projects / platform / upstream / connman.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Imported Upstream version 1.35
[platform/upstream/connman.git] / vpn / plugins / vpn.c
1 /*
2  *
3  *  ConnMan VPN daemon
4  *
5  *  Copyright (C) 2007-2013  Intel Corporation. All rights reserved.
6  *
7  *  This program is free software; you can redistribute it and/or modify
8  *  it under the terms of the GNU General Public License version 2 as
9  *  published by the Free Software Foundation.
10  *
11  *  This program is distributed in the hope that it will be useful,
12  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
13  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14  *  GNU General Public License for more details.
15  *
16  *  You should have received a copy of the GNU General Public License
17  *  along with this program; if not, write to the Free Software
18  *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
19  *
20  */
21
22 #ifdef HAVE_CONFIG_H
23 #include <config.h>
24 #endif
25
26 #define _GNU_SOURCE
27 #include <string.h>
28 #include <fcntl.h>
29 #include <unistd.h>
30 #include <sys/stat.h>
31 #include <stdio.h>
32 #include <errno.h>
33 #include <sys/ioctl.h>
34 #include <sys/types.h>
35 #include <linux/if_tun.h>
36 #include <net/if.h>
37
38 #include <dbus/dbus.h>
39
40 #include <glib/gprintf.h>
41
42 #include <connman/log.h>
43 #include <connman/rtnl.h>
44 #include <connman/task.h>
45 #include <connman/inet.h>
46
47 #include "../vpn-rtnl.h"
48 #include "../vpn-provider.h"
49
50 #include "vpn.h"
51
52 struct vpn_data {
53         struct vpn_provider *provider;
54         char *if_name;
55         unsigned flags;
56         unsigned int watch;
57         enum vpn_state state;
58         struct connman_task *task;
59         int tun_flags;
60 };
61
62 struct vpn_driver_data {
63         const char *name;
64         const char *program;
65         struct vpn_driver *vpn_driver;
66         struct vpn_provider_driver provider_driver;
67 };
68
69 GHashTable *driver_hash = NULL;
70
71 static int stop_vpn(struct vpn_provider *provider)
72 {
73         struct vpn_data *data = vpn_provider_get_data(provider);
74         struct vpn_driver_data *vpn_driver_data;
75         const char *name;
76         struct ifreq ifr;
77         int fd, err;
78
79         if (!data)
80                 return -EINVAL;
81
82         name = vpn_provider_get_driver_name(provider);
83         if (!name)
84                 return -EINVAL;
85
86         vpn_driver_data = g_hash_table_lookup(driver_hash, name);
87
88         if (vpn_driver_data && vpn_driver_data->vpn_driver &&
89                         vpn_driver_data->vpn_driver->flags == VPN_FLAG_NO_TUN)
90                 return 0;
91
92         memset(&ifr, 0, sizeof(ifr));
93         ifr.ifr_flags = data->tun_flags | IFF_NO_PI;
94         sprintf(ifr.ifr_name, "%s", data->if_name);
95
96         fd = open("/dev/net/tun", O_RDWR | O_CLOEXEC);
97         if (fd < 0) {
98                 err = -errno;
99                 connman_error("Failed to open /dev/net/tun to device %s: %s",
100                               data->if_name, strerror(errno));
101                 return err;
102         }
103
104         if (ioctl(fd, TUNSETIFF, (void *)&ifr)) {
105                 err = -errno;
106                 connman_error("Failed to TUNSETIFF for device %s to it: %s",
107                               data->if_name, strerror(errno));
108                 close(fd);
109                 return err;
110         }
111
112         if (ioctl(fd, TUNSETPERSIST, 0)) {
113                 err = -errno;
114                 connman_error("Failed to set tun device %s nonpersistent: %s",
115                               data->if_name, strerror(errno));
116                 close(fd);
117                 return err;
118         }
119         close(fd);
120         DBG("Killed tun device %s", data->if_name);
121         return 0;
122 }
123
124 void vpn_died(struct connman_task *task, int exit_code, void *user_data)
125 {
126         struct vpn_provider *provider = user_data;
127         struct vpn_data *data = vpn_provider_get_data(provider);
128         int state = VPN_STATE_FAILURE;
129         enum vpn_provider_error ret;
130
131         DBG("provider %p data %p", provider, data);
132
133         if (!data)
134                 goto vpn_exit;
135
136         state = data->state;
137
138         stop_vpn(provider);
139         vpn_provider_set_data(provider, NULL);
140
141         if (data->watch != 0) {
142                 vpn_rtnl_remove_watch(data->watch);
143                 data->watch = 0;
144                 vpn_provider_unref(provider);
145         }
146
147 vpn_exit:
148         if (state != VPN_STATE_READY && state != VPN_STATE_DISCONNECT) {
149                 const char *name;
150                 struct vpn_driver_data *vpn_data = NULL;
151
152                 name = vpn_provider_get_driver_name(provider);
153                 if (name)
154                         vpn_data = g_hash_table_lookup(driver_hash, name);
155
156                 if (vpn_data &&
157                                 vpn_data->vpn_driver->error_code)
158                         ret = vpn_data->vpn_driver->error_code(provider,
159                                         exit_code);
160                 else
161                         ret = VPN_PROVIDER_ERROR_UNKNOWN;
162
163                 vpn_provider_indicate_error(provider, ret);
164         } else
165                 vpn_provider_set_state(provider, VPN_PROVIDER_STATE_IDLE);
166
167         vpn_provider_set_index(provider, -1);
168
169         if (data) {
170                 vpn_provider_unref(data->provider);
171                 g_free(data->if_name);
172                 g_free(data);
173         }
174
175         connman_task_destroy(task);
176 }
177
178 int vpn_set_ifname(struct vpn_provider *provider, const char *ifname)
179 {
180         struct vpn_data *data = vpn_provider_get_data(provider);
181         int index;
182
183         if (!ifname || !data)
184                 return  -EIO;
185
186         index = connman_inet_ifindex(ifname);
187         if (index < 0)
188                 return  -EIO;
189
190         if (data->if_name)
191                 g_free(data->if_name);
192
193         data->if_name = (char *)g_strdup(ifname);
194         vpn_provider_set_index(provider, index);
195
196         return 0;
197 }
198
199 static int vpn_set_state(struct vpn_provider *provider,
200                                                 enum vpn_provider_state state)
201 {
202         struct vpn_data *data = vpn_provider_get_data(provider);
203         if (!data)
204                 return -EINVAL;
205
206         switch (state) {
207         case VPN_PROVIDER_STATE_UNKNOWN:
208                 return -EINVAL;
209         case VPN_PROVIDER_STATE_IDLE:
210                 data->state = VPN_STATE_IDLE;
211                 break;
212         case VPN_PROVIDER_STATE_CONNECT:
213         case VPN_PROVIDER_STATE_READY:
214                 data->state = VPN_STATE_CONNECT;
215                 break;
216         case VPN_PROVIDER_STATE_DISCONNECT:
217                 data->state = VPN_STATE_DISCONNECT;
218                 break;
219         case VPN_PROVIDER_STATE_FAILURE:
220                 data->state = VPN_STATE_FAILURE;
221                 break;
222         }
223
224         return 0;
225 }
226
227 static void vpn_newlink(unsigned flags, unsigned change, void *user_data)
228 {
229         struct vpn_provider *provider = user_data;
230         struct vpn_data *data = vpn_provider_get_data(provider);
231
232         if ((data->flags & IFF_UP) != (flags & IFF_UP)) {
233                 if (flags & IFF_UP) {
234                         data->state = VPN_STATE_READY;
235                         vpn_provider_set_state(provider,
236                                         VPN_PROVIDER_STATE_READY);
237                 }
238         }
239         data->flags = flags;
240 }
241
242 static DBusMessage *vpn_notify(struct connman_task *task,
243                         DBusMessage *msg, void *user_data)
244 {
245         struct vpn_provider *provider = user_data;
246         struct vpn_data *data;
247         struct vpn_driver_data *vpn_driver_data;
248         const char *name;
249         int state, index, err;
250
251         data = vpn_provider_get_data(provider);
252
253         name = vpn_provider_get_driver_name(provider);
254
255         if (!name) {
256                 DBG("Cannot find VPN driver for provider %p", provider);
257                 vpn_provider_set_state(provider, VPN_PROVIDER_STATE_FAILURE);
258                 return NULL;
259         }
260
261         vpn_driver_data = g_hash_table_lookup(driver_hash, name);
262         if (!vpn_driver_data) {
263                 DBG("Cannot find VPN driver data for name %s", name);
264                 vpn_provider_set_state(provider, VPN_PROVIDER_STATE_FAILURE);
265                 return NULL;
266         }
267
268         state = vpn_driver_data->vpn_driver->notify(msg, provider);
269
270         DBG("provider %p driver %s state %d", provider, name, state);
271
272         switch (state) {
273         case VPN_STATE_CONNECT:
274         case VPN_STATE_READY:
275                 if (data->state == VPN_STATE_READY) {
276                         /*
277                          * This is the restart case, in which case we must
278                          * just set the IP address.
279                          *
280                          * We need to remove first the old address, just
281                          * replacing the old address will not work as expected
282                          * because the old address will linger in the interface
283                          * and not disapper so the clearing is needed here.
284                          *
285                          * Also the state must change, otherwise the routes
286                          * will not be set properly.
287                          */
288                         vpn_provider_set_state(provider,
289                                                 VPN_PROVIDER_STATE_CONNECT);
290
291                         vpn_provider_clear_address(provider, AF_INET);
292                         vpn_provider_clear_address(provider, AF_INET6);
293
294                         vpn_provider_change_address(provider);
295                         vpn_provider_set_state(provider,
296                                                 VPN_PROVIDER_STATE_READY);
297                         break;
298                 }
299
300                 index = vpn_provider_get_index(provider);
301                 vpn_provider_ref(provider);
302                 data->watch = vpn_rtnl_add_newlink_watch(index,
303                                                      vpn_newlink, provider);
304                 err = connman_inet_ifup(index);
305                 if (err < 0) {
306                         if (err == -EALREADY)
307                                 /*
308                                  * So the interface is up already, that is just
309                                  * great. Unfortunately in this case the
310                                  * newlink watch might not have been called at
311                                  * all. We must manually call it here so that
312                                  * the provider can go to ready state and the
313                                  * routes are setup properly.
314                                  */
315                                 vpn_newlink(IFF_UP, 0, provider);
316                         else
317                                 DBG("Cannot take interface %d up err %d/%s",
318                                         index, -err, strerror(-err));
319                 }
320                 break;
321
322         case VPN_STATE_UNKNOWN:
323         case VPN_STATE_IDLE:
324         case VPN_STATE_DISCONNECT:
325         case VPN_STATE_FAILURE:
326                 vpn_provider_set_state(provider,
327                                         VPN_PROVIDER_STATE_DISCONNECT);
328                 break;
329
330         case VPN_STATE_AUTH_FAILURE:
331                 vpn_provider_indicate_error(provider,
332                                         VPN_PROVIDER_ERROR_AUTH_FAILED);
333                 break;
334         }
335
336         return NULL;
337 }
338
339 static int vpn_create_tun(struct vpn_provider *provider, int flags)
340 {
341         struct vpn_data *data = vpn_provider_get_data(provider);
342         struct ifreq ifr;
343         int i, fd, index;
344         int ret = 0;
345
346         if (!data)
347                 return -EISCONN;
348
349         fd = open("/dev/net/tun", O_RDWR | O_CLOEXEC);
350         if (fd < 0) {
351                 i = -errno;
352                 connman_error("Failed to open /dev/net/tun: %s",
353                               strerror(errno));
354                 ret = i;
355                 goto exist_err;
356         }
357
358         memset(&ifr, 0, sizeof(ifr));
359         ifr.ifr_flags = flags | IFF_NO_PI;
360
361         for (i = 0; i < 256; i++) {
362                 sprintf(ifr.ifr_name, "vpn%d", i);
363
364                 if (!ioctl(fd, TUNSETIFF, (void *)&ifr))
365                         break;
366         }
367
368         if (i == 256) {
369                 connman_error("Failed to find available tun device");
370                 close(fd);
371                 ret = -ENODEV;
372                 goto exist_err;
373         }
374
375         data->tun_flags = flags;
376         data->if_name = (char *)g_strdup(ifr.ifr_name);
377         if (!data->if_name) {
378                 connman_error("Failed to allocate memory");
379                 close(fd);
380                 ret = -ENOMEM;
381                 goto exist_err;
382         }
383
384         if (ioctl(fd, TUNSETPERSIST, 1)) {
385                 i = -errno;
386                 connman_error("Failed to set tun persistent: %s",
387                               strerror(errno));
388                 close(fd);
389                 ret = i;
390                 goto exist_err;
391         }
392
393         close(fd);
394
395         index = connman_inet_ifindex(data->if_name);
396         if (index < 0) {
397                 connman_error("Failed to get tun ifindex");
398                 stop_vpn(provider);
399                 ret = -EIO;
400                 goto exist_err;
401         }
402         vpn_provider_set_index(provider, index);
403
404         return 0;
405
406 exist_err:
407         return ret;
408 }
409
410 static int vpn_connect(struct vpn_provider *provider,
411                         vpn_provider_connect_cb_t cb,
412                         const char *dbus_sender, void *user_data)
413 {
414         struct vpn_data *data = vpn_provider_get_data(provider);
415         struct vpn_driver_data *vpn_driver_data;
416         const char *name;
417         int ret = 0, tun_flags = IFF_TUN;
418         enum vpn_state state = VPN_STATE_UNKNOWN;
419
420         if (data)
421                 state = data->state;
422
423         DBG("data %p state %d", data, state);
424
425         switch (state) {
426         case VPN_STATE_UNKNOWN:
427                 data = g_try_new0(struct vpn_data, 1);
428                 if (!data)
429                         return -ENOMEM;
430
431                 data->provider = vpn_provider_ref(provider);
432                 data->watch = 0;
433                 data->flags = 0;
434                 data->task = NULL;
435
436                 vpn_provider_set_data(provider, data);
437                 /* fall through */
438
439         case VPN_STATE_DISCONNECT:
440         case VPN_STATE_IDLE:
441         case VPN_STATE_FAILURE:
442         case VPN_STATE_AUTH_FAILURE:
443                 data->state = VPN_STATE_IDLE;
444                 break;
445
446         case VPN_STATE_CONNECT:
447                 return -EINPROGRESS;
448
449         case VPN_STATE_READY:
450                 return -EISCONN;
451         }
452
453         name = vpn_provider_get_driver_name(provider);
454         if (!name)
455                 return -EINVAL;
456
457         vpn_driver_data = g_hash_table_lookup(driver_hash, name);
458
459         if (!vpn_driver_data || !vpn_driver_data->vpn_driver) {
460                 ret = -EINVAL;
461                 goto exist_err;
462         }
463
464         if (vpn_driver_data->vpn_driver->flags != VPN_FLAG_NO_TUN) {
465                 if (vpn_driver_data->vpn_driver->device_flags) {
466                         tun_flags = vpn_driver_data->vpn_driver->device_flags(provider);
467                 }
468                 ret = vpn_create_tun(provider, tun_flags);
469                 if (ret < 0)
470                         goto exist_err;
471         }
472
473         data->task = connman_task_create(vpn_driver_data->program);
474
475         if (!data->task) {
476                 ret = -ENOMEM;
477                 stop_vpn(provider);
478                 goto exist_err;
479         }
480
481         if (connman_task_set_notify(data->task, "notify",
482                                         vpn_notify, provider)) {
483                 ret = -ENOMEM;
484                 stop_vpn(provider);
485                 connman_task_destroy(data->task);
486                 data->task = NULL;
487                 goto exist_err;
488         }
489
490         ret = vpn_driver_data->vpn_driver->connect(provider, data->task,
491                                                 data->if_name, cb, dbus_sender,
492                                                 user_data);
493         if (ret < 0 && ret != -EINPROGRESS) {
494                 stop_vpn(provider);
495                 connman_task_destroy(data->task);
496                 data->task = NULL;
497                 goto exist_err;
498         }
499
500         DBG("%s started with dev %s",
501                 vpn_driver_data->provider_driver.name, data->if_name);
502
503         data->state = VPN_STATE_CONNECT;
504
505         return -EINPROGRESS;
506
507 exist_err:
508         vpn_provider_set_index(provider, -1);
509         vpn_provider_set_data(provider, NULL);
510         vpn_provider_unref(data->provider);
511         g_free(data->if_name);
512         g_free(data);
513
514         return ret;
515 }
516
517 static int vpn_probe(struct vpn_provider *provider)
518 {
519         return 0;
520 }
521
522 static int vpn_disconnect(struct vpn_provider *provider)
523 {
524         struct vpn_data *data = vpn_provider_get_data(provider);
525         struct vpn_driver_data *vpn_driver_data;
526         const char *name;
527
528         DBG("disconnect provider %p:", provider);
529
530         if (!data)
531                 return 0;
532
533         name = vpn_provider_get_driver_name(provider);
534         if (!name)
535                 return 0;
536
537         vpn_driver_data = g_hash_table_lookup(driver_hash, name);
538         if (vpn_driver_data->vpn_driver->disconnect)
539                 vpn_driver_data->vpn_driver->disconnect(provider);
540
541         if (data->watch != 0) {
542                 vpn_provider_unref(provider);
543                 vpn_rtnl_remove_watch(data->watch);
544                 data->watch = 0;
545         }
546
547         data->state = VPN_STATE_DISCONNECT;
548         connman_task_stop(data->task);
549
550         return 0;
551 }
552
553 static int vpn_remove(struct vpn_provider *provider)
554 {
555         struct vpn_data *data;
556
557         data = vpn_provider_get_data(provider);
558         if (!data)
559                 return 0;
560
561         if (data->watch != 0) {
562                 vpn_provider_unref(provider);
563                 vpn_rtnl_remove_watch(data->watch);
564                 data->watch = 0;
565         }
566
567         connman_task_stop(data->task);
568
569         g_usleep(G_USEC_PER_SEC);
570         stop_vpn(provider);
571         return 0;
572 }
573
574 static int vpn_save(struct vpn_provider *provider, GKeyFile *keyfile)
575 {
576         struct vpn_driver_data *vpn_driver_data;
577         const char *name;
578
579         name = vpn_provider_get_driver_name(provider);
580         vpn_driver_data = g_hash_table_lookup(driver_hash, name);
581         if (vpn_driver_data &&
582                         vpn_driver_data->vpn_driver->save)
583                 return vpn_driver_data->vpn_driver->save(provider, keyfile);
584
585         return 0;
586 }
587
588 int vpn_register(const char *name, struct vpn_driver *vpn_driver,
589                         const char *program)
590 {
591         struct vpn_driver_data *data;
592
593         data = g_try_new0(struct vpn_driver_data, 1);
594         if (!data)
595                 return -ENOMEM;
596
597         data->name = name;
598         data->program = program;
599
600         data->vpn_driver = vpn_driver;
601
602         data->provider_driver.name = name;
603         data->provider_driver.disconnect = vpn_disconnect;
604         data->provider_driver.connect = vpn_connect;
605         data->provider_driver.probe = vpn_probe;
606         data->provider_driver.remove = vpn_remove;
607         data->provider_driver.save = vpn_save;
608         data->provider_driver.set_state = vpn_set_state;
609
610         if (!driver_hash)
611                 driver_hash = g_hash_table_new_full(g_str_hash,
612                                                         g_str_equal,
613                                                         NULL, g_free);
614
615         if (!driver_hash) {
616                 connman_error("driver_hash not initialized for %s", name);
617                 g_free(data);
618                 return -ENOMEM;
619         }
620
621         g_hash_table_replace(driver_hash, (char *)name, data);
622
623         vpn_provider_driver_register(&data->provider_driver);
624
625         return 0;
626 }
627
628 void vpn_unregister(const char *name)
629 {
630         struct vpn_driver_data *data;
631
632         data = g_hash_table_lookup(driver_hash, name);
633         if (!data)
634                 return;
635
636         vpn_provider_driver_unregister(&data->provider_driver);
637
638         g_hash_table_remove(driver_hash, name);
639
640         if (g_hash_table_size(driver_hash) == 0)
641                 g_hash_table_destroy(driver_hash);
642 }
Domain: Network & Connectivity / Data Network;