Add a 'host-owner' parameter to start_host

This CL adds an optional parameter to start_host which will be used to verify that the auth_code provided was generated by the expected user account. This flag is optional as it is only needed for scenarios where the host owner is not manually setting up the instance. Change-Id: I6f48d008c9ea59e94532f8f84d6a7d5cf20cf68a Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2495877 Commit-Queue: Joe Downing <joedow@google.com> Reviewed-by: Jamie Walch <jamiewalch@chromium.org> Cr-Commit-Position: refs/heads/master@{#820858}

Add a 'host-owner' parameter to start_host
This CL adds an optional parameter to start_host which will be used to verify that the auth_code provided was generated by the expected user account. This flag is optional as it is only needed for scenarios where the host owner is not manually setting up the instance. Change-Id: I6f48d008c9ea59e94532f8f84d6a7d5cf20cf68a Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2495877 Commit-Queue: Joe Downing <joedow@google.com> Reviewed-by: Jamie Walch <jamiewalch@chromium.org> Cr-Commit-Position: refs/heads/master@{#820858}
b0b2c56d · Joe Downing · Commit Bot · 0b21c474 · b0b2c56d · b0b2c56d
Commit b0b2c56d authored Oct 26, 2020 by Joe Downing Committed by Commit Bot Oct 26, 2020
3 changed files
--- a/remoting/host/setup/host_starter.cc
+++ b/remoting/host/setup/host_starter.cc
@@ -11,6 +11,7 @@
 #include "base/guid.h"
 #include "base/location.h"
 #include "base/memory/ptr_util.h"
+#include "base/strings/string_util.h"
 #include "base/threading/thread_task_runner_handle.h"
 #include "base/values.h"
 #include "google_apis/google_api_keys.h"
@@ -49,6 +50,7 @@ std::unique_ptr<HostStarter> HostStarter::Create(
 void HostStarter::StartHost(const std::string& host_id,
                            const std::string& host_name,
                            const std::string& host_pin,
+                            const std::string& host_owner,
                            bool consent_to_data_collection,
                            const std::string& auth_code,
                            const std::string& redirect_url,
@@ -59,6 +61,7 @@ void HostStarter::StartHost(const std::string& host_id,
  host_id_ = host_id;
  host_name_ = host_name;
  host_pin_ = host_pin;
+  host_owner_ = host_owner;
  consent_to_data_collection_ = consent_to_data_collection;
  on_done_ = std::move(on_done);
  oauth_client_info_.client_id =
@@ -117,10 +120,26 @@ void HostStarter::OnGetUserEmailResponse(const std::string& user_email) {
    return;
  }
-  if (host_owner_.empty()) {
+  if (!auth_code_exchanged_) {
-    // This is the first callback, with the host owner credentials. Store the
+    // This is the first callback, with the host owner credentials.
-    // owner's email, and register the host.
+    auth_code_exchanged_ = true;
-    host_owner_ = user_email;
+    // If a host owner was not provided via the command line, then we just use
+    // the user_email for the account which generated the auth_code.
+    // Otherwise we want to verify user_email matches the host_owner provided.
+    // Note that the auth_code has been exchanged at this point so the user
+    // can't just re-run the command with the same nonce and a different
+    // host_owner to get the command to succeed.
+    if (host_owner_.empty()) {
+      host_owner_ = user_email;
+    } else if (!base::EqualsCaseInsensitiveASCII(host_owner_, user_email)) {
+      LOG(ERROR) << "User email from auth_code (" << user_email << ") does not "
+                 << "match the host owner provided (" << host_owner_ << ")";
+      std::move(on_done_).Run(OAUTH_ERROR);
+      return;
+    }
+    // Now register the host with the Directory.
    if (host_id_.empty())
      host_id_ = base::GenerateGUID();
    key_pair_ = RsaKeyPair::Generate();

--- a/remoting/host/setup/host_starter.h
+++ b/remoting/host/setup/host_starter.h
@@ -47,6 +47,7 @@ class HostStarter : public gaia::GaiaOAuthClient::Delegate,
  void StartHost(const std::string& host_id,
                 const std::string& host_name,
                 const std::string& host_pin,
+                 const std::string& host_owner,
                 bool consent_to_data_collection,
                 const std::string& auth_code,
                 const std::string& redirect_url,
@@ -106,6 +107,7 @@ class HostStarter : public gaia::GaiaOAuthClient::Delegate,
  std::string xmpp_login_;
  scoped_refptr<remoting::RsaKeyPair> key_pair_;
  std::string host_id_;
+  bool auth_code_exchanged_ = false;
  // True if the host was not started and unregistration was requested. If this
  // is set and a network/OAuth error occurs during unregistration, this will

--- a/remoting/host/setup/start_host_main.cc
+++ b/remoting/host/setup/start_host_main.cc
@@ -145,6 +145,11 @@ int StartHostMain(int argc, char** argv) {
  std::string redirect_url = command_line->GetSwitchValueASCII("redirect-url");
  std::string host_id = command_line->GetSwitchValueASCII("host-id");
+  // Optional parameter used to verify that |code| was generated by the
+  // |host_owner| account.  If this value is not provided, we register the host
+  // for the account which generated |code|.
+  std::string host_owner = command_line->GetSwitchValueASCII("host-owner");
 #if defined(OS_POSIX)
  // Check if current user is root. If it is root, then throw an error message.
  // This is because start_host should be run in user mode.
@@ -233,7 +238,7 @@ int StartHostMain(int argc, char** argv) {
  // Start the host.
  std::unique_ptr<HostStarter> host_starter(HostStarter::Create(
      url_loader_factory_owner.GetURLLoaderFactory()));
-  host_starter->StartHost(host_id, host_name, host_pin,
+  host_starter->StartHost(host_id, host_name, host_pin, host_owner,
                          /*consent_to_data_collection=*/true, auth_code,
                          redirect_url, base::BindOnce(&OnDone));