Darin Petkov | 33af05c | 2012-02-28 10:10:30 +0100 | [diff] [blame] | 1 | // Copyright (c) 2012 The Chromium OS Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
| 5 | #ifndef SHILL_OPENVPN_DRIVER_ |
| 6 | #define SHILL_OPENVPN_DRIVER_ |
| 7 | |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 8 | #include <map> |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 9 | #include <string> |
| 10 | #include <vector> |
| 11 | |
Darin Petkov | 1fa8194 | 2012-04-02 11:38:08 +0200 | [diff] [blame] | 12 | #include <base/file_path.h> |
Darin Petkov | a9b1fed | 2012-02-29 11:49:05 +0100 | [diff] [blame] | 13 | #include <base/memory/scoped_ptr.h> |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 14 | #include <gtest/gtest_prod.h> // for FRIEND_TEST |
| 15 | |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 16 | #include "shill/glib.h" |
Paul Stewart | e93b038 | 2012-04-24 13:11:28 -0700 | [diff] [blame] | 17 | #include "shill/ipconfig.h" |
Darin Petkov | f20994f | 2012-03-05 16:12:19 +0100 | [diff] [blame] | 18 | #include "shill/refptr_types.h" |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 19 | #include "shill/rpc_task.h" |
Darin Petkov | 3f9131c | 2012-03-20 11:37:32 +0100 | [diff] [blame] | 20 | #include "shill/service.h" |
Darin Petkov | 4646302 | 2012-03-29 14:57:32 +0200 | [diff] [blame] | 21 | #include "shill/sockets.h" |
Darin Petkov | 33af05c | 2012-02-28 10:10:30 +0100 | [diff] [blame] | 22 | #include "shill/vpn_driver.h" |
| 23 | |
Darin Petkov | 5a85047 | 2012-06-06 15:44:24 +0200 | [diff] [blame] | 24 | namespace base { |
| 25 | |
| 26 | template<typename T> |
| 27 | class WeakPtr; |
| 28 | |
| 29 | } // namespace base; |
| 30 | |
Darin Petkov | 33af05c | 2012-02-28 10:10:30 +0100 | [diff] [blame] | 31 | namespace shill { |
| 32 | |
Darin Petkov | a9b1fed | 2012-02-29 11:49:05 +0100 | [diff] [blame] | 33 | class ControlInterface; |
Paul Stewart | ca6abd4 | 2012-03-01 15:45:29 -0800 | [diff] [blame] | 34 | class DeviceInfo; |
Darin Petkov | 33af05c | 2012-02-28 10:10:30 +0100 | [diff] [blame] | 35 | class Error; |
Darin Petkov | f20994f | 2012-03-05 16:12:19 +0100 | [diff] [blame] | 36 | class Metrics; |
Darin Petkov | 3c5e4dc | 2012-04-02 14:44:27 +0200 | [diff] [blame] | 37 | class NSS; |
Darin Petkov | 4646302 | 2012-03-29 14:57:32 +0200 | [diff] [blame] | 38 | class OpenVPNManagementServer; |
Darin Petkov | 5a85047 | 2012-06-06 15:44:24 +0200 | [diff] [blame] | 39 | class ProcessKiller; |
Darin Petkov | 33af05c | 2012-02-28 10:10:30 +0100 | [diff] [blame] | 40 | |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 41 | class OpenVPNDriver : public VPNDriver, |
| 42 | public RPCTaskDelegate { |
Darin Petkov | 33af05c | 2012-02-28 10:10:30 +0100 | [diff] [blame] | 43 | public: |
Paul Stewart | ca6abd4 | 2012-03-01 15:45:29 -0800 | [diff] [blame] | 44 | OpenVPNDriver(ControlInterface *control, |
Darin Petkov | f20994f | 2012-03-05 16:12:19 +0100 | [diff] [blame] | 45 | EventDispatcher *dispatcher, |
| 46 | Metrics *metrics, |
| 47 | Manager *manager, |
Paul Stewart | ca6abd4 | 2012-03-01 15:45:29 -0800 | [diff] [blame] | 48 | DeviceInfo *device_info, |
Paul Stewart | 451aa7f | 2012-04-11 19:07:58 -0700 | [diff] [blame] | 49 | GLib *glib); |
Darin Petkov | 33af05c | 2012-02-28 10:10:30 +0100 | [diff] [blame] | 50 | virtual ~OpenVPNDriver(); |
| 51 | |
Darin Petkov | f20994f | 2012-03-05 16:12:19 +0100 | [diff] [blame] | 52 | // Inherited from VPNDriver. |Connect| initiates the VPN connection by |
| 53 | // creating a tunnel device. When the device index becomes available, this |
| 54 | // instance is notified through |ClaimInterface| and resumes the connection |
| 55 | // process by setting up and spawning an external 'openvpn' process. IP |
| 56 | // configuration settings are passed back from the external process through |
| 57 | // the |Notify| RPC service method. |
Darin Petkov | 79d74c9 | 2012-03-07 17:20:32 +0100 | [diff] [blame] | 58 | virtual void Connect(const VPNServiceRefPtr &service, Error *error); |
Paul Stewart | ca6abd4 | 2012-03-01 15:45:29 -0800 | [diff] [blame] | 59 | virtual bool ClaimInterface(const std::string &link_name, |
| 60 | int interface_index); |
Darin Petkov | 6aa2187 | 2012-03-09 16:10:19 +0100 | [diff] [blame] | 61 | virtual void Disconnect(); |
Darin Petkov | 5eb0542 | 2012-05-11 15:45:25 +0200 | [diff] [blame] | 62 | virtual void OnConnectionDisconnected(); |
Darin Petkov | 602303f | 2012-06-06 12:15:59 +0200 | [diff] [blame] | 63 | virtual std::string GetProviderType() const; |
Darin Petkov | 33af05c | 2012-02-28 10:10:30 +0100 | [diff] [blame] | 64 | |
Darin Petkov | 271fe52 | 2012-03-27 13:47:29 +0200 | [diff] [blame] | 65 | virtual void OnReconnecting(); |
| 66 | |
Darin Petkov | 0440b9b | 2012-04-17 16:11:56 +0200 | [diff] [blame] | 67 | virtual void Cleanup(Service::ConnectState state); |
| 68 | |
Darin Petkov | 4646302 | 2012-03-29 14:57:32 +0200 | [diff] [blame] | 69 | // Returns true if an opton was appended. |
| 70 | bool AppendValueOption(const std::string &property, |
| 71 | const std::string &option, |
| 72 | std::vector<std::string> *options); |
| 73 | |
| 74 | // Returns true if a flag was appended. |
| 75 | bool AppendFlag(const std::string &property, |
| 76 | const std::string &option, |
| 77 | std::vector<std::string> *options); |
| 78 | |
Darin Petkov | 33af05c | 2012-02-28 10:10:30 +0100 | [diff] [blame] | 79 | private: |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 80 | friend class OpenVPNDriverTest; |
Paul Stewart | ca6abd4 | 2012-03-01 15:45:29 -0800 | [diff] [blame] | 81 | FRIEND_TEST(OpenVPNDriverTest, ClaimInterface); |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 82 | FRIEND_TEST(OpenVPNDriverTest, Cleanup); |
Darin Petkov | f20994f | 2012-03-05 16:12:19 +0100 | [diff] [blame] | 83 | FRIEND_TEST(OpenVPNDriverTest, Connect); |
Darin Petkov | 79d74c9 | 2012-03-07 17:20:32 +0100 | [diff] [blame] | 84 | FRIEND_TEST(OpenVPNDriverTest, ConnectTunnelFailure); |
Darin Petkov | 5a85047 | 2012-06-06 15:44:24 +0200 | [diff] [blame] | 85 | FRIEND_TEST(OpenVPNDriverTest, DeleteInterface); |
Darin Petkov | 6aa2187 | 2012-03-09 16:10:19 +0100 | [diff] [blame] | 86 | FRIEND_TEST(OpenVPNDriverTest, Disconnect); |
Darin Petkov | 6059674 | 2012-03-05 12:17:17 +0100 | [diff] [blame] | 87 | FRIEND_TEST(OpenVPNDriverTest, GetRouteOptionEntry); |
Darin Petkov | ca8a0e6 | 2012-09-26 13:16:52 +0200 | [diff] [blame] | 88 | FRIEND_TEST(OpenVPNDriverTest, InitCAOptions); |
Darin Petkov | 4e1b3f8 | 2012-09-27 13:22:37 +0200 | [diff] [blame] | 89 | FRIEND_TEST(OpenVPNDriverTest, InitClientAuthOptions); |
Darin Petkov | 1a462de | 2012-05-02 11:10:48 +0200 | [diff] [blame] | 90 | FRIEND_TEST(OpenVPNDriverTest, InitEnvironment); |
Darin Petkov | 55771b7 | 2012-04-25 09:25:19 +0200 | [diff] [blame] | 91 | FRIEND_TEST(OpenVPNDriverTest, InitLoggingOptions); |
Darin Petkov | e0d5dd1 | 2012-04-04 16:10:48 +0200 | [diff] [blame] | 92 | FRIEND_TEST(OpenVPNDriverTest, InitManagementChannelOptions); |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 93 | FRIEND_TEST(OpenVPNDriverTest, InitOptions); |
Darin Petkov | 4b94484 | 2012-09-21 10:48:48 +0200 | [diff] [blame] | 94 | FRIEND_TEST(OpenVPNDriverTest, InitOptionsHostWithPort); |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 95 | FRIEND_TEST(OpenVPNDriverTest, InitOptionsNoHost); |
Darin Petkov | e0d5dd1 | 2012-04-04 16:10:48 +0200 | [diff] [blame] | 96 | FRIEND_TEST(OpenVPNDriverTest, InitPKCS11Options); |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 97 | FRIEND_TEST(OpenVPNDriverTest, Notify); |
Darin Petkov | 79d74c9 | 2012-03-07 17:20:32 +0100 | [diff] [blame] | 98 | FRIEND_TEST(OpenVPNDriverTest, NotifyFail); |
Darin Petkov | 5eb0542 | 2012-05-11 15:45:25 +0200 | [diff] [blame] | 99 | FRIEND_TEST(OpenVPNDriverTest, OnConnectionDisconnected); |
Darin Petkov | a5e07ef | 2012-07-09 14:27:57 +0200 | [diff] [blame] | 100 | FRIEND_TEST(OpenVPNDriverTest, OnDefaultServiceChanged); |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 101 | FRIEND_TEST(OpenVPNDriverTest, OnOpenVPNDied); |
Darin Petkov | 271fe52 | 2012-03-27 13:47:29 +0200 | [diff] [blame] | 102 | FRIEND_TEST(OpenVPNDriverTest, OnReconnecting); |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 103 | FRIEND_TEST(OpenVPNDriverTest, ParseForeignOption); |
| 104 | FRIEND_TEST(OpenVPNDriverTest, ParseForeignOptions); |
| 105 | FRIEND_TEST(OpenVPNDriverTest, ParseIPConfiguration); |
Darin Petkov | 1a462de | 2012-05-02 11:10:48 +0200 | [diff] [blame] | 106 | FRIEND_TEST(OpenVPNDriverTest, ParseLSBRelease); |
Darin Petkov | 6059674 | 2012-03-05 12:17:17 +0100 | [diff] [blame] | 107 | FRIEND_TEST(OpenVPNDriverTest, ParseRouteOption); |
| 108 | FRIEND_TEST(OpenVPNDriverTest, SetRoutes); |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 109 | FRIEND_TEST(OpenVPNDriverTest, SpawnOpenVPN); |
Darin Petkov | 4b94484 | 2012-09-21 10:48:48 +0200 | [diff] [blame] | 110 | FRIEND_TEST(OpenVPNDriverTest, SplitPortFromHost); |
Paul Stewart | 291a473 | 2012-03-14 19:19:02 -0700 | [diff] [blame] | 111 | FRIEND_TEST(OpenVPNDriverTest, VerifyPaths); |
| 112 | |
Darin Petkov | 4e1b3f8 | 2012-09-27 13:22:37 +0200 | [diff] [blame] | 113 | static const char kOpenVPNCertProperty[]; |
| 114 | static const char kOpenVPNKeyProperty[]; |
| 115 | |
Darin Petkov | c418b4b | 2012-10-05 11:42:52 +0200 | [diff] [blame] | 116 | static const char kDefaultCACertificates[]; |
Darin Petkov | ca8a0e6 | 2012-09-26 13:16:52 +0200 | [diff] [blame] | 117 | |
Paul Stewart | 291a473 | 2012-03-14 19:19:02 -0700 | [diff] [blame] | 118 | static const char kOpenVPNPath[]; |
| 119 | static const char kOpenVPNScript[]; |
Paul Stewart | ebd3856 | 2012-03-23 13:06:40 -0700 | [diff] [blame] | 120 | static const Property kProperties[]; |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 121 | |
Darin Petkov | 1a462de | 2012-05-02 11:10:48 +0200 | [diff] [blame] | 122 | static const char kLSBReleaseFile[]; |
| 123 | static const char kChromeOSReleaseName[]; |
| 124 | static const char kChromeOSReleaseVersion[]; |
| 125 | |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 126 | // The map is a sorted container that allows us to iterate through the options |
| 127 | // in order. |
| 128 | typedef std::map<int, std::string> ForeignOptions; |
Darin Petkov | 6059674 | 2012-03-05 12:17:17 +0100 | [diff] [blame] | 129 | typedef std::map<int, IPConfig::Route> RouteOptions; |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 130 | |
| 131 | static void ParseIPConfiguration( |
| 132 | const std::map<std::string, std::string> &configuration, |
| 133 | IPConfig::Properties *properties); |
| 134 | static void ParseForeignOptions(const ForeignOptions &options, |
| 135 | IPConfig::Properties *properties); |
| 136 | static void ParseForeignOption(const std::string &option, |
Darin Petkov | e8587e3 | 2012-07-02 13:56:07 +0200 | [diff] [blame] | 137 | std::vector<std::string> *domain_search, |
| 138 | std::vector<std::string> *dns_servers); |
Darin Petkov | 6059674 | 2012-03-05 12:17:17 +0100 | [diff] [blame] | 139 | static IPConfig::Route *GetRouteOptionEntry(const std::string &prefix, |
| 140 | const std::string &key, |
| 141 | RouteOptions *routes); |
| 142 | static void ParseRouteOption(const std::string &key, |
| 143 | const std::string &value, |
| 144 | RouteOptions *routes); |
| 145 | static void SetRoutes(const RouteOptions &routes, |
| 146 | IPConfig::Properties *properties); |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 147 | |
Darin Petkov | 4b94484 | 2012-09-21 10:48:48 +0200 | [diff] [blame] | 148 | // If |host| is in the "name:port" format, sets up |name| and |port| |
| 149 | // appropriately and returns true. Otherwise, returns false. |
| 150 | static bool SplitPortFromHost(const std::string &host, |
| 151 | std::string *name, |
| 152 | std::string *port); |
| 153 | |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 154 | void InitOptions(std::vector<std::string> *options, Error *error); |
Darin Petkov | ca8a0e6 | 2012-09-26 13:16:52 +0200 | [diff] [blame] | 155 | bool InitCAOptions(std::vector<std::string> *options, Error *error); |
Darin Petkov | 4e1b3f8 | 2012-09-27 13:22:37 +0200 | [diff] [blame] | 156 | void InitClientAuthOptions(std::vector<std::string> *options); |
Darin Petkov | e0d5dd1 | 2012-04-04 16:10:48 +0200 | [diff] [blame] | 157 | void InitPKCS11Options(std::vector<std::string> *options); |
| 158 | bool InitManagementChannelOptions( |
| 159 | std::vector<std::string> *options, Error *error); |
Darin Petkov | 55771b7 | 2012-04-25 09:25:19 +0200 | [diff] [blame] | 160 | void InitLoggingOptions(std::vector<std::string> *options); |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 161 | |
Darin Petkov | 1a462de | 2012-05-02 11:10:48 +0200 | [diff] [blame] | 162 | void InitEnvironment(std::vector<std::string> *environment); |
| 163 | bool ParseLSBRelease(std::map<std::string, std::string> *lsb_release); |
| 164 | |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 165 | bool SpawnOpenVPN(); |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 166 | |
| 167 | // Called when the openpvn process exits. |
| 168 | static void OnOpenVPNDied(GPid pid, gint status, gpointer data); |
| 169 | |
Darin Petkov | 5a85047 | 2012-06-06 15:44:24 +0200 | [diff] [blame] | 170 | // Standalone callback used to delete the tunnel interface when the openvpn |
| 171 | // process dies. |
Darin Petkov | 5dbd261 | 2012-06-07 16:22:16 +0200 | [diff] [blame] | 172 | static void DeleteInterface(const base::WeakPtr<DeviceInfo> &device_info, |
Darin Petkov | 5a85047 | 2012-06-06 15:44:24 +0200 | [diff] [blame] | 173 | int interface_index); |
| 174 | |
Darin Petkov | b536a74 | 2012-04-26 11:31:28 +0200 | [diff] [blame] | 175 | // Inherit from VPNDriver to add custom properties. |
| 176 | virtual KeyValueStore GetProvider(Error *error); |
| 177 | |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 178 | // Implements RPCTaskDelegate. |
Darin Petkov | 209e629 | 2012-04-20 11:33:32 +0200 | [diff] [blame] | 179 | virtual void GetLogin(std::string *user, std::string *password); |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 180 | virtual void Notify(const std::string &reason, |
| 181 | const std::map<std::string, std::string> &dict); |
| 182 | |
Darin Petkov | a5e07ef | 2012-07-09 14:27:57 +0200 | [diff] [blame] | 183 | void OnDefaultServiceChanged(const ServiceRefPtr &service); |
| 184 | |
Darin Petkov | a9b1fed | 2012-02-29 11:49:05 +0100 | [diff] [blame] | 185 | ControlInterface *control_; |
Darin Petkov | f20994f | 2012-03-05 16:12:19 +0100 | [diff] [blame] | 186 | Metrics *metrics_; |
Paul Stewart | ca6abd4 | 2012-03-01 15:45:29 -0800 | [diff] [blame] | 187 | DeviceInfo *device_info_; |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 188 | GLib *glib_; |
Darin Petkov | 4646302 | 2012-03-29 14:57:32 +0200 | [diff] [blame] | 189 | Sockets sockets_; |
| 190 | scoped_ptr<OpenVPNManagementServer> management_server_; |
Darin Petkov | 3c5e4dc | 2012-04-02 14:44:27 +0200 | [diff] [blame] | 191 | NSS *nss_; |
Darin Petkov | 5a85047 | 2012-06-06 15:44:24 +0200 | [diff] [blame] | 192 | ProcessKiller *process_killer_; |
Darin Petkov | 1a462de | 2012-05-02 11:10:48 +0200 | [diff] [blame] | 193 | FilePath lsb_release_file_; |
Darin Petkov | 79d74c9 | 2012-03-07 17:20:32 +0100 | [diff] [blame] | 194 | |
| 195 | VPNServiceRefPtr service_; |
Darin Petkov | a9b1fed | 2012-02-29 11:49:05 +0100 | [diff] [blame] | 196 | scoped_ptr<RPCTask> rpc_task_; |
Paul Stewart | ca6abd4 | 2012-03-01 15:45:29 -0800 | [diff] [blame] | 197 | std::string tunnel_interface_; |
Darin Petkov | f20994f | 2012-03-05 16:12:19 +0100 | [diff] [blame] | 198 | VPNRefPtr device_; |
Darin Petkov | 1fa8194 | 2012-04-02 11:38:08 +0200 | [diff] [blame] | 199 | FilePath tls_auth_file_; |
Darin Petkov | 3189a47 | 2012-10-05 09:55:33 +0200 | [diff] [blame] | 200 | IPConfig::Properties ip_properties_; |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 201 | |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 202 | // The PID of the spawned openvpn process. May be 0 if no process has been |
| 203 | // spawned yet or the process has died. |
| 204 | int pid_; |
| 205 | |
| 206 | // Child exit watch callback source tag. |
| 207 | unsigned int child_watch_tag_; |
| 208 | |
Darin Petkov | a5e07ef | 2012-07-09 14:27:57 +0200 | [diff] [blame] | 209 | // Default service watch callback tag. |
| 210 | int default_service_callback_tag_; |
| 211 | |
Darin Petkov | 33af05c | 2012-02-28 10:10:30 +0100 | [diff] [blame] | 212 | DISALLOW_COPY_AND_ASSIGN(OpenVPNDriver); |
| 213 | }; |
| 214 | |
| 215 | } // namespace shill |
| 216 | |
| 217 | #endif // SHILL_OPENVPN_DRIVER_ |