OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // Most of this code is copied from: | 5 // Most of this code is copied from: |
6 // src/chrome/browser/policy/asynchronous_policy_loader.{h,cc} | 6 // src/chrome/browser/policy/asynchronous_policy_loader.{h,cc} |
7 | 7 |
8 #include "remoting/host/policy_hack/policy_watcher.h" | 8 #include "remoting/host/policy_hack/policy_watcher.h" |
9 | 9 |
10 #include "base/bind.h" | 10 #include "base/bind.h" |
11 #include "base/compiler_specific.h" | 11 #include "base/compiler_specific.h" |
12 #include "base/location.h" | 12 #include "base/location.h" |
13 #include "base/memory/weak_ptr.h" | 13 #include "base/memory/weak_ptr.h" |
14 #include "base/single_thread_task_runner.h" | 14 #include "base/single_thread_task_runner.h" |
15 #include "base/time/time.h" | 15 #include "base/time/time.h" |
16 #include "base/values.h" | 16 #include "base/values.h" |
| 17 #include "policy/policy_constants.h" |
17 #include "remoting/host/dns_blackhole_checker.h" | 18 #include "remoting/host/dns_blackhole_checker.h" |
18 | 19 |
19 #if !defined(NDEBUG) | 20 #if !defined(NDEBUG) |
20 #include "base/json/json_reader.h" | 21 #include "base/json/json_reader.h" |
21 #endif | 22 #endif |
22 | 23 |
23 namespace remoting { | 24 namespace remoting { |
24 namespace policy_hack { | 25 namespace policy_hack { |
25 | 26 |
26 namespace { | 27 namespace { |
(...skipping 24 matching lines...) Expand all Loading... |
51 if (!value->IsType(i.value().GetType())) { | 52 if (!value->IsType(i.value().GetType())) { |
52 CHECK(bad_type_values->Get(i.key(), &value)); | 53 CHECK(bad_type_values->Get(i.key(), &value)); |
53 } | 54 } |
54 | 55 |
55 to->Set(i.key(), value->DeepCopy()); | 56 to->Set(i.key(), value->DeepCopy()); |
56 } | 57 } |
57 | 58 |
58 #if !defined(NDEBUG) | 59 #if !defined(NDEBUG) |
59 // Replace values with those specified in DebugOverridePolicies, if present. | 60 // Replace values with those specified in DebugOverridePolicies, if present. |
60 std::string policy_overrides; | 61 std::string policy_overrides; |
61 if (from->GetString(PolicyWatcher::kHostDebugOverridePoliciesName, | 62 if (from->GetString(policy::key::kRemoteAccessHostDebugOverridePolicies, |
62 &policy_overrides)) { | 63 &policy_overrides)) { |
63 scoped_ptr<base::Value> value(base::JSONReader::Read(policy_overrides)); | 64 scoped_ptr<base::Value> value(base::JSONReader::Read(policy_overrides)); |
64 const base::DictionaryValue* override_values; | 65 const base::DictionaryValue* override_values; |
65 if (value && value->GetAsDictionary(&override_values)) { | 66 if (value && value->GetAsDictionary(&override_values)) { |
66 to->MergeDictionary(override_values); | 67 to->MergeDictionary(override_values); |
67 } | 68 } |
68 } | 69 } |
69 #endif // defined(NDEBUG) | 70 #endif // defined(NDEBUG) |
70 | 71 |
71 return to.Pass(); | 72 return to.Pass(); |
72 } | 73 } |
73 | 74 |
74 } // namespace | 75 } // namespace |
75 | 76 |
76 const char PolicyWatcher::kNatPolicyName[] = | |
77 "RemoteAccessHostFirewallTraversal"; | |
78 | |
79 const char PolicyWatcher::kHostRequireTwoFactorPolicyName[] = | |
80 "RemoteAccessHostRequireTwoFactor"; | |
81 | |
82 const char PolicyWatcher::kHostDomainPolicyName[] = | |
83 "RemoteAccessHostDomain"; | |
84 | |
85 const char PolicyWatcher::kHostMatchUsernamePolicyName[] = | |
86 "RemoteAccessHostMatchUsername"; | |
87 | |
88 const char PolicyWatcher::kHostTalkGadgetPrefixPolicyName[] = | |
89 "RemoteAccessHostTalkGadgetPrefix"; | |
90 | |
91 const char PolicyWatcher::kHostRequireCurtainPolicyName[] = | |
92 "RemoteAccessHostRequireCurtain"; | |
93 | |
94 const char PolicyWatcher::kHostTokenUrlPolicyName[] = | |
95 "RemoteAccessHostTokenUrl"; | |
96 | |
97 const char PolicyWatcher::kHostTokenValidationUrlPolicyName[] = | |
98 "RemoteAccessHostTokenValidationUrl"; | |
99 | |
100 const char PolicyWatcher::kHostTokenValidationCertIssuerPolicyName[] = | |
101 "RemoteAccessHostTokenValidationCertificateIssuer"; | |
102 | |
103 const char PolicyWatcher::kHostAllowClientPairing[] = | |
104 "RemoteAccessHostAllowClientPairing"; | |
105 | |
106 const char PolicyWatcher::kHostAllowGnubbyAuthPolicyName[] = | |
107 "RemoteAccessHostAllowGnubbyAuth"; | |
108 | |
109 const char PolicyWatcher::kRelayPolicyName[] = | |
110 "RemoteAccessHostAllowRelayedConnection"; | |
111 | |
112 const char PolicyWatcher::kUdpPortRangePolicyName[] = | |
113 "RemoteAccessHostUdpPortRange"; | |
114 | |
115 const char PolicyWatcher::kHostDebugOverridePoliciesName[] = | |
116 "RemoteAccessHostDebugOverridePolicies"; | |
117 | |
118 PolicyWatcher::PolicyWatcher( | 77 PolicyWatcher::PolicyWatcher( |
119 scoped_refptr<base::SingleThreadTaskRunner> task_runner) | 78 scoped_refptr<base::SingleThreadTaskRunner> task_runner) |
120 : task_runner_(task_runner), | 79 : task_runner_(task_runner), |
121 transient_policy_error_retry_counter_(0), | 80 transient_policy_error_retry_counter_(0), |
122 old_policies_(new base::DictionaryValue()), | 81 old_policies_(new base::DictionaryValue()), |
123 default_values_(new base::DictionaryValue()), | 82 default_values_(new base::DictionaryValue()), |
124 weak_factory_(this) { | 83 weak_factory_(this) { |
125 // Initialize the default values for each policy. | 84 // Initialize the default values for each policy. |
126 default_values_->SetBoolean(kNatPolicyName, true); | 85 default_values_->SetBoolean(policy::key::kRemoteAccessHostFirewallTraversal, |
127 default_values_->SetBoolean(kHostRequireTwoFactorPolicyName, false); | 86 true); |
128 default_values_->SetBoolean(kHostRequireCurtainPolicyName, false); | 87 default_values_->SetBoolean(policy::key::kRemoteAccessHostRequireTwoFactor, |
129 default_values_->SetBoolean(kHostMatchUsernamePolicyName, false); | 88 false); |
130 default_values_->SetString(kHostDomainPolicyName, std::string()); | 89 default_values_->SetBoolean(policy::key::kRemoteAccessHostRequireCurtain, |
131 default_values_->SetString(kHostTalkGadgetPrefixPolicyName, | 90 false); |
132 kDefaultHostTalkGadgetPrefix); | 91 default_values_->SetBoolean(policy::key::kRemoteAccessHostMatchUsername, |
133 default_values_->SetString(kHostTokenUrlPolicyName, std::string()); | 92 false); |
134 default_values_->SetString(kHostTokenValidationUrlPolicyName, std::string()); | 93 default_values_->SetString(policy::key::kRemoteAccessHostDomain, |
135 default_values_->SetString(kHostTokenValidationCertIssuerPolicyName, | |
136 std::string()); | 94 std::string()); |
137 default_values_->SetBoolean(kHostAllowClientPairing, true); | 95 default_values_->SetString(policy::key::kRemoteAccessHostTalkGadgetPrefix, |
138 default_values_->SetBoolean(kHostAllowGnubbyAuthPolicyName, true); | 96 kDefaultHostTalkGadgetPrefix); |
139 default_values_->SetBoolean(kRelayPolicyName, true); | 97 default_values_->SetString(policy::key::kRemoteAccessHostTokenUrl, |
140 default_values_->SetString(kUdpPortRangePolicyName, ""); | 98 std::string()); |
| 99 default_values_->SetString(policy::key::kRemoteAccessHostTokenValidationUrl, |
| 100 std::string()); |
| 101 default_values_->SetString( |
| 102 policy::key::kRemoteAccessHostTokenValidationCertificateIssuer, |
| 103 std::string()); |
| 104 default_values_->SetBoolean(policy::key::kRemoteAccessHostAllowClientPairing, |
| 105 true); |
| 106 default_values_->SetBoolean(policy::key::kRemoteAccessHostAllowGnubbyAuth, |
| 107 true); |
| 108 default_values_->SetBoolean( |
| 109 policy::key::kRemoteAccessHostAllowRelayedConnection, true); |
| 110 default_values_->SetString(policy::key::kRemoteAccessHostUdpPortRange, ""); |
141 #if !defined(NDEBUG) | 111 #if !defined(NDEBUG) |
142 default_values_->SetString(kHostDebugOverridePoliciesName, std::string()); | 112 default_values_->SetString( |
| 113 policy::key::kRemoteAccessHostDebugOverridePolicies, std::string()); |
143 #endif | 114 #endif |
144 | 115 |
145 // Initialize the fall-back values to use for unreadable policies. | 116 // Initialize the fall-back values to use for unreadable policies. |
146 // For most policies these match the defaults. | 117 // For most policies these match the defaults. |
147 bad_type_values_.reset(default_values_->DeepCopy()); | 118 bad_type_values_.reset(default_values_->DeepCopy()); |
148 bad_type_values_->SetBoolean(kNatPolicyName, false); | 119 bad_type_values_->SetBoolean(policy::key::kRemoteAccessHostFirewallTraversal, |
149 bad_type_values_->SetBoolean(kRelayPolicyName, false); | 120 false); |
| 121 bad_type_values_->SetBoolean( |
| 122 policy::key::kRemoteAccessHostAllowRelayedConnection, false); |
150 } | 123 } |
151 | 124 |
152 PolicyWatcher::~PolicyWatcher() { | 125 PolicyWatcher::~PolicyWatcher() { |
153 } | 126 } |
154 | 127 |
155 void PolicyWatcher::StartWatching( | 128 void PolicyWatcher::StartWatching( |
156 const PolicyUpdatedCallback& policy_updated_callback, | 129 const PolicyUpdatedCallback& policy_updated_callback, |
157 const PolicyErrorCallback& policy_error_callback) { | 130 const PolicyErrorCallback& policy_error_callback) { |
158 if (!OnPolicyWatcherThread()) { | 131 if (!OnPolicyWatcherThread()) { |
159 task_runner_->PostTask(FROM_HERE, | 132 task_runner_->PostTask(FROM_HERE, |
(...skipping 86 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
246 void PolicyWatcher::SignalTransientPolicyError() { | 219 void PolicyWatcher::SignalTransientPolicyError() { |
247 const int kMaxRetryCount = 5; | 220 const int kMaxRetryCount = 5; |
248 transient_policy_error_retry_counter_ += 1; | 221 transient_policy_error_retry_counter_ += 1; |
249 if (transient_policy_error_retry_counter_ >= kMaxRetryCount) { | 222 if (transient_policy_error_retry_counter_ >= kMaxRetryCount) { |
250 SignalPolicyError(); | 223 SignalPolicyError(); |
251 } | 224 } |
252 } | 225 } |
253 | 226 |
254 } // namespace policy_hack | 227 } // namespace policy_hack |
255 } // namespace remoting | 228 } // namespace remoting |
OLD | NEW |