Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(418)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: remoting/host/remoting_me2me_host.cc

Issue 2682473003: Add support for multiple allowed domains (Closed)
Patch Set: Rework to follow a deprecation approach Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« remoting/host/policy_watcher.cc ('K') | « remoting/host/policy_watcher_unittest.cc ('k') | remoting/protocol/me2me_host_authenticator_factory.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: remoting/host/remoting_me2me_host.cc
diff --git a/remoting/host/remoting_me2me_host.cc b/remoting/host/remoting_me2me_host.cc
index 5b65023e40ef70ab1f3f28380685bc1b17f3c77e..c95dc747ff748c63c011d03e09ceee11e7bcb848 100644
--- a/remoting/host/remoting_me2me_host.cc
+++ b/remoting/host/remoting_me2me_host.cc
@@ -10,6 +10,7 @@
#include <memory>
#include <string>
#include <utility>
+#include <vector>
#include "base/bind.h"
#include "base/callback.h"
@@ -295,10 +296,10 @@ class HostProcess : public ConfigWatcher::Delegate,
void OnPolicyUpdate(std::unique_ptr<base::DictionaryValue> policies);
void OnPolicyError();
void ReportPolicyErrorAndRestartHost();
- void ApplyHostDomainPolicy();
+ void ApplyHostDomainListPolicy();
void ApplyUsernamePolicy();
- bool OnClientDomainPolicyUpdate(base::DictionaryValue* policies);
- bool OnHostDomainPolicyUpdate(base::DictionaryValue* policies);
+ bool OnClientDomainListPolicyUpdate(base::DictionaryValue* policies);
+ bool OnHostDomainListPolicyUpdate(base::DictionaryValue* policies);
bool OnUsernamePolicyUpdate(base::DictionaryValue* policies);
bool OnNatPolicyUpdate(base::DictionaryValue* policies);
bool OnRelayPolicyUpdate(base::DictionaryValue* policies);
@@ -376,8 +377,8 @@ class HostProcess : public ConfigWatcher::Delegate,
std::unique_ptr<PolicyWatcher> policy_watcher_;
PolicyState policy_state_ = POLICY_INITIALIZING;
- std::string client_domain_;
- std::string host_domain_;
+ std::vector<std::string> client_domain_list_;
+ std::vector<std::string> host_domain_list_;
bool host_username_match_required_ = false;
bool allow_nat_traversal_ = true;
bool allow_relay_ = true;
@@ -592,7 +593,7 @@ void HostProcess::OnConfigUpdated(
} else if (state_ == HOST_STARTED) {
// Reapply policies that could be affected by a new config.
DCHECK_EQ(policy_state_, POLICY_LOADED);
- ApplyHostDomainPolicy();
+ ApplyHostDomainListPolicy();
ApplyUsernamePolicy();
// TODO(sergeyu): Here we assume that PIN is the only part of the config
@@ -725,7 +726,7 @@ void HostProcess::CreateAuthenticatorFactory() {
factory = protocol::Me2MeHostAuthenticatorFactory::CreateWithPin(
use_service_account_, host_owner_, local_certificate, key_pair_,
- client_domain_, pin_hash_, pairing_registry);
+ client_domain_list_, pin_hash_, pairing_registry);
host_->set_pairing_registry(pairing_registry);
} else {
@@ -749,7 +750,7 @@ void HostProcess::CreateAuthenticatorFactory() {
context_->url_request_context_getter());
factory = protocol::Me2MeHostAuthenticatorFactory::CreateWithThirdPartyAuth(
use_service_account_, host_owner_, local_certificate, key_pair_,
- client_domain_, token_validator_factory);
+ client_domain_list_, token_validator_factory);
}
#if defined(OS_POSIX)
@@ -1020,8 +1021,8 @@ void HostProcess::OnPolicyUpdate(
}
bool restart_required = false;
- restart_required |= OnClientDomainPolicyUpdate(policies.get());
- restart_required |= OnHostDomainPolicyUpdate(policies.get());
+ restart_required |= OnClientDomainListPolicyUpdate(policies.get());
+ restart_required |= OnHostDomainListPolicyUpdate(policies.get());
restart_required |= OnCurtainPolicyUpdate(policies.get());
// Note: UsernamePolicyUpdate must run after OnCurtainPolicyUpdate.
restart_required |= OnUsernamePolicyUpdate(policies.get());
@@ -1070,13 +1071,14 @@ void HostProcess::ReportPolicyErrorAndRestartHost() {
RestartHost(kHostOfflineReasonPolicyReadError);
}
-void HostProcess::ApplyHostDomainPolicy() {
+void HostProcess::ApplyHostDomainListPolicy() {
if (state_ != HOST_STARTED)
return;
- HOST_LOG << "Policy sets host domain: " << host_domain_;
+ HOST_LOG << "Policy sets host domains: "
+ << base::JoinString(host_domain_list_, ", ");
- if (!host_domain_.empty()) {
+ if (!host_domain_list_.empty()) {
// If the user does not have a Google email, their client JID will not be
// based on their email. In that case, the username/host domain policies
// would be meaningless, since there is no way to check that the JID
@@ -1087,32 +1089,55 @@ void HostProcess::ApplyHostDomainPolicy() {
ShutdownHost(kInvalidHostDomainExitCode);
}
- if (!base::EndsWith(host_owner_, std::string("@") + host_domain_,
- base::CompareCase::INSENSITIVE_ASCII)) {
+ bool matched = false;
+ for (const std::string& domain : host_domain_list_) {
+ if (base::EndsWith(host_owner_, std::string("@") + domain,
+ base::CompareCase::INSENSITIVE_ASCII)) {
+ matched = true;
+ }
+ }
+ if (!matched) {
LOG(ERROR) << "The host domain does not match the policy.";
ShutdownHost(kInvalidHostDomainExitCode);
}
}
}
-bool HostProcess::OnHostDomainPolicyUpdate(base::DictionaryValue* policies) {
+bool HostProcess::OnHostDomainListPolicyUpdate(
+ base::DictionaryValue* policies) {
// Returns true if the host has to be restarted after this policy update.
DCHECK(context_->network_task_runner()->BelongsToCurrentThread());
- if (!policies->GetString(policy::key::kRemoteAccessHostDomain,
- &host_domain_)) {
+ const base::ListValue* list;
+ if (!policies->GetList(policy::key::kRemoteAccessHostDomainList, &list)) {
return false;
}
- ApplyHostDomainPolicy();
+ host_domain_list_.clear();
+ for (const auto& value : *list) {
+ host_domain_list_.push_back(value.GetString());
+ }
+
+ ApplyHostDomainListPolicy();
return false;
}
-bool HostProcess::OnClientDomainPolicyUpdate(base::DictionaryValue* policies) {
+bool HostProcess::OnClientDomainListPolicyUpdate(
+ base::DictionaryValue* policies) {
// Returns true if the host has to be restarted after this policy update.
DCHECK(context_->network_task_runner()->BelongsToCurrentThread());
- return policies->GetString(policy::key::kRemoteAccessHostClientDomain,
- &client_domain_);
+ const base::ListValue* list;
+ if (!policies->GetList(policy::key::kRemoteAccessHostClientDomainList,
Sergey Ulanov 2017/04/20 00:42:54 This will return false if the policy is there, but
rkjnsn 2017/04/20 00:58:26 My understanding is that Schema::Normalize (which
+ &list)) {
+ return false;
+ }
+
+ client_domain_list_.clear();
+ for (const auto& value : *list) {
+ client_domain_list_.push_back(value.GetString());
+ }
+
+ return true;
}
void HostProcess::ApplyUsernamePolicy() {
@@ -1122,7 +1147,7 @@ void HostProcess::ApplyUsernamePolicy() {
if (host_username_match_required_) {
HOST_LOG << "Policy requires host username match.";
- // See comment in ApplyHostDomainPolicy.
+ // See comment in ApplyHostDomainListPolicy.
if (host_owner_ != host_owner_email_) {
LOG(ERROR) << "The username and host domain policies cannot be enabled "
<< "for accounts with a non-Google email.";
@@ -1497,7 +1522,7 @@ void HostProcess::StartHost() {
CreateAuthenticatorFactory();
- ApplyHostDomainPolicy();
+ ApplyHostDomainListPolicy();
ApplyUsernamePolicy();
}
« remoting/host/policy_watcher.cc ('K') | « remoting/host/policy_watcher_unittest.cc ('k') | remoting/protocol/me2me_host_authenticator_factory.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698