| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
For SELinux we need to store the complete context for iptables
to work.
|
|
When the session core ask to create a configuration, then we
first ask the D-Bus server which UID/GID the session belongs to.
If possible we also ask for the SELinux context. Then we try
to figure out which file containts the configuration for
SElinux, UID or GID identification.
The order of matching preference is SELinux, UID and finally GID.
|
|
Use struct policy_data instead of struct create_data.
|
|
The old assumption was that a config file is associtated
with one session only. With introducing UID/GID support a policy
might be used for several sessions. Furthermore, it was assumed
that the file name is the key/ident to identify a session and
a file containts exactly one policy.
Here are the new rules for writing a policy file.
- A valid file name contains letters or numbers and must have a '.policy'
suffix.
- The file name has not semantical meaning
- A policy file may contain contain more than 1 policy
- Each policy entry starts with 'policy_'
- Each policy entry shall have one and exactly one valid key (e.g.
selinux)
The implementation has two main hash tables, file_hash and session_hash
which owns 'the file' respectively the session config. Additionally there
is a hash table which connects a policy with a session (selinux_hash).
|
|
|
|
The update flag can be removed as it is no longer needed.
|
|
g_strplit() will eventually strdup the tokens so no need to
strdup() 'context'. But we an ugly cast (from 'const unsigned char *'
to 'const char *') is needed for g_strsplit() to make the compiler happy.
|
|
Let's remove the small allocations error path because glib will
abort on memory exhausting anyway. Basically we remove dead code.
|
|
Previously the number of scanned hidden WiFi networks was
restricted by the fast scan limit of the WiFi driver. This
patch takes into account the driver fast scan limit and will
scan for all configured hidden WiFi networks.
Thanks to Jukka for testing this.
|
|
|
|
Do not handle the small alloc failures because glib will abort
when memory is tight anyway.
|
|
Streamline the callback typedefs with the rest of the code.
|
|
Use the generic callback helpers to encapsulate struct create_data.
In a later patch we will add some more data elemets to struct
create_data. That is the reason why it is not remove here.
|
|
When a file is added (not modified) we need to parse it as well
|
|
We should not unref the policy on parsing errors becase the policy
lifetime is attached to the lifetime of the file. When the file
is removed we remove it from the hash table.
|
|
Match all is expressed via CONNMAN_SERVICE_TYPE_UNKNOWN. An empty
list means no match.
|
|
Use connman_sessoin_set_default_config() instead of open coded
version.
This prepars the next fix.
|
|
Per MEEGO-25999 <https://bugs.meego.com/show_bug.cgi?id=25999>, there
exists a race between scan_callback and wifi_disable such that a care-
fully-timed deassertion of the technology Powered property between
throw_wifi_scan and scan_callback will lead to a device reference
count underflow. A second Powered property false -> true -> false
transition will then deallocate the device and Wi-Fi will no longer
function until connman or the system is restarted.
This patch improves upon and revises the prior patch to address this
issue by recognizing that hidden networks involve a slightly different
code path and timing and that both this and the prior case can be
addressed by tracking the device scanning state and only releasing the
device when the state is asserted.
|
|
Per MEEGO-25999 <https://bugs.meego.com/show_bug.cgi?id=25999>, there
exists a race between scan_callback and wifi_disable such that a care-
fully-timed deassertion of the technology Powered property between
throw_wifi_scan and scan_callback will lead to a device reference
count underflow. A second Powered property false -> true -> false
transition will then deallocate the device and Wi-Fi will no longer
function until connman or the system is restarted.
This patch addresses that race by tracking and observing the disabling
state such that scan_callback ad wifi_disable can effectively negotiate
which has performed the device release, thereby avoiding the double
release and resulting underflow.
|
|
The host ip address field is only used if user has given vpn
server as a host name instead of host ip address.
|
|
Possible memory leak here as we might have ip address allocated
already.
|
|
|
|
There is a race that causes the network not to be added if we get the
CDMA netreg changed signal before the CDMA connection manager added
signal. In that case the network is not added because the device has
not been created yet. So we fix this by trying to add the network
whenever the device is created.
|
|
Connecting the network requires powering the CDMA connection manager,
which fails with an error if network registration is not complete. So
we only add the network when registration is complete and remove it when
the modem is no longer registered.
|
|
If we receive nameservers from vpnd we must set them in provider.
The connman_provider_set_nameservers() function needs changes
because we get the nameservers as an array, it makes no sense to
convert the array to string and then back to array.
|
|
This terminates the body of stop_autoscan if autoscan is
not active. Per MEEGO-25987 <http://bugs.meego.com/show_bug.cgi?id=25987>,
running stop_autoscan when changing connected services can prematurely and
incorrectly terminate a new, in-flight service connection and result in a
failure of that connection with "net.connman.Error.OperationAborted:
Operation aborted".
When a scan is started, all networks are marked unavailable. Should the check
added in this patch not be present, device scanning is set to false and all
not yet found networks are removed. Thus the service will not be able to
connect if its network wasn't already found.
|
|
Reported by Ravikumar Veeramally
|
|
|
|
The dbus messages from vpnd might come in different order so make
sure we are not trying to access already removed provider.
|
|
|
|
When provider is destroyed in vpnd, we get a notification about
that. We must then remove the provider which will also unref it
so the provider data will get removed properly.
Old code just unreffed the provider but it was left hanging in
service list.
|
|
If the data pointer is left around, then vpn plugin might
accidentally use it if dbus messages are received after
we have cleared the vpn connection.
|
|
|
|
|
|
Currently, it relies on max_ssids to know how many SSIDs it can provide as
paremeters. However, patch 6af0579c434058536fb40480f40f5e9895cfe863, which
fixes an issue about fast scanning, affects such feature.
Therefore, as a default, it will fallback to 1 if given max_ssids is 0.
There is still the issue that it will autoscan only max_ssid (1 or more)
known hidden SSIDs. This need to be fixed.
Reported by Sameer Naik
|
|
DBUS_TIMEOUT_USE_DEFAULT appeared in dbus-1.4.12, but earlier dbus versions
are still in use in some distributions like Fedora 17.
|
|
D-Bus method calls to may trigger pairing and/or pop up a dialog
in the remote Bluetooth device to which the user needs to react.
|
|
D-Bus method calls to Bluez 4 may trigger pairing and/or pop up a
dialog in the remote device to which the user needs to react.
|
|
PushOOB() method implementation. Currently only basic open/psk based
provisioning is supported.
|
|
Implement also RequestOOB() neard Agent method.
|
|
These properties are not needed here so ignore them.
|
|
|
|
|
|
|
|
|
|
|
|
Implement connect and disconnect functionality for a ConnMan network.
On network creation check the connection status of the Bluez 5 Network1
object and set the network to connected when needed.
|
|
Create ConnMan networks for those Bluez 5 org.bluez.Network1/Device1
objects that support PAN NAP. A network is created or removed in response
to the Network1/Device1 being created or when the Device1 object's UUID
changed.
The ConnMan network struct is added to and removed from the ConnMan
device when the device is created, enabled or disabled.
|
