Cause:

To prevent a malicious client from guessing the PIN by spamming the host with bogus logins, the chromoting host can throttle incoming requests after too many unsuccessful login attempts.  In the current implementation, every time when there is an incoming request, we start incrementing the bad login counter, regardless of whether the host has actually starts authenticating.

Fix:
This change adds an extra flag on the authenticator to indicate whether authentication has started.
The JingleSession checks the flag and progagates the message back all the way up to the host through the callback  Session::OnSessionAuthenticationBegin

BUG=350208

Review URL: https://codereview.chromium.org/205583011

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@262228 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 5 insertions, 0 deletions

diff --git a/remoting/host/client_session.h b/remoting/host/client_session.h
index ef75b25..f892329 100644
--- a/remoting/host/client_session.h
+++ b/remoting/host/client_session.h
@@ -54,6 +54,9 @@ class ClientSession
   // Callback interface for passing events to the ChromotingHost.
   class EventHandler {
    public:
+    // Called after authentication has started.
+    virtual void OnSessionAuthenticating(ClientSession* client) = 0;
+
     // Called after authentication has finished successfully. Returns true if
     // the connection is allowed, or false otherwise.
     virtual bool OnSessionAuthenticated(ClientSession* client) = 0;
@@ -115,6 +118,8 @@ class ClientSession
       const protocol::ExtensionMessage& message) OVERRIDE;
 
   // protocol::ConnectionToClient::EventHandler interface.
+  virtual void OnConnectionAuthenticating(
+      protocol::ConnectionToClient* connection) OVERRIDE;
   virtual void OnConnectionAuthenticated(
       protocol::ConnectionToClient* connection) OVERRIDE;
   virtual void OnConnectionChannelsConnected(