[Chromoting] Add a username policy, and implement it for the Linux Me2Me host.

BUG=158080 Review URL: https://chromiumcodereview.appspot.com/11341032 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@165036 0039d316-1c4b-4281-b951-d872f2087c98
author: simonmorris@chromium.org <simonmorris@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2012-10-30 22:31:12 +0000
committer: simonmorris@chromium.org <simonmorris@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2012-10-30 22:31:12 +0000
commit: 52ba3eaab56d133fe404e6b40315e1ed86ab5bbe (patch)
tree: 9fcfd9cf0a62532fb04c8ac8fa99ccb652bba6fc /remoting/host
parent: 7cd5e7168ca6d9aaa53abad1b7ae2c278fb2f470 (diff)
download: chromium_src-52ba3eaab56d133fe404e6b40315e1ed86ab5bbe.zip
chromium_src-52ba3eaab56d133fe404e6b40315e1ed86ab5bbe.tar.gz
chromium_src-52ba3eaab56d133fe404e6b40315e1ed86ab5bbe.tar.bz2
6 files changed, 72 insertions, 10 deletions
diff --git a/remoting/host/host_exit_codes.h b/remoting/host/host_exit_codes.h
index 38852a0..b325d1f 100644
--- a/remoting/host/host_exit_codes.h
+++ b/remoting/host/host_exit_codes.h
@@ -16,20 +16,21 @@ enum HostExitCodes {
   // Error codes that don't indicate a permanent error condition.
   kSuccessExitCode = 0,
   kReservedForX11ExitCode = 1,
-  kInitializationFailed = 7,
-  kUsageExitCode = 8,
+  kInitializationFailed = 2,
+  kUsageExitCode = 3,
 
   // Error codes that do indicate a permanent error condition.
-  kInvalidHostConfigurationExitCode = 2,
-  kInvalidHostIdExitCode = 3,
-  kInvalidOauthCredentialsExitCode = 4,
-  kInvalidHostDomainExitCode = 5,
-  kLoginScreenNotSupportedExitCode = 6,
+  kInvalidHostConfigurationExitCode = 100,
+  kInvalidHostIdExitCode = 101,
+  kInvalidOauthCredentialsExitCode = 102,
+  kInvalidHostDomainExitCode = 103,
+  kLoginScreenNotSupportedExitCode = 104,
+  kUsernameMismatchExitCode = 105,
 
   // The range of the exit codes that should be interpreted as a permanent error
   // condition.
   kMinPermanentErrorExitCode = kInvalidHostConfigurationExitCode,
-  kMaxPermanentErrorExitCode = kLoginScreenNotSupportedExitCode
+  kMaxPermanentErrorExitCode = kUsernameMismatchExitCode
 };
 
 }  // namespace remoting
diff --git a/remoting/host/installer/mac/PrivilegedHelperTools/org.chromium.chromoting.me2me.sh b/remoting/host/installer/mac/PrivilegedHelperTools/org.chromium.chromoting.me2me.sh
index 62577d4..36f4530 100755
--- a/remoting/host/installer/mac/PrivilegedHelperTools/org.chromium.chromoting.me2me.sh
+++ b/remoting/host/installer/mac/PrivilegedHelperTools/org.chromium.chromoting.me2me.sh
@@ -20,8 +20,8 @@ SIGTERM_EXIT_CODE=143
 # Range of exit codes returned by the host to indicate that a permanent error
 # has occurred and that the host should not be restarted. Please, keep these
 # constants in sync with remoting/host/host_exit_codes.h.
-MIN_PERMANENT_ERROR_EXIT_CODE=2
-MAX_PERMANENT_ERROR_EXIT_CODE=6
+MIN_PERMANENT_ERROR_EXIT_CODE=100
+MAX_PERMANENT_ERROR_EXIT_CODE=105
 
 HOST_PID=0
 SIGNAL_WAS_TRAPPED=0
diff --git a/remoting/host/policy_hack/policy_watcher.cc b/remoting/host/policy_hack/policy_watcher.cc
index bfa83f4..37c9009 100644
--- a/remoting/host/policy_hack/policy_watcher.cc
+++ b/remoting/host/policy_hack/policy_watcher.cc
@@ -94,6 +94,9 @@ scoped_ptr<base::DictionaryValue> AddDefaultValuesWhenNecessary(
                        false, false);
   CopyStringOrDefault(to.get(), from,
                       PolicyWatcher::kHostDomainPolicyName, "", "");
+  CopyBooleanOrDefault(to.get(), from,
+                       PolicyWatcher::kHostMatchUsernamePolicyName,
+                       false, false);
   CopyStringOrDefault(to.get(), from,
                       PolicyWatcher::kHostTalkGadgetPrefixPolicyName,
                       kDefaultHostTalkGadgetPrefix,
@@ -116,6 +119,9 @@ const char PolicyWatcher::kHostRequireTwoFactorPolicyName[] =
 const char PolicyWatcher::kHostDomainPolicyName[] =
     "RemoteAccessHostDomain";
 
+const char PolicyWatcher::kHostMatchUsernamePolicyName[] =
+    "RemoteAccessHostMatchUsername";
+
 const char PolicyWatcher::kHostTalkGadgetPrefixPolicyName[] =
     "RemoteAccessHostTalkGadgetPrefix";
 
@@ -125,6 +131,7 @@ const char PolicyWatcher::kHostRequireCurtainPolicyName[] =
 const char* const PolicyWatcher::kBooleanPolicyNames[] =
     { PolicyWatcher::kNatPolicyName,
       PolicyWatcher::kHostRequireTwoFactorPolicyName,
+      PolicyWatcher::kHostMatchUsernamePolicyName,
       PolicyWatcher::kHostRequireCurtainPolicyName
     };
 
diff --git a/remoting/host/policy_hack/policy_watcher.h b/remoting/host/policy_hack/policy_watcher.h
index ca59b4e..95217dc 100644
--- a/remoting/host/policy_hack/policy_watcher.h
+++ b/remoting/host/policy_hack/policy_watcher.h
@@ -55,6 +55,9 @@ class PolicyWatcher {
   // The name of the host domain policy.
   static const char kHostDomainPolicyName[];
 
+  // The name of the username policy.
+  static const char kHostMatchUsernamePolicyName[];
+
   // The name of the policy that controls the host talkgadget prefix.
   static const char kHostTalkGadgetPrefixPolicyName[];
 
diff --git a/remoting/host/policy_hack/policy_watcher_unittest.cc b/remoting/host/policy_hack/policy_watcher_unittest.cc
index 9f74541..edab59a 100644
--- a/remoting/host/policy_hack/policy_watcher_unittest.cc
+++ b/remoting/host/policy_hack/policy_watcher_unittest.cc
@@ -98,6 +98,7 @@ class PolicyWatcherTest : public testing::Test {
     dict.SetBoolean(PolicyWatcher::kNatPolicyName, true);
     dict.SetBoolean(PolicyWatcher::kHostRequireTwoFactorPolicyName, false);
     dict.SetString(PolicyWatcher::kHostDomainPolicyName, "");
+    dict.SetBoolean(PolicyWatcher::kHostMatchUsernamePolicyName, false);
     dict.SetString(PolicyWatcher::kHostTalkGadgetPrefixPolicyName,
                    kDefaultHostTalkGadgetPrefix);
     dict.SetBoolean(PolicyWatcher::kHostRequireCurtainPolicyName, false);
diff --git a/remoting/host/remoting_me2me_host.cc b/remoting/host/remoting_me2me_host.cc
index 6291e41..4e08d0c 100644
--- a/remoting/host/remoting_me2me_host.cc
+++ b/remoting/host/remoting_me2me_host.cc
@@ -76,6 +76,7 @@
 #endif  // defined(OS_MACOSX)
 
 #if defined(OS_LINUX)
+#include <pwd.h>
 #include "remoting/host/audio_capturer_linux.h"
 #include "remoting/host/pam_authorization_factory_posix.h"
 #endif  // defined(OS_LINUX)
@@ -107,6 +108,35 @@ void QuitMessageLoop(MessageLoop* message_loop) {
   message_loop->PostTask(FROM_HERE, MessageLoop::QuitClosure());
 }
 
+// Returns true if GetUsername() is implemented on this platform.
+bool CanGetUsername() {
+#if defined(OS_LINUX)
+  return true;
+#else  // defined(OS_LINUX)
+  return false;
+#endif  // defined(OS_LINUX)
+}  // namespace
+
+// Returns the username associated with this process, or the empty string on
+// error.
+std::string GetUsername() {
+#if defined(OS_LINUX)
+  long buf_size = sysconf(_SC_GETPW_R_SIZE_MAX);
+  if (buf_size <= 0)
+    return "";
+  scoped_array<char> buf(new char[buf_size]);
+  struct passwd passwd;
+  struct passwd* passwd_result = NULL;
+  getpwuid_r(getuid(), &passwd, buf.get(), buf_size, &passwd_result);
+  if (!passwd_result)
+    return "";
+  return std::string(passwd_result->pw_name);
+#else  // defined(OS_LINUX)
+  NOTREACHED();
+  return "";
+#endif  // defined(OS_LINUX)
+}
+
 }  // namespace
 
 namespace remoting {
@@ -155,6 +185,7 @@ class HostProcess
 
   void OnPolicyUpdate(scoped_ptr<base::DictionaryValue> policies);
   bool OnHostDomainPolicyUpdate(const std::string& host_domain);
+  bool OnUsernamePolicyUpdate(bool username_match_required);
   bool OnNatPolicyUpdate(bool nat_traversal_enabled);
   bool OnCurtainPolicyUpdate(bool curtain_required);
   bool OnHostTalkGadgetPrefixPolicyUpdate(const std::string& talkgadget_prefix);
@@ -586,6 +617,11 @@ void HostProcess::OnPolicyUpdate(scoped_ptr<base::DictionaryValue> policies) {
                           &string_value)) {
     restart_required |= OnHostDomainPolicyUpdate(string_value);
   }
+  if (policies->GetBoolean(
+      policy_hack::PolicyWatcher::kHostMatchUsernamePolicyName,
+      &bool_value)) {
+    restart_required |= OnUsernamePolicyUpdate(bool_value);
+  }
   if (policies->GetBoolean(policy_hack::PolicyWatcher::kNatPolicyName,
                            &bool_value)) {
     restart_required |= OnNatPolicyUpdate(bool_value);
@@ -618,6 +654,20 @@ bool HostProcess::OnHostDomainPolicyUpdate(const std::string& host_domain) {
   return false;
 }
 
+bool HostProcess::OnUsernamePolicyUpdate(bool host_username_match_required) {
+  // Returns false: never restart the host after this policy update.
+  DCHECK(context_->network_task_runner()->BelongsToCurrentThread());
+
+  if (host_username_match_required) {
+    if (!CanGetUsername() ||
+        !StartsWithASCII(xmpp_login_, GetUsername() + std::string("@"),
+                         false)) {
+      Shutdown(kUsernameMismatchExitCode);
+    }
+  }
+  return false;
+}
+
 bool HostProcess::OnNatPolicyUpdate(bool nat_traversal_enabled) {
   // Returns true if the host has to be restarted after this policy update.
   DCHECK(context_->network_task_runner()->BelongsToCurrentThread());
author	simonmorris@chromium.org <simonmorris@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2012-10-30 22:31:12 +0000
committer	simonmorris@chromium.org <simonmorris@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2012-10-30 22:31:12 +0000
commit	52ba3eaab56d133fe404e6b40315e1ed86ab5bbe (patch)
tree	9fcfd9cf0a62532fb04c8ac8fa99ccb652bba6fc /remoting/host
parent	7cd5e7168ca6d9aaa53abad1b7ae2c278fb2f470 (diff)
download	chromium_src-52ba3eaab56d133fe404e6b40315e1ed86ab5bbe.zip chromium_src-52ba3eaab56d133fe404e6b40315e1ed86ab5bbe.tar.gz chromium_src-52ba3eaab56d133fe404e6b40315e1ed86ab5bbe.tar.bz2