Darin Petkov | 33af05c | 2012-02-28 10:10:30 +0100 | [diff] [blame] | 1 | // Copyright (c) 2012 The Chromium OS Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
| 5 | #include "shill/openvpn_driver.h" |
| 6 | |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 7 | #include <arpa/inet.h> |
| 8 | |
Darin Petkov | 1fa8194 | 2012-04-02 11:38:08 +0200 | [diff] [blame] | 9 | #include <base/file_util.h> |
Ben Chan | a0ddf46 | 2014-02-06 11:32:42 -0800 | [diff] [blame] | 10 | #include <base/strings/string_number_conversions.h> |
| 11 | #include <base/strings/string_split.h> |
| 12 | #include <base/strings/string_util.h> |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 13 | #include <chromeos/dbus/service_constants.h> |
| 14 | |
Paul Stewart | 5baebb7 | 2013-03-14 11:43:29 -0700 | [diff] [blame] | 15 | #include "shill/certificate_file.h" |
Paul Stewart | ce4ec19 | 2012-03-14 12:53:46 -0700 | [diff] [blame] | 16 | #include "shill/connection.h" |
Paul Stewart | ca6abd4 | 2012-03-01 15:45:29 -0800 | [diff] [blame] | 17 | #include "shill/device_info.h" |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 18 | #include "shill/dhcp_config.h" |
Darin Petkov | 33af05c | 2012-02-28 10:10:30 +0100 | [diff] [blame] | 19 | #include "shill/error.h" |
Christopher Wiley | b691efd | 2012-08-09 13:51:51 -0700 | [diff] [blame] | 20 | #include "shill/logging.h" |
Paul Stewart | ce4ec19 | 2012-03-14 12:53:46 -0700 | [diff] [blame] | 21 | #include "shill/manager.h" |
Darin Petkov | 4646302 | 2012-03-29 14:57:32 +0200 | [diff] [blame] | 22 | #include "shill/openvpn_management_server.h" |
Darin Petkov | 5a85047 | 2012-06-06 15:44:24 +0200 | [diff] [blame] | 23 | #include "shill/process_killer.h" |
Darin Petkov | a9b1fed | 2012-02-29 11:49:05 +0100 | [diff] [blame] | 24 | #include "shill/rpc_task.h" |
Darin Petkov | 4646302 | 2012-03-29 14:57:32 +0200 | [diff] [blame] | 25 | #include "shill/sockets.h" |
mukesh agrawal | 9da0777 | 2013-05-15 14:15:17 -0700 | [diff] [blame] | 26 | #include "shill/virtual_device.h" |
Darin Petkov | 79d74c9 | 2012-03-07 17:20:32 +0100 | [diff] [blame] | 27 | #include "shill/vpn_service.h" |
Darin Petkov | 33af05c | 2012-02-28 10:10:30 +0100 | [diff] [blame] | 28 | |
Darin Petkov | 5a85047 | 2012-06-06 15:44:24 +0200 | [diff] [blame] | 29 | using base::Closure; |
Albert Chaulk | 0e1cdea | 2013-02-27 15:32:55 -0800 | [diff] [blame] | 30 | using base::FilePath; |
Darin Petkov | 78f6326 | 2012-03-26 01:30:24 +0200 | [diff] [blame] | 31 | using base::SplitString; |
Darin Petkov | a5e07ef | 2012-07-09 14:27:57 +0200 | [diff] [blame] | 32 | using base::Unretained; |
Darin Petkov | 5a85047 | 2012-06-06 15:44:24 +0200 | [diff] [blame] | 33 | using base::WeakPtr; |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 34 | using std::map; |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 35 | using std::string; |
| 36 | using std::vector; |
| 37 | |
Darin Petkov | 33af05c | 2012-02-28 10:10:30 +0100 | [diff] [blame] | 38 | namespace shill { |
| 39 | |
Darin Petkov | a9b1fed | 2012-02-29 11:49:05 +0100 | [diff] [blame] | 40 | namespace { |
Darin Petkov | 5a85047 | 2012-06-06 15:44:24 +0200 | [diff] [blame] | 41 | |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 42 | const char kOpenVPNForeignOptionPrefix[] = "foreign_option_"; |
| 43 | const char kOpenVPNIfconfigBroadcast[] = "ifconfig_broadcast"; |
| 44 | const char kOpenVPNIfconfigLocal[] = "ifconfig_local"; |
| 45 | const char kOpenVPNIfconfigNetmask[] = "ifconfig_netmask"; |
| 46 | const char kOpenVPNIfconfigRemote[] = "ifconfig_remote"; |
Paul Stewart | a64b7d7 | 2014-05-09 10:11:39 -0700 | [diff] [blame] | 47 | const char kOpenVPNRedirectGateway[] = "redirect_gateway"; |
| 48 | const char kOpenVPNRedirectPrivate[] = "redirect_private"; |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 49 | const char kOpenVPNRouteOptionPrefix[] = "route_"; |
| 50 | const char kOpenVPNRouteVPNGateway[] = "route_vpn_gateway"; |
| 51 | const char kOpenVPNTrustedIP[] = "trusted_ip"; |
| 52 | const char kOpenVPNTunMTU[] = "tun_mtu"; |
Darin Petkov | f3c71d7 | 2012-03-21 12:32:15 +0100 | [diff] [blame] | 53 | |
Darin Petkov | e0d5dd1 | 2012-04-04 16:10:48 +0200 | [diff] [blame] | 54 | const char kDefaultPKCS11Provider[] = "libchaps.so"; |
| 55 | |
Paul Stewart | 4698c1a | 2013-05-16 15:42:19 -0700 | [diff] [blame] | 56 | // Some configurations pass the netmask in the ifconfig_remote property. |
| 57 | // This is due to some servers not explicitly indicating that they are using |
| 58 | // a "broadcast mode" network instead of peer-to-peer. See |
| 59 | // http://crbug.com/241264 for an example of this issue. |
| 60 | const char kSuspectedNetmaskPrefix[] = "255."; |
| 61 | |
Paul Stewart | ebd3856 | 2012-03-23 13:06:40 -0700 | [diff] [blame] | 62 | } // namespace |
| 63 | |
| 64 | // static |
Darin Petkov | c418b4b | 2012-10-05 11:42:52 +0200 | [diff] [blame] | 65 | const char OpenVPNDriver::kDefaultCACertificates[] = |
| 66 | "/etc/ssl/certs/ca-certificates.crt"; |
Darin Petkov | ca8a0e6 | 2012-09-26 13:16:52 +0200 | [diff] [blame] | 67 | // static |
Paul Stewart | ebd3856 | 2012-03-23 13:06:40 -0700 | [diff] [blame] | 68 | const char OpenVPNDriver::kOpenVPNPath[] = "/usr/sbin/openvpn"; |
| 69 | // static |
Darin Petkov | 728faa9 | 2012-10-12 11:25:47 +0200 | [diff] [blame] | 70 | const char OpenVPNDriver::kOpenVPNScript[] = SHIMDIR "/openvpn-script"; |
Paul Stewart | ebd3856 | 2012-03-23 13:06:40 -0700 | [diff] [blame] | 71 | // static |
Darin Petkov | d432539 | 2012-04-23 15:48:22 +0200 | [diff] [blame] | 72 | const VPNDriver::Property OpenVPNDriver::kProperties[] = { |
Ben Chan | 7372878 | 2013-09-20 13:40:54 -0700 | [diff] [blame] | 73 | { kOpenVPNAuthNoCacheProperty, 0 }, |
| 74 | { kOpenVPNAuthProperty, 0 }, |
| 75 | { kOpenVPNAuthRetryProperty, 0 }, |
| 76 | { kOpenVPNAuthUserPassProperty, 0 }, |
| 77 | { kOpenVPNCaCertNSSProperty, 0 }, |
| 78 | { kOpenVPNCaCertProperty, 0 }, |
| 79 | { kOpenVPNCipherProperty, 0 }, |
| 80 | { kOpenVPNClientCertIdProperty, Property::kCredential }, |
| 81 | { kOpenVPNCompLZOProperty, 0 }, |
| 82 | { kOpenVPNCompNoAdaptProperty, 0 }, |
Paul Stewart | c8e3ef9 | 2014-05-08 13:27:25 -0700 | [diff] [blame] | 83 | { kOpenVPNIgnoreDefaultRouteProperty, 0 }, |
Ben Chan | 7372878 | 2013-09-20 13:40:54 -0700 | [diff] [blame] | 84 | { kOpenVPNKeyDirectionProperty, 0 }, |
| 85 | { kOpenVPNNsCertTypeProperty, 0 }, |
| 86 | { kOpenVPNOTPProperty, |
Darin Petkov | 0223655 | 2012-06-11 13:15:19 +0200 | [diff] [blame] | 87 | Property::kEphemeral | Property::kCredential | Property::kWriteOnly }, |
Ben Chan | 7372878 | 2013-09-20 13:40:54 -0700 | [diff] [blame] | 88 | { kOpenVPNPasswordProperty, Property::kCredential | Property::kWriteOnly }, |
| 89 | { kOpenVPNPinProperty, Property::kCredential }, |
| 90 | { kOpenVPNPortProperty, 0 }, |
| 91 | { kOpenVPNProtoProperty, 0 }, |
| 92 | { kOpenVPNProviderProperty, 0 }, |
| 93 | { kOpenVPNPushPeerInfoProperty, 0 }, |
| 94 | { kOpenVPNRemoteCertEKUProperty, 0 }, |
| 95 | { kOpenVPNRemoteCertKUProperty, 0 }, |
| 96 | { kOpenVPNRemoteCertTLSProperty, 0 }, |
| 97 | { kOpenVPNRenegSecProperty, 0 }, |
| 98 | { kOpenVPNServerPollTimeoutProperty, 0 }, |
| 99 | { kOpenVPNShaperProperty, 0 }, |
| 100 | { kOpenVPNStaticChallengeProperty, 0 }, |
| 101 | { kOpenVPNTLSAuthContentsProperty, 0 }, |
| 102 | { kOpenVPNTLSRemoteProperty, 0 }, |
Paul Stewart | b576823 | 2014-02-27 07:21:34 -0800 | [diff] [blame] | 103 | { kOpenVPNTokenProperty, |
| 104 | Property::kEphemeral | Property::kCredential | Property::kWriteOnly }, |
Ben Chan | 7372878 | 2013-09-20 13:40:54 -0700 | [diff] [blame] | 105 | { kOpenVPNUserProperty, 0 }, |
| 106 | { kProviderHostProperty, 0 }, |
| 107 | { kProviderTypeProperty, 0 }, |
Paul Stewart | 0f9c930 | 2013-06-14 15:41:28 -0700 | [diff] [blame] | 108 | { kOpenVPNCaCertPemProperty, Property::kArray }, |
Darin Petkov | 1847d79 | 2012-04-17 11:33:06 +0200 | [diff] [blame] | 109 | { kOpenVPNCertProperty, 0 }, |
Paul Stewart | f3b6d57 | 2013-06-17 09:35:33 -0700 | [diff] [blame] | 110 | { kOpenVPNExtraCertPemProperty, Property::kArray }, |
Darin Petkov | 1847d79 | 2012-04-17 11:33:06 +0200 | [diff] [blame] | 111 | { kOpenVPNKeyProperty, 0 }, |
| 112 | { kOpenVPNPingExitProperty, 0 }, |
| 113 | { kOpenVPNPingProperty, 0 }, |
| 114 | { kOpenVPNPingRestartProperty, 0 }, |
| 115 | { kOpenVPNTLSAuthProperty, 0 }, |
| 116 | { kOpenVPNVerbProperty, 0 }, |
Paul Stewart | 8343c0b | 2013-09-30 11:58:54 -0700 | [diff] [blame] | 117 | { kOpenVPNVerifyHashProperty, 0 }, |
| 118 | { kOpenVPNVerifyX509NameProperty, 0 }, |
| 119 | { kOpenVPNVerifyX509TypeProperty, 0 }, |
Darin Petkov | 1847d79 | 2012-04-17 11:33:06 +0200 | [diff] [blame] | 120 | { kVPNMTUProperty, 0 }, |
Darin Petkov | f3c71d7 | 2012-03-21 12:32:15 +0100 | [diff] [blame] | 121 | }; |
Paul Stewart | 291a473 | 2012-03-14 19:19:02 -0700 | [diff] [blame] | 122 | |
Darin Petkov | 1a462de | 2012-05-02 11:10:48 +0200 | [diff] [blame] | 123 | const char OpenVPNDriver::kLSBReleaseFile[] = "/etc/lsb-release"; |
Darin Petkov | 1a462de | 2012-05-02 11:10:48 +0200 | [diff] [blame] | 124 | const char OpenVPNDriver::kChromeOSReleaseName[] = "CHROMEOS_RELEASE_NAME"; |
Darin Petkov | 1a462de | 2012-05-02 11:10:48 +0200 | [diff] [blame] | 125 | const char OpenVPNDriver::kChromeOSReleaseVersion[] = |
| 126 | "CHROMEOS_RELEASE_VERSION"; |
Paul Stewart | b26347a | 2013-08-02 12:12:09 -0700 | [diff] [blame] | 127 | |
| 128 | // Directory where OpenVPN configuration files are exported while the |
| 129 | // process is running. |
| 130 | const char OpenVPNDriver::kDefaultOpenVPNConfigurationDirectory[] = |
| 131 | RUNDIR "/openvpn_config"; |
| 132 | |
Darin Petkov | 0cd0d1e | 2013-02-11 12:49:10 +0100 | [diff] [blame] | 133 | const int OpenVPNDriver::kReconnectOfflineTimeoutSeconds = 2 * 60; |
| 134 | const int OpenVPNDriver::kReconnectTLSErrorTimeoutSeconds = 20; |
Darin Petkov | 1a462de | 2012-05-02 11:10:48 +0200 | [diff] [blame] | 135 | |
Darin Petkov | a9b1fed | 2012-02-29 11:49:05 +0100 | [diff] [blame] | 136 | OpenVPNDriver::OpenVPNDriver(ControlInterface *control, |
Darin Petkov | f20994f | 2012-03-05 16:12:19 +0100 | [diff] [blame] | 137 | EventDispatcher *dispatcher, |
| 138 | Metrics *metrics, |
| 139 | Manager *manager, |
Paul Stewart | ca6abd4 | 2012-03-01 15:45:29 -0800 | [diff] [blame] | 140 | DeviceInfo *device_info, |
Paul Stewart | 451aa7f | 2012-04-11 19:07:58 -0700 | [diff] [blame] | 141 | GLib *glib) |
Darin Petkov | 602303f | 2012-06-06 12:15:59 +0200 | [diff] [blame] | 142 | : VPNDriver(dispatcher, manager, kProperties, arraysize(kProperties)), |
Darin Petkov | b451d6e | 2012-04-23 11:56:41 +0200 | [diff] [blame] | 143 | control_(control), |
Darin Petkov | f20994f | 2012-03-05 16:12:19 +0100 | [diff] [blame] | 144 | metrics_(metrics), |
Paul Stewart | ca6abd4 | 2012-03-01 15:45:29 -0800 | [diff] [blame] | 145 | device_info_(device_info), |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 146 | glib_(glib), |
Darin Petkov | 4646302 | 2012-03-29 14:57:32 +0200 | [diff] [blame] | 147 | management_server_(new OpenVPNManagementServer(this, glib)), |
Paul Stewart | eb713e8 | 2013-06-28 14:51:54 -0700 | [diff] [blame] | 148 | certificate_file_(new CertificateFile()), |
Paul Stewart | 8343c0b | 2013-09-30 11:58:54 -0700 | [diff] [blame] | 149 | extra_certificates_file_(new CertificateFile()), |
Darin Petkov | 5a85047 | 2012-06-06 15:44:24 +0200 | [diff] [blame] | 150 | process_killer_(ProcessKiller::GetInstance()), |
Darin Petkov | 1a462de | 2012-05-02 11:10:48 +0200 | [diff] [blame] | 151 | lsb_release_file_(kLSBReleaseFile), |
Paul Stewart | b26347a | 2013-08-02 12:12:09 -0700 | [diff] [blame] | 152 | openvpn_config_directory_(kDefaultOpenVPNConfigurationDirectory), |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 153 | pid_(0), |
Darin Petkov | a5e07ef | 2012-07-09 14:27:57 +0200 | [diff] [blame] | 154 | child_watch_tag_(0), |
| 155 | default_service_callback_tag_(0) {} |
Darin Petkov | 33af05c | 2012-02-28 10:10:30 +0100 | [diff] [blame] | 156 | |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 157 | OpenVPNDriver::~OpenVPNDriver() { |
Darin Petkov | aba8932 | 2013-03-11 14:48:22 +0100 | [diff] [blame] | 158 | IdleService(); |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 159 | } |
| 160 | |
Darin Petkov | aba8932 | 2013-03-11 14:48:22 +0100 | [diff] [blame] | 161 | void OpenVPNDriver::IdleService() { |
Darin Petkov | 1c049c7 | 2013-03-21 13:15:45 +0100 | [diff] [blame] | 162 | Cleanup(Service::kStateIdle, |
| 163 | Service::kFailureUnknown, |
| 164 | Service::kErrorDetailsNone); |
Darin Petkov | aba8932 | 2013-03-11 14:48:22 +0100 | [diff] [blame] | 165 | } |
| 166 | |
Darin Petkov | 1c049c7 | 2013-03-21 13:15:45 +0100 | [diff] [blame] | 167 | void OpenVPNDriver::FailService(Service::ConnectFailure failure, |
| 168 | const string &error_details) { |
| 169 | Cleanup(Service::kStateFailure, failure, error_details); |
Darin Petkov | aba8932 | 2013-03-11 14:48:22 +0100 | [diff] [blame] | 170 | } |
| 171 | |
| 172 | void OpenVPNDriver::Cleanup(Service::ConnectState state, |
Darin Petkov | 1c049c7 | 2013-03-21 13:15:45 +0100 | [diff] [blame] | 173 | Service::ConnectFailure failure, |
Darin Petkov | aba8932 | 2013-03-11 14:48:22 +0100 | [diff] [blame] | 174 | const string &error_details) { |
Ben Chan | fad4a0b | 2012-04-18 15:49:59 -0700 | [diff] [blame] | 175 | SLOG(VPN, 2) << __func__ << "(" << Service::ConnectStateToString(state) |
Darin Petkov | aba8932 | 2013-03-11 14:48:22 +0100 | [diff] [blame] | 176 | << ", " << error_details << ")"; |
Darin Petkov | 602303f | 2012-06-06 12:15:59 +0200 | [diff] [blame] | 177 | StopConnectTimeout(); |
Darin Petkov | 84a9553 | 2013-03-13 12:24:45 +0100 | [diff] [blame] | 178 | if (child_watch_tag_) { |
| 179 | glib_->SourceRemove(child_watch_tag_); |
| 180 | child_watch_tag_ = 0; |
| 181 | } |
| 182 | // Disconnecting the management interface will terminate the openvpn |
| 183 | // process. Ensure this is handled robustly by first removing the child watch |
| 184 | // above and then terminating and reaping the process through ProcessKiller. |
Darin Petkov | 4646302 | 2012-03-29 14:57:32 +0200 | [diff] [blame] | 185 | management_server_->Stop(); |
Darin Petkov | 1fa8194 | 2012-04-02 11:38:08 +0200 | [diff] [blame] | 186 | if (!tls_auth_file_.empty()) { |
Ben Chan | a0ddf46 | 2014-02-06 11:32:42 -0800 | [diff] [blame] | 187 | base::DeleteFile(tls_auth_file_, false); |
Darin Petkov | 1fa8194 | 2012-04-02 11:38:08 +0200 | [diff] [blame] | 188 | tls_auth_file_.clear(); |
| 189 | } |
Paul Stewart | b26347a | 2013-08-02 12:12:09 -0700 | [diff] [blame] | 190 | if (!openvpn_config_file_.empty()) { |
Ben Chan | a0ddf46 | 2014-02-06 11:32:42 -0800 | [diff] [blame] | 191 | base::DeleteFile(openvpn_config_file_, false); |
Paul Stewart | b26347a | 2013-08-02 12:12:09 -0700 | [diff] [blame] | 192 | openvpn_config_file_.clear(); |
| 193 | } |
Darin Petkov | a5e07ef | 2012-07-09 14:27:57 +0200 | [diff] [blame] | 194 | if (default_service_callback_tag_) { |
| 195 | manager()->DeregisterDefaultServiceCallback(default_service_callback_tag_); |
| 196 | default_service_callback_tag_ = 0; |
| 197 | } |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 198 | rpc_task_.reset(); |
Darin Petkov | 5a85047 | 2012-06-06 15:44:24 +0200 | [diff] [blame] | 199 | int interface_index = -1; |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 200 | if (device_) { |
Darin Petkov | 5a85047 | 2012-06-06 15:44:24 +0200 | [diff] [blame] | 201 | interface_index = device_->interface_index(); |
mukesh agrawal | 9da0777 | 2013-05-15 14:15:17 -0700 | [diff] [blame] | 202 | device_->DropConnection(); |
Eric Shienbrood | 9a24553 | 2012-03-07 14:20:39 -0500 | [diff] [blame] | 203 | device_->SetEnabled(false); |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 204 | device_ = NULL; |
Darin Petkov | 5a85047 | 2012-06-06 15:44:24 +0200 | [diff] [blame] | 205 | } |
| 206 | if (pid_) { |
| 207 | Closure callback; |
| 208 | if (interface_index >= 0) { |
| 209 | callback = |
| 210 | Bind(&DeleteInterface, device_info_->AsWeakPtr(), interface_index); |
| 211 | interface_index = -1; |
| 212 | } |
| 213 | process_killer_->Kill(pid_, callback); |
| 214 | pid_ = 0; |
| 215 | } |
| 216 | if (interface_index >= 0) { |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 217 | device_info_->DeleteInterface(interface_index); |
| 218 | } |
| 219 | tunnel_interface_.clear(); |
Darin Petkov | 79d74c9 | 2012-03-07 17:20:32 +0100 | [diff] [blame] | 220 | if (service_) { |
Darin Petkov | 1c049c7 | 2013-03-21 13:15:45 +0100 | [diff] [blame] | 221 | if (state == Service::kStateFailure) { |
| 222 | service_->SetErrorDetails(error_details); |
| 223 | service_->SetFailure(failure); |
| 224 | } else { |
| 225 | service_->SetState(state); |
| 226 | } |
Darin Petkov | 79d74c9 | 2012-03-07 17:20:32 +0100 | [diff] [blame] | 227 | service_ = NULL; |
| 228 | } |
Darin Petkov | 3189a47 | 2012-10-05 09:55:33 +0200 | [diff] [blame] | 229 | ip_properties_ = IPConfig::Properties(); |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 230 | } |
| 231 | |
Paul Stewart | 406c473 | 2013-08-01 09:30:12 -0700 | [diff] [blame] | 232 | // static |
Paul Stewart | b26347a | 2013-08-02 12:12:09 -0700 | [diff] [blame] | 233 | string OpenVPNDriver::JoinOptions(const vector<vector<string>> &options, |
| 234 | char separator) { |
Paul Stewart | 406c473 | 2013-08-01 09:30:12 -0700 | [diff] [blame] | 235 | vector<string> option_strings; |
| 236 | for (const auto &option : options) { |
Paul Stewart | 7590d6f | 2013-08-07 12:47:39 -0700 | [diff] [blame] | 237 | vector<string> quoted_option; |
| 238 | for (const auto &argument : option) { |
| 239 | if (argument.find(' ') != string::npos || |
| 240 | argument.find('\t') != string::npos || |
| 241 | argument.find('"') != string::npos || |
| 242 | argument.find(separator) != string::npos) { |
| 243 | string quoted_argument(argument); |
| 244 | const char separator_chars[] = { separator, '\0' }; |
Ben Chan | a0ddf46 | 2014-02-06 11:32:42 -0800 | [diff] [blame] | 245 | base::ReplaceChars(argument, separator_chars, " ", "ed_argument); |
| 246 | base::ReplaceChars(quoted_argument, "\\", "\\\\", "ed_argument); |
| 247 | base::ReplaceChars(quoted_argument, "\"", "\\\"", "ed_argument); |
Paul Stewart | 7590d6f | 2013-08-07 12:47:39 -0700 | [diff] [blame] | 248 | quoted_option.push_back("\"" + quoted_argument + "\""); |
| 249 | } else { |
| 250 | quoted_option.push_back(argument); |
| 251 | } |
| 252 | } |
| 253 | option_strings.push_back(JoinString(quoted_option, ' ')); |
Paul Stewart | 406c473 | 2013-08-01 09:30:12 -0700 | [diff] [blame] | 254 | } |
Paul Stewart | b26347a | 2013-08-02 12:12:09 -0700 | [diff] [blame] | 255 | return JoinString(option_strings, separator); |
| 256 | } |
| 257 | |
| 258 | bool OpenVPNDriver::WriteConfigFile( |
| 259 | const vector<vector<string>> &options, |
| 260 | FilePath *config_file) { |
Ben Chan | a0ddf46 | 2014-02-06 11:32:42 -0800 | [diff] [blame] | 261 | if (!base::DirectoryExists(openvpn_config_directory_)) { |
| 262 | if (!base::CreateDirectory(openvpn_config_directory_)) { |
Paul Stewart | b26347a | 2013-08-02 12:12:09 -0700 | [diff] [blame] | 263 | LOG(ERROR) << "Unable to create configuration directory " |
| 264 | << openvpn_config_directory_.value(); |
| 265 | return false; |
| 266 | } |
| 267 | if (chmod(openvpn_config_directory_.value().c_str(), S_IRWXU)) { |
| 268 | LOG(ERROR) << "Failed to set permissions on " |
| 269 | << openvpn_config_directory_.value(); |
Ben Chan | a0ddf46 | 2014-02-06 11:32:42 -0800 | [diff] [blame] | 270 | base::DeleteFile(openvpn_config_directory_, true); |
Paul Stewart | b26347a | 2013-08-02 12:12:09 -0700 | [diff] [blame] | 271 | return false; |
| 272 | } |
| 273 | } |
| 274 | |
| 275 | string contents = JoinOptions(options, '\n'); |
| 276 | contents.push_back('\n'); |
Ben Chan | a0ddf46 | 2014-02-06 11:32:42 -0800 | [diff] [blame] | 277 | if (!base::CreateTemporaryFileInDir(openvpn_config_directory_, config_file) || |
Ben Chan | 6fbf64f | 2014-05-21 18:07:01 -0700 | [diff] [blame] | 278 | base::WriteFile(*config_file, contents.data(), contents.size()) != |
Ben Chan | a0ddf46 | 2014-02-06 11:32:42 -0800 | [diff] [blame] | 279 | static_cast<int>(contents.size())) { |
Paul Stewart | b26347a | 2013-08-02 12:12:09 -0700 | [diff] [blame] | 280 | LOG(ERROR) << "Unable to setup OpenVPN config file."; |
| 281 | return false; |
| 282 | } |
| 283 | return true; |
Paul Stewart | 406c473 | 2013-08-01 09:30:12 -0700 | [diff] [blame] | 284 | } |
| 285 | |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 286 | bool OpenVPNDriver::SpawnOpenVPN() { |
Ben Chan | fad4a0b | 2012-04-18 15:49:59 -0700 | [diff] [blame] | 287 | SLOG(VPN, 2) << __func__ << "(" << tunnel_interface_ << ")"; |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 288 | |
Paul Stewart | 406c473 | 2013-08-01 09:30:12 -0700 | [diff] [blame] | 289 | vector<vector<string>> options; |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 290 | Error error; |
| 291 | InitOptions(&options, &error); |
| 292 | if (error.IsFailure()) { |
| 293 | return false; |
| 294 | } |
Paul Stewart | b26347a | 2013-08-02 12:12:09 -0700 | [diff] [blame] | 295 | LOG(INFO) << "OpenVPN process options: " << JoinOptions(options, ','); |
| 296 | if (!WriteConfigFile(options, &openvpn_config_file_)) { |
| 297 | return false; |
| 298 | } |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 299 | |
mukesh agrawal | ae30e9e | 2013-05-28 14:09:16 -0700 | [diff] [blame] | 300 | // TODO(quiche): This should be migrated to use ExternalTask. |
| 301 | // (crbug.com/246263). |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 302 | vector<char *> process_args; |
| 303 | process_args.push_back(const_cast<char *>(kOpenVPNPath)); |
Paul Stewart | b26347a | 2013-08-02 12:12:09 -0700 | [diff] [blame] | 304 | process_args.push_back(const_cast<char *>("--config")); |
| 305 | process_args.push_back(const_cast<char *>( |
| 306 | openvpn_config_file_.value().c_str())); |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 307 | process_args.push_back(NULL); |
Darin Petkov | 1a462de | 2012-05-02 11:10:48 +0200 | [diff] [blame] | 308 | |
| 309 | vector<string> environment; |
| 310 | InitEnvironment(&environment); |
| 311 | |
| 312 | vector<char *> process_env; |
Paul Stewart | 406c473 | 2013-08-01 09:30:12 -0700 | [diff] [blame] | 313 | for (const auto &environment_variable : environment) { |
| 314 | process_env.push_back(const_cast<char *>(environment_variable.c_str())); |
Darin Petkov | 1a462de | 2012-05-02 11:10:48 +0200 | [diff] [blame] | 315 | } |
| 316 | process_env.push_back(NULL); |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 317 | |
| 318 | CHECK(!pid_); |
Darin Petkov | 68710d7 | 2013-02-13 14:22:56 +0100 | [diff] [blame] | 319 | if (!glib_->SpawnAsync(NULL, |
| 320 | process_args.data(), |
| 321 | process_env.data(), |
| 322 | G_SPAWN_DO_NOT_REAP_CHILD, |
| 323 | NULL, |
| 324 | NULL, |
| 325 | &pid_, |
| 326 | NULL)) { |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 327 | LOG(ERROR) << "Unable to spawn: " << kOpenVPNPath; |
| 328 | return false; |
| 329 | } |
| 330 | CHECK(!child_watch_tag_); |
| 331 | child_watch_tag_ = glib_->ChildWatchAdd(pid_, OnOpenVPNDied, this); |
| 332 | return true; |
| 333 | } |
| 334 | |
| 335 | // static |
| 336 | void OpenVPNDriver::OnOpenVPNDied(GPid pid, gint status, gpointer data) { |
Ben Chan | fad4a0b | 2012-04-18 15:49:59 -0700 | [diff] [blame] | 337 | SLOG(VPN, 2) << __func__ << "(" << pid << ", " << status << ")"; |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 338 | OpenVPNDriver *me = reinterpret_cast<OpenVPNDriver *>(data); |
| 339 | me->child_watch_tag_ = 0; |
| 340 | CHECK_EQ(pid, me->pid_); |
Darin Petkov | 5a85047 | 2012-06-06 15:44:24 +0200 | [diff] [blame] | 341 | me->pid_ = 0; |
Darin Petkov | 1c049c7 | 2013-03-21 13:15:45 +0100 | [diff] [blame] | 342 | me->FailService(Service::kFailureInternal, Service::kErrorDetailsNone); |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 343 | // TODO(petkov): Figure if we need to restart the connection. |
| 344 | } |
Darin Petkov | 33af05c | 2012-02-28 10:10:30 +0100 | [diff] [blame] | 345 | |
Darin Petkov | 5a85047 | 2012-06-06 15:44:24 +0200 | [diff] [blame] | 346 | // static |
Darin Petkov | 5dbd261 | 2012-06-07 16:22:16 +0200 | [diff] [blame] | 347 | void OpenVPNDriver::DeleteInterface(const WeakPtr<DeviceInfo> &device_info, |
Darin Petkov | 5a85047 | 2012-06-06 15:44:24 +0200 | [diff] [blame] | 348 | int interface_index) { |
| 349 | if (device_info) { |
| 350 | LOG(INFO) << "Deleting interface " << interface_index; |
| 351 | device_info->DeleteInterface(interface_index); |
| 352 | } |
| 353 | } |
| 354 | |
Paul Stewart | ca6abd4 | 2012-03-01 15:45:29 -0800 | [diff] [blame] | 355 | bool OpenVPNDriver::ClaimInterface(const string &link_name, |
| 356 | int interface_index) { |
| 357 | if (link_name != tunnel_interface_) { |
| 358 | return false; |
| 359 | } |
| 360 | |
Ben Chan | fad4a0b | 2012-04-18 15:49:59 -0700 | [diff] [blame] | 361 | SLOG(VPN, 2) << "Claiming " << link_name << " for OpenVPN tunnel"; |
Paul Stewart | ca6abd4 | 2012-03-01 15:45:29 -0800 | [diff] [blame] | 362 | |
Darin Petkov | f20994f | 2012-03-05 16:12:19 +0100 | [diff] [blame] | 363 | CHECK(!device_); |
mukesh agrawal | 9da0777 | 2013-05-15 14:15:17 -0700 | [diff] [blame] | 364 | device_ = new VirtualDevice(control_, dispatcher(), metrics_, manager(), |
| 365 | link_name, interface_index, Technology::kVPN); |
Eric Shienbrood | 9a24553 | 2012-03-07 14:20:39 -0500 | [diff] [blame] | 366 | device_->SetEnabled(true); |
Eric Shienbrood | 9a24553 | 2012-03-07 14:20:39 -0500 | [diff] [blame] | 367 | |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 368 | rpc_task_.reset(new RPCTask(control_, this)); |
Darin Petkov | 1c049c7 | 2013-03-21 13:15:45 +0100 | [diff] [blame] | 369 | if (SpawnOpenVPN()) { |
Darin Petkov | 68710d7 | 2013-02-13 14:22:56 +0100 | [diff] [blame] | 370 | default_service_callback_tag_ = |
| 371 | manager()->RegisterDefaultServiceCallback( |
| 372 | Bind(&OpenVPNDriver::OnDefaultServiceChanged, Unretained(this))); |
Darin Petkov | 1c049c7 | 2013-03-21 13:15:45 +0100 | [diff] [blame] | 373 | } else { |
| 374 | FailService(Service::kFailureInternal, Service::kErrorDetailsNone); |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 375 | } |
Paul Stewart | ca6abd4 | 2012-03-01 15:45:29 -0800 | [diff] [blame] | 376 | return true; |
| 377 | } |
| 378 | |
Darin Petkov | 209e629 | 2012-04-20 11:33:32 +0200 | [diff] [blame] | 379 | void OpenVPNDriver::GetLogin(string */*user*/, string */*password*/) { |
| 380 | NOTREACHED(); |
| 381 | } |
| 382 | |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 383 | void OpenVPNDriver::Notify(const string &reason, |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 384 | const map<string, string> &dict) { |
Darin Petkov | 602303f | 2012-06-06 12:15:59 +0200 | [diff] [blame] | 385 | LOG(INFO) << "IP configuration received: " << reason; |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 386 | if (reason != "up") { |
mukesh agrawal | 9da0777 | 2013-05-15 14:15:17 -0700 | [diff] [blame] | 387 | device_->DropConnection(); |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 388 | return; |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 389 | } |
Darin Petkov | 3189a47 | 2012-10-05 09:55:33 +0200 | [diff] [blame] | 390 | // On restart/reconnect, update the existing IP configuration. |
| 391 | ParseIPConfiguration(dict, &ip_properties_); |
| 392 | device_->SelectService(service_); |
| 393 | device_->UpdateIPConfig(ip_properties_); |
Paul Stewart | 91a43cb | 2013-03-02 21:34:15 -0800 | [diff] [blame] | 394 | ReportConnectionMetrics(); |
Darin Petkov | 602303f | 2012-06-06 12:15:59 +0200 | [diff] [blame] | 395 | StopConnectTimeout(); |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 396 | } |
| 397 | |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 398 | void OpenVPNDriver::ParseIPConfiguration( |
| 399 | const map<string, string> &configuration, |
Paul Stewart | c8e3ef9 | 2014-05-08 13:27:25 -0700 | [diff] [blame] | 400 | IPConfig::Properties *properties) const { |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 401 | ForeignOptions foreign_options; |
Darin Petkov | 6059674 | 2012-03-05 12:17:17 +0100 | [diff] [blame] | 402 | RouteOptions routes; |
Paul Stewart | a64b7d7 | 2014-05-09 10:11:39 -0700 | [diff] [blame] | 403 | bool is_gateway_route_required = false; |
| 404 | |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 405 | properties->address_family = IPAddress::kFamilyIPv4; |
Darin Petkov | e8587e3 | 2012-07-02 13:56:07 +0200 | [diff] [blame] | 406 | if (!properties->subnet_prefix) { |
| 407 | properties->subnet_prefix = |
| 408 | IPAddress::GetMaxPrefixLength(properties->address_family); |
| 409 | } |
Paul Stewart | 406c473 | 2013-08-01 09:30:12 -0700 | [diff] [blame] | 410 | for (const auto &configuration_map : configuration) { |
| 411 | const string &key = configuration_map.first; |
| 412 | const string &value = configuration_map.second; |
Ben Chan | fad4a0b | 2012-04-18 15:49:59 -0700 | [diff] [blame] | 413 | SLOG(VPN, 2) << "Processing: " << key << " -> " << value; |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 414 | if (LowerCaseEqualsASCII(key, kOpenVPNIfconfigLocal)) { |
| 415 | properties->address = value; |
| 416 | } else if (LowerCaseEqualsASCII(key, kOpenVPNIfconfigBroadcast)) { |
| 417 | properties->broadcast_address = value; |
| 418 | } else if (LowerCaseEqualsASCII(key, kOpenVPNIfconfigNetmask)) { |
Paul Stewart | 48100b0 | 2012-03-19 07:53:52 -0700 | [diff] [blame] | 419 | properties->subnet_prefix = |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 420 | IPAddress::GetPrefixLengthFromMask(properties->address_family, value); |
| 421 | } else if (LowerCaseEqualsASCII(key, kOpenVPNIfconfigRemote)) { |
Paul Stewart | 4698c1a | 2013-05-16 15:42:19 -0700 | [diff] [blame] | 422 | if (StartsWithASCII(value, kSuspectedNetmaskPrefix, false)) { |
| 423 | LOG(WARNING) << "Option " << key << " value " << value |
| 424 | << " looks more like a netmask than a peer address; " |
| 425 | << "assuming it is the former."; |
| 426 | // In this situation, the "peer_address" value will be left |
| 427 | // unset and Connection::UpdateFromIPConfig() will treat the |
| 428 | // interface as if it were a broadcast-style network. The |
| 429 | // kernel will, automatically set the peer address equal to |
| 430 | // the local address. |
| 431 | properties->subnet_prefix = |
| 432 | IPAddress::GetPrefixLengthFromMask(properties->address_family, |
| 433 | value); |
| 434 | } else { |
| 435 | properties->peer_address = value; |
| 436 | } |
Paul Stewart | a64b7d7 | 2014-05-09 10:11:39 -0700 | [diff] [blame] | 437 | } else if (LowerCaseEqualsASCII(key, kOpenVPNRedirectGateway) || |
| 438 | LowerCaseEqualsASCII(key, kOpenVPNRedirectPrivate)) { |
| 439 | is_gateway_route_required = true; |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 440 | } else if (LowerCaseEqualsASCII(key, kOpenVPNRouteVPNGateway)) { |
Paul Stewart | a64b7d7 | 2014-05-09 10:11:39 -0700 | [diff] [blame] | 441 | properties->gateway = value; |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 442 | } else if (LowerCaseEqualsASCII(key, kOpenVPNTrustedIP)) { |
Paul Stewart | ce4ec19 | 2012-03-14 12:53:46 -0700 | [diff] [blame] | 443 | properties->trusted_ip = value; |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 444 | } else if (LowerCaseEqualsASCII(key, kOpenVPNTunMTU)) { |
| 445 | int mtu = 0; |
| 446 | if (base::StringToInt(value, &mtu) && mtu >= DHCPConfig::kMinMTU) { |
| 447 | properties->mtu = mtu; |
| 448 | } else { |
| 449 | LOG(ERROR) << "MTU " << value << " ignored."; |
| 450 | } |
| 451 | } else if (StartsWithASCII(key, kOpenVPNForeignOptionPrefix, false)) { |
| 452 | const string suffix = key.substr(strlen(kOpenVPNForeignOptionPrefix)); |
| 453 | int order = 0; |
| 454 | if (base::StringToInt(suffix, &order)) { |
| 455 | foreign_options[order] = value; |
| 456 | } else { |
| 457 | LOG(ERROR) << "Ignored unexpected foreign option suffix: " << suffix; |
| 458 | } |
| 459 | } else if (StartsWithASCII(key, kOpenVPNRouteOptionPrefix, false)) { |
Darin Petkov | 6059674 | 2012-03-05 12:17:17 +0100 | [diff] [blame] | 460 | ParseRouteOption(key.substr(strlen(kOpenVPNRouteOptionPrefix)), |
| 461 | value, &routes); |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 462 | } else { |
Ben Chan | fad4a0b | 2012-04-18 15:49:59 -0700 | [diff] [blame] | 463 | SLOG(VPN, 2) << "Key ignored."; |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 464 | } |
| 465 | } |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 466 | ParseForeignOptions(foreign_options, properties); |
Darin Petkov | 6059674 | 2012-03-05 12:17:17 +0100 | [diff] [blame] | 467 | SetRoutes(routes, properties); |
Paul Stewart | a64b7d7 | 2014-05-09 10:11:39 -0700 | [diff] [blame] | 468 | |
| 469 | if (const_args()->ContainsString(kOpenVPNIgnoreDefaultRouteProperty)) { |
| 470 | if (is_gateway_route_required) { |
| 471 | LOG(INFO) << "Configuration request to ignore default route is " |
| 472 | << "overridden by the remote server."; |
| 473 | } else { |
| 474 | SLOG(VPN, 2) << "Ignoring default route parameter as requested by " |
| 475 | << "configuration."; |
| 476 | properties->gateway.clear(); |
| 477 | } |
| 478 | } |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 479 | } |
| 480 | |
| 481 | // static |
| 482 | void OpenVPNDriver::ParseForeignOptions(const ForeignOptions &options, |
| 483 | IPConfig::Properties *properties) { |
Darin Petkov | e8587e3 | 2012-07-02 13:56:07 +0200 | [diff] [blame] | 484 | vector<string> domain_search; |
| 485 | vector<string> dns_servers; |
Paul Stewart | 406c473 | 2013-08-01 09:30:12 -0700 | [diff] [blame] | 486 | for (const auto &option_map : options) { |
| 487 | ParseForeignOption(option_map.second, &domain_search, &dns_servers); |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 488 | } |
Darin Petkov | e8587e3 | 2012-07-02 13:56:07 +0200 | [diff] [blame] | 489 | if (!domain_search.empty()) { |
| 490 | properties->domain_search.swap(domain_search); |
| 491 | } |
| 492 | LOG_IF(WARNING, properties->domain_search.empty()) |
| 493 | << "No search domains provided."; |
| 494 | if (!dns_servers.empty()) { |
| 495 | properties->dns_servers.swap(dns_servers); |
| 496 | } |
| 497 | LOG_IF(WARNING, properties->dns_servers.empty()) |
| 498 | << "No DNS servers provided."; |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 499 | } |
| 500 | |
| 501 | // static |
| 502 | void OpenVPNDriver::ParseForeignOption(const string &option, |
Darin Petkov | e8587e3 | 2012-07-02 13:56:07 +0200 | [diff] [blame] | 503 | vector<string> *domain_search, |
| 504 | vector<string> *dns_servers) { |
Ben Chan | fad4a0b | 2012-04-18 15:49:59 -0700 | [diff] [blame] | 505 | SLOG(VPN, 2) << __func__ << "(" << option << ")"; |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 506 | vector<string> tokens; |
Darin Petkov | 78f6326 | 2012-03-26 01:30:24 +0200 | [diff] [blame] | 507 | SplitString(option, ' ', &tokens); |
| 508 | if (tokens.size() != 3 || !LowerCaseEqualsASCII(tokens[0], "dhcp-option")) { |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 509 | return; |
| 510 | } |
| 511 | if (LowerCaseEqualsASCII(tokens[1], "domain")) { |
Darin Petkov | e8587e3 | 2012-07-02 13:56:07 +0200 | [diff] [blame] | 512 | domain_search->push_back(tokens[2]); |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 513 | } else if (LowerCaseEqualsASCII(tokens[1], "dns")) { |
Darin Petkov | e8587e3 | 2012-07-02 13:56:07 +0200 | [diff] [blame] | 514 | dns_servers->push_back(tokens[2]); |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 515 | } |
| 516 | } |
| 517 | |
Darin Petkov | 6059674 | 2012-03-05 12:17:17 +0100 | [diff] [blame] | 518 | // static |
| 519 | IPConfig::Route *OpenVPNDriver::GetRouteOptionEntry( |
| 520 | const string &prefix, const string &key, RouteOptions *routes) { |
| 521 | int order = 0; |
| 522 | if (!StartsWithASCII(key, prefix, false) || |
| 523 | !base::StringToInt(key.substr(prefix.size()), &order)) { |
| 524 | return NULL; |
| 525 | } |
| 526 | return &(*routes)[order]; |
| 527 | } |
| 528 | |
| 529 | // static |
| 530 | void OpenVPNDriver::ParseRouteOption( |
| 531 | const string &key, const string &value, RouteOptions *routes) { |
| 532 | IPConfig::Route *route = GetRouteOptionEntry("network_", key, routes); |
| 533 | if (route) { |
| 534 | route->host = value; |
| 535 | return; |
| 536 | } |
| 537 | route = GetRouteOptionEntry("netmask_", key, routes); |
| 538 | if (route) { |
| 539 | route->netmask = value; |
| 540 | return; |
| 541 | } |
| 542 | route = GetRouteOptionEntry("gateway_", key, routes); |
| 543 | if (route) { |
| 544 | route->gateway = value; |
| 545 | return; |
| 546 | } |
| 547 | LOG(WARNING) << "Unknown route option ignored: " << key; |
| 548 | } |
| 549 | |
| 550 | // static |
| 551 | void OpenVPNDriver::SetRoutes(const RouteOptions &routes, |
| 552 | IPConfig::Properties *properties) { |
Darin Petkov | e8587e3 | 2012-07-02 13:56:07 +0200 | [diff] [blame] | 553 | vector<IPConfig::Route> new_routes; |
Paul Stewart | 406c473 | 2013-08-01 09:30:12 -0700 | [diff] [blame] | 554 | for (const auto &route_map : routes) { |
| 555 | const IPConfig::Route &route = route_map.second; |
Darin Petkov | 6059674 | 2012-03-05 12:17:17 +0100 | [diff] [blame] | 556 | if (route.host.empty() || route.netmask.empty() || route.gateway.empty()) { |
Paul Stewart | 406c473 | 2013-08-01 09:30:12 -0700 | [diff] [blame] | 557 | LOG(WARNING) << "Ignoring incomplete route: " << route_map.first; |
Darin Petkov | 6059674 | 2012-03-05 12:17:17 +0100 | [diff] [blame] | 558 | continue; |
| 559 | } |
Darin Petkov | e8587e3 | 2012-07-02 13:56:07 +0200 | [diff] [blame] | 560 | new_routes.push_back(route); |
Darin Petkov | 6059674 | 2012-03-05 12:17:17 +0100 | [diff] [blame] | 561 | } |
Darin Petkov | e8587e3 | 2012-07-02 13:56:07 +0200 | [diff] [blame] | 562 | if (!new_routes.empty()) { |
| 563 | properties->routes.swap(new_routes); |
| 564 | } |
| 565 | LOG_IF(WARNING, properties->routes.empty()) << "No routes provided."; |
Darin Petkov | 6059674 | 2012-03-05 12:17:17 +0100 | [diff] [blame] | 566 | } |
| 567 | |
Darin Petkov | 4b94484 | 2012-09-21 10:48:48 +0200 | [diff] [blame] | 568 | // static |
| 569 | bool OpenVPNDriver::SplitPortFromHost( |
| 570 | const string &host, string *name, string *port) { |
| 571 | vector<string> tokens; |
| 572 | SplitString(host, ':', &tokens); |
| 573 | int port_number = 0; |
| 574 | if (tokens.size() != 2 || tokens[0].empty() || tokens[1].empty() || |
| 575 | !IsAsciiDigit(tokens[1][0]) || |
| 576 | !base::StringToInt(tokens[1], &port_number) || port_number > kuint16max) { |
| 577 | return false; |
| 578 | } |
| 579 | *name = tokens[0]; |
| 580 | *port = tokens[1]; |
| 581 | return true; |
| 582 | } |
| 583 | |
Darin Petkov | 602303f | 2012-06-06 12:15:59 +0200 | [diff] [blame] | 584 | void OpenVPNDriver::Connect(const VPNServiceRefPtr &service, Error *error) { |
Darin Petkov | 0cd0d1e | 2013-02-11 12:49:10 +0100 | [diff] [blame] | 585 | StartConnectTimeout(kDefaultConnectTimeoutSeconds); |
Darin Petkov | 79d74c9 | 2012-03-07 17:20:32 +0100 | [diff] [blame] | 586 | service_ = service; |
| 587 | service_->SetState(Service::kStateConfiguring); |
Darin Petkov | f20994f | 2012-03-05 16:12:19 +0100 | [diff] [blame] | 588 | if (!device_info_->CreateTunnelInterface(&tunnel_interface_)) { |
| 589 | Error::PopulateAndLog( |
| 590 | error, Error::kInternalError, "Could not create tunnel interface."); |
Darin Petkov | 1c049c7 | 2013-03-21 13:15:45 +0100 | [diff] [blame] | 591 | FailService(Service::kFailureInternal, Service::kErrorDetailsNone); |
Darin Petkov | f20994f | 2012-03-05 16:12:19 +0100 | [diff] [blame] | 592 | } |
| 593 | // Wait for the ClaimInterface callback to continue the connection process. |
Darin Petkov | 33af05c | 2012-02-28 10:10:30 +0100 | [diff] [blame] | 594 | } |
| 595 | |
Paul Stewart | 406c473 | 2013-08-01 09:30:12 -0700 | [diff] [blame] | 596 | void OpenVPNDriver::InitOptions(vector<vector<string>> *options, Error *error) { |
Ben Chan | 7372878 | 2013-09-20 13:40:54 -0700 | [diff] [blame] | 597 | string vpnhost = args()->LookupString(kProviderHostProperty, ""); |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 598 | if (vpnhost.empty()) { |
| 599 | Error::PopulateAndLog( |
| 600 | error, Error::kInvalidArguments, "VPN host not specified."); |
| 601 | return; |
| 602 | } |
Paul Stewart | b26347a | 2013-08-02 12:12:09 -0700 | [diff] [blame] | 603 | AppendOption("client", options); |
| 604 | AppendOption("tls-client", options); |
Darin Petkov | 4b94484 | 2012-09-21 10:48:48 +0200 | [diff] [blame] | 605 | |
Darin Petkov | 4b94484 | 2012-09-21 10:48:48 +0200 | [diff] [blame] | 606 | string host_name, host_port; |
| 607 | if (SplitPortFromHost(vpnhost, &host_name, &host_port)) { |
| 608 | DCHECK(!host_name.empty()); |
| 609 | DCHECK(!host_port.empty()); |
Paul Stewart | b26347a | 2013-08-02 12:12:09 -0700 | [diff] [blame] | 610 | AppendOption("remote", host_name, host_port, options); |
Darin Petkov | 4b94484 | 2012-09-21 10:48:48 +0200 | [diff] [blame] | 611 | } else { |
Paul Stewart | b26347a | 2013-08-02 12:12:09 -0700 | [diff] [blame] | 612 | AppendOption("remote", vpnhost, options); |
Darin Petkov | 4b94484 | 2012-09-21 10:48:48 +0200 | [diff] [blame] | 613 | } |
| 614 | |
Paul Stewart | b26347a | 2013-08-02 12:12:09 -0700 | [diff] [blame] | 615 | AppendOption("nobind", options); |
| 616 | AppendOption("persist-key", options); |
| 617 | AppendOption("persist-tun", options); |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 618 | |
Darin Petkov | f20994f | 2012-03-05 16:12:19 +0100 | [diff] [blame] | 619 | CHECK(!tunnel_interface_.empty()); |
Paul Stewart | b26347a | 2013-08-02 12:12:09 -0700 | [diff] [blame] | 620 | AppendOption("dev", tunnel_interface_, options); |
| 621 | AppendOption("dev-type", "tun", options); |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 622 | |
Darin Petkov | 55771b7 | 2012-04-25 09:25:19 +0200 | [diff] [blame] | 623 | InitLoggingOptions(options); |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 624 | |
Paul Stewart | b26347a | 2013-08-02 12:12:09 -0700 | [diff] [blame] | 625 | AppendValueOption(kVPNMTUProperty, "mtu", options); |
Ben Chan | 7372878 | 2013-09-20 13:40:54 -0700 | [diff] [blame] | 626 | AppendValueOption(kOpenVPNProtoProperty, "proto", options); |
| 627 | AppendValueOption(kOpenVPNPortProperty, "port", options); |
Paul Stewart | b26347a | 2013-08-02 12:12:09 -0700 | [diff] [blame] | 628 | AppendValueOption(kOpenVPNTLSAuthProperty, "tls-auth", options); |
Darin Petkov | 1fa8194 | 2012-04-02 11:38:08 +0200 | [diff] [blame] | 629 | { |
| 630 | string contents = |
Ben Chan | 7372878 | 2013-09-20 13:40:54 -0700 | [diff] [blame] | 631 | args()->LookupString(kOpenVPNTLSAuthContentsProperty, ""); |
Darin Petkov | 1fa8194 | 2012-04-02 11:38:08 +0200 | [diff] [blame] | 632 | if (!contents.empty()) { |
Ben Chan | a0ddf46 | 2014-02-06 11:32:42 -0800 | [diff] [blame] | 633 | if (!base::CreateTemporaryFile(&tls_auth_file_) || |
Ben Chan | 6fbf64f | 2014-05-21 18:07:01 -0700 | [diff] [blame] | 634 | base::WriteFile(tls_auth_file_, contents.data(), contents.size()) != |
| 635 | static_cast<int>(contents.size())) { |
Darin Petkov | 1fa8194 | 2012-04-02 11:38:08 +0200 | [diff] [blame] | 636 | Error::PopulateAndLog( |
| 637 | error, Error::kInternalError, "Unable to setup tls-auth file."); |
| 638 | return; |
| 639 | } |
Paul Stewart | b26347a | 2013-08-02 12:12:09 -0700 | [diff] [blame] | 640 | AppendOption("tls-auth", tls_auth_file_.value(), options); |
Darin Petkov | 1fa8194 | 2012-04-02 11:38:08 +0200 | [diff] [blame] | 641 | } |
| 642 | } |
Ben Chan | 7372878 | 2013-09-20 13:40:54 -0700 | [diff] [blame] | 643 | AppendValueOption(kOpenVPNTLSRemoteProperty, "tls-remote", options); |
| 644 | AppendValueOption(kOpenVPNCipherProperty, "cipher", options); |
| 645 | AppendValueOption(kOpenVPNAuthProperty, "auth", options); |
| 646 | AppendFlag(kOpenVPNAuthNoCacheProperty, "auth-nocache", options); |
| 647 | AppendValueOption(kOpenVPNAuthRetryProperty, "auth-retry", options); |
| 648 | AppendFlag(kOpenVPNCompLZOProperty, "comp-lzo", options); |
| 649 | AppendFlag(kOpenVPNCompNoAdaptProperty, "comp-noadapt", options); |
| 650 | AppendFlag(kOpenVPNPushPeerInfoProperty, "push-peer-info", options); |
| 651 | AppendValueOption(kOpenVPNRenegSecProperty, "reneg-sec", options); |
| 652 | AppendValueOption(kOpenVPNShaperProperty, "shaper", options); |
| 653 | AppendValueOption(kOpenVPNServerPollTimeoutProperty, |
Paul Stewart | b26347a | 2013-08-02 12:12:09 -0700 | [diff] [blame] | 654 | "server-poll-timeout", options); |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 655 | |
Darin Petkov | ca8a0e6 | 2012-09-26 13:16:52 +0200 | [diff] [blame] | 656 | if (!InitCAOptions(options, error)) { |
Darin Petkov | e0d5dd1 | 2012-04-04 16:10:48 +0200 | [diff] [blame] | 657 | return; |
Darin Petkov | 3c5e4dc | 2012-04-02 14:44:27 +0200 | [diff] [blame] | 658 | } |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 659 | |
Paul Stewart | 8343c0b | 2013-09-30 11:58:54 -0700 | [diff] [blame] | 660 | // Additional remote certificate verification options. |
| 661 | InitCertificateVerifyOptions(options); |
| 662 | if (!InitExtraCertOptions(options, error)) { |
| 663 | return; |
| 664 | } |
| 665 | |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 666 | // Client-side ping support. |
Paul Stewart | b26347a | 2013-08-02 12:12:09 -0700 | [diff] [blame] | 667 | AppendValueOption(kOpenVPNPingProperty, "ping", options); |
| 668 | AppendValueOption(kOpenVPNPingExitProperty, "ping-exit", options); |
| 669 | AppendValueOption(kOpenVPNPingRestartProperty, "ping-restart", options); |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 670 | |
Ben Chan | 7372878 | 2013-09-20 13:40:54 -0700 | [diff] [blame] | 671 | AppendValueOption(kOpenVPNNsCertTypeProperty, "ns-cert-type", options); |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 672 | |
Darin Petkov | 4e1b3f8 | 2012-09-27 13:22:37 +0200 | [diff] [blame] | 673 | InitClientAuthOptions(options); |
Darin Petkov | e0d5dd1 | 2012-04-04 16:10:48 +0200 | [diff] [blame] | 674 | InitPKCS11Options(options); |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 675 | |
| 676 | // TLS suport. |
Darin Petkov | 7f06033 | 2012-03-14 11:46:47 +0100 | [diff] [blame] | 677 | string remote_cert_tls = |
Ben Chan | 7372878 | 2013-09-20 13:40:54 -0700 | [diff] [blame] | 678 | args()->LookupString(kOpenVPNRemoteCertTLSProperty, ""); |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 679 | if (remote_cert_tls.empty()) { |
| 680 | remote_cert_tls = "server"; |
| 681 | } |
| 682 | if (remote_cert_tls != "none") { |
Paul Stewart | b26347a | 2013-08-02 12:12:09 -0700 | [diff] [blame] | 683 | AppendOption("remote-cert-tls", remote_cert_tls, options); |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 684 | } |
| 685 | |
| 686 | // This is an undocumented command line argument that works like a .cfg file |
Paul Stewart | b26347a | 2013-08-02 12:12:09 -0700 | [diff] [blame] | 687 | // entry. TODO(sleffler): Maybe roll this into the "tls-auth" option? |
Ben Chan | 7372878 | 2013-09-20 13:40:54 -0700 | [diff] [blame] | 688 | AppendValueOption(kOpenVPNKeyDirectionProperty, "key-direction", options); |
Ben Chan | 7372878 | 2013-09-20 13:40:54 -0700 | [diff] [blame] | 689 | AppendValueOption(kOpenVPNRemoteCertEKUProperty, "remote-cert-eku", options); |
Paul Stewart | 18145e9 | 2014-01-16 11:30:38 -0800 | [diff] [blame] | 690 | AppendDelimitedValueOption(kOpenVPNRemoteCertKUProperty, |
| 691 | "remote-cert-ku", ' ', options); |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 692 | |
Darin Petkov | e0d5dd1 | 2012-04-04 16:10:48 +0200 | [diff] [blame] | 693 | if (!InitManagementChannelOptions(options, error)) { |
Darin Petkov | 4646302 | 2012-03-29 14:57:32 +0200 | [diff] [blame] | 694 | return; |
| 695 | } |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 696 | |
Darin Petkov | a9b1fed | 2012-02-29 11:49:05 +0100 | [diff] [blame] | 697 | // Setup openvpn-script options and RPC information required to send back |
| 698 | // Layer 3 configuration. |
Paul Stewart | b26347a | 2013-08-02 12:12:09 -0700 | [diff] [blame] | 699 | AppendOption("setenv", kRPCTaskServiceVariable, |
Paul Stewart | 406c473 | 2013-08-01 09:30:12 -0700 | [diff] [blame] | 700 | rpc_task_->GetRpcConnectionIdentifier(), options); |
Paul Stewart | b26347a | 2013-08-02 12:12:09 -0700 | [diff] [blame] | 701 | AppendOption("setenv", kRPCTaskServiceVariable, |
Paul Stewart | 406c473 | 2013-08-01 09:30:12 -0700 | [diff] [blame] | 702 | rpc_task_->GetRpcConnectionIdentifier(), options); |
Paul Stewart | b26347a | 2013-08-02 12:12:09 -0700 | [diff] [blame] | 703 | AppendOption("setenv", kRPCTaskPathVariable, rpc_task_->GetRpcIdentifier(), |
Paul Stewart | 406c473 | 2013-08-01 09:30:12 -0700 | [diff] [blame] | 704 | options); |
Paul Stewart | b26347a | 2013-08-02 12:12:09 -0700 | [diff] [blame] | 705 | AppendOption("script-security", "2", options); |
| 706 | AppendOption("up", kOpenVPNScript, options); |
| 707 | AppendOption("up-restart", options); |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 708 | |
| 709 | // Disable openvpn handling since we do route+ifconfig work. |
Paul Stewart | b26347a | 2013-08-02 12:12:09 -0700 | [diff] [blame] | 710 | AppendOption("route-noexec", options); |
| 711 | AppendOption("ifconfig-noexec", options); |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 712 | |
| 713 | // Drop root privileges on connection and enable callback scripts to send |
| 714 | // notify messages. |
Paul Stewart | b26347a | 2013-08-02 12:12:09 -0700 | [diff] [blame] | 715 | AppendOption("user", "openvpn", options); |
| 716 | AppendOption("group", "openvpn", options); |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 717 | } |
| 718 | |
Paul Stewart | 406c473 | 2013-08-01 09:30:12 -0700 | [diff] [blame] | 719 | bool OpenVPNDriver::InitCAOptions( |
| 720 | vector<vector<string>> *options, Error *error) { |
Darin Petkov | b451d6e | 2012-04-23 11:56:41 +0200 | [diff] [blame] | 721 | string ca_cert = |
Ben Chan | 7372878 | 2013-09-20 13:40:54 -0700 | [diff] [blame] | 722 | args()->LookupString(kOpenVPNCaCertProperty, ""); |
Paul Stewart | 0f9c930 | 2013-06-14 15:41:28 -0700 | [diff] [blame] | 723 | vector<string> ca_cert_pem; |
| 724 | if (args()->ContainsStrings(kOpenVPNCaCertPemProperty)) { |
| 725 | ca_cert_pem = args()->GetStrings(kOpenVPNCaCertPemProperty); |
| 726 | } |
Paul Stewart | 5baebb7 | 2013-03-14 11:43:29 -0700 | [diff] [blame] | 727 | |
| 728 | int num_ca_cert_types = 0; |
| 729 | if (!ca_cert.empty()) |
| 730 | num_ca_cert_types++; |
Paul Stewart | 5baebb7 | 2013-03-14 11:43:29 -0700 | [diff] [blame] | 731 | if (!ca_cert_pem.empty()) |
| 732 | num_ca_cert_types++; |
| 733 | if (num_ca_cert_types == 0) { |
Darin Petkov | ca8a0e6 | 2012-09-26 13:16:52 +0200 | [diff] [blame] | 734 | // Use default CAs if no CA certificate is provided. |
Paul Stewart | b26347a | 2013-08-02 12:12:09 -0700 | [diff] [blame] | 735 | AppendOption("ca", kDefaultCACertificates, options); |
Darin Petkov | ca8a0e6 | 2012-09-26 13:16:52 +0200 | [diff] [blame] | 736 | return true; |
Paul Stewart | 5baebb7 | 2013-03-14 11:43:29 -0700 | [diff] [blame] | 737 | } else if (num_ca_cert_types > 1) { |
| 738 | Error::PopulateAndLog( |
| 739 | error, Error::kInvalidArguments, |
Paul Stewart | c350e68 | 2014-06-19 15:44:30 -0700 | [diff] [blame] | 740 | "Can't specify more than one of CACert and CACertPEM."); |
Darin Petkov | ca8a0e6 | 2012-09-26 13:16:52 +0200 | [diff] [blame] | 741 | return false; |
| 742 | } |
Paul Stewart | 5baebb7 | 2013-03-14 11:43:29 -0700 | [diff] [blame] | 743 | string cert_file; |
Paul Stewart | c350e68 | 2014-06-19 15:44:30 -0700 | [diff] [blame] | 744 | if (!ca_cert_pem.empty()) { |
| 745 | DCHECK(ca_cert.empty()); |
Paul Stewart | 0f9c930 | 2013-06-14 15:41:28 -0700 | [diff] [blame] | 746 | FilePath certfile = certificate_file_->CreatePEMFromStrings(ca_cert_pem); |
Paul Stewart | 5baebb7 | 2013-03-14 11:43:29 -0700 | [diff] [blame] | 747 | if (certfile.empty()) { |
| 748 | Error::PopulateAndLog( |
| 749 | error, |
| 750 | Error::kInvalidArguments, |
Paul Stewart | 0f9c930 | 2013-06-14 15:41:28 -0700 | [diff] [blame] | 751 | "Unable to extract PEM CA certificates."); |
Paul Stewart | 5baebb7 | 2013-03-14 11:43:29 -0700 | [diff] [blame] | 752 | return false; |
| 753 | } |
Paul Stewart | b26347a | 2013-08-02 12:12:09 -0700 | [diff] [blame] | 754 | AppendOption("ca", certfile.value(), options); |
Paul Stewart | 5baebb7 | 2013-03-14 11:43:29 -0700 | [diff] [blame] | 755 | return true; |
Darin Petkov | e0d5dd1 | 2012-04-04 16:10:48 +0200 | [diff] [blame] | 756 | } |
Paul Stewart | c350e68 | 2014-06-19 15:44:30 -0700 | [diff] [blame] | 757 | DCHECK(!ca_cert.empty() && ca_cert_pem.empty()); |
Paul Stewart | b26347a | 2013-08-02 12:12:09 -0700 | [diff] [blame] | 758 | AppendOption("ca", ca_cert, options); |
Darin Petkov | e0d5dd1 | 2012-04-04 16:10:48 +0200 | [diff] [blame] | 759 | return true; |
| 760 | } |
| 761 | |
Paul Stewart | 8343c0b | 2013-09-30 11:58:54 -0700 | [diff] [blame] | 762 | void OpenVPNDriver::InitCertificateVerifyOptions( |
| 763 | std::vector<std::vector<std::string>> *options) { |
| 764 | AppendValueOption(kOpenVPNVerifyHashProperty, "verify-hash", options); |
| 765 | string x509_name = args()->LookupString(kOpenVPNVerifyX509NameProperty, ""); |
| 766 | if (!x509_name.empty()) { |
| 767 | string x509_type = args()->LookupString(kOpenVPNVerifyX509TypeProperty, ""); |
| 768 | if (x509_type.empty()) { |
| 769 | AppendOption("verify-x509-name", x509_name, options); |
| 770 | } else { |
| 771 | AppendOption("verify-x509-name", x509_name, x509_type, options); |
| 772 | } |
| 773 | } |
| 774 | } |
| 775 | |
| 776 | bool OpenVPNDriver::InitExtraCertOptions( |
| 777 | vector<vector<string>> *options, Error *error) { |
| 778 | if (!args()->ContainsStrings(kOpenVPNExtraCertPemProperty)) { |
| 779 | // It's okay for this parameter to be unspecified. |
| 780 | return true; |
| 781 | } |
| 782 | |
| 783 | vector<string> extra_certs = args()->GetStrings(kOpenVPNExtraCertPemProperty); |
| 784 | if (extra_certs.empty()) { |
| 785 | // It's okay for this parameter to be empty. |
| 786 | return true; |
| 787 | } |
| 788 | |
| 789 | FilePath certfile = |
| 790 | extra_certificates_file_->CreatePEMFromStrings(extra_certs); |
| 791 | if (certfile.empty()) { |
| 792 | Error::PopulateAndLog( |
| 793 | error, |
| 794 | Error::kInvalidArguments, |
| 795 | "Unable to extract extra PEM CA certificates."); |
| 796 | return false; |
| 797 | } |
| 798 | |
| 799 | AppendOption("extra-certs", certfile.value(), options); |
| 800 | return true; |
| 801 | } |
| 802 | |
Paul Stewart | 406c473 | 2013-08-01 09:30:12 -0700 | [diff] [blame] | 803 | void OpenVPNDriver::InitPKCS11Options(vector<vector<string>> *options) { |
Ben Chan | 7372878 | 2013-09-20 13:40:54 -0700 | [diff] [blame] | 804 | string id = args()->LookupString(kOpenVPNClientCertIdProperty, ""); |
Darin Petkov | e0d5dd1 | 2012-04-04 16:10:48 +0200 | [diff] [blame] | 805 | if (!id.empty()) { |
| 806 | string provider = |
Ben Chan | 7372878 | 2013-09-20 13:40:54 -0700 | [diff] [blame] | 807 | args()->LookupString(kOpenVPNProviderProperty, ""); |
Darin Petkov | e0d5dd1 | 2012-04-04 16:10:48 +0200 | [diff] [blame] | 808 | if (provider.empty()) { |
| 809 | provider = kDefaultPKCS11Provider; |
| 810 | } |
Paul Stewart | b26347a | 2013-08-02 12:12:09 -0700 | [diff] [blame] | 811 | AppendOption("pkcs11-providers", provider, options); |
| 812 | AppendOption("pkcs11-id", id, options); |
Darin Petkov | e0d5dd1 | 2012-04-04 16:10:48 +0200 | [diff] [blame] | 813 | } |
| 814 | } |
| 815 | |
Paul Stewart | 406c473 | 2013-08-01 09:30:12 -0700 | [diff] [blame] | 816 | void OpenVPNDriver::InitClientAuthOptions(vector<vector<string>> *options) { |
Paul Stewart | b26347a | 2013-08-02 12:12:09 -0700 | [diff] [blame] | 817 | bool has_cert = AppendValueOption(kOpenVPNCertProperty, "cert", options) || |
Ben Chan | 7372878 | 2013-09-20 13:40:54 -0700 | [diff] [blame] | 818 | !args()->LookupString(kOpenVPNClientCertIdProperty, "").empty(); |
Paul Stewart | b26347a | 2013-08-02 12:12:09 -0700 | [diff] [blame] | 819 | bool has_key = AppendValueOption(kOpenVPNKeyProperty, "key", options); |
Darin Petkov | 4e1b3f8 | 2012-09-27 13:22:37 +0200 | [diff] [blame] | 820 | // If the AuthUserPass property is set, or the User property is non-empty, or |
| 821 | // there's neither a key, nor a cert available, specify user-password client |
| 822 | // authentication. |
Ben Chan | 7372878 | 2013-09-20 13:40:54 -0700 | [diff] [blame] | 823 | if (args()->ContainsString(kOpenVPNAuthUserPassProperty) || |
| 824 | !args()->LookupString(kOpenVPNUserProperty, "").empty() || |
Darin Petkov | 4e1b3f8 | 2012-09-27 13:22:37 +0200 | [diff] [blame] | 825 | (!has_cert && !has_key)) { |
Paul Stewart | b26347a | 2013-08-02 12:12:09 -0700 | [diff] [blame] | 826 | AppendOption("auth-user-pass", options); |
Darin Petkov | 4e1b3f8 | 2012-09-27 13:22:37 +0200 | [diff] [blame] | 827 | } |
| 828 | } |
| 829 | |
Darin Petkov | e0d5dd1 | 2012-04-04 16:10:48 +0200 | [diff] [blame] | 830 | bool OpenVPNDriver::InitManagementChannelOptions( |
Paul Stewart | 406c473 | 2013-08-01 09:30:12 -0700 | [diff] [blame] | 831 | vector<vector<string>> *options, Error *error) { |
Darin Petkov | 602303f | 2012-06-06 12:15:59 +0200 | [diff] [blame] | 832 | if (!management_server_->Start(dispatcher(), &sockets_, options)) { |
Darin Petkov | e0d5dd1 | 2012-04-04 16:10:48 +0200 | [diff] [blame] | 833 | Error::PopulateAndLog( |
| 834 | error, Error::kInternalError, "Unable to setup management channel."); |
| 835 | return false; |
| 836 | } |
Darin Petkov | a5e07ef | 2012-07-09 14:27:57 +0200 | [diff] [blame] | 837 | // If there's a connected default service already, allow the openvpn client to |
| 838 | // establish connection as soon as it's started. Otherwise, hold the client |
| 839 | // until an underlying service connects and OnDefaultServiceChanged is |
| 840 | // invoked. |
Peter Qiu | 700de64 | 2014-07-14 16:31:30 -0700 | [diff] [blame] | 841 | if (manager()->IsConnected()) { |
Darin Petkov | a5e07ef | 2012-07-09 14:27:57 +0200 | [diff] [blame] | 842 | management_server_->ReleaseHold(); |
| 843 | } |
Darin Petkov | e0d5dd1 | 2012-04-04 16:10:48 +0200 | [diff] [blame] | 844 | return true; |
| 845 | } |
| 846 | |
Paul Stewart | 406c473 | 2013-08-01 09:30:12 -0700 | [diff] [blame] | 847 | void OpenVPNDriver::InitLoggingOptions(vector<vector<string>> *options) { |
Paul Stewart | b26347a | 2013-08-02 12:12:09 -0700 | [diff] [blame] | 848 | AppendOption("syslog", options); |
Darin Petkov | 55771b7 | 2012-04-25 09:25:19 +0200 | [diff] [blame] | 849 | |
| 850 | string verb = args()->LookupString(kOpenVPNVerbProperty, ""); |
| 851 | if (verb.empty() && SLOG_IS_ON(VPN, 0)) { |
| 852 | verb = "3"; |
| 853 | } |
| 854 | if (!verb.empty()) { |
Paul Stewart | b26347a | 2013-08-02 12:12:09 -0700 | [diff] [blame] | 855 | AppendOption("verb", verb, options); |
Darin Petkov | 55771b7 | 2012-04-25 09:25:19 +0200 | [diff] [blame] | 856 | } |
| 857 | } |
| 858 | |
Paul Stewart | 406c473 | 2013-08-01 09:30:12 -0700 | [diff] [blame] | 859 | void OpenVPNDriver::AppendOption( |
| 860 | const string &option, vector<vector<string>> *options) { |
| 861 | options->push_back(vector<string>{ option }); |
| 862 | } |
| 863 | |
| 864 | void OpenVPNDriver::AppendOption( |
| 865 | const string &option, |
| 866 | const string &value, |
| 867 | vector<vector<string>> *options) { |
| 868 | options->push_back(vector<string>{ option, value }); |
| 869 | } |
| 870 | |
| 871 | void OpenVPNDriver::AppendOption( |
| 872 | const string &option, |
| 873 | const string &value0, |
| 874 | const string &value1, |
| 875 | vector<vector<string>> *options) { |
| 876 | options->push_back(vector<string>{ option, value0, value1 }); |
| 877 | } |
| 878 | |
Darin Petkov | 4646302 | 2012-03-29 14:57:32 +0200 | [diff] [blame] | 879 | bool OpenVPNDriver::AppendValueOption( |
Paul Stewart | 406c473 | 2013-08-01 09:30:12 -0700 | [diff] [blame] | 880 | const string &property, |
| 881 | const string &option, |
| 882 | vector<vector<string>> *options) { |
Darin Petkov | b451d6e | 2012-04-23 11:56:41 +0200 | [diff] [blame] | 883 | string value = args()->LookupString(property, ""); |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 884 | if (!value.empty()) { |
Paul Stewart | 406c473 | 2013-08-01 09:30:12 -0700 | [diff] [blame] | 885 | AppendOption(option, value, options); |
Darin Petkov | 4646302 | 2012-03-29 14:57:32 +0200 | [diff] [blame] | 886 | return true; |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 887 | } |
Darin Petkov | 4646302 | 2012-03-29 14:57:32 +0200 | [diff] [blame] | 888 | return false; |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 889 | } |
| 890 | |
Paul Stewart | 18145e9 | 2014-01-16 11:30:38 -0800 | [diff] [blame] | 891 | bool OpenVPNDriver::AppendDelimitedValueOption( |
| 892 | const string &property, |
| 893 | const string &option, |
| 894 | char delimiter, |
| 895 | vector<vector<string>> *options) { |
| 896 | string value = args()->LookupString(property, ""); |
| 897 | if (!value.empty()) { |
| 898 | vector<string> parts; |
| 899 | SplitString(value, delimiter, &parts); |
| 900 | parts.insert(parts.begin(), option); |
| 901 | options->push_back(parts); |
| 902 | return true; |
| 903 | } |
| 904 | return false; |
| 905 | } |
| 906 | |
Darin Petkov | 4646302 | 2012-03-29 14:57:32 +0200 | [diff] [blame] | 907 | bool OpenVPNDriver::AppendFlag( |
Paul Stewart | 406c473 | 2013-08-01 09:30:12 -0700 | [diff] [blame] | 908 | const string &property, |
| 909 | const string &option, |
| 910 | vector<vector<string>> *options) { |
Darin Petkov | b451d6e | 2012-04-23 11:56:41 +0200 | [diff] [blame] | 911 | if (args()->ContainsString(property)) { |
Paul Stewart | 406c473 | 2013-08-01 09:30:12 -0700 | [diff] [blame] | 912 | AppendOption(option, options); |
Darin Petkov | 4646302 | 2012-03-29 14:57:32 +0200 | [diff] [blame] | 913 | return true; |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 914 | } |
Darin Petkov | 4646302 | 2012-03-29 14:57:32 +0200 | [diff] [blame] | 915 | return false; |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 916 | } |
| 917 | |
Darin Petkov | 6aa2187 | 2012-03-09 16:10:19 +0100 | [diff] [blame] | 918 | void OpenVPNDriver::Disconnect() { |
Ben Chan | fad4a0b | 2012-04-18 15:49:59 -0700 | [diff] [blame] | 919 | SLOG(VPN, 2) << __func__; |
Darin Petkov | aba8932 | 2013-03-11 14:48:22 +0100 | [diff] [blame] | 920 | IdleService(); |
Darin Petkov | 6aa2187 | 2012-03-09 16:10:19 +0100 | [diff] [blame] | 921 | } |
| 922 | |
Darin Petkov | 5eb0542 | 2012-05-11 15:45:25 +0200 | [diff] [blame] | 923 | void OpenVPNDriver::OnConnectionDisconnected() { |
Darin Petkov | a42afe3 | 2013-02-05 16:53:52 +0100 | [diff] [blame] | 924 | LOG(INFO) << "Underlying connection disconnected."; |
| 925 | // Restart the OpenVPN client forcing a reconnect attempt. |
| 926 | management_server_->Restart(); |
| 927 | // Indicate reconnect state right away to drop the VPN connection and start |
| 928 | // the connect timeout. This ensures that any miscommunication between shill |
| 929 | // and openvpn will not lead to a permanently stale connectivity state. Note |
| 930 | // that a subsequent invocation of OnReconnecting due to a RECONNECTING |
| 931 | // message will essentially be a no-op. |
Darin Petkov | 0cd0d1e | 2013-02-11 12:49:10 +0100 | [diff] [blame] | 932 | OnReconnecting(kReconnectReasonOffline); |
Darin Petkov | a42afe3 | 2013-02-05 16:53:52 +0100 | [diff] [blame] | 933 | } |
| 934 | |
| 935 | void OpenVPNDriver::OnConnectTimeout() { |
| 936 | VPNDriver::OnConnectTimeout(); |
Darin Petkov | 1c049c7 | 2013-03-21 13:15:45 +0100 | [diff] [blame] | 937 | Service::ConnectFailure failure = |
| 938 | management_server_->state() == OpenVPNManagementServer::kStateResolve ? |
| 939 | Service::kFailureDNSLookup : Service::kFailureConnect; |
| 940 | FailService(failure, Service::kErrorDetailsNone); |
Darin Petkov | 5eb0542 | 2012-05-11 15:45:25 +0200 | [diff] [blame] | 941 | } |
| 942 | |
Darin Petkov | 0cd0d1e | 2013-02-11 12:49:10 +0100 | [diff] [blame] | 943 | void OpenVPNDriver::OnReconnecting(ReconnectReason reason) { |
| 944 | LOG(INFO) << __func__ << "(" << reason << ")"; |
| 945 | int timeout_seconds = GetReconnectTimeoutSeconds(reason); |
| 946 | if (reason == kReconnectReasonTLSError && |
| 947 | timeout_seconds < connect_timeout_seconds()) { |
| 948 | // Reconnect due to TLS error happens during connect so we need to cancel |
| 949 | // the original connect timeout first and then reduce the time limit. |
| 950 | StopConnectTimeout(); |
| 951 | } |
| 952 | StartConnectTimeout(timeout_seconds); |
Darin Petkov | a5e07ef | 2012-07-09 14:27:57 +0200 | [diff] [blame] | 953 | // On restart/reconnect, drop the VPN connection, if any. The openvpn client |
| 954 | // might be in hold state if the VPN connection was previously established |
| 955 | // successfully. The hold will be released by OnDefaultServiceChanged when a |
| 956 | // new default service connects. This ensures that the client will use a fully |
| 957 | // functional underlying connection to reconnect. |
Darin Petkov | 271fe52 | 2012-03-27 13:47:29 +0200 | [diff] [blame] | 958 | if (device_) { |
mukesh agrawal | 9da0777 | 2013-05-15 14:15:17 -0700 | [diff] [blame] | 959 | device_->DropConnection(); |
Darin Petkov | 271fe52 | 2012-03-27 13:47:29 +0200 | [diff] [blame] | 960 | } |
| 961 | if (service_) { |
| 962 | service_->SetState(Service::kStateAssociating); |
| 963 | } |
| 964 | } |
| 965 | |
Darin Petkov | 0cd0d1e | 2013-02-11 12:49:10 +0100 | [diff] [blame] | 966 | // static |
| 967 | int OpenVPNDriver::GetReconnectTimeoutSeconds(ReconnectReason reason) { |
| 968 | switch (reason) { |
| 969 | case kReconnectReasonOffline: |
| 970 | return kReconnectOfflineTimeoutSeconds; |
| 971 | case kReconnectReasonTLSError: |
| 972 | return kReconnectTLSErrorTimeoutSeconds; |
| 973 | default: |
| 974 | break; |
| 975 | } |
| 976 | return kDefaultConnectTimeoutSeconds; |
| 977 | } |
| 978 | |
Paul Stewart | 39964fa | 2012-04-04 09:50:25 -0700 | [diff] [blame] | 979 | string OpenVPNDriver::GetProviderType() const { |
Ben Chan | 7372878 | 2013-09-20 13:40:54 -0700 | [diff] [blame] | 980 | return kProviderOpenVpn; |
Paul Stewart | 39964fa | 2012-04-04 09:50:25 -0700 | [diff] [blame] | 981 | } |
| 982 | |
Darin Petkov | b536a74 | 2012-04-26 11:31:28 +0200 | [diff] [blame] | 983 | KeyValueStore OpenVPNDriver::GetProvider(Error *error) { |
| 984 | SLOG(VPN, 2) << __func__; |
| 985 | KeyValueStore props = VPNDriver::GetProvider(error); |
Ben Chan | 7372878 | 2013-09-20 13:40:54 -0700 | [diff] [blame] | 986 | props.SetBool(kPassphraseRequiredProperty, |
Paul Stewart | b576823 | 2014-02-27 07:21:34 -0800 | [diff] [blame] | 987 | args()->LookupString(kOpenVPNPasswordProperty, "").empty() && |
| 988 | args()->LookupString(kOpenVPNTokenProperty, "").empty()); |
Darin Petkov | b536a74 | 2012-04-26 11:31:28 +0200 | [diff] [blame] | 989 | return props; |
| 990 | } |
| 991 | |
Darin Petkov | 1a462de | 2012-05-02 11:10:48 +0200 | [diff] [blame] | 992 | // TODO(petkov): Consider refactoring lsb-release parsing out into a shared |
| 993 | // singleton if it's used outside OpenVPN. |
| 994 | bool OpenVPNDriver::ParseLSBRelease(map<string, string> *lsb_release) { |
| 995 | SLOG(VPN, 2) << __func__ << "(" << lsb_release_file_.value() << ")"; |
| 996 | string contents; |
Ben Chan | a0ddf46 | 2014-02-06 11:32:42 -0800 | [diff] [blame] | 997 | if (!base::ReadFileToString(lsb_release_file_, &contents)) { |
Darin Petkov | 1a462de | 2012-05-02 11:10:48 +0200 | [diff] [blame] | 998 | LOG(ERROR) << "Unable to read the lsb-release file: " |
| 999 | << lsb_release_file_.value(); |
| 1000 | return false; |
| 1001 | } |
| 1002 | vector<string> lines; |
| 1003 | SplitString(contents, '\n', &lines); |
Paul Stewart | 406c473 | 2013-08-01 09:30:12 -0700 | [diff] [blame] | 1004 | for (const auto &line : lines) { |
| 1005 | size_t assign = line.find('='); |
Darin Petkov | 1a462de | 2012-05-02 11:10:48 +0200 | [diff] [blame] | 1006 | if (assign == string::npos) { |
| 1007 | continue; |
| 1008 | } |
Paul Stewart | 406c473 | 2013-08-01 09:30:12 -0700 | [diff] [blame] | 1009 | (*lsb_release)[line.substr(0, assign)] = line.substr(assign + 1); |
Darin Petkov | 1a462de | 2012-05-02 11:10:48 +0200 | [diff] [blame] | 1010 | } |
| 1011 | return true; |
| 1012 | } |
| 1013 | |
| 1014 | void OpenVPNDriver::InitEnvironment(vector<string> *environment) { |
| 1015 | // Adds the platform name and version to the environment so that openvpn can |
| 1016 | // send them to the server when OpenVPN.PushPeerInfo is set. |
| 1017 | map<string, string> lsb_release; |
| 1018 | ParseLSBRelease(&lsb_release); |
| 1019 | string platform_name = lsb_release[kChromeOSReleaseName]; |
| 1020 | if (!platform_name.empty()) { |
| 1021 | environment->push_back("IV_PLAT=" + platform_name); |
| 1022 | } |
| 1023 | string platform_version = lsb_release[kChromeOSReleaseVersion]; |
| 1024 | if (!platform_version.empty()) { |
| 1025 | environment->push_back("IV_PLAT_REL=" + platform_version); |
| 1026 | } |
| 1027 | } |
| 1028 | |
Darin Petkov | a5e07ef | 2012-07-09 14:27:57 +0200 | [diff] [blame] | 1029 | void OpenVPNDriver::OnDefaultServiceChanged(const ServiceRefPtr &service) { |
| 1030 | SLOG(VPN, 2) << __func__ |
Darin Petkov | 457728b | 2013-01-09 09:49:08 +0100 | [diff] [blame] | 1031 | << "(" << (service ? service->unique_name() : "-") << ")"; |
Darin Petkov | a5e07ef | 2012-07-09 14:27:57 +0200 | [diff] [blame] | 1032 | // Allow the openvpn client to connect/reconnect only over a connected |
| 1033 | // underlying default service. If there's no default connected service, hold |
| 1034 | // the openvpn client until an underlying connection is established. If the |
| 1035 | // default service is our VPN service, hold the openvpn client on reconnect so |
| 1036 | // that the VPN connection can be torn down fully before a new connection |
| 1037 | // attempt is made over the underlying service. |
| 1038 | if (service && service != service_ && service->IsConnected()) { |
| 1039 | management_server_->ReleaseHold(); |
| 1040 | } else { |
| 1041 | management_server_->Hold(); |
| 1042 | } |
| 1043 | } |
| 1044 | |
Paul Stewart | 91a43cb | 2013-03-02 21:34:15 -0800 | [diff] [blame] | 1045 | void OpenVPNDriver::ReportConnectionMetrics() { |
| 1046 | metrics_->SendEnumToUMA( |
| 1047 | Metrics::kMetricVpnDriver, |
| 1048 | Metrics::kVpnDriverOpenVpn, |
| 1049 | Metrics::kMetricVpnDriverMax); |
| 1050 | |
Paul Stewart | c350e68 | 2014-06-19 15:44:30 -0700 | [diff] [blame] | 1051 | if (args()->LookupString(kOpenVPNCaCertProperty, "") != "" || |
Paul Stewart | b576823 | 2014-02-27 07:21:34 -0800 | [diff] [blame] | 1052 | (args()->ContainsStrings(kOpenVPNCaCertPemProperty) && |
| 1053 | !args()->GetStrings(kOpenVPNCaCertPemProperty).empty())) { |
Paul Stewart | 91a43cb | 2013-03-02 21:34:15 -0800 | [diff] [blame] | 1054 | metrics_->SendEnumToUMA( |
| 1055 | Metrics::kMetricVpnRemoteAuthenticationType, |
| 1056 | Metrics::kVpnRemoteAuthenticationTypeOpenVpnCertificate, |
| 1057 | Metrics::kMetricVpnRemoteAuthenticationTypeMax); |
| 1058 | } else { |
| 1059 | metrics_->SendEnumToUMA( |
| 1060 | Metrics::kMetricVpnRemoteAuthenticationType, |
| 1061 | Metrics::kVpnRemoteAuthenticationTypeOpenVpnDefault, |
| 1062 | Metrics::kMetricVpnRemoteAuthenticationTypeMax); |
| 1063 | } |
| 1064 | |
| 1065 | bool has_user_authentication = false; |
Paul Stewart | b576823 | 2014-02-27 07:21:34 -0800 | [diff] [blame] | 1066 | if (args()->LookupString(kOpenVPNTokenProperty, "") != "") { |
| 1067 | metrics_->SendEnumToUMA( |
| 1068 | Metrics::kMetricVpnUserAuthenticationType, |
| 1069 | Metrics::kVpnUserAuthenticationTypeOpenVpnUsernameToken, |
| 1070 | Metrics::kMetricVpnUserAuthenticationTypeMax); |
| 1071 | has_user_authentication = true; |
| 1072 | } |
Ben Chan | 7372878 | 2013-09-20 13:40:54 -0700 | [diff] [blame] | 1073 | if (args()->LookupString(kOpenVPNOTPProperty, "") != "") { |
Paul Stewart | 91a43cb | 2013-03-02 21:34:15 -0800 | [diff] [blame] | 1074 | metrics_->SendEnumToUMA( |
| 1075 | Metrics::kMetricVpnUserAuthenticationType, |
| 1076 | Metrics::kVpnUserAuthenticationTypeOpenVpnUsernamePasswordOtp, |
| 1077 | Metrics::kMetricVpnUserAuthenticationTypeMax); |
| 1078 | has_user_authentication = true; |
| 1079 | } |
Ben Chan | 7372878 | 2013-09-20 13:40:54 -0700 | [diff] [blame] | 1080 | if (args()->LookupString(kOpenVPNAuthUserPassProperty, "") != "" || |
| 1081 | args()->LookupString(kOpenVPNUserProperty, "") != "") { |
Paul Stewart | 91a43cb | 2013-03-02 21:34:15 -0800 | [diff] [blame] | 1082 | metrics_->SendEnumToUMA( |
| 1083 | Metrics::kMetricVpnUserAuthenticationType, |
| 1084 | Metrics::kVpnUserAuthenticationTypeOpenVpnUsernamePassword, |
| 1085 | Metrics::kMetricVpnUserAuthenticationTypeMax); |
| 1086 | has_user_authentication = true; |
| 1087 | } |
Ben Chan | 7372878 | 2013-09-20 13:40:54 -0700 | [diff] [blame] | 1088 | if (args()->LookupString(kOpenVPNClientCertIdProperty, "") != "" || |
Paul Stewart | e8e71da | 2013-03-20 08:48:33 -0700 | [diff] [blame] | 1089 | args()->LookupString(kOpenVPNCertProperty, "") != "") { |
Paul Stewart | 91a43cb | 2013-03-02 21:34:15 -0800 | [diff] [blame] | 1090 | metrics_->SendEnumToUMA( |
| 1091 | Metrics::kMetricVpnUserAuthenticationType, |
| 1092 | Metrics::kVpnUserAuthenticationTypeOpenVpnCertificate, |
| 1093 | Metrics::kMetricVpnUserAuthenticationTypeMax); |
| 1094 | has_user_authentication = true; |
| 1095 | } |
| 1096 | if (!has_user_authentication) { |
| 1097 | metrics_->SendEnumToUMA( |
| 1098 | Metrics::kMetricVpnUserAuthenticationType, |
| 1099 | Metrics::kVpnUserAuthenticationTypeOpenVpnNone, |
| 1100 | Metrics::kMetricVpnUserAuthenticationTypeMax); |
| 1101 | } |
| 1102 | } |
| 1103 | |
Darin Petkov | 33af05c | 2012-02-28 10:10:30 +0100 | [diff] [blame] | 1104 | } // namespace shill |