*
* Connection Manager
*
- * Copyright (C) 2007-2010 Intel Corporation. All rights reserved.
+ * Copyright (C) 2012-2013 Intel Corporation. All rights reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
#include <config.h>
#endif
-#define _GNU_SOURCE
#include <string.h>
-#include <fcntl.h>
-#include <unistd.h>
-#include <sys/stat.h>
-#include <stdio.h>
#include <errno.h>
-#include <sys/ioctl.h>
-#include <sys/types.h>
-#include <linux/if_tun.h>
-#include <net/if.h>
+#include <sys/socket.h>
+#include <stdlib.h>
+#include <glib.h>
-#include <dbus/dbus.h>
+#include <gdbus.h>
-#include <glib/ghash.h>
-#include <glib/gprintf.h>
-
-#include <connman/provider.h>
+#define CONNMAN_API_SUBJECT_TO_CHANGE
+#include <connman/technology.h>
+#include <connman/plugin.h>
#include <connman/log.h>
-#include <connman/rtnl.h>
-#include <connman/task.h>
+#include <connman/dbus.h>
+#include <connman/provider.h>
+#include <connman/ipaddress.h>
+#include <connman/notifier.h>
+#include <connman/vpn-dbus.h>
#include <connman/inet.h>
+#include <gweb/gresolv.h>
-#include "vpn.h"
+#define DBUS_TIMEOUT 10000
-struct vpn_data {
- struct connman_provider *provider;
- char *if_name;
- unsigned flags;
- unsigned int watch;
- unsigned int state;
- struct connman_task *task;
+static DBusConnection *connection;
+
+static GHashTable *vpn_connections = NULL;
+static guint watch;
+static guint added_watch;
+static guint removed_watch;
+static guint property_watch;
+
+struct vpn_route {
+ int family;
+ char *network;
+ char *netmask;
+ char *gateway;
};
-struct vpn_driver_data {
- const char *name;
- const char *program;
- struct vpn_driver *vpn_driver;
- struct connman_provider_driver provider_driver;
+struct config_create_data {
+ connection_ready_cb callback;
+ DBusMessage *message;
+ char *path;
};
-GHashTable *driver_hash = NULL;
+struct connection_data {
+ char *path;
+ char *ident;
+ struct connman_provider *provider;
+ int index;
+ DBusPendingCall *call;
+ DBusPendingCall *disconnect_call;
+ bool connect_pending;
+ struct config_create_data *cb_data;
+ char *service_ident;
+
+ char *state;
+ char *type;
+ char *name;
+ char *host;
+ char **host_ip;
+ char *domain;
+ char **nameservers;
+ bool immutable;
+
+ GHashTable *server_routes;
+ GHashTable *user_routes;
+ GHashTable *setting_strings;
+
+ struct connman_ipaddress *ip;
+
+ GResolv *resolv;
+ guint resolv_id;
+};
-static int stop_vpn(struct connman_provider *provider)
+static int set_string(struct connman_provider *provider,
+ const char *key, const char *value)
{
- struct vpn_data *data = connman_provider_get_data(provider);
- struct vpn_driver_data *vpn_driver_data;
- const char *name;
- struct ifreq ifr;
- int fd, err;
+ struct connection_data *data;
- if (data == NULL)
+ data = connman_provider_get_data(provider);
+ if (!data)
return -EINVAL;
- name = connman_provider_get_driver_name(provider);
- if (name == NULL)
- return -EINVAL;
+ DBG("data %p provider %p key %s value %s", data, provider, key, value);
+
+ if (g_str_equal(key, "Type")) {
+ g_free(data->type);
+ data->type = g_strdup(value);
+ } else if (g_str_equal(key, "Name")) {
+ g_free(data->name);
+ data->name = g_strdup(value);
+ } else if (g_str_equal(key, "Host")) {
+ g_free(data->host);
+ data->host = g_strdup(value);
+ } else if (g_str_equal(key, "VPN.Domain") ||
+ g_str_equal(key, "Domain")) {
+ g_free(data->domain);
+ data->domain = g_strdup(value);
+ } else
+ g_hash_table_replace(data->setting_strings,
+ g_strdup(key), g_strdup(value));
+ return 0;
+}
+
+static const char *get_string(struct connman_provider *provider,
+ const char *key)
+{
+ struct connection_data *data;
- vpn_driver_data = g_hash_table_lookup(driver_hash, name);
+ data = connman_provider_get_data(provider);
+ if (!data)
+ return NULL;
- if (vpn_driver_data != NULL && vpn_driver_data->vpn_driver != NULL &&
- vpn_driver_data->vpn_driver->flags == VPN_FLAG_NO_TUN)
- return 0;
+ DBG("data %p provider %p key %s", data, provider, key);
+
+ if (g_str_equal(key, "Type"))
+ return data->type;
+ else if (g_str_equal(key, "Name"))
+ return data->name;
+ else if (g_str_equal(key, "Host"))
+ return data->host;
+ else if (g_str_equal(key, "HostIP")) {
+ if (!data->host_ip ||
+ !data->host_ip[0])
+ return data->host;
+ else
+ return data->host_ip[0];
+ } else if (g_str_equal(key, "VPN.Domain"))
+ return data->domain;
- memset(&ifr, 0, sizeof(ifr));
- ifr.ifr_flags = IFF_TUN | IFF_NO_PI;
- sprintf(ifr.ifr_name, "%s", data->if_name);
+ return g_hash_table_lookup(data->setting_strings, key);
+}
- fd = open("/dev/net/tun", O_RDWR | O_CLOEXEC);
- if (fd < 0) {
- err = -errno;
- connman_error("Failed to open /dev/net/tun to device %s: %s",
- data->if_name, strerror(errno));
- return err;
- }
+static char *get_ident(const char *path)
+{
+ char *pos;
- if (ioctl(fd, TUNSETIFF, (void *)&ifr)) {
- err = -errno;
- connman_error("Failed to TUNSETIFF for device %s to it: %s",
- data->if_name, strerror(errno));
- close(fd);
- return err;
- }
+ if (*path != '/')
+ return NULL;
+
+ pos = strrchr(path, '/');
+ if (!pos)
+ return NULL;
+
+ return pos + 1;
+}
+
+static void cancel_host_resolv(struct connection_data *data)
+{
+ if (data->resolv_id != 0)
+ g_resolv_cancel_lookup(data->resolv, data->resolv_id);
+
+ data->resolv_id = 0;
+
+ g_resolv_unref(data->resolv);
+ data->resolv = NULL;
+}
+
+static gboolean remove_resolv(gpointer user_data)
+{
+ struct connection_data *data = user_data;
+
+ cancel_host_resolv(data);
+
+ return FALSE;
+}
+
+static void resolv_result(GResolvResultStatus status,
+ char **results, gpointer user_data)
+{
+ struct connection_data *data = user_data;
- if (ioctl(fd, TUNSETPERSIST, 0)) {
- err = -errno;
- connman_error("Failed to set tun device %s nonpersistent: %s",
- data->if_name, strerror(errno));
- close(fd);
- return err;
+ DBG("status %d", status);
+
+ if (status == G_RESOLV_RESULT_STATUS_SUCCESS && results &&
+ g_strv_length(results) > 0) {
+ g_strfreev(data->host_ip);
+ data->host_ip = g_strdupv(results);
}
- close(fd);
- DBG("Killed tun device %s", data->if_name);
- return 0;
+
+ /*
+ * We cannot unref the resolver here as resolv struct is manipulated
+ * by gresolv.c after we return from this callback.
+ */
+ g_idle_add(remove_resolv, data);
+
+ data->resolv_id = 0;
}
-void vpn_died(struct connman_task *task, int exit_code, void *user_data)
+static void resolv_host_addr(struct connection_data *data)
{
- struct connman_provider *provider = user_data;
- struct vpn_data *data = connman_provider_get_data(provider);
- int state = VPN_STATE_FAILURE;
- enum connman_provider_error ret;
+ if (!data->host)
+ return;
- DBG("provider %p data %p", provider, data);
+ if (connman_inet_check_ipaddress(data->host) > 0)
+ return;
- if (data == NULL)
- goto vpn_exit;
+ if (data->host_ip)
+ return;
- state = data->state;
+ data->resolv = g_resolv_new(0);
+ if (!data->resolv) {
+ DBG("Cannot resolv %s", data->host);
+ return;
+ }
- stop_vpn(provider);
- connman_provider_set_data(provider, NULL);
- connman_rtnl_remove_watch(data->watch);
+ DBG("Trying to resolv %s", data->host);
-vpn_exit:
- if (state != VPN_STATE_READY && state != VPN_STATE_DISCONNECT) {
- const char *name;
- struct vpn_driver_data *vpn_data = NULL;
+ data->resolv_id = g_resolv_lookup_hostname(data->resolv, data->host,
+ resolv_result, data);
+}
- name = connman_provider_get_driver_name(provider);
- if (name != NULL)
- vpn_data = g_hash_table_lookup(driver_hash, name);
+static void free_config_cb_data(struct config_create_data *cb_data)
+{
+ if (!cb_data)
+ return;
- if (vpn_data != NULL &&
- vpn_data->vpn_driver->error_code != NULL)
- ret = vpn_data->vpn_driver->error_code(exit_code);
- else
- ret = CONNMAN_PROVIDER_ERROR_UNKNOWN;
+ g_free(cb_data->path);
+ cb_data->path = NULL;
- connman_provider_indicate_error(provider, ret);
- } else
- connman_provider_set_state(provider,
- CONNMAN_PROVIDER_STATE_IDLE);
+ if (cb_data->message) {
+ dbus_message_unref(cb_data->message);
+ cb_data->message = NULL;
+ }
- connman_provider_set_index(provider, -1);
- connman_provider_unref(data->provider);
+ cb_data->callback = NULL;
- g_free(data->if_name);
- g_free(data);
+ g_free(cb_data);
+}
- connman_task_destroy(task);
+static bool provider_is_connected(struct connection_data *data)
+{
+ return data && (g_str_equal(data->state, "ready") ||
+ g_str_equal(data->state, "configuration"));
}
-int vpn_set_ifname(struct connman_provider *provider, const char *ifname)
+static void set_provider_state(struct connection_data *data)
{
- struct vpn_data *data = connman_provider_get_data(provider);
- int index;
+ enum connman_provider_state state = CONNMAN_PROVIDER_STATE_UNKNOWN;
+ int err = 0;
- if (ifname == NULL || data == NULL)
- return -EIO;
+ DBG("provider %p new state %s", data->provider, data->state);
- index = connman_inet_ifindex(ifname);
- if (index < 0)
- return -EIO;
+ if (!provider_is_connected(data)) {
+ g_free(data->service_ident);
+ data->service_ident = NULL;
+ }
+
+ if (g_str_equal(data->state, "ready")) {
+ state = CONNMAN_PROVIDER_STATE_READY;
+ goto set;
+ } else if (g_str_equal(data->state, "configuration")) {
+ state = CONNMAN_PROVIDER_STATE_CONNECT;
+ } else if (g_str_equal(data->state, "idle")) {
+ state = CONNMAN_PROVIDER_STATE_IDLE;
+ } else if (g_str_equal(data->state, "disconnect")) {
+ err = ECONNREFUSED;
+ state = CONNMAN_PROVIDER_STATE_DISCONNECT;
+ goto set;
+ } else if (g_str_equal(data->state, "failure")) {
+ err = ECONNREFUSED;
+ state = CONNMAN_PROVIDER_STATE_FAILURE;
+ goto set;
+ }
- if (data->if_name != NULL)
- g_free(data->if_name);
+ connman_provider_set_state(data->provider, state);
+ return;
- data->if_name = (char *)g_strdup(ifname);
- connman_provider_set_index(provider, index);
+set:
+ if (data->cb_data)
+ data->cb_data->callback(data->cb_data->message,
+ err, data->ident);
- return 0;
+ connman_provider_set_state(data->provider, state);
+
+ free_config_cb_data(data->cb_data);
+ data->cb_data = NULL;
}
-static void vpn_newlink(unsigned flags, unsigned change, void *user_data)
+static int create_provider(struct connection_data *data, void *user_data)
{
- struct connman_provider *provider = user_data;
- struct vpn_data *data = connman_provider_get_data(provider);
+ struct connman_provider_driver *driver = user_data;
+ int err;
+
+ DBG("%s", data->path);
+
+ data->provider = connman_provider_get(data->ident);
+ if (!data->provider)
+ return -ENOMEM;
- if ((data->flags & IFF_UP) != (flags & IFF_UP)) {
- if (flags & IFF_UP) {
- data->state = VPN_STATE_READY;
- connman_provider_set_state(provider,
- CONNMAN_PROVIDER_STATE_READY);
+ DBG("provider %p name %s", data->provider, data->name);
+
+ connman_provider_set_data(data->provider, data);
+ connman_provider_set_driver(data->provider, driver);
+
+ err = connman_provider_create_service(data->provider);
+ if (err == 0) {
+ connman_provider_set_immutable(data->provider, data->immutable);
+ if (g_str_equal(data->state, "ready")) {
+ connman_provider_set_index(data->provider,
+ data->index);
+ if (data->ip)
+ connman_provider_set_ipaddress(data->provider,
+ data->ip);
}
+
+ set_provider_state(data);
}
- data->flags = flags;
+
+ return 0;
}
-static DBusMessage *vpn_notify(struct connman_task *task,
- DBusMessage *msg, void *user_data)
+static void destroy_route(gpointer user_data)
{
- struct connman_provider *provider = user_data;
- struct vpn_data *data;
- struct vpn_driver_data *vpn_driver_data;
- const char *name;
- int state, index;
+ struct vpn_route *route = user_data;
- data = connman_provider_get_data(provider);
+ g_free(route->network);
+ g_free(route->netmask);
+ g_free(route->gateway);
+ g_free(route);
+}
- name = connman_provider_get_driver_name(provider);
- if (name == NULL)
- return NULL;
+static struct connection_data *create_connection_data(const char *path)
+{
+ struct connection_data *data;
- vpn_driver_data = g_hash_table_lookup(driver_hash, name);
- if (vpn_driver_data == NULL)
+ data = g_try_new0(struct connection_data, 1);
+ if (!data)
return NULL;
- state = vpn_driver_data->vpn_driver->notify(msg, provider);
- switch (state) {
- case VPN_STATE_CONNECT:
- case VPN_STATE_READY:
- index = connman_provider_get_index(provider);
- data->watch = connman_rtnl_add_newlink_watch(index,
- vpn_newlink, provider);
- connman_inet_ifup(index);
- break;
+ DBG("path %s", path);
- case VPN_STATE_UNKNOWN:
- case VPN_STATE_IDLE:
- case VPN_STATE_DISCONNECT:
- case VPN_STATE_FAILURE:
- connman_provider_set_state(provider,
- CONNMAN_PROVIDER_STATE_DISCONNECT);
- break;
+ data->path = g_strdup(path);
+ data->ident = g_strdup(get_ident(path));
+ data->index = -1;
- case VPN_STATE_AUTH_FAILURE:
- connman_provider_indicate_error(provider,
- CONNMAN_PROVIDER_ERROR_AUTH_FAILED);
+ data->setting_strings = g_hash_table_new_full(g_str_hash,
+ g_str_equal, g_free, g_free);
+
+ data->server_routes = g_hash_table_new_full(g_direct_hash,
+ g_str_equal, g_free, destroy_route);
+ data->user_routes = g_hash_table_new_full(g_str_hash,
+ g_str_equal, g_free, destroy_route);
+
+ return data;
+}
+
+static int extract_ip(DBusMessageIter *array, int family,
+ struct connection_data *data)
+{
+ DBusMessageIter dict;
+ char *address = NULL, *gateway = NULL, *netmask = NULL, *peer = NULL;
+ unsigned char prefix_len;
+
+ if (dbus_message_iter_get_arg_type(array) != DBUS_TYPE_ARRAY)
+ return -EINVAL;
+
+ dbus_message_iter_recurse(array, &dict);
+
+ while (dbus_message_iter_get_arg_type(&dict) == DBUS_TYPE_DICT_ENTRY) {
+ DBusMessageIter entry, value;
+ const char *key;
+
+ dbus_message_iter_recurse(&dict, &entry);
+ dbus_message_iter_get_basic(&entry, &key);
+
+ dbus_message_iter_next(&entry);
+ dbus_message_iter_recurse(&entry, &value);
+
+ if (g_str_equal(key, "Address")) {
+ dbus_message_iter_get_basic(&value, &address);
+ DBG("address %s", address);
+ } else if (g_str_equal(key, "Netmask")) {
+ dbus_message_iter_get_basic(&value, &netmask);
+ DBG("netmask %s", netmask);
+ } else if (g_str_equal(key, "PrefixLength")) {
+ dbus_message_iter_get_basic(&value, &netmask);
+ DBG("prefix length %s", netmask);
+ } else if (g_str_equal(key, "Peer")) {
+ dbus_message_iter_get_basic(&value, &peer);
+ DBG("peer %s", peer);
+ } else if (g_str_equal(key, "Gateway")) {
+ dbus_message_iter_get_basic(&value, &gateway);
+ DBG("gateway %s", gateway);
+ }
+
+ dbus_message_iter_next(&dict);
+ }
+
+ connman_ipaddress_free(data->ip);
+ data->ip = connman_ipaddress_alloc(family);
+ if (!data->ip)
+ return -ENOMEM;
+
+ switch (family) {
+ case AF_INET:
+ connman_ipaddress_set_ipv4(data->ip, address, netmask,
+ gateway);
break;
+ case AF_INET6:
+ prefix_len = atoi(netmask);
+ connman_ipaddress_set_ipv6(data->ip, address, prefix_len,
+ gateway);
+ break;
+ default:
+ return -EINVAL;
}
- return NULL;
+ connman_ipaddress_set_peer(data->ip, peer);
+
+ return 0;
}
-static int vpn_create_tun(struct connman_provider *provider)
+static int extract_nameservers(DBusMessageIter *array,
+ struct connection_data *data)
{
- struct vpn_data *data = connman_provider_get_data(provider);
- struct ifreq ifr;
- int i, fd, index;
- int ret = 0;
+ DBusMessageIter entry;
+ char **nameservers = NULL;
+ int i = 0;
+
+ dbus_message_iter_recurse(array, &entry);
+
+ while (dbus_message_iter_get_arg_type(&entry) == DBUS_TYPE_STRING) {
+ const char *nameserver;
+
+ dbus_message_iter_get_basic(&entry, &nameserver);
+
+ nameservers = g_try_renew(char *, nameservers, i + 2);
+ if (!nameservers)
+ return -ENOMEM;
+
+ DBG("[%d] %s", i, nameserver);
+
+ nameservers[i] = g_strdup(nameserver);
+ if (!nameservers[i])
+ return -ENOMEM;
+
+ nameservers[++i] = NULL;
+
+ dbus_message_iter_next(&entry);
+ }
+
+ g_strfreev(data->nameservers);
+ data->nameservers = nameservers;
+
+ return 0;
+}
+
+static int errorstr2val(const char *error) {
+ if (g_strcmp0(error, CONNMAN_ERROR_INTERFACE ".InProgress") == 0)
+ return -EINPROGRESS;
- if (data == NULL)
+ if (g_strcmp0(error, CONNMAN_ERROR_INTERFACE ".AlreadyConnected") == 0)
return -EISCONN;
- fd = open("/dev/net/tun", O_RDWR | O_CLOEXEC);
- if (fd < 0) {
- i = -errno;
- connman_error("Failed to open /dev/net/tun: %s",
- strerror(errno));
- ret = i;
- goto exist_err;
+ if (g_strcmp0(error, CONNMAN_ERROR_INTERFACE ".OperationCanceled") == 0)
+ return -ECANCELED;
+
+ return -ECONNREFUSED;
+}
+
+static void connect_reply(DBusPendingCall *call, void *user_data)
+{
+ DBusMessage *reply;
+ DBusError error;
+ struct connection_data *data = user_data;
+ struct config_create_data *cb_data = data->cb_data;
+
+ if (!dbus_pending_call_get_completed(call))
+ return;
+
+ if (call != data->call) {
+ connman_error("invalid call %p to VPN connect_reply data %p "
+ " call %p ", call, data, data->call);
+ dbus_pending_call_unref(call);
+ return;
}
- memset(&ifr, 0, sizeof(ifr));
- ifr.ifr_flags = IFF_TUN | IFF_NO_PI;
+ DBG("user_data %p path %s", user_data, cb_data ? cb_data->path : NULL);
+
+ reply = dbus_pending_call_steal_reply(call);
+ if (!reply)
+ goto out;
+
+ dbus_error_init(&error);
+
+ if (dbus_set_error_from_message(&error, reply)) {
+ int err = errorstr2val(error.name);
+
+ /*
+ * ECANCELED means that user has canceled authentication
+ * dialog. That's not really an error, it's part of a normal
+ * workflow. We also take it as a request to turn autoconnect
+ * off, in case if it was on.
+ */
+ if (err == -ECANCELED) {
+ DBG("%s connect canceled", data->path);
+ connman_provider_set_autoconnect(data->provider, false);
+ } else if (err != -EINPROGRESS) {
+ connman_error("Connect reply: %s (%s)", error.message,
+ error.name);
+ DBG("data %p cb_data %p", data, cb_data);
+
+ if (cb_data) {
+ cb_data->callback(cb_data->message, err, NULL);
+ free_config_cb_data(cb_data);
+ data->cb_data = NULL;
+ }
+ }
+
+ dbus_error_free(&error);
+ }
- for (i = 0; i < 256; i++) {
- sprintf(ifr.ifr_name, "vpn%d", i);
+ /*
+ * The vpn connection is up when we get a "ready" state
+ * property so at this point we do nothing for the provider
+ * state.
+ */
- if (!ioctl(fd, TUNSETIFF, (void *)&ifr))
- break;
+ dbus_message_unref(reply);
+
+out:
+ dbus_pending_call_unref(data->call);
+
+ data->call = NULL;
+ data->connect_pending = false;
+}
+
+static int connect_provider(struct connection_data *data, void *user_data,
+ const char *dbus_sender)
+{
+ DBusPendingCall *call;
+ DBusMessage *message;
+ struct config_create_data *cb_data = user_data;
+ struct connman_service *transport = connman_service_get_default();
+
+ DBG("data %p user %p path %s sender %s", data, cb_data, data->path,
+ dbus_sender);
+
+ if (!transport) {
+ DBG("no default service, refusing to connect");
+ return -EINVAL;
}
- if (i == 256) {
- connman_error("Failed to find available tun device");
- close(fd);
- ret = -ENODEV;
- goto exist_err;
+ if (data->connect_pending && data->call) {
+ connman_info("connect already pending");
+ return -EALREADY;
+ }
+
+ /* We need to pass original dbus sender to connman-vpnd,
+ * use a Connect2 method for that if the original dbus sender is set.
+ * Connect method requires no parameter, Connect2 requires dbus sender
+ * name to be set.
+ */
+ message = dbus_message_new_method_call(VPN_SERVICE, data->path,
+ VPN_CONNECTION_INTERFACE,
+ dbus_sender && *dbus_sender ?
+ VPN_CONNECT2 : VPN_CONNECT);
+ if (!message)
+ return -ENOMEM;
+
+ if (dbus_sender && *dbus_sender)
+ dbus_message_append_args(message, DBUS_TYPE_STRING,
+ &dbus_sender, NULL);
+ else
+ dbus_sender = "";
+
+ if (!dbus_connection_send_with_reply(connection, message,
+ &call, DBUS_TIMEOUT)) {
+ connman_error("Unable to call %s.%s()",
+ VPN_CONNECTION_INTERFACE, dbus_sender && *dbus_sender ?
+ VPN_CONNECT2 : VPN_CONNECT);
+ dbus_message_unref(message);
+ return -EINVAL;
}
- data->if_name = (char *)g_strdup(ifr.ifr_name);
- if (data->if_name == NULL) {
- connman_error("Failed to allocate memory");
- close(fd);
- ret = -ENOMEM;
- goto exist_err;
+ if (!call) {
+ dbus_message_unref(message);
+ return -EINVAL;
}
- if (ioctl(fd, TUNSETPERSIST, 1)) {
- i = -errno;
- connman_error("Failed to set tun persistent: %s",
- strerror(errno));
- close(fd);
- ret = i;
- goto exist_err;
+ if (data->call) {
+ dbus_pending_call_cancel(data->call);
+ dbus_pending_call_unref(data->call);
}
- close(fd);
+ data->call = call;
+ data->connect_pending = true;
- index = connman_inet_ifindex(data->if_name);
- if (index < 0) {
- connman_error("Failed to get tun ifindex");
- stop_vpn(provider);
- ret = -EIO;
- goto exist_err;
+ if (cb_data) {
+ g_free(cb_data->path);
+ cb_data->path = g_strdup(data->path);
}
- connman_provider_set_index(provider, index);
- return 0;
+ /*
+ * This is the service which (most likely) will be used
+ * as a transport for VPN connection.
+ */
+ g_free(data->service_ident);
+ data->service_ident =
+ g_strdup(connman_service_get_identifier(transport));
+ DBG("transport %s", data->service_ident);
-exist_err:
- return ret;
+ dbus_pending_call_set_notify(call, connect_reply, data, NULL);
+
+ dbus_message_unref(message);
+
+ return -EINPROGRESS;
}
-static int vpn_connect(struct connman_provider *provider)
+static void add_connection(const char *path, DBusMessageIter *properties,
+ void *user_data)
{
- struct vpn_data *data = connman_provider_get_data(provider);
- struct vpn_driver_data *vpn_driver_data;
- const char *name;
- int ret = 0;
+ struct connection_data *data;
+ int err;
+ char *ident = get_ident(path);
+ bool found = false;
+
+ data = g_hash_table_lookup(vpn_connections, ident);
+ if (data) {
+ /*
+ * We might have a dummy connection struct here that
+ * was created by configuration_create_reply() so in
+ * that case just continue.
+ */
+ if (!data->connect_pending)
+ return;
+
+ found = true;
+ } else {
+ data = create_connection_data(path);
+ if (!data)
+ return;
+ }
- if (data != NULL)
- return -EISCONN;
+ DBG("data %p path %s", data, path);
+
+ while (dbus_message_iter_get_arg_type(properties) ==
+ DBUS_TYPE_DICT_ENTRY) {
+ DBusMessageIter entry, value;
+ const char *key;
+ char *str;
+
+ dbus_message_iter_recurse(properties, &entry);
+ dbus_message_iter_get_basic(&entry, &key);
+
+ dbus_message_iter_next(&entry);
+ dbus_message_iter_recurse(&entry, &value);
+
+ if (g_str_equal(key, "State")) {
+ dbus_message_iter_get_basic(&value, &str);
+ DBG("state %s -> %s", data->state, str);
+ data->state = g_strdup(str);
+ } else if (g_str_equal(key, "IPv4")) {
+ extract_ip(&value, AF_INET, data);
+ } else if (g_str_equal(key, "IPv6")) {
+ extract_ip(&value, AF_INET6, data);
+ } else if (g_str_equal(key, "Name")) {
+ dbus_message_iter_get_basic(&value, &str);
+ data->name = g_strdup(str);
+ } else if (g_str_equal(key, "Type")) {
+ dbus_message_iter_get_basic(&value, &str);
+ data->type = g_strdup(str);
+ } else if (g_str_equal(key, "Immutable")) {
+ dbus_bool_t immutable;
+
+ dbus_message_iter_get_basic(&value, &immutable);
+ data->immutable = immutable;
+ } else if (g_str_equal(key, "Host")) {
+ dbus_message_iter_get_basic(&value, &str);
+ data->host = g_strdup(str);
+ } else if (g_str_equal(key, "Domain")) {
+ dbus_message_iter_get_basic(&value, &str);
+ g_free(data->domain);
+ data->domain = g_strdup(str);
+ } else if (g_str_equal(key, "Nameservers")) {
+ extract_nameservers(&value, data);
+ } else if (g_str_equal(key, "Index")) {
+ dbus_message_iter_get_basic(&value, &data->index);
+ } else if (g_str_equal(key, "ServerRoutes")) {
+ /* Ignored */
+ } else if (g_str_equal(key, "UserRoutes")) {
+ /* Ignored */
+ } else {
+ if (dbus_message_iter_get_arg_type(&value) ==
+ DBUS_TYPE_STRING) {
+ dbus_message_iter_get_basic(&value, &str);
+ g_hash_table_replace(data->setting_strings,
+ g_strdup(key), g_strdup(str));
+ } else {
+ DBG("unknown key %s", key);
+ }
+ }
- data = g_try_new0(struct vpn_data, 1);
- if (data == NULL)
- return -ENOMEM;
+ dbus_message_iter_next(properties);
+ }
- data->provider = connman_provider_ref(provider);
- data->watch = 0;
- data->flags = 0;
- data->task = NULL;
- data->state = VPN_STATE_IDLE;
+ if (!found)
+ g_hash_table_insert(vpn_connections, g_strdup(data->ident),
+ data);
- connman_provider_set_data(provider, data);
+ err = create_provider(data, user_data);
+ if (err < 0)
+ goto out;
- name = connman_provider_get_driver_name(provider);
- if (name == NULL)
- return -EINVAL;
+ resolv_host_addr(data);
+
+ if (data->nameservers)
+ connman_provider_set_nameservers(data->provider,
+ data->nameservers);
- vpn_driver_data = g_hash_table_lookup(driver_hash, name);
+ if (data->domain)
+ connman_provider_set_domain(data->provider,
+ data->domain);
- if (vpn_driver_data != NULL && vpn_driver_data->vpn_driver != NULL &&
- vpn_driver_data->vpn_driver->flags != VPN_FLAG_NO_TUN) {
+ if (data->connect_pending) {
+ const char *dbus_sender = NULL;
- ret = vpn_create_tun(provider);
- if (ret < 0)
- goto exist_err;
+ if (data->cb_data && data->cb_data->message) {
+ dbus_sender =
+ dbus_message_get_sender(data->cb_data->message);
+ }
+ connect_provider(data, data->cb_data, dbus_sender);
}
- data->task = connman_task_create(vpn_driver_data->program);
+ return;
+
+out:
+ DBG("removing %s", data->ident);
+ g_hash_table_remove(vpn_connections, data->ident);
+}
+
+static void get_connections_reply(DBusPendingCall *call, void *user_data)
+{
+ DBusMessage *reply;
+ DBusError error;
+ DBusMessageIter array, dict;
+ const char *signature = DBUS_TYPE_ARRAY_AS_STRING
+ DBUS_STRUCT_BEGIN_CHAR_AS_STRING
+ DBUS_TYPE_OBJECT_PATH_AS_STRING
+ DBUS_TYPE_ARRAY_AS_STRING
+ DBUS_DICT_ENTRY_BEGIN_CHAR_AS_STRING
+ DBUS_TYPE_STRING_AS_STRING
+ DBUS_TYPE_VARIANT_AS_STRING
+ DBUS_DICT_ENTRY_END_CHAR_AS_STRING
+ DBUS_STRUCT_END_CHAR_AS_STRING;
+
+ if (!dbus_pending_call_get_completed(call))
+ return;
- if (data->task == NULL) {
- ret = -ENOMEM;
- stop_vpn(provider);
- goto exist_err;
+ DBG("");
+
+ reply = dbus_pending_call_steal_reply(call);
+
+ dbus_error_init(&error);
+
+ if (dbus_set_error_from_message(&error, reply)) {
+ connman_error("%s", error.message);
+ dbus_error_free(&error);
+ goto done;
}
- if (connman_task_set_notify(data->task, "notify",
- vpn_notify, provider)) {
- ret = -ENOMEM;
- stop_vpn(provider);
- connman_task_destroy(data->task);
- data->task = NULL;
- goto exist_err;
+ if (!dbus_message_has_signature(reply, signature)) {
+ connman_error("vpnd signature \"%s\" does not match "
+ "expected \"%s\"",
+ dbus_message_get_signature(reply), signature);
+ goto done;
}
- ret = vpn_driver_data->vpn_driver->connect(provider, data->task,
- data->if_name);
- if (ret < 0) {
- stop_vpn(provider);
- connman_task_destroy(data->task);
- data->task = NULL;
- goto exist_err;
+ if (!dbus_message_iter_init(reply, &array))
+ goto done;
+
+ dbus_message_iter_recurse(&array, &dict);
+
+ while (dbus_message_iter_get_arg_type(&dict) == DBUS_TYPE_STRUCT) {
+ DBusMessageIter value, properties;
+ const char *path;
+
+ dbus_message_iter_recurse(&dict, &value);
+ dbus_message_iter_get_basic(&value, &path);
+
+ dbus_message_iter_next(&value);
+ dbus_message_iter_recurse(&value, &properties);
+
+ add_connection(path, &properties, user_data);
+
+ dbus_message_iter_next(&dict);
}
- DBG("%s started with dev %s",
- vpn_driver_data->provider_driver.name, data->if_name);
+done:
+ dbus_message_unref(reply);
- data->state = VPN_STATE_CONNECT;
+ dbus_pending_call_unref(call);
+}
- return -EINPROGRESS;
+static int get_connections(void *user_data)
+{
+ DBusPendingCall *call;
+ DBusMessage *message;
-exist_err:
- connman_provider_set_index(provider, -1);
- connman_provider_set_data(provider, NULL);
- connman_provider_unref(data->provider);
- g_free(data->if_name);
- g_free(data);
+ DBG("");
- return ret;
+ message = dbus_message_new_method_call(VPN_SERVICE, "/",
+ VPN_MANAGER_INTERFACE,
+ GET_CONNECTIONS);
+ if (!message)
+ return -ENOMEM;
+
+ if (!dbus_connection_send_with_reply(connection, message,
+ &call, DBUS_TIMEOUT)) {
+ connman_error("Unable to call %s.%s()", VPN_MANAGER_INTERFACE,
+ GET_CONNECTIONS);
+ dbus_message_unref(message);
+ return -EINVAL;
+ }
+
+ if (!call) {
+ dbus_message_unref(message);
+ return -EINVAL;
+ }
+
+ dbus_pending_call_set_notify(call, get_connections_reply,
+ user_data, NULL);
+
+ dbus_message_unref(message);
+
+ return -EINPROGRESS;
}
-static int vpn_probe(struct connman_provider *provider)
+static int provider_probe(struct connman_provider *provider)
{
return 0;
}
-static int vpn_disconnect(struct connman_provider *provider)
+static void remove_connection_reply(DBusPendingCall *call, void *user_data)
{
- struct vpn_data *data = connman_provider_get_data(provider);
- struct vpn_driver_data *vpn_driver_data;
- const char *name;
+ DBusMessage *reply;
+ DBusError error;
- DBG("disconnect provider %p:", provider);
+ if (!dbus_pending_call_get_completed(call))
+ return;
- if (data == NULL)
- return 0;
+ DBG("");
- name = connman_provider_get_driver_name(provider);
- if (name == NULL)
- return 0;
+ reply = dbus_pending_call_steal_reply(call);
- vpn_driver_data = g_hash_table_lookup(driver_hash, name);
- if (vpn_driver_data->vpn_driver->disconnect)
- vpn_driver_data->vpn_driver->disconnect();
+ dbus_error_init(&error);
- if (data->watch != 0)
- connman_rtnl_remove_watch(data->watch);
+ if (dbus_set_error_from_message(&error, reply)) {
+ /*
+ * If the returned error is NotFound, it means that we
+ * have actually removed the provider in vpnd already.
+ */
+ if (!dbus_error_has_name(&error,
+ CONNMAN_ERROR_INTERFACE".NotFound"))
+ connman_error("%s", error.message);
- data->watch = 0;
- data->state = VPN_STATE_DISCONNECT;
- connman_task_stop(data->task);
+ dbus_error_free(&error);
+ }
- return 0;
+ dbus_message_unref(reply);
+
+ dbus_pending_call_unref(call);
}
-static int vpn_remove(struct connman_provider *provider)
+static int provider_remove(struct connman_provider *provider)
{
- struct vpn_data *data;
+ DBusPendingCall *call;
+ DBusMessage *message;
+ struct connection_data *data;
data = connman_provider_get_data(provider);
- if (data == NULL)
- return 0;
- if (data->watch != 0)
- connman_rtnl_remove_watch(data->watch);
- data->watch = 0;
- connman_task_stop(data->task);
+ DBG("provider %p data %p", provider, data);
+
+ if (!data) {
+ /*
+ * This means the provider is already removed,
+ * just ignore the dbus in this case.
+ */
+ return -EALREADY;
+ }
+
+ /*
+ * When provider.c:provider_remove() calls this function,
+ * it will remove the provider itself after the call.
+ * This means that we cannot use the provider pointer later
+ * as it is no longer valid.
+ */
+ data->provider = NULL;
+
+ message = dbus_message_new_method_call(VPN_SERVICE, "/",
+ VPN_MANAGER_INTERFACE,
+ VPN_REMOVE);
+ if (!message)
+ return -ENOMEM;
+
+ dbus_message_append_args(message, DBUS_TYPE_OBJECT_PATH, &data->path,
+ NULL);
+
+ if (!dbus_connection_send_with_reply(connection, message,
+ &call, DBUS_TIMEOUT)) {
+ connman_error("Unable to call %s.%s()", VPN_MANAGER_INTERFACE,
+ VPN_REMOVE);
+ dbus_message_unref(message);
+ return -EINVAL;
+ }
+
+ if (!call) {
+ dbus_message_unref(message);
+ return -EINVAL;
+ }
+
+ dbus_pending_call_set_notify(call, remove_connection_reply,
+ NULL, NULL);
+
+ dbus_message_unref(message);
- g_usleep(G_USEC_PER_SEC);
- stop_vpn(provider);
return 0;
}
-static int vpn_save (struct connman_provider *provider, GKeyFile *keyfile)
+static int provider_connect(struct connman_provider *provider,
+ const char *dbus_sender)
{
- struct vpn_driver_data *vpn_driver_data;
- const char *name;
+ struct connection_data *data;
- name = connman_provider_get_driver_name(provider);
- vpn_driver_data = g_hash_table_lookup(driver_hash, name);
- if (vpn_driver_data != NULL &&
- vpn_driver_data->vpn_driver->save != NULL)
- return vpn_driver_data->vpn_driver->save(provider, keyfile);
+ data = connman_provider_get_data(provider);
+ if (!data)
+ return -EINVAL;
- return 0;
+ return connect_provider(data, NULL, dbus_sender);
}
-int vpn_register(const char *name, struct vpn_driver *vpn_driver,
- const char *program)
+static void disconnect_reply(DBusPendingCall *call, void *user_data)
{
- struct vpn_driver_data *data;
+ struct connection_data *data = user_data;
+ DBusMessage *reply;
+ DBusError error;
- data = g_try_new0(struct vpn_driver_data, 1);
- if (data == NULL)
- return -ENOMEM;
+ DBG("user %p", user_data);
+
+ reply = dbus_pending_call_steal_reply(call);
+
+ dbus_error_init(&error);
+
+ if (dbus_set_error_from_message(&error, reply)) {
+ connman_error("%s", error.message);
+ dbus_error_free(&error);
+ goto done;
+ }
+
+done:
+ dbus_message_unref(reply);
+ dbus_pending_call_unref(call);
+ data->disconnect_call = NULL;
+}
+
+static int disconnect_provider(struct connection_data *data)
+{
+ bool sent;
+ DBusMessage *message;
+
+ DBG("data %p path %s", data, data->path);
- data->name = name;
- data->program = program;
+ if (data->disconnect_call) {
+ DBG("already disconnecting");
+ return -EINVAL;
+ }
- data->vpn_driver = vpn_driver;
+ message = dbus_message_new_method_call(VPN_SERVICE, data->path,
+ VPN_CONNECTION_INTERFACE,
+ VPN_DISCONNECT);
+ if (!message)
+ return -ENOMEM;
- data->provider_driver.name = name;
- data->provider_driver.disconnect = vpn_disconnect;
- data->provider_driver.connect = vpn_connect;
- data->provider_driver.probe = vpn_probe;
- data->provider_driver.remove = vpn_remove;
- data->provider_driver.save = vpn_save;
+ sent = dbus_connection_send_with_reply(connection, message,
+ &data->disconnect_call, DBUS_TIMEOUT);
+ dbus_message_unref(message);
- if (driver_hash == NULL) {
- driver_hash = g_hash_table_new_full(g_str_hash,
- g_str_equal,
- NULL, g_free);
+ if (!sent || !data->disconnect_call) {
+ connman_error("Unable to call %s.%s()",
+ VPN_CONNECTION_INTERFACE, VPN_DISCONNECT);
+ return -EINVAL;
}
- g_hash_table_insert(driver_hash, (char *)name, data);
+ dbus_pending_call_set_notify(data->disconnect_call, disconnect_reply,
+ data, NULL);
- connman_provider_driver_register(&data->provider_driver);
+ g_free(data->service_ident);
+ data->service_ident = NULL;
- return 0;
+ connman_provider_set_state(data->provider,
+ CONNMAN_PROVIDER_STATE_DISCONNECT);
+ return -EINPROGRESS;
}
-void vpn_unregister(const char *name)
+static int provider_disconnect(struct connman_provider *provider)
{
- struct vpn_driver_data *data;
+ int err = 0;
+
+ struct connection_data *data;
+
+ DBG("provider %p", provider);
+
+ data = connman_provider_get_data(provider);
+ if (!data)
+ return -EINVAL;
- data = g_hash_table_lookup(driver_hash, name);
- if (data == NULL)
+ if (provider_is_connected(data))
+ err = disconnect_provider(data);
+
+ if (data->call) {
+ dbus_pending_call_cancel(data->call);
+ dbus_pending_call_unref(data->call);
+ data->call = NULL;
+ }
+
+ data->connect_pending = false;
+
+ return err;
+}
+
+static void configuration_create_reply(DBusPendingCall *call, void *user_data)
+{
+ DBusMessage *reply;
+ DBusError error;
+ DBusMessageIter iter;
+ const char *signature = DBUS_TYPE_OBJECT_PATH_AS_STRING;
+ const char *path;
+ char *ident;
+ struct connection_data *data;
+ struct config_create_data *cb_data = user_data;
+
+ if (!dbus_pending_call_get_completed(call))
return;
- connman_provider_driver_unregister(&data->provider_driver);
+ DBG("user %p", cb_data);
+
+ reply = dbus_pending_call_steal_reply(call);
+
+ dbus_error_init(&error);
+
+ if (dbus_set_error_from_message(&error, reply)) {
+ connman_error("dbus error: %s", error.message);
+ dbus_error_free(&error);
+ goto done;
+ }
+
+ if (!dbus_message_has_signature(reply, signature)) {
+ connman_error("vpn configuration signature \"%s\" does not "
+ "match expected \"%s\"",
+ dbus_message_get_signature(reply), signature);
+ goto done;
+ }
+
+ if (!dbus_message_iter_init(reply, &iter))
+ goto done;
+
+ dbus_message_iter_get_basic(&iter, &path);
+
+ /*
+ * Then try to connect the VPN as expected by ConnectProvider API
+ */
+ ident = get_ident(path);
- g_hash_table_remove(driver_hash, name);
+ data = g_hash_table_lookup(vpn_connections, ident);
+ if (!data) {
+ /*
+ * Someone removed the data. We cannot really continue.
+ */
+ DBG("Pending data not found for %s, cannot continue!", ident);
+ } else {
+ data->call = NULL;
+ data->connect_pending = true;
- if (g_hash_table_size(driver_hash) == 0)
- g_hash_table_destroy(driver_hash);
+ if (!data->cb_data)
+ data->cb_data = cb_data;
+ else
+ DBG("Connection callback data already in use!");
+
+ /*
+ * Connection is created in add_connections() after
+ * we have received the ConnectionAdded signal.
+ */
+
+ DBG("cb %p msg %p", data->cb_data,
+ data->cb_data ? data->cb_data->message : NULL);
+ }
+
+done:
+ dbus_message_unref(reply);
+
+ dbus_pending_call_unref(call);
+}
+
+static void set_dbus_ident(char *ident)
+{
+ int i, len = strlen(ident);
+
+ for (i = 0; i < len; i++) {
+ if (ident[i] >= '0' && ident[i] <= '9')
+ continue;
+ if (ident[i] >= 'a' && ident[i] <= 'z')
+ continue;
+ if (ident[i] >= 'A' && ident[i] <= 'Z')
+ continue;
+ ident[i] = '_';
+ }
}
+
+static struct vpn_route *parse_user_route(const char *user_route)
+{
+ char *network, *netmask;
+ struct vpn_route *route = NULL;
+ int family = PF_UNSPEC;
+ char **elems = g_strsplit(user_route, "/", 0);
+
+ if (!elems)
+ return NULL;
+
+ network = elems[0];
+ if (!network || *network == '\0') {
+ DBG("no network/netmask set");
+ goto out;
+ }
+
+ netmask = elems[1];
+ if (netmask && *netmask == '\0') {
+ DBG("no netmask set");
+ goto out;
+ }
+
+ if (g_strrstr(network, ":"))
+ family = AF_INET6;
+ else if (g_strrstr(network, ".")) {
+ family = AF_INET;
+
+ if (!g_strrstr(netmask, ".")) {
+ /* We have netmask length */
+ in_addr_t addr;
+ struct in_addr netmask_in;
+ unsigned char prefix_len = 32;
+
+ if (netmask) {
+ char *ptr;
+ long int value = strtol(netmask, &ptr, 10);
+ if (ptr != netmask && *ptr == '\0' &&
+ value && value <= 32)
+ prefix_len = value;
+ }
+
+ addr = 0xffffffff << (32 - prefix_len);
+ netmask_in.s_addr = htonl(addr);
+ netmask = inet_ntoa(netmask_in);
+
+ DBG("network %s netmask %s", network, netmask);
+ }
+ }
+
+ route = g_try_new(struct vpn_route, 1);
+ if (!route)
+ goto out;
+
+ route->network = g_strdup(network);
+ route->netmask = g_strdup(netmask);
+ route->gateway = NULL;
+ route->family = family;
+
+out:
+ g_strfreev(elems);
+ return route;
+}
+
+static GSList *get_user_networks(DBusMessageIter *array)
+{
+ DBusMessageIter entry;
+ GSList *list = NULL;
+
+ dbus_message_iter_recurse(array, &entry);
+
+ while (dbus_message_iter_get_arg_type(&entry) == DBUS_TYPE_STRING) {
+ const char *val;
+ struct vpn_route *route;
+
+ dbus_message_iter_get_basic(&entry, &val);
+
+ route = parse_user_route(val);
+ if (route)
+ list = g_slist_prepend(list, route);
+
+ dbus_message_iter_next(&entry);
+ }
+
+ return list;
+}
+
+static void append_route(DBusMessageIter *iter, void *user_data)
+{
+ struct vpn_route *route = user_data;
+ DBusMessageIter item;
+ int family = 0;
+
+ connman_dbus_dict_open(iter, &item);
+
+ if (!route)
+ goto empty_dict;
+
+ if (route->family == AF_INET)
+ family = 4;
+ else if (route->family == AF_INET6)
+ family = 6;
+
+ if (family != 0)
+ connman_dbus_dict_append_basic(&item, "ProtocolFamily",
+ DBUS_TYPE_INT32, &family);
+
+ if (route->network)
+ connman_dbus_dict_append_basic(&item, "Network",
+ DBUS_TYPE_STRING, &route->network);
+
+ if (route->netmask)
+ connman_dbus_dict_append_basic(&item, "Netmask",
+ DBUS_TYPE_STRING, &route->netmask);
+
+ if (route->gateway)
+ connman_dbus_dict_append_basic(&item, "Gateway",
+ DBUS_TYPE_STRING, &route->gateway);
+
+empty_dict:
+ connman_dbus_dict_close(iter, &item);
+}
+
+static void append_routes(DBusMessageIter *iter, void *user_data)
+{
+ GSList *list, *routes = user_data;
+
+ DBG("routes %p", routes);
+
+ for (list = routes; list; list = g_slist_next(list)) {
+ DBusMessageIter dict;
+ struct vpn_route *route = list->data;
+
+ dbus_message_iter_open_container(iter, DBUS_TYPE_STRUCT, NULL,
+ &dict);
+ append_route(&dict, route);
+ dbus_message_iter_close_container(iter, &dict);
+ }
+}
+
+static int create_configuration(DBusMessage *msg, connection_ready_cb callback)
+{
+ DBusMessage *new_msg = NULL;
+ DBusPendingCall *call;
+ DBusMessageIter iter, array, new_iter, new_dict;
+ const char *type = NULL, *name = NULL;
+ const char *host = NULL, *domain = NULL;
+ char *ident, *me = NULL;
+ int err = 0;
+ dbus_bool_t result;
+ struct connection_data *data;
+ struct config_create_data *user_data = NULL;
+ GSList *networks = NULL;
+
+ /*
+ * We copy the old message data into new message. We cannot
+ * just use the old message as is because the user route
+ * information is not in the same format in vpnd.
+ */
+ new_msg = dbus_message_new(DBUS_MESSAGE_TYPE_METHOD_CALL);
+ dbus_message_iter_init_append(new_msg, &new_iter);
+ connman_dbus_dict_open(&new_iter, &new_dict);
+
+ dbus_message_iter_init(msg, &iter);
+ dbus_message_iter_recurse(&iter, &array);
+
+ while (dbus_message_iter_get_arg_type(&array) == DBUS_TYPE_DICT_ENTRY) {
+ DBusMessageIter entry, value;
+ void *item_value;
+ const char *key;
+ int value_type;
+
+ dbus_message_iter_recurse(&array, &entry);
+ dbus_message_iter_get_basic(&entry, &key);
+
+ dbus_message_iter_next(&entry);
+ dbus_message_iter_recurse(&entry, &value);
+
+ value_type = dbus_message_iter_get_arg_type(&value);
+ item_value = NULL;
+
+ switch (value_type) {
+ case DBUS_TYPE_STRING:
+ dbus_message_iter_get_basic(&value, &item_value);
+
+ if (g_str_equal(key, "Type"))
+ type = (const char *)item_value;
+ else if (g_str_equal(key, "Name"))
+ name = (const char *)item_value;
+ else if (g_str_equal(key, "Host"))
+ host = (const char *)item_value;
+ else if (g_str_equal(key, "VPN.Domain"))
+ domain = (const char *)item_value;
+
+ DBG("%s %s", key, (char *)item_value);
+
+ if (item_value)
+ connman_dbus_dict_append_basic(&new_dict, key,
+ value_type, &item_value);
+ break;
+ case DBUS_TYPE_ARRAY:
+ if (g_str_equal(key, "Networks")) {
+ networks = get_user_networks(&value);
+ connman_dbus_dict_append_array(&new_dict,
+ "UserRoutes",
+ DBUS_TYPE_DICT_ENTRY,
+ append_routes,
+ networks);
+ }
+ break;
+ }
+
+ dbus_message_iter_next(&array);
+ }
+
+ connman_dbus_dict_close(&new_iter, &new_dict);
+
+ DBG("VPN type %s name %s host %s domain %s networks %p",
+ type, name, host, domain, networks);
+
+ if (!host || !domain) {
+ err = -EINVAL;
+ goto done;
+ }
+
+ if (!type || !name) {
+ err = -EOPNOTSUPP;
+ goto done;
+ }
+
+ ident = g_strdup_printf("%s_%s", host, domain);
+ set_dbus_ident(ident);
+
+ DBG("ident %s", ident);
+
+ data = g_hash_table_lookup(vpn_connections, ident);
+ if (data) {
+ if (data->call || data->cb_data) {
+ DBG("create configuration call already pending");
+ err = -EINPROGRESS;
+ goto done;
+ }
+ } else {
+ char *path = g_strdup_printf("%s/connection/%s", VPN_PATH,
+ ident);
+ data = create_connection_data(path);
+ g_free(path);
+
+ if (!data) {
+ err = -ENOMEM;
+ goto done;
+ }
+
+ g_hash_table_insert(vpn_connections, g_strdup(ident), data);
+ }
+
+ /*
+ * User called net.connman.Manager.ConnectProvider if we are here.
+ * So use the data from original message in the new msg.
+ */
+ me = g_strdup(dbus_message_get_destination(msg));
+
+ dbus_message_set_interface(new_msg, VPN_MANAGER_INTERFACE);
+ dbus_message_set_path(new_msg, "/");
+ dbus_message_set_destination(new_msg, VPN_SERVICE);
+ dbus_message_set_sender(new_msg, me);
+ dbus_message_set_member(new_msg, "Create");
+
+ user_data = g_try_new0(struct config_create_data, 1);
+ if (!user_data) {
+ err = -ENOMEM;
+ goto done;
+ }
+
+ user_data->callback = callback;
+ user_data->message = dbus_message_ref(msg);
+ user_data->path = NULL;
+
+ DBG("cb %p msg %p", user_data, msg);
+
+ result = dbus_connection_send_with_reply(connection, new_msg,
+ &call, DBUS_TIMEOUT);
+ if (!result || !call) {
+ err = -EIO;
+ goto done;
+ }
+
+ dbus_pending_call_set_notify(call, configuration_create_reply,
+ user_data, NULL);
+ data->call = call;
+
+done:
+ if (new_msg)
+ dbus_message_unref(new_msg);
+
+ if (networks)
+ g_slist_free_full(networks, destroy_route);
+
+ g_free(me);
+ return err;
+}
+
+static bool check_host(char **hosts, char *host)
+{
+ int i;
+
+ if (!hosts)
+ return false;
+
+ for (i = 0; hosts[i]; i++) {
+ if (g_strcmp0(hosts[i], host) == 0)
+ return true;
+ }
+
+ return false;
+}
+
+static void set_route(struct connection_data *data, struct vpn_route *route)
+{
+ /*
+ * If the VPN administrator/user has given a route to
+ * VPN server, then we must discard that because the
+ * server cannot be contacted via VPN tunnel.
+ */
+ if (check_host(data->host_ip, route->network)) {
+ DBG("Discarding VPN route to %s via %s at index %d",
+ route->network, route->gateway, data->index);
+ return;
+ }
+
+ if (route->family == AF_INET6) {
+ unsigned char prefix_len = atoi(route->netmask);
+
+ connman_inet_add_ipv6_network_route(data->index,
+ route->network,
+ route->gateway,
+ prefix_len);
+ } else {
+ connman_inet_add_network_route(data->index, route->network,
+ route->gateway,
+ route->netmask);
+ }
+}
+
+static int set_routes(struct connman_provider *provider,
+ enum connman_provider_route_type type)
+{
+ struct connection_data *data;
+ GHashTableIter iter;
+ gpointer value, key;
+
+ DBG("provider %p", provider);
+
+ data = connman_provider_get_data(provider);
+ if (!data)
+ return -EINVAL;
+
+ if (type == CONNMAN_PROVIDER_ROUTE_ALL ||
+ type == CONNMAN_PROVIDER_ROUTE_USER) {
+ g_hash_table_iter_init(&iter, data->user_routes);
+
+ while (g_hash_table_iter_next(&iter, &key, &value))
+ set_route(data, value);
+ }
+
+ if (type == CONNMAN_PROVIDER_ROUTE_ALL ||
+ type == CONNMAN_PROVIDER_ROUTE_SERVER) {
+ g_hash_table_iter_init(&iter, data->server_routes);
+
+ while (g_hash_table_iter_next(&iter, &key, &value))
+ set_route(data, value);
+ }
+
+ return 0;
+}
+
+static bool check_routes(struct connman_provider *provider)
+{
+ struct connection_data *data;
+
+ DBG("provider %p", provider);
+
+ data = connman_provider_get_data(provider);
+ if (!data)
+ return false;
+
+ if (data->user_routes &&
+ g_hash_table_size(data->user_routes) > 0)
+ return true;
+
+ if (data->server_routes &&
+ g_hash_table_size(data->server_routes) > 0)
+ return true;
+
+ return false;
+}
+
+static struct connman_provider_driver provider_driver = {
+ .name = "VPN",
+ .type = CONNMAN_PROVIDER_TYPE_VPN,
+ .probe = provider_probe,
+ .remove = provider_remove,
+ .connect = provider_connect,
+ .disconnect = provider_disconnect,
+ .set_property = set_string,
+ .get_property = get_string,
+ .create = create_configuration,
+ .set_routes = set_routes,
+ .check_routes = check_routes,
+};
+
+static void destroy_provider(struct connection_data *data)
+{
+ DBG("data %p", data);
+
+ if (provider_is_connected(data))
+ connman_provider_disconnect(data->provider);
+
+ connman_provider_set_data(data->provider, NULL);
+ connman_provider_remove(data->provider);
+ data->provider = NULL;
+}
+
+static void connection_destroy(gpointer hash_data)
+{
+ struct connection_data *data = hash_data;
+
+ DBG("data %p", data);
+
+ if (data->provider)
+ destroy_provider(data);
+
+ if (data->call) {
+ dbus_pending_call_cancel(data->call);
+ dbus_pending_call_unref(data->call);
+ }
+
+ if (data->disconnect_call) {
+ dbus_pending_call_cancel(data->disconnect_call);
+ dbus_pending_call_unref(data->disconnect_call);
+ }
+
+ g_free(data->service_ident);
+ g_free(data->path);
+ g_free(data->ident);
+ g_free(data->state);
+ g_free(data->type);
+ g_free(data->name);
+ g_free(data->host);
+ g_strfreev(data->host_ip);
+ g_free(data->domain);
+ g_hash_table_destroy(data->server_routes);
+ g_hash_table_destroy(data->user_routes);
+ g_strfreev(data->nameservers);
+ g_hash_table_destroy(data->setting_strings);
+ connman_ipaddress_free(data->ip);
+
+ cancel_host_resolv(data);
+
+ g_free(data);
+}
+
+static void vpnd_created(DBusConnection *conn, void *user_data)
+{
+ DBG("connection %p", conn);
+
+ get_connections(user_data);
+}
+
+static void vpnd_removed(DBusConnection *conn, void *user_data)
+{
+ DBG("connection %p", conn);
+
+ g_hash_table_remove_all(vpn_connections);
+}
+
+static void remove_connection(DBusConnection *conn, const char *path)
+{
+ DBG("path %s", path);
+
+ g_hash_table_remove(vpn_connections, get_ident(path));
+}
+
+static gboolean connection_removed(DBusConnection *conn, DBusMessage *message,
+ void *user_data)
+{
+ const char *path;
+ const char *signature = DBUS_TYPE_OBJECT_PATH_AS_STRING;
+ struct connection_data *data;
+
+ if (!dbus_message_has_signature(message, signature)) {
+ connman_error("vpn removed signature \"%s\" does not match "
+ "expected \"%s\"",
+ dbus_message_get_signature(message), signature);
+ return TRUE;
+ }
+
+ dbus_message_get_args(message, NULL, DBUS_TYPE_OBJECT_PATH, &path,
+ DBUS_TYPE_INVALID);
+
+ data = g_hash_table_lookup(vpn_connections, get_ident(path));
+ if (data)
+ remove_connection(conn, path);
+
+ return TRUE;
+}
+
+static gboolean connection_added(DBusConnection *conn, DBusMessage *message,
+ void *user_data)
+{
+ DBusMessageIter iter, properties;
+ const char *path;
+ const char *signature = DBUS_TYPE_OBJECT_PATH_AS_STRING
+ DBUS_TYPE_ARRAY_AS_STRING
+ DBUS_DICT_ENTRY_BEGIN_CHAR_AS_STRING
+ DBUS_TYPE_STRING_AS_STRING
+ DBUS_TYPE_VARIANT_AS_STRING
+ DBUS_DICT_ENTRY_END_CHAR_AS_STRING;
+
+ if (!dbus_message_has_signature(message, signature)) {
+ connman_error("vpn ConnectionAdded signature \"%s\" does not "
+ "match expected \"%s\"",
+ dbus_message_get_signature(message), signature);
+ return TRUE;
+ }
+
+ DBG("");
+
+ if (!dbus_message_iter_init(message, &iter))
+ return TRUE;
+
+ dbus_message_iter_get_basic(&iter, &path);
+
+ dbus_message_iter_next(&iter);
+ dbus_message_iter_recurse(&iter, &properties);
+
+ add_connection(path, &properties, user_data);
+
+ return TRUE;
+}
+
+static int save_route(GHashTable *routes, int family, const char *network,
+ const char *netmask, const char *gateway)
+{
+ struct vpn_route *route;
+ char *key = g_strdup_printf("%d/%s/%s", family, network, netmask);
+
+ DBG("family %d network %s netmask %s", family, network, netmask);
+
+ route = g_hash_table_lookup(routes, key);
+ if (!route) {
+ route = g_try_new0(struct vpn_route, 1);
+ if (!route) {
+ connman_error("out of memory");
+ return -ENOMEM;
+ }
+
+ route->family = family;
+ route->network = g_strdup(network);
+ route->netmask = g_strdup(netmask);
+ route->gateway = g_strdup(gateway);
+
+ g_hash_table_replace(routes, key, route);
+ } else
+ g_free(key);
+
+ return 0;
+}
+
+static int read_route_dict(GHashTable *routes, DBusMessageIter *dicts)
+{
+ DBusMessageIter dict;
+ const char *network, *netmask, *gateway;
+ int family;
+
+ dbus_message_iter_recurse(dicts, &dict);
+
+ network = netmask = gateway = NULL;
+ family = PF_UNSPEC;
+
+ while (dbus_message_iter_get_arg_type(&dict) == DBUS_TYPE_DICT_ENTRY) {
+
+ DBusMessageIter entry, value;
+ const char *key;
+
+ dbus_message_iter_recurse(&dict, &entry);
+ dbus_message_iter_get_basic(&entry, &key);
+
+ dbus_message_iter_next(&entry);
+ dbus_message_iter_recurse(&entry, &value);
+
+ if (g_str_equal(key, "ProtocolFamily")) {
+ int pf;
+ dbus_message_iter_get_basic(&value, &pf);
+ switch (pf) {
+ case 4:
+ family = AF_INET;
+ break;
+ case 6:
+ family = AF_INET6;
+ break;
+ }
+ DBG("family %d", family);
+ } else if (g_str_equal(key, "Netmask")) {
+ dbus_message_iter_get_basic(&value, &netmask);
+ DBG("netmask %s", netmask);
+ } else if (g_str_equal(key, "Network")) {
+ dbus_message_iter_get_basic(&value, &network);
+ DBG("host %s", network);
+ } else if (g_str_equal(key, "Gateway")) {
+ dbus_message_iter_get_basic(&value, &gateway);
+ DBG("gateway %s", gateway);
+ }
+
+ dbus_message_iter_next(&dict);
+ }
+
+ if (!netmask || !network || !gateway) {
+ DBG("Value missing.");
+ return -EINVAL;
+ }
+
+ return save_route(routes, family, network, netmask, gateway);
+}
+
+static int routes_changed(DBusMessageIter *array, GHashTable *routes)
+{
+ DBusMessageIter entry;
+ int ret = -EINVAL;
+
+ if (dbus_message_iter_get_arg_type(array) != DBUS_TYPE_ARRAY) {
+ DBG("Expecting array, ignoring routes.");
+ return -EINVAL;
+ }
+
+ while (dbus_message_iter_get_arg_type(array) == DBUS_TYPE_ARRAY) {
+
+ dbus_message_iter_recurse(array, &entry);
+
+ while (dbus_message_iter_get_arg_type(&entry) ==
+ DBUS_TYPE_STRUCT) {
+ DBusMessageIter dicts;
+
+ dbus_message_iter_recurse(&entry, &dicts);
+
+ while (dbus_message_iter_get_arg_type(&dicts) ==
+ DBUS_TYPE_ARRAY) {
+ int err = read_route_dict(routes, &dicts);
+ if (ret != 0)
+ ret = err;
+ dbus_message_iter_next(&dicts);
+ }
+
+ dbus_message_iter_next(&entry);
+ }
+
+ dbus_message_iter_next(array);
+ }
+
+ return ret;
+}
+
+static gboolean property_changed(DBusConnection *conn,
+ DBusMessage *message,
+ void *user_data)
+{
+ const char *path = dbus_message_get_path(message);
+ struct connection_data *data = NULL;
+ DBusMessageIter iter, value;
+ bool ip_set = false;
+ int err;
+ char *str;
+ const char *key;
+ const char *signature = DBUS_TYPE_STRING_AS_STRING
+ DBUS_TYPE_VARIANT_AS_STRING;
+
+ if (!dbus_message_has_signature(message, signature)) {
+ connman_error("vpn property signature \"%s\" does not match "
+ "expected \"%s\"",
+ dbus_message_get_signature(message), signature);
+ return TRUE;
+ }
+
+ data = g_hash_table_lookup(vpn_connections, get_ident(path));
+ if (!data)
+ return TRUE;
+
+ if (!dbus_message_iter_init(message, &iter))
+ return TRUE;
+
+ dbus_message_iter_get_basic(&iter, &key);
+
+ dbus_message_iter_next(&iter);
+ dbus_message_iter_recurse(&iter, &value);
+
+ DBG("key %s", key);
+
+ if (g_str_equal(key, "State")) {
+ dbus_message_iter_get_basic(&value, &str);
+
+ DBG("%s %s -> %s", data->path, data->state, str);
+
+ if (g_str_equal(data->state, str))
+ return TRUE;
+
+ g_free(data->state);
+ data->state = g_strdup(str);
+
+ set_provider_state(data);
+ } else if (g_str_equal(key, "Index")) {
+ dbus_message_iter_get_basic(&value, &data->index);
+ connman_provider_set_index(data->provider, data->index);
+ } else if (g_str_equal(key, "IPv4")) {
+ err = extract_ip(&value, AF_INET, data);
+ ip_set = true;
+ } else if (g_str_equal(key, "IPv6")) {
+ err = extract_ip(&value, AF_INET6, data);
+ ip_set = true;
+ } else if (g_str_equal(key, "ServerRoutes")) {
+ err = routes_changed(&value, data->server_routes);
+ /*
+ * Note that the vpnd will delay the route sending a bit
+ * (in order to collect the routes from VPN client),
+ * so we might have got the State changed property before
+ * we got ServerRoutes. This means that we must try to set
+ * the routes here because they would be left unset otherwise.
+ */
+ if (err == 0)
+ set_routes(data->provider,
+ CONNMAN_PROVIDER_ROUTE_SERVER);
+ } else if (g_str_equal(key, "UserRoutes")) {
+ err = routes_changed(&value, data->user_routes);
+ if (err == 0)
+ set_routes(data->provider,
+ CONNMAN_PROVIDER_ROUTE_USER);
+ } else if (g_str_equal(key, "Nameservers")) {
+ if (extract_nameservers(&value, data) == 0 &&
+ data->nameservers)
+ connman_provider_set_nameservers(data->provider,
+ data->nameservers);
+ } else if (g_str_equal(key, "Domain")) {
+ dbus_message_iter_get_basic(&value, &str);
+ g_free(data->domain);
+ data->domain = g_strdup(str);
+ connman_provider_set_domain(data->provider, data->domain);
+ }
+
+ if (ip_set && err == 0) {
+ err = connman_provider_set_ipaddress(data->provider, data->ip);
+ if (err < 0)
+ DBG("setting provider IP address failed (%s/%d)",
+ strerror(-err), -err);
+ }
+
+ return TRUE;
+}
+
+static int vpn_find_online_transport_cb(struct connman_service *service,
+ void *user_data)
+{
+ if (connman_service_get_type(service) != CONNMAN_SERVICE_TYPE_VPN) {
+ switch (connman_service_get_state(service)) {
+ case CONNMAN_SERVICE_STATE_ONLINE:
+ *((struct connman_service**)user_data) = service;
+ return 1;
+ default:
+ break;
+ }
+ }
+
+ return 0;
+}
+
+static struct connman_service *vpn_find_online_transport()
+{
+ struct connman_service *service = NULL;
+
+ connman_service_iterate_services(vpn_find_online_transport_cb,
+ &service);
+ return service;
+}
+
+static bool vpn_is_valid_transport(struct connman_service *transport)
+{
+ if (transport) {
+ struct connman_service *online;
+
+ switch (connman_service_get_state(transport)) {
+ case CONNMAN_SERVICE_STATE_READY:
+ online = vpn_find_online_transport();
+
+ /* Stay connected if there are no online services */
+ if (!online)
+ return true;
+
+ DBG("%s is ready, %s is online, disconnecting",
+ connman_service_get_identifier(transport),
+ connman_service_get_identifier(online));
+ break;
+
+ case CONNMAN_SERVICE_STATE_ONLINE:
+ online = vpn_find_online_transport();
+
+ /* Check if our transport is still the default */
+ if (online == transport)
+ return true;
+
+ DBG("%s is replaced by %s as default, disconnecting",
+ connman_service_get_identifier(transport),
+ connman_service_get_identifier(online));
+ break;
+
+ default:
+ break;
+ }
+ } else {
+ DBG("transport gone");
+ }
+
+ return false;
+}
+
+static void vpn_disconnect_check_provider(struct connection_data *data)
+{
+ if (provider_is_connected(data)) {
+ /* With NULL service ident NULL is returned immediately */
+ struct connman_service *service =
+ connman_service_lookup_from_identifier
+ (data->service_ident);
+
+ if (!vpn_is_valid_transport(service)) {
+ connman_provider_disconnect(data->provider);
+ }
+ }
+}
+
+static void vpn_disconnect_check()
+{
+ GHashTableIter iter;
+ gpointer value;
+
+ DBG("");
+ g_hash_table_iter_init(&iter, vpn_connections);
+ while (g_hash_table_iter_next(&iter, NULL, &value))
+ vpn_disconnect_check_provider(value);
+}
+
+static void vpn_service_add(struct connman_service *service, const char *name)
+{
+ vpn_disconnect_check();
+}
+
+static void vpn_service_list_changed(struct connman_service *service)
+{
+ vpn_disconnect_check();
+}
+
+static void vpn_service_state_changed(struct connman_service *service,
+ enum connman_service_state state)
+{
+ vpn_disconnect_check();
+}
+
+static const struct connman_notifier vpn_notifier = {
+ .name = "vpn",
+ .priority = CONNMAN_NOTIFIER_PRIORITY_DEFAULT,
+ .default_changed = vpn_service_list_changed,
+ .service_add = vpn_service_add,
+ .service_remove = vpn_service_list_changed,
+ .service_state_changed = vpn_service_state_changed
+};
+
+static int vpn_init(void)
+{
+ int err;
+
+ connection = connman_dbus_get_connection();
+ if (!connection)
+ return -EIO;
+
+ watch = g_dbus_add_service_watch(connection, VPN_SERVICE,
+ vpnd_created, vpnd_removed, &provider_driver, NULL);
+
+ added_watch = g_dbus_add_signal_watch(connection, VPN_SERVICE, NULL,
+ VPN_MANAGER_INTERFACE,
+ CONNECTION_ADDED, connection_added,
+ &provider_driver, NULL);
+
+ removed_watch = g_dbus_add_signal_watch(connection, VPN_SERVICE, NULL,
+ VPN_MANAGER_INTERFACE,
+ CONNECTION_REMOVED, connection_removed,
+ NULL, NULL);
+
+ property_watch = g_dbus_add_signal_watch(connection, VPN_SERVICE, NULL,
+ VPN_CONNECTION_INTERFACE,
+ PROPERTY_CHANGED, property_changed,
+ NULL, NULL);
+
+ if (added_watch == 0 || removed_watch == 0 || property_watch == 0) {
+ err = -EIO;
+ goto remove;
+ }
+
+ err = connman_provider_driver_register(&provider_driver);
+ if (err == 0) {
+ vpn_connections = g_hash_table_new_full(g_str_hash,
+ g_str_equal,
+ g_free, connection_destroy);
+
+ vpnd_created(connection, &provider_driver);
+ }
+
+ connman_notifier_register(&vpn_notifier);
+ return err;
+
+remove:
+ g_dbus_remove_watch(connection, watch);
+ g_dbus_remove_watch(connection, added_watch);
+ g_dbus_remove_watch(connection, removed_watch);
+ g_dbus_remove_watch(connection, property_watch);
+
+ dbus_connection_unref(connection);
+
+ return err;
+}
+
+static void vpn_exit(void)
+{
+ g_dbus_remove_watch(connection, watch);
+ g_dbus_remove_watch(connection, added_watch);
+ g_dbus_remove_watch(connection, removed_watch);
+ g_dbus_remove_watch(connection, property_watch);
+
+ connman_notifier_unregister(&vpn_notifier);
+ connman_provider_driver_unregister(&provider_driver);
+
+ if (vpn_connections)
+ g_hash_table_destroy(vpn_connections);
+
+ dbus_connection_unref(connection);
+}
+
+CONNMAN_PLUGIN_DEFINE(vpn, "VPN plugin", VERSION,
+ CONNMAN_PLUGIN_PRIORITY_DEFAULT, vpn_init, vpn_exit)
projects / platform / upstream / connman.git / blobdiff