[connman-vpn] Add support for configurable user and groups to run VPN binary. JB#39969
Improved VPN settings. Moved VPN settings from connman/vpn/main.c to connman/vpn/vpn-settings.c to support configurable user and groups for connman tasks (VPN binaries). Added loading of username, group and supplementary groups from connman VPN config file (defaults to /etc/connman/connman-vpn.conf) inside config group VPNBinary. Leading and trailing whitespaces are removed from each config parameter. Configurable VPN binary variables added to connman-vpn.conf: - User = user to use for running VPN binary (text or numeric) - Group = the main group to use for running VPN binary (text or numeric) - SupplementaryGroups = supplementary groups used (separator: comma, text or numeric) These config parameters are used by the custom task setup function vpn_task_setup() (added to vpn/plugins/vpn.c, function type into vpn/plugins/vpn.h). The custom task setup function is added to the task with connman_task_create(), and run by src/task.c:task_setup(). The added vpn_task_setup() function sets the user and groups for starting the VPN binary defined by the VPN plugin before executing exec() (by g_spawn_async_with_pipes). Changes to user and/or groups are made if these parameters are defined in the config. Because of this Connman systemd capabilities list was incremented with CAP_SETGID and CAP_SETUID. Unit tests for vpn-settings.c are added and it tests functionality with no config file, empty config file, config file with minimum content and config file with full content. Currently on Sailfish Os the plugin requires "vpn" as main group, and inet + net_admin groups are required as supplementary groups to gain necessary access to resources.
Showing with 709 additions and 147 deletions