diff options
| author | kelvinp@chromium.org <kelvinp@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-04-07 22:33:28 +0000 |
|---|---|---|
| committer | kelvinp@chromium.org <kelvinp@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-04-07 22:33:28 +0000 |
| commit | 064128c1d8c7a3fb1d4ceaae996891130f2cf171 (patch) | |
| tree | ef143838848f3d3d28c7c8d327cc21828c3e43a1 /remoting/protocol/jingle_session.h | |
| parent | 57baec29d609c0e1ae53dea806e5fbcc70f83ed6 (diff) | |
| download | chromium_src-064128c1d8c7a3fb1d4ceaae996891130f2cf171.zip chromium_src-064128c1d8c7a3fb1d4ceaae996891130f2cf171.tar.gz chromium_src-064128c1d8c7a3fb1d4ceaae996891130f2cf171.tar.bz2 | |
Cause:
To prevent a malicious client from guessing the PIN by spamming the host with bogus logins, the chromoting host can throttle incoming requests after too many unsuccessful login attempts. In the current implementation, every time when there is an incoming request, we start incrementing the bad login counter, regardless of whether the host has actually starts authenticating.
Fix:
This change adds an extra flag on the authenticator to indicate whether authentication has started.
The JingleSession checks the flag and progagates the message back all the way up to the host through the callback Session::OnSessionAuthenticationBegin
BUG=350208
Review URL: https://codereview.chromium.org/205583011
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@262228 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'remoting/protocol/jingle_session.h')
| -rw-r--r-- | remoting/protocol/jingle_session.h | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/remoting/protocol/jingle_session.h b/remoting/protocol/jingle_session.h index 189cb53..3b704fb 100644 --- a/remoting/protocol/jingle_session.h +++ b/remoting/protocol/jingle_session.h @@ -132,9 +132,13 @@ class JingleSession : public Session, // Called after the initial incoming authenticator message is processed. void ContinueAcceptIncomingConnection(); + // Called after subsequent authenticator messages are processed. void ProcessAuthenticationStep(); + // Called after the authenticating step is finished. + void ContinueAuthenticationStep(); + // Terminates the session and sends session-terminate if it is // necessary. |error| specifies the error code in case when the // session is being closed due to an error. @@ -143,6 +147,9 @@ class JingleSession : public Session, // Sets |state_| to |new_state| and calls state change callback. void SetState(State new_state); + // Returns true if the state of the session is not CLOSED or FAILED + bool is_session_active(); + JingleSessionManager* session_manager_; std::string peer_jid_; scoped_ptr<CandidateSessionConfig> candidate_config_; @@ -172,6 +179,8 @@ class JingleSession : public Session, // Pending remote candidates, received before the local channels were created. std::list<JingleMessage::NamedCandidate> pending_remote_candidates_; + base::WeakPtrFactory<JingleSession> weak_factory_; + DISALLOW_COPY_AND_ASSIGN(JingleSession); }; |