diff options
| author | ajwong@chromium.org <ajwong@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-11-24 21:27:50 +0000 |
|---|---|---|
| committer | ajwong@chromium.org <ajwong@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-11-24 21:27:50 +0000 |
| commit | 603e52dea02dcf7cb5f0d2677d40b1f6f66a1dbe (patch) | |
| tree | 9d0849337b671b3365a82976b485f08ab74d4d59 /remoting/host | |
| parent | 69e4b61b7bfc27a6eefb1bcd1483e47f4a7777b1 (diff) | |
| download | chromium_src-603e52dea02dcf7cb5f0d2677d40b1f6f66a1dbe.zip chromium_src-603e52dea02dcf7cb5f0d2677d40b1f6f66a1dbe.tar.gz chromium_src-603e52dea02dcf7cb5f0d2677d40b1f6f66a1dbe.tar.bz2 | |
Begin adding mutual authentication into the SessionManager::connect() call.
This CL mainly changes APIs and stubs out functionality needed to
actually create the correct auth token stanzas.
BUG=None
TEST=compiles.
Review URL: http://codereview.chromium.org/4941001
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@67316 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'remoting/host')
| -rw-r--r-- | remoting/host/access_verifier.cc | 27 | ||||
| -rw-r--r-- | remoting/host/access_verifier.h | 19 | ||||
| -rw-r--r-- | remoting/host/access_verifier_unittest.cc | 14 | ||||
| -rw-r--r-- | remoting/host/chromoting_host.cc | 13 | ||||
| -rw-r--r-- | remoting/host/chromoting_host.h | 2 |
5 files changed, 60 insertions, 15 deletions
diff --git a/remoting/host/access_verifier.cc b/remoting/host/access_verifier.cc index 1c31577..6271816 100644 --- a/remoting/host/access_verifier.cc +++ b/remoting/host/access_verifier.cc @@ -7,6 +7,7 @@ #include "base/logging.h" #include "base/string_util.h" #include "remoting/host/host_config.h" +#include "remoting/proto/auth.pb.h" namespace remoting { @@ -29,11 +30,33 @@ bool AccessVerifier::Init(HostConfig* config) { return true; } -bool AccessVerifier::VerifyPermissions(const std::string& client_jid) { +bool AccessVerifier::VerifyPermissions( + const std::string& client_jid, + const std::string& encoded_access_token) { CHECK(initialized_); // Check that the client has the same bare jid as the host, i.e. // client's full jid starts with host's bare jid. - return StartsWithASCII(client_jid, host_jid_prefix_, true); + if (!StartsWithASCII(client_jid, host_jid_prefix_, true)) { + return false; + } + + // Decode the auth token. + protocol::ClientAuthToken client_token; + if (!DecodeClientAuthToken(encoded_access_token, &client_token)) { + return false; + } + + // Kick off directory access permissions. + // TODO(ajwong): Actually implement this. + return true; +} + +bool AccessVerifier::DecodeClientAuthToken( + const std::string& encoded_client_token, + protocol::ClientAuthToken* client_token) { + // TODO(ajwong): Implement this. + NOTIMPLEMENTED(); + return true; } } // namespace remoting diff --git a/remoting/host/access_verifier.h b/remoting/host/access_verifier.h index 41244ef..85c314c 100644 --- a/remoting/host/access_verifier.h +++ b/remoting/host/access_verifier.h @@ -11,20 +11,31 @@ namespace remoting { +namespace protocol { +class ClientAuthToken; +} // namespace protocol + class HostConfig; // AccessVerifier is used by to verify that the client has access to the host. -// Currently it just checks that host and client have the same bare JID. +// Currently it +// +// 1) Checks that host and client have the same bare JID. +// 2) Verifies that the access token can be decoded. // -// TODO(sergeyu): AccessVerifier should query directory to verify user -// permissions. +// TODO(sergeyu): Remove the bare-JID check, and instead ask the directory to +// perform user authorization. class AccessVerifier { public: AccessVerifier(); bool Init(HostConfig* config); - bool VerifyPermissions(const std::string& client_jid); + bool VerifyPermissions(const std::string& client_jid, + const std::string& encoded_client_token); private: + bool DecodeClientAuthToken(const std::string& encoded_client_token, + protocol::ClientAuthToken* client_token); + std::string host_jid_prefix_; bool initialized_; diff --git a/remoting/host/access_verifier_unittest.cc b/remoting/host/access_verifier_unittest.cc index 7d151f5..75d5795 100644 --- a/remoting/host/access_verifier_unittest.cc +++ b/remoting/host/access_verifier_unittest.cc @@ -48,13 +48,13 @@ TEST_F(AccessVerifierTest, VerifyPermissions) { AccessVerifier target; InitConfig(); ASSERT_TRUE(target.Init(config_)); - EXPECT_TRUE(target.VerifyPermissions("host@domain.com/123123")); - EXPECT_FALSE(target.VerifyPermissions("host@domain.com")); - EXPECT_FALSE(target.VerifyPermissions("otherhost@domain.com/123123")); - EXPECT_FALSE(target.VerifyPermissions("host@otherdomain.com/123123")); - EXPECT_FALSE(target.VerifyPermissions("")); - EXPECT_FALSE(target.VerifyPermissions("host@domain.co/saf")); - EXPECT_FALSE(target.VerifyPermissions("host@domain.com.other/blah")); + EXPECT_TRUE(target.VerifyPermissions("host@domain.com/123123", "")); + EXPECT_FALSE(target.VerifyPermissions("host@domain.com", "")); + EXPECT_FALSE(target.VerifyPermissions("otherhost@domain.com/123123", "")); + EXPECT_FALSE(target.VerifyPermissions("host@otherdomain.com/123123", "")); + EXPECT_FALSE(target.VerifyPermissions("", "")); + EXPECT_FALSE(target.VerifyPermissions("host@domain.co/saf", "")); + EXPECT_FALSE(target.VerifyPermissions("host@domain.com.other/blah", "")); } } // namespace remoting diff --git a/remoting/host/chromoting_host.cc b/remoting/host/chromoting_host.cc index 95b9a6e..c713384 100644 --- a/remoting/host/chromoting_host.cc +++ b/remoting/host/chromoting_host.cc @@ -263,8 +263,9 @@ void ChromotingHost::OnNewClientSession( return; } - // Check that the user has access to the host. - if (!access_verifier_.VerifyPermissions(session->jid())) { + // Check that the client has access to the host. + if (!access_verifier_.VerifyPermissions(session->jid(), + session->initiator_token())) { *response = protocol::SessionManager::DECLINE; return; } @@ -283,6 +284,8 @@ void ChromotingHost::OnNewClientSession( } session->set_config(config); + session->set_receiver_token( + GenerateHostAuthToken(session->initiator_token())); *response = protocol::SessionManager::ACCEPT; @@ -326,4 +329,10 @@ Encoder* ChromotingHost::CreateEncoder(const protocol::SessionConfig* config) { return NULL; } +std::string ChromotingHost::GenerateHostAuthToken( + const std::string& encoded_client_token) { + // TODO(ajwong): Return the signature of this instead. + return encoded_client_token; +} + } // namespace remoting diff --git a/remoting/host/chromoting_host.h b/remoting/host/chromoting_host.h index aa8cb5f..1d37ad9 100644 --- a/remoting/host/chromoting_host.h +++ b/remoting/host/chromoting_host.h @@ -129,6 +129,8 @@ class ChromotingHost : public base::RefCountedThreadSafe<ChromotingHost>, // Creates encoder for the specified configuration. Encoder* CreateEncoder(const protocol::SessionConfig* config); + std::string GenerateHostAuthToken(const std::string& encoded_client_token); + // The context that the chromoting host runs on. ChromotingHostContext* context_; |