OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 // | 4 // |
5 // This file implements a standalone host process for Me2Me. | 5 // This file implements a standalone host process for Me2Me. |
6 | 6 |
7 #include <string> | 7 #include <string> |
8 | 8 |
9 #include "base/at_exit.h" | 9 #include "base/at_exit.h" |
10 #include "base/bind.h" | 10 #include "base/bind.h" |
(...skipping 11 matching lines...) Expand all Loading... |
22 #include "base/threading/thread.h" | 22 #include "base/threading/thread.h" |
23 #include "build/build_config.h" | 23 #include "build/build_config.h" |
24 #include "crypto/nss_util.h" | 24 #include "crypto/nss_util.h" |
25 #include "ipc/ipc_channel.h" | 25 #include "ipc/ipc_channel.h" |
26 #include "ipc/ipc_channel_proxy.h" | 26 #include "ipc/ipc_channel_proxy.h" |
27 #include "ipc/ipc_listener.h" | 27 #include "ipc/ipc_listener.h" |
28 #include "media/base/media.h" | 28 #include "media/base/media.h" |
29 #include "net/socket/client_socket_factory.h" | 29 #include "net/socket/client_socket_factory.h" |
30 #include "net/socket/ssl_server_socket.h" | 30 #include "net/socket/ssl_server_socket.h" |
31 #include "net/url_request/url_fetcher.h" | 31 #include "net/url_request/url_fetcher.h" |
| 32 #include "policy/policy_constants.h" |
32 #include "remoting/base/auto_thread_task_runner.h" | 33 #include "remoting/base/auto_thread_task_runner.h" |
33 #include "remoting/base/breakpad.h" | 34 #include "remoting/base/breakpad.h" |
34 #include "remoting/base/constants.h" | 35 #include "remoting/base/constants.h" |
35 #include "remoting/base/logging.h" | 36 #include "remoting/base/logging.h" |
36 #include "remoting/base/rsa_key_pair.h" | 37 #include "remoting/base/rsa_key_pair.h" |
37 #include "remoting/base/service_urls.h" | 38 #include "remoting/base/service_urls.h" |
38 #include "remoting/base/util.h" | 39 #include "remoting/base/util.h" |
39 #include "remoting/host/branding.h" | 40 #include "remoting/host/branding.h" |
40 #include "remoting/host/chromoting_host.h" | 41 #include "remoting/host/chromoting_host.h" |
41 #include "remoting/host/chromoting_host_context.h" | 42 #include "remoting/host/chromoting_host_context.h" |
(...skipping 968 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1010 LOG(ERROR) << "The host domain does not match the policy."; | 1011 LOG(ERROR) << "The host domain does not match the policy."; |
1011 ShutdownHost(kInvalidHostDomainExitCode); | 1012 ShutdownHost(kInvalidHostDomainExitCode); |
1012 } | 1013 } |
1013 } | 1014 } |
1014 } | 1015 } |
1015 | 1016 |
1016 bool HostProcess::OnHostDomainPolicyUpdate(base::DictionaryValue* policies) { | 1017 bool HostProcess::OnHostDomainPolicyUpdate(base::DictionaryValue* policies) { |
1017 // Returns true if the host has to be restarted after this policy update. | 1018 // Returns true if the host has to be restarted after this policy update. |
1018 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); | 1019 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); |
1019 | 1020 |
1020 if (!policies->GetString(policy_hack::PolicyWatcher::kHostDomainPolicyName, | 1021 if (!policies->GetString(policy::key::kRemoteAccessHostDomain, |
1021 &host_domain_)) { | 1022 &host_domain_)) { |
1022 return false; | 1023 return false; |
1023 } | 1024 } |
1024 | 1025 |
1025 ApplyHostDomainPolicy(); | 1026 ApplyHostDomainPolicy(); |
1026 return false; | 1027 return false; |
1027 } | 1028 } |
1028 | 1029 |
1029 void HostProcess::ApplyUsernamePolicy() { | 1030 void HostProcess::ApplyUsernamePolicy() { |
1030 if (host_username_match_required_) { | 1031 if (host_username_match_required_) { |
1031 HOST_LOG << "Policy requires host username match."; | 1032 HOST_LOG << "Policy requires host username match."; |
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1066 } | 1067 } |
1067 } else { | 1068 } else { |
1068 HOST_LOG << "Policy does not require host username match."; | 1069 HOST_LOG << "Policy does not require host username match."; |
1069 } | 1070 } |
1070 } | 1071 } |
1071 | 1072 |
1072 bool HostProcess::OnUsernamePolicyUpdate(base::DictionaryValue* policies) { | 1073 bool HostProcess::OnUsernamePolicyUpdate(base::DictionaryValue* policies) { |
1073 // Returns false: never restart the host after this policy update. | 1074 // Returns false: never restart the host after this policy update. |
1074 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); | 1075 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); |
1075 | 1076 |
1076 if (!policies->GetBoolean( | 1077 if (!policies->GetBoolean(policy::key::kRemoteAccessHostMatchUsername, |
1077 policy_hack::PolicyWatcher::kHostMatchUsernamePolicyName, | 1078 &host_username_match_required_)) { |
1078 &host_username_match_required_)) { | |
1079 return false; | 1079 return false; |
1080 } | 1080 } |
1081 | 1081 |
1082 ApplyUsernamePolicy(); | 1082 ApplyUsernamePolicy(); |
1083 return false; | 1083 return false; |
1084 } | 1084 } |
1085 | 1085 |
1086 bool HostProcess::OnNatPolicyUpdate(base::DictionaryValue* policies) { | 1086 bool HostProcess::OnNatPolicyUpdate(base::DictionaryValue* policies) { |
1087 // Returns true if the host has to be restarted after this policy update. | 1087 // Returns true if the host has to be restarted after this policy update. |
1088 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); | 1088 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); |
1089 | 1089 |
1090 if (!policies->GetBoolean(policy_hack::PolicyWatcher::kNatPolicyName, | 1090 if (!policies->GetBoolean(policy::key::kRemoteAccessHostFirewallTraversal, |
1091 &allow_nat_traversal_)) { | 1091 &allow_nat_traversal_)) { |
1092 return false; | 1092 return false; |
1093 } | 1093 } |
1094 | 1094 |
1095 if (allow_nat_traversal_) { | 1095 if (allow_nat_traversal_) { |
1096 HOST_LOG << "Policy enables NAT traversal."; | 1096 HOST_LOG << "Policy enables NAT traversal."; |
1097 } else { | 1097 } else { |
1098 HOST_LOG << "Policy disables NAT traversal."; | 1098 HOST_LOG << "Policy disables NAT traversal."; |
1099 } | 1099 } |
1100 return true; | 1100 return true; |
1101 } | 1101 } |
1102 | 1102 |
1103 bool HostProcess::OnRelayPolicyUpdate(base::DictionaryValue* policies) { | 1103 bool HostProcess::OnRelayPolicyUpdate(base::DictionaryValue* policies) { |
1104 // Returns true if the host has to be restarted after this policy update. | 1104 // Returns true if the host has to be restarted after this policy update. |
1105 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); | 1105 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); |
1106 | 1106 |
1107 if (!policies->GetBoolean(policy_hack::PolicyWatcher::kRelayPolicyName, | 1107 if (!policies->GetBoolean( |
1108 &allow_relay_)) { | 1108 policy::key::kRemoteAccessHostAllowRelayedConnection, |
| 1109 &allow_relay_)) { |
1109 return false; | 1110 return false; |
1110 } | 1111 } |
1111 | 1112 |
1112 if (allow_relay_) { | 1113 if (allow_relay_) { |
1113 HOST_LOG << "Policy enables use of relay server."; | 1114 HOST_LOG << "Policy enables use of relay server."; |
1114 } else { | 1115 } else { |
1115 HOST_LOG << "Policy disables use of relay server."; | 1116 HOST_LOG << "Policy disables use of relay server."; |
1116 } | 1117 } |
1117 return true; | 1118 return true; |
1118 } | 1119 } |
1119 | 1120 |
1120 bool HostProcess::OnUdpPortPolicyUpdate(base::DictionaryValue* policies) { | 1121 bool HostProcess::OnUdpPortPolicyUpdate(base::DictionaryValue* policies) { |
1121 // Returns true if the host has to be restarted after this policy update. | 1122 // Returns true if the host has to be restarted after this policy update. |
1122 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); | 1123 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); |
1123 | 1124 |
1124 std::string udp_port_range; | 1125 std::string udp_port_range; |
1125 if (!policies->GetString(policy_hack::PolicyWatcher::kUdpPortRangePolicyName, | 1126 if (!policies->GetString(policy::key::kRemoteAccessHostUdpPortRange, |
1126 &udp_port_range)) { | 1127 &udp_port_range)) { |
1127 return false; | 1128 return false; |
1128 } | 1129 } |
1129 | 1130 |
1130 // Use default values if policy setting is empty or invalid. | 1131 // Use default values if policy setting is empty or invalid. |
1131 uint16 min_udp_port = 0; | 1132 uint16 min_udp_port = 0; |
1132 uint16 max_udp_port = 0; | 1133 uint16 max_udp_port = 0; |
1133 if (!udp_port_range.empty() && | 1134 if (!udp_port_range.empty() && |
1134 !NetworkSettings::ParsePortRange(udp_port_range, &min_udp_port, | 1135 !NetworkSettings::ParsePortRange(udp_port_range, &min_udp_port, |
1135 &max_udp_port)) { | 1136 &max_udp_port)) { |
(...skipping 12 matching lines...) Expand all Loading... |
1148 max_udp_port_ = max_udp_port; | 1149 max_udp_port_ = max_udp_port; |
1149 return true; | 1150 return true; |
1150 } | 1151 } |
1151 return false; | 1152 return false; |
1152 } | 1153 } |
1153 | 1154 |
1154 bool HostProcess::OnCurtainPolicyUpdate(base::DictionaryValue* policies) { | 1155 bool HostProcess::OnCurtainPolicyUpdate(base::DictionaryValue* policies) { |
1155 // Returns true if the host has to be restarted after this policy update. | 1156 // Returns true if the host has to be restarted after this policy update. |
1156 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); | 1157 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); |
1157 | 1158 |
1158 if (!policies->GetBoolean( | 1159 if (!policies->GetBoolean(policy::key::kRemoteAccessHostRequireCurtain, |
1159 policy_hack::PolicyWatcher::kHostRequireCurtainPolicyName, | 1160 &curtain_required_)) { |
1160 &curtain_required_)) { | |
1161 return false; | 1161 return false; |
1162 } | 1162 } |
1163 | 1163 |
1164 #if defined(OS_MACOSX) | 1164 #if defined(OS_MACOSX) |
1165 if (curtain_required_) { | 1165 if (curtain_required_) { |
1166 // When curtain mode is in effect on Mac, the host process runs in the | 1166 // When curtain mode is in effect on Mac, the host process runs in the |
1167 // user's switched-out session, but launchd will also run an instance at | 1167 // user's switched-out session, but launchd will also run an instance at |
1168 // the console login screen. Even if no user is currently logged-on, we | 1168 // the console login screen. Even if no user is currently logged-on, we |
1169 // can't support remote-access to the login screen because the current host | 1169 // can't support remote-access to the login screen because the current host |
1170 // process model disconnects the client during login, which would leave | 1170 // process model disconnects the client during login, which would leave |
(...skipping 19 matching lines...) Expand all Loading... |
1190 if (host_) | 1190 if (host_) |
1191 host_->SetEnableCurtaining(curtain_required_); | 1191 host_->SetEnableCurtaining(curtain_required_); |
1192 return false; | 1192 return false; |
1193 } | 1193 } |
1194 | 1194 |
1195 bool HostProcess::OnHostTalkGadgetPrefixPolicyUpdate( | 1195 bool HostProcess::OnHostTalkGadgetPrefixPolicyUpdate( |
1196 base::DictionaryValue* policies) { | 1196 base::DictionaryValue* policies) { |
1197 // Returns true if the host has to be restarted after this policy update. | 1197 // Returns true if the host has to be restarted after this policy update. |
1198 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); | 1198 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); |
1199 | 1199 |
1200 if (!policies->GetString( | 1200 if (!policies->GetString(policy::key::kRemoteAccessHostTalkGadgetPrefix, |
1201 policy_hack::PolicyWatcher::kHostTalkGadgetPrefixPolicyName, | 1201 &talkgadget_prefix_)) { |
1202 &talkgadget_prefix_)) { | |
1203 return false; | 1202 return false; |
1204 } | 1203 } |
1205 | 1204 |
1206 HOST_LOG << "Policy sets talkgadget prefix: " << talkgadget_prefix_; | 1205 HOST_LOG << "Policy sets talkgadget prefix: " << talkgadget_prefix_; |
1207 return true; | 1206 return true; |
1208 } | 1207 } |
1209 | 1208 |
1210 bool HostProcess::OnHostTokenUrlPolicyUpdate(base::DictionaryValue* policies) { | 1209 bool HostProcess::OnHostTokenUrlPolicyUpdate(base::DictionaryValue* policies) { |
1211 // Returns true if the host has to be restarted after this policy update. | 1210 // Returns true if the host has to be restarted after this policy update. |
1212 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); | 1211 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); |
1213 | 1212 |
1214 bool token_policy_changed = false; | 1213 bool token_policy_changed = false; |
1215 std::string token_url_string; | 1214 std::string token_url_string; |
1216 if (policies->GetString( | 1215 if (policies->GetString(policy::key::kRemoteAccessHostTokenUrl, |
1217 policy_hack::PolicyWatcher::kHostTokenUrlPolicyName, | 1216 &token_url_string)) { |
1218 &token_url_string)) { | |
1219 token_policy_changed = true; | 1217 token_policy_changed = true; |
1220 third_party_auth_config_.token_url = GURL(token_url_string); | 1218 third_party_auth_config_.token_url = GURL(token_url_string); |
1221 } | 1219 } |
1222 std::string token_validation_url_string; | 1220 std::string token_validation_url_string; |
1223 if (policies->GetString( | 1221 if (policies->GetString(policy::key::kRemoteAccessHostTokenValidationUrl, |
1224 policy_hack::PolicyWatcher::kHostTokenValidationUrlPolicyName, | 1222 &token_validation_url_string)) { |
1225 &token_validation_url_string)) { | |
1226 token_policy_changed = true; | 1223 token_policy_changed = true; |
1227 third_party_auth_config_.token_validation_url = | 1224 third_party_auth_config_.token_validation_url = |
1228 GURL(token_validation_url_string); | 1225 GURL(token_validation_url_string); |
1229 } | 1226 } |
1230 if (policies->GetString( | 1227 if (policies->GetString( |
1231 policy_hack::PolicyWatcher::kHostTokenValidationCertIssuerPolicyName, | 1228 policy::key::kRemoteAccessHostTokenValidationCertificateIssuer, |
1232 &third_party_auth_config_.token_validation_cert_issuer)) { | 1229 &third_party_auth_config_.token_validation_cert_issuer)) { |
1233 token_policy_changed = true; | 1230 token_policy_changed = true; |
1234 } | 1231 } |
1235 | 1232 |
1236 if (token_policy_changed) { | 1233 if (token_policy_changed) { |
1237 HOST_LOG << "Policy sets third-party token URLs: " | 1234 HOST_LOG << "Policy sets third-party token URLs: " |
1238 << "TokenUrl: " | 1235 << "TokenUrl: " |
1239 << third_party_auth_config_.token_url << ", " | 1236 << third_party_auth_config_.token_url << ", " |
1240 << "TokenValidationUrl: " | 1237 << "TokenValidationUrl: " |
1241 << third_party_auth_config_.token_validation_url << ", " | 1238 << third_party_auth_config_.token_validation_url << ", " |
1242 << "TokenValidationCertificateIssuer: " | 1239 << "TokenValidationCertificateIssuer: " |
1243 << third_party_auth_config_.token_validation_cert_issuer; | 1240 << third_party_auth_config_.token_validation_cert_issuer; |
1244 } | 1241 } |
1245 return token_policy_changed; | 1242 return token_policy_changed; |
1246 } | 1243 } |
1247 | 1244 |
1248 bool HostProcess::OnPairingPolicyUpdate(base::DictionaryValue* policies) { | 1245 bool HostProcess::OnPairingPolicyUpdate(base::DictionaryValue* policies) { |
1249 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); | 1246 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); |
1250 | 1247 |
1251 if (!policies->GetBoolean( | 1248 if (!policies->GetBoolean(policy::key::kRemoteAccessHostAllowClientPairing, |
1252 policy_hack::PolicyWatcher::kHostAllowClientPairing, | 1249 &allow_pairing_)) { |
1253 &allow_pairing_)) { | |
1254 return false; | 1250 return false; |
1255 } | 1251 } |
1256 | 1252 |
1257 if (allow_pairing_) { | 1253 if (allow_pairing_) { |
1258 HOST_LOG << "Policy enables client pairing."; | 1254 HOST_LOG << "Policy enables client pairing."; |
1259 } else { | 1255 } else { |
1260 HOST_LOG << "Policy disables client pairing."; | 1256 HOST_LOG << "Policy disables client pairing."; |
1261 } | 1257 } |
1262 return true; | 1258 return true; |
1263 } | 1259 } |
1264 | 1260 |
1265 bool HostProcess::OnGnubbyAuthPolicyUpdate(base::DictionaryValue* policies) { | 1261 bool HostProcess::OnGnubbyAuthPolicyUpdate(base::DictionaryValue* policies) { |
1266 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); | 1262 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); |
1267 | 1263 |
1268 if (!policies->GetBoolean( | 1264 if (!policies->GetBoolean(policy::key::kRemoteAccessHostAllowGnubbyAuth, |
1269 policy_hack::PolicyWatcher::kHostAllowGnubbyAuthPolicyName, | 1265 &enable_gnubby_auth_)) { |
1270 &enable_gnubby_auth_)) { | |
1271 return false; | 1266 return false; |
1272 } | 1267 } |
1273 | 1268 |
1274 if (enable_gnubby_auth_) { | 1269 if (enable_gnubby_auth_) { |
1275 HOST_LOG << "Policy enables gnubby auth."; | 1270 HOST_LOG << "Policy enables gnubby auth."; |
1276 } else { | 1271 } else { |
1277 HOST_LOG << "Policy disables gnubby auth."; | 1272 HOST_LOG << "Policy disables gnubby auth."; |
1278 } | 1273 } |
1279 | 1274 |
1280 if (desktop_environment_factory_) | 1275 if (desktop_environment_factory_) |
(...skipping 238 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1519 base::TimeDelta::FromSeconds(kShutdownTimeoutSeconds)); | 1514 base::TimeDelta::FromSeconds(kShutdownTimeoutSeconds)); |
1520 new HostProcess(context.Pass(), &exit_code, &shutdown_watchdog); | 1515 new HostProcess(context.Pass(), &exit_code, &shutdown_watchdog); |
1521 | 1516 |
1522 // Run the main (also UI) message loop until the host no longer needs it. | 1517 // Run the main (also UI) message loop until the host no longer needs it. |
1523 message_loop.Run(); | 1518 message_loop.Run(); |
1524 | 1519 |
1525 return exit_code; | 1520 return exit_code; |
1526 } | 1521 } |
1527 | 1522 |
1528 } // namespace remoting | 1523 } // namespace remoting |
OLD | NEW |