Blame - openvpn_driver.cc - platform/system/connectivity/shill

blob: 75149d395538ea4ef7e86fe1ff4c8536681963a6 [file] [log] [blame]

Darin Petkov	33af05c	2012-02-28 10:10:30 +0100	[diff] [blame]	1	// Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
				2	// Use of this source code is governed by a BSD-style license that can be
				3	// found in the LICENSE file.
				4
				5	#include "shill/openvpn_driver.h"
				6
Darin Petkov	14c29ec	2012-03-02 11:34:19 +0100	[diff] [blame]	7	#include <arpa/inet.h>
				8
Darin Petkov	1fa8194	2012-04-02 11:38:08 +0200	[diff] [blame]	9	#include <base/file_util.h>
Darin Petkov	14c29ec	2012-03-02 11:34:19 +0100	[diff] [blame]	10	#include <base/string_number_conversions.h>
Darin Petkov	78f6326	2012-03-26 01:30:24 +0200	[diff] [blame]	11	#include <base/string_split.h>
Darin Petkov	14c29ec	2012-03-02 11:34:19 +0100	[diff] [blame]	12	#include <base/string_util.h>
Darin Petkov	fe6a937	2012-02-28 16:25:06 +0100	[diff] [blame]	13	#include <chromeos/dbus/service_constants.h>
				14
Paul Stewart	ce4ec19	2012-03-14 12:53:46 -0700	[diff] [blame]	15	#include "shill/connection.h"
Paul Stewart	ca6abd4	2012-03-01 15:45:29 -0800	[diff] [blame]	16	#include "shill/device_info.h"
Darin Petkov	14c29ec	2012-03-02 11:34:19 +0100	[diff] [blame]	17	#include "shill/dhcp_config.h"
Darin Petkov	33af05c	2012-02-28 10:10:30 +0100	[diff] [blame]	18	#include "shill/error.h"
Christopher Wiley	b691efd	2012-08-09 13:51:51 -0700	[diff] [blame]	19	#include "shill/logging.h"
Paul Stewart	ce4ec19	2012-03-14 12:53:46 -0700	[diff] [blame]	20	#include "shill/manager.h"
Darin Petkov	3c5e4dc	2012-04-02 14:44:27 +0200	[diff] [blame]	21	#include "shill/nss.h"
Darin Petkov	4646302	2012-03-29 14:57:32 +0200	[diff] [blame]	22	#include "shill/openvpn_management_server.h"
Darin Petkov	5a85047	2012-06-06 15:44:24 +0200	[diff] [blame]	23	#include "shill/process_killer.h"
Darin Petkov	a9b1fed	2012-02-29 11:49:05 +0100	[diff] [blame]	24	#include "shill/rpc_task.h"
Darin Petkov	4646302	2012-03-29 14:57:32 +0200	[diff] [blame]	25	#include "shill/sockets.h"
Darin Petkov	f20994f	2012-03-05 16:12:19 +0100	[diff] [blame]	26	#include "shill/vpn.h"
Darin Petkov	79d74c9	2012-03-07 17:20:32 +0100	[diff] [blame]	27	#include "shill/vpn_service.h"
Darin Petkov	33af05c	2012-02-28 10:10:30 +0100	[diff] [blame]	28
Darin Petkov	5a85047	2012-06-06 15:44:24 +0200	[diff] [blame]	29	using base::Closure;
Darin Petkov	78f6326	2012-03-26 01:30:24 +0200	[diff] [blame]	30	using base::SplitString;
Darin Petkov	a5e07ef	2012-07-09 14:27:57 +0200	[diff] [blame]	31	using base::Unretained;
Darin Petkov	5a85047	2012-06-06 15:44:24 +0200	[diff] [blame]	32	using base::WeakPtr;
Darin Petkov	14c29ec	2012-03-02 11:34:19 +0100	[diff] [blame]	33	using std::map;
Darin Petkov	fe6a937	2012-02-28 16:25:06 +0100	[diff] [blame]	34	using std::string;
				35	using std::vector;
				36
Darin Petkov	33af05c	2012-02-28 10:10:30 +0100	[diff] [blame]	37	namespace shill {
				38
Darin Petkov	a9b1fed	2012-02-29 11:49:05 +0100	[diff] [blame]	39	namespace {
Darin Petkov	5a85047	2012-06-06 15:44:24 +0200	[diff] [blame]	40
Darin Petkov	14c29ec	2012-03-02 11:34:19 +0100	[diff] [blame]	41	const char kOpenVPNForeignOptionPrefix[] = "foreign_option_";
				42	const char kOpenVPNIfconfigBroadcast[] = "ifconfig_broadcast";
				43	const char kOpenVPNIfconfigLocal[] = "ifconfig_local";
				44	const char kOpenVPNIfconfigNetmask[] = "ifconfig_netmask";
				45	const char kOpenVPNIfconfigRemote[] = "ifconfig_remote";
				46	const char kOpenVPNRouteOptionPrefix[] = "route_";
				47	const char kOpenVPNRouteVPNGateway[] = "route_vpn_gateway";
				48	const char kOpenVPNTrustedIP[] = "trusted_ip";
				49	const char kOpenVPNTunMTU[] = "tun_mtu";
Darin Petkov	f3c71d7	2012-03-21 12:32:15 +0100	[diff] [blame]	50
Darin Petkov	e0d5dd1	2012-04-04 16:10:48 +0200	[diff] [blame]	51	const char kDefaultPKCS11Provider[] = "libchaps.so";
				52
Darin Petkov	f3c71d7	2012-03-21 12:32:15 +0100	[diff] [blame]	53	// TODO(petkov): Move to chromeos/dbus/service_constants.h.
				54	const char kOpenVPNCertProperty[] = "OpenVPN.Cert";
				55	const char kOpenVPNKeyProperty[] = "OpenVPN.Key";
				56	const char kOpenVPNPingProperty[] = "OpenVPN.Ping";
				57	const char kOpenVPNPingExitProperty[] = "OpenVPN.PingExit";
				58	const char kOpenVPNPingRestartProperty[] = "OpenVPN.PingRestart";
				59	const char kOpenVPNTLSAuthProperty[] = "OpenVPN.TLSAuth";
				60	const char kOpenVPNVerbProperty[] = "OpenVPN.Verb";
				61	const char kVPNMTUProperty[] = "VPN.MTU";
Darin Petkov	5a85047	2012-06-06 15:44:24 +0200	[diff] [blame]	62
Paul Stewart	ebd3856	2012-03-23 13:06:40 -0700	[diff] [blame]	63	} // namespace
				64
				65	// static
				66	const char OpenVPNDriver::kOpenVPNPath[] = "/usr/sbin/openvpn";
				67	// static
				68	const char OpenVPNDriver::kOpenVPNScript[] = SCRIPTDIR "/openvpn-script";
				69	// static
Darin Petkov	d432539	2012-04-23 15:48:22 +0200	[diff] [blame]	70	const VPNDriver::Property OpenVPNDriver::kProperties[] = {
Darin Petkov	1847d79	2012-04-17 11:33:06 +0200	[diff] [blame]	71	{ flimflam::kOpenVPNAuthNoCacheProperty, 0 },
				72	{ flimflam::kOpenVPNAuthProperty, 0 },
				73	{ flimflam::kOpenVPNAuthRetryProperty, 0 },
				74	{ flimflam::kOpenVPNAuthUserPassProperty, 0 },
				75	{ flimflam::kOpenVPNCaCertNSSProperty, 0 },
				76	{ flimflam::kOpenVPNCaCertProperty, 0 },
				77	{ flimflam::kOpenVPNCipherProperty, 0 },
Darin Petkov	cb71529	2012-04-25 13:04:37 +0200	[diff] [blame]	78	{ flimflam::kOpenVPNClientCertIdProperty, Property::kCredential },
Darin Petkov	1847d79	2012-04-17 11:33:06 +0200	[diff] [blame]	79	{ flimflam::kOpenVPNCompLZOProperty, 0 },
				80	{ flimflam::kOpenVPNCompNoAdaptProperty, 0 },
				81	{ flimflam::kOpenVPNKeyDirectionProperty, 0 },
				82	{ flimflam::kOpenVPNNsCertTypeProperty, 0 },
Darin Petkov	cb71529	2012-04-25 13:04:37 +0200	[diff] [blame]	83	{ flimflam::kOpenVPNOTPProperty,
Darin Petkov	0223655	2012-06-11 13:15:19 +0200	[diff] [blame]	84	Property::kEphemeral \| Property::kCredential \| Property::kWriteOnly },
				85	{ flimflam::kOpenVPNPasswordProperty,
				86	Property::kCredential \| Property::kWriteOnly },
Darin Petkov	cb71529	2012-04-25 13:04:37 +0200	[diff] [blame]	87	{ flimflam::kOpenVPNPinProperty, Property::kCredential },
Darin Petkov	1847d79	2012-04-17 11:33:06 +0200	[diff] [blame]	88	{ flimflam::kOpenVPNPortProperty, 0 },
				89	{ flimflam::kOpenVPNProtoProperty, 0 },
				90	{ flimflam::kOpenVPNProviderProperty, 0 },
				91	{ flimflam::kOpenVPNPushPeerInfoProperty, 0 },
				92	{ flimflam::kOpenVPNRemoteCertEKUProperty, 0 },
				93	{ flimflam::kOpenVPNRemoteCertKUProperty, 0 },
				94	{ flimflam::kOpenVPNRemoteCertTLSProperty, 0 },
				95	{ flimflam::kOpenVPNRenegSecProperty, 0 },
				96	{ flimflam::kOpenVPNServerPollTimeoutProperty, 0 },
				97	{ flimflam::kOpenVPNShaperProperty, 0 },
				98	{ flimflam::kOpenVPNStaticChallengeProperty, 0 },
				99	{ flimflam::kOpenVPNTLSAuthContentsProperty, 0 },
				100	{ flimflam::kOpenVPNTLSRemoteProperty, 0 },
				101	{ flimflam::kOpenVPNUserProperty, 0 },
				102	{ flimflam::kProviderHostProperty, 0 },
				103	{ flimflam::kProviderNameProperty, 0 },
				104	{ flimflam::kProviderTypeProperty, 0 },
				105	{ kOpenVPNCertProperty, 0 },
				106	{ kOpenVPNKeyProperty, 0 },
				107	{ kOpenVPNPingExitProperty, 0 },
				108	{ kOpenVPNPingProperty, 0 },
				109	{ kOpenVPNPingRestartProperty, 0 },
				110	{ kOpenVPNTLSAuthProperty, 0 },
				111	{ kOpenVPNVerbProperty, 0 },
				112	{ kVPNMTUProperty, 0 },
Paul Stewart	2280799	2012-04-11 08:48:31 -0700	[diff] [blame]	113
				114	// Provided only for compatibility. crosbug.com/29286
Darin Petkov	1847d79	2012-04-17 11:33:06 +0200	[diff] [blame]	115	{ flimflam::kOpenVPNMgmtEnableProperty, 0 },
Darin Petkov	f3c71d7	2012-03-21 12:32:15 +0100	[diff] [blame]	116	};
Paul Stewart	291a473	2012-03-14 19:19:02 -0700	[diff] [blame]	117
Darin Petkov	1a462de	2012-05-02 11:10:48 +0200	[diff] [blame]	118	// static
				119	const char OpenVPNDriver::kLSBReleaseFile[] = "/etc/lsb-release";
				120	// static
				121	const char OpenVPNDriver::kChromeOSReleaseName[] = "CHROMEOS_RELEASE_NAME";
				122	//static
				123	const char OpenVPNDriver::kChromeOSReleaseVersion[] =
				124	"CHROMEOS_RELEASE_VERSION";
				125
Darin Petkov	a9b1fed	2012-02-29 11:49:05 +0100	[diff] [blame]	126	OpenVPNDriver::OpenVPNDriver(ControlInterface *control,
Darin Petkov	f20994f	2012-03-05 16:12:19 +0100	[diff] [blame]	127	EventDispatcher *dispatcher,
				128	Metrics *metrics,
				129	Manager *manager,
Paul Stewart	ca6abd4	2012-03-01 15:45:29 -0800	[diff] [blame]	130	DeviceInfo *device_info,
Paul Stewart	451aa7f	2012-04-11 19:07:58 -0700	[diff] [blame]	131	GLib *glib)
Darin Petkov	602303f	2012-06-06 12:15:59 +0200	[diff] [blame]	132	: VPNDriver(dispatcher, manager, kProperties, arraysize(kProperties)),
Darin Petkov	b451d6e	2012-04-23 11:56:41 +0200	[diff] [blame]	133	control_(control),
Darin Petkov	f20994f	2012-03-05 16:12:19 +0100	[diff] [blame]	134	metrics_(metrics),
Paul Stewart	ca6abd4	2012-03-01 15:45:29 -0800	[diff] [blame]	135	device_info_(device_info),
Darin Petkov	36a3ace	2012-03-06 17:22:14 +0100	[diff] [blame]	136	glib_(glib),
Darin Petkov	4646302	2012-03-29 14:57:32 +0200	[diff] [blame]	137	management_server_(new OpenVPNManagementServer(this, glib)),
Darin Petkov	3c5e4dc	2012-04-02 14:44:27 +0200	[diff] [blame]	138	nss_(NSS::GetInstance()),
Darin Petkov	5a85047	2012-06-06 15:44:24 +0200	[diff] [blame]	139	process_killer_(ProcessKiller::GetInstance()),
Darin Petkov	1a462de	2012-05-02 11:10:48 +0200	[diff] [blame]	140	lsb_release_file_(kLSBReleaseFile),
Darin Petkov	36a3ace	2012-03-06 17:22:14 +0100	[diff] [blame]	141	pid_(0),
Darin Petkov	a5e07ef	2012-07-09 14:27:57 +0200	[diff] [blame]	142	child_watch_tag_(0),
				143	default_service_callback_tag_(0) {}
Darin Petkov	33af05c	2012-02-28 10:10:30 +0100	[diff] [blame]	144
Darin Petkov	36a3ace	2012-03-06 17:22:14 +0100	[diff] [blame]	145	OpenVPNDriver::~OpenVPNDriver() {
Darin Petkov	3f9131c	2012-03-20 11:37:32 +0100	[diff] [blame]	146	Cleanup(Service::kStateIdle);
Darin Petkov	36a3ace	2012-03-06 17:22:14 +0100	[diff] [blame]	147	}
				148
Darin Petkov	3f9131c	2012-03-20 11:37:32 +0100	[diff] [blame]	149	void OpenVPNDriver::Cleanup(Service::ConnectState state) {
Ben Chan	fad4a0b	2012-04-18 15:49:59 -0700	[diff] [blame]	150	SLOG(VPN, 2) << __func__ << "(" << Service::ConnectStateToString(state)
				151	<< ")";
Darin Petkov	602303f	2012-06-06 12:15:59 +0200	[diff] [blame]	152	StopConnectTimeout();
Darin Petkov	4646302	2012-03-29 14:57:32 +0200	[diff] [blame]	153	management_server_->Stop();
Darin Petkov	1fa8194	2012-04-02 11:38:08 +0200	[diff] [blame]	154	if (!tls_auth_file_.empty()) {
				155	file_util::Delete(tls_auth_file_, false);
				156	tls_auth_file_.clear();
				157	}
Darin Petkov	a5e07ef	2012-07-09 14:27:57 +0200	[diff] [blame]	158	if (default_service_callback_tag_) {
				159	manager()->DeregisterDefaultServiceCallback(default_service_callback_tag_);
				160	default_service_callback_tag_ = 0;
				161	}
Darin Petkov	36a3ace	2012-03-06 17:22:14 +0100	[diff] [blame]	162	if (child_watch_tag_) {
				163	glib_->SourceRemove(child_watch_tag_);
				164	child_watch_tag_ = 0;
Darin Petkov	36a3ace	2012-03-06 17:22:14 +0100	[diff] [blame]	165	}
				166	rpc_task_.reset();
Darin Petkov	5a85047	2012-06-06 15:44:24 +0200	[diff] [blame]	167	int interface_index = -1;
Darin Petkov	36a3ace	2012-03-06 17:22:14 +0100	[diff] [blame]	168	if (device_) {
Darin Petkov	5a85047	2012-06-06 15:44:24 +0200	[diff] [blame]	169	interface_index = device_->interface_index();
Darin Petkov	029d353	2012-04-18 14:38:04 +0200	[diff] [blame]	170	device_->OnDisconnected();
Eric Shienbrood	9a24553	2012-03-07 14:20:39 -0500	[diff] [blame]	171	device_->SetEnabled(false);
Darin Petkov	36a3ace	2012-03-06 17:22:14 +0100	[diff] [blame]	172	device_ = NULL;
Darin Petkov	5a85047	2012-06-06 15:44:24 +0200	[diff] [blame]	173	}
				174	if (pid_) {
				175	Closure callback;
				176	if (interface_index >= 0) {
				177	callback =
				178	Bind(&DeleteInterface, device_info_->AsWeakPtr(), interface_index);
				179	interface_index = -1;
				180	}
				181	process_killer_->Kill(pid_, callback);
				182	pid_ = 0;
				183	}
				184	if (interface_index >= 0) {
Darin Petkov	36a3ace	2012-03-06 17:22:14 +0100	[diff] [blame]	185	device_info_->DeleteInterface(interface_index);
				186	}
				187	tunnel_interface_.clear();
Darin Petkov	79d74c9	2012-03-07 17:20:32 +0100	[diff] [blame]	188	if (service_) {
Darin Petkov	3f9131c	2012-03-20 11:37:32 +0100	[diff] [blame]	189	service_->SetState(state);
Darin Petkov	79d74c9	2012-03-07 17:20:32 +0100	[diff] [blame]	190	service_ = NULL;
				191	}
Darin Petkov	36a3ace	2012-03-06 17:22:14 +0100	[diff] [blame]	192	}
				193
				194	bool OpenVPNDriver::SpawnOpenVPN() {
Ben Chan	fad4a0b	2012-04-18 15:49:59 -0700	[diff] [blame]	195	SLOG(VPN, 2) << __func__ << "(" << tunnel_interface_ << ")";
Darin Petkov	36a3ace	2012-03-06 17:22:14 +0100	[diff] [blame]	196
				197	vector<string> options;
				198	Error error;
				199	InitOptions(&options, &error);
				200	if (error.IsFailure()) {
				201	return false;
				202	}
Ben Chan	fad4a0b	2012-04-18 15:49:59 -0700	[diff] [blame]	203	SLOG(VPN, 2) << "OpenVPN process options: " << JoinString(options, ' ');
Darin Petkov	36a3ace	2012-03-06 17:22:14 +0100	[diff] [blame]	204
				205	// TODO(petkov): This code needs to be abstracted away in a separate external
				206	// process module (crosbug.com/27131).
				207	vector<char *> process_args;
				208	process_args.push_back(const_cast<char *>(kOpenVPNPath));
				209	for (vector<string>::const_iterator it = options.begin();
				210	it != options.end(); ++it) {
				211	process_args.push_back(const_cast<char *>(it->c_str()));
				212	}
				213	process_args.push_back(NULL);
Darin Petkov	1a462de	2012-05-02 11:10:48 +0200	[diff] [blame]	214
				215	vector<string> environment;
				216	InitEnvironment(&environment);
				217
				218	vector<char *> process_env;
				219	for (vector<string>::const_iterator it = environment.begin();
				220	it != environment.end(); ++it) {
				221	process_env.push_back(const_cast<char *>(it->c_str()));
				222	}
				223	process_env.push_back(NULL);
Darin Petkov	36a3ace	2012-03-06 17:22:14 +0100	[diff] [blame]	224
				225	CHECK(!pid_);
				226	// Redirect all openvpn output to stderr.
				227	int stderr_fd = fileno(stderr);
				228	if (!glib_->SpawnAsyncWithPipesCWD(process_args.data(),
Darin Petkov	1a462de	2012-05-02 11:10:48 +0200	[diff] [blame]	229	process_env.data(),
Darin Petkov	36a3ace	2012-03-06 17:22:14 +0100	[diff] [blame]	230	G_SPAWN_DO_NOT_REAP_CHILD,
				231	NULL,
				232	NULL,
				233	&pid_,
				234	NULL,
				235	&stderr_fd,
				236	&stderr_fd,
				237	NULL)) {
				238	LOG(ERROR) << "Unable to spawn: " << kOpenVPNPath;
				239	return false;
				240	}
				241	CHECK(!child_watch_tag_);
				242	child_watch_tag_ = glib_->ChildWatchAdd(pid_, OnOpenVPNDied, this);
				243	return true;
				244	}
				245
				246	// static
				247	void OpenVPNDriver::OnOpenVPNDied(GPid pid, gint status, gpointer data) {
Ben Chan	fad4a0b	2012-04-18 15:49:59 -0700	[diff] [blame]	248	SLOG(VPN, 2) << __func__ << "(" << pid << ", " << status << ")";
Darin Petkov	36a3ace	2012-03-06 17:22:14 +0100	[diff] [blame]	249	OpenVPNDriver me = reinterpret_cast<OpenVPNDriver >(data);
				250	me->child_watch_tag_ = 0;
				251	CHECK_EQ(pid, me->pid_);
Darin Petkov	5a85047	2012-06-06 15:44:24 +0200	[diff] [blame]	252	me->pid_ = 0;
Darin Petkov	3f9131c	2012-03-20 11:37:32 +0100	[diff] [blame]	253	me->Cleanup(Service::kStateFailure);
Darin Petkov	36a3ace	2012-03-06 17:22:14 +0100	[diff] [blame]	254	// TODO(petkov): Figure if we need to restart the connection.
				255	}
Darin Petkov	33af05c	2012-02-28 10:10:30 +0100	[diff] [blame]	256
Darin Petkov	5a85047	2012-06-06 15:44:24 +0200	[diff] [blame]	257	// static
Darin Petkov	5dbd261	2012-06-07 16:22:16 +0200	[diff] [blame]	258	void OpenVPNDriver::DeleteInterface(const WeakPtr<DeviceInfo> &device_info,
Darin Petkov	5a85047	2012-06-06 15:44:24 +0200	[diff] [blame]	259	int interface_index) {
				260	if (device_info) {
				261	LOG(INFO) << "Deleting interface " << interface_index;
				262	device_info->DeleteInterface(interface_index);
				263	}
				264	}
				265
Paul Stewart	ca6abd4	2012-03-01 15:45:29 -0800	[diff] [blame]	266	bool OpenVPNDriver::ClaimInterface(const string &link_name,
				267	int interface_index) {
				268	if (link_name != tunnel_interface_) {
				269	return false;
				270	}
				271
Ben Chan	fad4a0b	2012-04-18 15:49:59 -0700	[diff] [blame]	272	SLOG(VPN, 2) << "Claiming " << link_name << " for OpenVPN tunnel";
Paul Stewart	ca6abd4	2012-03-01 15:45:29 -0800	[diff] [blame]	273
Darin Petkov	f20994f	2012-03-05 16:12:19 +0100	[diff] [blame]	274	CHECK(!device_);
Darin Petkov	602303f	2012-06-06 12:15:59 +0200	[diff] [blame]	275	device_ = new VPN(control_, dispatcher(), metrics_, manager(),
Darin Petkov	f20994f	2012-03-05 16:12:19 +0100	[diff] [blame]	276	link_name, interface_index);
Eric Shienbrood	9a24553	2012-03-07 14:20:39 -0500	[diff] [blame]	277	device_->SetEnabled(true);
Darin Petkov	79d74c9	2012-03-07 17:20:32 +0100	[diff] [blame]	278	device_->SelectService(service_);
Eric Shienbrood	9a24553	2012-03-07 14:20:39 -0500	[diff] [blame]	279
Darin Petkov	36a3ace	2012-03-06 17:22:14 +0100	[diff] [blame]	280	rpc_task_.reset(new RPCTask(control_, this));
				281	if (!SpawnOpenVPN()) {
Darin Petkov	3f9131c	2012-03-20 11:37:32 +0100	[diff] [blame]	282	Cleanup(Service::kStateFailure);
Darin Petkov	36a3ace	2012-03-06 17:22:14 +0100	[diff] [blame]	283	}
Darin Petkov	a5e07ef	2012-07-09 14:27:57 +0200	[diff] [blame]	284	default_service_callback_tag_ =
				285	manager()->RegisterDefaultServiceCallback(
				286	Bind(&OpenVPNDriver::OnDefaultServiceChanged, Unretained(this)));
Paul Stewart	ca6abd4	2012-03-01 15:45:29 -0800	[diff] [blame]	287	return true;
				288	}
				289
Darin Petkov	209e629	2012-04-20 11:33:32 +0200	[diff] [blame]	290	void OpenVPNDriver::GetLogin(string /user/, string /password/) {
				291	NOTREACHED();
				292	}
				293
Darin Petkov	36a3ace	2012-03-06 17:22:14 +0100	[diff] [blame]	294	void OpenVPNDriver::Notify(const string &reason,
Darin Petkov	14c29ec	2012-03-02 11:34:19 +0100	[diff] [blame]	295	const map<string, string> &dict) {
Darin Petkov	602303f	2012-06-06 12:15:59 +0200	[diff] [blame]	296	LOG(INFO) << "IP configuration received: " << reason;
Darin Petkov	14c29ec	2012-03-02 11:34:19 +0100	[diff] [blame]	297	if (reason != "up") {
Darin Petkov	79d74c9	2012-03-07 17:20:32 +0100	[diff] [blame]	298	device_->OnDisconnected();
Darin Petkov	36a3ace	2012-03-06 17:22:14 +0100	[diff] [blame]	299	return;
Darin Petkov	14c29ec	2012-03-02 11:34:19 +0100	[diff] [blame]	300	}
				301	IPConfig::Properties properties;
Darin Petkov	e8587e3	2012-07-02 13:56:07 +0200	[diff] [blame]	302	if (device_->ipconfig()) {
				303	// On restart/reconnect, update the existing IP configuration.
				304	properties = device_->ipconfig()->properties();
				305	}
Darin Petkov	14c29ec	2012-03-02 11:34:19 +0100	[diff] [blame]	306	ParseIPConfiguration(dict, &properties);
Darin Petkov	79d74c9	2012-03-07 17:20:32 +0100	[diff] [blame]	307	device_->UpdateIPConfig(properties);
Darin Petkov	602303f	2012-06-06 12:15:59 +0200	[diff] [blame]	308	StopConnectTimeout();
Darin Petkov	14c29ec	2012-03-02 11:34:19 +0100	[diff] [blame]	309	}
				310
				311	// static
				312	void OpenVPNDriver::ParseIPConfiguration(
				313	const map<string, string> &configuration,
				314	IPConfig::Properties *properties) {
				315	ForeignOptions foreign_options;
Darin Petkov	6059674	2012-03-05 12:17:17 +0100	[diff] [blame]	316	RouteOptions routes;
Darin Petkov	14c29ec	2012-03-02 11:34:19 +0100	[diff] [blame]	317	properties->address_family = IPAddress::kFamilyIPv4;
Darin Petkov	e8587e3	2012-07-02 13:56:07 +0200	[diff] [blame]	318	if (!properties->subnet_prefix) {
				319	properties->subnet_prefix =
				320	IPAddress::GetMaxPrefixLength(properties->address_family);
				321	}
Darin Petkov	14c29ec	2012-03-02 11:34:19 +0100	[diff] [blame]	322	for (map<string, string>::const_iterator it = configuration.begin();
				323	it != configuration.end(); ++it) {
				324	const string &key = it->first;
				325	const string &value = it->second;
Ben Chan	fad4a0b	2012-04-18 15:49:59 -0700	[diff] [blame]	326	SLOG(VPN, 2) << "Processing: " << key << " -> " << value;
Darin Petkov	14c29ec	2012-03-02 11:34:19 +0100	[diff] [blame]	327	if (LowerCaseEqualsASCII(key, kOpenVPNIfconfigLocal)) {
				328	properties->address = value;
				329	} else if (LowerCaseEqualsASCII(key, kOpenVPNIfconfigBroadcast)) {
				330	properties->broadcast_address = value;
				331	} else if (LowerCaseEqualsASCII(key, kOpenVPNIfconfigNetmask)) {
Paul Stewart	48100b0	2012-03-19 07:53:52 -0700	[diff] [blame]	332	properties->subnet_prefix =
Darin Petkov	14c29ec	2012-03-02 11:34:19 +0100	[diff] [blame]	333	IPAddress::GetPrefixLengthFromMask(properties->address_family, value);
				334	} else if (LowerCaseEqualsASCII(key, kOpenVPNIfconfigRemote)) {
				335	properties->peer_address = value;
				336	} else if (LowerCaseEqualsASCII(key, kOpenVPNRouteVPNGateway)) {
				337	properties->gateway = value;
				338	} else if (LowerCaseEqualsASCII(key, kOpenVPNTrustedIP)) {
Paul Stewart	ce4ec19	2012-03-14 12:53:46 -0700	[diff] [blame]	339	properties->trusted_ip = value;
Darin Petkov	14c29ec	2012-03-02 11:34:19 +0100	[diff] [blame]	340	} else if (LowerCaseEqualsASCII(key, kOpenVPNTunMTU)) {
				341	int mtu = 0;
				342	if (base::StringToInt(value, &mtu) && mtu >= DHCPConfig::kMinMTU) {
				343	properties->mtu = mtu;
				344	} else {
				345	LOG(ERROR) << "MTU " << value << " ignored.";
				346	}
				347	} else if (StartsWithASCII(key, kOpenVPNForeignOptionPrefix, false)) {
				348	const string suffix = key.substr(strlen(kOpenVPNForeignOptionPrefix));
				349	int order = 0;
				350	if (base::StringToInt(suffix, &order)) {
				351	foreign_options[order] = value;
				352	} else {
				353	LOG(ERROR) << "Ignored unexpected foreign option suffix: " << suffix;
				354	}
				355	} else if (StartsWithASCII(key, kOpenVPNRouteOptionPrefix, false)) {
Darin Petkov	6059674	2012-03-05 12:17:17 +0100	[diff] [blame]	356	ParseRouteOption(key.substr(strlen(kOpenVPNRouteOptionPrefix)),
				357	value, &routes);
Darin Petkov	14c29ec	2012-03-02 11:34:19 +0100	[diff] [blame]	358	} else {
Ben Chan	fad4a0b	2012-04-18 15:49:59 -0700	[diff] [blame]	359	SLOG(VPN, 2) << "Key ignored.";
Darin Petkov	14c29ec	2012-03-02 11:34:19 +0100	[diff] [blame]	360	}
				361	}
Darin Petkov	14c29ec	2012-03-02 11:34:19 +0100	[diff] [blame]	362	ParseForeignOptions(foreign_options, properties);
Darin Petkov	6059674	2012-03-05 12:17:17 +0100	[diff] [blame]	363	SetRoutes(routes, properties);
Darin Petkov	14c29ec	2012-03-02 11:34:19 +0100	[diff] [blame]	364	}
				365
				366	// static
				367	void OpenVPNDriver::ParseForeignOptions(const ForeignOptions &options,
				368	IPConfig::Properties *properties) {
Darin Petkov	e8587e3	2012-07-02 13:56:07 +0200	[diff] [blame]	369	vector<string> domain_search;
				370	vector<string> dns_servers;
Darin Petkov	14c29ec	2012-03-02 11:34:19 +0100	[diff] [blame]	371	for (ForeignOptions::const_iterator it = options.begin();
				372	it != options.end(); ++it) {
Darin Petkov	e8587e3	2012-07-02 13:56:07 +0200	[diff] [blame]	373	ParseForeignOption(it->second, &domain_search, &dns_servers);
Darin Petkov	14c29ec	2012-03-02 11:34:19 +0100	[diff] [blame]	374	}
Darin Petkov	e8587e3	2012-07-02 13:56:07 +0200	[diff] [blame]	375	if (!domain_search.empty()) {
				376	properties->domain_search.swap(domain_search);
				377	}
				378	LOG_IF(WARNING, properties->domain_search.empty())
				379	<< "No search domains provided.";
				380	if (!dns_servers.empty()) {
				381	properties->dns_servers.swap(dns_servers);
				382	}
				383	LOG_IF(WARNING, properties->dns_servers.empty())
				384	<< "No DNS servers provided.";
Darin Petkov	14c29ec	2012-03-02 11:34:19 +0100	[diff] [blame]	385	}
				386
				387	// static
				388	void OpenVPNDriver::ParseForeignOption(const string &option,
Darin Petkov	e8587e3	2012-07-02 13:56:07 +0200	[diff] [blame]	389	vector<string> *domain_search,
				390	vector<string> *dns_servers) {
Ben Chan	fad4a0b	2012-04-18 15:49:59 -0700	[diff] [blame]	391	SLOG(VPN, 2) << __func__ << "(" << option << ")";
Darin Petkov	14c29ec	2012-03-02 11:34:19 +0100	[diff] [blame]	392	vector<string> tokens;
Darin Petkov	78f6326	2012-03-26 01:30:24 +0200	[diff] [blame]	393	SplitString(option, ' ', &tokens);
				394	if (tokens.size() != 3 \|\| !LowerCaseEqualsASCII(tokens[0], "dhcp-option")) {
Darin Petkov	14c29ec	2012-03-02 11:34:19 +0100	[diff] [blame]	395	return;
				396	}
				397	if (LowerCaseEqualsASCII(tokens[1], "domain")) {
Darin Petkov	e8587e3	2012-07-02 13:56:07 +0200	[diff] [blame]	398	domain_search->push_back(tokens[2]);
Darin Petkov	14c29ec	2012-03-02 11:34:19 +0100	[diff] [blame]	399	} else if (LowerCaseEqualsASCII(tokens[1], "dns")) {
Darin Petkov	e8587e3	2012-07-02 13:56:07 +0200	[diff] [blame]	400	dns_servers->push_back(tokens[2]);
Darin Petkov	14c29ec	2012-03-02 11:34:19 +0100	[diff] [blame]	401	}
				402	}
				403
Darin Petkov	6059674	2012-03-05 12:17:17 +0100	[diff] [blame]	404	// static
				405	IPConfig::Route *OpenVPNDriver::GetRouteOptionEntry(
				406	const string &prefix, const string &key, RouteOptions *routes) {
				407	int order = 0;
				408	if (!StartsWithASCII(key, prefix, false) \|\|
				409	!base::StringToInt(key.substr(prefix.size()), &order)) {
				410	return NULL;
				411	}
				412	return &(*routes)[order];
				413	}
				414
				415	// static
				416	void OpenVPNDriver::ParseRouteOption(
				417	const string &key, const string &value, RouteOptions *routes) {
				418	IPConfig::Route *route = GetRouteOptionEntry("network_", key, routes);
				419	if (route) {
				420	route->host = value;
				421	return;
				422	}
				423	route = GetRouteOptionEntry("netmask_", key, routes);
				424	if (route) {
				425	route->netmask = value;
				426	return;
				427	}
				428	route = GetRouteOptionEntry("gateway_", key, routes);
				429	if (route) {
				430	route->gateway = value;
				431	return;
				432	}
				433	LOG(WARNING) << "Unknown route option ignored: " << key;
				434	}
				435
				436	// static
				437	void OpenVPNDriver::SetRoutes(const RouteOptions &routes,
				438	IPConfig::Properties *properties) {
Darin Petkov	e8587e3	2012-07-02 13:56:07 +0200	[diff] [blame]	439	vector<IPConfig::Route> new_routes;
Darin Petkov	6059674	2012-03-05 12:17:17 +0100	[diff] [blame]	440	for (RouteOptions::const_iterator it = routes.begin();
				441	it != routes.end(); ++it) {
				442	const IPConfig::Route &route = it->second;
				443	if (route.host.empty() \|\| route.netmask.empty() \|\| route.gateway.empty()) {
				444	LOG(WARNING) << "Ignoring incomplete route: " << it->first;
				445	continue;
				446	}
Darin Petkov	e8587e3	2012-07-02 13:56:07 +0200	[diff] [blame]	447	new_routes.push_back(route);
Darin Petkov	6059674	2012-03-05 12:17:17 +0100	[diff] [blame]	448	}
Darin Petkov	e8587e3	2012-07-02 13:56:07 +0200	[diff] [blame]	449	if (!new_routes.empty()) {
				450	properties->routes.swap(new_routes);
				451	}
				452	LOG_IF(WARNING, properties->routes.empty()) << "No routes provided.";
Darin Petkov	6059674	2012-03-05 12:17:17 +0100	[diff] [blame]	453	}
				454
Darin Petkov	602303f	2012-06-06 12:15:59 +0200	[diff] [blame]	455	void OpenVPNDriver::Connect(const VPNServiceRefPtr &service, Error *error) {
				456	StartConnectTimeout();
Darin Petkov	79d74c9	2012-03-07 17:20:32 +0100	[diff] [blame]	457	service_ = service;
				458	service_->SetState(Service::kStateConfiguring);
Darin Petkov	f20994f	2012-03-05 16:12:19 +0100	[diff] [blame]	459	if (!device_info_->CreateTunnelInterface(&tunnel_interface_)) {
				460	Error::PopulateAndLog(
				461	error, Error::kInternalError, "Could not create tunnel interface.");
Darin Petkov	3f9131c	2012-03-20 11:37:32 +0100	[diff] [blame]	462	Cleanup(Service::kStateFailure);
Darin Petkov	f20994f	2012-03-05 16:12:19 +0100	[diff] [blame]	463	}
				464	// Wait for the ClaimInterface callback to continue the connection process.
Darin Petkov	33af05c	2012-02-28 10:10:30 +0100	[diff] [blame]	465	}
				466
Darin Petkov	fe6a937	2012-02-28 16:25:06 +0100	[diff] [blame]	467	void OpenVPNDriver::InitOptions(vector<string> options, Error error) {
Darin Petkov	b451d6e	2012-04-23 11:56:41 +0200	[diff] [blame]	468	string vpnhost = args()->LookupString(flimflam::kProviderHostProperty, "");
Darin Petkov	fe6a937	2012-02-28 16:25:06 +0100	[diff] [blame]	469	if (vpnhost.empty()) {
				470	Error::PopulateAndLog(
				471	error, Error::kInvalidArguments, "VPN host not specified.");
				472	return;
				473	}
				474	options->push_back("--client");
				475	options->push_back("--tls-client");
				476	options->push_back("--remote");
				477	options->push_back(vpnhost);
				478	options->push_back("--nobind");
				479	options->push_back("--persist-key");
				480	options->push_back("--persist-tun");
				481
Darin Petkov	f20994f	2012-03-05 16:12:19 +0100	[diff] [blame]	482	CHECK(!tunnel_interface_.empty());
Paul Stewart	ca6abd4	2012-03-01 15:45:29 -0800	[diff] [blame]	483	options->push_back("--dev");
				484	options->push_back(tunnel_interface_);
Darin Petkov	fe6a937	2012-02-28 16:25:06 +0100	[diff] [blame]	485	options->push_back("--dev-type");
				486	options->push_back("tun");
Darin Petkov	fe6a937	2012-02-28 16:25:06 +0100	[diff] [blame]	487
Darin Petkov	55771b7	2012-04-25 09:25:19 +0200	[diff] [blame]	488	InitLoggingOptions(options);
Darin Petkov	fe6a937	2012-02-28 16:25:06 +0100	[diff] [blame]	489
Darin Petkov	f3c71d7	2012-03-21 12:32:15 +0100	[diff] [blame]	490	AppendValueOption(kVPNMTUProperty, "--mtu", options);
Darin Petkov	fe6a937	2012-02-28 16:25:06 +0100	[diff] [blame]	491	AppendValueOption(flimflam::kOpenVPNProtoProperty, "--proto", options);
				492	AppendValueOption(flimflam::kOpenVPNPortProperty, "--port", options);
Darin Petkov	f3c71d7	2012-03-21 12:32:15 +0100	[diff] [blame]	493	AppendValueOption(kOpenVPNTLSAuthProperty, "--tls-auth", options);
Darin Petkov	1fa8194	2012-04-02 11:38:08 +0200	[diff] [blame]	494	{
				495	string contents =
Darin Petkov	b451d6e	2012-04-23 11:56:41 +0200	[diff] [blame]	496	args()->LookupString(flimflam::kOpenVPNTLSAuthContentsProperty, "");
Darin Petkov	1fa8194	2012-04-02 11:38:08 +0200	[diff] [blame]	497	if (!contents.empty()) {
				498	if (!file_util::CreateTemporaryFile(&tls_auth_file_) \|\|
				499	file_util::WriteFile(
				500	tls_auth_file_, contents.data(), contents.size()) !=
				501	static_cast<int>(contents.size())) {
				502	Error::PopulateAndLog(
				503	error, Error::kInternalError, "Unable to setup tls-auth file.");
				504	return;
				505	}
				506	options->push_back("--tls-auth");
				507	options->push_back(tls_auth_file_.value());
				508	}
				509	}
Darin Petkov	fe6a937	2012-02-28 16:25:06 +0100	[diff] [blame]	510	AppendValueOption(
				511	flimflam::kOpenVPNTLSRemoteProperty, "--tls-remote", options);
				512	AppendValueOption(flimflam::kOpenVPNCipherProperty, "--cipher", options);
				513	AppendValueOption(flimflam::kOpenVPNAuthProperty, "--auth", options);
				514	AppendFlag(flimflam::kOpenVPNAuthNoCacheProperty, "--auth-nocache", options);
				515	AppendValueOption(
				516	flimflam::kOpenVPNAuthRetryProperty, "--auth-retry", options);
				517	AppendFlag(flimflam::kOpenVPNCompLZOProperty, "--comp-lzo", options);
				518	AppendFlag(flimflam::kOpenVPNCompNoAdaptProperty, "--comp-noadapt", options);
				519	AppendFlag(
				520	flimflam::kOpenVPNPushPeerInfoProperty, "--push-peer-info", options);
				521	AppendValueOption(flimflam::kOpenVPNRenegSecProperty, "--reneg-sec", options);
				522	AppendValueOption(flimflam::kOpenVPNShaperProperty, "--shaper", options);
				523	AppendValueOption(flimflam::kOpenVPNServerPollTimeoutProperty,
				524	"--server-poll-timeout", options);
				525
Darin Petkov	e0d5dd1	2012-04-04 16:10:48 +0200	[diff] [blame]	526	if (!InitNSSOptions(options, error)) {
				527	return;
Darin Petkov	3c5e4dc	2012-04-02 14:44:27 +0200	[diff] [blame]	528	}
Darin Petkov	fe6a937	2012-02-28 16:25:06 +0100	[diff] [blame]	529
				530	// Client-side ping support.
Darin Petkov	f3c71d7	2012-03-21 12:32:15 +0100	[diff] [blame]	531	AppendValueOption(kOpenVPNPingProperty, "--ping", options);
				532	AppendValueOption(kOpenVPNPingExitProperty, "--ping-exit", options);
				533	AppendValueOption(kOpenVPNPingRestartProperty, "--ping-restart", options);
Darin Petkov	fe6a937	2012-02-28 16:25:06 +0100	[diff] [blame]	534
				535	AppendValueOption(flimflam::kOpenVPNCaCertProperty, "--ca", options);
Darin Petkov	f3c71d7	2012-03-21 12:32:15 +0100	[diff] [blame]	536	AppendValueOption(kOpenVPNCertProperty, "--cert", options);
Darin Petkov	fe6a937	2012-02-28 16:25:06 +0100	[diff] [blame]	537	AppendValueOption(
				538	flimflam::kOpenVPNNsCertTypeProperty, "--ns-cert-type", options);
Darin Petkov	f3c71d7	2012-03-21 12:32:15 +0100	[diff] [blame]	539	AppendValueOption(kOpenVPNKeyProperty, "--key", options);
Darin Petkov	fe6a937	2012-02-28 16:25:06 +0100	[diff] [blame]	540
Darin Petkov	e0d5dd1	2012-04-04 16:10:48 +0200	[diff] [blame]	541	InitPKCS11Options(options);
Darin Petkov	fe6a937	2012-02-28 16:25:06 +0100	[diff] [blame]	542
				543	// TLS suport.
Darin Petkov	7f06033	2012-03-14 11:46:47 +0100	[diff] [blame]	544	string remote_cert_tls =
Darin Petkov	b451d6e	2012-04-23 11:56:41 +0200	[diff] [blame]	545	args()->LookupString(flimflam::kOpenVPNRemoteCertTLSProperty, "");
Darin Petkov	fe6a937	2012-02-28 16:25:06 +0100	[diff] [blame]	546	if (remote_cert_tls.empty()) {
				547	remote_cert_tls = "server";
				548	}
				549	if (remote_cert_tls != "none") {
				550	options->push_back("--remote-cert-tls");
				551	options->push_back(remote_cert_tls);
				552	}
				553
				554	// This is an undocumented command line argument that works like a .cfg file
				555	// entry. TODO(sleffler): Maybe roll this into --tls-auth?
				556	AppendValueOption(
				557	flimflam::kOpenVPNKeyDirectionProperty, "--key-direction", options);
				558	// TODO(sleffler): Support more than one eku parameter.
				559	AppendValueOption(
				560	flimflam::kOpenVPNRemoteCertEKUProperty, "--remote-cert-eku", options);
				561	AppendValueOption(
				562	flimflam::kOpenVPNRemoteCertKUProperty, "--remote-cert-ku", options);
				563
Darin Petkov	e0d5dd1	2012-04-04 16:10:48 +0200	[diff] [blame]	564	if (!InitManagementChannelOptions(options, error)) {
Darin Petkov	4646302	2012-03-29 14:57:32 +0200	[diff] [blame]	565	return;
				566	}
Darin Petkov	fe6a937	2012-02-28 16:25:06 +0100	[diff] [blame]	567
Darin Petkov	a9b1fed	2012-02-29 11:49:05 +0100	[diff] [blame]	568	// Setup openvpn-script options and RPC information required to send back
				569	// Layer 3 configuration.
				570	options->push_back("--setenv");
				571	options->push_back("CONNMAN_BUSNAME");
				572	options->push_back(rpc_task_->GetRpcConnectionIdentifier());
				573	options->push_back("--setenv");
				574	options->push_back("CONNMAN_INTERFACE");
				575	options->push_back(rpc_task_->GetRpcInterfaceIdentifier());
				576	options->push_back("--setenv");
				577	options->push_back("CONNMAN_PATH");
				578	options->push_back(rpc_task_->GetRpcIdentifier());
				579	options->push_back("--script-security");
				580	options->push_back("2");
				581	options->push_back("--up");
				582	options->push_back(kOpenVPNScript);
				583	options->push_back("--up-restart");
Darin Petkov	fe6a937	2012-02-28 16:25:06 +0100	[diff] [blame]	584
				585	// Disable openvpn handling since we do route+ifconfig work.
				586	options->push_back("--route-noexec");
				587	options->push_back("--ifconfig-noexec");
				588
				589	// Drop root privileges on connection and enable callback scripts to send
				590	// notify messages.
				591	options->push_back("--user");
				592	options->push_back("openvpn");
				593	options->push_back("--group");
				594	options->push_back("openvpn");
				595	}
				596
Darin Petkov	e0d5dd1	2012-04-04 16:10:48 +0200	[diff] [blame]	597	bool OpenVPNDriver::InitNSSOptions(vector<string> options, Error error) {
Darin Petkov	b451d6e	2012-04-23 11:56:41 +0200	[diff] [blame]	598	string ca_cert =
				599	args()->LookupString(flimflam::kOpenVPNCaCertNSSProperty, "");
Darin Petkov	e0d5dd1	2012-04-04 16:10:48 +0200	[diff] [blame]	600	if (!ca_cert.empty()) {
Darin Petkov	b451d6e	2012-04-23 11:56:41 +0200	[diff] [blame]	601	if (!args()->LookupString(flimflam::kOpenVPNCaCertProperty, "").empty()) {
Darin Petkov	e0d5dd1	2012-04-04 16:10:48 +0200	[diff] [blame]	602	Error::PopulateAndLog(error,
				603	Error::kInvalidArguments,
				604	"Can't specify both CACert and CACertNSS.");
				605	return false;
				606	}
Darin Petkov	b451d6e	2012-04-23 11:56:41 +0200	[diff] [blame]	607	const string &vpnhost = args()->GetString(flimflam::kProviderHostProperty);
Darin Petkov	e0d5dd1	2012-04-04 16:10:48 +0200	[diff] [blame]	608	vector<char> id(vpnhost.begin(), vpnhost.end());
				609	FilePath certfile = nss_->GetPEMCertfile(ca_cert, id);
				610	if (certfile.empty()) {
				611	LOG(ERROR) << "Unable to extract certificate: " << ca_cert;
				612	} else {
				613	options->push_back("--ca");
				614	options->push_back(certfile.value());
				615	}
				616	}
				617	return true;
				618	}
				619
				620	void OpenVPNDriver::InitPKCS11Options(vector<string> *options) {
Darin Petkov	b451d6e	2012-04-23 11:56:41 +0200	[diff] [blame]	621	string id = args()->LookupString(flimflam::kOpenVPNClientCertIdProperty, "");
Darin Petkov	e0d5dd1	2012-04-04 16:10:48 +0200	[diff] [blame]	622	if (!id.empty()) {
				623	string provider =
Darin Petkov	b451d6e	2012-04-23 11:56:41 +0200	[diff] [blame]	624	args()->LookupString(flimflam::kOpenVPNProviderProperty, "");
Darin Petkov	e0d5dd1	2012-04-04 16:10:48 +0200	[diff] [blame]	625	if (provider.empty()) {
				626	provider = kDefaultPKCS11Provider;
				627	}
				628	options->push_back("--pkcs11-providers");
				629	options->push_back(provider);
				630	options->push_back("--pkcs11-id");
				631	options->push_back(id);
				632	}
				633	}
				634
				635	bool OpenVPNDriver::InitManagementChannelOptions(
				636	vector<string> options, Error error) {
Darin Petkov	602303f	2012-06-06 12:15:59 +0200	[diff] [blame]	637	if (!management_server_->Start(dispatcher(), &sockets_, options)) {
Darin Petkov	e0d5dd1	2012-04-04 16:10:48 +0200	[diff] [blame]	638	Error::PopulateAndLog(
				639	error, Error::kInternalError, "Unable to setup management channel.");
				640	return false;
				641	}
Darin Petkov	a5e07ef	2012-07-09 14:27:57 +0200	[diff] [blame]	642	// If there's a connected default service already, allow the openvpn client to
				643	// establish connection as soon as it's started. Otherwise, hold the client
				644	// until an underlying service connects and OnDefaultServiceChanged is
				645	// invoked.
				646	ServiceRefPtr service = manager()->GetDefaultService();
				647	if (service && service->IsConnected()) {
				648	management_server_->ReleaseHold();
				649	}
Darin Petkov	e0d5dd1	2012-04-04 16:10:48 +0200	[diff] [blame]	650	return true;
				651	}
				652
Darin Petkov	55771b7	2012-04-25 09:25:19 +0200	[diff] [blame]	653	void OpenVPNDriver::InitLoggingOptions(vector<string> *options) {
				654	options->push_back("--syslog");
				655
				656	string verb = args()->LookupString(kOpenVPNVerbProperty, "");
				657	if (verb.empty() && SLOG_IS_ON(VPN, 0)) {
				658	verb = "3";
				659	}
				660	if (!verb.empty()) {
				661	options->push_back("--verb");
				662	options->push_back(verb);
				663	}
				664	}
				665
Darin Petkov	4646302	2012-03-29 14:57:32 +0200	[diff] [blame]	666	bool OpenVPNDriver::AppendValueOption(
Darin Petkov	fe6a937	2012-02-28 16:25:06 +0100	[diff] [blame]	667	const string &property, const string &option, vector<string> *options) {
Darin Petkov	b451d6e	2012-04-23 11:56:41 +0200	[diff] [blame]	668	string value = args()->LookupString(property, "");
Darin Petkov	fe6a937	2012-02-28 16:25:06 +0100	[diff] [blame]	669	if (!value.empty()) {
				670	options->push_back(option);
				671	options->push_back(value);
Darin Petkov	4646302	2012-03-29 14:57:32 +0200	[diff] [blame]	672	return true;
Darin Petkov	fe6a937	2012-02-28 16:25:06 +0100	[diff] [blame]	673	}
Darin Petkov	4646302	2012-03-29 14:57:32 +0200	[diff] [blame]	674	return false;
Darin Petkov	fe6a937	2012-02-28 16:25:06 +0100	[diff] [blame]	675	}
				676
Darin Petkov	4646302	2012-03-29 14:57:32 +0200	[diff] [blame]	677	bool OpenVPNDriver::AppendFlag(
Darin Petkov	fe6a937	2012-02-28 16:25:06 +0100	[diff] [blame]	678	const string &property, const string &option, vector<string> *options) {
Darin Petkov	b451d6e	2012-04-23 11:56:41 +0200	[diff] [blame]	679	if (args()->ContainsString(property)) {
Darin Petkov	fe6a937	2012-02-28 16:25:06 +0100	[diff] [blame]	680	options->push_back(option);
Darin Petkov	4646302	2012-03-29 14:57:32 +0200	[diff] [blame]	681	return true;
Darin Petkov	fe6a937	2012-02-28 16:25:06 +0100	[diff] [blame]	682	}
Darin Petkov	4646302	2012-03-29 14:57:32 +0200	[diff] [blame]	683	return false;
Darin Petkov	fe6a937	2012-02-28 16:25:06 +0100	[diff] [blame]	684	}
				685
Darin Petkov	6aa2187	2012-03-09 16:10:19 +0100	[diff] [blame]	686	void OpenVPNDriver::Disconnect() {
Ben Chan	fad4a0b	2012-04-18 15:49:59 -0700	[diff] [blame]	687	SLOG(VPN, 2) << __func__;
Darin Petkov	3f9131c	2012-03-20 11:37:32 +0100	[diff] [blame]	688	Cleanup(Service::kStateIdle);
Darin Petkov	6aa2187	2012-03-09 16:10:19 +0100	[diff] [blame]	689	}
				690
Darin Petkov	5eb0542	2012-05-11 15:45:25 +0200	[diff] [blame]	691	void OpenVPNDriver::OnConnectionDisconnected() {
Darin Petkov	602303f	2012-06-06 12:15:59 +0200	[diff] [blame]	692	LOG(ERROR) << "VPN connection disconnected.";
Darin Petkov	5eb0542	2012-05-11 15:45:25 +0200	[diff] [blame]	693	Cleanup(Service::kStateFailure);
				694	}
				695
Darin Petkov	271fe52	2012-03-27 13:47:29 +0200	[diff] [blame]	696	void OpenVPNDriver::OnReconnecting() {
Ben Chan	fad4a0b	2012-04-18 15:49:59 -0700	[diff] [blame]	697	SLOG(VPN, 2) << __func__;
Darin Petkov	602303f	2012-06-06 12:15:59 +0200	[diff] [blame]	698	StartConnectTimeout();
Darin Petkov	a5e07ef	2012-07-09 14:27:57 +0200	[diff] [blame]	699	// On restart/reconnect, drop the VPN connection, if any. The openvpn client
				700	// might be in hold state if the VPN connection was previously established
				701	// successfully. The hold will be released by OnDefaultServiceChanged when a
				702	// new default service connects. This ensures that the client will use a fully
				703	// functional underlying connection to reconnect.
Darin Petkov	271fe52	2012-03-27 13:47:29 +0200	[diff] [blame]	704	if (device_) {
				705	device_->OnDisconnected();
				706	}
				707	if (service_) {
				708	service_->SetState(Service::kStateAssociating);
				709	}
				710	}
				711
Paul Stewart	39964fa	2012-04-04 09:50:25 -0700	[diff] [blame]	712	string OpenVPNDriver::GetProviderType() const {
				713	return flimflam::kProviderOpenVpn;
				714	}
				715
Darin Petkov	b536a74	2012-04-26 11:31:28 +0200	[diff] [blame]	716	KeyValueStore OpenVPNDriver::GetProvider(Error *error) {
				717	SLOG(VPN, 2) << __func__;
				718	KeyValueStore props = VPNDriver::GetProvider(error);
				719	props.SetBool(flimflam::kPassphraseRequiredProperty,
				720	args()->LookupString(
				721	flimflam::kOpenVPNPasswordProperty, "").empty());
				722	return props;
				723	}
				724
Darin Petkov	1a462de	2012-05-02 11:10:48 +0200	[diff] [blame]	725	// TODO(petkov): Consider refactoring lsb-release parsing out into a shared
				726	// singleton if it's used outside OpenVPN.
				727	bool OpenVPNDriver::ParseLSBRelease(map<string, string> *lsb_release) {
				728	SLOG(VPN, 2) << __func__ << "(" << lsb_release_file_.value() << ")";
				729	string contents;
				730	if (!file_util::ReadFileToString(lsb_release_file_, &contents)) {
				731	LOG(ERROR) << "Unable to read the lsb-release file: "
				732	<< lsb_release_file_.value();
				733	return false;
				734	}
				735	vector<string> lines;
				736	SplitString(contents, '\n', &lines);
				737	for (vector<string>::const_iterator it = lines.begin();
				738	it != lines.end(); ++it) {
				739	size_t assign = it->find('=');
				740	if (assign == string::npos) {
				741	continue;
				742	}
				743	(*lsb_release)[it->substr(0, assign)] = it->substr(assign + 1);
				744	}
				745	return true;
				746	}
				747
				748	void OpenVPNDriver::InitEnvironment(vector<string> *environment) {
				749	// Adds the platform name and version to the environment so that openvpn can
				750	// send them to the server when OpenVPN.PushPeerInfo is set.
				751	map<string, string> lsb_release;
				752	ParseLSBRelease(&lsb_release);
				753	string platform_name = lsb_release[kChromeOSReleaseName];
				754	if (!platform_name.empty()) {
				755	environment->push_back("IV_PLAT=" + platform_name);
				756	}
				757	string platform_version = lsb_release[kChromeOSReleaseVersion];
				758	if (!platform_version.empty()) {
				759	environment->push_back("IV_PLAT_REL=" + platform_version);
				760	}
				761	}
				762
Darin Petkov	a5e07ef	2012-07-09 14:27:57 +0200	[diff] [blame]	763	void OpenVPNDriver::OnDefaultServiceChanged(const ServiceRefPtr &service) {
				764	SLOG(VPN, 2) << __func__
				765	<< "(" << (service ? service->friendly_name() : "-") << ")";
				766	// Allow the openvpn client to connect/reconnect only over a connected
				767	// underlying default service. If there's no default connected service, hold
				768	// the openvpn client until an underlying connection is established. If the
				769	// default service is our VPN service, hold the openvpn client on reconnect so
				770	// that the VPN connection can be torn down fully before a new connection
				771	// attempt is made over the underlying service.
				772	if (service && service != service_ && service->IsConnected()) {
				773	management_server_->ReleaseHold();
				774	} else {
				775	management_server_->Hold();
				776	}
				777	}
				778
Darin Petkov	33af05c	2012-02-28 10:10:30 +0100	[diff] [blame]	779	} // namespace shill