From 1b9d0a62f59bb48c8deb2f0b98d9acdffdd9abe7 Mon Sep 17 00:00:00 2001 From: Zhang zhengguang Date: Thu, 17 Jul 2014 10:37:39 +0800 Subject: Imported Upstream version 1.24 --- vpn/plugins/openconnect.c | 357 +++++++++++++++++++++++++--------------------- 1 file changed, 196 insertions(+), 161 deletions(-) (limited to 'vpn/plugins/openconnect.c') diff --git a/vpn/plugins/openconnect.c b/vpn/plugins/openconnect.c index 83584da8..c6b9cd65 100644 --- a/vpn/plugins/openconnect.c +++ b/vpn/plugins/openconnect.c @@ -2,7 +2,7 @@ * * ConnMan VPN daemon * - * Copyright (C) 2007-2012 Intel Corporation. All rights reserved. + * Copyright (C) 2007-2013 Intel Corporation. All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 as @@ -57,12 +57,19 @@ struct { }; struct oc_private_data { + struct vpn_provider *provider; struct connman_task *task; char *if_name; vpn_provider_connect_cb_t cb; void *user_data; }; +static void free_private_data(struct oc_private_data *data) +{ + g_free(data->if_name); + g_free(data); +} + static int task_append_config_data(struct vpn_provider *provider, struct connman_task *task) { @@ -70,12 +77,12 @@ static int task_append_config_data(struct vpn_provider *provider, int i; for (i = 0; i < (int)ARRAY_SIZE(oc_options); i++) { - if (oc_options[i].oc_opt == NULL) + if (!oc_options[i].oc_opt) continue; option = vpn_provider_get_string(provider, oc_options[i].cm_opt); - if (option == NULL) + if (!option) continue; if (connman_task_add_argument(task, @@ -144,7 +151,7 @@ static int oc_notify(DBusMessage *msg, struct vpn_provider *provider) /* The netmask contains the address and the prefix */ sep = strchr(value, '/'); - if (sep != NULL) { + if (sep) { unsigned char ip_len = sep - value; addressv6 = g_strndup(value, ip_len); @@ -160,13 +167,13 @@ static int oc_notify(DBusMessage *msg, struct vpn_provider *provider) if (!strcmp(key, "CISCO_PROXY_PAC")) vpn_provider_set_pac(provider, value); - if (domain == NULL && !strcmp(key, "CISCO_DEF_DOMAIN")) { + if (!domain && !strcmp(key, "CISCO_DEF_DOMAIN")) { g_free(domain); domain = g_strdup(value); } - if (g_str_has_prefix(key, "CISCO_SPLIT_INC") == TRUE || - g_str_has_prefix(key, "CISCO_IPV6_SPLIT_INC") == TRUE) + if (g_str_has_prefix(key, "CISCO_SPLIT_INC") || + g_str_has_prefix(key, "CISCO_IPV6_SPLIT_INC")) vpn_provider_append_route(provider, key, value); dbus_message_iter_next(&dict); @@ -174,14 +181,14 @@ static int oc_notify(DBusMessage *msg, struct vpn_provider *provider) DBG("%p %p", addressv4, addressv6); - if (addressv4 != NULL) + if (addressv4) ipaddress = connman_ipaddress_alloc(AF_INET); - else if (addressv6 != NULL) + else if (addressv6) ipaddress = connman_ipaddress_alloc(AF_INET6); else ipaddress = NULL; - if (ipaddress == NULL) { + if (!ipaddress) { g_free(addressv4); g_free(addressv6); g_free(netmask); @@ -191,7 +198,7 @@ static int oc_notify(DBusMessage *msg, struct vpn_provider *provider) return VPN_STATE_FAILURE; } - if (addressv4 != NULL) + if (addressv4) connman_ipaddress_set_ipv4(ipaddress, addressv4, netmask, gateway); else @@ -210,8 +217,85 @@ static int oc_notify(DBusMessage *msg, struct vpn_provider *provider) return VPN_STATE_CONNECT; } -static void request_input_append_cookie(DBusMessageIter *iter, - void *user_data) +static int run_connect(struct vpn_provider *provider, + struct connman_task *task, const char *if_name, + vpn_provider_connect_cb_t cb, void *user_data) +{ + const char *vpnhost, *vpncookie, *servercert, *mtu; + int fd, err = 0, len; + + vpnhost = vpn_provider_get_string(provider, "OpenConnect.VPNHost"); + if (!vpnhost) + vpnhost = vpn_provider_get_string(provider, "Host"); + vpncookie = vpn_provider_get_string(provider, "OpenConnect.Cookie"); + servercert = vpn_provider_get_string(provider, + "OpenConnect.ServerCert"); + + if (!vpncookie || !servercert) { + err = -EINVAL; + goto done; + } + + task_append_config_data(provider, task); + + connman_task_add_argument(task, "--servercert", servercert); + + mtu = vpn_provider_get_string(provider, "VPN.MTU"); + + if (mtu) + connman_task_add_argument(task, "--mtu", (char *)mtu); + + connman_task_add_argument(task, "--syslog", NULL); + connman_task_add_argument(task, "--cookie-on-stdin", NULL); + + connman_task_add_argument(task, "--script", + SCRIPTDIR "/openconnect-script"); + + connman_task_add_argument(task, "--interface", if_name); + + connman_task_add_argument(task, (char *)vpnhost, NULL); + + err = connman_task_run(task, vpn_died, provider, + &fd, NULL, NULL); + if (err < 0) { + connman_error("openconnect failed to start"); + err = -EIO; + goto done; + } + + len = strlen(vpncookie); + if (write(fd, vpncookie, len) != (ssize_t)len || + write(fd, "\n", 1) != 1) { + connman_error("openconnect failed to take cookie on stdin"); + err = -EIO; + goto done; + } + +done: + if (cb) + cb(provider, user_data, err); + + return err; +} + +static void request_input_append_informational(DBusMessageIter *iter, + void *user_data) +{ + const char *str; + + str = "string"; + connman_dbus_dict_append_basic(iter, "Type", DBUS_TYPE_STRING, &str); + + str = "informational"; + connman_dbus_dict_append_basic(iter, "Requirement", DBUS_TYPE_STRING, + &str); + + str = user_data; + connman_dbus_dict_append_basic(iter, "Value", DBUS_TYPE_STRING, &str); +} + +static void request_input_append_mandatory(DBusMessageIter *iter, + void *user_data) { char *str = "string"; @@ -222,29 +306,20 @@ static void request_input_append_cookie(DBusMessageIter *iter, DBUS_TYPE_STRING, &str); } -struct request_input_reply { - struct vpn_provider *provider; - vpn_provider_auth_cb_t callback; - void *user_data; -}; - static void request_input_cookie_reply(DBusMessage *reply, void *user_data) { - struct request_input_reply *cookie_reply = user_data; - const char *error = NULL; - char *cookie = NULL; + struct oc_private_data *data = user_data; + char *cookie = NULL, *servercert = NULL, *vpnhost = NULL; char *key; DBusMessageIter iter, dict; - DBG("provider %p", cookie_reply->provider); + DBG("provider %p", data->provider); - if (dbus_message_get_type(reply) == DBUS_MESSAGE_TYPE_ERROR) { - error = dbus_message_get_error_name(reply); - goto done; - } + if (dbus_message_get_type(reply) == DBUS_MESSAGE_TYPE_ERROR) + goto err; - if (vpn_agent_check_reply_has_dict(reply) == FALSE) - goto done; + if (!vpn_agent_check_reply_has_dict(reply)) + goto err; dbus_message_iter_init(reply, &iter); dbus_message_iter_recurse(&iter, &dict); @@ -267,40 +342,76 @@ static void request_input_cookie_reply(DBusMessage *reply, void *user_data) != DBUS_TYPE_STRING) break; dbus_message_iter_get_basic(&value, &cookie); + vpn_provider_set_string_hide_value(data->provider, + key, cookie); + + } else if (g_str_equal(key, "OpenConnect.ServerCert")) { + dbus_message_iter_next(&entry); + if (dbus_message_iter_get_arg_type(&entry) + != DBUS_TYPE_VARIANT) + break; + dbus_message_iter_recurse(&entry, &value); + if (dbus_message_iter_get_arg_type(&value) + != DBUS_TYPE_STRING) + break; + dbus_message_iter_get_basic(&value, &servercert); + vpn_provider_set_string(data->provider, key, + servercert); + + } else if (g_str_equal(key, "OpenConnect.VPNHost")) { + dbus_message_iter_next(&entry); + if (dbus_message_iter_get_arg_type(&entry) + != DBUS_TYPE_VARIANT) + break; + dbus_message_iter_recurse(&entry, &value); + if (dbus_message_iter_get_arg_type(&value) + != DBUS_TYPE_STRING) + break; + dbus_message_iter_get_basic(&value, &vpnhost); + vpn_provider_set_string(data->provider, key, vpnhost); } dbus_message_iter_next(&dict); } -done: - cookie_reply->callback(cookie_reply->provider, cookie, error, - cookie_reply->user_data); - g_free(cookie_reply); -} + if (!cookie || !servercert || !vpnhost) + goto err; + + run_connect(data->provider, data->task, data->if_name, data->cb, + data->user_data); + + free_private_data(data); -typedef void (* request_cb_t)(struct vpn_provider *provider, - const char *vpncookie, - const char *error, void *user_data); + return; + +err: + vpn_provider_indicate_error(data->provider, + VPN_PROVIDER_ERROR_AUTH_FAILED); + + free_private_data(data); +} static int request_cookie_input(struct vpn_provider *provider, - request_cb_t callback, void *user_data) + struct oc_private_data *data, + const char *dbus_sender) { DBusMessage *message; const char *path, *agent_sender, *agent_path; DBusMessageIter iter; DBusMessageIter dict; - struct request_input_reply *cookie_reply; + const char *str; int err; + void *agent; - connman_agent_get_info(&agent_sender, &agent_path); - - if (provider == NULL || agent_path == NULL || callback == NULL) + agent = connman_agent_get_info(dbus_sender, &agent_sender, + &agent_path); + if (!provider || !agent || !agent_path) return -ESRCH; message = dbus_message_new_method_call(agent_sender, agent_path, VPN_AGENT_INTERFACE, "RequestInput"); - if (message == NULL) + if (!message) return -ENOMEM; dbus_message_iter_init_append(message, &iter); @@ -311,30 +422,39 @@ static int request_cookie_input(struct vpn_provider *provider, connman_dbus_dict_open(&iter, &dict); + str = vpn_provider_get_string(provider, "OpenConnect.CACert"); + if (str) + connman_dbus_dict_append_dict(&dict, "OpenConnect.CACert", + request_input_append_informational, + (void *)str); + + str = vpn_provider_get_string(provider, "OpenConnect.ClientCert"); + if (str) + connman_dbus_dict_append_dict(&dict, "OpenConnect.ClientCert", + request_input_append_informational, + (void *)str); + + connman_dbus_dict_append_dict(&dict, "OpenConnect.ServerCert", + request_input_append_mandatory, NULL); + + connman_dbus_dict_append_dict(&dict, "OpenConnect.VPNHost", + request_input_append_mandatory, NULL); + connman_dbus_dict_append_dict(&dict, "OpenConnect.Cookie", - request_input_append_cookie, provider); + request_input_append_mandatory, NULL); vpn_agent_append_host_and_name(&dict, provider); connman_dbus_dict_close(&iter, &dict); - cookie_reply = g_try_new0(struct request_input_reply, 1); - if (cookie_reply == NULL) { - dbus_message_unref(message); - return -ENOMEM; - } - - cookie_reply->provider = provider; - cookie_reply->callback = callback; - cookie_reply->user_data = user_data; - err = connman_agent_queue_message(provider, message, connman_timeout_input_request(), - request_input_cookie_reply, cookie_reply); + request_input_cookie_reply, data, agent); + if (err < 0 && err != -EBUSY) { DBG("error %d sending agent request", err); dbus_message_unref(message); - g_free(cookie_reply); + return err; } @@ -343,133 +463,46 @@ static int request_cookie_input(struct vpn_provider *provider, return -EINPROGRESS; } -static int run_connect(struct vpn_provider *provider, - struct connman_task *task, const char *if_name, - vpn_provider_connect_cb_t cb, void *user_data, - const char *vpncookie) -{ - const char *vpnhost, *cafile, *certsha1, *mtu; - int fd, err = 0, len; - - vpnhost = vpn_provider_get_string(provider, "Host"); - - if (vpncookie == NULL) { - DBG("Cookie missing, cannot connect!"); - err = -EINVAL; - goto done; - } - - task_append_config_data(provider, task); - - vpn_provider_set_string(provider, "OpenConnect.Cookie", vpncookie); - - certsha1 = vpn_provider_get_string(provider, - "OpenConnect.ServerCert"); - if (certsha1) - connman_task_add_argument(task, "--servercert", - (char *)certsha1); - - cafile = vpn_provider_get_string(provider, "OpenConnect.CACert"); - mtu = vpn_provider_get_string(provider, "VPN.MTU"); - - if (cafile) - connman_task_add_argument(task, "--cafile", - (char *)cafile); - if (mtu) - connman_task_add_argument(task, "--mtu", (char *)mtu); - - connman_task_add_argument(task, "--syslog", NULL); - connman_task_add_argument(task, "--cookie-on-stdin", NULL); - - connman_task_add_argument(task, "--script", - SCRIPTDIR "/openconnect-script"); - - connman_task_add_argument(task, "--interface", if_name); - - connman_task_add_argument(task, (char *)vpnhost, NULL); - - err = connman_task_run(task, vpn_died, provider, - &fd, NULL, NULL); - if (err < 0) { - connman_error("openconnect failed to start"); - err = -EIO; - goto done; - } - - len = strlen(vpncookie); - if (write(fd, vpncookie, len) != (ssize_t)len || - write(fd, "\n", 1) != 1) { - connman_error("openconnect failed to take cookie on stdin"); - err = -EIO; - goto done; - } - -done: - if (cb != NULL) - cb(provider, user_data, err); - - return err; -} - -static void free_private_data(struct oc_private_data *data) -{ - g_free(data->if_name); - g_free(data); -} - -static void request_input_cb(struct vpn_provider *provider, - const char *vpncookie, - const char *error, void *user_data) -{ - struct oc_private_data *data = user_data; - - if (vpncookie == NULL) - DBG("Requesting cookie failed, error %s", error); - else if (error != NULL) - DBG("error %s", error); - - run_connect(provider, data->task, data->if_name, data->cb, - data->user_data, vpncookie); - - free_private_data(data); -} - static int oc_connect(struct vpn_provider *provider, struct connman_task *task, const char *if_name, - vpn_provider_connect_cb_t cb, void *user_data) + vpn_provider_connect_cb_t cb, + const char *dbus_sender, void *user_data) { - const char *vpnhost, *vpncookie; + const char *vpnhost, *vpncookie, *servercert; int err; vpnhost = vpn_provider_get_string(provider, "Host"); - if (vpnhost == NULL) { + if (!vpnhost) { connman_error("Host not set; cannot enable VPN"); return -EINVAL; } vpncookie = vpn_provider_get_string(provider, "OpenConnect.Cookie"); - if (vpncookie == NULL) { + servercert = vpn_provider_get_string(provider, + "OpenConnect.ServerCert"); + if (!vpncookie || !servercert) { struct oc_private_data *data; data = g_try_new0(struct oc_private_data, 1); - if (data == NULL) + if (!data) return -ENOMEM; + data->provider = provider; data->task = task; data->if_name = g_strdup(if_name); data->cb = cb; data->user_data = user_data; - err = request_cookie_input(provider, request_input_cb, data); + err = request_cookie_input(provider, data, dbus_sender); if (err != -EINPROGRESS) { + vpn_provider_indicate_error(data->provider, + VPN_PROVIDER_ERROR_LOGIN_FAILED); free_private_data(data); - goto done; } return err; } -done: - return run_connect(provider, task, if_name, cb, user_data, vpncookie); + return run_connect(provider, task, if_name, cb, user_data); } static int oc_save(struct vpn_provider *provider, GKeyFile *keyfile) @@ -479,21 +512,21 @@ static int oc_save(struct vpn_provider *provider, GKeyFile *keyfile) setting = vpn_provider_get_string(provider, "OpenConnect.ServerCert"); - if (setting != NULL) + if (setting) g_key_file_set_string(keyfile, vpn_provider_get_save_group(provider), "OpenConnect.ServerCert", setting); setting = vpn_provider_get_string(provider, "OpenConnect.CACert"); - if (setting != NULL) + if (setting) g_key_file_set_string(keyfile, vpn_provider_get_save_group(provider), "OpenConnect.CACert", setting); setting = vpn_provider_get_string(provider, "VPN.MTU"); - if (setting != NULL) + if (setting) g_key_file_set_string(keyfile, vpn_provider_get_save_group(provider), "VPN.MTU", setting); @@ -502,7 +535,7 @@ static int oc_save(struct vpn_provider *provider, GKeyFile *keyfile) if (strncmp(oc_options[i].cm_opt, "OpenConnect.", 12) == 0) { option = vpn_provider_get_string(provider, oc_options[i].cm_opt); - if (option == NULL) + if (!option) continue; g_key_file_set_string(keyfile, @@ -514,13 +547,15 @@ static int oc_save(struct vpn_provider *provider, GKeyFile *keyfile) return 0; } -static int oc_error_code(int exit_code) +static int oc_error_code(struct vpn_provider *provider, int exit_code) { switch (exit_code) { case 1: return VPN_PROVIDER_ERROR_CONNECT_FAILED; case 2: + vpn_provider_set_string_hide_value(provider, + "OpenConnect.Cookie", NULL); return VPN_PROVIDER_ERROR_LOGIN_FAILED; default: return VPN_PROVIDER_ERROR_UNKNOWN; -- cgit v1.2.3