Host port range policy is no longer ignored in it2me host

remoting/host/it2me/it2me_host.cc

Index: remoting/host/it2me/it2me_host.cc
diff --git a/remoting/host/it2me/it2me_host.cc b/remoting/host/it2me/it2me_host.cc
index 17e7143541fc2d8f58256a01957bdd7da893b722..52395c38ccdc2f6451131c757eb60ef25f353d4e 100644
--- a/remoting/host/it2me/it2me_host.cc
+++ b/remoting/host/it2me/it2me_host.cc
@@ -178,6 +178,16 @@ void It2MeHost::FinishConnect() {
     }
   }
 
+  // Check the port range policy.
+  PortRange port_range;
+  if (!PortRange::Parse(udp_port_range_string_, &port_range)) {

[Sergey Ulanov, 2017/05/25 19:34:53]

It looks like PolicyWatcher is supposed to verify that the port_range is in
correct format, so this call is never expected to fail and we can just crash the
host if it fails, same as in the me2me host:
https://codesearch.chromium.org/chromium/src/remoting/host/remoting_me2me_hos...

Also, I think parsing belongs to UpdateHostUdpPortRangePolicy()

[Gus Smith, 2017/05/25 21:39:09]

OK - I'll change it back. Originally I did the parsing in
UpdateHostUdpPortRangePolicy(), but I was getting errors when I'd attempt to set
the state to kError after getting an incorrect parse within
UpdateHostUdpPortRangePolicy(). I moved it here because I saw that the domain
list was being checked here, and was potentially setting an error state; I
simply emulated that. I didn't realize that the policy watcher checked this -
thanks

+    std::string error_message =
+        "Invalid RemoteAccessHostUdpPortRange policy value.";
+    LOG(ERROR) << error_message;
+    SetState(kError, error_message);
+    return;
+  }
+
   // Generate a key pair for the Host to use.
   // TODO(wez): Move this to the worker thread.
   host_key_pair_ = RsaKeyPair::Generate();
@@ -191,12 +201,14 @@ void It2MeHost::FinishConnect() {
   // Beyond this point nothing can fail, so save the config and request.
   register_request_ = std::move(register_request);
 
-  // If NAT traversal is off then limit port range to allow firewall pin-holing.
-  HOST_LOG << "NAT state: " << nat_traversal_enabled_;
   protocol::NetworkSettings network_settings(
      nat_traversal_enabled_ ?
      protocol::NetworkSettings::NAT_TRAVERSAL_FULL :
      protocol::NetworkSettings::NAT_TRAVERSAL_DISABLED);
+  network_settings.port_range = port_range;
+
+  // If NAT traversal is off then limit port range to allow firewall pin-holing.
+  HOST_LOG << "NAT state: " << nat_traversal_enabled_;
   if (!nat_traversal_enabled_) {
     network_settings.port_range.min_port =
         protocol::NetworkSettings::kDefaultMinPort;
@@ -330,6 +342,12 @@ void It2MeHost::OnPolicyUpdate(
     UpdateClientDomainListPolicy(std::move(client_domain_list_vector));
   }
 
+  std::string port_range_string;
+  if (policies->GetString(policy::key::kRemoteAccessHostUdpPortRange,
+                          &port_range_string)) {
+    UpdateHostUdpPortRangePolicy(port_range_string);
+  }
+
   policy_received_ = true;
 
   if (!pending_connect_.is_null()) {
@@ -386,6 +404,18 @@ void It2MeHost::UpdateClientDomainListPolicy(
   required_client_domain_list_ = std::move(client_domain_list);
 }
 
+void It2MeHost::UpdateHostUdpPortRangePolicy(std::string port_range_string) {
+  DCHECK(host_context_->network_task_runner()->BelongsToCurrentThread());
+
+  VLOG(2) << "UpdateHostUdpPortRangePolicy: " << port_range_string;
+
+  if (IsRunning()) {
+    DisconnectOnNetworkThread();
+  }
+
+  udp_port_range_string_ = port_range_string;
+}
+
 void It2MeHost::SetState(It2MeHostState state,
                          const std::string& error_message) {
   DCHECK(host_context_->network_task_runner()->BelongsToCurrentThread());