Upstream version 7.36.149.0

[platform/framework/web/crosswalk.git] / src / remoting / host / remoting_me2me_host.cc

diff --git a/src/remoting/host/remoting_me2me_host.cc b/src/remoting/host/remoting_me2me_host.cc
index 69b505b..5d33b02 100644 (file)
--- a/src/remoting/host/remoting_me2me_host.cc
+++ b/src/remoting/host/remoting_me2me_host.cc
@@ -36,6 +36,7 @@
 #include "remoting/base/constants.h"
 #include "remoting/base/logging.h"
 #include "remoting/base/rsa_key_pair.h"
+#include "remoting/base/util.h"
 #include "remoting/host/branding.h"
 #include "remoting/host/chromoting_host.h"
 #include "remoting/host/chromoting_host_context.h"
@@ -71,6 +72,7 @@
 #include "remoting/jingle_glue/xmpp_signal_strategy.h"
 #include "remoting/protocol/me2me_host_authenticator_factory.h"
 #include "remoting/protocol/pairing_registry.h"
+#include "remoting/protocol/token_validator.h"
 
 #if defined(OS_POSIX)
 #include <signal.h>
@@ -112,6 +114,10 @@ const char kApplicationName[] = "chromoting";
 // The command line switch used to pass name of the pipe to capture audio on
 // linux.
 const char kAudioPipeSwitchName[] = "audio-pipe-name";
+
+// The command line switch used to pass name of the unix domain socket used to
+// listen for gnubby requests.
+const char kAuthSocknameSwitchName[] = "ssh-auth-sockname";
 #endif  // defined(OS_LINUX)
 
 // The command line switch used by the parent to request the host to signal it
@@ -222,6 +228,8 @@ class HostProcess
   bool OnUsernamePolicyUpdate(bool curtain_required,
                               bool username_match_required);
   bool OnNatPolicyUpdate(bool nat_traversal_enabled);
+  bool OnRelayPolicyUpdate(bool allow_relay);
+  bool OnUdpPortPolicyUpdate(const std::string& udp_port_range);
   void OnCurtainPolicyUpdate(bool curtain_required);
   bool OnHostTalkGadgetPrefixPolicyUpdate(const std::string& talkgadget_prefix);
   bool OnHostTokenUrlPolicyUpdate(
@@ -229,6 +237,7 @@ class HostProcess
       const GURL& token_validation_url,
       const std::string& token_validation_cert_issuer);
   bool OnPairingPolicyUpdate(bool pairing_enabled);
+  bool OnGnubbyAuthPolicyUpdate(bool enable_gnubby_auth);
 
   void StartHost();
 
@@ -281,11 +290,15 @@ class HostProcess
   bool use_service_account_;
   scoped_ptr<policy_hack::PolicyWatcher> policy_watcher_;
   bool allow_nat_traversal_;
+  bool allow_relay_;
+  int min_udp_port_;
+  int max_udp_port_;
   std::string talkgadget_prefix_;
   bool allow_pairing_;
 
   bool curtain_required_;
   ThirdPartyAuthConfig third_party_auth_config_;
+  bool enable_gnubby_auth_;
 
   scoped_ptr<OAuthTokenGetter> oauth_token_getter_;
   scoped_ptr<XmppSignalStrategy> signal_strategy_;
@@ -317,8 +330,12 @@ HostProcess::HostProcess(scoped_ptr<ChromotingHostContext> context,
       state_(HOST_INITIALIZING),
       use_service_account_(false),
       allow_nat_traversal_(true),
+      allow_relay_(true),
+      min_udp_port_(0),
+      max_udp_port_(0),
       allow_pairing_(true),
       curtain_required_(false),
+      enable_gnubby_auth_(false),
 #if defined(REMOTING_MULTI_PROCESS)
       desktop_session_connector_(NULL),
 #endif  // defined(REMOTING_MULTI_PROCESS)
@@ -543,8 +560,8 @@ void HostProcess::CreateAuthenticatorFactory() {
         host_secret_hash_, pairing_registry);
 
   } else if (third_party_auth_config_.is_valid()) {
-    scoped_ptr<protocol::ThirdPartyHostAuthenticator::TokenValidatorFactory>
-        token_validator_factory(new TokenValidatorFactoryImpl(
+    scoped_ptr<protocol::TokenValidatorFactory> token_validator_factory(
+        new TokenValidatorFactoryImpl(
             third_party_auth_config_,
             key_pair_, context_->url_request_context_getter()));
     factory = protocol::Me2MeHostAuthenticatorFactory::CreateWithThirdPartyAuth(
@@ -631,6 +648,11 @@ void HostProcess::StartOnUiThread() {
     remoting::AudioCapturerLinux::InitializePipeReader(
         context_->audio_task_runner(), audio_pipe_name);
   }
+
+  base::FilePath gnubby_socket_name = CommandLine::ForCurrentProcess()->
+      GetSwitchValuePath(kAuthSocknameSwitchName);
+  if (!gnubby_socket_name.empty())
+    remoting::GnubbyAuthHandler::SetGnubbySocketName(gnubby_socket_name);
 #endif  // defined(OS_LINUX)
 
   // Create a desktop environment factory appropriate to the build type &
@@ -653,6 +675,7 @@ void HostProcess::StartOnUiThread() {
 #endif  // !defined(OS_WIN)
 
   desktop_environment_factory_.reset(desktop_environment_factory);
+  desktop_environment_factory_->SetEnableGnubbyAuth(enable_gnubby_auth_);
 
   context_->network_task_runner()->PostTask(
       FROM_HERE,
@@ -822,6 +845,16 @@ void HostProcess::OnPolicyUpdate(scoped_ptr<base::DictionaryValue> policies) {
                            &bool_value)) {
     restart_required |= OnNatPolicyUpdate(bool_value);
   }
+  if (policies->GetBoolean(policy_hack::PolicyWatcher::kRelayPolicyName,
+                           &bool_value)) {
+    restart_required |= OnRelayPolicyUpdate(bool_value);
+  }
+  std::string udp_port_range;
+  if (policies->GetString(policy_hack::PolicyWatcher::kUdpPortRangePolicyName,
+                           &udp_port_range)) {
+    restart_required |= OnUdpPortPolicyUpdate(udp_port_range);
+  }
+
   if (policies->GetString(
           policy_hack::PolicyWatcher::kHostTalkGadgetPrefixPolicyName,
           &string_value)) {
@@ -847,6 +880,10 @@ void HostProcess::OnPolicyUpdate(scoped_ptr<base::DictionaryValue> policies) {
           &bool_value)) {
     restart_required |= OnPairingPolicyUpdate(bool_value);
   }
+  if (policies->GetBoolean(
+          policy_hack::PolicyWatcher::kHostAllowGnubbyAuthPolicyName,
+          &bool_value))
+    restart_required |= OnGnubbyAuthPolicyUpdate(bool_value);
 
   if (state_ == HOST_INITIALIZING) {
     StartHost();
@@ -924,6 +961,49 @@ bool HostProcess::OnNatPolicyUpdate(bool nat_traversal_enabled) {
   return false;
 }
 
+bool HostProcess::OnRelayPolicyUpdate(bool allow_relay) {
+  // Returns true if the host has to be restarted after this policy update.
+  DCHECK(context_->network_task_runner()->BelongsToCurrentThread());
+
+  if (allow_relay_ != allow_relay) {
+    if (allow_relay)
+      HOST_LOG << "Policy enables use of relay server.";
+    else
+      HOST_LOG << "Policy disables use of relay server.";
+    allow_relay_ = allow_relay;
+    return true;
+  }
+  return false;
+}
+
+bool HostProcess::OnUdpPortPolicyUpdate(const std::string& udp_port_range) {
+  // Returns true if the host has to be restarted after this policy update.
+  DCHECK(context_->network_task_runner()->BelongsToCurrentThread());
+
+  // Use default values if policy setting is empty or invalid.
+  int min_udp_port = 0;
+  int max_udp_port = 0;
+  if (!udp_port_range.empty() &&
+      !NetworkSettings::ParsePortRange(udp_port_range, &min_udp_port,
+                                       &max_udp_port)) {
+    LOG(WARNING) << "Invalid port range policy: \"" << udp_port_range
+                 << "\". Using default values.";
+  }
+
+  if (min_udp_port_ != min_udp_port || max_udp_port_ != max_udp_port) {
+    if (min_udp_port != 0 && max_udp_port != 0) {
+      HOST_LOG << "Policy restricts UDP port range to [" << min_udp_port
+               << ", " << max_udp_port << "]";
+    } else {
+      HOST_LOG << "Policy does not restrict UDP port range.";
+    }
+    min_udp_port_ = min_udp_port;
+    max_udp_port_ = max_udp_port;
+    return true;
+  }
+  return false;
+}
+
 void HostProcess::OnCurtainPolicyUpdate(bool curtain_required) {
   // Returns true if the host has to be restarted after this policy update.
   DCHECK(context_->network_task_runner()->BelongsToCurrentThread());
@@ -1012,6 +1092,25 @@ bool HostProcess::OnPairingPolicyUpdate(bool allow_pairing) {
   return true;
 }
 
+bool HostProcess::OnGnubbyAuthPolicyUpdate(bool enable_gnubby_auth) {
+  DCHECK(context_->network_task_runner()->BelongsToCurrentThread());
+
+  if (enable_gnubby_auth_ == enable_gnubby_auth)
+    return false;
+
+  if (enable_gnubby_auth) {
+    HOST_LOG << "Policy enables gnubby auth.";
+  } else {
+    HOST_LOG << "Policy disables gnubby auth.";
+  }
+  enable_gnubby_auth_ = enable_gnubby_auth;
+
+  if (desktop_environment_factory_)
+    desktop_environment_factory_->SetEnableGnubbyAuth(enable_gnubby_auth);
+
+  return true;
+}
+
 void HostProcess::StartHost() {
   DCHECK(context_->network_task_runner()->BelongsToCurrentThread());
   DCHECK(!host_);
@@ -1050,11 +1149,24 @@ void HostProcess::StartHost() {
     signaling_connector_->EnableOAuth(oauth_token_getter_.get());
   }
 
-  NetworkSettings network_settings(
-      allow_nat_traversal_ ?
-      NetworkSettings::NAT_TRAVERSAL_ENABLED :
-      NetworkSettings::NAT_TRAVERSAL_DISABLED);
-  if (!allow_nat_traversal_) {
+  uint32 network_flags = allow_nat_traversal_ ?
+      NetworkSettings::NAT_TRAVERSAL_STUN : 0;
+
+  if (allow_relay_)
+    network_flags |= NetworkSettings::NAT_TRAVERSAL_RELAY;
+
+  if (allow_relay_ || allow_nat_traversal_)
+    network_flags |= NetworkSettings::NAT_TRAVERSAL_OUTGOING;
+
+  NetworkSettings network_settings(network_flags);
+
+  if (min_udp_port_ && max_udp_port_) {
+    network_settings.min_port = min_udp_port_;
+    network_settings.max_port = max_udp_port_;
+  } else if (!allow_nat_traversal_) {
+    // For legacy reasons we have to restrict the port range to a set of default
+    // values when nat traversal is disabled, even if the port range was not
+    // set in policy.
     network_settings.min_port = NetworkSettings::kDefaultMinPort;
     network_settings.max_port = NetworkSettings::kDefaultMaxPort;
   }