Chromium Code Reviews Chromium Code Reviews
Issue 6731015:
vpn-manager: accept a hostname for remote host (Closed)
Base URL: ssh://git@gitrw.chromium.org:9222/vpn-manager.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2011 The Chromium OS Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium OS Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef _VPN_MANAGER_IPSEC_MANAGER_H_ | 5 #ifndef _VPN_MANAGER_IPSEC_MANAGER_H_ |
| 6 #define _VPN_MANAGER_IPSEC_MANAGER_H_ | 6 #define _VPN_MANAGER_IPSEC_MANAGER_H_ |
| 7 | 7 |
| 8 #include <string> | 8 #include <string> |
| 9 | 9 |
| 10 #include "base/scoped_ptr.h" | 10 #include "base/scoped_ptr.h" |
| 11 #include "base/time.h" | 11 #include "base/time.h" |
| 12 #include "gtest/gtest_prod.h" // for FRIEND_TEST | 12 #include "gtest/gtest_prod.h" // for FRIEND_TEST |
| 13 #include "vpn-manager/service_manager.h" | 13 #include "vpn-manager/service_manager.h" |
| 14 | 14 |
| 15 class FilePath; | 15 class FilePath; |
| 16 namespace chromeos { | 16 namespace chromeos { |
| 17 class Process; | 17 class Process; |
| 18 } | 18 } |
| 19 | 19 |
| 20 // Manages the ipsec daemon. This manager orchestrates configuring and | 20 // Manages the ipsec daemon. This manager orchestrates configuring and |
| 21 // launching the strongswan starter process which in turn launches the | 21 // launching the strongswan starter process which in turn launches the |
| 22 // appropriate IKE v1 (pluto) or IKE v2 (charon) daemon. | 22 // appropriate IKE v1 (pluto) or IKE v2 (charon) daemon. |
| 23 class IpsecManager : public ServiceManager { | 23 class IpsecManager : public ServiceManager { |
| 24 public: | 24 public: |
| 25 IpsecManager(); | 25 IpsecManager(); |
| 26 | 26 |
| 27 // Initialize the object to control IKE version |ike_version| daemon, | 27 // Initialize the object to control IKE version |ike_version| daemon, |
| 28 // connecting to the give |remote_address|, with given paths to | 28 // connecting to the give |remote_hostname|, with given paths to |
| 29 // pre-shared key file |psk_file|, server certificate authority file | 29 // pre-shared key file |psk_file|, server certificate authority file |
| 30 // |server_ca_file|, client key file |client_key_file|, and client | 30 // |server_ca_file|, client key file |client_key_file|, and client |
| 31 // certificate file |client_cert_file|. | 31 // certificate file |client_cert_file|. |
| 32 bool Initialize(int ike_version, | 32 bool Initialize(int ike_version, |
| 33 const std::string& remote_address, | 33 const std::string& remote_hostname, |
| 34 const std::string& psk_file, | 34 const std::string& psk_file, |
| 35 const std::string& server_ca_file, | 35 const std::string& server_ca_file, |
| 36 const std::string& client_key_file, | 36 const std::string& client_key_file, |
| 37 const std::string& client_cert_file); | 37 const std::string& client_cert_file); |
| 38 | 38 |
| 39 virtual bool Start(); | 39 virtual bool Start(); |
| 40 virtual void Stop(); | 40 virtual void Stop(); |
| 41 virtual int Poll(); | 41 virtual int Poll(); |
| 42 virtual void ProcessOutput(); | 42 virtual void ProcessOutput(); |
| 43 virtual bool IsChild(pid_t pid); | 43 virtual bool IsChild(pid_t pid); |
| 44 | 44 |
| 45 // Returns the stderr output file descriptor of our child process. | 45 // Returns the stderr output file descriptor of our child process. |
| 46 int output_fd() const { return output_fd_; } | 46 int output_fd() const { return output_fd_; } |
| 47 | 47 |
| 48 private: | 48 private: |
| 49 friend class IpsecManagerTest; | 49 friend class IpsecManagerTest; |
| 50 FRIEND_TEST(IpsecManagerTest, CreateIpsecRunDirectory); | 50 FRIEND_TEST(IpsecManagerTest, CreateIpsecRunDirectory); |
| 51 FRIEND_TEST(IpsecManagerTest, PollWaitIfNotUpYet); | 51 FRIEND_TEST(IpsecManagerTest, PollWaitIfNotUpYet); |
| 52 FRIEND_TEST(IpsecManagerTest, PollTimeoutWaiting); | 52 FRIEND_TEST(IpsecManagerTest, PollTimeoutWaiting); |
| 53 FRIEND_TEST(IpsecManagerTest, PollTransitionToUp); | 53 FRIEND_TEST(IpsecManagerTest, PollTransitionToUp); |
| 54 FRIEND_TEST(IpsecManagerTest, PollNothingIfRunning); | 54 FRIEND_TEST(IpsecManagerTest, PollNothingIfRunning); |
| 55 FRIEND_TEST(IpsecManagerTestIkeV1Psk, FormatPsk); | 55 FRIEND_TEST(IpsecManagerTestIkeV1Psk, FormatPsk); |
| 56 FRIEND_TEST(IpsecManagerTestIkeV1Psk, FormatStarterConfigFile); | 56 FRIEND_TEST(IpsecManagerTestIkeV1Psk, FormatStarterConfigFile); |
| 57 FRIEND_TEST(IpsecManagerTestIkeV1Psk, GetLocalAddressForRemote); | 57 FRIEND_TEST(IpsecManagerTestIkeV1Psk, GetAddressesFromRemoteHost); |
| 58 FRIEND_TEST(IpsecManagerTestIkeV1Psk, Start); | 58 FRIEND_TEST(IpsecManagerTestIkeV1Psk, Start); |
| 59 FRIEND_TEST(IpsecManagerTestIkeV1Psk, StartStarterAlreadyRunning); | 59 FRIEND_TEST(IpsecManagerTestIkeV1Psk, StartStarterAlreadyRunning); |
| 60 FRIEND_TEST(IpsecManagerTestIkeV1Psk, StartStarterNotYetRunning); | 60 FRIEND_TEST(IpsecManagerTestIkeV1Psk, StartStarterNotYetRunning); |
| 61 FRIEND_TEST(IpsecManagerTestIkeV1Psk, WriteConfigFiles); | 61 FRIEND_TEST(IpsecManagerTestIkeV1Psk, WriteConfigFiles); |
| 62 | 62 |
| 63 bool GetLocalAddressForRemote(const std::string& remote_address_text, | 63 bool ConvertSockAddrToIPString(struct sockaddr* socket_address, |
|
petkov
2011/03/24 16:52:22
can this be
const struct sockaddr&?
| |
| 64 std::string* local_address_text); | 64 std::string* output); |
| 65 bool GetAddressesFromRemoteHost(const std::string& remote_hostname, | |
| 66 std::string* remote_address_text, | |
| 67 std::string* local_address_text); | |
| 65 bool FormatPsk(const FilePath& input_file, std::string* formatted); | 68 bool FormatPsk(const FilePath& input_file, std::string* formatted); |
| 66 void KillCurrentlyRunning(); | 69 void KillCurrentlyRunning(); |
| 67 bool WriteConfigFiles(); | 70 bool WriteConfigFiles(); |
| 68 bool CreateIpsecRunDirectory(); | 71 bool CreateIpsecRunDirectory(); |
| 69 std::string FormatStarterConfigFile(); | 72 std::string FormatStarterConfigFile(); |
| 70 bool StartStarter(); | 73 bool StartStarter(); |
| 71 bool SetIpsecGroup(const FilePath& file_path); | 74 bool SetIpsecGroup(const FilePath& file_path); |
| 72 | 75 |
| 73 // for testing, always return this value from GetLocalAddressForRemote. | 76 // for testing, always return these values from |
| 77 // GetAddressesFromRemoteHostname. | |
| 74 const char* force_local_address_; | 78 const char* force_local_address_; |
| 79 const char* force_remote_address_; | |
| 75 // ipsec daemon stderr pipe file descriptor. | 80 // ipsec daemon stderr pipe file descriptor. |
| 76 int output_fd_; | 81 int output_fd_; |
| 77 // IKE key exchange version to use. | 82 // IKE key exchange version to use. |
| 78 int ike_version_; | 83 int ike_version_; |
| 79 // Group id of the "ipsec" group on this machine. This is the group | 84 // Group id of the "ipsec" group on this machine. This is the group |
| 80 // that we expect the underlying IKE daemons to run as. | 85 // that we expect the underlying IKE daemons to run as. |
| 81 gid_t ipsec_group_; | 86 gid_t ipsec_group_; |
| 82 // Writeable directory to which we can write configuration files for | 87 // Writeable directory to which we can write configuration files for |
| 83 // ipsec daemons. | 88 // ipsec daemons. |
| 84 std::string stateful_container_; | 89 std::string stateful_container_; |
| 85 // Directory containing run files for ipsec that we create with | 90 // Directory containing run files for ipsec that we create with |
| 86 // permissions locked to ipsec group. | 91 // permissions locked to ipsec group. |
| 87 std::string ipsec_run_path_; | 92 std::string ipsec_run_path_; |
| 88 // File whose existence signifies ipsec is now up. | 93 // File whose existence signifies ipsec is now up. |
| 89 std::string ipsec_up_file_; | 94 std::string ipsec_up_file_; |
| 90 // String with which to prefix ipsec output log lines. | 95 // String with which to prefix ipsec output log lines. |
| 91 std::string ipsec_prefix_; | 96 std::string ipsec_prefix_; |
| 92 // File containing starter process's process id. | 97 // File containing starter process's process id. |
| 93 std::string starter_pid_file_; | 98 std::string starter_pid_file_; |
| 94 // Remote IP of IPsec connection. | 99 // Remote hostname of IPsec connection. |
| 95 std::string remote_address_; | 100 std::string remote_host_; |
| 96 // File containing the IPsec pre-shared key. | 101 // File containing the IPsec pre-shared key. |
| 97 std::string psk_file_; | 102 std::string psk_file_; |
| 98 // File containing the server certificate authority. | 103 // File containing the server certificate authority. |
| 99 std::string server_ca_file_; | 104 std::string server_ca_file_; |
| 100 // File containing the client private key. | 105 // File containing the client private key. |
| 101 std::string client_key_file_; | 106 std::string client_key_file_; |
| 102 // File containing the client certificate. | 107 // File containing the client certificate. |
| 103 std::string client_cert_file_; | 108 std::string client_cert_file_; |
| 104 // Last partial line read from output_fd_. | 109 // Last partial line read from output_fd_. |
| 105 std::string partial_output_line_; | 110 std::string partial_output_line_; |
| 106 // Time when ipsec was started. | 111 // Time when ipsec was started. |
| 107 base::TimeTicks start_ticks_; | 112 base::TimeTicks start_ticks_; |
| 108 // IPsec starter process. | 113 // IPsec starter process. |
| 109 scoped_ptr<chromeos::Process> starter_; | 114 scoped_ptr<chromeos::Process> starter_; |
| 110 }; | 115 }; |
| 111 | 116 |
| 112 #endif // _VPN_MANAGER_IPSEC_MANAGER_H_ | 117 #endif // _VPN_MANAGER_IPSEC_MANAGER_H_ |
| OLD | NEW |
