diff options
Diffstat (limited to 'vpn')
-rwxr-xr-x[-rw-r--r--] | vpn/connman-task.te | 0 | ||||
-rwxr-xr-x[-rw-r--r--] | vpn/connman-vpn.service.in | 10 | ||||
-rwxr-xr-x[-rw-r--r--] | vpn/main.c | 28 | ||||
-rwxr-xr-x[-rw-r--r--] | vpn/net.connman.vpn.service.in | 3 | ||||
-rw-r--r-- | vpn/plugins/ipsec.c | 925 | ||||
-rw-r--r-- | vpn/plugins/ipsec.h | 51 | ||||
-rwxr-xr-x[-rw-r--r--] | vpn/plugins/l2tp.c | 0 | ||||
-rwxr-xr-x[-rw-r--r--] | vpn/plugins/openconnect.c | 0 | ||||
-rwxr-xr-x[-rw-r--r--] | vpn/plugins/openvpn.c | 2 | ||||
-rwxr-xr-x[-rw-r--r--] | vpn/plugins/pptp.c | 0 | ||||
-rw-r--r-- | vpn/plugins/vici-client.c | 1290 | ||||
-rw-r--r-- | vpn/plugins/vici-client.h | 84 | ||||
-rwxr-xr-x[-rw-r--r--] | vpn/plugins/vpn.c | 56 | ||||
-rwxr-xr-x[-rw-r--r--] | vpn/plugins/vpn.h | 7 | ||||
-rwxr-xr-x[-rw-r--r--] | vpn/plugins/vpnc.c | 0 | ||||
-rwxr-xr-x[-rw-r--r--] | vpn/vpn-agent.c | 0 | ||||
-rwxr-xr-x[-rw-r--r--] | vpn/vpn-agent.h | 0 | ||||
-rwxr-xr-x[-rw-r--r--] | vpn/vpn-config.c | 14 | ||||
-rwxr-xr-x[-rw-r--r--] | vpn/vpn-dbus.conf | 29 | ||||
-rwxr-xr-x[-rw-r--r--] | vpn/vpn-ipconfig.c | 0 | ||||
-rwxr-xr-x[-rw-r--r--] | vpn/vpn-manager.c | 0 | ||||
-rwxr-xr-x[-rw-r--r--] | vpn/vpn-polkit.conf | 4 | ||||
-rwxr-xr-x[-rw-r--r--] | vpn/vpn-polkit.policy | 0 | ||||
-rwxr-xr-x[-rw-r--r--] | vpn/vpn-provider.c | 23 | ||||
-rwxr-xr-x[-rw-r--r--] | vpn/vpn-provider.h | 0 | ||||
-rwxr-xr-x[-rw-r--r--] | vpn/vpn-rtnl.c | 0 | ||||
-rwxr-xr-x[-rw-r--r--] | vpn/vpn-rtnl.h | 0 | ||||
-rwxr-xr-x[-rw-r--r--] | vpn/vpn.h | 5 | ||||
-rwxr-xr-x[-rw-r--r--] | vpn/vpn.ver | 0 |
29 files changed, 2515 insertions, 16 deletions
diff --git a/vpn/connman-task.te b/vpn/connman-task.te index dd777107..dd777107 100644..100755 --- a/vpn/connman-task.te +++ b/vpn/connman-task.te diff --git a/vpn/connman-vpn.service.in b/vpn/connman-vpn.service.in index e98fb714..a8f2948f 100644..100755 --- a/vpn/connman-vpn.service.in +++ b/vpn/connman-vpn.service.in @@ -1,12 +1,18 @@ [Unit] Description=ConnMan VPN service +Requires=dbus.socket +After=dbus.socket [Service] Type=dbus +User=network_fw +Group=network_fw BusName=net.connman.vpn -ExecStart=@sbindir@/connman-vpnd -n +SmackProcessLabel=System +ExecStart=@bindir@/connman-vpnd -n StandardOutput=null -CapabilityBoundingSet=CAP_KILL CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW +Capabilities=cap_net_admin,cap_net_bind_service,cap_net_broadcast,cap_net_raw,cap_dac_override=i +SecureBits=keep-caps ProtectHome=read-only ProtectSystem=full diff --git a/vpn/main.c b/vpn/main.c index ee88aacd..c18fee4f 100644..100755 --- a/vpn/main.c +++ b/vpn/main.c @@ -45,6 +45,7 @@ #define CONFIGMAINFILE CONFIGDIR "/connman-vpn.conf" #define DEFAULT_INPUT_REQUEST_TIMEOUT 300 * 1000 +#define DEFAULT_BROWSER_LAUNCH_TIMEOUT 300 * 1000 static GMainLoop *main_loop = NULL; @@ -52,8 +53,10 @@ static unsigned int __terminated = 0; static struct { unsigned int timeout_inputreq; + unsigned int timeout_browserlaunch; } connman_vpn_settings = { .timeout_inputreq = DEFAULT_INPUT_REQUEST_TIMEOUT, + .timeout_browserlaunch = DEFAULT_BROWSER_LAUNCH_TIMEOUT, }; static GKeyFile *load_config(const char *file) @@ -224,6 +227,21 @@ static GOptionEntry options[] = { { NULL }, }; +bool connman_setting_get_bool(const char *key) +{ + return false; +} + +char **connman_setting_get_string_list(const char *key) +{ + return NULL; +} + +unsigned int *connman_setting_get_uint_list(const char *key) +{ + return NULL; +} + /* * This function will be called from generic src/agent.c code so we have * to use connman_ prefix instead of vpn_ one. @@ -233,6 +251,16 @@ unsigned int connman_timeout_input_request(void) return connman_vpn_settings.timeout_inputreq; } +unsigned int connman_timeout_browser_launch(void) +{ + return connman_vpn_settings.timeout_browserlaunch; +} + +const char *connman_option_get_string(const char *key) +{ + return NULL; +} + int main(int argc, char *argv[]) { GOptionContext *context; diff --git a/vpn/net.connman.vpn.service.in b/vpn/net.connman.vpn.service.in index e473ea9e..c1640cb3 100644..100755 --- a/vpn/net.connman.vpn.service.in +++ b/vpn/net.connman.vpn.service.in @@ -1,5 +1,4 @@ [D-BUS Service] Name=net.connman.vpn -Exec=@sbindir@/connman-vpnd -n -User=root +Exec=/bin/false SystemdService=connman-vpn.service diff --git a/vpn/plugins/ipsec.c b/vpn/plugins/ipsec.c new file mode 100644 index 00000000..36502dde --- /dev/null +++ b/vpn/plugins/ipsec.c @@ -0,0 +1,925 @@ +/* + * + * ConnMan VPN daemon + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + * + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <stdlib.h> +#include <string.h> +#include <errno.h> +#include <unistd.h> +#include <stdio.h> +#include <sys/stat.h> +#include <net/if.h> + +#include <glib.h> +#include <gio/gio.h> + +#define CONNMAN_API_SUBJECT_TO_CHANGE +#include <connman/plugin.h> +#include <connman/log.h> +#include <connman/task.h> +#include <connman/dbus.h> +#include <connman/ipconfig.h> + +#include "../vpn-provider.h" + +#include "vpn.h" +#include "ipsec.h" +#include "vici-client.h" + +#define ARRAY_SIZE(a) (sizeof(a)/sizeof(a[0])) + +typedef enum { + CERT_TYPE_NONE, + CERT_TYPE_DER, + CERT_TYPE_PEM, + CERT_TYPE_PKCS12, + CERT_TYPE_MAX, +} cert_type_e; + +static DBusConnection *connection; +static VICIClient *vici_client; +static GFileMonitor* monitor; + +struct ipsec_private_data { + struct vpn_provider *provider; + vpn_provider_connect_cb_t connect_cb; + void *connect_user_data; +}; + +struct ipsec_event_data { + vpn_event_callback event_cb; + void *event_user_data; +}; + +struct { + const char *cm_opt; + const char *vici_key; + const char *subsection; + vici_add_element add_elem; +} ipsec_conn_options[] = { + {"IPsec.Version", "version", NULL, vici_add_kv}, + {"IPsec.LeftAddrs", "local_addrs", NULL, vici_add_kvl}, + {"IPsec.RightAddrs", "remote_addrs", NULL, vici_add_kvl}, + + {"IPsec.LocalAuth", "auth", "local", vici_add_kv}, + {"IPsec.LocalID", "id", "local", vici_add_kv}, + {"IPsec.LocalXauthID", "xauth_id", "local", vici_add_kv}, + {"IPsec.LocalXauthAuth", "auth", "local-xauth", vici_add_kv}, + {"IPsec.LocalXauthXauthID", "xauth_id", "local-xauth", vici_add_kv}, + {"IPsec.RemoteAuth", "auth", "remote", vici_add_kv}, + {"IPsec.RemoteID", "id", "remote", vici_add_kv}, + {"IPsec.RemoteXauthID", "xauth_id", "remote", vici_add_kv}, + {"IPsec.RemoteXauthAuth", "auth", "remote-xauth", vici_add_kv}, + {"IPsec.RemoteXauthXauthID", "xauth_id", "remote-xauth", vici_add_kv}, + {"IPsec.ChildrenLocalTS", "local_ts", "children", vici_add_kvl}, + {"IPsec.ChildrenRemoteTS", "remote_ts", "children", vici_add_kvl}, +}; + +struct { + const char *cm_opt; + const char *vici_type; +} ipsec_shared_options[] = { + {"IPsec.IKEData", "data"}, + {"IPsec.IKEOwners", "owners"}, + {"IPsec.XauthData", "data"}, + {"IPsec.XauthOwners", "owners"}, +}; + +struct { + const char *cm_opt; + const char *vici_type; + const char *vici_flag; +} ipsec_cert_options[] = { + {"IPsec.CertType", "type", NULL}, + {"IPsec.CertFlag", "flag", NULL}, + {"IPsec.CertData", "data", NULL}, + {"IPsec.CertPass", "data", NULL}, +}; + +struct { + const char *cm_opt; + const char *vici_type; +} ipsec_pkey_options[] = { + {"IPsec.PKeyType", "type"}, + {"IPsec.PKeyData", "data"}, +}; + +static const char *ikev1_esp_proposals [] ={ + "aes256-sha256", + "aes128-sha256", + "aes256-sha1", + "aes128-sha1", + "aes256-md5", + "aes128-md5", + "3des-sha1", + "3des-md5", + NULL, +}; + +static const char *ikev1_proposals [] ={ + "aes256-sha256-modp1024", + "aes128-sha256-modp1024", + "aes256-sha1-modp1024", + "aes128-sha1-modp1024", + "aes256-md5-modp1024", + "aes128-md5-modp1024", + "3des-sha1-modp1024", + "3des-md5-modp1024", + NULL, +}; + +static const char *ikev2_esp_proposals = "aes256-aes128-sha256-sha1"; + +static const char *ikev2_proposals = "aes256-aes128-sha512-sha384-sha256-sha1-modp2048-modp1536-modp1024"; + +static struct ipsec_event_data event_data; + +static void free_private_data(struct ipsec_private_data *data) +{ + g_free(data); +} + +static int ipsec_notify(DBusMessage *msg, struct vpn_provider *provider) +{ + return 0; +} + +static void ipsec_set_event_cb(vpn_event_callback event_cb, struct vpn_provider *provider) +{ + DBG("set event cb!"); + event_data.event_cb = event_cb; + event_data.event_user_data = provider; + return; +} + +static int ipsec_is_same_auth(const char* req, const char* target) +{ + if (req == NULL || target == NULL) + return 0; + return (g_strcmp0(req, target) == 0); +} + +static int vici_load_cert(const char* type, const char* flag, const char* data) +{ + VICISection *sect; + int ret = 0; + + sect = vici_create_section(NULL); + if (!sect) + return -ENOMEM; + + vici_add_kv(sect, "type", type, NULL); + vici_add_kv(sect, "flag", flag, NULL); + vici_add_kv(sect, "data", data, NULL); + + ret = vici_send_request(vici_client, VICI_CMD_LOAD_CERT, sect); + if (ret < 0) + connman_error("vici_send_request failed"); + + vici_destroy_section(sect); + + return ret; +} + +static void ipsec_add_default_child_sa_data(struct vpn_provider *provider, VICISection *child) +{ + const char *version = vpn_provider_get_string(provider, "IPsec.Version"); + if (g_strcmp0(version, "1") == 0) { + int i = 0; + GSList *list; + + for (list = NULL; ikev1_esp_proposals[i] != NULL; i++) + list = g_slist_append(list, g_strdup(ikev1_esp_proposals[i])); + vici_add_list(child, "esp_proposals", list, "net"); + g_slist_free_full(list, g_free); + list = NULL; + } else { + vici_add_kvl(child, "esp_proposals", ikev2_esp_proposals, "net"); + } + return; +} + +static void ipsec_add_default_conn_data(struct vpn_provider *provider, VICISection *conn) +{ + const char *version = vpn_provider_get_string(provider, "IPsec.Version"); + const char *remote_addr = vpn_provider_get_string(provider, "Host"); + + vici_add_kvl(conn, "remote_addrs", remote_addr, NULL); + if (g_strcmp0(version, "1") == 0) { + int i = 0; + GSList *list; + + for (list = NULL; ikev1_proposals[i] != NULL; i++) + list = g_slist_append(list, g_strdup(ikev1_proposals[i])); + vici_add_list(conn, "proposals", list, NULL); + g_slist_free_full(list, g_free); + list = NULL; + + if (g_strcmp0(vpn_provider_get_string(provider, "IPsec.LocalAuth"), "psk") == 0) + vici_add_kv(conn, "aggressive", "yes", NULL); + } else { + vici_add_kvl(conn, "proposals", ikev2_proposals, NULL); + } + + vici_add_kvl(conn, "vips", "0.0.0.0", NULL); + return; +} + +static char *load_file_from_path(const char *path) +{ + struct stat st; + FILE *fp = NULL; + int fd = 0; + size_t file_size = 0; + char *file_buff = NULL; + + if (!path) { + connman_error("File path is NULL\n"); + return NULL; + } + + fp = fopen(path, "rb"); + if (!fp) { + connman_error("fopen %s is failed\n", path); + return NULL; + } + + fd = fileno(fp); + if (fd == -1) { + connman_error("fp is not a valid stream"); + fclose(fp); + return NULL; + } + + if (fstat(fd, &st) != 0) { + connman_error("fstat failed"); + fclose(fp); + return NULL; + } + + file_size = st.st_size; + file_buff = g_try_malloc0(sizeof(char)*st.st_size); + if (file_buff == NULL) { + connman_error("g_try_malloc0 failed\n"); + fclose(fp); + return NULL; + } + + if (fread(file_buff, 1, file_size, fp) != file_size) { + connman_error("file size not matched\n"); + g_free(file_buff); + file_buff = NULL; + } + + fclose(fp); + return file_buff; +} + +static char * get_local_cert_str(struct vpn_provider *provider) +{ + const char *path; + + if (!provider) + return NULL; + + path = vpn_provider_get_string(provider, "IPsec.LocalCerts"); + + return load_file_from_path(path); +} + +static int ipsec_load_conn(struct vpn_provider *provider, struct ipsec_private_data *data) +{ + const char *key; + const char *value; + const char *subsection; + char *local_cert_str; + VICISection *conn; + VICISection *children; + int i; + int ret = 0; + + if (!provider || !data) { + connman_error("invalid provider or data"); + return -EINVAL; + } + + value = vpn_provider_get_string(provider, "Name"); + DBG("Name: %s", value); + conn = vici_create_section(value); + children = vici_create_section("children"); + add_subsection("children", children, conn); + + for (i = 0; i < (int)ARRAY_SIZE(ipsec_conn_options); i++) { + value = vpn_provider_get_string(provider, ipsec_conn_options[i].cm_opt); + if (!value) + continue; + + key = ipsec_conn_options[i].vici_key; + subsection = ipsec_conn_options[i].subsection; + ipsec_conn_options[i].add_elem(conn, key, value, subsection); + } + + local_cert_str = get_local_cert_str(provider); + if (local_cert_str) { + /* TODO :remove this after debug */ + DBG("There's local certification to add local section"); + vici_add_kvl(conn, "certs", local_cert_str, "local"); + g_free(local_cert_str); + } + + ipsec_add_default_conn_data(provider, conn); + ipsec_add_default_child_sa_data(provider, children); + + ret = vici_send_request(vici_client, VICI_CMD_LOAD_CONN, conn); + if (ret < 0) + connman_error("vici_send_request failed"); + + vici_destroy_section(conn); + + return ret; +} + +static int ipsec_load_shared_psk(struct vpn_provider *provider) +{ + const char *data; + const char *owner; + VICISection *sect; + int ret = 0; + + if (!provider) { + connman_error("invalid provider"); + return -EINVAL; + } + + data = vpn_provider_get_string(provider, "IPsec.IKEData"); + owner = vpn_provider_get_string(provider, "IPsec.IKEOwners"); + DBG("IKEData: %s, IKEOwners: %s", data, owner); + + if (!data) + return 0; + + sect = vici_create_section(NULL); + if (!sect) { + return -ENOMEM; + } + + vici_add_kv(sect, "type", VICI_SHARED_TYPE_PSK, NULL); + vici_add_kv(sect, "data", data, NULL); + vici_add_kvl(sect, "owners", owner, NULL); + + ret = vici_send_request(vici_client, VICI_CMD_LOAD_SHARED, sect); + if (ret < 0) + connman_error("vici_send_request failed"); + + vici_destroy_section(sect); + + return ret; +} + +static int ipsec_load_shared_xauth(struct vpn_provider *provider) +{ + const char *data; + const char *owner; + VICISection *sect; + int ret = 0; + + if (!provider) { + connman_error("invalid provider"); + return -EINVAL; + } + + data = vpn_provider_get_string(provider, "IPsec.XauthData"); + owner = vpn_provider_get_string(provider, "IPsec.XauthOwners"); + DBG("XauthData: %s, XauthOwners: %s", data, owner); + + if (!data) + return 0; + + sect = vici_create_section(NULL); + + vici_add_kv(sect, "type", VICI_SHARED_TYPE_XAUTH, NULL); + vici_add_kv(sect, "data", data, NULL); + vici_add_kvl(sect, "owners", owner, NULL); + + ret = vici_send_request(vici_client, VICI_CMD_LOAD_SHARED, sect); + if (ret < 0) + connman_error("vici_send_request failed"); + + vici_destroy_section(sect); + + return ret; +} + +static int ipsec_load_key(struct vpn_provider *provider) +{ + const char *type; + const char *path; + char *data; + VICISection *sect; + int ret = 0; + + if (!provider) { + connman_error("invalid provider"); + return -EINVAL; + } + + type = vpn_provider_get_string(provider, "IPsec.PKeyType"); + path = vpn_provider_get_string(provider, "IPsec.PKeyData"); + DBG("PKeyType: %s, PKeyData: %s", type, path); + + if (!type || !path) + return 0; + + data = load_file_from_path(path); + if (!data) + return 0; + + sect = vici_create_section(NULL); + if (!sect) { + g_free(data); + return -ENOMEM; + } + + vici_add_kv(sect, "type", type, NULL); + vici_add_kv(sect, "data", data, NULL); + + ret = vici_send_request(vici_client, VICI_CMD_LOAD_KEY, sect); + if (ret < 0) + connman_error("vici_send_request failed"); + + vici_destroy_section(sect); + g_free(data); + + return ret; +} + +static int ipsec_initiate(struct vpn_provider *provider) +{ + VICISection *sect; + int ret = 0; + + sect = vici_create_section(NULL); + if (!sect) + return -ENOMEM; + + vici_add_kv(sect, "child", "net", NULL); + ret = vici_send_request(vici_client, VICI_CMD_INITIATE, sect); + if (ret < 0) + connman_error("vici_send_request failed"); + + vici_destroy_section(sect); + + return ret; +} + +static int ipsec_load_cert(struct vpn_provider *provider) +{ + const char *type; + const char *flag; + char *data; + const char *local_auth_type; + const char *remote_auth_type; + int ret = 0; + + if (!provider) { + connman_error("invalid provider"); + return -EINVAL; + } + + local_auth_type = vpn_provider_get_string(provider, "IPsec.LocalAuth"); + remote_auth_type = vpn_provider_get_string(provider, "IPsec.RemoteAuth"); + if (!ipsec_is_same_auth(local_auth_type, "pubkey") && + !ipsec_is_same_auth(remote_auth_type, "pubkey")) { + DBG("invalid auth type"); + return 0; + } + + type = vpn_provider_get_string(provider, "IPsec.CertType"); + flag = vpn_provider_get_string(provider, "IPsec.CertFlag"); + data = load_file_from_path(vpn_provider_get_string(provider, "IPsec.CertData")); + DBG("CertType: %s, CertFalg: %s,CertData: %s", type, flag, data); + if (!type || ! flag || !data) { + connman_error("invalid certification information"); + g_free(data); + return -EINVAL; + } + + ret = vici_load_cert(type, flag, data); + if (ret < 0) + connman_error("failed to load cert"); + + g_free(data); + + return ret; +} + +static int ipsec_terminate(struct vpn_provider *provider) +{ + VICISection *sect; + int ret = 0; + + sect = vici_create_section(NULL); + if (!sect) + return -ENOMEM; + + vici_add_kv(sect, "child", "net", NULL); + vici_add_kv(sect, "ike", vpn_provider_get_string(provider, "Name"), NULL); + vici_add_kv(sect, "timeout", "-1", NULL); + ret = vici_send_request(vici_client, VICI_CMD_TERMINATE, sect); + if (ret < 0) + connman_error("vici_send_request failed"); + + vici_destroy_section(sect); + + return ret; +} + +static void request_reply_cb(int err, void *user_data) +{ + struct ipsec_private_data *data; + + data = (struct ipsec_private_data *)user_data; + DBG("request reply cb"); + + if(err != 0) { + if (event_data.event_cb) + event_data.event_cb(event_data.event_user_data, VPN_STATE_FAILURE); + /* TODO: Does close socket needed? */ + } else { + DBG("Series of requests are succeeded"); + /* TODO: Not sure about below */ + if (event_data.event_cb) + event_data.event_cb(event_data.event_user_data, VPN_STATE_CONNECT); + } + + free_private_data(data); +} + +static void ipsec_vici_event_cb(VICIClientEvent event, void *user_data) +{ + struct vpn_provider *provider; + + provider = (struct vpn_provider *)user_data; + if (!provider) { + DBG("Invalid user data"); + return; + } + + if(event == VICI_EVENT_CHILD_UP) { + if (event_data.event_cb) + event_data.event_cb(event_data.event_user_data, VPN_STATE_READY); + } else if (event == VICI_EVENT_CHILD_DOWN) { + if (event_data.event_cb) + event_data.event_cb(event_data.event_user_data, VPN_STATE_DISCONNECT); + } else { + DBG("Unknown event"); + } + + return; +} + +static struct ipsec_private_data* create_ipsec_private_data(struct vpn_provider *provider, + vpn_provider_connect_cb_t cb, void* user_data) +{ + struct ipsec_private_data *data; + data = g_try_new0(struct ipsec_private_data, 1); + if (!data) { + connman_error("out of memory"); + return NULL; + } + + data->provider = provider; + data->connect_cb = cb; + data->connect_user_data = user_data; + return data; +} + +static void vici_connect(struct ipsec_private_data *data) +{ + struct vpn_provider *provider = NULL; + vpn_provider_connect_cb_t cb = NULL; + int err = 0; + + if (!data) + IPSEC_ERROR_CHECK_GOTO(-1, done, "Invalid data parameter"); + + provider = data->provider; + cb = data->connect_cb; + if (!provider || !cb) + IPSEC_ERROR_CHECK_GOTO(-1, done, "Invalid provider or callback"); + + DBG("data %p, provider %p", data, provider); + + /* + * Initialize vici client + */ + err = vici_initialize(&vici_client); + IPSEC_ERROR_CHECK_GOTO(err, done, "failed to initialize vici_client"); + + /* TODO :remove this after debug */ + DBG("success to initialize vici socket"); + + vici_set_request_reply_cb(vici_client, (vici_request_reply_cb)request_reply_cb, data); + /* + * Sets child-updown event + */ + err = vici_set_event_cb(vici_client, (vici_event_cb)ipsec_vici_event_cb, provider); + IPSEC_ERROR_CHECK_GOTO(err, done, "register event failed"); + + /* TODO :remove this after debug */ + DBG("success to vici_set_event_cb"); + /* + * Send the load-conn command + */ + err = ipsec_load_conn(provider, data); + IPSEC_ERROR_CHECK_GOTO(err, done, "load-conn failed"); + + /* TODO :remove this after debug */ + DBG("success to ipsec_load_conn"); + + /* + * Send the load-shared command for PSK + */ + err = ipsec_load_shared_psk(provider); + IPSEC_ERROR_CHECK_GOTO(err, done, "load-shared failed"); + + /* TODO :remove this after debug */ + DBG("success to ipsec_load_shared_psk"); + + /* + * Send the load-shared command for XAUTH + */ + err = ipsec_load_shared_xauth(provider); + IPSEC_ERROR_CHECK_GOTO(err, done, "load-shared failed"); + + /* TODO :remove this after debug */ + DBG("success to ipsec_load_shared_xauth"); + /* + * Send the load-cert command + */ + err = ipsec_load_cert(provider); + IPSEC_ERROR_CHECK_GOTO(err, done, "load-cert failed"); + + /* TODO :remove this after debug */ + DBG("success to ipsec_load_cert"); + + /* + * Send the load-key command + */ + err = ipsec_load_key(provider); + IPSEC_ERROR_CHECK_GOTO(err, done, "load-key failed"); + + /* TODO :remove this after debug */ + DBG("success to ipsec_load_cert"); + /* + * Send the initiate command + */ + err = ipsec_initiate(provider); + IPSEC_ERROR_CHECK_GOTO(err, done, "initiate failed"); + + /* TODO :remove this after debug */ + DBG("success to ipsec_initiate"); + +done: + /* refer to connect_cb on vpn-provider.c for cb */ + if(cb) + cb(provider, data->connect_user_data, -err); + /* TODO: Does close socket needed? when err is not zero */ + + return; +} + +static void monitor_changed(GFileMonitor *monitor, GFile *file, GFile *other_file, + GFileMonitorEvent event_type, gpointer user_data) +{ + DBG("file %s", g_file_get_path(file)); + if (event_type == G_FILE_MONITOR_EVENT_CREATED) { + if (g_file_test(VICI_DEFAULT_URI, G_FILE_TEST_EXISTS)) { + DBG("file created: %s", VICI_DEFAULT_URI); + struct ipsec_private_data *data = user_data; + vici_connect(data); + g_object_unref(monitor); + } + } +} + +static void monitor_vici_socket(struct ipsec_private_data *data) +{ + GError *error = NULL; + GFile* file; + + file = g_file_new_for_path(VICI_DEFAULT_URI); + monitor = g_file_monitor_file(file, G_FILE_MONITOR_SEND_MOVED, NULL, &error); + if (error) { + connman_error("g_file_monitor_directory failed: %s / %d", error->message, error->code); + g_error_free(error); + if(event_data.event_cb) + event_data.event_cb(event_data.event_user_data, VPN_STATE_FAILURE); + return; + } + /* TODO :remove this after debug */ + DBG("starting to monitor vici socket"); + g_signal_connect(monitor, "changed", G_CALLBACK(monitor_changed), data); + g_object_unref(file); +} + +static void check_vici_socket(struct ipsec_private_data *data) +{ + DBG("data %p", data); + if (g_file_test(VICI_DEFAULT_URI, G_FILE_TEST_EXISTS)) { + DBG("file exists: %s", VICI_DEFAULT_URI); + vici_connect(data); + } else { + monitor_vici_socket(data); + } +} + +static void ipsec_died(struct connman_task *task, int exit_code, void *user_data) +{ + DBG("task %p exit_code %d", task, exit_code); + unlink(VICI_DEFAULT_URI); + vpn_died(task, exit_code, user_data); +} + +static int ipsec_connect(struct vpn_provider *provider, + struct connman_task *task, const char *if_name, + vpn_provider_connect_cb_t cb, const char *dbus_sender, + void *user_data) +{ + struct ipsec_private_data *data; + int err = 0; + + data = create_ipsec_private_data(provider, cb, user_data); + if (!data) { + connman_error("create ipsec private data failed"); + return -ENOMEM; + } + /* + * Start charon daemon using ipsec script of strongSwan. + */ + err = connman_task_run(task, ipsec_died, provider, NULL, NULL, NULL); + if (err < 0) { + connman_error("charon start failed"); + if (cb) + cb(provider, user_data, err); + + g_free(data); + return err; + } + + check_vici_socket(data); +// g_usleep(G_USEC_PER_SEC); + + return err; +} + +static int ipsec_error_code(struct vpn_provider *provider, int exit_code) +{ + return 0; +} + +static int ipsec_save(struct vpn_provider *provider, GKeyFile *keyfile) +{ + int i; + const char *option; + + DBG(""); + /* + * Save IKE connection configurations + */ + for (i = 0; i < (int)ARRAY_SIZE(ipsec_conn_options); i++) { + option = vpn_provider_get_string(provider, ipsec_conn_options[i].cm_opt); + if (option) + g_key_file_set_string(keyfile, + vpn_provider_get_save_group(provider), + ipsec_conn_options[i].cm_opt, + option); + } + + /* + * Save shared IKE PSK, EAP or XAUTH secret + */ + for (i = 0; i < (int)ARRAY_SIZE(ipsec_shared_options); i++) { + option = vpn_provider_get_string(provider, ipsec_shared_options[i].cm_opt); + if (option) + g_key_file_set_string(keyfile, + vpn_provider_get_save_group(provider), + ipsec_shared_options[i].cm_opt, + option); + } + + /* + * Save certification + */ + for (i = 0; i < (int)ARRAY_SIZE(ipsec_cert_options); i++) { + option = vpn_provider_get_string(provider, ipsec_cert_options[i].cm_opt); + if (option) + g_key_file_set_string(keyfile, + vpn_provider_get_save_group(provider), + ipsec_cert_options[i].cm_opt, + option); + } + + /* + * Save private key + */ + for (i = 0; i < (int)ARRAY_SIZE(ipsec_pkey_options); i++) { + option = vpn_provider_get_string(provider, ipsec_pkey_options[i].cm_opt); + if (option) + g_key_file_set_string(keyfile, + vpn_provider_get_save_group(provider), + ipsec_pkey_options[i].cm_opt, + option); + } + + /* + * Save local certification + */ + option = vpn_provider_get_string(provider, "IPsec.LocalCerts"); + if (option) + g_key_file_set_string(keyfile, + vpn_provider_get_save_group(provider), + "IPsec.LocalCerts", + option); + option = vpn_provider_get_string(provider, "IPsec.LocalCertPass"); + if (option) + g_key_file_set_string(keyfile, + vpn_provider_get_save_group(provider), + "IPsec.LocalCertPass", + option); + /* + * Save CA certification directory + */ + option = vpn_provider_get_string(provider, "IPsec.CACertsDir"); + if (option) + g_key_file_set_string(keyfile, + vpn_provider_get_save_group(provider), + "IPsec.CACertsDir", + option); + + return 0; +} + +static void ipsec_disconnect(struct vpn_provider *provider) +{ + int err = 0; + /* + * Send the terminate command + */ + err = ipsec_terminate(provider); + IPSEC_ERROR_CHECK_RETURN(err, "terminate failed"); + + err = vici_deinitialize(vici_client); + IPSEC_ERROR_CHECK_RETURN(err, "failed to deinitialize vici_client"); + + return; +} + +static struct vpn_driver vpn_driver = { + .flags = VPN_FLAG_NO_TUN, + .notify = ipsec_notify, + .set_event_cb = ipsec_set_event_cb, + .connect = ipsec_connect, + .error_code = ipsec_error_code, + .save = ipsec_save, + .disconnect = ipsec_disconnect, +}; + +static int ipsec_init(void) +{ + connection = connman_dbus_get_connection(); + + event_data.event_cb = NULL; + event_data.event_user_data = NULL; + + return vpn_register("ipsec", &vpn_driver, IPSEC); +} + +static void ipsec_exit(void) +{ + vpn_unregister("ipsec"); + + dbus_connection_unref(connection); +} + +CONNMAN_PLUGIN_DEFINE(ipsec, "IPSec plugin", VERSION, + CONNMAN_PLUGIN_PRIORITY_DEFAULT, ipsec_init, ipsec_exit) diff --git a/vpn/plugins/ipsec.h b/vpn/plugins/ipsec.h new file mode 100644 index 00000000..14b9596f --- /dev/null +++ b/vpn/plugins/ipsec.h @@ -0,0 +1,51 @@ +/* + * + * ConnMan VPN daemon + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + * + */ + +#ifndef __CONNMAN_VPND_PLUGIN_IPSEC_H +#define __CONNMAN_VPND_PLUGIN_IPSEC_H + +#define IPSEC_AUTH_PSK "PSK" +#define IPSEC_AUTH_RSA "RSA" +#define IPSEC_AUTH_XAUTH "XAUTH" + +#define VICI_SHARED_TYPE_PSK "IKE" +#define VICI_SHARED_TYPE_XAUTH "xauth" + +#define IPSEC_ERROR_CHECK_GOTO(err, target, fmt, arg...) do { \ + if (err < 0) { \ + connman_error(fmt, ## arg); \ + goto target; \ + } \ +} while (0) + +#define IPSEC_ERROR_CHECK_RETURN(err, fmt, arg...) do { \ + if (err < 0) { \ + connman_error(fmt, ## arg); \ + return; \ + } \ +} while (0) + +#define IPSEC_ERROR_CHECK_RETURN_VAL(err, ret, fmt, arg...) do { \ + if (err < 0) { \ + connman_error(fmt, ## arg); \ + return ret; \ + } \ +} while (0) + +#endif /* __CONNMAN_VPND_PLUGIN_IPSEC_H */ diff --git a/vpn/plugins/l2tp.c b/vpn/plugins/l2tp.c index 5d83eb88..5d83eb88 100644..100755 --- a/vpn/plugins/l2tp.c +++ b/vpn/plugins/l2tp.c diff --git a/vpn/plugins/openconnect.c b/vpn/plugins/openconnect.c index 8e74479f..8e74479f 100644..100755 --- a/vpn/plugins/openconnect.c +++ b/vpn/plugins/openconnect.c diff --git a/vpn/plugins/openvpn.c b/vpn/plugins/openvpn.c index f38c0c36..6b090e45 100644..100755 --- a/vpn/plugins/openvpn.c +++ b/vpn/plugins/openvpn.c @@ -421,8 +421,10 @@ static int ov_connect(struct vpn_provider *provider, connman_task_add_argument(task, "--persist-tun", NULL); +#if !defined TIZEN_EXT connman_task_add_argument(task, "--route-noexec", NULL); connman_task_add_argument(task, "--ifconfig-noexec", NULL); +#endif /* * Disable client restarts because we can't handle this at the diff --git a/vpn/plugins/pptp.c b/vpn/plugins/pptp.c index 3dc93b03..3dc93b03 100644..100755 --- a/vpn/plugins/pptp.c +++ b/vpn/plugins/pptp.c diff --git a/vpn/plugins/vici-client.c b/vpn/plugins/vici-client.c new file mode 100644 index 00000000..67e365a5 --- /dev/null +++ b/vpn/plugins/vici-client.c @@ -0,0 +1,1290 @@ +/* + * + * ConnMan VPN daemon + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + * + */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <stdint.h> +#include <unistd.h> +#include <errno.h> + +#include <sys/poll.h> +#include <sys/socket.h> +#include <sys/un.h> +#include <sys/stat.h> +#include <arpa/inet.h> + +#include <glib.h> + +#include <connman/log.h> +#include "ipsec.h" +#include "vici-client.h" + +#define SOCK_FD_MIN 3 +#define VICI_REQUEST_TIMEOUT 5000 + +enum vici_element { + VICI_END = 0, + VICI_SECTION_START = 1, + VICI_SECTION_END = 2, + VICI_KEY_VALUE = 3, + VICI_LIST_START = 4, + VICI_LIST_ITEM = 5, + VICI_LIST_END = 6, +}; + +enum vici_packet_type { + VICI_CMD_REQUEST = 0, + VICI_CMD_RESPONSE = 1, + VICI_CMD_UNKNOWN = 2, + VICI_EVENT_REGISTER = 3, + VICI_EVENT_UNREGISTER = 4, + VICI_EVENT_CONFIRM = 5, + VICI_EVENT_UNKNOWN = 6, + VICI_EVENT = 7, +}; + +static const char *vici_cmd_str[] = { + "load-conn", + "load-shared", + "load-cert", + "load-authority", + "unload-authority", + "load-key", + "initiate", + "terminate", + "child-updown", + NULL, +}; + +struct request { + unsigned int allocated; + unsigned int used; + unsigned int hdr_len; + char *sndbuf; + int cmd; + int err; + /* process reply */ + unsigned int rcv_pkt_size; + char *rcvbuf; + /* davici_cb cb; */ + void *user; +}; + +struct _VICIClient { + /* io data */ + int client_sock_fd; + int client_watch; + unsigned int rcv_pkt_size; + char *rcvbuf; + GSList *request_list; + vici_request_reply_cb reply_cb; + vici_event_cb event_cb; + void *reply_user_data; + void *event_user_data; +}; + +struct _VICISection { + char *name; + GHashTable *kvs; + GHashTable *kvls; + GHashTable *subsection; +}; + +static void remove_list(gpointer data) +{ + if (data == NULL) + return; + + g_slist_free_full((GSList *)data, g_free); +} + +void vici_destroy_section(VICISection* section) +{ + g_free(section->name); + g_hash_table_destroy(section->kvs); + g_hash_table_destroy(section->kvls); + g_hash_table_destroy(section->subsection); + g_free(section); +} + +static void free_section(gpointer data) +{ + VICISection* section = (VICISection*)data; + vici_destroy_section(section); +} + +VICISection* vici_create_section(const char* name) +{ + VICISection* section; + + section = g_try_new0(VICISection, 1); + if (!section) { + connman_error("Failed to create section"); + return NULL; + } + + if (name) + section->name = g_strdup(name); + section->kvs = g_hash_table_new_full(g_str_hash, g_str_equal, g_free, g_free); + section->kvls = g_hash_table_new_full(g_str_hash, g_str_equal, g_free, remove_list); + section->subsection = g_hash_table_new_full(g_str_hash, g_str_equal, g_free, free_section); + return section; +} + +int add_subsection(const char* name, VICISection* child, VICISection* section) +{ + if (section == NULL || name == NULL || child == NULL) { + connman_error("invalid parameter"); + return -1; + } + + g_hash_table_insert(section->subsection, g_strdup(name), child); + return 0; +} + +static int add_kvl_to_section(const char* key, const char* value, VICISection* section) +{ + GSList *list = NULL; + if (section == NULL || key == NULL || value == NULL) { + connman_error("invalid parameter"); + return -1; + } + + list = g_hash_table_lookup(section->kvls, key); + if (list == NULL) + list = g_slist_alloc(); + + list = g_slist_prepend(list, g_strdup(value)); + g_hash_table_replace(section->kvls, g_strdup(key), list); + return 0; +} + +static int add_kv_to_section(const char* key, const char* value, VICISection* section) +{ + if (section == NULL || key == NULL || value == NULL) { + connman_error("invalid parameter"); + return -1; + } + + g_hash_table_insert(section->kvs, g_strdup(key), g_strdup(value)); + return 0; +} + +static VICISection* get_subsection(VICISection* section, const char* name) +{ + VICISection* sub = g_hash_table_lookup(section->subsection, name); + if (sub == NULL) { + sub = vici_create_section(name); + add_subsection(name, sub, section); + } + return sub; +} + +int vici_add_kv(VICISection* section, const char* key, + const char* value, const char* subsection) +{ + VICISection* target = section; + DBG("key: %s, value: %s, subsection: %s", key, value, subsection); + + if (section == NULL || key == NULL) { + connman_error("invalid parameter"); + return -1; + } + + if (subsection) + target = get_subsection(section, subsection); + + add_kv_to_section(key, value, target); + return 0; +} + +int vici_add_kvl(VICISection* section, const char* key, + const char* value, const char* subsection) +{ + VICISection* target = section; + + DBG("key: %s, value: %s, subsection: %s", key, value, subsection); + if (section == NULL || key == NULL) { + connman_error("invalid parameter"); + return -1; + } + + if (subsection) + target = get_subsection(section, subsection); + + if (g_strcmp0(subsection, "children") == 0) + target = get_subsection(target, "net"); + + add_kvl_to_section(key, value, target); + return 0; +} + +static void add_list_to_section(char *key, GSList *list, VICISection *section) +{ + if (section == NULL || key == NULL || list == NULL) + return; + + g_hash_table_insert(section->kvls, g_strdup(key), g_slist_copy_deep(list, (GCopyFunc)g_strdup, NULL)); + return; +} + +int vici_add_list(VICISection* section, char *key, GSList *list, const char* subsection) +{ + VICISection* target = section; + + DBG("key: %s, subsection: %s", key, subsection); + if (section == NULL || key == NULL) { + connman_error("invalid parameter"); + return -1; + } + + if (subsection) + target = get_subsection(section, subsection); + + if (g_strcmp0(subsection, "children") == 0) + target = get_subsection(target, "net"); + + add_list_to_section(key, list, target); + return 0; +} + +static char *load_cert_from_path(const char *path) +{ + struct stat st; + FILE *fp = NULL; + int fd = 0; + size_t file_size = 0; + char *file_buff = NULL; + + fp = fopen(path, "rb"); + if (fp == NULL) { + connman_error("fopen failed"); + return NULL; + } + + fd = fileno(fp); + if (fd == -1) { + connman_error("fp is not a valid stream"); + fclose(fp); + return NULL; + } + + if (fstat(fd, &st) != 0) { + connman_error("fstat failed"); + fclose(fp); + return NULL; + } + + file_size = st.st_size; + file_buff = g_try_malloc0(sizeof(char)*st.st_size); + if (file_buff == NULL) { + connman_error("g_try_malloc0 failed\n"); + fclose(fp); + return NULL; + } + + if (fread(file_buff, 1, file_size, fp) != file_size) { + connman_error("file size not matched\n"); + g_free(file_buff); + file_buff = NULL; + } + + fclose(fp); + return file_buff; +} + +int vici_add_cert_kv(VICISection *section, const char *key, + const char *value, const char *subsection) +{ + char *cert = NULL; + int ret = 0; + + if (value == NULL) { + DBG("value is null"); + return 0; + } + + cert = load_cert_from_path(value); + if (!cert) + return -1; + + ret = vici_add_kv(section, key, (const char *)cert, subsection); + g_free(cert); + return ret; +} + +int vici_add_cert_kvl(VICISection *section, const char *key, + const char *value, const char *subsection) +{ + char *cert = NULL; + int ret = 0; + + cert = load_cert_from_path(value); + if (!cert) + return -1; + + ret = vici_add_kvl(section, key, (const char *)cert, subsection); + g_free(cert); + return ret; +} + +static void *add_element(struct request *r, enum vici_element type, + unsigned int size) +{ + unsigned int newlen; + void *ret, *new; + + if (r->used + size + 1 > r->allocated) { + newlen = r->allocated; + while (newlen < r->used + size + 1) { + newlen *= 2; + } + new = realloc(r->sndbuf, newlen); + if (!new) { + r->err = -errno; + return NULL; + } + r->sndbuf = new; + r->allocated = newlen; + } + r->sndbuf[r->used++] = type; + ret = r->sndbuf + r->used; + r->used += size; + return ret; +} + +static void section_start(struct request *r, const char *name) +{ + uint8_t nlen; + char *pos; + + nlen = strlen(name); + pos = add_element(r, VICI_SECTION_START, 1 + nlen); + if (pos) { + pos[0] = nlen; + memcpy(pos + 1, name, nlen); + } +} + +static void section_end(struct request *r) +{ + add_element(r, VICI_SECTION_END, 0); +} + +static void key_value(struct request *r, const char *name, + const void *buf, unsigned int buflen) +{ + uint8_t nlen; + uint16_t vlen; + char *pos; + + nlen = strlen(name); + pos = add_element(r, VICI_KEY_VALUE, 1 + nlen + sizeof(vlen) + buflen); + if (pos) { + pos[0] = nlen; + memcpy(pos + 1, name, nlen); + vlen = htons(buflen); + memcpy(pos + 1 + nlen, &vlen, sizeof(vlen)); + memcpy(pos + 1 + nlen + sizeof(vlen), buf, buflen); + } +} + + +static void list_start(struct request *r, const char *name) +{ + uint8_t nlen; + char *pos; + + nlen = strlen(name); + pos = add_element(r, VICI_LIST_START, 1 + nlen); + if (pos) { + pos[0] = nlen; + memcpy(pos + 1, name, nlen); + } +} + +static void list_item(struct request *r, const void *buf, + unsigned int buflen) +{ + uint16_t vlen; + char *pos; + + pos = add_element(r, VICI_LIST_ITEM, sizeof(vlen) + buflen); + if (pos) { + vlen = htons(buflen); + memcpy(pos, &vlen, sizeof(vlen)); + memcpy(pos + sizeof(vlen), buf, buflen); + } +} + +static void list_end(struct request *r) +{ + add_element(r, VICI_LIST_END, 0); +} + +static void destroy_vici_request(gpointer data) +{ + struct request *req = (struct request *)data; + if(!req) + return; + + g_free(req->sndbuf); + g_free(req); +} + +static int create_vici_request(enum vici_packet_type type, VICIClientCmd cmd, + struct request **rp) +{ + struct request *req = NULL; + + if (cmd >= VICI_CMD_MAX || !rp) + return -EINVAL; + + req = g_try_new0(struct request, 1); + if (!req) { + connman_error("g_try_new0 failed"); + return -ENOMEM; + } + + req->used = 2; + req->used += strlen(vici_cmd_str[cmd]); + req->allocated = MIN(32, req->used); + req->sndbuf = g_try_new0(char, req->allocated); + if (!req->sndbuf) { + connman_error("g_try_new0 failed"); + g_free(req); + return -ENOMEM; + } + + req->sndbuf[0] = type; + req->sndbuf[1] = req->used - 2; /* except for type and name length */ + memcpy(req->sndbuf + 2, vici_cmd_str[cmd], req->used - 2); + req->hdr_len = req->used; + req->cmd = cmd; + + *rp = req; + + return 0; +} + +static void write_section_kvs(VICISection *section, struct request *req) +{ + GHashTableIter iter; + gpointer key, value; + + if (section == NULL || req == NULL) + return; + + g_hash_table_iter_init (&iter, section->kvs); + while (g_hash_table_iter_next (&iter, &key, &value)) { + if (!key || !value) + continue; + key_value(req, (const char*)key, (const void *)value, strlen((char *)value)); + } + + return; +} + +static void write_list_item(gpointer data, gpointer user_data) +{ + struct request *req = NULL; + char *value = NULL; + + if (!data || !user_data) + return; + + value = (char *)data; + req = (struct request *)user_data; + list_item(req, value, strlen(value)); + + return; +} + +static void write_section_kvls(VICISection *section, struct request *req) +{ + GHashTableIter iter; + gpointer key, value; + + if (section == NULL || req == NULL) + return; + + g_hash_table_iter_init (&iter, section->kvls); + while (g_hash_table_iter_next (&iter, &key, &value)) { + if (!key || !value) + continue; + + list_start(req, key); + g_slist_foreach((GSList *)value, (GFunc)write_list_item, (gpointer)req); + list_end(req); + } + + return; +} + +static void write_section(struct request *req, VICISection *section) +{ + GHashTableIter iter; + gpointer key, value; + + if (req == NULL || section == NULL) + return; + + if (section->name) + section_start(req, section->name); + + write_section_kvs(section, req); + write_section_kvls(section, req); + + g_hash_table_iter_init(&iter, section->subsection); + while (g_hash_table_iter_next (&iter, &key, &value)) { + if (!key || !value) + continue; + write_section(req, (VICISection *)value); + } + + if (section->name) + section_end(req); + return; +} + +static int check_socket(int sock) +{ + struct pollfd p_fd; + int res = 0; + + p_fd.fd = sock; + p_fd.events = POLLIN | POLLOUT | POLLERR | POLLHUP | POLLNVAL; + res = poll((struct pollfd *) &p_fd, 1, 1); + + if (res < 0) { + connman_error("Polling error from socket\n"); + return -1; + } else if (res == 0) { + connman_error( "poll timeout. socket is busy\n"); + return 1; + } else { + + if (p_fd.revents & POLLERR) { + connman_error("Error! POLLERR from socket[%d]\n", sock); + return -1; + } else if (p_fd.revents & POLLHUP) { + connman_error("Error! POLLHUP from socket[%d]\n", sock); + return -1; + } else if (p_fd.revents & POLLNVAL) { + connman_error("Error! POLLNVAL from socket[%d]\n", sock); + return -1; + } else if (p_fd.revents & POLLIN) { + return 0; + } else if (p_fd.revents & POLLOUT) { + return 0; + } + } + + connman_error("Unknown poll event [%d]\n", p_fd.revents); + return -1; +} + +static int write_socket(int sock, char *data, int data_len) +{ + int wbytes = 0; + int left_len = data_len; + char *ptr = data; + int res = 0; + + if (sock < SOCK_FD_MIN || !data || data_len < 0) + return -1; + + res = check_socket(sock); + if (res < 0) + return -1; + else if (res > 0) + return -2; + + errno = 0; + while (left_len) { + wbytes = write(sock, ptr, left_len); + if (wbytes <= 0) { + connman_error("Failed to write data into socket[%d].\n", sock); + break; + }else if (wbytes < left_len) { + left_len -= wbytes; + ptr += wbytes; + } else if (wbytes == left_len) { + left_len = 0; + } else { + connman_error("Unknown error occurred.\n"); + break; + } + } + + if (left_len) + return -1; + else + return 0; +} + +int send_vici_command(struct request *req, VICIClient *vici_client) +{ + unsigned int size = 0; + int sock_fd = 0; + int res = 0; + + if (req == NULL || vici_client == NULL) { + connman_error("request is NULL\n"); + return -EINVAL; + } + sock_fd = vici_client->client_sock_fd; + + size = htonl(req->used); + res = write_socket(sock_fd, (char *)&size, sizeof(size)); + if (res != 0) { + connman_error("failed to send size with network byte order\n"); + return -EIO; + } + + res = write_socket(sock_fd, req->sndbuf, req->used); + if (res != 0) { + connman_error("failed to send pkt\n"); + return -EIO; + } + + if(req->cmd != VICI_CMD_REGISTER_CHILD_UPDOWN) + vici_client->request_list = g_slist_append(vici_client->request_list, req); + + return res; +} + +static void print_vici_element(int elem_type, char *value, int sections) +{ + int i = 0; + + + switch (elem_type) { + case VICI_SECTION_START: + for (i = 0; i < sections - 1; i++) + DBG("\t"); + DBG("%s = {\n", value); + break; + case VICI_SECTION_END: + for (i = 0; i < sections; i++) + DBG("\t"); + DBG("}\n"); + break; + case VICI_KEY_VALUE: + for (i = 0; i < sections; i++) + DBG("\t"); + DBG("%s\n", value); + break; + case VICI_LIST_START: + for (i = 0; i < sections; i++) + DBG("\t"); + DBG("%s = [", value); + break; + case VICI_LIST_ITEM: + DBG("%s, ", value); + break; + case VICI_LIST_END: + DBG("]\n"); + break; + default: + break; + } + return; +} + +static void debug_vici_message(char *buf, unsigned int size) +{ + char temp[255]; + unsigned int pos = 0; + int len = 0; + int sections = 0; + int type = -1; + + if (buf == NULL || size == 0) + return; + + pos = 1; + while (pos < size) { + + type = buf[pos]; + pos++; + switch (type) { + case VICI_SECTION_START: + { + len = buf[pos]; + pos++; + g_strlcpy(temp, (const gchar *)&buf[pos], len + 1); + pos += len; + sections++; + } + break; + case VICI_SECTION_END: + { + sections--; + } + break; + case VICI_KEY_VALUE: + { + int key_len = 0; + int value_len = 0; + + key_len = buf[pos]; + pos++; + g_strlcpy(temp, (const gchar *)&buf[pos], key_len + 1); + temp[key_len] = '='; + pos += (key_len + 1); + value_len = buf[pos]; + pos++; + g_strlcpy(temp + key_len + 1, (const gchar *)&buf[pos], value_len + 1); + pos += value_len; + } + break; + case VICI_LIST_START: + { + len = buf[pos]; + pos++; + g_strlcpy(temp, (const gchar *)&buf[pos], len + 1); + pos += len; + } + break; + case VICI_LIST_ITEM: + { + pos++; + len = buf[pos]; + pos++; + g_strlcpy(temp, (const gchar *)&buf[pos], len + 1); + pos += len; + } + break; + case VICI_LIST_END: + break; + default: + break; + } + print_vici_element(type, temp, sections); + } + return; +} + +static unsigned int extract_key_value(char *buf, unsigned int pos, char **key, char **value) +{ + int key_len = 0; + int value_len = 0; + + key_len = buf[pos]; + pos++; + *key = g_strndup((const gchar *)&buf[pos], key_len); + pos+=(key_len + 1); + value_len = buf[pos]; + pos++; + *value = g_strndup((const gchar *)&buf[pos], value_len); + pos+=value_len; + return pos; +} + +static gboolean extract_request_result(char *buf, unsigned int size, char **err) +{ + gboolean success = FALSE; + unsigned int pos = 0; + int type = -1; + + pos = 1; + while (pos < size) { + + type = buf[pos];//3 + pos++; + if (type == VICI_KEY_VALUE) { + char *key = NULL; + char *value = NULL; + pos = extract_key_value(buf, pos, &key, &value); + DBG("pos : %d size : %d\n", pos, size); + + /* TODO :remove this after debug */ + DBG("key : %s value : %s\n", key, value); + if (g_strcmp0(key, "success") == 0) + (g_strcmp0(value, "yes") == 0)?(success = TRUE):(success = FALSE); + + if (g_strcmp0(key, "errmsg")) + *err = g_strdup(value); + g_free(key); + g_free(value); + } + } + return success; +} + +static int handle_vici_result(gboolean success, int cmd, char * err) +{ + int ret = 0; + if (success) + return 0; + + g_free(err); + + switch (cmd) { + case VICI_CMD_LOAD_CONN: + ret = EINVAL; + break; + case VICI_CMD_LOAD_SHARED: + ret = EINVAL; + break; + case VICI_CMD_LOAD_CERT: + ret = EINVAL; + break; + case VICI_CMD_LOAD_AUTH: + ret = 0; + break; + case VICI_CMD_LOAD_KEY: + ret = EINVAL; + break; + case VICI_CMD_INITIATE: + ret = ECONNABORTED; + break; + case VICI_CMD_TERMINATE: + ret = EINVAL; + break; + default: + break; + } + + DBG(" %s failed with %d!\n", vici_cmd_str[cmd], ret); + return ret; +} + +static int process_vici_response(struct request * req) +{ + char *err = NULL; + gboolean success = FALSE; + int ret = 0; + + if (!req) + return -1; + + if (!req->rcvbuf || req->rcvbuf[0] != VICI_CMD_RESPONSE) + return -1; + + //TODO: remove below when there's no further problem. + debug_vici_message(req->rcvbuf, req->rcv_pkt_size); + + success = extract_request_result(req->rcvbuf, req->rcv_pkt_size, &err); + ret = handle_vici_result(success, req->cmd, err); + + return ret; +} + +int vici_send_request(VICIClient *vici_client, VICIClientCmd cmd, VICISection *root) +{ + struct request *req = NULL; + int ret; + + DBG("%s", vici_cmd_str[cmd]); + ret = create_vici_request(VICI_CMD_REQUEST, cmd, &req); + if (ret < 0) { + connman_error("error on create_request\n"); + return ret; + } + + write_section(req, root); + //TODO: remove below when there's no further problem. + debug_vici_message(req->sndbuf + req->hdr_len - 1, req->used - req->hdr_len + 1); + + ret = send_vici_command(req, vici_client); + if (ret < 0) { + destroy_vici_request(req); + connman_error("error on send_command\n"); + } + + return ret; +} + + +int vici_set_event_cb(VICIClient *vici_client, vici_event_cb cb, gpointer user_data) +{ + struct request *req = NULL; + int ret; + + DBG("%s",vici_cmd_str[VICI_EVENT_CHILD_UP]); + ret = create_vici_request(VICI_EVENT_REGISTER, VICI_CMD_REGISTER_CHILD_UPDOWN, &req); + if (ret < 0) { + connman_error("error on create_request\n"); + return ret; + } + + ret = send_vici_command(req, vici_client); + if (ret < 0) { + connman_error("error on send_command\n"); + } + + destroy_vici_request(req); + vici_client->event_cb = cb; + vici_client->event_user_data = user_data; + + return ret; + +} + +static int get_socket_from_source(GIOChannel *source, GIOCondition condition) +{ + int sock = -1; + /* check socket */ + sock = g_io_channel_unix_get_fd(source); + if (sock < SOCK_FD_MIN) + return -1; + + if ((condition & G_IO_ERR) || (condition & G_IO_HUP) || (condition & G_IO_NVAL)) { + connman_error("G_IO_ERR/G_IO_HUP/G_IO_NVAL received sock [%d] condition [%d]\n", sock, condition); + //TODO: handle the breaking socket + return -1; + } + return sock; +} + +static int read_socket(int sock, char *data, unsigned int data_len) +{ + int rbytes = 0; + int total_rbytes = 0; + + if (sock < SOCK_FD_MIN || !data || data_len <= 0) + return -1; + + while (data_len > 0) { + errno = 0; + rbytes = read(sock, data, data_len); + if (rbytes <= 0) + return -1; + + total_rbytes += rbytes; + data += rbytes; + data_len -= rbytes; + } + + return total_rbytes; +} + +static int recv_vici_pkt(int sock, struct _VICIClient *vici_client) +{ + if(!vici_client) + return -1; + + if (vici_client->rcv_pkt_size == 0) { + unsigned int pkt_size = 0; + if (read_socket(sock, (char *)&pkt_size, sizeof(pkt_size)) < 0) + return -1; + + vici_client->rcv_pkt_size = ntohl(pkt_size); + /* TODO :REMOVE THIS AFTER DEBUG */ + DBG("rcv_pkt_size [%d] will be recved\n", vici_client->rcv_pkt_size); + } else { + + DBG("rcv_pkt_size [%d] is recved\n", vici_client->rcv_pkt_size); + char *buf = NULL; + buf = g_try_malloc0(vici_client->rcv_pkt_size); + if (buf == NULL) + return -1; + + if (read_socket(sock, buf, vici_client->rcv_pkt_size) < 0) { + g_free(buf); + return -1; + } + vici_client->rcvbuf = buf; + } + + return 0; +} + +static struct request *pop_vici_request(VICIClient *vici_client) +{ + GSList *list = NULL; + + if (!vici_client) + return NULL; + + list = vici_client->request_list; + if(!list) + return NULL; + + return list->data; +} + +static void process_vici_reply(VICIClient *vici_client) +{ + struct request *req; + int ret = 0; + + if (!vici_client) + return; + + /* get first request */ + req = pop_vici_request(vici_client); + if (!req) + return; + + req->rcvbuf = vici_client->rcvbuf; + req->rcv_pkt_size = vici_client->rcv_pkt_size; + + ret = process_vici_response(req); + vici_client->request_list = g_slist_remove(vici_client->request_list, req); + destroy_vici_request(req); + + /* TODO :remove this after debug */ + DBG("left request reply : %d", g_slist_length(vici_client->request_list)); + + if (ret != 0 || g_slist_length(vici_client->request_list) == 0) + vici_client->reply_cb(ret, vici_client->reply_user_data); + +} + +static int extract_event_name(char *buf, unsigned int size, char *temp) +{ + int pos = 1; + int name_len = 0; + name_len = buf[pos]; + pos++; + DBG("event len: %d", name_len); + while(pos < size && pos - 2 < name_len) { + temp[pos - 2] = buf[pos]; + pos++; + } + temp[pos] = '\0'; + DBG("event name: %s", temp); + return pos; +} + +static char *vici_get_value(char *buf, unsigned int pos, unsigned int size, char *search_key) +{ + int type = -1; + + pos = 1; + while (pos < size) { + + type = buf[pos];//3 + pos++; + if (type == VICI_KEY_VALUE) { + char *key = NULL; + char *value = NULL; + pos = extract_key_value(buf, pos, &key, &value); + if (g_strcmp0(search_key, key) == 0) { + g_free(key); + return value; + } + + g_free(key); + g_free(value); + } + } + return NULL; +} + +static void process_child_updown(VICIClient *vici_client,char *buf, unsigned int size) +{ + char *state = NULL; + + state = vici_get_value(buf, 0, size, "state"); + if (g_strcmp0(state, "ESTABLISHED") == 0) { + DBG("ESTABLISHED"); + vici_client->event_cb(VICI_EVENT_CHILD_UP, vici_client->event_user_data); + } else if (g_strcmp0(state, "DELETING") == 0) { + DBG("DELETING"); + vici_client->event_cb(VICI_EVENT_CHILD_DOWN, vici_client->event_user_data); + } else { + DBG("Unknown event"); + } + g_free(state); + return; +} + +static void process_vici_event(VICIClient *vici_client) +{ + char *buf = NULL; + unsigned int size = 0; + unsigned int pos = 0; + char temp[256] = {0,}; + if (!vici_client || !(vici_client->rcvbuf) || vici_client->rcv_pkt_size == 0) + return; + + buf = vici_client->rcvbuf; + size = vici_client->rcv_pkt_size; + + pos = extract_event_name(buf, size, temp); + /* TODO: remove below after debug */ + /* add parser */ + if (g_strcmp0(temp, "child-updown") == 0) + process_child_updown(vici_client, buf + pos -1, size - pos); +} + +static void process_vici_packet(VICIClient *vici_client, char *buf) +{ + + if (!vici_client || !buf) + return; + + if (buf[0] == VICI_CMD_RESPONSE) { + DBG("VICI_CMD_RESPONSE\n"); + process_vici_reply(vici_client); + } else if (buf[0] == VICI_EVENT_CONFIRM) { + DBG("VICI_EVENT_CONFIRM\n"); + } else if (buf[0] == VICI_EVENT) { + DBG("VICI_EVENT"); + process_vici_event(vici_client); + } else { + DBG("Not handled [%u]", buf[0]); + } + return; +} + +static gboolean process_vici_msg(GIOChannel *source, + GIOCondition condition, + gpointer user_data) +{ + VICIClient *vici_client = NULL; + int sock = 0; + + vici_client = (VICIClient *)user_data; + if (!vici_client) + return FALSE; + + sock = get_socket_from_source(source, condition); + if (sock < 0) + return FALSE; + + + if(recv_vici_pkt(sock, vici_client) < 0) + return FALSE; + + if (!vici_client->rcvbuf) { + return TRUE; + } + + process_vici_packet(vici_client, vici_client->rcvbuf); + g_free(vici_client->rcvbuf); + vici_client->rcvbuf = NULL; + vici_client->rcv_pkt_size = 0; + + return TRUE; +} + +static int str_to_socket_addr(const char *uri, struct sockaddr_un *addr) +{ + memset(addr, 0, sizeof(*addr)); + addr->sun_family = AF_UNIX; + strncpy(addr->sun_path, uri, sizeof(addr->sun_path)); + + addr->sun_path[sizeof(addr->sun_path)-1] = '\0'; + + return offsetof(struct sockaddr_un, sun_path) + strlen(addr->sun_path); +} + +static int connect_socket(const char *uri) +{ + struct sockaddr_un addr; + int len, fd; + + fd = socket(AF_UNIX, SOCK_STREAM, 0); + if (fd < 0) { + connman_error("socket() failed"); + return -errno; + } + + len = str_to_socket_addr(uri, &addr); + if (len == -1) { + connman_error("str_to_socket_addr failed"); + close(fd); + return -1; + } + + if (connect(fd, (struct sockaddr*)&addr, len) < 0) { + connman_error("connect failed. errno %d/%s", errno, strerror(errno)); + close(fd); + return -errno; + } + + return fd; +} + +static int initialize_vici_source(VICIClient *vici_client) +{ + GIOChannel *vici_channel; + if (!vici_client) { + return -ENOMEM; + } + + vici_client->client_sock_fd = connect_socket(VICI_DEFAULT_URI); + if (vici_client->client_sock_fd < 0) { + connman_error("connect_socket failed"); + return -EIO; + } + + vici_channel = g_io_channel_unix_new(vici_client->client_sock_fd); + if (!vici_channel) { + connman_error("g_io_channel_unix_new failed"); + close(vici_client->client_sock_fd); + return -ENOMEM; + } + + vici_client->client_watch = g_io_add_watch_full(vici_channel, + G_PRIORITY_LOW, + G_IO_IN | G_IO_ERR | G_IO_HUP | G_IO_NVAL, + (GIOFunc)process_vici_msg, + (gpointer)vici_client, + NULL); + g_io_channel_unref(vici_channel); + return 0; +} + +int vici_initialize(VICIClient **vici_client) +{ + int ret = 0; + + *vici_client = g_try_new0(VICIClient, 1); + if (!*vici_client) { + connman_error("out of memory"); + return -ENOMEM; + } + + ret = initialize_vici_source(*vici_client); + if (ret != 0) { + g_free(*vici_client); + return ret; + } + + DBG("connected"); + return 0; +} + +void vici_set_request_reply_cb(VICIClient *vici_client, vici_request_reply_cb reply_cb, gpointer user_data) +{ + vici_client->reply_cb = reply_cb; + vici_client->reply_user_data = user_data; +} + +int vici_deinitialize(VICIClient *vici_client) +{ + if (vici_client->client_watch > 0) { + g_source_remove(vici_client->client_watch); + vici_client->client_watch = 0; + } + + close(vici_client->client_sock_fd); + g_slist_free_full(vici_client->request_list, destroy_vici_request); + g_free(vici_client->rcvbuf); + g_free(vici_client); + + return 0; +} diff --git a/vpn/plugins/vici-client.h b/vpn/plugins/vici-client.h new file mode 100644 index 00000000..a33a8e46 --- /dev/null +++ b/vpn/plugins/vici-client.h @@ -0,0 +1,84 @@ +/* + * + * ConnMan VPN daemon + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + * + */ + +#ifndef __VICI_CLIENT_H +#define __VICI_CLIENT_H + +#ifdef __cplusplus +extern "C" { +#endif + +/* strongswan VICI plugin client part*/ +struct _VICIClient; +typedef struct _VICIClient VICIClient; + +struct _VICISection; +typedef struct _VICISection VICISection; + +typedef enum { + VICI_CMD_LOAD_CONN, + VICI_CMD_LOAD_SHARED, + VICI_CMD_LOAD_CERT, + VICI_CMD_LOAD_AUTH, + VICI_CMD_UNLOAD_AUTH, + VICI_CMD_LOAD_KEY, + VICI_CMD_INITIATE, + VICI_CMD_TERMINATE, + VICI_CMD_REGISTER_CHILD_UPDOWN, + VICI_CMD_MAX, +} VICIClientCmd; + +typedef enum { + VICI_EVENT_CHILD_UP, + VICI_EVENT_CHILD_DOWN, + VICI_EVENT_MAX, +} VICIClientEvent; +#define VICI_DEFAULT_URI "/var/run/charon.vici" + +typedef int (*vici_add_element)(VICISection *sect, const char *key, + const char *value, const char *subsection); + +typedef void (*vici_request_reply_cb)(int err, void *user_data); +typedef void (*vici_event_cb)(VICIClientEvent event, void *user_data); + +VICISection* vici_create_section(const char *name); +int add_subsection(const char* name, VICISection* child, VICISection* section); +void vici_destroy_section(VICISection *sect); +int vici_add_kv(VICISection *sect, const char *key, + const char *value, const char *subsection); +int vici_add_kvl(VICISection *sect, const char *key, + const char *value, const char *subsection); +int vici_add_list(VICISection* section, char *key, + GSList *list, const char* subsection); +int vici_add_cert_kv(VICISection *section, const char *key, + const char *value, const char *subsection); +int vici_add_cert_kvl(VICISection *section, const char *key, + const char *value, const char *subsection); + +int vici_initialize(VICIClient **vici_client); +int vici_deinitialize(VICIClient *vici_client); +void vici_set_request_reply_cb(VICIClient *vici_client, vici_request_reply_cb reply_cb, gpointer user_data); +int vici_send_request(VICIClient *vici_client, VICIClientCmd cmd, VICISection *root); +int vici_set_event_cb(VICIClient *vici_client, vici_event_cb cb, gpointer user_data); + +#ifdef __cplusplus +} +#endif + +#endif /* __VICI_CLIENT_H */ diff --git a/vpn/plugins/vpn.c b/vpn/plugins/vpn.c index acede747..d9c6dbbb 100644..100755 --- a/vpn/plugins/vpn.c +++ b/vpn/plugins/vpn.c @@ -343,6 +343,56 @@ static DBusMessage *vpn_notify(struct connman_task *task, return NULL; } +#if defined TIZEN_EXT +static void vpn_event(struct vpn_provider *provider, int state) +{ + struct vpn_driver_data *vpn_driver_data; + const char *name; + + name = vpn_provider_get_driver_name(provider); + if (!name) { + DBG("Cannot find VPN driver for provider %p", provider); + vpn_provider_set_state(provider, VPN_PROVIDER_STATE_FAILURE); + return; + } + + vpn_driver_data = g_hash_table_lookup(driver_hash, name); + if (!vpn_driver_data) { + DBG("Cannot find VPN driver data for name %s", name); + vpn_provider_set_state(provider, VPN_PROVIDER_STATE_FAILURE); + return; + } + + DBG("provider %p driver %s state %d", provider, name, state); + + switch (state) { + case VPN_STATE_CONNECT: + vpn_provider_set_state(provider, + VPN_PROVIDER_STATE_CONNECT); + break; + case VPN_STATE_READY: + vpn_provider_set_state(provider, + VPN_PROVIDER_STATE_READY); + break; + + case VPN_STATE_UNKNOWN: + case VPN_STATE_IDLE: + case VPN_STATE_DISCONNECT: + case VPN_STATE_FAILURE: + vpn_provider_set_state(provider, + VPN_PROVIDER_STATE_DISCONNECT); + break; + + case VPN_STATE_AUTH_FAILURE: + vpn_provider_indicate_error(provider, + VPN_PROVIDER_ERROR_AUTH_FAILED); + break; + } + + return; +} +#endif + static int vpn_create_tun(struct vpn_provider *provider, int flags) { struct vpn_data *data = vpn_provider_get_data(provider); @@ -495,6 +545,12 @@ static int vpn_connect(struct vpn_provider *provider, goto exist_err; } + +#if defined TIZEN_EXT + if(vpn_driver_data->vpn_driver->set_event_cb) + vpn_driver_data->vpn_driver->set_event_cb(vpn_event, provider); +#endif + ret = vpn_driver_data->vpn_driver->connect(provider, data->task, data->if_name, cb, dbus_sender, user_data); diff --git a/vpn/plugins/vpn.h b/vpn/plugins/vpn.h index 265fd82f..318a10c5 100644..100755 --- a/vpn/plugins/vpn.h +++ b/vpn/plugins/vpn.h @@ -40,9 +40,16 @@ enum vpn_state { VPN_STATE_AUTH_FAILURE = 6, }; +#if defined TIZEN_EXT +typedef void (*vpn_event_callback)(struct vpn_provider *provider, int state); +#endif + struct vpn_driver { int flags; int (*notify) (DBusMessage *msg, struct vpn_provider *provider); +#if defined TIZEN_EXT + void (*set_event_cb) (vpn_event_callback event_cb, struct vpn_provider *provider); +#endif int (*connect) (struct vpn_provider *provider, struct connman_task *task, const char *if_name, vpn_provider_connect_cb_t cb, const char *dbus_sender, diff --git a/vpn/plugins/vpnc.c b/vpn/plugins/vpnc.c index af9dbe76..af9dbe76 100644..100755 --- a/vpn/plugins/vpnc.c +++ b/vpn/plugins/vpnc.c diff --git a/vpn/vpn-agent.c b/vpn/vpn-agent.c index b0b582b7..b0b582b7 100644..100755 --- a/vpn/vpn-agent.c +++ b/vpn/vpn-agent.c diff --git a/vpn/vpn-agent.h b/vpn/vpn-agent.h index c7328d7f..c7328d7f 100644..100755 --- a/vpn/vpn-agent.h +++ b/vpn/vpn-agent.h diff --git a/vpn/vpn-config.c b/vpn/vpn-config.c index c88a99ab..5f0e749a 100644..100755 --- a/vpn/vpn-config.c +++ b/vpn/vpn-config.c @@ -203,7 +203,11 @@ static int load_provider(GKeyFile *keyfile, const char *group, struct vpn_config *config, enum what action) { struct vpn_config_provider *config_provider; +#if !defined TIZEN_EXT const char *ident, *host, *domain; +#else + const char *ident, *host, *domain, *name; +#endif int err; /* Strip off "provider_" prefix */ @@ -229,8 +233,14 @@ static int load_provider(GKeyFile *keyfile, const char *group, host = get_string(config_provider, "Host"); domain = get_string(config_provider, "Domain"); +#if !defined TIZEN_EXT if (host && domain) { char *id = __vpn_provider_create_identifier(host, domain); +#else + name = get_string(config_provider, "Name"); + if (host && domain && name) { + char *id = __vpn_provider_create_identifier(host, domain, name); +#endif struct vpn_provider *provider; provider = __vpn_provider_lookup(id); @@ -252,7 +262,11 @@ static int load_provider(GKeyFile *keyfile, const char *group, DBG("provider identifier %s", id); } else { +#if !defined TIZEN_EXT DBG("invalid values host %s domain %s", host, domain); +#else + DBG("invalid values host %s domain %s name %s", host, domain, name); +#endif err = -EINVAL; goto err; } diff --git a/vpn/vpn-dbus.conf b/vpn/vpn-dbus.conf index 0f0c8da4..8ebfc6b6 100644..100755 --- a/vpn/vpn-dbus.conf +++ b/vpn/vpn-dbus.conf @@ -1,15 +1,22 @@ <!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> <busconfig> - <policy user="root"> - <allow own="net.connman.vpn"/> - <allow send_destination="net.connman.vpn"/> - <allow send_interface="net.connman.vpn.Agent"/> - </policy> - <policy at_console="true"> - <allow send_destination="net.connman.vpn"/> - </policy> - <policy context="default"> - <deny send_destination="net.connman.vpn"/> - </policy> + <policy user="root"> + <allow own="net.connman.vpn"/> + <allow send_destination="net.connman.vpn"/> + <allow send_interface="net.connman.vpn.Agent"/> + </policy> + <policy user="network_fw"> + <allow own="net.connman.vpn"/> + <allow send_destination="net.connman.vpn"/> + <allow send_interface="net.connman.vpn.Agent"/> + </policy> + <policy at_console="true"> + <allow send_destination="net.connman.vpn"/> + </policy> + <policy context="default"> + <deny own="net.connman.vpn"/> + <deny send_destination="net.connman.vpn"/> + <deny send_interface="net.connman.vpn.Agent"/> + </policy> </busconfig> diff --git a/vpn/vpn-ipconfig.c b/vpn/vpn-ipconfig.c index c096fa37..c096fa37 100644..100755 --- a/vpn/vpn-ipconfig.c +++ b/vpn/vpn-ipconfig.c diff --git a/vpn/vpn-manager.c b/vpn/vpn-manager.c index 021d625f..021d625f 100644..100755 --- a/vpn/vpn-manager.c +++ b/vpn/vpn-manager.c diff --git a/vpn/vpn-polkit.conf b/vpn/vpn-polkit.conf index a1dc6177..237d21be 100644..100755 --- a/vpn/vpn-polkit.conf +++ b/vpn/vpn-polkit.conf @@ -5,6 +5,10 @@ <allow own="net.connman.vpn"/> <allow send_interface="net.connman.vpn.Agent"/> </policy> + <policy user="network_fw"> + <allow own="net.connman.vpn"/> + <allow send_interface="net.connman.vpn.Agent"/> + </policy> <policy context="default"> <allow send_destination="net.connman.vpn"/> </policy> diff --git a/vpn/vpn-polkit.policy b/vpn/vpn-polkit.policy index 0c427220..0c427220 100644..100755 --- a/vpn/vpn-polkit.policy +++ b/vpn/vpn-polkit.policy diff --git a/vpn/vpn-provider.c b/vpn/vpn-provider.c index dd54ac08..bb1a103a 100644..100755 --- a/vpn/vpn-provider.c +++ b/vpn/vpn-provider.c @@ -1804,6 +1804,7 @@ static void provider_create_all_from_type(const char *provider_type) g_strfreev(providers); } +#if !defined TIZEN_EXT char *__vpn_provider_create_identifier(const char *host, const char *domain) { char *ident; @@ -1816,6 +1817,20 @@ char *__vpn_provider_create_identifier(const char *host, const char *domain) return ident; } +#else +char *__vpn_provider_create_identifier(const char *host, const char *domain, const char *name) +{ + char *ident; + + ident = g_strdup_printf("%s_%s_%s", host, domain, name); + if (!ident) + return NULL; + + provider_dbus_ident(ident); + + return ident; +} +#endif int __vpn_provider_create(DBusMessage *msg) { @@ -1869,7 +1884,11 @@ int __vpn_provider_create(DBusMessage *msg) if (!type || !name) return -EOPNOTSUPP; +#if !defined TIZEN_EXT ident = __vpn_provider_create_identifier(host, domain); +#else + ident = __vpn_provider_create_identifier(host, domain, name); +#endif DBG("ident %s", ident); provider = __vpn_provider_lookup(ident); @@ -2058,7 +2077,11 @@ int __vpn_provider_create_from_config(GHashTable *settings, goto fail; } +#if !defined TIZEN_EXT ident = __vpn_provider_create_identifier(host, domain); +#else + ident = __vpn_provider_create_identifier(host, domain, name); +#endif DBG("ident %s", ident); provider = __vpn_provider_lookup(ident); diff --git a/vpn/vpn-provider.h b/vpn/vpn-provider.h index 96452c11..96452c11 100644..100755 --- a/vpn/vpn-provider.h +++ b/vpn/vpn-provider.h diff --git a/vpn/vpn-rtnl.c b/vpn/vpn-rtnl.c index 6ddfd832..6ddfd832 100644..100755 --- a/vpn/vpn-rtnl.c +++ b/vpn/vpn-rtnl.c diff --git a/vpn/vpn-rtnl.h b/vpn/vpn-rtnl.h index aa640a66..aa640a66 100644..100755 --- a/vpn/vpn-rtnl.h +++ b/vpn/vpn-rtnl.h diff --git a/vpn/vpn.h b/vpn/vpn.h index 8bf86bd1..26b13d70 100644..100755 --- a/vpn/vpn.h +++ b/vpn/vpn.h @@ -71,8 +71,11 @@ int __vpn_ipconfig_init(void); void __vpn_ipconfig_cleanup(void); #include "vpn-provider.h" - +#if !defined TIZEN_EXT char *__vpn_provider_create_identifier(const char *host, const char *domain); +#else +char *__vpn_provider_create_identifier(const char *host, const char *domain, const char *name); +#endif bool __vpn_provider_check_routes(struct vpn_provider *provider); int __vpn_provider_append_user_route(struct vpn_provider *provider, int family, const char *network, diff --git a/vpn/vpn.ver b/vpn/vpn.ver index b8877064..b8877064 100644..100755 --- a/vpn/vpn.ver +++ b/vpn/vpn.ver |