[Chromoting] Make the Windows host controller ask the user to confirm host registration.

BUG=121749


Review URL: http://codereview.chromium.org/10071025

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@132240 0039d316-1c4b-4281-b951-d872f2087c98

7 files changed, 271 insertions, 4 deletions

diff --git a/remoting/host/elevated_controller.rc b/remoting/host/elevated_controller.rc
index 3d8618a..45fe207 100644
--- a/remoting/host/elevated_controller.rc
+++ b/remoting/host/elevated_controller.rc
@@ -3,6 +3,8 @@
 // Embedded type library.
 1 typelib "remoting/host/elevated_controller.tlb"
 
+#include "elevated_controller_resource.h"
+
 // English (U.S.) resources
 #if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_ENU)
 #ifdef _WIN32
@@ -13,10 +15,52 @@ LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US
 STRINGTABLE
 BEGIN
 #ifdef OFFICIAL_BUILD
-  100 "Chrome Remote Desktop Host Controller"
+  IDS_CONTROLLER "Chrome Remote Desktop Host Controller"
 #else
-  100 "Chromoting Host Controller"
+  IDS_CONTROLLER "Chromoting Host Controller"
 #endif
 END
 
-#endif // English (U.S.) resources
+
+/////////////////////////////////////////////////////////////////////////////
+//
+// Dialog
+//
+
+IDD_VERIFY_CONFIG_DIALOG DIALOGEX 0, 0, 221, 120
+STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | WS_POPUP | WS_CAPTION
+EXSTYLE WS_EX_TOPMOST
+CAPTION "kTitle"
+FONT 8, "MS Shell Dlg", 400, 0, 0x1
+BEGIN
+    EDITTEXT        IDC_PIN,7,69,107,15,WS_TABSTOP
+    DEFPUSHBUTTON   "kOK",IDOK,116,100,98,14,WS_TABSTOP
+    LTEXT           "kConfirmConfigChange",IDC_MESSAGE,7,7,207,30
+    LTEXT           "kEmail",IDC_EMAIL,7,38,207,30
+    PUSHBUTTON      "kCancel",IDCANCEL,7,100,98,14,WS_TABSTOP
+END
+
+
+/////////////////////////////////////////////////////////////////////////////
+//
+// DESIGNINFO
+//
+
+#ifdef APSTUDIO_INVOKED
+GUIDELINES DESIGNINFO
+BEGIN
+    IDD_VERIFY_CONFIG_DIALOG, DIALOG
+    BEGIN
+        LEFTMARGIN, 7
+        RIGHTMARGIN, 214
+        VERTGUIDE, 105
+        VERTGUIDE, 116
+        VERTGUIDE, 203
+        TOPMARGIN, 7
+        BOTTOMMARGIN, 52
+    END
+END
+#endif    // APSTUDIO_INVOKED
+
+#endif    // English (U.S.) resources
+/////////////////////////////////////////////////////////////////////////////
diff --git a/remoting/host/elevated_controller_module_win.cc b/remoting/host/elevated_controller_module_win.cc
index 9d6442b..f4cc407 100644
--- a/remoting/host/elevated_controller_module_win.cc
+++ b/remoting/host/elevated_controller_module_win.cc
@@ -28,7 +28,7 @@ class ElevatedControllerModuleWin
 
 remoting::ElevatedControllerModuleWin _AtlModule;
 
-int WINAPI WinMain(HINSTANCE, HINSTANCE, LPSTR, int command) {
+int WINAPI WinMain(HINSTANCE instance, HINSTANCE, LPSTR, int command) {
   CommandLine::Init(0, NULL);
 
   // This object instance is required by Chrome code (for example,
diff --git a/remoting/host/elevated_controller_resource.h b/remoting/host/elevated_controller_resource.h
new file mode 100644
index 0000000..ce55048
--- /dev/null
+++ b/remoting/host/elevated_controller_resource.h
@@ -0,0 +1,14 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef REMOTING_HOST_ELEVATED_CONTROLLER_RESOURCE_H
+#define REMOTING_HOST_ELEVATED_CONTROLLER_RESOURCE_H 1
+
+#define IDS_CONTROLLER 100
+#define IDD_VERIFY_CONFIG_DIALOG 101
+#define IDC_MESSAGE 102
+#define IDC_EMAIL 103
+#define IDC_PIN 104
+
+#endif REMOTING_HOST_ELEVATED_CONTROLLER_RESOURCE_H 1
diff --git a/remoting/host/elevated_controller_win.cc b/remoting/host/elevated_controller_win.cc
index 86c0aa4d..4d510fc 100644
--- a/remoting/host/elevated_controller_win.cc
+++ b/remoting/host/elevated_controller_win.cc
@@ -16,6 +16,8 @@
 #include "base/values.h"
 #include "base/win/scoped_handle.h"
 #include "remoting/host/branding.h"
+#include "remoting/host/elevated_controller_resource.h"
+#include "remoting/host/verify_config_window_win.h"
 
 namespace {
 
@@ -96,6 +98,28 @@ HRESULT WriteConfig(const FilePath& filename,
       return E_FAIL;
   }
 
+  // Extract the configuration data that the user will verify.
+  scoped_ptr<base::Value> config_value(base::JSONReader::Read(content));
+  if (!config_value.get()) {
+    return E_FAIL;
+  }
+  base::DictionaryValue* config_dict = NULL;
+  if (!config_value->GetAsDictionary(&config_dict)) {
+    return E_FAIL;
+  }
+  std::string email, host_id, host_secret_hash;
+  if (!config_dict->GetString("xmpp_login", &email) ||
+      !config_dict->GetString("host_id", &host_id) ||
+      !config_dict->GetString("host_secret_hash", &host_secret_hash)) {
+    return E_FAIL;
+  }
+
+  // Ask the user to verify the configuration.
+  remoting::VerifyConfigWindowWin verify_win(email, host_id, host_secret_hash);
+  if (!verify_win.Run()) {
+    return E_FAIL;
+  }
+
   // Create a security descriptor for the configuration file.
   SECURITY_ATTRIBUTES security_attributes;
   security_attributes.nLength = sizeof(security_attributes);
diff --git a/remoting/host/verify_config_window_win.cc b/remoting/host/verify_config_window_win.cc
new file mode 100644
index 0000000..d2e695f
--- /dev/null
+++ b/remoting/host/verify_config_window_win.cc
@@ -0,0 +1,137 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "remoting/host/verify_config_window_win.h"
+
+#include <atlbase.h>
+#include <windows.h>
+
+#include "base/base64.h"
+#include "base/compiler_specific.h"
+#include "base/logging.h"
+#include "base/utf_string_conversions.h"
+#include "remoting/host/elevated_controller_resource.h"
+#include "remoting/protocol/authentication_method.h"
+
+namespace remoting {
+
+VerifyConfigWindowWin::VerifyConfigWindowWin(const std::string& email,
+    const std::string& host_id, const std::string& host_secret_hash)
+  : hwnd_(NULL),
+    email_(email),
+    host_id_(host_id),
+    host_secret_hash_(host_secret_hash) {
+}
+
+VerifyConfigWindowWin::~VerifyConfigWindowWin() {
+  EndDialog();
+}
+
+bool VerifyConfigWindowWin::Run() {
+  // TODO(simonmorris): Provide a handle of a parent window for this dialog.
+  return (DialogBoxParam(ATL::_AtlBaseModule.GetModuleInstance(),
+                         MAKEINTRESOURCE(IDD_VERIFY_CONFIG_DIALOG),
+                         NULL,
+                         (DLGPROC)DialogProc,
+                         (LPARAM)this) != 0);
+}
+
+BOOL CALLBACK VerifyConfigWindowWin::DialogProc(HWND hwnd, UINT msg,
+                                                WPARAM wParam, LPARAM lParam) {
+  VerifyConfigWindowWin* win = NULL;
+  if (msg == WM_INITDIALOG) {
+    win = reinterpret_cast<VerifyConfigWindowWin*>(lParam);
+    CHECK(win);
+    SetWindowLongPtr(hwnd, DWLP_USER, (LONG_PTR)win);
+  } else {
+    LONG_PTR lp = GetWindowLongPtr(hwnd, DWLP_USER);
+    win = reinterpret_cast<VerifyConfigWindowWin*>(lp);
+  }
+  if (win == NULL)
+    return FALSE;
+  return win->OnDialogMessage(hwnd, msg, wParam, lParam);
+}
+
+BOOL VerifyConfigWindowWin::OnDialogMessage(HWND hwnd, UINT msg,
+                                            WPARAM wParam, LPARAM lParam) {
+  switch (msg) {
+    case WM_INITDIALOG:
+      hwnd_ = hwnd;
+      InitDialog();
+      return TRUE;
+    case WM_DESTROY:
+      ::EndDialog(hwnd, 0);
+    case WM_COMMAND:
+      switch (LOWORD(wParam)) {
+        case IDOK:
+          ::EndDialog(hwnd, VerifyHostSecretHash());
+          hwnd_ = NULL;
+          return TRUE;
+        case IDCANCEL:
+          ::EndDialog(hwnd, 0);
+          hwnd_ = NULL;
+          return TRUE;
+      }
+  }
+  return FALSE;
+}
+
+void VerifyConfigWindowWin::InitDialog() {
+  // TODO(simonmorris): l10n.
+  SetWindowText(hwnd_, L"Chrome Remote Desktop");
+
+  HWND hwndOk = GetDlgItem(hwnd_, IDOK);
+  CHECK(hwndOk);
+  SetWindowText(hwndOk, L"OK");
+
+  HWND hwndCancel = GetDlgItem(hwnd_, IDCANCEL);
+  CHECK(hwndCancel);
+  SetWindowText(hwndCancel, L"Cancel");
+
+  HWND hwndMessage = GetDlgItem(hwnd_, IDC_MESSAGE);
+  CHECK(hwndMessage);
+  SetWindowText(hwndMessage, L"To confirm that your Chrome Remote Desktop "
+      L"should be accessible by this account, please enter your PIN below.");
+
+  HWND hwndEmail = GetDlgItem(hwnd_, IDC_EMAIL);
+  CHECK(hwndEmail);
+  SetWindowText(hwndEmail, UTF8ToUTF16(email_).c_str());
+
+  HWND hwndPin = GetDlgItem(hwnd_, IDC_PIN);
+  CHECK(hwndPin);
+  SetFocus(hwndPin);
+}
+
+void VerifyConfigWindowWin::EndDialog() {
+  if (hwnd_) {
+    ::EndDialog(hwnd_, 0);
+    hwnd_ = NULL;
+  }
+}
+
+bool VerifyConfigWindowWin::VerifyHostSecretHash() {
+  const int kMaxPinLength = 256;
+  // TODO(simonmorris): Use ATL's string class, if it's more convenient.
+  scoped_array<WCHAR> pinWSTR(new WCHAR[kMaxPinLength]);
+  HWND hwndPin = GetDlgItem(hwnd_, IDC_PIN);
+  CHECK(hwndPin);
+  GetWindowText(hwndPin, pinWSTR.get(), kMaxPinLength);
+
+  // TODO(simonmorris): This code was copied from host_script_object.cc.
+  // Refactor to use PinIsValid(), from CL 10008092.
+  std::string pin(UTF16ToUTF8(pinWSTR.get()));
+  std::string hash = protocol::AuthenticationMethod::ApplyHashFunction(
+      protocol::AuthenticationMethod::HMAC_SHA256, host_id_, pin);
+  std::string hash_base64;
+  bool base64_result = base::Base64Encode(hash, &hash_base64);
+  if (!base64_result) {
+    LOG(FATAL) << "Base64Encode failed";
+    return false;
+  }
+  hash_base64 = "hmac:" + hash_base64;
+
+  return (hash_base64 == host_secret_hash_);
+}
+
+}  // namespace remoting
diff --git a/remoting/host/verify_config_window_win.h b/remoting/host/verify_config_window_win.h
new file mode 100644
index 0000000..fc84427
--- /dev/null
+++ b/remoting/host/verify_config_window_win.h
@@ -0,0 +1,45 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef REMOTING_HOST_VERIFY_CONFIG_WINDOW_WIN_H
+#define REMOTING_HOST_VERIFY_CONFIG_WINDOW_WIN_H
+
+#include <string>
+
+#include "base/callback.h"
+
+namespace remoting {
+
+// TODO(simonmorris): Derive this class from ATL's CDialog.
+class VerifyConfigWindowWin {
+ public:
+   VerifyConfigWindowWin(const std::string& email,
+                         const std::string& host_id,
+                         const std::string& host_secret_hash);
+  ~VerifyConfigWindowWin();
+
+  // Run the dialog modally. Returns true on successful verification.
+  bool Run();
+
+ private:
+  static BOOL CALLBACK DialogProc(HWND hwmd, UINT msg, WPARAM wParam,
+                                  LPARAM lParam);
+
+  BOOL OnDialogMessage(HWND hwnd, UINT msg, WPARAM wParam, LPARAM lParam);
+
+  void InitDialog();
+  void EndDialog();
+  bool VerifyHostSecretHash();
+
+  HWND hwnd_;
+  const std::string email_;
+  const std::string host_id_;
+  const std::string host_secret_hash_;
+
+  DISALLOW_COPY_AND_ASSIGN(VerifyConfigWindowWin);
+};
+
+}
+
+#endif  // REMOTING_HOST_VERIFY_CONFIG_WINDOW_WIN_H
diff --git a/remoting/remoting.gyp b/remoting/remoting.gyp
index 6221af0..ff2b262 100644
--- a/remoting/remoting.gyp
+++ b/remoting/remoting.gyp
@@ -258,6 +258,7 @@
           'dependencies': [
             '../base/base.gyp:base',
             'remoting_elevated_controller',
+            'remoting_protocol',
             'remoting_version_resources',
           ],
           'sources': [
@@ -267,6 +268,8 @@
             'host/elevated_controller_module_win.cc',
             'host/elevated_controller_win.cc',
             'host/elevated_controller_win.h',
+            'host/verify_config_window_win.cc',
+            'host/verify_config_window_win.h',
             '<(SHARED_INTERMEDIATE_DIR)/remoting/elevated_controller_version.rc'
           ],
           'msvs_settings': {