5 * Copyright (C) 2010,2013 BMW Car IT GmbH.
6 * Copyright (C) 2012-2013 Intel Corporation. All rights reserved.
7 * Copyright (C) 2019-2021 Jolla Ltd.
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License version 2 as
11 * published by the Free Software Foundation.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
31 #include <sys/types.h>
38 #include <dbus/dbus.h>
41 #define CONNMAN_API_SUBJECT_TO_CHANGE
42 #include <connman/plugin.h>
43 #include <connman/provider.h>
44 #include <connman/log.h>
45 #include <connman/task.h>
46 #include <connman/dbus.h>
47 #include <connman/inet.h>
48 #include <connman/agent.h>
49 #include <connman/setting.h>
50 #include <connman/vpn-dbus.h>
52 #include "../vpn-provider.h"
53 #include "../vpn-agent.h"
57 #define ARRAY_SIZE(a) (sizeof(a)/sizeof(a[0]))
76 const char *vpn_default;
79 { "L2TP.User", "name", OPT_ALL, NULL, OPT_STRING },
80 { "L2TP.BPS", "bps", OPT_L2, NULL, OPT_STRING },
81 { "L2TP.TXBPS", "tx bps", OPT_L2, NULL, OPT_STRING },
82 { "L2TP.RXBPS", "rx bps", OPT_L2, NULL, OPT_STRING },
83 { "L2TP.LengthBit", "length bit", OPT_L2, NULL, OPT_STRING },
84 { "L2TP.Challenge", "challenge", OPT_L2, NULL, OPT_STRING },
85 { "L2TP.DefaultRoute", "defaultroute", OPT_L2, NULL, OPT_STRING },
86 { "L2TP.FlowBit", "flow bit", OPT_L2, NULL, OPT_STRING },
87 { "L2TP.TunnelRWS", "tunnel rws", OPT_L2, NULL, OPT_STRING },
88 { "L2TP.Exclusive", "exclusive", OPT_L2LNS, NULL, OPT_STRING },
89 { "L2TP.Autodial", "autodial", OPT_L2, "yes", OPT_STRING },
90 { "L2TP.Redial", "redial", OPT_L2, "yes", OPT_STRING },
91 { "L2TP.RedialTimeout", "redial timeout", OPT_L2, "10", OPT_STRING },
92 { "L2TP.MaxRedials", "max redials", OPT_L2, NULL, OPT_STRING },
93 { "L2TP.RequirePAP", "require pap", OPT_L2, "no", OPT_STRING },
94 { "L2TP.RequireCHAP", "require chap", OPT_L2, "yes", OPT_STRING },
95 { "L2TP.ReqAuth", "require authentication", OPT_L2, "no", OPT_STRING },
96 { "L2TP.AccessControl", "access control", OPT_L2G, "yes", OPT_STRING },
97 { "L2TP.AuthFile", "auth file", OPT_L2G, NULL, OPT_STRING },
98 { "L2TP.ForceUserSpace", "force userspace", OPT_L2G, NULL, OPT_STRING },
99 { "L2TP.ListenAddr", "listen-addr", OPT_L2G, NULL, OPT_STRING },
100 { "L2TP.Rand Source", "rand source", OPT_L2G, NULL, OPT_STRING },
101 { "L2TP.IPsecSaref", "ipsec saref", OPT_L2G, "no", OPT_STRING },
102 { "L2TP.Port", "port", OPT_L2G, NULL, OPT_STRING },
103 { "PPPD.EchoFailure", "lcp-echo-failure", OPT_PPPD, "0", OPT_STRING },
104 { "PPPD.EchoInterval", "lcp-echo-interval", OPT_PPPD, "0", OPT_STRING },
105 { "PPPD.Debug", "debug", OPT_PPPD, NULL, OPT_STRING },
106 { "PPPD.RefuseEAP", "refuse-eap", OPT_PPPD, NULL, OPT_BOOL },
107 { "PPPD.RefusePAP", "refuse-pap", OPT_PPPD, NULL, OPT_BOOL },
108 { "PPPD.RefuseCHAP", "refuse-chap", OPT_PPPD, NULL, OPT_BOOL },
109 { "PPPD.RefuseMSCHAP", "refuse-mschap", OPT_PPPD, NULL, OPT_BOOL },
110 { "PPPD.RefuseMSCHAP2", "refuse-mschapv2", OPT_PPPD, NULL, OPT_BOOL },
111 { "PPPD.NoBSDComp", "nobsdcomp", OPT_PPPD, NULL, OPT_BOOL },
112 { "PPPD.NoPcomp", "nopcomp", OPT_PPPD, NULL, OPT_BOOL },
113 { "PPPD.UseAccomp", "noaccomp", OPT_PPPD, NULL, OPT_BOOL },
114 { "PPPD.NoDeflate", "nodeflate", OPT_PPPD, NULL, OPT_BOOL },
115 { "PPPD.ReqMPPE", "require-mppe", OPT_PPPD, NULL, OPT_BOOL },
116 { "PPPD.ReqMPPE40", "require-mppe-40", OPT_PPPD, NULL, OPT_BOOL },
117 { "PPPD.ReqMPPE128", "require-mppe-128", OPT_PPPD, NULL, OPT_BOOL },
118 { "PPPD.ReqMPPEStateful", "mppe-stateful", OPT_PPPD, NULL, OPT_BOOL },
119 { "PPPD.NoVJ", "novj", OPT_PPPD, NULL, OPT_BOOL },
122 static DBusConnection *connection;
124 struct l2tp_private_data {
125 struct vpn_provider *provider;
126 struct connman_task *task;
128 vpn_provider_connect_cb_t cb;
132 static void l2tp_connect_done(struct l2tp_private_data *data, int err)
134 vpn_provider_connect_cb_t cb;
137 if (!data || !data->cb)
140 /* Ensure that callback is called only once */
142 user_data = data->user_data;
144 data->user_data = NULL;
145 cb(data->provider, user_data, err);
148 static void free_private_data(struct l2tp_private_data *data)
150 if (vpn_provider_get_plugin_data(data->provider) == data)
151 vpn_provider_set_plugin_data(data->provider, NULL);
153 l2tp_connect_done(data, EIO);
154 vpn_provider_unref(data->provider);
155 g_free(data->if_name);
159 static DBusMessage *l2tp_get_sec(struct connman_task *task,
160 DBusMessage *msg, void *user_data)
162 const char *user, *passwd;
163 struct vpn_provider *provider = user_data;
165 if (!dbus_message_get_no_reply(msg)) {
168 user = vpn_provider_get_string(provider, "L2TP.User");
169 passwd = vpn_provider_get_string(provider, "L2TP.Password");
171 if (!user || strlen(user) == 0 ||
172 !passwd || strlen(passwd) == 0)
175 reply = dbus_message_new_method_return(msg);
179 dbus_message_append_args(reply, DBUS_TYPE_STRING, &user,
180 DBUS_TYPE_STRING, &passwd,
189 static int l2tp_notify(DBusMessage *msg, struct vpn_provider *provider)
191 DBusMessageIter iter, dict;
192 const char *reason, *key, *value;
193 char *addressv4 = NULL, *netmask = NULL, *gateway = NULL;
194 char *ifname = NULL, *nameservers = NULL;
195 struct connman_ipaddress *ipaddress = NULL;
196 struct l2tp_private_data *data;
198 data = vpn_provider_get_plugin_data(provider);
200 dbus_message_iter_init(msg, &iter);
202 dbus_message_iter_get_basic(&iter, &reason);
203 dbus_message_iter_next(&iter);
206 connman_error("No provider found");
207 return VPN_STATE_FAILURE;
210 if (strcmp(reason, "auth failed") == 0) {
211 DBG("authentication failure");
213 vpn_provider_set_string(provider, "L2TP.User", NULL);
214 vpn_provider_set_string_hide_value(provider, "L2TP.Password",
217 l2tp_connect_done(data, EACCES);
218 return VPN_STATE_AUTH_FAILURE;
221 if (strcmp(reason, "connect")) {
222 l2tp_connect_done(data, EIO);
225 * Stop the task to avoid potential looping of this state when
226 * authentication fails.
228 if (data && data->task)
229 connman_task_stop(data->task);
231 return VPN_STATE_DISCONNECT;
234 dbus_message_iter_recurse(&iter, &dict);
236 while (dbus_message_iter_get_arg_type(&dict) == DBUS_TYPE_DICT_ENTRY) {
237 DBusMessageIter entry;
239 dbus_message_iter_recurse(&dict, &entry);
240 dbus_message_iter_get_basic(&entry, &key);
241 dbus_message_iter_next(&entry);
242 dbus_message_iter_get_basic(&entry, &value);
244 DBG("%s = %s", key, value);
246 if (!strcmp(key, "INTERNAL_IP4_ADDRESS"))
247 addressv4 = g_strdup(value);
249 if (!strcmp(key, "INTERNAL_IP4_NETMASK"))
250 netmask = g_strdup(value);
252 if (!strcmp(key, "INTERNAL_IP4_DNS"))
253 nameservers = g_strdup(value);
255 if (!strcmp(key, "INTERNAL_IFNAME"))
256 ifname = g_strdup(value);
258 dbus_message_iter_next(&dict);
261 if (vpn_set_ifname(provider, ifname) < 0) {
266 return VPN_STATE_FAILURE;
270 ipaddress = connman_ipaddress_alloc(AF_INET);
275 connman_error("No IP address for provider");
279 return VPN_STATE_FAILURE;
282 value = vpn_provider_get_string(provider, "HostIP");
284 vpn_provider_set_string(provider, "Gateway", value);
285 gateway = g_strdup(value);
289 connman_ipaddress_set_ipv4(ipaddress, addressv4, netmask,
292 connman_ipaddress_set_p2p(ipaddress, true);
294 vpn_provider_set_ipaddress(provider, ipaddress);
295 vpn_provider_set_nameservers(provider, nameservers);
301 connman_ipaddress_free(ipaddress);
303 l2tp_connect_done(data, 0);
305 return VPN_STATE_CONNECT;
308 static int l2tp_save(struct vpn_provider *provider, GKeyFile *keyfile)
311 bool l2tp_option, pppd_option;
314 for (i = 0; i < (int)ARRAY_SIZE(pppd_options); i++) {
315 l2tp_option = pppd_option = false;
317 if (strncmp(pppd_options[i].cm_opt, "L2TP.", 5) == 0)
320 if (strncmp(pppd_options[i].cm_opt, "PPPD.", 5) == 0)
323 if (l2tp_option || pppd_option) {
324 option = vpn_provider_get_string(provider,
325 pppd_options[i].cm_opt);
328 * Check if the option prefix is L2TP as the
329 * PPPD options were using L2TP prefix earlier.
336 l2tp_str = g_strdup_printf("L2TP.%s",
337 &pppd_options[i].cm_opt[5]);
338 option = vpn_provider_get_string(provider,
346 g_key_file_set_string(keyfile,
347 vpn_provider_get_save_group(provider),
348 pppd_options[i].cm_opt, option);
355 static ssize_t full_write(int fd, const void *buf, size_t len)
360 byte_write = write(fd, buf, len);
361 if (byte_write < 0) {
362 connman_error("failed to write config to l2tp: %s\n",
373 static ssize_t l2tp_write_bool_option(int fd,
374 const char *key, const char *value)
380 if (strcasecmp(value, "yes") == 0 ||
381 strcasecmp(value, "true") == 0 ||
382 strcmp(value, "1") == 0) {
383 buf = g_strdup_printf("%s\n", key);
384 ret = full_write(fd, buf, strlen(buf));
393 static int l2tp_write_option(int fd, const char *key, const char *value)
400 buf = g_strdup_printf("%s %s\n", key, value);
402 buf = g_strdup_printf("%s\n", key);
404 ret = full_write(fd, buf, strlen(buf));
412 static int l2tp_write_section(int fd, const char *key, const char *value)
418 buf = g_strdup_printf("%s = %s\n", key, value);
419 ret = full_write(fd, buf, strlen(buf));
427 static int write_pppd_option(struct vpn_provider *provider, int fd)
432 l2tp_write_option(fd, "nodetach", NULL);
433 l2tp_write_option(fd, "lock", NULL);
434 l2tp_write_option(fd, "logfd", "2");
435 l2tp_write_option(fd, "usepeerdns", NULL);
436 l2tp_write_option(fd, "noipdefault", NULL);
437 l2tp_write_option(fd, "noauth", NULL);
438 l2tp_write_option(fd, "nodefaultroute", NULL);
439 l2tp_write_option(fd, "ipparam", "l2tp_plugin");
441 for (i = 0; i < (int)ARRAY_SIZE(pppd_options); i++) {
442 if (pppd_options[i].sub != OPT_ALL &&
443 pppd_options[i].sub != OPT_PPPD)
446 opt_s = vpn_provider_get_string(provider,
447 pppd_options[i].cm_opt);
449 opt_s = pppd_options[i].vpn_default;
454 if (pppd_options[i].type == OPT_STRING)
455 l2tp_write_option(fd,
456 pppd_options[i].pppd_opt, opt_s);
457 else if (pppd_options[i].type == OPT_BOOL)
458 l2tp_write_bool_option(fd,
459 pppd_options[i].pppd_opt, opt_s);
462 l2tp_write_option(fd, "plugin",
463 SCRIPTDIR "/libppp-plugin.so");
469 static int l2tp_write_fields(struct vpn_provider *provider,
475 for (i = 0; i < (int)ARRAY_SIZE(pppd_options); i++) {
476 if (pppd_options[i].sub != sub)
479 opt_s = vpn_provider_get_string(provider,
480 pppd_options[i].cm_opt);
482 opt_s = pppd_options[i].vpn_default;
487 if (pppd_options[i].type == OPT_STRING)
488 l2tp_write_section(fd,
489 pppd_options[i].pppd_opt, opt_s);
490 else if (pppd_options[i].type == OPT_BOOL)
491 l2tp_write_bool_option(fd,
492 pppd_options[i].pppd_opt, opt_s);
498 static int l2tp_write_config(struct vpn_provider *provider,
499 const char *pppd_name, int fd)
503 l2tp_write_option(fd, "[global]", NULL);
504 l2tp_write_fields(provider, fd, OPT_L2G);
506 l2tp_write_option(fd, "[lns default]", NULL);
507 l2tp_write_fields(provider, fd, OPT_L2LNS);
509 l2tp_write_option(fd, "[lac l2tp]", NULL);
511 option = vpn_provider_get_string(provider, "Host");
512 l2tp_write_option(fd, "lns =", option);
514 l2tp_write_fields(provider, fd, OPT_ALL);
515 l2tp_write_fields(provider, fd, OPT_L2);
517 l2tp_write_option(fd, "pppoptfile =", pppd_name);
522 static void l2tp_died(struct connman_task *task, int exit_code, void *user_data)
524 struct l2tp_private_data *data = user_data;
527 vpn_died(task, exit_code, data->provider);
529 conf_file = g_strdup_printf(VPN_STATEDIR "/connman-xl2tpd.conf");
533 conf_file = g_strdup_printf(VPN_STATEDIR "/connman-ppp-option.conf");
537 free_private_data(data);
540 struct request_input_reply {
541 struct vpn_provider *provider;
542 vpn_provider_password_cb_t callback;
546 static void request_input_reply(DBusMessage *reply, void *user_data)
548 struct request_input_reply *l2tp_reply = user_data;
549 struct l2tp_private_data *data;
550 const char *error = NULL;
551 char *username = NULL, *password = NULL;
553 DBusMessageIter iter, dict;
556 DBG("provider %p", l2tp_reply->provider);
561 data = l2tp_reply->user_data;
563 err = vpn_agent_check_and_process_reply_error(reply,
564 l2tp_reply->provider, data->task, data->cb,
567 /* Ensure cb is called only once */
569 data->user_data = NULL;
570 error = dbus_message_get_error_name(reply);
574 if (!vpn_agent_check_reply_has_dict(reply))
577 dbus_message_iter_init(reply, &iter);
578 dbus_message_iter_recurse(&iter, &dict);
579 while (dbus_message_iter_get_arg_type(&dict) == DBUS_TYPE_DICT_ENTRY) {
580 DBusMessageIter entry, value;
583 dbus_message_iter_recurse(&dict, &entry);
584 if (dbus_message_iter_get_arg_type(&entry) != DBUS_TYPE_STRING)
587 dbus_message_iter_get_basic(&entry, &key);
589 if (g_str_equal(key, "Username")) {
590 dbus_message_iter_next(&entry);
591 if (dbus_message_iter_get_arg_type(&entry)
592 != DBUS_TYPE_VARIANT)
594 dbus_message_iter_recurse(&entry, &value);
595 if (dbus_message_iter_get_arg_type(&value)
598 dbus_message_iter_get_basic(&value, &str);
599 username = g_strdup(str);
602 if (g_str_equal(key, "Password")) {
603 dbus_message_iter_next(&entry);
604 if (dbus_message_iter_get_arg_type(&entry)
605 != DBUS_TYPE_VARIANT)
607 dbus_message_iter_recurse(&entry, &value);
608 if (dbus_message_iter_get_arg_type(&value)
611 dbus_message_iter_get_basic(&value, &str);
612 password = g_strdup(str);
615 dbus_message_iter_next(&dict);
619 l2tp_reply->callback(l2tp_reply->provider, username, password, error,
620 l2tp_reply->user_data);
628 typedef void (* request_cb_t)(struct vpn_provider *provider,
629 const char *username, const char *password,
630 const char *error, void *user_data);
632 static int request_input(struct vpn_provider *provider,
633 request_cb_t callback, const char *dbus_sender,
636 DBusMessage *message;
637 const char *path, *agent_sender, *agent_path;
638 DBusMessageIter iter;
639 DBusMessageIter dict;
640 struct request_input_reply *l2tp_reply;
644 agent = connman_agent_get_info(dbus_sender, &agent_sender,
646 if (!provider || !agent || !agent_path || !callback)
649 message = dbus_message_new_method_call(agent_sender, agent_path,
655 dbus_message_iter_init_append(message, &iter);
657 path = vpn_provider_get_path(provider);
658 dbus_message_iter_append_basic(&iter,
659 DBUS_TYPE_OBJECT_PATH, &path);
661 connman_dbus_dict_open(&iter, &dict);
663 if (vpn_provider_get_authentication_errors(provider))
664 vpn_agent_append_auth_failure(&dict, provider, NULL);
666 vpn_agent_append_user_info(&dict, provider, "L2TP.User");
668 vpn_agent_append_host_and_name(&dict, provider);
670 connman_dbus_dict_close(&iter, &dict);
672 l2tp_reply = g_try_new0(struct request_input_reply, 1);
674 dbus_message_unref(message);
678 l2tp_reply->provider = provider;
679 l2tp_reply->callback = callback;
680 l2tp_reply->user_data = user_data;
682 err = connman_agent_queue_message(provider, message,
683 connman_timeout_input_request(),
684 request_input_reply, l2tp_reply, agent);
685 if (err < 0 && err != -EBUSY) {
686 DBG("error %d sending agent request", err);
687 dbus_message_unref(message);
692 dbus_message_unref(message);
697 static int run_connect(struct l2tp_private_data *data,
698 const char *username, const char *password)
700 struct vpn_provider *provider = data->provider;
701 struct connman_task *task = data->task;
702 char *l2tp_name, *ctrl_name, *pppd_name;
703 int l2tp_fd, pppd_fd;
706 if (!username || !*username || !password || !*password) {
707 DBG("Cannot connect username %s password %p",
713 DBG("username %s password %p", username, password);
715 l2tp_name = g_strdup_printf(VPN_STATEDIR "/connman-xl2tpd.conf");
717 l2tp_fd = open(l2tp_name, O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR);
720 connman_error("Error writing l2tp config");
725 ctrl_name = g_strconcat(VPN_STATEDIR, "/connman-xl2tpd-control", NULL);
727 if (mkfifo(ctrl_name, S_IRUSR|S_IWUSR) != 0 && errno != EEXIST) {
728 connman_error("Error creating xl2tp control pipe");
736 pppd_name = g_strconcat(VPN_STATEDIR, "/connman-ppp-option.conf", NULL);
738 pppd_fd = open(pppd_name, O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR);
740 connman_error("Error writing pppd config");
749 l2tp_write_config(provider, pppd_name, l2tp_fd);
751 write_pppd_option(provider, pppd_fd);
753 connman_task_add_argument(task, "-D", NULL);
754 connman_task_add_argument(task, "-C", ctrl_name);
755 connman_task_add_argument(task, "-c", l2tp_name);
763 err = connman_task_run(task, l2tp_died, data, NULL, NULL, NULL);
765 connman_error("l2tp failed to start");
771 l2tp_connect_done(data, -err);
776 static void request_input_cb(struct vpn_provider *provider,
777 const char *username,
778 const char *password,
779 const char *error, void *user_data)
781 struct l2tp_private_data *data = user_data;
783 if (!username || !*username || !password || !*password)
784 DBG("Requesting username %s or password failed, error %s",
787 DBG("error %s", error);
789 vpn_provider_set_string(provider, "L2TP.User", username);
790 vpn_provider_set_string_hide_value(provider, "L2TP.Password",
793 run_connect(data, username, password);
796 static int l2tp_connect(struct vpn_provider *provider,
797 struct connman_task *task, const char *if_name,
798 vpn_provider_connect_cb_t cb, const char *dbus_sender,
801 struct l2tp_private_data *data;
802 const char *username, *password;
805 data = g_try_new0(struct l2tp_private_data, 1);
809 data->provider = vpn_provider_ref(provider);
811 data->if_name = g_strdup(if_name);
813 data->user_data = user_data;
814 vpn_provider_set_plugin_data(provider, data);
816 if (connman_task_set_notify(task, "getsec",
817 l2tp_get_sec, provider) != 0) {
822 username = vpn_provider_get_string(provider, "L2TP.User");
823 password = vpn_provider_get_string(provider, "L2TP.Password");
825 DBG("user %s password %p", username, password);
827 if (!username || !*username || !password || !*password) {
828 err = request_input(provider, request_input_cb, dbus_sender,
830 if (err != -EINPROGRESS)
836 return run_connect(data, username, password);
839 l2tp_connect_done(data, -err);
840 free_private_data(data);
845 static int l2tp_error_code(struct vpn_provider *provider, int exit_code)
849 return CONNMAN_PROVIDER_ERROR_CONNECT_FAILED;
851 return CONNMAN_PROVIDER_ERROR_UNKNOWN;
855 static void l2tp_disconnect(struct vpn_provider *provider)
860 vpn_provider_set_string_hide_value(provider, "L2TP.Password", NULL);
862 connman_agent_cancel(provider);
865 static struct vpn_driver vpn_driver = {
866 .flags = VPN_FLAG_NO_TUN,
867 .notify = l2tp_notify,
868 .connect = l2tp_connect,
869 .error_code = l2tp_error_code,
871 .disconnect = l2tp_disconnect,
874 static int l2tp_init(void)
876 connection = connman_dbus_get_connection();
878 return vpn_register("l2tp", &vpn_driver, L2TP);
881 static void l2tp_exit(void)
883 vpn_unregister("l2tp");
885 dbus_connection_unref(connection);
888 CONNMAN_PLUGIN_DEFINE(l2tp, "l2tp plugin", VERSION,
889 CONNMAN_PLUGIN_PRIORITY_DEFAULT, l2tp_init, l2tp_exit)