Host port range policy is no longer ignored in it2me host

remoting/host/it2me/it2me_host.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "remoting/host/it2me/it2me_host.h"
 
 #include <cstdint>
 #include <memory>
 #include <string>
 #include <utility>
@@ skipping 160 matching lines @@
         matched = true;
         break;
       }
     }
     if (!matched) {
       SetState(kInvalidDomainError, "");
       return;
     }
   }
 
+  // Check the port range policy.
+  PortRange port_range;
+  if (!PortRange::Parse(udp_port_range_string_, &port_range)) {

[Sergey Ulanov, 2017/05/25 19:34:53]

It looks like PolicyWatcher is supposed to verify that the port_range is in
correct format, so this call is never expected to fail and we can just crash the
host if it fails, same as in the me2me host:
https://codesearch.chromium.org/chromium/src/remoting/host/remoting_me2me_hos...

Also, I think parsing belongs to UpdateHostUdpPortRangePolicy()

[Gus Smith, 2017/05/25 21:39:09]

OK - I'll change it back. Originally I did the parsing in
UpdateHostUdpPortRangePolicy(), but I was getting errors when I'd attempt to set
the state to kError after getting an incorrect parse within
UpdateHostUdpPortRangePolicy(). I moved it here because I saw that the domain
list was being checked here, and was potentially setting an error state; I
simply emulated that. I didn't realize that the policy watcher checked this -
thanks

+    std::string error_message =
+        "Invalid RemoteAccessHostUdpPortRange policy value.";
+    LOG(ERROR) << error_message;
+    SetState(kError, error_message);
+    return;
+  }
+
   // Generate a key pair for the Host to use.
   // TODO(wez): Move this to the worker thread.
   host_key_pair_ = RsaKeyPair::Generate();
 
   // Request registration of the host for support.
   std::unique_ptr<RegisterSupportHostRequest> register_request(
       new RegisterSupportHostRequest(
           signal_strategy_.get(), host_key_pair_, directory_bot_jid_,
           base::Bind(&It2MeHost::OnReceivedSupportID, base::Unretained(this))));
 
   // Beyond this point nothing can fail, so save the config and request.
   register_request_ = std::move(register_request);
 
-  // If NAT traversal is off then limit port range to allow firewall pin-holing.
-  HOST_LOG << "NAT state: " << nat_traversal_enabled_;
   protocol::NetworkSettings network_settings(
      nat_traversal_enabled_ ?
      protocol::NetworkSettings::NAT_TRAVERSAL_FULL :
      protocol::NetworkSettings::NAT_TRAVERSAL_DISABLED);
+  network_settings.port_range = port_range;
+
+  // If NAT traversal is off then limit port range to allow firewall pin-holing.
+  HOST_LOG << "NAT state: " << nat_traversal_enabled_;
   if (!nat_traversal_enabled_) {
     network_settings.port_range.min_port =
         protocol::NetworkSettings::kDefaultMinPort;
     network_settings.port_range.max_port =
         protocol::NetworkSettings::kDefaultMaxPort;
   }
 
   scoped_refptr<protocol::TransportContext> transport_context =
       new protocol::TransportContext(
           signal_strategy_.get(),
@@ skipping 113 matching lines @@
   const base::ListValue* client_domain_list;
   if (policies->GetList(policy::key::kRemoteAccessHostClientDomainList,
                         &client_domain_list)) {
     std::vector<std::string> client_domain_list_vector;
     for (const auto& value : *client_domain_list) {
       client_domain_list_vector.push_back(value.GetString());
     }
     UpdateClientDomainListPolicy(std::move(client_domain_list_vector));
   }
 
+  std::string port_range_string;
+  if (policies->GetString(policy::key::kRemoteAccessHostUdpPortRange,
+                          &port_range_string)) {
+    UpdateHostUdpPortRangePolicy(port_range_string);
+  }
+
   policy_received_ = true;
 
   if (!pending_connect_.is_null()) {
     base::ResetAndReturn(&pending_connect_).Run();
   }
 }
 
 void It2MeHost::UpdateNatPolicy(bool nat_traversal_enabled) {
   DCHECK(host_context_->network_task_runner()->BelongsToCurrentThread());
 
@@ skipping 36 matching lines @@
           << base::JoinString(client_domain_list, ", ");
 
   // When setting a client  domain policy, disconnect any existing session.
   if (!client_domain_list.empty() && IsRunning()) {
     DisconnectOnNetworkThread();
   }
 
   required_client_domain_list_ = std::move(client_domain_list);
 }
 
+void It2MeHost::UpdateHostUdpPortRangePolicy(std::string port_range_string) {
+  DCHECK(host_context_->network_task_runner()->BelongsToCurrentThread());
+
+  VLOG(2) << "UpdateHostUdpPortRangePolicy: " << port_range_string;
+
+  if (IsRunning()) {
+    DisconnectOnNetworkThread();
+  }
+
+  udp_port_range_string_ = port_range_string;
+}
+
 void It2MeHost::SetState(It2MeHostState state,
                          const std::string& error_message) {
   DCHECK(host_context_->network_task_runner()->BelongsToCurrentThread());
 
   switch (state_) {
     case kDisconnected:
       DCHECK(state == kStarting ||
              state == kError) << state;
       break;
     case kStarting:
@@ skipping 177 matching lines @@
     std::unique_ptr<SignalStrategy> signal_strategy,
     const std::string& username,
     const std::string& directory_bot_jid) {
   DCHECK(context->ui_task_runner()->BelongsToCurrentThread());
   return new It2MeHost(
       std::move(context), base::MakeUnique<It2MeConfirmationDialogFactory>(),
       observer, std::move(signal_strategy), username, directory_bot_jid);
 }
 
 }  // namespace remoting