Darin Petkov | 33af05c | 2012-02-28 10:10:30 +0100 | [diff] [blame] | 1 | // Copyright (c) 2012 The Chromium OS Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
| 5 | #include "shill/openvpn_driver.h" |
| 6 | |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 7 | #include <arpa/inet.h> |
| 8 | |
Darin Petkov | 1fa8194 | 2012-04-02 11:38:08 +0200 | [diff] [blame] | 9 | #include <base/file_util.h> |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 10 | #include <base/logging.h> |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 11 | #include <base/string_number_conversions.h> |
Darin Petkov | 78f6326 | 2012-03-26 01:30:24 +0200 | [diff] [blame] | 12 | #include <base/string_split.h> |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 13 | #include <base/string_util.h> |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 14 | #include <chromeos/dbus/service_constants.h> |
| 15 | |
Paul Stewart | ce4ec19 | 2012-03-14 12:53:46 -0700 | [diff] [blame] | 16 | #include "shill/connection.h" |
Paul Stewart | ca6abd4 | 2012-03-01 15:45:29 -0800 | [diff] [blame] | 17 | #include "shill/device_info.h" |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 18 | #include "shill/dhcp_config.h" |
Darin Petkov | 33af05c | 2012-02-28 10:10:30 +0100 | [diff] [blame] | 19 | #include "shill/error.h" |
Paul Stewart | ce4ec19 | 2012-03-14 12:53:46 -0700 | [diff] [blame] | 20 | #include "shill/manager.h" |
Darin Petkov | 3c5e4dc | 2012-04-02 14:44:27 +0200 | [diff] [blame] | 21 | #include "shill/nss.h" |
Darin Petkov | 4646302 | 2012-03-29 14:57:32 +0200 | [diff] [blame] | 22 | #include "shill/openvpn_management_server.h" |
Paul Stewart | ebd3856 | 2012-03-23 13:06:40 -0700 | [diff] [blame] | 23 | #include "shill/property_accessor.h" |
Darin Petkov | a9b1fed | 2012-02-29 11:49:05 +0100 | [diff] [blame] | 24 | #include "shill/rpc_task.h" |
Darin Petkov | 4646302 | 2012-03-29 14:57:32 +0200 | [diff] [blame] | 25 | #include "shill/sockets.h" |
Darin Petkov | f3c71d7 | 2012-03-21 12:32:15 +0100 | [diff] [blame] | 26 | #include "shill/store_interface.h" |
Darin Petkov | f20994f | 2012-03-05 16:12:19 +0100 | [diff] [blame] | 27 | #include "shill/vpn.h" |
Darin Petkov | 79d74c9 | 2012-03-07 17:20:32 +0100 | [diff] [blame] | 28 | #include "shill/vpn_service.h" |
Darin Petkov | 33af05c | 2012-02-28 10:10:30 +0100 | [diff] [blame] | 29 | |
Darin Petkov | 78f6326 | 2012-03-26 01:30:24 +0200 | [diff] [blame] | 30 | using base::SplitString; |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 31 | using std::map; |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 32 | using std::string; |
| 33 | using std::vector; |
| 34 | |
Darin Petkov | 33af05c | 2012-02-28 10:10:30 +0100 | [diff] [blame] | 35 | namespace shill { |
| 36 | |
Darin Petkov | a9b1fed | 2012-02-29 11:49:05 +0100 | [diff] [blame] | 37 | namespace { |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 38 | const char kOpenVPNForeignOptionPrefix[] = "foreign_option_"; |
| 39 | const char kOpenVPNIfconfigBroadcast[] = "ifconfig_broadcast"; |
| 40 | const char kOpenVPNIfconfigLocal[] = "ifconfig_local"; |
| 41 | const char kOpenVPNIfconfigNetmask[] = "ifconfig_netmask"; |
| 42 | const char kOpenVPNIfconfigRemote[] = "ifconfig_remote"; |
| 43 | const char kOpenVPNRouteOptionPrefix[] = "route_"; |
| 44 | const char kOpenVPNRouteVPNGateway[] = "route_vpn_gateway"; |
| 45 | const char kOpenVPNTrustedIP[] = "trusted_ip"; |
| 46 | const char kOpenVPNTunMTU[] = "tun_mtu"; |
Darin Petkov | f3c71d7 | 2012-03-21 12:32:15 +0100 | [diff] [blame] | 47 | |
Darin Petkov | e0d5dd1 | 2012-04-04 16:10:48 +0200 | [diff] [blame] | 48 | const char kDefaultPKCS11Provider[] = "libchaps.so"; |
| 49 | |
Darin Petkov | f3c71d7 | 2012-03-21 12:32:15 +0100 | [diff] [blame] | 50 | // TODO(petkov): Move to chromeos/dbus/service_constants.h. |
| 51 | const char kOpenVPNCertProperty[] = "OpenVPN.Cert"; |
| 52 | const char kOpenVPNKeyProperty[] = "OpenVPN.Key"; |
| 53 | const char kOpenVPNPingProperty[] = "OpenVPN.Ping"; |
| 54 | const char kOpenVPNPingExitProperty[] = "OpenVPN.PingExit"; |
| 55 | const char kOpenVPNPingRestartProperty[] = "OpenVPN.PingRestart"; |
| 56 | const char kOpenVPNTLSAuthProperty[] = "OpenVPN.TLSAuth"; |
| 57 | const char kOpenVPNVerbProperty[] = "OpenVPN.Verb"; |
| 58 | const char kVPNMTUProperty[] = "VPN.MTU"; |
Paul Stewart | ebd3856 | 2012-03-23 13:06:40 -0700 | [diff] [blame] | 59 | } // namespace |
| 60 | |
| 61 | // static |
| 62 | const char OpenVPNDriver::kOpenVPNPath[] = "/usr/sbin/openvpn"; |
| 63 | // static |
| 64 | const char OpenVPNDriver::kOpenVPNScript[] = SCRIPTDIR "/openvpn-script"; |
| 65 | // static |
| 66 | const OpenVPNDriver::Property OpenVPNDriver::kProperties[] = { |
Darin Petkov | 1847d79 | 2012-04-17 11:33:06 +0200 | [diff] [blame] | 67 | { flimflam::kOpenVPNAuthNoCacheProperty, 0 }, |
| 68 | { flimflam::kOpenVPNAuthProperty, 0 }, |
| 69 | { flimflam::kOpenVPNAuthRetryProperty, 0 }, |
| 70 | { flimflam::kOpenVPNAuthUserPassProperty, 0 }, |
| 71 | { flimflam::kOpenVPNCaCertNSSProperty, 0 }, |
| 72 | { flimflam::kOpenVPNCaCertProperty, 0 }, |
| 73 | { flimflam::kOpenVPNCipherProperty, 0 }, |
| 74 | { flimflam::kOpenVPNClientCertIdProperty, |
| 75 | OpenVPNDriver::Property::kEphemeral | OpenVPNDriver::Property::kCrypted }, |
| 76 | { flimflam::kOpenVPNCompLZOProperty, 0 }, |
| 77 | { flimflam::kOpenVPNCompNoAdaptProperty, 0 }, |
| 78 | { flimflam::kOpenVPNKeyDirectionProperty, 0 }, |
| 79 | { flimflam::kOpenVPNNsCertTypeProperty, 0 }, |
| 80 | { flimflam::kOpenVPNOTPProperty, |
| 81 | OpenVPNDriver::Property::kEphemeral | OpenVPNDriver::Property::kCrypted }, |
| 82 | { flimflam::kOpenVPNPasswordProperty, OpenVPNDriver::Property::kCrypted }, |
| 83 | { flimflam::kOpenVPNPinProperty, 0 }, |
| 84 | { flimflam::kOpenVPNPortProperty, 0 }, |
| 85 | { flimflam::kOpenVPNProtoProperty, 0 }, |
| 86 | { flimflam::kOpenVPNProviderProperty, 0 }, |
| 87 | { flimflam::kOpenVPNPushPeerInfoProperty, 0 }, |
| 88 | { flimflam::kOpenVPNRemoteCertEKUProperty, 0 }, |
| 89 | { flimflam::kOpenVPNRemoteCertKUProperty, 0 }, |
| 90 | { flimflam::kOpenVPNRemoteCertTLSProperty, 0 }, |
| 91 | { flimflam::kOpenVPNRenegSecProperty, 0 }, |
| 92 | { flimflam::kOpenVPNServerPollTimeoutProperty, 0 }, |
| 93 | { flimflam::kOpenVPNShaperProperty, 0 }, |
| 94 | { flimflam::kOpenVPNStaticChallengeProperty, 0 }, |
| 95 | { flimflam::kOpenVPNTLSAuthContentsProperty, 0 }, |
| 96 | { flimflam::kOpenVPNTLSRemoteProperty, 0 }, |
| 97 | { flimflam::kOpenVPNUserProperty, 0 }, |
| 98 | { flimflam::kProviderHostProperty, 0 }, |
| 99 | { flimflam::kProviderNameProperty, 0 }, |
| 100 | { flimflam::kProviderTypeProperty, 0 }, |
| 101 | { kOpenVPNCertProperty, 0 }, |
| 102 | { kOpenVPNKeyProperty, 0 }, |
| 103 | { kOpenVPNPingExitProperty, 0 }, |
| 104 | { kOpenVPNPingProperty, 0 }, |
| 105 | { kOpenVPNPingRestartProperty, 0 }, |
| 106 | { kOpenVPNTLSAuthProperty, 0 }, |
| 107 | { kOpenVPNVerbProperty, 0 }, |
| 108 | { kVPNMTUProperty, 0 }, |
Paul Stewart | 2280799 | 2012-04-11 08:48:31 -0700 | [diff] [blame] | 109 | |
| 110 | // Provided only for compatibility. crosbug.com/29286 |
Darin Petkov | 1847d79 | 2012-04-17 11:33:06 +0200 | [diff] [blame] | 111 | { flimflam::kOpenVPNMgmtEnableProperty, 0 }, |
Darin Petkov | f3c71d7 | 2012-03-21 12:32:15 +0100 | [diff] [blame] | 112 | }; |
Paul Stewart | 291a473 | 2012-03-14 19:19:02 -0700 | [diff] [blame] | 113 | |
Darin Petkov | a9b1fed | 2012-02-29 11:49:05 +0100 | [diff] [blame] | 114 | OpenVPNDriver::OpenVPNDriver(ControlInterface *control, |
Darin Petkov | f20994f | 2012-03-05 16:12:19 +0100 | [diff] [blame] | 115 | EventDispatcher *dispatcher, |
| 116 | Metrics *metrics, |
| 117 | Manager *manager, |
Paul Stewart | ca6abd4 | 2012-03-01 15:45:29 -0800 | [diff] [blame] | 118 | DeviceInfo *device_info, |
Paul Stewart | 451aa7f | 2012-04-11 19:07:58 -0700 | [diff] [blame] | 119 | GLib *glib) |
Darin Petkov | a9b1fed | 2012-02-29 11:49:05 +0100 | [diff] [blame] | 120 | : control_(control), |
Darin Petkov | f20994f | 2012-03-05 16:12:19 +0100 | [diff] [blame] | 121 | dispatcher_(dispatcher), |
| 122 | metrics_(metrics), |
| 123 | manager_(manager), |
Paul Stewart | ca6abd4 | 2012-03-01 15:45:29 -0800 | [diff] [blame] | 124 | device_info_(device_info), |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 125 | glib_(glib), |
Darin Petkov | 4646302 | 2012-03-29 14:57:32 +0200 | [diff] [blame] | 126 | management_server_(new OpenVPNManagementServer(this, glib)), |
Darin Petkov | 3c5e4dc | 2012-04-02 14:44:27 +0200 | [diff] [blame] | 127 | nss_(NSS::GetInstance()), |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 128 | pid_(0), |
| 129 | child_watch_tag_(0) {} |
Darin Petkov | 33af05c | 2012-02-28 10:10:30 +0100 | [diff] [blame] | 130 | |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 131 | OpenVPNDriver::~OpenVPNDriver() { |
Darin Petkov | 3f9131c | 2012-03-20 11:37:32 +0100 | [diff] [blame] | 132 | Cleanup(Service::kStateIdle); |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 133 | } |
| 134 | |
Darin Petkov | 3f9131c | 2012-03-20 11:37:32 +0100 | [diff] [blame] | 135 | void OpenVPNDriver::Cleanup(Service::ConnectState state) { |
Darin Petkov | 1fa8194 | 2012-04-02 11:38:08 +0200 | [diff] [blame] | 136 | VLOG(2) << __func__ << "(" << Service::ConnectStateToString(state) << ")"; |
Darin Petkov | 4646302 | 2012-03-29 14:57:32 +0200 | [diff] [blame] | 137 | management_server_->Stop(); |
Darin Petkov | 1fa8194 | 2012-04-02 11:38:08 +0200 | [diff] [blame] | 138 | if (!tls_auth_file_.empty()) { |
| 139 | file_util::Delete(tls_auth_file_, false); |
| 140 | tls_auth_file_.clear(); |
| 141 | } |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 142 | if (child_watch_tag_) { |
| 143 | glib_->SourceRemove(child_watch_tag_); |
| 144 | child_watch_tag_ = 0; |
| 145 | CHECK(pid_); |
| 146 | kill(pid_, SIGTERM); |
| 147 | } |
| 148 | if (pid_) { |
| 149 | glib_->SpawnClosePID(pid_); |
| 150 | pid_ = 0; |
| 151 | } |
| 152 | rpc_task_.reset(); |
| 153 | if (device_) { |
| 154 | int interface_index = device_->interface_index(); |
Darin Petkov | 029d353 | 2012-04-18 14:38:04 +0200 | [diff] [blame] | 155 | device_->OnDisconnected(); |
Eric Shienbrood | 9a24553 | 2012-03-07 14:20:39 -0500 | [diff] [blame] | 156 | device_->SetEnabled(false); |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 157 | device_ = NULL; |
| 158 | device_info_->DeleteInterface(interface_index); |
| 159 | } |
| 160 | tunnel_interface_.clear(); |
Darin Petkov | 79d74c9 | 2012-03-07 17:20:32 +0100 | [diff] [blame] | 161 | if (service_) { |
Darin Petkov | 3f9131c | 2012-03-20 11:37:32 +0100 | [diff] [blame] | 162 | service_->SetState(state); |
Darin Petkov | 79d74c9 | 2012-03-07 17:20:32 +0100 | [diff] [blame] | 163 | service_ = NULL; |
| 164 | } |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 165 | } |
| 166 | |
| 167 | bool OpenVPNDriver::SpawnOpenVPN() { |
| 168 | VLOG(2) << __func__ << "(" << tunnel_interface_ << ")"; |
| 169 | |
| 170 | vector<string> options; |
| 171 | Error error; |
| 172 | InitOptions(&options, &error); |
| 173 | if (error.IsFailure()) { |
| 174 | return false; |
| 175 | } |
| 176 | VLOG(2) << "OpenVPN process options: " << JoinString(options, ' '); |
| 177 | |
| 178 | // TODO(petkov): This code needs to be abstracted away in a separate external |
| 179 | // process module (crosbug.com/27131). |
| 180 | vector<char *> process_args; |
| 181 | process_args.push_back(const_cast<char *>(kOpenVPNPath)); |
| 182 | for (vector<string>::const_iterator it = options.begin(); |
| 183 | it != options.end(); ++it) { |
| 184 | process_args.push_back(const_cast<char *>(it->c_str())); |
| 185 | } |
| 186 | process_args.push_back(NULL); |
| 187 | char *envp[1] = { NULL }; |
| 188 | |
| 189 | CHECK(!pid_); |
| 190 | // Redirect all openvpn output to stderr. |
| 191 | int stderr_fd = fileno(stderr); |
| 192 | if (!glib_->SpawnAsyncWithPipesCWD(process_args.data(), |
| 193 | envp, |
| 194 | G_SPAWN_DO_NOT_REAP_CHILD, |
| 195 | NULL, |
| 196 | NULL, |
| 197 | &pid_, |
| 198 | NULL, |
| 199 | &stderr_fd, |
| 200 | &stderr_fd, |
| 201 | NULL)) { |
| 202 | LOG(ERROR) << "Unable to spawn: " << kOpenVPNPath; |
| 203 | return false; |
| 204 | } |
| 205 | CHECK(!child_watch_tag_); |
| 206 | child_watch_tag_ = glib_->ChildWatchAdd(pid_, OnOpenVPNDied, this); |
| 207 | return true; |
| 208 | } |
| 209 | |
| 210 | // static |
| 211 | void OpenVPNDriver::OnOpenVPNDied(GPid pid, gint status, gpointer data) { |
| 212 | VLOG(2) << __func__ << "(" << pid << ", " << status << ")"; |
| 213 | OpenVPNDriver *me = reinterpret_cast<OpenVPNDriver *>(data); |
| 214 | me->child_watch_tag_ = 0; |
| 215 | CHECK_EQ(pid, me->pid_); |
Darin Petkov | 3f9131c | 2012-03-20 11:37:32 +0100 | [diff] [blame] | 216 | me->Cleanup(Service::kStateFailure); |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 217 | // TODO(petkov): Figure if we need to restart the connection. |
| 218 | } |
Darin Petkov | 33af05c | 2012-02-28 10:10:30 +0100 | [diff] [blame] | 219 | |
Paul Stewart | ca6abd4 | 2012-03-01 15:45:29 -0800 | [diff] [blame] | 220 | bool OpenVPNDriver::ClaimInterface(const string &link_name, |
| 221 | int interface_index) { |
| 222 | if (link_name != tunnel_interface_) { |
| 223 | return false; |
| 224 | } |
| 225 | |
| 226 | VLOG(2) << "Claiming " << link_name << " for OpenVPN tunnel"; |
| 227 | |
Darin Petkov | f20994f | 2012-03-05 16:12:19 +0100 | [diff] [blame] | 228 | CHECK(!device_); |
| 229 | device_ = new VPN(control_, dispatcher_, metrics_, manager_, |
| 230 | link_name, interface_index); |
Eric Shienbrood | 9a24553 | 2012-03-07 14:20:39 -0500 | [diff] [blame] | 231 | |
| 232 | device_->SetEnabled(true); |
Darin Petkov | 79d74c9 | 2012-03-07 17:20:32 +0100 | [diff] [blame] | 233 | device_->SelectService(service_); |
Eric Shienbrood | 9a24553 | 2012-03-07 14:20:39 -0500 | [diff] [blame] | 234 | |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 235 | rpc_task_.reset(new RPCTask(control_, this)); |
| 236 | if (!SpawnOpenVPN()) { |
Darin Petkov | 3f9131c | 2012-03-20 11:37:32 +0100 | [diff] [blame] | 237 | Cleanup(Service::kStateFailure); |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 238 | } |
Paul Stewart | ca6abd4 | 2012-03-01 15:45:29 -0800 | [diff] [blame] | 239 | return true; |
| 240 | } |
| 241 | |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 242 | void OpenVPNDriver::Notify(const string &reason, |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 243 | const map<string, string> &dict) { |
| 244 | VLOG(2) << __func__ << "(" << reason << ")"; |
| 245 | if (reason != "up") { |
Darin Petkov | 79d74c9 | 2012-03-07 17:20:32 +0100 | [diff] [blame] | 246 | device_->OnDisconnected(); |
Darin Petkov | 36a3ace | 2012-03-06 17:22:14 +0100 | [diff] [blame] | 247 | return; |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 248 | } |
| 249 | IPConfig::Properties properties; |
| 250 | ParseIPConfiguration(dict, &properties); |
Paul Stewart | ce4ec19 | 2012-03-14 12:53:46 -0700 | [diff] [blame] | 251 | PinHostRoute(properties); |
| 252 | |
Darin Petkov | 79d74c9 | 2012-03-07 17:20:32 +0100 | [diff] [blame] | 253 | device_->UpdateIPConfig(properties); |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 254 | } |
| 255 | |
| 256 | // static |
| 257 | void OpenVPNDriver::ParseIPConfiguration( |
| 258 | const map<string, string> &configuration, |
| 259 | IPConfig::Properties *properties) { |
| 260 | ForeignOptions foreign_options; |
Darin Petkov | 6059674 | 2012-03-05 12:17:17 +0100 | [diff] [blame] | 261 | RouteOptions routes; |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 262 | properties->address_family = IPAddress::kFamilyIPv4; |
Paul Stewart | 48100b0 | 2012-03-19 07:53:52 -0700 | [diff] [blame] | 263 | properties->subnet_prefix = IPAddress::GetMaxPrefixLength( |
| 264 | properties->address_family); |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 265 | for (map<string, string>::const_iterator it = configuration.begin(); |
| 266 | it != configuration.end(); ++it) { |
| 267 | const string &key = it->first; |
| 268 | const string &value = it->second; |
| 269 | VLOG(2) << "Processing: " << key << " -> " << value; |
| 270 | if (LowerCaseEqualsASCII(key, kOpenVPNIfconfigLocal)) { |
| 271 | properties->address = value; |
| 272 | } else if (LowerCaseEqualsASCII(key, kOpenVPNIfconfigBroadcast)) { |
| 273 | properties->broadcast_address = value; |
| 274 | } else if (LowerCaseEqualsASCII(key, kOpenVPNIfconfigNetmask)) { |
Paul Stewart | 48100b0 | 2012-03-19 07:53:52 -0700 | [diff] [blame] | 275 | properties->subnet_prefix = |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 276 | IPAddress::GetPrefixLengthFromMask(properties->address_family, value); |
| 277 | } else if (LowerCaseEqualsASCII(key, kOpenVPNIfconfigRemote)) { |
| 278 | properties->peer_address = value; |
| 279 | } else if (LowerCaseEqualsASCII(key, kOpenVPNRouteVPNGateway)) { |
| 280 | properties->gateway = value; |
| 281 | } else if (LowerCaseEqualsASCII(key, kOpenVPNTrustedIP)) { |
Paul Stewart | ce4ec19 | 2012-03-14 12:53:46 -0700 | [diff] [blame] | 282 | properties->trusted_ip = value; |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 283 | } else if (LowerCaseEqualsASCII(key, kOpenVPNTunMTU)) { |
| 284 | int mtu = 0; |
| 285 | if (base::StringToInt(value, &mtu) && mtu >= DHCPConfig::kMinMTU) { |
| 286 | properties->mtu = mtu; |
| 287 | } else { |
| 288 | LOG(ERROR) << "MTU " << value << " ignored."; |
| 289 | } |
| 290 | } else if (StartsWithASCII(key, kOpenVPNForeignOptionPrefix, false)) { |
| 291 | const string suffix = key.substr(strlen(kOpenVPNForeignOptionPrefix)); |
| 292 | int order = 0; |
| 293 | if (base::StringToInt(suffix, &order)) { |
| 294 | foreign_options[order] = value; |
| 295 | } else { |
| 296 | LOG(ERROR) << "Ignored unexpected foreign option suffix: " << suffix; |
| 297 | } |
| 298 | } else if (StartsWithASCII(key, kOpenVPNRouteOptionPrefix, false)) { |
Darin Petkov | 6059674 | 2012-03-05 12:17:17 +0100 | [diff] [blame] | 299 | ParseRouteOption(key.substr(strlen(kOpenVPNRouteOptionPrefix)), |
| 300 | value, &routes); |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 301 | } else { |
| 302 | VLOG(2) << "Key ignored."; |
| 303 | } |
| 304 | } |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 305 | ParseForeignOptions(foreign_options, properties); |
Darin Petkov | 6059674 | 2012-03-05 12:17:17 +0100 | [diff] [blame] | 306 | SetRoutes(routes, properties); |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 307 | } |
| 308 | |
| 309 | // static |
| 310 | void OpenVPNDriver::ParseForeignOptions(const ForeignOptions &options, |
| 311 | IPConfig::Properties *properties) { |
| 312 | for (ForeignOptions::const_iterator it = options.begin(); |
| 313 | it != options.end(); ++it) { |
| 314 | ParseForeignOption(it->second, properties); |
| 315 | } |
| 316 | } |
| 317 | |
| 318 | // static |
| 319 | void OpenVPNDriver::ParseForeignOption(const string &option, |
| 320 | IPConfig::Properties *properties) { |
| 321 | VLOG(2) << __func__ << "(" << option << ")"; |
| 322 | vector<string> tokens; |
Darin Petkov | 78f6326 | 2012-03-26 01:30:24 +0200 | [diff] [blame] | 323 | SplitString(option, ' ', &tokens); |
| 324 | if (tokens.size() != 3 || !LowerCaseEqualsASCII(tokens[0], "dhcp-option")) { |
Darin Petkov | 14c29ec | 2012-03-02 11:34:19 +0100 | [diff] [blame] | 325 | return; |
| 326 | } |
| 327 | if (LowerCaseEqualsASCII(tokens[1], "domain")) { |
| 328 | properties->domain_search.push_back(tokens[2]); |
| 329 | } else if (LowerCaseEqualsASCII(tokens[1], "dns")) { |
| 330 | properties->dns_servers.push_back(tokens[2]); |
| 331 | } |
| 332 | } |
| 333 | |
Darin Petkov | 6059674 | 2012-03-05 12:17:17 +0100 | [diff] [blame] | 334 | // static |
| 335 | IPConfig::Route *OpenVPNDriver::GetRouteOptionEntry( |
| 336 | const string &prefix, const string &key, RouteOptions *routes) { |
| 337 | int order = 0; |
| 338 | if (!StartsWithASCII(key, prefix, false) || |
| 339 | !base::StringToInt(key.substr(prefix.size()), &order)) { |
| 340 | return NULL; |
| 341 | } |
| 342 | return &(*routes)[order]; |
| 343 | } |
| 344 | |
| 345 | // static |
| 346 | void OpenVPNDriver::ParseRouteOption( |
| 347 | const string &key, const string &value, RouteOptions *routes) { |
| 348 | IPConfig::Route *route = GetRouteOptionEntry("network_", key, routes); |
| 349 | if (route) { |
| 350 | route->host = value; |
| 351 | return; |
| 352 | } |
| 353 | route = GetRouteOptionEntry("netmask_", key, routes); |
| 354 | if (route) { |
| 355 | route->netmask = value; |
| 356 | return; |
| 357 | } |
| 358 | route = GetRouteOptionEntry("gateway_", key, routes); |
| 359 | if (route) { |
| 360 | route->gateway = value; |
| 361 | return; |
| 362 | } |
| 363 | LOG(WARNING) << "Unknown route option ignored: " << key; |
| 364 | } |
| 365 | |
| 366 | // static |
| 367 | void OpenVPNDriver::SetRoutes(const RouteOptions &routes, |
| 368 | IPConfig::Properties *properties) { |
| 369 | for (RouteOptions::const_iterator it = routes.begin(); |
| 370 | it != routes.end(); ++it) { |
| 371 | const IPConfig::Route &route = it->second; |
| 372 | if (route.host.empty() || route.netmask.empty() || route.gateway.empty()) { |
| 373 | LOG(WARNING) << "Ignoring incomplete route: " << it->first; |
| 374 | continue; |
| 375 | } |
| 376 | properties->routes.push_back(route); |
| 377 | } |
| 378 | } |
| 379 | |
Darin Petkov | 79d74c9 | 2012-03-07 17:20:32 +0100 | [diff] [blame] | 380 | void OpenVPNDriver::Connect(const VPNServiceRefPtr &service, |
| 381 | Error *error) { |
| 382 | service_ = service; |
| 383 | service_->SetState(Service::kStateConfiguring); |
Darin Petkov | f20994f | 2012-03-05 16:12:19 +0100 | [diff] [blame] | 384 | if (!device_info_->CreateTunnelInterface(&tunnel_interface_)) { |
| 385 | Error::PopulateAndLog( |
| 386 | error, Error::kInternalError, "Could not create tunnel interface."); |
Darin Petkov | 3f9131c | 2012-03-20 11:37:32 +0100 | [diff] [blame] | 387 | Cleanup(Service::kStateFailure); |
Darin Petkov | f20994f | 2012-03-05 16:12:19 +0100 | [diff] [blame] | 388 | } |
| 389 | // Wait for the ClaimInterface callback to continue the connection process. |
Darin Petkov | 33af05c | 2012-02-28 10:10:30 +0100 | [diff] [blame] | 390 | } |
| 391 | |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 392 | void OpenVPNDriver::InitOptions(vector<string> *options, Error *error) { |
Darin Petkov | 7f06033 | 2012-03-14 11:46:47 +0100 | [diff] [blame] | 393 | string vpnhost = args_.LookupString(flimflam::kProviderHostProperty, ""); |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 394 | if (vpnhost.empty()) { |
| 395 | Error::PopulateAndLog( |
| 396 | error, Error::kInvalidArguments, "VPN host not specified."); |
| 397 | return; |
| 398 | } |
| 399 | options->push_back("--client"); |
| 400 | options->push_back("--tls-client"); |
| 401 | options->push_back("--remote"); |
| 402 | options->push_back(vpnhost); |
| 403 | options->push_back("--nobind"); |
| 404 | options->push_back("--persist-key"); |
| 405 | options->push_back("--persist-tun"); |
| 406 | |
Darin Petkov | f20994f | 2012-03-05 16:12:19 +0100 | [diff] [blame] | 407 | CHECK(!tunnel_interface_.empty()); |
Paul Stewart | ca6abd4 | 2012-03-01 15:45:29 -0800 | [diff] [blame] | 408 | options->push_back("--dev"); |
| 409 | options->push_back(tunnel_interface_); |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 410 | options->push_back("--dev-type"); |
| 411 | options->push_back("tun"); |
| 412 | options->push_back("--syslog"); |
| 413 | |
| 414 | // TODO(petkov): Enable verbosity based on shill logging options too. |
Darin Petkov | f3c71d7 | 2012-03-21 12:32:15 +0100 | [diff] [blame] | 415 | AppendValueOption(kOpenVPNVerbProperty, "--verb", options); |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 416 | |
Darin Petkov | f3c71d7 | 2012-03-21 12:32:15 +0100 | [diff] [blame] | 417 | AppendValueOption(kVPNMTUProperty, "--mtu", options); |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 418 | AppendValueOption(flimflam::kOpenVPNProtoProperty, "--proto", options); |
| 419 | AppendValueOption(flimflam::kOpenVPNPortProperty, "--port", options); |
Darin Petkov | f3c71d7 | 2012-03-21 12:32:15 +0100 | [diff] [blame] | 420 | AppendValueOption(kOpenVPNTLSAuthProperty, "--tls-auth", options); |
Darin Petkov | 1fa8194 | 2012-04-02 11:38:08 +0200 | [diff] [blame] | 421 | { |
| 422 | string contents = |
| 423 | args_.LookupString(flimflam::kOpenVPNTLSAuthContentsProperty, ""); |
| 424 | if (!contents.empty()) { |
| 425 | if (!file_util::CreateTemporaryFile(&tls_auth_file_) || |
| 426 | file_util::WriteFile( |
| 427 | tls_auth_file_, contents.data(), contents.size()) != |
| 428 | static_cast<int>(contents.size())) { |
| 429 | Error::PopulateAndLog( |
| 430 | error, Error::kInternalError, "Unable to setup tls-auth file."); |
| 431 | return; |
| 432 | } |
| 433 | options->push_back("--tls-auth"); |
| 434 | options->push_back(tls_auth_file_.value()); |
| 435 | } |
| 436 | } |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 437 | AppendValueOption( |
| 438 | flimflam::kOpenVPNTLSRemoteProperty, "--tls-remote", options); |
| 439 | AppendValueOption(flimflam::kOpenVPNCipherProperty, "--cipher", options); |
| 440 | AppendValueOption(flimflam::kOpenVPNAuthProperty, "--auth", options); |
| 441 | AppendFlag(flimflam::kOpenVPNAuthNoCacheProperty, "--auth-nocache", options); |
| 442 | AppendValueOption( |
| 443 | flimflam::kOpenVPNAuthRetryProperty, "--auth-retry", options); |
| 444 | AppendFlag(flimflam::kOpenVPNCompLZOProperty, "--comp-lzo", options); |
| 445 | AppendFlag(flimflam::kOpenVPNCompNoAdaptProperty, "--comp-noadapt", options); |
| 446 | AppendFlag( |
| 447 | flimflam::kOpenVPNPushPeerInfoProperty, "--push-peer-info", options); |
| 448 | AppendValueOption(flimflam::kOpenVPNRenegSecProperty, "--reneg-sec", options); |
| 449 | AppendValueOption(flimflam::kOpenVPNShaperProperty, "--shaper", options); |
| 450 | AppendValueOption(flimflam::kOpenVPNServerPollTimeoutProperty, |
| 451 | "--server-poll-timeout", options); |
| 452 | |
Darin Petkov | e0d5dd1 | 2012-04-04 16:10:48 +0200 | [diff] [blame] | 453 | if (!InitNSSOptions(options, error)) { |
| 454 | return; |
Darin Petkov | 3c5e4dc | 2012-04-02 14:44:27 +0200 | [diff] [blame] | 455 | } |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 456 | |
| 457 | // Client-side ping support. |
Darin Petkov | f3c71d7 | 2012-03-21 12:32:15 +0100 | [diff] [blame] | 458 | AppendValueOption(kOpenVPNPingProperty, "--ping", options); |
| 459 | AppendValueOption(kOpenVPNPingExitProperty, "--ping-exit", options); |
| 460 | AppendValueOption(kOpenVPNPingRestartProperty, "--ping-restart", options); |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 461 | |
| 462 | AppendValueOption(flimflam::kOpenVPNCaCertProperty, "--ca", options); |
Darin Petkov | f3c71d7 | 2012-03-21 12:32:15 +0100 | [diff] [blame] | 463 | AppendValueOption(kOpenVPNCertProperty, "--cert", options); |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 464 | AppendValueOption( |
| 465 | flimflam::kOpenVPNNsCertTypeProperty, "--ns-cert-type", options); |
Darin Petkov | f3c71d7 | 2012-03-21 12:32:15 +0100 | [diff] [blame] | 466 | AppendValueOption(kOpenVPNKeyProperty, "--key", options); |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 467 | |
Darin Petkov | e0d5dd1 | 2012-04-04 16:10:48 +0200 | [diff] [blame] | 468 | InitPKCS11Options(options); |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 469 | |
| 470 | // TLS suport. |
Darin Petkov | 7f06033 | 2012-03-14 11:46:47 +0100 | [diff] [blame] | 471 | string remote_cert_tls = |
| 472 | args_.LookupString(flimflam::kOpenVPNRemoteCertTLSProperty, ""); |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 473 | if (remote_cert_tls.empty()) { |
| 474 | remote_cert_tls = "server"; |
| 475 | } |
| 476 | if (remote_cert_tls != "none") { |
| 477 | options->push_back("--remote-cert-tls"); |
| 478 | options->push_back(remote_cert_tls); |
| 479 | } |
| 480 | |
| 481 | // This is an undocumented command line argument that works like a .cfg file |
| 482 | // entry. TODO(sleffler): Maybe roll this into --tls-auth? |
| 483 | AppendValueOption( |
| 484 | flimflam::kOpenVPNKeyDirectionProperty, "--key-direction", options); |
| 485 | // TODO(sleffler): Support more than one eku parameter. |
| 486 | AppendValueOption( |
| 487 | flimflam::kOpenVPNRemoteCertEKUProperty, "--remote-cert-eku", options); |
| 488 | AppendValueOption( |
| 489 | flimflam::kOpenVPNRemoteCertKUProperty, "--remote-cert-ku", options); |
| 490 | |
Darin Petkov | e0d5dd1 | 2012-04-04 16:10:48 +0200 | [diff] [blame] | 491 | if (!InitManagementChannelOptions(options, error)) { |
Darin Petkov | 4646302 | 2012-03-29 14:57:32 +0200 | [diff] [blame] | 492 | return; |
| 493 | } |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 494 | |
Darin Petkov | a9b1fed | 2012-02-29 11:49:05 +0100 | [diff] [blame] | 495 | // Setup openvpn-script options and RPC information required to send back |
| 496 | // Layer 3 configuration. |
| 497 | options->push_back("--setenv"); |
| 498 | options->push_back("CONNMAN_BUSNAME"); |
| 499 | options->push_back(rpc_task_->GetRpcConnectionIdentifier()); |
| 500 | options->push_back("--setenv"); |
| 501 | options->push_back("CONNMAN_INTERFACE"); |
| 502 | options->push_back(rpc_task_->GetRpcInterfaceIdentifier()); |
| 503 | options->push_back("--setenv"); |
| 504 | options->push_back("CONNMAN_PATH"); |
| 505 | options->push_back(rpc_task_->GetRpcIdentifier()); |
| 506 | options->push_back("--script-security"); |
| 507 | options->push_back("2"); |
| 508 | options->push_back("--up"); |
| 509 | options->push_back(kOpenVPNScript); |
| 510 | options->push_back("--up-restart"); |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 511 | |
| 512 | // Disable openvpn handling since we do route+ifconfig work. |
| 513 | options->push_back("--route-noexec"); |
| 514 | options->push_back("--ifconfig-noexec"); |
| 515 | |
| 516 | // Drop root privileges on connection and enable callback scripts to send |
| 517 | // notify messages. |
| 518 | options->push_back("--user"); |
| 519 | options->push_back("openvpn"); |
| 520 | options->push_back("--group"); |
| 521 | options->push_back("openvpn"); |
| 522 | } |
| 523 | |
Darin Petkov | e0d5dd1 | 2012-04-04 16:10:48 +0200 | [diff] [blame] | 524 | bool OpenVPNDriver::InitNSSOptions(vector<string> *options, Error *error) { |
| 525 | string ca_cert = args_.LookupString(flimflam::kOpenVPNCaCertNSSProperty, ""); |
| 526 | if (!ca_cert.empty()) { |
| 527 | if (!args_.LookupString(flimflam::kOpenVPNCaCertProperty, "").empty()) { |
| 528 | Error::PopulateAndLog(error, |
| 529 | Error::kInvalidArguments, |
| 530 | "Can't specify both CACert and CACertNSS."); |
| 531 | return false; |
| 532 | } |
| 533 | const string &vpnhost = args_.GetString(flimflam::kProviderHostProperty); |
| 534 | vector<char> id(vpnhost.begin(), vpnhost.end()); |
| 535 | FilePath certfile = nss_->GetPEMCertfile(ca_cert, id); |
| 536 | if (certfile.empty()) { |
| 537 | LOG(ERROR) << "Unable to extract certificate: " << ca_cert; |
| 538 | } else { |
| 539 | options->push_back("--ca"); |
| 540 | options->push_back(certfile.value()); |
| 541 | } |
| 542 | } |
| 543 | return true; |
| 544 | } |
| 545 | |
| 546 | void OpenVPNDriver::InitPKCS11Options(vector<string> *options) { |
| 547 | string id = args_.LookupString(flimflam::kOpenVPNClientCertIdProperty, ""); |
| 548 | if (!id.empty()) { |
| 549 | string provider = |
| 550 | args_.LookupString(flimflam::kOpenVPNProviderProperty, ""); |
| 551 | if (provider.empty()) { |
| 552 | provider = kDefaultPKCS11Provider; |
| 553 | } |
| 554 | options->push_back("--pkcs11-providers"); |
| 555 | options->push_back(provider); |
| 556 | options->push_back("--pkcs11-id"); |
| 557 | options->push_back(id); |
| 558 | } |
| 559 | } |
| 560 | |
| 561 | bool OpenVPNDriver::InitManagementChannelOptions( |
| 562 | vector<string> *options, Error *error) { |
| 563 | if (!management_server_->Start(dispatcher_, &sockets_, options)) { |
| 564 | Error::PopulateAndLog( |
| 565 | error, Error::kInternalError, "Unable to setup management channel."); |
| 566 | return false; |
| 567 | } |
| 568 | return true; |
| 569 | } |
| 570 | |
Darin Petkov | 4646302 | 2012-03-29 14:57:32 +0200 | [diff] [blame] | 571 | bool OpenVPNDriver::AppendValueOption( |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 572 | const string &property, const string &option, vector<string> *options) { |
Darin Petkov | 7f06033 | 2012-03-14 11:46:47 +0100 | [diff] [blame] | 573 | string value = args_.LookupString(property, ""); |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 574 | if (!value.empty()) { |
| 575 | options->push_back(option); |
| 576 | options->push_back(value); |
Darin Petkov | 4646302 | 2012-03-29 14:57:32 +0200 | [diff] [blame] | 577 | return true; |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 578 | } |
Darin Petkov | 4646302 | 2012-03-29 14:57:32 +0200 | [diff] [blame] | 579 | return false; |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 580 | } |
| 581 | |
Darin Petkov | 4646302 | 2012-03-29 14:57:32 +0200 | [diff] [blame] | 582 | bool OpenVPNDriver::AppendFlag( |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 583 | const string &property, const string &option, vector<string> *options) { |
| 584 | if (args_.ContainsString(property)) { |
| 585 | options->push_back(option); |
Darin Petkov | 4646302 | 2012-03-29 14:57:32 +0200 | [diff] [blame] | 586 | return true; |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 587 | } |
Darin Petkov | 4646302 | 2012-03-29 14:57:32 +0200 | [diff] [blame] | 588 | return false; |
Darin Petkov | fe6a937 | 2012-02-28 16:25:06 +0100 | [diff] [blame] | 589 | } |
| 590 | |
Paul Stewart | ce4ec19 | 2012-03-14 12:53:46 -0700 | [diff] [blame] | 591 | bool OpenVPNDriver::PinHostRoute(const IPConfig::Properties &properties) { |
| 592 | if (properties.gateway.empty() || properties.trusted_ip.empty()) { |
| 593 | return false; |
| 594 | } |
| 595 | |
| 596 | IPAddress trusted_ip(properties.address_family); |
| 597 | if (!trusted_ip.SetAddressFromString(properties.trusted_ip)) { |
| 598 | LOG(ERROR) << "Failed to parse trusted_ip " |
| 599 | << properties.trusted_ip << "; ignored."; |
| 600 | return false; |
| 601 | } |
| 602 | |
| 603 | ServiceRefPtr default_service = manager_->GetDefaultService(); |
| 604 | if (!default_service) { |
| 605 | LOG(ERROR) << "No default service exists."; |
| 606 | return false; |
| 607 | } |
| 608 | |
| 609 | CHECK(default_service->connection()); |
| 610 | return default_service->connection()->RequestHostRoute(trusted_ip); |
| 611 | } |
| 612 | |
Darin Petkov | 6aa2187 | 2012-03-09 16:10:19 +0100 | [diff] [blame] | 613 | void OpenVPNDriver::Disconnect() { |
Darin Petkov | 271fe52 | 2012-03-27 13:47:29 +0200 | [diff] [blame] | 614 | VLOG(2) << __func__; |
Darin Petkov | 3f9131c | 2012-03-20 11:37:32 +0100 | [diff] [blame] | 615 | Cleanup(Service::kStateIdle); |
Darin Petkov | 6aa2187 | 2012-03-09 16:10:19 +0100 | [diff] [blame] | 616 | } |
| 617 | |
Darin Petkov | 271fe52 | 2012-03-27 13:47:29 +0200 | [diff] [blame] | 618 | void OpenVPNDriver::OnReconnecting() { |
| 619 | VLOG(2) << __func__; |
| 620 | if (device_) { |
| 621 | device_->OnDisconnected(); |
| 622 | } |
| 623 | if (service_) { |
| 624 | service_->SetState(Service::kStateAssociating); |
| 625 | } |
| 626 | } |
| 627 | |
Darin Petkov | f3c71d7 | 2012-03-21 12:32:15 +0100 | [diff] [blame] | 628 | bool OpenVPNDriver::Load(StoreInterface *storage, const string &storage_id) { |
Paul Stewart | ebd3856 | 2012-03-23 13:06:40 -0700 | [diff] [blame] | 629 | for (size_t i = 0; i < arraysize(kProperties); i++) { |
Darin Petkov | 1847d79 | 2012-04-17 11:33:06 +0200 | [diff] [blame] | 630 | if ((kProperties[i].flags & Property::kEphemeral)) { |
| 631 | continue; |
| 632 | } |
Darin Petkov | f3c71d7 | 2012-03-21 12:32:15 +0100 | [diff] [blame] | 633 | const string property = kProperties[i].property; |
| 634 | string value; |
Darin Petkov | 1847d79 | 2012-04-17 11:33:06 +0200 | [diff] [blame] | 635 | bool loaded = (kProperties[i].flags & Property::kCrypted) ? |
Darin Petkov | f3c71d7 | 2012-03-21 12:32:15 +0100 | [diff] [blame] | 636 | storage->GetCryptedString(storage_id, property, &value) : |
| 637 | storage->GetString(storage_id, property, &value); |
| 638 | if (loaded) { |
| 639 | args_.SetString(property, value); |
Paul Stewart | 141983b | 2012-03-23 07:58:32 -0700 | [diff] [blame] | 640 | } else { |
| 641 | args_.RemoveString(property); |
Darin Petkov | f3c71d7 | 2012-03-21 12:32:15 +0100 | [diff] [blame] | 642 | } |
| 643 | } |
| 644 | return true; |
| 645 | } |
| 646 | |
| 647 | bool OpenVPNDriver::Save(StoreInterface *storage, const string &storage_id) { |
Paul Stewart | ebd3856 | 2012-03-23 13:06:40 -0700 | [diff] [blame] | 648 | for (size_t i = 0; i < arraysize(kProperties); i++) { |
Darin Petkov | 1847d79 | 2012-04-17 11:33:06 +0200 | [diff] [blame] | 649 | if ((kProperties[i].flags & Property::kEphemeral)) { |
| 650 | continue; |
| 651 | } |
Darin Petkov | f3c71d7 | 2012-03-21 12:32:15 +0100 | [diff] [blame] | 652 | const string property = kProperties[i].property; |
| 653 | const string value = args_.LookupString(property, ""); |
| 654 | if (value.empty()) { |
| 655 | storage->DeleteKey(storage_id, property); |
Darin Petkov | 1847d79 | 2012-04-17 11:33:06 +0200 | [diff] [blame] | 656 | } else if ((kProperties[i].flags & Property::kCrypted)) { |
Darin Petkov | f3c71d7 | 2012-03-21 12:32:15 +0100 | [diff] [blame] | 657 | storage->SetCryptedString(storage_id, property, value); |
| 658 | } else { |
| 659 | storage->SetString(storage_id, property, value); |
| 660 | } |
| 661 | } |
| 662 | return true; |
| 663 | } |
| 664 | |
Paul Stewart | ebd3856 | 2012-03-23 13:06:40 -0700 | [diff] [blame] | 665 | void OpenVPNDriver::InitPropertyStore(PropertyStore *store) { |
| 666 | for (size_t i = 0; i < arraysize(kProperties); i++) { |
| 667 | store->RegisterDerivedString( |
| 668 | kProperties[i].property, |
| 669 | StringAccessor( |
| 670 | new CustomMappedAccessor<OpenVPNDriver, string, size_t>( |
| 671 | this, |
| 672 | &OpenVPNDriver::ClearMappedProperty, |
| 673 | &OpenVPNDriver::GetMappedProperty, |
| 674 | &OpenVPNDriver::SetMappedProperty, |
| 675 | i))); |
| 676 | } |
| 677 | |
Paul Stewart | 451aa7f | 2012-04-11 19:07:58 -0700 | [diff] [blame] | 678 | store->RegisterDerivedStringmap( |
| 679 | flimflam::kProviderProperty, |
| 680 | StringmapAccessor( |
| 681 | new CustomAccessor<OpenVPNDriver, Stringmap>( |
| 682 | this, &OpenVPNDriver::GetProvider, NULL))); |
| 683 | |
Paul Stewart | ebd3856 | 2012-03-23 13:06:40 -0700 | [diff] [blame] | 684 | // TODO(pstew): Add the PassphraseRequired and PSKRequired properties. |
| 685 | // crosbug.com/27323 |
| 686 | } |
| 687 | |
Paul Stewart | 39964fa | 2012-04-04 09:50:25 -0700 | [diff] [blame] | 688 | string OpenVPNDriver::GetProviderType() const { |
| 689 | return flimflam::kProviderOpenVpn; |
| 690 | } |
| 691 | |
Paul Stewart | ebd3856 | 2012-03-23 13:06:40 -0700 | [diff] [blame] | 692 | void OpenVPNDriver::ClearMappedProperty(const size_t &index, |
| 693 | Error *error) { |
| 694 | CHECK(index < arraysize(kProperties)); |
| 695 | if (args_.ContainsString(kProperties[index].property)) { |
| 696 | args_.RemoveString(kProperties[index].property); |
| 697 | } else { |
| 698 | error->Populate(Error::kNotFound, "Property is not set"); |
| 699 | } |
| 700 | } |
| 701 | |
| 702 | string OpenVPNDriver::GetMappedProperty(const size_t &index, |
| 703 | Error *error) { |
Paul Stewart | 451aa7f | 2012-04-11 19:07:58 -0700 | [diff] [blame] | 704 | // Provider properties are set via SetProperty calls to "Provider.XXX", |
| 705 | // however, they are retrieved via a GetProperty call, which returns |
| 706 | // all properties in a single "Provider" dict. Therefore, none of |
| 707 | // the individual properties in the kProperties are available for |
| 708 | // enumeration in GetProperties. Instead, they are retrieved via |
| 709 | // GetProvider below. |
| 710 | error->Populate(Error::kInvalidArguments, |
| 711 | "Provider properties are not read back in this manner"); |
| 712 | return string(); |
Paul Stewart | ebd3856 | 2012-03-23 13:06:40 -0700 | [diff] [blame] | 713 | } |
| 714 | |
| 715 | void OpenVPNDriver::SetMappedProperty(const size_t &index, |
| 716 | const string &value, |
| 717 | Error *error) { |
| 718 | CHECK(index < arraysize(kProperties)); |
| 719 | args_.SetString(kProperties[index].property, value); |
| 720 | } |
| 721 | |
Paul Stewart | 451aa7f | 2012-04-11 19:07:58 -0700 | [diff] [blame] | 722 | Stringmap OpenVPNDriver::GetProvider(Error *error) { |
| 723 | string provider_prefix = string(flimflam::kProviderProperty) + "."; |
| 724 | Stringmap provider_properties; |
| 725 | |
| 726 | for (size_t i = 0; i < arraysize(kProperties); i++) { |
| 727 | // Never return any encrypted properties. |
Darin Petkov | 1847d79 | 2012-04-17 11:33:06 +0200 | [diff] [blame] | 728 | if ((kProperties[i].flags & Property::kCrypted)) { |
Paul Stewart | 451aa7f | 2012-04-11 19:07:58 -0700 | [diff] [blame] | 729 | continue; |
| 730 | } |
| 731 | |
| 732 | string prop = kProperties[i].property; |
| 733 | |
| 734 | // Chomp off leading "Provider." from properties that have this prefix. |
| 735 | if (StartsWithASCII(prop, provider_prefix, false)) { |
| 736 | prop = prop.substr(provider_prefix.length()); |
| 737 | } |
| 738 | |
| 739 | if (args_.ContainsString(kProperties[i].property)) { |
| 740 | provider_properties[prop] = |
| 741 | args_.LookupString(kProperties[i].property, ""); |
| 742 | } |
| 743 | } |
| 744 | |
| 745 | return provider_properties; |
| 746 | } |
Paul Stewart | ebd3856 | 2012-03-23 13:06:40 -0700 | [diff] [blame] | 747 | |
Darin Petkov | 33af05c | 2012-02-28 10:10:30 +0100 | [diff] [blame] | 748 | } // namespace shill |