| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "remoting/host/win/elevated_controller.h" | 5 #include "remoting/host/win/elevated_controller.h" |
| 6 | 6 |
| 7 #include "base/file_version_info.h" | 7 #include "base/file_version_info.h" |
| 8 #include "base/files/file_util.h" | 8 #include "base/files/file_util.h" |
| 9 #include "base/json/json_reader.h" | 9 #include "base/json/json_reader.h" |
| 10 #include "base/json/json_writer.h" | 10 #include "base/json/json_writer.h" |
| 11 #include "base/logging.h" | 11 #include "base/logging.h" |
| 12 #include "base/memory/scoped_ptr.h" | 12 #include "base/memory/scoped_ptr.h" |
| 13 #include "base/path_service.h" | 13 #include "base/path_service.h" |
| 14 #include "base/process/memory.h" | 14 #include "base/process/memory.h" |
| 15 #include "base/strings/utf_string_conversions.h" | 15 #include "base/strings/utf_string_conversions.h" |
| 16 #include "base/values.h" | 16 #include "base/values.h" |
| 17 #include "base/win/scoped_handle.h" | 17 #include "base/win/scoped_handle.h" |
| 18 #include "remoting/host/branding.h" | 18 #include "remoting/host/branding.h" |
| 19 #include "remoting/host/host_config.h" |
| 19 #include "remoting/host/usage_stats_consent.h" | 20 #include "remoting/host/usage_stats_consent.h" |
| 20 #include "remoting/host/verify_config_window_win.h" | 21 #include "remoting/host/verify_config_window_win.h" |
| 21 #include "remoting/host/win/core_resource.h" | 22 #include "remoting/host/win/core_resource.h" |
| 22 #include "remoting/host/win/security_descriptor.h" | 23 #include "remoting/host/win/security_descriptor.h" |
| 23 | 24 |
| 24 namespace remoting { | 25 namespace remoting { |
| 25 | 26 |
| 26 namespace { | 27 namespace { |
| 27 | 28 |
| 28 // The maximum size of the configuration file. "1MB ought to be enough" for any | 29 // The maximum size of the configuration file. "1MB ought to be enough" for any |
| (...skipping 14 matching lines...) Expand all Loading... |
| 43 | 44 |
| 44 // The host configuration file security descriptor that enables full access to | 45 // The host configuration file security descriptor that enables full access to |
| 45 // Local System and built-in administrators only. | 46 // Local System and built-in administrators only. |
| 46 const char kConfigFileSecurityDescriptor[] = | 47 const char kConfigFileSecurityDescriptor[] = |
| 47 "O:BAG:BAD:(A;;GA;;;SY)(A;;GA;;;BA)"; | 48 "O:BAG:BAD:(A;;GA;;;SY)(A;;GA;;;BA)"; |
| 48 | 49 |
| 49 const char kUnprivilegedConfigFileSecurityDescriptor[] = | 50 const char kUnprivilegedConfigFileSecurityDescriptor[] = |
| 50 "O:BAG:BAD:(A;;GA;;;SY)(A;;GA;;;BA)(A;;GR;;;AU)"; | 51 "O:BAG:BAD:(A;;GA;;;SY)(A;;GA;;;BA)(A;;GR;;;AU)"; |
| 51 | 52 |
| 52 // Configuration keys. | 53 // Configuration keys. |
| 53 const char kHostId[] = "host_id"; | |
| 54 const char kXmppLogin[] = "xmpp_login"; | |
| 55 const char kHostOwner[] = "host_owner"; | |
| 56 const char kHostSecretHash[] = "host_secret_hash"; | |
| 57 | 54 |
| 58 // The configuration keys that cannot be specified in UpdateConfig(). | 55 // The configuration keys that cannot be specified in UpdateConfig(). |
| 59 const char* const kReadonlyKeys[] = { kHostId, kHostOwner, kXmppLogin }; | 56 const char* const kReadonlyKeys[] = { |
| 57 kHostIdConfigPath, kHostOwnerConfigPath, kHostOwnerEmailConfigPath, |
| 58 kXmppLoginConfigPath }; |
| 60 | 59 |
| 61 // The configuration keys whose values may be read by GetConfig(). | 60 // The configuration keys whose values may be read by GetConfig(). |
| 62 const char* const kUnprivilegedConfigKeys[] = { kHostId, kXmppLogin }; | 61 const char* const kUnprivilegedConfigKeys[] = { |
| 62 kHostIdConfigPath, kXmppLoginConfigPath }; |
| 63 | 63 |
| 64 // Determines if the client runs in the security context that allows performing | 64 // Determines if the client runs in the security context that allows performing |
| 65 // administrative tasks (i.e. the user belongs to the adminstrators group and | 65 // administrative tasks (i.e. the user belongs to the adminstrators group and |
| 66 // the client runs elevated). | 66 // the client runs elevated). |
| 67 bool IsClientAdmin() { | 67 bool IsClientAdmin() { |
| 68 HRESULT hr = CoImpersonateClient(); | 68 HRESULT hr = CoImpersonateClient(); |
| 69 if (FAILED(hr)) { | 69 if (FAILED(hr)) { |
| 70 return false; | 70 return false; |
| 71 } | 71 } |
| 72 | 72 |
| (...skipping 140 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 213 // Extract the configuration data that the user will verify. | 213 // Extract the configuration data that the user will verify. |
| 214 scoped_ptr<base::Value> config_value(base::JSONReader::Read(content)); | 214 scoped_ptr<base::Value> config_value(base::JSONReader::Read(content)); |
| 215 if (!config_value.get()) { | 215 if (!config_value.get()) { |
| 216 return E_FAIL; | 216 return E_FAIL; |
| 217 } | 217 } |
| 218 base::DictionaryValue* config_dict = NULL; | 218 base::DictionaryValue* config_dict = NULL; |
| 219 if (!config_value->GetAsDictionary(&config_dict)) { | 219 if (!config_value->GetAsDictionary(&config_dict)) { |
| 220 return E_FAIL; | 220 return E_FAIL; |
| 221 } | 221 } |
| 222 std::string email; | 222 std::string email; |
| 223 if (!config_dict->GetString(kHostOwner, &email)) { | 223 if (!config_dict->GetString(kHostOwnerEmailConfigPath, &email)) { |
| 224 if (!config_dict->GetString(kXmppLogin, &email)) { | 224 if (!config_dict->GetString(kHostOwnerConfigPath, &email)) { |
| 225 return E_FAIL; | 225 if (!config_dict->GetString(kXmppLoginConfigPath, &email)) { |
| 226 return E_FAIL; |
| 227 } |
| 226 } | 228 } |
| 227 } | 229 } |
| 228 std::string host_id, host_secret_hash; | 230 std::string host_id, host_secret_hash; |
| 229 if (!config_dict->GetString(kHostId, &host_id) || | 231 if (!config_dict->GetString(kHostIdConfigPath, &host_id) || |
| 230 !config_dict->GetString(kHostSecretHash, &host_secret_hash)) { | 232 !config_dict->GetString(kHostSecretHashConfigPath, &host_secret_hash)) { |
| 231 return E_FAIL; | 233 return E_FAIL; |
| 232 } | 234 } |
| 233 | 235 |
| 234 // Ask the user to verify the configuration (unless the client is admin | 236 // Ask the user to verify the configuration (unless the client is admin |
| 235 // already). | 237 // already). |
| 236 if (!IsClientAdmin()) { | 238 if (!IsClientAdmin()) { |
| 237 remoting::VerifyConfigWindowWin verify_win(email, host_id, | 239 remoting::VerifyConfigWindowWin verify_win(email, host_id, |
| 238 host_secret_hash); | 240 host_secret_hash); |
| 239 DWORD error = verify_win.DoModal(owner_window); | 241 DWORD error = verify_win.DoModal(owner_window); |
| 240 if (error != ERROR_SUCCESS) { | 242 if (error != ERROR_SUCCESS) { |
| (...skipping 280 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 521 << "' service"; | 523 << "' service"; |
| 522 | 524 |
| 523 return HRESULT_FROM_WIN32(error); | 525 return HRESULT_FROM_WIN32(error); |
| 524 } | 526 } |
| 525 | 527 |
| 526 service_out->Set(service.Take()); | 528 service_out->Set(service.Take()); |
| 527 return S_OK; | 529 return S_OK; |
| 528 } | 530 } |
| 529 | 531 |
| 530 } // namespace remoting | 532 } // namespace remoting |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 595063005:
Save the client base JID for authentication in case it differs from the email (for accounts non-Goo… (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master