Index: remoting/host/remoting_me2me_host.cc |
diff --git a/remoting/host/remoting_me2me_host.cc b/remoting/host/remoting_me2me_host.cc |
index abda26939b3245542a784e5225c3bbb552acd8b3..ed1b2ab2857513c321eadae86294b807c59dae3f 100644 |
--- a/remoting/host/remoting_me2me_host.cc |
+++ b/remoting/host/remoting_me2me_host.cc |
@@ -287,10 +287,13 @@ class HostProcess : public ConfigWatcher::Delegate, |
void OnPolicyUpdate(std::unique_ptr<base::DictionaryValue> policies); |
void OnPolicyError(); |
void ReportPolicyErrorAndRestartHost(); |
+ void HostDomainPolicyHelper(const std::vector<std::string>& domains); |
void ApplyHostDomainPolicy(); |
void ApplyUsernamePolicy(); |
bool OnClientDomainPolicyUpdate(base::DictionaryValue* policies); |
+ bool OnClientDomainListPolicyUpdate(base::DictionaryValue* policies); |
bool OnHostDomainPolicyUpdate(base::DictionaryValue* policies); |
+ bool OnHostDomainListPolicyUpdate(base::DictionaryValue* policies); |
bool OnUsernamePolicyUpdate(base::DictionaryValue* policies); |
bool OnNatPolicyUpdate(base::DictionaryValue* policies); |
bool OnRelayPolicyUpdate(base::DictionaryValue* policies); |
@@ -369,7 +372,9 @@ class HostProcess : public ConfigWatcher::Delegate, |
std::unique_ptr<PolicyWatcher> policy_watcher_; |
PolicyState policy_state_ = POLICY_INITIALIZING; |
std::string client_domain_; |
+ std::vector<std::string> client_domain_list_; |
std::string host_domain_; |
+ std::vector<std::string> host_domain_list_; |
bool host_username_match_required_ = false; |
bool allow_nat_traversal_ = true; |
bool allow_relay_ = true; |
@@ -1014,6 +1019,7 @@ void HostProcess::OnPolicyUpdate( |
bool restart_required = false; |
restart_required |= OnClientDomainPolicyUpdate(policies.get()); |
restart_required |= OnHostDomainPolicyUpdate(policies.get()); |
+ restart_required |= OnHostDomainListPolicyUpdate(policies.get()); |
restart_required |= OnCurtainPolicyUpdate(policies.get()); |
// Note: UsernamePolicyUpdate must run after OnCurtainPolicyUpdate. |
restart_required |= OnUsernamePolicyUpdate(policies.get()); |
@@ -1062,29 +1068,46 @@ void HostProcess::ReportPolicyErrorAndRestartHost() { |
RestartHost(kHostOfflineReasonPolicyReadError); |
} |
-void HostProcess::ApplyHostDomainPolicy() { |
+template<typename T> struct S; |
+ |
+void HostProcess::HostDomainPolicyHelper( |
Sergey Ulanov
2017/02/10 22:25:13
Maybe call this VerifyHostDomain()?
In general mos
|
+ const std::vector<std::string>& domains) { |
if (state_ != HOST_STARTED) |
return; |
- HOST_LOG << "Policy sets host domain: " << host_domain_; |
+ HOST_LOG << "Policy sets host domains: " << base::JoinString(domains, ", "); |
- if (!host_domain_.empty()) { |
- // If the user does not have a Google email, their client JID will not be |
- // based on their email. In that case, the username/host domain policies |
- // would be meaningless, since there is no way to check that the JID |
- // trying to connect actually corresponds to the owner email in question. |
- if (host_owner_ != host_owner_email_) { |
- LOG(ERROR) << "The username and host domain policies cannot be enabled " |
- << "for accounts with a non-Google email."; |
- ShutdownHost(kInvalidHostDomainExitCode); |
- } |
+ // If the user does not have a Google email, their client JID will not be |
+ // based on their email. In that case, the username/host domain policies |
+ // would be meaningless, since there is no way to check that the JID |
+ // trying to connect actually corresponds to the owner email in question. |
+ if (host_owner_ != host_owner_email_) { |
+ LOG(ERROR) << "The username and host domain policies cannot be enabled " |
+ << "for accounts with a non-Google email."; |
+ ShutdownHost(kInvalidHostDomainExitCode); |
+ return; |
+ } |
- if (!base::EndsWith(host_owner_, std::string("@") + host_domain_, |
- base::CompareCase::INSENSITIVE_ASCII)) { |
- LOG(ERROR) << "The host domain does not match the policy."; |
- ShutdownHost(kInvalidHostDomainExitCode); |
+ bool matched = false; |
+ for (const std::string& domain : domains) { |
+ if (base::EndsWith(host_owner_, std::string("@") + domain, |
+ base::CompareCase::INSENSITIVE_ASCII)) { |
+ matched = true; |
} |
} |
+ if (!matched) { |
+ LOG(ERROR) << "The host domain does not match the policy."; |
+ ShutdownHost(kInvalidHostDomainExitCode); |
+ } |
+} |
+ |
+void HostProcess::ApplyHostDomainPolicy() { |
+ if (!host_domain_.empty()) { |
+ HostDomainPolicyHelper({host_domain_}); |
+ } |
+ if (!host_domain_list_.empty()) { |
+ HostDomainPolicyHelper(host_domain_list_); |
+ } |
} |
bool HostProcess::OnHostDomainPolicyUpdate(base::DictionaryValue* policies) { |
@@ -1096,7 +1119,36 @@ bool HostProcess::OnHostDomainPolicyUpdate(base::DictionaryValue* policies) { |
return false; |
} |
- ApplyHostDomainPolicy(); |
+ if (!host_domain_.empty()) { |
+ HostDomainPolicyHelper({host_domain_}); |
+ } |
+ return false; |
+} |
+ |
+bool HostProcess::OnHostDomainListPolicyUpdate( |
+ base::DictionaryValue* policies) { |
+ // Returns true if the host has to be restarted after this policy update. |
+ DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); |
+ |
+ const base::ListValue* list; |
+ if (!policies->GetList(policy::key::kRemoteAccessHostDomainList, &list)) { |
+ return false; |
+ } |
+ |
+ host_domain_list_.clear(); |
+ for (const auto &value : *list) { |
Sergey Ulanov
2017/02/10 22:25:13
Space goes after '&, not before it, i.e. 'const au
|
+ const base::StringValue* domain; |
+ if(!value->GetAsString(&domain)) { |
+ // Should be prevented by policy validation |
+ DCHECK(false); |
+ continue; |
+ } |
+ host_domain_list_.push_back(domain->GetString()); |
+ } |
+ |
+ if (!host_domain_list_.empty()) { |
+ HostDomainPolicyHelper(host_domain_list_); |
+ } |
return false; |
} |