*
* ConnMan VPN daemon
*
- * Copyright (C) 2010 BMW Car IT GmbH. All rights reserved.
- * Copyright (C) 2012 Intel Corporation. All rights reserved.
+ * Copyright (C) 2010,2013 BMW Car IT GmbH.
+ * Copyright (C) 2012-2013 Intel Corporation. All rights reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
#include <connman/task.h>
#include <connman/dbus.h>
#include <connman/inet.h>
+#include <connman/agent.h>
+#include <connman/setting.h>
+#include <connman/vpn-dbus.h>
+
+#include "../vpn-provider.h"
+#include "../vpn-agent.h"
#include "vpn.h"
OPT_L2G = 2,
OPT_L2 = 3,
OPT_PPPD = 4,
+ OPT_L2LNS = 5,
};
struct {
} pppd_options[] = {
{ "L2TP.User", "name", OPT_ALL, NULL, OPT_STRING },
{ "L2TP.BPS", "bps", OPT_L2, NULL, OPT_STRING },
+ { "L2TP.TXBPS", "tx bps", OPT_L2, NULL, OPT_STRING },
+ { "L2TP.RXBPS", "rx bps", OPT_L2, NULL, OPT_STRING },
{ "L2TP.LengthBit", "length bit", OPT_L2, NULL, OPT_STRING },
{ "L2TP.Challenge", "challenge", OPT_L2, NULL, OPT_STRING },
{ "L2TP.DefaultRoute", "defaultroute", OPT_L2, NULL, OPT_STRING },
{ "L2TP.FlowBit", "flow bit", OPT_L2, NULL, OPT_STRING },
{ "L2TP.TunnelRWS", "tunnel rws", OPT_L2, NULL, OPT_STRING },
- { "L2TP.Exclusive", "exclusive", OPT_L2, NULL, OPT_STRING },
+ { "L2TP.Exclusive", "exclusive", OPT_L2LNS, NULL, OPT_STRING },
{ "L2TP.Autodial", "autodial", OPT_L2, "yes", OPT_STRING },
{ "L2TP.Redial", "redial", OPT_L2, "yes", OPT_STRING },
{ "L2TP.RedialTimeout", "redial timeout", OPT_L2, "10", OPT_STRING },
{ "L2TP.ForceUserSpace", "force userspace", OPT_L2G, NULL, OPT_STRING },
{ "L2TP.ListenAddr", "listen-addr", OPT_L2G, NULL, OPT_STRING },
{ "L2TP.Rand Source", "rand source", OPT_L2G, NULL, OPT_STRING },
- { "L2TP.IPsecSaref", "ipsec saref", OPT_L2G, NULL, OPT_STRING },
+ { "L2TP.IPsecSaref", "ipsec saref", OPT_L2G, "no", OPT_STRING },
{ "L2TP.Port", "port", OPT_L2G, NULL, OPT_STRING },
- { "L2TP.EchoFailure", "lcp-echo-failure", OPT_PPPD, "0", OPT_STRING },
- { "L2TP.EchoInterval", "lcp-echo-interval", OPT_PPPD, "0", OPT_STRING },
- { "L2TP.Debug", "debug", OPT_PPPD, NULL, OPT_STRING },
- { "L2TP.RefuseEAP", "refuse-eap", OPT_PPPD, NULL, OPT_BOOL },
- { "L2TP.RefusePAP", "refuse-pap", OPT_PPPD, NULL, OPT_BOOL },
- { "L2TP.RefuseCHAP", "refuse-chap", OPT_PPPD, NULL, OPT_BOOL },
- { "L2TP.RefuseMSCHAP", "refuse-mschap", OPT_PPPD, NULL, OPT_BOOL },
- { "L2TP.RefuseMSCHAP2", "refuse-mschapv2", OPT_PPPD, NULL, OPT_BOOL },
- { "L2TP.NoBSDComp", "nobsdcomp", OPT_PPPD, NULL, OPT_BOOL },
- { "L2TP.NoPcomp", "nopcomp", OPT_PPPD, NULL, OPT_BOOL },
- { "L2TP.UseAccomp", "accomp", OPT_PPPD, NULL, OPT_BOOL },
- { "L2TP.NoDeflate", "nodeflatey", OPT_PPPD, NULL, OPT_BOOL },
- { "L2TP.ReqMPPE", "require-mppe", OPT_PPPD, NULL, OPT_BOOL },
- { "L2TP.ReqMPPE40", "require-mppe-40", OPT_PPPD, NULL, OPT_BOOL },
- { "L2TP.ReqMPPE128", "require-mppe-128", OPT_PPPD, NULL, OPT_BOOL },
- { "L2TP.ReqMPPEStateful", "mppe-stateful", OPT_PPPD, NULL, OPT_BOOL },
- { "L2TP.NoVJ", "no-vj-comp", OPT_PPPD, NULL, OPT_BOOL },
+ { "PPPD.EchoFailure", "lcp-echo-failure", OPT_PPPD, "0", OPT_STRING },
+ { "PPPD.EchoInterval", "lcp-echo-interval", OPT_PPPD, "0", OPT_STRING },
+ { "PPPD.Debug", "debug", OPT_PPPD, NULL, OPT_STRING },
+ { "PPPD.RefuseEAP", "refuse-eap", OPT_PPPD, NULL, OPT_BOOL },
+ { "PPPD.RefusePAP", "refuse-pap", OPT_PPPD, NULL, OPT_BOOL },
+ { "PPPD.RefuseCHAP", "refuse-chap", OPT_PPPD, NULL, OPT_BOOL },
+ { "PPPD.RefuseMSCHAP", "refuse-mschap", OPT_PPPD, NULL, OPT_BOOL },
+ { "PPPD.RefuseMSCHAP2", "refuse-mschapv2", OPT_PPPD, NULL, OPT_BOOL },
+ { "PPPD.NoBSDComp", "nobsdcomp", OPT_PPPD, NULL, OPT_BOOL },
+ { "PPPD.NoPcomp", "nopcomp", OPT_PPPD, NULL, OPT_BOOL },
+ { "PPPD.UseAccomp", "noaccomp", OPT_PPPD, NULL, OPT_BOOL },
+ { "PPPD.NoDeflate", "nodeflate", OPT_PPPD, NULL, OPT_BOOL },
+ { "PPPD.ReqMPPE", "require-mppe", OPT_PPPD, NULL, OPT_BOOL },
+ { "PPPD.ReqMPPE40", "require-mppe-40", OPT_PPPD, NULL, OPT_BOOL },
+ { "PPPD.ReqMPPE128", "require-mppe-128", OPT_PPPD, NULL, OPT_BOOL },
+ { "PPPD.ReqMPPEStateful", "mppe-stateful", OPT_PPPD, NULL, OPT_BOOL },
+ { "PPPD.NoVJ", "novj", OPT_PPPD, NULL, OPT_BOOL },
};
static DBusConnection *connection;
+struct l2tp_private_data {
+ struct connman_task *task;
+ char *if_name;
+ vpn_provider_connect_cb_t cb;
+ void *user_data;
+};
+
static DBusMessage *l2tp_get_sec(struct connman_task *task,
DBusMessage *msg, void *user_data)
{
const char *user, *passwd;
struct vpn_provider *provider = user_data;
- if (dbus_message_get_no_reply(msg) == FALSE) {
+ if (!dbus_message_get_no_reply(msg)) {
DBusMessage *reply;
user = vpn_provider_get_string(provider, "L2TP.User");
passwd = vpn_provider_get_string(provider, "L2TP.Password");
- if (user == NULL || strlen(user) == 0 ||
- passwd == NULL || strlen(passwd) == 0)
+ if (!user || strlen(user) == 0 ||
+ !passwd || strlen(passwd) == 0)
return NULL;
reply = dbus_message_new_method_return(msg);
- if (reply == NULL)
+ if (!reply)
return NULL;
dbus_message_append_args(reply, DBUS_TYPE_STRING, &user,
return VPN_STATE_FAILURE;
}
- if (strcmp(reason, "auth failed") == 0)
+ if (strcmp(reason, "auth failed") == 0) {
+ DBG("authentication failure");
+
+ vpn_provider_set_string(provider, "L2TP.User", NULL);
+ vpn_provider_set_string_hide_value(provider, "L2TP.Password",
+ NULL);
+
return VPN_STATE_AUTH_FAILURE;
+ }
if (strcmp(reason, "connect"))
return VPN_STATE_DISCONNECT;
DBG("%s = %s", key, value);
- if (!strcmp(key, "INTERNAL_IP4_ADDRESS")) {
- vpn_provider_set_string(provider, "Address", value);
+ if (!strcmp(key, "INTERNAL_IP4_ADDRESS"))
addressv4 = g_strdup(value);
- }
- if (!strcmp(key, "INTERNAL_IP4_NETMASK")) {
- vpn_provider_set_string(provider, "Netmask", value);
+ if (!strcmp(key, "INTERNAL_IP4_NETMASK"))
netmask = g_strdup(value);
- }
- if (!strcmp(key, "INTERNAL_IP4_DNS")) {
- vpn_provider_set_string(provider, "DNS", value);
+ if (!strcmp(key, "INTERNAL_IP4_DNS"))
nameservers = g_strdup(value);
- }
if (!strcmp(key, "INTERNAL_IFNAME"))
ifname = g_strdup(value);
return VPN_STATE_FAILURE;
}
- if (addressv4 != NULL)
+ if (addressv4)
ipaddress = connman_ipaddress_alloc(AF_INET);
g_free(ifname);
- if (ipaddress == NULL) {
+ if (!ipaddress) {
connman_error("No IP address for provider");
g_free(addressv4);
g_free(netmask);
}
value = vpn_provider_get_string(provider, "HostIP");
- if (value != NULL) {
+ if (value) {
vpn_provider_set_string(provider, "Gateway", value);
gateway = g_strdup(value);
}
- if (addressv4 != NULL)
+ if (addressv4)
connman_ipaddress_set_ipv4(ipaddress, addressv4, netmask,
gateway);
static int l2tp_save(struct vpn_provider *provider, GKeyFile *keyfile)
{
const char *option;
+ bool l2tp_option, pppd_option;
int i;
for (i = 0; i < (int)ARRAY_SIZE(pppd_options); i++) {
- if (strncmp(pppd_options[i].cm_opt, "L2TP.", 5) == 0) {
+ l2tp_option = pppd_option = false;
+
+ if (strncmp(pppd_options[i].cm_opt, "L2TP.", 5) == 0)
+ l2tp_option = true;
+
+ if (strncmp(pppd_options[i].cm_opt, "PPPD.", 5) == 0)
+ pppd_option = true;
+
+ if (l2tp_option || pppd_option) {
option = vpn_provider_get_string(provider,
- pppd_options[i].cm_opt);
- if (option == NULL)
- continue;
+ pppd_options[i].cm_opt);
+ if (!option) {
+ /*
+ * Check if the option prefix is L2TP as the
+ * PPPD options were using L2TP prefix earlier.
+ */
+ char *l2tp_str;
+
+ if (!pppd_option)
+ continue;
+
+ l2tp_str = g_strdup_printf("L2TP.%s",
+ &pppd_options[i].cm_opt[5]);
+ option = vpn_provider_get_string(provider,
+ l2tp_str);
+ g_free(l2tp_str);
+
+ if (!option)
+ continue;
+ }
g_key_file_set_string(keyfile,
vpn_provider_get_save_group(provider),
pppd_options[i].cm_opt, option);
}
}
+
return 0;
}
gchar *buf;
ssize_t ret = 0;
- if (key != NULL && value != NULL) {
+ if (key && value) {
if (strcasecmp(value, "yes") == 0 ||
strcasecmp(value, "true") == 0 ||
strcmp(value, "1") == 0) {
gchar *buf;
ssize_t ret = 0;
- if (key != NULL) {
- if (value != NULL)
+ if (key) {
+ if (value)
buf = g_strdup_printf("%s %s\n", key, value);
else
buf = g_strdup_printf("%s\n", key);
gchar *buf;
ssize_t ret = 0;
- if (key != NULL && value != NULL) {
+ if (key && value) {
buf = g_strdup_printf("%s = %s\n", key, value);
ret = full_write(fd, buf, strlen(buf));
l2tp_write_option(fd, "nodetach", NULL);
l2tp_write_option(fd, "lock", NULL);
+ l2tp_write_option(fd, "logfd", "2");
l2tp_write_option(fd, "usepeerdns", NULL);
l2tp_write_option(fd, "noipdefault", NULL);
l2tp_write_option(fd, "noauth", NULL);
l2tp_write_option(fd, "[global]", NULL);
l2tp_write_fields(provider, fd, OPT_L2G);
+ l2tp_write_option(fd, "[lns default]", NULL);
+ l2tp_write_fields(provider, fd, OPT_L2LNS);
+
l2tp_write_option(fd, "[lac l2tp]", NULL);
option = vpn_provider_get_string(provider, "Host");
vpn_died(task, exit_code, user_data);
- conf_file = g_strdup_printf("/var/run/connman/connman-xl2tpd.conf");
+ conf_file = g_strdup_printf(VPN_STATEDIR "/connman-xl2tpd.conf");
unlink(conf_file);
g_free(conf_file);
- conf_file = g_strdup_printf("/var/run/connman/connman-ppp-option.conf");
+ conf_file = g_strdup_printf(VPN_STATEDIR "/connman-ppp-option.conf");
unlink(conf_file);
g_free(conf_file);
}
-static int l2tp_connect(struct vpn_provider *provider,
- struct connman_task *task, const char *if_name)
+struct request_input_reply {
+ struct vpn_provider *provider;
+ vpn_provider_password_cb_t callback;
+ void *user_data;
+};
+
+static void request_input_reply(DBusMessage *reply, void *user_data)
{
- const char *host;
- char *l2tp_name, *pppd_name;
- int l2tp_fd, pppd_fd;
+ struct request_input_reply *l2tp_reply = user_data;
+ struct l2tp_private_data *data;
+ const char *error = NULL;
+ char *username = NULL, *password = NULL;
+ char *key;
+ DBusMessageIter iter, dict;
int err;
- if (connman_task_set_notify(task, "getsec",
- l2tp_get_sec, provider))
+ DBG("provider %p", l2tp_reply->provider);
+
+ if (!reply)
+ goto done;
+
+ data = l2tp_reply->user_data;
+
+ err = vpn_agent_check_and_process_reply_error(reply,
+ l2tp_reply->provider, data->task, data->cb,
+ data->user_data);
+ if (err) {
+ /* Ensure cb is called only once */
+ data->cb = NULL;
+ data->user_data = NULL;
+ error = dbus_message_get_error_name(reply);
+ goto done;
+ }
+
+ if (!vpn_agent_check_reply_has_dict(reply))
+ goto done;
+
+ dbus_message_iter_init(reply, &iter);
+ dbus_message_iter_recurse(&iter, &dict);
+ while (dbus_message_iter_get_arg_type(&dict) == DBUS_TYPE_DICT_ENTRY) {
+ DBusMessageIter entry, value;
+ const char *str;
+
+ dbus_message_iter_recurse(&dict, &entry);
+ if (dbus_message_iter_get_arg_type(&entry) != DBUS_TYPE_STRING)
+ break;
+
+ dbus_message_iter_get_basic(&entry, &key);
+
+ if (g_str_equal(key, "Username")) {
+ dbus_message_iter_next(&entry);
+ if (dbus_message_iter_get_arg_type(&entry)
+ != DBUS_TYPE_VARIANT)
+ break;
+ dbus_message_iter_recurse(&entry, &value);
+ if (dbus_message_iter_get_arg_type(&value)
+ != DBUS_TYPE_STRING)
+ break;
+ dbus_message_iter_get_basic(&value, &str);
+ username = g_strdup(str);
+ }
+
+ if (g_str_equal(key, "Password")) {
+ dbus_message_iter_next(&entry);
+ if (dbus_message_iter_get_arg_type(&entry)
+ != DBUS_TYPE_VARIANT)
+ break;
+ dbus_message_iter_recurse(&entry, &value);
+ if (dbus_message_iter_get_arg_type(&value)
+ != DBUS_TYPE_STRING)
+ break;
+ dbus_message_iter_get_basic(&value, &str);
+ password = g_strdup(str);
+ }
+
+ dbus_message_iter_next(&dict);
+ }
+
+done:
+ l2tp_reply->callback(l2tp_reply->provider, username, password, error,
+ l2tp_reply->user_data);
+
+ g_free(username);
+ g_free(password);
+
+ g_free(l2tp_reply);
+}
+
+typedef void (* request_cb_t)(struct vpn_provider *provider,
+ const char *username, const char *password,
+ const char *error, void *user_data);
+
+static int request_input(struct vpn_provider *provider,
+ request_cb_t callback, const char *dbus_sender,
+ void *user_data)
+{
+ DBusMessage *message;
+ const char *path, *agent_sender, *agent_path;
+ DBusMessageIter iter;
+ DBusMessageIter dict;
+ struct request_input_reply *l2tp_reply;
+ int err;
+ void *agent;
+
+ agent = connman_agent_get_info(dbus_sender, &agent_sender,
+ &agent_path);
+ if (!provider || !agent || !agent_path || !callback)
+ return -ESRCH;
+
+ message = dbus_message_new_method_call(agent_sender, agent_path,
+ VPN_AGENT_INTERFACE,
+ "RequestInput");
+ if (!message)
return -ENOMEM;
- host = vpn_provider_get_string(provider, "Host");
- if (host == NULL) {
- connman_error("Host not set; cannot enable VPN");
- return -EINVAL;
+ dbus_message_iter_init_append(message, &iter);
+
+ path = vpn_provider_get_path(provider);
+ dbus_message_iter_append_basic(&iter,
+ DBUS_TYPE_OBJECT_PATH, &path);
+
+ connman_dbus_dict_open(&iter, &dict);
+
+ if (vpn_provider_get_authentication_errors(provider))
+ vpn_agent_append_auth_failure(&dict, provider, NULL);
+
+ vpn_agent_append_user_info(&dict, provider, "L2TP.User");
+
+ vpn_agent_append_host_and_name(&dict, provider);
+
+ connman_dbus_dict_close(&iter, &dict);
+
+ l2tp_reply = g_try_new0(struct request_input_reply, 1);
+ if (!l2tp_reply) {
+ dbus_message_unref(message);
+ return -ENOMEM;
}
- l2tp_name = g_strdup_printf("/var/run/connman/connman-xl2tpd.conf");
+ l2tp_reply->provider = provider;
+ l2tp_reply->callback = callback;
+ l2tp_reply->user_data = user_data;
+
+ err = connman_agent_queue_message(provider, message,
+ connman_timeout_input_request(),
+ request_input_reply, l2tp_reply, agent);
+ if (err < 0 && err != -EBUSY) {
+ DBG("error %d sending agent request", err);
+ dbus_message_unref(message);
+ g_free(l2tp_reply);
+ return err;
+ }
+
+ dbus_message_unref(message);
+
+ return -EINPROGRESS;
+}
+
+static int run_connect(struct vpn_provider *provider,
+ struct connman_task *task, const char *if_name,
+ vpn_provider_connect_cb_t cb, void *user_data,
+ const char *username, const char *password)
+{
+ char *l2tp_name, *pppd_name;
+ int l2tp_fd, pppd_fd;
+ int err;
+
+ if (!username || !*username || !password || !*password) {
+ DBG("Cannot connect username %s password %p",
+ username, password);
+ err = -EINVAL;
+ goto done;
+ }
+
+ DBG("username %s password %p", username, password);
+
+ l2tp_name = g_strdup_printf(VPN_STATEDIR "/connman-xl2tpd.conf");
l2tp_fd = open(l2tp_name, O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR);
if (l2tp_fd < 0) {
g_free(l2tp_name);
connman_error("Error writing l2tp config");
- return -EIO;
+ err = -EIO;
+ goto done;
}
- pppd_name = g_strdup_printf("/var/run/connman/connman-ppp-option.conf");
+ pppd_name = g_strdup_printf(VPN_STATEDIR "/connman-ppp-option.conf");
pppd_fd = open(pppd_name, O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR);
if (pppd_fd < 0) {
g_free(l2tp_name);
g_free(pppd_name);
close(l2tp_fd);
- return -EIO;
+ err = -EIO;
+ goto done;
}
l2tp_write_config(provider, pppd_name, l2tp_fd);
g_free(l2tp_name);
g_free(pppd_name);
+ close(l2tp_fd);
+ close(pppd_fd);
err = connman_task_run(task, l2tp_died, provider,
NULL, NULL, NULL);
if (err < 0) {
connman_error("l2tp failed to start");
- return -EIO;
+ err = -EIO;
+ goto done;
}
- return 0;
+done:
+ if (cb)
+ cb(provider, user_data, err);
+
+ return err;
}
-static int l2tp_error_code(int exit_code)
+static void free_private_data(struct l2tp_private_data *data)
+{
+ g_free(data->if_name);
+ g_free(data);
+}
+
+static void request_input_cb(struct vpn_provider *provider,
+ const char *username,
+ const char *password,
+ const char *error, void *user_data)
+{
+ struct l2tp_private_data *data = user_data;
+
+ if (!username || !*username || !password || !*password)
+ DBG("Requesting username %s or password failed, error %s",
+ username, error);
+ else if (error)
+ DBG("error %s", error);
+
+ vpn_provider_set_string(provider, "L2TP.User", username);
+ vpn_provider_set_string_hide_value(provider, "L2TP.Password",
+ password);
+
+ run_connect(provider, data->task, data->if_name, data->cb,
+ data->user_data, username, password);
+
+ free_private_data(data);
+}
+
+static int l2tp_connect(struct vpn_provider *provider,
+ struct connman_task *task, const char *if_name,
+ vpn_provider_connect_cb_t cb, const char *dbus_sender,
+ void *user_data)
+{
+ const char *username, *password;
+ int err;
+
+ if (connman_task_set_notify(task, "getsec",
+ l2tp_get_sec, provider) != 0) {
+ err = -ENOMEM;
+ goto error;
+ }
+
+ username = vpn_provider_get_string(provider, "L2TP.User");
+ password = vpn_provider_get_string(provider, "L2TP.Password");
+
+ DBG("user %s password %p", username, password);
+
+ if (!username || !*username || !password || !*password) {
+ struct l2tp_private_data *data;
+
+ data = g_try_new0(struct l2tp_private_data, 1);
+ if (!data)
+ return -ENOMEM;
+
+ data->task = task;
+ data->if_name = g_strdup(if_name);
+ data->cb = cb;
+ data->user_data = user_data;
+
+ err = request_input(provider, request_input_cb, dbus_sender,
+ data);
+ if (err != -EINPROGRESS) {
+ free_private_data(data);
+ goto done;
+ }
+ return err;
+ }
+
+done:
+ return run_connect(provider, task, if_name, cb, user_data,
+ username, password);
+
+error:
+ if (cb)
+ cb(provider, user_data, err);
+
+ return err;
+}
+
+static int l2tp_error_code(struct vpn_provider *provider, int exit_code)
{
switch (exit_code) {
case 1:
}
}
+static void l2tp_disconnect(struct vpn_provider *provider)
+{
+ if (!provider)
+ return;
+
+ vpn_provider_set_string_hide_value(provider, "L2TP.Password", NULL);
+
+ connman_agent_cancel(provider);
+}
+
static struct vpn_driver vpn_driver = {
.flags = VPN_FLAG_NO_TUN,
.notify = l2tp_notify,
.connect = l2tp_connect,
.error_code = l2tp_error_code,
.save = l2tp_save,
+ .disconnect = l2tp_disconnect,
};
static int l2tp_init(void)