projects / platform / upstream / connman.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Imported Upstream version 1.37
[platform/upstream/connman.git] / vpn / plugins / vpn.c
1 /*
2  *
3  *  ConnMan VPN daemon
4  *
5  *  Copyright (C) 2007-2013  Intel Corporation. All rights reserved.
6  *
7  *  This program is free software; you can redistribute it and/or modify
8  *  it under the terms of the GNU General Public License version 2 as
9  *  published by the Free Software Foundation.
10  *
11  *  This program is distributed in the hope that it will be useful,
12  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
13  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14  *  GNU General Public License for more details.
15  *
16  *  You should have received a copy of the GNU General Public License
17  *  along with this program; if not, write to the Free Software
18  *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
19  *
20  */
21
22 #ifdef HAVE_CONFIG_H
23 #include <config.h>
24 #endif
25
26 #include <string.h>
27 #include <fcntl.h>
28 #include <unistd.h>
29 #include <sys/stat.h>
30 #include <stdio.h>
31 #include <errno.h>
32 #include <sys/ioctl.h>
33 #include <sys/types.h>
34 #include <linux/if_tun.h>
35 #include <net/if.h>
36
37 #include <dbus/dbus.h>
38
39 #include <glib/gprintf.h>
40
41 #include <connman/log.h>
42 #include <connman/rtnl.h>
43 #include <connman/task.h>
44 #include <connman/inet.h>
45
46 #include "../vpn-rtnl.h"
47 #include "../vpn-provider.h"
48
49 #include "vpn.h"
50
51 struct vpn_data {
52         struct vpn_provider *provider;
53         char *if_name;
54         unsigned flags;
55         unsigned int watch;
56         enum vpn_state state;
57         struct connman_task *task;
58         int tun_flags;
59 };
60
61 struct vpn_driver_data {
62         const char *name;
63         const char *program;
64         struct vpn_driver *vpn_driver;
65         struct vpn_provider_driver provider_driver;
66 };
67
68 GHashTable *driver_hash = NULL;
69
70 static int stop_vpn(struct vpn_provider *provider)
71 {
72         struct vpn_data *data = vpn_provider_get_data(provider);
73         struct vpn_driver_data *vpn_driver_data;
74         const char *name;
75         struct ifreq ifr;
76         int fd, err;
77
78         if (!data)
79                 return -EINVAL;
80
81         name = vpn_provider_get_driver_name(provider);
82         if (!name)
83                 return -EINVAL;
84
85         vpn_driver_data = g_hash_table_lookup(driver_hash, name);
86
87         if (vpn_driver_data && vpn_driver_data->vpn_driver &&
88                         vpn_driver_data->vpn_driver->flags == VPN_FLAG_NO_TUN)
89                 return 0;
90
91         memset(&ifr, 0, sizeof(ifr));
92         ifr.ifr_flags = data->tun_flags | IFF_NO_PI;
93         sprintf(ifr.ifr_name, "%s", data->if_name);
94
95         fd = open("/dev/net/tun", O_RDWR | O_CLOEXEC);
96         if (fd < 0) {
97                 err = -errno;
98                 connman_error("Failed to open /dev/net/tun to device %s: %s",
99                               data->if_name, strerror(errno));
100                 return err;
101         }
102
103         if (ioctl(fd, TUNSETIFF, (void *)&ifr)) {
104                 err = -errno;
105                 connman_error("Failed to TUNSETIFF for device %s to it: %s",
106                               data->if_name, strerror(errno));
107                 close(fd);
108                 return err;
109         }
110
111         if (ioctl(fd, TUNSETPERSIST, 0)) {
112                 err = -errno;
113                 connman_error("Failed to set tun device %s nonpersistent: %s",
114                               data->if_name, strerror(errno));
115                 close(fd);
116                 return err;
117         }
118         close(fd);
119         DBG("Killed tun device %s", data->if_name);
120         return 0;
121 }
122
123 void vpn_died(struct connman_task *task, int exit_code, void *user_data)
124 {
125         struct vpn_provider *provider = user_data;
126         struct vpn_data *data = vpn_provider_get_data(provider);
127         int state = VPN_STATE_FAILURE;
128         enum vpn_provider_error ret;
129
130         DBG("provider %p data %p", provider, data);
131
132         if (!data)
133                 goto vpn_exit;
134
135         /* The task may die after we have already started the new one */
136         if (data->task != task)
137                 goto done;
138
139         state = data->state;
140
141         stop_vpn(provider);
142         vpn_provider_set_data(provider, NULL);
143
144         if (data->watch != 0) {
145                 vpn_rtnl_remove_watch(data->watch);
146                 data->watch = 0;
147                 vpn_provider_unref(provider);
148         }
149
150 vpn_exit:
151         if (state != VPN_STATE_READY && state != VPN_STATE_DISCONNECT) {
152                 const char *name;
153                 struct vpn_driver_data *vpn_data = NULL;
154
155                 name = vpn_provider_get_driver_name(provider);
156                 if (name)
157                         vpn_data = g_hash_table_lookup(driver_hash, name);
158
159                 if (vpn_data &&
160                                 vpn_data->vpn_driver->error_code)
161                         ret = vpn_data->vpn_driver->error_code(provider,
162                                         exit_code);
163                 else
164                         ret = VPN_PROVIDER_ERROR_UNKNOWN;
165
166                 vpn_provider_indicate_error(provider, ret);
167         } else
168                 vpn_provider_set_state(provider, VPN_PROVIDER_STATE_IDLE);
169
170         vpn_provider_set_index(provider, -1);
171
172         if (data) {
173                 vpn_provider_unref(data->provider);
174                 g_free(data->if_name);
175                 g_free(data);
176         }
177
178 done:
179         connman_task_destroy(task);
180 }
181
182 int vpn_set_ifname(struct vpn_provider *provider, const char *ifname)
183 {
184         struct vpn_data *data = vpn_provider_get_data(provider);
185         int index;
186
187         if (!ifname || !data)
188                 return  -EIO;
189
190         index = connman_inet_ifindex(ifname);
191         if (index < 0)
192                 return  -EIO;
193
194         if (data->if_name)
195                 g_free(data->if_name);
196
197         data->if_name = (char *)g_strdup(ifname);
198         vpn_provider_set_index(provider, index);
199
200         return 0;
201 }
202
203 static int vpn_set_state(struct vpn_provider *provider,
204                                                 enum vpn_provider_state state)
205 {
206         struct vpn_data *data = vpn_provider_get_data(provider);
207         if (!data)
208                 return -EINVAL;
209
210         switch (state) {
211         case VPN_PROVIDER_STATE_UNKNOWN:
212                 return -EINVAL;
213         case VPN_PROVIDER_STATE_IDLE:
214                 data->state = VPN_STATE_IDLE;
215                 break;
216         case VPN_PROVIDER_STATE_CONNECT:
217         case VPN_PROVIDER_STATE_READY:
218                 data->state = VPN_STATE_CONNECT;
219                 break;
220         case VPN_PROVIDER_STATE_DISCONNECT:
221                 data->state = VPN_STATE_DISCONNECT;
222                 break;
223         case VPN_PROVIDER_STATE_FAILURE:
224                 data->state = VPN_STATE_FAILURE;
225                 break;
226         }
227
228         return 0;
229 }
230
231 static void vpn_newlink(unsigned flags, unsigned change, void *user_data)
232 {
233         struct vpn_provider *provider = user_data;
234         struct vpn_data *data = vpn_provider_get_data(provider);
235
236         if ((data->flags & IFF_UP) != (flags & IFF_UP)) {
237                 if (flags & IFF_UP) {
238                         data->state = VPN_STATE_READY;
239                         vpn_provider_set_state(provider,
240                                         VPN_PROVIDER_STATE_READY);
241                 }
242         }
243         data->flags = flags;
244 }
245
246 static DBusMessage *vpn_notify(struct connman_task *task,
247                         DBusMessage *msg, void *user_data)
248 {
249         struct vpn_provider *provider = user_data;
250         struct vpn_data *data;
251         struct vpn_driver_data *vpn_driver_data;
252         const char *name;
253         int state, index, err;
254
255         data = vpn_provider_get_data(provider);
256
257         name = vpn_provider_get_driver_name(provider);
258
259         if (!name) {
260                 DBG("Cannot find VPN driver for provider %p", provider);
261                 vpn_provider_set_state(provider, VPN_PROVIDER_STATE_FAILURE);
262                 return NULL;
263         }
264
265         vpn_driver_data = g_hash_table_lookup(driver_hash, name);
266         if (!vpn_driver_data) {
267                 DBG("Cannot find VPN driver data for name %s", name);
268                 vpn_provider_set_state(provider, VPN_PROVIDER_STATE_FAILURE);
269                 return NULL;
270         }
271
272         state = vpn_driver_data->vpn_driver->notify(msg, provider);
273
274         DBG("provider %p driver %s state %d", provider, name, state);
275
276         switch (state) {
277         case VPN_STATE_CONNECT:
278         case VPN_STATE_READY:
279                 if (data->state == VPN_STATE_READY) {
280                         /*
281                          * This is the restart case, in which case we must
282                          * just set the IP address.
283                          *
284                          * We need to remove first the old address, just
285                          * replacing the old address will not work as expected
286                          * because the old address will linger in the interface
287                          * and not disapper so the clearing is needed here.
288                          *
289                          * Also the state must change, otherwise the routes
290                          * will not be set properly.
291                          */
292                         vpn_provider_set_state(provider,
293                                                 VPN_PROVIDER_STATE_CONNECT);
294
295                         vpn_provider_clear_address(provider, AF_INET);
296                         vpn_provider_clear_address(provider, AF_INET6);
297
298                         vpn_provider_change_address(provider);
299                         vpn_provider_set_state(provider,
300                                                 VPN_PROVIDER_STATE_READY);
301                         break;
302                 }
303
304                 index = vpn_provider_get_index(provider);
305                 vpn_provider_ref(provider);
306                 data->watch = vpn_rtnl_add_newlink_watch(index,
307                                                      vpn_newlink, provider);
308                 err = connman_inet_ifup(index);
309                 if (err < 0) {
310                         if (err == -EALREADY) {
311                                 /*
312                                  * So the interface is up already, that is just
313                                  * great. Unfortunately in this case the
314                                  * newlink watch might not have been called at
315                                  * all. We must manually call it here so that
316                                  * the provider can go to ready state and the
317                                  * routes are setup properly. Also reset flags
318                                  * so vpn_newlink() can handle the change.
319                                  */
320                                 data->flags = 0;
321                                 vpn_newlink(IFF_UP, 0, provider);
322                         } else {
323                                 DBG("Cannot take interface %d up err %d/%s",
324                                         index, -err, strerror(-err));
325                         }
326                 }
327                 break;
328
329         case VPN_STATE_UNKNOWN:
330         case VPN_STATE_IDLE:
331         case VPN_STATE_DISCONNECT:
332         case VPN_STATE_FAILURE:
333                 vpn_provider_set_state(provider,
334                                         VPN_PROVIDER_STATE_DISCONNECT);
335                 break;
336
337         case VPN_STATE_AUTH_FAILURE:
338                 vpn_provider_indicate_error(provider,
339                                         VPN_PROVIDER_ERROR_AUTH_FAILED);
340                 break;
341         }
342
343         return NULL;
344 }
345
346 static int vpn_create_tun(struct vpn_provider *provider, int flags)
347 {
348         struct vpn_data *data = vpn_provider_get_data(provider);
349         struct ifreq ifr;
350         int i, fd, index;
351         int ret = 0;
352
353         if (!data)
354                 return -EISCONN;
355
356         fd = open("/dev/net/tun", O_RDWR | O_CLOEXEC);
357         if (fd < 0) {
358                 i = -errno;
359                 connman_error("Failed to open /dev/net/tun: %s",
360                               strerror(errno));
361                 ret = i;
362                 goto exist_err;
363         }
364
365         memset(&ifr, 0, sizeof(ifr));
366         ifr.ifr_flags = flags | IFF_NO_PI;
367
368         for (i = 0; i < 256; i++) {
369                 sprintf(ifr.ifr_name, "vpn%d", i);
370
371                 if (!ioctl(fd, TUNSETIFF, (void *)&ifr))
372                         break;
373         }
374
375         if (i == 256) {
376                 connman_error("Failed to find available tun device");
377                 close(fd);
378                 ret = -ENODEV;
379                 goto exist_err;
380         }
381
382         data->tun_flags = flags;
383         g_free(data->if_name);
384         data->if_name = (char *)g_strdup(ifr.ifr_name);
385         if (!data->if_name) {
386                 connman_error("Failed to allocate memory");
387                 close(fd);
388                 ret = -ENOMEM;
389                 goto exist_err;
390         }
391
392         if (ioctl(fd, TUNSETPERSIST, 1)) {
393                 i = -errno;
394                 connman_error("Failed to set tun persistent: %s",
395                               strerror(errno));
396                 close(fd);
397                 ret = i;
398                 goto exist_err;
399         }
400
401         close(fd);
402
403         index = connman_inet_ifindex(data->if_name);
404         if (index < 0) {
405                 connman_error("Failed to get tun ifindex");
406                 stop_vpn(provider);
407                 ret = -EIO;
408                 goto exist_err;
409         }
410         vpn_provider_set_index(provider, index);
411
412         return 0;
413
414 exist_err:
415         return ret;
416 }
417
418 static int vpn_connect(struct vpn_provider *provider,
419                         vpn_provider_connect_cb_t cb,
420                         const char *dbus_sender, void *user_data)
421 {
422         struct vpn_data *data = vpn_provider_get_data(provider);
423         struct vpn_driver_data *vpn_driver_data;
424         const char *name;
425         int ret = 0, tun_flags = IFF_TUN;
426         enum vpn_state state = VPN_STATE_UNKNOWN;
427
428         if (data)
429                 state = data->state;
430
431         DBG("data %p state %d", data, state);
432
433         switch (state) {
434         case VPN_STATE_UNKNOWN:
435                 data = g_try_new0(struct vpn_data, 1);
436                 if (!data)
437                         return -ENOMEM;
438
439                 data->provider = vpn_provider_ref(provider);
440                 data->watch = 0;
441                 data->flags = 0;
442                 data->task = NULL;
443
444                 vpn_provider_set_data(provider, data);
445                 /* fall through */
446
447         case VPN_STATE_DISCONNECT:
448         case VPN_STATE_IDLE:
449         case VPN_STATE_FAILURE:
450         case VPN_STATE_AUTH_FAILURE:
451                 data->state = VPN_STATE_IDLE;
452                 break;
453
454         case VPN_STATE_CONNECT:
455                 return -EINPROGRESS;
456
457         case VPN_STATE_READY:
458                 return -EISCONN;
459         }
460
461         name = vpn_provider_get_driver_name(provider);
462         if (!name)
463                 return -EINVAL;
464
465         vpn_driver_data = g_hash_table_lookup(driver_hash, name);
466
467         if (!vpn_driver_data || !vpn_driver_data->vpn_driver) {
468                 ret = -EINVAL;
469                 goto exist_err;
470         }
471
472         if (vpn_driver_data->vpn_driver->flags != VPN_FLAG_NO_TUN) {
473                 if (vpn_driver_data->vpn_driver->device_flags) {
474                         tun_flags = vpn_driver_data->vpn_driver->device_flags(provider);
475                 }
476                 ret = vpn_create_tun(provider, tun_flags);
477                 if (ret < 0)
478                         goto exist_err;
479         }
480
481         data->task = connman_task_create(vpn_driver_data->program);
482
483         if (!data->task) {
484                 ret = -ENOMEM;
485                 stop_vpn(provider);
486                 goto exist_err;
487         }
488
489         if (connman_task_set_notify(data->task, "notify",
490                                         vpn_notify, provider)) {
491                 ret = -ENOMEM;
492                 stop_vpn(provider);
493                 connman_task_destroy(data->task);
494                 data->task = NULL;
495                 goto exist_err;
496         }
497
498         ret = vpn_driver_data->vpn_driver->connect(provider, data->task,
499                                                 data->if_name, cb, dbus_sender,
500                                                 user_data);
501         if (ret < 0 && ret != -EINPROGRESS) {
502                 stop_vpn(provider);
503                 connman_task_destroy(data->task);
504                 data->task = NULL;
505                 goto exist_err;
506         }
507
508         DBG("%s started with dev %s",
509                 vpn_driver_data->provider_driver.name, data->if_name);
510
511         data->state = VPN_STATE_CONNECT;
512
513         return -EINPROGRESS;
514
515 exist_err:
516         vpn_provider_set_index(provider, -1);
517         vpn_provider_set_data(provider, NULL);
518         vpn_provider_unref(data->provider);
519         g_free(data->if_name);
520         g_free(data);
521
522         return ret;
523 }
524
525 static int vpn_probe(struct vpn_provider *provider)
526 {
527         return 0;
528 }
529
530 static int vpn_disconnect(struct vpn_provider *provider)
531 {
532         struct vpn_data *data = vpn_provider_get_data(provider);
533         struct vpn_driver_data *vpn_driver_data;
534         const char *name;
535
536         DBG("disconnect provider %p:", provider);
537
538         if (!data)
539                 return 0;
540
541         name = vpn_provider_get_driver_name(provider);
542         if (!name)
543                 return 0;
544
545         vpn_driver_data = g_hash_table_lookup(driver_hash, name);
546         if (vpn_driver_data->vpn_driver->disconnect)
547                 vpn_driver_data->vpn_driver->disconnect(provider);
548
549         if (data->watch != 0) {
550                 vpn_provider_unref(provider);
551                 vpn_rtnl_remove_watch(data->watch);
552                 data->watch = 0;
553         }
554
555         data->state = VPN_STATE_DISCONNECT;
556         connman_task_stop(data->task);
557
558         return 0;
559 }
560
561 static int vpn_remove(struct vpn_provider *provider)
562 {
563         struct vpn_data *data;
564         struct vpn_driver_data *driver_data;
565         const char *name;
566         int err = 0;
567
568         data = vpn_provider_get_data(provider);
569         name = vpn_provider_get_driver_name(provider);
570
571         if (!data)
572                 goto call_remove;
573
574         if (data->watch != 0) {
575                 vpn_provider_unref(provider);
576                 vpn_rtnl_remove_watch(data->watch);
577                 data->watch = 0;
578         }
579
580         connman_task_stop(data->task);
581
582         g_usleep(G_USEC_PER_SEC);
583         stop_vpn(provider);
584
585 call_remove:
586         if (!name)
587                 return 0;
588
589         driver_data = g_hash_table_lookup(driver_hash, name);
590
591         if (driver_data && driver_data->vpn_driver->remove)
592                 err = driver_data->vpn_driver->remove(provider);
593
594         if (err)
595                 DBG("%p vpn_driver->remove() returned %d", provider, err);
596
597         return err;
598 }
599
600 static int vpn_save(struct vpn_provider *provider, GKeyFile *keyfile)
601 {
602         struct vpn_driver_data *vpn_driver_data;
603         const char *name;
604
605         name = vpn_provider_get_driver_name(provider);
606         vpn_driver_data = g_hash_table_lookup(driver_hash, name);
607         if (vpn_driver_data &&
608                         vpn_driver_data->vpn_driver->save)
609                 return vpn_driver_data->vpn_driver->save(provider, keyfile);
610
611         return 0;
612 }
613
614 static int vpn_route_env_parse(struct vpn_provider *provider, const char *key,
615                         int *family, unsigned long *idx,
616                         enum vpn_provider_route_type *type)
617 {
618         struct vpn_driver_data *vpn_driver_data = NULL;
619         const char *name = NULL;
620
621         if (!provider)
622                 return -EINVAL;
623
624         name = vpn_provider_get_driver_name(provider);
625         vpn_driver_data = g_hash_table_lookup(driver_hash, name);
626
627         if (vpn_driver_data && vpn_driver_data->vpn_driver->route_env_parse)
628                 return vpn_driver_data->vpn_driver->route_env_parse(provider, key,
629                         family, idx, type);
630
631         return 0;
632 }
633
634 int vpn_register(const char *name, struct vpn_driver *vpn_driver,
635                         const char *program)
636 {
637         struct vpn_driver_data *data;
638
639         data = g_try_new0(struct vpn_driver_data, 1);
640         if (!data)
641                 return -ENOMEM;
642
643         data->name = name;
644         data->program = program;
645
646         data->vpn_driver = vpn_driver;
647
648         data->provider_driver.name = name;
649         data->provider_driver.disconnect = vpn_disconnect;
650         data->provider_driver.connect = vpn_connect;
651         data->provider_driver.probe = vpn_probe;
652         data->provider_driver.remove = vpn_remove;
653         data->provider_driver.save = vpn_save;
654         data->provider_driver.set_state = vpn_set_state;
655         data->provider_driver.route_env_parse = vpn_route_env_parse;
656
657         if (!driver_hash)
658                 driver_hash = g_hash_table_new_full(g_str_hash,
659                                                         g_str_equal,
660                                                         NULL, g_free);
661
662         if (!driver_hash) {
663                 connman_error("driver_hash not initialized for %s", name);
664                 g_free(data);
665                 return -ENOMEM;
666         }
667
668         g_hash_table_replace(driver_hash, (char *)name, data);
669
670         vpn_provider_driver_register(&data->provider_driver);
671
672         return 0;
673 }
674
675 void vpn_unregister(const char *name)
676 {
677         struct vpn_driver_data *data;
678
679         data = g_hash_table_lookup(driver_hash, name);
680         if (!data)
681                 return;
682
683         vpn_provider_driver_unregister(&data->provider_driver);
684
685         g_hash_table_remove(driver_hash, name);
686
687         if (g_hash_table_size(driver_hash) == 0)
688                 g_hash_table_destroy(driver_hash);
689 }
Domain: Network & Connectivity / Data Network;