AgeCommit message (Collapse)AuthorFilesLines
2013-06-13client: Implement support for queueing Agent messagesPatrik Flykt1-9/+60
ConnMan and ConnMan VPN daemon both send only one Agent message at a time. Since they are two different daemons, they can be sending messages at the same time independent of each other. Implement a check for an agent request from the other daemon being already processed and if so store the message for later. When the current agent request has been processed, check if there are pending requests from the other daemon and re-run the pending function. In order to support arbitrary queueing, make all method call implementations asynchronous.
2013-06-13client: Add VPN Agent support for Release, Cancel and ReportErrorPatrik Flykt2-0/+119
Create a new agent data structure for the VPN Agent and add the needed minor modifications to Release, Cancel and ReportError method calls in order to get them working both for Agent and VPN Agent. Create new register and unregister functions for the VPN Agent code.
2013-06-13client: Create agent data structure and pass it in function callbacksPatrik Flykt3-76/+116
Collect the agent variables into a data structure and update the agent functionality to pass this data structure around as function callback user data. Update the agent mode input functionality to store both the callback function and user data pointers. Notice that only only one input callback can be handled at any one time due to the input handling itself and the simple storing of callback and user data pointers.
2013-06-13client: Don't handle Agent messages in monitor codePatrik Flykt1-0/+4
Agent messages need to be handled in the agent code, ignore them when they get captured in the monitor code.
2013-06-13client: Fix DBUS_TYPE_UINT16 pretty-printingPatrik Flykt1-0/+5
The previous pretty-printing fix causes another change to be made for DBUS_TYPE_UINT16.
2013-06-12dhcpv6: Send domain list option to serverJukka Rissanen3-12/+22
OPTION_DOMAIN_LIST(24) was not sent to server.
2013-06-12unit: Multiple collisions with different poolsJukka Rissanen1-0/+97
Existing tests did not test this scenario: * new address is registered to * new address is registered to * ippool is created to (no collision) * ippool is created to (no collision) * new address is registered to (collision detected)
2013-06-12unit: Test ippool collision differentlyJukka Rissanen1-0/+87
Existing tests did not test this scenario: * new address is registered to * ippool is created to (no collision) * ippool is created to (there is a collision and the code should skip the range)
2013-06-12ippool: Clear allocated block pointer at cleanupJukka Rissanen1-0/+1
Without this the unit tests might core dump as the allocated_block pointer would point to already freed memory.
2013-06-12ippool: Private address check was incorrectJukka Rissanen1-13/+5
Fixes BMC#25993
2013-06-10service: Send proxy properties when connected or disconnectedJukka Rissanen1-0/+2
Fixes BMC#26019
2013-06-10technology: Offlinemode could not be disabled if no technology was poweredJukka Rissanen1-5/+9
If all the technologies were powered off, then offline mode could not be disabled. Fixes BMC#26018
2013-06-10TODO: Mark GSequence removal doneDaniel Wagner1-2/+1
2013-06-10service: Use GList instead of GSequence for service listDaniel Wagner1-186/+116
The hash table is now the owner of the service entry instead of the service list.
2013-06-10session: Use GList instead of GSequence for service listDaniel Wagner1-53/+41
The hash table is now the owner of the service entry instead of the service list.
2013-06-10session: Use service iterator instead of match/creation callbacksDaniel Wagner3-36/+28
When a new session is created we need to get the initial list of services which match the session AllowedBearers criteria. As soon the session is running add or removed services are tracked via the notifier interface. We concluded that exposing all the services is not really necessary and therefore we are using currently two callbacks to get the initial list. That exposes implementation details from session to service, that is GSequence. We also need to expose the type 'struct service_entry'. Instead doing so we are using an iterator and keep all the implementation details in session.c.
2013-06-10service: Initialize tech_dataDaniel Wagner1-1/+1
tech_data is allocated on the stack and is therefore not initilized with NULL.
2013-06-07client: Avoid printing extra prompt on RequestInputPatrik Flykt1-1/+2
2013-06-07client: Read D-Bus string type only if argument is 'Type'Patrik Flykt1-3/+4
A basic type was always read independent of the argument type which on some systems lead to a crash and on others only to a warning printout.
2013-06-07client: Pretty-print D-Bus signed integersPatrik Flykt1-1/+7
To keep it more logical, rename the unsigned variable in the code.
2013-06-07client: Add VPN monitoring supportPatrik Flykt1-38/+84
When adding VPN monitoring capabilities, also clean up the monitor code.
2013-06-07client: Add support for displaying VPN connectionsPatrik Flykt1-4/+75
Show a list of VPN connections known to the VPN daemon. Also allow D-Bus path names to start with numbers, as it is fine with the D-Bus library to define such path names. Fix up help command pretty-printing as the VPN command is slightly longer.
2013-06-07client: Add VPN connection helper functionPatrik Flykt3-0/+150
Add helper function for printing VPN connections. Show also configuration and failure states using 'C' and 'F' as configuration might take some time and failure conveys practical information to the user.
2013-06-07client: Add parameter to specify D-Bus service for method callPatrik Flykt4-26/+33
2013-06-07client: Add missing header file boilerplatePatrik Flykt2-0/+26
2013-06-04dhcpv6: Make sure release message is sentJukka Rissanen1-2/+11
Register an empty Release callback so that the message will be sent.
2013-05-31build: Add session policy format documentDaniel Wagner1-1/+2
2013-05-31doc: Document session policy file formatDaniel Wagner1-0/+83
2013-05-31session-test: Add tests for session_policy_localDaniel Wagner1-0/+151
Use the UID as identification.
2013-05-31session_policy_local: Set session identification methodDaniel Wagner1-1/+43
For SELinux we need to store the complete context for iptables to work.
2013-05-31session: Add session identification method to configDaniel Wagner2-0/+13
The session core needs to the know which kind of session identification method has been selected in the plugin in order to use the right iptables rules etc.
2013-05-31session_policy_local: Retrieve UID/GID from session userDaniel Wagner1-25/+179
When the session core ask to create a configuration, then we first ask the D-Bus server which UID/GID the session belongs to. If possible we also ask for the SELinux context. Then we try to figure out which file containts the configuration for SElinux, UID or GID identification. The order of matching preference is SELinux, UID and finally GID.
2013-05-31session_policy_local: Remove struct create_dataDaniel Wagner1-29/+14
Use struct policy_data instead of struct create_data.
2013-05-31session_policy_local: Rework policy file handlingDaniel Wagner1-143/+257
The old assumption was that a config file is associtated with one session only. With introducing UID/GID support a policy might be used for several sessions. Furthermore, it was assumed that the file name is the key/ident to identify a session and a file containts exactly one policy. Here are the new rules for writing a policy file. - A valid file name contains letters or numbers and must have a '.policy' suffix. - The file name has not semantical meaning - A policy file may contain contain more than 1 policy - Each policy entry starts with 'policy_' - Each policy entry shall have one and exactly one valid key (e.g. selinux) The implementation has two main hash tables, file_hash and session_hash which owns 'the file' respectively the session config. Additionally there is a hash table which connects a policy with a session (selinux_hash).
2013-05-31session_policy_local: Add some more debug informationDaniel Wagner1-8/+19
2013-05-31session_policy_local: Update session before unref policyDaniel Wagner1-10/+4
The update flag can be removed as it is no longer needed.
2013-05-31session_policy_local: Refactor SELinux context parserDaniel Wagner1-13/+8
g_strplit() will eventually strdup the tokens so no need to strdup() 'context'. But we an ugly cast (from 'const unsigned char *' to 'const char *') is needed for g_strsplit() to make the compiler happy.
2013-05-31session_policy_local: Do not handle small allocationDaniel Wagner1-29/+4
Let's remove the small allocations error path because glib will abort on memory exhausting anyway. Basically we remove dead code.
2013-05-31session: Do not access stale entry pointersDaniel Wagner1-3/+16
When removing the entry clear all references towards it.
2013-05-31session: Add session argument to create_service_entry_cbDaniel Wagner3-4/+9
Remember which session this struct service_entry belongs to when removing the entries again.
2013-05-31TODO: Support other time sourcesPatrik Flykt1-0/+8
2013-05-31timeserver: Periodically wake up to recheck timeserversPatrik Flykt1-10/+72
The current situation is that a failed timeserver name resolution removes the timeserver immediately from the list of used timeservers and failing to connect to the nameserver IP address removes the timeserver after a 2 second delay. Currently no mechanism exists to re-create the list of nameservers once the list has been exhausted or the more preferred timeservers have been removed from it. This implementation combats both problems where less used timeservers further away end up being used despite a more optimal closer one becoming available as well as the problem of exhausting the nameserver list. This is done by periodially waking up and checking the timeserver in use. If the timeserver in use is not the most preferred one or the list of timeservers is empty, the timeserver list is recreated and the timeserver polling procedure is restarted.
2013-05-31iptables: Fix memory leak when invoking xtables_find_matchDaniel Wagner1-12/+34
xtables_find_match() returns two different kind of pointers. The first type is pointing to the function pointer table loaded via dlopen(). The second type is a copy (via plain malloc) of the first type. xtables_find_match() marks the copies/clones with m == m->next. So we need to free the struct xtables_match which point back to themself. Also fix the issue that we didn't handle multple match instances at the same time. The memory leak is only visible when having more than one match of a kind.
2013-05-31Release 1.15upstream/1.151.15Marcel Holtmann2-1/+8
2013-05-30config: Remove code implementing Protected config file settingPatrik Flykt1-54/+0
The code was relevant only for Manager.ProvisionService method call which was removed a long time ago.
2013-05-30doc: Remove Protected descriptionPatrik Flykt1-3/+0
The Protected setting was relevant only for Manager.ProvisionService method call which was removed a long time ago.
2013-05-30vpn-config: Log a warning if the provider ident already existsPatrik Flykt1-2/+7
Also set the returned value appropriately when removing or adding configuration files.
2013-05-30vpn-config: Remove obsolete protected codePatrik Flykt1-63/+1
For VPN connections created via configuration files the immutable flag is set and it ensures no modifications are allowed. The protected feature implementation was a left-over from service configuration code. Removing the code fixes a bug where only VPN entries of different types can be provisioned in the same provisioning file.
2013-05-29test-ippool: Shortcut exhausting allocation testDaniel Wagner1-3/+9
Instead really trying to allocate all possible 69888 blocks, let's reserve the first two IP pools and then we only need to allocate 255 blocks. That should bring down the runtime considerable.
2013-05-29service: Update Domains property when Domains.Configuration changesPatrik Flykt1-0/+1
Domains property was not updated when Domains.Configuration was changed. If Domains.Configuration is for example set to empty when using DHCP, the Domains property is to be updated with the value configured via DHCP. Fixes BMC#26010