[Chromoting] Add new policies for Chromoting

This adds definitions in Chrome for the new policies required by Chromoting: HostDomain, HostRequireTwoFactor and HostTalkGadgetPrefix. These policies are read and enforced by the Chromoting host code.

BUG=132345
TEST=None

Review URL: https://chromiumcodereview.appspot.com/10825149

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@150153 0039d316-1c4b-4281-b951-d872f2087c98

chrome/app/policy/policy_templates.json

@@ -112,7 +112,7 @@
 #   persistent IDs for all fields (but not for groups!) are needed. These are
 #   specified by the 'id' keys of each policy. NEVER CHANGE EXISTING IDs,
 #   because doing so would break the deployed wire format!
-#   For your editing convenience: highest ID currently used: 153
+#   For your editing convenience: highest ID currently used: 156
 #
 # Placeholders:
 #   The following placeholder strings are automatically substituted:
@@ -454,6 +454,55 @@
 
           If this policy is left not set the setting will be enabled.''',
         },
+        {
+          'name': 'RemoteAccessHostDomain',
+          'type': 'string',
+          'schema': { 'type': 'string' },
+          'supported_on': ['chrome.*:22-', 'chrome_os:0.22-'],
+          'features': {'dynamic_refresh': True},
+          'example_value': 'my-awesome-domain.com',
+          'id': 154,
+          'caption': '''Configure the required domain name for remote access hosts''',
+          'desc': '''Configures the required host domain name that will be imposed on remote access hosts and prevents users from changing it.
+
+          If this setting is enabled, then hosts can be shared only using accounts registered on the specified domain name.
+
+          If this setting is disabled or not set, then hosts can be shared using any account.''',
+        },
+        {
+          'name': 'RemoteAccessHostRequireTwoFactor',
+          'type': 'main',
+          'schema': { 'type': 'boolean' },
+          'supported_on': ['chrome.*:22-', 'chrome_os:0.22-'],
+          'features': {'dynamic_refresh': True},
+          'example_value': False,
+          'id': 155,
+          'caption': '''Enable two-factor authentication for remote access hosts''',
+          'desc': '''Enables two-factor authentication for remote access hosts instead of a user-specified PIN.
+
+          If this setting is enabled, then users must provide a valid two-factor code when accessing a host.
+
+          If this setting is disabled or not set, then two-factor will not be enabled and the default behavior of having a user-defined PIN will be used.''',
+        },
+        {
+          'name': 'RemoteAccessHostTalkGadgetPrefix',
+          'type': 'string',
+          'schema': { 'type': 'string' },
+          'supported_on': ['chrome.*:22-', 'chrome_os:0.22-'],
+          'features': {'dynamic_refresh': True},
+          'example_value': 'chromoting-host',
+          'id': 156,
+          'caption': '''Configure the TalkGadget prefix for remote access hosts''',
+          'desc': '''Configures the TalkGadget prefix that will be used by remote access hosts and prevents users from changing it.
+
+          If specified, this prefix is prepended to the base TalkGadget name to create a full domain name for the TalkGadget. The base TalkGadget domain name is '.talkgadget.google.com'.
+
+          If this setting is enabled, then hosts will use the custom domain name when accessing the TalkGadget instead of the default domain name.
+
+          If this setting is disabled or not set, then the default TalkGadget domain name ('chromoting-host.talkgadget.google.com') will be used for all hosts.
+
+          Remote access clients are not affected by this policy setting. They will always use 'chromoting-client.talkgadget.google.com' to access the TalkGadget.''',
+        },
       ],
     },
     {

chrome/browser/policy/configuration_policy_handler_list.cc

@@ -219,6 +219,15 @@ const PolicyToPreferenceMapEntry kSimplePolicyMap[] = {
   { key::kRemoteAccessHostFirewallTraversal,
     prefs::kRemoteAccessHostFirewallTraversal,
     Value::TYPE_BOOLEAN },
+  { key::kRemoteAccessHostRequireTwoFactor,
+    prefs::kRemoteAccessHostRequireTwoFactor,
+    Value::TYPE_BOOLEAN },
+  { key::kRemoteAccessHostDomain,
+    prefs::kRemoteAccessHostDomain,
+    Value::TYPE_STRING },
+  { key::kRemoteAccessHostTalkGadgetPrefix,
+    prefs::kRemoteAccessHostTalkGadgetPrefix,
+    Value::TYPE_STRING },
   { key::kCloudPrintProxyEnabled,
     prefs::kCloudPrintProxyEnabled,
     Value::TYPE_BOOLEAN },

chrome/common/pref_names.cc

@@ -1705,6 +1705,19 @@ const char kGeolocationAccessToken[] = "geolocation.access_token";
 const char kRemoteAccessHostFirewallTraversal[] =
     "remote_access.host_firewall_traversal";
 
+// Boolean controlling whether 2-factor auth should be required when connecting
+// to a host (instead of a PIN).
+const char kRemoteAccessHostRequireTwoFactor[] =
+    "remote_access.host_require_two_factor";
+
+// String containing the domain name that hosts must belong to. If blank, then
+// hosts can belong to any domain.
+const char kRemoteAccessHostDomain[] = "remote_access.host_domain";
+
+// String containing the domain name of the Chromoting Directory.
+// Used by Chromoting host and client.
+const char kRemoteAccessHostTalkGadgetPrefix[] =
+    "remote_access.host_talkgadget_prefix";
 
 // The last used printer and its settings.
 const char kPrintPreviewStickySettings[] =

chrome/common/pref_names.h

@@ -609,6 +609,9 @@ extern const char kGeolocationEnabled[];
 #endif
 
 extern const char kRemoteAccessHostFirewallTraversal[];
+extern const char kRemoteAccessHostRequireTwoFactor[];
+extern const char kRemoteAccessHostDomain[];
+extern const char kRemoteAccessHostTalkGadgetPrefix[];
 
 extern const char kPrintPreviewStickySettings[];
 extern const char kCloudPrintServiceURL[];

chrome/test/functional/policy_test_cases.py

@@ -66,6 +66,14 @@ class PolicyPrefsTestCases(object):
     # TODO(frankf): Enable on all OS after crbug.com/121066 is fixed.
     'RemoteAccessHostFirewallTraversal':
         ('kRemoteAccessHostFirewallTraversal', True, [], []),
+    'RemoteAccessHostRequireTwoFactor':
+        ('kRemoteAccessHostRequireTwoFactor', False, [],
+         ['win', 'mac', 'linux']),
+    'RemoteAccessHostDomain':
+        ('kRemoteAccessHostDomain', '', [], ['win', 'mac', 'linux']),
+    'RemoteAccessHostTalkGadgetPrefix':
+        ('kRemoteAccessHostTalkGadgetPrefix', 'chromoting-host', [],
+         ['win', 'mac', 'linux']),
     'PrintingEnabled': ('kPrintingEnabled', False, [], OS_ALL),
     # Note: supported_on is empty for this policy.
     'CloudPrintProxyEnabled': ('kCloudPrintProxyEnabled', True, [], []),

remoting/host/constants.cc

+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "remoting/host/constants.h"
+
+namespace remoting {
+
+const char kDefaultTalkGadgetPrefix[] = "org.chromium.chromoting";
+
+}  // namespace remoting

remoting/host/constants.h

@@ -9,6 +9,11 @@
 
 namespace remoting {
 
+// This is the default prefix that is prepended to ".talkgadget.google.com"
+// to form the complete talkgadget domain name. Policy settings allow admins
+// to change the prefix that is used.
+extern const char kDefaultTalkGadgetPrefix[];
+
 // Known host exit codes.
 // Please keep this enum in sync with:
 // remoting/host/installer/mac/PrivilegedHelperTools/

remoting/host/policy_hack/policy_watcher.cc

@@ -15,6 +15,7 @@
 #include "base/synchronization/waitable_event.h"
 #include "base/time.h"
 #include "base/values.h"
+#include "remoting/host/constants.h"
 
 namespace remoting {
 namespace policy_hack {
@@ -89,13 +90,13 @@ scoped_ptr<base::DictionaryValue> AddDefaultValuesWhenNecessary(
   CopyBooleanOrDefault(to.get(), from,
                        PolicyWatcher::kNatPolicyName, true, false);
   CopyBooleanOrDefault(to.get(), from,
-                       PolicyWatcher::kRequireTwoFactorPolicyName,
+                       PolicyWatcher::kHostRequireTwoFactorPolicyName,
                        false, false);
   CopyStringOrDefault(to.get(), from,
                       PolicyWatcher::kHostDomainPolicyName, "", "");
   CopyStringOrDefault(to.get(), from,
-                      PolicyWatcher::kTalkGadgetPolicyName,
-                      "chromoting", "chromoting");
+                      PolicyWatcher::kHostTalkGadgetPrefixPolicyName,
+                      kDefaultTalkGadgetPrefix, kDefaultTalkGadgetPrefix);
 
   return to.Pass();
 }
@@ -105,18 +106,18 @@ scoped_ptr<base::DictionaryValue> AddDefaultValuesWhenNecessary(
 const char PolicyWatcher::kNatPolicyName[] =
     "RemoteAccessHostFirewallTraversal";
 
-const char PolicyWatcher::kRequireTwoFactorPolicyName[] =
+const char PolicyWatcher::kHostRequireTwoFactorPolicyName[] =
     "RemoteAccessHostRequireTwoFactor";
 
 const char PolicyWatcher::kHostDomainPolicyName[] =
     "RemoteAccessHostDomain";
 
-const char PolicyWatcher::kTalkGadgetPolicyName[] =
-    "RemoteAccessHostTalkGadget";
+const char PolicyWatcher::kHostTalkGadgetPrefixPolicyName[] =
+    "RemoteAccessHostTalkGadgetPrefix";
 
 const char* const PolicyWatcher::kBooleanPolicyNames[] =
     { PolicyWatcher::kNatPolicyName,
-      PolicyWatcher::kRequireTwoFactorPolicyName
+      PolicyWatcher::kHostRequireTwoFactorPolicyName
     };
 
 const int PolicyWatcher::kBooleanPolicyNamesNum =
@@ -124,7 +125,7 @@ const int PolicyWatcher::kBooleanPolicyNamesNum =
 
 const char* const PolicyWatcher::kStringPolicyNames[] =
     { PolicyWatcher::kHostDomainPolicyName,
-      PolicyWatcher::kTalkGadgetPolicyName
+      PolicyWatcher::kHostTalkGadgetPrefixPolicyName
     };
 
 const int PolicyWatcher::kStringPolicyNamesNum =

remoting/host/policy_hack/policy_watcher.h

@@ -50,13 +50,13 @@ class PolicyWatcher {
   static const char kNatPolicyName[];
 
   // The name of the policy for requiring 2-factor authentication.
-  static const char kRequireTwoFactorPolicyName[];
+  static const char kHostRequireTwoFactorPolicyName[];
 
   // The name of the host domain policy.
   static const char kHostDomainPolicyName[];
 
-  // The name of the talkgadget policy.
-  static const char kTalkGadgetPolicyName[];
+  // The name of the policy that controls the host talkgadget prefix.
+  static const char kHostTalkGadgetPrefixPolicyName[];
 
  protected:
   virtual void StartWatchingInternal() = 0;

remoting/host/policy_hack/policy_watcher_unittest.cc

@@ -6,6 +6,7 @@
 #include "base/bind.h"
 #include "base/message_loop.h"
 #include "base/synchronization/waitable_event.h"
+#include "remoting/host/constants.h"
 #include "remoting/host/policy_hack/fake_policy_watcher.h"
 #include "remoting/host/policy_hack/mock_policy_callback.h"
 #include "remoting/host/policy_hack/policy_watcher.h"
@@ -95,9 +96,10 @@ class PolicyWatcherTest : public testing::Test {
  private:
   void SetDefaults(base::DictionaryValue& dict) {
     dict.SetBoolean(PolicyWatcher::kNatPolicyName, true);
-    dict.SetBoolean(PolicyWatcher::kRequireTwoFactorPolicyName, false);
+    dict.SetBoolean(PolicyWatcher::kHostRequireTwoFactorPolicyName, false);
     dict.SetString(PolicyWatcher::kHostDomainPolicyName, "");
-    dict.SetString(PolicyWatcher::kTalkGadgetPolicyName, "chromoting");
+    dict.SetString(PolicyWatcher::kHostTalkGadgetPrefixPolicyName,
+                   kDefaultTalkGadgetPrefix);
   }
 };
 

remoting/remoting.gyp

@@ -1239,6 +1239,7 @@
         'host/clipboard_win.cc',
         'host/composite_host_config.cc',
         'host/composite_host_config.h',
+        'host/constants.cc',
         'host/constants.h',
         'host/constants_mac.cc',
         'host/constants_mac.h',