Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(197)

Side by Side Diff: remoting/host/remoting_me2me_host.cc

Issue 820133002: Reusing names of policy keys from policy_constants.h (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Marked the 5 "new" policies as chrome_os:42- Created 5 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « remoting/host/policy_hack/policy_watcher_unittest.cc ('k') | remoting/remoting_host.gypi » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 // 4 //
5 // This file implements a standalone host process for Me2Me. 5 // This file implements a standalone host process for Me2Me.
6 6
7 #include <string> 7 #include <string>
8 8
9 #include "base/at_exit.h" 9 #include "base/at_exit.h"
10 #include "base/bind.h" 10 #include "base/bind.h"
(...skipping 11 matching lines...) Expand all
22 #include "base/threading/thread.h" 22 #include "base/threading/thread.h"
23 #include "build/build_config.h" 23 #include "build/build_config.h"
24 #include "crypto/nss_util.h" 24 #include "crypto/nss_util.h"
25 #include "ipc/ipc_channel.h" 25 #include "ipc/ipc_channel.h"
26 #include "ipc/ipc_channel_proxy.h" 26 #include "ipc/ipc_channel_proxy.h"
27 #include "ipc/ipc_listener.h" 27 #include "ipc/ipc_listener.h"
28 #include "media/base/media.h" 28 #include "media/base/media.h"
29 #include "net/socket/client_socket_factory.h" 29 #include "net/socket/client_socket_factory.h"
30 #include "net/socket/ssl_server_socket.h" 30 #include "net/socket/ssl_server_socket.h"
31 #include "net/url_request/url_fetcher.h" 31 #include "net/url_request/url_fetcher.h"
32 #include "policy/policy_constants.h"
32 #include "remoting/base/auto_thread_task_runner.h" 33 #include "remoting/base/auto_thread_task_runner.h"
33 #include "remoting/base/breakpad.h" 34 #include "remoting/base/breakpad.h"
34 #include "remoting/base/constants.h" 35 #include "remoting/base/constants.h"
35 #include "remoting/base/logging.h" 36 #include "remoting/base/logging.h"
36 #include "remoting/base/rsa_key_pair.h" 37 #include "remoting/base/rsa_key_pair.h"
37 #include "remoting/base/service_urls.h" 38 #include "remoting/base/service_urls.h"
38 #include "remoting/base/util.h" 39 #include "remoting/base/util.h"
39 #include "remoting/host/branding.h" 40 #include "remoting/host/branding.h"
40 #include "remoting/host/chromoting_host.h" 41 #include "remoting/host/chromoting_host.h"
41 #include "remoting/host/chromoting_host_context.h" 42 #include "remoting/host/chromoting_host_context.h"
(...skipping 968 matching lines...) Expand 10 before | Expand all | Expand 10 after
1010 LOG(ERROR) << "The host domain does not match the policy."; 1011 LOG(ERROR) << "The host domain does not match the policy.";
1011 ShutdownHost(kInvalidHostDomainExitCode); 1012 ShutdownHost(kInvalidHostDomainExitCode);
1012 } 1013 }
1013 } 1014 }
1014 } 1015 }
1015 1016
1016 bool HostProcess::OnHostDomainPolicyUpdate(base::DictionaryValue* policies) { 1017 bool HostProcess::OnHostDomainPolicyUpdate(base::DictionaryValue* policies) {
1017 // Returns true if the host has to be restarted after this policy update. 1018 // Returns true if the host has to be restarted after this policy update.
1018 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); 1019 DCHECK(context_->network_task_runner()->BelongsToCurrentThread());
1019 1020
1020 if (!policies->GetString(policy_hack::PolicyWatcher::kHostDomainPolicyName, 1021 if (!policies->GetString(policy::key::kRemoteAccessHostDomain,
1021 &host_domain_)) { 1022 &host_domain_)) {
1022 return false; 1023 return false;
1023 } 1024 }
1024 1025
1025 ApplyHostDomainPolicy(); 1026 ApplyHostDomainPolicy();
1026 return false; 1027 return false;
1027 } 1028 }
1028 1029
1029 void HostProcess::ApplyUsernamePolicy() { 1030 void HostProcess::ApplyUsernamePolicy() {
1030 if (host_username_match_required_) { 1031 if (host_username_match_required_) {
1031 HOST_LOG << "Policy requires host username match."; 1032 HOST_LOG << "Policy requires host username match.";
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after
1066 } 1067 }
1067 } else { 1068 } else {
1068 HOST_LOG << "Policy does not require host username match."; 1069 HOST_LOG << "Policy does not require host username match.";
1069 } 1070 }
1070 } 1071 }
1071 1072
1072 bool HostProcess::OnUsernamePolicyUpdate(base::DictionaryValue* policies) { 1073 bool HostProcess::OnUsernamePolicyUpdate(base::DictionaryValue* policies) {
1073 // Returns false: never restart the host after this policy update. 1074 // Returns false: never restart the host after this policy update.
1074 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); 1075 DCHECK(context_->network_task_runner()->BelongsToCurrentThread());
1075 1076
1076 if (!policies->GetBoolean( 1077 if (!policies->GetBoolean(policy::key::kRemoteAccessHostMatchUsername,
1077 policy_hack::PolicyWatcher::kHostMatchUsernamePolicyName, 1078 &host_username_match_required_)) {
1078 &host_username_match_required_)) {
1079 return false; 1079 return false;
1080 } 1080 }
1081 1081
1082 ApplyUsernamePolicy(); 1082 ApplyUsernamePolicy();
1083 return false; 1083 return false;
1084 } 1084 }
1085 1085
1086 bool HostProcess::OnNatPolicyUpdate(base::DictionaryValue* policies) { 1086 bool HostProcess::OnNatPolicyUpdate(base::DictionaryValue* policies) {
1087 // Returns true if the host has to be restarted after this policy update. 1087 // Returns true if the host has to be restarted after this policy update.
1088 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); 1088 DCHECK(context_->network_task_runner()->BelongsToCurrentThread());
1089 1089
1090 if (!policies->GetBoolean(policy_hack::PolicyWatcher::kNatPolicyName, 1090 if (!policies->GetBoolean(policy::key::kRemoteAccessHostFirewallTraversal,
1091 &allow_nat_traversal_)) { 1091 &allow_nat_traversal_)) {
1092 return false; 1092 return false;
1093 } 1093 }
1094 1094
1095 if (allow_nat_traversal_) { 1095 if (allow_nat_traversal_) {
1096 HOST_LOG << "Policy enables NAT traversal."; 1096 HOST_LOG << "Policy enables NAT traversal.";
1097 } else { 1097 } else {
1098 HOST_LOG << "Policy disables NAT traversal."; 1098 HOST_LOG << "Policy disables NAT traversal.";
1099 } 1099 }
1100 return true; 1100 return true;
1101 } 1101 }
1102 1102
1103 bool HostProcess::OnRelayPolicyUpdate(base::DictionaryValue* policies) { 1103 bool HostProcess::OnRelayPolicyUpdate(base::DictionaryValue* policies) {
1104 // Returns true if the host has to be restarted after this policy update. 1104 // Returns true if the host has to be restarted after this policy update.
1105 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); 1105 DCHECK(context_->network_task_runner()->BelongsToCurrentThread());
1106 1106
1107 if (!policies->GetBoolean(policy_hack::PolicyWatcher::kRelayPolicyName, 1107 if (!policies->GetBoolean(
1108 &allow_relay_)) { 1108 policy::key::kRemoteAccessHostAllowRelayedConnection,
1109 &allow_relay_)) {
1109 return false; 1110 return false;
1110 } 1111 }
1111 1112
1112 if (allow_relay_) { 1113 if (allow_relay_) {
1113 HOST_LOG << "Policy enables use of relay server."; 1114 HOST_LOG << "Policy enables use of relay server.";
1114 } else { 1115 } else {
1115 HOST_LOG << "Policy disables use of relay server."; 1116 HOST_LOG << "Policy disables use of relay server.";
1116 } 1117 }
1117 return true; 1118 return true;
1118 } 1119 }
1119 1120
1120 bool HostProcess::OnUdpPortPolicyUpdate(base::DictionaryValue* policies) { 1121 bool HostProcess::OnUdpPortPolicyUpdate(base::DictionaryValue* policies) {
1121 // Returns true if the host has to be restarted after this policy update. 1122 // Returns true if the host has to be restarted after this policy update.
1122 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); 1123 DCHECK(context_->network_task_runner()->BelongsToCurrentThread());
1123 1124
1124 std::string udp_port_range; 1125 std::string udp_port_range;
1125 if (!policies->GetString(policy_hack::PolicyWatcher::kUdpPortRangePolicyName, 1126 if (!policies->GetString(policy::key::kRemoteAccessHostUdpPortRange,
1126 &udp_port_range)) { 1127 &udp_port_range)) {
1127 return false; 1128 return false;
1128 } 1129 }
1129 1130
1130 // Use default values if policy setting is empty or invalid. 1131 // Use default values if policy setting is empty or invalid.
1131 uint16 min_udp_port = 0; 1132 uint16 min_udp_port = 0;
1132 uint16 max_udp_port = 0; 1133 uint16 max_udp_port = 0;
1133 if (!udp_port_range.empty() && 1134 if (!udp_port_range.empty() &&
1134 !NetworkSettings::ParsePortRange(udp_port_range, &min_udp_port, 1135 !NetworkSettings::ParsePortRange(udp_port_range, &min_udp_port,
1135 &max_udp_port)) { 1136 &max_udp_port)) {
(...skipping 12 matching lines...) Expand all
1148 max_udp_port_ = max_udp_port; 1149 max_udp_port_ = max_udp_port;
1149 return true; 1150 return true;
1150 } 1151 }
1151 return false; 1152 return false;
1152 } 1153 }
1153 1154
1154 bool HostProcess::OnCurtainPolicyUpdate(base::DictionaryValue* policies) { 1155 bool HostProcess::OnCurtainPolicyUpdate(base::DictionaryValue* policies) {
1155 // Returns true if the host has to be restarted after this policy update. 1156 // Returns true if the host has to be restarted after this policy update.
1156 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); 1157 DCHECK(context_->network_task_runner()->BelongsToCurrentThread());
1157 1158
1158 if (!policies->GetBoolean( 1159 if (!policies->GetBoolean(policy::key::kRemoteAccessHostRequireCurtain,
1159 policy_hack::PolicyWatcher::kHostRequireCurtainPolicyName, 1160 &curtain_required_)) {
1160 &curtain_required_)) {
1161 return false; 1161 return false;
1162 } 1162 }
1163 1163
1164 #if defined(OS_MACOSX) 1164 #if defined(OS_MACOSX)
1165 if (curtain_required_) { 1165 if (curtain_required_) {
1166 // When curtain mode is in effect on Mac, the host process runs in the 1166 // When curtain mode is in effect on Mac, the host process runs in the
1167 // user's switched-out session, but launchd will also run an instance at 1167 // user's switched-out session, but launchd will also run an instance at
1168 // the console login screen. Even if no user is currently logged-on, we 1168 // the console login screen. Even if no user is currently logged-on, we
1169 // can't support remote-access to the login screen because the current host 1169 // can't support remote-access to the login screen because the current host
1170 // process model disconnects the client during login, which would leave 1170 // process model disconnects the client during login, which would leave
(...skipping 19 matching lines...) Expand all
1190 if (host_) 1190 if (host_)
1191 host_->SetEnableCurtaining(curtain_required_); 1191 host_->SetEnableCurtaining(curtain_required_);
1192 return false; 1192 return false;
1193 } 1193 }
1194 1194
1195 bool HostProcess::OnHostTalkGadgetPrefixPolicyUpdate( 1195 bool HostProcess::OnHostTalkGadgetPrefixPolicyUpdate(
1196 base::DictionaryValue* policies) { 1196 base::DictionaryValue* policies) {
1197 // Returns true if the host has to be restarted after this policy update. 1197 // Returns true if the host has to be restarted after this policy update.
1198 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); 1198 DCHECK(context_->network_task_runner()->BelongsToCurrentThread());
1199 1199
1200 if (!policies->GetString( 1200 if (!policies->GetString(policy::key::kRemoteAccessHostTalkGadgetPrefix,
1201 policy_hack::PolicyWatcher::kHostTalkGadgetPrefixPolicyName, 1201 &talkgadget_prefix_)) {
1202 &talkgadget_prefix_)) {
1203 return false; 1202 return false;
1204 } 1203 }
1205 1204
1206 HOST_LOG << "Policy sets talkgadget prefix: " << talkgadget_prefix_; 1205 HOST_LOG << "Policy sets talkgadget prefix: " << talkgadget_prefix_;
1207 return true; 1206 return true;
1208 } 1207 }
1209 1208
1210 bool HostProcess::OnHostTokenUrlPolicyUpdate(base::DictionaryValue* policies) { 1209 bool HostProcess::OnHostTokenUrlPolicyUpdate(base::DictionaryValue* policies) {
1211 // Returns true if the host has to be restarted after this policy update. 1210 // Returns true if the host has to be restarted after this policy update.
1212 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); 1211 DCHECK(context_->network_task_runner()->BelongsToCurrentThread());
1213 1212
1214 bool token_policy_changed = false; 1213 bool token_policy_changed = false;
1215 std::string token_url_string; 1214 std::string token_url_string;
1216 if (policies->GetString( 1215 if (policies->GetString(policy::key::kRemoteAccessHostTokenUrl,
1217 policy_hack::PolicyWatcher::kHostTokenUrlPolicyName, 1216 &token_url_string)) {
1218 &token_url_string)) {
1219 token_policy_changed = true; 1217 token_policy_changed = true;
1220 third_party_auth_config_.token_url = GURL(token_url_string); 1218 third_party_auth_config_.token_url = GURL(token_url_string);
1221 } 1219 }
1222 std::string token_validation_url_string; 1220 std::string token_validation_url_string;
1223 if (policies->GetString( 1221 if (policies->GetString(policy::key::kRemoteAccessHostTokenValidationUrl,
1224 policy_hack::PolicyWatcher::kHostTokenValidationUrlPolicyName, 1222 &token_validation_url_string)) {
1225 &token_validation_url_string)) {
1226 token_policy_changed = true; 1223 token_policy_changed = true;
1227 third_party_auth_config_.token_validation_url = 1224 third_party_auth_config_.token_validation_url =
1228 GURL(token_validation_url_string); 1225 GURL(token_validation_url_string);
1229 } 1226 }
1230 if (policies->GetString( 1227 if (policies->GetString(
1231 policy_hack::PolicyWatcher::kHostTokenValidationCertIssuerPolicyName, 1228 policy::key::kRemoteAccessHostTokenValidationCertificateIssuer,
1232 &third_party_auth_config_.token_validation_cert_issuer)) { 1229 &third_party_auth_config_.token_validation_cert_issuer)) {
1233 token_policy_changed = true; 1230 token_policy_changed = true;
1234 } 1231 }
1235 1232
1236 if (token_policy_changed) { 1233 if (token_policy_changed) {
1237 HOST_LOG << "Policy sets third-party token URLs: " 1234 HOST_LOG << "Policy sets third-party token URLs: "
1238 << "TokenUrl: " 1235 << "TokenUrl: "
1239 << third_party_auth_config_.token_url << ", " 1236 << third_party_auth_config_.token_url << ", "
1240 << "TokenValidationUrl: " 1237 << "TokenValidationUrl: "
1241 << third_party_auth_config_.token_validation_url << ", " 1238 << third_party_auth_config_.token_validation_url << ", "
1242 << "TokenValidationCertificateIssuer: " 1239 << "TokenValidationCertificateIssuer: "
1243 << third_party_auth_config_.token_validation_cert_issuer; 1240 << third_party_auth_config_.token_validation_cert_issuer;
1244 } 1241 }
1245 return token_policy_changed; 1242 return token_policy_changed;
1246 } 1243 }
1247 1244
1248 bool HostProcess::OnPairingPolicyUpdate(base::DictionaryValue* policies) { 1245 bool HostProcess::OnPairingPolicyUpdate(base::DictionaryValue* policies) {
1249 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); 1246 DCHECK(context_->network_task_runner()->BelongsToCurrentThread());
1250 1247
1251 if (!policies->GetBoolean( 1248 if (!policies->GetBoolean(policy::key::kRemoteAccessHostAllowClientPairing,
1252 policy_hack::PolicyWatcher::kHostAllowClientPairing, 1249 &allow_pairing_)) {
1253 &allow_pairing_)) {
1254 return false; 1250 return false;
1255 } 1251 }
1256 1252
1257 if (allow_pairing_) { 1253 if (allow_pairing_) {
1258 HOST_LOG << "Policy enables client pairing."; 1254 HOST_LOG << "Policy enables client pairing.";
1259 } else { 1255 } else {
1260 HOST_LOG << "Policy disables client pairing."; 1256 HOST_LOG << "Policy disables client pairing.";
1261 } 1257 }
1262 return true; 1258 return true;
1263 } 1259 }
1264 1260
1265 bool HostProcess::OnGnubbyAuthPolicyUpdate(base::DictionaryValue* policies) { 1261 bool HostProcess::OnGnubbyAuthPolicyUpdate(base::DictionaryValue* policies) {
1266 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); 1262 DCHECK(context_->network_task_runner()->BelongsToCurrentThread());
1267 1263
1268 if (!policies->GetBoolean( 1264 if (!policies->GetBoolean(policy::key::kRemoteAccessHostAllowGnubbyAuth,
1269 policy_hack::PolicyWatcher::kHostAllowGnubbyAuthPolicyName, 1265 &enable_gnubby_auth_)) {
1270 &enable_gnubby_auth_)) {
1271 return false; 1266 return false;
1272 } 1267 }
1273 1268
1274 if (enable_gnubby_auth_) { 1269 if (enable_gnubby_auth_) {
1275 HOST_LOG << "Policy enables gnubby auth."; 1270 HOST_LOG << "Policy enables gnubby auth.";
1276 } else { 1271 } else {
1277 HOST_LOG << "Policy disables gnubby auth."; 1272 HOST_LOG << "Policy disables gnubby auth.";
1278 } 1273 }
1279 1274
1280 if (desktop_environment_factory_) 1275 if (desktop_environment_factory_)
(...skipping 238 matching lines...) Expand 10 before | Expand all | Expand 10 after
1519 base::TimeDelta::FromSeconds(kShutdownTimeoutSeconds)); 1514 base::TimeDelta::FromSeconds(kShutdownTimeoutSeconds));
1520 new HostProcess(context.Pass(), &exit_code, &shutdown_watchdog); 1515 new HostProcess(context.Pass(), &exit_code, &shutdown_watchdog);
1521 1516
1522 // Run the main (also UI) message loop until the host no longer needs it. 1517 // Run the main (also UI) message loop until the host no longer needs it.
1523 message_loop.Run(); 1518 message_loop.Run();
1524 1519
1525 return exit_code; 1520 return exit_code;
1526 } 1521 }
1527 1522
1528 } // namespace remoting 1523 } // namespace remoting
OLDNEW
« no previous file with comments | « remoting/host/policy_hack/policy_watcher_unittest.cc ('k') | remoting/remoting_host.gypi » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698