1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "open_vpn_ctl.h"
17
18 #include <fstream>
19
20 #include "base64_utils.h"
21 #include "netmanager_base_common_utils.h"
22 #include "netmgr_ext_log_wrapper.h"
23
24 namespace OHOS {
25 namespace NetManagerStandard {
26
OpenvpnCtl(sptr<VpnConfig> config,const std::string & pkg,int32_t userId,std::vector<int32_t> & activeUserIds)27 OpenvpnCtl::OpenvpnCtl(sptr<VpnConfig> config, const std::string &pkg, int32_t userId,
28 std::vector<int32_t> &activeUserIds) : NetVpnImpl(config, pkg, userId, activeUserIds)
29 {
30 }
31
SetUp()32 int32_t OpenvpnCtl::SetUp()
33 {
34 UpdateOpenvpnState(OPENVPN_STATE_SETUP);
35 return StartOpenvpn();
36 }
37
StartOpenvpn()38 int32_t OpenvpnCtl::StartOpenvpn()
39 {
40 if (openvpnConfig_ == nullptr) {
41 NETMGR_EXT_LOG_E("StartOpenvpn openvpnConfig_ is null");
42 return NETMANAGER_EXT_ERR_INTERNAL;
43 }
44 UpdateOpenvpnState(OPENVPN_STATE_STARTED);
45 if (!std::filesystem::exists(VPN_PIDDIR) || !std::filesystem::is_directory(VPN_PIDDIR)) {
46 NETMGR_EXT_LOG_E("StartOpenvpn config dir check error.");
47 return NETMANAGER_EXT_ERR_INTERNAL;
48 }
49 NetsysController::GetInstance().ProcessVpnStage(SysVpnStageCode::VPN_STAGE_OPENVPN_RESTART);
50 return NETMANAGER_EXT_SUCCESS;
51 }
52
NotifyConnectStage(const std::string & stage,const int32_t & result)53 int32_t OpenvpnCtl::NotifyConnectStage(const std::string &stage, const int32_t &result)
54 {
55 if (stage.empty()) {
56 NETMGR_EXT_LOG_E("stage is empty");
57 return NETMANAGER_EXT_ERR_PARAMETER_ERROR;
58 }
59 if (result != NETMANAGER_EXT_SUCCESS) {
60 NETMGR_EXT_LOG_E("vpn stage failed, result: %{public}d", result);
61 return NETMANAGER_EXT_ERR_INTERNAL;
62 }
63 return HandleClientMessage(stage);
64 }
65
SetUpVpnTun()66 int32_t OpenvpnCtl::SetUpVpnTun()
67 {
68 if (multiVpnInfo_ != nullptr) {
69 NetsysController::GetInstance().ProcessVpnStage(SysVpnStageCode::VPN_STAGE_SET_VPN_CALL_MODE,
70 multiVpnInfo_->isVpnExtCall ? "0" : "1");
71 }
72 int result = NetVpnImpl::SetUp();
73 if (result != NETMANAGER_EXT_SUCCESS) {
74 NETMGR_EXT_LOG_W("openvpn SetUp failed");
75 StopOpenvpn();
76 UpdateOpenvpnState(OPENVPN_STATE_DISCONNECTED);
77 }
78 NETMGR_EXT_LOG_I("openvpn SetUp %{public}d", result);
79 return result;
80 }
81
HandleClientMessage(const std::string & msg)82 int32_t OpenvpnCtl::HandleClientMessage(const std::string &msg)
83 {
84 int result = NETMANAGER_EXT_SUCCESS;
85 if (msg.empty()) {
86 NETMGR_EXT_LOG_E("msg is empty");
87 return NETMANAGER_EXT_ERR_PARAMETER_ERROR;
88 }
89 NETMGR_EXT_LOG_I("Process Request message: %{public}s", MaskOpenvpnMessage(msg).c_str());
90 if (strstr(msg.c_str(), OPENVPN_NODE_ROOT) != 0) {
91 const char *ret = strstr(msg.c_str(), "{");
92 if (ret == nullptr) {
93 NETMGR_EXT_LOG_E("client message format error");
94 return NETMANAGER_EXT_ERR_PARAMETER_ERROR;
95 }
96 cJSON* message = cJSON_Parse(ret);
97 if (message == nullptr) {
98 NETMGR_EXT_LOG_E("not json string");
99 return NETMANAGER_EXT_ERR_PARAMETER_ERROR;
100 }
101 // is config message
102 cJSON* config = cJSON_GetObjectItem(message, OPENVPN_NODE_CONFIG);
103 if (config != nullptr && cJSON_IsObject(config)) {
104 UpdateConfig(config);
105 }
106 // is state message
107 cJSON* state = cJSON_GetObjectItem(message, OPENVPN_NODE_UPDATE_STATE);
108 if (state != nullptr && cJSON_IsObject(state)) {
109 UpdateState(state);
110 }
111 // is setup message
112 cJSON* vpnSetUp = cJSON_GetObjectItem(message, OPENVPN_NODE_SETUP_VPN_TUN);
113 if (vpnSetUp != nullptr && cJSON_IsObject(vpnSetUp)) {
114 result = SetUpVpnTun();
115 }
116 cJSON_Delete(message);
117 }
118 return result;
119 }
120
UpdateState(cJSON * state)121 void OpenvpnCtl::UpdateState(cJSON* state)
122 {
123 cJSON* updateState = cJSON_GetObjectItem(state, OPENVPN_NODE_STATE);
124 if (updateState != nullptr && cJSON_IsNumber(updateState)) {
125 int32_t openVpnState = static_cast<int32_t>(cJSON_GetNumberValue(updateState));
126 UpdateOpenvpnState(openVpnState);
127 if (openVpnState == OPENVPN_STATE_DISCONNECTED || openVpnState >= OPENVPN_STATE_ERROR_PRIVATE_KEY) {
128 NETMGR_EXT_LOG_I("UpdatesState: %{public}d", openVpnState);
129 if (multiVpnInfo_ != nullptr) {
130 VpnHisysEvent::SetFaultVpnEvent(multiVpnInfo_->userId, multiVpnInfo_->bundleName,
131 VpnOperatorType::OPERATION_SETUP_VPN,
132 VpnOperatorErrorType::ERROR_CFG_INCORRECT, VpnType::OPENVPN);
133 }
134 StopOpenvpn();
135 }
136 }
137 }
138
UpdateConfig(cJSON * jConfig)139 void OpenvpnCtl::UpdateConfig(cJSON *jConfig)
140 {
141 if (vpnConfig_ == nullptr) {
142 NETMGR_EXT_LOG_E("UpdateConfig vpnConfig_ is null");
143 return;
144 }
145 cJSON *mtu = cJSON_GetObjectItem(jConfig, OPENVPN_NODE_MTU);
146 if (mtu != nullptr && cJSON_IsNumber(mtu)) {
147 int32_t openVpnMtu = static_cast<int32_t>(cJSON_GetNumberValue(mtu));
148 vpnConfig_->mtu_ = openVpnMtu;
149 NETMGR_EXT_LOG_I("UpdateConfig mtu %{public}d", openVpnMtu);
150 }
151 INetAddr iNetAddr;
152 INetAddr destination;
153 INetAddr gateway;
154 Route iRoute;
155 cJSON *address = cJSON_GetObjectItem(jConfig, OPENVPN_NODE_ADDRESS);
156 if (address != nullptr && cJSON_IsString(address)) {
157 std::string openVpnAddress = cJSON_GetStringValue(address);
158 iNetAddr.address_ = openVpnAddress;
159 gateway.address_ = openVpnAddress;
160 destination.address_ = openVpnAddress;
161 }
162 cJSON *netmask = cJSON_GetObjectItem(jConfig, OPENVPN_NODE_NETMASK);
163 if (netmask != nullptr && cJSON_IsString(netmask)) {
164 std::string openVpnNetmask = cJSON_GetStringValue(netmask);
165 iNetAddr.netMask_ = openVpnNetmask;
166 destination.prefixlen_ = CommonUtils::GetMaskLength(openVpnNetmask);
167 NETMGR_EXT_LOG_I("UpdateConfig prefixlen %{public}d", destination.prefixlen_);
168 }
169 vpnConfig_->addresses_.emplace_back(iNetAddr);
170
171 iRoute.iface_ = GetInterfaceName();
172 iRoute.isDefaultRoute_ = true;
173 iRoute.destination_ = destination;
174 iRoute.gateway_ = gateway;
175 vpnConfig_->routes_.emplace_back(iRoute);
176 }
177
UpdateOpenvpnState(const int32_t state)178 void OpenvpnCtl::UpdateOpenvpnState(const int32_t state)
179 {
180 switch (state) {
181 case OPENVPN_STATE_CONNECTED:
182 NotifyConnectState(VpnConnectState::VPN_CONNECTED);
183 break;
184 case OPENVPN_STATE_DISCONNECTED:
185 case OPENVPN_STATE_ERROR_PRIVATE_KEY:
186 case OPENVPN_STATE_ERROR_CLIENT_CRT:
187 case OPENVPN_STATE_ERROR_CA_CAT:
188 case OPENVPN_STATE_ERROR_TIME_OUT:
189 NotifyConnectState(VpnConnectState::VPN_DISCONNECTED);
190 break;
191 default:
192 NETMGR_EXT_LOG_E("unknown openvpn state: %{public}d", state);
193 break;
194 }
195 openvpnState_ = state;
196 }
197
GetSysVpnCertUri(const int32_t certType,std::string & certUri)198 int32_t OpenvpnCtl::GetSysVpnCertUri(const int32_t certType, std::string &certUri)
199 {
200 if (openvpnConfig_ == nullptr) {
201 NETMGR_EXT_LOG_E("StartOpenvpn openvpnConfig_ is null");
202 return NETMANAGER_EXT_ERR_INTERNAL;
203 }
204 switch (certType) {
205 case OpenVpnConfigType::OPENVPN_ASKPASS:
206 certUri = openvpnConfig_->askpass_;
207 break;
208 case OpenVpnConfigType::OPENVPN_CONF:
209 certUri = Base64::Decode(openvpnConfig_->ovpnConfig_);
210 if (!certUri.empty() && !openvpnConfig_->askpass_.empty()) {
211 certUri.append(OPENVPN_ASKPASS_PARAM);
212 }
213 break;
214 default:
215 NETMGR_EXT_LOG_E("unknown openvpn config type: %{public}d", certType);
216 break;
217 }
218 return NETMANAGER_EXT_SUCCESS;
219 }
220
GetVpnCertData(const int32_t certType,std::vector<int8_t> & certData)221 int32_t OpenvpnCtl::GetVpnCertData(const int32_t certType, std::vector<int8_t> &certData)
222 {
223 return NETMANAGER_EXT_SUCCESS;
224 }
225
IsSystemVpn()226 bool OpenvpnCtl::IsSystemVpn()
227 {
228 return true;
229 }
230
Destroy()231 int32_t OpenvpnCtl::Destroy()
232 {
233 StopOpenvpn();
234 if (multiVpnInfo_ != nullptr) {
235 NetsysController::GetInstance().ProcessVpnStage(SysVpnStageCode::VPN_STAGE_SET_VPN_CALL_MODE,
236 multiVpnInfo_->isVpnExtCall ? "0" : "1");
237 }
238 int result = NetVpnImpl::Destroy();
239 NETMGR_EXT_LOG_I("openvpn Destroy result %{public}d}", result);
240 return result;
241 }
242
StopOpenvpn()243 void OpenvpnCtl::StopOpenvpn()
244 {
245 NetsysController::GetInstance().ProcessVpnStage(SysVpnStageCode::VPN_STAGE_OPENVPN_STOP);
246 UpdateOpenvpnState(OPENVPN_STATE_DISCONNECTED);
247 }
248
GetConnectedSysVpnConfig(sptr<SysVpnConfig> & sysVpnConfig)249 int32_t OpenvpnCtl::GetConnectedSysVpnConfig(sptr<SysVpnConfig> &sysVpnConfig)
250 {
251 if (openvpnState_ == OPENVPN_STATE_CONNECTED && openvpnConfig_ != nullptr) {
252 sysVpnConfig = openvpnConfig_;
253 }
254 return NETMANAGER_EXT_SUCCESS;
255 }
256
IsInternalVpn()257 bool OpenvpnCtl::IsInternalVpn()
258 {
259 return true;
260 }
261
MaskOpenvpnMessage(const std::string & msg)262 std::string OpenvpnCtl::MaskOpenvpnMessage(const std::string &msg)
263 {
264 if (msg.empty()) {
265 NETMGR_EXT_LOG_E("msg is empty");
266 return "";
267 }
268 std::string result = msg;
269 size_t addressPos = result.find(OPENVPN_NODE_CONFIG);
270 if (addressPos != std::string::npos) {
271 size_t pos = addressPos + strlen(OPENVPN_NODE_CONFIG);
272 size_t replaceLen = result.size() - pos;
273 if (replaceLen > 0) {
274 result.replace(pos, replaceLen, OPENVPN_MASK_TAG);
275 }
276 return result;
277 }
278
279 return msg;
280 }
281 } // namespace NetManagerStandard
282 } // namespace OHOS