5 * Copyright (C) 2007-2012 Intel Corporation. All rights reserved.
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as
9 * published by the Free Software Foundation.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
34 #define CONNMAN_API_SUBJECT_TO_CHANGE
35 #include <connman/plugin.h>
36 #include <connman/log.h>
37 #include <connman/task.h>
38 #include <connman/ipconfig.h>
39 #include <connman/dbus.h>
40 #include <connman/agent.h>
41 #include <connman/setting.h>
42 #include <connman/vpn-dbus.h>
44 #include "../vpn-provider.h"
45 #include "../vpn-agent.h"
49 #define ARRAY_SIZE(a) (sizeof(a)/sizeof(a[0]))
56 { "OpenConnect.NoCertCheck", "--no-cert-check", 0 },
59 struct oc_private_data {
60 struct connman_task *task;
62 vpn_provider_connect_cb_t cb;
66 static int task_append_config_data(struct vpn_provider *provider,
67 struct connman_task *task)
72 for (i = 0; i < (int)ARRAY_SIZE(oc_options); i++) {
73 if (oc_options[i].oc_opt == NULL)
76 option = vpn_provider_get_string(provider,
77 oc_options[i].cm_opt);
81 if (connman_task_add_argument(task,
83 oc_options[i].has_value ? option : NULL) < 0)
90 static int oc_notify(DBusMessage *msg, struct vpn_provider *provider)
92 DBusMessageIter iter, dict;
93 const char *reason, *key, *value;
95 char *addressv4 = NULL, *addressv6 = NULL;
96 char *netmask = NULL, *gateway = NULL;
97 unsigned char prefix_len = 0;
98 struct connman_ipaddress *ipaddress;
100 dbus_message_iter_init(msg, &iter);
102 dbus_message_iter_get_basic(&iter, &reason);
103 dbus_message_iter_next(&iter);
106 connman_error("No provider found");
107 return VPN_STATE_FAILURE;
110 if (strcmp(reason, "connect"))
111 return VPN_STATE_DISCONNECT;
113 domain = g_strdup(vpn_provider_get_string(provider, "VPN.Domain"));
115 dbus_message_iter_recurse(&iter, &dict);
117 while (dbus_message_iter_get_arg_type(&dict) == DBUS_TYPE_DICT_ENTRY) {
118 DBusMessageIter entry;
120 dbus_message_iter_recurse(&dict, &entry);
121 dbus_message_iter_get_basic(&entry, &key);
122 dbus_message_iter_next(&entry);
123 dbus_message_iter_get_basic(&entry, &value);
125 if (strcmp(key, "CISCO_CSTP_OPTIONS"))
126 DBG("%s = %s", key, value);
128 if (!strcmp(key, "VPNGATEWAY"))
129 gateway = g_strdup(value);
131 if (!strcmp(key, "INTERNAL_IP4_ADDRESS"))
132 addressv4 = g_strdup(value);
134 if (!strcmp(key, "INTERNAL_IP6_ADDRESS")) {
135 addressv6 = g_strdup(value);
139 if (!strcmp(key, "INTERNAL_IP4_NETMASK"))
140 netmask = g_strdup(value);
142 if (!strcmp(key, "INTERNAL_IP6_NETMASK")) {
145 /* The netmask contains the address and the prefix */
146 sep = strchr(value, '/');
148 unsigned char ip_len = sep - value;
150 addressv6 = g_strndup(value, ip_len);
151 prefix_len = (unsigned char)
152 strtol(sep + 1, NULL, 10);
156 if (!strcmp(key, "INTERNAL_IP4_DNS") ||
157 !strcmp(key, "INTERNAL_IP6_DNS"))
158 vpn_provider_set_nameservers(provider, value);
160 if (!strcmp(key, "CISCO_PROXY_PAC"))
161 vpn_provider_set_pac(provider, value);
163 if (domain == NULL && !strcmp(key, "CISCO_DEF_DOMAIN")) {
165 domain = g_strdup(value);
168 if (g_str_has_prefix(key, "CISCO_SPLIT_INC") == TRUE ||
169 g_str_has_prefix(key, "CISCO_IPV6_SPLIT_INC") == TRUE)
170 vpn_provider_append_route(provider, key, value);
172 dbus_message_iter_next(&dict);
175 DBG("%p %p", addressv4, addressv6);
177 if (addressv4 != NULL)
178 ipaddress = connman_ipaddress_alloc(AF_INET);
179 else if (addressv6 != NULL)
180 ipaddress = connman_ipaddress_alloc(AF_INET6);
184 if (ipaddress == NULL) {
191 return VPN_STATE_FAILURE;
194 if (addressv4 != NULL)
195 connman_ipaddress_set_ipv4(ipaddress, addressv4,
198 connman_ipaddress_set_ipv6(ipaddress, addressv6,
199 prefix_len, gateway);
200 vpn_provider_set_ipaddress(provider, ipaddress);
201 vpn_provider_set_domain(provider, domain);
208 connman_ipaddress_free(ipaddress);
210 return VPN_STATE_CONNECT;
213 static void request_input_append_cookie(DBusMessageIter *iter,
216 char *str = "string";
218 connman_dbus_dict_append_basic(iter, "Type",
219 DBUS_TYPE_STRING, &str);
221 connman_dbus_dict_append_basic(iter, "Requirement",
222 DBUS_TYPE_STRING, &str);
225 struct request_input_reply {
226 struct vpn_provider *provider;
227 vpn_provider_auth_cb_t callback;
231 static void request_input_cookie_reply(DBusMessage *reply, void *user_data)
233 struct request_input_reply *cookie_reply = user_data;
234 const char *error = NULL;
237 DBusMessageIter iter, dict;
239 DBG("provider %p", cookie_reply->provider);
241 if (dbus_message_get_type(reply) == DBUS_MESSAGE_TYPE_ERROR) {
242 error = dbus_message_get_error_name(reply);
246 if (vpn_agent_check_reply_has_dict(reply) == FALSE)
249 dbus_message_iter_init(reply, &iter);
250 dbus_message_iter_recurse(&iter, &dict);
251 while (dbus_message_iter_get_arg_type(&dict) == DBUS_TYPE_DICT_ENTRY) {
252 DBusMessageIter entry, value;
254 dbus_message_iter_recurse(&dict, &entry);
255 if (dbus_message_iter_get_arg_type(&entry) != DBUS_TYPE_STRING)
258 dbus_message_iter_get_basic(&entry, &key);
260 if (g_str_equal(key, "OpenConnect.Cookie")) {
261 dbus_message_iter_next(&entry);
262 if (dbus_message_iter_get_arg_type(&entry)
263 != DBUS_TYPE_VARIANT)
265 dbus_message_iter_recurse(&entry, &value);
266 if (dbus_message_iter_get_arg_type(&value)
269 dbus_message_iter_get_basic(&value, &cookie);
272 dbus_message_iter_next(&dict);
276 cookie_reply->callback(cookie_reply->provider, cookie, error,
277 cookie_reply->user_data);
278 g_free(cookie_reply);
281 typedef void (* request_cb_t)(struct vpn_provider *provider,
282 const char *vpncookie,
283 const char *error, void *user_data);
285 static int request_cookie_input(struct vpn_provider *provider,
286 request_cb_t callback, void *user_data)
288 DBusMessage *message;
289 const char *path, *agent_sender, *agent_path;
290 DBusMessageIter iter;
291 DBusMessageIter dict;
292 struct request_input_reply *cookie_reply;
295 connman_agent_get_info(&agent_sender, &agent_path);
297 if (provider == NULL || agent_path == NULL || callback == NULL)
300 message = dbus_message_new_method_call(agent_sender, agent_path,
306 dbus_message_iter_init_append(message, &iter);
308 path = vpn_provider_get_path(provider);
309 dbus_message_iter_append_basic(&iter,
310 DBUS_TYPE_OBJECT_PATH, &path);
312 connman_dbus_dict_open(&iter, &dict);
314 connman_dbus_dict_append_dict(&dict, "OpenConnect.Cookie",
315 request_input_append_cookie, provider);
317 vpn_agent_append_host_and_name(&dict, provider);
319 connman_dbus_dict_close(&iter, &dict);
321 cookie_reply = g_try_new0(struct request_input_reply, 1);
322 if (cookie_reply == NULL) {
323 dbus_message_unref(message);
327 cookie_reply->provider = provider;
328 cookie_reply->callback = callback;
329 cookie_reply->user_data = user_data;
331 err = connman_agent_queue_message(provider, message,
332 connman_timeout_input_request(),
333 request_input_cookie_reply, cookie_reply);
334 if (err < 0 && err != -EBUSY) {
335 DBG("error %d sending agent request", err);
336 dbus_message_unref(message);
337 g_free(cookie_reply);
341 dbus_message_unref(message);
346 static int run_connect(struct vpn_provider *provider,
347 struct connman_task *task, const char *if_name,
348 vpn_provider_connect_cb_t cb, void *user_data,
349 const char *vpncookie)
351 const char *vpnhost, *cafile, *certsha1, *mtu;
352 int fd, err = 0, len;
354 vpnhost = vpn_provider_get_string(provider, "Host");
356 if (vpncookie == NULL) {
357 DBG("Cookie missing, cannot connect!");
362 task_append_config_data(provider, task);
364 vpn_provider_set_string(provider, "OpenConnect.Cookie", vpncookie);
366 certsha1 = vpn_provider_get_string(provider,
367 "OpenConnect.ServerCert");
369 connman_task_add_argument(task, "--servercert",
372 cafile = vpn_provider_get_string(provider, "OpenConnect.CACert");
373 mtu = vpn_provider_get_string(provider, "VPN.MTU");
376 connman_task_add_argument(task, "--cafile",
379 connman_task_add_argument(task, "--mtu", (char *)mtu);
381 connman_task_add_argument(task, "--syslog", NULL);
382 connman_task_add_argument(task, "--cookie-on-stdin", NULL);
384 connman_task_add_argument(task, "--script",
385 SCRIPTDIR "/openconnect-script");
387 connman_task_add_argument(task, "--interface", if_name);
389 connman_task_add_argument(task, (char *)vpnhost, NULL);
391 err = connman_task_run(task, vpn_died, provider,
394 connman_error("openconnect failed to start");
399 len = strlen(vpncookie);
400 if (write(fd, vpncookie, len) != (ssize_t)len ||
401 write(fd, "\n", 1) != 1) {
402 connman_error("openconnect failed to take cookie on stdin");
409 cb(provider, user_data, err);
414 static void free_private_data(struct oc_private_data *data)
416 g_free(data->if_name);
420 static void request_input_cb(struct vpn_provider *provider,
421 const char *vpncookie,
422 const char *error, void *user_data)
424 struct oc_private_data *data = user_data;
426 if (vpncookie == NULL)
427 DBG("Requesting cookie failed, error %s", error);
428 else if (error != NULL)
429 DBG("error %s", error);
431 run_connect(provider, data->task, data->if_name, data->cb,
432 data->user_data, vpncookie);
434 free_private_data(data);
437 static int oc_connect(struct vpn_provider *provider,
438 struct connman_task *task, const char *if_name,
439 vpn_provider_connect_cb_t cb, void *user_data)
441 const char *vpnhost, *vpncookie;
444 vpnhost = vpn_provider_get_string(provider, "Host");
445 if (vpnhost == NULL) {
446 connman_error("Host not set; cannot enable VPN");
450 vpncookie = vpn_provider_get_string(provider, "OpenConnect.Cookie");
451 if (vpncookie == NULL) {
452 struct oc_private_data *data;
454 data = g_try_new0(struct oc_private_data, 1);
459 data->if_name = g_strdup(if_name);
461 data->user_data = user_data;
463 err = request_cookie_input(provider, request_input_cb, data);
464 if (err != -EINPROGRESS) {
465 free_private_data(data);
472 return run_connect(provider, task, if_name, cb, user_data, vpncookie);
475 static int oc_save(struct vpn_provider *provider, GKeyFile *keyfile)
477 const char *setting, *option;
480 setting = vpn_provider_get_string(provider,
481 "OpenConnect.ServerCert");
483 g_key_file_set_string(keyfile,
484 vpn_provider_get_save_group(provider),
485 "OpenConnect.ServerCert", setting);
487 setting = vpn_provider_get_string(provider,
488 "OpenConnect.CACert");
490 g_key_file_set_string(keyfile,
491 vpn_provider_get_save_group(provider),
492 "OpenConnect.CACert", setting);
494 setting = vpn_provider_get_string(provider,
497 g_key_file_set_string(keyfile,
498 vpn_provider_get_save_group(provider),
501 for (i = 0; i < (int)ARRAY_SIZE(oc_options); i++) {
502 if (strncmp(oc_options[i].cm_opt, "OpenConnect.", 12) == 0) {
503 option = vpn_provider_get_string(provider,
504 oc_options[i].cm_opt);
508 g_key_file_set_string(keyfile,
509 vpn_provider_get_save_group(provider),
510 oc_options[i].cm_opt, option);
517 static int oc_error_code(int exit_code)
522 return VPN_PROVIDER_ERROR_CONNECT_FAILED;
524 return VPN_PROVIDER_ERROR_LOGIN_FAILED;
526 return VPN_PROVIDER_ERROR_UNKNOWN;
530 static struct vpn_driver vpn_driver = {
532 .connect = oc_connect,
533 .error_code = oc_error_code,
537 static int openconnect_init(void)
539 return vpn_register("openconnect", &vpn_driver, OPENCONNECT);
542 static void openconnect_exit(void)
544 vpn_unregister("openconnect");
547 CONNMAN_PLUGIN_DEFINE(openconnect, "OpenConnect VPN plugin", VERSION,
548 CONNMAN_PLUGIN_PRIORITY_DEFAULT, openconnect_init, openconnect_exit)