Added PIN-less auth policy.

BUG=156182

Review URL: https://chromiumcodereview.appspot.com/20864002

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@215355 0039d316-1c4b-4281-b951-d872f2087c98

4 files changed, 57 insertions, 3 deletions

diff --git a/remoting/host/policy_hack/policy_watcher.cc b/remoting/host/policy_hack/policy_watcher.cc
index a7cae81..23b6c78 100644
--- a/remoting/host/policy_hack/policy_watcher.cc
+++ b/remoting/host/policy_hack/policy_watcher.cc
@@ -98,6 +98,9 @@ const char PolicyWatcher::kHostTokenUrlPolicyName[] =
 const char PolicyWatcher::kHostTokenValidationUrlPolicyName[] =
     "RemoteAccessHostTokenValidationUrl";
 
+const char PolicyWatcher::kHostAllowClientPairing[] =
+    "RemoteAccessHostAllowClientPairing";
+
 const char PolicyWatcher::kHostDebugOverridePoliciesName[] =
     "RemoteAccessHostDebugOverridePolicies";
 
@@ -117,6 +120,7 @@ PolicyWatcher::PolicyWatcher(
                                kDefaultHostTalkGadgetPrefix);
   default_values_->SetString(kHostTokenUrlPolicyName, std::string());
   default_values_->SetString(kHostTokenValidationUrlPolicyName, std::string());
+  default_values_->SetBoolean(kHostAllowClientPairing, true);
 #if !defined(NDEBUG)
   default_values_->SetString(kHostDebugOverridePoliciesName, std::string());
 #endif
diff --git a/remoting/host/policy_hack/policy_watcher.h b/remoting/host/policy_hack/policy_watcher.h
index 23e2209..7c9e4d0 100644
--- a/remoting/host/policy_hack/policy_watcher.h
+++ b/remoting/host/policy_hack/policy_watcher.h
@@ -55,7 +55,9 @@ class PolicyWatcher {
   // The name of the host domain policy.
   static const char kHostDomainPolicyName[];
 
-  // The name of the username policy.
+  // The name of the username policy. This policy is ignored on Windows.
+  // This policy is currently considered 'internal only' and so is not
+  // documented in policy_templates.json.
   static const char kHostMatchUsernamePolicyName[];
 
   // The name of the policy that controls the host talkgadget prefix.
@@ -68,6 +70,9 @@ class PolicyWatcher {
   static const char kHostTokenUrlPolicyName[];
   static const char kHostTokenValidationUrlPolicyName[];
 
+  // The name of the policy for disabling PIN-less authentication.
+  static const char kHostAllowClientPairing[];
+
   // The name of the policy for overriding policies, for use in testing.
   static const char kHostDebugOverridePoliciesName[];
 
diff --git a/remoting/host/policy_hack/policy_watcher_unittest.cc b/remoting/host/policy_hack/policy_watcher_unittest.cc
index 600f409..c88cfc9 100644
--- a/remoting/host/policy_hack/policy_watcher_unittest.cc
+++ b/remoting/host/policy_hack/policy_watcher_unittest.cc
@@ -68,6 +68,8 @@ class PolicyWatcherTest : public testing::Test {
     nat_true_and_overridden_.SetString(
         PolicyWatcher::kHostDebugOverridePoliciesName,
         kOverrideNatTraversalToFalse);
+    pairing_true_.SetBoolean(PolicyWatcher::kHostAllowClientPairing, true);
+    pairing_false_.SetBoolean(PolicyWatcher::kHostAllowClientPairing, false);
 #if !defined(NDEBUG)
     SetDefaults(nat_false_overridden_others_default_);
     nat_false_overridden_others_default_.SetBoolean(
@@ -115,6 +117,8 @@ class PolicyWatcherTest : public testing::Test {
   base::DictionaryValue unknown_policies_;
   base::DictionaryValue nat_true_and_overridden_;
   base::DictionaryValue nat_false_overridden_others_default_;
+  base::DictionaryValue pairing_true_;
+  base::DictionaryValue pairing_false_;
 
  private:
   void SetDefaults(base::DictionaryValue& dict) {
@@ -128,6 +132,7 @@ class PolicyWatcherTest : public testing::Test {
     dict.SetString(PolicyWatcher::kHostTokenUrlPolicyName, std::string());
     dict.SetString(PolicyWatcher::kHostTokenValidationUrlPolicyName,
                    std::string());
+    dict.SetBoolean(PolicyWatcher::kHostAllowClientPairing, true);
 #if !defined(NDEBUG)
     dict.SetString(PolicyWatcher::kHostDebugOverridePoliciesName, "");
 #endif
@@ -308,5 +313,21 @@ TEST_F(PolicyWatcherTest, DebugOverrideNatPolicy) {
   StopWatching();
 }
 
+TEST_F(PolicyWatcherTest, PairingFalseThenTrue) {
+  testing::InSequence sequence;
+  EXPECT_CALL(mock_policy_callback_,
+              OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_)));
+  EXPECT_CALL(mock_policy_callback_,
+              OnPolicyUpdatePtr(IsPolicies(&pairing_false_)));
+  EXPECT_CALL(mock_policy_callback_,
+              OnPolicyUpdatePtr(IsPolicies(&pairing_true_)));
+
+  StartWatching();
+  policy_watcher_->SetPolicies(&empty_);
+  policy_watcher_->SetPolicies(&pairing_false_);
+  policy_watcher_->SetPolicies(&pairing_true_);
+  StopWatching();
+}
+
 }  // namespace policy_hack
 }  // namespace remoting
diff --git a/remoting/host/remoting_me2me_host.cc b/remoting/host/remoting_me2me_host.cc
index af8861b..fed6031 100644
--- a/remoting/host/remoting_me2me_host.cc
+++ b/remoting/host/remoting_me2me_host.cc
@@ -213,6 +213,7 @@ class HostProcess
   bool OnHostTalkGadgetPrefixPolicyUpdate(const std::string& talkgadget_prefix);
   bool OnHostTokenUrlPolicyUpdate(const GURL& token_url,
                                   const GURL& token_validation_url);
+  bool OnPairingPolicyUpdate(bool pairing_enabled);
 
   void StartHost();
 
@@ -266,6 +267,7 @@ class HostProcess
   scoped_ptr<policy_hack::PolicyWatcher> policy_watcher_;
   bool allow_nat_traversal_;
   std::string talkgadget_prefix_;
+  bool allow_pairing_;
 
   bool curtain_required_;
   GURL token_url_;
@@ -297,6 +299,7 @@ HostProcess::HostProcess(scoped_ptr<ChromotingHostContext> context,
     : context_(context.Pass()),
       state_(HOST_INITIALIZING),
       allow_nat_traversal_(true),
+      allow_pairing_(true),
       curtain_required_(false),
 #if defined(REMOTING_MULTI_PROCESS)
       desktop_session_connector_(NULL),
@@ -482,8 +485,10 @@ void HostProcess::CreateAuthenticatorFactory() {
     return;
   }
 
-  scoped_refptr<protocol::PairingRegistry> pairing_registry =
-      CreatePairingRegistry(context_->file_task_runner());
+  scoped_refptr<protocol::PairingRegistry> pairing_registry = NULL;
+  if (allow_pairing_) {
+    pairing_registry = CreatePairingRegistry(context_->file_task_runner());
+  }
 
   scoped_ptr<protocol::AuthenticatorFactory> factory;
 
@@ -748,6 +753,11 @@ void HostProcess::OnPolicyUpdate(scoped_ptr<base::DictionaryValue> policies) {
     restart_required |= OnHostTokenUrlPolicyUpdate(
         GURL(token_url_string), GURL(token_validation_url_string));
   }
+  if (policies->GetBoolean(
+          policy_hack::PolicyWatcher::kHostAllowClientPairing,
+          &bool_value)) {
+    restart_required |= OnPairingPolicyUpdate(bool_value);
+  }
 
   if (state_ == HOST_INITIALIZING) {
     StartHost();
@@ -893,6 +903,20 @@ bool HostProcess::OnHostTokenUrlPolicyUpdate(
   return false;
 }
 
+bool HostProcess::OnPairingPolicyUpdate(bool allow_pairing) {
+  DCHECK(context_->network_task_runner()->BelongsToCurrentThread());
+
+  if (allow_pairing_ == allow_pairing)
+    return false;
+
+  if (allow_pairing)
+    LOG(INFO) << "Policy enables client pairing.";
+  else
+    LOG(INFO) << "Policy disables client pairing.";
+  allow_pairing_ = allow_pairing;
+  return true;
+}
+
 void HostProcess::StartHost() {
   DCHECK(context_->network_task_runner()->BelongsToCurrentThread());
   DCHECK(!host_);