summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* AUTHORS: Mention Oskar's contributionsHEADmasterDaniel Wagner2023-04-111-0/+1
|
* timeserver: Purge timeserver list after resetEmmanuel VAUTRIN2023-04-111-0/+3
| | | | | When reset, the timeserver list needs to be purged from whole timesever history, in order to only contain the up-to-date values.
* rtnl: Ignore adding/removing interface to/from bridgeJonathan Liu2023-04-111-3/+14
| | | | | Avoids wifi interface being removed and added again when tethering is disabled.
* ntp: Fix timeserver typo in warning when ntp_data is not NULLJonathan Liu2023-04-111-1/+1
| | | | | The value of the timeserver variable is incorrectly referred to as timerserver. Change it to timeserver to be consistent.
* AUTHORS: Mention Eivind's contributionsDaniel Wagner2023-04-111-0/+1
|
* vpn: Adding support for latest pppd 2.5.0 releaseEivind Næss2023-04-113-23/+161
| | | | | | | | The API has gone through a significant overhaul, and this change fixes any compile issues. 1) Fixes to configure.ac itself 2) Cleanup in pppd plugin itself Adding a libppp-compat.h file to mask for any differences in the version.
* service: Fix hidden service with wrong passphraseEmmanuel VAUTRIN2023-04-111-3/+14
| | | | | | | | Two cases need to be fixed during the connection to a hidden service with a wrong passphrase: * the invalid key error shall be reported to the user, * another attempt to connect to this hidden service shall be possible, and succeed with the right passphrase
* network: Keep failure state after disconnectionEmmanuel VAUTRIN2023-04-111-9/+13
| | | | | | | | | | set_disconnected() function shall not prevent the service to process errors by replacing failure state by idle. For example, when a connection fails with a wrong passphrase, the user still needs to be informed, via the agent. However, in this case, the associated service is automatically disconnected, canceling the pending agent requests. The invalid key error shall be reported, instead of a cancel error.
* doc: Update connman(8) manpage on the --nodnsproxy option.Oskar Roesler2023-04-111-3/+5
| | | | | The --nodnsproxy option documentation left out that ConnMan will fall back to creating a resolv.conf on startup. This gets fixed by this.
* doc: Add info on matching logic for --nodeviceDaniel Wagner2023-04-111-1/+2
|
* AUTHORS: Mention Polina's contributionsDaniel Wagner2023-04-111-0/+1
|
* gdhcp: Verify and sanitize packet length firstDaniel Wagner2023-04-111-7/+9
| | | | | | | | | | Avoid overwriting the read packet length after the initial test. Thus move all the length checks which depends on the total length first and do not use the total lenght from the IP packet afterwards. Fixes CVE-2023-28488 Reported by Polina Smirnova <moe.hwr@gmail.com>
* service: Fix an additional case of autoconnect breakage under iwdJade Lovelace2023-01-161-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | Error flow: - __connman_service_create_from_network() creates network, but it is not favorite since it is not yet saved - trigger_autoconnect is skipped since !favorite *** User calls Connect() *** - iwd plugin gets connect() call - iwd plugin finds out about new known network and copies the autoconnect state of the iwd_network to the iwd_known_network, which is false since it was zero initialized and nobody called connman_network_set_autoconnect on it. - iwd plugin tells iwd to set AutoConnect to false - service_indicate_state() calls __connman_service_set_favorite(service, true) - nobody tells the iwd plugin about the change in favorite state This patch calls trigger_autoconnect right at the end there, which will then propagate the outcome of the favorite state to the iwd plugin. I think this patch is the right design for the current architecture of the autoconnect state management, but I think the autoconnect design probably needs some changes outside the scope of this patch since it is too easy to make these mistakes.
* iwd: fix iwd autoconnect being set wrongly on new connectionsJade Lovelace2023-01-161-3/+84
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Due to an extremely subtle bug in tracking the autoconnect state from connman on through to iwd, iwd was incorrectly being sent zero-initialized default data as the autoconnect value. In particular, what happened is as follows: - A new iwd_network is created for the iwd.Network that appears, which also creates an associated connman_network. In the process of creating the connman_network, the iwd plugin receives a callback that correctly sets the cm_autoconnect state of the iwd_network. - Connman's Service.Connect() function is called via D-Bus, which calls into the iwd plugin, which in turn calls iwd.Network.Connect() over D-Bus. - The connection completes and the following fire: - iwd.KnownNetwork created event, which is supposed to initialize the cm_autoconnect state to that of the iwd_network, but this does not occur since the iwd_network does not yet have a KnownNetwork associated, so it remains uninitialized - PropertyChanged event on the corresponding iwd.Network object, with the new KnownNetwork property value, springing the trap set earlier by synchronizing the zero-initialized iwd_known_network.cm_autoconnect state to the iwd KnownNetwork In practice, this looks like: -> net.connman.iwd.Network.Connect() on /net/connman/iwd/0/3/0000000000000000000000_psk <- RequestPassphrase() -> (passphrase) -> Set('AutoConnect', False) on /net/connman/iwd/0000000000000000000000_psk This was found by investigating why my computer was not automatically connecting to some networks after coming out of sleep, and finding that the iwd AutoConnect setting was false on those networks while connman thought it was true (in fact, this was the case! The connman iwd plugin thought otherwise). Reproduction: connmanctl> agent on Agent registered connmanctl> config wifi_9cb6d0f7daaf_00000000_managed_psk --remove connmanctl> connect wifi_9cb6d0f7daaf_00000000_managed_psk Agent RequestInput wifi_9cb6d0f7daaf_00000000_managed_psk Passphrase = [ Type=psk, Requirement=mandatory ] Passphrase? 00000000 Connected wifi_9cb6d0f7daaf_00000000_managed_psk $ busctl get-property net.connman.iwd /net/connman/iwd/00000000_psk net.connman.iwd.KnownNetwork AutoConnect b false Then sleep the machine and observe that the network is not automatically reconnected.
* iwd: Fix typo in create_known_network nameJade Lovelace2023-01-161-2/+2
|
* iwd: Rename autoconnect fields to clarify meaningJade Lovelace2023-01-161-19/+19
|
* main: Add Hamachi interface to ignore listDaniel Wagner2023-01-021-0/+1
| | | | | | | | The Hamachi VPN daemon setups a network interface calles 'ham0' which is under control of this daemon. ConnMan should ignore it and not starting to auto configure it. Reported by: i.Dark_Templar <darktemplar@dark-templar-archives.net>
* ipconfig: Do not filter out 0.0.0.0 gateway routesDaniel Wagner2023-01-021-1/+1
| | | | | | | | | | This reverts commit cb05780d86c3 ("ipconfig: Don't add invalid gateway routes") as it introduced regressions for IPv4LL setups. 0.0.0.0 is a valid gateway address for IPv4LL setups (see forwarding rules in RFC3927). Reported by Geoffrey Van Landeghem <geoffrey.vl@gmail.com>
* dnsproxy: add my copyright statement covering the larger refactoring changesMatthias Gerstner2022-11-031-0/+1
|
* dnsproxy: harmonize use of sizeof() for message size calculationsMatthias Gerstner2022-11-031-14/+17
|
* dnsproxy: fix TCP server reply handling if domain name is appendedMatthias Gerstner2022-11-031-33/+73
| | | | | | | | | | | | | | The code path for TCP if the domain name is attached never worked. There is a bug in the `hdr` pointer calculation in `ns_resolv`. Furthermore if the first response from the server is negative or erroneous then the TCP connection is terminated unconditionally, even if further responses are pending. This change splits off the initial part of forward_dns_reply() into a new lookup_request() function. The information from the request_data structure is used by the UDP and TCP processing code to determine whether to keep the request (and TCP connection) around or not. Furthermore errors in the `alt` message creation are fixed.
* dnsproxy: finish first full pass of refactoring the compilation unitMatthias Gerstner2022-11-031-244/+206
| | | | | | | - make variable declarations more local, if possible - use more const variables where suitable - more harmonized use of integer types (especially use size_t for buffer lengths) - avoid duplicate or difficult to read code portions
* dnsproxy: forward_dns_reply: pull out separate dns_reply_fixup_domains()Matthias Gerstner2022-11-031-159/+177
| | | | This should make the code logic a bit clearer and less convoluted.
* dnsproxy: uncompress: replace unnecessary goto with return statementsMatthias Gerstner2022-11-031-12/+9
|
* dnsproxy: refactor ns_resolv() and forwards_dns_reply()Matthias Gerstner2022-11-031-143/+153
| | | | | | | | | - document function behaviour in comments - use early exits where possible to reduce indentation levels - move stack variables into more localized scopes - reduce some duplicate code in uncompress() calls - add TODO about likely logical error that could have ramifications when fixing.
* dnsproxy: refactor and document strip_domains() to make it less confusingMatthias Gerstner2022-11-031-18/+43
|
* dnsproxy: strip_domains(): fix out of bounds read accessMatthias Gerstner2022-11-031-0/+2
| | | | | | | | If the name is not found in an answer record then `ptr` is NULL and the calculation at the end of the while loop `maxlen -= answers - ptr` will underflow, resulting in a very large `maxlen` value and consequently in out of bound read accesses parsing beyond the actual end of the answers section.
* dnsproxy: refactoring of cache_update()Matthias Gerstner2022-11-031-73/+69
| | | | | | | | - move stack variables into more localized scopes - use const parameters and variables where possible - use named constants over literal numbers - simplify some parsing details by using byte order macros or adding some comments to make the intentions clearer
* dnsproxy: refactor parse_response()Matthias Gerstner2022-11-031-53/+57
| | | | | | | - add a descriptive comment to make clear what the function does - use const pointers and size_t where possible - move stack variables into more localized scopes - use named constants over literal numbers where applicable
* dnsproxy: refactoring of update_cached_ttl() and append_data()Matthias Gerstner2022-11-031-71/+72
| | | | | | | | - use size_t for sizes and lengths where possible - use named constants in favor of literal numbers - more localized variable declarations - prefer byte order macros over explicit byte operations - add some comments and use early exits to simplify the code
* dnsproxy: first bits of refactoring data types, global variables, simpler ↵Matthias Gerstner2022-11-031-227/+214
| | | | | | | | | | | | | | | | | | functions - move all type declarations to the top of the unit to have them all in one place, same for global variables - introduce enums for having more descriptive identifiers for some of the DNS header constants - remove unnecessary zero initializations for global variables - move variable declarations into more local scopes where possible (e.g. in for loops). Shorter lifetimes of variables can make the code more easy to follow. - avoid some repetitive code sequences like `cache_free_ipv4()` by moving them into separate functions - use const variables in parameters where possible to make certain guarantees of function calls more clear and avoid erroneous assignments.
* dnsproxy: fix compiler warning about zero length printf format stringMatthias Gerstner2022-11-031-1/+1
|
* autoconf: require C99 compiler and set C99 modeMatthias Gerstner2022-11-031-1/+1
| | | | | For refactoring the dnsproxy codebase using C99 language features will come in handy (mostly for using more localized variable declarations).
* dnsproxy-simple-test: improve test coverage and test flexibilityMatthias Gerstner2022-11-033-17/+104
| | | | | | | | | - enable debug() macro for test invocation which allows to get test logs - actually trigger caching logic explicitly by querying the same configurations twice in succession - count the number of cache hits to catch regressions in the caching functionality - support custom domains for testing specified on the command line
* dnsproxy: enable Fallback DNS server when created if neededChristophe Ronco2022-10-241-9/+19
| | | | | If there is no default DNS server when a fallback DNS server is created, enable it.
* AUTHORS: Mention Ben's contributionsDaniel Wagner2022-09-271-0/+1
|
* gresolv: add missing include to fix clang-16 buildBen Kohler2022-09-271-0/+1
| | | | | | Current compilers gcc-12 and clang-15 warn about an implicit function declaration in gresolv.c, and this turns into a fatal error in clang-16 and eventually in future gcc.
* wifi: Handle invalid-key case on WPA-SAE authentication failureAriel D'Alessandro2022-09-201-0/+26
| | | | | | | | | | On WPA3-SAE authentication, wpa_supplicant goes directly from authenticating to disconnected state if the key was invalid. The above is currently not handled and the `connect-failed` error is reported on such cases. In order to make the client agent prompt for a new password, we need to handle this transition and report the `invalid-key` error.
* wispr: Simplify the IP version checkDaniel Wagner2022-09-071-5/+1
| | | | No need to be clever. There is IPv4 and IPv6 nothing else.
* wispr: Fix context refcounting in wispr_portal_request_portal()Daniel Wagner2022-09-071-5/+5
| | | | | | | | | | | | | | The wispr_portal_request_portal() function is expected to read until there is no data. Hence, the wp_context refcount is supposed to be hold on while reading. Furthermore, we should not return early when we read the X-ConnMan-Status header. Instead we are supposed to go through the normal return path so that we cleanup any added routing entries. Thus, we also don't need to update the refcount in this code path as we handle it at the main return path. Fixes: 416bfaff9888 ("wispr: Update portal context references")
* service: Track online check for IPv4 and IPv6 separatelyDaniel Wagner2022-09-071-12/+27
| | | | | The online check is not distinguishing between IPv4 and IPv6 but the rest of the code assumes we handle them separately.
* ipconfig: Don't add invalid gateway routesDaniel Wagner2022-08-281-1/+1
| | | | | | | When we assign an IPV4LL address we are calling __connman_ipconfig_gateway_add() with an invalid GW set. It's propably a safe bet to say NULL is never a valid GW, so let's filter it out for all callers.
* wisrp: Handle wispr_portal_detect failuresDaniel Wagner2022-08-281-24/+32
| | | | | | | __connman_wispr_start() should handle any errors reported by wispr_portal_detect. While at it also return early if the service type is not supported.
* resolver: Add path to resolv.conf to config optionsJakub Jirutka2022-08-283-7/+48
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Before (current state): If the <STATEDIR> (/var/run/connman) directory exists, ConnMan writes resolvfile into <STATEDIR>/resolv.conf. If it doesn't exist, it writes into /etc/resolv.conf. If it fails, it does nothing. Problem: This is unclear and error prone. The user (or package maintainer) may create the /var/run/connman directory for a pidfile or whatever and surely doesn't expect ConnMan to suddenly stop updating /etc/resolv.conf. Or the user doesn't want ConnMan to touch /etc/resolv.conf (e.g. openresolv or similar tool is used), ever. Configuring this use case by creating directory /run/connman (as suggested e.g. on https://wiki.archlinux.org/title/ConnMan#/etc/resolv.conf) is really weird... and error prone. After: The user can explicitly set path for the resolvfile in connman.conf via "ResolvConf" option. If this option is set, ConnMan writes resolvfile to the specified file (and creates it if doesn't exist). If it fails (e.g. directory doesn't exist or file is not writable) or the path is /dev/null or an empty string, it does nothing. If this option is not set, it behaves as before. Signed-off-by: Daniel Wagner <wagi@monom.org> Link: https://lore.kernel.org/r/20220615165350.11431-1-jakub@jirutka.cz
* AUTHORS: Mention Nathan's contributionsDaniel Wagner2022-08-011-0/+1
|
* gweb: Fix OOB write in received_data()Nathan Crandall2022-08-011-1/+1
| | | | | | | | | | There is a mismatch of handling binary vs. C-string data with memchr and strlen, resulting in pos, count, and bytes_read to become out of sync and result in a heap overflow. Instead, do not treat the buffer as an ASCII C-string. We calculate the count based on the return value of memchr, instead of strlen. Fixes: CVE-2022-32292
* wispr: Update portal context referencesDaniel Wagner2022-08-011-12/+22
| | | | | | Maintain proper portal context references to avoid UAF. Fixes: CVE-2022-32293
* wispr: Add reference counter to portal contextDaniel Wagner2022-08-011-10/+42
| | | | | | | | Track the connman_wispr_portal_context live time via a refcounter. This only adds the infrastructure to do proper reference counting. Fixes: CVE-2022-32293
* wispr: Ignore NULL proxyDaniel Wagner2022-08-011-1/+1
| | | | | | connmand[16822]: Failed to find URL:http://ipv6.connman.net/online/status.html connmand[16822]: src/wispr.c:proxy_callback() proxy (null) (connmand:16449): GLib-CRITICAL **: 10:15:43.812: g_str_has_prefix: assertion 'str != NULL' failed
* wispr: Rename wispr_portal_list to wispr_portal_hashDaniel Wagner2022-08-011-11/+11
| | | | | | | This data structure is a hash table, so replace the '_list' with '_hash' to reduce the possibility for confusion. Signed-off-by: Daniel Wagner <wagi@monom.org>
View Lorry Controller Status