summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--remoting/host/chromoting_host.cc39
-rw-r--r--remoting/host/chromoting_host.h18
-rw-r--r--remoting/host/it2me_host_user_interface.cc13
-rw-r--r--remoting/host/plugin/host_script_object.cc5
-rw-r--r--remoting/host/simple_host_process.cc1
5 files changed, 37 insertions, 39 deletions
diff --git a/remoting/host/chromoting_host.cc b/remoting/host/chromoting_host.cc
index d3747d6a..d4d75ec 100644
--- a/remoting/host/chromoting_host.cc
+++ b/remoting/host/chromoting_host.cc
@@ -43,7 +43,8 @@ ChromotingHost::ChromotingHost(
stopping_recorders_(0),
state_(kInitial),
protocol_config_(protocol::CandidateSessionConfig::CreateDefault()),
- is_it2me_(false) {
+ authenticating_client_(false),
+ reject_authenticating_client_(false) {
DCHECK(context_);
DCHECK(signal_strategy);
DCHECK(desktop_environment_);
@@ -126,6 +127,11 @@ void ChromotingHost::RemoveStatusObserver(HostStatusObserver* observer) {
status_observers_.RemoveObserver(observer);
}
+void ChromotingHost::RejectAuthenticatingClient() {
+ DCHECK(authenticating_client_);
+ reject_authenticating_client_ = true;
+}
+
void ChromotingHost::SetAuthenticatorFactory(
scoped_ptr<protocol::AuthenticatorFactory> authenticator_factory) {
DCHECK(context_->network_message_loop()->BelongsToCurrentThread());
@@ -168,8 +174,17 @@ void ChromotingHost::OnSessionAuthenticated(ClientSession* client) {
// Notify observers that there is at least one authenticated client.
const std::string& jid = client->connection()->session()->jid();
+
+ reject_authenticating_client_ = false;
+
+ authenticating_client_ = true;
FOR_EACH_OBSERVER(HostStatusObserver, status_observers_,
OnClientAuthenticated(jid));
+ authenticating_client_ = false;
+
+ if (reject_authenticating_client_) {
+ client->Disconnect();
+ }
}
void ChromotingHost::OnSessionAuthenticationFailed(ClientSession* client) {
@@ -226,16 +241,6 @@ void ChromotingHost::OnIncomingSession(
return;
}
- // If we are running Me2Mom and already have an authenticated client then
- // one of the connections may be an attacker, so both are suspect.
- if (is_it2me_ && AuthenticatedClientsCount() > 0) {
- *response = protocol::SessionManager::DECLINE;
-
- // Close existing sessions and shutdown the host.
- Shutdown(base::Closure());
- return;
- }
-
protocol::SessionConfig config;
if (!protocol_config_->Select(session->candidate_config(), &config)) {
LOG(WARNING) << "Rejecting connection from " << session->jid()
@@ -316,18 +321,6 @@ Encoder* ChromotingHost::CreateEncoder(const protocol::SessionConfig& config) {
return NULL;
}
-int ChromotingHost::AuthenticatedClientsCount() const {
- DCHECK(context_->network_message_loop()->BelongsToCurrentThread());
-
- int authenticated_clients = 0;
- for (ClientList::const_iterator it = clients_.begin(); it != clients_.end();
- ++it) {
- if ((*it)->authenticated())
- ++authenticated_clients;
- }
- return authenticated_clients;
-}
-
void ChromotingHost::StopScreenRecorder() {
DCHECK(context_->network_message_loop()->BelongsToCurrentThread());
DCHECK(recorder_.get());
diff --git a/remoting/host/chromoting_host.h b/remoting/host/chromoting_host.h
index 09ca0a9..eb7364d 100644
--- a/remoting/host/chromoting_host.h
+++ b/remoting/host/chromoting_host.h
@@ -89,6 +89,11 @@ class ChromotingHost : public base::RefCountedThreadSafe<ChromotingHost>,
void AddStatusObserver(HostStatusObserver* observer);
void RemoveStatusObserver(HostStatusObserver* observer);
+ // This method may be called only form
+ // HostStatusObserver::OnClientAuthenticated() to reject the new
+ // client.
+ void RejectAuthenticatingClient();
+
// Sets the authenticator factory to use for incoming
// connections. Incoming connections are rejected until
// authenticator factory is set. Must be called on the network
@@ -116,11 +121,6 @@ class ChromotingHost : public base::RefCountedThreadSafe<ChromotingHost>,
// |config| is transferred to the object. Must be called before Start().
void set_protocol_config(protocol::CandidateSessionConfig* config);
- // TODO(wez): ChromotingHost shouldn't need to know about Me2Mom.
- void set_it2me(bool is_it2me) {
- is_it2me_ = is_it2me;
- }
-
// Notify all active client sessions that local input has been detected, and
// that remote input should be ignored for a short time.
void LocalMouseMoved(const SkIPoint& new_pos);
@@ -158,8 +158,6 @@ class ChromotingHost : public base::RefCountedThreadSafe<ChromotingHost>,
const protocol::SessionConfig& config,
const std::string& jid);
- int AuthenticatedClientsCount() const;
-
void StopScreenRecorder();
void OnScreenRecorderStopped();
@@ -209,14 +207,16 @@ class ChromotingHost : public base::RefCountedThreadSafe<ChromotingHost>,
// Configuration of the protocol.
scoped_ptr<protocol::CandidateSessionConfig> protocol_config_;
+ // Flags used for RejectAuthenticatingClient().
+ bool authenticating_client_;
+ bool reject_authenticating_client_;
+
// Stores list of tasks that should be executed when we finish
// shutdown. Used only while |state_| is set to kStopping.
std::vector<base::Closure> shutdown_tasks_;
// TODO(sergeyu): The following members do not belong to
// ChromotingHost and should be moved elsewhere.
- bool is_it2me_;
- std::string access_code_;
UiStrings ui_strings_;
DISALLOW_COPY_AND_ASSIGN(ChromotingHost);
diff --git a/remoting/host/it2me_host_user_interface.cc b/remoting/host/it2me_host_user_interface.cc
index 8556d19..03f9a72 100644
--- a/remoting/host/it2me_host_user_interface.cc
+++ b/remoting/host/it2me_host_user_interface.cc
@@ -54,8 +54,16 @@ void It2MeHostUserInterface::InitFrom(DisconnectWindow* disconnect_window,
}
void It2MeHostUserInterface::OnClientAuthenticated(const std::string& jid) {
- // There should not be more than one concurrent authenticated connection.
- DCHECK(authenticated_jid_.empty());
+ if (!authenticated_jid_.empty()) {
+ // If we already authenticated another client then one of the
+ // connections may be an attacker, so both are suspect and we have
+ // to reject the second connection and shutdown the host.
+ host_->RejectAuthenticatingClient();
+ context_->network_message_loop()->PostTask(FROM_HERE, base::Bind(
+ &ChromotingHost::Shutdown, host_, base::Closure()));
+ return;
+ }
+
authenticated_jid_ = jid;
std::string username = jid.substr(0, jid.find('/'));
@@ -66,7 +74,6 @@ void It2MeHostUserInterface::OnClientAuthenticated(const std::string& jid) {
void It2MeHostUserInterface::OnClientDisconnected(const std::string& jid) {
if (jid == authenticated_jid_) {
- authenticated_jid_.clear();
ui_thread_proxy_.PostTask(FROM_HERE, base::Bind(
&It2MeHostUserInterface::ProcessOnClientDisconnected,
base::Unretained(this)));
diff --git a/remoting/host/plugin/host_script_object.cc b/remoting/host/plugin/host_script_object.cc
index 4380cf8..aefa7ad 100644
--- a/remoting/host/plugin/host_script_object.cc
+++ b/remoting/host/plugin/host_script_object.cc
@@ -516,9 +516,8 @@ void HostNPScriptObject::FinishConnectNetworkThread(
protocol::NetworkSettings(nat_traversal_enabled_));
host_->AddStatusObserver(this);
log_to_server_.reset(new LogToServer(host_, signal_strategy_.get()));
- host_->set_it2me(true);
- it2me_host_user_interface_.reset(new It2MeHostUserInterface(host_.get(),
- &host_context_));
+ it2me_host_user_interface_.reset(
+ new It2MeHostUserInterface(host_.get(), &host_context_));
it2me_host_user_interface_->Init();
{
diff --git a/remoting/host/simple_host_process.cc b/remoting/host/simple_host_process.cc
index 270d114..1fdd3a1 100644
--- a/remoting/host/simple_host_process.cc
+++ b/remoting/host/simple_host_process.cc
@@ -215,7 +215,6 @@ class SimpleHost {
host_ = new ChromotingHost(&context_, signal_strategy_.get(),
desktop_environment_.get(), network_settings_);
- host_->set_it2me(is_it2me_);
log_to_server_.reset(new LogToServer(host_, signal_strategy_.get()));