1. 25 Mar, 2020 20 commits
    • Jussi Laakkonen's avatar
      Merge branch 'jb47637' into 'master' · f4598a4a
      Jussi Laakkonen authored
      Add support for setting user dir on the fly
      See merge request !242
    • Jussi Laakkonen's avatar
      doc: Document net.connman.Storage ChangeUser D-Bus API · 5b576f43
      Jussi Laakkonen authored
      [doc] Document net.connman.Storage ChangeUser D-Bus API. JB#47637
      Describe the functionality of the ChangeUser method and list the errors
      with their description in storage-api.txt.
    • Jussi Laakkonen's avatar
      [unit] Create tests for storage.c. JB#47637 · 18e81991
      Jussi Laakkonen authored
       - Basic use of storage.c
       - Global settings
       - D-Bus and user change, with multiple user changes as well
       - Invalid users
       - Service file use is tested, also in user change
       - Callback use in user change is tested
       - Tests for technology.c callbacks are included.
      Because the unit test is not running threads the callback counts cannot
      be properly checked as the storage.c is normally used in separate
      processes. In the test the counts are not representing correct amounts
      because other "component" makes changes to certain values. It may not be
      feasible to separate all the content for connmand and vpnd specific to
      satisfy unit testing needs.
      Also verify that root and user files are not removed when changing user
      in scenario where the services and providers are not tested for removal.
      Added service.c and vpn-provider.c functions are not tested with this unit
    • Jussi Laakkonen's avatar
    • Jussi Laakkonen's avatar
      [unit] Fix tests and tools for storage access use. JB#47637 · 44b923b5
      Jussi Laakkonen authored
      Add unit tests for connmand and vpnd side.
    • Jussi Laakkonen's avatar
      [vpn] Register access control functions for VPN storage. JB#47637 · 2be9c392
      Jussi Laakkonen authored
      Use wrapper for the user change function to avoid having need to pass
      the VPN access specific content to storage.c.
    • Jussi Laakkonen's avatar
      [connman] Register access control functions for storage. JB#47637 · fee6dbfb
      Jussi Laakkonen authored
      Pass the storage policy create, user change check and policy free
      functions as callbacks to __connman_storage_register_dbus().
    • Jussi Laakkonen's avatar
      [storage] Use D-Bus access control for storage ChangeUser. JB#47637 · 77990110
      Jussi Laakkonen authored
      Implement callbacks for D-Bus access control functions for creating a
      policy and checking if the D-Bus method is allowed. Use separate
      callback for VPN check.
    • Jussi Laakkonen's avatar
    • Jussi Laakkonen's avatar
      [connman] Implement access policy for storage.c. JB#47637 · 43b5ba53
      Jussi Laakkonen authored
      Only privileged users can access the net.connman.Storage.ChangeUser.
    • Jussi Laakkonen's avatar
      connman: Add support for setting user dirs via D-Bus · fa429236
      Jussi Laakkonen authored
      [connman] Add support for setting user dirs via D-Bus. JB#47637
      Support user changing and use __connman_storage_create_dir() for general
      storage dir creation.
      Use __connman_service_load_services() for service loading and
      __connman_service_unload_services() for service unloading functions. Use
      __connman_technology_disable_all() for preparing user change to disable
      all technologies before storage path is changed and
      __connman_technology_enable_from_config() for restoring the states for
      the technology types from the new config after change is done.
    • Jussi Laakkonen's avatar
      vpn: Add support for setting user dirs via D-Bus · 2c51986e
      Jussi Laakkonen authored
      [vpn] Add support for setting user dirs via D-Bus. JB#47637
      Reorganize initialization in main.c to have D-Bus and log setup before
      storage and rest are initialized. Storage requires D-Bus to be
      initialized before the user change D-Bus interface is registered.
      Register only unloading and loading of provider functions to storage.c
      since with VPNs no preparations or post actions are required. In
      addition, use the __vpn_settings_set_binary_user_override() as
      finalization function to change the user for running a VPN, if it was
      previously set.
    • Jussi Laakkonen's avatar
      [unit] Improve vpn-settings unit tests and test user override. JB#47637 · f3b0d2bc
      Jussi Laakkonen authored
      Improve existing unit tests by allowing to use the plugin specific
      configuration files. Add new tests for plugin configurations and user
    • Jussi Laakkonen's avatar
      vpn-settings: Make VPN plugin dir configurable · 97537cc3
      Jussi Laakkonen authored
      [vpn-settings] Make VPN plugin dir configurable. JB#47637
      Add config root path as parameter to __vpn_settings_init() to make the
      path configurable. The config root path is amended with the
      PLUGIN_CONFIGDIR ("vpn-plugin"). Also, always apply default values to
      vpn settings when initializing and reset them to NULL when cleanup is
    • Jussi Laakkonen's avatar
      vpn-settings: Implement user override for running a VPN · 2fb2173a
      Jussi Laakkonen authored
      [vpn-settings] Implement user override for running a VPN. JB#47637
      Add possibility to override the user that is used to run a VPN binary.
      This setting is not read from configs and is a runtime setting only.
      The main use for this is when active user has been changed and the VPN
      binary is configured to be ran as different user.
      The override is used if the VPN plugin specific config or the VPN daemon
      config has an username specified. If the configured username is a system
      user or is missing override is not used. Reason is that VPN's without
      config or configured system user may have been set because of system
      For allowing to set the system users that are not overridden by the
      active user change setting "SystemBinaryUsers" is implemented. This
      string list, similar to SupplementaryGroups, is read from the
      DACPrivileges group and can be defined only in the vpnd main config
      file. If this setting is omitted, override is prevented only for the
      root user or the user running the process (uid equals process euid).
    • Jussi Laakkonen's avatar
      vpn-provider: Add functions to load and unload providers · 2f5e46e8
      Jussi Laakkonen authored
      [vpn-provider] Add functions to load and unload providers. JB#47637
      Load providers for each VPN driver separately using
      provider_create_all_from_type() when user/path for storage is changed.
      Process is identical to when vpn-provider.c is initialized.
      Provider unloading uses the array of provider identifiers to delete the
      providers. This is to be called only when user is changed and storage.c
      has the unload_only boolean set to avoid having the provider files to be
      removed as well.
    • Jussi Laakkonen's avatar
      [unit] Fix unit tests and tools after storage changes. JB#47637 · bfdd1fa1
      Jussi Laakkonen authored
      Add build sources and gdbus lib to many unit tests and tools to avoid
      adding a ton of stubs to each code. Modify test to remove dupliacte or
      missing definitions.
    • Jussi Laakkonen's avatar
      technology: Add pre and post setup functions for user change · 8b833679
      Jussi Laakkonen authored
      [technology] Add pre and post setup functions for user change. JB#47637
      When doing preparation setup all technologies in use will be disabled.
      All pending scans are disabled, by device and to make sure that each
      reply is sent __connman_technology_scan_stopped() is called in addition.
      Offline mode is not changed and does not affect the preparation setup.
      When doing post setup the offline mode is read from the new settings
      file. Next each technology is updated based on its "Enable" value in the
      settings file. If the technology is to be enabled but ConnMan is in
      offline mode enabling of the technology is skipped and enable persistent
      is set to enable restoring the technology when leaving offline mode. To
      ensure that overrides are not set the offline mode is set first if it is
      disabled and currently in offline mode.
      According to __connman_technology_add_device() the power indication is
      not done if a non-rfkill device is simply enabled.
      __connman_technology_enabled() will trigger the change. This is added to
      technology_affect_devices() functionality to ensure that proper power
      indication is done when device reports that it is already enabled.
    • Jussi Laakkonen's avatar
      service: Implement service unload and load functions · f8236afe
      Jussi Laakkonen authored
      [service] Implement service unload and load functions. JB#47637
      Implement __connman_service_unload_services() for removing services from
      use and __connman_service_load_services() for triggering and adding
      load_wifi_services() to main loop for loading services. In this case
      services are loaded immediately without timeout, different from
      initialization of service.c.
    • Jussi Laakkonen's avatar
      storage: Add support for changing storage directory · 681fec40
      Jussi Laakkonen authored
      [storage] Add support for changing storage directory. JB#47637
      This implements support for changing the storage directory for service
      settings. User specific WiFi and VPN services are only supported. All
      other services will remain in the system main storage directory.
      Storage registers ChangeUser D-Bus method to "net.connman.Storage"
      D-Bus interface when setup via connmand. And when using for VPN
      "net.connman.vpn.Storage" D-Bus interface is used.
      Each storage directory change is done when storage D-Bus method
      ChangeUser is called with an user id (UID) as a parameter. The UID is
      verified with getpwuid() and must be a valid user on the system having
      a valid login shell available in /etc/shells (getusershell() is used).
      System user (UID = 0) can be changed as well, usually user "root",
      effective only if there was another user set, and causes the storage to
      return back to original use. In such case storage.c uses the configured
      storage root or the default one if it is not configured. Path for user
      storage is formed by concatenating user home directory and
      DEFAULT_USER_STORAGE which is defined by userstoragedir as a build time
      configurable variable in Makefile.am.
      Attempts to change to the same user that is set, or setting the main
      system user will result in D-Bus error .AlreadyEnabled and nothing is
      done. If there is user directory already set and another directory is
      beings set the services and VPN providers in the old user directory are
      removed after the pre callback is executed. This is done also when
      returning to system main directory use.
      __connman_storage_set_register_dbus() is called to register the
      interface and to setup the callbacks. The callbacks are used for
      technology and service removal and loading and are executed in the
      following order:
       - pre is the callback that is executed as first to do tech cleanup
       - unload is called to remove the current services from use
       - load is called to load the services/providers with new directory
       - post is executed to restore the newly loaded settings
       - finalize is executed as last when change is done
      A new boolean for disabling service removal when changing storage
      directory is added into storage.c. This, only_unload, is used to
      indicate the storage dir change for other parts of storage.c.
      The retrieval of the services is now done in two phases. First, the
      system services are requested and this filters out the system WiFi
      services if the storage directory was changed. Then the new storage
      directory WiFi services are included in the list, if the user specific
      new storage directory is set. With VPN providers, the returned list
      contains only either of the VPN providers: system providers with default
      storage directory and new storage directory, the user VPN providers.
  2. 24 Mar, 2020 2 commits
  3. 18 Feb, 2020 3 commits
    • ballock's avatar
      Merge branch 'master' into 'master' · b5c23d5f
      ballock authored
      [iptables] Rewrite syntax parser. Fixes JB#47592
      See merge request !252
    • ballock's avatar
      unit: Fix old tests for the rewritten parser · 66953863
      ballock authored
      Mosts tests were fixed by replacing them with a more extreme version -
      either one that doesn't work even with the improved parser,
      or one that will work even with the improved parser.
      Some tests remained, but changed the outcome, for those the count
      was adjusted:
      iptables -A INPUT -p icmpv6 -j REJECT
      iptables -A INPUT -p ipv6-icmp -j ACCEPT
      iptables -A INPUT -p mh -j QUEUE
      ip6tables -A INPUT -p icmp -j QUEUE
      iptables -A OUTPUT -p mh -j QUEUE
      Normally /etc/protocols is used to resolve these names. However,
      this file has no idea that some protocols are invalid against
      a different address family. As these resolve to just protocol numbers
      that can be used in ipv4 or ipv6, and no other tool complains,
      we let it through.
      As for the modified tests, reasons are:
       - -p dccp/sctp didn't specify -m dccp/sctp. It was decided that
         a match is required, so we don't allow port options without it.
       - there's no -m udplite, only -m multiport can filter udplite port.
       - -m doesn't accept negation.
       - we decided that multiport can't use --sport/dport options, only its
         plural equivalent. It only worked previously by chance.
       - there was never a --dst/src option. This produced half-empty rule,
         at least that's what iptables-test does.
       - --ecn-ip-ect works in all ip protocols, not just tcp.
       - port:port ranges were always valid --dport/sport options
       - some matches are fine with no options specific to it. Eg. tcp and
       - sctp, mh, and dccp are supported to some degree by now.
       - double matches are ok. You can use it to filter on dst and src port
         -p udplite -m multiport --sports 80 -m multiport --dports 4443 \
            -j ACCEPT
         which would be impossible otherwise (single -m multiport only allows
         a single port used, be it source or dest, and there's no -m udplite)
    • ballock's avatar
      iptables-validate: Rewrite rule syntax parser · 480caa6b
      ballock authored
      New parser is much more consistent, and allows for more variations than
      the previous one - multiple -m options are accepted, every option has
      a definition if it can accept negation character, or not. The arguments
      are verified for consistency with a whitelist of arguments, not with
      a combined set of a blacklist + option whitelist.
      Some fixes were also introduced to the verification functions, more
      edge cases are handled.
      Some assumptions were changed, so the rules that pass or fail with this
      parser are different. This is done on purpose.
  4. 07 Feb, 2020 3 commits
  5. 05 Feb, 2020 2 commits
    • Jussi Laakkonen's avatar
      Merge branch 'sandbox_vpnd' into 'master' · a0b3b336
      Jussi Laakkonen authored
      Sandbox connman-vpnd
      See merge request !241
    • Jussi Laakkonen's avatar
      [systemd] Sandbox connman-vpnd. JB#44449 JB#37897 · bab88efb
      Jussi Laakkonen authored
      PrivateTmp restricts /tmp use and apparently child processes can use
      that as well. This is because vpnd -> openvpn communicate via unix
      socket in /tmp.
      /dev/net/tun is used by many VPNs.
      /dev/net/{ppp,ptmx} are required by L2TP and PPTP (because of PPP).
      Home cannot be protected because vpnd will read VPN settings from
      /home/.system/var/lib/connman-vpn. Also, the child processes started
      (the VPN processes) can read from arbitrary locations within /home/nemo
      (or from SD card).
  6. 31 Jan, 2020 5 commits
    • Santtu Lakkala's avatar
      Merge branch 'jb47674' into 'master' · b822a130
      Santtu Lakkala authored
      [connman] Rewrite openconnect plugin to use libopenconnect. Contributes to JB#47674
      See merge request !243
    • Santtu Lakkala's avatar
      [connman] Rewrite openconnect plugin to use libopenconnect. Contributes to JB#47674 · 42b76f60
      Santtu Lakkala authored
      Replaces the fork/exec and output parsing with usage of libopenconnect
      for authentication. The actual connection establishment is still done by
      calling the openconnect binary using the token obtained via the use of
      the library.
      The library has a proprietary main loop and provides only a synchronous
      API, which is worked around by using a thread to run the authentication.
      The events from the library are then delegated to the main thread via
      the event loop.
    • Jussi Laakkonen's avatar
      Merge branch 'jb45905' into 'master' · c4c68ac1
      Jussi Laakkonen authored
      [openvpn] Fix state transition and disable TCP conn retry. Fixes JB#45905
      See merge request !254
    • Jussi Laakkonen's avatar
      openvpn: Disable connection retry attempts when TCP is used as transport · ce7507a5
      Jussi Laakkonen authored
      By default OpenVPN will retry the connection ad infinitum with TCP
      unless the limit is explicitly specified. The process is not restarted,
      nor is the error reported via management channel.
      When establishing the connection following is being output by OpenVPN
      if the TCP connection is reset, but none of this is reported back to
      ConnMan and OpenVPN keeps on trying:
      openvpn[18161]: Attempting to establish TCP connection with [AF_INET]<IP>:<PORT> [nonblock]
      openvpn[18161]: TCP connection established with [AF_INET]<IP>:<PORT>
      openvpn[18161]: TCP_CLIENT link local: (not bound)
      openvpn[18161]: TCP_CLIENT link remote: [AF_INET]<IP>:<PORT>
      openvpn[18161]: Connection reset, restarting [0]
      openvpn[18161]: SIGUSR1[soft,connection-reset] received, process restarting
      openvpn[18161]: Restart pause, 5 second(s)
      The delay will increase up to 300s. And the process may just keep on
      going if the connection is only reset.
      If the TCP connection breaks while OpenVPN is in connected state, and
      hostname of the VPN server is used following is output by OpenVPN - and
      still none of this is reported to ConnMan via management socket:
      openvpn[5639]: RESOLVE: Cannot resolve host address: <addr> (Temporary failure in name resolution)
      openvpn[5639]: RESOLVE: Cannot resolve host address: <addr> (Temporary failure in name resolution)
      openvpn[5639]: Could not determine IPv4/IPv6 protocol
      openvpn[5639]: SIGUSR1[soft,init_instance] received, process restarting
      openvpn[5639]: Restart pause, 160 second(s)
      After this network neturally ceases to work, DNS servers set cannot
      respond because there is no TCP connection to the VPN server and the VPN
      adapter set as default route will drop all packets because of that. For
      this reason it is better to let OpenVPN connect only once and report the
      error back to ConnMan. Therefore, disable connection retrying by setting
      the retry count to 1 (no retry).
    • Jussi Laakkonen's avatar
      openvpn: Ensure complete VPN provider state transition when disconnecting · a1662a41
      Jussi Laakkonen authored
      Explicitly set VPN provider disconnect state to ensure full state
      transition from ready -> disconnect -> idle. The OpenVPN process may
      refuse to shut down completely because of VPN interface being busy
      (openvpn request >FATAL:ERROR: Cannot ioctl TUNSETIFF vpn0: Device or
      resource busy (errno=16)) and a process is left behind. The cause for
      such behavior is from OpenVPN TCP "Connection reset" leading to "Restart
      pause" of increasing amount of seconds. This happens when the server has
      some limits for re-connections, or the server is simply slow in
      accepting TCP clients, or the transport abruptly goes away. As a result
      the state transition to ready -> disconnect -> idle is not complete.
      By updating the state in ov_disconnect()
      vpn_provider.c:__vpn_provider_connect() is prevented from connecting
      until the state transition is complete. Commit
      be1b90c6db3d0c71a25369ac1fb8c5628ea28acc introduced this problem by
      implementing the ov_disconnect() so vpn.c:vpn_disconnect() did not do
      the state transition for OpenVPN.
  7. 30 Jan, 2020 2 commits
    • flypig's avatar
      Merge branch 'jb48468_send_signal' into 'master' · 4582f2c2
      flypig authored
      Avoid setting Favorite flag without signal on service create
      See merge request !256
    • flypig's avatar
      [connman] Avoid setting Favorite flag without signal on service create. Fixes JB#48468 · f3a4dafd
      flypig authored
      When a new service is created using __connman_service_create() the
      Favorite flag is set to mirror the AutoConnect flag. However the service
      may already exist. If so, any change of the flag value should emit a
      dbus signal, so that anything keeping track of the value knows.
      In particular the lack of signal causes difficulties for
      QNetworkConfigManager and QConnmanEngine in qtbase, which under some
      circumstances will be waiting on a Favorite PropertyChange dbus signal
      in order to trigger a move to the online state. If the Favorite value is
      set to true on creation without a signal, QNetworkConfigManager may stay
      offline even though there's a connection.  This can happen with WPA-EAP
      networks, for example.
  8. 29 Jan, 2020 1 commit
  9. 27 Jan, 2020 2 commits