Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(455)

Issue 966433002: Malformed PortRange or ThirdPartyAuthConfig trigger OnPolicyError. (Closed)

Created:
5 years, 10 months ago by Łukasz Anforowicz
Modified:
5 years, 9 months ago
Reviewers:
Sergey Ulanov, rmsousa
CC:
chromium-reviews, chromoting-reviews_chromium.org
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Malformed PortRange or ThirdPartyAuthConfig should trigger OnPolicyError. Before this change a malformed value of RemoteAccessHostUdpPortRange policy (i.e. "123456-blah") was ignored and a default value was used. Similarily for the 3 third-party-auth-config policies (RemoteAccessHostTokenUrl, ...TokenValidationUrl and ...TokenValidationCertificateIssuer) we were falling back to a secure default, but not reporting a policy error. After this change such malformed values will trigger an OnPolicyError callback. Notes: - Guaranteeing that PolicyWatcher always returns valid policy values, removes the need for a "rejecting" Me2MeHostAuthenticatorFactory. - Moving PortRange and ThirdPartyAuthConfig to separate compilation units helps readability elsewhere + encourages better unit tests coverage. - Initially I tried to wrap all policies in a new ChromotingPolicies class, but eventually went back to prevalidating and passing base::DictionaryValue. - Arguments for using ChromotingPolicies: - Helps avoid overtesting in policy_watcher_unittests.cc (i.e. helps focus the tests on a single policy value). - Arguments for using base::DictionaryValue: - Minimizes changes. - Keeps things simple (as opposed to having to introduce a custom equivalent of optional<T> [nothing similar present in Chromium AFAICT]). - Neutral: - Strong-typing of ChromotingPolicies didn't help readability as much as I expected and hoped for. BUG=427513 TEST=remoting_unittests Committed: https://crrev.com/0d40d8ac2eb00482d8bb24924322f75b980525f1 Cr-Commit-Position: refs/heads/master@{#318910}

Patch Set 1 : #

Total comments: 22

Patch Set 2 : Addressed code review feedback from Sergey. #

Total comments: 16

Patch Set 3 : Addressed code review feedback from Renato. #

Patch Set 4 : Fixing a Windows-specific, pre-processor-related build break. #

Unified diffs Side-by-side diffs Delta from patch set Stats (+864 lines, -395 lines) Patch
M remoting/host/it2me/it2me_host.cc View 1 1 chunk +4 lines, -2 lines 0 comments Download
M remoting/host/policy_watcher.h View 1 chunk +11 lines, -4 lines 0 comments Download
M remoting/host/policy_watcher.cc View 1 2 7 chunks +141 lines, -57 lines 0 comments Download
M remoting/host/policy_watcher_unittest.cc View 8 chunks +122 lines, -102 lines 0 comments Download
M remoting/host/remoting_me2me_host.cc View 1 2 10 chunks +28 lines, -78 lines 0 comments Download
A remoting/host/third_party_auth_config.h View 1 2 1 chunk +76 lines, -0 lines 0 comments Download
A remoting/host/third_party_auth_config.cc View 1 2 1 chunk +138 lines, -0 lines 0 comments Download
A remoting/host/third_party_auth_config_unittest.cc View 1 2 3 1 chunk +194 lines, -0 lines 0 comments Download
M remoting/host/token_validator_base.h View 2 chunks +1 line, -14 lines 0 comments Download
M remoting/protocol/chromium_port_allocator.cc View 1 1 chunk +2 lines, -2 lines 0 comments Download
M remoting/protocol/me2me_host_authenticator_factory.h View 1 chunk +0 lines, -4 lines 0 comments Download
M remoting/protocol/me2me_host_authenticator_factory.cc View 1 chunk +0 lines, -6 lines 0 comments Download
M remoting/protocol/network_settings.h View 1 2 chunks +5 lines, -19 lines 0 comments Download
D remoting/protocol/network_settings.cc View 1 chunk +0 lines, -47 lines 0 comments Download
D remoting/protocol/network_settings_unittest.cc View 1 chunk +0 lines, -44 lines 0 comments Download
A remoting/protocol/port_range.h View 1 1 chunk +39 lines, -0 lines 0 comments Download
A + remoting/protocol/port_range.cc View 1 3 chunks +24 lines, -14 lines 0 comments Download
A remoting/protocol/port_range_unittest.cc View 1 1 chunk +73 lines, -0 lines 0 comments Download
M remoting/remoting_host_srcs.gypi View 1 chunk +2 lines, -0 lines 0 comments Download
M remoting/remoting_srcs.gypi View 1 2 chunks +2 lines, -1 line 0 comments Download
M remoting/remoting_test.gypi View 1 2 chunks +2 lines, -1 line 0 comments Download

Messages

Total messages: 26 (14 generated)
Łukasz Anforowicz
Renato, could you please take a look?
5 years, 10 months ago (2015-02-26 19:49:47 UTC) #7
Sergey Ulanov
some drive-by comments https://codereview.chromium.org/966433002/diff/100001/remoting/base/port_range.h File remoting/base/port_range.h (right): https://codereview.chromium.org/966433002/diff/100001/remoting/base/port_range.h#newcode5 remoting/base/port_range.h:5: #ifndef REMOTING_BASE_PORT_RANGE_H_ does this need to ...
5 years, 10 months ago (2015-02-27 03:05:20 UTC) #9
Łukasz Anforowicz
Thank you for the feedback Sergey. I tried addressing it in patchset #2. https://codereview.chromium.org/966433002/diff/100001/remoting/base/port_range.h File ...
5 years, 9 months ago (2015-02-27 18:36:13 UTC) #10
rmsousa
lgtm https://codereview.chromium.org/966433002/diff/120001/remoting/host/policy_watcher.cc File remoting/host/policy_watcher.cc (right): https://codereview.chromium.org/966433002/diff/120001/remoting/host/policy_watcher.cc#newcode109 remoting/host/policy_watcher.cc:109: if (key.find(kPolicyNamePrefix) != std::string::npos) { doesn't prefix imply ...
5 years, 9 months ago (2015-02-27 23:56:14 UTC) #11
Łukasz Anforowicz
Thanks Renato. I've addressed your feedback in patchset #3. https://codereview.chromium.org/966433002/diff/120001/remoting/host/policy_watcher.cc File remoting/host/policy_watcher.cc (right): https://codereview.chromium.org/966433002/diff/120001/remoting/host/policy_watcher.cc#newcode109 remoting/host/policy_watcher.cc:109: ...
5 years, 9 months ago (2015-03-02 17:34:48 UTC) #12
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/966433002/140001
5 years, 9 months ago (2015-03-02 19:25:53 UTC) #15
commit-bot: I haz the power
Try jobs failed on following builders: win_chromium_x64_rel_ng on tryserver.chromium.win (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.win/builders/win_chromium_x64_rel_ng/builds/32187)
5 years, 9 months ago (2015-03-02 22:12:41 UTC) #17
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/966433002/160001
5 years, 9 months ago (2015-03-03 00:49:40 UTC) #20
commit-bot: I haz the power
Try jobs failed on following builders: linux_chromium_chromeos_rel_ng on tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_chromeos_rel_ng/builds/31563)
5 years, 9 months ago (2015-03-03 01:56:19 UTC) #22
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/966433002/160001
5 years, 9 months ago (2015-03-03 18:12:25 UTC) #24
commit-bot: I haz the power
Committed patchset #4 (id:160001)
5 years, 9 months ago (2015-03-03 18:37:04 UTC) #25
commit-bot: I haz the power
5 years, 9 months ago (2015-03-03 18:40:32 UTC) #26
Message was sent while issue was closed.
Patchset 4 (id:??) landed as
https://crrev.com/0d40d8ac2eb00482d8bb24924322f75b980525f1
Cr-Commit-Position: refs/heads/master@{#318910}

Powered by Google App Engine
This is Rietveld 408576698