines @@
 void HostProcess::OnPolicyUpdate(
     std::unique_ptr<base::DictionaryValue> policies) {
   if (!context_->network_task_runner()->BelongsToCurrentThread()) {
     context_->network_task_runner()->PostTask(
         FROM_HERE, base::Bind(&HostProcess::OnPolicyUpdate, this,
                               base::Passed(&policies)));
     return;
   }
 
   bool restart_required = false;
-  restart_required |= OnClientDomainPolicyUpdate(policies.get());
-  restart_required |= OnHostDomainPolicyUpdate(policies.get());
+  restart_required |= OnClientDomainListPolicyUpdate(policies.get());
+  restart_required |= OnHostDomainListPolicyUpdate(policies.get());
   restart_required |= OnCurtainPolicyUpdate(policies.get());
   // Note: UsernamePolicyUpdate must run after OnCurtainPolicyUpdate.
   restart_required |= OnUsernamePolicyUpdate(policies.get());
   restart_required |= OnNatPolicyUpdate(policies.get());
   restart_required |= OnRelayPolicyUpdate(policies.get());
   restart_required |= OnUdpPortPolicyUpdate(policies.get());
   restart_required |= OnHostTalkGadgetPrefixPolicyUpdate(policies.get());
   restart_required |= OnHostTokenUrlPolicyUpdate(policies.get());
   restart_required |= OnPairingPolicyUpdate(policies.get());
   restart_required |= OnGnubbyAuthPolicyUpdate(policies.get());
@@ skipping 28 matching lines @@
   DCHECK(context_->network_task_runner()->BelongsToCurrentThread());
   DCHECK(!serialized_config_.empty());
 
   DCHECK_EQ(policy_state_, POLICY_ERROR_REPORT_PENDING);
   policy_state_ = POLICY_ERROR_REPORTED;
 
   HOST_LOG << "Restarting the host due to policy errors.";
   RestartHost(kHostOfflineReasonPolicyReadError);
 }
 
-void HostProcess::ApplyHostDomainPolicy() {
+void HostProcess::ApplyHostDomainListPolicy() {
   if (state_ != HOST_STARTED)
     return;
 
-  HOST_LOG << "Policy sets host domain: " << host_domain_;
+  HOST_LOG << "Policy sets host domains: "
+           << base::JoinString(host_domain_list_, ", ");
 
-  if (!host_domain_.empty()) {
+  if (!host_domain_list_.empty()) {
     // If the user does not have a Google email, their client JID will not be
     // based on their email. In that case, the username/host domain policies
     // would be meaningless, since there is no way to check that the JID
     // trying to connect actually corresponds to the owner email in question.
     if (host_owner_ != host_owner_email_) {
       LOG(ERROR) << "The username and host domain policies cannot be enabled "
                  << "for accounts with a non-Google email.";
       ShutdownHost(kInvalidHostDomainExitCode);
     }
 
-    if (!base::EndsWith(host_owner_, std::string("@") + host_domain_,
-                        base::CompareCase::INSENSITIVE_ASCII)) {
+    bool matched = false;
+    for (const std::string& domain : host_domain_list_) {
+      if (base::EndsWith(host_owner_, std::string("@") + domain,
+                         base::CompareCase::INSENSITIVE_ASCII)) {
+        matched = true;
+      }
+    }
+    if (!matched) {
       LOG(ERROR) << "The host domain does not match the policy.";
       ShutdownHost(kInvalidHostDomainExitCode);
     }
   }
 }
 
-bool HostProcess::OnHostDomainPolicyUpdate(base::DictionaryValue* policies) {
+bool HostProcess::OnHostDomainListPolicyUpdate(
+    base::DictionaryValue* policies) {
   // Returns true if the host has to be restarted after this policy update.
   DCHECK(context_->network_task_runner()->BelongsToCurrentThread());
 
-  if (!policies->GetString(policy::key::kRemoteAccessHostDomain,
-                           &host_domain_)) {
+  const base::ListValue* list;
+  if (!policies->GetList(policy::key::kRemoteAccessHostDomainList, &list)) {
     return false;
   }
 
-  ApplyHostDomainPolicy();
+  host_domain_list_.clear();
+  for (const auto& value : *list) {
+    host_domain_list_.push_back(value.GetString());
+  }
+
+  ApplyHostDomainListPolicy();
   return false;
 }
 
-bool HostProcess::OnClientDomainPolicyUpdate(base::DictionaryValue* policies) {
+bool HostProcess::OnClientDomainListPolicyUpdate(
+    base::DictionaryValue* policies) {
   // Returns true if the host has to be restarted after this policy update.
   DCHECK(context_->network_task_runner()->BelongsToCurrentThread());
-  return policies->GetString(policy::key::kRemoteAccessHostClientDomain,
-                             &client_domain_);
+  const base::ListValue* list;
+  if (!policies->GetList(policy::key::kRemoteAccessHostClientDomainList,

[Sergey Ulanov, 2017/04/20 00:42:54]

This will return false if the policy is there, but it's not a list. I think we
want to treat that case as a policy error, see OnPolicyError().

[rkjnsn, 2017/04/20 00:58:26]

My understanding is that Schema::Normalize (which we call in PolicyWatcher)
should ensure that this is, in fact, a list. I can test, though, to double
check.

+                         &list)) {
+    return false;
+  }
+
+  client_domain_list_.clear();
+  for (const auto& value : *list) {
+    client_domain_list_.push_back(value.GetString());
+  }
+
+  return true;
 }
 
 void HostProcess::ApplyUsernamePolicy() {
   if (state_ != HOST_STARTED)
     return;
 
   if (host_username_match_required_) {
     HOST_LOG << "Policy requires host username match.";
 
-    // See comment in ApplyHostDomainPolicy.
+    // See comment in ApplyHostDomainListPolicy.
     if (host_owner_ != host_owner_email_) {
       LOG(ERROR) << "The username and host domain policies cannot be enabled "
                  << "for accounts with a non-Google email.";
       ShutdownHost(kUsernameMismatchExitCode);
     }
 
     std::string username = GetUsername();
     bool shutdown =
         username.empty() ||
         !base::StartsWith(host_owner_, username + std::string("@"),
@@ skipping 354 matching lines @@
       new IpcHostEventLogger(host_->AsWeakPtr(), daemon_channel_.get()));
 #else  // !defined(REMOTING_MULTI_PROCESS)
   host_event_logger_ =
       HostEventLogger::Create(host_->AsWeakPtr(), kApplicationName);
 #endif  // !defined(REMOTING_MULTI_PROCESS)
 
   host_->Start(host_owner_email_);
 
   CreateAuthenticatorFactory();
 
-  ApplyHostDomainPolicy();
+  ApplyHostDomainListPolicy();
   ApplyUsernamePolicy();
 }
 
 void HostProcess::OnAuthFailed() {
   ShutdownHost(kInvalidOauthCredentialsExitCode);
 }
 
 void HostProcess::RestartHost(const std::string& host_offline_reason) {
   DCHECK(context_->network_task_runner()->BelongsToCurrentThread());
   DCHECK(!host_offline_reason.empty());
@@ skipping 157 matching lines @@
   // Run the main (also UI) message loop until the host no longer needs it.
   base::RunLoop().Run();
 
   // Block until tasks blocking shutdown have completed their execution.
   base::TaskScheduler::GetInstance()->Shutdown();
 
   return exit_code;
 }
 
 }  // namespace remoting