diff options
| author | rmsousa@chromium.org <rmsousa@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-01-11 22:24:40 +0000 |
|---|---|---|
| committer | rmsousa@chromium.org <rmsousa@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-01-11 22:24:40 +0000 |
| commit | b4e6a31aa1c189a5a31a3b284add121a2096713f (patch) | |
| tree | be48c32260a00cd52d932b604890c0f2f24f67d0 /remoting/protocol | |
| parent | db46e8a961653096cf5b9ab0bf05d0f39453d9f2 (diff) | |
| download | chromium_src-b4e6a31aa1c189a5a31a3b284add121a2096713f.zip chromium_src-b4e6a31aa1c189a5a31a3b284add121a2096713f.tar.gz chromium_src-b4e6a31aa1c189a5a31a3b284add121a2096713f.tar.bz2 | |
Fix JID checking for cases where the user account does not have a Google email associated with it.
BUG=333464
Review URL: https://codereview.chromium.org/134523007
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@244361 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'remoting/protocol')
| -rw-r--r-- | remoting/protocol/me2me_host_authenticator_factory.cc | 31 | ||||
| -rw-r--r-- | remoting/protocol/me2me_host_authenticator_factory.h | 3 |
2 files changed, 29 insertions, 5 deletions
diff --git a/remoting/protocol/me2me_host_authenticator_factory.cc b/remoting/protocol/me2me_host_authenticator_factory.cc index bd926da..1b36ee7 100644 --- a/remoting/protocol/me2me_host_authenticator_factory.cc +++ b/remoting/protocol/me2me_host_authenticator_factory.cc @@ -61,6 +61,7 @@ class RejectingAuthenticator : public Authenticator { // static scoped_ptr<AuthenticatorFactory> Me2MeHostAuthenticatorFactory::CreateWithSharedSecret( + bool use_service_account, const std::string& host_owner, const std::string& local_cert, scoped_refptr<RsaKeyPair> key_pair, @@ -68,6 +69,7 @@ Me2MeHostAuthenticatorFactory::CreateWithSharedSecret( scoped_refptr<PairingRegistry> pairing_registry) { scoped_ptr<Me2MeHostAuthenticatorFactory> result( new Me2MeHostAuthenticatorFactory()); + result->use_service_account_ = use_service_account; result->host_owner_ = host_owner; result->local_cert_ = local_cert; result->key_pair_ = key_pair; @@ -80,6 +82,7 @@ Me2MeHostAuthenticatorFactory::CreateWithSharedSecret( // static scoped_ptr<AuthenticatorFactory> Me2MeHostAuthenticatorFactory::CreateWithThirdPartyAuth( + bool use_service_account, const std::string& host_owner, const std::string& local_cert, scoped_refptr<RsaKeyPair> key_pair, @@ -87,6 +90,7 @@ Me2MeHostAuthenticatorFactory::CreateWithThirdPartyAuth( token_validator_factory) { scoped_ptr<Me2MeHostAuthenticatorFactory> result( new Me2MeHostAuthenticatorFactory()); + result->use_service_account_ = use_service_account; result->host_owner_ = host_owner; result->local_cert_ = local_cert; result->key_pair_ = key_pair; @@ -111,12 +115,29 @@ scoped_ptr<Authenticator> Me2MeHostAuthenticatorFactory::CreateAuthenticator( const std::string& remote_jid, const buzz::XmlElement* first_message) { - // Verify that the client's jid is an ASCII string, and then check - // that the client has the same bare jid as the host, i.e. client's - // full JID starts with host's bare jid. Comparison is case - // insensitive. + std::string remote_jid_prefix; + + if (!use_service_account_) { + // JID prefixes may not match the host owner email, for example, in cases + // where the host owner account does not have an email associated with it. + // In those cases, the only guarantee we have is that JIDs for the same + // account will have the same prefix. + size_t slash_pos = local_jid.find('/'); + if (slash_pos == std::string::npos) { + LOG(DFATAL) << "Invalid local JID:" << local_jid; + return scoped_ptr<Authenticator>(new RejectingAuthenticator()); + } + remote_jid_prefix = local_jid.substr(0, slash_pos); + } else { + // TODO(rmsousa): This only works for cases where the JID prefix matches + // the host owner email. Figure out a way to verify the JID in other cases. + remote_jid_prefix = host_owner_; + } + + // Verify that the client's jid is an ASCII string, and then check that the + // client JID has the expected prefix. Comparison is case insensitive. if (!IsStringASCII(remote_jid) || - !StartsWithASCII(remote_jid, host_owner_ + '/', false)) { + !StartsWithASCII(remote_jid, remote_jid_prefix + '/', false)) { LOG(ERROR) << "Rejecting incoming connection from " << remote_jid; return scoped_ptr<Authenticator>(new RejectingAuthenticator()); } diff --git a/remoting/protocol/me2me_host_authenticator_factory.h b/remoting/protocol/me2me_host_authenticator_factory.h index 2563347..69d8493 100644 --- a/remoting/protocol/me2me_host_authenticator_factory.h +++ b/remoting/protocol/me2me_host_authenticator_factory.h @@ -27,6 +27,7 @@ class Me2MeHostAuthenticatorFactory : public AuthenticatorFactory { public: // Create a factory that dispenses shared secret authenticators. static scoped_ptr<AuthenticatorFactory> CreateWithSharedSecret( + bool use_service_account, const std::string& host_owner, const std::string& local_cert, scoped_refptr<RsaKeyPair> key_pair, @@ -35,6 +36,7 @@ class Me2MeHostAuthenticatorFactory : public AuthenticatorFactory { // Create a factory that dispenses third party authenticators. static scoped_ptr<AuthenticatorFactory> CreateWithThirdPartyAuth( + bool use_service_account, const std::string& host_owner, const std::string& local_cert, scoped_refptr<RsaKeyPair> key_pair, @@ -56,6 +58,7 @@ class Me2MeHostAuthenticatorFactory : public AuthenticatorFactory { private: // Used for all host authenticators. + bool use_service_account_; std::string host_owner_; std::string local_cert_; scoped_refptr<RsaKeyPair> key_pair_; |