summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
* wispr: Prevent use-after-free from __connman_wispr_stop()Seung-Woo Kim2022-05-251-11/+5
| | | | | | From __connman_wispr_stop(), list element wispr_portal freed by g_hash_table_remove() is accessed. Prevent the use-after-free by accessing the list element before free.
* doc: Add note SingleConnectedTechnology can't be used with VPNDaniel Wagner2022-05-251-1/+2
| | | | | | | SingleConnectedTechnology can't be used with VPNs. VPNs rely on a transport which is from a different technology group. Reported by Thomas Bartosik.
* service: Add "Ethernet" property for VPN into n.c.Manager GetServicesJakub Jirutka2022-05-161-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Scope: This patch affects the Service properties exposed by D-Bus method GetServices in interface net.connman.Manager. Before (current state): Services of type WIFI, ETHERNET, BLUETOOTH, and GADGET have property "Ethernet" with a dictionary of "Method", "Interface", "Address", and "MTU". Services of type VPN (and also P2P, GPS, and SYSTEM) don't include this property, althrough VPNs are IP-based too and the data is available (at least for some, e.g. OpenVPN, not sure if all). After (proposed change): Even services of type VPN includes property "Ethernet". Motivation: ConnMan integration with resolvconf(8) via D-Bus (https://github.com/jirutka/connman-resolvconf) - I need to know "Interface" even for VPN services. Considerations: Function append_ethernet in src/service.c checks if either service->ipconfig_ipv4 or service->ipconfig_ipv6 is non-NULL and do nothing if this condition is not satisfied. Otherwise, __connman_ipconfig_append_ethernet from src/ipconfig.c is called. This function checks if the index of passed service->ipconfig_ipv4 (or _ipv6) is present in ipdevice_hash. If it's not, it just sets "Method" property with value "auto" and returns. Thus I think this change shouldn't break anything, even if ipconfig data is not available for some VPN types. I tested it myself with just OpenVPN provider though. This may introduce an asymmetry between Service properties returned by GetServices and signal PropertyChanged in interface net.connman.Service - change in "Ethernet" is currently not being announced for VPN services. I originally wanted to implement this as well (actually, before GetServices), but got lost in code duplication and unclear relation between src/ and vpn/. Anyway, I don't think this asymetry is a problem (and probably more asymetries already exist there?).
* clock: fix time update transition auto->manualRyan Smith2022-05-161-6/+3
| | | | | | | | When the TimeUpdates property is changed via D-Bus from auto to manual, the change is written out to the settings state file. However, it does no modify the current service. This causes the service to continue to synchronize time even after TimeUpdates being set to manual. This patch updates the service whenever any change is made to the TimeUpdates setting.
* wispr: Fix online check when using WPAD/PACRyan Smith2022-04-141-6/+30
| | | | | | | | | | | A PAC file can return multiple proxies in response to a query. They are separated by a semicolon and, possibly, a space. 'PROXY proxy1.example.com:3128; PROXY proxy2.example.com; DIRECT' Currently, this is not handled, and the inclusion of more than one proxy causes the online check to fail. This fix parses the first proxy in the list and uses it.
* dhcp: Set proxy properly when applying DHCP leaseRyan Smith2022-04-141-2/+1
| | | | | | | | | | | When DHCP Option 252 (PAC file URL) is included, the service should be updated. Doing so sets the proxy method to 'auto', updates the ipconfig object, and notifies PACrunner (if included) that the proxy setting has changed. Currently, only the ipconfig object is updated. This patch calls the proper function to perform these actions.
* gdhcp: fix server address byte orderRyan Smith2022-04-141-1/+1
| | | | | The get_ip function calls inet_ntoa, which expects the IP address in network byte order.
* iwd: Fix connection with invalid passphrase formatEmmanuel VAUTRIN2022-04-141-1/+3
| | | | | | | It is no more possible to connect to a secure network, after entering an invalid passphrase format, for example 64 characters. In this case, the user agent still needs to be called, to request a new passphrase.
* AUTHORS: Mention Daniel's contributionsDaniel Wagner2022-04-081-0/+1
|
* vpn: Replace hardcoded paths with RUNSTATEDIRDaniel Linjama2022-04-082-3/+3
| | | | Replace hardcoded /var/run paths with configurable RUNSTATEDIR
* build: Support configurable run dir with RUNSTATEDIRDaniel Linjama2022-04-082-0/+3
| | | | Add configurable $(runstatedir) to CFLAGS as RUNSTATEDIR
* ofono: Do not change regdom when it follows timezoneJussi Laakkonen2022-04-081-0/+5
|
* timezone: Change regdom along timezone, use localtime configJussi Laakkonen2022-04-081-5/+100
| | | | | | | | | | | | | | | | | | This is an optional feature and when enabled with RegdomFollowsTimezone config option the regdom is changed when the timezone changes. This feature is useful in cases when the devices without a cellular functionality or a SIM card to set the regdom for WiFi via regdom changes indicated by Ofono plugin are remaining the default setting (US). As a result some region specific channels cannot be utilized with WiFi. The ISO3166 country code is read from /usr/share/zoneinfo/zone1970.tab using the set timezone. This is done at startup and when there is an inotify event for the localtime. The first ISO3166 country code set on the line is used. Timezone.c now uses localtime configured in main.conf. It may be a symlink as external service can manage localtime so IN_CREATE event is added for inotify watch.
* main: Add RegdomFollowsTimezone option for regdom changesJussi Laakkonen2022-04-082-0/+19
| | | | | This boolean option toggles whether the regdom is being changed along timezone changes or not. By default the feature is off.
* main: Add path to localtime to config options.Jussi Laakkonen2022-04-082-0/+22
| | | | | | | The path to localtime is kept as default /etc/localtime but in some cases external daemon manages the localtime by changing its own symlink to which /etc/localtime points to. Thus, ConnMan would not see any change in the localtime changes.
* timeserver: include the reason why a timeserver sync is requestedNicky Geerts2022-04-084-7/+35
| | | | | | | | | | | | | | Except for the initial connman_timeserver_start call, and potential updated of the default service, all subsequent calls to resynchronise the timeserver are blocked because of the check whether service equals ts_service in __connman_timeserver_sync. DHCP updates, which could replace the timeserver and nameservers, and state change updates are ignored. As previously suggested by Daniel Wagner on Nov 19th 2019 in a mail to Vivien Henriet, it would be best to pass the reason of the sync call, and add the logic in __connman_timeserver_sync.
* timeserver: refresh the nameservers before each lookupNicky Geerts2022-03-071-41/+46
| | | | | | | | | | There is a possibility where the UDP channel connections in the resolv instance are being closed because of how the external DNS service might respond, and are never opened again. The DNS resolve will keep failing, and there is no automatic recovery from this. Similar to the behavior of the WISPR module, refresh the nameservers in the resolv instance before each DNS request.
* iwd: Forget network on service removalEmmanuel VAUTRIN2022-03-045-0/+58
| | | | | When a service is manually removed, the associated network, at driver side, needs to be forgotten, to remove the corresponding known network.
* dnsproxy: add standalone test version of dnsproxy and a test script for itMatthias Gerstner2022-03-044-1/+284
| | | | | | | | | | | | | | | Since dnsproxy is not really modular this requires building complete connman minus the original main function. It makes testing a lot easier though, since this standalone version doesn't require root privileges or configuration aspects like the D-Bus connection etc. Only build this if `--enable-test` is given, otherwise complete connmand would be built twice just by typing `make`. Also don't add this to CHECK_PROGRAMS, because the test could need some specific settings to work (e.g. a working /etc/resolv.conf with domain entry). Add `--enable-test` to bootstrap-configure such that developers notice possible build errors introduced in the regression test build.
* service: Check if hidden service has a pending request on agentJussi Laakkonen2022-02-271-1/+4
| | | | | | | | | | | | | Hidden (WiFi) services do not save the pending request to the service struct and this utilizes agent-connman.c to check if there is a agent request already set for the service. In such case this reports in progress error back to the caller as with visible service. Otherwise there would be a possibility to request connect for at least twice for a hidden WiFi network. And when agent is in use this would result in two requests to be sent, first one is the current active one and the second would be waiting in agent queue, which in case of time-out would be then be sent to the agent as a duplicate request.
* agent: Add support to check for active pending requestsJussi Laakkonen2022-02-274-0/+39
| | | | | | | This adds a simple search to agent.c that can be used via agent-connman.c to check if there is a pending request for the service. Both current active pending request for the agent is checked as well as the list of the queries for the given user context.
* AUTHORS: Mention Sebastian's contributionsDaniel Wagner2022-02-271-0/+1
|
* vpn/vpn-polkit.policy: Replace unsupported "auth_*_keep_session" by ↵Sebastian Pipping2022-02-271-2/+2
| | | | | | | "auth_*_keep" This will stop recent Polkit (e.g. version 0.120) from first complaining about a parse error and then discarding the whole file.
* iwd: Fix disabling tethering not working for brcmfmacJonathan Liu2022-02-271-5/+4
| | | | | | | | | | | For Broadcom BCM4356 chipset with brcmfmac driver, changing from AP mode to station mode returns -EBUSY if the wireless interface is a member of a bridge. To resolve the issue, the wireless interface is removed from the tether bridge before changing the mode rather than after. Fixes: 648ed549f0ac ("iwd: Add support for tethering")
* main: Set default online check URL also when no config providedDaniel Wagner2022-02-271-2/+8
| | | | | | | | We need to set the default URL also when no config exist. Reported by: Daniel Antoine <univac55@gmail.com> Fixes: 9d7e55f40e80 ("wispr: Add online check url config options")
* dnsproxy-test: support command line specification of dnsproxy portMatthias Gerstner2022-02-211-2/+9
| | | | This way a dnsproxy running on an unprivileged port can be tested.
* dnsproxy: support programmatic configuration of the default listen portMatthias Gerstner2022-02-212-2/+9
| | | | | This way a test instance of dnsproxy can be setup that listens on an unprivileged port for easier testing as non-root.
* .gitignore: also ignore emacs backup filesMatthias Gerstner2022-02-211-0/+1
|
* dnsproxy: protocol_offset: remove error return case and return size_tMatthias Gerstner2022-02-211-27/+14
| | | | | | | | | | There is never any socket created that is not UDP or TCP, so this error should never occur unless some memory corruption or similar occured. Therefore `abort()` on unexpected values instead. This simplifies the calling code since the error case no longer needs to be covered (which can also be dangerous when forgotten, because then negative error codes are used in calculations).
* dnsproxy: remove unnecessarily shadowed variableMatthias Gerstner2022-02-211-1/+1
|
* dnsproxy: remove unused domain parameter from `remove_server()`Matthias Gerstner2022-02-211-4/+3
|
* iwd: Use same signal strength calculation as wpa_supplicantJonathan Liu2022-02-211-1/+3
| | | | | | | | | | | | | | | | | | | Fixes the signal strength reported by connman being lower when using iwd compared to wpa_supplicant. In the wifi plugin for wpa_supplicant, the signal strength is calculated as follows: strength = 120 + g_supplicant_network_get_signal(supplicant_network); if (strength > 100) strength = 100; The g_supplicant_network_get_signal() function returns the signal strength in dBm. This means the signal strength calculation in connman for wpa_supplicant treats -20 dBm or higher as 100% signal strength. The iwd plugin is changed to use the same calculation but as iwd returns returns the signal strength as 100 * dBm, it needs to be divided by 100 to get the same dBm value as wpa_supplicant.
* iwd: Fix typo in warning message when enabling AccessPoint modeJonathan Liu2022-02-211-1/+1
| | | | Fixes: 648ed549f0ac ("iwd: Add support for tethering")
* wifi: Duplicate GSupplicantSSID pointer membersNiel Fourie2022-02-212-39/+83
| | | | | | | | In ssid_init(), the pointer members of GSupplicantSSID *ssid was initialised to point to members of a connman_network, which get freed and replaced, causing ssid's pointers to point to freed heap memory. To mitigate this, these members are duplicated and then freed and along with ssid when no longer needed.
* Release 1.411.41Marcel Holtmann2022-01-282-1/+9
|
* unit: Fix missing declarations in test-iptablesEmmanuel VAUTRIN2022-01-251-2/+2
| | | | | | | | | | | gcc reports with: unit/test-iptables.c:72:5: error: no previous declaration for 'xt_match_parse' [-Werror=missing-declarations] 72 | int xt_match_parse(int c, char **argv, int invert, unsigned int *flags, | ^~~~~~~~~~~~~~ unit/test-iptables.c:78:5: error: no previous declaration for 'xt_target_parse' [-Werror=missing-declarations] 78 | int xt_target_parse(int c, char **argv, int invert, unsigned int *flags, | ^~~~~~~~~~~~~~~
* AUTHORS: Add Matthias' contributionsDaniel Wagner2022-01-251-0/+1
|
* dnsproxy: Keep timeout in TCP case even after connection is establishedMatthias Gerstner2022-01-251-5/+0
| | | | | | | | | If an outgoing TCP connection succeeds but the remote server never sends back any data then currently the TCP connection will never be terminated by connmand. To prevent this keep the connection timeout of 30 seconds active even after the connection has been established.
* dnsproxy: Avoid 100 % busy loop in TCP server caseMatthias Gerstner2022-01-251-0/+12
| | | | | | | | | | | Once the TCP socket is connected and until the remote server is responding (if ever) ConnMan executes a 100 % CPU loop, since the connected socket will always be writable (G_IO_OUT). To fix this, modify the watch after the connection is established to remove the G_IO_OUT from the callback conditions. Fixes: CVE-2022-23098
* dnsproxy: Validate input data before using themDaniel Wagner2022-01-251-5/+26
| | | | | | | dnsproxy is not validating various input data. Add a bunch of checks. Fixes: CVE-2022-23097 Fixes: CVE-2022-23096
* dnsproxy: Update TCP length headerMatthias Gerstner2022-01-251-0/+3
|
* main: Use g_strdup for online_check_ipv{4,6}_url configDaniel Wagner2022-01-251-2/+9
| | | | | We are using g_free() on ConnMan's exist path, hence we would try to free non malloc memory.
* service: Fix native connection with wrong passphraseEmmanuel VAUTRIN2022-01-231-0/+9
| | | | | | | | | | When a native connection fails with a wrong passphrase, the user still needs to be informed, via the agent. However, in this case, the associated service is automatically disconnected, canceling the pending agent requests. The invalid key error shall be reported before this cancellation. Commit b9a0a039ccc5 ("service: Report errors to user in native mode")
* iwd: Mark only reachable networks as availableEmmanuel VAUTRIN2022-01-211-1/+3
| | | | | Only reachable networks, with a significant signal strength, shall be marked as available.
* iwd: Fix connection with no passphraseEmmanuel VAUTRIN2022-01-211-0/+2
| | | | | | | | During a failing connection on a secure network with no passphrase, agent_request_passphrase() crashes, trying to manipulate the value of the "WiFi.Passphrase" key, which is null. Reviewed-by: Michael Trimarchi <michael@amarulasolutions.com>
* iwd: Fix station in scan callbackVAUTRIN Emmanuel (Canal Plus Prestataire)2022-01-211-1/+1
| | | | | The station shall be searched in stations table instead of networks. Fixes: 8371114aaef9 ("iwd: Hookup manual scan trigger")
* AUTHORS: Mention Christian's contributionsDaniel Wagner2021-12-191-0/+1
|
* ipconfig: Do not enable/disable ipv6 for all ifsChristian Taedcke2021-12-191-0/+6
| | | | | | If the interface name could not be determined (e.g. because the usb device was unplugged and removed from the system), do not disable ipv6 for all devices.
* Add ObjectManager interface to connmanMichael Trimarchi2021-12-191-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | ObjectManager let us to understand if the connman interface is up before use it. InterfacesAdded and InterfacesRemoved signals will then be emitted. int main() { auto connection = sdbus::createSystemBusConnection(); auto managerProxy = std::make_unique<ManagerProxy>(*connection, "net.connman", "/"); try { managerProxy->handleExistingObjects(); } catch (const sdbus::Error& e) { if (e.getName() == "org.freedesktop.DBus.Error.ServiceUnknown") { std::cout << "Waiting for server to start ..." << std::endl; } } connection->enterEventLoop(); return 0; }
* service: Support hot-plug of technologies by updating ipconfig indexJussi Laakkonen2021-11-181-2/+15
| | | | | | | | | | | | It is important to update the index of the ipconfig belonging to the service that is to be created from network after re-inserting a technology that supports hot-plug (e.g., an USB ethernet adapter). The service does exist in such case but the interface index is not updated which results in DHCP failing to start. This is because the old index would be used. With this change index update is always done regardless of the existing path for the service.
View Lorry Controller Status