Gitiles
Code Review Sign In
gerrit.openfyde.cn / chromium.googlesource.com / chromiumos / platform2 / e89062c802e11a4b527b5278c3d890fccca0a5fb / . / system-proxy / system_proxy_adaptor.cc
blob: ce082b1d93e227d0239bfdcd7c6f76b174c20378 [file] [log] [blame]
Andreea Costinas942284d2020-01-28 16:28:40 +0100[diff] [blame]1// Copyright 2020 The Chromium OS Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4#include "system-proxy/system_proxy_adaptor.h"
5
6#include <string>
7#include <utility>
8#include <vector>
9
Andreea Costinase89062c2020-11-12 14:31:46 +0100[diff] [blame^]10#include <base/strings/string16.h>
11#include <base/strings/utf_string_conversions.h>
Andreea Costinas942284d2020-01-28 16:28:40 +0100[diff] [blame]12#include <base/location.h>
Andreea Costinase9c73592020-07-17 15:27:54 +0200[diff] [blame]13#include <base/strings/stringprintf.h>
Andreea Costinas91f75352020-07-08 14:47:47 +0200[diff] [blame]14#include <base/time/time.h>
Andreea Costinas942284d2020-01-28 16:28:40 +0100[diff] [blame]15#include <brillo/dbus/dbus_object.h>
Andreea Costinasc7d5ad02020-03-09 09:41:51 +0100[diff] [blame]16#include <brillo/message_loops/message_loop.h>
Andreea Costinasedb7c8e2020-04-22 10:58:04 +0200[diff] [blame]17#include <chromeos/dbus/service_constants.h>
Jason Jeremy Imanadffbcb2020-08-31 13:21:36 +0900[diff] [blame]18#include <chromeos/patchpanel/dbus/client.h>
Andreea Costinasedb7c8e2020-04-22 10:58:04 +0200[diff] [blame]19#include <dbus/object_proxy.h>
Andreea Costinas942284d2020-01-28 16:28:40 +0100[diff] [blame]20
Andreea Costinas922fbaf2020-05-28 11:55:22 +0200[diff] [blame]21#include "system-proxy/kerberos_client.h"
Andreea Costinase89062c2020-11-12 14:31:46 +0100[diff] [blame^]22#include "system-proxy/net/ntlm/ntlm_client.h"
23#include "system-proxy/net/ntlm/ntlm_constants.h"
Andreea Costinasc7d5ad02020-03-09 09:41:51 +0100[diff] [blame]24#include "system-proxy/sandboxed_worker.h"
Andreea Costinas942284d2020-01-28 16:28:40 +0100[diff] [blame]25
26namespace system_proxy {
27namespace {
Andreea Costinasc7d5ad02020-03-09 09:41:51 +0100[diff] [blame]28
Andreea Costinasedb7c8e2020-04-22 10:58:04 +0200[diff] [blame]29constexpr int kProxyPort = 3128;
Andreea Costinas77b180e2020-05-12 15:17:32 +0200[diff] [blame]30constexpr char kFailedToStartWorkerError[] = "Failed to start worker process";
Andreea Costinas91f75352020-07-08 14:47:47 +0200[diff] [blame]31// Time delay for calling patchpanel::ConnectNamespace(). Patchpanel needs to
32// enter the network namespace of the worker process to configure it and fails
33// if it's soon after the process starts. See https://crbug.com/1095170 for
34// details.
35constexpr base::TimeDelta kConnectNamespaceDelay =
36 base::TimeDelta::FromSeconds(1);
37constexpr int kNetworkNamespaceReconnectAttempts = 3;
Andreea Costinasedb7c8e2020-04-22 10:58:04 +0200[diff] [blame]38
Andreea Costinas942284d2020-01-28 16:28:40 +0100[diff] [blame]39// Serializes |proto| to a vector of bytes.
40std::vector<uint8_t> SerializeProto(
41 const google::protobuf::MessageLite& proto) {
42 std::vector<uint8_t> proto_blob(proto.ByteSizeLong());
Andreea Costinasc991e232020-06-08 20:30:58 +0200[diff] [blame]43 bool result = proto.SerializeToArray(proto_blob.data(), proto_blob.size());
44 DCHECK(result);
Andreea Costinas942284d2020-01-28 16:28:40 +0100[diff] [blame]45 return proto_blob;
46}
47
48// Parses a proto from an array of bytes |proto_blob|. Returns
49// ERROR_PARSE_REQUEST_FAILED on error.
50std::string DeserializeProto(const base::Location& from_here,
51 google::protobuf::MessageLite* proto,
52 const std::vector<uint8_t>& proto_blob) {
53 if (!proto->ParseFromArray(proto_blob.data(), proto_blob.size())) {
54 const std::string error_message = "Failed to parse proto message.";
55 LOG(ERROR) << from_here.ToString() << error_message;
56 return error_message;
57 }
58 return "";
59}
60} // namespace
61
62SystemProxyAdaptor::SystemProxyAdaptor(
63 std::unique_ptr<brillo::dbus_utils::DBusObject> dbus_object)
64 : org::chromium::SystemProxyAdaptor(this),
Andreea Costinas91f75352020-07-08 14:47:47 +0200[diff] [blame]65 netns_reconnect_attempts_available_(kNetworkNamespaceReconnectAttempts),
Andreea Costinasc7d5ad02020-03-09 09:41:51 +0100[diff] [blame]66 dbus_object_(std::move(dbus_object)),
Andreea Costinas922fbaf2020-05-28 11:55:22 +0200[diff] [blame]67 weak_ptr_factory_(this) {
68 kerberos_client_ = std::make_unique<KerberosClient>(dbus_object_->GetBus());
69}
Andreea Costinas942284d2020-01-28 16:28:40 +0100[diff] [blame]70
71SystemProxyAdaptor::~SystemProxyAdaptor() = default;
72
73void SystemProxyAdaptor::RegisterAsync(
74 const brillo::dbus_utils::AsyncEventSequencer::CompletionAction&
75 completion_callback) {
76 RegisterWithDBusObject(dbus_object_.get());
77 dbus_object_->RegisterAsync(completion_callback);
78}
79
Andreea Costinas77b180e2020-05-12 15:17:32 +0200[diff] [blame]80std::vector<uint8_t> SystemProxyAdaptor::SetAuthenticationDetails(
81 const std::vector<uint8_t>& request_blob) {
82 LOG(INFO) << "Received set authentication details request.";
83
84 SetAuthenticationDetailsRequest request;
Andreea Costinas350e4aa2020-07-20 20:29:46 +0200[diff] [blame]85 std::string error_message =
Andreea Costinas77b180e2020-05-12 15:17:32 +0200[diff] [blame]86 DeserializeProto(FROM_HERE, &request, request_blob);
87
88 SetAuthenticationDetailsResponse response;
89 if (!error_message.empty()) {
90 response.set_error_message(error_message);
91 return SerializeProto(response);
92 }
93
Andreea Costinas350e4aa2020-07-20 20:29:46 +0200[diff] [blame]94 if (IncludesSystemTraffic(request.traffic_type())) {
95 SetAuthenticationDetails(request, /*user_traffic=*/false, &error_message);
96 }
97 if (IncludesUserTraffic(request.traffic_type())) {
98 SetAuthenticationDetails(request, /*user_traffic=*/true, &error_message);
99 }
100 if (!error_message.empty()) {
101 response.set_error_message(error_message);
102 }
103 return SerializeProto(response);
104}
105
106void SystemProxyAdaptor::SetAuthenticationDetails(
107 SetAuthenticationDetailsRequest auth_details,
108 bool user_traffic,
109 std::string* error_message) {
110 SandboxedWorker* worker = CreateWorkerIfNeeded(user_traffic);
111 if (!worker) {
112 error_message->append(kFailedToStartWorkerError);
113 return;
Andreea Costinas77b180e2020-05-12 15:17:32 +0200[diff] [blame]114 }
115
Andreea Costinas350e4aa2020-07-20 20:29:46 +0200[diff] [blame]116 if (auth_details.has_credentials() || auth_details.has_protection_space()) {
Andreea Costinasdb2cbee2020-06-15 11:43:44 +0200[diff] [blame]117 worker::Credentials credentials;
Andreea Costinas350e4aa2020-07-20 20:29:46 +0200[diff] [blame]118 if (auth_details.has_protection_space()) {
Andreea Costinasdb2cbee2020-06-15 11:43:44 +0200[diff] [blame]119 worker::ProtectionSpace protection_space;
Andreea Costinas350e4aa2020-07-20 20:29:46 +0200[diff] [blame]120 protection_space.set_origin(auth_details.protection_space().origin());
121 protection_space.set_scheme(auth_details.protection_space().scheme());
122 protection_space.set_realm(auth_details.protection_space().realm());
Andreea Costinasdb2cbee2020-06-15 11:43:44 +0200[diff] [blame]123 *credentials.mutable_protection_space() = protection_space;
124 }
Andreea Costinas77b180e2020-05-12 15:17:32 +0200[diff] [blame]125
Andreea Costinas350e4aa2020-07-20 20:29:46 +0200[diff] [blame]126 if (auth_details.has_credentials()) {
Andreea Costinascc4d54e2020-10-19 15:46:25 +0200[diff] [blame]127 system_proxy::Credentials dbus_cred = auth_details.credentials();
128 if (dbus_cred.has_username() && dbus_cred.has_password()) {
129 credentials.set_username(dbus_cred.username());
130 credentials.set_password(dbus_cred.password());
131 credentials.mutable_policy_credentials_auth_schemes()->Swap(
132 dbus_cred.mutable_policy_credentials_auth_schemes());
Andreea Costinas350e4aa2020-07-20 20:29:46 +0200[diff] [blame]133 }
134 }
135
136 brillo::MessageLoop::current()->PostTask(
137 FROM_HERE,
138 base::Bind(&SystemProxyAdaptor::SetCredentialsTask,
139 weak_ptr_factory_.GetWeakPtr(), worker, credentials));
140 }
141 if (auth_details.has_kerberos_enabled()) {
142 std::string principal_name = auth_details.has_active_principal_name()
143 ? auth_details.active_principal_name()
Andreea Costinas922fbaf2020-05-28 11:55:22 +0200[diff] [blame]144 : std::string();
145
146 brillo::MessageLoop::current()->PostTask(
147 FROM_HERE, base::Bind(&SystemProxyAdaptor::SetKerberosEnabledTask,
Andreea Costinas350e4aa2020-07-20 20:29:46 +0200[diff] [blame]148 weak_ptr_factory_.GetWeakPtr(), worker,
149 auth_details.kerberos_enabled(), principal_name));
Andreea Costinas922fbaf2020-05-28 11:55:22 +0200[diff] [blame]150 }
Andreea Costinas77b180e2020-05-12 15:17:32 +0200[diff] [blame]151}
152
Andreea Costinasfc3dc7d2020-07-20 18:54:38 +0200[diff] [blame]153// TODO(acostinas, crbug.com/1109144): Deprecated in favor of |ShutDownProcess|.
Andreea Costinas942284d2020-01-28 16:28:40 +0100[diff] [blame]154std::vector<uint8_t> SystemProxyAdaptor::ShutDown() {
155 LOG(INFO) << "Received shutdown request.";
Andreea Costinasc7d5ad02020-03-09 09:41:51 +0100[diff] [blame]156
157 std::string error_message;
Andreea Costinase9c73592020-07-17 15:27:54 +0200[diff] [blame]158 if (!ResetWorker(/* user_traffic=*/false)) {
159 error_message =
160 "Failure to terminate worker process for system services traffic.";
Andreea Costinasc7d5ad02020-03-09 09:41:51 +0100[diff] [blame]161 }
162
Andreea Costinase9c73592020-07-17 15:27:54 +0200[diff] [blame]163 if (!ResetWorker(/* user_traffic=*/true)) {
164 error_message += "Failure to terminate worker process for arc traffic.";
Andreea Costinasc7d5ad02020-03-09 09:41:51 +0100[diff] [blame]165 }
166
Andreea Costinas942284d2020-01-28 16:28:40 +0100[diff] [blame]167 ShutDownResponse response;
Andreea Costinasc7d5ad02020-03-09 09:41:51 +0100[diff] [blame]168 if (!error_message.empty())
169 response.set_error_message(error_message);
170
171 brillo::MessageLoop::current()->PostTask(
172 FROM_HERE, base::Bind(&SystemProxyAdaptor::ShutDownTask,
173 weak_ptr_factory_.GetWeakPtr()));
174
Andreea Costinas942284d2020-01-28 16:28:40 +0100[diff] [blame]175 return SerializeProto(response);
176}
177
Andreea Costinase9c73592020-07-17 15:27:54 +0200[diff] [blame]178std::vector<uint8_t> SystemProxyAdaptor::ClearUserCredentials(
179 const std::vector<uint8_t>& request_blob) {
180 LOG(INFO) << "Received request to clear user credentials.";
181 std::string error_message;
182 ClearUserCredentials(/*user_traffic=*/false, &error_message);
183 ClearUserCredentials(/*user_traffic=*/true, &error_message);
184
185 ClearUserCredentialsResponse response;
186 if (!error_message.empty())
187 response.set_error_message(error_message);
188 return SerializeProto(response);
189}
190
191void SystemProxyAdaptor::ClearUserCredentials(bool user_traffic,
192 std::string* error_message) {
193 SandboxedWorker* worker = GetWorker(user_traffic);
194 if (!worker) {
195 return;
196 }
197 if (!worker->ClearUserCredentials()) {
198 error_message->append(
199 base::StringPrintf("Failure to clear user credentials for worker with "
200 "pid %s. Restarting worker.",
201 std::to_string(worker->pid()).c_str()));
202 ResetWorker(user_traffic);
203 CreateWorkerIfNeeded(user_traffic);
204 }
205}
206
Andreea Costinasfc3dc7d2020-07-20 18:54:38 +0200[diff] [blame]207std::vector<uint8_t> SystemProxyAdaptor::ShutDownProcess(
208 const std::vector<uint8_t>& request_blob) {
209 LOG(INFO) << "Received shutdown request.";
210 ShutDownRequest request;
211 std::string error_message =
212 DeserializeProto(FROM_HERE, &request, request_blob);
213
214 if (IncludesSystemTraffic(request.traffic_type()) &&
215 !ResetWorker(/* user_traffic=*/false)) {
216 error_message =
217 "Failure to terminate worker process for system services traffic.";
218 }
219
220 if (IncludesUserTraffic(request.traffic_type()) &&
221 !ResetWorker(/* user_traffic=*/true)) {
222 error_message += "Failure to terminate worker process for arc traffic.";
223 }
224
225 ShutDownResponse response;
226 if (!error_message.empty())
227 response.set_error_message(error_message);
228
229 if (request.traffic_type() == TrafficOrigin::ALL) {
230 brillo::MessageLoop::current()->PostTask(
231 FROM_HERE, base::Bind(&SystemProxyAdaptor::ShutDownTask,
232 weak_ptr_factory_.GetWeakPtr()));
233 }
234 return SerializeProto(response);
235}
236
Andreea Costinase89062c2020-11-12 14:31:46 +0100[diff] [blame^]237std::vector<uint8_t> SystemProxyAdaptor::GenerateNetworkAuthMessage(
238 const std::vector<uint8_t>& request_blob) {
239 LOG(INFO) << "Received request to generate NTLM token.";
240 GenerateNetworkAuthMessageRequest request;
241 std::string error_message =
242 DeserializeProto(FROM_HERE, &request, request_blob);
243
244 GenerateNetworkAuthMessageResponse response;
245 if (!error_message.empty()) {
246 response.set_error_message(error_message);
247 return SerializeProto(response);
248 }
249
250 if (!request.has_ntlm_message_auth_request()) {
251 response.set_error_message("Missing NTLM token generation request");
252 return SerializeProto(response);
253 }
254
255 NtlmAuthMessageRequest ntlm_request = request.ntlm_message_auth_request();
256 net::ntlm::NtlmFeatures features(ntlm_request.ntlmv2_enabled());
257 features.enable_MIC = ntlm_request.mic_enabled();
258 features.enable_EPA = ntlm_request.epa_enabled();
259
260 base::string16 domain = base::UTF8ToUTF16(ntlm_request.domain());
261 base::string16 username = base::UTF8ToUTF16(ntlm_request.username());
262 // TODO(acostinas) Replace placeholder password with Chrome OS login password
263 // from libpasswordprovider.
264 base::string16 pwd = base::ASCIIToUTF16("Password");
265
266 if (ntlm_request.client_challenge().size() != net::ntlm::kChallengeLen) {
267 response.set_error_message("NTLM client challenge has unexpected length");
268 return SerializeProto(response);
269 }
270 uint8_t client_challenge[net::ntlm::kChallengeLen];
271 std::memcpy(client_challenge, ntlm_request.client_challenge().data(),
272 net::ntlm::kChallengeLen);
273
274 base::span<const uint8_t> server_challenge_message =
275 base::as_bytes(base::make_span(ntlm_request.server_challenge_message()));
276
277 net::ntlm::NtlmClient client(features);
278 std::vector<uint8_t> auth_message = client.GenerateAuthenticateMessage(
279 domain, username, pwd, ntlm_request.hostname(),
280 ntlm_request.channel_bindings(), ntlm_request.spn(),
281 (uint64_t)ntlm_request.client_time(), client_challenge,
282 server_challenge_message);
283
284 response.set_auth_message(auth_message.data(), auth_message.size());
285
286 return SerializeProto(response);
287}
288
Andreea Costinas5862b102020-03-19 14:45:36 +0100[diff] [blame]289void SystemProxyAdaptor::GetChromeProxyServersAsync(
290 const std::string& target_url,
291 const brillo::http::GetChromeProxyServersCallback& callback) {
Andreea Costinasc9defae2020-04-22 10:28:35 +0200[diff] [blame]292 brillo::http::GetChromeProxyServersAsync(dbus_object_->GetBus(), target_url,
293 move(callback));
Andreea Costinas5862b102020-03-19 14:45:36 +0100[diff] [blame]294}
295
Andreea Costinas350e4aa2020-07-20 20:29:46 +0200[diff] [blame]296bool SystemProxyAdaptor::IsLocalProxy(const std::string& proxy) {
297 if (system_services_worker_ &&
298 proxy.find(system_services_worker_->local_proxy_host_and_port()) !=
299 std::string::npos) {
300 return true;
301 }
302 return arc_worker_ && proxy.find(arc_worker_->local_proxy_host_and_port()) !=
303 std::string::npos;
304}
305
Andreea Costinasc7d5ad02020-03-09 09:41:51 +0100[diff] [blame]306std::unique_ptr<SandboxedWorker> SystemProxyAdaptor::CreateWorker() {
Andreea Costinas5862b102020-03-19 14:45:36 +0100[diff] [blame]307 return std::make_unique<SandboxedWorker>(weak_ptr_factory_.GetWeakPtr());
Andreea Costinasc7d5ad02020-03-09 09:41:51 +0100[diff] [blame]308}
309
Andreea Costinas350e4aa2020-07-20 20:29:46 +0200[diff] [blame]310SandboxedWorker* SystemProxyAdaptor::CreateWorkerIfNeeded(bool user_traffic) {
311 SandboxedWorker* worker = GetWorker(user_traffic);
312 if (worker) {
313 // A worker for traffic indicated by |user_traffic| already exists.
314 return worker;
Andreea Costinas77b180e2020-05-12 15:17:32 +0200[diff] [blame]315 }
Andreea Costinas350e4aa2020-07-20 20:29:46 +0200[diff] [blame]316 SetWorker(user_traffic, CreateWorker());
317 worker = GetWorker(user_traffic);
Andreea Costinas77b180e2020-05-12 15:17:32 +0200[diff] [blame]318
Andreea Costinas350e4aa2020-07-20 20:29:46 +0200[diff] [blame]319 if (!worker->Start()) {
320 ResetWorker(user_traffic);
321 return nullptr;
Andreea Costinas77b180e2020-05-12 15:17:32 +0200[diff] [blame]322 }
323 // patchpanel_proxy is owned by |dbus_object_->bus_|.
324 dbus::ObjectProxy* patchpanel_proxy = dbus_object_->GetBus()->GetObjectProxy(
325 patchpanel::kPatchPanelServiceName,
326 dbus::ObjectPath(patchpanel::kPatchPanelServicePath));
327 patchpanel_proxy->WaitForServiceToBeAvailable(
328 base::Bind(&SystemProxyAdaptor::OnPatchpanelServiceAvailable,
Andreea Costinas350e4aa2020-07-20 20:29:46 +0200[diff] [blame]329 weak_ptr_factory_.GetWeakPtr(), user_traffic));
330 return worker;
Andreea Costinas77b180e2020-05-12 15:17:32 +0200[diff] [blame]331}
332
Andreea Costinasdb2cbee2020-06-15 11:43:44 +0200[diff] [blame]333void SystemProxyAdaptor::SetCredentialsTask(
334 SandboxedWorker* worker, const worker::Credentials& credentials) {
Andreea Costinasc7d5ad02020-03-09 09:41:51 +0100[diff] [blame]335 DCHECK(worker);
Andreea Costinasdb2cbee2020-06-15 11:43:44 +0200[diff] [blame]336 worker->SetCredentials(credentials);
Andreea Costinasc7d5ad02020-03-09 09:41:51 +0100[diff] [blame]337}
338
Andreea Costinas922fbaf2020-05-28 11:55:22 +0200[diff] [blame]339void SystemProxyAdaptor::SetKerberosEnabledTask(
340 SandboxedWorker* worker,
341 bool kerberos_enabled,
342 const std::string& principal_name) {
343 DCHECK(worker);
Andreea Costinas922fbaf2020-05-28 11:55:22 +0200[diff] [blame]344 worker->SetKerberosEnabled(kerberos_enabled,
345 kerberos_client_->krb5_conf_path(),
346 kerberos_client_->krb5_ccache_path());
347 kerberos_client_->SetKerberosEnabled(kerberos_enabled);
348 if (kerberos_enabled) {
349 kerberos_client_->SetPrincipalName(principal_name);
350 }
351}
352
Andreea Costinasc7d5ad02020-03-09 09:41:51 +0100[diff] [blame]353void SystemProxyAdaptor::ShutDownTask() {
354 brillo::MessageLoop::current()->BreakLoop();
355}
356
Andreea Costinas350e4aa2020-07-20 20:29:46 +0200[diff] [blame]357void SystemProxyAdaptor::SetWorker(bool user_traffic,
358 std::unique_ptr<SandboxedWorker> worker) {
359 if (user_traffic) {
360 arc_worker_ = std::move(worker);
361 } else {
362 system_services_worker_ = std::move(worker);
363 }
Andreea Costinasc7d5ad02020-03-09 09:41:51 +0100[diff] [blame]364}
365
Andreea Costinase9c73592020-07-17 15:27:54 +0200[diff] [blame]366bool SystemProxyAdaptor::ResetWorker(bool user_traffic) {
367 SandboxedWorker* worker =
368 user_traffic ? arc_worker_.get() : system_services_worker_.get();
369 if (!worker) {
370 return true;
371 }
372 if (!worker->Stop()) {
373 return false;
374 }
375 if (user_traffic) {
376 arc_worker_.reset();
377 } else {
378 system_services_worker_.reset();
379 }
380 return true;
381}
382
383SandboxedWorker* SystemProxyAdaptor::GetWorker(bool user_traffic) {
384 return user_traffic ? arc_worker_.get() : system_services_worker_.get();
385}
386
Andreea Costinasfc3dc7d2020-07-20 18:54:38 +0200[diff] [blame]387bool SystemProxyAdaptor::IncludesSystemTraffic(TrafficOrigin traffic_origin) {
388 return traffic_origin != TrafficOrigin::USER;
389}
390
391bool SystemProxyAdaptor::IncludesUserTraffic(TrafficOrigin traffic_origin) {
392 return traffic_origin != TrafficOrigin::SYSTEM;
393}
394
Andreea Costinas350e4aa2020-07-20 20:29:46 +0200[diff] [blame]395void SystemProxyAdaptor::OnPatchpanelServiceAvailable(bool user_traffic,
396 bool is_available) {
Andreea Costinasedb7c8e2020-04-22 10:58:04 +0200[diff] [blame]397 if (!is_available) {
398 LOG(ERROR) << "Patchpanel service not available";
399 return;
400 }
Andreea Costinas350e4aa2020-07-20 20:29:46 +0200[diff] [blame]401 ConnectNamespace(user_traffic);
Andreea Costinasedb7c8e2020-04-22 10:58:04 +0200[diff] [blame]402}
403
Andreea Costinas350e4aa2020-07-20 20:29:46 +0200[diff] [blame]404void SystemProxyAdaptor::ConnectNamespace(bool user_traffic) {
Andreea Costinas91f75352020-07-08 14:47:47 +0200[diff] [blame]405 DCHECK_GT(netns_reconnect_attempts_available_, 0);
406 --netns_reconnect_attempts_available_;
Andreea Costinas350e4aa2020-07-20 20:29:46 +0200[diff] [blame]407 SandboxedWorker* worker = GetWorker(user_traffic);
408 DCHECK(worker);
Andreea Costinas91f75352020-07-08 14:47:47 +0200[diff] [blame]409 // TODO(b/160736881, acostinas): Remove the delay after patchpanel
410 // implements "ip netns" to create the veth pair across network namespaces.
411 brillo::MessageLoop::current()->PostDelayedTask(
412 FROM_HERE,
413 base::Bind(&SystemProxyAdaptor::ConnectNamespaceTask,
Andreea Costinase9c73592020-07-17 15:27:54 +0200[diff] [blame]414 weak_ptr_factory_.GetWeakPtr(), worker, user_traffic),
Andreea Costinas91f75352020-07-08 14:47:47 +0200[diff] [blame]415 kConnectNamespaceDelay);
416}
417
418void SystemProxyAdaptor::ConnectNamespaceTask(SandboxedWorker* worker,
419 bool user_traffic) {
Andreea Costinasedb7c8e2020-04-22 10:58:04 +0200[diff] [blame]420 std::unique_ptr<patchpanel::Client> patchpanel_client =
421 patchpanel::Client::New();
422 if (!patchpanel_client) {
423 LOG(ERROR) << "Failed to open networking service client";
Andreea Costinas91f75352020-07-08 14:47:47 +0200[diff] [blame]424 return;
Andreea Costinasedb7c8e2020-04-22 10:58:04 +0200[diff] [blame]425 }
426
427 std::pair<base::ScopedFD, patchpanel::ConnectNamespaceResponse> result =
428 patchpanel_client->ConnectNamespace(
429 worker->pid(), "" /* outbound_ifname */, user_traffic);
430
431 if (!result.first.is_valid()) {
Andreea Costinas91f75352020-07-08 14:47:47 +0200[diff] [blame]432 LOG(ERROR) << "Failed to setup network namespace on attempt "
433 << kNetworkNamespaceReconnectAttempts -
434 netns_reconnect_attempts_available_;
435 if (netns_reconnect_attempts_available_ > 0) {
Andreea Costinas350e4aa2020-07-20 20:29:46 +0200[diff] [blame]436 ConnectNamespace(user_traffic);
Andreea Costinas91f75352020-07-08 14:47:47 +0200[diff] [blame]437 }
438 return;
Andreea Costinasedb7c8e2020-04-22 10:58:04 +0200[diff] [blame]439 }
440
441 worker->SetNetNamespaceLifelineFd(std::move(result.first));
Garrick Evans20421132020-12-02 12:14:23 +0900[diff] [blame]442 if (!worker->SetListeningAddress(result.second.peer_ipv4_address(),
Andreea Costinasa89309d2020-05-08 15:51:12 +0200[diff] [blame]443 kProxyPort)) {
Andreea Costinas91f75352020-07-08 14:47:47 +0200[diff] [blame]444 return;
Andreea Costinasa89309d2020-05-08 15:51:12 +0200[diff] [blame]445 }
446 OnNamespaceConnected(worker, user_traffic);
Andreea Costinasa89309d2020-05-08 15:51:12 +0200[diff] [blame]447}
448
449void SystemProxyAdaptor::OnNamespaceConnected(SandboxedWorker* worker,
450 bool user_traffic) {
451 WorkerActiveSignalDetails details;
452 details.set_traffic_origin(user_traffic ? TrafficOrigin::USER
453 : TrafficOrigin::SYSTEM);
454 details.set_local_proxy_url(worker->local_proxy_host_and_port());
455 SendWorkerActiveSignal(SerializeProto(details));
Andreea Costinasc7d5ad02020-03-09 09:41:51 +0100[diff] [blame]456}
457
Andreea Costinasdb2cbee2020-06-15 11:43:44 +0200[diff] [blame]458void SystemProxyAdaptor::RequestAuthenticationCredentials(
Andreea Costinased9e6122020-08-12 12:06:19 +0200[diff] [blame]459 const worker::ProtectionSpace& protection_space,
460 bool bad_cached_credentials) {
Andreea Costinasdb2cbee2020-06-15 11:43:44 +0200[diff] [blame]461 AuthenticationRequiredDetails details;
462 ProtectionSpace proxy_protection_space;
463 proxy_protection_space.set_origin(protection_space.origin());
464 proxy_protection_space.set_realm(protection_space.realm());
465 proxy_protection_space.set_scheme(protection_space.scheme());
466 *details.mutable_proxy_protection_space() = proxy_protection_space;
Andreea Costinased9e6122020-08-12 12:06:19 +0200[diff] [blame]467 details.set_bad_cached_credentials(bad_cached_credentials);
Andreea Costinasdb2cbee2020-06-15 11:43:44 +0200[diff] [blame]468 SendAuthenticationRequiredSignal(SerializeProto(details));
469}
470
Andreea Costinas942284d2020-01-28 16:28:40 +0100[diff] [blame]471} // namespace system_proxy