1. 04 Nov, 2020 5 commits
  2. 28 Oct, 2020 4 commits
  3. 23 Oct, 2020 9 commits
    • Jussi Laakkonen's avatar
      Merge branch 'jb48841' into 'master' · 3c7bcb6e
      Jussi Laakkonen authored
      Set VPNC pid file location based on the user running the plugin
      
      See merge request !288
      3c7bcb6e
    • Jussi Laakkonen's avatar
      [provider] Use dbus_bool_t when SplitRouting to D-Bus msg. Fixes JB#51551 · 28117c14
      Jussi Laakkonen authored
      This fixes the crash that happens when SplitRouting value is added to
      the D-Bus message as regular boolean. dbus_bool_t is used instead.
      28117c14
    • Jussi Laakkonen's avatar
    • Jussi Laakkonen's avatar
      unit: Add unit tests for vpn-util.c · 538989b7
      Jussi Laakkonen authored
      [unit] Add unit tests for vpn-util.c. JB#44841
      
      Basic unit tests utilizing temporary dir for the file creation tests.
      538989b7
    • Jussi Laakkonen's avatar
      vpn: Use util functions for getting uid and gid · 8a2e1729
      Jussi Laakkonen authored
      [vpn] Use util functions for getting uid and gid. JB#48841
      
      Change to use vpn-util.c functions for getting struct passwd and struct
      group using the username/uid as string. Change gint to respective uid_t
      and gid_t.
      8a2e1729
    • Jussi Laakkonen's avatar
      vpnc: Support setting the pid file path to /var/run/user · 0d133553
      Jussi Laakkonen authored
      [vpnc] Support setting the pid file path to /var/run/user. Fixes JB#48841
      
      Use the new util and settings functions to get the user that is used to
      run the VPNC plugin in order to set a correct pid file path. If system
      user is used utilize the default path.
      
      Path prefix is set to /var/run/user, and suffix vpnc/pid is added as
      well. With user 1000 this results to pid file path of
      /var/run/user/1000/vpnc/pid.
      0d133553
    • Jussi Laakkonen's avatar
      vpn: Add CAP_CHOWN CAP_FOWNER capabilities for path creation · f6b26a3c
      Jussi Laakkonen authored
      [vpn] Add CAP_CHOWN CAP_FOWNER capabilities for path creation. JB#48841
      
      vpnd needs these permissions because of vpn-util.c needs to change the
      owner/group and permissions for the created/existing dir.
      f6b26a3c
    • Jussi Laakkonen's avatar
      vpn-util: Create utility file for VPN core and plugins · 7e646b91
      Jussi Laakkonen authored
      [vpn-util] Create utility file for VPN core and plugins. JB#48841
      
      Create vpn-util.c for VPN core and plugins to use. This is a first step
      in establishing some sort of lib for them.
      
      Add functionality to get the user struct passwd and struct group using
      the username and groupname. This was previously only within
      vpn-settings.c.
      
      Expose is_system_user() as vpn_settings_is_system_user() for plugins to
      use.
      
      Add function to create dir for a VPN plugin. The basename of the given
      path is used and it must have a prefix of "/var/run/connman-vpn/",
      "/var/run/user/" or "/tmp/" and must not contain ".." or "./". One
      directory element must be provided after the prefix, e.g. "/tmp/dir/".
      If the basename path is an existing dir permissions and ownership is
      changed according to the request ones, otherwise the file is removed and
      then created, as if it never existed. g_unlink() is used to handle safe
      removals of symlink, which also enables detection of parent dir write
      permissions - error is returned unless the dir exists, in which case
      ownership and permissions are attempted to be set accordingly.
      
      In order to reduce the potential of using the vpn_util_create_path()
      with a malicious purpose the prefixes limit access only to run-time and
      temporary locations. VPN core and plugins do not need more access to
      file system, but to create a temp/run-time dir, e.g., for a pid file.
      7e646b91
    • Jussi Laakkonen's avatar
      Merge branch 'jb51501' into 'master' · d009132b
      Jussi Laakkonen authored
      pptp: Support --idle-wait and --max-echo-wait options
      
      See merge request !294
      d009132b
  4. 22 Oct, 2020 2 commits
    • Jussi Laakkonen's avatar
      pptp: Support --idle-wait and --max-echo-wait options · 72d61dee
      Jussi Laakkonen authored
      [pptp] Support --idle-wait and --max-echo-wait options. Fixes JB#51501
      
      Implement support for --idle-wait and --max-echo-wait options. By
      default these are set to 60 if omitted.
      
      Added OPT_PPTP_ONLY to be able to separate these from the PPPD options.
      All PPTP options need to be added with "pty" as one option in order for
      them to work.
      72d61dee
    • Jussi Laakkonen's avatar
      Merge branch 'jb51497' into 'master' · 12cad5f8
      Jussi Laakkonen authored
      Add support for OpenVPN --ping, --ping-exit and --remap-usr1 values
      
      See merge request !293
      12cad5f8
  5. 21 Oct, 2020 1 commit
    • Jussi Laakkonen's avatar
      openvpn: Add support for --ping, --ping-exit and --remap-usr1 · af6675cd
      Jussi Laakkonen authored
      [openvpn] Add support for --ping, --ping-exit and --remap-usr1. Fixes JB#51497
      
      Add support for --ping (OpenVPN.Ping) and --ping-exit (OpenVPN.PingExit)
      configuration values. Set defaults of 10 for ping and 60 for ping exit
      from https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
      
      Set --ping-restart only with TCP since with UDP it is more feasible to
      use --ping and --ping-exit with the default values if the values are
      unset. If with TCP --ping-exit is set ignore --ping-restart as the values
      are mutually exclusive.
      
      Add --remap-usr1 option which remaps SIGUSR1 as SIGHUP/SIGTERM in order
      to restart the process when errors are detected. OpenVPN does handle
      some errors internally and it may not always be good with ConnMan
      monitoring it.
      af6675cd
  6. 06 Oct, 2020 3 commits
  7. 05 Oct, 2020 4 commits
  8. 25 Sep, 2020 1 commit
    • Marko Saukko's avatar
      Disable wispr support. · 7f9c6cf1
      Marko Saukko authored
      [packaging] Disable wispr support. Contributes to JB#49579
      
      We do not currently use this and it drags in gnutls dependency which is
      not really needed anywhere else on the platform. Thus dropping this
      dependency for now.
      Signed-off-by: default avatarMarko Saukko <marko.saukko@jolla.com>
      7f9c6cf1
  9. 23 Sep, 2020 1 commit
  10. 22 Sep, 2020 2 commits
    • Rahul Jain's avatar
      iptables: Fix IPv6 invflags update · f342cfc5
      Rahul Jain authored
      Commit 5ecd6a580534 ("iptables: Introduce IPv6 iptables management.")
      introduced the IPv6 management though contains a copy & paste error
      for updating the invflags. Update the IPv6 invflags instead the IPv4
      invflags.
      f342cfc5
    • Jussi Laakkonen's avatar
      vpn: Move vpn_provider_get_ident() declaration to vpn-provider.h · 239035da
      Jussi Laakkonen authored
      [vpn] Move vpn_provider_get_ident() decl. to vpn-provider.h. JB#51177
      
      All the functions the VPN plugins would need should be declared in the
      relevant headers. VPNs do not need to include vpn/vpn.h as the functions
      declared there are not for plugins to use.
      
      Drop also the "../vpn.h" include from OpenVPN plugin, which was only
      plugin using vpn_provider_get_ident().
      239035da
  11. 11 Sep, 2020 6 commits
    • Jussi Laakkonen's avatar
      Merge branch 'jb45606' into 'master' · bfe90123
      Jussi Laakkonen authored
      Change to use split routing for VPNs instead of default route
      
      See merge request !278
      bfe90123
    • Jussi Laakkonen's avatar
      doc: Document VPN connection split routing boolean. · 7a82e6ff
      Jussi Laakkonen authored
      [doc] Document VPN connection split routing boolean. JB#45606
      7a82e6ff
    • Jussi Laakkonen's avatar
      vpn-provider: Support split routing option for VPN providers · 0a72d0ab
      Jussi Laakkonen authored
      [vpn-provider] Support split routing option for VPN providers. JB#45606
      
      Add the same option as service.c has on connmand side to vpnd in
      vpn-provider.c. Replace all uses of default route except in supporting
      it as a legacy option when loading from config value and receiving via
      D-Bus API. SplitRouting is a boolean in every form, internal, settings
      file and in D-Bus API.
      
      The "DefaultRoute" is converted to "SplitRouting" if it exists in the
      settings file. Also, if some component wishes to use still
      "DefaultRoute" it is converted to "SplitRouting" when received via D-Bus
      API. DefaultRoute "true" means the same as SplitRouting bool false.
      Property change notifications on DefaultRoute are not sent anymore and
      these are replaced with SplitRouting notifications.
      0a72d0ab
    • Jussi Laakkonen's avatar
      vpn-config: Implement function to get boolean from keyfile · ed947fd0
      Jussi Laakkonen authored
      [vpn-config] Implement function to get boolean from keyfile. JB#45606
      
      Simple boolean getter for VPN keyfiles. In case of error (key missing or
      invalid boolean) the default value given is returned.
      ed947fd0
    • Jussi Laakkonen's avatar
      [unit] Accommodate split routing changes in service.c test. JB#45606 · 826942c3
      Jussi Laakkonen authored
      Change to use split routing instead of default route. Add logging
      support to the service.c unit test.
      826942c3
    • Jussi Laakkonen's avatar
      [connman] Replace default route opt with split routing use. JB#45606 · cc810fcc
      Jussi Laakkonen authored
      Default route option "DefaultRoute" is replaced with split routing use.
      The use is the complete opposite compared to default route option. When
      split routing is set as "true" the VPN is treated as non-default route,
      and when set as "false" (the default) VPN is used as the main gateway
      for traffic. This change removes the use of default route from connmand.
      
      To make possible to use split routing service.c:set_split_routing() is
      changed to __connman_service_set_split_routing() and
      provider.c:connman_provider_set_split_routing() using the aforementioned
      function is implemented (for plugins).
      
      Cleaned up some code as well (intendations). Removed our default route
      connection.c additions which proved to be unnecessary with split
      routing.
      cc810fcc
  12. 09 Sep, 2020 2 commits