Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
This interface is responsible for handling properties of all objects in
a given path. Right now it only registers itself, doing nothing useful.
A conversion to this new layout will be done by subsequent patches.
org.freedesktop.org.DBus.Properties spec can be found at
http://dbus.freedesktop.org/doc/dbus-specification.html#standard-interfaces-properties
|
|
Besides being more readable this way it avoids going over 80 chars.
|
|
Move the typedefs up so they can be used by functions and callbacks.
|
|
Fixed by 295cc8b57ce12257a9e90ea2e15e0d610e072e0a
|
|
If config file should also be parsed and the values then stored in
the config object.
|
|
Monitor changes on the config files. Either create, modify or destroy
them according the events we get from the inotify interface.
|
|
Introduce the second hash table which tracks the config object lifetime
based on the file existens. The parsing of the file and creation of the
config object is part of the next patch.
|
|
The policy data object is refcounted because the policy data
object can be created either through the session core or
from the file based policy. In order to avoid complex logic
which tries to figure out when to is safe to destroy the object
we just fall back to refcountig.
polich_hash is the owner of the policy object. When a object is
created it is stored there. The key is the identitfier. Since the
session core does not know about the identifier we introduce
an additional hash table which maps from session pointer to the policy
object.
|
|
|
|
Add only the empty 'framework'. In the following patches we add
step by step the implementation.
|
|
If the user provides the match all rule we should add the policy
bearer to the result.
|
|
Don't overwrite the user provided AllowedBearers
configuration. Instead just store it at session level. So we always
will apply the bearer filter on the user input.
Obviously, this might need some more improvements on how we want
to handle the AllowedBearers behavior when the policy plugin and
the application provide a configuration. For exmaple should
we update the AllowedBearers if the policy changes or just always
show only the user input. This patch is not perfect but it
improves the situation clearly.
|
|
Whenever a configuration gets invalid (e.g. a configuration
is removed) then we need to be able to drop back to the
default configutation.
|
|
We want to reuse these functions.
|
|
|
|
The error handling can get easily get pretty hairy, e.g.
reallocating memory for allowed_bearers. If we hit this situation
we allow the plugin to shutdown the session. That is consistent
with what we do when there is a problem while creating a new
session.
|
|
Give a policy plugin a way to inform the session core that
some of the config values have changed.
This could be done in a more clever way, e.g. figure out only
to update the necessary info entries but we keep it for now
as simple and assume everthing has changed.
|
|
ConnMan needs to identify application in a secure way when they are
using the Session API. The current D-Bus server implemention supports
two types of LSM, POSIX and SELinux. In order to support SMACK or
TOMOYO the D-Bus code base needs to be patch. This is the initial work
to support at least POSIX and SELinux. Maybe in the future we are able
to support also the other LSMs.
The idea behind gsec is to keep the LSM related code together in one
directory. The API introduces in this patch is not any way final. It
will need some more time figuring out how are able to intregrate this
in a nice way.
The current API introduces g_sec_get_selinux_label() which will return
the SELinux context. The function will issuing a
GetConnectionSELinuxSecurityContext method call.
Note, that this function is not documented in the D-Bus
specification. See for more details the source code dbus/bus/drivers.c
and dbus/bus/selinux.c in the D-Bus reference implementation.
|
|
When we do not watch watch for IN_MOVED_TO or IN_MOVED_FROM we can
easily inconsistent. The user creates a file and moves it then
from the watched directory. We wouldn't see this change and therefore
keep the configuration. That is a rather anoying behavoir
for the policy plugin.
|
|
The inotify code will be used by the core (config.c) and the session
policy plugin. We introduce a new API for file modifcation
notifcation.
We move the factored out code part from the last patch into a new file
and also change the inotify code so that it allows to monitor not only
STORAGEDIR. When registering a new observer, the callee has to tell
which directory should be watched. inotify.c will group the observers
together.
|
|
The inotify code can be reused. So before we introduce a new generic
inotify API, let's factor out in order to simplify the review process.
|
|
When building with --disable-optimiziation we need to make
sure the compiler flags do not include -O0 and FORTITFY when compiling
the resolv.h header file.
|
|
We need to set the provider into idle state when removing,
otherwise the default route will not be set properly after
provider removal.
Fixes BMC#25658
|
|
|
|
As the UserRoutes is to be set by the user, then tell that
in the documentation.
Clarify also what the ServerRoutes mean.
|
|
If the user is using config file option, then do not set the optional
default options. All the mandatory options needed for connman and
openvpn interaction are still set in command line.
|
|
Fixes BMC#25866
|
|
The --client option activates the --tls-client option
so we can remove the useless one.
|
|
gcc complains about missing definition for malloc.
|
|
|
|
If the interface name is not set, then it is no use
checking if the interface would be ignored.
The interface name is not set if the interface is being
taken down and we get NEWLINK message with NULL interface.
Fixes BMC#25865
|
|
The SELinux rules are needed for VPN. They allow various vpn
clients to send notifications to connman-vpnd via net.connman.Task
dbus interface if the connman processes are run under systemd
and the system is in enforcing mode.
|
|
We must cleanup the plugin first before cleaning up the provider
because the vpn plugin needs providers from provider hash.
|
|
|
|
Use syslog for error printing because normally the stderr
goes to /dev/null and we do not see the errors.
|
|
Use syslog for error printing because normally the stderr
goes to /dev/null and we do not see the errors.
|
|
|
|
|
|
|
|
If the connman_inet_ifup() says the interface is already UP,
then it is possible that we might not get a call to vpn_newlink().
That would be really bad as the provider would then never go to
ready state. So in this case we manually call vpn_newlink() to
take the interface UP. If the newlink was called before our call,
then our manual call will be ignored.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Because the vpnd Create() in manager API only creates and does
not connect the vpn, we must do the connect part after the
vpn is created. This requires a callback which is called when
the connection is established. Eventually this patch becomes
obsolete because the CreateProvider() connman API is deprecated.
|
|
|