1 // 2 // Copyright (C) 2012 The Android Open Source Project 3 // 4 // Licensed under the Apache License, Version 2.0 (the "License"); 5 // you may not use this file except in compliance with the License. 6 // You may obtain a copy of the License at 7 // 8 // http://www.apache.org/licenses/LICENSE-2.0 9 // 10 // Unless required by applicable law or agreed to in writing, software 11 // distributed under the License is distributed on an "AS IS" BASIS, 12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 // See the License for the specific language governing permissions and 14 // limitations under the License. 15 // 16 17 #include "shill/vpn/openvpn_driver.h" 18 19 #include <algorithm> 20 21 #include <base/files/file_path.h> 22 #include <base/files/file_util.h> 23 #include <base/files/scoped_temp_dir.h> 24 #include <base/strings/string_util.h> 25 #include <base/strings/stringprintf.h> 26 #if defined(__ANDROID__) 27 #include <dbus/service_constants.h> 28 #else 29 #include <chromeos/dbus/service_constants.h> 30 #endif // __ANDROID__ 31 #include <gtest/gtest.h> 32 33 #include "shill/error.h" 34 #include "shill/ipconfig.h" 35 #include "shill/logging.h" 36 #include "shill/mock_adaptors.h" 37 #include "shill/mock_certificate_file.h" 38 #include "shill/mock_device_info.h" 39 #include "shill/mock_event_dispatcher.h" 40 #include "shill/mock_manager.h" 41 #include "shill/mock_metrics.h" 42 #include "shill/mock_process_manager.h" 43 #include "shill/mock_service.h" 44 #include "shill/mock_store.h" 45 #include "shill/mock_virtual_device.h" 46 #include "shill/nice_mock_control.h" 47 #include "shill/rpc_task.h" 48 #include "shill/technology.h" 49 #include "shill/virtual_device.h" 50 #include "shill/vpn/mock_openvpn_management_server.h" 51 #include "shill/vpn/mock_vpn_service.h" 52 #include "shill/vpn/vpn_service.h" 53 54 using base::FilePath; 55 using base::WeakPtr; 56 using std::map; 57 using std::string; 58 using std::vector; 59 using testing::_; 60 using testing::AnyNumber; 61 using testing::DoAll; 62 using testing::ElementsAreArray; 63 using testing::Field; 64 using testing::Mock; 65 using testing::Ne; 66 using testing::NiceMock; 67 using testing::Return; 68 using testing::SetArgumentPointee; 69 using testing::StrictMock; 70 71 namespace shill { 72 73 struct AuthenticationExpectations { 74 AuthenticationExpectations() 75 : remote_authentication_type(Metrics::kVpnRemoteAuthenticationTypeMax) {} 76 AuthenticationExpectations( 77 const string& ca_cert_in, 78 const string& client_cert_in, 79 const string& user_in, 80 const string& otp_in, 81 const string& token_in, 82 Metrics::VpnRemoteAuthenticationType remote_authentication_type_in, 83 const vector<Metrics::VpnUserAuthenticationType> 84 &user_authentication_types_in) 85 : ca_cert(ca_cert_in), 86 client_cert(client_cert_in), 87 user(user_in), 88 otp(otp_in), 89 token(token_in), 90 remote_authentication_type(remote_authentication_type_in), 91 user_authentication_types(user_authentication_types_in) {} 92 string ca_cert; 93 string client_cert; 94 string user; 95 string otp; 96 string token; 97 Metrics::VpnRemoteAuthenticationType remote_authentication_type; 98 vector<Metrics::VpnUserAuthenticationType> user_authentication_types; 99 }; 100 101 class OpenVPNDriverTest 102 : public testing::TestWithParam<AuthenticationExpectations>, 103 public RPCTaskDelegate { 104 public: 105 OpenVPNDriverTest() 106 : device_info_(&control_, &dispatcher_, &metrics_, &manager_), 107 metrics_(&dispatcher_), 108 manager_(&control_, &dispatcher_, &metrics_), 109 driver_(new OpenVPNDriver(&control_, &dispatcher_, &metrics_, &manager_, 110 &device_info_, &process_manager_)), 111 service_(new MockVPNService(&control_, &dispatcher_, &metrics_, 112 &manager_, driver_)), 113 device_(new MockVirtualDevice( 114 &control_, &dispatcher_, &metrics_, &manager_, 115 kInterfaceName, kInterfaceIndex, Technology::kVPN)), 116 certificate_file_(new MockCertificateFile()), 117 extra_certificates_file_(new MockCertificateFile()), 118 management_server_(new NiceMock<MockOpenVPNManagementServer>()) { 119 driver_->management_server_.reset(management_server_); 120 driver_->certificate_file_.reset(certificate_file_); // Passes ownership. 121 driver_->extra_certificates_file_.reset( 122 extra_certificates_file_); // Passes ownership. 123 CHECK(temporary_directory_.CreateUniqueTempDir()); 124 driver_->openvpn_config_directory_ = 125 temporary_directory_.path().Append(kOpenVPNConfigDirectory); 126 } 127 128 virtual ~OpenVPNDriverTest() {} 129 130 virtual void TearDown() { 131 driver_->default_service_callback_tag_ = 0; 132 driver_->pid_ = 0; 133 driver_->device_ = nullptr; 134 driver_->service_ = nullptr; 135 if (!lsb_release_file_.empty()) { 136 EXPECT_TRUE(base::DeleteFile(lsb_release_file_, false)); 137 lsb_release_file_.clear(); 138 } 139 } 140 141 protected: 142 static const char kOption[]; 143 static const char kProperty[]; 144 static const char kValue[]; 145 static const char kOption2[]; 146 static const char kProperty2[]; 147 static const char kValue2[]; 148 static const char kGateway1[]; 149 static const char kNetmask1[]; 150 static const char kNetwork1[]; 151 static const char kGateway2[]; 152 static const char kNetmask2[]; 153 static const char kNetwork2[]; 154 static const char kInterfaceName[]; 155 static const int kInterfaceIndex; 156 static const char kOpenVPNConfigDirectory[]; 157 158 void SetArg(const string& arg, const string& value) { 159 driver_->args()->SetString(arg, value); 160 } 161 162 void SetArgArray(const string& arg, const vector<string>& value) { 163 driver_->args()->SetStrings(arg, value); 164 } 165 166 KeyValueStore* GetArgs() { 167 return driver_->args(); 168 } 169 170 KeyValueStore GetProviderProperties(const PropertyStore& store) { 171 KeyValueStore props; 172 Error error; 173 EXPECT_TRUE( 174 store.GetKeyValueStoreProperty(kProviderProperty, &props, &error)); 175 return props; 176 } 177 178 void RemoveStringArg(const string& arg) { 179 driver_->args()->RemoveString(arg); 180 } 181 182 const ServiceRefPtr& GetSelectedService() { 183 return device_->selected_service(); 184 } 185 186 bool InitManagementChannelOptions( 187 vector<vector<string>>* options, Error* error) { 188 return driver_->InitManagementChannelOptions(options, error); 189 } 190 191 Sockets* GetSockets() { 192 return &driver_->sockets_; 193 } 194 195 void SetDevice(const VirtualDeviceRefPtr& device) { 196 driver_->device_ = device; 197 } 198 199 void SetService(const VPNServiceRefPtr& service) { 200 driver_->service_ = service; 201 } 202 203 VPNServiceRefPtr GetService() { 204 return driver_->service_; 205 } 206 207 void OnConnectionDisconnected() { 208 driver_->OnConnectionDisconnected(); 209 } 210 211 void OnConnectTimeout() { 212 driver_->OnConnectTimeout(); 213 } 214 215 void StartConnectTimeout(int timeout_seconds) { 216 driver_->StartConnectTimeout(timeout_seconds); 217 } 218 219 bool IsConnectTimeoutStarted() { 220 return driver_->IsConnectTimeoutStarted(); 221 } 222 223 static int GetDefaultConnectTimeoutSeconds() { 224 return OpenVPNDriver::kDefaultConnectTimeoutSeconds; 225 } 226 227 static int GetReconnectOfflineTimeoutSeconds() { 228 return OpenVPNDriver::kReconnectOfflineTimeoutSeconds; 229 } 230 231 static int GetReconnectTLSErrorTimeoutSeconds() { 232 return OpenVPNDriver::kReconnectTLSErrorTimeoutSeconds; 233 } 234 235 static int GetReconnectTimeoutSeconds(OpenVPNDriver::ReconnectReason reason) { 236 return OpenVPNDriver::GetReconnectTimeoutSeconds(reason); 237 } 238 239 void SetClientState(const string& state) { 240 management_server_->state_ = state; 241 } 242 243 // Used to assert that a flag appears in the options. 244 void ExpectInFlags(const vector<vector<string>>& options, const string& flag); 245 void ExpectInFlags(const vector<vector<string>>& options, const string& flag, 246 const string& value); 247 void ExpectInFlags(const vector<vector<string>>& options, 248 const vector<string>& arguments); 249 void ExpectNotInFlags(const vector<vector<string>>& options, 250 const string& flag); 251 252 void SetupLSBRelease(); 253 254 // Inherited from RPCTaskDelegate. 255 virtual void GetLogin(string* user, string* password); 256 virtual void Notify(const string& reason, const map<string, string>& dict); 257 258 NiceMockControl control_; 259 NiceMock<MockDeviceInfo> device_info_; 260 MockEventDispatcher dispatcher_; 261 MockMetrics metrics_; 262 MockProcessManager process_manager_; 263 MockManager manager_; 264 OpenVPNDriver* driver_; // Owned by |service_|. 265 scoped_refptr<MockVPNService> service_; 266 scoped_refptr<MockVirtualDevice> device_; 267 MockCertificateFile* certificate_file_; // Owned by |driver_|. 268 MockCertificateFile* extra_certificates_file_; // Owned by |driver_|. 269 base::ScopedTempDir temporary_directory_; 270 271 // Owned by |driver_|. 272 NiceMock<MockOpenVPNManagementServer>* management_server_; 273 274 FilePath lsb_release_file_; 275 }; 276 277 const char OpenVPNDriverTest::kOption[] = "openvpn-option"; 278 const char OpenVPNDriverTest::kProperty[] = "OpenVPN.SomeProperty"; 279 const char OpenVPNDriverTest::kValue[] = "some-property-value"; 280 const char OpenVPNDriverTest::kOption2[] = "openvpn-option2"; 281 const char OpenVPNDriverTest::kProperty2[] = "OpenVPN.SomeProperty2"; 282 const char OpenVPNDriverTest::kValue2[] = "some-property-value2"; 283 const char OpenVPNDriverTest::kGateway1[] = "10.242.2.13"; 284 const char OpenVPNDriverTest::kNetmask1[] = "255.255.255.255"; 285 const char OpenVPNDriverTest::kNetwork1[] = "10.242.2.1"; 286 const char OpenVPNDriverTest::kGateway2[] = "10.242.2.14"; 287 const char OpenVPNDriverTest::kNetmask2[] = "255.255.0.0"; 288 const char OpenVPNDriverTest::kNetwork2[] = "192.168.0.0"; 289 const char OpenVPNDriverTest::kInterfaceName[] = "tun0"; 290 const int OpenVPNDriverTest::kInterfaceIndex = 123; 291 const char OpenVPNDriverTest::kOpenVPNConfigDirectory[] = "openvpn"; 292 293 void OpenVPNDriverTest::GetLogin(string* /*user*/, string* /*password*/) {} 294 295 void OpenVPNDriverTest::Notify(const string& /*reason*/, 296 const map<string, string>& /*dict*/) {} 297 298 void OpenVPNDriverTest::ExpectInFlags(const vector<vector<string>>& options, 299 const string& flag) { 300 ExpectInFlags(options, vector<string> { flag }); 301 } 302 303 void OpenVPNDriverTest::ExpectInFlags(const vector<vector<string>>& options, 304 const string& flag, 305 const string& value) { 306 ExpectInFlags(options, vector<string> { flag, value }); 307 } 308 309 void OpenVPNDriverTest::ExpectInFlags(const vector<vector<string>>& options, 310 const vector<string>& arguments) { 311 EXPECT_TRUE(std::find(options.begin(), options.end(), arguments) != 312 options.end()); 313 } 314 315 void OpenVPNDriverTest::ExpectNotInFlags(const vector<vector<string>>& options, 316 const string& flag) { 317 for (const auto& option : options) { 318 EXPECT_NE(flag, option[0]); 319 } 320 } 321 322 void OpenVPNDriverTest::SetupLSBRelease() { 323 static const char kLSBReleaseContents[] = 324 "\n" 325 "=\n" 326 "foo=\n" 327 "=bar\n" 328 "zoo==\n" 329 "CHROMEOS_RELEASE_BOARD=x86-alex\n" 330 "CHROMEOS_RELEASE_NAME=Chromium OS\n" 331 "CHROMEOS_RELEASE_VERSION=2202.0\n"; 332 EXPECT_TRUE(base::CreateTemporaryFile(&lsb_release_file_)); 333 EXPECT_EQ(arraysize(kLSBReleaseContents), 334 base::WriteFile(lsb_release_file_, 335 kLSBReleaseContents, 336 arraysize(kLSBReleaseContents))); 337 EXPECT_EQ(OpenVPNDriver::kLSBReleaseFile, driver_->lsb_release_file_.value()); 338 driver_->lsb_release_file_ = lsb_release_file_; 339 } 340 341 TEST_F(OpenVPNDriverTest, Connect) { 342 EXPECT_CALL(*service_, SetState(Service::kStateConfiguring)); 343 const string interface = kInterfaceName; 344 EXPECT_CALL(device_info_, CreateTunnelInterface(_)) 345 .WillOnce(DoAll(SetArgumentPointee<0>(interface), Return(true))); 346 Error error; 347 driver_->Connect(service_, &error); 348 EXPECT_TRUE(error.IsSuccess()); 349 EXPECT_EQ(kInterfaceName, driver_->tunnel_interface_); 350 EXPECT_TRUE(driver_->IsConnectTimeoutStarted()); 351 } 352 353 TEST_F(OpenVPNDriverTest, ConnectTunnelFailure) { 354 EXPECT_CALL(*service_, SetState(Service::kStateConfiguring)); 355 EXPECT_CALL(device_info_, CreateTunnelInterface(_)).WillOnce(Return(false)); 356 EXPECT_CALL(*service_, SetFailure(Service::kFailureInternal)); 357 Error error; 358 driver_->Connect(service_, &error); 359 EXPECT_EQ(Error::kInternalError, error.type()); 360 EXPECT_TRUE(driver_->tunnel_interface_.empty()); 361 EXPECT_FALSE(driver_->IsConnectTimeoutStarted()); 362 } 363 364 namespace { 365 MATCHER_P(IsIPAddress, address, "") { 366 IPAddress ip_address(IPAddress::kFamilyIPv4); 367 EXPECT_TRUE(ip_address.SetAddressFromString(address)); 368 return ip_address.Equals(arg); 369 } 370 } // namespace 371 372 TEST_F(OpenVPNDriverTest, Notify) { 373 map<string, string> config; 374 driver_->service_ = service_; 375 driver_->device_ = device_; 376 StartConnectTimeout(0); 377 EXPECT_CALL(*device_, 378 UpdateIPConfig(Field(&IPConfig::Properties::address, ""))); 379 driver_->Notify("up", config); 380 EXPECT_FALSE(driver_->IsConnectTimeoutStarted()); 381 EXPECT_TRUE(GetSelectedService().get() == service_.get()); 382 383 // Tests that existing properties are reused if no new ones provided. 384 driver_->ip_properties_.address = "1.2.3.4"; 385 EXPECT_CALL(*device_, 386 UpdateIPConfig(Field(&IPConfig::Properties::address, "1.2.3.4"))); 387 driver_->Notify("up", config); 388 } 389 390 TEST_P(OpenVPNDriverTest, NotifyUMA) { 391 map<string, string> config; 392 driver_->service_ = service_; 393 driver_->device_ = device_; 394 395 // Check that UMA metrics are emitted on Notify. 396 EXPECT_CALL(*device_, UpdateIPConfig(_)); 397 EXPECT_CALL(metrics_, SendEnumToUMA( 398 Metrics::kMetricVpnDriver, 399 Metrics::kVpnDriverOpenVpn, 400 Metrics::kMetricVpnDriverMax)); 401 EXPECT_CALL(metrics_, SendEnumToUMA( 402 Metrics::kMetricVpnRemoteAuthenticationType, 403 GetParam().remote_authentication_type, 404 Metrics::kVpnRemoteAuthenticationTypeMax)); 405 for (const auto& authentication_type : GetParam().user_authentication_types) { 406 EXPECT_CALL(metrics_, SendEnumToUMA( 407 Metrics::kMetricVpnUserAuthenticationType, 408 authentication_type, 409 Metrics::kVpnUserAuthenticationTypeMax)); 410 } 411 412 Error unused_error; 413 PropertyStore store; 414 driver_->InitPropertyStore(&store); 415 if (!GetParam().ca_cert.empty()) { 416 store.SetStringsProperty(kOpenVPNCaCertPemProperty, 417 vector<string>{ GetParam().ca_cert }, 418 &unused_error); 419 } 420 if (!GetParam().client_cert.empty()) { 421 store.SetStringProperty(kOpenVPNClientCertIdProperty, 422 GetParam().client_cert, 423 &unused_error); 424 } 425 if (!GetParam().user.empty()) { 426 store.SetStringProperty(kOpenVPNUserProperty, GetParam().user, 427 &unused_error); 428 } 429 if (!GetParam().otp.empty()) { 430 store.SetStringProperty(kOpenVPNOTPProperty, GetParam().otp, &unused_error); 431 } 432 if (!GetParam().token.empty()) { 433 store.SetStringProperty(kOpenVPNTokenProperty, GetParam().token, 434 &unused_error); 435 } 436 driver_->Notify("up", config); 437 Mock::VerifyAndClearExpectations(&metrics_); 438 } 439 440 INSTANTIATE_TEST_CASE_P( 441 OpenVPNDriverAuthenticationTypes, 442 OpenVPNDriverTest, 443 ::testing::Values( 444 AuthenticationExpectations( 445 "", "", "", "", "", 446 Metrics::kVpnRemoteAuthenticationTypeOpenVpnDefault, 447 vector<Metrics::VpnUserAuthenticationType> { 448 Metrics::kVpnUserAuthenticationTypeOpenVpnNone }), 449 AuthenticationExpectations( 450 "", "client_cert", "", "", "", 451 Metrics::kVpnRemoteAuthenticationTypeOpenVpnDefault, 452 vector<Metrics::VpnUserAuthenticationType> { 453 Metrics::kVpnUserAuthenticationTypeOpenVpnCertificate }), 454 AuthenticationExpectations( 455 "", "client_cert", "user", "", "", 456 Metrics::kVpnRemoteAuthenticationTypeOpenVpnDefault, 457 vector<Metrics::VpnUserAuthenticationType> { 458 Metrics::kVpnUserAuthenticationTypeOpenVpnCertificate, 459 Metrics::kVpnUserAuthenticationTypeOpenVpnUsernamePassword }), 460 AuthenticationExpectations( 461 "", "", "user", "", "", 462 Metrics::kVpnRemoteAuthenticationTypeOpenVpnDefault, 463 vector<Metrics::VpnUserAuthenticationType> { 464 Metrics::kVpnUserAuthenticationTypeOpenVpnUsernamePassword }), 465 AuthenticationExpectations( 466 "", "client_cert", "user", "otp", "", 467 Metrics::kVpnRemoteAuthenticationTypeOpenVpnDefault, 468 vector<Metrics::VpnUserAuthenticationType> { 469 Metrics::kVpnUserAuthenticationTypeOpenVpnCertificate, 470 Metrics::kVpnUserAuthenticationTypeOpenVpnUsernamePassword, 471 Metrics::kVpnUserAuthenticationTypeOpenVpnUsernamePasswordOtp }), 472 AuthenticationExpectations( 473 "", "client_cert", "user", "otp", "token", 474 Metrics::kVpnRemoteAuthenticationTypeOpenVpnDefault, 475 vector<Metrics::VpnUserAuthenticationType> { 476 Metrics::kVpnUserAuthenticationTypeOpenVpnCertificate, 477 Metrics::kVpnUserAuthenticationTypeOpenVpnUsernamePassword, 478 Metrics::kVpnUserAuthenticationTypeOpenVpnUsernamePasswordOtp, 479 Metrics::kVpnUserAuthenticationTypeOpenVpnUsernameToken }), 480 AuthenticationExpectations( 481 "ca_cert", "client_cert", "user", "otp", "token", 482 Metrics::kVpnRemoteAuthenticationTypeOpenVpnCertificate, 483 vector<Metrics::VpnUserAuthenticationType> { 484 Metrics::kVpnUserAuthenticationTypeOpenVpnCertificate, 485 Metrics::kVpnUserAuthenticationTypeOpenVpnUsernamePassword, 486 Metrics::kVpnUserAuthenticationTypeOpenVpnUsernamePasswordOtp, 487 Metrics::kVpnUserAuthenticationTypeOpenVpnUsernameToken }))); 488 489 TEST_F(OpenVPNDriverTest, NotifyFail) { 490 map<string, string> dict; 491 driver_->device_ = device_; 492 StartConnectTimeout(0); 493 EXPECT_CALL(*device_, DropConnection()); 494 driver_->Notify("fail", dict); 495 EXPECT_TRUE(driver_->IsConnectTimeoutStarted()); 496 } 497 498 TEST_F(OpenVPNDriverTest, GetRouteOptionEntry) { 499 OpenVPNDriver::RouteOptions routes; 500 EXPECT_EQ(nullptr, OpenVPNDriver::GetRouteOptionEntry("foo", "bar", &routes)); 501 EXPECT_TRUE(routes.empty()); 502 EXPECT_EQ(nullptr, OpenVPNDriver::GetRouteOptionEntry("foo", "foo", &routes)); 503 EXPECT_TRUE(routes.empty()); 504 EXPECT_EQ(nullptr, 505 OpenVPNDriver::GetRouteOptionEntry("foo", "fooz", &routes)); 506 EXPECT_TRUE(routes.empty()); 507 IPConfig::Route* route = 508 OpenVPNDriver::GetRouteOptionEntry("foo", "foo12", &routes); 509 EXPECT_EQ(1, routes.size()); 510 EXPECT_EQ(route, &routes[12]); 511 route = OpenVPNDriver::GetRouteOptionEntry("foo", "foo13", &routes); 512 EXPECT_EQ(2, routes.size()); 513 EXPECT_EQ(route, &routes[13]); 514 } 515 516 TEST_F(OpenVPNDriverTest, ParseRouteOption) { 517 OpenVPNDriver::RouteOptions routes; 518 OpenVPNDriver::ParseRouteOption("foo", "bar", &routes); 519 EXPECT_TRUE(routes.empty()); 520 OpenVPNDriver::ParseRouteOption("gateway_2", kGateway2, &routes); 521 OpenVPNDriver::ParseRouteOption("netmask_2", kNetmask2, &routes); 522 OpenVPNDriver::ParseRouteOption("network_2", kNetwork2, &routes); 523 EXPECT_EQ(1, routes.size()); 524 OpenVPNDriver::ParseRouteOption("gateway_1", kGateway1, &routes); 525 OpenVPNDriver::ParseRouteOption("netmask_1", kNetmask1, &routes); 526 OpenVPNDriver::ParseRouteOption("network_1", kNetwork1, &routes); 527 EXPECT_EQ(2, routes.size()); 528 EXPECT_EQ(kGateway1, routes[1].gateway); 529 EXPECT_EQ(kNetmask1, routes[1].netmask); 530 EXPECT_EQ(kNetwork1, routes[1].host); 531 EXPECT_EQ(kGateway2, routes[2].gateway); 532 EXPECT_EQ(kNetmask2, routes[2].netmask); 533 EXPECT_EQ(kNetwork2, routes[2].host); 534 } 535 536 TEST_F(OpenVPNDriverTest, SetRoutes) { 537 OpenVPNDriver::RouteOptions routes; 538 routes[1].gateway = "1.2.3.4"; 539 routes[1].host = "1.2.3.4"; 540 routes[2].host = "2.3.4.5"; 541 routes[2].netmask = "255.0.0.0"; 542 routes[3].netmask = "255.0.0.0"; 543 routes[3].gateway = "1.2.3.5"; 544 routes[5].host = kNetwork2; 545 routes[5].netmask = kNetmask2; 546 routes[5].gateway = kGateway2; 547 routes[4].host = kNetwork1; 548 routes[4].netmask = kNetmask1; 549 routes[4].gateway = kGateway1; 550 IPConfig::Properties props; 551 OpenVPNDriver::SetRoutes(routes, &props); 552 ASSERT_EQ(2, props.routes.size()); 553 EXPECT_EQ(kGateway1, props.routes[0].gateway); 554 EXPECT_EQ(kNetmask1, props.routes[0].netmask); 555 EXPECT_EQ(kNetwork1, props.routes[0].host); 556 EXPECT_EQ(kGateway2, props.routes[1].gateway); 557 EXPECT_EQ(kNetmask2, props.routes[1].netmask); 558 EXPECT_EQ(kNetwork2, props.routes[1].host); 559 560 // Tests that the routes are not reset if no new routes are supplied. 561 OpenVPNDriver::SetRoutes(OpenVPNDriver::RouteOptions(), &props); 562 EXPECT_EQ(2, props.routes.size()); 563 } 564 565 TEST_F(OpenVPNDriverTest, SplitPortFromHost) { 566 string name, port; 567 EXPECT_FALSE(OpenVPNDriver::SplitPortFromHost("", nullptr, nullptr)); 568 EXPECT_FALSE(OpenVPNDriver::SplitPortFromHost("", &name, &port)); 569 EXPECT_FALSE(OpenVPNDriver::SplitPortFromHost("v.com", &name, &port)); 570 EXPECT_FALSE(OpenVPNDriver::SplitPortFromHost("v.com:", &name, &port)); 571 EXPECT_FALSE(OpenVPNDriver::SplitPortFromHost(":1234", &name, &port)); 572 EXPECT_FALSE(OpenVPNDriver::SplitPortFromHost("v.com:f:1234", &name, &port)); 573 EXPECT_FALSE(OpenVPNDriver::SplitPortFromHost("v.com:x", &name, &port)); 574 EXPECT_FALSE(OpenVPNDriver::SplitPortFromHost("v.com:-1", &name, &port)); 575 EXPECT_FALSE(OpenVPNDriver::SplitPortFromHost("v.com:+1", &name, &port)); 576 EXPECT_FALSE(OpenVPNDriver::SplitPortFromHost("v.com:65536", &name, &port)); 577 EXPECT_TRUE(OpenVPNDriver::SplitPortFromHost("v.com:0", &name, &port)); 578 EXPECT_EQ("v.com", name); 579 EXPECT_EQ("0", port); 580 EXPECT_TRUE(OpenVPNDriver::SplitPortFromHost("w.com:65535", &name, &port)); 581 EXPECT_EQ("w.com", name); 582 EXPECT_EQ("65535", port); 583 EXPECT_TRUE(OpenVPNDriver::SplitPortFromHost("x.com:12345", &name, &port)); 584 EXPECT_EQ("x.com", name); 585 EXPECT_EQ("12345", port); 586 } 587 588 TEST_F(OpenVPNDriverTest, ParseForeignOption) { 589 vector<string> domain_search; 590 vector<string> dns_servers; 591 IPConfig::Properties props; 592 OpenVPNDriver::ParseForeignOption("", &domain_search, &dns_servers); 593 OpenVPNDriver::ParseForeignOption( 594 "dhcp-option DOMAIN", &domain_search, &dns_servers); 595 OpenVPNDriver::ParseForeignOption( 596 "dhcp-option DOMAIN zzz.com foo", &domain_search, &dns_servers); 597 OpenVPNDriver::ParseForeignOption( 598 "dhcp-Option DOmAIN xyz.com", &domain_search, &dns_servers); 599 ASSERT_EQ(1, domain_search.size()); 600 EXPECT_EQ("xyz.com", domain_search[0]); 601 OpenVPNDriver::ParseForeignOption( 602 "dhcp-option DnS 1.2.3.4", &domain_search, &dns_servers); 603 ASSERT_EQ(1, dns_servers.size()); 604 EXPECT_EQ("1.2.3.4", dns_servers[0]); 605 } 606 607 TEST_F(OpenVPNDriverTest, ParseForeignOptions) { 608 // This also tests that std::map is a sorted container. 609 map<int, string> options; 610 options[5] = "dhcp-option DOMAIN five.com"; 611 options[2] = "dhcp-option DOMAIN two.com"; 612 options[8] = "dhcp-option DOMAIN eight.com"; 613 options[7] = "dhcp-option DOMAIN seven.com"; 614 options[4] = "dhcp-option DOMAIN four.com"; 615 options[10] = "dhcp-option dns 1.2.3.4"; 616 IPConfig::Properties props; 617 OpenVPNDriver::ParseForeignOptions(options, &props); 618 ASSERT_EQ(5, props.domain_search.size()); 619 EXPECT_EQ("two.com", props.domain_search[0]); 620 EXPECT_EQ("four.com", props.domain_search[1]); 621 EXPECT_EQ("five.com", props.domain_search[2]); 622 EXPECT_EQ("seven.com", props.domain_search[3]); 623 EXPECT_EQ("eight.com", props.domain_search[4]); 624 ASSERT_EQ(1, props.dns_servers.size()); 625 EXPECT_EQ("1.2.3.4", props.dns_servers[0]); 626 627 // Test that the DNS properties are not updated if no new DNS properties are 628 // supplied. 629 OpenVPNDriver::ParseForeignOptions(map<int, string>(), &props); 630 EXPECT_EQ(5, props.domain_search.size()); 631 ASSERT_EQ(1, props.dns_servers.size()); 632 } 633 634 TEST_F(OpenVPNDriverTest, ParseIPConfiguration) { 635 map<string, string> config; 636 IPConfig::Properties props; 637 638 driver_->ParseIPConfiguration(config, &props); 639 EXPECT_EQ(IPAddress::kFamilyIPv4, props.address_family); 640 EXPECT_EQ(32, props.subnet_prefix); 641 642 props.subnet_prefix = 18; 643 driver_->ParseIPConfiguration(config, &props); 644 EXPECT_EQ(18, props.subnet_prefix); 645 646 // An "ifconfig_remote" parameter that looks like a netmask should be 647 // applied to the subnet prefix instead of to the peer address. 648 config["ifconfig_remotE"] = "255.255.0.0"; 649 driver_->ParseIPConfiguration(config, &props); 650 EXPECT_EQ(16, props.subnet_prefix); 651 EXPECT_EQ("", props.peer_address); 652 653 config["ifconfig_loCal"] = "4.5.6.7"; 654 config["ifconfiG_broadcast"] = "1.2.255.255"; 655 config["ifconFig_netmAsk"] = "255.255.255.0"; 656 config["ifconfig_remotE"] = "33.44.55.66"; 657 config["route_vpN_gateway"] = "192.168.1.1"; 658 config["trusted_ip"] = "99.88.77.66"; 659 config["tun_mtu"] = "1000"; 660 config["foreign_option_2"] = "dhcp-option DNS 4.4.4.4"; 661 config["foreign_option_1"] = "dhcp-option DNS 1.1.1.1"; 662 config["foreign_option_3"] = "dhcp-option DNS 2.2.2.2"; 663 config["route_network_2"] = kNetwork2; 664 config["route_network_1"] = kNetwork1; 665 config["route_netmask_2"] = kNetmask2; 666 config["route_netmask_1"] = kNetmask1; 667 config["route_gateway_2"] = kGateway2; 668 config["route_gateway_1"] = kGateway1; 669 config["foo"] = "bar"; 670 driver_->ParseIPConfiguration(config, &props); 671 EXPECT_EQ(IPAddress::kFamilyIPv4, props.address_family); 672 EXPECT_EQ("4.5.6.7", props.address); 673 EXPECT_EQ("1.2.255.255", props.broadcast_address); 674 EXPECT_EQ(24, props.subnet_prefix); 675 EXPECT_EQ("33.44.55.66", props.peer_address); 676 EXPECT_EQ("192.168.1.1", props.gateway); 677 EXPECT_EQ("99.88.77.66/32", props.exclusion_list[0]); 678 EXPECT_EQ(1, props.exclusion_list.size()); 679 EXPECT_EQ(1000, props.mtu); 680 ASSERT_EQ(3, props.dns_servers.size()); 681 EXPECT_EQ("1.1.1.1", props.dns_servers[0]); 682 EXPECT_EQ("4.4.4.4", props.dns_servers[1]); 683 EXPECT_EQ("2.2.2.2", props.dns_servers[2]); 684 ASSERT_EQ(2, props.routes.size()); 685 EXPECT_EQ(kGateway1, props.routes[0].gateway); 686 EXPECT_EQ(kNetmask1, props.routes[0].netmask); 687 EXPECT_EQ(kNetwork1, props.routes[0].host); 688 EXPECT_EQ(kGateway2, props.routes[1].gateway); 689 EXPECT_EQ(kNetmask2, props.routes[1].netmask); 690 EXPECT_EQ(kNetwork2, props.routes[1].host); 691 EXPECT_FALSE(props.blackhole_ipv6); 692 693 // If the driver is configured to ignore the gateway provided, it will 694 // not set the "gateway" property for the properties, however the 695 // explicitly supplied routes should still be set. 696 SetArg(kOpenVPNIgnoreDefaultRouteProperty, "some value"); 697 IPConfig::Properties props_without_gateway; 698 driver_->ParseIPConfiguration(config, &props_without_gateway); 699 EXPECT_EQ(kGateway1, props_without_gateway.routes[0].gateway); 700 EXPECT_EQ("", props_without_gateway.gateway); 701 702 // A pushed redirect flag should override the IgnoreDefaultRoute property. 703 config["redirect_gateway"] = "def1"; 704 IPConfig::Properties props_with_override; 705 driver_->ParseIPConfiguration(config, &props_with_override); 706 EXPECT_EQ("192.168.1.1", props_with_override.gateway); 707 } 708 709 TEST_F(OpenVPNDriverTest, InitOptionsNoHost) { 710 Error error; 711 vector<vector<string>> options; 712 driver_->InitOptions(&options, &error); 713 EXPECT_EQ(Error::kInvalidArguments, error.type()); 714 EXPECT_TRUE(options.empty()); 715 } 716 717 TEST_F(OpenVPNDriverTest, InitOptions) { 718 static const char kHost[] = "192.168.2.254"; 719 static const char kTLSAuthContents[] = "SOME-RANDOM-CONTENTS\n"; 720 static const char kID[] = "TestPKCS11ID"; 721 static const char kKU0[] = "00"; 722 static const char kKU1[] = "01"; 723 FilePath empty_cert; 724 SetArg(kProviderHostProperty, kHost); 725 SetArg(kOpenVPNTLSAuthContentsProperty, kTLSAuthContents); 726 SetArg(kOpenVPNClientCertIdProperty, kID); 727 SetArg(kOpenVPNRemoteCertKUProperty, string(kKU0) + " " + string(kKU1)); 728 driver_->rpc_task_.reset(new RPCTask(&control_, this)); 729 driver_->tunnel_interface_ = kInterfaceName; 730 EXPECT_CALL(*management_server_, Start(_, _, _)).WillOnce(Return(true)); 731 EXPECT_CALL(manager_, IsConnected()).WillOnce(Return(false)); 732 733 Error error; 734 vector<vector<string>> options; 735 driver_->InitOptions(&options, &error); 736 EXPECT_TRUE(error.IsSuccess()); 737 EXPECT_EQ(vector<string> { "client" }, options[0]); 738 ExpectInFlags(options, "remote", kHost); 739 ExpectInFlags(options, vector<string> { "setenv", kRPCTaskPathVariable, 740 RPCTaskMockAdaptor::kRpcId }); 741 ExpectInFlags(options, "dev", kInterfaceName); 742 ExpectInFlags(options, "group", "openvpn"); 743 EXPECT_EQ(kInterfaceName, driver_->tunnel_interface_); 744 ASSERT_FALSE(driver_->tls_auth_file_.empty()); 745 ExpectInFlags(options, "tls-auth", driver_->tls_auth_file_.value()); 746 string contents; 747 EXPECT_TRUE(base::ReadFileToString(driver_->tls_auth_file_, &contents)); 748 EXPECT_EQ(kTLSAuthContents, contents); 749 ExpectInFlags(options, "pkcs11-id", kID); 750 ExpectInFlags(options, "ca", OpenVPNDriver::kDefaultCACertificates); 751 ExpectInFlags(options, "syslog"); 752 ExpectNotInFlags(options, "auth-user-pass"); 753 ExpectInFlags(options, vector<string> { "remote-cert-ku", kKU0, kKU1 }); 754 } 755 756 TEST_F(OpenVPNDriverTest, InitOptionsHostWithPort) { 757 SetArg(kProviderHostProperty, "v.com:1234"); 758 driver_->rpc_task_.reset(new RPCTask(&control_, this)); 759 driver_->tunnel_interface_ = kInterfaceName; 760 EXPECT_CALL(*management_server_, Start(_, _, _)).WillOnce(Return(true)); 761 EXPECT_CALL(manager_, IsConnected()).WillOnce(Return(false)); 762 763 Error error; 764 vector<vector<string>> options; 765 driver_->InitOptions(&options, &error); 766 EXPECT_TRUE(error.IsSuccess()); 767 ExpectInFlags(options, vector<string> { "remote", "v.com", "1234" }); 768 } 769 770 TEST_F(OpenVPNDriverTest, InitCAOptions) { 771 static const char kHost[] = "192.168.2.254"; 772 static const char kCaCert[] = "foo"; 773 static const char kCaCertNSS[] = "{1234}"; 774 775 Error error; 776 vector<vector<string>> options; 777 EXPECT_TRUE(driver_->InitCAOptions(&options, &error)); 778 EXPECT_TRUE(error.IsSuccess()); 779 ExpectInFlags(options, "ca", OpenVPNDriver::kDefaultCACertificates); 780 781 options.clear(); 782 SetArg(kOpenVPNCaCertProperty, kCaCert); 783 EXPECT_TRUE(driver_->InitCAOptions(&options, &error)); 784 ExpectInFlags(options, "ca", kCaCert); 785 EXPECT_TRUE(error.IsSuccess()); 786 787 // We should ignore the CaCertNSS property. 788 SetArg(kOpenVPNCaCertNSSProperty, kCaCertNSS); 789 EXPECT_TRUE(driver_->InitCAOptions(&options, &error)); 790 ExpectInFlags(options, "ca", kCaCert); 791 EXPECT_TRUE(error.IsSuccess()); 792 793 SetArg(kOpenVPNCaCertProperty, ""); 794 SetArg(kProviderHostProperty, kHost); 795 FilePath empty_cert; 796 error.Reset(); 797 EXPECT_TRUE(driver_->InitCAOptions(&options, &error)); 798 ExpectInFlags(options, "ca", OpenVPNDriver::kDefaultCACertificates); 799 EXPECT_TRUE(error.IsSuccess()); 800 801 SetArg(kOpenVPNCaCertProperty, kCaCert); 802 const vector<string> kCaCertPEM{ "---PEM CONTENTS---" }; 803 SetArgArray(kOpenVPNCaCertPemProperty, kCaCertPEM); 804 EXPECT_FALSE(driver_->InitCAOptions(&options, &error)); 805 EXPECT_EQ(Error::kInvalidArguments, error.type()); 806 EXPECT_EQ("Can't specify more than one of CACert and CACertPEM.", 807 error.message()); 808 809 options.clear(); 810 SetArg(kOpenVPNCaCertProperty, ""); 811 SetArg(kProviderHostProperty, ""); 812 static const char kPEMCertfile[] = "/tmp/pem-cert"; 813 FilePath pem_cert(kPEMCertfile); 814 EXPECT_CALL(*certificate_file_, CreatePEMFromStrings(kCaCertPEM)) 815 .WillOnce(Return(empty_cert)) 816 .WillOnce(Return(pem_cert)); 817 818 error.Reset(); 819 EXPECT_FALSE(driver_->InitCAOptions(&options, &error)); 820 EXPECT_EQ(Error::kInvalidArguments, error.type()); 821 EXPECT_EQ("Unable to extract PEM CA certificates.", error.message()); 822 823 error.Reset(); 824 options.clear(); 825 EXPECT_TRUE(driver_->InitCAOptions(&options, &error)); 826 ExpectInFlags(options, "ca", kPEMCertfile); 827 EXPECT_TRUE(error.IsSuccess()); 828 } 829 830 TEST_F(OpenVPNDriverTest, InitCertificateVerifyOptions) { 831 { 832 Error error; 833 vector<vector<string>> options; 834 // No options supplied. 835 driver_->InitCertificateVerifyOptions(&options); 836 EXPECT_TRUE(options.empty()); 837 } 838 const char kName[] = "x509-name"; 839 { 840 Error error; 841 vector<vector<string>> options; 842 // With Name property alone, we should have the 1-parameter version of the 843 // "x509-verify-name" parameter provided. 844 SetArg(kOpenVPNVerifyX509NameProperty, kName); 845 driver_->InitCertificateVerifyOptions(&options); 846 ExpectInFlags(options, "verify-x509-name", kName); 847 } 848 const char kType[] = "x509-type"; 849 { 850 Error error; 851 vector<vector<string>> options; 852 // With both Name property and Type property set, we should have the 853 // 2-parameter version of the "x509-verify-name" parameter provided. 854 SetArg(kOpenVPNVerifyX509TypeProperty, kType); 855 driver_->InitCertificateVerifyOptions(&options); 856 ExpectInFlags(options, vector<string> { "verify-x509-name", kName, kType }); 857 } 858 { 859 Error error; 860 vector<vector<string>> options; 861 // We should ignore the Type parameter if no Name parameter is specified. 862 SetArg(kOpenVPNVerifyX509NameProperty, ""); 863 driver_->InitCertificateVerifyOptions(&options); 864 EXPECT_TRUE(options.empty()); 865 } 866 } 867 868 TEST_F(OpenVPNDriverTest, InitClientAuthOptions) { 869 static const char kTestValue[] = "foo"; 870 vector<vector<string>> options; 871 872 // No key or cert, assume user/password authentication. 873 driver_->InitClientAuthOptions(&options); 874 ExpectInFlags(options, "auth-user-pass"); 875 ExpectNotInFlags(options, "key"); 876 ExpectNotInFlags(options, "cert"); 877 878 // Cert available, no user/password. 879 options.clear(); 880 SetArg(kOpenVPNCertProperty, kTestValue); 881 driver_->InitClientAuthOptions(&options); 882 ExpectNotInFlags(options, "auth-user-pass"); 883 ExpectNotInFlags(options, "key"); 884 ExpectInFlags(options, "cert", kTestValue); 885 886 // Key available, no user/password. 887 options.clear(); 888 SetArg(kOpenVPNKeyProperty, kTestValue); 889 driver_->InitClientAuthOptions(&options); 890 ExpectNotInFlags(options, "auth-user-pass"); 891 ExpectInFlags(options, "key", kTestValue); 892 893 // Key available, AuthUserPass set. 894 options.clear(); 895 SetArg(kOpenVPNAuthUserPassProperty, kTestValue); 896 driver_->InitClientAuthOptions(&options); 897 ExpectInFlags(options, "auth-user-pass"); 898 ExpectInFlags(options, "key", kTestValue); 899 900 // Key available, User set. 901 options.clear(); 902 RemoveStringArg(kOpenVPNAuthUserPassProperty); 903 SetArg(kOpenVPNUserProperty, "user"); 904 driver_->InitClientAuthOptions(&options); 905 ExpectInFlags(options, "auth-user-pass"); 906 ExpectInFlags(options, "key", kTestValue); 907 908 // Empty PKCS11 certificate id, no user/password/cert. 909 options.clear(); 910 RemoveStringArg(kOpenVPNKeyProperty); 911 RemoveStringArg(kOpenVPNCertProperty); 912 RemoveStringArg(kOpenVPNUserProperty); 913 SetArg(kOpenVPNClientCertIdProperty, ""); 914 driver_->InitClientAuthOptions(&options); 915 ExpectInFlags(options, "auth-user-pass"); 916 ExpectNotInFlags(options, "key"); 917 ExpectNotInFlags(options, "cert"); 918 ExpectNotInFlags(options, "pkcs11-id"); 919 920 // Non-empty PKCS11 certificate id, no user/password/cert. 921 options.clear(); 922 SetArg(kOpenVPNClientCertIdProperty, kTestValue); 923 driver_->InitClientAuthOptions(&options); 924 ExpectNotInFlags(options, "auth-user-pass"); 925 ExpectNotInFlags(options, "key"); 926 ExpectNotInFlags(options, "cert"); 927 // The "--pkcs11-id" option is added in InitPKCS11Options(), not here. 928 ExpectNotInFlags(options, "pkcs11-id"); 929 930 // PKCS11 certificate id available, AuthUserPass set. 931 options.clear(); 932 SetArg(kOpenVPNAuthUserPassProperty, kTestValue); 933 driver_->InitClientAuthOptions(&options); 934 ExpectInFlags(options, "auth-user-pass"); 935 ExpectNotInFlags(options, "key"); 936 ExpectNotInFlags(options, "cert"); 937 938 // PKCS11 certificate id available, User set. 939 options.clear(); 940 RemoveStringArg(kOpenVPNAuthUserPassProperty); 941 SetArg(kOpenVPNUserProperty, "user"); 942 driver_->InitClientAuthOptions(&options); 943 ExpectInFlags(options, "auth-user-pass"); 944 ExpectNotInFlags(options, "key"); 945 ExpectNotInFlags(options, "cert"); 946 } 947 948 TEST_F(OpenVPNDriverTest, InitExtraCertOptions) { 949 { 950 Error error; 951 vector<vector<string>> options; 952 // No ExtraCertOptions supplied. 953 EXPECT_TRUE(driver_->InitExtraCertOptions(&options, &error)); 954 EXPECT_TRUE(error.IsSuccess()); 955 EXPECT_TRUE(options.empty()); 956 } 957 { 958 Error error; 959 vector<vector<string>> options; 960 SetArgArray(kOpenVPNExtraCertPemProperty, vector<string>()); 961 // Empty ExtraCertOptions supplied. 962 EXPECT_TRUE(driver_->InitExtraCertOptions(&options, &error)); 963 EXPECT_TRUE(error.IsSuccess()); 964 EXPECT_TRUE(options.empty()); 965 } 966 const vector<string> kExtraCerts{ "---PEM CONTENTS---" }; 967 SetArgArray(kOpenVPNExtraCertPemProperty, kExtraCerts); 968 static const char kPEMCertfile[] = "/tmp/pem-cert"; 969 FilePath pem_cert(kPEMCertfile); 970 EXPECT_CALL(*extra_certificates_file_, CreatePEMFromStrings(kExtraCerts)) 971 .WillOnce(Return(FilePath())) 972 .WillOnce(Return(pem_cert)); 973 // CreatePemFromStrings fails. 974 { 975 Error error; 976 vector<vector<string>> options; 977 EXPECT_FALSE(driver_->InitExtraCertOptions(&options, &error)); 978 EXPECT_EQ(Error::kInvalidArguments, error.type()); 979 EXPECT_TRUE(options.empty()); 980 } 981 // CreatePemFromStrings succeeds. 982 { 983 Error error; 984 vector<vector<string>> options; 985 EXPECT_TRUE(driver_->InitExtraCertOptions(&options, &error)); 986 EXPECT_TRUE(error.IsSuccess()); 987 ExpectInFlags(options, "extra-certs", kPEMCertfile); 988 } 989 } 990 991 TEST_F(OpenVPNDriverTest, InitPKCS11Options) { 992 vector<vector<string>> options; 993 driver_->InitPKCS11Options(&options); 994 EXPECT_TRUE(options.empty()); 995 996 static const char kID[] = "TestPKCS11ID"; 997 SetArg(kOpenVPNClientCertIdProperty, kID); 998 driver_->InitPKCS11Options(&options); 999 ExpectInFlags(options, "pkcs11-id", kID); 1000 ExpectInFlags(options, "pkcs11-providers", "libchaps.so"); 1001 1002 static const char kProvider[] = "libpkcs11.so"; 1003 SetArg(kOpenVPNProviderProperty, kProvider); 1004 options.clear(); 1005 driver_->InitPKCS11Options(&options); 1006 ExpectInFlags(options, "pkcs11-id", kID); 1007 ExpectInFlags(options, "pkcs11-providers", kProvider); 1008 } 1009 1010 TEST_F(OpenVPNDriverTest, InitManagementChannelOptionsServerFail) { 1011 vector<vector<string>> options; 1012 EXPECT_CALL(*management_server_, Start(&dispatcher_, GetSockets(), &options)) 1013 .WillOnce(Return(false)); 1014 Error error; 1015 EXPECT_FALSE(InitManagementChannelOptions(&options, &error)); 1016 EXPECT_EQ(Error::kInternalError, error.type()); 1017 EXPECT_EQ("Unable to setup management channel.", error.message()); 1018 } 1019 1020 TEST_F(OpenVPNDriverTest, InitManagementChannelOptionsOnline) { 1021 vector<vector<string>> options; 1022 EXPECT_CALL(*management_server_, Start(&dispatcher_, GetSockets(), &options)) 1023 .WillOnce(Return(true)); 1024 EXPECT_CALL(manager_, IsConnected()).WillOnce(Return(true)); 1025 EXPECT_CALL(*management_server_, ReleaseHold()); 1026 Error error; 1027 EXPECT_TRUE(InitManagementChannelOptions(&options, &error)); 1028 EXPECT_TRUE(error.IsSuccess()); 1029 } 1030 1031 TEST_F(OpenVPNDriverTest, InitManagementChannelOptionsOffline) { 1032 vector<vector<string>> options; 1033 EXPECT_CALL(*management_server_, Start(&dispatcher_, GetSockets(), &options)) 1034 .WillOnce(Return(true)); 1035 EXPECT_CALL(manager_, IsConnected()).WillOnce(Return(false)); 1036 EXPECT_CALL(*management_server_, ReleaseHold()).Times(0); 1037 Error error; 1038 EXPECT_TRUE(InitManagementChannelOptions(&options, &error)); 1039 EXPECT_TRUE(error.IsSuccess()); 1040 } 1041 1042 TEST_F(OpenVPNDriverTest, InitLoggingOptions) { 1043 vector<vector<string>> options; 1044 bool vpn_logging = SLOG_IS_ON(VPN, 0); 1045 ScopeLogger::GetInstance()->EnableScopesByName("-vpn"); 1046 driver_->InitLoggingOptions(&options); 1047 ASSERT_EQ(1, options.size()); 1048 EXPECT_EQ(vector<string> { "syslog" }, options[0]); 1049 ScopeLogger::GetInstance()->EnableScopesByName("+vpn"); 1050 options.clear(); 1051 driver_->InitLoggingOptions(&options); 1052 ExpectInFlags(options, "verb", "3"); 1053 ScopeLogger::GetInstance()->EnableScopesByName("-vpn"); 1054 SetArg("OpenVPN.Verb", "2"); 1055 options.clear(); 1056 driver_->InitLoggingOptions(&options); 1057 ExpectInFlags(options, "verb", "2"); 1058 ScopeLogger::GetInstance()->EnableScopesByName("+vpn"); 1059 SetArg("OpenVPN.Verb", "1"); 1060 options.clear(); 1061 driver_->InitLoggingOptions(&options); 1062 ExpectInFlags(options, "verb", "1"); 1063 if (!vpn_logging) { 1064 ScopeLogger::GetInstance()->EnableScopesByName("-vpn"); 1065 } 1066 } 1067 1068 TEST_F(OpenVPNDriverTest, AppendValueOption) { 1069 vector<vector<string>> options; 1070 EXPECT_FALSE( 1071 driver_->AppendValueOption("OpenVPN.UnknownProperty", kOption, &options)); 1072 EXPECT_TRUE(options.empty()); 1073 1074 SetArg(kProperty, ""); 1075 EXPECT_FALSE(driver_->AppendValueOption(kProperty, kOption, &options)); 1076 EXPECT_TRUE(options.empty()); 1077 1078 SetArg(kProperty, kValue); 1079 SetArg(kProperty2, kValue2); 1080 EXPECT_TRUE(driver_->AppendValueOption(kProperty, kOption, &options)); 1081 EXPECT_TRUE(driver_->AppendValueOption(kProperty2, kOption2, &options)); 1082 EXPECT_EQ(2, options.size()); 1083 vector<string> expected_value { kOption, kValue }; 1084 EXPECT_EQ(expected_value, options[0]); 1085 vector<string> expected_value2 { kOption2, kValue2 }; 1086 EXPECT_EQ(expected_value2, options[1]); 1087 } 1088 1089 TEST_F(OpenVPNDriverTest, AppendDelimitedValueOption) { 1090 vector<vector<string>> options; 1091 EXPECT_FALSE( 1092 driver_->AppendDelimitedValueOption( 1093 "OpenVPN.UnknownProperty", kOption, ' ', &options)); 1094 EXPECT_TRUE(options.empty()); 1095 1096 SetArg(kProperty, ""); 1097 EXPECT_FALSE( 1098 driver_->AppendDelimitedValueOption(kProperty, kOption, ' ', &options)); 1099 EXPECT_TRUE(options.empty()); 1100 1101 string kConcatenatedValues(string(kValue) + " " + string(kValue2)); 1102 SetArg(kProperty, kConcatenatedValues); 1103 SetArg(kProperty2, kConcatenatedValues); 1104 EXPECT_TRUE(driver_->AppendDelimitedValueOption( 1105 kProperty, kOption, ':', &options)); 1106 EXPECT_TRUE(driver_->AppendDelimitedValueOption( 1107 kProperty2, kOption2, ' ', &options)); 1108 EXPECT_EQ(2, options.size()); 1109 vector<string> expected_value { kOption, kConcatenatedValues }; 1110 EXPECT_EQ(expected_value, options[0]); 1111 vector<string> expected_value2 { kOption2, kValue, kValue2 }; 1112 EXPECT_EQ(expected_value2, options[1]); 1113 } 1114 1115 TEST_F(OpenVPNDriverTest, AppendFlag) { 1116 vector<vector<string>> options; 1117 EXPECT_FALSE( 1118 driver_->AppendFlag("OpenVPN.UnknownProperty", kOption, &options)); 1119 EXPECT_TRUE(options.empty()); 1120 1121 SetArg(kProperty, ""); 1122 SetArg(kProperty2, kValue2); 1123 EXPECT_TRUE(driver_->AppendFlag(kProperty, kOption, &options)); 1124 EXPECT_TRUE(driver_->AppendFlag(kProperty2, kOption2, &options)); 1125 EXPECT_EQ(2, options.size()); 1126 EXPECT_EQ(vector<string> { kOption }, options[0]); 1127 EXPECT_EQ(vector<string> { kOption2 }, options[1]); 1128 } 1129 1130 TEST_F(OpenVPNDriverTest, ClaimInterface) { 1131 driver_->tunnel_interface_ = kInterfaceName; 1132 EXPECT_FALSE(driver_->ClaimInterface(string(kInterfaceName) + "XXX", 1133 kInterfaceIndex)); 1134 EXPECT_FALSE(driver_->device_); 1135 1136 static const char kHost[] = "192.168.2.254"; 1137 SetArg(kProviderHostProperty, kHost); 1138 EXPECT_CALL(*management_server_, Start(_, _, _)).WillOnce(Return(true)); 1139 EXPECT_CALL(manager_, IsConnected()).WillOnce(Return(false)); 1140 EXPECT_CALL( 1141 process_manager_, 1142 StartProcess(_, _, _, _, false /* Don't exit with parent */, _)) 1143 .WillOnce(Return(true)); 1144 const int kServiceCallbackTag = 1; 1145 EXPECT_EQ(0, driver_->default_service_callback_tag_); 1146 EXPECT_CALL(manager_, RegisterDefaultServiceCallback(_)) 1147 .WillOnce(Return(kServiceCallbackTag)); 1148 EXPECT_TRUE(driver_->ClaimInterface(kInterfaceName, kInterfaceIndex)); 1149 ASSERT_TRUE(driver_->device_); 1150 EXPECT_EQ(kInterfaceIndex, driver_->device_->interface_index()); 1151 EXPECT_EQ(kServiceCallbackTag, driver_->default_service_callback_tag_); 1152 } 1153 1154 TEST_F(OpenVPNDriverTest, IdleService) { 1155 SetService(service_); 1156 EXPECT_CALL(*service_, SetState(Service::kStateIdle)); 1157 driver_->IdleService(); 1158 } 1159 1160 TEST_F(OpenVPNDriverTest, FailService) { 1161 static const char kErrorDetails[] = "Bad password."; 1162 SetService(service_); 1163 EXPECT_CALL(*service_, SetFailure(Service::kFailureConnect)); 1164 driver_->FailService(Service::kFailureConnect, kErrorDetails); 1165 EXPECT_EQ(kErrorDetails, service_->error_details()); 1166 } 1167 1168 TEST_F(OpenVPNDriverTest, Cleanup) { 1169 // Ensure no crash. 1170 driver_->Cleanup(Service::kStateIdle, 1171 Service::kFailureUnknown, 1172 Service::kErrorDetailsNone); 1173 1174 const int kPID = 123456; 1175 const int kServiceCallbackTag = 5; 1176 static const char kErrorDetails[] = "Certificate revoked."; 1177 driver_->default_service_callback_tag_ = kServiceCallbackTag; 1178 driver_->pid_ = kPID; 1179 driver_->rpc_task_.reset(new RPCTask(&control_, this)); 1180 driver_->tunnel_interface_ = kInterfaceName; 1181 driver_->device_ = device_; 1182 driver_->service_ = service_; 1183 driver_->ip_properties_.address = "1.2.3.4"; 1184 StartConnectTimeout(0); 1185 FilePath tls_auth_file; 1186 EXPECT_TRUE(base::CreateTemporaryFile(&tls_auth_file)); 1187 EXPECT_FALSE(tls_auth_file.empty()); 1188 EXPECT_TRUE(base::PathExists(tls_auth_file)); 1189 driver_->tls_auth_file_ = tls_auth_file; 1190 // Stop will be called twice -- once by Cleanup and once by the destructor. 1191 EXPECT_CALL(*management_server_, Stop()).Times(2); 1192 // UpdateExitCallback will be called twice -- once to ignore exit, 1193 // and once to re-enabling monitoring of exit. 1194 EXPECT_CALL(process_manager_, UpdateExitCallback(kPID, _)).Times(2); 1195 EXPECT_CALL(manager_, DeregisterDefaultServiceCallback(kServiceCallbackTag)); 1196 EXPECT_CALL(process_manager_, StopProcess(kPID)); 1197 EXPECT_CALL(device_info_, DeleteInterface(_)).Times(0); 1198 EXPECT_CALL(*device_, DropConnection()); 1199 EXPECT_CALL(*device_, SetEnabled(false)); 1200 EXPECT_CALL(*service_, SetFailure(Service::kFailureInternal)); 1201 driver_->Cleanup( 1202 Service::kStateFailure, Service::kFailureInternal, kErrorDetails); 1203 EXPECT_EQ(0, driver_->default_service_callback_tag_); 1204 EXPECT_EQ(0, driver_->pid_); 1205 EXPECT_FALSE(driver_->rpc_task_.get()); 1206 EXPECT_TRUE(driver_->tunnel_interface_.empty()); 1207 EXPECT_FALSE(driver_->device_); 1208 EXPECT_FALSE(driver_->service_); 1209 EXPECT_EQ(kErrorDetails, service_->error_details()); 1210 EXPECT_FALSE(base::PathExists(tls_auth_file)); 1211 EXPECT_TRUE(driver_->tls_auth_file_.empty()); 1212 EXPECT_TRUE(driver_->ip_properties_.address.empty()); 1213 EXPECT_FALSE(driver_->IsConnectTimeoutStarted()); 1214 } 1215 1216 TEST_F(OpenVPNDriverTest, SpawnOpenVPN) { 1217 SetupLSBRelease(); 1218 1219 EXPECT_FALSE(driver_->SpawnOpenVPN()); 1220 1221 static const char kHost[] = "192.168.2.254"; 1222 SetArg(kProviderHostProperty, kHost); 1223 driver_->tunnel_interface_ = "tun0"; 1224 driver_->rpc_task_.reset(new RPCTask(&control_, this)); 1225 EXPECT_CALL(*management_server_, Start(_, _, _)) 1226 .Times(2) 1227 .WillRepeatedly(Return(true)); 1228 EXPECT_CALL(manager_, IsConnected()).Times(2).WillRepeatedly(Return(false)); 1229 1230 const int kPID = 234678; 1231 const map<string, string> expected_env{ 1232 {"IV_PLAT", "Chromium OS"}, 1233 {"IV_PLAT_REL", "2202.0"}}; 1234 EXPECT_CALL(process_manager_, StartProcess(_, _, _, expected_env, _, _)) 1235 .WillOnce(Return(-1)) 1236 .WillOnce(Return(kPID)); 1237 EXPECT_FALSE(driver_->SpawnOpenVPN()); 1238 EXPECT_TRUE(driver_->SpawnOpenVPN()); 1239 EXPECT_EQ(kPID, driver_->pid_); 1240 } 1241 1242 TEST_F(OpenVPNDriverTest, OnOpenVPNDied) { 1243 const int kPID = 99999; 1244 driver_->device_ = device_; 1245 driver_->pid_ = kPID; 1246 EXPECT_CALL(*device_, DropConnection()); 1247 EXPECT_CALL(*device_, SetEnabled(false)); 1248 EXPECT_CALL(process_manager_, StopProcess(_)).Times(0); 1249 EXPECT_CALL(device_info_, DeleteInterface(kInterfaceIndex)); 1250 driver_->OnOpenVPNDied(2); 1251 EXPECT_EQ(0, driver_->pid_); 1252 } 1253 1254 TEST_F(OpenVPNDriverTest, Disconnect) { 1255 driver_->device_ = device_; 1256 driver_->service_ = service_; 1257 EXPECT_CALL(*device_, DropConnection()); 1258 EXPECT_CALL(*device_, SetEnabled(false)); 1259 EXPECT_CALL(device_info_, DeleteInterface(kInterfaceIndex)); 1260 EXPECT_CALL(*service_, SetState(Service::kStateIdle)); 1261 driver_->Disconnect(); 1262 EXPECT_FALSE(driver_->device_); 1263 EXPECT_FALSE(driver_->service_); 1264 } 1265 1266 TEST_F(OpenVPNDriverTest, OnConnectionDisconnected) { 1267 EXPECT_CALL(*management_server_, Restart()); 1268 SetDevice(device_); 1269 SetService(service_); 1270 EXPECT_CALL(*device_, DropConnection()); 1271 EXPECT_CALL(*service_, SetState(Service::kStateAssociating)); 1272 OnConnectionDisconnected(); 1273 EXPECT_TRUE(IsConnectTimeoutStarted()); 1274 } 1275 1276 TEST_F(OpenVPNDriverTest, OnConnectTimeout) { 1277 StartConnectTimeout(0); 1278 SetService(service_); 1279 EXPECT_CALL(*service_, SetFailure(Service::kFailureConnect)); 1280 OnConnectTimeout(); 1281 EXPECT_FALSE(GetService()); 1282 EXPECT_FALSE(IsConnectTimeoutStarted()); 1283 } 1284 1285 TEST_F(OpenVPNDriverTest, OnConnectTimeoutResolve) { 1286 StartConnectTimeout(0); 1287 SetService(service_); 1288 SetClientState(OpenVPNManagementServer::kStateResolve); 1289 EXPECT_CALL(*service_, SetFailure(Service::kFailureDNSLookup)); 1290 OnConnectTimeout(); 1291 EXPECT_FALSE(GetService()); 1292 EXPECT_FALSE(IsConnectTimeoutStarted()); 1293 } 1294 1295 TEST_F(OpenVPNDriverTest, OnReconnectingUnknown) { 1296 EXPECT_FALSE(IsConnectTimeoutStarted()); 1297 EXPECT_CALL(dispatcher_, 1298 PostDelayedTask(_, GetDefaultConnectTimeoutSeconds() * 1000)); 1299 SetDevice(device_); 1300 SetService(service_); 1301 EXPECT_CALL(*device_, DropConnection()); 1302 EXPECT_CALL(*service_, SetState(Service::kStateAssociating)); 1303 driver_->OnReconnecting(OpenVPNDriver::kReconnectReasonUnknown); 1304 EXPECT_TRUE(IsConnectTimeoutStarted()); 1305 } 1306 1307 TEST_F(OpenVPNDriverTest, OnReconnectingTLSError) { 1308 EXPECT_CALL(dispatcher_, 1309 PostDelayedTask(_, GetReconnectOfflineTimeoutSeconds() * 1000)); 1310 EXPECT_CALL(dispatcher_, 1311 PostDelayedTask(_, GetReconnectTLSErrorTimeoutSeconds() * 1000)); 1312 1313 driver_->OnReconnecting(OpenVPNDriver::kReconnectReasonOffline); 1314 EXPECT_TRUE(IsConnectTimeoutStarted()); 1315 1316 // The scheduled timeout should not be affected for unknown reason. 1317 driver_->OnReconnecting(OpenVPNDriver::kReconnectReasonUnknown); 1318 EXPECT_TRUE(IsConnectTimeoutStarted()); 1319 1320 // Reconnect on TLS error reschedules the timeout once. 1321 driver_->OnReconnecting(OpenVPNDriver::kReconnectReasonTLSError); 1322 EXPECT_TRUE(IsConnectTimeoutStarted()); 1323 driver_->OnReconnecting(OpenVPNDriver::kReconnectReasonTLSError); 1324 EXPECT_TRUE(IsConnectTimeoutStarted()); 1325 } 1326 1327 TEST_F(OpenVPNDriverTest, InitPropertyStore) { 1328 // Sanity test property store initialization. 1329 PropertyStore store; 1330 driver_->InitPropertyStore(&store); 1331 const string kUser = "joe"; 1332 Error error; 1333 EXPECT_TRUE(store.SetStringProperty(kOpenVPNUserProperty, kUser, &error)); 1334 EXPECT_TRUE(error.IsSuccess()); 1335 EXPECT_EQ(kUser, GetArgs()->LookupString(kOpenVPNUserProperty, "")); 1336 } 1337 1338 TEST_F(OpenVPNDriverTest, PassphraseRequired) { 1339 PropertyStore store; 1340 driver_->InitPropertyStore(&store); 1341 KeyValueStore props = GetProviderProperties(store); 1342 EXPECT_TRUE(props.LookupBool(kPassphraseRequiredProperty, false)); 1343 1344 SetArg(kOpenVPNPasswordProperty, "random-password"); 1345 props = GetProviderProperties(store); 1346 EXPECT_FALSE(props.LookupBool(kPassphraseRequiredProperty, true)); 1347 // This parameter should be write-only. 1348 EXPECT_FALSE(props.ContainsString(kOpenVPNPasswordProperty)); 1349 1350 SetArg(kOpenVPNPasswordProperty, ""); 1351 props = GetProviderProperties(store); 1352 EXPECT_TRUE(props.LookupBool(kPassphraseRequiredProperty, false)); 1353 1354 SetArg(kOpenVPNTokenProperty, "random-token"); 1355 props = GetProviderProperties(store); 1356 EXPECT_FALSE(props.LookupBool(kPassphraseRequiredProperty, true)); 1357 // This parameter should be write-only. 1358 EXPECT_FALSE(props.ContainsString(kOpenVPNTokenProperty)); 1359 } 1360 1361 TEST_F(OpenVPNDriverTest, GetEnvironment) { 1362 SetupLSBRelease(); 1363 const map<string, string> expected{ 1364 {"IV_PLAT", "Chromium OS"}, 1365 {"IV_PLAT_REL", "2202.0"}}; 1366 ASSERT_EQ(expected, driver_->GetEnvironment()); 1367 1368 EXPECT_EQ(0, base::WriteFile(lsb_release_file_, "", 0)); 1369 EXPECT_EQ(0, driver_->GetEnvironment().size()); 1370 } 1371 1372 TEST_F(OpenVPNDriverTest, OnOpenVPNExited) { 1373 const int kExitStatus = 1; 1374 std::unique_ptr<MockDeviceInfo> device_info( 1375 new MockDeviceInfo(&control_, &dispatcher_, &metrics_, &manager_)); 1376 EXPECT_CALL(*device_info, DeleteInterface(kInterfaceIndex)) 1377 .WillOnce(Return(true)); 1378 WeakPtr<DeviceInfo> weak = device_info->AsWeakPtr(); 1379 EXPECT_TRUE(weak); 1380 OpenVPNDriver::OnOpenVPNExited(weak, kInterfaceIndex, kExitStatus); 1381 device_info.reset(); 1382 EXPECT_FALSE(weak); 1383 // Expect no crash. 1384 OpenVPNDriver::OnOpenVPNExited(weak, kInterfaceIndex, kExitStatus); 1385 } 1386 1387 TEST_F(OpenVPNDriverTest, OnDefaultServiceChanged) { 1388 driver_->service_ = service_; 1389 1390 ServiceRefPtr null_service; 1391 EXPECT_CALL(*management_server_, Hold()); 1392 driver_->OnDefaultServiceChanged(null_service); 1393 1394 EXPECT_CALL(*management_server_, Hold()); 1395 driver_->OnDefaultServiceChanged(service_); 1396 1397 scoped_refptr<MockService> mock_service( 1398 new MockService(&control_, &dispatcher_, &metrics_, &manager_)); 1399 1400 EXPECT_CALL(*mock_service, IsConnected()).WillOnce(Return(false)); 1401 EXPECT_CALL(*management_server_, Hold()); 1402 driver_->OnDefaultServiceChanged(mock_service); 1403 1404 EXPECT_CALL(*mock_service, IsConnected()).WillOnce(Return(true)); 1405 EXPECT_CALL(*management_server_, ReleaseHold()); 1406 driver_->OnDefaultServiceChanged(mock_service); 1407 } 1408 1409 TEST_F(OpenVPNDriverTest, GetReconnectTimeoutSeconds) { 1410 EXPECT_EQ(GetDefaultConnectTimeoutSeconds(), 1411 GetReconnectTimeoutSeconds(OpenVPNDriver::kReconnectReasonUnknown)); 1412 EXPECT_EQ(GetReconnectOfflineTimeoutSeconds(), 1413 GetReconnectTimeoutSeconds(OpenVPNDriver::kReconnectReasonOffline)); 1414 EXPECT_EQ(GetReconnectTLSErrorTimeoutSeconds(), 1415 GetReconnectTimeoutSeconds( 1416 OpenVPNDriver::kReconnectReasonTLSError)); 1417 } 1418 1419 TEST_F(OpenVPNDriverTest, WriteConfigFile) { 1420 const char kOption0[] = "option0"; 1421 const char kOption1[] = "option1"; 1422 const char kOption1Argument0[] = "option1-argument0"; 1423 const char kOption2[] = "option2"; 1424 const char kOption2Argument0[] = "option2-argument0\n\t\"'\\"; 1425 const char kOption2Argument0Transformed[] = "option2-argument0 \t\\\"'\\\\"; 1426 const char kOption2Argument1[] = "option2-argument1 space"; 1427 vector<vector<string>> options { 1428 { kOption0 }, 1429 { kOption1, kOption1Argument0 }, 1430 { kOption2, kOption2Argument0, kOption2Argument1 } 1431 }; 1432 FilePath config_directory( 1433 temporary_directory_.path().Append(kOpenVPNConfigDirectory)); 1434 FilePath config_file; 1435 EXPECT_FALSE(base::PathExists(config_directory)); 1436 EXPECT_TRUE(driver_->WriteConfigFile(options, &config_file)); 1437 EXPECT_TRUE(base::PathExists(config_directory)); 1438 EXPECT_TRUE(base::PathExists(config_file)); 1439 EXPECT_TRUE(config_directory.IsParent(config_file)); 1440 1441 string config_contents; 1442 EXPECT_TRUE(base::ReadFileToString(config_file, &config_contents)); 1443 string expected_config_contents = base::StringPrintf( 1444 "%s\n%s %s\n%s \"%s\" \"%s\"\n", 1445 kOption0, 1446 kOption1, kOption1Argument0, 1447 kOption2, kOption2Argument0Transformed, kOption2Argument1); 1448 EXPECT_EQ(expected_config_contents, config_contents); 1449 } 1450 1451 } // namespace shill 1452
