Chromium Code Reviews Chromium Code Reviews
Issue 932063003:
Add split tunnel interface to vpnProvider (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "extensions/browser/api/vpn_provider/vpn_provider_api.h" | 5 #include "extensions/browser/api/vpn_provider/vpn_provider_api.h" |
| 6 | 6 |
| 7 #include <vector> | 7 #include <vector> |
| 8 | 8 |
| 9 #include "base/bind.h" | 9 #include "base/bind.h" |
| 10 #include "base/logging.h" | 10 #include "base/logging.h" |
| 11 #include "base/memory/scoped_ptr.h" | 11 #include "base/memory/scoped_ptr.h" |
| 12 #include "base/strings/string_util.h" | 12 #include "base/strings/string_util.h" |
| 13 #include "base/values.h" | 13 #include "base/values.h" |
| 14 #include "extensions/browser/api/vpn_provider/vpn_service.h" | 14 #include "extensions/browser/api/vpn_provider/vpn_service.h" |
| 15 #include "extensions/browser/api/vpn_provider/vpn_service_factory.h" | 15 #include "extensions/browser/api/vpn_provider/vpn_service_factory.h" |
| 16 #include "extensions/common/api/vpn_provider.h" | 16 #include "extensions/common/api/vpn_provider.h" |
| 17 #include "third_party/cros_system_api/dbus/service_constants.h" | 17 #include "third_party/cros_system_api/dbus/service_constants.h" |
| 18 | 18 |
| 19 namespace extensions { | 19 namespace extensions { |
| 20 | 20 |
| 21 namespace { | 21 namespace { |
| 22 | 22 |
| 23 namespace api_vpn = extensions::core_api::vpn_provider; | 23 namespace api_vpn = extensions::core_api::vpn_provider; |
| 24 | 24 |
| 25 const char kCIDRSeperator[] = "/"; | 25 const char kCIDRSeperator[] = "/"; |
| 26 | 26 |
| 27 bool CheckIPCIDRSanity(const std::string& value, bool cidr, bool ipv6) { | |
| 28 int dots = ipv6 ? 0 : 3; | |
| 29 int sep = cidr ? 1 : 0; | |
| 30 int colon = ipv6 ? 7 : 0; | |
| 31 bool hex_allowed = ipv6; | |
|
bartfab (slow)
2015/02/20 14:56:37
Nit: const.
| |
| 32 int counter = 0; | |
| 33 | |
| 34 for (const auto& elem : value) { | |
| 35 if (IsAsciiDigit(elem)) { | |
| 36 counter++; | |
| 37 continue; | |
| 38 } | |
| 39 if (elem == '.') { | |
| 40 if (!dots) | |
| 41 return false; | |
| 42 dots--; | |
| 43 } else if (elem == kCIDRSeperator[0]) { | |
| 44 if (!sep || dots || colon == 7 || !counter) | |
| 45 return false; | |
| 46 // Separator observed, no more dots and colons, only digits are allowed | |
| 47 // after observing separator. So setting hex_allowed to false. | |
| 48 sep--; | |
| 49 counter = 0; | |
| 50 colon = 0; | |
|
bartfab (slow)
2015/02/20 14:56:37
Since you reset |colon| here, the entire (colon <
| |
| 51 hex_allowed = false; | |
| 52 } else if (elem == ':') { | |
| 53 if (!colon) | |
| 54 return false; | |
| 55 colon--; | |
| 56 } else if (!hex_allowed || !IsHexDigit(elem)) { | |
| 57 return false; | |
| 58 } else { | |
|
bartfab (slow)
2015/02/20 14:56:37
Nit: No else after return.
| |
| 59 counter++; | |
| 60 } | |
| 61 } | |
| 62 return !sep && !dots && (colon < 7) && counter; | |
| 63 } | |
| 64 | |
| 65 bool CheckIPCIDRSanityList(const std::vector<std::string>& list, | |
| 66 bool cidr, | |
| 67 bool ipv6) { | |
| 68 for (const auto& address : list) { | |
| 69 if (!CheckIPCIDRSanity(address, cidr, ipv6)) { | |
| 70 return false; | |
| 71 } | |
| 72 } | |
| 73 return true; | |
| 74 } | |
| 75 | |
| 27 void ConvertParameters(const api_vpn::Parameters& parameters, | 76 void ConvertParameters(const api_vpn::Parameters& parameters, |
| 28 base::DictionaryValue* parameter_value, | 77 base::DictionaryValue* parameter_value, |
| 29 std::string* error) { | 78 std::string* error) { |
| 30 std::vector<std::string> cidr_parts; | 79 if (!CheckIPCIDRSanity(parameters.address, true /* CIDR */, |
| 31 if (Tokenize(parameters.address, kCIDRSeperator, &cidr_parts) != 2) { | 80 false /*IPV4 */)) { |
| 32 *error = "Invalid CIDR address."; | 81 *error = "Address CIDR sanity check failed."; |
| 33 return; | 82 return; |
| 34 } | 83 } |
| 35 | 84 |
| 85 if (!CheckIPCIDRSanityList(parameters.exclusion_list, true /* CIDR */, | |
| 86 false /*IPV4 */)) { | |
| 87 *error = "Exclusion list CIDR sanity check failed."; | |
| 88 return; | |
| 89 } | |
| 90 | |
| 91 if (!CheckIPCIDRSanityList(parameters.inclusion_list, true /* CIDR */, | |
| 92 false /*IPV4 */)) { | |
| 93 *error = "Inclusion list CIDR sanity check failed."; | |
| 94 return; | |
| 95 } | |
| 96 | |
| 97 if (!CheckIPCIDRSanityList(parameters.dns_servers, false /* Not CIDR */, | |
| 98 false /*IPV4 */)) { | |
| 99 *error = "DNS server IP sanity check failed."; | |
| 100 return; | |
| 101 } | |
| 102 | |
| 103 std::vector<std::string> cidr_parts; | |
| 104 CHECK(Tokenize(parameters.address, kCIDRSeperator, &cidr_parts) == 2); | |
| 105 | |
| 36 parameter_value->SetStringWithoutPathExpansion( | 106 parameter_value->SetStringWithoutPathExpansion( |
| 37 shill::kAddressParameterThirdPartyVpn, cidr_parts[0]); | 107 shill::kAddressParameterThirdPartyVpn, cidr_parts[0]); |
| 38 | 108 |
| 39 parameter_value->SetStringWithoutPathExpansion( | 109 parameter_value->SetStringWithoutPathExpansion( |
| 40 shill::kSubnetPrefixParameterThirdPartyVpn, cidr_parts[1]); | 110 shill::kSubnetPrefixParameterThirdPartyVpn, cidr_parts[1]); |
| 41 | 111 |
| 42 parameter_value->SetStringWithoutPathExpansion( | 112 parameter_value->SetStringWithoutPathExpansion( |
| 43 shill::kBypassTunnelForIpParameterThirdPartyVpn, | 113 shill::kExclusionListParameterThirdPartyVpn, |
| 44 JoinString(parameters.bypass_tunnel_for_ip, shill::kIPDelimiter)); | 114 JoinString(parameters.exclusion_list, shill::kIPDelimiter)); |
| 115 | |
| 116 parameter_value->SetStringWithoutPathExpansion( | |
| 117 shill::kInclusionListParameterThirdPartyVpn, | |
| 118 JoinString(parameters.inclusion_list, shill::kIPDelimiter)); | |
| 45 | 119 |
| 46 if (parameters.mtu) { | 120 if (parameters.mtu) { |
| 47 parameter_value->SetStringWithoutPathExpansion( | 121 parameter_value->SetStringWithoutPathExpansion( |
| 48 shill::kMtuParameterThirdPartyVpn, *parameters.mtu); | 122 shill::kMtuParameterThirdPartyVpn, *parameters.mtu); |
| 49 } | 123 } |
| 50 | 124 |
| 51 if (parameters.broadcast_address) { | 125 if (parameters.broadcast_address) { |
| 52 parameter_value->SetStringWithoutPathExpansion( | 126 parameter_value->SetStringWithoutPathExpansion( |
| 53 shill::kBroadcastAddressParameterThirdPartyVpn, | 127 shill::kBroadcastAddressParameterThirdPartyVpn, |
| 54 *parameters.broadcast_address); | 128 *parameters.broadcast_address); |
| (...skipping 172 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 227 SignalCallCompletionSuccess, | 301 SignalCallCompletionSuccess, |
| 228 this), | 302 this), |
| 229 base::Bind(&VpnProviderNotifyConnectionStateChangedFunction:: | 303 base::Bind(&VpnProviderNotifyConnectionStateChangedFunction:: |
| 230 SignalCallCompletionFailure, | 304 SignalCallCompletionFailure, |
| 231 this)); | 305 this)); |
| 232 | 306 |
| 233 return RespondLater(); | 307 return RespondLater(); |
| 234 } | 308 } |
| 235 | 309 |
| 236 } // namespace extensions | 310 } // namespace extensions |
| OLD | NEW |
