ipsec_manager.h - Issue 6508016: vpn-manager: Add l2tp/ipsec vpn manager

Side by Side Diff: ipsec_manager.h

Issue 6508016: vpn-manager: Add l2tp/ipsec vpn manager (Closed) Base URL: ssh://git@gitrw.chromium.org:9222/vpn-manager.git@master

Patch Set: Add line combining Created 9 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
(Empty)
	1 // Copyright (c) 2011 The Chromium OS Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #ifndef _VPN_MANAGER_IPSEC_MANAGER_H_

	6 #define _VPN_MANAGER_IPSEC_MANAGER_H_

	7

	8 #include <string>

	9

	10 #include "base/scoped_ptr.h"

	11 #include "base/time.h"

	12 #include "gtest/gtest_prod.h" // for FRIEND_TEST

	13

	14 #include "vpn-manager/service_manager.h"

	15

	16 class FilePath;

	17 namespace chromeos {

	18 class Process;

	19 }

	20

	21 // Manages the ipsec daemon. This manager orchestrates configuring and

	22 // launching the strongswan starter process which in turn launches the

	23 // appropriate IKE v1 (pluto) or IKE v2 (charon) daemon.

	24 class IpsecManager : public ServiceManager {

	25 public:

	26 IpsecManager();

	27

	28 // Initialize the object to control IKE version \|ike_version\| daemon,

	29 // connecting to the give \|remote\| address, with given paths to

	30 // pre-shared key file \|psk_file\|, server certificate authority file

	31 // \|server_ca_file\|, client key file \|client_key_file\|, and client

	32 // certificate file \|client_cert_file\|.

	33 bool Initialize(int ike_version,

	34 const std::string& remote,

	35 const std::string& psk_file,

	36 const std::string& server_ca_file,

	37 const std::string& client_key_file,

	38 const std::string& client_cert_file);
	James Simonsen 2011/03/07 20:32:36 What's the plan for these once they're in the TPM? What's the plan for these once they're in the TPM? Just use the ID? kmixter1 2011/03/11 04:48:44 Yeah - good point. We'll not be passing these by Show quoted text On 2011/03/07 20:32:36, James Simonsen wrote: > What's the plan for these once they're in the TPM? Just use the ID? Yeah - good point. We'll not be passing these by filenames - probably we'll throw these away entirely. I can remove them now if you'd prefer. We'll need to pass the pkcs#11 module to load, the token #, pin, and id I guess.
	39

	40 virtual bool Start();

	41 virtual void Stop();

	42 virtual int Poll();

	43 virtual void ProcessOutput();

	44 virtual bool IsChild(pid_t pid);

	45

	46 // Returns the stderr output file descriptor of our child process.

	47 int output_fd() const { return output_fd_; }

	48

	49 protected:

	50 friend class IpsecManagerTest;

	51 FRIEND_TEST(IpsecManagerTest, PollWaitIfNotUpYet);

	52 FRIEND_TEST(IpsecManagerTest, PollTimeoutWaiting);

	53 FRIEND_TEST(IpsecManagerTest, PollTransitionToUp);

	54 FRIEND_TEST(IpsecManagerTest, PollNothingIfRunning);

	55 FRIEND_TEST(IpsecManagerTestIkeV1Psk, FormatPsk);

	56 FRIEND_TEST(IpsecManagerTestIkeV1Psk, FormatStarterConfigFile);

	57 FRIEND_TEST(IpsecManagerTestIkeV1Psk, Start);

	58 FRIEND_TEST(IpsecManagerTestIkeV1Psk, StartStarterAlreadyRunning);

	59 FRIEND_TEST(IpsecManagerTestIkeV1Psk, StartStarterNotYetRunning);

	60 FRIEND_TEST(IpsecManagerTestIkeV1Psk, WriteConfigFiles);

	61

	62 bool FormatPsk(const FilePath& input_file, std::string* formatted);

	63 void KillCurrentlyRunning();

	64 bool WriteConfigFiles();

	65 std::string FormatStarterConfigFile();

	66 bool StartStarter();

	67 bool SetIpsecGroup(const FilePath& file_path);

	68

	69 // ipsec daemon stderr pipe file descriptor.

	70 int output_fd_;

	71 // IKE key exchange version to use.

	72 int ike_version_;

	73 // Group id of the "ipsec" group on this machine. This is the group

	74 // that we expect the underlying IKE daemons to run as.

	75 gid_t ipsec_group_;

	76 // Writeable directory to which we can write configuration files for

	77 // ipsec daemons.

	78 std::string stateful_container_;

	79 // File whose existence signifies ipsec is now up.

	80 std::string ipsec_up_file_;

	81 // String with which to prefix ipsec output log lines.

	82 std::string ipsec_prefix_;

	83 // File containing starter process's process id.

	84 std::string starter_pid_file_;

	85 // Remote IP of IPsec connection.

	86 std::string remote_;

	87 // File containing the IPsec pre-shared key.

	88 std::string psk_file_;

	89 // File containing the server certificate authority.

	90 std::string server_ca_file_;

	91 // File containing the client private key.

	92 std::string client_key_file_;

	93 // File containing the client certificate.

	94 std::string client_cert_file_;

	95 // Last partial line read from output_fd_.

	96 std::string partial_output_line_;

	97 // Time when ipsec was started.

	98 base::TimeTicks start_ticks_;

	99 // IPsec starter process.

	100 scoped_ptr<chromeos::Process> starter_;

	101 };

	102

	103 #endif // _VPN_MANAGER_IPSEC_MANAGER_H_

OLD	NEW

« LICENSE ('K') | « inherit-review-settings-ok ('k') | ipsec_manager.cc » ('j') | ipsec_manager.cc » ('J')