Darin Petkov | 33af05c | 2012-02-28 10:10:30 +0100 | [diff] [blame] | 1 | // Copyright (c) 2012 The Chromium OS Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
| 5 | #include "shill/openvpn_driver.h" |
| 6 | |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 7 | #include <arpa/inet.h> |
| 8 | |
Darin Petkov | 1fa8194 | 2012-04-02 11:38:08 +0200 | [diff] [blame] | 9 | #include <base/file_util.h> |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 10 | #include <base/logging.h> |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 11 | #include <base/string_number_conversions.h> |
Darin Petkov | 78f6326 | 2012-03-26 01:30:24 +0200 | [diff] [blame] | 12 | #include <base/string_split.h> |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 13 | #include <base/string_util.h> |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 14 | #include <chromeos/dbus/service_constants.h> |
| 15 | |
Paul Stewart | ce4ec19 | 2012-03-14 12:53:46 -0700 | [diff] [blame] | 16 | #include "shill/connection.h" |
Paul Stewart | ca6abd4 | 2012-03-01 15:45:29 -0800 | [diff] [blame] | 17 | #include "shill/device_info.h" |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 18 | #include "shill/dhcp_config.h" |
Darin Petkov | 33af05c | 2012-02-28 10:10:30 +0100 | [diff] [blame] | 19 | #include "shill/error.h" |
Paul Stewart | ce4ec19 | 2012-03-14 12:53:46 -0700 | [diff] [blame] | 20 | #include "shill/manager.h" |
Darin Petkov | 3c5e4dc | 2012-04-02 14:44:27 +0200 | [diff] [blame] | 21 | #include "shill/nss.h" |
Darin Petkov | 4646302 | 2012-03-29 14:57:32 +0200 | [diff] [blame] | 22 | #include "shill/openvpn_management_server.h" |
Darin Petkov | a9b1fed | 2012-02-29 11:49:05 +0100 | [diff] [blame] | 23 | #include "shill/rpc_task.h" |
Ben Chan | fad4a0b | 2012-04-18 15:49:59 -0700 | [diff] [blame] | 24 | #include "shill/scope_logger.h" |
Darin Petkov | 4646302 | 2012-03-29 14:57:32 +0200 | [diff] [blame] | 25 | #include "shill/sockets.h" |
Darin Petkov | f20994f | 2012-03-05 16:12:19 +0100 | [diff] [blame] | 26 | #include "shill/vpn.h" |
Darin Petkov | 79d74c9 | 2012-03-07 17:20:32 +0100 | [diff] [blame] | 27 | #include "shill/vpn_service.h" |
Darin Petkov | 33af05c | 2012-02-28 10:10:30 +0100 | [diff] [blame] | 28 | |
Darin Petkov | 78f6326 | 2012-03-26 01:30:24 +0200 | [diff] [blame] | 29 | using base::SplitString; |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 30 | using std::map; |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 31 | using std::string; |
| 32 | using std::vector; |
| 33 | |
Darin Petkov | 33af05c | 2012-02-28 10:10:30 +0100 | [diff] [blame] | 34 | namespace shill { |
| 35 | |
Darin Petkov | a9b1fed | 2012-02-29 11:49:05 +0100 | [diff] [blame] | 36 | namespace { |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 37 | const char kOpenVPNForeignOptionPrefix[] = "foreign_option_"; |
| 38 | const char kOpenVPNIfconfigBroadcast[] = "ifconfig_broadcast"; |
| 39 | const char kOpenVPNIfconfigLocal[] = "ifconfig_local"; |
| 40 | const char kOpenVPNIfconfigNetmask[] = "ifconfig_netmask"; |
| 41 | const char kOpenVPNIfconfigRemote[] = "ifconfig_remote"; |
| 42 | const char kOpenVPNRouteOptionPrefix[] = "route_"; |
| 43 | const char kOpenVPNRouteVPNGateway[] = "route_vpn_gateway"; |
| 44 | const char kOpenVPNTrustedIP[] = "trusted_ip"; |
| 45 | const char kOpenVPNTunMTU[] = "tun_mtu"; |
Darin Petkov | f3c71d7 | 2012-03-21 12:32:15 +0100 | [diff] [blame] | 46 | |
Darin Petkov | e0d5dd1 | 2012-04-04 16:10:48 +0200 | [diff] [blame] | 47 | const char kDefaultPKCS11Provider[] = "libchaps.so"; |
| 48 | |
Darin Petkov | f3c71d7 | 2012-03-21 12:32:15 +0100 | [diff] [blame] | 49 | // TODO(petkov): Move to chromeos/dbus/service_constants.h. |
| 50 | const char kOpenVPNCertProperty[] = "OpenVPN.Cert"; |
| 51 | const char kOpenVPNKeyProperty[] = "OpenVPN.Key"; |
| 52 | const char kOpenVPNPingProperty[] = "OpenVPN.Ping"; |
| 53 | const char kOpenVPNPingExitProperty[] = "OpenVPN.PingExit"; |
| 54 | const char kOpenVPNPingRestartProperty[] = "OpenVPN.PingRestart"; |
| 55 | const char kOpenVPNTLSAuthProperty[] = "OpenVPN.TLSAuth"; |
| 56 | const char kOpenVPNVerbProperty[] = "OpenVPN.Verb"; |
| 57 | const char kVPNMTUProperty[] = "VPN.MTU"; |
Paul Stewart | ebd3856 | 2012-03-23 13:06:40 -0700 | [diff] [blame] | 58 | } // namespace |
| 59 | |
| 60 | // static |
| 61 | const char OpenVPNDriver::kOpenVPNPath[] = "/usr/sbin/openvpn"; |
| 62 | // static |
| 63 | const char OpenVPNDriver::kOpenVPNScript[] = SCRIPTDIR "/openvpn-script"; |
| 64 | // static |
Darin Petkov | d432539 | 2012-04-23 15:48:22 +0200 | [diff] [blame] | 65 | const VPNDriver::Property OpenVPNDriver::kProperties[] = { |
Darin Petkov | 1847d79 | 2012-04-17 11:33:06 +0200 | [diff] [blame] | 66 | { flimflam::kOpenVPNAuthNoCacheProperty, 0 }, |
| 67 | { flimflam::kOpenVPNAuthProperty, 0 }, |
| 68 | { flimflam::kOpenVPNAuthRetryProperty, 0 }, |
| 69 | { flimflam::kOpenVPNAuthUserPassProperty, 0 }, |
| 70 | { flimflam::kOpenVPNCaCertNSSProperty, 0 }, |
| 71 | { flimflam::kOpenVPNCaCertProperty, 0 }, |
| 72 | { flimflam::kOpenVPNCipherProperty, 0 }, |
Darin Petkov | cb71529 | 2012-04-25 13:04:37 +0200 | [diff] [blame] | 73 | { flimflam::kOpenVPNClientCertIdProperty, Property::kCredential }, |
Darin Petkov | 1847d79 | 2012-04-17 11:33:06 +0200 | [diff] [blame] | 74 | { flimflam::kOpenVPNCompLZOProperty, 0 }, |
| 75 | { flimflam::kOpenVPNCompNoAdaptProperty, 0 }, |
| 76 | { flimflam::kOpenVPNKeyDirectionProperty, 0 }, |
| 77 | { flimflam::kOpenVPNNsCertTypeProperty, 0 }, |
Darin Petkov | cb71529 | 2012-04-25 13:04:37 +0200 | [diff] [blame] | 78 | { flimflam::kOpenVPNOTPProperty, |
| 79 | Property::kEphemeral | Property::kCredential | Property::kWriteOnly}, |
| 80 | { flimflam::kOpenVPNPasswordProperty, Property::kCredential }, |
| 81 | { flimflam::kOpenVPNPinProperty, Property::kCredential }, |
Darin Petkov | 1847d79 | 2012-04-17 11:33:06 +0200 | [diff] [blame] | 82 | { flimflam::kOpenVPNPortProperty, 0 }, |
| 83 | { flimflam::kOpenVPNProtoProperty, 0 }, |
| 84 | { flimflam::kOpenVPNProviderProperty, 0 }, |
| 85 | { flimflam::kOpenVPNPushPeerInfoProperty, 0 }, |
| 86 | { flimflam::kOpenVPNRemoteCertEKUProperty, 0 }, |
| 87 | { flimflam::kOpenVPNRemoteCertKUProperty, 0 }, |
| 88 | { flimflam::kOpenVPNRemoteCertTLSProperty, 0 }, |
| 89 | { flimflam::kOpenVPNRenegSecProperty, 0 }, |
| 90 | { flimflam::kOpenVPNServerPollTimeoutProperty, 0 }, |
| 91 | { flimflam::kOpenVPNShaperProperty, 0 }, |
| 92 | { flimflam::kOpenVPNStaticChallengeProperty, 0 }, |
| 93 | { flimflam::kOpenVPNTLSAuthContentsProperty, 0 }, |
| 94 | { flimflam::kOpenVPNTLSRemoteProperty, 0 }, |
| 95 | { flimflam::kOpenVPNUserProperty, 0 }, |
| 96 | { flimflam::kProviderHostProperty, 0 }, |
| 97 | { flimflam::kProviderNameProperty, 0 }, |
| 98 | { flimflam::kProviderTypeProperty, 0 }, |
| 99 | { kOpenVPNCertProperty, 0 }, |
| 100 | { kOpenVPNKeyProperty, 0 }, |
| 101 | { kOpenVPNPingExitProperty, 0 }, |
| 102 | { kOpenVPNPingProperty, 0 }, |
| 103 | { kOpenVPNPingRestartProperty, 0 }, |
| 104 | { kOpenVPNTLSAuthProperty, 0 }, |
| 105 | { kOpenVPNVerbProperty, 0 }, |
| 106 | { kVPNMTUProperty, 0 }, |
Paul Stewart | 2280799 | 2012-04-11 08:48:31 -0700 | [diff] [blame] | 107 | |
| 108 | // Provided only for compatibility. crosbug.com/29286 |
Darin Petkov | 1847d79 | 2012-04-17 11:33:06 +0200 | [diff] [blame] | 109 | { flimflam::kOpenVPNMgmtEnableProperty, 0 }, |
Darin Petkov | f3c71d7 | 2012-03-21 12:32:15 +0100 | [diff] [blame] | 110 | }; |
Paul Stewart | 291a473 | 2012-03-14 19:19:02 -0700 | [diff] [blame] | 111 | |
Darin Petkov | 1a462de | 2012-05-02 11:10:48 +0200 | [diff] [blame] | 112 | // static |
| 113 | const char OpenVPNDriver::kLSBReleaseFile[] = "/etc/lsb-release"; |
| 114 | // static |
| 115 | const char OpenVPNDriver::kChromeOSReleaseName[] = "CHROMEOS_RELEASE_NAME"; |
| 116 | //static |
| 117 | const char OpenVPNDriver::kChromeOSReleaseVersion[] = |
| 118 | "CHROMEOS_RELEASE_VERSION"; |
| 119 | |
Darin Petkov | a9b1fed | 2012-02-29 11:49:05 +0100 | [diff] [blame] | 120 | OpenVPNDriver::OpenVPNDriver(ControlInterface *control, |
Darin Petkov | f20994f | 2012-03-05 16:12:19 +0100 | [diff] [blame] | 121 | EventDispatcher *dispatcher, |
| 122 | Metrics *metrics, |
| 123 | Manager *manager, |
Paul Stewart | ca6abd4 | 2012-03-01 15:45:29 -0800 | [diff] [blame] | 124 | DeviceInfo *device_info, |
Paul Stewart | 451aa7f | 2012-04-11 19:07:58 -0700 | [diff] [blame] | 125 | GLib *glib) |
Darin Petkov | 0e9735d | 2012-04-24 12:33:45 +0200 | [diff] [blame] | 126 | : VPNDriver(manager, kProperties, arraysize(kProperties)), |
Darin Petkov | b451d6e | 2012-04-23 11:56:41 +0200 | [diff] [blame] | 127 | control_(control), |
Darin Petkov | f20994f | 2012-03-05 16:12:19 +0100 | [diff] [blame] | 128 | dispatcher_(dispatcher), |
| 129 | metrics_(metrics), |
Paul Stewart | ca6abd4 | 2012-03-01 15:45:29 -0800 | [diff] [blame] | 130 | device_info_(device_info), |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 131 | glib_(glib), |
Darin Petkov | 4646302 | 2012-03-29 14:57:32 +0200 | [diff] [blame] | 132 | management_server_(new OpenVPNManagementServer(this, glib)), |
Darin Petkov | 3c5e4dc | 2012-04-02 14:44:27 +0200 | [diff] [blame] | 133 | nss_(NSS::GetInstance()), |
Darin Petkov | 1a462de | 2012-05-02 11:10:48 +0200 | [diff] [blame] | 134 | lsb_release_file_(kLSBReleaseFile), |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 135 | pid_(0), |
| 136 | child_watch_tag_(0) {} |
Darin Petkov | 33af05c | 2012-02-28 10:10:30 +0100 | [diff] [blame] | 137 | |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 138 | OpenVPNDriver::~OpenVPNDriver() { |
Darin Petkov | 3f9131c | 2012-03-20 11:37:32 +0100 | [diff] [blame] | 139 | Cleanup(Service::kStateIdle); |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 140 | } |
| 141 | |
Darin Petkov | 3f9131c | 2012-03-20 11:37:32 +0100 | [diff] [blame] | 142 | void OpenVPNDriver::Cleanup(Service::ConnectState state) { |
Ben Chan | fad4a0b | 2012-04-18 15:49:59 -0700 | [diff] [blame] | 143 | SLOG(VPN, 2) << __func__ << "(" << Service::ConnectStateToString(state) |
| 144 | << ")"; |
Darin Petkov | 4646302 | 2012-03-29 14:57:32 +0200 | [diff] [blame] | 145 | management_server_->Stop(); |
Darin Petkov | 1fa8194 | 2012-04-02 11:38:08 +0200 | [diff] [blame] | 146 | if (!tls_auth_file_.empty()) { |
| 147 | file_util::Delete(tls_auth_file_, false); |
| 148 | tls_auth_file_.clear(); |
| 149 | } |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 150 | if (child_watch_tag_) { |
| 151 | glib_->SourceRemove(child_watch_tag_); |
| 152 | child_watch_tag_ = 0; |
| 153 | CHECK(pid_); |
| 154 | kill(pid_, SIGTERM); |
| 155 | } |
| 156 | if (pid_) { |
| 157 | glib_->SpawnClosePID(pid_); |
| 158 | pid_ = 0; |
| 159 | } |
| 160 | rpc_task_.reset(); |
| 161 | if (device_) { |
| 162 | int interface_index = device_->interface_index(); |
Darin Petkov | 029d353 | 2012-04-18 14:38:04 +0200 | [diff] [blame] | 163 | device_->OnDisconnected(); |
Eric Shienbrood | 9a24553 | 2012-03-07 14:20:39 -0500 | [diff] [blame] | 164 | device_->SetEnabled(false); |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 165 | device_ = NULL; |
| 166 | device_info_->DeleteInterface(interface_index); |
| 167 | } |
| 168 | tunnel_interface_.clear(); |
Darin Petkov | 79d74c9 | 2012-03-07 17:20:32 +0100 | [diff] [blame] | 169 | if (service_) { |
Darin Petkov | 3f9131c | 2012-03-20 11:37:32 +0100 | [diff] [blame] | 170 | service_->SetState(state); |
Darin Petkov | 79d74c9 | 2012-03-07 17:20:32 +0100 | [diff] [blame] | 171 | service_ = NULL; |
| 172 | } |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 173 | } |
| 174 | |
| 175 | bool OpenVPNDriver::SpawnOpenVPN() { |
Ben Chan | fad4a0b | 2012-04-18 15:49:59 -0700 | [diff] [blame] | 176 | SLOG(VPN, 2) << __func__ << "(" << tunnel_interface_ << ")"; |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 177 | |
| 178 | vector<string> options; |
| 179 | Error error; |
| 180 | InitOptions(&options, &error); |
| 181 | if (error.IsFailure()) { |
| 182 | return false; |
| 183 | } |
Ben Chan | fad4a0b | 2012-04-18 15:49:59 -0700 | [diff] [blame] | 184 | SLOG(VPN, 2) << "OpenVPN process options: " << JoinString(options, ' '); |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 185 | |
| 186 | // TODO(petkov): This code needs to be abstracted away in a separate external |
| 187 | // process module (crosbug.com/27131). |
| 188 | vector<char *> process_args; |
| 189 | process_args.push_back(const_cast<char *>(kOpenVPNPath)); |
| 190 | for (vector<string>::const_iterator it = options.begin(); |
| 191 | it != options.end(); ++it) { |
| 192 | process_args.push_back(const_cast<char *>(it->c_str())); |
| 193 | } |
| 194 | process_args.push_back(NULL); |
Darin Petkov | 1a462de | 2012-05-02 11:10:48 +0200 | [diff] [blame] | 195 | |
| 196 | vector<string> environment; |
| 197 | InitEnvironment(&environment); |
| 198 | |
| 199 | vector<char *> process_env; |
| 200 | for (vector<string>::const_iterator it = environment.begin(); |
| 201 | it != environment.end(); ++it) { |
| 202 | process_env.push_back(const_cast<char *>(it->c_str())); |
| 203 | } |
| 204 | process_env.push_back(NULL); |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 205 | |
| 206 | CHECK(!pid_); |
| 207 | // Redirect all openvpn output to stderr. |
| 208 | int stderr_fd = fileno(stderr); |
| 209 | if (!glib_->SpawnAsyncWithPipesCWD(process_args.data(), |
Darin Petkov | 1a462de | 2012-05-02 11:10:48 +0200 | [diff] [blame] | 210 | process_env.data(), |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 211 | G_SPAWN_DO_NOT_REAP_CHILD, |
| 212 | NULL, |
| 213 | NULL, |
| 214 | &pid_, |
| 215 | NULL, |
| 216 | &stderr_fd, |
| 217 | &stderr_fd, |
| 218 | NULL)) { |
| 219 | LOG(ERROR) << "Unable to spawn: " << kOpenVPNPath; |
| 220 | return false; |
| 221 | } |
| 222 | CHECK(!child_watch_tag_); |
| 223 | child_watch_tag_ = glib_->ChildWatchAdd(pid_, OnOpenVPNDied, this); |
| 224 | return true; |
| 225 | } |
| 226 | |
| 227 | // static |
| 228 | void OpenVPNDriver::OnOpenVPNDied(GPid pid, gint status, gpointer data) { |
Ben Chan | fad4a0b | 2012-04-18 15:49:59 -0700 | [diff] [blame] | 229 | SLOG(VPN, 2) << __func__ << "(" << pid << ", " << status << ")"; |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 230 | OpenVPNDriver *me = reinterpret_cast<OpenVPNDriver *>(data); |
| 231 | me->child_watch_tag_ = 0; |
| 232 | CHECK_EQ(pid, me->pid_); |
Darin Petkov | 3f9131c | 2012-03-20 11:37:32 +0100 | [diff] [blame] | 233 | me->Cleanup(Service::kStateFailure); |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 234 | // TODO(petkov): Figure if we need to restart the connection. |
| 235 | } |
Darin Petkov | 33af05c | 2012-02-28 10:10:30 +0100 | [diff] [blame] | 236 | |
Paul Stewart | ca6abd4 | 2012-03-01 15:45:29 -0800 | [diff] [blame] | 237 | bool OpenVPNDriver::ClaimInterface(const string &link_name, |
| 238 | int interface_index) { |
| 239 | if (link_name != tunnel_interface_) { |
| 240 | return false; |
| 241 | } |
| 242 | |
Ben Chan | fad4a0b | 2012-04-18 15:49:59 -0700 | [diff] [blame] | 243 | SLOG(VPN, 2) << "Claiming " << link_name << " for OpenVPN tunnel"; |
Paul Stewart | ca6abd4 | 2012-03-01 15:45:29 -0800 | [diff] [blame] | 244 | |
Darin Petkov | f20994f | 2012-03-05 16:12:19 +0100 | [diff] [blame] | 245 | CHECK(!device_); |
Darin Petkov | 0e9735d | 2012-04-24 12:33:45 +0200 | [diff] [blame] | 246 | device_ = new VPN(control_, dispatcher_, metrics_, manager(), |
Darin Petkov | f20994f | 2012-03-05 16:12:19 +0100 | [diff] [blame] | 247 | link_name, interface_index); |
Eric Shienbrood | 9a24553 | 2012-03-07 14:20:39 -0500 | [diff] [blame] | 248 | |
| 249 | device_->SetEnabled(true); |
Darin Petkov | 79d74c9 | 2012-03-07 17:20:32 +0100 | [diff] [blame] | 250 | device_->SelectService(service_); |
Eric Shienbrood | 9a24553 | 2012-03-07 14:20:39 -0500 | [diff] [blame] | 251 | |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 252 | rpc_task_.reset(new RPCTask(control_, this)); |
| 253 | if (!SpawnOpenVPN()) { |
Darin Petkov | 3f9131c | 2012-03-20 11:37:32 +0100 | [diff] [blame] | 254 | Cleanup(Service::kStateFailure); |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 255 | } |
Paul Stewart | ca6abd4 | 2012-03-01 15:45:29 -0800 | [diff] [blame] | 256 | return true; |
| 257 | } |
| 258 | |
Darin Petkov | 209e629 | 2012-04-20 11:33:32 +0200 | [diff] [blame] | 259 | void OpenVPNDriver::GetLogin(string */*user*/, string */*password*/) { |
| 260 | NOTREACHED(); |
| 261 | } |
| 262 | |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 263 | void OpenVPNDriver::Notify(const string &reason, |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 264 | const map<string, string> &dict) { |
Ben Chan | fad4a0b | 2012-04-18 15:49:59 -0700 | [diff] [blame] | 265 | SLOG(VPN, 2) << __func__ << "(" << reason << ")"; |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 266 | if (reason != "up") { |
Darin Petkov | 79d74c9 | 2012-03-07 17:20:32 +0100 | [diff] [blame] | 267 | device_->OnDisconnected(); |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 268 | return; |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 269 | } |
| 270 | IPConfig::Properties properties; |
| 271 | ParseIPConfiguration(dict, &properties); |
Darin Petkov | 79d74c9 | 2012-03-07 17:20:32 +0100 | [diff] [blame] | 272 | device_->UpdateIPConfig(properties); |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 273 | } |
| 274 | |
| 275 | // static |
| 276 | void OpenVPNDriver::ParseIPConfiguration( |
| 277 | const map<string, string> &configuration, |
| 278 | IPConfig::Properties *properties) { |
| 279 | ForeignOptions foreign_options; |
Darin Petkov | 6059674 | 2012-03-05 12:17:17 +0100 | [diff] [blame] | 280 | RouteOptions routes; |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 281 | properties->address_family = IPAddress::kFamilyIPv4; |
Paul Stewart | 48100b0 | 2012-03-19 07:53:52 -0700 | [diff] [blame] | 282 | properties->subnet_prefix = IPAddress::GetMaxPrefixLength( |
| 283 | properties->address_family); |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 284 | for (map<string, string>::const_iterator it = configuration.begin(); |
| 285 | it != configuration.end(); ++it) { |
| 286 | const string &key = it->first; |
| 287 | const string &value = it->second; |
Ben Chan | fad4a0b | 2012-04-18 15:49:59 -0700 | [diff] [blame] | 288 | SLOG(VPN, 2) << "Processing: " << key << " -> " << value; |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 289 | if (LowerCaseEqualsASCII(key, kOpenVPNIfconfigLocal)) { |
| 290 | properties->address = value; |
| 291 | } else if (LowerCaseEqualsASCII(key, kOpenVPNIfconfigBroadcast)) { |
| 292 | properties->broadcast_address = value; |
| 293 | } else if (LowerCaseEqualsASCII(key, kOpenVPNIfconfigNetmask)) { |
Paul Stewart | 48100b0 | 2012-03-19 07:53:52 -0700 | [diff] [blame] | 294 | properties->subnet_prefix = |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 295 | IPAddress::GetPrefixLengthFromMask(properties->address_family, value); |
| 296 | } else if (LowerCaseEqualsASCII(key, kOpenVPNIfconfigRemote)) { |
| 297 | properties->peer_address = value; |
| 298 | } else if (LowerCaseEqualsASCII(key, kOpenVPNRouteVPNGateway)) { |
| 299 | properties->gateway = value; |
| 300 | } else if (LowerCaseEqualsASCII(key, kOpenVPNTrustedIP)) { |
Paul Stewart | ce4ec19 | 2012-03-14 12:53:46 -0700 | [diff] [blame] | 301 | properties->trusted_ip = value; |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 302 | } else if (LowerCaseEqualsASCII(key, kOpenVPNTunMTU)) { |
| 303 | int mtu = 0; |
| 304 | if (base::StringToInt(value, &mtu) && mtu >= DHCPConfig::kMinMTU) { |
| 305 | properties->mtu = mtu; |
| 306 | } else { |
| 307 | LOG(ERROR) << "MTU " << value << " ignored."; |
| 308 | } |
| 309 | } else if (StartsWithASCII(key, kOpenVPNForeignOptionPrefix, false)) { |
| 310 | const string suffix = key.substr(strlen(kOpenVPNForeignOptionPrefix)); |
| 311 | int order = 0; |
| 312 | if (base::StringToInt(suffix, &order)) { |
| 313 | foreign_options[order] = value; |
| 314 | } else { |
| 315 | LOG(ERROR) << "Ignored unexpected foreign option suffix: " << suffix; |
| 316 | } |
| 317 | } else if (StartsWithASCII(key, kOpenVPNRouteOptionPrefix, false)) { |
Darin Petkov | 6059674 | 2012-03-05 12:17:17 +0100 | [diff] [blame] | 318 | ParseRouteOption(key.substr(strlen(kOpenVPNRouteOptionPrefix)), |
| 319 | value, &routes); |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 320 | } else { |
Ben Chan | fad4a0b | 2012-04-18 15:49:59 -0700 | [diff] [blame] | 321 | SLOG(VPN, 2) << "Key ignored."; |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 322 | } |
| 323 | } |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 324 | ParseForeignOptions(foreign_options, properties); |
Darin Petkov | 6059674 | 2012-03-05 12:17:17 +0100 | [diff] [blame] | 325 | SetRoutes(routes, properties); |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 326 | } |
| 327 | |
| 328 | // static |
| 329 | void OpenVPNDriver::ParseForeignOptions(const ForeignOptions &options, |
| 330 | IPConfig::Properties *properties) { |
| 331 | for (ForeignOptions::const_iterator it = options.begin(); |
| 332 | it != options.end(); ++it) { |
| 333 | ParseForeignOption(it->second, properties); |
| 334 | } |
| 335 | } |
| 336 | |
| 337 | // static |
| 338 | void OpenVPNDriver::ParseForeignOption(const string &option, |
| 339 | IPConfig::Properties *properties) { |
Ben Chan | fad4a0b | 2012-04-18 15:49:59 -0700 | [diff] [blame] | 340 | SLOG(VPN, 2) << __func__ << "(" << option << ")"; |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 341 | vector<string> tokens; |
Darin Petkov | 78f6326 | 2012-03-26 01:30:24 +0200 | [diff] [blame] | 342 | SplitString(option, ' ', &tokens); |
| 343 | if (tokens.size() != 3 || !LowerCaseEqualsASCII(tokens[0], "dhcp-option")) { |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 344 | return; |
| 345 | } |
| 346 | if (LowerCaseEqualsASCII(tokens[1], "domain")) { |
| 347 | properties->domain_search.push_back(tokens[2]); |
| 348 | } else if (LowerCaseEqualsASCII(tokens[1], "dns")) { |
| 349 | properties->dns_servers.push_back(tokens[2]); |
| 350 | } |
| 351 | } |
| 352 | |
Darin Petkov | 6059674 | 2012-03-05 12:17:17 +0100 | [diff] [blame] | 353 | // static |
| 354 | IPConfig::Route *OpenVPNDriver::GetRouteOptionEntry( |
| 355 | const string &prefix, const string &key, RouteOptions *routes) { |
| 356 | int order = 0; |
| 357 | if (!StartsWithASCII(key, prefix, false) || |
| 358 | !base::StringToInt(key.substr(prefix.size()), &order)) { |
| 359 | return NULL; |
| 360 | } |
| 361 | return &(*routes)[order]; |
| 362 | } |
| 363 | |
| 364 | // static |
| 365 | void OpenVPNDriver::ParseRouteOption( |
| 366 | const string &key, const string &value, RouteOptions *routes) { |
| 367 | IPConfig::Route *route = GetRouteOptionEntry("network_", key, routes); |
| 368 | if (route) { |
| 369 | route->host = value; |
| 370 | return; |
| 371 | } |
| 372 | route = GetRouteOptionEntry("netmask_", key, routes); |
| 373 | if (route) { |
| 374 | route->netmask = value; |
| 375 | return; |
| 376 | } |
| 377 | route = GetRouteOptionEntry("gateway_", key, routes); |
| 378 | if (route) { |
| 379 | route->gateway = value; |
| 380 | return; |
| 381 | } |
| 382 | LOG(WARNING) << "Unknown route option ignored: " << key; |
| 383 | } |
| 384 | |
| 385 | // static |
| 386 | void OpenVPNDriver::SetRoutes(const RouteOptions &routes, |
| 387 | IPConfig::Properties *properties) { |
| 388 | for (RouteOptions::const_iterator it = routes.begin(); |
| 389 | it != routes.end(); ++it) { |
| 390 | const IPConfig::Route &route = it->second; |
| 391 | if (route.host.empty() || route.netmask.empty() || route.gateway.empty()) { |
| 392 | LOG(WARNING) << "Ignoring incomplete route: " << it->first; |
| 393 | continue; |
| 394 | } |
| 395 | properties->routes.push_back(route); |
| 396 | } |
| 397 | } |
| 398 | |
Darin Petkov | 79d74c9 | 2012-03-07 17:20:32 +0100 | [diff] [blame] | 399 | void OpenVPNDriver::Connect(const VPNServiceRefPtr &service, |
| 400 | Error *error) { |
| 401 | service_ = service; |
| 402 | service_->SetState(Service::kStateConfiguring); |
Darin Petkov | f20994f | 2012-03-05 16:12:19 +0100 | [diff] [blame] | 403 | if (!device_info_->CreateTunnelInterface(&tunnel_interface_)) { |
| 404 | Error::PopulateAndLog( |
| 405 | error, Error::kInternalError, "Could not create tunnel interface."); |
Darin Petkov | 3f9131c | 2012-03-20 11:37:32 +0100 | [diff] [blame] | 406 | Cleanup(Service::kStateFailure); |
Darin Petkov | f20994f | 2012-03-05 16:12:19 +0100 | [diff] [blame] | 407 | } |
| 408 | // Wait for the ClaimInterface callback to continue the connection process. |
Darin Petkov | 33af05c | 2012-02-28 10:10:30 +0100 | [diff] [blame] | 409 | } |
| 410 | |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 411 | void OpenVPNDriver::InitOptions(vector<string> *options, Error *error) { |
Darin Petkov | b451d6e | 2012-04-23 11:56:41 +0200 | [diff] [blame] | 412 | string vpnhost = args()->LookupString(flimflam::kProviderHostProperty, ""); |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 413 | if (vpnhost.empty()) { |
| 414 | Error::PopulateAndLog( |
| 415 | error, Error::kInvalidArguments, "VPN host not specified."); |
| 416 | return; |
| 417 | } |
| 418 | options->push_back("--client"); |
| 419 | options->push_back("--tls-client"); |
| 420 | options->push_back("--remote"); |
| 421 | options->push_back(vpnhost); |
| 422 | options->push_back("--nobind"); |
| 423 | options->push_back("--persist-key"); |
| 424 | options->push_back("--persist-tun"); |
| 425 | |
Darin Petkov | f20994f | 2012-03-05 16:12:19 +0100 | [diff] [blame] | 426 | CHECK(!tunnel_interface_.empty()); |
Paul Stewart | ca6abd4 | 2012-03-01 15:45:29 -0800 | [diff] [blame] | 427 | options->push_back("--dev"); |
| 428 | options->push_back(tunnel_interface_); |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 429 | options->push_back("--dev-type"); |
| 430 | options->push_back("tun"); |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 431 | |
Darin Petkov | 55771b7 | 2012-04-25 09:25:19 +0200 | [diff] [blame] | 432 | InitLoggingOptions(options); |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 433 | |
Darin Petkov | f3c71d7 | 2012-03-21 12:32:15 +0100 | [diff] [blame] | 434 | AppendValueOption(kVPNMTUProperty, "--mtu", options); |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 435 | AppendValueOption(flimflam::kOpenVPNProtoProperty, "--proto", options); |
| 436 | AppendValueOption(flimflam::kOpenVPNPortProperty, "--port", options); |
Darin Petkov | f3c71d7 | 2012-03-21 12:32:15 +0100 | [diff] [blame] | 437 | AppendValueOption(kOpenVPNTLSAuthProperty, "--tls-auth", options); |
Darin Petkov | 1fa8194 | 2012-04-02 11:38:08 +0200 | [diff] [blame] | 438 | { |
| 439 | string contents = |
Darin Petkov | b451d6e | 2012-04-23 11:56:41 +0200 | [diff] [blame] | 440 | args()->LookupString(flimflam::kOpenVPNTLSAuthContentsProperty, ""); |
Darin Petkov | 1fa8194 | 2012-04-02 11:38:08 +0200 | [diff] [blame] | 441 | if (!contents.empty()) { |
| 442 | if (!file_util::CreateTemporaryFile(&tls_auth_file_) || |
| 443 | file_util::WriteFile( |
| 444 | tls_auth_file_, contents.data(), contents.size()) != |
| 445 | static_cast<int>(contents.size())) { |
| 446 | Error::PopulateAndLog( |
| 447 | error, Error::kInternalError, "Unable to setup tls-auth file."); |
| 448 | return; |
| 449 | } |
| 450 | options->push_back("--tls-auth"); |
| 451 | options->push_back(tls_auth_file_.value()); |
| 452 | } |
| 453 | } |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 454 | AppendValueOption( |
| 455 | flimflam::kOpenVPNTLSRemoteProperty, "--tls-remote", options); |
| 456 | AppendValueOption(flimflam::kOpenVPNCipherProperty, "--cipher", options); |
| 457 | AppendValueOption(flimflam::kOpenVPNAuthProperty, "--auth", options); |
| 458 | AppendFlag(flimflam::kOpenVPNAuthNoCacheProperty, "--auth-nocache", options); |
| 459 | AppendValueOption( |
| 460 | flimflam::kOpenVPNAuthRetryProperty, "--auth-retry", options); |
| 461 | AppendFlag(flimflam::kOpenVPNCompLZOProperty, "--comp-lzo", options); |
| 462 | AppendFlag(flimflam::kOpenVPNCompNoAdaptProperty, "--comp-noadapt", options); |
| 463 | AppendFlag( |
| 464 | flimflam::kOpenVPNPushPeerInfoProperty, "--push-peer-info", options); |
| 465 | AppendValueOption(flimflam::kOpenVPNRenegSecProperty, "--reneg-sec", options); |
| 466 | AppendValueOption(flimflam::kOpenVPNShaperProperty, "--shaper", options); |
| 467 | AppendValueOption(flimflam::kOpenVPNServerPollTimeoutProperty, |
| 468 | "--server-poll-timeout", options); |
| 469 | |
Darin Petkov | e0d5dd1 | 2012-04-04 16:10:48 +0200 | [diff] [blame] | 470 | if (!InitNSSOptions(options, error)) { |
| 471 | return; |
Darin Petkov | 3c5e4dc | 2012-04-02 14:44:27 +0200 | [diff] [blame] | 472 | } |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 473 | |
| 474 | // Client-side ping support. |
Darin Petkov | f3c71d7 | 2012-03-21 12:32:15 +0100 | [diff] [blame] | 475 | AppendValueOption(kOpenVPNPingProperty, "--ping", options); |
| 476 | AppendValueOption(kOpenVPNPingExitProperty, "--ping-exit", options); |
| 477 | AppendValueOption(kOpenVPNPingRestartProperty, "--ping-restart", options); |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 478 | |
| 479 | AppendValueOption(flimflam::kOpenVPNCaCertProperty, "--ca", options); |
Darin Petkov | f3c71d7 | 2012-03-21 12:32:15 +0100 | [diff] [blame] | 480 | AppendValueOption(kOpenVPNCertProperty, "--cert", options); |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 481 | AppendValueOption( |
| 482 | flimflam::kOpenVPNNsCertTypeProperty, "--ns-cert-type", options); |
Darin Petkov | f3c71d7 | 2012-03-21 12:32:15 +0100 | [diff] [blame] | 483 | AppendValueOption(kOpenVPNKeyProperty, "--key", options); |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 484 | |
Darin Petkov | e0d5dd1 | 2012-04-04 16:10:48 +0200 | [diff] [blame] | 485 | InitPKCS11Options(options); |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 486 | |
| 487 | // TLS suport. |
Darin Petkov | 7f06033 | 2012-03-14 11:46:47 +0100 | [diff] [blame] | 488 | string remote_cert_tls = |
Darin Petkov | b451d6e | 2012-04-23 11:56:41 +0200 | [diff] [blame] | 489 | args()->LookupString(flimflam::kOpenVPNRemoteCertTLSProperty, ""); |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 490 | if (remote_cert_tls.empty()) { |
| 491 | remote_cert_tls = "server"; |
| 492 | } |
| 493 | if (remote_cert_tls != "none") { |
| 494 | options->push_back("--remote-cert-tls"); |
| 495 | options->push_back(remote_cert_tls); |
| 496 | } |
| 497 | |
| 498 | // This is an undocumented command line argument that works like a .cfg file |
| 499 | // entry. TODO(sleffler): Maybe roll this into --tls-auth? |
| 500 | AppendValueOption( |
| 501 | flimflam::kOpenVPNKeyDirectionProperty, "--key-direction", options); |
| 502 | // TODO(sleffler): Support more than one eku parameter. |
| 503 | AppendValueOption( |
| 504 | flimflam::kOpenVPNRemoteCertEKUProperty, "--remote-cert-eku", options); |
| 505 | AppendValueOption( |
| 506 | flimflam::kOpenVPNRemoteCertKUProperty, "--remote-cert-ku", options); |
| 507 | |
Darin Petkov | e0d5dd1 | 2012-04-04 16:10:48 +0200 | [diff] [blame] | 508 | if (!InitManagementChannelOptions(options, error)) { |
Darin Petkov | 4646302 | 2012-03-29 14:57:32 +0200 | [diff] [blame] | 509 | return; |
| 510 | } |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 511 | |
Darin Petkov | a9b1fed | 2012-02-29 11:49:05 +0100 | [diff] [blame] | 512 | // Setup openvpn-script options and RPC information required to send back |
| 513 | // Layer 3 configuration. |
| 514 | options->push_back("--setenv"); |
| 515 | options->push_back("CONNMAN_BUSNAME"); |
| 516 | options->push_back(rpc_task_->GetRpcConnectionIdentifier()); |
| 517 | options->push_back("--setenv"); |
| 518 | options->push_back("CONNMAN_INTERFACE"); |
| 519 | options->push_back(rpc_task_->GetRpcInterfaceIdentifier()); |
| 520 | options->push_back("--setenv"); |
| 521 | options->push_back("CONNMAN_PATH"); |
| 522 | options->push_back(rpc_task_->GetRpcIdentifier()); |
| 523 | options->push_back("--script-security"); |
| 524 | options->push_back("2"); |
| 525 | options->push_back("--up"); |
| 526 | options->push_back(kOpenVPNScript); |
| 527 | options->push_back("--up-restart"); |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 528 | |
| 529 | // Disable openvpn handling since we do route+ifconfig work. |
| 530 | options->push_back("--route-noexec"); |
| 531 | options->push_back("--ifconfig-noexec"); |
| 532 | |
| 533 | // Drop root privileges on connection and enable callback scripts to send |
| 534 | // notify messages. |
| 535 | options->push_back("--user"); |
| 536 | options->push_back("openvpn"); |
| 537 | options->push_back("--group"); |
| 538 | options->push_back("openvpn"); |
| 539 | } |
| 540 | |
Darin Petkov | e0d5dd1 | 2012-04-04 16:10:48 +0200 | [diff] [blame] | 541 | bool OpenVPNDriver::InitNSSOptions(vector<string> *options, Error *error) { |
Darin Petkov | b451d6e | 2012-04-23 11:56:41 +0200 | [diff] [blame] | 542 | string ca_cert = |
| 543 | args()->LookupString(flimflam::kOpenVPNCaCertNSSProperty, ""); |
Darin Petkov | e0d5dd1 | 2012-04-04 16:10:48 +0200 | [diff] [blame] | 544 | if (!ca_cert.empty()) { |
Darin Petkov | b451d6e | 2012-04-23 11:56:41 +0200 | [diff] [blame] | 545 | if (!args()->LookupString(flimflam::kOpenVPNCaCertProperty, "").empty()) { |
Darin Petkov | e0d5dd1 | 2012-04-04 16:10:48 +0200 | [diff] [blame] | 546 | Error::PopulateAndLog(error, |
| 547 | Error::kInvalidArguments, |
| 548 | "Can't specify both CACert and CACertNSS."); |
| 549 | return false; |
| 550 | } |
Darin Petkov | b451d6e | 2012-04-23 11:56:41 +0200 | [diff] [blame] | 551 | const string &vpnhost = args()->GetString(flimflam::kProviderHostProperty); |
Darin Petkov | e0d5dd1 | 2012-04-04 16:10:48 +0200 | [diff] [blame] | 552 | vector<char> id(vpnhost.begin(), vpnhost.end()); |
| 553 | FilePath certfile = nss_->GetPEMCertfile(ca_cert, id); |
| 554 | if (certfile.empty()) { |
| 555 | LOG(ERROR) << "Unable to extract certificate: " << ca_cert; |
| 556 | } else { |
| 557 | options->push_back("--ca"); |
| 558 | options->push_back(certfile.value()); |
| 559 | } |
| 560 | } |
| 561 | return true; |
| 562 | } |
| 563 | |
| 564 | void OpenVPNDriver::InitPKCS11Options(vector<string> *options) { |
Darin Petkov | b451d6e | 2012-04-23 11:56:41 +0200 | [diff] [blame] | 565 | string id = args()->LookupString(flimflam::kOpenVPNClientCertIdProperty, ""); |
Darin Petkov | e0d5dd1 | 2012-04-04 16:10:48 +0200 | [diff] [blame] | 566 | if (!id.empty()) { |
| 567 | string provider = |
Darin Petkov | b451d6e | 2012-04-23 11:56:41 +0200 | [diff] [blame] | 568 | args()->LookupString(flimflam::kOpenVPNProviderProperty, ""); |
Darin Petkov | e0d5dd1 | 2012-04-04 16:10:48 +0200 | [diff] [blame] | 569 | if (provider.empty()) { |
| 570 | provider = kDefaultPKCS11Provider; |
| 571 | } |
| 572 | options->push_back("--pkcs11-providers"); |
| 573 | options->push_back(provider); |
| 574 | options->push_back("--pkcs11-id"); |
| 575 | options->push_back(id); |
| 576 | } |
| 577 | } |
| 578 | |
| 579 | bool OpenVPNDriver::InitManagementChannelOptions( |
| 580 | vector<string> *options, Error *error) { |
| 581 | if (!management_server_->Start(dispatcher_, &sockets_, options)) { |
| 582 | Error::PopulateAndLog( |
| 583 | error, Error::kInternalError, "Unable to setup management channel."); |
| 584 | return false; |
| 585 | } |
| 586 | return true; |
| 587 | } |
| 588 | |
Darin Petkov | 55771b7 | 2012-04-25 09:25:19 +0200 | [diff] [blame] | 589 | void OpenVPNDriver::InitLoggingOptions(vector<string> *options) { |
| 590 | options->push_back("--syslog"); |
| 591 | |
| 592 | string verb = args()->LookupString(kOpenVPNVerbProperty, ""); |
| 593 | if (verb.empty() && SLOG_IS_ON(VPN, 0)) { |
| 594 | verb = "3"; |
| 595 | } |
| 596 | if (!verb.empty()) { |
| 597 | options->push_back("--verb"); |
| 598 | options->push_back(verb); |
| 599 | } |
| 600 | } |
| 601 | |
Darin Petkov | 4646302 | 2012-03-29 14:57:32 +0200 | [diff] [blame] | 602 | bool OpenVPNDriver::AppendValueOption( |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 603 | const string &property, const string &option, vector<string> *options) { |
Darin Petkov | b451d6e | 2012-04-23 11:56:41 +0200 | [diff] [blame] | 604 | string value = args()->LookupString(property, ""); |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 605 | if (!value.empty()) { |
| 606 | options->push_back(option); |
| 607 | options->push_back(value); |
Darin Petkov | 4646302 | 2012-03-29 14:57:32 +0200 | [diff] [blame] | 608 | return true; |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 609 | } |
Darin Petkov | 4646302 | 2012-03-29 14:57:32 +0200 | [diff] [blame] | 610 | return false; |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 611 | } |
| 612 | |
Darin Petkov | 4646302 | 2012-03-29 14:57:32 +0200 | [diff] [blame] | 613 | bool OpenVPNDriver::AppendFlag( |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 614 | const string &property, const string &option, vector<string> *options) { |
Darin Petkov | b451d6e | 2012-04-23 11:56:41 +0200 | [diff] [blame] | 615 | if (args()->ContainsString(property)) { |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 616 | options->push_back(option); |
Darin Petkov | 4646302 | 2012-03-29 14:57:32 +0200 | [diff] [blame] | 617 | return true; |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 618 | } |
Darin Petkov | 4646302 | 2012-03-29 14:57:32 +0200 | [diff] [blame] | 619 | return false; |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 620 | } |
| 621 | |
Darin Petkov | 6aa2187 | 2012-03-09 16:10:19 +0100 | [diff] [blame] | 622 | void OpenVPNDriver::Disconnect() { |
Ben Chan | fad4a0b | 2012-04-18 15:49:59 -0700 | [diff] [blame] | 623 | SLOG(VPN, 2) << __func__; |
Darin Petkov | 3f9131c | 2012-03-20 11:37:32 +0100 | [diff] [blame] | 624 | Cleanup(Service::kStateIdle); |
Darin Petkov | 6aa2187 | 2012-03-09 16:10:19 +0100 | [diff] [blame] | 625 | } |
| 626 | |
Darin Petkov | 5eb0542 | 2012-05-11 15:45:25 +0200 | [diff] [blame] | 627 | void OpenVPNDriver::OnConnectionDisconnected() { |
| 628 | SLOG(VPN, 2) << __func__; |
| 629 | Cleanup(Service::kStateFailure); |
| 630 | } |
| 631 | |
Darin Petkov | 271fe52 | 2012-03-27 13:47:29 +0200 | [diff] [blame] | 632 | void OpenVPNDriver::OnReconnecting() { |
Ben Chan | fad4a0b | 2012-04-18 15:49:59 -0700 | [diff] [blame] | 633 | SLOG(VPN, 2) << __func__; |
Darin Petkov | 271fe52 | 2012-03-27 13:47:29 +0200 | [diff] [blame] | 634 | if (device_) { |
| 635 | device_->OnDisconnected(); |
| 636 | } |
| 637 | if (service_) { |
| 638 | service_->SetState(Service::kStateAssociating); |
| 639 | } |
| 640 | } |
| 641 | |
Paul Stewart | 39964fa | 2012-04-04 09:50:25 -0700 | [diff] [blame] | 642 | string OpenVPNDriver::GetProviderType() const { |
| 643 | return flimflam::kProviderOpenVpn; |
| 644 | } |
| 645 | |
Darin Petkov | b536a74 | 2012-04-26 11:31:28 +0200 | [diff] [blame] | 646 | KeyValueStore OpenVPNDriver::GetProvider(Error *error) { |
| 647 | SLOG(VPN, 2) << __func__; |
| 648 | KeyValueStore props = VPNDriver::GetProvider(error); |
| 649 | props.SetBool(flimflam::kPassphraseRequiredProperty, |
| 650 | args()->LookupString( |
| 651 | flimflam::kOpenVPNPasswordProperty, "").empty()); |
| 652 | return props; |
| 653 | } |
| 654 | |
Darin Petkov | 1a462de | 2012-05-02 11:10:48 +0200 | [diff] [blame] | 655 | // TODO(petkov): Consider refactoring lsb-release parsing out into a shared |
| 656 | // singleton if it's used outside OpenVPN. |
| 657 | bool OpenVPNDriver::ParseLSBRelease(map<string, string> *lsb_release) { |
| 658 | SLOG(VPN, 2) << __func__ << "(" << lsb_release_file_.value() << ")"; |
| 659 | string contents; |
| 660 | if (!file_util::ReadFileToString(lsb_release_file_, &contents)) { |
| 661 | LOG(ERROR) << "Unable to read the lsb-release file: " |
| 662 | << lsb_release_file_.value(); |
| 663 | return false; |
| 664 | } |
| 665 | vector<string> lines; |
| 666 | SplitString(contents, '\n', &lines); |
| 667 | for (vector<string>::const_iterator it = lines.begin(); |
| 668 | it != lines.end(); ++it) { |
| 669 | size_t assign = it->find('='); |
| 670 | if (assign == string::npos) { |
| 671 | continue; |
| 672 | } |
| 673 | (*lsb_release)[it->substr(0, assign)] = it->substr(assign + 1); |
| 674 | } |
| 675 | return true; |
| 676 | } |
| 677 | |
| 678 | void OpenVPNDriver::InitEnvironment(vector<string> *environment) { |
| 679 | // Adds the platform name and version to the environment so that openvpn can |
| 680 | // send them to the server when OpenVPN.PushPeerInfo is set. |
| 681 | map<string, string> lsb_release; |
| 682 | ParseLSBRelease(&lsb_release); |
| 683 | string platform_name = lsb_release[kChromeOSReleaseName]; |
| 684 | if (!platform_name.empty()) { |
| 685 | environment->push_back("IV_PLAT=" + platform_name); |
| 686 | } |
| 687 | string platform_version = lsb_release[kChromeOSReleaseVersion]; |
| 688 | if (!platform_version.empty()) { |
| 689 | environment->push_back("IV_PLAT_REL=" + platform_version); |
| 690 | } |
| 691 | } |
| 692 | |
Darin Petkov | 33af05c | 2012-02-28 10:10:30 +0100 | [diff] [blame] | 693 | } // namespace shill |