Patrik Flykt [Mon, 10 Dec 2012 10:42:05 +0000 (12:42 +0200)]
vpn-plugin: Check completion of configure and connect
When creating a configuration, wait until both configuration and
connection has been done. Otherwise NULL user data is passed to the
callback which then cannot relay an error to the caller and the caller will
get a timeout waiting for a reply from D-Bus.
Patrik Flykt [Mon, 10 Dec 2012 10:42:04 +0000 (12:42 +0200)]
vpn-plugin: Propagate most common errors to callback function
Instead of always setting the create callback function error to
-ECONNREFUSED, create a helper function to detect the two most often emitted
errors.
Patrik Flykt [Mon, 10 Dec 2012 10:42:03 +0000 (12:42 +0200)]
manager: -EINPROGRESS is a valid response for ConnectProvider
With VPN connections being handled by connman-vpnd, -EINPROGRESS is a
valid value to report to the caller if the VPN is already connecting.
Daniel Wagner [Thu, 6 Dec 2012 07:37:11 +0000 (08:37 +0100)]
session_policy_local: Create policy directory if necessary
Create the policy directory as first thing. If we don't do this
adding a watch on the non existing directory will fail and the
whole plugin is not loaded.
We need to figure out later how permissive the MODE of the directory
should be. Currently, we play safe and have it tied down.
Daniel Wagner [Wed, 5 Dec 2012 13:57:50 +0000 (14:57 +0100)]
session: Call callback directly when no plugin is assigned
When we have no plugin assigned we have to call the final
session callback directly.
Since __connman_session_create() doesn't know if a plugin was
called or not, create_policy_config() or __connman_session_create()
needs to free all allocated resources (also in the error path).
Daniel Wagner [Wed, 5 Dec 2012 13:57:49 +0000 (14:57 +0100)]
session: Add a cleanup function for the user config
This helps to make the error path more readable.
Daniel Wagner [Wed, 5 Dec 2012 13:57:48 +0000 (14:57 +0100)]
session: Move cleanup/destroy function up
We need to call those function from create_policy_config() therefore
more it in front of it.
Daniel Wagner [Wed, 5 Dec 2012 13:57:47 +0000 (14:57 +0100)]
session: Return error code from callback
In the case the callback is directly called we can use the
return value to provide it to the user.
Daniel Wagner [Wed, 5 Dec 2012 13:57:46 +0000 (14:57 +0100)]
session: Fix error case handling
There is no need to unref the pending message, because in all
cases we generate a reply message which takes care of unrefing
the message. Hence the dbus_message_unref() is not needed.
Furthermore, we need to pass the created error message to the bus
via g_dbus_send_message() so that the client gets always a response.
Daniel Wagner [Wed, 5 Dec 2012 13:57:45 +0000 (14:57 +0100)]
session: Fix error return code
The error codes propagated over D-Bus are non-negative values.
Daniel Wagner [Wed, 5 Dec 2012 13:57:44 +0000 (14:57 +0100)]
session: Remove notify watch
free_session() will be also called from the error path (e.g.
__connman_session_create()). In case we have added a watch
we need to disarm it.
Jukka Rissanen [Wed, 5 Dec 2012 11:11:41 +0000 (13:11 +0200)]
test: simple-agent must monitor vpn status
simple-agent needs to monitor vpnd status as vpnd can stop if there
are no vpn configured. When vpnd quits we must not quit the agent
as then wifi questions would not be asked from the user any more.
Patrik Flykt [Wed, 5 Dec 2012 13:33:43 +0000 (15:33 +0200)]
TODO: Add unit test task
Patrik Flykt [Wed, 5 Dec 2012 11:32:04 +0000 (13:32 +0200)]
build: Fix build to enable session-policy-local
Daniel Wagner [Wed, 5 Dec 2012 09:45:00 +0000 (11:45 +0200)]
session_policy: Remove dummy plugin
The default configuration will be created by the core if no
plugin is used. Therefore there is no need for this plugin.
Daniel Wagner [Wed, 5 Dec 2012 09:44:59 +0000 (11:44 +0200)]
session_policy_local: Rename session_policy_ivi
On popular request the plugin is renamed. The plugin is reading
local files and has nothing to do with IVI.
Daniel Wagner [Wed, 5 Dec 2012 09:44:58 +0000 (11:44 +0200)]
session_policy_ivi: Initialize variable and remove an unused one
Remove unused 'err' variable and properly initialize 'ident' for error cases.
Daniel Wagner [Wed, 5 Dec 2012 09:44:57 +0000 (11:44 +0200)]
build: Fix non-builtin session-plugin
The session ivi plugin needs to know where STORAGEDIR points to.
Jukka Rissanen [Mon, 3 Dec 2012 07:45:47 +0000 (09:45 +0200)]
dhcpv6: Memory leak when sending Option Request Option
Jukka Rissanen [Fri, 30 Nov 2012 13:51:12 +0000 (15:51 +0200)]
pptp: Header file was missing
Jukka Rissanen [Fri, 30 Nov 2012 13:51:11 +0000 (15:51 +0200)]
l2tp: Header file was missing
Patrik Flykt [Fri, 30 Nov 2012 12:10:03 +0000 (14:10 +0200)]
TODO: Add tasks for variable types and data structures
Jukka Rissanen [Fri, 30 Nov 2012 09:30:54 +0000 (11:30 +0200)]
pptp: Clear password when disconnecting
Jukka Rissanen [Fri, 30 Nov 2012 09:30:53 +0000 (11:30 +0200)]
l2tp: Clear password when disconnecting
Jukka Rissanen [Fri, 30 Nov 2012 09:30:51 +0000 (11:30 +0200)]
vpn: Driver disconnect needs provider information
The provider pointer needs to be passed to VPN driver when
disconnecting. Otherwise we cannot find the correct provider
that is being disconnected.
Jukka Rissanen [Fri, 30 Nov 2012 09:30:50 +0000 (11:30 +0200)]
vpn-provider: Unregister provider from dbus when freed
The provider object was not unregistered from dbus watch
when the provider was removed which caused free memory access
error.
Jukka Rissanen [Fri, 30 Nov 2012 09:30:49 +0000 (11:30 +0200)]
vpn-provider: Register agent driver
Jukka Rissanen [Fri, 30 Nov 2012 09:30:48 +0000 (11:30 +0200)]
agent: Release all agents when stopping
Jukka Rissanen [Fri, 30 Nov 2012 09:30:47 +0000 (11:30 +0200)]
pptp: Do not save the password
Jukka Rissanen [Fri, 30 Nov 2012 09:30:46 +0000 (11:30 +0200)]
l2tp: Do not save the password
Jukka Rissanen [Fri, 30 Nov 2012 09:30:45 +0000 (11:30 +0200)]
pptp: Ask username and password from agent
Jukka Rissanen [Fri, 30 Nov 2012 09:30:44 +0000 (11:30 +0200)]
l2tp: Ask username and password from agent
Jukka Rissanen [Fri, 30 Nov 2012 09:30:43 +0000 (11:30 +0200)]
vpn-agent: Routine to add username and password into agent dict
Jukka Rissanen [Fri, 30 Nov 2012 09:30:42 +0000 (11:30 +0200)]
openconnect: Add support for --no-cert-check client option
Jukka Rissanen [Fri, 30 Nov 2012 09:30:41 +0000 (11:30 +0200)]
openconnect: Domain pointer was used incorrectly
We must allocate the domain name from the heap and not
point to it directly because the dbus library will deallocate
it and we will have invalid memory access.
Jukka Rissanen [Fri, 30 Nov 2012 09:30:40 +0000 (11:30 +0200)]
test: Add vpn agent support into simple-agent
Jukka Rissanen [Fri, 30 Nov 2012 09:30:39 +0000 (11:30 +0200)]
openconnect: Add asking cookie from agent
It is possible to ask the cookie from agent for OpenConnect
VPN client. The agent should connect to VPN gateway, get the
HTML page, show the page in window or parse the HTML, then
allow user to feed the user id and passphrase and post the result.
The server will then return cookie to agent which should pass
the cookie to openconnect plugin in connman-vpnd daemon.
Jukka Rissanen [Fri, 30 Nov 2012 09:30:38 +0000 (11:30 +0200)]
vpn-agent: Add generic functions to add information into agent dict
Jukka Rissanen [Fri, 30 Nov 2012 09:30:37 +0000 (11:30 +0200)]
vpn: Make VPN plugin connection function async
This is needed as we want to ask user the passwords etc.
Jukka Rissanen [Fri, 30 Nov 2012 09:30:36 +0000 (11:30 +0200)]
vpn-provider: Add getter functions
Jukka Rissanen [Fri, 30 Nov 2012 09:30:35 +0000 (11:30 +0200)]
vpn: Add initial support for async connect
Needed for agent VPN support.
Jukka Rissanen [Fri, 30 Nov 2012 09:30:34 +0000 (11:30 +0200)]
doc: Describe VPN agent API
Luiz Augusto von Dentz [Tue, 27 Nov 2012 12:51:20 +0000 (14:51 +0200)]
gdbus: Add g_dbus_add_properties_watch function
Convenient function to create watches for D-Bus properties.
Lucas De Marchi [Thu, 29 Nov 2012 13:19:32 +0000 (11:19 -0200)]
gdbus: Don't automatically attach ObjectManager
Let each project attach the object manager interface instead of
registering it automatically.
Lucas De Marchi [Thu, 29 Nov 2012 13:19:31 +0000 (11:19 -0200)]
gdbus: Don't register DBus.Properties with no properties
Delay registering DBus.Properties interface until the moment there are
properties on that path. This is needed for objects that currently don't
expose any property to not export the interface.
Daniel Wagner [Thu, 29 Nov 2012 08:38:14 +0000 (09:38 +0100)]
build: Disable FORTIFY_SOURCE when optimization is disabled
The last fix was wrong. We need to use U_FORTIFY_SOURCE flag for this.
Patrik Flykt [Tue, 27 Nov 2012 11:48:30 +0000 (13:48 +0200)]
dnsproxy: Fix hash table comparison function to avoid crash
Jukka Rissanen [Mon, 26 Nov 2012 13:58:51 +0000 (15:58 +0200)]
build: Add VPN documentation files into dist tar file
Jukka Rissanen [Mon, 26 Nov 2012 12:47:23 +0000 (14:47 +0200)]
vpn-provider: VPN driver pointer was not cleared
When VPN driver is unregistered, we must clear the corresponding
pointer in provider struct. If this is not done we will have
already freed memory access in clean_provider() function.
Jukka Rissanen [Mon, 26 Nov 2012 12:47:12 +0000 (14:47 +0200)]
vpn-main: Plugin cleanup was not done
Jukka Rissanen [Mon, 26 Nov 2012 10:16:32 +0000 (12:16 +0200)]
vpn: Cleanup properly if vpn connect fails
Make sure that user callback data is cleared correctly
if vpn connect attempt fails.
Jukka Rissanen [Mon, 26 Nov 2012 13:29:29 +0000 (15:29 +0200)]
vpn: Cleanup vpn connections when vpnd dies
Jukka Rissanen [Mon, 26 Nov 2012 12:56:39 +0000 (14:56 +0200)]
vpn: Do not remove vpn connections hash when vpnd dies
We must keep the vpn connections hash alive as long as
connman is running. We must not remove the hash when
vpnd dies, otherwise we might feed null pointer to
various glib hash functions.
Patrik Flykt [Mon, 26 Nov 2012 13:40:02 +0000 (15:40 +0200)]
build: Fix up distribution dependencies in makefiles
Ensure all files needed at build time are added to the distribution
tar file, especially those for VPN. Files in any *_SOURCES variables
or ending with *.in are already covered.
Szymon Janc [Wed, 21 Nov 2012 10:21:03 +0000 (11:21 +0100)]
gdbus: Remove not needed NULL pointer checks
g_strdup returns NULL if argument passed is NULL and there is no need
to double check that.
Syam Sidhardhan [Tue, 23 Oct 2012 13:57:06 +0000 (19:27 +0530)]
gdbus: Replace leading spaces with tabs
Trivial formatting fix.
Syam Sidhardhan [Wed, 14 Nov 2012 13:07:10 +0000 (18:37 +0530)]
gdbus: Fix compilation error due to missing #defines
Since these are simple #define strings, we are defining it here
instead of upgrading to D-Bus 1.5 or later.
Log:
CC gdbus/object.o
gdbus/object.c: In function ‘properties_set’:
gdbus/object.c:876:7: error: ‘DBUS_ERROR_UNKNOWN_PROPERTY’ undeclared
(first use in this function)
gdbus/object.c:876:7: note: each undeclared identifier is reported
only once for each function it appears in
gdbus/object.c:881:6: error: ‘DBUS_ERROR_PROPERTY_READ_ONLY’
undeclared (first use in this function)
make[1]: *** [gdbus/object.o] Error 1
make: *** [all] Error 2
Lucas De Marchi [Wed, 17 Oct 2012 15:14:28 +0000 (12:14 -0300)]
gdbus: Remove connection from pending_property functions
The reply to a DBus.Properties.Set() method call should go through the
same D-Bus connection. Thus remove the DBusConnection parameter from the
following functions:
- g_dbus_pending_property_success()
- g_dbus_pending_property_error_valist()
- g_dbus_pending_property_error()
Johan Hedberg [Mon, 15 Oct 2012 10:21:11 +0000 (13:21 +0300)]
gdbus: Fix invalid memory access during interface removal
If an interface is removed from the root path during the same mainloop
iteration that it was added we need to check for data->added before
doing the check for data->parent == NULL in the remove_interface()
function. Otherwise the added interface doesn't get removed from the
data->added list and will result in accessing freed memory:
==337== Invalid read of size 8
==337== at 0x4F65AFA: dbus_message_iter_append_basic (in /usr/lib64/libdbus-1.so.3.7.1)
==337== by 0x1247B5: append_interface (object.c:556)
==337== by 0x4C8DC5C: g_slist_foreach (gslist.c:840)
==337== by 0x1261F7: process_changes (object.c:594)
==337== by 0x126372: generic_unregister (object.c:997)
==337== by 0x4F69669: ??? (in /usr/lib64/libdbus-1.so.3.7.1)
==337== by 0x4F5CE51: dbus_connection_unregister_object_path (in /usr/lib64/libdbus-1.so.3.7.1)
==337== by 0x125E81: object_path_unref (object.c:1236)
==337== by 0x126136: g_dbus_unregister_interface (object.c:1361)
==337== by 0x14CDF0: service_exit (service.c:581)
==337== by 0x177556: plugin_cleanup (plugin.c:242)
==337== by 0x12221F: main (main.c:559)
==337== Address 0x5bc1550 is 0 bytes inside a block of size 56 free'd
==337== at 0x4A079AE: free (vg_replace_malloc.c:427)
==337== by 0x4C7850E: g_free (gmem.c:252)
==337== by 0x125DB0: remove_interface (object.c:671)
==337== by 0x125E3B: object_path_unref (object.c:1230)
==337== by 0x126136: g_dbus_unregister_interface (object.c:1361)
==337== by 0x14CDF0: service_exit (service.c:581)
==337== by 0x177556: plugin_cleanup (plugin.c:242)
==337== by 0x12221F: main (main.c:559)
Johan Hedberg [Fri, 12 Oct 2012 08:55:37 +0000 (10:55 +0200)]
gdbus: Add g_dbus_get_properties function
This function can be used to construct custom D-Bus messages containing
the properties for a specific interface on a given path.
Johan Hedberg [Thu, 11 Oct 2012 09:53:27 +0000 (11:53 +0200)]
gdbus: Add support for invalidated properties
If there's a pending property but its exists() callback returns false
the property should be considered invalidated and included in the
relevant list of the PropertiesChanged signal.
Johan Hedberg [Mon, 8 Oct 2012 12:36:12 +0000 (14:36 +0200)]
gdbus: Fix processing pending properties in remove_interface()
Lucas De Marchi [Sat, 6 Oct 2012 07:02:35 +0000 (04:02 -0300)]
gdbus: Fix up Properties.Set() code path
Minor fixes to make setter actually work:
- Add propdata in pending_property_set
- Break loop when we are removing propdata from list and we
found it
- in_args and out_args were swapped
- interface and method name arguments were swapped
Lucas De Marchi [Thu, 4 Oct 2012 20:42:33 +0000 (17:42 -0300)]
gdbus: Fix invalid memory access while unregistering
If an interface is added and removed on the same mailoop iteration,
ObjectManager would try to send InterfacesAdded signal while running the
idler because the interface was added to data->added list.
This is easily reproduced by forcing an error path in a plugin
registration, like on sap_server_register(), resulting in the following
error:
==11795== Invalid read of size 4
==11795== at 0x496F592: dbus_message_iter_append_basic (dbus-message.c:2598)
==11795== by 0x117B39: append_interface (object.c:554)
==11795== by 0x48955E7: g_slist_foreach (gslist.c:840)
==11795== by 0x11923B: process_changes (object.c:592)
==11795== by 0x11956D: generic_unregister (object.c:980)
==11795== by 0x4973BAC: _dbus_object_tree_unregister_and_unlock (dbus-object-tree.c:516)
==11795== by 0x4965240: dbus_connection_unregister_object_path (dbus-connection.c:5776)
==11795== by 0x1178A5: object_path_unref (object.c:1219)
==11795== by 0x118517: g_dbus_unregister_interface (object.c:1344)
==11795== by 0x19AF5B: sap_exit (sap.c:385)
==11795== by 0x13E9E2: sap_server_register (server.c:1428)
==11795== by 0x13C092: sap_server_probe (manager.c:44)
With this patch we don't send the InterfacesAdded signal, removing it
from data->added while unregistering.
Lucas De Marchi [Thu, 4 Oct 2012 07:26:37 +0000 (04:26 -0300)]
gdbus: Implement PropertiesChanged signal
Luiz Augusto von Dentz [Thu, 4 Oct 2012 07:26:36 +0000 (04:26 -0300)]
gdbus: Simplify code for appending properties
This reuse append_properties for GetAll and GetManagedObjects
Luiz Augusto von Dentz [Thu, 4 Oct 2012 07:26:35 +0000 (04:26 -0300)]
gdbus: Integrates ObjectManager with Properties interface
This appends the properties and its values when using ObjectManager.
Luiz Augusto von Dentz [Thu, 4 Oct 2012 07:26:34 +0000 (04:26 -0300)]
gdbus: Only export ObjectManager interface on root path
ObjectManager should be exported only in the root path and list all
the children paths.
Luiz Augusto von Dentz [Thu, 4 Oct 2012 07:26:33 +0000 (04:26 -0300)]
gdbus: Group interface changes to reduce the amount of signals emitted
InterfacesAdded and InterfacesRemoved can group all the interfaces
changes together in one message.
Luiz Augusto von Dentz [Thu, 4 Oct 2012 07:26:32 +0000 (04:26 -0300)]
gdbus: Add support for org.freedesktop.DBus.ObjectManager interface
This implements initial support for ObjectManager, it automatically adds
objects to its parents so no action is needed by daemons to get their
objects managed by this interface.
ObjectManager is part of D-Bus spec since revision 0.17:
http://dbus.freedesktop.org/doc/dbus-specification.html#standard-interfaces-objectmanager
Lucas De Marchi [Thu, 4 Oct 2012 07:26:31 +0000 (04:26 -0300)]
gdbus: Add properties into Introspectable interface
Lucas De Marchi [Thu, 4 Oct 2012 07:26:30 +0000 (04:26 -0300)]
gdbus: Implement DBus.Properties.Set method
Contrary to Get() and GetAll(), Set() is asynchronous so we pass an id
to the setter so later it can declare the Set() as successful or
otherwise.
Lucas De Marchi [Thu, 4 Oct 2012 07:26:29 +0000 (04:26 -0300)]
gdbus: Implement DBus.Properties.GetAll method
Lucas De Marchi [Thu, 4 Oct 2012 07:26:28 +0000 (04:26 -0300)]
gdbus: Implement DBus.Properties.Get method
Lucas De Marchi [Thu, 4 Oct 2012 07:26:27 +0000 (04:26 -0300)]
gdbus: Add skeleton of DBus.Properties interface
This interface is responsible for handling properties of all objects in
a given path. Right now it only registers itself, doing nothing useful.
A conversion to this new layout will be done by subsequent patches.
org.freedesktop.org.DBus.Properties spec can be found at
http://dbus.freedesktop.org/doc/dbus-specification.html#standard-interfaces-properties
Lucas De Marchi [Thu, 4 Oct 2012 07:26:26 +0000 (04:26 -0300)]
gdbus: Use macros to add annotations
Besides being more readable this way it avoids going over 80 chars.
Lucas De Marchi [Thu, 4 Oct 2012 07:26:25 +0000 (04:26 -0300)]
gdbus: Move typedefs up
Move the typedefs up so they can be used by functions and callbacks.
Jukka Rissanen [Wed, 31 Oct 2012 09:05:58 +0000 (11:05 +0200)]
TODO: systemd no longer log twice to syslog
Fixed by
295cc8b57ce12257a9e90ea2e15e0d610e072e0a
Daniel Wagner [Tue, 13 Nov 2012 16:28:15 +0000 (17:28 +0100)]
session_policy_ivi: Implement policy load function
If config file should also be parsed and the values then stored in
the config object.
Daniel Wagner [Wed, 14 Nov 2012 16:16:39 +0000 (17:16 +0100)]
session_policy_ivi: Watch for changes on policy files
Monitor changes on the config files. Either create, modify or destroy
them according the events we get from the inotify interface.
Daniel Wagner [Fri, 2 Nov 2012 16:26:22 +0000 (17:26 +0100)]
session_policy_ivi: Add hash table to track idents
Introduce the second hash table which tracks the config object lifetime
based on the file existens. The parsing of the file and creation of the
config object is part of the next patch.
Daniel Wagner [Fri, 2 Nov 2012 16:26:21 +0000 (17:26 +0100)]
session_policy_ivi: Create session config
The policy data object is refcounted because the policy data
object can be created either through the session core or
from the file based policy. In order to avoid complex logic
which tries to figure out when to is safe to destroy the object
we just fall back to refcountig.
polich_hash is the owner of the policy object. When a object is
created it is stored there. The key is the identitfier. Since the
session core does not know about the identifier we introduce
an additional hash table which maps from session pointer to the policy
object.
Daniel Wagner [Fri, 2 Nov 2012 16:26:20 +0000 (17:26 +0100)]
session_policy_ivi: Get SELinux context of session owner
Daniel Wagner [Fri, 2 Nov 2012 16:26:19 +0000 (17:26 +0100)]
session_policy_ivi: Add policy plugin for IVI
Add only the empty 'framework'. In the following patches we add
step by step the implementation.
Daniel Wagner [Fri, 2 Nov 2012 16:26:18 +0000 (17:26 +0100)]
session: Don't filter match all out
If the user provides the match all rule we should add the policy
bearer to the result.
Daniel Wagner [Fri, 2 Nov 2012 16:26:17 +0000 (17:26 +0100)]
session: Store user AllowedBearers configuration
Don't overwrite the user provided AllowedBearers
configuration. Instead just store it at session level. So we always
will apply the bearer filter on the user input.
Obviously, this might need some more improvements on how we want
to handle the AllowedBearers behavior when the policy plugin and
the application provide a configuration. For exmaple should
we update the AllowedBearers if the policy changes or just always
show only the user input. This patch is not perfect but it
improves the situation clearly.
Daniel Wagner [Tue, 13 Nov 2012 08:01:48 +0000 (09:01 +0100)]
session: Factor out set default config helper
Whenever a configuration gets invalid (e.g. a configuration
is removed) then we need to be able to drop back to the
default configutation.
Daniel Wagner [Fri, 2 Nov 2012 16:26:16 +0000 (17:26 +0100)]
session: Export session parsing functions
We want to reuse these functions.
Daniel Wagner [Fri, 2 Nov 2012 16:26:15 +0000 (17:26 +0100)]
session: Add getter for session owner
Daniel Wagner [Wed, 14 Nov 2012 13:48:57 +0000 (14:48 +0100)]
session: Add destroy function for plugins
The error handling can get easily get pretty hairy, e.g.
reallocating memory for allowed_bearers. If we hit this situation
we allow the plugin to shutdown the session. That is consistent
with what we do when there is a problem while creating a new
session.
Daniel Wagner [Fri, 2 Nov 2012 16:26:14 +0000 (17:26 +0100)]
session: Add sessions config update function
Give a policy plugin a way to inform the session core that
some of the config values have changed.
This could be done in a more clever way, e.g. figure out only
to update the necessary info entries but we keep it for now
as simple and assume everthing has changed.
Daniel Wagner [Fri, 2 Nov 2012 16:26:13 +0000 (17:26 +0100)]
dbus: Add SELinux support
ConnMan needs to identify application in a secure way when they are
using the Session API. The current D-Bus server implemention supports
two types of LSM, POSIX and SELinux. In order to support SMACK or
TOMOYO the D-Bus code base needs to be patch. This is the initial work
to support at least POSIX and SELinux. Maybe in the future we are able
to support also the other LSMs.
The idea behind gsec is to keep the LSM related code together in one
directory. The API introduces in this patch is not any way final. It
will need some more time figuring out how are able to intregrate this
in a nice way.
The current API introduces g_sec_get_selinux_label() which will return
the SELinux context. The function will issuing a
GetConnectionSELinuxSecurityContext method call.
Note, that this function is not documented in the D-Bus
specification. See for more details the source code dbus/bus/drivers.c
and dbus/bus/selinux.c in the D-Bus reference implementation.
Daniel Wagner [Tue, 13 Nov 2012 12:50:03 +0000 (13:50 +0100)]
inotify: Watch out for files moved to/from watched dirs
When we do not watch watch for IN_MOVED_TO or IN_MOVED_FROM we can
easily inconsistent. The user creates a file and moves it then
from the watched directory. We wouldn't see this change and therefore
keep the configuration. That is a rather anoying behavoir
for the policy plugin.
Daniel Wagner [Fri, 2 Nov 2012 16:26:12 +0000 (17:26 +0100)]
inotify: Move inotify code into its own file
The inotify code will be used by the core (config.c) and the session
policy plugin. We introduce a new API for file modifcation
notifcation.
We move the factored out code part from the last patch into a new file
and also change the inotify code so that it allows to monitor not only
STORAGEDIR. When registering a new observer, the callee has to tell
which directory should be watched. inotify.c will group the observers
together.
Daniel Wagner [Fri, 2 Nov 2012 16:26:11 +0000 (17:26 +0100)]
config: Factor out config inotify handler
The inotify code can be reused. So before we introduce a new generic
inotify API, let's factor out in order to simplify the review process.
Daniel Wagner [Fri, 2 Nov 2012 16:26:10 +0000 (17:26 +0100)]
build: No FORTIFY flags when building without optimization
When building with --disable-optimiziation we need to make
sure the compiler flags do not include -O0 and FORTITFY when compiling
the resolv.h header file.
Jukka Rissanen [Fri, 23 Nov 2012 11:41:22 +0000 (13:41 +0200)]
provider: Set the state properly when removing provider
We need to set the provider into idle state when removing,
otherwise the default route will not be set properly after
provider removal.
Fixes BMC#25658
Jukka Rissanen [Fri, 23 Nov 2012 11:39:33 +0000 (13:39 +0200)]
openvpn-script: Removed extra empty line
Jukka Rissanen [Fri, 23 Nov 2012 11:39:32 +0000 (13:39 +0200)]
doc: Clarify UserRoutes and ServerRoutes documentation
As the UserRoutes is to be set by the user, then tell that
in the documentation.
Clarify also what the ServerRoutes mean.
Jukka Rissanen [Thu, 22 Nov 2012 12:05:19 +0000 (14:05 +0200)]
openvpn: Set default options if user has not supplied a config file
If the user is using config file option, then do not set the optional
default options. All the mandatory options needed for connman and
openvpn interaction are still set in command line.