diff options
Diffstat (limited to 'remoting/host/remoting_me2me_host.cc')
| -rw-r--r-- | remoting/host/remoting_me2me_host.cc | 51 |
1 files changed, 33 insertions, 18 deletions
diff --git a/remoting/host/remoting_me2me_host.cc b/remoting/host/remoting_me2me_host.cc index 52b0fd37da..9ed3383974 100644 --- a/remoting/host/remoting_me2me_host.cc +++ b/remoting/host/remoting_me2me_host.cc @@ -29,6 +29,7 @@ #include "ipc/ipc_listener.h" #include "media/base/media.h" #include "net/base/network_change_notifier.h" +#include "net/socket/client_socket_factory.h" #include "net/socket/ssl_server_socket.h" #include "net/url_request/url_fetcher.h" #include "remoting/base/auto_thread_task_runner.h" @@ -266,9 +267,8 @@ class HostProcess scoped_refptr<RsaKeyPair> key_pair_; std::string oauth_refresh_token_; std::string serialized_config_; - std::string xmpp_login_; - std::string xmpp_auth_token_; - std::string xmpp_auth_service_; + std::string host_owner_; + bool use_service_account_; scoped_ptr<policy_hack::PolicyWatcher> policy_watcher_; bool allow_nat_traversal_; std::string talkgadget_prefix_; @@ -303,6 +303,7 @@ HostProcess::HostProcess(scoped_ptr<ChromotingHostContext> context, int* exit_code_out) : context_(context.Pass()), state_(HOST_INITIALIZING), + use_service_account_(false), allow_nat_traversal_(true), allow_pairing_(true), curtain_required_(false), @@ -520,7 +521,8 @@ void HostProcess::CreateAuthenticatorFactory() { if (token_url_.is_empty() && token_validation_url_.is_empty()) { factory = protocol::Me2MeHostAuthenticatorFactory::CreateWithSharedSecret( - local_certificate, key_pair_, host_secret_hash_, pairing_registry); + host_owner_, local_certificate, key_pair_, host_secret_hash_, + pairing_registry); } else if (token_url_.is_valid() && token_validation_url_.is_valid()) { scoped_ptr<protocol::ThirdPartyHostAuthenticator::TokenValidatorFactory> @@ -528,7 +530,8 @@ void HostProcess::CreateAuthenticatorFactory() { token_url_, token_validation_url_, key_pair_, context_->url_request_context_getter())); factory = protocol::Me2MeHostAuthenticatorFactory::CreateWithThirdPartyAuth( - local_certificate, key_pair_, token_validator_factory.Pass()); + host_owner_, local_certificate, key_pair_, + token_validator_factory.Pass()); } else { // TODO(rmsousa): If the policy is bad the host should not go online. It @@ -709,8 +712,9 @@ bool HostProcess::ApplyConfig(scoped_ptr<JsonHostConfig> config) { } // Use an XMPP connection to the Talk network for session signalling. - if (!config->GetString(kXmppLoginConfigPath, &xmpp_login_) || - !(config->GetString(kXmppAuthTokenConfigPath, &xmpp_auth_token_) || + if (!config->GetString(kXmppLoginConfigPath, &xmpp_server_config_.username) || + !(config->GetString(kXmppAuthTokenConfigPath, + &xmpp_server_config_.auth_token) || config->GetString(kOAuthRefreshTokenConfigPath, &oauth_refresh_token_))) { LOG(ERROR) << "XMPP credentials are not defined in the config."; @@ -718,14 +722,24 @@ bool HostProcess::ApplyConfig(scoped_ptr<JsonHostConfig> config) { } if (!oauth_refresh_token_.empty()) { - xmpp_auth_token_ = ""; // This will be set to the access token later. - xmpp_auth_service_ = "oauth2"; + // SignalingConnector is responsible for getting OAuth token. + xmpp_server_config_.auth_token = ""; + xmpp_server_config_.auth_service = "oauth2"; } else if (!config->GetString(kXmppAuthServiceConfigPath, - &xmpp_auth_service_)) { + &xmpp_server_config_.auth_service)) { // For the me2me host, we default to ClientLogin token for chromiumsync // because earlier versions of the host had no HTTP stack with which to // request an OAuth2 access token. - xmpp_auth_service_ = kChromotingTokenDefaultServiceName; + xmpp_server_config_.auth_service = kChromotingTokenDefaultServiceName; + } + + if (config->GetString(kHostOwnerConfigPath, &host_owner_)) { + // Service account configs have a host_owner, different from the xmpp_login. + use_service_account_ = true; + } else { + // User credential configs only have an xmpp_login, which is also the owner. + host_owner_ = xmpp_server_config_.username; + use_service_account_ = false; } return true; } @@ -799,7 +813,7 @@ bool HostProcess::OnHostDomainPolicyUpdate(const std::string& host_domain) { LOG(INFO) << "Policy sets host domain: " << host_domain; if (!host_domain.empty() && - !EndsWith(xmpp_login_, std::string("@") + host_domain, false)) { + !EndsWith(host_owner_, std::string("@") + host_domain, false)) { ShutdownHost(kInvalidHostDomainExitCode); } return false; @@ -814,7 +828,7 @@ bool HostProcess::OnUsernamePolicyUpdate(bool curtain_required, LOG(INFO) << "Policy requires host username match."; std::string username = GetUsername(); bool shutdown = username.empty() || - !StartsWithASCII(xmpp_login_, username + std::string("@"), + !StartsWithASCII(host_owner_, username + std::string("@"), false); #if defined(OS_MACOSX) @@ -952,9 +966,9 @@ void HostProcess::StartHost() { state_ = HOST_STARTED; signal_strategy_.reset( - new XmppSignalStrategy(context_->url_request_context_getter(), - xmpp_login_, xmpp_auth_token_, - xmpp_auth_service_, xmpp_server_config_)); + new XmppSignalStrategy(net::ClientSocketFactory::GetDefaultFactory(), + context_->url_request_context_getter(), + xmpp_server_config_)); scoped_ptr<DnsBlackholeChecker> dns_blackhole_checker( new DnsBlackholeChecker(context_->url_request_context_getter(), @@ -972,7 +986,8 @@ void HostProcess::StartHost() { if (!oauth_refresh_token_.empty()) { scoped_ptr<SignalingConnector::OAuthCredentials> oauth_credentials( new SignalingConnector::OAuthCredentials( - xmpp_login_, oauth_refresh_token_)); + xmpp_server_config_.username, oauth_refresh_token_, + use_service_account_)); signaling_connector_->EnableOAuth(oauth_credentials.Pass()); } @@ -1026,7 +1041,7 @@ void HostProcess::StartHost() { #endif // !defined(REMOTING_MULTI_PROCESS) host_->SetEnableCurtaining(curtain_required_); - host_->Start(xmpp_login_); + host_->Start(host_owner_); CreateAuthenticatorFactory(); } |