system-proxy/sandboxed_worker.h

// Copyright 2020 The Chromium OS Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef SYSTEM_PROXY_SANDBOXED_WORKER_H_
#define SYSTEM_PROXY_SANDBOXED_WORKER_H_

#include <array>
#include <map>
#include <memory>
#include <string>
#include <vector>

#include <gtest/gtest_prod.h>  // for FRIEND_TEST

#include <base/files/file_descriptor_watcher_posix.h>
#include <base/files/scoped_file.h>
#include <base/memory/weak_ptr.h>
#include <chromeos/scoped_minijail.h>

#include "bindings/worker_common.pb.h"

namespace system_proxy {

class SystemProxyAdaptor;

class SandboxedWorker {
 public:
  explicit SandboxedWorker(base::WeakPtr<SystemProxyAdaptor> adaptor);
  SandboxedWorker(const SandboxedWorker&) = delete;
  SandboxedWorker& operator=(const SandboxedWorker&) = delete;
  virtual ~SandboxedWorker() = default;

  // Starts a sandboxed worker with pipes.
  virtual bool Start();
  // Sends the credentials which include username, password and protection
  // space (optional) to the worker via communication pipes.
  void SetCredentials(const worker::Credentials& credentials);
  // Sends the availability of kerberos auth to the worker via communication
  // pipes.
  bool SetKerberosEnabled(bool enabled,
                          const std::string& krb5_conf_path,
                          const std::string& krb5_ccache_path);

  // Sends the listening address and port to the worker via communication
  // pipes and sets |local_proxy_host_and_port_|.
  bool SetListeningAddress(uint32_t addr, int port);

  // Sends a request to clear the user credentials to the worker via
  // communication pipes.
  bool ClearUserCredentials();

  // Terminates the child process by sending a SIGTERM signal.
  virtual bool Stop();

  virtual bool IsRunning();

  void SetNetNamespaceLifelineFd(base::ScopedFD net_namespace_lifeline_fd);

  pid_t pid() { return pid_; }

  // Returns the address of the local proxy as host:port.
  virtual std::string local_proxy_host_and_port() {
    return local_proxy_host_and_port_;
  }

 private:
  friend class SystemProxyAdaptorTest;
  FRIEND_TEST(SystemProxyAdaptorTest, SetAuthenticationDetails);
  FRIEND_TEST(SystemProxyAdaptorTest, KerberosEnabled);
  FRIEND_TEST(SystemProxyAdaptorTest, ProxyResolutionFilter);
  FRIEND_TEST(SystemProxyAdaptorTest, ProtectionSpaceAuthenticationRequired);
  FRIEND_TEST(SystemProxyAdaptorTest, ProtectionSpaceNoCredentials);
  FRIEND_TEST(SystemProxyAdaptorTest, ClearUserCredentials);

  void OnMessageReceived();
  void OnErrorReceived();
  // Called when a proxy resolver job is resolved. |proxy_servers| is the
  // ordered list of proxies returned by Chrome. In case of failure it will be
  // the direct proxy.
  void OnProxyResolved(const std::string& target_url,
                       bool success,
                       const std::vector<std::string>& proxy_servers);

  std::string local_proxy_host_and_port_;
  bool is_being_terminated_ = false;
  ScopedMinijail jail_;
  base::ScopedFD stdin_pipe_;
  base::ScopedFD stdout_pipe_;
  base::ScopedFD stderr_pipe_;

  // The fd will be released when the owning sandbox worker instance is
  // destroyed. Closing this fd will signal to the patchpanel service to tear
  // down the network namespace setup for the associated worker process.
  base::ScopedFD net_namespace_lifeline_fd_;

  std::unique_ptr<base::FileDescriptorWatcher::Controller> stdout_watcher_;
  std::unique_ptr<base::FileDescriptorWatcher::Controller> stderr_watcher_;

  // The adaptor that owns this worker.
  base::WeakPtr<SystemProxyAdaptor> adaptor_;
  pid_t pid_;
  base::WeakPtrFactory<SandboxedWorker> weak_ptr_factory_{this};
};

}  // namespace system_proxy

#endif  // SYSTEM_PROXY_SANDBOXED_WORKER_H_