| Index: remoting/host/remoting_me2me_host.cc
|
| diff --git a/remoting/host/remoting_me2me_host.cc b/remoting/host/remoting_me2me_host.cc
|
| index 0cb617542cbe9a0ace5952422bf74d0ef47cdae1..35f313be95cae14bc68f8942f0a07e7c25d55307 100644
|
| --- a/remoting/host/remoting_me2me_host.cc
|
| +++ b/remoting/host/remoting_me2me_host.cc
|
| @@ -295,6 +295,7 @@ class HostProcess
|
| std::string oauth_refresh_token_;
|
| std::string serialized_config_;
|
| std::string host_owner_;
|
| + std::string host_owner_email_;
|
| bool use_service_account_;
|
| bool enable_vp9_;
|
| int64_t frame_recorder_buffer_size_;
|
| @@ -869,6 +870,13 @@ bool HostProcess::ApplyConfig(scoped_ptr<JsonHostConfig> config) {
|
| use_service_account_ = false;
|
| }
|
|
|
| + // For non-Gmail Google accounts, the owner base JID differs from the email.
|
| + // host_owner_ contains the base JID (used for authenticating clients), while
|
| + // host_owner_email contains the account's email (used for UI and logs).
|
| + if (!config->GetString(kHostOwnerEmailConfigPath, &host_owner_email_)) {
|
| + host_owner_email_ = host_owner_;
|
| + }
|
| +
|
| // Allow offering of VP9 encoding to be overridden by the command-line.
|
| if (CommandLine::ForCurrentProcess()->HasSwitch(kEnableVp9SwitchName)) {
|
| enable_vp9_ = true;
|
| @@ -926,6 +934,17 @@ void HostProcess::OnPolicyUpdate(scoped_ptr<base::DictionaryValue> policies) {
|
|
|
| void HostProcess::ApplyHostDomainPolicy() {
|
| HOST_LOG << "Policy sets host domain: " << host_domain_;
|
| +
|
| + // If the user does not have a Google email, their client JID will not be
|
| + // based on their email. In that case, the username/host domain policies would
|
| + // be meaningless, since there is no way to check that the JID attempting to
|
| + // connect actually corresponds to the owner email in question.
|
| + if (host_owner_ != host_owner_email_) {
|
| + LOG(ERROR) << "The username and host domain policies cannot be enabled for "
|
| + << "accounts with a non-Google email.";
|
| + ShutdownHost(kInvalidHostDomainExitCode);
|
| + }
|
| +
|
| if (!host_domain_.empty() &&
|
| !EndsWith(host_owner_, std::string("@") + host_domain_, false)) {
|
| LOG(ERROR) << "The host domain does not match the policy.";
|
| @@ -947,6 +966,13 @@ bool HostProcess::OnHostDomainPolicyUpdate(base::DictionaryValue* policies) {
|
| }
|
|
|
| void HostProcess::ApplyUsernamePolicy() {
|
| + // See comment in ApplyHostDomainPolicy.
|
| + if (host_owner_ != host_owner_email_) {
|
| + LOG(ERROR) << "The username and host domain policies cannot be enabled for "
|
| + << "accounts with a non-Google email.";
|
| + ShutdownHost(kUsernameMismatchExitCode);
|
| + }
|
| +
|
| if (host_username_match_required_) {
|
| HOST_LOG << "Policy requires host username match.";
|
| std::string username = GetUsername();
|
| @@ -1310,7 +1336,7 @@ void HostProcess::StartHost() {
|
| #endif // !defined(REMOTING_MULTI_PROCESS)
|
|
|
| host_->SetEnableCurtaining(curtain_required_);
|
| - host_->Start(host_owner_);
|
| + host_->Start(host_owner_email_);
|
|
|
| CreateAuthenticatorFactory();
|
| }
|
|
|
Chromium Code Reviews
Issue 595063005:
Save the client base JID for authentication in case it differs from the email (for accounts non-Goo… (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master