| OLD | NEW |
|---|
| (Empty) | |
| 1 /* |
| 2 * L2TP/IPsec VPN plugin. |
| 3 * |
| 4 * Copyright (c) 2011 The Chromium OS Authors. All rights reserved. |
| 5 * Use of this source code is governed by a BSD-style license that can be |
| 6 * found in the LICENSE file. |
| 7 * |
| 8 */ |
| 9 |
| 10 #ifdef HAVE_CONFIG_H |
| 11 #include <config.h> |
| 12 #endif |
| 13 |
| 14 #include <string.h> |
| 15 #include <errno.h> |
| 16 #include <unistd.h> |
| 17 #include <sys/types.h> |
| 18 #include <sys/stat.h> |
| 19 #include <fcntl.h> |
| 20 |
| 21 #include <stdio.h> |
| 22 #include <net/if.h> |
| 23 |
| 24 #include <glib.h> |
| 25 |
| 26 #define CONNMAN_API_SUBJECT_TO_CHANGE |
| 27 #include <connman/plugin.h> |
| 28 #include <connman/provider.h> |
| 29 #include <connman/log.h> |
| 30 #include <connman/task.h> |
| 31 #include <connman/dbus.h> |
| 32 #include <connman/inet.h> |
| 33 |
| 34 #include "vpn.h" |
| 35 |
| 36 #define _DBG_VPN(fmt, arg...) DBG(DBG_VPN, fmt, ## arg) |
| 37 |
| 38 static DBusConnection *connection; |
| 39 |
| 40 static DBusMessage *li_get_sec(struct connman_task *task, |
| 41 DBusMessage *msg, void *user_data) |
| 42 { |
| 43 const char *user, *passwd; |
| 44 struct connman_provider *provider = user_data; |
| 45 |
| 46 if (dbus_message_get_no_reply(msg) == FALSE) { |
| 47 DBusMessage *reply; |
| 48 |
| 49 user = connman_provider_get_string(provider, "L2TPIPsec.User"); |
| 50 passwd = connman_provider_get_string(provider, |
| 51 "L2TPIPsec.Password"); |
| 52 |
| 53 if (user == NULL || strlen(user) == 0) { |
| 54 _DBG_VPN("%s: User not set", __func__); |
| 55 return NULL; |
| 56 } |
| 57 if (passwd == NULL || strlen(passwd) == 0) { |
| 58 _DBG_VPN("%s: Password not set", __func__); |
| 59 return NULL; |
| 60 } |
| 61 |
| 62 reply = dbus_message_new_method_return(msg); |
| 63 if (reply == NULL) |
| 64 return NULL; |
| 65 |
| 66 dbus_message_append_args(reply, DBUS_TYPE_STRING, &user, |
| 67 DBUS_TYPE_STRING, &passwd, |
| 68 DBUS_TYPE_INVALID); |
| 69 |
| 70 return reply; |
| 71 } |
| 72 |
| 73 return NULL; |
| 74 } |
| 75 |
| 76 static int li_notify(DBusMessage *msg, struct connman_provider *provider) |
| 77 { |
| 78 DBusMessageIter iter, dict; |
| 79 const char *reason, *key; |
| 80 char *value; |
| 81 char *ifname = NULL; |
| 82 char *dns_servers[3]; |
| 83 struct connman_ipaddress ipaddr; |
| 84 |
| 85 dbus_message_iter_init(msg, &iter); |
| 86 |
| 87 dbus_message_iter_get_basic(&iter, &reason); |
| 88 dbus_message_iter_next(&iter); |
| 89 |
| 90 _DBG_VPN("%s: Reason %s", __func__, reason); |
| 91 |
| 92 if (provider == NULL) { |
| 93 connman_error("%s: No provider found", __func__); |
| 94 return VPN_STATE_FAILURE; |
| 95 } |
| 96 |
| 97 if (strcmp(reason, "connect")) |
| 98 return VPN_STATE_DISCONNECT; |
| 99 |
| 100 memset(&ipaddr, 0, sizeof(ipaddr)); |
| 101 ipaddr.af = AF_INET; |
| 102 ipaddr.mask |= CONNMAN_IPCONFIG_AF; |
| 103 memset(dns_servers, 0, sizeof(dns_servers)); |
| 104 ipaddr.dns_servers = dns_servers; |
| 105 |
| 106 dbus_message_iter_recurse(&iter, &dict); |
| 107 |
| 108 while (dbus_message_iter_get_arg_type(&dict) == DBUS_TYPE_DICT_ENTRY) { |
| 109 DBusMessageIter entry; |
| 110 |
| 111 dbus_message_iter_recurse(&dict, &entry); |
| 112 dbus_message_iter_get_basic(&entry, &key); |
| 113 dbus_message_iter_next(&entry); |
| 114 dbus_message_iter_get_basic(&entry, &value); |
| 115 |
| 116 _DBG_VPN("%s = %s", key, value); |
| 117 |
| 118 if (!strcmp(key, "INTERNAL_IP4_ADDRESS")) { |
| 119 ipaddr.local = value; |
| 120 ipaddr.mask |= CONNMAN_IPCONFIG_LOCAL; |
| 121 } else if (!strcmp(key, "EXTERNAL_IP4_ADDRESS")) { |
| 122 ipaddr.peer = value; |
| 123 ipaddr.mask |= CONNMAN_IPCONFIG_PEER; |
| 124 } else if (!strcmp(key, "DNS1")) { |
| 125 ipaddr.dns_servers[0] = value; |
| 126 ipaddr.mask |= CONNMAN_IPCONFIG_DNS; |
| 127 } else if (!strcmp(key, "DNS2")) { |
| 128 ipaddr.dns_servers[1] = value; |
| 129 } else if (!strcmp(key, "INTERNAL_IFNAME")) { |
| 130 ifname = value; |
| 131 } |
| 132 |
| 133 dbus_message_iter_next(&dict); |
| 134 } |
| 135 |
| 136 if (vpn_set_ifname(provider, ifname) < 0) { |
| 137 g_free(ifname); |
| 138 return VPN_STATE_FAILURE; |
| 139 } |
| 140 |
| 141 connman_provider_ipconfig_set(provider, &ipaddr); |
| 142 |
| 143 return VPN_STATE_CONNECT; |
| 144 } |
| 145 |
| 146 static int li_connect(struct connman_provider *provider, |
| 147 struct connman_task *task, const char *if_name) |
| 148 { |
| 149 #define OPT_STR(property, option) do { \ |
| 150 const char *s = connman_provider_get_string(provider, property); \ |
| 151 if (s != NULL) \ |
| 152 connman_task_add_argument(task, option, (char *)s); \ |
| 153 } while (0) |
| 154 #define OPT_BOOL(property, true_option, false_option) do { \ |
| 155 const char *s = connman_provider_get_string(provider, property); \ |
| 156 if (s != NULL) { \ |
| 157 connman_task_add_argument(task, strcmp("true", s) == 0 ? \ |
| 158 true_option : false_option, \ |
| 159 NULL); \ |
| 160 } \ |
| 161 } while (0) |
| 162 const char *vpnhost; |
| 163 int err, fd; |
| 164 |
| 165 if (connman_task_set_notify(task, "getsec", |
| 166 li_get_sec, provider)) |
| 167 return -ENOMEM; |
| 168 |
| 169 vpnhost = connman_provider_get_string(provider, "Host"); |
| 170 if (!vpnhost) { |
| 171 connman_error("%s: host not set; cannot enable VPN", __func__); |
| 172 return -EINVAL; |
| 173 } |
| 174 |
| 175 connman_task_add_argument(task, "--remote_address", |
| 176 (char *)vpnhost); |
| 177 connman_task_add_argument(task, "--pppd_plugin", |
| 178 SCRIPTDIR "/libppp-plugin.so"); |
| 179 |
| 180 OPT_STR("L2TPIPsec.CACert", "--server_ca_file"); |
| 181 OPT_STR("L2TPIPsec.Key", "--client_key_file"); |
| 182 OPT_STR("L2TPIPsec.Cert", "--client_cert_file"); |
| 183 OPT_STR("L2TPIPsec.PSK", "--psk_file"); |
| 184 OPT_STR("L2TPIPsec.User", "--user"); |
| 185 OPT_STR("L2TPIPsec.IPsecTimeout", "--ipsec_timeout"); |
| 186 OPT_STR("L2TPIPsec.LeftProtoPort", "--leftprotoport"); |
| 187 OPT_BOOL("L2TPIPsec.PFS", "--pfs", "--nopfs"); |
| 188 OPT_BOOL("L2TPIPsec.Rekey", "--rekey", "--norekey"); |
| 189 OPT_STR("L2TPIPsec.RightProtoPort", "--leftprotoport"); |
| 190 |
| 191 OPT_BOOL("L2TPIPsec.RequireChap", "--require_chap", |
| 192 "--norequire_chap"); |
| 193 OPT_BOOL("L2TPIPsec.RefusePap", "--refuse_pap", "--norefuse_pap"); |
| 194 OPT_BOOL("L2TPIPsec.RequireAuth", "--require_authentication", |
| 195 "--norequire_authentication"); |
| 196 OPT_BOOL("L2TPIPsec.LengthBit", "--length_bit", "--nolength_bit"); |
| 197 |
| 198 fd = fileno(stderr); |
| 199 err = connman_task_run(task, vpn_died, provider, |
| 200 NULL, &fd, &fd); |
| 201 if (err < 0) { |
| 202 connman_error("l2tpipsec failed to start"); |
| 203 return -EIO; |
| 204 } |
| 205 |
| 206 return 0; |
| 207 } |
| 208 |
| 209 static struct vpn_driver vpn_driver = { |
| 210 .flags = VPN_FLAG_NO_TUN, |
| 211 .notify = li_notify, |
| 212 .connect = li_connect, |
| 213 }; |
| 214 |
| 215 static int li_init(void) |
| 216 { |
| 217 connection = connman_dbus_get_connection(); |
| 218 |
| 219 return vpn_register("l2tpipsec", &vpn_driver, L2TPIPSEC); |
| 220 } |
| 221 |
| 222 static void li_exit(void) |
| 223 { |
| 224 vpn_unregister("l2tpipsec"); |
| 225 |
| 226 dbus_connection_unref(connection); |
| 227 } |
| 228 |
| 229 CONNMAN_PLUGIN_DEFINE(l2tpipsec, "l2tpipsec plugin", VERSION, |
| 230 CONNMAN_PLUGIN_PRIORITY_DEFAULT, li_init, li_exit) |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 6513009:
flimflam: Add L2TP/IPsec VPN plugin (Closed)
Base URL: ssh://git@gitrw.chromium.org:9222/flimflam.git@master