diff options
-rw-r--r-- | remoting/host/chromoting_host.cc | 39 | ||||
-rw-r--r-- | remoting/host/chromoting_host.h | 18 | ||||
-rw-r--r-- | remoting/host/it2me_host_user_interface.cc | 13 | ||||
-rw-r--r-- | remoting/host/plugin/host_script_object.cc | 5 | ||||
-rw-r--r-- | remoting/host/simple_host_process.cc | 1 |
5 files changed, 37 insertions, 39 deletions
diff --git a/remoting/host/chromoting_host.cc b/remoting/host/chromoting_host.cc index d3747d6a..d4d75ec 100644 --- a/remoting/host/chromoting_host.cc +++ b/remoting/host/chromoting_host.cc @@ -43,7 +43,8 @@ ChromotingHost::ChromotingHost( stopping_recorders_(0), state_(kInitial), protocol_config_(protocol::CandidateSessionConfig::CreateDefault()), - is_it2me_(false) { + authenticating_client_(false), + reject_authenticating_client_(false) { DCHECK(context_); DCHECK(signal_strategy); DCHECK(desktop_environment_); @@ -126,6 +127,11 @@ void ChromotingHost::RemoveStatusObserver(HostStatusObserver* observer) { status_observers_.RemoveObserver(observer); } +void ChromotingHost::RejectAuthenticatingClient() { + DCHECK(authenticating_client_); + reject_authenticating_client_ = true; +} + void ChromotingHost::SetAuthenticatorFactory( scoped_ptr<protocol::AuthenticatorFactory> authenticator_factory) { DCHECK(context_->network_message_loop()->BelongsToCurrentThread()); @@ -168,8 +174,17 @@ void ChromotingHost::OnSessionAuthenticated(ClientSession* client) { // Notify observers that there is at least one authenticated client. const std::string& jid = client->connection()->session()->jid(); + + reject_authenticating_client_ = false; + + authenticating_client_ = true; FOR_EACH_OBSERVER(HostStatusObserver, status_observers_, OnClientAuthenticated(jid)); + authenticating_client_ = false; + + if (reject_authenticating_client_) { + client->Disconnect(); + } } void ChromotingHost::OnSessionAuthenticationFailed(ClientSession* client) { @@ -226,16 +241,6 @@ void ChromotingHost::OnIncomingSession( return; } - // If we are running Me2Mom and already have an authenticated client then - // one of the connections may be an attacker, so both are suspect. - if (is_it2me_ && AuthenticatedClientsCount() > 0) { - *response = protocol::SessionManager::DECLINE; - - // Close existing sessions and shutdown the host. - Shutdown(base::Closure()); - return; - } - protocol::SessionConfig config; if (!protocol_config_->Select(session->candidate_config(), &config)) { LOG(WARNING) << "Rejecting connection from " << session->jid() @@ -316,18 +321,6 @@ Encoder* ChromotingHost::CreateEncoder(const protocol::SessionConfig& config) { return NULL; } -int ChromotingHost::AuthenticatedClientsCount() const { - DCHECK(context_->network_message_loop()->BelongsToCurrentThread()); - - int authenticated_clients = 0; - for (ClientList::const_iterator it = clients_.begin(); it != clients_.end(); - ++it) { - if ((*it)->authenticated()) - ++authenticated_clients; - } - return authenticated_clients; -} - void ChromotingHost::StopScreenRecorder() { DCHECK(context_->network_message_loop()->BelongsToCurrentThread()); DCHECK(recorder_.get()); diff --git a/remoting/host/chromoting_host.h b/remoting/host/chromoting_host.h index 09ca0a9..eb7364d 100644 --- a/remoting/host/chromoting_host.h +++ b/remoting/host/chromoting_host.h @@ -89,6 +89,11 @@ class ChromotingHost : public base::RefCountedThreadSafe<ChromotingHost>, void AddStatusObserver(HostStatusObserver* observer); void RemoveStatusObserver(HostStatusObserver* observer); + // This method may be called only form + // HostStatusObserver::OnClientAuthenticated() to reject the new + // client. + void RejectAuthenticatingClient(); + // Sets the authenticator factory to use for incoming // connections. Incoming connections are rejected until // authenticator factory is set. Must be called on the network @@ -116,11 +121,6 @@ class ChromotingHost : public base::RefCountedThreadSafe<ChromotingHost>, // |config| is transferred to the object. Must be called before Start(). void set_protocol_config(protocol::CandidateSessionConfig* config); - // TODO(wez): ChromotingHost shouldn't need to know about Me2Mom. - void set_it2me(bool is_it2me) { - is_it2me_ = is_it2me; - } - // Notify all active client sessions that local input has been detected, and // that remote input should be ignored for a short time. void LocalMouseMoved(const SkIPoint& new_pos); @@ -158,8 +158,6 @@ class ChromotingHost : public base::RefCountedThreadSafe<ChromotingHost>, const protocol::SessionConfig& config, const std::string& jid); - int AuthenticatedClientsCount() const; - void StopScreenRecorder(); void OnScreenRecorderStopped(); @@ -209,14 +207,16 @@ class ChromotingHost : public base::RefCountedThreadSafe<ChromotingHost>, // Configuration of the protocol. scoped_ptr<protocol::CandidateSessionConfig> protocol_config_; + // Flags used for RejectAuthenticatingClient(). + bool authenticating_client_; + bool reject_authenticating_client_; + // Stores list of tasks that should be executed when we finish // shutdown. Used only while |state_| is set to kStopping. std::vector<base::Closure> shutdown_tasks_; // TODO(sergeyu): The following members do not belong to // ChromotingHost and should be moved elsewhere. - bool is_it2me_; - std::string access_code_; UiStrings ui_strings_; DISALLOW_COPY_AND_ASSIGN(ChromotingHost); diff --git a/remoting/host/it2me_host_user_interface.cc b/remoting/host/it2me_host_user_interface.cc index 8556d19..03f9a72 100644 --- a/remoting/host/it2me_host_user_interface.cc +++ b/remoting/host/it2me_host_user_interface.cc @@ -54,8 +54,16 @@ void It2MeHostUserInterface::InitFrom(DisconnectWindow* disconnect_window, } void It2MeHostUserInterface::OnClientAuthenticated(const std::string& jid) { - // There should not be more than one concurrent authenticated connection. - DCHECK(authenticated_jid_.empty()); + if (!authenticated_jid_.empty()) { + // If we already authenticated another client then one of the + // connections may be an attacker, so both are suspect and we have + // to reject the second connection and shutdown the host. + host_->RejectAuthenticatingClient(); + context_->network_message_loop()->PostTask(FROM_HERE, base::Bind( + &ChromotingHost::Shutdown, host_, base::Closure())); + return; + } + authenticated_jid_ = jid; std::string username = jid.substr(0, jid.find('/')); @@ -66,7 +74,6 @@ void It2MeHostUserInterface::OnClientAuthenticated(const std::string& jid) { void It2MeHostUserInterface::OnClientDisconnected(const std::string& jid) { if (jid == authenticated_jid_) { - authenticated_jid_.clear(); ui_thread_proxy_.PostTask(FROM_HERE, base::Bind( &It2MeHostUserInterface::ProcessOnClientDisconnected, base::Unretained(this))); diff --git a/remoting/host/plugin/host_script_object.cc b/remoting/host/plugin/host_script_object.cc index 4380cf8..aefa7ad 100644 --- a/remoting/host/plugin/host_script_object.cc +++ b/remoting/host/plugin/host_script_object.cc @@ -516,9 +516,8 @@ void HostNPScriptObject::FinishConnectNetworkThread( protocol::NetworkSettings(nat_traversal_enabled_)); host_->AddStatusObserver(this); log_to_server_.reset(new LogToServer(host_, signal_strategy_.get())); - host_->set_it2me(true); - it2me_host_user_interface_.reset(new It2MeHostUserInterface(host_.get(), - &host_context_)); + it2me_host_user_interface_.reset( + new It2MeHostUserInterface(host_.get(), &host_context_)); it2me_host_user_interface_->Init(); { diff --git a/remoting/host/simple_host_process.cc b/remoting/host/simple_host_process.cc index 270d114..1fdd3a1 100644 --- a/remoting/host/simple_host_process.cc +++ b/remoting/host/simple_host_process.cc @@ -215,7 +215,6 @@ class SimpleHost { host_ = new ChromotingHost(&context_, signal_strategy_.get(), desktop_environment_.get(), network_settings_); - host_->set_it2me(is_it2me_); log_to_server_.reset(new LogToServer(host_, signal_strategy_.get())); |