Daniel Wagner [Wed, 6 Mar 2013 15:08:54 +0000 (16:08 +0100)]
iptables: Valid policies are only ACCEPT and DROP
Daniel Wagner [Wed, 6 Mar 2013 15:08:53 +0000 (16:08 +0100)]
iptables: Fix setting policy
The policy is kept at the end of the chain not at the beginning.
Currently, the code assumes that the builtin chain is empty.
Daniel Wagner [Wed, 6 Mar 2013 15:08:52 +0000 (16:08 +0100)]
iptables: Always update options table
The linked list is tracking all loading modules. Since we do not
unload once they are loaded (xtables does not support this), we
might up leaving prepare_matches() before we update the
option table. Since we carefully reset the global xtable state
after executing one rule, this check is wrong, e.g. if we add
to similar rules (same matches (mark, nfacct)). In this case
the second rule would not be parsed correctly. Nasty nasty iptables parser!
Daniel Wagner [Wed, 6 Mar 2013 15:08:51 +0000 (16:08 +0100)]
iptables: Do not flush in the wrong order
Daniel Wagner [Wed, 6 Mar 2013 15:08:50 +0000 (16:08 +0100)]
iptables: Fix and refactor iterate_entries()
Updating the builtin and hook index is more complex then one
would expect. In order to be able to update them correctly
we need also to pass in the underflow table to the iterate
function. To improve the readability the valid_hook magic
has been moved into next_hook_entry_index() which does exactly
as the name says.
Daniel Wagner [Wed, 6 Mar 2013 15:08:49 +0000 (16:08 +0100)]
iptables: Fix is_fallthrough() check
A fallthrough rule is one which has the default target name,
does not have a verdict and is not a jump rule.
is_fallthrough() is called excluslive from the insert path,
thus the value of verdict will be 0 for a fallthrough rule.
Jukka Rissanen [Wed, 6 Mar 2013 08:39:59 +0000 (10:39 +0200)]
build: vpn-property test script was missing from build
Forest Bond [Wed, 5 Dec 2012 21:44:27 +0000 (16:44 -0500)]
service: Restart wispr on nameserver change
This is needed to make a service go online in the case where it was
already connected and then manual IPv4 & nameservers settings are
applied. In that case, wispr is restarted with the new IP settings, but
the nameservers have not been set yet, so the wispr test fails and the
service remains in ready state.
Tomasz Bursztyka [Fri, 1 Mar 2013 11:17:58 +0000 (13:17 +0200)]
wifi: Preliminary fix for autoscanning known hidden SSIDs
Currently, it relies on max_ssids to know how many SSIDs it can provide as
paremeters. However, patch
6af0579c434058536fb40480f40f5e9895cfe863, which
fixes an issue about fast scanning, affects such feature.
Therefore, as a default, it will fallback to 1 if given max_ssids is 0.
There is still the issue that it will autoscan only max_ssid (1 or more)
known hidden SSIDs. This need to be fixed.
Reported by Sameer Naik
Jukka Rissanen [Thu, 28 Feb 2013 09:00:02 +0000 (11:00 +0200)]
vpn-provider: Parse user networks correctly
Check NULL string before passing it to g_strsplit()
Tomasz Bursztyka [Wed, 27 Feb 2013 09:17:40 +0000 (11:17 +0200)]
neard: Use a timeout instead of DBUS_TIMEOUT_USE_DEFAULT for compatibility
DBUS_TIMEOUT_USE_DEFAULT appeared in dbus-1.4.12, but earlier dbus versions
are still in use in some distributions like Fedora 17.
Marcel Holtmann [Tue, 26 Feb 2013 13:01:53 +0000 (05:01 -0800)]
Release 1.12
Jukka Rissanen [Mon, 25 Feb 2013 08:09:00 +0000 (10:09 +0200)]
doc: Fix the path to VPN config files
The correct default path is /var/lib/connman-vpn
Tomasz Bursztyka [Tue, 26 Feb 2013 10:53:38 +0000 (12:53 +0200)]
doc: Update overview-api.txt
- Introduce the user to per SSID/Security Wifi networks grouping
- Agent is no longer a future feature and user should be aware of how
required information can be provided when connecting to a service.
Patrik Flykt [Tue, 26 Feb 2013 10:54:08 +0000 (12:54 +0200)]
dundee: Increase timeout to 60 seconds
D-Bus method calls to may trigger pairing and/or pop up a dialog
in the remote Bluetooth device to which the user needs to react.
Patrik Flykt [Tue, 26 Feb 2013 10:52:55 +0000 (12:52 +0200)]
bluetooth_legacy: Increase Bluez 4 plugin timeout to 60 seconds
D-Bus method calls to Bluez 4 may trigger pairing and/or pop up a
dialog in the remote device to which the user needs to react.
Patrik Flykt [Tue, 26 Feb 2013 10:18:54 +0000 (12:18 +0200)]
gsupplicant: Increase D-Bus timeout to 30 seconds
Tomasz Bursztyka [Mon, 25 Feb 2013 12:11:10 +0000 (14:11 +0200)]
neard: Add partial support for wifi provisionning via NFC
PushOOB() method implementation. Currently only basic open/psk based
provisioning is supported.
Tomasz Bursztyka [Mon, 25 Feb 2013 15:49:50 +0000 (17:49 +0200)]
config: Add a function to provision mutable service
The point here is to create a virtual configuration, which does not come
from a real file. This is a handy way for plugins to be able to provision
services without creating any file on the FS.
In case of a wifi configuration type and if connect is requested, it will
trigger a scan, thus leading to a possible service being provisioned by
such virtual configuration. If so and if connect was requested: the service
will be asked to connect.
Tomasz Bursztyka [Mon, 25 Feb 2013 12:11:08 +0000 (14:11 +0200)]
config: Make load service from each keyfile group as a function
Tomasz Bursztyka [Mon, 25 Feb 2013 12:11:07 +0000 (14:11 +0200)]
config: Remove superfluous error code
It simplifies the code removing uselesse variable, moreover such variable
has the same name as an existing label in the same function.
Tomasz Bursztyka [Mon, 25 Feb 2013 12:11:06 +0000 (14:11 +0200)]
neard: Add neard plugin with tethering info sharing support
Implement also RequestOOB() neard Agent method.
Tomasz Bursztyka [Mon, 25 Feb 2013 12:11:05 +0000 (14:11 +0200)]
technology: Provide a function to get WiFi tethering information
Marcel Holtmann [Mon, 25 Feb 2013 14:18:02 +0000 (15:18 +0100)]
gsupplicant: Remove pointless timeout constant
Tomasz Bursztyka [Fri, 8 Feb 2013 13:58:10 +0000 (15:58 +0200)]
gdbus: Always unreference the message in g_dbus_send_message()
A quick fix on g_dbus_send_message(), if check_signal() fails it returns
FALSE without unreferencing the message as it should. This patch fixes
it.
Jukka Rissanen [Fri, 22 Feb 2013 11:47:57 +0000 (13:47 +0200)]
config: Run service autoconnect after provisioning the wifi service
We trigger autoconnect request in service after the wifi service
has been provisioned. This is useful in headless systems where
there is no user to trigger the connect to provisioned service,
and it might take some time before system autoconnect is run.
Jukka Rissanen [Fri, 22 Feb 2013 11:47:56 +0000 (13:47 +0200)]
config: Add ethernet provisioning support
Jukka Rissanen [Fri, 22 Feb 2013 11:47:55 +0000 (13:47 +0200)]
config: Support static IP address for wifi service
Jukka Rissanen [Fri, 22 Feb 2013 11:47:54 +0000 (13:47 +0200)]
service: Refactor ipconfig setter
Done so that the function can be called also from config.c
The idea is that if ethernet .config file is removed,
we are able to clear the interface properly.
Jukka Rissanen [Fri, 22 Feb 2013 11:47:53 +0000 (13:47 +0200)]
ipconfig: Add function to set the IPv6 privacy option
Jukka Rissanen [Fri, 22 Feb 2013 11:47:52 +0000 (13:47 +0200)]
service: Add function to set timeservers
Jukka Rissanen [Fri, 22 Feb 2013 11:47:51 +0000 (13:47 +0200)]
service: Add function to manipulate DNS search domains
Jukka Rissanen [Fri, 22 Feb 2013 11:47:50 +0000 (13:47 +0200)]
service: Add function to manipulate ignore flag
Jukka Rissanen [Fri, 22 Feb 2013 11:47:49 +0000 (13:47 +0200)]
doc: Ethernet provisioning support
Julien Massot [Thu, 21 Feb 2013 17:23:07 +0000 (18:23 +0100)]
gsupplicant: Set the scan callback in g_supplicant_interface_scan
The callback is required to properly handle scanning errors reported
by wpa_supplicant through the scan_done signal.
Steps to reproduce:
1. Set a country code to the WiFi card which have more frequencies
allowed than the world roaming allow.
2. Connect to a WiFi network not available in the world roaming setup.
3. Stop connman.
4. Change the country code to 00, be sure the frequencies use in step 2.
is no longer allowed. Take care of cfg80211 authorize frequencies when
beacons are received, I prefer using mac80211_hwsim from here to avoid
side effects about beacon reception.
5. Start connman again.
Now ConnMan is stuck in scanning state as the scan_fast method of
plugins/wifi.c is called with a forbidden frequency.
wpa_supplicant returns an error received in "gsupplicant/supplicant.c:
signal_scan_done", where the code enters 'if (success == FALSE)' but
unfortunately scan_callback is NULL at this point as the scan_callback is
normally set in interface_scan_result().
Daniel Wagner [Thu, 21 Feb 2013 16:42:33 +0000 (17:42 +0100)]
iptables: Merge clear_tables_flags() and reset_xtables()
Both function reset the xtables library. So let's do this
at the same place.
Daniel Wagner [Thu, 21 Feb 2013 16:42:32 +0000 (17:42 +0100)]
iptables: Free table pointer
And also use g_strv_length() to count the number of entries.
Thanks Tomasz!
Daniel Wagner [Thu, 21 Feb 2013 16:42:31 +0000 (17:42 +0100)]
iptables: Free match rules
We forgot to free the match rules.
Daniel Wagner [Thu, 21 Feb 2013 16:42:30 +0000 (17:42 +0100)]
iptables: Reset pointer after freeing
The match or the target might be reused in the next invocation
of iptables and then xtables operates on this invalid pointer.
xt_t->t and xt_m->m are keept alive via the global variables
xtables_targets and xtables_matches.
Daniel Wagner [Thu, 21 Feb 2013 16:42:29 +0000 (17:42 +0100)]
iptables: Reinitialize global parser table
xtables modifies the global parse table and allocates additional
memory. If that happens we need to free it afterwards.
Daniel Wagner [Thu, 21 Feb 2013 16:42:28 +0000 (17:42 +0100)]
iptables: Free xtables entry when removing one entry from the table
Daniel Wagner [Thu, 21 Feb 2013 16:42:27 +0000 (17:42 +0100)]
test-iptables: Fix memory leak
Daniel Wagner [Thu, 21 Feb 2013 16:42:26 +0000 (17:42 +0100)]
test-iptables: Delete all rules in target0
Patrik Flykt [Wed, 20 Feb 2013 11:53:36 +0000 (13:53 +0200)]
client: Remove the now obsolete command parsing functions
Patrik Flykt [Wed, 20 Feb 2013 11:45:52 +0000 (13:45 +0200)]
client: Remove unused functions
Remove find_service() as it is no longer used and match_service_name()
which was only used by find_service().
Patrik Flykt [Wed, 20 Feb 2013 11:43:57 +0000 (13:43 +0200)]
client: Factor out monitor command
Patrik Flykt [Wed, 20 Feb 2013 11:29:37 +0000 (13:29 +0200)]
client: Create monitor helper functions
Patrik Flykt [Tue, 19 Feb 2013 20:42:48 +0000 (22:42 +0200)]
client: Factor out technology enable and disable commands
Patrik Flykt [Tue, 19 Feb 2013 20:41:47 +0000 (22:41 +0200)]
client: Wait for a reply from Manager API
Patrik Flykt [Tue, 19 Feb 2013 20:39:57 +0000 (22:39 +0200)]
client: Wait for a reply from Technology API
Also reduce logging.
Patrik Flykt [Tue, 19 Feb 2013 20:20:01 +0000 (22:20 +0200)]
client: Factor out scan command
Patrik Flykt [Tue, 19 Feb 2013 20:18:47 +0000 (22:18 +0200)]
client: Reduce technology logging
Reduce technology logging messages and modify the remaining one. Also
free the DBusError.
Patrik Flykt [Tue, 19 Feb 2013 20:00:08 +0000 (22:00 +0200)]
client: Factor out disconnect command
Patrik Flykt [Tue, 19 Feb 2013 19:57:24 +0000 (21:57 +0200)]
client: Factor out connect command
Patrik Flykt [Tue, 19 Feb 2013 19:55:42 +0000 (21:55 +0200)]
client: Don't look up service on connect or disconnect
Attempt to connect or disconnect without looking up the service in
advace. Fix memory leak and update the error message.
Patrik Flykt [Tue, 19 Feb 2013 19:36:24 +0000 (21:36 +0200)]
client: Factor out technologies command
Patrik Flykt [Tue, 19 Feb 2013 19:34:15 +0000 (21:34 +0200)]
client: Factor out state command
Patrik Flykt [Tue, 19 Feb 2013 19:33:32 +0000 (21:33 +0200)]
client: Print out any errors on command execution
Patrik Flykt [Tue, 19 Feb 2013 13:29:04 +0000 (15:29 +0200)]
client: Factor out config command
Using the lengths returned from the property setting functions more than
one config option can be specified on the command line. Use the simple
argument parsing function as getopt is slightly limited in functionality.
Patrik Flykt [Wed, 20 Feb 2013 08:49:48 +0000 (10:49 +0200)]
client: Wait for a reply when removing service
Patrik Flykt [Tue, 19 Feb 2013 13:24:14 +0000 (15:24 +0200)]
client: Fix setting service properties
Set properties for a service ignoring any cached lookups. Send the method
call only if ther is no error. When sending, wait for the result in order
to see if the method call succeeded.
Patrik Flykt [Wed, 20 Feb 2013 13:55:44 +0000 (15:55 +0200)]
client: Quick fix for parsing IPv6.Configuration correctly
Fixes BMC#25925
Patrik Flykt [Tue, 19 Feb 2013 13:20:05 +0000 (15:20 +0200)]
client: Return number of arguments processed when setting properties
Patrik Flykt [Tue, 19 Feb 2013 13:16:52 +0000 (15:16 +0200)]
client: Return number of proxies added
Patrik Flykt [Tue, 19 Feb 2013 13:13:03 +0000 (15:13 +0200)]
client: Return the number of proxy arguments discovered
Patrik Flykt [Tue, 19 Feb 2013 12:44:23 +0000 (14:44 +0200)]
client: Return the number of added dict entries
Check that both the dict entry name and data are non-NULL, the dict data
does not start with '--' indicating a new option and that the length is
not exhausted. Return the number of dict entries.
Patrik Flykt [Tue, 19 Feb 2013 12:40:44 +0000 (14:40 +0200)]
client: Return the number of added array entries
Check that the array element is non-NULL, does not start with '--' indicating
a new option or that the array length is not exhausted. Return the number of
array elements added.
Patrik Flykt [Tue, 19 Feb 2013 13:26:46 +0000 (15:26 +0200)]
client: Factor out services command
Update the help printout as well, '--properties' is not mandatory. Add a
simple argument parsing function.
Patrik Flykt [Wed, 20 Feb 2013 11:42:05 +0000 (13:42 +0200)]
client: Add boolean parsing helper function
Patrik Flykt [Tue, 12 Feb 2013 19:57:23 +0000 (21:57 +0200)]
client: Fix up interactive option parsing
Use g_strsplit to get a NULL terminated array of chars and compute the
number of array items.
Patrik Flykt [Tue, 12 Feb 2013 19:56:29 +0000 (21:56 +0200)]
client: Make DBusConnection global
Patrik Flykt [Tue, 12 Feb 2013 12:40:15 +0000 (14:40 +0200)]
client: Factor out help implementation
Use command table to produce help text. Add description texts for various
options and use both option and description arrays to produce option help
texts. Remove old help printing function.
Patrik Flykt [Tue, 12 Feb 2013 11:55:34 +0000 (13:55 +0200)]
client: Create prototypes for all commands
Provide the infrastructure to factor out the commands.
Jukka Rissanen [Tue, 19 Feb 2013 08:45:08 +0000 (10:45 +0200)]
vpn-provider: SetProperty works with all properties
Jukka Rissanen [Tue, 19 Feb 2013 08:45:07 +0000 (10:45 +0200)]
vpn-provider: ClearProperty works with all properties
Jukka Rissanen [Tue, 19 Feb 2013 08:45:06 +0000 (10:45 +0200)]
vpn-provider: Allow use of Domain property name
Allow use of both VPN.Domain and Domain property strings.
Jukka Rissanen [Tue, 19 Feb 2013 08:45:05 +0000 (10:45 +0200)]
vpn-provider: Add GetProperties method implementation
Jukka Rissanen [Tue, 19 Feb 2013 08:45:04 +0000 (10:45 +0200)]
vpn-provider: Do not send state property if state is not changed
Jukka Rissanen [Tue, 19 Feb 2013 08:45:03 +0000 (10:45 +0200)]
vpn-provider: Setting VPN properties will send PropertyChanged signal
Jukka Rissanen [Tue, 19 Feb 2013 08:45:02 +0000 (10:45 +0200)]
doc: Add description of GetProperties method
Jukka Rissanen [Tue, 19 Feb 2013 08:45:01 +0000 (10:45 +0200)]
test: Script for getting, setting and clearing VPN properties
Jukka Rissanen [Wed, 13 Feb 2013 15:29:06 +0000 (17:29 +0200)]
vpn-provider: Set the state to FAILURE after auth error
Jukka Rissanen [Wed, 13 Feb 2013 15:29:05 +0000 (17:29 +0200)]
vpn-provider: Go internally into IDLE after FAILURE
Do not stay in FAILURE state as clients like connmand can
get confused about our current state. Symptom for the problem
is that after a failed connect attempt, a new connect attempt
by the client would cause immediately a failure return code
because vpnd is still in FAILURE state. The actual connect
attempt might still succeed but then the client would not
know about the success status.
By setting the state to IDLE we avoid this confusion.
Jukka Rissanen [Wed, 13 Feb 2013 15:29:04 +0000 (17:29 +0200)]
vpn: Ignore VPN UserRoutes and ServerRoutes properties
These properties are not needed here so ignore them.
Jukka Rissanen [Wed, 13 Feb 2013 15:29:03 +0000 (17:29 +0200)]
error: Handle ECONNREFUSED gracefully in dbus error handler
Jukka Rissanen [Wed, 13 Feb 2013 15:29:02 +0000 (17:29 +0200)]
pptp: Set the username/password before starting daemon
This is required in order to avoid free memory access that
is happening if we call vpn_provider_set_string() with same
string that is already in the settings db.
Jukka Rissanen [Wed, 13 Feb 2013 15:29:01 +0000 (17:29 +0200)]
l2tp: Set the username/password before starting daemon
This is required in order to avoid free memory access that
is happening if we call vpn_provider_set_string() with same
string that is already in the settings db.
Jukka Rissanen [Wed, 13 Feb 2013 15:29:00 +0000 (17:29 +0200)]
vpn-provider: Make state debug print more useful
Print the state value as a string as it is useful information.
Jukka Rissanen [Wed, 13 Feb 2013 15:28:59 +0000 (17:28 +0200)]
vpn-provider: Avoid printing password to log files
Add a variant to vpn_provider_set_string() that does not print
sensitive data like password in clear text to log files.
Jukka Rissanen [Wed, 13 Feb 2013 15:28:58 +0000 (17:28 +0200)]
l2tp: Clear password if authentication fails
This allows plugin to query agent so that user can give
correct password.
Jukka Rissanen [Wed, 13 Feb 2013 15:28:57 +0000 (17:28 +0200)]
pptp: Clear password if authentication fails
This allows plugin to query agent so that user can give
new password.
Fixes BMC#25963
Jukka Rissanen [Mon, 18 Feb 2013 15:23:44 +0000 (17:23 +0200)]
main: Create VPN_STORAGEDIR when starting up
Eventually all VPN directories from STORAGEDIR is to be
migrated into VPN_STORAGEDIR
Jukka Rissanen [Mon, 18 Feb 2013 15:23:43 +0000 (17:23 +0200)]
TODO: Add note about removal of L2TP and PPTP prefix for PPP options
Jukka Rissanen [Mon, 18 Feb 2013 15:23:42 +0000 (17:23 +0200)]
vpn-provider: Add extra whitespace
Jukka Rissanen [Mon, 18 Feb 2013 15:23:41 +0000 (17:23 +0200)]
vpn-provider: Add route support in vpn config file
Jukka Rissanen [Mon, 18 Feb 2013 15:23:40 +0000 (17:23 +0200)]
vpn-provider: Remove unprovisioned providers at startup
Check if there are any providers that were provisioned
but their .config file is removed. If such providers are found,
then remove the provider files from file system.
Jukka Rissanen [Mon, 18 Feb 2013 15:23:39 +0000 (17:23 +0200)]
vpn-provider: Type string in provider needs to be in lower case
Jukka Rissanen [Mon, 18 Feb 2013 15:23:38 +0000 (17:23 +0200)]
vpn-config: Provision providers from .config file
Jukka Rissanen [Mon, 18 Feb 2013 15:23:37 +0000 (17:23 +0200)]
vpn-provider: Initial .config file support
Jukka Rissanen [Mon, 18 Feb 2013 15:23:36 +0000 (17:23 +0200)]
storage: Add function to load provider configuration file