| Index: remoting/host/remoting_me2me_host.cc
|
| diff --git a/remoting/host/remoting_me2me_host.cc b/remoting/host/remoting_me2me_host.cc
|
| index cdf6962b31ee2a892356f655cbb26b9d5e502811..fbcc7fade667aaffe628ca2fb9ba82a803479a9a 100644
|
| --- a/remoting/host/remoting_me2me_host.cc
|
| +++ b/remoting/host/remoting_me2me_host.cc
|
| @@ -243,6 +243,7 @@ class HostProcess
|
|
|
| scoped_ptr<CurtainMode> curtain_;
|
| scoped_ptr<CurtainingHostObserver> curtaining_host_observer_;
|
| + bool curtain_required_;
|
|
|
| bool restarting_;
|
| bool shutting_down_;
|
| @@ -270,6 +271,7 @@ class HostProcess
|
| HostProcess::HostProcess(scoped_ptr<ChromotingHostContext> context)
|
| : context_(context.Pass()),
|
| allow_nat_traversal_(true),
|
| + curtain_required_(false),
|
| restarting_(false),
|
| shutting_down_(false),
|
| desktop_resizer_(DesktopResizer::Create()),
|
| @@ -673,6 +675,8 @@ bool HostProcess::OnHostDomainPolicyUpdate(const std::string& host_domain) {
|
| // Returns true if the host has to be restarted after this policy update.
|
| DCHECK(context_->network_task_runner()->BelongsToCurrentThread());
|
|
|
| + LOG(INFO) << "Policy sets host domain: " << host_domain;
|
| +
|
| if (!host_domain.empty() &&
|
| !EndsWith(xmpp_login_, std::string("@") + host_domain, false)) {
|
| Shutdown(kInvalidHostDomainExitCode);
|
| @@ -685,12 +689,16 @@ bool HostProcess::OnUsernamePolicyUpdate(bool host_username_match_required) {
|
| DCHECK(context_->network_task_runner()->BelongsToCurrentThread());
|
|
|
| if (host_username_match_required) {
|
| + LOG(INFO) << "Policy requires host username match.";
|
| if (!CanGetUsername() ||
|
| !StartsWithASCII(xmpp_login_, GetUsername() + std::string("@"),
|
| false)) {
|
| Shutdown(kUsernameMismatchExitCode);
|
| }
|
| + } else {
|
| + LOG(INFO) << "Policy does not require host username match.";
|
| }
|
| +
|
| return false;
|
| }
|
|
|
| @@ -699,8 +707,11 @@ bool HostProcess::OnNatPolicyUpdate(bool nat_traversal_enabled) {
|
| DCHECK(context_->network_task_runner()->BelongsToCurrentThread());
|
|
|
| if (allow_nat_traversal_ != nat_traversal_enabled) {
|
| + if (nat_traversal_enabled)
|
| + LOG(INFO) << "Policy enables NAT traversal.";
|
| + else
|
| + LOG(INFO) << "Policy disables NAT traversal.";
|
| allow_nat_traversal_ = nat_traversal_enabled;
|
| - LOG(INFO) << "Updated NAT policy.";
|
| return true;
|
| }
|
| return false;
|
| @@ -712,10 +723,12 @@ bool HostProcess::OnCurtainPolicyUpdate(bool curtain_required) {
|
|
|
| #if defined(OS_MACOSX)
|
| if (curtain_required) {
|
| - // If curtain mode is required, then we can't currently support remoting
|
| - // the login screen. This is because we don't curtain the login screen
|
| - // and the current daemon architecture means that the connction is closed
|
| - // immediately after login, leaving the host system uncurtained.
|
| + // When curtain mode is in effect on Mac, the host process runs in the
|
| + // user's switched-out session, but launchd will also run an instance at
|
| + // the console login screen. Even if no user is currently logged-on, we
|
| + // can't support remote-access to the login screen because the current host
|
| + // process model disconnects the client during login, which would leave
|
| + // the logged in session un-curtained on the console until they reconnect.
|
| //
|
| // TODO(jamiewalch): Fix this once we have implemented the multi-process
|
| // daemon architecture (crbug.com/134894)
|
| @@ -725,9 +738,14 @@ bool HostProcess::OnCurtainPolicyUpdate(bool curtain_required) {
|
| }
|
| }
|
| #endif
|
| - if (curtain_->required() != curtain_required) {
|
| - LOG(INFO) << "Updated curtain policy.";
|
| - curtain_->set_required(curtain_required);
|
| +
|
| + if (curtain_required_ != curtain_required) {
|
| + if (curtain_required)
|
| + LOG(ERROR) << "Policy requires curtain-mode.";
|
| + else
|
| + LOG(ERROR) << "Policy does not require curtain-mode.";
|
| + curtain_required_ = curtain_required;
|
| + curtaining_host_observer_->SetEnableCurtaining(curtain_required_);
|
| return true;
|
| }
|
| return false;
|
| @@ -739,7 +757,7 @@ bool HostProcess::OnHostTalkGadgetPrefixPolicyUpdate(
|
| DCHECK(context_->network_task_runner()->BelongsToCurrentThread());
|
|
|
| if (talkgadget_prefix != talkgadget_prefix_) {
|
| - LOG(INFO) << "Updated talkgadget policy.";
|
| + LOG(INFO) << "Policy sets talkgadget prefix: " << talkgadget_prefix;
|
| talkgadget_prefix_ = talkgadget_prefix;
|
| return true;
|
| }
|
| @@ -815,10 +833,11 @@ void HostProcess::StartHost() {
|
| new ResizingHostObserver(desktop_resizer_.get(), host_));
|
| #endif
|
|
|
| - // Curtain mode is currently broken on Mac (the only supported platform),
|
| - // so it's disabled until we've had time to fully investigate.
|
| - // curtaining_host_observer_.reset(new CurtainingHostObserver(
|
| - // curtain_.get(), host_));
|
| + // Create a host observer to enable/disable curtain mode as clients connect
|
| + // and disconnect.
|
| + curtaining_host_observer_.reset(new CurtainingHostObserver(
|
| + curtain_.get(), host_));
|
| + curtaining_host_observer_->SetEnableCurtaining(curtain_required_);
|
|
|
| if (host_user_interface_.get()) {
|
| host_user_interface_->Start(
|
|
|
Chromium Code Reviews
Issue 11275178:
Enforce the RemoteAccessHostRequireCurtain policy on all platforms. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src