vpn/plugins/l2tp.c

   1 /*
   2  *
   3  *  ConnMan VPN daemon
   4  *
   5  *  Copyright (C) 2010,2013  BMW Car IT GmbH.
   6  *  Copyright (C) 2012-2013  Intel Corporation. All rights reserved.
   7  *  Copyright (C) 2019-2021  Jolla Ltd.
   8  *
   9  *  This program is free software; you can redistribute it and/or modify
  10  *  it under the terms of the GNU General Public License version 2 as
  11  *  published by the Free Software Foundation.
  12  *
  13  *  This program is distributed in the hope that it will be useful,
  14  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  15  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16  *  GNU General Public License for more details.
  17  *
  18  *  You should have received a copy of the GNU General Public License
  19  *  along with this program; if not, write to the Free Software
  20  *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
  21  *
  22  */
  23
  24 #ifdef HAVE_CONFIG_H
  25 #include <config.h>
  26 #endif
  27
  28 #include <string.h>
  29 #include <errno.h>
  30 #include <unistd.h>
  31 #include <sys/types.h>
  32 #include <sys/stat.h>
  33 #include <fcntl.h>
  34
  35 #include <stdio.h>
  36 #include <net/if.h>
  37
  38 #include <dbus/dbus.h>
  39 #include <glib.h>
  40
  41 #define CONNMAN_API_SUBJECT_TO_CHANGE
  42 #include <connman/plugin.h>
  43 #include <connman/provider.h>
  44 #include <connman/log.h>
  45 #include <connman/task.h>
  46 #include <connman/dbus.h>
  47 #include <connman/inet.h>
  48 #include <connman/agent.h>
  49 #include <connman/setting.h>
  50 #include <connman/vpn-dbus.h>
  51
  52 #include "../vpn-provider.h"
  53 #include "../vpn-agent.h"
  54
  55 #include "vpn.h"
  56
  57 #define ARRAY_SIZE(a) (sizeof(a)/sizeof(a[0]))
  58
  59 enum {
  60         OPT_STRING = 1,
  61         OPT_BOOL = 2,
  62 };
  63
  64 enum {
  65         OPT_ALL = 1,
  66         OPT_L2G = 2,
  67         OPT_L2  = 3,
  68         OPT_PPPD = 4,
  69         OPT_L2LNS = 5,
  70 };
  71
  72 struct {
  73         const char *cm_opt;
  74         const char *pppd_opt;
  75         int sub;
  76         const char *vpn_default;
  77         int type;
  78 } pppd_options[] = {
  79         { "L2TP.User", "name", OPT_ALL, NULL, OPT_STRING },
  80         { "L2TP.BPS", "bps", OPT_L2, NULL, OPT_STRING },
  81         { "L2TP.TXBPS", "tx bps", OPT_L2, NULL, OPT_STRING },
  82         { "L2TP.RXBPS", "rx bps", OPT_L2, NULL, OPT_STRING },
  83         { "L2TP.LengthBit", "length bit", OPT_L2, NULL, OPT_STRING },
  84         { "L2TP.Challenge", "challenge", OPT_L2, NULL, OPT_STRING },
  85         { "L2TP.DefaultRoute", "defaultroute", OPT_L2, NULL, OPT_STRING },
  86         { "L2TP.FlowBit", "flow bit", OPT_L2, NULL, OPT_STRING },
  87         { "L2TP.TunnelRWS", "tunnel rws", OPT_L2, NULL, OPT_STRING },
  88         { "L2TP.Exclusive", "exclusive", OPT_L2LNS, NULL, OPT_STRING },
  89         { "L2TP.Autodial", "autodial", OPT_L2, "yes", OPT_STRING },
  90         { "L2TP.Redial", "redial", OPT_L2, "yes", OPT_STRING },
  91         { "L2TP.RedialTimeout", "redial timeout", OPT_L2, "10", OPT_STRING },
  92         { "L2TP.MaxRedials", "max redials", OPT_L2, NULL, OPT_STRING },
  93         { "L2TP.RequirePAP", "require pap", OPT_L2, "no", OPT_STRING },
  94         { "L2TP.RequireCHAP", "require chap", OPT_L2, "yes", OPT_STRING },
  95         { "L2TP.ReqAuth", "require authentication", OPT_L2, "no", OPT_STRING },
  96         { "L2TP.AccessControl", "access control", OPT_L2G, "yes", OPT_STRING },
  97         { "L2TP.AuthFile", "auth file", OPT_L2G, NULL, OPT_STRING },
  98         { "L2TP.ForceUserSpace", "force userspace", OPT_L2G, NULL, OPT_STRING },
  99         { "L2TP.ListenAddr", "listen-addr", OPT_L2G, NULL, OPT_STRING },
 100         { "L2TP.Rand Source", "rand source", OPT_L2G, NULL, OPT_STRING },
 101         { "L2TP.IPsecSaref", "ipsec saref", OPT_L2G, "no", OPT_STRING },
 102         { "L2TP.Port", "port", OPT_L2G, NULL, OPT_STRING },
 103         { "PPPD.EchoFailure", "lcp-echo-failure", OPT_PPPD, "0", OPT_STRING },
 104         { "PPPD.EchoInterval", "lcp-echo-interval", OPT_PPPD, "0", OPT_STRING },
 105         { "PPPD.Debug", "debug", OPT_PPPD, NULL, OPT_STRING },
 106         { "PPPD.RefuseEAP", "refuse-eap", OPT_PPPD, NULL, OPT_BOOL },
 107         { "PPPD.RefusePAP", "refuse-pap", OPT_PPPD, NULL, OPT_BOOL },
 108         { "PPPD.RefuseCHAP", "refuse-chap", OPT_PPPD, NULL, OPT_BOOL },
 109         { "PPPD.RefuseMSCHAP", "refuse-mschap", OPT_PPPD, NULL, OPT_BOOL },
 110         { "PPPD.RefuseMSCHAP2", "refuse-mschapv2", OPT_PPPD, NULL, OPT_BOOL },
 111         { "PPPD.NoBSDComp", "nobsdcomp", OPT_PPPD, NULL, OPT_BOOL },
 112         { "PPPD.NoPcomp", "nopcomp", OPT_PPPD, NULL, OPT_BOOL },
 113         { "PPPD.UseAccomp", "noaccomp", OPT_PPPD, NULL, OPT_BOOL },
 114         { "PPPD.NoDeflate", "nodeflate", OPT_PPPD, NULL, OPT_BOOL },
 115         { "PPPD.ReqMPPE", "require-mppe", OPT_PPPD, NULL, OPT_BOOL },
 116         { "PPPD.ReqMPPE40", "require-mppe-40", OPT_PPPD, NULL, OPT_BOOL },
 117         { "PPPD.ReqMPPE128", "require-mppe-128", OPT_PPPD, NULL, OPT_BOOL },
 118         { "PPPD.ReqMPPEStateful", "mppe-stateful", OPT_PPPD, NULL, OPT_BOOL },
 119         { "PPPD.NoVJ", "novj", OPT_PPPD, NULL, OPT_BOOL },
 120 };
 121
 122 static DBusConnection *connection;
 123
 124 struct l2tp_private_data {
 125         struct vpn_provider *provider;
 126         struct connman_task *task;
 127         char *if_name;
 128         vpn_provider_connect_cb_t cb;
 129         void *user_data;
 130 };
 131
 132 static void l2tp_connect_done(struct l2tp_private_data *data, int err)
 133 {
 134         vpn_provider_connect_cb_t cb;
 135         void *user_data;
 136
 137         if (!data || !data->cb)
 138                 return;
 139
 140         /* Ensure that callback is called only once */
 141         cb = data->cb;
 142         user_data = data->user_data;
 143         data->cb = NULL;
 144         data->user_data = NULL;
 145         cb(data->provider, user_data, err);
 146 }
 147
 148 static void free_private_data(struct l2tp_private_data *data)
 149 {
 150         if (vpn_provider_get_plugin_data(data->provider) == data)
 151                 vpn_provider_set_plugin_data(data->provider, NULL);
 152
 153         l2tp_connect_done(data, EIO);
 154         vpn_provider_unref(data->provider);
 155         g_free(data->if_name);
 156         g_free(data);
 157 }
 158
 159 static DBusMessage *l2tp_get_sec(struct connman_task *task,
 160                         DBusMessage *msg, void *user_data)
 161 {
 162         const char *user, *passwd;
 163         struct vpn_provider *provider = user_data;
 164
 165         if (!dbus_message_get_no_reply(msg)) {
 166                 DBusMessage *reply;
 167
 168                 user = vpn_provider_get_string(provider, "L2TP.User");
 169                 passwd = vpn_provider_get_string(provider, "L2TP.Password");
 170
 171                 if (!user || strlen(user) == 0 ||
 172                                 !passwd || strlen(passwd) == 0)
 173                         return NULL;
 174
 175                 reply = dbus_message_new_method_return(msg);
 176                 if (!reply)
 177                         return NULL;
 178
 179                 dbus_message_append_args(reply, DBUS_TYPE_STRING, &user,
 180                                                 DBUS_TYPE_STRING, &passwd,
 181                                                 DBUS_TYPE_INVALID);
 182
 183                 return reply;
 184         }
 185
 186         return NULL;
 187 }
 188
 189 static int l2tp_notify(DBusMessage *msg, struct vpn_provider *provider)
 190 {
 191         DBusMessageIter iter, dict;
 192         const char *reason, *key, *value;
 193         char *addressv4 = NULL, *netmask = NULL, *gateway = NULL;
 194         char *ifname = NULL, *nameservers = NULL;
 195         struct connman_ipaddress *ipaddress = NULL;
 196         struct l2tp_private_data *data;
 197
 198         data = vpn_provider_get_plugin_data(provider);
 199
 200         dbus_message_iter_init(msg, &iter);
 201
 202         dbus_message_iter_get_basic(&iter, &reason);
 203         dbus_message_iter_next(&iter);
 204
 205         if (!provider) {
 206                 connman_error("No provider found");
 207                 return VPN_STATE_FAILURE;
 208         }
 209
 210         if (strcmp(reason, "auth failed") == 0) {
 211                 DBG("authentication failure");
 212
 213                 vpn_provider_set_string(provider, "L2TP.User", NULL);
 214                 vpn_provider_set_string_hide_value(provider, "L2TP.Password",
 215                                         NULL);
 216
 217                 l2tp_connect_done(data, EACCES);
 218                 return VPN_STATE_AUTH_FAILURE;
 219         }
 220
 221         if (strcmp(reason, "connect")) {
 222                 l2tp_connect_done(data, EIO);
 223
 224                 /*
 225                  * Stop the task to avoid potential looping of this state when
 226                  * authentication fails.
 227                  */
 228                 if (data && data->task)
 229                         connman_task_stop(data->task);
 230
 231                 return VPN_STATE_DISCONNECT;
 232         }
 233
 234         dbus_message_iter_recurse(&iter, &dict);
 235
 236         while (dbus_message_iter_get_arg_type(&dict) == DBUS_TYPE_DICT_ENTRY) {
 237                 DBusMessageIter entry;
 238
 239                 dbus_message_iter_recurse(&dict, &entry);
 240                 dbus_message_iter_get_basic(&entry, &key);
 241                 dbus_message_iter_next(&entry);
 242                 dbus_message_iter_get_basic(&entry, &value);
 243
 244                 DBG("%s = %s", key, value);
 245
 246                 if (!strcmp(key, "INTERNAL_IP4_ADDRESS"))
 247                         addressv4 = g_strdup(value);
 248
 249                 if (!strcmp(key, "INTERNAL_IP4_NETMASK"))
 250                         netmask = g_strdup(value);
 251
 252                 if (!strcmp(key, "INTERNAL_IP4_DNS"))
 253                         nameservers = g_strdup(value);
 254
 255                 if (!strcmp(key, "INTERNAL_IFNAME"))
 256                         ifname = g_strdup(value);
 257
 258                 dbus_message_iter_next(&dict);
 259         }
 260
 261         if (vpn_set_ifname(provider, ifname) < 0) {
 262                 g_free(ifname);
 263                 g_free(addressv4);
 264                 g_free(netmask);
 265                 g_free(nameservers);
 266                 return VPN_STATE_FAILURE;
 267         }
 268
 269         if (addressv4)
 270                 ipaddress = connman_ipaddress_alloc(AF_INET);
 271
 272         g_free(ifname);
 273
 274         if (!ipaddress) {
 275                 connman_error("No IP address for provider");
 276                 g_free(addressv4);
 277                 g_free(netmask);
 278                 g_free(nameservers);
 279                 return VPN_STATE_FAILURE;
 280         }
 281
 282         value = vpn_provider_get_string(provider, "HostIP");
 283         if (value) {
 284                 vpn_provider_set_string(provider, "Gateway", value);
 285                 gateway = g_strdup(value);
 286         }
 287
 288         if (addressv4)
 289                 connman_ipaddress_set_ipv4(ipaddress, addressv4, netmask,
 290                                         gateway);
 291
 292         connman_ipaddress_set_p2p(ipaddress, true);
 293
 294         vpn_provider_set_ipaddress(provider, ipaddress);
 295         vpn_provider_set_nameservers(provider, nameservers);
 296
 297         g_free(addressv4);
 298         g_free(netmask);
 299         g_free(gateway);
 300         g_free(nameservers);
 301         connman_ipaddress_free(ipaddress);
 302
 303         l2tp_connect_done(data, 0);
 304
 305         return VPN_STATE_CONNECT;
 306 }
 307
 308 static int l2tp_save(struct vpn_provider *provider, GKeyFile *keyfile)
 309 {
 310         const char *option;
 311         bool l2tp_option, pppd_option;
 312         int i;
 313
 314         for (i = 0; i < (int)ARRAY_SIZE(pppd_options); i++) {
 315                 l2tp_option = pppd_option = false;
 316
 317                 if (strncmp(pppd_options[i].cm_opt, "L2TP.", 5) == 0)
 318                         l2tp_option = true;
 319
 320                 if (strncmp(pppd_options[i].cm_opt, "PPPD.", 5) == 0)
 321                         pppd_option = true;
 322
 323                 if (l2tp_option || pppd_option) {
 324                         option = vpn_provider_get_string(provider,
 325                                                 pppd_options[i].cm_opt);
 326                         if (!option) {
 327                                 /*
 328                                  * Check if the option prefix is L2TP as the
 329                                  * PPPD options were using L2TP prefix earlier.
 330                                  */
 331                                 char *l2tp_str;
 332
 333                                 if (!pppd_option)
 334                                         continue;
 335
 336                                 l2tp_str = g_strdup_printf("L2TP.%s",
 337                                                 &pppd_options[i].cm_opt[5]);
 338                                 option = vpn_provider_get_string(provider,
 339                                                                 l2tp_str);
 340                                 g_free(l2tp_str);
 341
 342                                 if (!option)
 343                                         continue;
 344                         }
 345
 346                         g_key_file_set_string(keyfile,
 347                                         vpn_provider_get_save_group(provider),
 348                                         pppd_options[i].cm_opt, option);
 349                 }
 350         }
 351
 352         return 0;
 353 }
 354
 355 static ssize_t full_write(int fd, const void *buf, size_t len)
 356 {
 357         ssize_t byte_write;
 358
 359         while (len) {
 360                 byte_write = write(fd, buf, len);
 361                 if (byte_write < 0) {
 362                         connman_error("failed to write config to l2tp: %s\n",
 363                                         strerror(errno));
 364                         return byte_write;
 365                 }
 366                 len -= byte_write;
 367                 buf += byte_write;
 368         }
 369
 370         return 0;
 371 }
 372
 373 static ssize_t l2tp_write_bool_option(int fd,
 374                                         const char *key, const char *value)
 375 {
 376         gchar *buf;
 377         ssize_t ret = 0;
 378
 379         if (key && value) {
 380                 if (strcasecmp(value, "yes") == 0 ||
 381                                 strcasecmp(value, "true") == 0 ||
 382                                 strcmp(value, "1") == 0) {
 383                         buf = g_strdup_printf("%s\n", key);
 384                         ret = full_write(fd, buf, strlen(buf));
 385
 386                         g_free(buf);
 387                 }
 388         }
 389
 390         return ret;
 391 }
 392
 393 static int l2tp_write_option(int fd, const char *key, const char *value)
 394 {
 395         gchar *buf;
 396         ssize_t ret = 0;
 397
 398         if (key) {
 399                 if (value)
 400                         buf = g_strdup_printf("%s %s\n", key, value);
 401                 else
 402                         buf = g_strdup_printf("%s\n", key);
 403
 404                 ret = full_write(fd, buf, strlen(buf));
 405
 406                 g_free(buf);
 407         }
 408
 409         return ret;
 410 }
 411
 412 static int l2tp_write_section(int fd, const char *key, const char *value)
 413 {
 414         gchar *buf;
 415         ssize_t ret = 0;
 416
 417         if (key && value) {
 418                 buf = g_strdup_printf("%s = %s\n", key, value);
 419                 ret = full_write(fd, buf, strlen(buf));
 420
 421                 g_free(buf);
 422         }
 423
 424         return ret;
 425 }
 426
 427 static int write_pppd_option(struct vpn_provider *provider, int fd)
 428 {
 429         int i;
 430         const char *opt_s;
 431
 432         l2tp_write_option(fd, "nodetach", NULL);
 433         l2tp_write_option(fd, "lock", NULL);
 434         l2tp_write_option(fd, "logfd", "2");
 435         l2tp_write_option(fd, "usepeerdns", NULL);
 436         l2tp_write_option(fd, "noipdefault", NULL);
 437         l2tp_write_option(fd, "noauth", NULL);
 438         l2tp_write_option(fd, "nodefaultroute", NULL);
 439         l2tp_write_option(fd, "ipparam", "l2tp_plugin");
 440
 441         for (i = 0; i < (int)ARRAY_SIZE(pppd_options); i++) {
 442                 if (pppd_options[i].sub != OPT_ALL &&
 443                         pppd_options[i].sub != OPT_PPPD)
 444                         continue;
 445
 446                 opt_s = vpn_provider_get_string(provider,
 447                                         pppd_options[i].cm_opt);
 448                 if (!opt_s)
 449                         opt_s = pppd_options[i].vpn_default;
 450
 451                 if (!opt_s)
 452                         continue;
 453
 454                 if (pppd_options[i].type == OPT_STRING)
 455                         l2tp_write_option(fd,
 456                                 pppd_options[i].pppd_opt, opt_s);
 457                 else if (pppd_options[i].type == OPT_BOOL)
 458                         l2tp_write_bool_option(fd,
 459                                 pppd_options[i].pppd_opt, opt_s);
 460         }
 461
 462         l2tp_write_option(fd, "plugin",
 463                                 SCRIPTDIR "/libppp-plugin.so");
 464
 465         return 0;
 466 }
 467
 468
 469 static int l2tp_write_fields(struct vpn_provider *provider,
 470                                                 int fd, int sub)
 471 {
 472         int i;
 473         const char *opt_s;
 474
 475         for (i = 0; i < (int)ARRAY_SIZE(pppd_options); i++) {
 476                 if (pppd_options[i].sub != sub)
 477                         continue;
 478
 479                 opt_s = vpn_provider_get_string(provider,
 480                                         pppd_options[i].cm_opt);
 481                 if (!opt_s)
 482                         opt_s = pppd_options[i].vpn_default;
 483
 484                 if (!opt_s)
 485                         continue;
 486
 487                 if (pppd_options[i].type == OPT_STRING)
 488                         l2tp_write_section(fd,
 489                                 pppd_options[i].pppd_opt, opt_s);
 490                 else if (pppd_options[i].type == OPT_BOOL)
 491                         l2tp_write_bool_option(fd,
 492                                 pppd_options[i].pppd_opt, opt_s);
 493         }
 494
 495         return 0;
 496 }
 497
 498 static int l2tp_write_config(struct vpn_provider *provider,
 499                                         const char *pppd_name, int fd)
 500 {
 501         const char *option;
 502
 503         l2tp_write_option(fd, "[global]", NULL);
 504         l2tp_write_fields(provider, fd, OPT_L2G);
 505
 506         l2tp_write_option(fd, "[lns default]", NULL);
 507         l2tp_write_fields(provider, fd, OPT_L2LNS);
 508
 509         l2tp_write_option(fd, "[lac l2tp]", NULL);
 510
 511         option = vpn_provider_get_string(provider, "Host");
 512         l2tp_write_option(fd, "lns =", option);
 513
 514         l2tp_write_fields(provider, fd, OPT_ALL);
 515         l2tp_write_fields(provider, fd, OPT_L2);
 516
 517         l2tp_write_option(fd, "pppoptfile =", pppd_name);
 518
 519         return 0;
 520 }
 521
 522 static void l2tp_died(struct connman_task *task, int exit_code, void *user_data)
 523 {
 524         struct l2tp_private_data *data = user_data;
 525         char *conf_file;
 526
 527         vpn_died(task, exit_code, data->provider);
 528
 529         conf_file = g_strdup_printf(VPN_STATEDIR "/connman-xl2tpd.conf");
 530         unlink(conf_file);
 531         g_free(conf_file);
 532
 533         conf_file = g_strdup_printf(VPN_STATEDIR "/connman-ppp-option.conf");
 534         unlink(conf_file);
 535         g_free(conf_file);
 536
 537         free_private_data(data);
 538 }
 539
 540 struct request_input_reply {
 541         struct vpn_provider *provider;
 542         vpn_provider_password_cb_t callback;
 543         void *user_data;
 544 };
 545
 546 static void request_input_reply(DBusMessage *reply, void *user_data)
 547 {
 548         struct request_input_reply *l2tp_reply = user_data;
 549         struct l2tp_private_data *data;
 550         const char *error = NULL;
 551         char *username = NULL, *password = NULL;
 552         char *key;
 553         DBusMessageIter iter, dict;
 554         int err;
 555
 556         DBG("provider %p", l2tp_reply->provider);
 557
 558         if (!reply)
 559                 goto done;
 560
 561         data = l2tp_reply->user_data;
 562
 563         err = vpn_agent_check_and_process_reply_error(reply,
 564                                 l2tp_reply->provider, data->task, data->cb,
 565                                 data->user_data);
 566         if (err) {
 567                 /* Ensure cb is called only once */
 568                 data->cb = NULL;
 569                 data->user_data = NULL;
 570                 error = dbus_message_get_error_name(reply);
 571                 goto done;
 572         }
 573
 574         if (!vpn_agent_check_reply_has_dict(reply))
 575                 goto done;
 576
 577         dbus_message_iter_init(reply, &iter);
 578         dbus_message_iter_recurse(&iter, &dict);
 579         while (dbus_message_iter_get_arg_type(&dict) == DBUS_TYPE_DICT_ENTRY) {
 580                 DBusMessageIter entry, value;
 581                 const char *str;
 582
 583                 dbus_message_iter_recurse(&dict, &entry);
 584                 if (dbus_message_iter_get_arg_type(&entry) != DBUS_TYPE_STRING)
 585                         break;
 586
 587                 dbus_message_iter_get_basic(&entry, &key);
 588
 589                 if (g_str_equal(key, "Username")) {
 590                         dbus_message_iter_next(&entry);
 591                         if (dbus_message_iter_get_arg_type(&entry)
 592                                                         != DBUS_TYPE_VARIANT)
 593                                 break;
 594                         dbus_message_iter_recurse(&entry, &value);
 595                         if (dbus_message_iter_get_arg_type(&value)
 596                                                         != DBUS_TYPE_STRING)
 597                                 break;
 598                         dbus_message_iter_get_basic(&value, &str);
 599                         username = g_strdup(str);
 600                 }
 601
 602                 if (g_str_equal(key, "Password")) {
 603                         dbus_message_iter_next(&entry);
 604                         if (dbus_message_iter_get_arg_type(&entry)
 605                                                         != DBUS_TYPE_VARIANT)
 606                                 break;
 607                         dbus_message_iter_recurse(&entry, &value);
 608                         if (dbus_message_iter_get_arg_type(&value)
 609                                                         != DBUS_TYPE_STRING)
 610                                 break;
 611                         dbus_message_iter_get_basic(&value, &str);
 612                         password = g_strdup(str);
 613                 }
 614
 615                 dbus_message_iter_next(&dict);
 616         }
 617
 618 done:
 619         l2tp_reply->callback(l2tp_reply->provider, username, password, error,
 620                                 l2tp_reply->user_data);
 621
 622         g_free(username);
 623         g_free(password);
 624
 625         g_free(l2tp_reply);
 626 }
 627
 628 typedef void (* request_cb_t)(struct vpn_provider *provider,
 629                                 const char *username, const char *password,
 630                                 const char *error, void *user_data);
 631
 632 static int request_input(struct vpn_provider *provider,
 633                         request_cb_t callback, const char *dbus_sender,
 634                         void *user_data)
 635 {
 636         DBusMessage *message;
 637         const char *path, *agent_sender, *agent_path;
 638         DBusMessageIter iter;
 639         DBusMessageIter dict;
 640         struct request_input_reply *l2tp_reply;
 641         int err;
 642         void *agent;
 643
 644         agent = connman_agent_get_info(dbus_sender, &agent_sender,
 645                                                         &agent_path);
 646         if (!provider || !agent || !agent_path || !callback)
 647                 return -ESRCH;
 648
 649         message = dbus_message_new_method_call(agent_sender, agent_path,
 650                                         VPN_AGENT_INTERFACE,
 651                                         "RequestInput");
 652         if (!message)
 653                 return -ENOMEM;
 654
 655         dbus_message_iter_init_append(message, &iter);
 656
 657         path = vpn_provider_get_path(provider);
 658         dbus_message_iter_append_basic(&iter,
 659                                 DBUS_TYPE_OBJECT_PATH, &path);
 660
 661         connman_dbus_dict_open(&iter, &dict);
 662
 663         if (vpn_provider_get_authentication_errors(provider))
 664                 vpn_agent_append_auth_failure(&dict, provider, NULL);
 665
 666         vpn_agent_append_user_info(&dict, provider, "L2TP.User");
 667
 668         vpn_agent_append_host_and_name(&dict, provider);
 669
 670         connman_dbus_dict_close(&iter, &dict);
 671
 672         l2tp_reply = g_try_new0(struct request_input_reply, 1);
 673         if (!l2tp_reply) {
 674                 dbus_message_unref(message);
 675                 return -ENOMEM;
 676         }
 677
 678         l2tp_reply->provider = provider;
 679         l2tp_reply->callback = callback;
 680         l2tp_reply->user_data = user_data;
 681
 682         err = connman_agent_queue_message(provider, message,
 683                         connman_timeout_input_request(),
 684                         request_input_reply, l2tp_reply, agent);
 685         if (err < 0 && err != -EBUSY) {
 686                 DBG("error %d sending agent request", err);
 687                 dbus_message_unref(message);
 688                 g_free(l2tp_reply);
 689                 return err;
 690         }
 691
 692         dbus_message_unref(message);
 693
 694         return -EINPROGRESS;
 695 }
 696
 697 static int run_connect(struct l2tp_private_data *data,
 698                         const char *username, const char *password)
 699 {
 700         struct vpn_provider *provider = data->provider;
 701         struct connman_task *task = data->task;
 702         char *l2tp_name, *ctrl_name, *pppd_name;
 703         int l2tp_fd, pppd_fd;
 704         int err;
 705
 706         if (!username || !*username || !password || !*password) {
 707                 DBG("Cannot connect username %s password %p",
 708                                                 username, password);
 709                 err = -EINVAL;
 710                 goto done;
 711         }
 712
 713         DBG("username %s password %p", username, password);
 714
 715         l2tp_name = g_strdup_printf(VPN_STATEDIR "/connman-xl2tpd.conf");
 716
 717         l2tp_fd = open(l2tp_name, O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR);
 718         if (l2tp_fd < 0) {
 719                 g_free(l2tp_name);
 720                 connman_error("Error writing l2tp config");
 721                 err = -EIO;
 722                 goto done;
 723         }
 724
 725         ctrl_name = g_strconcat(VPN_STATEDIR, "/connman-xl2tpd-control", NULL);
 726
 727         if (mkfifo(ctrl_name, S_IRUSR|S_IWUSR) != 0 && errno != EEXIST) {
 728                 connman_error("Error creating xl2tp control pipe");
 729                 g_free(l2tp_name);
 730                 g_free(ctrl_name);
 731                 close(l2tp_fd);
 732                 err = -EIO;
 733                 goto done;
 734         }
 735
 736         pppd_name = g_strconcat(VPN_STATEDIR, "/connman-ppp-option.conf", NULL);
 737
 738         pppd_fd = open(pppd_name, O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR);
 739         if (pppd_fd < 0) {
 740                 connman_error("Error writing pppd config");
 741                 g_free(l2tp_name);
 742                 g_free(ctrl_name);
 743                 g_free(pppd_name);
 744                 close(l2tp_fd);
 745                 err = -EIO;
 746                 goto done;
 747         }
 748
 749         l2tp_write_config(provider, pppd_name, l2tp_fd);
 750
 751         write_pppd_option(provider, pppd_fd);
 752
 753         connman_task_add_argument(task, "-D", NULL);
 754         connman_task_add_argument(task, "-C", ctrl_name);
 755         connman_task_add_argument(task, "-c", l2tp_name);
 756
 757         g_free(l2tp_name);
 758         g_free(ctrl_name);
 759         g_free(pppd_name);
 760         close(l2tp_fd);
 761         close(pppd_fd);
 762
 763         err = connman_task_run(task, l2tp_died, data, NULL, NULL, NULL);
 764         if (err < 0) {
 765                 connman_error("l2tp failed to start");
 766                 err = -EIO;
 767         }
 768
 769 done:
 770         if (err)
 771                 l2tp_connect_done(data, -err);
 772
 773         return err;
 774 }
 775
 776 static void request_input_cb(struct vpn_provider *provider,
 777                         const char *username,
 778                         const char *password,
 779                         const char *error, void *user_data)
 780 {
 781         struct l2tp_private_data *data = user_data;
 782
 783         if (!username || !*username || !password || !*password)
 784                 DBG("Requesting username %s or password failed, error %s",
 785                         username, error);
 786         else if (error)
 787                 DBG("error %s", error);
 788
 789         vpn_provider_set_string(provider, "L2TP.User", username);
 790         vpn_provider_set_string_hide_value(provider, "L2TP.Password",
 791                                                                 password);
 792
 793         run_connect(data, username, password);
 794 }
 795
 796 static int l2tp_connect(struct vpn_provider *provider,
 797                         struct connman_task *task, const char *if_name,
 798                         vpn_provider_connect_cb_t cb, const char *dbus_sender,
 799                         void *user_data)
 800 {
 801         struct l2tp_private_data *data;
 802         const char *username, *password;
 803         int err;
 804
 805         data = g_try_new0(struct l2tp_private_data, 1);
 806         if (!data)
 807                 return -ENOMEM;
 808
 809         data->provider = vpn_provider_ref(provider);
 810         data->task = task;
 811         data->if_name = g_strdup(if_name);
 812         data->cb = cb;
 813         data->user_data = user_data;
 814         vpn_provider_set_plugin_data(provider, data);
 815
 816         if (connman_task_set_notify(task, "getsec",
 817                                         l2tp_get_sec, provider) != 0) {
 818                 err = -ENOMEM;
 819                 goto error;
 820         }
 821
 822         username = vpn_provider_get_string(provider, "L2TP.User");
 823         password = vpn_provider_get_string(provider, "L2TP.Password");
 824
 825         DBG("user %s password %p", username, password);
 826
 827         if (!username || !*username || !password || !*password) {
 828                 err = request_input(provider, request_input_cb, dbus_sender,
 829                                                                         data);
 830                 if (err != -EINPROGRESS)
 831                         goto error;
 832
 833                 return err;
 834         }
 835
 836         return run_connect(data, username, password);
 837
 838 error:
 839         l2tp_connect_done(data, -err);
 840         free_private_data(data);
 841
 842         return err;
 843 }
 844
 845 static int l2tp_error_code(struct vpn_provider *provider, int exit_code)
 846 {
 847         switch (exit_code) {
 848         case 1:
 849                 return CONNMAN_PROVIDER_ERROR_CONNECT_FAILED;
 850         default:
 851                 return CONNMAN_PROVIDER_ERROR_UNKNOWN;
 852         }
 853 }
 854
 855 static void l2tp_disconnect(struct vpn_provider *provider)
 856 {
 857         if (!provider)
 858                 return;
 859
 860         vpn_provider_set_string_hide_value(provider, "L2TP.Password", NULL);
 861
 862         connman_agent_cancel(provider);
 863 }
 864
 865 static struct vpn_driver vpn_driver = {
 866         .flags          = VPN_FLAG_NO_TUN,
 867         .notify         = l2tp_notify,
 868         .connect        = l2tp_connect,
 869         .error_code     = l2tp_error_code,
 870         .save           = l2tp_save,
 871         .disconnect     = l2tp_disconnect,
 872 };
 873
 874 static int l2tp_init(void)
 875 {
 876         connection = connman_dbus_get_connection();
 877
 878         return vpn_register("l2tp", &vpn_driver, L2TP);
 879 }
 880
 881 static void l2tp_exit(void)
 882 {
 883         vpn_unregister("l2tp");
 884
 885         dbus_connection_unref(connection);
 886 }
 887
 888 CONNMAN_PLUGIN_DEFINE(l2tp, "l2tp plugin", VERSION,
 889         CONNMAN_PLUGIN_PRIORITY_DEFAULT, l2tp_init, l2tp_exit)