From 5775865e20d4485290a5ab7dcda234367a629800 Mon Sep 17 00:00:00 2001 From: hyunuktak Date: Thu, 17 Mar 2016 11:41:51 +0900 Subject: [PATCH 01/16] Added some comments to exclude coverage Change-Id: I527291696adce551af861236a0dbf829699bc9e9 Signed-off-by: hyunuktak --- framework/CMakeLists.txt | 2 +- framework/src/capi_vpn_service.c | 278 +++++++++++++++++++------------------- packaging/capi-vpn-service.spec | 2 +- packaging/dbus-vpnsvc-daemon.conf | 6 +- 4 files changed, 144 insertions(+), 144 deletions(-) diff --git a/framework/CMakeLists.txt b/framework/CMakeLists.txt index a01be18..6d619d5 100755 --- a/framework/CMakeLists.txt +++ b/framework/CMakeLists.txt @@ -25,7 +25,7 @@ FOREACH(flag ${${PACKAGE_NAME}_CFLAGS}) ENDFOREACH(flag) # Compiler flags -SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} -fPIC -Wall -fvisibility=hidden") +SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} -fPIC -Wall -fvisibility=hidden -fprofile-arcs -ftest-coverage") SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${EXTRA_CFLAGS}") SET(CMAKE_C_FLAGS_DEBUG "-O0 -g") diff --git a/framework/src/capi_vpn_service.c b/framework/src/capi_vpn_service.c index a4ae8de..2afd277 100755 --- a/framework/src/capi_vpn_service.c +++ b/framework/src/capi_vpn_service.c @@ -41,19 +41,19 @@ int _vpnsvc_check_feature_supported(const char *feature_name) { if (is_feature_checked) { if (!feature_supported) { - LOGE("%s feature is disabled", feature_name); - return VPNSVC_ERROR_NOT_SUPPORTED; + LOGE("%s feature is disabled", feature_name); //LCOV_EXCL_LINE + return VPNSVC_ERROR_NOT_SUPPORTED; //LCOV_EXCL_LINE } } else { if (!system_info_get_platform_bool(feature_name, &feature_supported)) { is_feature_checked = true; if (!feature_supported) { - LOGE("%s feature is disabled", feature_name); - return VPNSVC_ERROR_NOT_SUPPORTED; + LOGE("%s feature is disabled", feature_name); //LCOV_EXCL_LINE + return VPNSVC_ERROR_NOT_SUPPORTED; //LCOV_EXCL_LINE } } else { - LOGE("Error - Feature getting from System Info"); - return VPNSVC_ERROR_IO_ERROR; + LOGE("Error - Feature getting from System Info"); //LCOV_EXCL_LINE + return VPNSVC_ERROR_IO_ERROR; //LCOV_EXCL_LINE } } @@ -66,8 +66,8 @@ static void _vpnsvc_init_vpnsvc_tun_s(vpnsvc_tun_s **s) if (s == NULL) return; if (*s != NULL) { - LOGE("Can't Initialize vpnsvc_tun_s: %p", *s); - return; + LOGE("Can't Initialize vpnsvc_tun_s: %p", *s); //LCOV_EXCL_LINE + return; //LCOV_EXCL_LINE } *s = (vpnsvc_tun_s*)g_malloc0(sizeof(vpnsvc_tun_s)); @@ -81,8 +81,8 @@ static void _vpnsvc_init_vpnsvc_tun_s(vpnsvc_tun_s **s) connection = g_bus_get_sync(G_BUS_TYPE_SYSTEM, NULL, &error); if (error != NULL) { - LOGE("Error creating Connection: %s", error->message); - g_error_free(error); + LOGE("Error creating Connection: %s", error->message); //LCOV_EXCL_LINE + g_error_free(error); //LCOV_EXCL_LINE } else { LOGD("Created Connection: %p", connection); (*s)->connection = connection; @@ -126,9 +126,9 @@ GVariant *_vpnsvc_invoke_dbus_method(GDBusConnection *connection, LOGD("Method Call() dest=%s path=%s iface=%s method=%s", dest, path, interface_name, method); if (connection == NULL) { - LOGD("GDBusconnection is NULL"); - *dbus_error = VPNSVC_ERROR_IO_ERROR; - return reply; + LOGD("GDBusconnection is NULL"); //LCOV_EXCL_LINE + *dbus_error = VPNSVC_ERROR_IO_ERROR; //LCOV_EXCL_LINE + return reply; //LCOV_EXCL_LINE } reply = g_dbus_connection_call_sync(connection, @@ -145,13 +145,13 @@ GVariant *_vpnsvc_invoke_dbus_method(GDBusConnection *connection, if (reply == NULL) { if (error != NULL) { - LOGE("g_dbus_connection_call_sync() failed" + LOGE("g_dbus_connection_call_sync() failed" //LCOV_EXCL_LINE "error [%d: %s]", error->code, error->message); - *dbus_error = VPNSVC_ERROR_IO_ERROR; - g_error_free(error); + *dbus_error = VPNSVC_ERROR_IO_ERROR; //LCOV_EXCL_LINE + g_error_free(error); //LCOV_EXCL_LINE } else { - LOGE("g_dbus_connection_call_sync() failed"); - *dbus_error = VPNSVC_ERROR_IPC_FAILED; + LOGE("g_dbus_connection_call_sync() failed"); //LCOV_EXCL_LINE + *dbus_error = VPNSVC_ERROR_IPC_FAILED; //LCOV_EXCL_LINE } return NULL; @@ -172,24 +172,24 @@ GVariant *_vpnsvc_invoke_dbus_method_with_fd(GDBusConnection *connection, LOGD("Method Call() dest=%s path=%s iface=%s method=%s fd=%d", dest, path, interface_name, method, fd); if (connection == NULL) { - LOGD("GDBusconnection is NULL"); - *dbus_error = VPNSVC_ERROR_IO_ERROR; - return reply; + LOGD("GDBusconnection is NULL"); //LCOV_EXCL_LINE + *dbus_error = VPNSVC_ERROR_IO_ERROR; //LCOV_EXCL_LINE + return reply; //LCOV_EXCL_LINE } /* Setting the fd_list */ fd_list = g_unix_fd_list_new(); if (fd_list == NULL) { - LOGE("g_unix_fd_list_new() failed!"); - return NULL; + LOGE("g_unix_fd_list_new() failed!"); //LCOV_EXCL_LINE + return NULL; //LCOV_EXCL_LINE } g_unix_fd_list_append(fd_list, fd, &error); if (error != NULL) { - LOGE("g_unix_fd_list_append() failed" + LOGE("g_unix_fd_list_append() failed" //LCOV_EXCL_LINE "error [%d: %s]", error->code, error->message); - *dbus_error = VPNSVC_ERROR_IO_ERROR; - g_error_free(error); - return NULL; + *dbus_error = VPNSVC_ERROR_IO_ERROR; //LCOV_EXCL_LINE + g_error_free(error); //LCOV_EXCL_LINE + return NULL; //LCOV_EXCL_LINE } reply = g_dbus_connection_call_with_unix_fd_list_sync(connection, @@ -208,13 +208,13 @@ GVariant *_vpnsvc_invoke_dbus_method_with_fd(GDBusConnection *connection, if (reply == NULL) { if (error != NULL) { - LOGE("g_dbus_connection_call_sync() failed" + LOGE("g_dbus_connection_call_sync() failed" //LCOV_EXCL_LINE "error [%d: %s]", error->code, error->message); - *dbus_error = VPNSVC_ERROR_IO_ERROR; - g_error_free(error); + *dbus_error = VPNSVC_ERROR_IO_ERROR; //LCOV_EXCL_LINE + g_error_free(error); //LCOV_EXCL_LINE } else { - LOGE("g_dbus_connection_call_sync() failed"); - *dbus_error = VPNSVC_ERROR_IPC_FAILED; + LOGE("g_dbus_connection_call_sync() failed"); //LCOV_EXCL_LINE + *dbus_error = VPNSVC_ERROR_IPC_FAILED; //LCOV_EXCL_LINE } return NULL; @@ -258,9 +258,9 @@ EXPORT_API int vpnsvc_init(const char* iface_name, vpnsvc_h *handle) &dbus_result); if (op == NULL) { - _vpnsvc_deinit_vpnsvc_tun_s(tmp_s); - LOGD("Service [%s] Start Failed!", VPNSVC_DBUS_SERVICE_NAME); - return VPNSVC_ERROR_IPC_FAILED; + _vpnsvc_deinit_vpnsvc_tun_s(tmp_s); //LCOV_EXCL_LINE + LOGD("Service [%s] Start Failed!", VPNSVC_DBUS_SERVICE_NAME); //LCOV_EXCL_LINE + return VPNSVC_ERROR_IPC_FAILED; //LCOV_EXCL_LINE } else { unsigned int status = 0; g_variant_get(op, "(u)", &status); @@ -269,20 +269,20 @@ EXPORT_API int vpnsvc_init(const char* iface_name, vpnsvc_h *handle) } else if (2 == status) { /* DBUS_START_REPLY_ALREADY_RUNNING */ LOGD("Service [%s] Already Running!", VPNSVC_DBUS_SERVICE_NAME); } else { - LOGD("Service [%s] Not Started! Status[%d]", VPNSVC_DBUS_SERVICE_NAME, status); - g_variant_unref(op); - op = NULL; - _vpnsvc_deinit_vpnsvc_tun_s(tmp_s); - return VPNSVC_ERROR_IO_ERROR; + LOGD("Service [%s] Not Started! Status[%d]", VPNSVC_DBUS_SERVICE_NAME, status); //LCOV_EXCL_LINE + g_variant_unref(op); //LCOV_EXCL_LINE + op = NULL; //LCOV_EXCL_LINE + _vpnsvc_deinit_vpnsvc_tun_s(tmp_s); //LCOV_EXCL_LINE + return VPNSVC_ERROR_IO_ERROR; //LCOV_EXCL_LINE } g_variant_unref(op); op = NULL; } if ((iface_fd = open("/dev/net/tun", O_RDWR)) < 0) { - LOGE("tun device open fail\n"); - _vpnsvc_deinit_vpnsvc_tun_s(tmp_s); - return VPNSVC_ERROR_IO_ERROR; + LOGE("tun device open fail\n"); //LCOV_EXCL_LINE + _vpnsvc_deinit_vpnsvc_tun_s(tmp_s); //LCOV_EXCL_LINE + return VPNSVC_ERROR_IO_ERROR; //LCOV_EXCL_LINE } LOGD("client iface_fd : %d", iface_fd); @@ -297,18 +297,18 @@ EXPORT_API int vpnsvc_init(const char* iface_name, vpnsvc_h *handle) &dbus_result); if (op == NULL) { - close(iface_fd); - _vpnsvc_deinit_vpnsvc_tun_s(tmp_s); - return VPNSVC_ERROR_IPC_FAILED; + close(iface_fd); //LCOV_EXCL_LINE + _vpnsvc_deinit_vpnsvc_tun_s(tmp_s); //LCOV_EXCL_LINE + return VPNSVC_ERROR_IPC_FAILED; //LCOV_EXCL_LINE } else { int tmp_index; char* tmp_name; g_variant_get(op, "(iis)", &result, &tmp_index, &tmp_name); if (result != VPNSVC_ERROR_NONE) { - LOGE("vpnsvc_init() failed"); - _vpnsvc_deinit_vpnsvc_tun_s(tmp_s); - result = VPNSVC_ERROR_IPC_FAILED; + LOGE("vpnsvc_init() failed"); //LCOV_EXCL_LINE + _vpnsvc_deinit_vpnsvc_tun_s(tmp_s); //LCOV_EXCL_LINE + result = VPNSVC_ERROR_IPC_FAILED; //LCOV_EXCL_LINE } else { LOGD("vpnsvc_init() succeed"); tmp_s->fd = iface_fd; /* client fd must be set */ @@ -339,8 +339,8 @@ EXPORT_API int vpnsvc_deinit(vpnsvc_h handle) /* parameter check */ if (handle == NULL) { - LOGE("handle is a NULL"); - return VPNSVC_ERROR_INVALID_PARAMETER; + LOGE("handle is a NULL"); //LCOV_EXCL_LINE + return VPNSVC_ERROR_INVALID_PARAMETER; //LCOV_EXCL_LINE } tun_s = (vpnsvc_tun_s*)handle; @@ -356,18 +356,18 @@ EXPORT_API int vpnsvc_deinit(vpnsvc_h handle) &dbus_result); if (op == NULL) { - return VPNSVC_ERROR_IPC_FAILED; + return VPNSVC_ERROR_IPC_FAILED; //LCOV_EXCL_LINE } else { g_variant_get(op, "(i)", &result); if (result != VPNSVC_ERROR_NONE) - LOGE("vpn_deinit() failed"); + LOGE("vpn_deinit() failed"); //LCOV_EXCL_LINE else LOGD("vpn_deinit() succeed"); } if (close(tun_s->fd) != 0) { - LOGE("tun fd close : %s", strerror_r(errno, buf, BUF_SIZE_FOR_ERR)); - return VPNSVC_ERROR_IO_ERROR; + LOGE("tun fd close : %s", strerror_r(errno, buf, BUF_SIZE_FOR_ERR)); //LCOV_EXCL_LINE + return VPNSVC_ERROR_IO_ERROR; //LCOV_EXCL_LINE } else LOGD("tun fd close success"); @@ -388,16 +388,16 @@ EXPORT_API int vpnsvc_protect(vpnsvc_h handle, int socket_fd, const char* iface_ /* parameter check */ if (handle == NULL) { - LOGE("handle is a NULL"); - return VPNSVC_ERROR_INVALID_PARAMETER; + LOGE("handle is a NULL"); //LCOV_EXCL_LINE + return VPNSVC_ERROR_INVALID_PARAMETER; //LCOV_EXCL_LINE } tun_s = (vpnsvc_tun_s*)handle; LOGD("enter vpnsvc_protect, socket : %d, dev_name : %s", socket_fd, iface_name); if (tun_s->connection == NULL) { - LOGE("Connection Object is NULL"); - return VPNSVC_ERROR_INVALID_PARAMETER; + LOGE("Connection Object is NULL"); //LCOV_EXCL_LINE + return VPNSVC_ERROR_INVALID_PARAMETER; //LCOV_EXCL_LINE } /* call vpnsvc_protect */ @@ -411,12 +411,12 @@ EXPORT_API int vpnsvc_protect(vpnsvc_h handle, int socket_fd, const char* iface_ &dbus_result); if (op == NULL) { - return VPNSVC_ERROR_IPC_FAILED; + return VPNSVC_ERROR_IPC_FAILED; //LCOV_EXCL_LINE } else { g_variant_get(op, "(i)", &result); if (result != VPNSVC_ERROR_NONE) - LOGE("vpn_protect() failed"); + LOGE("vpn_protect() failed"); //LCOV_EXCL_LINE else LOGD("vpn_protect() succeed"); } @@ -441,24 +441,24 @@ EXPORT_API int vpnsvc_up(vpnsvc_h handle, const char* local_ip, const char* remo /* parameter check */ if (handle == NULL) { - LOGE("handle is a NULL"); - return VPNSVC_ERROR_INVALID_PARAMETER; + LOGE("handle is a NULL"); //LCOV_EXCL_LINE + return VPNSVC_ERROR_INVALID_PARAMETER; //LCOV_EXCL_LINE } tun_s = (vpnsvc_tun_s*)handle; LOGD("enter vpnsvc_up"); if (tun_s->index <= 0) { - LOGE("invalid handle"); - return VPNSVC_ERROR_INVALID_PARAMETER; + LOGE("invalid handle"); //LCOV_EXCL_LINE + return VPNSVC_ERROR_INVALID_PARAMETER; //LCOV_EXCL_LINE } else if (tun_s->connection == NULL) { - LOGE("Connection Object is NULL"); - return VPNSVC_ERROR_INVALID_PARAMETER; + LOGE("Connection Object is NULL"); //LCOV_EXCL_LINE + return VPNSVC_ERROR_INVALID_PARAMETER; //LCOV_EXCL_LINE } if (local_ip == NULL || remote_ip == NULL) { - LOGE("local and remote ip are invalid"); - return VPNSVC_ERROR_INVALID_PARAMETER; + LOGE("local and remote ip are invalid"); //LCOV_EXCL_LINE + return VPNSVC_ERROR_INVALID_PARAMETER; //LCOV_EXCL_LINE } LOGD("iface_index %d", tun_s->index); @@ -468,8 +468,8 @@ EXPORT_API int vpnsvc_up(vpnsvc_h handle, const char* local_ip, const char* remo g_variant_builder_init(&route_builder, G_VARIANT_TYPE("a{si}")); for (i = 0 ; i < num_routes ; i++) { if (strlen(routes_dest_add[i]) <= 0) { - LOGE("invalid dest[%d]", i); - return VPNSVC_ERROR_INVALID_PARAMETER; + LOGE("invalid dest[%d]", i); //LCOV_EXCL_LINE + return VPNSVC_ERROR_INVALID_PARAMETER; //LCOV_EXCL_LINE } g_variant_builder_add(&route_builder, "{si}", routes_dest_add[i], routes_prefix[i]); LOGD("dest[%d] : %s", i, routes_dest_add[i]); @@ -481,8 +481,8 @@ EXPORT_API int vpnsvc_up(vpnsvc_h handle, const char* local_ip, const char* remo g_variant_builder_init(&dns_builder, G_VARIANT_TYPE("as")); for (i = 0 ; i < num_dns_servers ; i++) { if (strlen(dns_servers[i]) <= 0) { - LOGE("invalid dns_servers[%d]", i); - return VPNSVC_ERROR_INVALID_PARAMETER; + LOGE("invalid dns_servers[%d]", i); //LCOV_EXCL_LINE + return VPNSVC_ERROR_INVALID_PARAMETER; //LCOV_EXCL_LINE } LOGD("dns_servers[%d] : %s", i, dns_servers[i]); g_variant_builder_add(&dns_builder, "s", dns_servers[i]); @@ -502,11 +502,11 @@ EXPORT_API int vpnsvc_up(vpnsvc_h handle, const char* local_ip, const char* remo &dbus_result); if (op == NULL) { - return VPNSVC_ERROR_IPC_FAILED; + return VPNSVC_ERROR_IPC_FAILED; //LCOV_EXCL_LINE } else { g_variant_get(op, "(i)", &result); if (result != VPNSVC_ERROR_NONE) - LOGE("vpn_up() failed"); + LOGE("vpn_up() failed"); //LCOV_EXCL_LINE else LOGD("vpn_up() succeed"); } @@ -524,22 +524,22 @@ EXPORT_API int vpnsvc_down(vpnsvc_h handle) /* parameter check */ if (handle == NULL) { - LOGE("handle is a NULL"); - return VPNSVC_ERROR_INVALID_PARAMETER; + LOGE("handle is a NULL"); //LCOV_EXCL_LINE + return VPNSVC_ERROR_INVALID_PARAMETER; //LCOV_EXCL_LINE } tun_s = (vpnsvc_tun_s*)handle; LOGD("enter vpnsvc_down"); if (tun_s == NULL) { - LOGE("handle is a NULL"); - return VPNSVC_ERROR_INVALID_PARAMETER; + LOGE("handle is a NULL"); //LCOV_EXCL_LINE + return VPNSVC_ERROR_INVALID_PARAMETER; //LCOV_EXCL_LINE } else if (tun_s->index <= 0) { - LOGE("invalid handle"); - return VPNSVC_ERROR_INVALID_PARAMETER; + LOGE("invalid handle"); //LCOV_EXCL_LINE + return VPNSVC_ERROR_INVALID_PARAMETER; //LCOV_EXCL_LINE } else if (tun_s->connection == NULL) { - LOGE("Connection Object is NULL"); - return VPNSVC_ERROR_INVALID_PARAMETER; + LOGE("Connection Object is NULL"); //LCOV_EXCL_LINE + return VPNSVC_ERROR_INVALID_PARAMETER; //LCOV_EXCL_LINE } op = _vpnsvc_invoke_dbus_method(tun_s->connection, @@ -551,11 +551,11 @@ EXPORT_API int vpnsvc_down(vpnsvc_h handle) &dbus_result); if (op == NULL) { - return VPNSVC_ERROR_IPC_FAILED; + return VPNSVC_ERROR_IPC_FAILED; //LCOV_EXCL_LINE } else { g_variant_get(op, "(i)", &result); if (result != VPNSVC_ERROR_NONE) - LOGE("vpn_down() failed"); + LOGE("vpn_down() failed"); //LCOV_EXCL_LINE else LOGD("vpn_down() succeed"); } @@ -576,14 +576,14 @@ EXPORT_API int vpnsvc_read(vpnsvc_h handle, int timeout_ms) /* parameter check */ if (handle == NULL) { - LOGE("handle is a NULL"); - return VPNSVC_ERROR_INVALID_PARAMETER; + LOGE("handle is a NULL"); //LCOV_EXCL_LINE + return VPNSVC_ERROR_INVALID_PARAMETER; //LCOV_EXCL_LINE } tun_s = (vpnsvc_tun_s*)handle; if (tun_s->fd <= 0) { - LOGE("invalid handle"); - return VPNSVC_ERROR_INVALID_PARAMETER; + LOGE("invalid handle"); //LCOV_EXCL_LINE + return VPNSVC_ERROR_INVALID_PARAMETER; //LCOV_EXCL_LINE } /* listen for events */ @@ -596,11 +596,11 @@ EXPORT_API int vpnsvc_read(vpnsvc_h handle, int timeout_ms) LOGD("Data is available now.\n"); ret = VPNSVC_ERROR_NONE; } else if (retVal == 0) { - LOGD("No data within %d ms\n", timeout_ms); - ret = VPNSVC_ERROR_TIMEOUT; + LOGD("No data within %d ms\n", timeout_ms); //LCOV_EXCL_LINE + ret = VPNSVC_ERROR_TIMEOUT; //LCOV_EXCL_LINE } else { - LOGE("select failed\n"); - ret = VPNSVC_ERROR_IO_ERROR; + LOGE("select failed\n"); //LCOV_EXCL_LINE + ret = VPNSVC_ERROR_IO_ERROR; //LCOV_EXCL_LINE } return ret; @@ -615,14 +615,14 @@ EXPORT_API int vpnsvc_write(vpnsvc_h handle, const char* data, size_t size) /* parameter check */ if (handle == NULL) { - LOGE("handle is a NULL"); - return VPNSVC_ERROR_INVALID_PARAMETER; + LOGE("handle is a NULL"); //LCOV_EXCL_LINE + return VPNSVC_ERROR_INVALID_PARAMETER; //LCOV_EXCL_LINE } tun_s = (vpnsvc_tun_s*)handle; if (tun_s->fd <= 0) { - LOGE("invalid handle"); - return VPNSVC_ERROR_INVALID_PARAMETER; + LOGE("invalid handle"); //LCOV_EXCL_LINE + return VPNSVC_ERROR_INVALID_PARAMETER; //LCOV_EXCL_LINE } return write(tun_s->fd, data, size); @@ -650,16 +650,16 @@ EXPORT_API int vpnsvc_block_networks(vpnsvc_h handle, /* parameter check */ if (handle == NULL) { - LOGE("handle is a NULL"); - return VPNSVC_ERROR_INVALID_PARAMETER; + LOGE("handle is a NULL"); //LCOV_EXCL_LINE + return VPNSVC_ERROR_INVALID_PARAMETER; //LCOV_EXCL_LINE } tun_s = (vpnsvc_tun_s*)handle; LOGD("enter vpnsvc_block_networks"); if (tun_s->connection == NULL) { - LOGE("Connection Object is NULL"); - return VPNSVC_ERROR_INVALID_PARAMETER; + LOGE("Connection Object is NULL"); //LCOV_EXCL_LINE + return VPNSVC_ERROR_INVALID_PARAMETER; //LCOV_EXCL_LINE } /* make a route parameter for allowed VPN interface routes */ g_variant_builder_init(&nets_builder, G_VARIANT_TYPE("a{si}")); @@ -689,11 +689,11 @@ EXPORT_API int vpnsvc_block_networks(vpnsvc_h handle, &dbus_result); if (op == NULL) { - return VPNSVC_ERROR_IPC_FAILED; + return VPNSVC_ERROR_IPC_FAILED; //LCOV_EXCL_LINE } else { g_variant_get(op, "(i)", &result); if (result != VPNSVC_ERROR_NONE) - LOGE("vpn_block_networks() failed"); + LOGE("vpn_block_networks() failed"); //LCOV_EXCL_LINE else LOGD("vpn_block_networks() succeed"); } @@ -711,19 +711,19 @@ EXPORT_API int vpnsvc_unblock_networks(vpnsvc_h handle) /* parameter check */ if (handle == NULL) { - LOGE("handle is a NULL"); - return VPNSVC_ERROR_INVALID_PARAMETER; + LOGE("handle is a NULL"); //LCOV_EXCL_LINE + return VPNSVC_ERROR_INVALID_PARAMETER; //LCOV_EXCL_LINE } tun_s = (vpnsvc_tun_s*)handle; LOGD("enter vpnsvc_unblock_networks"); if (tun_s == NULL) { - LOGE("handle is a NULL"); - return VPNSVC_ERROR_INVALID_PARAMETER; + LOGE("handle is a NULL"); //LCOV_EXCL_LINE + return VPNSVC_ERROR_INVALID_PARAMETER; //LCOV_EXCL_LINE } else if (tun_s->connection == NULL) { - LOGE("Connection Object is NULL"); - return VPNSVC_ERROR_INVALID_PARAMETER; + LOGE("Connection Object is NULL"); //LCOV_EXCL_LINE + return VPNSVC_ERROR_INVALID_PARAMETER; //LCOV_EXCL_LINE } op = _vpnsvc_invoke_dbus_method(tun_s->connection, @@ -735,11 +735,11 @@ EXPORT_API int vpnsvc_unblock_networks(vpnsvc_h handle) &dbus_result); if (op == NULL) { - return VPNSVC_ERROR_IPC_FAILED; + return VPNSVC_ERROR_IPC_FAILED; //LCOV_EXCL_LINE } else { g_variant_get(op, "(i)", &result); if (result != VPNSVC_ERROR_NONE) - LOGE("vpn_unblock_networks() failed"); + LOGE("vpn_unblock_networks() failed"); //LCOV_EXCL_LINE else LOGD("vpn_unblock_networks() succeed"); } @@ -755,14 +755,14 @@ EXPORT_API int vpnsvc_get_iface_fd(vpnsvc_h handle, int* iface_fd) /* parameter check */ if (handle == NULL || iface_fd == NULL) { - LOGE("Invalid parameter"); - return VPNSVC_ERROR_INVALID_PARAMETER; + LOGE("Invalid parameter"); //LCOV_EXCL_LINE + return VPNSVC_ERROR_INVALID_PARAMETER; //LCOV_EXCL_LINE } tun_s = (vpnsvc_tun_s*)handle; if (tun_s->fd <= 0) { - LOGE("invalid handle"); - return VPNSVC_ERROR_INVALID_PARAMETER; + LOGE("invalid handle"); //LCOV_EXCL_LINE + return VPNSVC_ERROR_INVALID_PARAMETER; //LCOV_EXCL_LINE } *iface_fd = (int)(tun_s->fd); @@ -778,15 +778,15 @@ EXPORT_API int vpnsvc_get_iface_index(vpnsvc_h handle, int* iface_index) /* parameter check */ if (handle == NULL || iface_index == NULL) { - LOGE("Invalid parameter"); - return VPNSVC_ERROR_INVALID_PARAMETER; + LOGE("Invalid parameter"); //LCOV_EXCL_LINE + return VPNSVC_ERROR_INVALID_PARAMETER; //LCOV_EXCL_LINE } tun_s = (vpnsvc_tun_s*)handle; if (tun_s->index <= 0) { - LOGE("invalid handle"); - return VPNSVC_ERROR_INVALID_PARAMETER; + LOGE("invalid handle"); //LCOV_EXCL_LINE + return VPNSVC_ERROR_INVALID_PARAMETER; //LCOV_EXCL_LINE } *iface_index = (int)(tun_s->index); @@ -803,19 +803,19 @@ EXPORT_API int vpnsvc_get_iface_name(vpnsvc_h handle, char** iface_name) /* parameter check */ if (handle == NULL) { - LOGE("handle is a NULL"); - return VPNSVC_ERROR_INVALID_PARAMETER; + LOGE("handle is a NULL"); //LCOV_EXCL_LINE + return VPNSVC_ERROR_INVALID_PARAMETER; //LCOV_EXCL_LINE } tun_s = (vpnsvc_tun_s*)handle; if (strlen(tun_s->name) <= 0) { - LOGE("invalid handle"); - return VPNSVC_ERROR_INVALID_PARAMETER; + LOGE("invalid handle"); //LCOV_EXCL_LINE + return VPNSVC_ERROR_INVALID_PARAMETER; //LCOV_EXCL_LINE } if (iface_name == NULL) { - LOGE("tun name string is NULL"); - return VPNSVC_ERROR_INVALID_PARAMETER; + LOGE("tun name string is NULL"); //LCOV_EXCL_LINE + return VPNSVC_ERROR_INVALID_PARAMETER; //LCOV_EXCL_LINE } g_strlcpy(la_iface_name, tun_s->name, VPNSVC_VPN_IFACE_NAME_LEN + 1); @@ -832,14 +832,14 @@ EXPORT_API int vpnsvc_set_mtu(vpnsvc_h handle, int mtu) /* parameter check */ if (handle == NULL) { - LOGE("handle is a NULL"); - return VPNSVC_ERROR_INVALID_PARAMETER; + LOGE("handle is a NULL"); //LCOV_EXCL_LINE + return VPNSVC_ERROR_INVALID_PARAMETER; //LCOV_EXCL_LINE } tun_s = (vpnsvc_tun_s*)handle; if (mtu <= 0) { - LOGE("Incorrect MTU Size = %d", mtu); - return VPNSVC_ERROR_INVALID_PARAMETER; + LOGE("Incorrect MTU Size = %d", mtu); //LCOV_EXCL_LINE + return VPNSVC_ERROR_INVALID_PARAMETER; //LCOV_EXCL_LINE } tun_s->mtu = mtu; @@ -862,14 +862,14 @@ EXPORT_API int vpnsvc_set_blocking(vpnsvc_h handle, bool blocking) int flags; if (tun_s->fd <= 0) { - LOGE("The Tunnel File Descriptor fd = %d", tun_s->fd); - return VPNSVC_ERROR_INVALID_PARAMETER; + LOGE("The Tunnel File Descriptor fd = %d", tun_s->fd); //LCOV_EXCL_LINE + return VPNSVC_ERROR_INVALID_PARAMETER; //LCOV_EXCL_LINE } flags = fcntl(tun_s->fd, F_GETFL); if (flags < 0) { - LOGD("File Descriptor Flags GET Failed fd = %d", tun_s->fd); - flags = 0; + LOGD("File Descriptor Flags GET Failed fd = %d", tun_s->fd); //LCOV_EXCL_LINE + flags = 0; //LCOV_EXCL_LINE } if (blocking == false) @@ -878,8 +878,8 @@ EXPORT_API int vpnsvc_set_blocking(vpnsvc_h handle, bool blocking) flags = flags & (~O_NONBLOCK); if (fcntl(tun_s->fd, F_SETFL, flags) < 0) { - LOGE("Failed fd = %d F_SETFL(flags) = %d", tun_s->fd, flags); - return VPNSVC_ERROR_IO_ERROR; + LOGE("Failed fd = %d F_SETFL(flags) = %d", tun_s->fd, flags); //LCOV_EXCL_LINE + return VPNSVC_ERROR_IO_ERROR; //LCOV_EXCL_LINE } return VPNSVC_ERROR_NONE; } @@ -898,8 +898,8 @@ EXPORT_API int vpnsvc_set_session(vpnsvc_h handle, const char* session) tun_s = (vpnsvc_tun_s*)handle; if (session == NULL) { - LOGE("Session Name string is NULL"); - return VPNSVC_ERROR_INVALID_PARAMETER; + LOGE("Session Name string is NULL"); //LCOV_EXCL_LINE + return VPNSVC_ERROR_INVALID_PARAMETER; //LCOV_EXCL_LINE } strncpy(tun_s->session, session, VPNSVC_SESSION_STRING_LEN); @@ -923,8 +923,8 @@ EXPORT_API int vpnsvc_get_session(vpnsvc_h handle, char** session) tun_s = (vpnsvc_tun_s*)handle; if (session == NULL) { - LOGE("Session Name string is NULL"); - return VPNSVC_ERROR_INVALID_PARAMETER; + LOGE("Session Name string is NULL"); //LCOV_EXCL_LINE + return VPNSVC_ERROR_INVALID_PARAMETER; //LCOV_EXCL_LINE } g_strlcpy(la_session, tun_s->session, VPNSVC_SESSION_STRING_LEN + 1); diff --git a/packaging/capi-vpn-service.spec b/packaging/capi-vpn-service.spec index 4dd2727..9c6c00c 100755 --- a/packaging/capi-vpn-service.spec +++ b/packaging/capi-vpn-service.spec @@ -1,6 +1,6 @@ Name: vpnsvc-pkg Summary: VPN service library in TIZEN C API -Version: 1.0.6 +Version: 1.0.7 Release: 1 Group: System/Network License: Apache-2.0 diff --git a/packaging/dbus-vpnsvc-daemon.conf b/packaging/dbus-vpnsvc-daemon.conf index 0040381..9a1daea 100644 --- a/packaging/dbus-vpnsvc-daemon.conf +++ b/packaging/dbus-vpnsvc-daemon.conf @@ -10,8 +10,8 @@ - - - + + + -- 2.7.4 From 709a13a274d8b5edaf9c133e7bbb352ac7b920c3 Mon Sep 17 00:00:00 2001 From: taesubkim Date: Thu, 17 Mar 2016 15:22:18 +0900 Subject: [PATCH 02/16] Change/check privilege Change-Id: I730cfb16b375d8d87137a7178014fbe96805168f Signed-off-by: Taesub Kim Signed-off-by: Deepak Kumar Sahu --- daemon/CMakeLists.txt | 2 +- daemon/include/vpnsvc.h | 9 +++ daemon/src/vpnsvc.c | 155 +++++++++++++++++++++++++++++++++++++-- framework/src/capi_vpn_service.c | 39 ++++++++-- include/vpn_service.h | 16 ++++ packaging/capi-vpn-service.spec | 3 + 6 files changed, 210 insertions(+), 14 deletions(-) diff --git a/daemon/CMakeLists.txt b/daemon/CMakeLists.txt index e94f838..14e080d 100755 --- a/daemon/CMakeLists.txt +++ b/daemon/CMakeLists.txt @@ -9,7 +9,7 @@ SET(INCLUDEDIR "\${prefix}/include") SET(DAEMON_DIR "${CMAKE_SOURCE_DIR}/daemon") SET(VERSION 0.1) -SET(requires "dlog dbus-1 glib-2.0 gio-2.0 gio-unix-2.0 capi-base-common capi-appfw-package-manager") +SET(requires "dlog dbus-1 glib-2.0 gio-2.0 gio-unix-2.0 capi-base-common capi-appfw-package-manager cynara-client cynara-creds-gdbus cynara-session") SET(pc_requires "capi-base-common") SET(SRCS diff --git a/daemon/include/vpnsvc.h b/daemon/include/vpnsvc.h index b6467a8..99c037f 100755 --- a/daemon/include/vpnsvc.h +++ b/daemon/include/vpnsvc.h @@ -30,8 +30,17 @@ extern "C" { #include "generated-code.h" +typedef enum _net_vpn_service_privilege_e +{ + PRIVILEGE_VPN_SERVICE = 0x00, + PRIVILEGE_VPN_SERVICE_ADMIN, + PRIVILEGE_INTERNET, +} net_vpn_service_privilege_e; + void vpnsvc_create_and_init(void); Vpnsvc *get_vpnsvc_object(void); +gboolean vpn_service_gdbus_check_privilege(GDBusMethodInvocation *invocation, + net_vpn_service_privilege_e _privilege); #ifdef __cplusplus } diff --git a/daemon/src/vpnsvc.c b/daemon/src/vpnsvc.c index 4df05ae..be80c9f 100755 --- a/daemon/src/vpnsvc.c +++ b/daemon/src/vpnsvc.c @@ -26,6 +26,10 @@ #include "vpndbus.h" #include "vpn_service_daemon.h" +#include "cynara-client.h" +#include "cynara-creds-gdbus.h" +#include "cynara-session.h" + #ifdef LOG_TAG #undef LOG_TAG #endif @@ -43,8 +47,17 @@ gboolean handle_vpn_init(Vpnsvc *object, { LOGD("handle_vpn_init"); - vpnsvc_tun_s handle_s; int result = VPNSVC_ERROR_NONE; + + /* check privilege */ + if (vpn_service_gdbus_check_privilege(invocation, PRIVILEGE_VPN_SERVICE_ADMIN) == false + || vpn_service_gdbus_check_privilege(invocation, PRIVILEGE_INTERNET) == false) { + LOGE("permission denied, and finished request."); + result = VPNSVC_ERROR_PERMISSION_DENIED; + goto done; + } + + vpnsvc_tun_s handle_s; GDBusMessage *msg; GUnixFDList *fd_list; int fd_list_length; @@ -66,6 +79,8 @@ gboolean handle_vpn_init(Vpnsvc *object, LOGD("handle_s.fd : %d, handle_s.index : %d, handle_s.name : %s", handle_s.fd, handle_s.index, handle_s.name); +done: + vpnsvc_complete_vpn_init(object, invocation, result, handle_s.index, handle_s.name); return TRUE; @@ -75,13 +90,23 @@ gboolean handle_vpn_deinit(Vpnsvc *object, GDBusMethodInvocation *invocation, const gchar *arg_dev_name) { + LOGD("handle_vpn_deinit"); + int result = VPNSVC_ERROR_NONE; - LOGD("handle_vpn_deinit"); + /* check privilege */ + if (vpn_service_gdbus_check_privilege(invocation, PRIVILEGE_VPN_SERVICE_ADMIN) == false + || vpn_service_gdbus_check_privilege(invocation, PRIVILEGE_INTERNET) == false) { + LOGE("permission denied, and finished request."); + result = VPNSVC_ERROR_PERMISSION_DENIED; + goto done; + } + LOGD("vpn_deinit, %s\n", arg_dev_name); result = vpn_daemon_deinit(arg_dev_name); +done: vpnsvc_complete_vpn_deinit(object, invocation, result); return TRUE; @@ -91,15 +116,24 @@ gboolean handle_vpn_protect(Vpnsvc *object, GDBusMethodInvocation *invocation, const gchar *arg_dev_name) { + LOGD("handle_vpn_protect"); + int result = VPNSVC_ERROR_NONE; + + /* check privilege */ + if (vpn_service_gdbus_check_privilege(invocation, PRIVILEGE_VPN_SERVICE_ADMIN) == false + || vpn_service_gdbus_check_privilege(invocation, PRIVILEGE_INTERNET) == false) { + LOGE("permission denied, and finished request."); + result = VPNSVC_ERROR_PERMISSION_DENIED; + goto done; + } + int socket; GDBusMessage *msg; GUnixFDList *fd_list; int fd_list_length; const int *fds; - LOGD("handle_vpn_protect"); - msg = g_dbus_method_invocation_get_message(invocation); fd_list = g_dbus_message_get_unix_fd_list(msg); fds = g_unix_fd_list_peek_fds(fd_list, &fd_list_length); @@ -111,6 +145,7 @@ gboolean handle_vpn_protect(Vpnsvc *object, result = vpn_daemon_protect(socket, arg_dev_name); +done: vpnsvc_complete_vpn_protect(object, invocation, result); return TRUE; @@ -128,10 +163,10 @@ gboolean handle_vpn_up(Vpnsvc *object, const gchar *arg_dns_suffix, guint arg_mtu) { - int result = VPNSVC_ERROR_NONE; - LOGD("handle_vpn_up"); + int result = VPNSVC_ERROR_NONE; + char* routes[arg_nr_routes]; int prefix[arg_nr_routes]; char **dns_servers = NULL; @@ -144,6 +179,13 @@ gboolean handle_vpn_up(Vpnsvc *object, gchar* route_dest; gint route_prefix; + /* check privilege */ + if (vpn_service_gdbus_check_privilege(invocation, PRIVILEGE_VPN_SERVICE_ADMIN) == false) { + LOGE("permission denied, and finished request."); + result = VPNSVC_ERROR_PERMISSION_DENIED; + goto done; + } + LOGD("iface_index : %d", arg_iface_index); LOGD("local ip : %s", arg_local_ip); LOGD("remote ip : %s", arg_remote_ip); @@ -222,12 +264,22 @@ gboolean handle_vpn_down(Vpnsvc *object, gint arg_iface_index) { LOGD("handle_vpn_down"); + int result = VPNSVC_ERROR_NONE; + /* check privilege */ + if (vpn_service_gdbus_check_privilege(invocation, PRIVILEGE_VPN_SERVICE_ADMIN) == false) { + LOGE("permission denied, and finished request."); + result = VPNSVC_ERROR_PERMISSION_DENIED; + goto done; + } + LOGD("vpn_down, %d\n", arg_iface_index); result = vpn_daemon_down(arg_iface_index); +done: + vpnsvc_complete_vpn_down(object, invocation, result); return TRUE; @@ -241,6 +293,7 @@ gboolean handle_vpn_block_networks(Vpnsvc *object, guint arg_nr_nets_orig) { LOGD("handle_vpn_block_networks"); + int result = VPNSVC_ERROR_NONE; char *nets_vpn[arg_nr_nets_vpn]; @@ -254,6 +307,14 @@ gboolean handle_vpn_block_networks(Vpnsvc *object, gchar* route_dest; gint route_prefix; + /* check privilege */ + if (vpn_service_gdbus_check_privilege(invocation, PRIVILEGE_VPN_SERVICE_ADMIN) == false + || vpn_service_gdbus_check_privilege(invocation, PRIVILEGE_INTERNET) == false) { + LOGE("permission denied, and finished request."); + result = VPNSVC_ERROR_PERMISSION_DENIED; + goto done; + } + LOGD("vpn_block_networks"); /* arg_nets_vpn check */ @@ -299,6 +360,8 @@ gboolean handle_vpn_block_networks(Vpnsvc *object, /* call function */ result = vpn_daemon_block_networks(nets_vpn, prefix_vpn, arg_nr_nets_vpn, nets_orig, prefix_orig, arg_nr_nets_orig); +done: + vpnsvc_complete_vpn_block_networks(object, invocation, result); return TRUE; @@ -307,13 +370,23 @@ gboolean handle_vpn_block_networks(Vpnsvc *object, gboolean handle_vpn_unblock_networks(Vpnsvc *object, GDBusMethodInvocation *invocation) { + LOGD("handle_vpn_unblock_networks"); + int result = VPNSVC_ERROR_NONE; - LOGD("handle_vpn_unblock_networks"); + /* check privilege */ + if (vpn_service_gdbus_check_privilege(invocation, PRIVILEGE_VPN_SERVICE_ADMIN) == false + || vpn_service_gdbus_check_privilege(invocation, PRIVILEGE_INTERNET) == false) { + LOGE("permission denied, and finished request."); + result = VPNSVC_ERROR_PERMISSION_DENIED; + goto done; + } + LOGD("vpn_unblock_networks"); result = vpn_daemon_unblock_networks(); +done: vpnsvc_complete_vpn_unblock_networks(object, invocation, result); return TRUE; @@ -367,3 +440,71 @@ void vpnsvc_create_and_init(void) return; } + +gboolean vpn_service_gdbus_check_privilege(GDBusMethodInvocation *invocation, net_vpn_service_privilege_e _privilege) +{ + + int ret = 0; + int pid = 0; + char *user; + char *client; + char *client_session; + char *privilege = NULL; + cynara *p_cynara = NULL; + const char *sender_unique_name; + GDBusConnection *connection; + + connection = g_dbus_method_invocation_get_connection(invocation); + sender_unique_name = g_dbus_method_invocation_get_sender(invocation); + + ret = cynara_initialize(&p_cynara, NULL); + if (ret != CYNARA_API_SUCCESS) { + LOGD("cynara_initialize() failed"); + return FALSE; + } + + ret = cynara_creds_gdbus_get_pid(connection, sender_unique_name, &pid); + if (ret != CYNARA_API_SUCCESS) { + LOGD("cynara_creds_gdbus_get_pid() failed"); + return FALSE; + } + + ret = cynara_creds_gdbus_get_user(connection, sender_unique_name, USER_METHOD_DEFAULT, &user); + if (ret != CYNARA_API_SUCCESS) { + LOGD("cynara_creds_gdbus_get_user() failed"); + return FALSE; + } + + ret = cynara_creds_gdbus_get_client(connection, sender_unique_name, CLIENT_METHOD_DEFAULT, &client); + if (ret != CYNARA_API_SUCCESS) { + LOGD("cynara_creds_gdbus_get_client() failed"); + return FALSE; + } + + switch (_privilege) + { + case PRIVILEGE_VPN_SERVICE: + privilege = "http://tizen.org/privilege/vpnservice"; + break; + + case PRIVILEGE_VPN_SERVICE_ADMIN : + privilege = "http://tizen.org/privilege/vpnservice.admin"; + break; + + case PRIVILEGE_INTERNET : + privilege = "http://tizen.org/privilege/internet"; + break; + default : + LOGD("Undifined privilege"); + return FALSE; + break; + } + + client_session = cynara_session_from_pid(pid); + + ret = cynara_check(p_cynara, client, client_session, user, privilege); + if (ret == CYNARA_API_ACCESS_ALLOWED); + LOGD("cynara PASS"); + + return (ret == CYNARA_API_ACCESS_ALLOWED) ? TRUE : FALSE; +} diff --git a/framework/src/capi_vpn_service.c b/framework/src/capi_vpn_service.c index 2afd277..08e6aa6 100755 --- a/framework/src/capi_vpn_service.c +++ b/framework/src/capi_vpn_service.c @@ -145,13 +145,20 @@ GVariant *_vpnsvc_invoke_dbus_method(GDBusConnection *connection, if (reply == NULL) { if (error != NULL) { - LOGE("g_dbus_connection_call_sync() failed" //LCOV_EXCL_LINE - "error [%d: %s]", error->code, error->message); - *dbus_error = VPNSVC_ERROR_IO_ERROR; //LCOV_EXCL_LINE - g_error_free(error); //LCOV_EXCL_LINE + if (error->code == G_DBUS_ERROR_ACCESS_DENIED){ + LOGE("g_dbus_connection_call_sync() failed" + "error [%d: %s]", error->code, error->message);//LCOV_EXCL_LINE + *dbus_error = VPNSVC_ERROR_PERMISSION_DENIED;//LCOV_EXCL_LINE + g_error_free(error);//LCOV_EXCL_LINE + } else { + LOGE("g_dbus_connection_call_sync() failed" + "error [%d: %s]", error->code, error->message);//LCOV_EXCL_LINE + *dbus_error = VPNSVC_ERROR_IO_ERROR;//LCOV_EXCL_LINE + g_error_free(error);//LCOV_EXCL_LINE + } } else { - LOGE("g_dbus_connection_call_sync() failed"); //LCOV_EXCL_LINE - *dbus_error = VPNSVC_ERROR_IPC_FAILED; //LCOV_EXCL_LINE + LOGE("g_dbus_connection_call_sync() failed");//LCOV_EXCL_LINE + *dbus_error = VPNSVC_ERROR_IPC_FAILED;//LCOV_EXCL_LINE } return NULL; @@ -257,6 +264,10 @@ EXPORT_API int vpnsvc_init(const char* iface_name, vpnsvc_h *handle) g_variant_new("(su)", VPNSVC_DBUS_SERVICE_NAME, 0), &dbus_result); + if (dbus_result == VPNSVC_ERROR_PERMISSION_DENIED){ + return VPNSVC_ERROR_PERMISSION_DENIED; + } + if (op == NULL) { _vpnsvc_deinit_vpnsvc_tun_s(tmp_s); //LCOV_EXCL_LINE LOGD("Service [%s] Start Failed!", VPNSVC_DBUS_SERVICE_NAME); //LCOV_EXCL_LINE @@ -355,6 +366,10 @@ EXPORT_API int vpnsvc_deinit(vpnsvc_h handle) g_variant_new("(s)", tun_s->name), &dbus_result); + if (dbus_result == VPNSVC_ERROR_PERMISSION_DENIED){ + return VPNSVC_ERROR_PERMISSION_DENIED; + } + if (op == NULL) { return VPNSVC_ERROR_IPC_FAILED; //LCOV_EXCL_LINE } else { @@ -410,6 +425,10 @@ EXPORT_API int vpnsvc_protect(vpnsvc_h handle, int socket_fd, const char* iface_ socket_fd, &dbus_result); + if (dbus_result == VPNSVC_ERROR_PERMISSION_DENIED){ + return VPNSVC_ERROR_PERMISSION_DENIED; + } + if (op == NULL) { return VPNSVC_ERROR_IPC_FAILED; //LCOV_EXCL_LINE } else { @@ -688,6 +707,10 @@ EXPORT_API int vpnsvc_block_networks(vpnsvc_h handle, nets_param_orig, num_allow_routes_orig), &dbus_result); + if (dbus_result == VPNSVC_ERROR_PERMISSION_DENIED){ + return VPNSVC_ERROR_PERMISSION_DENIED; + } + if (op == NULL) { return VPNSVC_ERROR_IPC_FAILED; //LCOV_EXCL_LINE } else { @@ -734,6 +757,10 @@ EXPORT_API int vpnsvc_unblock_networks(vpnsvc_h handle) g_variant_new("()"), &dbus_result); + if (dbus_result == VPNSVC_ERROR_PERMISSION_DENIED){ + return VPNSVC_ERROR_PERMISSION_DENIED; + } + if (op == NULL) { return VPNSVC_ERROR_IPC_FAILED; //LCOV_EXCL_LINE } else { diff --git a/include/vpn_service.h b/include/vpn_service.h index c1091ef..adefef3 100755 --- a/include/vpn_service.h +++ b/include/vpn_service.h @@ -108,11 +108,15 @@ int vpnsvc_init(const char* iface_name, vpnsvc_h *handle); /** * @brief De-Initializes VPN interface. * @since_tizen 3.0 + * @privlevel public + * @privilege %http://tizen.org/privilege/vpnservice \n + * %http://tizen.org/privilege/internet * @param[in] handle The VPN interface handle * @return 0 on success. otherwise, a negative error value. * @retval #VPNSVC_ERROR_NONE Success * @retval #VPNSVC_ERROR_INVALID_PARAMETER Invalid parameter * @retval #VPNSVC_ERROR_IPC_FAILED Cannot connect to service daemon + * @retval #VPNSVC_ERROR_PERMISSION_DENIED Permission Denied * @retval #VPNSVC_ERROR_NOT_SUPPORTED Not Supported * @pre Before calling this function, VPN interface should be initialized already. * @see vpnsvc_init() @@ -123,6 +127,9 @@ int vpnsvc_deinit(vpnsvc_h handle); * @brief Protect a socket from VPN connections. * @details After protecting, data sent through this socket will go directly to the underlying network. * @since_tizen 3.0 + * @privlevel public + * @privilege %http://tizen.org/privilege/vpnservice \n + * %http://tizen.org/privilege/internet * @param[in] handle The VPN interface handle * @param[in] socket_fd The opened socket file descriptor * @param[in] iface_name The network interface name (e.g., interface name such as eth0, ppp0, etc) through which the VPN is working @@ -131,6 +138,7 @@ int vpnsvc_deinit(vpnsvc_h handle); * @retval #VPNSVC_ERROR_INVALID_PARAMETER Invalid parameter * @retval #VPNSVC_ERROR_IO_ERROR I/O Error (e.g. socket I/O error) * @retval #VPNSVC_ERROR_IPC_FAILED Cannot connect to service daemon + * @retval #VPNSVC_ERROR_PERMISSION_DENIED Permission Denied * @retval #VPNSVC_ERROR_NOT_SUPPORTED Not Supported */ int vpnsvc_protect(vpnsvc_h handle, int socket_fd, const char* iface_name); @@ -170,6 +178,9 @@ int vpnsvc_write(vpnsvc_h handle, const char* data, size_t size); /** * @brief Blocks all traffics except specified allowing networks. * @since_tizen 3.0 + * @privlevel public + * @privilege %http://tizen.org/privilege/vpnservice \n + * %http://tizen.org/privilege/internet * @param[in] handle The VPN interface handle * @param[in] routes_dest_vpn_addr Destination address of the routes, the list of allowing networks over VPN interface (e.g., VPN interface such as tun0, etc). * @param[in] routes_vpn_prefix The prefix of VPN interface, netmask length (also called a prefix, e.g. 8, 16, 24, 32). @@ -181,6 +192,7 @@ int vpnsvc_write(vpnsvc_h handle, const char* data, size_t size); * @retval #VPNSVC_ERROR_NONE Success * @retval #VPNSVC_ERROR_INVALID_PARAMETER Invalid parameter * @retval #VPNSVC_ERROR_IPC_FAILED Cannot connect to service daemon + * @retval #VPNSVC_ERROR_PERMISSION_DENIED Permission Denied * @retval #VPNSVC_ERROR_NOT_SUPPORTED Not Supported * @post Please call vpnsvc_unblock_networks() if you want to allow all traffics. * @see vpnsvc_unblock_networks() @@ -196,11 +208,15 @@ int vpnsvc_block_networks(vpnsvc_h handle, /** * @brief Removes any restrictions imposed by vpnsvc_block_networks(). * @since_tizen 3.0 + * @privlevel public + * @privilege %http://tizen.org/privilege/vpnservice \n + * %http://tizen.org/privilege/internet * @param[in] handle The VPN interface handle * @return 0 on success. otherwise, a negative error value. * @retval #VPNSVC_ERROR_NONE Success * @retval #VPNSVC_ERROR_INVALID_PARAMETER Invalid parameter * @retval #VPNSVC_ERROR_IPC_FAILED Cannot connect to service daemon + * @retval #VPNSVC_ERROR_PERMISSION_DENIED Permission Denied * @retval #VPNSVC_ERROR_NOT_SUPPORTED Not Supported */ int vpnsvc_unblock_networks(vpnsvc_h handle); diff --git a/packaging/capi-vpn-service.spec b/packaging/capi-vpn-service.spec index 9c6c00c..f2bcd0b 100755 --- a/packaging/capi-vpn-service.spec +++ b/packaging/capi-vpn-service.spec @@ -19,6 +19,9 @@ BuildRequires: pkgconfig(capi-appfw-application) BuildRequires: pkgconfig(capi-appfw-package-manager) BuildRequires: pkgconfig(capi-appfw-app-manager) BuildRequires: pkgconfig(capi-system-info) +BuildRequires: pkgconfig(cynara-client) +BuildRequires: pkgconfig(cynara-creds-gdbus) +BuildRequires: pkgconfig(cynara-session) Requires(post): /sbin/ldconfig Requires(postun): /sbin/ldconfig -- 2.7.4 From 7badccf7fb90d59a55e0e7eb95bdba14f8aa1877 Mon Sep 17 00:00:00 2001 From: Deepak Kumar Sahu Date: Mon, 21 Mar 2016 19:47:23 +0530 Subject: [PATCH 03/16] Warnings Resolved for vpn-service module. Change-Id: I126226716f15f77b2b1b60710a83f3beb3b279d1 Signed-off-by: Deepak Kumar Sahu --- CMakeLists.txt | 2 +- daemon/include/vpn_service_daemon.h | 6 +++--- daemon/src/vpn_service_daemon.c | 8 ++++---- daemon/src/vpnsvc.c | 5 +++-- framework/src/capi_vpn_service.c | 6 +++--- include/vpn_service.h | 4 ++-- include/vpn_service_internal.h | 2 +- 7 files changed, 17 insertions(+), 16 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 42a6afb..f6911e1 100755 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -21,7 +21,7 @@ ADD_DEFINITIONS("-fPIC") # Set compiler warning flags -#ADD_DEFINITIONS("-Werror") # Make all warnings into errors. +# ADD_DEFINITIONS("-Werror") # Make all warnings into errors. ADD_DEFINITIONS("-Wall") # Generate all warnings ADD_DEFINITIONS("-Wextra") # Generate even more extra warnings diff --git a/daemon/include/vpn_service_daemon.h b/daemon/include/vpn_service_daemon.h index 211e72c..f0b10b0 100755 --- a/daemon/include/vpn_service_daemon.h +++ b/daemon/include/vpn_service_daemon.h @@ -27,12 +27,12 @@ int vpn_daemon_init(const char* iface_name, size_t iface_name_len, int fd, vpnsv int vpn_daemon_deinit(const char* dev_name); int vpn_daemon_protect(int socket, const char* dev_name); int vpn_daemon_up(int iface_index, const char* local_ip, const char* remote_ip, - const char* routes[], int prefix[], size_t nr_routes, + char* routes[], int prefix[], size_t nr_routes, char** dns_servers, size_t nr_dns, size_t total_dns_string_cnt, const char* dns_suffix, const unsigned int mtu); int vpn_daemon_down(int iface_index); -int vpn_daemon_block_networks(const char* nets_vpn[], int prefix_vpn[], size_t nr_nets_vpn, - const char* nets_orig[], int prefix_orig[], size_t nr_nets_orig); +int vpn_daemon_block_networks(char* nets_vpn[], int prefix_vpn[], size_t nr_nets_vpn, + char* nets_orig[], int prefix_orig[], size_t nr_nets_orig); int vpn_daemon_unblock_networks(void); #endif /* __TIZEN_CAPI_VPN_SERVICE_DAEMON_H__ */ diff --git a/daemon/src/vpn_service_daemon.c b/daemon/src/vpn_service_daemon.c index 0a95595..58d43e7 100755 --- a/daemon/src/vpn_service_daemon.c +++ b/daemon/src/vpn_service_daemon.c @@ -84,7 +84,7 @@ static in_addr_t host2net(ipv4 host) return net; } -static int add_routes(char* iface_name, const char* routes[], int prefix[], size_t nr_routes) +static int add_routes(char* iface_name, char* routes[], int prefix[], size_t nr_routes) { struct rtentry rt; struct sockaddr_in addr; @@ -732,7 +732,7 @@ int vpn_daemon_protect(int socket_fd, const char* dev_name) } int vpn_daemon_up(int iface_index, const char* local_ip, const char* remote_ip, - const char* routes[], int prefix[], size_t nr_routes, + char* routes[], int prefix[], size_t nr_routes, char** dns_servers, size_t nr_dns, size_t total_dns_string_cnt, const char* dns_suffix, const unsigned int mtu) { @@ -913,8 +913,8 @@ int vpn_daemon_down(int iface_index) return VPNSVC_ERROR_NONE; } -int vpn_daemon_block_networks(const char* nets_vpn[], int prefix_vpn[], size_t nr_nets_vpn, - const char* nets_orig[], int prefix_orig[], size_t nr_nets_orig) { +int vpn_daemon_block_networks(char* nets_vpn[], int prefix_vpn[], size_t nr_nets_vpn, + char* nets_orig[], int prefix_orig[], size_t nr_nets_orig) { unsigned int i; /* iptable chain regist */ diff --git a/daemon/src/vpnsvc.c b/daemon/src/vpnsvc.c index be80c9f..2ca1416 100755 --- a/daemon/src/vpnsvc.c +++ b/daemon/src/vpnsvc.c @@ -18,6 +18,7 @@ */ #include +#include #include #include #include @@ -167,7 +168,7 @@ gboolean handle_vpn_up(Vpnsvc *object, int result = VPNSVC_ERROR_NONE; - char* routes[arg_nr_routes]; + char *routes[arg_nr_routes]; int prefix[arg_nr_routes]; char **dns_servers = NULL; @@ -503,7 +504,7 @@ gboolean vpn_service_gdbus_check_privilege(GDBusMethodInvocation *invocation, ne client_session = cynara_session_from_pid(pid); ret = cynara_check(p_cynara, client, client_session, user, privilege); - if (ret == CYNARA_API_ACCESS_ALLOWED); + if (ret == CYNARA_API_ACCESS_ALLOWED) LOGD("cynara PASS"); return (ret == CYNARA_API_ACCESS_ALLOWED) ? TRUE : FALSE; diff --git a/framework/src/capi_vpn_service.c b/framework/src/capi_vpn_service.c index 08e6aa6..05843ef 100755 --- a/framework/src/capi_vpn_service.c +++ b/framework/src/capi_vpn_service.c @@ -444,7 +444,7 @@ EXPORT_API int vpnsvc_protect(vpnsvc_h handle, int socket_fd, const char* iface_ } EXPORT_API int vpnsvc_up(vpnsvc_h handle, const char* local_ip, const char* remote_ip, - const char* routes_dest_add[], int routes_prefix[], size_t num_routes, + char* routes_dest_add[], int routes_prefix[], size_t num_routes, const char** dns_servers, size_t num_dns_servers, const char* dns_suffix) { @@ -649,10 +649,10 @@ EXPORT_API int vpnsvc_write(vpnsvc_h handle, const char* data, size_t size) EXPORT_API int vpnsvc_block_networks(vpnsvc_h handle, - const char* routes_dest_vpn_addr[], + char* routes_dest_vpn_addr[], int routes_vpn_prefix[], size_t num_allow_routes_vpn, - const char* routes_dest_orig_addr[], + char* routes_dest_orig_addr[], int routes_orig_prefix[], size_t num_allow_routes_orig) diff --git a/include/vpn_service.h b/include/vpn_service.h index adefef3..183eed1 100755 --- a/include/vpn_service.h +++ b/include/vpn_service.h @@ -198,10 +198,10 @@ int vpnsvc_write(vpnsvc_h handle, const char* data, size_t size); * @see vpnsvc_unblock_networks() */ int vpnsvc_block_networks(vpnsvc_h handle, - const char *routes_dest_vpn_addr[], + char *routes_dest_vpn_addr[], int routes_vpn_prefix[], size_t num_allow_routes_vpn, - const char *routes_dest_orig_addr[], + char *routes_dest_orig_addr[], int routes_orig_prefix[], size_t num_allow_routes_orig); diff --git a/include/vpn_service_internal.h b/include/vpn_service_internal.h index 7cbf633..1fda902 100755 --- a/include/vpn_service_internal.h +++ b/include/vpn_service_internal.h @@ -59,7 +59,7 @@ extern "C" { * @see vpnsvc_down() */ int vpnsvc_up(vpnsvc_h handle, const char* local_ip, const char* remote_ip, - const char *routes_dest_addr[], int routes_prefix[], size_t num_routes, + char *routes_dest_addr[], int routes_prefix[], size_t num_routes, const char** dns_servers, size_t num_dns_servers, const char* dns_suffix); -- 2.7.4 From ecbf37231495b4d7f75dc5cd70fe8c0037f1b961 Mon Sep 17 00:00:00 2001 From: taesubkim Date: Wed, 23 Mar 2016 09:08:40 +0900 Subject: [PATCH 04/16] Modified privilege Change-Id: Ifac630c0b62ccdf992d918850e22869bb17d10a3 Signed-off-by: Taesub Kim --- daemon/src/vpnsvc.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/daemon/src/vpnsvc.c b/daemon/src/vpnsvc.c index 2ca1416..852d0aa 100755 --- a/daemon/src/vpnsvc.c +++ b/daemon/src/vpnsvc.c @@ -51,7 +51,7 @@ gboolean handle_vpn_init(Vpnsvc *object, int result = VPNSVC_ERROR_NONE; /* check privilege */ - if (vpn_service_gdbus_check_privilege(invocation, PRIVILEGE_VPN_SERVICE_ADMIN) == false + if (vpn_service_gdbus_check_privilege(invocation, PRIVILEGE_VPN_SERVICE) == false || vpn_service_gdbus_check_privilege(invocation, PRIVILEGE_INTERNET) == false) { LOGE("permission denied, and finished request."); result = VPNSVC_ERROR_PERMISSION_DENIED; @@ -96,7 +96,7 @@ gboolean handle_vpn_deinit(Vpnsvc *object, int result = VPNSVC_ERROR_NONE; /* check privilege */ - if (vpn_service_gdbus_check_privilege(invocation, PRIVILEGE_VPN_SERVICE_ADMIN) == false + if (vpn_service_gdbus_check_privilege(invocation, PRIVILEGE_VPN_SERVICE) == false || vpn_service_gdbus_check_privilege(invocation, PRIVILEGE_INTERNET) == false) { LOGE("permission denied, and finished request."); result = VPNSVC_ERROR_PERMISSION_DENIED; @@ -122,7 +122,7 @@ gboolean handle_vpn_protect(Vpnsvc *object, int result = VPNSVC_ERROR_NONE; /* check privilege */ - if (vpn_service_gdbus_check_privilege(invocation, PRIVILEGE_VPN_SERVICE_ADMIN) == false + if (vpn_service_gdbus_check_privilege(invocation, PRIVILEGE_VPN_SERVICE) == false || vpn_service_gdbus_check_privilege(invocation, PRIVILEGE_INTERNET) == false) { LOGE("permission denied, and finished request."); result = VPNSVC_ERROR_PERMISSION_DENIED; @@ -309,7 +309,7 @@ gboolean handle_vpn_block_networks(Vpnsvc *object, gint route_prefix; /* check privilege */ - if (vpn_service_gdbus_check_privilege(invocation, PRIVILEGE_VPN_SERVICE_ADMIN) == false + if (vpn_service_gdbus_check_privilege(invocation, PRIVILEGE_VPN_SERVICE) == false || vpn_service_gdbus_check_privilege(invocation, PRIVILEGE_INTERNET) == false) { LOGE("permission denied, and finished request."); result = VPNSVC_ERROR_PERMISSION_DENIED; @@ -376,7 +376,7 @@ gboolean handle_vpn_unblock_networks(Vpnsvc *object, int result = VPNSVC_ERROR_NONE; /* check privilege */ - if (vpn_service_gdbus_check_privilege(invocation, PRIVILEGE_VPN_SERVICE_ADMIN) == false + if (vpn_service_gdbus_check_privilege(invocation, PRIVILEGE_VPN_SERVICE) == false || vpn_service_gdbus_check_privilege(invocation, PRIVILEGE_INTERNET) == false) { LOGE("permission denied, and finished request."); result = VPNSVC_ERROR_PERMISSION_DENIED; -- 2.7.4 From 6b2d6170d150ff881f0483bf2e94599f0e627b8e Mon Sep 17 00:00:00 2001 From: taesubkim Date: Thu, 24 Mar 2016 16:54:12 +0900 Subject: [PATCH 05/16] SVACE #57179 Change-Id: Ic4e91af1e5e495df89ce2f431e58ec415d813206 Signed-off-by: Taesub Kim Signed-off-by: Deepak Kumar Sahu --- framework/src/capi_vpn_service.c | 3 ++- packaging/capi-vpn-service.spec | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/framework/src/capi_vpn_service.c b/framework/src/capi_vpn_service.c index 05843ef..dba74cb 100755 --- a/framework/src/capi_vpn_service.c +++ b/framework/src/capi_vpn_service.c @@ -292,6 +292,7 @@ EXPORT_API int vpnsvc_init(const char* iface_name, vpnsvc_h *handle) if ((iface_fd = open("/dev/net/tun", O_RDWR)) < 0) { LOGE("tun device open fail\n"); //LCOV_EXCL_LINE + close(iface_fd); _vpnsvc_deinit_vpnsvc_tun_s(tmp_s); //LCOV_EXCL_LINE return VPNSVC_ERROR_IO_ERROR; //LCOV_EXCL_LINE } @@ -335,7 +336,7 @@ EXPORT_API int vpnsvc_init(const char* iface_name, vpnsvc_h *handle) op = NULL; } } - + close(iface_fd); return result; } diff --git a/packaging/capi-vpn-service.spec b/packaging/capi-vpn-service.spec index f2bcd0b..656f661 100755 --- a/packaging/capi-vpn-service.spec +++ b/packaging/capi-vpn-service.spec @@ -1,6 +1,6 @@ Name: vpnsvc-pkg Summary: VPN service library in TIZEN C API -Version: 1.0.7 +Version: 1.0.8 Release: 1 Group: System/Network License: Apache-2.0 -- 2.7.4 From b49ad0fdcfd75ae02f7324b7a22b310de1f574ed Mon Sep 17 00:00:00 2001 From: hyunuktak Date: Mon, 28 Mar 2016 11:39:34 +0900 Subject: [PATCH 06/16] Fixed wrong close fd for interface Change-Id: I3702e8805abdb385b093a6f468a411d7287f85a4 Signed-off-by: hyunuktak --- framework/src/capi_vpn_service.c | 1 - packaging/capi-vpn-service.spec | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/framework/src/capi_vpn_service.c b/framework/src/capi_vpn_service.c index dba74cb..cc2c328 100755 --- a/framework/src/capi_vpn_service.c +++ b/framework/src/capi_vpn_service.c @@ -336,7 +336,6 @@ EXPORT_API int vpnsvc_init(const char* iface_name, vpnsvc_h *handle) op = NULL; } } - close(iface_fd); return result; } diff --git a/packaging/capi-vpn-service.spec b/packaging/capi-vpn-service.spec index 656f661..cc5b58c 100755 --- a/packaging/capi-vpn-service.spec +++ b/packaging/capi-vpn-service.spec @@ -1,6 +1,6 @@ Name: vpnsvc-pkg Summary: VPN service library in TIZEN C API -Version: 1.0.8 +Version: 1.0.9 Release: 1 Group: System/Network License: Apache-2.0 -- 2.7.4 From 938c53a789c7b248bdfbac7cee34f903d7ac8155 Mon Sep 17 00:00:00 2001 From: taesubkim Date: Wed, 6 Apr 2016 20:43:28 +0900 Subject: [PATCH 07/16] Apply coding rule Change-Id: I258e4c933560c94780517eaf443cd427e7b8d5c8 Signed-off-by: Taesub Kim --- daemon/include/vpnsvc.h | 3 +-- daemon/src/vpnsvc.c | 9 ++++----- framework/include/capi_vpn_service_private.h | 2 +- framework/src/capi_vpn_service.c | 17 ++++++----------- include/vpn_service.h | 23 +++++++++++------------ include/vpn_service_internal.h | 2 +- 6 files changed, 24 insertions(+), 32 deletions(-) diff --git a/daemon/include/vpnsvc.h b/daemon/include/vpnsvc.h index 99c037f..7e92207 100755 --- a/daemon/include/vpnsvc.h +++ b/daemon/include/vpnsvc.h @@ -30,8 +30,7 @@ extern "C" { #include "generated-code.h" -typedef enum _net_vpn_service_privilege_e -{ +typedef enum _net_vpn_service_privilege_e { PRIVILEGE_VPN_SERVICE = 0x00, PRIVILEGE_VPN_SERVICE_ADMIN, PRIVILEGE_INTERNET, diff --git a/daemon/src/vpnsvc.c b/daemon/src/vpnsvc.c index 852d0aa..e6a4967 100755 --- a/daemon/src/vpnsvc.c +++ b/daemon/src/vpnsvc.c @@ -482,20 +482,19 @@ gboolean vpn_service_gdbus_check_privilege(GDBusMethodInvocation *invocation, ne return FALSE; } - switch (_privilege) - { + switch (_privilege) { case PRIVILEGE_VPN_SERVICE: privilege = "http://tizen.org/privilege/vpnservice"; break; - case PRIVILEGE_VPN_SERVICE_ADMIN : + case PRIVILEGE_VPN_SERVICE_ADMIN: privilege = "http://tizen.org/privilege/vpnservice.admin"; break; - case PRIVILEGE_INTERNET : + case PRIVILEGE_INTERNET: privilege = "http://tizen.org/privilege/internet"; break; - default : + default: LOGD("Undifined privilege"); return FALSE; break; diff --git a/framework/include/capi_vpn_service_private.h b/framework/include/capi_vpn_service_private.h index c949fca..613fb7f 100755 --- a/framework/include/capi_vpn_service_private.h +++ b/framework/include/capi_vpn_service_private.h @@ -61,7 +61,7 @@ extern "C" { int feature_rv = _vpnsvc_check_feature_supported(feature_name); \ if (feature_rv != VPNSVC_ERROR_NONE) \ return feature_rv; \ - } while(0) + } while (0) /** * @brief This data structure has a fido data and its length. diff --git a/framework/src/capi_vpn_service.c b/framework/src/capi_vpn_service.c index cc2c328..b0c6acc 100755 --- a/framework/src/capi_vpn_service.c +++ b/framework/src/capi_vpn_service.c @@ -145,7 +145,7 @@ GVariant *_vpnsvc_invoke_dbus_method(GDBusConnection *connection, if (reply == NULL) { if (error != NULL) { - if (error->code == G_DBUS_ERROR_ACCESS_DENIED){ + if (error->code == G_DBUS_ERROR_ACCESS_DENIED) { LOGE("g_dbus_connection_call_sync() failed" "error [%d: %s]", error->code, error->message);//LCOV_EXCL_LINE *dbus_error = VPNSVC_ERROR_PERMISSION_DENIED;//LCOV_EXCL_LINE @@ -264,9 +264,8 @@ EXPORT_API int vpnsvc_init(const char* iface_name, vpnsvc_h *handle) g_variant_new("(su)", VPNSVC_DBUS_SERVICE_NAME, 0), &dbus_result); - if (dbus_result == VPNSVC_ERROR_PERMISSION_DENIED){ + if (dbus_result == VPNSVC_ERROR_PERMISSION_DENIED) return VPNSVC_ERROR_PERMISSION_DENIED; - } if (op == NULL) { _vpnsvc_deinit_vpnsvc_tun_s(tmp_s); //LCOV_EXCL_LINE @@ -366,9 +365,8 @@ EXPORT_API int vpnsvc_deinit(vpnsvc_h handle) g_variant_new("(s)", tun_s->name), &dbus_result); - if (dbus_result == VPNSVC_ERROR_PERMISSION_DENIED){ + if (dbus_result == VPNSVC_ERROR_PERMISSION_DENIED) return VPNSVC_ERROR_PERMISSION_DENIED; - } if (op == NULL) { return VPNSVC_ERROR_IPC_FAILED; //LCOV_EXCL_LINE @@ -425,9 +423,8 @@ EXPORT_API int vpnsvc_protect(vpnsvc_h handle, int socket_fd, const char* iface_ socket_fd, &dbus_result); - if (dbus_result == VPNSVC_ERROR_PERMISSION_DENIED){ + if (dbus_result == VPNSVC_ERROR_PERMISSION_DENIED) return VPNSVC_ERROR_PERMISSION_DENIED; - } if (op == NULL) { return VPNSVC_ERROR_IPC_FAILED; //LCOV_EXCL_LINE @@ -707,9 +704,8 @@ EXPORT_API int vpnsvc_block_networks(vpnsvc_h handle, nets_param_orig, num_allow_routes_orig), &dbus_result); - if (dbus_result == VPNSVC_ERROR_PERMISSION_DENIED){ + if (dbus_result == VPNSVC_ERROR_PERMISSION_DENIED) return VPNSVC_ERROR_PERMISSION_DENIED; - } if (op == NULL) { return VPNSVC_ERROR_IPC_FAILED; //LCOV_EXCL_LINE @@ -757,9 +753,8 @@ EXPORT_API int vpnsvc_unblock_networks(vpnsvc_h handle) g_variant_new("()"), &dbus_result); - if (dbus_result == VPNSVC_ERROR_PERMISSION_DENIED){ + if (dbus_result == VPNSVC_ERROR_PERMISSION_DENIED) return VPNSVC_ERROR_PERMISSION_DENIED; - } if (op == NULL) { return VPNSVC_ERROR_IPC_FAILED; //LCOV_EXCL_LINE diff --git a/include/vpn_service.h b/include/vpn_service.h index 183eed1..feaf473 100755 --- a/include/vpn_service.h +++ b/include/vpn_service.h @@ -54,17 +54,16 @@ extern "C" { * @brief Enumeration for VPN service error types. * @details Indicate formats of error type field */ -typedef enum -{ - VPNSVC_ERROR_NONE = TIZEN_ERROR_NONE, /**< Successful */ - VPNSVC_ERROR_INVALID_PARAMETER = TIZEN_ERROR_INVALID_PARAMETER, /**< Invalid parameter */ - VPNSVC_ERROR_OUT_OF_MEMORY = TIZEN_ERROR_OUT_OF_MEMORY, /**< Out of memory */ - VPNSVC_ERROR_PERMISSION_DENIED = TIZEN_ERROR_PERMISSION_DENIED, /**< Permission denied */ - VPNSVC_ERROR_NO_SUCH_FILE = TIZEN_ERROR_NO_SUCH_FILE, /**< No such file or directory */ - VPNSVC_ERROR_IO_ERROR = TIZEN_ERROR_IO_ERROR, /**< IO error */ - VPNSVC_ERROR_TIMEOUT = TIZEN_ERROR_TIMED_OUT, /**< Time out error or no answer */ - VPNSVC_ERROR_IPC_FAILED = TIZEN_ERROR_VPNSVC | 0x02, /**< Failed to communicate with server */ - VPNSVC_ERROR_NOT_SUPPORTED = TIZEN_ERROR_NOT_SUPPORTED /**< Not Supported */ +typedef enum { + VPNSVC_ERROR_NONE = TIZEN_ERROR_NONE, /**< Successful */ + VPNSVC_ERROR_INVALID_PARAMETER = TIZEN_ERROR_INVALID_PARAMETER, /**< Invalid parameter */ + VPNSVC_ERROR_OUT_OF_MEMORY = TIZEN_ERROR_OUT_OF_MEMORY, /**< Out of memory */ + VPNSVC_ERROR_PERMISSION_DENIED = TIZEN_ERROR_PERMISSION_DENIED, /**< Permission denied */ + VPNSVC_ERROR_NO_SUCH_FILE = TIZEN_ERROR_NO_SUCH_FILE, /**< No such file or directory */ + VPNSVC_ERROR_IO_ERROR = TIZEN_ERROR_IO_ERROR, /**< IO error */ + VPNSVC_ERROR_TIMEOUT = TIZEN_ERROR_TIMED_OUT, /**< Time out error or no answer */ + VPNSVC_ERROR_IPC_FAILED = TIZEN_ERROR_VPNSVC | 0x02, /**< Failed to communicate with server */ + VPNSVC_ERROR_NOT_SUPPORTED = TIZEN_ERROR_NOT_SUPPORTED /**< Not Supported */ } vpnsvc_error_e; @@ -326,6 +325,6 @@ int vpnsvc_get_session(vpnsvc_h handle, char** session); #ifdef __cplusplus } -#endif // __cplusplus +#endif // __cplusplus #endif /* __TIZEN_CAPI_VPN_SERVICE_H__ */ diff --git a/include/vpn_service_internal.h b/include/vpn_service_internal.h index 1fda902..bf69850 100755 --- a/include/vpn_service_internal.h +++ b/include/vpn_service_internal.h @@ -46,7 +46,7 @@ extern "C" { * @param[in] num_routes The number of routes, Unlimitation * @param[in] dns_servers The list of DNS server names - Optional * @param[in] num_dns_servers The number of DNS server names - Optionl, Unlimitation - * @param[in] dns_suffix The DNS suffix - Optional (e.g. tizen.org) + * @param[in] dns_suffix The DNS suffix - Optional (e.g. tizen.org) * @return 0 on success. otherwise, a negative error value. * @retval #VPNSVC_ERROR_NONE Success * @retval #VPNSVC_ERROR_INVALID_PARAMETER Invalid parameter -- 2.7.4 From e143d9fbe1f379a05f38c5617e32004188f4f3c8 Mon Sep 17 00:00:00 2001 From: Saurav Babu Date: Sat, 9 Apr 2016 12:32:30 +0530 Subject: [PATCH 08/16] [vpn-service] Remove -Wextra flags from package Change-Id: I2ba45696468a08263570f54170bb6bed54ed829b Signed-off-by: Saurav Babu --- CMakeLists.txt | 1 - 1 file changed, 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index f6911e1..b60293d 100755 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -23,7 +23,6 @@ ADD_DEFINITIONS("-fPIC") # ADD_DEFINITIONS("-Werror") # Make all warnings into errors. ADD_DEFINITIONS("-Wall") # Generate all warnings -ADD_DEFINITIONS("-Wextra") # Generate even more extra warnings STRING(REGEX MATCH "([^.]*)" API_VERSION "${VERSION}") ADD_DEFINITIONS("-DAPI_VERSION=\"$(API_VERSION)\"") -- 2.7.4 From 04d73e40a56c8ef4fe21d234980b6ed167d8d56e Mon Sep 17 00:00:00 2001 From: taesubkim Date: Mon, 11 Apr 2016 16:27:53 +0900 Subject: [PATCH 09/16] Redirect the DNS queries to VPN interface Change-Id: Ibc3674df828c186d29160dab831667cf17fbda55 Signed-off-by: Taesub Kim --- daemon/src/vpn_service_daemon.c | 46 +++++++++++++++++++++++++++++++++++++++++ packaging/capi-vpn-service.spec | 2 +- 2 files changed, 47 insertions(+), 1 deletion(-) diff --git a/daemon/src/vpn_service_daemon.c b/daemon/src/vpn_service_daemon.c index 58d43e7..00ea4e2 100755 --- a/daemon/src/vpn_service_daemon.c +++ b/daemon/src/vpn_service_daemon.c @@ -55,6 +55,11 @@ static char iptables_unregister_fmt[] = "%s -D %s -j %s%s -w;" "%s -F %s%s -w;" static char iptables_rule_fmt[] = "%s -%c %s%s -%c %s/%d -j ACCEPT -w;"; static char iptables_rule_with_interface_fmt[] = "%s -%c %s%s -%c %s -%c %s/%d -j ACCEPT -w;"; /*static char iptables_usage_fmt[] = "%s -L %s%s -n -v -w;";*/ +/* iptables -t nat -A CAPI_VPN_SERVICE_OUTPUT -p udp -d --dport 53 -j DNAT --to */ +static char iptables_nat_chain_name[] = "CAPI_VPN_SERVICE_NAT_OUTPUT"; +static char iptables_nat_register_init_fmt[] = "%s -t nat -N %s -w;" "%s -t nat -F %s -w;" "%s -t nat -I %s -j %s -w;"; +static char iptables_nat_register_rule_fmt[] = "%s -t nat -A %s -p udp -d %s --dport 53 -j DNAT --to %s:53 -w;"; +static char iptables_nat_unregister_fmt[] = "%s -t nat -D %s -j %s -w;" "%s -t nat -F %s -w;" "%s -t nat -X %s -w;"; typedef unsigned long int ipv4; /* Declare variable type for ipv4 net address. */ @@ -517,6 +522,40 @@ static void iptables_exec(char *cmdline) pclose(fp); } +static void dns_nat_register(char **vpn_dns_address, size_t nr_dns, char *vpn_device_address) +{ + int size = 0, i; + char buf[8192]; + + snprintf(buf + size, sizeof(buf) - size, iptables_nat_register_init_fmt, + iptables_cmd, iptables_nat_chain_name, + iptables_cmd, iptables_nat_chain_name, + iptables_cmd, iptables_filter_out, iptables_nat_chain_name); + size = strlen(buf); + + for (i = 0 ; i < nr_dns ; i++) { + snprintf(buf + size, sizeof(buf) - size, iptables_nat_register_rule_fmt, + iptables_cmd, iptables_nat_chain_name, vpn_dns_address[i], vpn_device_address); + size = strlen(buf); + } + LOGD("iptable dns nat reg cmd : %s", buf); + iptables_exec(buf); +} + +static void dns_nat_unregister(void) +{ + int size = 0; + char buf[8192]; + + snprintf(buf + size, sizeof(buf) - size, iptables_nat_unregister_fmt, + iptables_cmd, iptables_filter_out, iptables_nat_chain_name, + iptables_cmd, iptables_nat_chain_name, + iptables_cmd, iptables_nat_chain_name); + size = strlen(buf); + LOGD("iptable dns nat unreg cmd : %s", buf); + iptables_exec(buf); +} + static void iptables_register(void) { int size = 0; @@ -850,6 +889,10 @@ int vpn_daemon_up(int iface_index, const char* local_ip, const char* remote_ip, } } + if (nr_dns > 0) { + dns_nat_register(dns_servers, nr_dns, local_ip); + } + return ret; } @@ -910,6 +953,9 @@ int vpn_daemon_down(int iface_index) /* remove dns suffix */ del_dns_suffix(); + /* remove dns filter */ + dns_nat_unregister(); + return VPNSVC_ERROR_NONE; } diff --git a/packaging/capi-vpn-service.spec b/packaging/capi-vpn-service.spec index cc5b58c..f44eacc 100755 --- a/packaging/capi-vpn-service.spec +++ b/packaging/capi-vpn-service.spec @@ -1,6 +1,6 @@ Name: vpnsvc-pkg Summary: VPN service library in TIZEN C API -Version: 1.0.9 +Version: 1.0.10 Release: 1 Group: System/Network License: Apache-2.0 -- 2.7.4 From ec9120464ed13c394cbc88fc6d0582f3f1972fb4 Mon Sep 17 00:00:00 2001 From: taesubkim Date: Tue, 12 Apr 2016 14:44:51 +0900 Subject: [PATCH 10/16] Added some comments to exclude coverage #2 Change-Id: I69155e2be24418aaa29d57380b896f73d8416b2e Signed-off-by: Taesub Kim --- framework/src/capi_vpn_service.c | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/framework/src/capi_vpn_service.c b/framework/src/capi_vpn_service.c index b0c6acc..c4ea33d 100755 --- a/framework/src/capi_vpn_service.c +++ b/framework/src/capi_vpn_service.c @@ -144,15 +144,15 @@ GVariant *_vpnsvc_invoke_dbus_method(GDBusConnection *connection, &error); if (reply == NULL) { - if (error != NULL) { - if (error->code == G_DBUS_ERROR_ACCESS_DENIED) { - LOGE("g_dbus_connection_call_sync() failed" - "error [%d: %s]", error->code, error->message);//LCOV_EXCL_LINE + if (error != NULL) {//LCOV_EXCL_LINE + if (error->code == G_DBUS_ERROR_ACCESS_DENIED) {//LCOV_EXCL_LINE + LOGE("g_dbus_connection_call_sync() failed"//LCOV_EXCL_LINE + "error [%d: %s]", error->code, error->message); *dbus_error = VPNSVC_ERROR_PERMISSION_DENIED;//LCOV_EXCL_LINE g_error_free(error);//LCOV_EXCL_LINE } else { - LOGE("g_dbus_connection_call_sync() failed" - "error [%d: %s]", error->code, error->message);//LCOV_EXCL_LINE + LOGE("g_dbus_connection_call_sync() failed"//LCOV_EXCL_LINE + "error [%d: %s]", error->code, error->message); *dbus_error = VPNSVC_ERROR_IO_ERROR;//LCOV_EXCL_LINE g_error_free(error);//LCOV_EXCL_LINE } @@ -214,7 +214,7 @@ GVariant *_vpnsvc_invoke_dbus_method_with_fd(GDBusConnection *connection, &error); if (reply == NULL) { - if (error != NULL) { + if (error != NULL) {//LCOV_EXCL_LINE LOGE("g_dbus_connection_call_sync() failed" //LCOV_EXCL_LINE "error [%d: %s]", error->code, error->message); *dbus_error = VPNSVC_ERROR_IO_ERROR; //LCOV_EXCL_LINE @@ -243,14 +243,14 @@ EXPORT_API int vpnsvc_init(const char* iface_name, vpnsvc_h *handle) /* parameter check */ if (iface_name == NULL || strlen(iface_name) <= 0) { - LOGE("iface_name is a NULL"); - return VPNSVC_ERROR_INVALID_PARAMETER; + LOGE("iface_name is a NULL");//LCOV_EXCL_LINE + return VPNSVC_ERROR_INVALID_PARAMETER;//LCOV_EXCL_LINE } else if (handle == NULL) { - LOGE("handle is a NULL"); - return VPNSVC_ERROR_INVALID_PARAMETER; + LOGE("handle is a NULL");//LCOV_EXCL_LINE + return VPNSVC_ERROR_INVALID_PARAMETER;//LCOV_EXCL_LINE } else if (*handle != NULL) { - LOGE("handle already created"); - return VPNSVC_ERROR_INVALID_PARAMETER; + LOGE("handle already created");//LCOV_EXCL_LINE + return VPNSVC_ERROR_INVALID_PARAMETER;//LCOV_EXCL_LINE } vpnsvc_tun_s *tmp_s = NULL; @@ -291,7 +291,7 @@ EXPORT_API int vpnsvc_init(const char* iface_name, vpnsvc_h *handle) if ((iface_fd = open("/dev/net/tun", O_RDWR)) < 0) { LOGE("tun device open fail\n"); //LCOV_EXCL_LINE - close(iface_fd); + close(iface_fd);//LCOV_EXCL_LINE _vpnsvc_deinit_vpnsvc_tun_s(tmp_s); //LCOV_EXCL_LINE return VPNSVC_ERROR_IO_ERROR; //LCOV_EXCL_LINE } @@ -895,7 +895,7 @@ EXPORT_API int vpnsvc_set_blocking(vpnsvc_h handle, bool blocking) } if (blocking == false) - flags = flags | O_NONBLOCK; + flags = flags | O_NONBLOCK;//LCOV_EXCL_LINE else flags = flags & (~O_NONBLOCK); -- 2.7.4 From cfa115ca423e88499db99645203880c1381f37d4 Mon Sep 17 00:00:00 2001 From: taesubkim Date: Wed, 27 Apr 2016 09:06:40 +0900 Subject: [PATCH 11/16] Fixing P151224-03183, Redirect the DNS queries to VPN interface #2 [Model] TM1 [Issue#] P151224-03183 [Request] PLM [Occurrence Version] NA [Problem] VPN is NOT working properly [Cause & Measure] Redirect the DNS queries to VPN interface [Checking Method] Redirect the DNS queries to VPN interface [Team] Tizen platform lab(SWC) [Developer] Taesub Kim [Solution company] Samsung [Change Type] Specification change Change-Id: I15723669cdca453007ae5f54be8a5bbf8862c042 Signed-off-by: Taesub Kim --- daemon/src/vpn_service_daemon.c | 63 +++++++++++++++++++++++++++++++++++++++++ packaging/capi-vpn-service.spec | 2 +- 2 files changed, 64 insertions(+), 1 deletion(-) diff --git a/daemon/src/vpn_service_daemon.c b/daemon/src/vpn_service_daemon.c index 00ea4e2..f4f82b9 100755 --- a/daemon/src/vpn_service_daemon.c +++ b/daemon/src/vpn_service_daemon.c @@ -140,6 +140,56 @@ static int add_routes(char* iface_name, char* routes[], int prefix[], size_t nr_ return VPNSVC_ERROR_NONE; } +static int add_dns_routes(char* if_name, char** dns_servers, size_t nr_dns) +{ + struct rtentry rt; + struct sockaddr_in addr; + int sk; + unsigned int i = 0; + + LOGD("Enter add_routes"); + + sk = socket(PF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if (sk < 0) { + LOGE("socket failed : %s", strerror(errno)); + return VPNSVC_ERROR_IO_ERROR; + } + + for (i = 0; i < nr_dns; i++) { + memset(&rt, 0, sizeof(rt)); + rt.rt_flags = RTF_UP; + + memset(&addr, 0, sizeof(addr)); + addr.sin_family = AF_INET; + addr.sin_addr.s_addr = inet_addr(dns_servers[i]); + memcpy(&rt.rt_dst, &addr, sizeof(rt.rt_dst)); + + memset(&addr, 0, sizeof(addr)); + addr.sin_family = AF_INET; + addr.sin_addr.s_addr = INADDR_ANY; + memcpy(&rt.rt_gateway, &addr, sizeof(rt.rt_gateway)); + + /* set mask using by prefix length */ + memset(&addr, 0, sizeof(addr)); + addr.sin_family = AF_INET; + addr.sin_addr.s_addr = INADDR_ANY; + addr.sin_addr.s_addr = host2net(make_mask(32)); + memcpy(&rt.rt_genmask, &addr, sizeof(rt.rt_genmask)); + + rt.rt_dev = if_name; + + if (ioctl(sk, SIOCADDRT, &rt) < 0) { + LOGE("ioctl SIOCADDRT failed : %s", strerror(errno)); + close(sk); + return VPNSVC_ERROR_IO_ERROR; + } + } + + close(sk); + + return VPNSVC_ERROR_NONE; +} + static void connman_connection_open(void) { if (global_connection == NULL) { @@ -871,6 +921,16 @@ int vpn_daemon_up(int iface_index, const char* local_ip, const char* remote_ip, } } + /* add DNS routes */ + if (nr_dns > 0) { + ret = add_dns_routes(ifr_tun.ifr_name, dns_servers, nr_dns); + if (ret != VPNSVC_ERROR_NONE) { + LOGE("add_dns failed"); + return ret; + } + } + +#if 0 /* add DNS servers */ if (nr_dns > 0) { ret = add_dns_servers(dns_servers, nr_dns, total_dns_string_cnt); @@ -892,10 +952,13 @@ int vpn_daemon_up(int iface_index, const char* local_ip, const char* remote_ip, if (nr_dns > 0) { dns_nat_register(dns_servers, nr_dns, local_ip); } +#endif return ret; } + + int vpn_daemon_down(int iface_index) { struct ifreq ifr, addr_ifr; diff --git a/packaging/capi-vpn-service.spec b/packaging/capi-vpn-service.spec index f44eacc..ce85600 100755 --- a/packaging/capi-vpn-service.spec +++ b/packaging/capi-vpn-service.spec @@ -1,6 +1,6 @@ Name: vpnsvc-pkg Summary: VPN service library in TIZEN C API -Version: 1.0.10 +Version: 1.0.11 Release: 1 Group: System/Network License: Apache-2.0 -- 2.7.4 From c96da93e7626ee67e22051ffdaf85ae4096c6362 Mon Sep 17 00:00:00 2001 From: taesubkim Date: Wed, 27 Apr 2016 09:45:36 +0900 Subject: [PATCH 12/16] Fix VPN read issue [Model] COMMON [Issue#] VPN read not returning for long time [Request] N/A [Occurrence Version] N/A [Problem] timeval structure is not initialized properly [Cause & Measure] Garbage value passed to select() function [Checking Method] Try to use vpnsvc_read() API [Team] Wireless Data [Developer] Ravi Prasad RK [Solution company] Samsung [Change Type] N/A Change-Id: I670c37d79584a5cb1c483a342cb5b71c3e2fa137 Signed-off-by: Taesub Kim --- framework/src/capi_vpn_service.c | 1 + packaging/capi-vpn-service.spec | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/framework/src/capi_vpn_service.c b/framework/src/capi_vpn_service.c index c4ea33d..0d88fb9 100755 --- a/framework/src/capi_vpn_service.c +++ b/framework/src/capi_vpn_service.c @@ -605,6 +605,7 @@ EXPORT_API int vpnsvc_read(vpnsvc_h handle, int timeout_ms) /* listen for events */ FD_ZERO(&read_set); FD_SET(tun_s->fd, &read_set); + tv.tv_sec = 0; tv.tv_usec = timeout_ms*1000; retVal = select(tun_s->fd +1, &read_set, NULL, NULL, &tv); diff --git a/packaging/capi-vpn-service.spec b/packaging/capi-vpn-service.spec index ce85600..a80298c 100755 --- a/packaging/capi-vpn-service.spec +++ b/packaging/capi-vpn-service.spec @@ -1,6 +1,6 @@ Name: vpnsvc-pkg Summary: VPN service library in TIZEN C API -Version: 1.0.11 +Version: 1.0.12 Release: 1 Group: System/Network License: Apache-2.0 -- 2.7.4 From 6e96f72977997bf93a449f616d60f90aa24f438e Mon Sep 17 00:00:00 2001 From: taesubkim Date: Fri, 29 Apr 2016 18:25:52 +0900 Subject: [PATCH 13/16] [TSAM-2611] Fixed itc issue Change-Id: I847e9b60f02cebe45d28e19a90e11884f162e962 Signed-off-by: Taesub Kim --- framework/src/capi_vpn_service.c | 3 --- packaging/capi-vpn-service.spec | 2 +- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/framework/src/capi_vpn_service.c b/framework/src/capi_vpn_service.c index 0d88fb9..5ad13e6 100755 --- a/framework/src/capi_vpn_service.c +++ b/framework/src/capi_vpn_service.c @@ -248,9 +248,6 @@ EXPORT_API int vpnsvc_init(const char* iface_name, vpnsvc_h *handle) } else if (handle == NULL) { LOGE("handle is a NULL");//LCOV_EXCL_LINE return VPNSVC_ERROR_INVALID_PARAMETER;//LCOV_EXCL_LINE - } else if (*handle != NULL) { - LOGE("handle already created");//LCOV_EXCL_LINE - return VPNSVC_ERROR_INVALID_PARAMETER;//LCOV_EXCL_LINE } vpnsvc_tun_s *tmp_s = NULL; diff --git a/packaging/capi-vpn-service.spec b/packaging/capi-vpn-service.spec index a80298c..6c43f74 100755 --- a/packaging/capi-vpn-service.spec +++ b/packaging/capi-vpn-service.spec @@ -1,6 +1,6 @@ Name: vpnsvc-pkg Summary: VPN service library in TIZEN C API -Version: 1.0.12 +Version: 1.0.13 Release: 1 Group: System/Network License: Apache-2.0 -- 2.7.4 From 26b3408a22346a17bb9fa4c6ae6c0059fd128954 Mon Sep 17 00:00:00 2001 From: hyunuktak Date: Mon, 2 May 2016 15:37:10 +0900 Subject: [PATCH 14/16] Add handle list for vpn service Modify some code for test Change-Id: Ie137b4b223cf4b847b1200ecd136b5bb7a1c82f2 Signed-off-by: hyunuktak --- framework/src/capi_vpn_service.c | 24 ++++- packaging/capi-vpn-service.spec | 19 ++-- test/CMakeLists.txt | 4 +- test/vpn_service_test.c | 211 +++++++++++++++++++++++---------------- 4 files changed, 155 insertions(+), 103 deletions(-) diff --git a/framework/src/capi_vpn_service.c b/framework/src/capi_vpn_service.c index 5ad13e6..d83ce10 100755 --- a/framework/src/capi_vpn_service.c +++ b/framework/src/capi_vpn_service.c @@ -34,6 +34,7 @@ GVariant *op = NULL; +static __thread GSList *vpn_handle_list = NULL; static __thread bool is_feature_checked = false; static __thread bool feature_supported = false; @@ -60,6 +61,17 @@ int _vpnsvc_check_feature_supported(const char *feature_name) return VPNSVC_ERROR_NONE; } +static bool _vpn_check_handle_validity(vpnsvc_h vpnsvc) +{ + if (vpnsvc == NULL) + return false; + + if (g_slist_find(vpn_handle_list, vpnsvc) != NULL) + return true; + else + return false; +} + static void _vpnsvc_init_vpnsvc_tun_s(vpnsvc_tun_s **s) { LOGD(" tun_s: %p", s); @@ -243,11 +255,11 @@ EXPORT_API int vpnsvc_init(const char* iface_name, vpnsvc_h *handle) /* parameter check */ if (iface_name == NULL || strlen(iface_name) <= 0) { - LOGE("iface_name is a NULL");//LCOV_EXCL_LINE - return VPNSVC_ERROR_INVALID_PARAMETER;//LCOV_EXCL_LINE - } else if (handle == NULL) { - LOGE("handle is a NULL");//LCOV_EXCL_LINE - return VPNSVC_ERROR_INVALID_PARAMETER;//LCOV_EXCL_LINE + LOGE("iface_name is a NULL"); //LCOV_EXCL_LINE + return VPNSVC_ERROR_INVALID_PARAMETER; //LCOV_EXCL_LINE + } else if (_vpn_check_handle_validity(*handle)) { + LOGE("Invalid parameter"); //LCOV_EXCL_LINE + return VPNSVC_ERROR_INVALID_PARAMETER; //LCOV_EXCL_LINE } vpnsvc_tun_s *tmp_s = NULL; @@ -324,6 +336,7 @@ EXPORT_API int vpnsvc_init(const char* iface_name, vpnsvc_h *handle) strncpy(tmp_s->name, tmp_name, VPNSVC_VPN_IFACE_NAME_LEN); tmp_s->name[VPNSVC_VPN_IFACE_NAME_LEN-1] = '\0'; *handle = tmp_s; + vpn_handle_list = g_slist_prepend(vpn_handle_list, *handle); LOGD("handle : %p, handle->fd : %d, handle->index : %d, handle->name : %s", (*handle), ((vpnsvc_tun_s*)*handle)->fd, ((vpnsvc_tun_s*)*handle)->index, ((vpnsvc_tun_s*)*handle)->name); } @@ -383,6 +396,7 @@ EXPORT_API int vpnsvc_deinit(vpnsvc_h handle) /* free allocared handle memory */ _vpnsvc_deinit_vpnsvc_tun_s(tun_s); + vpn_handle_list = g_slist_remove(vpn_handle_list, handle); } return result; diff --git a/packaging/capi-vpn-service.spec b/packaging/capi-vpn-service.spec index 6c43f74..50c11a2 100755 --- a/packaging/capi-vpn-service.spec +++ b/packaging/capi-vpn-service.spec @@ -1,6 +1,6 @@ Name: vpnsvc-pkg Summary: VPN service library in TIZEN C API -Version: 1.0.13 +Version: 1.0.14 Release: 1 Group: System/Network License: Apache-2.0 @@ -43,12 +43,12 @@ Group: Development/Libraries %description -n capi-vpnsvc-devel capi-vpnsvc CAPI devel package -%package -n vpnsvc-test -Summary: Vpnsvc test -Group: Development/Libraries +#%package -n vpnsvc_test +#Summary: Vpnsvc test +#Group: Development/Libraries -%description -n vpnsvc-test -vpnsvc test package +#%description -n vpnsvc_test +#vpnsvc test package %package -n vpnsvc-daemon Summary: Vpnsvc daemon @@ -129,13 +129,14 @@ fi %manifest framework/capi-vpnsvc.manifest %{_libdir}/libcapi-vpnsvc.so.* %{_datadir}/license/capi-vpnsvc +%{_bindir}/vpnsvc_test %files -n capi-vpnsvc-devel %{_includedir}/*.h %{_libdir}/pkgconfig/capi-vpnsvc.pc %{_libdir}/libcapi-vpnsvc.so -%files -n vpnsvc-test -%manifest test/vpnsvc-test.manifest -/usr/sbin/vpnsvc-test +#%files -n vpnsvc_test +#%manifest test/vpnsvc-test.manifest +#%{_bindir}/vpnsvc_test diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt index e23d651..f2146f8 100755 --- a/test/CMakeLists.txt +++ b/test/CMakeLists.txt @@ -1,5 +1,5 @@ CMAKE_MINIMUM_REQUIRED(VERSION 2.6) -SET(PACKAGE_NAME vpnsvc-test) +SET(PACKAGE_NAME vpnsvc_test) SET(LIB_NAME ${PACKAGE_NAME}) PROJECT(${LIB_NAME}) SET(PREFIX ${CMAKE_INSTALL_PREFIX}) @@ -38,4 +38,4 @@ SET(CMAKE_EXE_LINKER_FLAGS "-Wl,--as-needed -Wl,--rpath="${LIBDIR}) ADD_EXECUTABLE(${PACKAGE_NAME} ${TEST_SRCS}) TARGET_LINK_LIBRARIES(${PACKAGE_NAME} ${${PACKAGE_NAME}_LDFLAGS} "-ldl" capi-vpnsvc) -INSTALL(TARGETS ${PACKAGE_NAME} DESTINATION sbin) +INSTALL(TARGETS ${PACKAGE_NAME} DESTINATION bin/) diff --git a/test/vpn_service_test.c b/test/vpn_service_test.c index d36bfac..e1b4dbb 100755 --- a/test/vpn_service_test.c +++ b/test/vpn_service_test.c @@ -40,21 +40,45 @@ vpnsvc_h handle = NULL; +static const char *test_print_error(vpnsvc_error_e error) +{ + switch (error) { + case VPNSVC_ERROR_NONE: + return "VPNSVC_ERROR_NONE"; + case VPNSVC_ERROR_INVALID_PARAMETER: + return "VPNSVC_ERROR_INVALID_PARAMETER"; + case VPNSVC_ERROR_OUT_OF_MEMORY: + return "VPNSVC_ERROR_OUT_OF_MEMORY"; + case VPNSVC_ERROR_PERMISSION_DENIED: + return "VPNSVC_ERROR_PERMISSION_DENIED"; + case VPNSVC_ERROR_NO_SUCH_FILE: + return "VPNSVC_ERROR_NO_SUCH_FILE"; + case VPNSVC_ERROR_IO_ERROR: + return "VPNSVC_ERROR_IO_ERROR"; + case VPNSVC_ERROR_TIMEOUT: + return "VPNSVC_ERROR_TIMEOUT"; + case VPNSVC_ERROR_IPC_FAILED: + return "VPNSVC_ERROR_IPC_FAILED"; + case VPNSVC_ERROR_NOT_SUPPORTED: + return "VPNSVC_ERROR_NOT_SUPPORTED"; + default: + return "VPNSVC_ERROR_UNKNOWN"; + } +} + int test_vpnsvc_init() { char *name = TEST_VPN_IF_NAME; - int ret = VPNSVC_ERROR_NONE; + int rv = VPNSVC_ERROR_NONE; int int_value; - printf("test vpnsvc_init\n"); + rv = vpnsvc_init(name, &handle); - ret = vpnsvc_init(name, &handle); - - if (ret != VPNSVC_ERROR_NONE) { - printf("vpnsvc_init failed : %d\n", ret); + if (rv != VPNSVC_ERROR_NONE) { + printf("vpnsvc initialize fail [%s]\n", test_print_error(rv)); + return -1; } else { char* result_name = NULL; - printf("vpnsvc_init Succeed : %d\n", ret); if (vpnsvc_get_iface_fd(handle, &int_value) == VPNSVC_ERROR_NONE) printf("iface_fd : %d\n", int_value); @@ -66,32 +90,40 @@ int test_vpnsvc_init() else printf("Fail to get iface_index\n"); - ret = vpnsvc_get_iface_name(handle, &result_name); - if (ret == VPNSVC_ERROR_NONE) + if (vpnsvc_get_iface_name(handle, &result_name) == VPNSVC_ERROR_NONE) printf("iface_name : %s\n", result_name); + else + printf("Fail to get iface_name\n"); } - return 0; + printf("vpnsvc initialize success\n"); + return 1; } int test_vpnsvc_deinit() { - printf("test vpnsvc_deinit\n"); + int rv = 0; if (handle) - vpnsvc_deinit(handle); - - handle = NULL; + rv = vpnsvc_deinit(handle); + else { + printf("cannot deinitialize : handle is NULL\n"); + rv = VPNSVC_ERROR_INVALID_PARAMETER; + } - return 0; + if (rv != VPNSVC_ERROR_NONE) { + printf("vpnsvc deinitialize fail [%s]\n", test_print_error(rv)); + return -1; + } + handle = NULL; + printf("vpnsvc deinitialize success\n"); + return 1; } int test_vpnsvc_protect() { - int sock, ret; - - printf("test vpnsvc_protect\n"); + int sock, rv; if (!handle) { printf("invalid handle\n"); @@ -103,20 +135,20 @@ int test_vpnsvc_protect() return -2; } - ret = vpnsvc_protect(handle, sock, "wlan0"); - if (ret != VPNSVC_ERROR_NONE) - printf("vpnsvc_protect failed!\n"); + rv = vpnsvc_protect(handle, sock, "wlan0"); + if (rv != VPNSVC_ERROR_NONE) + printf("vpnsvc protect fail [%s]\n", test_print_error(rv)); else - printf("vpnsvc_protect Succeed!\n"); + printf("vpnsvc protect success\n"); close(sock); - return 0; + return 1; } int test_vpnsvc_up() { - int ret; + int rv; char local[VPNSVC_IP4_STRING_LEN] = {'\0',}; char remote[VPNSVC_IP4_STRING_LEN] = {'\0',}; char *routes[2]; @@ -152,11 +184,7 @@ int test_vpnsvc_up() dns_server[0] = dns1; dns_server[1] = dns2; - ret = vpnsvc_up(handle, local, remote, routes, prefix, nr_routes, dns_server, nr_dns, dns_suffix); - if (ret != VPNSVC_ERROR_NONE) - printf("vpnsvc_up failed!\n"); - else - printf("vpnsvc_up Succeed!\n"); + rv = vpnsvc_up(handle, local, remote, routes, prefix, nr_routes, dns_server, nr_dns, dns_suffix); free(routes[0]); free(routes[1]); @@ -164,37 +192,41 @@ int test_vpnsvc_up() routes[0] = NULL; routes[1] = NULL; - return 0; + if (rv != VPNSVC_ERROR_NONE) + printf("vpnsvc up fail [%s]\n", test_print_error(rv)); + else + printf("vpnsvc up success\n"); + + return 1; } int test_vpnsvc_down() { - int ret; + int rv; if (!handle) { printf("invalid handle\n"); return -1; } - ret = vpnsvc_down(handle); - - if (ret != VPNSVC_ERROR_NONE) - printf("vpnsvc_down failed!\n"); - else - printf("vpnsvc_down Succeed!\n"); - - return 0; - + rv = vpnsvc_down(handle); + if (rv != VPNSVC_ERROR_NONE) { + printf("vpnsvc down fail [%s]\n", test_print_error(rv)); + return -1; + } else { + printf("vpnsvc down success\n"); + return 1; + } } int test_vpnsvc_read() { - return 0; + return -1; } int test_vpnsvc_write() { - return 0; + return -1; } int test_vpnsvc_block_networks() @@ -205,7 +237,7 @@ int test_vpnsvc_block_networks() char* allow_nets[2]; int allow_prefix[2]; int allow_nr_nets = 2; - int ret; + int rv; if (!handle) { printf("invalid handle\n"); @@ -230,12 +262,7 @@ int test_vpnsvc_block_networks() strncpy(allow_nets[1], "206.190.36.45", VPNSVC_IP4_STRING_LEN); allow_prefix[1] = 32; - ret = vpnsvc_block_networks(handle, block_nets, block_prefix, block_nr_nets, allow_nets, allow_prefix, allow_nr_nets); - - if (ret != VPNSVC_ERROR_NONE) - printf("vpnsvc_block_networks failed!\n"); - else - printf("vpnsvc_block_networks Succeed!\n"); + rv = vpnsvc_block_networks(handle, block_nets, block_prefix, block_nr_nets, allow_nets, allow_prefix, allow_nr_nets); free(block_nets[0]); free(block_nets[1]); @@ -247,78 +274,84 @@ int test_vpnsvc_block_networks() allow_nets[0] = NULL; allow_nets[1] = NULL; - return 0; - + if (rv != VPNSVC_ERROR_NONE) { + printf("vpnsvc block networks fail [%s]\n", test_print_error(rv)); + return -1; + } else { + printf("vpnsvc block networks success\n"); + return 1; + } } int test_vpnsvc_unblock_networks() { - int ret; + int rv; if (!handle) { printf("invalid handle\n"); return -1; } - ret = vpnsvc_unblock_networks(handle); - - if (ret != VPNSVC_ERROR_NONE) - printf("vpnsvc_unblock_networks failed!\n"); - else - printf("vpnsvc_unblock_networks Succeed!\n"); - - return 0; + rv = vpnsvc_unblock_networks(handle); + if (rv != VPNSVC_ERROR_NONE) { + printf("vpnsvc unblock networks fail [%s]\n", test_print_error(rv)); + return -1; + } else { + printf("vpnsvc unblock networks success"); + return 1; + } } int test_vpnsvc_set_mtu() { - int ret; + int rv; - ret = vpnsvc_set_mtu(handle, 9000); - - if (ret != VPNSVC_ERROR_NONE) - printf("vpnsvc_set_mtu failed!\n"); - else - printf("vpnsvc_set_mtu Succeed!\n"); - - return 0; + rv = vpnsvc_set_mtu(handle, 9000); + if (rv != VPNSVC_ERROR_NONE) { + printf("vpnsvc set mtu fail [%s]\n", test_print_error(rv)); + return -1; + } else { + printf("vpnsvc set mtu success\n"); + return 1; + } } bool g_blocking = false; int test_vpnsvc_set_blocking() { - int ret; + int rv; g_blocking = !g_blocking; printf("Blocking Parameter: %s\n", g_blocking ? "true" : "false"); - ret = vpnsvc_set_blocking(handle, g_blocking); - - if (ret != VPNSVC_ERROR_NONE) - printf("vpnsvc_set_blocking failed!\n"); - else - printf("vpnsvc_set_blocking Succeed!\n"); + rv = vpnsvc_set_blocking(handle, g_blocking); - return 0; + if (rv != VPNSVC_ERROR_NONE) { + printf("vpnsvc set blocking fail [%s]\n", test_print_error(rv)); + return -1; + } else { + printf("vpnsvc set blocking success\n"); + return 1; + } } int test_vpnsvc_set_session() { - int ret; + int rv; char *set_session = "vpnsvc_test VPN Session"; char *get_session = NULL; - ret = vpnsvc_set_session(handle, set_session); + rv = vpnsvc_set_session(handle, set_session); - if (ret != VPNSVC_ERROR_NONE) { - printf("vpnsvc_set_session failed!\n"); + if (rv != VPNSVC_ERROR_NONE) { + printf("vpnsvc set session fail [%s]\n", test_print_error(rv)); + return -1; } else { - ret = vpnsvc_get_session(handle, &get_session); - printf("Session Name = %s\n", get_session); - printf("vpnsvc_set_session Succeed!\n"); + rv = vpnsvc_get_session(handle, &get_session); + printf("session name = %s\n", get_session); + printf("vpnsvc set session Success\n"); + return 1; } - - return 0; } int test_exit() @@ -376,7 +409,11 @@ int main() continue; } - test_function_table[comm-1](); + int rv = test_function_table[comm-1](); + if (rv == 1) + printf("Operation succeeded!\n"); + else + printf("Operation failed!\n"); } return 0; } -- 2.7.4 From d3cf71781d0f583bede1ebf32c32d0651b057edb Mon Sep 17 00:00:00 2001 From: taesubkim Date: Tue, 3 May 2016 13:09:35 +0900 Subject: [PATCH 15/16] [SVACE] 77596 Fixed svace issue Change-Id: Ibd09262afd95a5e2530c8c609f64c1e614fea92a Signed-off-by: Taesub Kim --- daemon/src/vpn_service_daemon.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/daemon/src/vpn_service_daemon.c b/daemon/src/vpn_service_daemon.c index f4f82b9..358f4af 100755 --- a/daemon/src/vpn_service_daemon.c +++ b/daemon/src/vpn_service_daemon.c @@ -146,12 +146,13 @@ static int add_dns_routes(char* if_name, char** dns_servers, size_t nr_dns) struct sockaddr_in addr; int sk; unsigned int i = 0; + char buf[BUF_SIZE_FOR_ERR] = { 0 }; LOGD("Enter add_routes"); sk = socket(PF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); if (sk < 0) { - LOGE("socket failed : %s", strerror(errno)); + LOGE("socket failed : %s", strerror_r(errno, buf, BUF_SIZE_FOR_ERR)); return VPNSVC_ERROR_IO_ERROR; } @@ -179,7 +180,7 @@ static int add_dns_routes(char* if_name, char** dns_servers, size_t nr_dns) rt.rt_dev = if_name; if (ioctl(sk, SIOCADDRT, &rt) < 0) { - LOGE("ioctl SIOCADDRT failed : %s", strerror(errno)); + LOGE("ioctl SIOCADDRT failed : %s", strerror_r(errno, buf, BUF_SIZE_FOR_ERR)); close(sk); return VPNSVC_ERROR_IO_ERROR; } -- 2.7.4 From 0cd40e7fda377fcbe27680a9e9738fd32aac7d78 Mon Sep 17 00:00:00 2001 From: hyunuktak Date: Wed, 4 May 2016 10:55:23 +0900 Subject: [PATCH 16/16] Fix passed to proc after free Change-Id: I63f1612ace96f94f4b25344fc8df1032d51d18dc Signed-off-by: hyunuktak --- framework/src/capi_vpn_service.c | 2 +- packaging/capi-vpn-service.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/framework/src/capi_vpn_service.c b/framework/src/capi_vpn_service.c index d83ce10..ff52f53 100755 --- a/framework/src/capi_vpn_service.c +++ b/framework/src/capi_vpn_service.c @@ -395,8 +395,8 @@ EXPORT_API int vpnsvc_deinit(vpnsvc_h handle) LOGD("tun fd close success"); /* free allocared handle memory */ + vpn_handle_list = g_slist_remove(vpn_handle_list, tun_s); _vpnsvc_deinit_vpnsvc_tun_s(tun_s); - vpn_handle_list = g_slist_remove(vpn_handle_list, handle); } return result; diff --git a/packaging/capi-vpn-service.spec b/packaging/capi-vpn-service.spec index 50c11a2..9e3b66d 100755 --- a/packaging/capi-vpn-service.spec +++ b/packaging/capi-vpn-service.spec @@ -1,6 +1,6 @@ Name: vpnsvc-pkg Summary: VPN service library in TIZEN C API -Version: 1.0.14 +Version: 1.0.15 Release: 1 Group: System/Network License: Apache-2.0 -- 2.7.4