| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "remoting/host/it2me/it2me_host.h" | 5 #include "remoting/host/it2me/it2me_host.h" |
| 6 | 6 |
| 7 #include <cstdint> | 7 #include <cstdint> |
| 8 #include <memory> | 8 #include <memory> |
| 9 #include <string> | 9 #include <string> |
| 10 #include <utility> | 10 #include <utility> |
| (...skipping 156 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 167 | 167 |
| 168 void It2MeHost::FinishConnect() { | 168 void It2MeHost::FinishConnect() { |
| 169 DCHECK(host_context_->network_task_runner()->BelongsToCurrentThread()); | 169 DCHECK(host_context_->network_task_runner()->BelongsToCurrentThread()); |
| 170 | 170 |
| 171 if (state_ != kStarting) { | 171 if (state_ != kStarting) { |
| 172 // Host has been stopped while we were fetching policy. | 172 // Host has been stopped while we were fetching policy. |
| 173 return; | 173 return; |
| 174 } | 174 } |
| 175 | 175 |
| 176 // Check the host domain policy. | 176 // Check the host domain policy. |
| 177 if (!required_host_domain_.empty() && | 177 if (!required_host_domain_list_.empty()) { |
| 178 !base::EndsWith(username_, std::string("@") + required_host_domain_, | 178 bool matched = false; |
| 179 base::CompareCase::INSENSITIVE_ASCII)) { | 179 for (const auto& domain : required_host_domain_list_) { |
| 180 SetState(kInvalidDomainError, ""); | 180 if (base::EndsWith(username_, std::string("@") + domain, |
| 181 return; | 181 base::CompareCase::INSENSITIVE_ASCII)) { |
| 182 matched = true; |
| 183 break; |
| 184 } |
| 185 } |
| 186 if (!matched) { |
| 187 SetState(kInvalidDomainError, ""); |
| 188 return; |
| 189 } |
| 182 } | 190 } |
| 183 | 191 |
| 184 // Generate a key pair for the Host to use. | 192 // Generate a key pair for the Host to use. |
| 185 // TODO(wez): Move this to the worker thread. | 193 // TODO(wez): Move this to the worker thread. |
| 186 host_key_pair_ = RsaKeyPair::Generate(); | 194 host_key_pair_ = RsaKeyPair::Generate(); |
| 187 | 195 |
| 188 // Request registration of the host for support. | 196 // Request registration of the host for support. |
| 189 std::unique_ptr<RegisterSupportHostRequest> register_request( | 197 std::unique_ptr<RegisterSupportHostRequest> register_request( |
| 190 new RegisterSupportHostRequest( | 198 new RegisterSupportHostRequest( |
| 191 signal_strategy_.get(), host_key_pair_, directory_bot_jid_, | 199 signal_strategy_.get(), host_key_pair_, directory_bot_jid_, |
| (...skipping 115 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 307 FROM_HERE, | 315 FROM_HERE, |
| 308 base::Bind(&It2MeHost::OnPolicyUpdate, this, base::Passed(&policies))); | 316 base::Bind(&It2MeHost::OnPolicyUpdate, this, base::Passed(&policies))); |
| 309 return; | 317 return; |
| 310 } | 318 } |
| 311 | 319 |
| 312 bool nat_policy; | 320 bool nat_policy; |
| 313 if (policies->GetBoolean(policy::key::kRemoteAccessHostFirewallTraversal, | 321 if (policies->GetBoolean(policy::key::kRemoteAccessHostFirewallTraversal, |
| 314 &nat_policy)) { | 322 &nat_policy)) { |
| 315 UpdateNatPolicy(nat_policy); | 323 UpdateNatPolicy(nat_policy); |
| 316 } | 324 } |
| 317 std::string host_domain; | 325 const base::ListValue* host_domain_list; |
| 318 if (policies->GetString(policy::key::kRemoteAccessHostDomain, &host_domain)) { | 326 if (policies->GetList(policy::key::kRemoteAccessHostDomainList, |
| 319 UpdateHostDomainPolicy(host_domain); | 327 &host_domain_list)) { |
| 328 std::vector<std::string> host_domain_list_vector; |
| 329 for (const auto& value : *host_domain_list) { |
| 330 host_domain_list_vector.push_back(value.GetString()); |
| 331 } |
| 332 UpdateHostDomainListPolicy(std::move(host_domain_list_vector)); |
| 320 } | 333 } |
| 321 std::string client_domain; | 334 const base::ListValue* client_domain_list; |
| 322 if (policies->GetString(policy::key::kRemoteAccessHostClientDomain, | 335 if (policies->GetList(policy::key::kRemoteAccessHostClientDomainList, |
| 323 &client_domain)) { | 336 &client_domain_list)) { |
| 324 UpdateClientDomainPolicy(client_domain); | 337 std::vector<std::string> client_domain_list_vector; |
| 338 for (const auto& value : *client_domain_list) { |
| 339 client_domain_list_vector.push_back(value.GetString()); |
| 340 } |
| 341 UpdateClientDomainListPolicy(std::move(client_domain_list_vector)); |
| 325 } | 342 } |
| 326 | 343 |
| 327 policy_received_ = true; | 344 policy_received_ = true; |
| 328 | 345 |
| 329 if (!pending_connect_.is_null()) { | 346 if (!pending_connect_.is_null()) { |
| 330 base::ResetAndReturn(&pending_connect_).Run(); | 347 base::ResetAndReturn(&pending_connect_).Run(); |
| 331 } | 348 } |
| 332 } | 349 } |
| 333 | 350 |
| 334 void It2MeHost::OnPolicyError() { | 351 void It2MeHost::OnPolicyError() { |
| (...skipping 13 matching lines...) Expand all Loading... |
| 348 } | 365 } |
| 349 | 366 |
| 350 nat_traversal_enabled_ = nat_traversal_enabled; | 367 nat_traversal_enabled_ = nat_traversal_enabled; |
| 351 | 368 |
| 352 // Notify the web-app of the policy setting. | 369 // Notify the web-app of the policy setting. |
| 353 host_context_->ui_task_runner()->PostTask( | 370 host_context_->ui_task_runner()->PostTask( |
| 354 FROM_HERE, base::Bind(&It2MeHost::Observer::OnNatPolicyChanged, observer_, | 371 FROM_HERE, base::Bind(&It2MeHost::Observer::OnNatPolicyChanged, observer_, |
| 355 nat_traversal_enabled_)); | 372 nat_traversal_enabled_)); |
| 356 } | 373 } |
| 357 | 374 |
| 358 void It2MeHost::UpdateHostDomainPolicy(const std::string& host_domain) { | 375 void It2MeHost::UpdateHostDomainListPolicy( |
| 376 std::vector<std::string> host_domain_list) { |
| 359 DCHECK(host_context_->network_task_runner()->BelongsToCurrentThread()); | 377 DCHECK(host_context_->network_task_runner()->BelongsToCurrentThread()); |
| 360 | 378 |
| 361 VLOG(2) << "UpdateHostDomainPolicy: " << host_domain; | 379 VLOG(2) << "UpdateHostDomainListPolicy: " |
| 380 << base::JoinString(host_domain_list, ", "); |
| 362 | 381 |
| 363 // When setting a host domain policy, force disconnect any existing session. | 382 // When setting a host domain policy, force disconnect any existing session. |
| 364 if (!host_domain.empty() && IsRunning()) { | 383 if (!host_domain_list.empty() && IsRunning()) { |
| 365 DisconnectOnNetworkThread(); | 384 DisconnectOnNetworkThread(); |
| 366 } | 385 } |
| 367 | 386 |
| 368 required_host_domain_ = host_domain; | 387 required_host_domain_list_ = std::move(host_domain_list); |
| 369 } | 388 } |
| 370 | 389 |
| 371 void It2MeHost::UpdateClientDomainPolicy(const std::string& client_domain) { | 390 void It2MeHost::UpdateClientDomainListPolicy( |
| 391 std::vector<std::string> client_domain_list) { |
| 372 DCHECK(host_context_->network_task_runner()->BelongsToCurrentThread()); | 392 DCHECK(host_context_->network_task_runner()->BelongsToCurrentThread()); |
| 373 | 393 |
| 374 VLOG(2) << "UpdateClientDomainPolicy: " << client_domain; | 394 VLOG(2) << "UpdateClientDomainPolicy: " |
| 395 << base::JoinString(client_domain_list, ", "); |
| 375 | 396 |
| 376 // When setting a client domain policy, disconnect any existing session. | 397 // When setting a client domain policy, disconnect any existing session. |
| 377 if (!client_domain.empty() && IsRunning()) { | 398 if (!client_domain_list.empty() && IsRunning()) { |
| 378 DisconnectOnNetworkThread(); | 399 DisconnectOnNetworkThread(); |
| 379 } | 400 } |
| 380 | 401 |
| 381 required_client_domain_ = client_domain; | 402 required_client_domain_list_ = std::move(client_domain_list); |
| 382 } | 403 } |
| 383 | 404 |
| 384 void It2MeHost::SetState(It2MeHostState state, | 405 void It2MeHost::SetState(It2MeHostState state, |
| 385 const std::string& error_message) { | 406 const std::string& error_message) { |
| 386 DCHECK(host_context_->network_task_runner()->BelongsToCurrentThread()); | 407 DCHECK(host_context_->network_task_runner()->BelongsToCurrentThread()); |
| 387 | 408 |
| 388 switch (state_) { | 409 switch (state_) { |
| 389 case kDisconnected: | 410 case kDisconnected: |
| 390 DCHECK(state == kStarting || | 411 DCHECK(state == kStarting || |
| 391 state == kError) << state; | 412 state == kError) << state; |
| (...skipping 103 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 495 | 516 |
| 496 if (client_username.empty()) { | 517 if (client_username.empty()) { |
| 497 LOG(ERROR) << "Invalid user name passed in: " << remote_jid; | 518 LOG(ERROR) << "Invalid user name passed in: " << remote_jid; |
| 498 result_callback.Run( | 519 result_callback.Run( |
| 499 protocol::ValidatingAuthenticator::Result::ERROR_INVALID_ACCOUNT); | 520 protocol::ValidatingAuthenticator::Result::ERROR_INVALID_ACCOUNT); |
| 500 DisconnectOnNetworkThread(); | 521 DisconnectOnNetworkThread(); |
| 501 return; | 522 return; |
| 502 } | 523 } |
| 503 | 524 |
| 504 // Check the client domain policy. | 525 // Check the client domain policy. |
| 505 if (!required_client_domain_.empty()) { | 526 if (!required_client_domain_list_.empty()) { |
| 506 if (!base::EndsWith(client_username, | 527 bool matched = false; |
| 507 std::string("@") + required_client_domain_, | 528 for (const auto& domain : required_client_domain_list_) { |
| 508 base::CompareCase::INSENSITIVE_ASCII)) { | 529 if (base::EndsWith(client_username, std::string("@") + domain, |
| 530 base::CompareCase::INSENSITIVE_ASCII)) { |
| 531 matched = true; |
| 532 break; |
| 533 } |
| 534 } |
| 535 if (!matched) { |
| 509 LOG(ERROR) << "Rejecting incoming connection from " << remote_jid | 536 LOG(ERROR) << "Rejecting incoming connection from " << remote_jid |
| 510 << ": Domain mismatch."; | 537 << ": Domain not allowed."; |
| 511 result_callback.Run(ValidationResult::ERROR_INVALID_ACCOUNT); | 538 result_callback.Run(ValidationResult::ERROR_INVALID_ACCOUNT); |
| 512 DisconnectOnNetworkThread(); | 539 DisconnectOnNetworkThread(); |
| 513 return; | 540 return; |
| 514 } | 541 } |
| 515 } | 542 } |
| 516 | 543 |
| 517 // If we receive valid connection details multiple times, then we don't know | 544 // If we receive valid connection details multiple times, then we don't know |
| 518 // which remote user (if either) is valid so disconnect everyone. | 545 // which remote user (if either) is valid so disconnect everyone. |
| 519 if (state_ != kReceivedAccessCode) { | 546 if (state_ != kReceivedAccessCode) { |
| 520 DCHECK_EQ(kConnecting, state_); | 547 DCHECK_EQ(kConnecting, state_); |
| (...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 570 | 597 |
| 571 std::unique_ptr<PolicyWatcher> policy_watcher = | 598 std::unique_ptr<PolicyWatcher> policy_watcher = |
| 572 PolicyWatcher::Create(policy_service, context->file_task_runner()); | 599 PolicyWatcher::Create(policy_service, context->file_task_runner()); |
| 573 return new It2MeHost(std::move(context), std::move(policy_watcher), | 600 return new It2MeHost(std::move(context), std::move(policy_watcher), |
| 574 base::MakeUnique<It2MeConfirmationDialogFactory>(), | 601 base::MakeUnique<It2MeConfirmationDialogFactory>(), |
| 575 observer, std::move(signal_strategy), username, | 602 observer, std::move(signal_strategy), username, |
| 576 directory_bot_jid); | 603 directory_bot_jid); |
| 577 } | 604 } |
| 578 | 605 |
| 579 } // namespace remoting | 606 } // namespace remoting |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2682473003:
Add support for multiple allowed domains (Closed)
