| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 // | 4 // |
| 5 // This file implements a standalone host process for Me2Me. | 5 // This file implements a standalone host process for Me2Me. |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 | 8 |
| 9 #include "base/at_exit.h" | 9 #include "base/at_exit.h" |
| 10 #include "base/bind.h" | 10 #include "base/bind.h" |
| (...skipping 16 matching lines...) Expand all Loading... |
| 27 #include "crypto/nss_util.h" | 27 #include "crypto/nss_util.h" |
| 28 #include "ipc/ipc_channel.h" | 28 #include "ipc/ipc_channel.h" |
| 29 #include "ipc/ipc_channel_proxy.h" | 29 #include "ipc/ipc_channel_proxy.h" |
| 30 #include "ipc/ipc_listener.h" | 30 #include "ipc/ipc_listener.h" |
| 31 #include "net/base/network_change_notifier.h" | 31 #include "net/base/network_change_notifier.h" |
| 32 #include "net/socket/ssl_server_socket.h" | 32 #include "net/socket/ssl_server_socket.h" |
| 33 #include "net/url_request/url_fetcher.h" | 33 #include "net/url_request/url_fetcher.h" |
| 34 #include "remoting/base/auto_thread_task_runner.h" | 34 #include "remoting/base/auto_thread_task_runner.h" |
| 35 #include "remoting/base/breakpad.h" | 35 #include "remoting/base/breakpad.h" |
| 36 #include "remoting/base/constants.h" | 36 #include "remoting/base/constants.h" |
| 37 #include "remoting/base/rsa_key_pair.h" |
| 37 #include "remoting/base/util.h" | 38 #include "remoting/base/util.h" |
| 38 #include "remoting/host/branding.h" | 39 #include "remoting/host/branding.h" |
| 39 #include "remoting/host/chromoting_host.h" | 40 #include "remoting/host/chromoting_host.h" |
| 40 #include "remoting/host/chromoting_host_context.h" | 41 #include "remoting/host/chromoting_host_context.h" |
| 41 #include "remoting/host/chromoting_messages.h" | 42 #include "remoting/host/chromoting_messages.h" |
| 42 #include "remoting/host/config_file_watcher.h" | 43 #include "remoting/host/config_file_watcher.h" |
| 43 #include "remoting/host/curtain_mode.h" | 44 #include "remoting/host/curtain_mode.h" |
| 44 #include "remoting/host/curtaining_host_observer.h" | 45 #include "remoting/host/curtaining_host_observer.h" |
| 45 #include "remoting/host/desktop_environment.h" | 46 #include "remoting/host/desktop_environment.h" |
| 46 #include "remoting/host/desktop_session_connector.h" | 47 #include "remoting/host/desktop_session_connector.h" |
| (...skipping 10 matching lines...) Expand all Loading... |
| 57 #include "remoting/host/ipc_host_event_logger.h" | 58 #include "remoting/host/ipc_host_event_logger.h" |
| 58 #include "remoting/host/json_host_config.h" | 59 #include "remoting/host/json_host_config.h" |
| 59 #include "remoting/host/log_to_server.h" | 60 #include "remoting/host/log_to_server.h" |
| 60 #include "remoting/host/logging.h" | 61 #include "remoting/host/logging.h" |
| 61 #include "remoting/host/me2me_desktop_environment.h" | 62 #include "remoting/host/me2me_desktop_environment.h" |
| 62 #include "remoting/host/network_settings.h" | 63 #include "remoting/host/network_settings.h" |
| 63 #include "remoting/host/policy_hack/policy_watcher.h" | 64 #include "remoting/host/policy_hack/policy_watcher.h" |
| 64 #include "remoting/host/service_urls.h" | 65 #include "remoting/host/service_urls.h" |
| 65 #include "remoting/host/session_manager_factory.h" | 66 #include "remoting/host/session_manager_factory.h" |
| 66 #include "remoting/host/signaling_connector.h" | 67 #include "remoting/host/signaling_connector.h" |
| 68 #include "remoting/host/token_validator_factory_impl.h" |
| 67 #include "remoting/host/ui_strings.h" | 69 #include "remoting/host/ui_strings.h" |
| 68 #include "remoting/host/usage_stats_consent.h" | 70 #include "remoting/host/usage_stats_consent.h" |
| 69 #include "remoting/jingle_glue/xmpp_signal_strategy.h" | 71 #include "remoting/jingle_glue/xmpp_signal_strategy.h" |
| 70 #include "remoting/protocol/me2me_host_authenticator_factory.h" | 72 #include "remoting/protocol/me2me_host_authenticator_factory.h" |
| 71 | 73 |
| 72 #if defined(OS_POSIX) | 74 #if defined(OS_POSIX) |
| 73 #include <signal.h> | 75 #include <signal.h> |
| 74 #include "base/file_descriptor_posix.h" | 76 #include "base/file_descriptor_posix.h" |
| 75 #include "remoting/host/pam_authorization_factory_posix.h" | 77 #include "remoting/host/pam_authorization_factory_posix.h" |
| 76 #include "remoting/host/posix/signal_handler.h" | 78 #include "remoting/host/posix/signal_handler.h" |
| (...skipping 121 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 198 | 200 |
| 199 // Applies the host config, returning true if successful. | 201 // Applies the host config, returning true if successful. |
| 200 bool ApplyConfig(scoped_ptr<JsonHostConfig> config); | 202 bool ApplyConfig(scoped_ptr<JsonHostConfig> config); |
| 201 | 203 |
| 202 void OnPolicyUpdate(scoped_ptr<base::DictionaryValue> policies); | 204 void OnPolicyUpdate(scoped_ptr<base::DictionaryValue> policies); |
| 203 bool OnHostDomainPolicyUpdate(const std::string& host_domain); | 205 bool OnHostDomainPolicyUpdate(const std::string& host_domain); |
| 204 bool OnUsernamePolicyUpdate(bool username_match_required); | 206 bool OnUsernamePolicyUpdate(bool username_match_required); |
| 205 bool OnNatPolicyUpdate(bool nat_traversal_enabled); | 207 bool OnNatPolicyUpdate(bool nat_traversal_enabled); |
| 206 bool OnCurtainPolicyUpdate(bool curtain_required); | 208 bool OnCurtainPolicyUpdate(bool curtain_required); |
| 207 bool OnHostTalkGadgetPrefixPolicyUpdate(const std::string& talkgadget_prefix); | 209 bool OnHostTalkGadgetPrefixPolicyUpdate(const std::string& talkgadget_prefix); |
| 210 bool OnHostTokenUrlPolicyUpdate(const GURL& token_url, |
| 211 const GURL& token_validation_url); |
| 208 | 212 |
| 209 void StartHost(); | 213 void StartHost(); |
| 210 | 214 |
| 211 void OnAuthFailed(); | 215 void OnAuthFailed(); |
| 212 | 216 |
| 213 void OnCurtainModeFailed(); | 217 void OnCurtainModeFailed(); |
| 214 | 218 |
| 215 void OnRemoteSessionSwitchedToConsole(); | 219 void OnRemoteSessionSwitchedToConsole(); |
| 216 | 220 |
| 217 // Invoked when the user uses the Disconnect windows to terminate | 221 // Invoked when the user uses the Disconnect windows to terminate |
| (...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 261 std::string xmpp_login_; | 265 std::string xmpp_login_; |
| 262 std::string xmpp_auth_token_; | 266 std::string xmpp_auth_token_; |
| 263 std::string xmpp_auth_service_; | 267 std::string xmpp_auth_service_; |
| 264 scoped_ptr<policy_hack::PolicyWatcher> policy_watcher_; | 268 scoped_ptr<policy_hack::PolicyWatcher> policy_watcher_; |
| 265 bool allow_nat_traversal_; | 269 bool allow_nat_traversal_; |
| 266 std::string talkgadget_prefix_; | 270 std::string talkgadget_prefix_; |
| 267 | 271 |
| 268 scoped_ptr<CurtainMode> curtain_; | 272 scoped_ptr<CurtainMode> curtain_; |
| 269 scoped_ptr<CurtainingHostObserver> curtaining_host_observer_; | 273 scoped_ptr<CurtainingHostObserver> curtaining_host_observer_; |
| 270 bool curtain_required_; | 274 bool curtain_required_; |
| 275 GURL token_url_; |
| 276 GURL token_validation_url_; |
| 271 | 277 |
| 272 scoped_ptr<XmppSignalStrategy> signal_strategy_; | 278 scoped_ptr<XmppSignalStrategy> signal_strategy_; |
| 273 scoped_ptr<SignalingConnector> signaling_connector_; | 279 scoped_ptr<SignalingConnector> signaling_connector_; |
| 274 scoped_ptr<HeartbeatSender> heartbeat_sender_; | 280 scoped_ptr<HeartbeatSender> heartbeat_sender_; |
| 275 scoped_ptr<HostChangeNotificationListener> host_change_notification_listener_; | 281 scoped_ptr<HostChangeNotificationListener> host_change_notification_listener_; |
| 276 scoped_ptr<LogToServer> log_to_server_; | 282 scoped_ptr<LogToServer> log_to_server_; |
| 277 scoped_ptr<HostEventLogger> host_event_logger_; | 283 scoped_ptr<HostEventLogger> host_event_logger_; |
| 278 | 284 |
| 279 // Created on the UI thread and used on the network thread. | 285 // Created on the UI thread and used on the network thread. |
| 280 scoped_ptr<HostUserInterface> host_user_interface_; | 286 scoped_ptr<HostUserInterface> host_user_interface_; |
| (...skipping 193 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 474 | 480 |
| 475 if (state_ != HOST_STARTED) | 481 if (state_ != HOST_STARTED) |
| 476 return; | 482 return; |
| 477 | 483 |
| 478 std::string local_certificate = key_pair_->GenerateCertificate(); | 484 std::string local_certificate = key_pair_->GenerateCertificate(); |
| 479 if (local_certificate.empty()) { | 485 if (local_certificate.empty()) { |
| 480 LOG(ERROR) << "Failed to generate host certificate."; | 486 LOG(ERROR) << "Failed to generate host certificate."; |
| 481 ShutdownHost(kInitializationFailed); | 487 ShutdownHost(kInitializationFailed); |
| 482 return; | 488 return; |
| 483 } | 489 } |
| 490 scoped_ptr<protocol::AuthenticatorFactory> factory; |
| 484 | 491 |
| 485 scoped_ptr<protocol::AuthenticatorFactory> factory( | 492 if (token_url_.is_empty() && token_validation_url_.is_empty()) { |
| 486 new protocol::Me2MeHostAuthenticatorFactory( | 493 factory = protocol::Me2MeHostAuthenticatorFactory::CreateWithSharedSecret( |
| 487 local_certificate, key_pair_, host_secret_hash_)); | 494 local_certificate, key_pair_, host_secret_hash_); |
| 495 } else if (token_url_.is_valid() && token_validation_url_.is_valid()) { |
| 496 scoped_ptr<protocol::ThirdPartyHostAuthenticator::TokenValidatorFactory> |
| 497 token_validator_factory(new TokenValidatorFactoryImpl( |
| 498 token_url_, token_validation_url_, key_pair_, |
| 499 context_->url_request_context_getter())); |
| 500 factory = protocol::Me2MeHostAuthenticatorFactory::CreateWithThirdPartyAuth( |
| 501 local_certificate, key_pair_, token_validator_factory.Pass()); |
| 502 } else { |
| 503 // TODO(rmsousa): If the policy is bad the host should not go online. It |
| 504 // should keep running, but not connected, until the policies are fixed. |
| 505 // Having it show up as online and then reject all clients is misleading. |
| 506 LOG(ERROR) << "One of the third-party token URLs is empty or invalid. " |
| 507 << "Host will reject all clients until policies are corrected. " |
| 508 << "TokenUrl: " << token_url_ << ", " |
| 509 << "TokenValidationUrl: " << token_validation_url_; |
| 510 factory = protocol::Me2MeHostAuthenticatorFactory::CreateRejecting(); |
| 511 } |
| 512 |
| 488 #if defined(OS_POSIX) | 513 #if defined(OS_POSIX) |
| 489 // On Linux and Mac, perform a PAM authorization step after authentication. | 514 // On Linux and Mac, perform a PAM authorization step after authentication. |
| 490 factory.reset(new PamAuthorizationFactory(factory.Pass())); | 515 factory.reset(new PamAuthorizationFactory(factory.Pass())); |
| 491 #endif | 516 #endif |
| 492 host_->SetAuthenticatorFactory(factory.Pass()); | 517 host_->SetAuthenticatorFactory(factory.Pass()); |
| 493 } | 518 } |
| 494 | 519 |
| 495 // IPC::Listener implementation. | 520 // IPC::Listener implementation. |
| 496 bool HostProcess::OnMessageReceived(const IPC::Message& message) { | 521 bool HostProcess::OnMessageReceived(const IPC::Message& message) { |
| 497 DCHECK(context_->ui_task_runner()->BelongsToCurrentThread()); | 522 DCHECK(context_->ui_task_runner()->BelongsToCurrentThread()); |
| (...skipping 237 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 735 if (policies->GetString( | 760 if (policies->GetString( |
| 736 policy_hack::PolicyWatcher::kHostTalkGadgetPrefixPolicyName, | 761 policy_hack::PolicyWatcher::kHostTalkGadgetPrefixPolicyName, |
| 737 &string_value)) { | 762 &string_value)) { |
| 738 restart_required |= OnHostTalkGadgetPrefixPolicyUpdate(string_value); | 763 restart_required |= OnHostTalkGadgetPrefixPolicyUpdate(string_value); |
| 739 } | 764 } |
| 740 if (policies->GetBoolean( | 765 if (policies->GetBoolean( |
| 741 policy_hack::PolicyWatcher::kHostRequireCurtainPolicyName, | 766 policy_hack::PolicyWatcher::kHostRequireCurtainPolicyName, |
| 742 &bool_value)) { | 767 &bool_value)) { |
| 743 restart_required |= OnCurtainPolicyUpdate(bool_value); | 768 restart_required |= OnCurtainPolicyUpdate(bool_value); |
| 744 } | 769 } |
| 770 std::string token_url_string, token_validation_url_string; |
| 771 if (policies->GetString( |
| 772 policy_hack::PolicyWatcher::kHostTokenUrlPolicyName, |
| 773 &token_url_string) && |
| 774 policies->GetString( |
| 775 policy_hack::PolicyWatcher::kHostTokenValidationUrlPolicyName, |
| 776 &token_validation_url_string)) { |
| 777 restart_required |= OnHostTokenUrlPolicyUpdate( |
| 778 GURL(token_url_string), GURL(token_validation_url_string)); |
| 779 } |
| 745 | 780 |
| 746 if (state_ == HOST_INITIALIZING) { | 781 if (state_ == HOST_INITIALIZING) { |
| 747 StartHost(); | 782 StartHost(); |
| 748 } else if (state_ == HOST_STARTED && restart_required) { | 783 } else if (state_ == HOST_STARTED && restart_required) { |
| 749 RestartHost(); | 784 RestartHost(); |
| 750 } | 785 } |
| 751 } | 786 } |
| 752 | 787 |
| 753 bool HostProcess::OnHostDomainPolicyUpdate(const std::string& host_domain) { | 788 bool HostProcess::OnHostDomainPolicyUpdate(const std::string& host_domain) { |
| 754 // Returns true if the host has to be restarted after this policy update. | 789 // Returns true if the host has to be restarted after this policy update. |
| (...skipping 103 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 858 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); | 893 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); |
| 859 | 894 |
| 860 if (talkgadget_prefix != talkgadget_prefix_) { | 895 if (talkgadget_prefix != talkgadget_prefix_) { |
| 861 LOG(INFO) << "Policy sets talkgadget prefix: " << talkgadget_prefix; | 896 LOG(INFO) << "Policy sets talkgadget prefix: " << talkgadget_prefix; |
| 862 talkgadget_prefix_ = talkgadget_prefix; | 897 talkgadget_prefix_ = talkgadget_prefix; |
| 863 return true; | 898 return true; |
| 864 } | 899 } |
| 865 return false; | 900 return false; |
| 866 } | 901 } |
| 867 | 902 |
| 903 bool HostProcess::OnHostTokenUrlPolicyUpdate( |
| 904 const GURL& token_url, |
| 905 const GURL& token_validation_url) { |
| 906 // Returns true if the host has to be restarted after this policy update. |
| 907 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); |
| 908 |
| 909 if (token_url_ != token_url || |
| 910 token_validation_url_ != token_validation_url) { |
| 911 LOG(INFO) << "Policy sets third-party token URLs: " |
| 912 << "TokenUrl: " << token_url << ", " |
| 913 << "TokenValidationUrl: " << token_validation_url; |
| 914 |
| 915 token_url_ = token_url; |
| 916 token_validation_url_ = token_validation_url; |
| 917 return true; |
| 918 } |
| 919 |
| 920 return false; |
| 921 } |
| 922 |
| 868 void HostProcess::StartHost() { | 923 void HostProcess::StartHost() { |
| 869 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); | 924 DCHECK(context_->network_task_runner()->BelongsToCurrentThread()); |
| 870 DCHECK(!host_); | 925 DCHECK(!host_); |
| 871 DCHECK(!signal_strategy_.get()); | 926 DCHECK(!signal_strategy_.get()); |
| 872 DCHECK(state_ == HOST_INITIALIZING || state_ == HOST_STOPPING_TO_RESTART || | 927 DCHECK(state_ == HOST_INITIALIZING || state_ == HOST_STOPPING_TO_RESTART || |
| 873 state_ == HOST_STOPPED) << state_; | 928 state_ == HOST_STOPPED) << state_; |
| 874 state_ = HOST_STARTED; | 929 state_ = HOST_STARTED; |
| 875 | 930 |
| 876 signal_strategy_.reset( | 931 signal_strategy_.reset( |
| 877 new XmppSignalStrategy(context_->url_request_context_getter(), | 932 new XmppSignalStrategy(context_->url_request_context_getter(), |
| (...skipping 239 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1117 return exit_code; | 1172 return exit_code; |
| 1118 } | 1173 } |
| 1119 | 1174 |
| 1120 } // namespace remoting | 1175 } // namespace remoting |
| 1121 | 1176 |
| 1122 #if !defined(OS_WIN) | 1177 #if !defined(OS_WIN) |
| 1123 int main(int argc, char** argv) { | 1178 int main(int argc, char** argv) { |
| 1124 return remoting::HostMain(argc, argv); | 1179 return remoting::HostMain(argc, argv); |
| 1125 } | 1180 } |
| 1126 #endif // !defined(OS_WIN) | 1181 #endif // !defined(OS_WIN) |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 12313085:
Host-side third party token validation (Closed)
Base URL: http://git.chromium.org/chromium/src.git@third_party_auth_protocol