blob: a4564ea0be9ab187dca199893170f9e80277f489 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
|
// Copyright (c) 2011 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "remoting/host/self_access_verifier.h"
#include "base/logging.h"
#include "base/string_util.h"
#include "remoting/host/host_config.h"
#include "remoting/proto/auth.pb.h"
namespace remoting {
SelfAccessVerifier::SelfAccessVerifier()
: initialized_(false) {
}
SelfAccessVerifier::~SelfAccessVerifier() { }
bool SelfAccessVerifier::Init(HostConfig* config) {
std::string host_jid;
if (!config->GetString(kXmppLoginConfigPath, &host_jid) ||
host_jid.empty()) {
LOG(ERROR) << "XMPP credentials are not defined in the config.";
return false;
}
host_jid_prefix_ = host_jid + '/';
initialized_ = true;
return true;
}
bool SelfAccessVerifier::VerifyPermissions(
const std::string& client_jid,
const std::string& encoded_access_token) {
CHECK(initialized_);
// Reject incoming connection if the client's jid is not an ASCII string.
if (!IsStringASCII(client_jid)) {
LOG(ERROR) << "Rejecting incoming connection from " << client_jid;
return false;
}
// Check that the client has the same bare jid as the host, i.e.
// client's full JID starts with host's bare jid. Comparison is case
// insensitive.
if (!StartsWithASCII(client_jid, host_jid_prefix_, false)) {
LOG(ERROR) << "Rejecting incoming connection from " << client_jid;
return false;
}
// Decode the auth token.
protocol::ClientAuthToken client_token;
if (!DecodeClientAuthToken(encoded_access_token, &client_token)) {
return false;
}
// Kick off directory access permissions.
// TODO(ajwong): Actually implement this.
return true;
}
bool SelfAccessVerifier::DecodeClientAuthToken(
const std::string& encoded_client_token,
protocol::ClientAuthToken* client_token) {
// TODO(ajwong): Implement this.
NOTIMPLEMENTED();
return true;
}
} // namespace remoting
|
