*
* ConnMan VPN daemon
*
- * Copyright (C) 2012 Intel Corporation. All rights reserved.
+ * Copyright (C) 2012-2013 Intel Corporation. All rights reserved.
+ * Copyright (C) 2019 Jolla Ltd. All rights reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
#include "connman/vpn-dbus.h"
#include "vpn-provider.h"
#include "vpn.h"
+#include "plugins/vpn.h"
static DBusConnection *connection;
static GHashTable *provider_hash;
static GSList *driver_list;
static int configuration_count;
-static gboolean handle_routes;
+static bool handle_routes;
struct vpn_route {
int family;
};
struct vpn_setting {
- gboolean hide_value;
+ bool hide_value;
+ bool immutable;
char *value;
};
guint notify_id;
char *config_file;
char *config_entry;
+ bool immutable;
+ struct connman_ipaddress *prev_ipv4_addr;
+ struct connman_ipaddress *prev_ipv6_addr;
+ void *plugin_data;
+ unsigned int auth_error_counter;
+ unsigned int conn_error_counter;
};
static void append_properties(DBusMessageIter *iter,
struct vpn_provider *provider);
+static int vpn_provider_save(struct vpn_provider *provider);
static void free_route(gpointer data)
{
connman_dbus_dict_open(iter, &item);
- if (route == NULL)
+ if (!route)
goto empty_dict;
if (route->family == AF_INET)
connman_dbus_dict_append_basic(&item, "ProtocolFamily",
DBUS_TYPE_INT32, &family);
- if (route->network != NULL)
+ if (route->network)
connman_dbus_dict_append_basic(&item, "Network",
DBUS_TYPE_STRING, &route->network);
- if (route->netmask != NULL)
+ if (route->netmask)
connman_dbus_dict_append_basic(&item, "Netmask",
DBUS_TYPE_STRING, &route->netmask);
- if (route->gateway != NULL)
+ if (route->gateway)
connman_dbus_dict_append_basic(&item, "Gateway",
DBUS_TYPE_STRING, &route->gateway);
GHashTableIter hash;
gpointer value, key;
- if (routes == NULL) {
+ if (!routes) {
append_route(iter, NULL);
return;
}
g_hash_table_iter_init(&hash, routes);
- while (g_hash_table_iter_next(&hash, &key, &value) == TRUE) {
+ while (g_hash_table_iter_next(&hash, &key, &value)) {
DBusMessageIter dict;
dbus_message_iter_open_container(iter, DBUS_TYPE_STRUCT, NULL,
return 0;
}
+/*
+ * Sort vpn_route struct based on (similarly to the route key in hash table):
+ * 1) IP protocol number
+ * 2) Network addresses
+ * 3) Netmask addresses
+ * 4) Gateway addresses
+ */
+static gint compare_route(gconstpointer a, gconstpointer b)
+{
+ const struct vpn_route *route_a = a;
+ const struct vpn_route *route_b = b;
+ int difference;
+
+ /* If IP families differ, prefer IPv6 over IPv4 */
+ if (route_a->family != route_b->family) {
+ if (route_a->family < route_b->family)
+ return -1;
+
+ if (route_a->family > route_b->family)
+ return 1;
+ }
+
+ /* If networks differ, return */
+ if ((difference = g_strcmp0(route_a->network, route_b->network)))
+ return difference;
+
+ /* If netmasks differ, return. */
+ if ((difference = g_strcmp0(route_a->netmask, route_b->netmask)))
+ return difference;
+
+ return g_strcmp0(route_a->gateway, route_b->gateway);
+}
+
static GSList *read_route_dict(GSList *routes, DBusMessageIter *dicts)
{
DBusMessageIter dict, value, entry;
type = dbus_message_iter_get_arg_type(&value);
switch (type) {
- case DBUS_TYPE_STRING:
- if (g_str_equal(key, "ProtocolFamily") == TRUE)
+ case DBUS_TYPE_INT32:
+ if (g_str_equal(key, "ProtocolFamily"))
dbus_message_iter_get_basic(&value, &family);
- else if (g_str_equal(key, "Network") == TRUE)
+ break;
+
+ case DBUS_TYPE_STRING:
+ if (g_str_equal(key, "Network"))
dbus_message_iter_get_basic(&value, &network);
- else if (g_str_equal(key, "Netmask") == TRUE)
+ else if (g_str_equal(key, "Netmask"))
dbus_message_iter_get_basic(&value, &netmask);
- else if (g_str_equal(key, "Gateway") == TRUE)
+ else if (g_str_equal(key, "Gateway"))
dbus_message_iter_get_basic(&value, &gateway);
break;
}
DBG("family %d network %s netmask %s gateway %s", family,
network, netmask, gateway);
- if (network == NULL || netmask == NULL) {
+ if (!network || !netmask) {
DBG("Ignoring route as network/netmask is missing");
return routes;
}
route = g_try_new(struct vpn_route, 1);
- if (route == NULL) {
+ if (!route) {
g_slist_free_full(routes, free_route);
return NULL;
}
} else {
switch (family) {
case '4':
+ case 4:
family = AF_INET;
break;
case '6':
+ case 6:
family = AF_INET6;
break;
default:
route->netmask = g_strdup(netmask);
route->gateway = g_strdup(gateway);
- routes = g_slist_prepend(routes, route);
+ routes = g_slist_insert_sorted(routes, route, compare_route);
return routes;
}
{
GSList *list;
- for (list = networks; list != NULL; list = g_slist_next(list)) {
+ for (list = networks; list; list = g_slist_next(list)) {
struct vpn_route *route = list->data;
if (__vpn_provider_append_user_route(provider,
gpointer value, key;
g_hash_table_iter_init(&hash, provider->user_routes);
- while (handle_routes == TRUE && g_hash_table_iter_next(&hash,
- &key, &value) == TRUE) {
+ while (handle_routes && g_hash_table_iter_next(&hash,
+ &key, &value)) {
struct vpn_route *route = value;
if (route->family == AF_INET6) {
unsigned char prefixlen = atoi(route->netmask);
const char *empty = "";
const char *str;
- if (value != NULL)
+ if (value)
str = value;
else
str = empty;
DBG("provider %p", provider);
reply = dbus_message_new_method_return(msg);
- if (reply == NULL)
+ if (!reply)
return NULL;
dbus_message_iter_init_append(reply, &array);
return reply;
}
+/* True when lists are equal, false otherwise */
+static bool compare_network_lists(GSList *a, GSList *b)
+{
+ struct vpn_route *route_a, *route_b;
+ GSList *iter_a, *iter_b;
+
+ if (!a && !b)
+ return true;
+
+ /*
+ * If either of lists is NULL or the lists are of different size, the
+ * lists are not equal.
+ */
+ if ((!a || !b) || (g_slist_length(a) != g_slist_length(b)))
+ return false;
+
+ /* Routes are in sorted list so items can be compared in order. */
+ for (iter_a = a, iter_b = b; iter_a && iter_b;
+ iter_a = iter_a->next, iter_b = iter_b->next) {
+
+ route_a = iter_a->data;
+ route_b = iter_b->data;
+
+ if (compare_route(route_a, route_b))
+ return false;
+ }
+
+ return true;
+}
+
+static int set_provider_property(struct vpn_provider *provider,
+ const char *name, DBusMessageIter *value, int type)
+{
+ int err = 0;
+
+ DBG("provider %p", provider);
+
+ if (!provider || !name || !value)
+ return -EINVAL;
+
+ if (g_str_equal(name, "UserRoutes")) {
+ GSList *networks;
+
+ if (type != DBUS_TYPE_ARRAY)
+ return -EINVAL;
+
+ networks = get_user_networks(value);
+
+ if (compare_network_lists(provider->user_networks, networks)) {
+ g_slist_free_full(networks, free_route);
+ return -EALREADY;
+ }
+
+ del_routes(provider);
+ provider->user_networks = networks;
+ set_user_networks(provider, provider->user_networks);
+
+ if (!handle_routes)
+ send_routes(provider, provider->user_routes,
+ "UserRoutes");
+ } else {
+ const char *str;
+
+ if (type != DBUS_TYPE_STRING)
+ return -EINVAL;
+
+ dbus_message_iter_get_basic(value, &str);
+
+ DBG("property %s value %s", name, str);
+
+ /* Empty string clears the value, similar to ClearProperty. */
+ err = vpn_provider_set_string(provider, name,
+ *str ? str : NULL);
+ }
+
+ return err;
+}
+
+static GString *append_to_gstring(GString *str, const char *value)
+{
+ if (!str)
+ return g_string_new(value);
+
+ g_string_append_printf(str, ",%s", value);
+
+ return str;
+}
+
+static DBusMessage *set_properties(DBusMessageIter *iter, DBusMessage *msg,
+ void *data)
+{
+ struct vpn_provider *provider = data;
+ DBusMessageIter dict;
+ const char *key;
+ bool change = false;
+ GString *invalid = NULL;
+ GString *denied = NULL;
+ int type;
+ int err;
+
+ for (dbus_message_iter_recurse(iter, &dict);
+ dbus_message_iter_get_arg_type(&dict) ==
+ DBUS_TYPE_DICT_ENTRY;
+ dbus_message_iter_next(&dict)) {
+ DBusMessageIter entry, value;
+
+ dbus_message_iter_recurse(&dict, &entry);
+ /*
+ * Ignore invalid types in order to process all values in the
+ * dict. If there is an invalid type in between the dict there
+ * may already be changes on some values and breaking out here
+ * would have the provider in an inconsistent state, leaving
+ * the rest, potentially correct property values untouched.
+ */
+ if (dbus_message_iter_get_arg_type(&entry) != DBUS_TYPE_STRING)
+ continue;
+
+ dbus_message_iter_get_basic(&entry, &key);
+
+ DBG("key %s", key);
+
+ dbus_message_iter_next(&entry);
+ /* Ignore and report back all non variant types. */
+ if (dbus_message_iter_get_arg_type(&entry)
+ != DBUS_TYPE_VARIANT) {
+ invalid = append_to_gstring(invalid, key);
+ continue;
+ }
+
+ dbus_message_iter_recurse(&entry, &value);
+
+ type = dbus_message_iter_get_arg_type(&value);
+ /* Ignore and report back all invalid property types */
+ if (type != DBUS_TYPE_STRING && type != DBUS_TYPE_ARRAY) {
+ invalid = append_to_gstring(invalid, key);
+ continue;
+ }
+
+ err = set_provider_property(provider, key, &value, type);
+ switch (err) {
+ case 0:
+ change = true;
+ break;
+ case -EINVAL:
+ invalid = append_to_gstring(invalid, key);
+ break;
+ case -EPERM:
+ denied = append_to_gstring(denied, key);
+ break;
+ }
+ }
+
+ if (change)
+ vpn_provider_save(provider);
+
+ if (invalid || denied) {
+ DBusMessage *error;
+ char *invalid_str = g_string_free(invalid, FALSE);
+ char *denied_str = g_string_free(denied, FALSE);
+
+ /*
+ * If there are both invalid and denied properties report
+ * back invalid arguments. Add also the failed properties to
+ * the error message.
+ */
+ error = g_dbus_create_error(msg, (invalid ?
+ CONNMAN_ERROR_INTERFACE ".InvalidProperty" :
+ CONNMAN_ERROR_INTERFACE ".PermissionDenied"),
+ "%s %s%s%s", (invalid ? "Invalid properties" :
+ "Permission denied"),
+ (invalid ? invalid_str : ""),
+ (invalid && denied ? "," : ""),
+ (denied ? denied_str : ""));
+
+ g_free(invalid_str);
+ g_free(denied_str);
+
+ return error;
+ }
+
+ return g_dbus_create_reply(msg, DBUS_TYPE_INVALID);
+}
+
static DBusMessage *set_property(DBusConnection *conn, DBusMessage *msg,
void *data)
{
DBusMessageIter iter, value;
const char *name;
int type;
+ int err;
DBG("conn %p", conn);
- if (dbus_message_iter_init(msg, &iter) == FALSE)
+ if (provider->immutable)
+ return __connman_error_not_supported(msg);
+
+ if (!dbus_message_iter_init(msg, &iter))
return __connman_error_invalid_arguments(msg);
if (dbus_message_iter_get_arg_type(&iter) != DBUS_TYPE_STRING)
dbus_message_iter_recurse(&iter, &value);
type = dbus_message_iter_get_arg_type(&value);
+ if (type == DBUS_TYPE_ARRAY && g_str_equal(name, "Properties"))
+ return set_properties(&value, msg, data);
- if (g_str_equal(name, "UserRoutes") == TRUE) {
- GSList *networks;
-
- if (type != DBUS_TYPE_ARRAY)
- return __connman_error_invalid_arguments(msg);
-
- networks = get_user_networks(&value);
- if (networks != NULL) {
- del_routes(provider);
- provider->user_networks = networks;
- set_user_networks(provider, provider->user_networks);
-
- if (handle_routes == FALSE)
- send_routes(provider, provider->user_routes,
- "UserRoutes");
- }
- } else
+ err = set_provider_property(provider, name, &value, type);
+ switch (err) {
+ case 0:
+ vpn_provider_save(provider);
+ break;
+ case -EALREADY:
+ break;
+ case -EINVAL:
return __connman_error_invalid_property(msg);
+ default:
+ return __connman_error_failed(msg, -err);
+ }
return g_dbus_create_reply(msg, DBUS_TYPE_INVALID);
}
{
struct vpn_provider *provider = data;
const char *name;
+ bool change = false;
+ int err;
DBG("conn %p", conn);
+ if (provider->immutable)
+ return __connman_error_not_supported(msg);
+
dbus_message_get_args(msg, NULL, DBUS_TYPE_STRING, &name,
DBUS_TYPE_INVALID);
- if (g_str_equal(name, "UserRoutes") == TRUE) {
+ if (g_str_equal(name, "UserRoutes")) {
+ /*
+ * If either user_routes or user_networks has any entries
+ * there is a change that is to be written to settings file.
+ */
+ if (g_hash_table_size(provider->user_routes) ||
+ provider->user_networks)
+ change = true;
+
del_routes(provider);
- if (handle_routes == FALSE)
+ if (!handle_routes)
send_routes(provider, provider->user_routes, name);
- } else if (vpn_provider_get_string(provider, name) != NULL) {
- vpn_provider_set_string(provider, name, NULL);
+ } else if (vpn_provider_get_string(provider, name)) {
+ err = vpn_provider_set_string(provider, name, NULL);
+ switch (err) {
+ case 0:
+ change = true;
+ /* fall through */
+ case -EALREADY:
+ break;
+ case -EINVAL:
+ return __connman_error_invalid_property(msg);
+ default:
+ return __connman_error_failed(msg, -err);
+ }
} else {
return __connman_error_invalid_property(msg);
}
+ if (change)
+ vpn_provider_save(provider);
+
return g_dbus_create_reply(msg, DBUS_TYPE_INVALID);
}
DBG("conn %p provider %p", conn, provider);
err = __vpn_provider_connect(provider, msg);
- if (err < 0)
+ if (err < 0 && err != -EINPROGRESS)
return __connman_error_failed(msg, -err);
return NULL;
}
+static DBusMessage *do_connect2(DBusConnection *conn, DBusMessage *msg,
+ void *data)
+{
+ return do_connect(conn, msg, data);
+}
+
static DBusMessage *do_disconnect(DBusConnection *conn, DBusMessage *msg,
void *data)
{
GDBUS_ARGS({ "name", "s" }), NULL,
clear_property) },
{ GDBUS_ASYNC_METHOD("Connect", NULL, NULL, do_connect) },
+ { GDBUS_ASYNC_METHOD("Connect2",
+ GDBUS_ARGS({ "dbus_sender", "s" }),
+ NULL, do_connect2) },
{ GDBUS_METHOD("Disconnect", NULL, NULL, do_disconnect) },
{ },
};
DBG("status %d", status);
- if (status == G_RESOLV_RESULT_STATUS_SUCCESS && results != NULL &&
+ if (status == G_RESOLV_RESULT_STATUS_SUCCESS && results &&
g_strv_length(results) > 0)
provider->host_ip = g_strdupv(results);
vpn_provider_unref(provider);
+
+ /* Remove the resolver here so that it will not be left
+ * hanging around and cause double free in unregister_provider()
+ */
+ g_resolv_unref(provider->resolv);
+ provider->resolv = NULL;
}
static void provider_resolv_host_addr(struct vpn_provider *provider)
{
- if (provider->host == NULL)
+ if (!provider->host)
return;
if (connman_inet_check_ipaddress(provider->host) > 0)
return;
- if (provider->host_ip != NULL)
+ if (provider->host_ip)
return;
/*
* the IP address also before VPN connection can be established.
*/
provider->resolv = g_resolv_new(0);
- if (provider->resolv == NULL) {
+ if (!provider->resolv) {
DBG("Cannot resolv %s", provider->host);
return;
}
void __vpn_provider_append_properties(struct vpn_provider *provider,
DBusMessageIter *iter)
{
- if (provider->host != NULL)
+ if (provider->host)
connman_dbus_dict_append_basic(iter, "Host",
DBUS_TYPE_STRING, &provider->host);
- if (provider->domain != NULL)
+ if (provider->domain)
connman_dbus_dict_append_basic(iter, "Domain",
DBUS_TYPE_STRING, &provider->domain);
- if (provider->type != NULL)
+ if (provider->type)
connman_dbus_dict_append_basic(iter, "Type", DBUS_TYPE_STRING,
&provider->type);
}
{
struct vpn_route *route;
char *key = g_strdup_printf("%d/%s/%s/%s", family, network,
- netmask, gateway != NULL ? gateway : "");
+ netmask, gateway ? gateway : "");
DBG("family %d network %s netmask %s gw %s", family, network,
netmask, gateway);
route = g_hash_table_lookup(provider->user_routes, key);
- if (route == NULL) {
+ if (!route) {
route = g_try_new0(struct vpn_route, 1);
- if (route == NULL) {
+ if (!route) {
connman_error("out of memory");
return -ENOMEM;
}
int family = PF_UNSPEC;
struct vpn_route *route = NULL;
- if (elems == NULL)
+ if (!elems)
return NULL;
family_str = elems[0];
network = elems[1];
- if (network == NULL || network[0] == '\0')
+ if (!network || network[0] == '\0')
goto out;
netmask = elems[2];
- if (netmask == NULL || netmask[0] == '\0')
+ if (!netmask || netmask[0] == '\0')
goto out;
gateway = elems[3];
route = g_try_new0(struct vpn_route, 1);
- if (route == NULL)
+ if (!route)
goto out;
if (family_str[0] == '\0' || atoi(family_str) == 0) {
}
}
- if (g_strrstr(network, ":") != NULL) {
+ if (g_strrstr(network, ":")) {
if (family != PF_UNSPEC && family != AF_INET6)
DBG("You have IPv6 address but you have non IPv6 route");
- } else if (g_strrstr(network, ".") != NULL) {
+ } else if (g_strrstr(network, ".")) {
if (family != PF_UNSPEC && family != AF_INET)
DBG("You have IPv4 address but you have non IPv4 route");
- if (g_strrstr(netmask, ".") == NULL) {
+ if (!g_strrstr(netmask, ".")) {
/* We have netmask length */
in_addr_t addr;
struct in_addr netmask_in;
unsigned char prefix_len = 32;
+ char *ptr;
+ long int value = strtol(netmask, &ptr, 10);
- if (netmask != NULL) {
- char *ptr;
- long int value = strtol(netmask, &ptr, 10);
- if (ptr != netmask && *ptr == '\0' &&
- value <= 32)
- prefix_len = value;
- }
+ if (ptr != netmask && *ptr == '\0' && value <= 32)
+ prefix_len = value;
addr = 0xffffffff << (32 - prefix_len);
netmask_in.s_addr = htonl(addr);
GSList *routes = NULL;
int i;
- for (i = 0; networks[i] != NULL; i++) {
+ for (i = 0; networks[i]; i++) {
route = get_route(networks[i]);
- if (route != NULL)
+ if (route)
routes = g_slist_prepend(routes, route);
}
settings = g_key_file_get_keys(keyfile, provider->identifier, &length,
NULL);
- if (settings == NULL) {
+ if (!settings) {
g_key_file_free(keyfile);
return -ENOENT;
}
while (idx < length) {
key = settings[idx];
- if (key != NULL) {
- if (g_str_equal(key, "Networks") == TRUE) {
- networks = g_key_file_get_string_list(keyfile,
+ if (key) {
+ if (g_str_equal(key, "Networks")) {
+ networks = __vpn_config_get_string_list(keyfile,
provider->identifier,
key,
&num_user_networks,
provider->user_networks = get_routes(networks);
} else {
- value = g_key_file_get_string(keyfile,
+ value = __vpn_config_get_string(keyfile,
provider->identifier,
key, NULL);
vpn_provider_set_string(provider, key,
g_strfreev(settings);
g_strfreev(networks);
- if (provider->user_networks != NULL)
+ if (provider->user_networks)
set_user_networks(provider, provider->user_networks);
return 0;
DBG("provider %p", provider);
keyfile = __connman_storage_load_provider(provider->identifier);
- if (keyfile == NULL)
+ if (!keyfile)
return -ENOENT;
provider_load_from_keyfile(provider, keyfile);
{
GSList *list;
gchar **result = NULL;
+ gchar **prev_result;
unsigned int num_elems = 0;
- for (list = networks; list != NULL; list = g_slist_next(list)) {
+ for (list = networks; list; list = g_slist_next(list)) {
struct vpn_route *route = list->data;
int family;
+ prev_result = result;
result = g_try_realloc(result,
(num_elems + 1) * sizeof(gchar *));
- if (result == NULL)
+ if (!result) {
+ g_free(prev_result);
return NULL;
+ }
switch (route->family) {
case AF_INET:
result[num_elems] = g_strdup_printf("%d/%s/%s/%s",
family, route->network, route->netmask,
- route->gateway == NULL ? "" : route->gateway);
+ !route->gateway ? "" : route->gateway);
num_elems++;
}
+ prev_result = result;
result = g_try_realloc(result, (num_elems + 1) * sizeof(gchar *));
- if (result == NULL)
+ if (!result) {
+ g_free(prev_result);
return NULL;
+ }
result[num_elems] = NULL;
*count = num_elems;
return result;
}
+static void reset_error_counters(struct vpn_provider *provider)
+{
+ if (!provider)
+ return;
+
+ provider->auth_error_counter = provider->conn_error_counter = 0;
+}
+
static int vpn_provider_save(struct vpn_provider *provider)
{
GKeyFile *keyfile;
- DBG("provider %p", provider);
+ DBG("provider %p immutable %s", provider,
+ provider->immutable ? "yes" : "no");
+
+ reset_error_counters(provider);
+
+ if (provider->state == VPN_PROVIDER_STATE_FAILURE)
+ vpn_provider_set_state(provider, VPN_PROVIDER_STATE_IDLE);
+
+ if (provider->immutable) {
+ /*
+ * Do not save providers that are provisioned via .config
+ * file.
+ */
+ return -EPERM;
+ }
keyfile = g_key_file_new();
- if (keyfile == NULL)
+ if (!keyfile)
return -ENOMEM;
g_key_file_set_string(keyfile, provider->identifier,
"Host", provider->host);
g_key_file_set_string(keyfile, provider->identifier,
"VPN.Domain", provider->domain);
- if (provider->user_networks != NULL) {
+ if (provider->user_networks) {
gchar **networks;
gsize network_count;
networks = create_network_list(provider->user_networks,
&network_count);
- if (networks != NULL) {
+ if (networks) {
g_key_file_set_string_list(keyfile,
provider->identifier,
"Networks",
}
}
- if (provider->config_file != NULL && strlen(provider->config_file) > 0)
+ if (provider->config_file && strlen(provider->config_file) > 0)
g_key_file_set_string(keyfile, provider->identifier,
"Config.file", provider->config_file);
- if (provider->config_entry != NULL &&
+ if (provider->config_entry &&
strlen(provider->config_entry) > 0)
g_key_file_set_string(keyfile, provider->identifier,
"Config.ident", provider->config_entry);
- if (provider->driver != NULL && provider->driver->save != NULL)
+ if (provider->driver && provider->driver->save)
provider->driver->save(provider, keyfile);
__connman_storage_save_provider(keyfile, provider->identifier);
- g_key_file_free(keyfile);
+ g_key_file_free(keyfile);
return 0;
}
return provider;
}
-static gboolean match_driver(struct vpn_provider *provider,
+static bool match_driver(struct vpn_provider *provider,
struct vpn_provider_driver *driver)
{
if (g_strcmp0(driver->name, provider->type) == 0)
- return TRUE;
+ return true;
- return FALSE;
+ return false;
}
static int provider_probe(struct vpn_provider *provider)
DBG("provider %p driver %p name %s", provider, provider->driver,
provider->name);
- if (provider->driver != NULL)
+ if (provider->driver)
return -EALREADY;
for (list = driver_list; list; list = list->next) {
struct vpn_provider_driver *driver = list->data;
- if (match_driver(provider, driver) == FALSE)
+ if (!match_driver(provider, driver))
continue;
DBG("driver %p name %s", driver, driver->name);
- if (driver->probe != NULL && driver->probe(provider) == 0) {
+ if (driver->probe && driver->probe(provider) == 0) {
provider->driver = driver;
break;
}
}
- if (provider->driver == NULL)
+ if (!provider->driver)
return -ENODEV;
return 0;
static void provider_remove(struct vpn_provider *provider)
{
- if (provider->driver != NULL) {
+ if (provider->driver) {
provider->driver->remove(provider);
provider->driver = NULL;
}
g_hash_table_destroy(provider->routes);
g_hash_table_destroy(provider->user_routes);
g_hash_table_destroy(provider->setting_strings);
- if (provider->resolv != NULL) {
+ if (provider->resolv) {
g_resolv_unref(provider->resolv);
provider->resolv = NULL;
}
g_strfreev(provider->host_ip);
g_free(provider->config_file);
g_free(provider->config_entry);
+ connman_ipaddress_free(provider->prev_ipv4_addr);
+ connman_ipaddress_free(provider->prev_ipv6_addr);
g_free(provider);
}
if (__sync_fetch_and_sub(&configuration_count, 1) != 1)
return;
-
- raise(SIGTERM);
}
int __vpn_provider_disconnect(struct vpn_provider *provider)
DBG("provider %p", provider);
- if (provider->driver != NULL && provider->driver->disconnect != NULL)
+ if (provider->driver && provider->driver->disconnect)
err = provider->driver->disconnect(provider);
else
return -EOPNOTSUPP;
if (error != 0) {
DBusMessage *reply = __connman_error_failed(pending, error);
- if (reply != NULL)
+ if (reply)
g_dbus_send_message(connection, reply);
- vpn_provider_indicate_error(provider,
+ switch (error) {
+ case EACCES:
+ vpn_provider_indicate_error(provider,
+ VPN_PROVIDER_ERROR_AUTH_FAILED);
+ break;
+ case ENOENT:
+ /*
+ * No reply, disconnect called by connmand because of
+ * connection timeout.
+ */
+ break;
+ case ENOMSG:
+ /* fall through */
+ case ETIMEDOUT:
+ /* No reply or timed out -> cancel the agent request */
+ connman_agent_cancel(provider);
+ vpn_provider_indicate_error(provider,
+ VPN_PROVIDER_ERROR_UNKNOWN);
+ break;
+ case ECANCELED:
+ /* fall through */
+ case ECONNABORTED:
+ /*
+ * This can be called in other situations than when
+ * VPN agent error checker is called. In such case
+ * react to both ECONNABORTED and ECANCELED as if the
+ * connection was called to terminate and do full
+ * disconnect -> idle cycle when being connected or
+ * ready. Setting the state also using the driver
+ * callback (vpn_set_state()) ensures that the driver is
+ * being disconnected as well and eventually the vpn
+ * process gets killed and vpn_died() is called to make
+ * the provider back to idle state.
+ */
+ if (provider->state == VPN_PROVIDER_STATE_CONNECT ||
+ provider->state ==
+ VPN_PROVIDER_STATE_READY) {
+ if (provider->driver->set_state)
+ provider->driver->set_state(provider,
+ VPN_PROVIDER_STATE_DISCONNECT);
+
+ vpn_provider_set_state(provider,
+ VPN_PROVIDER_STATE_DISCONNECT);
+ }
+ break;
+ default:
+ vpn_provider_indicate_error(provider,
VPN_PROVIDER_ERROR_CONNECT_FAILED);
- vpn_provider_set_state(provider, VPN_PROVIDER_STATE_FAILURE);
- } else
+ vpn_provider_set_state(provider,
+ VPN_PROVIDER_STATE_FAILURE);
+ }
+ } else {
+ reset_error_counters(provider);
g_dbus_send_reply(connection, pending, DBUS_TYPE_INVALID);
+ }
dbus_message_unref(pending);
}
int __vpn_provider_connect(struct vpn_provider *provider, DBusMessage *msg)
{
+ DBusMessage *reply;
int err;
- DBG("provider %p", provider);
+ DBG("provider %p state %d", provider, provider->state);
+
+ switch (provider->state) {
+ /*
+ * When previous connection has failed change state to idle and let
+ * the connmand to process this information as well. Return -EINPROGRESS
+ * to indicate that transition is in progress and next connection
+ * attempt will continue as normal.
+ */
+ case VPN_PROVIDER_STATE_FAILURE:
+ if (provider->driver && provider->driver->set_state)
+ provider->driver->set_state(provider,
+ VPN_PROVIDER_STATE_IDLE);
+
+ vpn_provider_set_state(provider, VPN_PROVIDER_STATE_IDLE);
+ /* fall through */
+ /*
+ * If re-using a provider and it is being disconnected let it finish
+ * the disconnect process in order to let vpn.c:vpn_died() to get
+ * processed and everything cleaned up. Otherwise the reference
+ * counters are not decreased properly causing the previous interface
+ * being left up and its routes will remain in routing table. Return
+ * -EINPROGRESS to indicate that transition is in progress.
+ */
+ case VPN_PROVIDER_STATE_DISCONNECT:
+ /*
+ * Failure transition or disconnecting does not yield a
+ * message to be sent. Send in progress message to avoid
+ * D-Bus LimitsExceeded error message.
+ */
+ reply = __connman_error_in_progress(msg);
+ if (reply)
+ g_dbus_send_message(connection, reply);
+
+ return -EINPROGRESS;
+ case VPN_PROVIDER_STATE_UNKNOWN:
+ case VPN_PROVIDER_STATE_IDLE:
+ case VPN_PROVIDER_STATE_CONNECT:
+ case VPN_PROVIDER_STATE_READY:
+ break;
+ }
+
+ if (provider->driver && provider->driver->connect) {
+ const char *dbus_sender = dbus_message_get_sender(msg);
- if (provider->driver != NULL && provider->driver->connect != NULL) {
dbus_message_ref(msg);
- err = provider->driver->connect(provider, connect_cb, msg);
+
+ if (dbus_message_has_signature(msg,
+ DBUS_TYPE_STRING_AS_STRING)) {
+ const char *sender = NULL;
+
+ dbus_message_get_args(msg, NULL, DBUS_TYPE_STRING,
+ &sender, DBUS_TYPE_INVALID);
+ if (sender && sender[0])
+ dbus_sender = sender;
+ }
+
+ err = provider->driver->connect(provider, connect_cb,
+ dbus_sender, msg);
} else
return -EOPNOTSUPP;
signal = dbus_message_new_signal(VPN_MANAGER_PATH,
VPN_MANAGER_INTERFACE, "ConnectionRemoved");
- if (signal == NULL)
+ if (!signal)
return;
dbus_message_iter_init_append(signal, &iter);
return NULL;
pos = strrchr(path, '/');
- if (pos == NULL)
+ if (!pos)
return NULL;
return pos + 1;
ident = get_ident(path);
provider = __vpn_provider_lookup(ident);
- if (provider != NULL)
+ if (provider)
return __vpn_provider_delete(provider);
return -ENXIO;
const char *address, *gateway, *peer;
address = __vpn_ipconfig_get_local(provider->ipconfig_ipv4);
- if (address != NULL) {
+ if (address) {
in_addr_t addr;
struct in_addr netmask;
char *mask;
}
gateway = __vpn_ipconfig_get_gateway(provider->ipconfig_ipv4);
- if (gateway != NULL)
+ if (gateway)
connman_dbus_dict_append_basic(iter, "Gateway",
DBUS_TYPE_STRING, &gateway);
peer = __vpn_ipconfig_get_peer(provider->ipconfig_ipv4);
- if (peer != NULL)
+ if (peer)
connman_dbus_dict_append_basic(iter, "Peer",
DBUS_TYPE_STRING, &peer);
}
const char *address, *gateway, *peer;
address = __vpn_ipconfig_get_local(provider->ipconfig_ipv6);
- if (address != NULL) {
+ if (address) {
unsigned char prefixlen;
connman_dbus_dict_append_basic(iter, "Address",
}
gateway = __vpn_ipconfig_get_gateway(provider->ipconfig_ipv6);
- if (gateway != NULL)
+ if (gateway)
connman_dbus_dict_append_basic(iter, "Gateway",
DBUS_TYPE_STRING, &gateway);
peer = __vpn_ipconfig_get_peer(provider->ipconfig_ipv6);
- if (peer != NULL)
+ if (peer)
connman_dbus_dict_append_basic(iter, "Peer",
DBUS_TYPE_STRING, &peer);
}
return NULL;
}
+static void append_nameservers(DBusMessageIter *iter, char **servers)
+{
+ int i;
+
+ DBG("%p", servers);
+
+ for (i = 0; servers[i]; i++) {
+ DBG("servers[%d] %s", i, servers[i]);
+ dbus_message_iter_append_basic(iter,
+ DBUS_TYPE_STRING, &servers[i]);
+ }
+}
+
+static void append_dns(DBusMessageIter *iter, void *user_data)
+{
+ struct vpn_provider *provider = user_data;
+
+ if (provider->nameservers)
+ append_nameservers(iter, provider->nameservers);
+}
+
static int provider_indicate_state(struct vpn_provider *provider,
enum vpn_provider_state state)
{
str = state2string(state);
DBG("provider %p state %s/%d", provider, str, state);
- if (str == NULL)
+ if (!str)
return -EINVAL;
old_state = provider->state;
connman_dbus_property_changed_dict(provider->path,
VPN_CONNECTION_INTERFACE, "IPv6",
append_ipv6, provider);
+
+ connman_dbus_property_changed_array(provider->path,
+ VPN_CONNECTION_INTERFACE,
+ "Nameservers",
+ DBUS_TYPE_STRING,
+ append_dns, provider);
+
+ if (provider->domain)
+ connman_dbus_property_changed_basic(provider->path,
+ VPN_CONNECTION_INTERFACE,
+ "Domain",
+ DBUS_TYPE_STRING,
+ &provider->domain);
}
if (old_state != state)
VPN_CONNECTION_INTERFACE, "State",
DBUS_TYPE_STRING, &str);
- /*
- * We do not stay in failure state as clients like connmand can
- * get confused about our current state.
- */
- if (provider->state == VPN_PROVIDER_STATE_FAILURE)
- provider->state = VPN_PROVIDER_STATE_IDLE;
-
return 0;
}
-static void append_nameservers(DBusMessageIter *iter, char **servers)
-{
- int i;
-
- DBG("%p", servers);
-
- for (i = 0; servers[i] != NULL; i++) {
- DBG("servers[%d] %s", i, servers[i]);
- dbus_message_iter_append_basic(iter,
- DBUS_TYPE_STRING, &servers[i]);
- }
-}
-
-static void append_dns(DBusMessageIter *iter, void *user_data)
-{
- struct vpn_provider *provider = user_data;
-
- if (provider->nameservers != NULL)
- append_nameservers(iter, provider->nameservers);
-}
-
static void append_state(DBusMessageIter *iter,
struct vpn_provider *provider)
{
DBusMessageIter dict;
GHashTableIter hash;
gpointer value, key;
+ dbus_bool_t immutable;
connman_dbus_dict_open(iter, &dict);
append_state(&dict, provider);
- if (provider->type != NULL)
+ if (provider->type)
connman_dbus_dict_append_basic(&dict, "Type",
DBUS_TYPE_STRING, &provider->type);
- if (provider->name != NULL)
+ if (provider->name)
connman_dbus_dict_append_basic(&dict, "Name",
DBUS_TYPE_STRING, &provider->name);
- if (provider->host != NULL)
+ if (provider->host)
connman_dbus_dict_append_basic(&dict, "Host",
DBUS_TYPE_STRING, &provider->host);
if (provider->index >= 0)
connman_dbus_dict_append_basic(&dict, "Index",
DBUS_TYPE_INT32, &provider->index);
- if (provider->domain != NULL)
+ if (provider->domain)
connman_dbus_dict_append_basic(&dict, "Domain",
DBUS_TYPE_STRING, &provider->domain);
+ immutable = provider->immutable;
+ connman_dbus_dict_append_basic(&dict, "Immutable", DBUS_TYPE_BOOLEAN,
+ &immutable);
+
if (provider->family == AF_INET)
connman_dbus_dict_append_dict(&dict, "IPv4", append_ipv4,
provider);
DBUS_TYPE_DICT_ENTRY, append_routes,
provider->routes);
- if (provider->setting_strings != NULL) {
+ if (provider->setting_strings) {
g_hash_table_iter_init(&hash, provider->setting_strings);
- while (g_hash_table_iter_next(&hash, &key, &value) == TRUE) {
+ while (g_hash_table_iter_next(&hash, &key, &value)) {
struct vpn_setting *setting = value;
- if (setting->hide_value == FALSE &&
- setting->value != NULL)
+ if (!setting->hide_value &&
+ setting->value)
connman_dbus_dict_append_basic(&dict, key,
DBUS_TYPE_STRING,
&setting->value);
signal = dbus_message_new_signal(VPN_MANAGER_PATH,
VPN_MANAGER_INTERFACE, "ConnectionAdded");
- if (signal == NULL)
+ if (!signal)
return;
dbus_message_iter_init_append(signal, &iter);
dbus_message_unref(signal);
}
-static connman_bool_t check_host(char **hosts, char *host)
+static bool check_host(char **hosts, char *host)
{
int i;
- if (hosts == NULL)
- return FALSE;
+ if (!hosts)
+ return false;
- for (i = 0; hosts[i] != NULL; i++) {
+ for (i = 0; hosts[i]; i++) {
if (g_strcmp0(hosts[i], host) == 0)
- return TRUE;
+ return true;
}
- return FALSE;
+ return false;
}
static void provider_append_routes(gpointer key, gpointer value,
struct vpn_provider *provider = user_data;
int index = provider->index;
- if (handle_routes == FALSE)
+ if (!handle_routes)
return;
/*
* VPN server, then we must discard that because the
* server cannot be contacted via VPN tunnel.
*/
- if (check_host(provider->host_ip, route->network) == TRUE) {
+ if (check_host(provider->host_ip, route->network)) {
DBG("Discarding VPN route to %s via %s at index %d",
route->network, route->gateway, index);
return;
}
static int set_connected(struct vpn_provider *provider,
- connman_bool_t connected)
+ bool connected)
{
struct vpn_ipconfig *ipconfig;
DBG("provider %p id %s connected %d", provider,
provider->identifier, connected);
- if (connected == TRUE) {
+ if (connected) {
if (provider->family == AF_INET6)
ipconfig = provider->ipconfig_ipv6;
else
__vpn_ipconfig_address_add(ipconfig, provider->family);
- if (handle_routes == TRUE)
+ if (handle_routes)
__vpn_ipconfig_gateway_add(ipconfig, provider->family);
provider_indicate_state(provider,
int vpn_provider_set_state(struct vpn_provider *provider,
enum vpn_provider_state state)
{
- if (provider == NULL)
+ if (!provider)
return -EINVAL;
switch (state) {
case VPN_PROVIDER_STATE_UNKNOWN:
return -EINVAL;
case VPN_PROVIDER_STATE_IDLE:
- return set_connected(provider, FALSE);
+ return set_connected(provider, false);
case VPN_PROVIDER_STATE_CONNECT:
return provider_indicate_state(provider, state);
case VPN_PROVIDER_STATE_READY:
- return set_connected(provider, TRUE);
+ return set_connected(provider, true);
case VPN_PROVIDER_STATE_DISCONNECT:
return provider_indicate_state(provider, state);
case VPN_PROVIDER_STATE_FAILURE:
return -EINVAL;
}
-int vpn_provider_indicate_error(struct vpn_provider *provider,
- enum vpn_provider_error error)
+void vpn_provider_add_error(struct vpn_provider *provider,
+ enum vpn_provider_error error)
{
- DBG("provider %p id %s error %d", provider, provider->identifier,
- error);
-
switch (error) {
- case VPN_PROVIDER_ERROR_LOGIN_FAILED:
- break;
- case VPN_PROVIDER_ERROR_AUTH_FAILED:
- vpn_provider_set_state(provider, VPN_PROVIDER_STATE_FAILURE);
+ case VPN_PROVIDER_ERROR_UNKNOWN:
break;
case VPN_PROVIDER_ERROR_CONNECT_FAILED:
+ ++provider->conn_error_counter;
break;
- default:
+ case VPN_PROVIDER_ERROR_LOGIN_FAILED:
+ case VPN_PROVIDER_ERROR_AUTH_FAILED:
+ ++provider->auth_error_counter;
break;
}
+}
+
+int vpn_provider_indicate_error(struct vpn_provider *provider,
+ enum vpn_provider_error error)
+{
+ DBG("provider %p id %s error %d", provider, provider->identifier,
+ error);
+
+ vpn_provider_set_state(provider, VPN_PROVIDER_STATE_FAILURE);
+
+ vpn_provider_add_error(provider, error);
+
+ if (provider->driver && provider->driver->set_state)
+ provider->driver->set_state(provider, provider->state);
return 0;
}
{
DBG("provider %p path %s", provider, provider->path);
- if (provider->path == NULL)
+ if (!provider->path)
return -EALREADY;
g_dbus_unregister_interface(connection, provider->path,
{
DBG("provider %p path %s", provider, provider->path);
- if (provider->path != NULL)
+ if (provider->path)
return -EALREADY;
provider->path = g_strdup_printf("%s/connection/%s", VPN_PATH,
connection_unregister(provider);
+ /* If the provider has any DNS resolver queries pending,
+ * they need to be cleared here because the unref will not
+ * be able to do that (because the provider_resolv_host_addr()
+ * has increased the ref count by 1). This is quite rare as
+ * normally the resolving either returns a value or has a
+ * timeout which clears the memory. Typically resolv_result() will
+ * unref the provider but in this case that call has not yet
+ * happened.
+ */
+ if (provider->resolv)
+ vpn_provider_unref(provider);
+
vpn_provider_unref(provider);
}
provider->type = NULL;
provider->domain = NULL;
provider->identifier = NULL;
+ provider->immutable = false;
provider->user_networks = NULL;
provider->routes = g_hash_table_new_full(g_direct_hash, g_direct_equal,
NULL, free_route);
struct vpn_provider *provider;
provider = g_try_new0(struct vpn_provider, 1);
- if (provider == NULL)
+ if (!provider)
return NULL;
provider->refcount = 1;
struct vpn_provider *provider;
provider = g_hash_table_lookup(provider_hash, identifier);
- if (provider != NULL)
+ if (provider)
return provider;
provider = vpn_provider_new();
- if (provider == NULL)
+ if (!provider)
return NULL;
DBG("provider %p", provider);
return provider;
}
+static void vpn_provider_put(const char *identifier)
+{
+ configuration_count_del();
+
+ g_hash_table_remove(provider_hash, identifier);
+}
+
static void provider_dbus_ident(char *ident)
{
int i, len = strlen(ident);
{
struct vpn_provider *provider;
- if (keyfile == NULL || ident == NULL)
+ if (!keyfile || !ident)
return NULL;
provider = __vpn_provider_lookup(ident);
- if (provider == NULL) {
+ if (!provider) {
provider = vpn_provider_get(ident);
- if (provider == NULL) {
+ if (!provider) {
DBG("can not create provider");
return NULL;
}
provider_load_from_keyfile(provider, keyfile);
- if (provider->name == NULL || provider->host == NULL ||
- provider->domain == NULL) {
+ if (!provider->name || !provider->host ||
+ !provider->domain) {
DBG("cannot get name, host or domain");
vpn_provider_unref(provider);
return NULL;
providers = __connman_storage_get_providers();
- if (providers == NULL)
+ if (!providers)
return;
- for (i = 0; providers[i] != NULL; i+=1) {
+ for (i = 0; providers[i]; i += 1) {
if (strncmp(providers[i], "provider_", 9) != 0)
continue;
id = providers[i] + 9;
keyfile = __connman_storage_load_provider(id);
- if (keyfile == NULL)
+ if (!keyfile)
continue;
- type = g_key_file_get_string(keyfile, id, "Type", NULL);
+ type = __vpn_config_get_string(keyfile, id, "Type", NULL);
DBG("keyfile %p id %s type %s", keyfile, id, type);
continue;
}
- if (provider_create_from_keyfile(keyfile, id) == NULL)
+ if (!provider_create_from_keyfile(keyfile, id))
DBG("could not create provider");
g_free(type);
char *ident;
ident = g_strdup_printf("%s_%s", host, domain);
- if (ident == NULL)
+ if (!ident)
return NULL;
provider_dbus_ident(ident);
switch (dbus_message_iter_get_arg_type(&value)) {
case DBUS_TYPE_STRING:
- if (g_str_equal(key, "Type") == TRUE)
+ if (g_str_equal(key, "Type"))
dbus_message_iter_get_basic(&value, &type);
- else if (g_str_equal(key, "Name") == TRUE)
+ else if (g_str_equal(key, "Name"))
dbus_message_iter_get_basic(&value, &name);
- else if (g_str_equal(key, "Host") == TRUE)
+ else if (g_str_equal(key, "Host"))
dbus_message_iter_get_basic(&value, &host);
- else if (g_str_equal(key, "VPN.Domain") == TRUE ||
- g_str_equal(key, "Domain") == TRUE)
+ else if (g_str_equal(key, "VPN.Domain") ||
+ g_str_equal(key, "Domain"))
dbus_message_iter_get_basic(&value, &domain);
break;
case DBUS_TYPE_ARRAY:
- if (g_str_equal(key, "UserRoutes") == TRUE)
+ if (g_str_equal(key, "UserRoutes"))
networks = get_user_networks(&value);
break;
}
dbus_message_iter_next(&array);
}
- if (host == NULL || domain == NULL)
+ if (!host || !domain)
return -EINVAL;
DBG("Type %s name %s networks %p", type, name, networks);
- if (type == NULL || name == NULL)
+ if (!type || !name)
return -EOPNOTSUPP;
ident = __vpn_provider_create_identifier(host, domain);
DBG("ident %s", ident);
provider = __vpn_provider_lookup(ident);
- if (provider == NULL) {
+ if (!provider) {
provider = vpn_provider_get(ident);
- if (provider == NULL) {
+ if (!provider) {
DBG("can not create provider");
g_free(ident);
return -EOPNOTSUPP;
provider_resolv_host_addr(provider);
}
- if (networks != NULL) {
+ if (networks) {
g_slist_free_full(provider->user_networks, free_route);
provider->user_networks = networks;
set_user_networks(provider, provider->user_networks);
static GSList *parse_user_networks(const char *network_str)
{
GSList *networks = NULL;
- char **elems = g_strsplit(network_str, ",", 0);
+ char **elems;
int i = 0;
- if (elems == NULL)
+ if (!network_str)
+ return NULL;
+
+ elems = g_strsplit(network_str, ",", 0);
+ if (!elems)
return NULL;
- while (elems[i] != NULL) {
+ while (elems[i]) {
struct vpn_route *vpn_route;
char *network, *netmask, *gateway;
int family;
char **route;
route = g_strsplit(elems[i], "/", 0);
- if (route == NULL)
+ if (!route)
goto next;
network = route[0];
- if (network == NULL || network[0] == '\0')
+ if (!network || network[0] == '\0')
goto next;
family = connman_inet_check_ipaddress(network);
}
netmask = route[1];
- if (netmask == NULL || netmask[0] == '\0')
+ if (!netmask || netmask[0] == '\0')
goto next;
gateway = route[2];
vpn_route = g_try_new0(struct vpn_route, 1);
- if (vpn_route == NULL) {
+ if (!vpn_route) {
g_strfreev(route);
break;
}
networks_str = get_string(settings, "Networks");
networks = parse_user_networks(networks_str);
- if (host == NULL || domain == NULL) {
+ if (!host || !domain) {
err = -EINVAL;
goto fail;
}
DBG("type %s name %s networks %s", type, name, networks_str);
- if (type == NULL || name == NULL) {
+ if (!type || !name) {
err = -EOPNOTSUPP;
goto fail;
}
DBG("ident %s", ident);
provider = __vpn_provider_lookup(ident);
- if (provider == NULL) {
+ if (!provider) {
provider = vpn_provider_get(ident);
- if (provider == NULL) {
+ if (!provider) {
DBG("can not create provider");
err = -EOPNOTSUPP;
goto fail;
provider->config_file = g_strdup(config_ident);
provider->config_entry = g_strdup(config_entry);
- if (provider_register(provider) == 0)
- vpn_provider_load(provider);
-
provider_resolv_host_addr(provider);
}
- if (networks != NULL) {
+ if (networks) {
g_slist_free_full(provider->user_networks, free_route);
provider->user_networks = networks;
set_user_networks(provider, provider->user_networks);
g_hash_table_iter_init(&hash, settings);
- while (g_hash_table_iter_next(&hash, &key, &value) == TRUE)
- vpn_provider_set_string(provider, key, value);
+ while (g_hash_table_iter_next(&hash, &key, &value))
+ __vpn_provider_set_string_immutable(provider, key, value);
+
+ provider->immutable = true;
vpn_provider_save(provider);
return 0;
fail:
+ vpn_provider_put(ident);
g_free(ident);
g_slist_free_full(networks, free_route);
g_hash_table_iter_init(&hash, provider_hash);
- while (g_hash_table_iter_next(&hash, &key, &value) == TRUE) {
+ while (g_hash_table_iter_next(&hash, &key, &value)) {
struct vpn_provider *provider = value;
DBG("path %s", provider->path);
- if (provider->identifier == NULL)
+ if (!provider->identifier)
continue;
dbus_message_iter_open_container(iter, DBUS_TYPE_STRUCT,
DBG("");
reply = dbus_message_new_method_return(msg);
- if (reply == NULL)
+ if (!reply)
return NULL;
__connman_dbus_append_objpath_dict_array(reply,
return reply;
}
-const char * __vpn_provider_get_ident(struct vpn_provider *provider)
+const char *vpn_provider_get_ident(struct vpn_provider *provider)
{
- if (provider == NULL)
+ if (!provider)
return NULL;
return provider->identifier;
}
static int set_string(struct vpn_provider *provider,
- const char *key, const char *value, gboolean hide_value)
+ const char *key, const char *value,
+ bool hide_value, bool immutable)
{
- DBG("provider %p key %s value %s", provider, key,
+ DBG("provider %p key %s immutable %s value %s", provider, key,
+ immutable ? "yes" : "no",
hide_value ? "<not printed>" : value);
- if (g_str_equal(key, "Type") == TRUE) {
+ if (g_str_equal(key, "Type")) {
+ if (!g_strcmp0(provider->type, value))
+ return -EALREADY;
+
g_free(provider->type);
provider->type = g_ascii_strdown(value, -1);
send_value(provider->path, "Type", provider->type);
- } else if (g_str_equal(key, "Name") == TRUE) {
+ } else if (g_str_equal(key, "Name")) {
+ if (!g_strcmp0(provider->name, value))
+ return -EALREADY;
+
g_free(provider->name);
provider->name = g_strdup(value);
send_value(provider->path, "Name", provider->name);
- } else if (g_str_equal(key, "Host") == TRUE) {
+ } else if (g_str_equal(key, "Host")) {
+ if (!g_strcmp0(provider->host, value))
+ return -EALREADY;
+
g_free(provider->host);
provider->host = g_strdup(value);
send_value(provider->path, "Host", provider->host);
- } else if (g_str_equal(key, "VPN.Domain") == TRUE ||
- g_str_equal(key, "Domain") == TRUE) {
+ } else if (g_str_equal(key, "VPN.Domain") ||
+ g_str_equal(key, "Domain")) {
+ if (!g_strcmp0(provider->domain, value))
+ return -EALREADY;
+
g_free(provider->domain);
provider->domain = g_strdup(value);
send_value(provider->path, "Domain", provider->domain);
} else {
struct vpn_setting *setting;
+ bool replace = true;
+
+ setting = g_hash_table_lookup(provider->setting_strings, key);
+ if (setting) {
+ if (!immutable && setting->immutable) {
+ DBG("Trying to set immutable variable %s", key);
+ return -EPERM;
+ } else if (!g_strcmp0(setting->value, value)) {
+ return -EALREADY;
+ }
- setting = g_try_new(struct vpn_setting, 1);
- if (setting == NULL)
- return -ENOMEM;
+ g_free(setting->value);
+ replace = false;
+ } else {
+ setting = g_try_new0(struct vpn_setting, 1);
+ if (!setting)
+ return -ENOMEM;
+ }
setting->value = g_strdup(value);
setting->hide_value = hide_value;
- if (hide_value == FALSE)
+ if (immutable)
+ setting->immutable = true;
+
+ if (!hide_value)
send_value(provider->path, key, setting->value);
- g_hash_table_replace(provider->setting_strings,
- g_strdup(key), setting);
+ if (replace)
+ g_hash_table_replace(provider->setting_strings,
+ g_strdup(key), setting);
}
return 0;
int vpn_provider_set_string(struct vpn_provider *provider,
const char *key, const char *value)
{
- return set_string(provider, key, value, FALSE);
+ return set_string(provider, key, value, false, false);
}
int vpn_provider_set_string_hide_value(struct vpn_provider *provider,
const char *key, const char *value)
{
- return set_string(provider, key, value, TRUE);
+ return set_string(provider, key, value, true, false);
+}
+
+int __vpn_provider_set_string_immutable(struct vpn_provider *provider,
+ const char *key, const char *value)
+{
+ return set_string(provider, key, value, false, true);
}
const char *vpn_provider_get_string(struct vpn_provider *provider,
DBG("provider %p key %s", provider, key);
- if (g_str_equal(key, "Type") == TRUE)
+ if (g_str_equal(key, "Type"))
return provider->type;
- else if (g_str_equal(key, "Name") == TRUE)
+ else if (g_str_equal(key, "Name"))
return provider->name;
- else if (g_str_equal(key, "Host") == TRUE)
+ else if (g_str_equal(key, "Host"))
return provider->host;
- else if (g_str_equal(key, "HostIP") == TRUE) {
- if (provider->host_ip == NULL ||
- provider->host_ip[0] == NULL)
+ else if (g_str_equal(key, "HostIP")) {
+ if (!provider->host_ip ||
+ !provider->host_ip[0])
return provider->host;
else
return provider->host_ip[0];
- } else if (g_str_equal(key, "VPN.Domain") == TRUE ||
- g_str_equal(key, "Domain") == TRUE)
+ } else if (g_str_equal(key, "VPN.Domain") ||
+ g_str_equal(key, "Domain"))
return provider->domain;
setting = g_hash_table_lookup(provider->setting_strings, key);
- if (setting == NULL)
+ if (!setting)
return NULL;
return setting->value;
}
-connman_bool_t __vpn_provider_check_routes(struct vpn_provider *provider)
+bool vpn_provider_get_boolean(struct vpn_provider *provider, const char *key,
+ bool default_value)
{
- if (provider == NULL)
- return FALSE;
+ struct vpn_setting *setting;
+
+ connman_info("provider %p key %s", provider, key);
- if (provider->user_routes != NULL &&
+ setting = g_hash_table_lookup(provider->setting_strings, key);
+ if (!setting || !setting->value)
+ return default_value;
+
+ if (!g_strcmp0(setting->value, "true"))
+ return true;
+
+ if (!g_strcmp0(setting->value, "false"))
+ return false;
+
+ return default_value;
+}
+
+bool vpn_provider_get_string_immutable(struct vpn_provider *provider,
+ const char *key)
+{
+ struct vpn_setting *setting;
+
+ /* These values can be changed if the provider is not immutable */
+ if (g_str_equal(key, "Type")) {
+ return provider->immutable;
+ } else if (g_str_equal(key, "Name")) {
+ return provider->immutable;
+ } else if (g_str_equal(key, "Host")) {
+ return provider->immutable;
+ } else if (g_str_equal(key, "HostIP")) {
+ return provider->immutable;
+ } else if (g_str_equal(key, "VPN.Domain") ||
+ g_str_equal(key, "Domain")) {
+ return provider->immutable;
+ }
+
+ setting = g_hash_table_lookup(provider->setting_strings, key);
+ if (!setting)
+ return true; /* Not found, regard as immutable - no changes */
+
+ return setting->immutable;
+}
+
+bool __vpn_provider_check_routes(struct vpn_provider *provider)
+{
+ if (!provider)
+ return false;
+
+ if (provider->user_routes &&
g_hash_table_size(provider->user_routes) > 0)
- return TRUE;
+ return true;
- if (provider->routes != NULL &&
+ if (provider->routes &&
g_hash_table_size(provider->routes) > 0)
- return TRUE;
+ return true;
- return FALSE;
+ return false;
}
void *vpn_provider_get_data(struct vpn_provider *provider)
provider->driver_data = data;
}
+void *vpn_provider_get_plugin_data(struct vpn_provider *provider)
+{
+ return provider->plugin_data;
+}
+
+void vpn_provider_set_plugin_data(struct vpn_provider *provider, void *data)
+{
+ provider->plugin_data = data;
+}
+
void vpn_provider_set_index(struct vpn_provider *provider, int index)
{
DBG("index %d provider %p", index, provider);
- if (provider->ipconfig_ipv4 == NULL) {
+ if (!provider->ipconfig_ipv4) {
provider->ipconfig_ipv4 = __vpn_ipconfig_create(index,
AF_INET);
- if (provider->ipconfig_ipv4 == NULL) {
- DBG("Couldnt create ipconfig for IPv4");
+ if (!provider->ipconfig_ipv4) {
+ DBG("Couldn't create ipconfig for IPv4");
goto done;
}
}
__vpn_ipconfig_set_index(provider->ipconfig_ipv4, index);
- if (provider->ipconfig_ipv6 == NULL) {
+ if (!provider->ipconfig_ipv6) {
provider->ipconfig_ipv6 = __vpn_ipconfig_create(index,
AF_INET6);
- if (provider->ipconfig_ipv6 == NULL) {
- DBG("Couldnt create ipconfig for IPv6");
+ if (!provider->ipconfig_ipv6) {
+ DBG("Couldn't create ipconfig for IPv6");
goto done;
}
}
break;
}
- DBG("provider %p ipconfig %p family %d", provider, ipconfig,
- ipaddress->family);
+ DBG("provider %p state %d ipconfig %p family %d", provider,
+ provider->state, ipconfig, ipaddress->family);
- if (ipconfig == NULL)
+ if (!ipconfig)
return -EINVAL;
provider->family = ipaddress->family;
- __vpn_ipconfig_set_local(ipconfig, ipaddress->local);
- __vpn_ipconfig_set_peer(ipconfig, ipaddress->peer);
- __vpn_ipconfig_set_broadcast(ipconfig, ipaddress->broadcast);
- __vpn_ipconfig_set_gateway(ipconfig, ipaddress->gateway);
- __vpn_ipconfig_set_prefixlen(ipconfig, ipaddress->prefixlen);
+ if (provider->state == VPN_PROVIDER_STATE_CONNECT ||
+ provider->state == VPN_PROVIDER_STATE_READY) {
+ struct connman_ipaddress *addr =
+ __vpn_ipconfig_get_address(ipconfig);
+
+ /*
+ * Remember the old address so that we can remove it in notify
+ * function in plugins/vpn.c if we ever restart
+ */
+ if (ipaddress->family == AF_INET6) {
+ connman_ipaddress_free(provider->prev_ipv6_addr);
+ provider->prev_ipv6_addr =
+ connman_ipaddress_copy(addr);
+ } else {
+ connman_ipaddress_free(provider->prev_ipv4_addr);
+ provider->prev_ipv4_addr =
+ connman_ipaddress_copy(addr);
+ }
+ }
+
+ if (ipaddress->local) {
+ __vpn_ipconfig_set_local(ipconfig, ipaddress->local);
+ __vpn_ipconfig_set_peer(ipconfig, ipaddress->peer);
+ __vpn_ipconfig_set_broadcast(ipconfig, ipaddress->broadcast);
+ __vpn_ipconfig_set_gateway(ipconfig, ipaddress->gateway);
+ __vpn_ipconfig_set_prefixlen(ipconfig, ipaddress->prefixlen);
+ }
return 0;
}
g_strfreev(provider->nameservers);
provider->nameservers = NULL;
- if (nameservers == NULL)
+ if (!nameservers)
return 0;
- provider->nameservers = g_strsplit(nameservers, " ", 0);
+ provider->nameservers = g_strsplit_set(nameservers, ", ", 0);
return 0;
}
-enum provider_route_type {
- PROVIDER_ROUTE_TYPE_NONE = 0,
- PROVIDER_ROUTE_TYPE_MASK = 1,
- PROVIDER_ROUTE_TYPE_ADDR = 2,
- PROVIDER_ROUTE_TYPE_GW = 3,
-};
-
static int route_env_parse(struct vpn_provider *provider, const char *key,
int *family, unsigned long *idx,
- enum provider_route_type *type)
+ enum vpn_provider_route_type *type)
{
- char *end;
- const char *start;
+ if (!provider)
+ return -EINVAL;
DBG("name %s", provider->name);
- if (!strcmp(provider->type, "openvpn")) {
- if (g_str_has_prefix(key, "route_network_") == TRUE) {
- start = key + strlen("route_network_");
- *type = PROVIDER_ROUTE_TYPE_ADDR;
- } else if (g_str_has_prefix(key, "route_netmask_") == TRUE) {
- start = key + strlen("route_netmask_");
- *type = PROVIDER_ROUTE_TYPE_MASK;
- } else if (g_str_has_prefix(key, "route_gateway_") == TRUE) {
- start = key + strlen("route_gateway_");
- *type = PROVIDER_ROUTE_TYPE_GW;
- } else
- return -EINVAL;
-
- *family = AF_INET;
- *idx = g_ascii_strtoull(start, &end, 10);
-
- } else if (!strcmp(provider->type, "openconnect")) {
- if (g_str_has_prefix(key, "CISCO_SPLIT_INC_") == TRUE) {
- *family = AF_INET;
- start = key + strlen("CISCO_SPLIT_INC_");
- } else if (g_str_has_prefix(key,
- "CISCO_IPV6_SPLIT_INC_") == TRUE) {
- *family = AF_INET6;
- start = key + strlen("CISCO_IPV6_SPLIT_INC_");
- } else
- return -EINVAL;
-
- *idx = g_ascii_strtoull(start, &end, 10);
-
- if (strncmp(end, "_ADDR", 5) == 0)
- *type = PROVIDER_ROUTE_TYPE_ADDR;
- else if (strncmp(end, "_MASK", 5) == 0)
- *type = PROVIDER_ROUTE_TYPE_MASK;
- else if (strncmp(end, "_MASKLEN", 8) == 0 &&
- *family == AF_INET6) {
- *type = PROVIDER_ROUTE_TYPE_MASK;
- } else
- return -EINVAL;
- }
+ if (provider->driver && provider->driver->route_env_parse)
+ return provider->driver->route_env_parse(provider, key, family, idx,
+ type);
return 0;
}
struct vpn_route *route;
int ret, family = 0;
unsigned long idx = 0;
- enum provider_route_type type = PROVIDER_ROUTE_TYPE_NONE;
+ enum vpn_provider_route_type type = VPN_PROVIDER_ROUTE_TYPE_NONE;
DBG("key %s value %s", key, value);
DBG("idx %lu family %d type %d", idx, family, type);
route = g_hash_table_lookup(provider->routes, GINT_TO_POINTER(idx));
- if (route == NULL) {
+ if (!route) {
route = g_try_new0(struct vpn_route, 1);
- if (route == NULL) {
+ if (!route) {
connman_error("out of memory");
return -ENOMEM;
}
}
switch (type) {
- case PROVIDER_ROUTE_TYPE_NONE:
+ case VPN_PROVIDER_ROUTE_TYPE_NONE:
break;
- case PROVIDER_ROUTE_TYPE_MASK:
+ case VPN_PROVIDER_ROUTE_TYPE_MASK:
route->netmask = g_strdup(value);
break;
- case PROVIDER_ROUTE_TYPE_ADDR:
+ case VPN_PROVIDER_ROUTE_TYPE_ADDR:
route->network = g_strdup(value);
break;
- case PROVIDER_ROUTE_TYPE_GW:
+ case VPN_PROVIDER_ROUTE_TYPE_GW:
route->gateway = g_strdup(value);
break;
}
- if (handle_routes == FALSE) {
- if (route->netmask != NULL && route->gateway != NULL &&
- route->network != NULL)
+ if (!handle_routes) {
+ if (route->netmask && route->gateway &&
+ route->network)
provider_schedule_changed(provider);
}
const char *vpn_provider_get_driver_name(struct vpn_provider *provider)
{
- if (provider->driver == NULL)
+ if (!provider->driver)
return NULL;
return provider->driver->name;
{
struct vpn_provider *provider = value;
- if (provider->driver != NULL && provider->driver->remove)
+ if (provider->driver && provider->driver->remove)
provider->driver->remove(provider);
connection_unregister(provider);
driver_list = g_slist_remove(driver_list, driver);
g_hash_table_iter_init(&iter, provider_hash);
- while (g_hash_table_iter_next(&iter, &key, &value) == TRUE) {
+ while (g_hash_table_iter_next(&iter, &key, &value)) {
struct vpn_provider *provider = value;
- if (provider != NULL && provider->driver != NULL &&
- provider->driver->type == driver->type &&
+ if (provider && provider->driver &&
g_strcmp0(provider->driver->name,
driver->name) == 0) {
provider->driver = NULL;
}
}
-static gboolean check_vpn_count(gpointer data)
+const char *vpn_provider_get_name(struct vpn_provider *provider)
{
- if (configuration_count == 0) {
- connman_info("No VPN configurations found, quitting.");
- raise(SIGTERM);
- }
+ return provider->name;
+}
- return FALSE;
+const char *vpn_provider_get_host(struct vpn_provider *provider)
+{
+ return provider->host;
}
-void __vpn_provider_check_connections(void)
+const char *vpn_provider_get_path(struct vpn_provider *provider)
{
- /*
- * If we were started when there is no providers configured,
- * then just quit. This happens when connman starts and its
- * vpn plugin asks connman-vpnd if it has any connections
- * configured. If there are none, then we can stop the vpn
- * daemon.
- */
- g_timeout_add(1000, check_vpn_count, NULL);
+ return provider->path;
}
-const char *vpn_provider_get_name(struct vpn_provider *provider)
+unsigned int vpn_provider_get_authentication_errors(
+ struct vpn_provider *provider)
{
- return provider->name;
+ return provider->auth_error_counter;
}
-const char *vpn_provider_get_host(struct vpn_provider *provider)
+unsigned int vpn_provider_get_connection_errors(
+ struct vpn_provider *provider)
{
- return provider->host;
+ return provider->conn_error_counter;
}
-const char *vpn_provider_get_path(struct vpn_provider *provider)
+void vpn_provider_change_address(struct vpn_provider *provider)
{
- return provider->path;
+ switch (provider->family) {
+ case AF_INET:
+ connman_inet_set_address(provider->index,
+ __vpn_ipconfig_get_address(provider->ipconfig_ipv4));
+ break;
+ case AF_INET6:
+ connman_inet_set_ipv6_address(provider->index,
+ __vpn_ipconfig_get_address(provider->ipconfig_ipv6));
+ break;
+ default:
+ break;
+ }
+}
+
+void vpn_provider_clear_address(struct vpn_provider *provider, int family)
+{
+ const char *address;
+ unsigned char len;
+
+ DBG("provider %p family %d ipv4 %p ipv6 %p", provider, family,
+ provider->prev_ipv4_addr, provider->prev_ipv6_addr);
+
+ switch (family) {
+ case AF_INET:
+ if (provider->prev_ipv4_addr) {
+ connman_ipaddress_get_ip(provider->prev_ipv4_addr,
+ &address, &len);
+
+ DBG("ipv4 %s/%d", address, len);
+
+ connman_inet_clear_address(provider->index,
+ provider->prev_ipv4_addr);
+ connman_ipaddress_free(provider->prev_ipv4_addr);
+ provider->prev_ipv4_addr = NULL;
+ }
+ break;
+ case AF_INET6:
+ if (provider->prev_ipv6_addr) {
+ connman_ipaddress_get_ip(provider->prev_ipv6_addr,
+ &address, &len);
+
+ DBG("ipv6 %s/%d", address, len);
+
+ connman_inet_clear_ipv6_address(provider->index,
+ address, len);
+
+ connman_ipaddress_free(provider->prev_ipv6_addr);
+ provider->prev_ipv6_addr = NULL;
+ }
+ break;
+ default:
+ break;
+ }
}
static int agent_probe(struct connman_agent *agent)
.remove = agent_remove,
};
-static void remove_unprovisioned_providers()
+static void remove_unprovisioned_providers(void)
{
gchar **providers;
GKeyFile *keyfile, *configkeyfile;
int i = 0;
providers = __connman_storage_get_providers();
- if (providers == NULL)
+ if (!providers)
return;
- for (; providers[i] != NULL; i++) {
+ for (; providers[i]; i++) {
char *group = providers[i] + sizeof("provider_") - 1;
file = section = NULL;
keyfile = configkeyfile = NULL;
keyfile = __connman_storage_load_provider(group);
- if (keyfile == NULL)
+ if (!keyfile)
continue;
- file = g_key_file_get_string(keyfile, group,
+ file = __vpn_config_get_string(keyfile, group,
"Config.file", NULL);
- if (file == NULL)
+ if (!file)
goto next;
- section = g_key_file_get_string(keyfile, group,
+ section = __vpn_config_get_string(keyfile, group,
"Config.ident", NULL);
- if (section == NULL)
+ if (!section)
goto next;
configkeyfile = __connman_storage_load_provider_config(file);
- if (configkeyfile == NULL) {
+ if (!configkeyfile) {
/*
* Config file is missing, remove the provisioned
* service.
goto next;
}
- if (g_key_file_has_group(configkeyfile, section) == FALSE)
+ if (!g_key_file_has_group(configkeyfile, section))
/*
* Config section is missing, remove the provisioned
* service.
__connman_storage_remove_provider(group);
next:
- if (keyfile != NULL)
+ if (keyfile)
g_key_file_free(keyfile);
- if (configkeyfile != NULL)
+ if (configkeyfile)
g_key_file_free(configkeyfile);
g_free(section);
g_strfreev(providers);
}
-int __vpn_provider_init(gboolean do_routes)
+int __vpn_provider_init(bool do_routes)
{
int err;
{
DBG("");
+ connman_agent_driver_unregister(&agent_driver);
+
g_hash_table_foreach(provider_hash, clean_provider, NULL);
g_hash_table_destroy(provider_hash);
provider_hash = NULL;
- connman_agent_driver_unregister(&agent_driver);
-
dbus_connection_unref(connection);
}
projects / platform / upstream / connman.git / blobdiff