OLD | NEW |
---|---|
1 // Copyright (c) 2011 The Chromium OS Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium OS Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef _VPN_MANAGER_IPSEC_MANAGER_H_ | 5 #ifndef _VPN_MANAGER_IPSEC_MANAGER_H_ |
6 #define _VPN_MANAGER_IPSEC_MANAGER_H_ | 6 #define _VPN_MANAGER_IPSEC_MANAGER_H_ |
7 | 7 |
8 #include <string> | 8 #include <string> |
9 | 9 |
10 #include "base/scoped_ptr.h" | 10 #include "base/scoped_ptr.h" |
11 #include "base/time.h" | 11 #include "base/time.h" |
12 #include "gtest/gtest_prod.h" // for FRIEND_TEST | 12 #include "gtest/gtest_prod.h" // for FRIEND_TEST |
13 #include "vpn-manager/service_manager.h" | 13 #include "vpn-manager/service_manager.h" |
14 | 14 |
15 class FilePath; | 15 class FilePath; |
16 namespace chromeos { | 16 namespace chromeos { |
17 class Process; | 17 class Process; |
18 } | 18 } |
19 | 19 |
20 // Manages the ipsec daemon. This manager orchestrates configuring and | 20 // Manages the ipsec daemon. This manager orchestrates configuring and |
21 // launching the strongswan starter process which in turn launches the | 21 // launching the strongswan starter process which in turn launches the |
22 // appropriate IKE v1 (pluto) or IKE v2 (charon) daemon. | 22 // appropriate IKE v1 (pluto) or IKE v2 (charon) daemon. |
23 class IpsecManager : public ServiceManager { | 23 class IpsecManager : public ServiceManager { |
24 public: | 24 public: |
25 IpsecManager(); | 25 IpsecManager(); |
26 | 26 |
27 // Initialize the object to control IKE version |ike_version| daemon, | 27 // Initialize the object to control IKE version |ike_version| daemon, |
28 // connecting to the give |remote_address|, with given paths to | 28 // connecting to the give |remote_hostname|, with given paths to |
29 // pre-shared key file |psk_file|, server certificate authority file | 29 // pre-shared key file |psk_file|, server certificate authority file |
30 // |server_ca_file|, client key file |client_key_file|, and client | 30 // |server_ca_file|, client key file |client_key_file|, and client |
31 // certificate file |client_cert_file|. | 31 // certificate file |client_cert_file|. |
32 bool Initialize(int ike_version, | 32 bool Initialize(int ike_version, |
33 const std::string& remote_address, | 33 const std::string& remote_hostname, |
34 const std::string& psk_file, | 34 const std::string& psk_file, |
35 const std::string& server_ca_file, | 35 const std::string& server_ca_file, |
36 const std::string& client_key_file, | 36 const std::string& client_key_file, |
37 const std::string& client_cert_file); | 37 const std::string& client_cert_file); |
38 | 38 |
39 virtual bool Start(); | 39 virtual bool Start(); |
40 virtual void Stop(); | 40 virtual void Stop(); |
41 virtual int Poll(); | 41 virtual int Poll(); |
42 virtual void ProcessOutput(); | 42 virtual void ProcessOutput(); |
43 virtual bool IsChild(pid_t pid); | 43 virtual bool IsChild(pid_t pid); |
44 | 44 |
45 // Returns the stderr output file descriptor of our child process. | 45 // Returns the stderr output file descriptor of our child process. |
46 int output_fd() const { return output_fd_; } | 46 int output_fd() const { return output_fd_; } |
47 | 47 |
48 private: | 48 private: |
49 friend class IpsecManagerTest; | 49 friend class IpsecManagerTest; |
50 FRIEND_TEST(IpsecManagerTest, CreateIpsecRunDirectory); | 50 FRIEND_TEST(IpsecManagerTest, CreateIpsecRunDirectory); |
51 FRIEND_TEST(IpsecManagerTest, PollWaitIfNotUpYet); | 51 FRIEND_TEST(IpsecManagerTest, PollWaitIfNotUpYet); |
52 FRIEND_TEST(IpsecManagerTest, PollTimeoutWaiting); | 52 FRIEND_TEST(IpsecManagerTest, PollTimeoutWaiting); |
53 FRIEND_TEST(IpsecManagerTest, PollTransitionToUp); | 53 FRIEND_TEST(IpsecManagerTest, PollTransitionToUp); |
54 FRIEND_TEST(IpsecManagerTest, PollNothingIfRunning); | 54 FRIEND_TEST(IpsecManagerTest, PollNothingIfRunning); |
55 FRIEND_TEST(IpsecManagerTestIkeV1Psk, FormatPsk); | 55 FRIEND_TEST(IpsecManagerTestIkeV1Psk, FormatPsk); |
56 FRIEND_TEST(IpsecManagerTestIkeV1Psk, FormatStarterConfigFile); | 56 FRIEND_TEST(IpsecManagerTestIkeV1Psk, FormatStarterConfigFile); |
57 FRIEND_TEST(IpsecManagerTestIkeV1Psk, GetLocalAddressForRemote); | 57 FRIEND_TEST(IpsecManagerTestIkeV1Psk, GetAddressesFromRemoteHost); |
58 FRIEND_TEST(IpsecManagerTestIkeV1Psk, Start); | 58 FRIEND_TEST(IpsecManagerTestIkeV1Psk, Start); |
59 FRIEND_TEST(IpsecManagerTestIkeV1Psk, StartStarterAlreadyRunning); | 59 FRIEND_TEST(IpsecManagerTestIkeV1Psk, StartStarterAlreadyRunning); |
60 FRIEND_TEST(IpsecManagerTestIkeV1Psk, StartStarterNotYetRunning); | 60 FRIEND_TEST(IpsecManagerTestIkeV1Psk, StartStarterNotYetRunning); |
61 FRIEND_TEST(IpsecManagerTestIkeV1Psk, WriteConfigFiles); | 61 FRIEND_TEST(IpsecManagerTestIkeV1Psk, WriteConfigFiles); |
62 | 62 |
63 bool GetLocalAddressForRemote(const std::string& remote_address_text, | 63 bool ConvertSockAddrToIPString(struct sockaddr* socket_address, |
petkov
2011/03/24 16:52:22
can this be
const struct sockaddr&?
| |
64 std::string* local_address_text); | 64 std::string* output); |
65 bool GetAddressesFromRemoteHost(const std::string& remote_hostname, | |
66 std::string* remote_address_text, | |
67 std::string* local_address_text); | |
65 bool FormatPsk(const FilePath& input_file, std::string* formatted); | 68 bool FormatPsk(const FilePath& input_file, std::string* formatted); |
66 void KillCurrentlyRunning(); | 69 void KillCurrentlyRunning(); |
67 bool WriteConfigFiles(); | 70 bool WriteConfigFiles(); |
68 bool CreateIpsecRunDirectory(); | 71 bool CreateIpsecRunDirectory(); |
69 std::string FormatStarterConfigFile(); | 72 std::string FormatStarterConfigFile(); |
70 bool StartStarter(); | 73 bool StartStarter(); |
71 bool SetIpsecGroup(const FilePath& file_path); | 74 bool SetIpsecGroup(const FilePath& file_path); |
72 | 75 |
73 // for testing, always return this value from GetLocalAddressForRemote. | 76 // for testing, always return these values from |
77 // GetAddressesFromRemoteHostname. | |
74 const char* force_local_address_; | 78 const char* force_local_address_; |
79 const char* force_remote_address_; | |
75 // ipsec daemon stderr pipe file descriptor. | 80 // ipsec daemon stderr pipe file descriptor. |
76 int output_fd_; | 81 int output_fd_; |
77 // IKE key exchange version to use. | 82 // IKE key exchange version to use. |
78 int ike_version_; | 83 int ike_version_; |
79 // Group id of the "ipsec" group on this machine. This is the group | 84 // Group id of the "ipsec" group on this machine. This is the group |
80 // that we expect the underlying IKE daemons to run as. | 85 // that we expect the underlying IKE daemons to run as. |
81 gid_t ipsec_group_; | 86 gid_t ipsec_group_; |
82 // Writeable directory to which we can write configuration files for | 87 // Writeable directory to which we can write configuration files for |
83 // ipsec daemons. | 88 // ipsec daemons. |
84 std::string stateful_container_; | 89 std::string stateful_container_; |
85 // Directory containing run files for ipsec that we create with | 90 // Directory containing run files for ipsec that we create with |
86 // permissions locked to ipsec group. | 91 // permissions locked to ipsec group. |
87 std::string ipsec_run_path_; | 92 std::string ipsec_run_path_; |
88 // File whose existence signifies ipsec is now up. | 93 // File whose existence signifies ipsec is now up. |
89 std::string ipsec_up_file_; | 94 std::string ipsec_up_file_; |
90 // String with which to prefix ipsec output log lines. | 95 // String with which to prefix ipsec output log lines. |
91 std::string ipsec_prefix_; | 96 std::string ipsec_prefix_; |
92 // File containing starter process's process id. | 97 // File containing starter process's process id. |
93 std::string starter_pid_file_; | 98 std::string starter_pid_file_; |
94 // Remote IP of IPsec connection. | 99 // Remote hostname of IPsec connection. |
95 std::string remote_address_; | 100 std::string remote_host_; |
96 // File containing the IPsec pre-shared key. | 101 // File containing the IPsec pre-shared key. |
97 std::string psk_file_; | 102 std::string psk_file_; |
98 // File containing the server certificate authority. | 103 // File containing the server certificate authority. |
99 std::string server_ca_file_; | 104 std::string server_ca_file_; |
100 // File containing the client private key. | 105 // File containing the client private key. |
101 std::string client_key_file_; | 106 std::string client_key_file_; |
102 // File containing the client certificate. | 107 // File containing the client certificate. |
103 std::string client_cert_file_; | 108 std::string client_cert_file_; |
104 // Last partial line read from output_fd_. | 109 // Last partial line read from output_fd_. |
105 std::string partial_output_line_; | 110 std::string partial_output_line_; |
106 // Time when ipsec was started. | 111 // Time when ipsec was started. |
107 base::TimeTicks start_ticks_; | 112 base::TimeTicks start_ticks_; |
108 // IPsec starter process. | 113 // IPsec starter process. |
109 scoped_ptr<chromeos::Process> starter_; | 114 scoped_ptr<chromeos::Process> starter_; |
110 }; | 115 }; |
111 | 116 |
112 #endif // _VPN_MANAGER_IPSEC_MANAGER_H_ | 117 #endif // _VPN_MANAGER_IPSEC_MANAGER_H_ |
OLD | NEW |