Darin Petkov | 33af05c | 2012-02-28 10:10:30 +0100 | [diff] [blame] | 1 | // Copyright (c) 2012 The Chromium OS Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
| 5 | #include "shill/openvpn_driver.h" |
| 6 | |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 7 | #include <arpa/inet.h> |
| 8 | |
Darin Petkov | 1fa8194 | 2012-04-02 11:38:08 +0200 | [diff] [blame] | 9 | #include <base/file_util.h> |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 10 | #include <base/logging.h> |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 11 | #include <base/string_number_conversions.h> |
Darin Petkov | 78f6326 | 2012-03-26 01:30:24 +0200 | [diff] [blame] | 12 | #include <base/string_split.h> |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 13 | #include <base/string_util.h> |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 14 | #include <chromeos/dbus/service_constants.h> |
| 15 | |
Paul Stewart | ce4ec19 | 2012-03-14 12:53:46 -0700 | [diff] [blame] | 16 | #include "shill/connection.h" |
Paul Stewart | ca6abd4 | 2012-03-01 15:45:29 -0800 | [diff] [blame] | 17 | #include "shill/device_info.h" |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 18 | #include "shill/dhcp_config.h" |
Darin Petkov | 33af05c | 2012-02-28 10:10:30 +0100 | [diff] [blame] | 19 | #include "shill/error.h" |
Paul Stewart | ce4ec19 | 2012-03-14 12:53:46 -0700 | [diff] [blame] | 20 | #include "shill/manager.h" |
Darin Petkov | 3c5e4dc | 2012-04-02 14:44:27 +0200 | [diff] [blame] | 21 | #include "shill/nss.h" |
Darin Petkov | 4646302 | 2012-03-29 14:57:32 +0200 | [diff] [blame] | 22 | #include "shill/openvpn_management_server.h" |
Paul Stewart | ebd3856 | 2012-03-23 13:06:40 -0700 | [diff] [blame] | 23 | #include "shill/property_accessor.h" |
Darin Petkov | a9b1fed | 2012-02-29 11:49:05 +0100 | [diff] [blame] | 24 | #include "shill/rpc_task.h" |
Darin Petkov | 4646302 | 2012-03-29 14:57:32 +0200 | [diff] [blame] | 25 | #include "shill/sockets.h" |
Darin Petkov | f3c71d7 | 2012-03-21 12:32:15 +0100 | [diff] [blame] | 26 | #include "shill/store_interface.h" |
Darin Petkov | f20994f | 2012-03-05 16:12:19 +0100 | [diff] [blame] | 27 | #include "shill/vpn.h" |
Darin Petkov | 79d74c9 | 2012-03-07 17:20:32 +0100 | [diff] [blame] | 28 | #include "shill/vpn_service.h" |
Darin Petkov | 33af05c | 2012-02-28 10:10:30 +0100 | [diff] [blame] | 29 | |
Darin Petkov | 78f6326 | 2012-03-26 01:30:24 +0200 | [diff] [blame] | 30 | using base::SplitString; |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 31 | using std::map; |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 32 | using std::string; |
| 33 | using std::vector; |
| 34 | |
Darin Petkov | 33af05c | 2012-02-28 10:10:30 +0100 | [diff] [blame] | 35 | namespace shill { |
| 36 | |
Darin Petkov | a9b1fed | 2012-02-29 11:49:05 +0100 | [diff] [blame] | 37 | namespace { |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 38 | const char kOpenVPNForeignOptionPrefix[] = "foreign_option_"; |
| 39 | const char kOpenVPNIfconfigBroadcast[] = "ifconfig_broadcast"; |
| 40 | const char kOpenVPNIfconfigLocal[] = "ifconfig_local"; |
| 41 | const char kOpenVPNIfconfigNetmask[] = "ifconfig_netmask"; |
| 42 | const char kOpenVPNIfconfigRemote[] = "ifconfig_remote"; |
| 43 | const char kOpenVPNRouteOptionPrefix[] = "route_"; |
| 44 | const char kOpenVPNRouteVPNGateway[] = "route_vpn_gateway"; |
| 45 | const char kOpenVPNTrustedIP[] = "trusted_ip"; |
| 46 | const char kOpenVPNTunMTU[] = "tun_mtu"; |
Darin Petkov | f3c71d7 | 2012-03-21 12:32:15 +0100 | [diff] [blame] | 47 | |
Darin Petkov | e0d5dd1 | 2012-04-04 16:10:48 +0200 | [diff] [blame] | 48 | const char kDefaultPKCS11Provider[] = "libchaps.so"; |
| 49 | |
Darin Petkov | f3c71d7 | 2012-03-21 12:32:15 +0100 | [diff] [blame] | 50 | // TODO(petkov): Move to chromeos/dbus/service_constants.h. |
| 51 | const char kOpenVPNCertProperty[] = "OpenVPN.Cert"; |
| 52 | const char kOpenVPNKeyProperty[] = "OpenVPN.Key"; |
| 53 | const char kOpenVPNPingProperty[] = "OpenVPN.Ping"; |
| 54 | const char kOpenVPNPingExitProperty[] = "OpenVPN.PingExit"; |
| 55 | const char kOpenVPNPingRestartProperty[] = "OpenVPN.PingRestart"; |
| 56 | const char kOpenVPNTLSAuthProperty[] = "OpenVPN.TLSAuth"; |
| 57 | const char kOpenVPNVerbProperty[] = "OpenVPN.Verb"; |
| 58 | const char kVPNMTUProperty[] = "VPN.MTU"; |
| 59 | |
Paul Stewart | ebd3856 | 2012-03-23 13:06:40 -0700 | [diff] [blame] | 60 | } // namespace |
| 61 | |
| 62 | // static |
| 63 | const char OpenVPNDriver::kOpenVPNPath[] = "/usr/sbin/openvpn"; |
| 64 | // static |
| 65 | const char OpenVPNDriver::kOpenVPNScript[] = SCRIPTDIR "/openvpn-script"; |
| 66 | // static |
| 67 | const OpenVPNDriver::Property OpenVPNDriver::kProperties[] = { |
Darin Petkov | f3c71d7 | 2012-03-21 12:32:15 +0100 | [diff] [blame] | 68 | { flimflam::kOpenVPNAuthNoCacheProperty, false }, |
| 69 | { flimflam::kOpenVPNAuthProperty, false }, |
| 70 | { flimflam::kOpenVPNAuthRetryProperty, false }, |
| 71 | { flimflam::kOpenVPNAuthUserPassProperty, false }, |
| 72 | { flimflam::kOpenVPNCaCertNSSProperty, false }, |
| 73 | { flimflam::kOpenVPNCaCertProperty, false }, |
| 74 | { flimflam::kOpenVPNCipherProperty, false }, |
| 75 | { flimflam::kOpenVPNCompLZOProperty, false }, |
| 76 | { flimflam::kOpenVPNCompNoAdaptProperty, false }, |
| 77 | { flimflam::kOpenVPNKeyDirectionProperty, false }, |
| 78 | { flimflam::kOpenVPNNsCertTypeProperty, false }, |
| 79 | { flimflam::kOpenVPNPasswordProperty, true }, |
| 80 | { flimflam::kOpenVPNPinProperty, false }, |
| 81 | { flimflam::kOpenVPNPortProperty, false }, |
| 82 | { flimflam::kOpenVPNProtoProperty, false }, |
| 83 | { flimflam::kOpenVPNProviderProperty, false }, |
| 84 | { flimflam::kOpenVPNPushPeerInfoProperty, false }, |
| 85 | { flimflam::kOpenVPNRemoteCertEKUProperty, false }, |
| 86 | { flimflam::kOpenVPNRemoteCertKUProperty, false }, |
| 87 | { flimflam::kOpenVPNRemoteCertTLSProperty, false }, |
| 88 | { flimflam::kOpenVPNRenegSecProperty, false }, |
| 89 | { flimflam::kOpenVPNServerPollTimeoutProperty, false }, |
| 90 | { flimflam::kOpenVPNShaperProperty, false }, |
| 91 | { flimflam::kOpenVPNStaticChallengeProperty, false }, |
| 92 | { flimflam::kOpenVPNTLSAuthContentsProperty, false }, |
| 93 | { flimflam::kOpenVPNTLSRemoteProperty, false }, |
| 94 | { flimflam::kOpenVPNUserProperty, false }, |
| 95 | { flimflam::kProviderHostProperty, false }, |
| 96 | { flimflam::kProviderNameProperty, false }, |
| 97 | { flimflam::kProviderTypeProperty, false }, |
| 98 | { kOpenVPNCertProperty, false }, |
| 99 | { kOpenVPNKeyProperty, false }, |
| 100 | { kOpenVPNPingExitProperty, false }, |
| 101 | { kOpenVPNPingProperty, false }, |
| 102 | { kOpenVPNPingRestartProperty, false }, |
| 103 | { kOpenVPNTLSAuthProperty, false }, |
| 104 | { kOpenVPNVerbProperty, false }, |
| 105 | { kVPNMTUProperty, false }, |
Darin Petkov | f3c71d7 | 2012-03-21 12:32:15 +0100 | [diff] [blame] | 106 | }; |
Paul Stewart | 291a473 | 2012-03-14 19:19:02 -0700 | [diff] [blame] | 107 | |
Darin Petkov | a9b1fed | 2012-02-29 11:49:05 +0100 | [diff] [blame] | 108 | OpenVPNDriver::OpenVPNDriver(ControlInterface *control, |
Darin Petkov | f20994f | 2012-03-05 16:12:19 +0100 | [diff] [blame] | 109 | EventDispatcher *dispatcher, |
| 110 | Metrics *metrics, |
| 111 | Manager *manager, |
Paul Stewart | ca6abd4 | 2012-03-01 15:45:29 -0800 | [diff] [blame] | 112 | DeviceInfo *device_info, |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 113 | GLib *glib, |
Darin Petkov | a9b1fed | 2012-02-29 11:49:05 +0100 | [diff] [blame] | 114 | const KeyValueStore &args) |
| 115 | : control_(control), |
Darin Petkov | f20994f | 2012-03-05 16:12:19 +0100 | [diff] [blame] | 116 | dispatcher_(dispatcher), |
| 117 | metrics_(metrics), |
| 118 | manager_(manager), |
Paul Stewart | ca6abd4 | 2012-03-01 15:45:29 -0800 | [diff] [blame] | 119 | device_info_(device_info), |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 120 | glib_(glib), |
| 121 | args_(args), |
Darin Petkov | 4646302 | 2012-03-29 14:57:32 +0200 | [diff] [blame] | 122 | management_server_(new OpenVPNManagementServer(this, glib)), |
Darin Petkov | 3c5e4dc | 2012-04-02 14:44:27 +0200 | [diff] [blame] | 123 | nss_(NSS::GetInstance()), |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 124 | pid_(0), |
| 125 | child_watch_tag_(0) {} |
Darin Petkov | 33af05c | 2012-02-28 10:10:30 +0100 | [diff] [blame] | 126 | |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 127 | OpenVPNDriver::~OpenVPNDriver() { |
Darin Petkov | 3f9131c | 2012-03-20 11:37:32 +0100 | [diff] [blame] | 128 | Cleanup(Service::kStateIdle); |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 129 | } |
| 130 | |
Darin Petkov | 3f9131c | 2012-03-20 11:37:32 +0100 | [diff] [blame] | 131 | void OpenVPNDriver::Cleanup(Service::ConnectState state) { |
Darin Petkov | 1fa8194 | 2012-04-02 11:38:08 +0200 | [diff] [blame] | 132 | VLOG(2) << __func__ << "(" << Service::ConnectStateToString(state) << ")"; |
Darin Petkov | 4646302 | 2012-03-29 14:57:32 +0200 | [diff] [blame] | 133 | management_server_->Stop(); |
Darin Petkov | 1fa8194 | 2012-04-02 11:38:08 +0200 | [diff] [blame] | 134 | if (!tls_auth_file_.empty()) { |
| 135 | file_util::Delete(tls_auth_file_, false); |
| 136 | tls_auth_file_.clear(); |
| 137 | } |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 138 | if (child_watch_tag_) { |
| 139 | glib_->SourceRemove(child_watch_tag_); |
| 140 | child_watch_tag_ = 0; |
| 141 | CHECK(pid_); |
| 142 | kill(pid_, SIGTERM); |
| 143 | } |
| 144 | if (pid_) { |
| 145 | glib_->SpawnClosePID(pid_); |
| 146 | pid_ = 0; |
| 147 | } |
| 148 | rpc_task_.reset(); |
| 149 | if (device_) { |
| 150 | int interface_index = device_->interface_index(); |
Eric Shienbrood | 9a24553 | 2012-03-07 14:20:39 -0500 | [diff] [blame] | 151 | device_->SetEnabled(false); |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 152 | device_ = NULL; |
| 153 | device_info_->DeleteInterface(interface_index); |
| 154 | } |
| 155 | tunnel_interface_.clear(); |
Darin Petkov | 79d74c9 | 2012-03-07 17:20:32 +0100 | [diff] [blame] | 156 | if (service_) { |
Darin Petkov | 3f9131c | 2012-03-20 11:37:32 +0100 | [diff] [blame] | 157 | service_->SetState(state); |
Darin Petkov | 79d74c9 | 2012-03-07 17:20:32 +0100 | [diff] [blame] | 158 | service_ = NULL; |
| 159 | } |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 160 | } |
| 161 | |
| 162 | bool OpenVPNDriver::SpawnOpenVPN() { |
| 163 | VLOG(2) << __func__ << "(" << tunnel_interface_ << ")"; |
| 164 | |
| 165 | vector<string> options; |
| 166 | Error error; |
| 167 | InitOptions(&options, &error); |
| 168 | if (error.IsFailure()) { |
| 169 | return false; |
| 170 | } |
| 171 | VLOG(2) << "OpenVPN process options: " << JoinString(options, ' '); |
| 172 | |
| 173 | // TODO(petkov): This code needs to be abstracted away in a separate external |
| 174 | // process module (crosbug.com/27131). |
| 175 | vector<char *> process_args; |
| 176 | process_args.push_back(const_cast<char *>(kOpenVPNPath)); |
| 177 | for (vector<string>::const_iterator it = options.begin(); |
| 178 | it != options.end(); ++it) { |
| 179 | process_args.push_back(const_cast<char *>(it->c_str())); |
| 180 | } |
| 181 | process_args.push_back(NULL); |
| 182 | char *envp[1] = { NULL }; |
| 183 | |
| 184 | CHECK(!pid_); |
| 185 | // Redirect all openvpn output to stderr. |
| 186 | int stderr_fd = fileno(stderr); |
| 187 | if (!glib_->SpawnAsyncWithPipesCWD(process_args.data(), |
| 188 | envp, |
| 189 | G_SPAWN_DO_NOT_REAP_CHILD, |
| 190 | NULL, |
| 191 | NULL, |
| 192 | &pid_, |
| 193 | NULL, |
| 194 | &stderr_fd, |
| 195 | &stderr_fd, |
| 196 | NULL)) { |
| 197 | LOG(ERROR) << "Unable to spawn: " << kOpenVPNPath; |
| 198 | return false; |
| 199 | } |
| 200 | CHECK(!child_watch_tag_); |
| 201 | child_watch_tag_ = glib_->ChildWatchAdd(pid_, OnOpenVPNDied, this); |
| 202 | return true; |
| 203 | } |
| 204 | |
| 205 | // static |
| 206 | void OpenVPNDriver::OnOpenVPNDied(GPid pid, gint status, gpointer data) { |
| 207 | VLOG(2) << __func__ << "(" << pid << ", " << status << ")"; |
| 208 | OpenVPNDriver *me = reinterpret_cast<OpenVPNDriver *>(data); |
| 209 | me->child_watch_tag_ = 0; |
| 210 | CHECK_EQ(pid, me->pid_); |
Darin Petkov | 3f9131c | 2012-03-20 11:37:32 +0100 | [diff] [blame] | 211 | me->Cleanup(Service::kStateFailure); |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 212 | // TODO(petkov): Figure if we need to restart the connection. |
| 213 | } |
Darin Petkov | 33af05c | 2012-02-28 10:10:30 +0100 | [diff] [blame] | 214 | |
Paul Stewart | ca6abd4 | 2012-03-01 15:45:29 -0800 | [diff] [blame] | 215 | bool OpenVPNDriver::ClaimInterface(const string &link_name, |
| 216 | int interface_index) { |
| 217 | if (link_name != tunnel_interface_) { |
| 218 | return false; |
| 219 | } |
| 220 | |
| 221 | VLOG(2) << "Claiming " << link_name << " for OpenVPN tunnel"; |
| 222 | |
Darin Petkov | f20994f | 2012-03-05 16:12:19 +0100 | [diff] [blame] | 223 | CHECK(!device_); |
| 224 | device_ = new VPN(control_, dispatcher_, metrics_, manager_, |
| 225 | link_name, interface_index); |
Eric Shienbrood | 9a24553 | 2012-03-07 14:20:39 -0500 | [diff] [blame] | 226 | |
| 227 | device_->SetEnabled(true); |
Darin Petkov | 79d74c9 | 2012-03-07 17:20:32 +0100 | [diff] [blame] | 228 | device_->SelectService(service_); |
Eric Shienbrood | 9a24553 | 2012-03-07 14:20:39 -0500 | [diff] [blame] | 229 | |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 230 | rpc_task_.reset(new RPCTask(control_, this)); |
| 231 | if (!SpawnOpenVPN()) { |
Darin Petkov | 3f9131c | 2012-03-20 11:37:32 +0100 | [diff] [blame] | 232 | Cleanup(Service::kStateFailure); |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 233 | } |
Paul Stewart | ca6abd4 | 2012-03-01 15:45:29 -0800 | [diff] [blame] | 234 | return true; |
| 235 | } |
| 236 | |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 237 | void OpenVPNDriver::Notify(const string &reason, |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 238 | const map<string, string> &dict) { |
| 239 | VLOG(2) << __func__ << "(" << reason << ")"; |
| 240 | if (reason != "up") { |
Darin Petkov | 79d74c9 | 2012-03-07 17:20:32 +0100 | [diff] [blame] | 241 | device_->OnDisconnected(); |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 242 | return; |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 243 | } |
| 244 | IPConfig::Properties properties; |
| 245 | ParseIPConfiguration(dict, &properties); |
Paul Stewart | ce4ec19 | 2012-03-14 12:53:46 -0700 | [diff] [blame] | 246 | PinHostRoute(properties); |
| 247 | |
Darin Petkov | 79d74c9 | 2012-03-07 17:20:32 +0100 | [diff] [blame] | 248 | device_->UpdateIPConfig(properties); |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 249 | } |
| 250 | |
| 251 | // static |
| 252 | void OpenVPNDriver::ParseIPConfiguration( |
| 253 | const map<string, string> &configuration, |
| 254 | IPConfig::Properties *properties) { |
| 255 | ForeignOptions foreign_options; |
Darin Petkov | 6059674 | 2012-03-05 12:17:17 +0100 | [diff] [blame] | 256 | RouteOptions routes; |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 257 | properties->address_family = IPAddress::kFamilyIPv4; |
Paul Stewart | 48100b0 | 2012-03-19 07:53:52 -0700 | [diff] [blame] | 258 | properties->subnet_prefix = IPAddress::GetMaxPrefixLength( |
| 259 | properties->address_family); |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 260 | for (map<string, string>::const_iterator it = configuration.begin(); |
| 261 | it != configuration.end(); ++it) { |
| 262 | const string &key = it->first; |
| 263 | const string &value = it->second; |
| 264 | VLOG(2) << "Processing: " << key << " -> " << value; |
| 265 | if (LowerCaseEqualsASCII(key, kOpenVPNIfconfigLocal)) { |
| 266 | properties->address = value; |
| 267 | } else if (LowerCaseEqualsASCII(key, kOpenVPNIfconfigBroadcast)) { |
| 268 | properties->broadcast_address = value; |
| 269 | } else if (LowerCaseEqualsASCII(key, kOpenVPNIfconfigNetmask)) { |
Paul Stewart | 48100b0 | 2012-03-19 07:53:52 -0700 | [diff] [blame] | 270 | properties->subnet_prefix = |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 271 | IPAddress::GetPrefixLengthFromMask(properties->address_family, value); |
| 272 | } else if (LowerCaseEqualsASCII(key, kOpenVPNIfconfigRemote)) { |
| 273 | properties->peer_address = value; |
| 274 | } else if (LowerCaseEqualsASCII(key, kOpenVPNRouteVPNGateway)) { |
| 275 | properties->gateway = value; |
| 276 | } else if (LowerCaseEqualsASCII(key, kOpenVPNTrustedIP)) { |
Paul Stewart | ce4ec19 | 2012-03-14 12:53:46 -0700 | [diff] [blame] | 277 | properties->trusted_ip = value; |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 278 | } else if (LowerCaseEqualsASCII(key, kOpenVPNTunMTU)) { |
| 279 | int mtu = 0; |
| 280 | if (base::StringToInt(value, &mtu) && mtu >= DHCPConfig::kMinMTU) { |
| 281 | properties->mtu = mtu; |
| 282 | } else { |
| 283 | LOG(ERROR) << "MTU " << value << " ignored."; |
| 284 | } |
| 285 | } else if (StartsWithASCII(key, kOpenVPNForeignOptionPrefix, false)) { |
| 286 | const string suffix = key.substr(strlen(kOpenVPNForeignOptionPrefix)); |
| 287 | int order = 0; |
| 288 | if (base::StringToInt(suffix, &order)) { |
| 289 | foreign_options[order] = value; |
| 290 | } else { |
| 291 | LOG(ERROR) << "Ignored unexpected foreign option suffix: " << suffix; |
| 292 | } |
| 293 | } else if (StartsWithASCII(key, kOpenVPNRouteOptionPrefix, false)) { |
Darin Petkov | 6059674 | 2012-03-05 12:17:17 +0100 | [diff] [blame] | 294 | ParseRouteOption(key.substr(strlen(kOpenVPNRouteOptionPrefix)), |
| 295 | value, &routes); |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 296 | } else { |
| 297 | VLOG(2) << "Key ignored."; |
| 298 | } |
| 299 | } |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 300 | ParseForeignOptions(foreign_options, properties); |
Darin Petkov | 6059674 | 2012-03-05 12:17:17 +0100 | [diff] [blame] | 301 | SetRoutes(routes, properties); |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 302 | } |
| 303 | |
| 304 | // static |
| 305 | void OpenVPNDriver::ParseForeignOptions(const ForeignOptions &options, |
| 306 | IPConfig::Properties *properties) { |
| 307 | for (ForeignOptions::const_iterator it = options.begin(); |
| 308 | it != options.end(); ++it) { |
| 309 | ParseForeignOption(it->second, properties); |
| 310 | } |
| 311 | } |
| 312 | |
| 313 | // static |
| 314 | void OpenVPNDriver::ParseForeignOption(const string &option, |
| 315 | IPConfig::Properties *properties) { |
| 316 | VLOG(2) << __func__ << "(" << option << ")"; |
| 317 | vector<string> tokens; |
Darin Petkov | 78f6326 | 2012-03-26 01:30:24 +0200 | [diff] [blame] | 318 | SplitString(option, ' ', &tokens); |
| 319 | if (tokens.size() != 3 || !LowerCaseEqualsASCII(tokens[0], "dhcp-option")) { |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 320 | return; |
| 321 | } |
| 322 | if (LowerCaseEqualsASCII(tokens[1], "domain")) { |
| 323 | properties->domain_search.push_back(tokens[2]); |
| 324 | } else if (LowerCaseEqualsASCII(tokens[1], "dns")) { |
| 325 | properties->dns_servers.push_back(tokens[2]); |
| 326 | } |
| 327 | } |
| 328 | |
Darin Petkov | 6059674 | 2012-03-05 12:17:17 +0100 | [diff] [blame] | 329 | // static |
| 330 | IPConfig::Route *OpenVPNDriver::GetRouteOptionEntry( |
| 331 | const string &prefix, const string &key, RouteOptions *routes) { |
| 332 | int order = 0; |
| 333 | if (!StartsWithASCII(key, prefix, false) || |
| 334 | !base::StringToInt(key.substr(prefix.size()), &order)) { |
| 335 | return NULL; |
| 336 | } |
| 337 | return &(*routes)[order]; |
| 338 | } |
| 339 | |
| 340 | // static |
| 341 | void OpenVPNDriver::ParseRouteOption( |
| 342 | const string &key, const string &value, RouteOptions *routes) { |
| 343 | IPConfig::Route *route = GetRouteOptionEntry("network_", key, routes); |
| 344 | if (route) { |
| 345 | route->host = value; |
| 346 | return; |
| 347 | } |
| 348 | route = GetRouteOptionEntry("netmask_", key, routes); |
| 349 | if (route) { |
| 350 | route->netmask = value; |
| 351 | return; |
| 352 | } |
| 353 | route = GetRouteOptionEntry("gateway_", key, routes); |
| 354 | if (route) { |
| 355 | route->gateway = value; |
| 356 | return; |
| 357 | } |
| 358 | LOG(WARNING) << "Unknown route option ignored: " << key; |
| 359 | } |
| 360 | |
| 361 | // static |
| 362 | void OpenVPNDriver::SetRoutes(const RouteOptions &routes, |
| 363 | IPConfig::Properties *properties) { |
| 364 | for (RouteOptions::const_iterator it = routes.begin(); |
| 365 | it != routes.end(); ++it) { |
| 366 | const IPConfig::Route &route = it->second; |
| 367 | if (route.host.empty() || route.netmask.empty() || route.gateway.empty()) { |
| 368 | LOG(WARNING) << "Ignoring incomplete route: " << it->first; |
| 369 | continue; |
| 370 | } |
| 371 | properties->routes.push_back(route); |
| 372 | } |
| 373 | } |
| 374 | |
Darin Petkov | 79d74c9 | 2012-03-07 17:20:32 +0100 | [diff] [blame] | 375 | void OpenVPNDriver::Connect(const VPNServiceRefPtr &service, |
| 376 | Error *error) { |
| 377 | service_ = service; |
| 378 | service_->SetState(Service::kStateConfiguring); |
Darin Petkov | f20994f | 2012-03-05 16:12:19 +0100 | [diff] [blame] | 379 | if (!device_info_->CreateTunnelInterface(&tunnel_interface_)) { |
| 380 | Error::PopulateAndLog( |
| 381 | error, Error::kInternalError, "Could not create tunnel interface."); |
Darin Petkov | 3f9131c | 2012-03-20 11:37:32 +0100 | [diff] [blame] | 382 | Cleanup(Service::kStateFailure); |
Darin Petkov | f20994f | 2012-03-05 16:12:19 +0100 | [diff] [blame] | 383 | } |
| 384 | // Wait for the ClaimInterface callback to continue the connection process. |
Darin Petkov | 33af05c | 2012-02-28 10:10:30 +0100 | [diff] [blame] | 385 | } |
| 386 | |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 387 | void OpenVPNDriver::InitOptions(vector<string> *options, Error *error) { |
Darin Petkov | 7f06033 | 2012-03-14 11:46:47 +0100 | [diff] [blame] | 388 | string vpnhost = args_.LookupString(flimflam::kProviderHostProperty, ""); |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 389 | if (vpnhost.empty()) { |
| 390 | Error::PopulateAndLog( |
| 391 | error, Error::kInvalidArguments, "VPN host not specified."); |
| 392 | return; |
| 393 | } |
| 394 | options->push_back("--client"); |
| 395 | options->push_back("--tls-client"); |
| 396 | options->push_back("--remote"); |
| 397 | options->push_back(vpnhost); |
| 398 | options->push_back("--nobind"); |
| 399 | options->push_back("--persist-key"); |
| 400 | options->push_back("--persist-tun"); |
| 401 | |
Darin Petkov | f20994f | 2012-03-05 16:12:19 +0100 | [diff] [blame] | 402 | CHECK(!tunnel_interface_.empty()); |
Paul Stewart | ca6abd4 | 2012-03-01 15:45:29 -0800 | [diff] [blame] | 403 | options->push_back("--dev"); |
| 404 | options->push_back(tunnel_interface_); |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 405 | options->push_back("--dev-type"); |
| 406 | options->push_back("tun"); |
| 407 | options->push_back("--syslog"); |
| 408 | |
| 409 | // TODO(petkov): Enable verbosity based on shill logging options too. |
Darin Petkov | f3c71d7 | 2012-03-21 12:32:15 +0100 | [diff] [blame] | 410 | AppendValueOption(kOpenVPNVerbProperty, "--verb", options); |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 411 | |
Darin Petkov | f3c71d7 | 2012-03-21 12:32:15 +0100 | [diff] [blame] | 412 | AppendValueOption(kVPNMTUProperty, "--mtu", options); |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 413 | AppendValueOption(flimflam::kOpenVPNProtoProperty, "--proto", options); |
| 414 | AppendValueOption(flimflam::kOpenVPNPortProperty, "--port", options); |
Darin Petkov | f3c71d7 | 2012-03-21 12:32:15 +0100 | [diff] [blame] | 415 | AppendValueOption(kOpenVPNTLSAuthProperty, "--tls-auth", options); |
Darin Petkov | 1fa8194 | 2012-04-02 11:38:08 +0200 | [diff] [blame] | 416 | { |
| 417 | string contents = |
| 418 | args_.LookupString(flimflam::kOpenVPNTLSAuthContentsProperty, ""); |
| 419 | if (!contents.empty()) { |
| 420 | if (!file_util::CreateTemporaryFile(&tls_auth_file_) || |
| 421 | file_util::WriteFile( |
| 422 | tls_auth_file_, contents.data(), contents.size()) != |
| 423 | static_cast<int>(contents.size())) { |
| 424 | Error::PopulateAndLog( |
| 425 | error, Error::kInternalError, "Unable to setup tls-auth file."); |
| 426 | return; |
| 427 | } |
| 428 | options->push_back("--tls-auth"); |
| 429 | options->push_back(tls_auth_file_.value()); |
| 430 | } |
| 431 | } |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 432 | AppendValueOption( |
| 433 | flimflam::kOpenVPNTLSRemoteProperty, "--tls-remote", options); |
| 434 | AppendValueOption(flimflam::kOpenVPNCipherProperty, "--cipher", options); |
| 435 | AppendValueOption(flimflam::kOpenVPNAuthProperty, "--auth", options); |
| 436 | AppendFlag(flimflam::kOpenVPNAuthNoCacheProperty, "--auth-nocache", options); |
| 437 | AppendValueOption( |
| 438 | flimflam::kOpenVPNAuthRetryProperty, "--auth-retry", options); |
| 439 | AppendFlag(flimflam::kOpenVPNCompLZOProperty, "--comp-lzo", options); |
| 440 | AppendFlag(flimflam::kOpenVPNCompNoAdaptProperty, "--comp-noadapt", options); |
| 441 | AppendFlag( |
| 442 | flimflam::kOpenVPNPushPeerInfoProperty, "--push-peer-info", options); |
| 443 | AppendValueOption(flimflam::kOpenVPNRenegSecProperty, "--reneg-sec", options); |
| 444 | AppendValueOption(flimflam::kOpenVPNShaperProperty, "--shaper", options); |
| 445 | AppendValueOption(flimflam::kOpenVPNServerPollTimeoutProperty, |
| 446 | "--server-poll-timeout", options); |
| 447 | |
Darin Petkov | e0d5dd1 | 2012-04-04 16:10:48 +0200 | [diff] [blame] | 448 | if (!InitNSSOptions(options, error)) { |
| 449 | return; |
Darin Petkov | 3c5e4dc | 2012-04-02 14:44:27 +0200 | [diff] [blame] | 450 | } |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 451 | |
| 452 | // Client-side ping support. |
Darin Petkov | f3c71d7 | 2012-03-21 12:32:15 +0100 | [diff] [blame] | 453 | AppendValueOption(kOpenVPNPingProperty, "--ping", options); |
| 454 | AppendValueOption(kOpenVPNPingExitProperty, "--ping-exit", options); |
| 455 | AppendValueOption(kOpenVPNPingRestartProperty, "--ping-restart", options); |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 456 | |
| 457 | AppendValueOption(flimflam::kOpenVPNCaCertProperty, "--ca", options); |
Darin Petkov | f3c71d7 | 2012-03-21 12:32:15 +0100 | [diff] [blame] | 458 | AppendValueOption(kOpenVPNCertProperty, "--cert", options); |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 459 | AppendValueOption( |
| 460 | flimflam::kOpenVPNNsCertTypeProperty, "--ns-cert-type", options); |
Darin Petkov | f3c71d7 | 2012-03-21 12:32:15 +0100 | [diff] [blame] | 461 | AppendValueOption(kOpenVPNKeyProperty, "--key", options); |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 462 | |
Darin Petkov | e0d5dd1 | 2012-04-04 16:10:48 +0200 | [diff] [blame] | 463 | InitPKCS11Options(options); |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 464 | |
| 465 | // TLS suport. |
Darin Petkov | 7f06033 | 2012-03-14 11:46:47 +0100 | [diff] [blame] | 466 | string remote_cert_tls = |
| 467 | args_.LookupString(flimflam::kOpenVPNRemoteCertTLSProperty, ""); |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 468 | if (remote_cert_tls.empty()) { |
| 469 | remote_cert_tls = "server"; |
| 470 | } |
| 471 | if (remote_cert_tls != "none") { |
| 472 | options->push_back("--remote-cert-tls"); |
| 473 | options->push_back(remote_cert_tls); |
| 474 | } |
| 475 | |
| 476 | // This is an undocumented command line argument that works like a .cfg file |
| 477 | // entry. TODO(sleffler): Maybe roll this into --tls-auth? |
| 478 | AppendValueOption( |
| 479 | flimflam::kOpenVPNKeyDirectionProperty, "--key-direction", options); |
| 480 | // TODO(sleffler): Support more than one eku parameter. |
| 481 | AppendValueOption( |
| 482 | flimflam::kOpenVPNRemoteCertEKUProperty, "--remote-cert-eku", options); |
| 483 | AppendValueOption( |
| 484 | flimflam::kOpenVPNRemoteCertKUProperty, "--remote-cert-ku", options); |
| 485 | |
Darin Petkov | e0d5dd1 | 2012-04-04 16:10:48 +0200 | [diff] [blame] | 486 | if (!InitManagementChannelOptions(options, error)) { |
Darin Petkov | 4646302 | 2012-03-29 14:57:32 +0200 | [diff] [blame] | 487 | return; |
| 488 | } |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 489 | |
Darin Petkov | a9b1fed | 2012-02-29 11:49:05 +0100 | [diff] [blame] | 490 | // Setup openvpn-script options and RPC information required to send back |
| 491 | // Layer 3 configuration. |
| 492 | options->push_back("--setenv"); |
| 493 | options->push_back("CONNMAN_BUSNAME"); |
| 494 | options->push_back(rpc_task_->GetRpcConnectionIdentifier()); |
| 495 | options->push_back("--setenv"); |
| 496 | options->push_back("CONNMAN_INTERFACE"); |
| 497 | options->push_back(rpc_task_->GetRpcInterfaceIdentifier()); |
| 498 | options->push_back("--setenv"); |
| 499 | options->push_back("CONNMAN_PATH"); |
| 500 | options->push_back(rpc_task_->GetRpcIdentifier()); |
| 501 | options->push_back("--script-security"); |
| 502 | options->push_back("2"); |
| 503 | options->push_back("--up"); |
| 504 | options->push_back(kOpenVPNScript); |
| 505 | options->push_back("--up-restart"); |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 506 | |
| 507 | // Disable openvpn handling since we do route+ifconfig work. |
| 508 | options->push_back("--route-noexec"); |
| 509 | options->push_back("--ifconfig-noexec"); |
| 510 | |
| 511 | // Drop root privileges on connection and enable callback scripts to send |
| 512 | // notify messages. |
| 513 | options->push_back("--user"); |
| 514 | options->push_back("openvpn"); |
| 515 | options->push_back("--group"); |
| 516 | options->push_back("openvpn"); |
| 517 | } |
| 518 | |
Darin Petkov | e0d5dd1 | 2012-04-04 16:10:48 +0200 | [diff] [blame] | 519 | bool OpenVPNDriver::InitNSSOptions(vector<string> *options, Error *error) { |
| 520 | string ca_cert = args_.LookupString(flimflam::kOpenVPNCaCertNSSProperty, ""); |
| 521 | if (!ca_cert.empty()) { |
| 522 | if (!args_.LookupString(flimflam::kOpenVPNCaCertProperty, "").empty()) { |
| 523 | Error::PopulateAndLog(error, |
| 524 | Error::kInvalidArguments, |
| 525 | "Can't specify both CACert and CACertNSS."); |
| 526 | return false; |
| 527 | } |
| 528 | const string &vpnhost = args_.GetString(flimflam::kProviderHostProperty); |
| 529 | vector<char> id(vpnhost.begin(), vpnhost.end()); |
| 530 | FilePath certfile = nss_->GetPEMCertfile(ca_cert, id); |
| 531 | if (certfile.empty()) { |
| 532 | LOG(ERROR) << "Unable to extract certificate: " << ca_cert; |
| 533 | } else { |
| 534 | options->push_back("--ca"); |
| 535 | options->push_back(certfile.value()); |
| 536 | } |
| 537 | } |
| 538 | return true; |
| 539 | } |
| 540 | |
| 541 | void OpenVPNDriver::InitPKCS11Options(vector<string> *options) { |
| 542 | string id = args_.LookupString(flimflam::kOpenVPNClientCertIdProperty, ""); |
| 543 | if (!id.empty()) { |
| 544 | string provider = |
| 545 | args_.LookupString(flimflam::kOpenVPNProviderProperty, ""); |
| 546 | if (provider.empty()) { |
| 547 | provider = kDefaultPKCS11Provider; |
| 548 | } |
| 549 | options->push_back("--pkcs11-providers"); |
| 550 | options->push_back(provider); |
| 551 | options->push_back("--pkcs11-id"); |
| 552 | options->push_back(id); |
| 553 | } |
| 554 | } |
| 555 | |
| 556 | bool OpenVPNDriver::InitManagementChannelOptions( |
| 557 | vector<string> *options, Error *error) { |
| 558 | if (!management_server_->Start(dispatcher_, &sockets_, options)) { |
| 559 | Error::PopulateAndLog( |
| 560 | error, Error::kInternalError, "Unable to setup management channel."); |
| 561 | return false; |
| 562 | } |
| 563 | return true; |
| 564 | } |
| 565 | |
Darin Petkov | 4646302 | 2012-03-29 14:57:32 +0200 | [diff] [blame] | 566 | bool OpenVPNDriver::AppendValueOption( |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 567 | const string &property, const string &option, vector<string> *options) { |
Darin Petkov | 7f06033 | 2012-03-14 11:46:47 +0100 | [diff] [blame] | 568 | string value = args_.LookupString(property, ""); |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 569 | if (!value.empty()) { |
| 570 | options->push_back(option); |
| 571 | options->push_back(value); |
Darin Petkov | 4646302 | 2012-03-29 14:57:32 +0200 | [diff] [blame] | 572 | return true; |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 573 | } |
Darin Petkov | 4646302 | 2012-03-29 14:57:32 +0200 | [diff] [blame] | 574 | return false; |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 575 | } |
| 576 | |
Darin Petkov | 4646302 | 2012-03-29 14:57:32 +0200 | [diff] [blame] | 577 | bool OpenVPNDriver::AppendFlag( |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 578 | const string &property, const string &option, vector<string> *options) { |
| 579 | if (args_.ContainsString(property)) { |
| 580 | options->push_back(option); |
Darin Petkov | 4646302 | 2012-03-29 14:57:32 +0200 | [diff] [blame] | 581 | return true; |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 582 | } |
Darin Petkov | 4646302 | 2012-03-29 14:57:32 +0200 | [diff] [blame] | 583 | return false; |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 584 | } |
| 585 | |
Paul Stewart | ce4ec19 | 2012-03-14 12:53:46 -0700 | [diff] [blame] | 586 | bool OpenVPNDriver::PinHostRoute(const IPConfig::Properties &properties) { |
| 587 | if (properties.gateway.empty() || properties.trusted_ip.empty()) { |
| 588 | return false; |
| 589 | } |
| 590 | |
| 591 | IPAddress trusted_ip(properties.address_family); |
| 592 | if (!trusted_ip.SetAddressFromString(properties.trusted_ip)) { |
| 593 | LOG(ERROR) << "Failed to parse trusted_ip " |
| 594 | << properties.trusted_ip << "; ignored."; |
| 595 | return false; |
| 596 | } |
| 597 | |
| 598 | ServiceRefPtr default_service = manager_->GetDefaultService(); |
| 599 | if (!default_service) { |
| 600 | LOG(ERROR) << "No default service exists."; |
| 601 | return false; |
| 602 | } |
| 603 | |
| 604 | CHECK(default_service->connection()); |
| 605 | return default_service->connection()->RequestHostRoute(trusted_ip); |
| 606 | } |
| 607 | |
Darin Petkov | 6aa2187 | 2012-03-09 16:10:19 +0100 | [diff] [blame] | 608 | void OpenVPNDriver::Disconnect() { |
Darin Petkov | 271fe52 | 2012-03-27 13:47:29 +0200 | [diff] [blame] | 609 | VLOG(2) << __func__; |
Darin Petkov | 3f9131c | 2012-03-20 11:37:32 +0100 | [diff] [blame] | 610 | Cleanup(Service::kStateIdle); |
Darin Petkov | 6aa2187 | 2012-03-09 16:10:19 +0100 | [diff] [blame] | 611 | } |
| 612 | |
Darin Petkov | 271fe52 | 2012-03-27 13:47:29 +0200 | [diff] [blame] | 613 | void OpenVPNDriver::OnReconnecting() { |
| 614 | VLOG(2) << __func__; |
| 615 | if (device_) { |
| 616 | device_->OnDisconnected(); |
| 617 | } |
| 618 | if (service_) { |
| 619 | service_->SetState(Service::kStateAssociating); |
| 620 | } |
| 621 | } |
| 622 | |
Darin Petkov | f3c71d7 | 2012-03-21 12:32:15 +0100 | [diff] [blame] | 623 | bool OpenVPNDriver::Load(StoreInterface *storage, const string &storage_id) { |
Paul Stewart | ebd3856 | 2012-03-23 13:06:40 -0700 | [diff] [blame] | 624 | for (size_t i = 0; i < arraysize(kProperties); i++) { |
Darin Petkov | f3c71d7 | 2012-03-21 12:32:15 +0100 | [diff] [blame] | 625 | const string property = kProperties[i].property; |
| 626 | string value; |
| 627 | bool loaded = kProperties[i].crypted ? |
| 628 | storage->GetCryptedString(storage_id, property, &value) : |
| 629 | storage->GetString(storage_id, property, &value); |
| 630 | if (loaded) { |
| 631 | args_.SetString(property, value); |
Paul Stewart | 141983b | 2012-03-23 07:58:32 -0700 | [diff] [blame] | 632 | } else { |
| 633 | args_.RemoveString(property); |
Darin Petkov | f3c71d7 | 2012-03-21 12:32:15 +0100 | [diff] [blame] | 634 | } |
| 635 | } |
| 636 | return true; |
| 637 | } |
| 638 | |
| 639 | bool OpenVPNDriver::Save(StoreInterface *storage, const string &storage_id) { |
Paul Stewart | ebd3856 | 2012-03-23 13:06:40 -0700 | [diff] [blame] | 640 | for (size_t i = 0; i < arraysize(kProperties); i++) { |
Darin Petkov | f3c71d7 | 2012-03-21 12:32:15 +0100 | [diff] [blame] | 641 | const string property = kProperties[i].property; |
| 642 | const string value = args_.LookupString(property, ""); |
| 643 | if (value.empty()) { |
| 644 | storage->DeleteKey(storage_id, property); |
| 645 | } else if (kProperties[i].crypted) { |
| 646 | storage->SetCryptedString(storage_id, property, value); |
| 647 | } else { |
| 648 | storage->SetString(storage_id, property, value); |
| 649 | } |
| 650 | } |
| 651 | return true; |
| 652 | } |
| 653 | |
Paul Stewart | ebd3856 | 2012-03-23 13:06:40 -0700 | [diff] [blame] | 654 | void OpenVPNDriver::InitPropertyStore(PropertyStore *store) { |
| 655 | for (size_t i = 0; i < arraysize(kProperties); i++) { |
| 656 | store->RegisterDerivedString( |
| 657 | kProperties[i].property, |
| 658 | StringAccessor( |
| 659 | new CustomMappedAccessor<OpenVPNDriver, string, size_t>( |
| 660 | this, |
| 661 | &OpenVPNDriver::ClearMappedProperty, |
| 662 | &OpenVPNDriver::GetMappedProperty, |
| 663 | &OpenVPNDriver::SetMappedProperty, |
| 664 | i))); |
| 665 | } |
| 666 | |
| 667 | // TODO(pstew): Add the PassphraseRequired and PSKRequired properties. |
| 668 | // crosbug.com/27323 |
| 669 | } |
| 670 | |
| 671 | void OpenVPNDriver::ClearMappedProperty(const size_t &index, |
| 672 | Error *error) { |
| 673 | CHECK(index < arraysize(kProperties)); |
| 674 | if (args_.ContainsString(kProperties[index].property)) { |
| 675 | args_.RemoveString(kProperties[index].property); |
| 676 | } else { |
| 677 | error->Populate(Error::kNotFound, "Property is not set"); |
| 678 | } |
| 679 | } |
| 680 | |
| 681 | string OpenVPNDriver::GetMappedProperty(const size_t &index, |
| 682 | Error *error) { |
| 683 | CHECK(index < arraysize(kProperties)); |
| 684 | if (kProperties[index].crypted) { |
| 685 | error->Populate(Error::kPermissionDenied, "Property is write-only"); |
| 686 | return string(); |
| 687 | } |
| 688 | |
| 689 | if (!args_.ContainsString(kProperties[index].property)) { |
| 690 | error->Populate(Error::kNotFound, "Property is not set"); |
| 691 | return string(); |
| 692 | } |
| 693 | |
| 694 | return args_.LookupString(kProperties[index].property, ""); |
| 695 | } |
| 696 | |
| 697 | void OpenVPNDriver::SetMappedProperty(const size_t &index, |
| 698 | const string &value, |
| 699 | Error *error) { |
| 700 | CHECK(index < arraysize(kProperties)); |
| 701 | args_.SetString(kProperties[index].property, value); |
| 702 | } |
| 703 | |
| 704 | |
Darin Petkov | 33af05c | 2012-02-28 10:10:30 +0100 | [diff] [blame] | 705 | } // namespace shill |