OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 // | 4 // |
5 // This file implements a standalone host process for Me2Me. | 5 // This file implements a standalone host process for Me2Me. |
6 | 6 |
7 #include <string> | 7 #include <string> |
8 | 8 |
9 #include "base/at_exit.h" | 9 #include "base/at_exit.h" |
10 #include "base/bind.h" | 10 #include "base/bind.h" |
(...skipping 12 matching lines...) Expand all Loading... |
23 #include "build/build_config.h" | 23 #include "build/build_config.h" |
24 #include "crypto/nss_util.h" | 24 #include "crypto/nss_util.h" |
25 #include "ipc/ipc_channel.h" | 25 #include "ipc/ipc_channel.h" |
26 #include "ipc/ipc_channel_proxy.h" | 26 #include "ipc/ipc_channel_proxy.h" |
27 #include "ipc/ipc_listener.h" | 27 #include "ipc/ipc_listener.h" |
28 #include "media/base/media.h" | 28 #include "media/base/media.h" |
29 #include "net/base/network_change_notifier.h" | 29 #include "net/base/network_change_notifier.h" |
30 #include "net/socket/client_socket_factory.h" | 30 #include "net/socket/client_socket_factory.h" |
31 #include "net/socket/ssl_server_socket.h" | 31 #include "net/socket/ssl_server_socket.h" |
32 #include "net/url_request/url_fetcher.h" | 32 #include "net/url_request/url_fetcher.h" |
| 33 #include "policy/policy_constants.h" |
33 #include "remoting/base/auto_thread_task_runner.h" | 34 #include "remoting/base/auto_thread_task_runner.h" |
34 #include "remoting/base/breakpad.h" | 35 #include "remoting/base/breakpad.h" |
35 #include "remoting/base/constants.h" | 36 #include "remoting/base/constants.h" |
36 #include "remoting/base/logging.h" | 37 #include "remoting/base/logging.h" |
37 #include "remoting/base/rsa_key_pair.h" | 38 #include "remoting/base/rsa_key_pair.h" |
38 #include "remoting/base/service_urls.h" | 39 #include "remoting/base/service_urls.h" |
39 #include "remoting/base/util.h" | 40 #include "remoting/base/util.h" |
40 #include "remoting/host/branding.h" | 41 #include "remoting/host/branding.h" |
41 #include "remoting/host/chromoting_host.h" | 42 #include "remoting/host/chromoting_host.h" |
42 #include "remoting/host/chromoting_host_context.h" | 43 #include "remoting/host/chromoting_host_context.h" |
(...skipping 913 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
956 LOG(ERROR) << "The host domain does not match the policy."; | 957 LOG(ERROR) << "The host domain does not match the policy."; |
957 ShutdownHost(kInvalidHostDomainExitCode); | 958 ShutdownHost(kInvalidHostDomainExitCode); |
958 } | 959 } |
959 } | 960 } |
960 } | 961 } |
961 | 962 |
962 bool HostProcess::OnHostDomainPolicyUpdate(base::DictionaryValue* policies) { | 963 bool HostProcess::OnHostDomainPolicyUpdate(base::DictionaryValue* policies) { |
963 // Returns true if the host has to be restarted after this policy update. | 964 // Returns true if the host has to be restarted after this policy update. |
964 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); | 965 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); |
965 | 966 |
966 if (!policies->GetString(policy_hack::PolicyWatcher::kHostDomainPolicyName, | 967 if (!policies->GetString(policy::key::kRemoteAccessHostDomain, |
967 &host_domain_)) { | 968 &host_domain_)) { |
968 return false; | 969 return false; |
969 } | 970 } |
970 | 971 |
971 ApplyHostDomainPolicy(); | 972 ApplyHostDomainPolicy(); |
972 return false; | 973 return false; |
973 } | 974 } |
974 | 975 |
975 void HostProcess::ApplyUsernamePolicy() { | 976 void HostProcess::ApplyUsernamePolicy() { |
976 if (host_username_match_required_) { | 977 if (host_username_match_required_) { |
977 HOST_LOG << "Policy requires host username match."; | 978 HOST_LOG << "Policy requires host username match."; |
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1012 } | 1013 } |
1013 } else { | 1014 } else { |
1014 HOST_LOG << "Policy does not require host username match."; | 1015 HOST_LOG << "Policy does not require host username match."; |
1015 } | 1016 } |
1016 } | 1017 } |
1017 | 1018 |
1018 bool HostProcess::OnUsernamePolicyUpdate(base::DictionaryValue* policies) { | 1019 bool HostProcess::OnUsernamePolicyUpdate(base::DictionaryValue* policies) { |
1019 // Returns false: never restart the host after this policy update. | 1020 // Returns false: never restart the host after this policy update. |
1020 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); | 1021 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); |
1021 | 1022 |
1022 if (!policies->GetBoolean( | 1023 if (!policies->GetBoolean(policy::key::kRemoteAccessHostMatchUsername, |
1023 policy_hack::PolicyWatcher::kHostMatchUsernamePolicyName, | 1024 &host_username_match_required_)) { |
1024 &host_username_match_required_)) { | |
1025 return false; | 1025 return false; |
1026 } | 1026 } |
1027 | 1027 |
1028 ApplyUsernamePolicy(); | 1028 ApplyUsernamePolicy(); |
1029 return false; | 1029 return false; |
1030 } | 1030 } |
1031 | 1031 |
1032 bool HostProcess::OnNatPolicyUpdate(base::DictionaryValue* policies) { | 1032 bool HostProcess::OnNatPolicyUpdate(base::DictionaryValue* policies) { |
1033 // Returns true if the host has to be restarted after this policy update. | 1033 // Returns true if the host has to be restarted after this policy update. |
1034 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); | 1034 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); |
1035 | 1035 |
1036 if (!policies->GetBoolean(policy_hack::PolicyWatcher::kNatPolicyName, | 1036 if (!policies->GetBoolean(policy::key::kRemoteAccessHostFirewallTraversal, |
1037 &allow_nat_traversal_)) { | 1037 &allow_nat_traversal_)) { |
1038 return false; | 1038 return false; |
1039 } | 1039 } |
1040 | 1040 |
1041 if (allow_nat_traversal_) { | 1041 if (allow_nat_traversal_) { |
1042 HOST_LOG << "Policy enables NAT traversal."; | 1042 HOST_LOG << "Policy enables NAT traversal."; |
1043 } else { | 1043 } else { |
1044 HOST_LOG << "Policy disables NAT traversal."; | 1044 HOST_LOG << "Policy disables NAT traversal."; |
1045 } | 1045 } |
1046 return true; | 1046 return true; |
1047 } | 1047 } |
1048 | 1048 |
1049 bool HostProcess::OnRelayPolicyUpdate(base::DictionaryValue* policies) { | 1049 bool HostProcess::OnRelayPolicyUpdate(base::DictionaryValue* policies) { |
1050 // Returns true if the host has to be restarted after this policy update. | 1050 // Returns true if the host has to be restarted after this policy update. |
1051 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); | 1051 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); |
1052 | 1052 |
1053 if (!policies->GetBoolean(policy_hack::PolicyWatcher::kRelayPolicyName, | 1053 if (!policies->GetBoolean( |
1054 &allow_relay_)) { | 1054 policy::key::kRemoteAccessHostAllowRelayedConnection, |
| 1055 &allow_relay_)) { |
1055 return false; | 1056 return false; |
1056 } | 1057 } |
1057 | 1058 |
1058 if (allow_relay_) { | 1059 if (allow_relay_) { |
1059 HOST_LOG << "Policy enables use of relay server."; | 1060 HOST_LOG << "Policy enables use of relay server."; |
1060 } else { | 1061 } else { |
1061 HOST_LOG << "Policy disables use of relay server."; | 1062 HOST_LOG << "Policy disables use of relay server."; |
1062 } | 1063 } |
1063 return true; | 1064 return true; |
1064 } | 1065 } |
1065 | 1066 |
1066 bool HostProcess::OnUdpPortPolicyUpdate(base::DictionaryValue* policies) { | 1067 bool HostProcess::OnUdpPortPolicyUpdate(base::DictionaryValue* policies) { |
1067 // Returns true if the host has to be restarted after this policy update. | 1068 // Returns true if the host has to be restarted after this policy update. |
1068 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); | 1069 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); |
1069 | 1070 |
1070 std::string udp_port_range; | 1071 std::string udp_port_range; |
1071 if (!policies->GetString(policy_hack::PolicyWatcher::kUdpPortRangePolicyName, | 1072 if (!policies->GetString(policy::key::kRemoteAccessHostUdpPortRange, |
1072 &udp_port_range)) { | 1073 &udp_port_range)) { |
1073 return false; | 1074 return false; |
1074 } | 1075 } |
1075 | 1076 |
1076 // Use default values if policy setting is empty or invalid. | 1077 // Use default values if policy setting is empty or invalid. |
1077 uint16 min_udp_port = 0; | 1078 uint16 min_udp_port = 0; |
1078 uint16 max_udp_port = 0; | 1079 uint16 max_udp_port = 0; |
1079 if (!udp_port_range.empty() && | 1080 if (!udp_port_range.empty() && |
1080 !NetworkSettings::ParsePortRange(udp_port_range, &min_udp_port, | 1081 !NetworkSettings::ParsePortRange(udp_port_range, &min_udp_port, |
1081 &max_udp_port)) { | 1082 &max_udp_port)) { |
(...skipping 12 matching lines...) Expand all Loading... |
1094 max_udp_port_ = max_udp_port; | 1095 max_udp_port_ = max_udp_port; |
1095 return true; | 1096 return true; |
1096 } | 1097 } |
1097 return false; | 1098 return false; |
1098 } | 1099 } |
1099 | 1100 |
1100 bool HostProcess::OnCurtainPolicyUpdate(base::DictionaryValue* policies) { | 1101 bool HostProcess::OnCurtainPolicyUpdate(base::DictionaryValue* policies) { |
1101 // Returns true if the host has to be restarted after this policy update. | 1102 // Returns true if the host has to be restarted after this policy update. |
1102 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); | 1103 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); |
1103 | 1104 |
1104 if (!policies->GetBoolean( | 1105 if (!policies->GetBoolean(policy::key::kRemoteAccessHostRequireCurtain, |
1105 policy_hack::PolicyWatcher::kHostRequireCurtainPolicyName, | 1106 &curtain_required_)) { |
1106 &curtain_required_)) { | |
1107 return false; | 1107 return false; |
1108 } | 1108 } |
1109 | 1109 |
1110 #if defined(OS_MACOSX) | 1110 #if defined(OS_MACOSX) |
1111 if (curtain_required_) { | 1111 if (curtain_required_) { |
1112 // When curtain mode is in effect on Mac, the host process runs in the | 1112 // When curtain mode is in effect on Mac, the host process runs in the |
1113 // user's switched-out session, but launchd will also run an instance at | 1113 // user's switched-out session, but launchd will also run an instance at |
1114 // the console login screen. Even if no user is currently logged-on, we | 1114 // the console login screen. Even if no user is currently logged-on, we |
1115 // can't support remote-access to the login screen because the current host | 1115 // can't support remote-access to the login screen because the current host |
1116 // process model disconnects the client during login, which would leave | 1116 // process model disconnects the client during login, which would leave |
(...skipping 19 matching lines...) Expand all Loading... |
1136 if (host_) | 1136 if (host_) |
1137 host_->SetEnableCurtaining(curtain_required_); | 1137 host_->SetEnableCurtaining(curtain_required_); |
1138 return false; | 1138 return false; |
1139 } | 1139 } |
1140 | 1140 |
1141 bool HostProcess::OnHostTalkGadgetPrefixPolicyUpdate( | 1141 bool HostProcess::OnHostTalkGadgetPrefixPolicyUpdate( |
1142 base::DictionaryValue* policies) { | 1142 base::DictionaryValue* policies) { |
1143 // Returns true if the host has to be restarted after this policy update. | 1143 // Returns true if the host has to be restarted after this policy update. |
1144 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); | 1144 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); |
1145 | 1145 |
1146 if (!policies->GetString( | 1146 if (!policies->GetString(policy::key::kRemoteAccessHostTalkGadgetPrefix, |
1147 policy_hack::PolicyWatcher::kHostTalkGadgetPrefixPolicyName, | 1147 &talkgadget_prefix_)) { |
1148 &talkgadget_prefix_)) { | |
1149 return false; | 1148 return false; |
1150 } | 1149 } |
1151 | 1150 |
1152 HOST_LOG << "Policy sets talkgadget prefix: " << talkgadget_prefix_; | 1151 HOST_LOG << "Policy sets talkgadget prefix: " << talkgadget_prefix_; |
1153 return true; | 1152 return true; |
1154 } | 1153 } |
1155 | 1154 |
1156 bool HostProcess::OnHostTokenUrlPolicyUpdate(base::DictionaryValue* policies) { | 1155 bool HostProcess::OnHostTokenUrlPolicyUpdate(base::DictionaryValue* policies) { |
1157 // Returns true if the host has to be restarted after this policy update. | 1156 // Returns true if the host has to be restarted after this policy update. |
1158 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); | 1157 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); |
1159 | 1158 |
1160 bool token_policy_changed = false; | 1159 bool token_policy_changed = false; |
1161 std::string token_url_string; | 1160 std::string token_url_string; |
1162 if (policies->GetString( | 1161 if (policies->GetString(policy::key::kRemoteAccessHostTokenUrl, |
1163 policy_hack::PolicyWatcher::kHostTokenUrlPolicyName, | 1162 &token_url_string)) { |
1164 &token_url_string)) { | |
1165 token_policy_changed = true; | 1163 token_policy_changed = true; |
1166 third_party_auth_config_.token_url = GURL(token_url_string); | 1164 third_party_auth_config_.token_url = GURL(token_url_string); |
1167 } | 1165 } |
1168 std::string token_validation_url_string; | 1166 std::string token_validation_url_string; |
1169 if (policies->GetString( | 1167 if (policies->GetString(policy::key::kRemoteAccessHostTokenValidationUrl, |
1170 policy_hack::PolicyWatcher::kHostTokenValidationUrlPolicyName, | 1168 &token_validation_url_string)) { |
1171 &token_validation_url_string)) { | |
1172 token_policy_changed = true; | 1169 token_policy_changed = true; |
1173 third_party_auth_config_.token_validation_url = | 1170 third_party_auth_config_.token_validation_url = |
1174 GURL(token_validation_url_string); | 1171 GURL(token_validation_url_string); |
1175 } | 1172 } |
1176 if (policies->GetString( | 1173 if (policies->GetString( |
1177 policy_hack::PolicyWatcher::kHostTokenValidationCertIssuerPolicyName, | 1174 policy::key::kRemoteAccessHostTokenValidationCertificateIssuer, |
1178 &third_party_auth_config_.token_validation_cert_issuer)) { | 1175 &third_party_auth_config_.token_validation_cert_issuer)) { |
1179 token_policy_changed = true; | 1176 token_policy_changed = true; |
1180 } | 1177 } |
1181 | 1178 |
1182 if (token_policy_changed) { | 1179 if (token_policy_changed) { |
1183 HOST_LOG << "Policy sets third-party token URLs: " | 1180 HOST_LOG << "Policy sets third-party token URLs: " |
1184 << "TokenUrl: " | 1181 << "TokenUrl: " |
1185 << third_party_auth_config_.token_url << ", " | 1182 << third_party_auth_config_.token_url << ", " |
1186 << "TokenValidationUrl: " | 1183 << "TokenValidationUrl: " |
1187 << third_party_auth_config_.token_validation_url << ", " | 1184 << third_party_auth_config_.token_validation_url << ", " |
1188 << "TokenValidationCertificateIssuer: " | 1185 << "TokenValidationCertificateIssuer: " |
1189 << third_party_auth_config_.token_validation_cert_issuer; | 1186 << third_party_auth_config_.token_validation_cert_issuer; |
1190 } | 1187 } |
1191 return token_policy_changed; | 1188 return token_policy_changed; |
1192 } | 1189 } |
1193 | 1190 |
1194 bool HostProcess::OnPairingPolicyUpdate(base::DictionaryValue* policies) { | 1191 bool HostProcess::OnPairingPolicyUpdate(base::DictionaryValue* policies) { |
1195 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); | 1192 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); |
1196 | 1193 |
1197 if (!policies->GetBoolean( | 1194 if (!policies->GetBoolean(policy::key::kRemoteAccessHostAllowClientPairing, |
1198 policy_hack::PolicyWatcher::kHostAllowClientPairing, | 1195 &allow_pairing_)) { |
1199 &allow_pairing_)) { | |
1200 return false; | 1196 return false; |
1201 } | 1197 } |
1202 | 1198 |
1203 if (allow_pairing_) { | 1199 if (allow_pairing_) { |
1204 HOST_LOG << "Policy enables client pairing."; | 1200 HOST_LOG << "Policy enables client pairing."; |
1205 } else { | 1201 } else { |
1206 HOST_LOG << "Policy disables client pairing."; | 1202 HOST_LOG << "Policy disables client pairing."; |
1207 } | 1203 } |
1208 return true; | 1204 return true; |
1209 } | 1205 } |
1210 | 1206 |
1211 bool HostProcess::OnGnubbyAuthPolicyUpdate(base::DictionaryValue* policies) { | 1207 bool HostProcess::OnGnubbyAuthPolicyUpdate(base::DictionaryValue* policies) { |
1212 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); | 1208 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); |
1213 | 1209 |
1214 if (!policies->GetBoolean( | 1210 if (!policies->GetBoolean(policy::key::kRemoteAccessHostAllowGnubbyAuth, |
1215 policy_hack::PolicyWatcher::kHostAllowGnubbyAuthPolicyName, | 1211 &enable_gnubby_auth_)) { |
1216 &enable_gnubby_auth_)) { | |
1217 return false; | 1212 return false; |
1218 } | 1213 } |
1219 | 1214 |
1220 if (enable_gnubby_auth_) { | 1215 if (enable_gnubby_auth_) { |
1221 HOST_LOG << "Policy enables gnubby auth."; | 1216 HOST_LOG << "Policy enables gnubby auth."; |
1222 } else { | 1217 } else { |
1223 HOST_LOG << "Policy disables gnubby auth."; | 1218 HOST_LOG << "Policy disables gnubby auth."; |
1224 } | 1219 } |
1225 | 1220 |
1226 if (desktop_environment_factory_) | 1221 if (desktop_environment_factory_) |
(...skipping 254 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1481 int exit_code = kSuccessExitCode; | 1476 int exit_code = kSuccessExitCode; |
1482 new HostProcess(context.Pass(), &exit_code); | 1477 new HostProcess(context.Pass(), &exit_code); |
1483 | 1478 |
1484 // Run the main (also UI) message loop until the host no longer needs it. | 1479 // Run the main (also UI) message loop until the host no longer needs it. |
1485 message_loop.Run(); | 1480 message_loop.Run(); |
1486 | 1481 |
1487 return exit_code; | 1482 return exit_code; |
1488 } | 1483 } |
1489 | 1484 |
1490 } // namespace remoting | 1485 } // namespace remoting |
OLD | NEW |