Private API for extensions like ssh-client that need access to websocket-to-tcp proxy.

Access to TCP is obtained in following way: (1) extension requests authentication token via call to private API like: chrome.webSocketProxyPrivate.getPassportForTCP('netbsd.org', 25, callback); if API validates this request then extension obtains some string token (in callback). (2) open websocket connection to local websocket-to-tcp proxy ws://127.0.0.1:10101/tcpproxy (3) pass header containing hostname, port and token obtained at step (1) (4) communicate (in base64 encoding at this moment). Proxy (running in chrome process) verifies those tokens by calls to InternalAuthVerification::VerifyPassport Passports are one-time; no passport can be reused. Passports expire in short period of time (20 seconds). BUG=chromium-os:9667 TEST=unit_test,apitest Review URL: http://codereview.chromium.org/6683060 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@85757 0039d316-1c4b-4281-b951-d872f2087c98
author: dilmah@chromium.org <dilmah@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2011-05-18 11:58:44 +0000
committer: dilmah@chromium.org <dilmah@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2011-05-18 11:58:44 +0000
commit: c6e584c20129f8745e6fc9170a220eb58e13e172 (patch)
tree: 6491e890f845af7443f6be07d15d9e60c89ec998 /chrome/common
parent: 37e7790801761dc99be00d69f102b7319f2d6a8e (diff)
download: chromium_src-c6e584c20129f8745e6fc9170a220eb58e13e172.zip
chromium_src-c6e584c20129f8745e6fc9170a220eb58e13e172.tar.gz
chromium_src-c6e584c20129f8745e6fc9170a220eb58e13e172.tar.bz2
6 files changed, 76 insertions, 30 deletions
diff --git a/chrome/common/chrome_switches.cc b/chrome/common/chrome_switches.cc
index 4afe3a8..169c2a1 100644
--- a/chrome/common/chrome_switches.cc
+++ b/chrome/common/chrome_switches.cc
@@ -37,6 +37,10 @@ const char kAllowOutdatedPlugins[]          = "allow-outdated-plugins";
 // useful for automation testing of the gallery.
 const char kAllowScriptingGallery[]         = "allow-scripting-gallery";
 
+// Specifies comma separated list of extension ids to grant access to local
+// websocket proxy.
+const char kAllowWebSocketProxy[]           = "allow-websocket-proxy";
+
 // This prevents Chrome from requiring authorization to run certain widely
 // installed but less commonly used plug-ins.
 const char kAlwaysAuthorizePlugins[]        = "always-authorize-plugins";
diff --git a/chrome/common/chrome_switches.h b/chrome/common/chrome_switches.h
index aa4cb99..a9c6d8e 100644
--- a/chrome/common/chrome_switches.h
+++ b/chrome/common/chrome_switches.h
@@ -29,6 +29,7 @@ extern const char kAllowFileAccess[];
 extern const char kAllowOutdatedPlugins[];
 extern const char kAllowHTTPBackgroundPage[];
 extern const char kAllowScriptingGallery[];
+extern const char kAllowWebSocketProxy[];
 extern const char kAlwaysAuthorizePlugins[];
 extern const char kAlwaysEnableDevTools[];
 extern const char kApp[];
diff --git a/chrome/common/extensions/api/extension_api.json b/chrome/common/extensions/api/extension_api.json
index 8ae8075..00febf8 100644
--- a/chrome/common/extensions/api/extension_api.json
+++ b/chrome/common/extensions/api/extension_api.json
@@ -5240,6 +5240,44 @@
     ]
   },
   {
+    "namespace": "webSocketProxyPrivate",
+    "nodoc": true,
+    "types": [],
+    "functions": [
+      {
+        "name": "getPassportForTCP",
+        "description": "requests authorization token for websocket to TCP proxy.",
+        "parameters": [
+          {
+            "type": "string",
+            "name": "hostname",
+            "minLength": 1,
+            "description": "hostname to which TCP connection is requested."
+          },
+          {
+            "type": "integer",
+            "name": "port",
+            "minimum": 1,
+            "maximum": 65535,
+            "description": "TCP port number."
+          },
+          { 
+            "type": "function",
+            "name": "callback",
+            "parameters": [
+              { 
+                "type": "string",
+                "name": "passport",
+                "description": "Passport for passing to proxy."
+              }
+            ]
+          }
+        ]
+      }
+    ],
+    "events": []
+  },
+  {
     "namespace": "experimental.extension",
     "types": [
       {
diff --git a/chrome/common/extensions/extension.cc b/chrome/common/extensions/extension.cc
index 7f472c1..5914bec 100644
--- a/chrome/common/extensions/extension.cc
+++ b/chrome/common/extensions/extension.cc
@@ -268,7 +268,7 @@ const char Extension::kClipboardWritePermission[] = "clipboardWrite";
 const char Extension::kContextMenusPermission[] = "contextMenus";
 const char Extension::kContentSettingsPermission[] = "contentSettings";
 const char Extension::kCookiePermission[] = "cookies";
-const char Extension::kChromeosInfoPrivatePermissions[] = "chromeosInfoPrivate";
+const char Extension::kChromeosInfoPrivatePermission[] = "chromeosInfoPrivate";
 const char Extension::kDebuggerPermission[] = "debugger";
 const char Extension::kExperimentalPermission[] = "experimental";
 const char Extension::kFileBrowserHandlerPermission[] = "fileBrowserHandler";
@@ -282,35 +282,37 @@ const char Extension::kProxyPermission[] = "proxy";
 const char Extension::kTabPermission[] = "tabs";
 const char Extension::kUnlimitedStoragePermission[] = "unlimitedStorage";
 const char Extension::kWebstorePrivatePermission[] = "webstorePrivate";
+const char Extension::kWebSocketProxyPrivatePermission[] =
+    "webSocketProxyPrivate";
 
 // In general, all permissions should have an install message.
 // See ExtensionsTest.PermissionMessages for an explanation of each
 // exception.
 const Extension::Permission Extension::kPermissions[] = {
-  { kBackgroundPermission,           PermissionMessage::ID_NONE },
-  { kBookmarkPermission,             PermissionMessage::ID_BOOKMARKS },
-  { kChromeosInfoPrivatePermissions, PermissionMessage::ID_NONE },
-  { kClipboardReadPermission,        PermissionMessage::ID_CLIPBOARD },
-  { kClipboardWritePermission,       PermissionMessage::ID_NONE },
-  { kContentSettingsPermission,      PermissionMessage::ID_NONE },
-  { kContextMenusPermission,         PermissionMessage::ID_NONE },
-  { kCookiePermission,               PermissionMessage::ID_NONE },
-  { kDebuggerPermission,             PermissionMessage::ID_DEBUGGER },
-  { kExperimentalPermission,         PermissionMessage::ID_NONE },
-  { kFileBrowserHandlerPermission,   PermissionMessage::ID_NONE },
-  { kFileBrowserPrivatePermission,   PermissionMessage::ID_NONE },
-  { kGeolocationPermission,          PermissionMessage::ID_GEOLOCATION },
-  { kIdlePermission,                 PermissionMessage::ID_NONE },
-  { kHistoryPermission,              PermissionMessage::ID_BROWSING_HISTORY },
-  { kManagementPermission,           PermissionMessage::ID_MANAGEMENT },
-  { kNotificationPermission,         PermissionMessage::ID_NONE },
-  { kProxyPermission,                PermissionMessage::ID_NONE },
-  { kTabPermission,                  PermissionMessage::ID_TABS },
-  { kUnlimitedStoragePermission,     PermissionMessage::ID_NONE },
-  { kWebstorePrivatePermission,      PermissionMessage::ID_NONE }
+  { kBackgroundPermission,            PermissionMessage::ID_NONE },
+  { kBookmarkPermission,              PermissionMessage::ID_BOOKMARKS },
+  { kChromeosInfoPrivatePermission,   PermissionMessage::ID_NONE },
+  { kClipboardReadPermission,         PermissionMessage::ID_CLIPBOARD },
+  { kClipboardWritePermission,        PermissionMessage::ID_NONE },
+  { kContentSettingsPermission,       PermissionMessage::ID_NONE },
+  { kContextMenusPermission,          PermissionMessage::ID_NONE },
+  { kCookiePermission,                PermissionMessage::ID_NONE },
+  { kDebuggerPermission,              PermissionMessage::ID_DEBUGGER },
+  { kExperimentalPermission,          PermissionMessage::ID_NONE },
+  { kFileBrowserHandlerPermission,    PermissionMessage::ID_NONE },
+  { kFileBrowserPrivatePermission,    PermissionMessage::ID_NONE },
+  { kGeolocationPermission,           PermissionMessage::ID_GEOLOCATION },
+  { kIdlePermission,                  PermissionMessage::ID_NONE },
+  { kHistoryPermission,               PermissionMessage::ID_BROWSING_HISTORY },
+  { kManagementPermission,            PermissionMessage::ID_MANAGEMENT },
+  { kNotificationPermission,          PermissionMessage::ID_NONE },
+  { kProxyPermission,                 PermissionMessage::ID_NONE },
+  { kTabPermission,                   PermissionMessage::ID_TABS },
+  { kUnlimitedStoragePermission,      PermissionMessage::ID_NONE },
+  { kWebSocketProxyPrivatePermission, PermissionMessage::ID_NONE },
+  { kWebstorePrivatePermission,       PermissionMessage::ID_NONE },
 };
-const size_t Extension::kNumPermissions =
-    arraysize(Extension::kPermissions);
+const size_t Extension::kNumPermissions = arraysize(Extension::kPermissions);
 
 const char* const Extension::kHostedAppPermissionNames[] = {
   Extension::kBackgroundPermission,
@@ -325,7 +327,7 @@ const size_t Extension::kNumHostedAppPermissions =
 const char* const Extension::kComponentPrivatePermissionNames[] = {
     Extension::kFileBrowserPrivatePermission,
     Extension::kWebstorePrivatePermission,
-    Extension::kChromeosInfoPrivatePermissions,
+    Extension::kChromeosInfoPrivatePermission,
 };
 const size_t Extension::kNumComponentPrivatePermissions =
     arraysize(Extension::kComponentPrivatePermissionNames);
@@ -2765,8 +2767,7 @@ void Extension::InitEffectiveHostPermissions() {
   }
 }
 
-bool Extension::IsComponentOnlyPermission
-    (const std::string& permission) const {
+bool Extension::IsComponentOnlyPermission(const std::string& permission) const {
   if (location() == Extension::COMPONENT)
     return true;
 
diff --git a/chrome/common/extensions/extension.h b/chrome/common/extensions/extension.h
index bb60afc..8fc1641 100644
--- a/chrome/common/extensions/extension.h
+++ b/chrome/common/extensions/extension.h
@@ -283,7 +283,7 @@ class Extension : public base::RefCountedThreadSafe<Extension> {
   static const char kContentSettingsPermission[];
   static const char kContextMenusPermission[];
   static const char kCookiePermission[];
-  static const char kChromeosInfoPrivatePermissions[];
+  static const char kChromeosInfoPrivatePermission[];
   static const char kDebuggerPermission[];
   static const char kExperimentalPermission[];
   static const char kFileBrowserHandlerPermission[];
@@ -297,6 +297,7 @@ class Extension : public base::RefCountedThreadSafe<Extension> {
   static const char kTabPermission[];
   static const char kUnlimitedStoragePermission[];
   static const char kWebstorePrivatePermission[];
+  static const char kWebSocketProxyPrivatePermission[];
 
   static const Permission kPermissions[];
   static const size_t kNumPermissions;
diff --git a/chrome/common/extensions/extension_unittest.cc b/chrome/common/extensions/extension_unittest.cc
index 8d432c9..8488984 100644
--- a/chrome/common/extensions/extension_unittest.cc
+++ b/chrome/common/extensions/extension_unittest.cc
@@ -1031,10 +1031,11 @@ TEST(ExtensionTest, PermissionMessages) {
   // to warn you further.
   skip.insert(Extension::kExperimentalPermission);
 
-  // These are only usable by component extensions.
+  // These are private.
   skip.insert(Extension::kWebstorePrivatePermission);
   skip.insert(Extension::kFileBrowserPrivatePermission);
-  skip.insert(Extension::kChromeosInfoPrivatePermissions);
+  skip.insert(Extension::kChromeosInfoPrivatePermission);
+  skip.insert(Extension::kWebSocketProxyPrivatePermission);
 
   const Extension::PermissionMessage::MessageId ID_NONE =
       Extension::PermissionMessage::ID_NONE;
author	dilmah@chromium.org <dilmah@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2011-05-18 11:58:44 +0000
committer	dilmah@chromium.org <dilmah@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2011-05-18 11:58:44 +0000
commit	c6e584c20129f8745e6fc9170a220eb58e13e172 (patch)
tree	6491e890f845af7443f6be07d15d9e60c89ec998 /chrome/common
parent	37e7790801761dc99be00d69f102b7319f2d6a8e (diff)
download	chromium_src-c6e584c20129f8745e6fc9170a220eb58e13e172.zip chromium_src-c6e584c20129f8745e6fc9170a220eb58e13e172.tar.gz chromium_src-c6e584c20129f8745e6fc9170a220eb58e13e172.tar.bz2