Revert 267234 "New policies: enable/disable relay; port range"

> New policies: enable/disable relay; port range
>
> Add new Chromoting policies:
>
> "RemoteAccessHostAllowRelayedConnection"
> bool, default true
> It can be set to false to disable the use of relay servers if NAT
> traversal is enabled.
>
> "RemoteAccessHostUdpPortRange"
> string, default ""
> Can be used to specify a range in the form "<min-port>-<max-port>" to
> restrict the range of UDP ports available to the host for connections.
> E.g. "12400-12409"
>
> BUG=355168
>
> Review URL: https://codereview.chromium.org/209323002

TBR=dcaiafa@chromium.org
BUG=368724

Review URL: https://codereview.chromium.org/268483003

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@267242 0039d316-1c4b-4281-b951-d872f2087c98

5 files changed, 6 insertions, 143 deletions

diff --git a/remoting/host/it2me/it2me_host.cc b/remoting/host/it2me/it2me_host.cc
index 505efde..fec201f 100644
--- a/remoting/host/it2me/it2me_host.cc
+++ b/remoting/host/it2me/it2me_host.cc
@@ -184,7 +184,7 @@ void It2MeHost::FinishConnect() {
   HOST_LOG << "NAT state: " << nat_traversal_enabled_;
   NetworkSettings network_settings(
      nat_traversal_enabled_ ?
-     NetworkSettings::NAT_TRAVERSAL_FULL :
+     NetworkSettings::NAT_TRAVERSAL_ENABLED :
      NetworkSettings::NAT_TRAVERSAL_DISABLED);
   if (!nat_traversal_enabled_) {
     network_settings.min_port = NetworkSettings::kDefaultMinPort;
diff --git a/remoting/host/policy_hack/policy_watcher.cc b/remoting/host/policy_hack/policy_watcher.cc
index e603cf5..fd1a37b 100644
--- a/remoting/host/policy_hack/policy_watcher.cc
+++ b/remoting/host/policy_hack/policy_watcher.cc
@@ -107,12 +107,6 @@ const char PolicyWatcher::kHostAllowClientPairing[] =
 const char PolicyWatcher::kHostAllowGnubbyAuthPolicyName[] =
     "RemoteAccessHostAllowGnubbyAuth";
 
-const char PolicyWatcher::kRelayPolicyName[] =
-    "RemoteAccessHostAllowRelayedConnection";
-
-const char PolicyWatcher::kUdpPortRangePolicyName[] =
-    "RemoteAccessHostUdpPortRange";
-
 const char PolicyWatcher::kHostDebugOverridePoliciesName[] =
     "RemoteAccessHostDebugOverridePolicies";
 
@@ -136,8 +130,6 @@ PolicyWatcher::PolicyWatcher(
                              std::string());
   default_values_->SetBoolean(kHostAllowClientPairing, true);
   default_values_->SetBoolean(kHostAllowGnubbyAuthPolicyName, true);
-  default_values_->SetBoolean(kRelayPolicyName, true);
-  default_values_->SetString(kUdpPortRangePolicyName, "");
 #if !defined(NDEBUG)
   default_values_->SetString(kHostDebugOverridePoliciesName, std::string());
 #endif
@@ -146,7 +138,6 @@ PolicyWatcher::PolicyWatcher(
   // For most policies these match the defaults.
   bad_type_values_.reset(default_values_->DeepCopy());
   bad_type_values_->SetBoolean(kNatPolicyName, false);
-  bad_type_values_->SetBoolean(kRelayPolicyName, false);
 }
 
 PolicyWatcher::~PolicyWatcher() {
diff --git a/remoting/host/policy_hack/policy_watcher.h b/remoting/host/policy_hack/policy_watcher.h
index 0ced8f2..a3afee0 100644
--- a/remoting/host/policy_hack/policy_watcher.h
+++ b/remoting/host/policy_hack/policy_watcher.h
@@ -77,12 +77,6 @@ class PolicyWatcher {
   // The name of the policy for disabling gnubbyd forwarding.
   static const char kHostAllowGnubbyAuthPolicyName[];
 
-  // The name of the policy for allowing use of relay servers.
-  static const char kRelayPolicyName[];
-
-  // The name of the policy that restricts the range of host UDP ports.
-  static const char kUdpPortRangePolicyName[];
-
   // The name of the policy for overriding policies, for use in testing.
   static const char kHostDebugOverridePoliciesName[];
 
diff --git a/remoting/host/policy_hack/policy_watcher_unittest.cc b/remoting/host/policy_hack/policy_watcher_unittest.cc
index 0ed1a55..729a7bb 100644
--- a/remoting/host/policy_hack/policy_watcher_unittest.cc
+++ b/remoting/host/policy_hack/policy_watcher_unittest.cc
@@ -75,13 +75,6 @@ class PolicyWatcherTest : public testing::Test {
                                  true);
     gnubby_auth_false_.SetBoolean(PolicyWatcher::kHostAllowGnubbyAuthPolicyName,
                                  false);
-    relay_true_.SetBoolean(PolicyWatcher::kRelayPolicyName, true);
-    relay_false_.SetBoolean(PolicyWatcher::kRelayPolicyName, false);
-    port_range_full_.SetString(PolicyWatcher::kUdpPortRangePolicyName,
-                               kPortRange);
-    port_range_empty_.SetString(PolicyWatcher::kUdpPortRangePolicyName,
-                                std::string());
-
 #if !defined(NDEBUG)
     SetDefaults(nat_false_overridden_others_default_);
     nat_false_overridden_others_default_.SetBoolean(
@@ -106,7 +99,6 @@ class PolicyWatcherTest : public testing::Test {
   }
 
   static const char* kHostDomain;
-  static const char* kPortRange;
   base::MessageLoop message_loop_;
   scoped_refptr<base::MessageLoopProxy> message_loop_proxy_;
   MockPolicyCallback mock_policy_callback_;
@@ -134,16 +126,10 @@ class PolicyWatcherTest : public testing::Test {
   base::DictionaryValue pairing_false_;
   base::DictionaryValue gnubby_auth_true_;
   base::DictionaryValue gnubby_auth_false_;
-  base::DictionaryValue relay_true_;
-  base::DictionaryValue relay_false_;
-  base::DictionaryValue port_range_full_;
-  base::DictionaryValue port_range_empty_;
 
  private:
   void SetDefaults(base::DictionaryValue& dict) {
     dict.SetBoolean(PolicyWatcher::kNatPolicyName, true);
-    dict.SetBoolean(PolicyWatcher::kRelayPolicyName, true);
-    dict.SetString(PolicyWatcher::kUdpPortRangePolicyName, "");
     dict.SetBoolean(PolicyWatcher::kHostRequireTwoFactorPolicyName, false);
     dict.SetString(PolicyWatcher::kHostDomainPolicyName, std::string());
     dict.SetBoolean(PolicyWatcher::kHostMatchUsernamePolicyName, false);
@@ -164,7 +150,6 @@ class PolicyWatcherTest : public testing::Test {
 };
 
 const char* PolicyWatcherTest::kHostDomain = "google.com";
-const char* PolicyWatcherTest::kPortRange = "12400-12409";
 
 MATCHER_P(IsPolicies, dict, "") {
   return arg->Equals(dict);
@@ -370,37 +355,5 @@ TEST_F(PolicyWatcherTest, GnubbyAuth) {
   StopWatching();
 }
 
-TEST_F(PolicyWatcherTest, Relay) {
-  testing::InSequence sequence;
-  EXPECT_CALL(mock_policy_callback_,
-              OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_)));
-  EXPECT_CALL(mock_policy_callback_,
-              OnPolicyUpdatePtr(IsPolicies(&relay_false_)));
-  EXPECT_CALL(mock_policy_callback_,
-              OnPolicyUpdatePtr(IsPolicies(&relay_true_)));
-
-  StartWatching();
-  policy_watcher_->SetPolicies(&empty_);
-  policy_watcher_->SetPolicies(&relay_false_);
-  policy_watcher_->SetPolicies(&relay_true_);
-  StopWatching();
-}
-
-TEST_F(PolicyWatcherTest, UdpPortRange) {
-  testing::InSequence sequence;
-  EXPECT_CALL(mock_policy_callback_,
-              OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_)));
-  EXPECT_CALL(mock_policy_callback_,
-              OnPolicyUpdatePtr(IsPolicies(&port_range_full_)));
-  EXPECT_CALL(mock_policy_callback_,
-              OnPolicyUpdatePtr(IsPolicies(&port_range_empty_)));
-
-  StartWatching();
-  policy_watcher_->SetPolicies(&empty_);
-  policy_watcher_->SetPolicies(&port_range_full_);
-  policy_watcher_->SetPolicies(&port_range_empty_);
-  StopWatching();
-}
-
 }  // namespace policy_hack
 }  // namespace remoting
diff --git a/remoting/host/remoting_me2me_host.cc b/remoting/host/remoting_me2me_host.cc
index 5d33b02..b9f4057 100644
--- a/remoting/host/remoting_me2me_host.cc
+++ b/remoting/host/remoting_me2me_host.cc
@@ -36,7 +36,6 @@
 #include "remoting/base/constants.h"
 #include "remoting/base/logging.h"
 #include "remoting/base/rsa_key_pair.h"
-#include "remoting/base/util.h"
 #include "remoting/host/branding.h"
 #include "remoting/host/chromoting_host.h"
 #include "remoting/host/chromoting_host_context.h"
@@ -228,8 +227,6 @@ class HostProcess
   bool OnUsernamePolicyUpdate(bool curtain_required,
                               bool username_match_required);
   bool OnNatPolicyUpdate(bool nat_traversal_enabled);
-  bool OnRelayPolicyUpdate(bool allow_relay);
-  bool OnUdpPortPolicyUpdate(const std::string& udp_port_range);
   void OnCurtainPolicyUpdate(bool curtain_required);
   bool OnHostTalkGadgetPrefixPolicyUpdate(const std::string& talkgadget_prefix);
   bool OnHostTokenUrlPolicyUpdate(
@@ -290,9 +287,6 @@ class HostProcess
   bool use_service_account_;
   scoped_ptr<policy_hack::PolicyWatcher> policy_watcher_;
   bool allow_nat_traversal_;
-  bool allow_relay_;
-  int min_udp_port_;
-  int max_udp_port_;
   std::string talkgadget_prefix_;
   bool allow_pairing_;
 
@@ -330,9 +324,6 @@ HostProcess::HostProcess(scoped_ptr<ChromotingHostContext> context,
       state_(HOST_INITIALIZING),
       use_service_account_(false),
       allow_nat_traversal_(true),
-      allow_relay_(true),
-      min_udp_port_(0),
-      max_udp_port_(0),
       allow_pairing_(true),
       curtain_required_(false),
       enable_gnubby_auth_(false),
@@ -845,16 +836,6 @@ void HostProcess::OnPolicyUpdate(scoped_ptr<base::DictionaryValue> policies) {
                            &bool_value)) {
     restart_required |= OnNatPolicyUpdate(bool_value);
   }
-  if (policies->GetBoolean(policy_hack::PolicyWatcher::kRelayPolicyName,
-                           &bool_value)) {
-    restart_required |= OnRelayPolicyUpdate(bool_value);
-  }
-  std::string udp_port_range;
-  if (policies->GetString(policy_hack::PolicyWatcher::kUdpPortRangePolicyName,
-                           &udp_port_range)) {
-    restart_required |= OnUdpPortPolicyUpdate(udp_port_range);
-  }
-
   if (policies->GetString(
           policy_hack::PolicyWatcher::kHostTalkGadgetPrefixPolicyName,
           &string_value)) {
@@ -961,49 +942,6 @@ bool HostProcess::OnNatPolicyUpdate(bool nat_traversal_enabled) {
   return false;
 }
 
-bool HostProcess::OnRelayPolicyUpdate(bool allow_relay) {
-  // Returns true if the host has to be restarted after this policy update.
-  DCHECK(context_->network_task_runner()->BelongsToCurrentThread());
-
-  if (allow_relay_ != allow_relay) {
-    if (allow_relay)
-      HOST_LOG << "Policy enables use of relay server.";
-    else
-      HOST_LOG << "Policy disables use of relay server.";
-    allow_relay_ = allow_relay;
-    return true;
-  }
-  return false;
-}
-
-bool HostProcess::OnUdpPortPolicyUpdate(const std::string& udp_port_range) {
-  // Returns true if the host has to be restarted after this policy update.
-  DCHECK(context_->network_task_runner()->BelongsToCurrentThread());
-
-  // Use default values if policy setting is empty or invalid.
-  int min_udp_port = 0;
-  int max_udp_port = 0;
-  if (!udp_port_range.empty() &&
-      !NetworkSettings::ParsePortRange(udp_port_range, &min_udp_port,
-                                       &max_udp_port)) {
-    LOG(WARNING) << "Invalid port range policy: \"" << udp_port_range
-                 << "\". Using default values.";
-  }
-
-  if (min_udp_port_ != min_udp_port || max_udp_port_ != max_udp_port) {
-    if (min_udp_port != 0 && max_udp_port != 0) {
-      HOST_LOG << "Policy restricts UDP port range to [" << min_udp_port
-               << ", " << max_udp_port << "]";
-    } else {
-      HOST_LOG << "Policy does not restrict UDP port range.";
-    }
-    min_udp_port_ = min_udp_port;
-    max_udp_port_ = max_udp_port;
-    return true;
-  }
-  return false;
-}
-
 void HostProcess::OnCurtainPolicyUpdate(bool curtain_required) {
   // Returns true if the host has to be restarted after this policy update.
   DCHECK(context_->network_task_runner()->BelongsToCurrentThread());
@@ -1149,24 +1087,11 @@ void HostProcess::StartHost() {
     signaling_connector_->EnableOAuth(oauth_token_getter_.get());
   }
 
-  uint32 network_flags = allow_nat_traversal_ ?
-      NetworkSettings::NAT_TRAVERSAL_STUN : 0;
-
-  if (allow_relay_)
-    network_flags |= NetworkSettings::NAT_TRAVERSAL_RELAY;
-
-  if (allow_relay_ || allow_nat_traversal_)
-    network_flags |= NetworkSettings::NAT_TRAVERSAL_OUTGOING;
-
-  NetworkSettings network_settings(network_flags);
-
-  if (min_udp_port_ && max_udp_port_) {
-    network_settings.min_port = min_udp_port_;
-    network_settings.max_port = max_udp_port_;
-  } else if (!allow_nat_traversal_) {
-    // For legacy reasons we have to restrict the port range to a set of default
-    // values when nat traversal is disabled, even if the port range was not
-    // set in policy.
+  NetworkSettings network_settings(
+      allow_nat_traversal_ ?
+      NetworkSettings::NAT_TRAVERSAL_ENABLED :
+      NetworkSettings::NAT_TRAVERSAL_DISABLED);
+  if (!allow_nat_traversal_) {
     network_settings.min_port = NetworkSettings::kDefaultMinPort;
     network_settings.max_port = NetworkSettings::kDefaultMaxPort;
   }