static int run_connect(struct vpn_provider *provider,
struct connman_task *task, const char *if_name,
vpn_provider_connect_cb_t cb, void *user_data)
{
const char *vpnhost, *vpncookie, *servercert, *mtu;
int fd, err = 0, len;
vpnhost = vpn_provider_get_string(provider, "OpenConnect.VPNHost");
if (vpnhost == NULL)
vpnhost = vpn_provider_get_string(provider, "Host");
vpncookie = vpn_provider_get_string(provider, "OpenConnect.Cookie");
servercert = vpn_provider_get_string(provider,
"OpenConnect.ServerCert");
if (vpncookie == NULL || servercert == NULL) {
err = -EINVAL;
goto done;
}
task_append_config_data(provider, task);
connman_task_add_argument(task, "--servercert", servercert);
mtu = vpn_provider_get_string(provider, "VPN.MTU");
if (mtu != NULL)
connman_task_add_argument(task, "--mtu", (char *)mtu);
connman_task_add_argument(task, "--syslog", NULL);
connman_task_add_argument(task, "--cookie-on-stdin", NULL);
connman_task_add_argument(task, "--script",
SCRIPTDIR "/openconnect-script");
connman_task_add_argument(task, "--interface", if_name);
connman_task_add_argument(task, (char *)vpnhost, NULL);
err = connman_task_run(task, vpn_died, provider,
&fd, NULL, NULL);
if (err < 0) {
connman_error("openconnect failed to start");
err = -EIO;
goto done;
}
len = strlen(vpncookie);
if (write(fd, vpncookie, len) != (ssize_t)len ||
write(fd, "\n", 1) != 1) {
connman_error("openconnect failed to take cookie on stdin");
err = -EIO;
goto done;
}
done:
if (cb != NULL)
cb(provider, user_data, err);
return err;
}
static int oc_connect(struct vpn_provider *provider,
struct connman_task *task, const char *if_name)
{
const char *vpnhost, *vpncookie, *cafile, *certsha1, *mtu;
int fd, err;
vpnhost = vpn_provider_get_string(provider, "Host");
if (!vpnhost) {
connman_error("Host not set; cannot enable VPN");
return -EINVAL;
}
vpncookie = vpn_provider_get_string(provider, "OpenConnect.Cookie");
if (!vpncookie) {
connman_error("OpenConnect.Cookie not set; cannot enable VPN");
return -EINVAL;
}
certsha1 = vpn_provider_get_string(provider,
"OpenConnect.ServerCert");
if (certsha1)
connman_task_add_argument(task, "--servercert",
(char *)certsha1);
cafile = vpn_provider_get_string(provider, "OpenConnect.CACert");
mtu = vpn_provider_get_string(provider, "VPN.MTU");
if (cafile)
connman_task_add_argument(task, "--cafile",
(char *)cafile);
if (mtu)
connman_task_add_argument(task, "--mtu", (char *)mtu);
connman_task_add_argument(task, "--syslog", NULL);
connman_task_add_argument(task, "--cookie-on-stdin", NULL);
connman_task_add_argument(task, "--script",
SCRIPTDIR "/openconnect-script");
connman_task_add_argument(task, "--interface", if_name);
connman_task_add_argument(task, (char *)vpnhost, NULL);
err = connman_task_run(task, vpn_died, provider,
&fd, NULL, NULL);
if (err < 0) {
connman_error("openconnect failed to start");
return -EIO;
}
if (write(fd, vpncookie, strlen(vpncookie)) !=
(ssize_t)strlen(vpncookie) ||
write(fd, "\n", 1) != 1) {
connman_error("openconnect failed to take cookie on stdin");
return -EIO;
}
return 0;
}
static int l2tp_connect(struct connman_provider *provider,
struct connman_task *task, const char *if_name)
{
const char *host;
char *l2tp_name, *pppd_name;
int l2tp_fd, pppd_fd;
int err;
if (connman_task_set_notify(task, "getsec",
l2tp_get_sec, provider))
return -ENOMEM;
host = connman_provider_get_string(provider, "Host");
if (host == NULL) {
connman_error("Host not set; cannot enable VPN");
return -EINVAL;
}
l2tp_name = g_strdup_printf("/var/run/connman/connman-xl2tpd.conf");
l2tp_fd = open(l2tp_name, O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR);
if (l2tp_fd < 0) {
g_free(l2tp_name);
connman_error("Error writing l2tp config");
return -EIO;
}
pppd_name = g_strdup_printf("/var/run/connman/connman-ppp-option.conf");
pppd_fd = open(pppd_name, O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR);
if (pppd_fd < 0) {
connman_error("Error writing pppd config");
g_free(l2tp_name);
g_free(pppd_name);
close(l2tp_fd);
return -EIO;
}
l2tp_write_config(provider, pppd_name, l2tp_fd);
write_pppd_option(provider, pppd_fd);
connman_task_add_argument(task, "-D", NULL);
connman_task_add_argument(task, "-c", l2tp_name);
g_free(l2tp_name);
g_free(pppd_name);
err = connman_task_run(task, l2tp_died, provider,
NULL, NULL, NULL);
if (err < 0) {
connman_error("l2tp failed to start");
return -EIO;
}
return 0;
}
static int vc_connect(struct vpn_provider *provider,
struct connman_task *task, const char *if_name,
vpn_provider_connect_cb_t cb, const char *dbus_sender,
void *user_data)
{
const char *option;
int err = 0, fd;
option = vpn_provider_get_string(provider, "Host");
if (!option) {
connman_error("Host not set; cannot enable VPN");
err = -EINVAL;
goto done;
}
option = vpn_provider_get_string(provider, "VPNC.IPSec.ID");
if (!option) {
connman_error("Group not set; cannot enable VPN");
err = -EINVAL;
goto done;
}
connman_task_add_argument(task, "--non-inter", NULL);
connman_task_add_argument(task, "--no-detach", NULL);
connman_task_add_argument(task, "--ifname", if_name);
connman_task_add_argument(task, "--ifmode", "tun");
connman_task_add_argument(task, "--script",
SCRIPTDIR "/openconnect-script");
option = vpn_provider_get_string(provider, "VPNC.Debug");
if (option)
connman_task_add_argument(task, "--debug", option);
connman_task_add_argument(task, "-", NULL);
err = connman_task_run(task, vpn_died, provider,
&fd, NULL, NULL);
if (err < 0) {
connman_error("vpnc failed to start");
err = -EIO;
goto done;
}
err = vc_write_config_data(provider, fd);
close(fd);
done:
if (cb)
cb(provider, user_data, err);
return err;
}
static int run_connect(struct vpn_provider *provider,
struct connman_task *task, const char *if_name,
vpn_provider_connect_cb_t cb, void *user_data,
const char *username, const char *password)
{
char *l2tp_name, *pppd_name;
int l2tp_fd, pppd_fd;
int err;
if (!username || !password) {
DBG("Cannot connect username %s password %p",
username, password);
err = -EINVAL;
goto done;
}
DBG("username %s password %p", username, password);
l2tp_name = g_strdup_printf(VPN_STATEDIR "/connman-xl2tpd.conf");
l2tp_fd = open(l2tp_name, O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR);
if (l2tp_fd < 0) {
g_free(l2tp_name);
connman_error("Error writing l2tp config");
err = -EIO;
goto done;
}
pppd_name = g_strdup_printf(VPN_STATEDIR "/connman-ppp-option.conf");
pppd_fd = open(pppd_name, O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR);
if (pppd_fd < 0) {
connman_error("Error writing pppd config");
g_free(l2tp_name);
g_free(pppd_name);
close(l2tp_fd);
err = -EIO;
goto done;
}
l2tp_write_config(provider, pppd_name, l2tp_fd);
write_pppd_option(provider, pppd_fd);
connman_task_add_argument(task, "-D", NULL);
connman_task_add_argument(task, "-c", l2tp_name);
g_free(l2tp_name);
g_free(pppd_name);
close(l2tp_fd);
close(pppd_fd);
err = connman_task_run(task, l2tp_died, provider,
NULL, NULL, NULL);
if (err < 0) {
connman_error("l2tp failed to start");
err = -EIO;
goto done;
}
done:
if (cb)
cb(provider, user_data, err);
return err;
}
static int run_connect(struct vpn_provider *provider,
struct connman_task *task, const char *if_name,
vpn_provider_connect_cb_t cb, void *user_data,
const char *username, const char *password)
{
const char *opt_s, *host;
char *str;
int err, i;
host = vpn_provider_get_string(provider, "Host");
if (host == NULL) {
connman_error("Host not set; cannot enable VPN");
err = -EINVAL;
goto done;
}
if (username == NULL || password == NULL) {
DBG("Cannot connect username %s password %p",
username, password);
err = -EINVAL;
goto done;
}
vpn_provider_set_string(provider, "PPTP.User", username);
vpn_provider_set_string(provider, "PPTP.Password", password);
DBG("username %s password %p", username, password);
str = g_strdup_printf("%s %s --nolaunchpppd --loglevel 2",
PPTP, host);
if (str == NULL) {
connman_error("can not allocate memory");
err = -ENOMEM;
goto done;
}
connman_task_add_argument(task, "pty", str);
g_free(str);
connman_task_add_argument(task, "nodetach", NULL);
connman_task_add_argument(task, "lock", NULL);
connman_task_add_argument(task, "usepeerdns", NULL);
connman_task_add_argument(task, "noipdefault", NULL);
connman_task_add_argument(task, "noauth", NULL);
connman_task_add_argument(task, "nodefaultroute", NULL);
connman_task_add_argument(task, "ipparam", "pptp_plugin");
for (i = 0; i < (int)ARRAY_SIZE(pptp_options); i++) {
opt_s = vpn_provider_get_string(provider,
pptp_options[i].cm_opt);
if (opt_s == NULL)
opt_s = pptp_options[i].vpnc_default;
if (opt_s == NULL)
continue;
if (pptp_options[i].type == OPT_STRING)
connman_task_add_argument(task,
pptp_options[i].pptp_opt, opt_s);
else if (pptp_options[i].type == OPT_BOOL)
pptp_write_bool_option(task,
pptp_options[i].pptp_opt, opt_s);
}
connman_task_add_argument(task, "plugin",
SCRIPTDIR "/libppp-plugin.so");
err = connman_task_run(task, vpn_died, provider,
NULL, NULL, NULL);
if (err < 0) {
connman_error("pptp failed to start");
err = -EIO;
goto done;
}
done:
if (cb != NULL)
cb(provider, user_data, err);
return err;
}
static int ov_connect(struct connman_provider *provider,
struct connman_task *task, const char *if_name)
{
const char *option;
int err, fd;
option = connman_provider_get_string(provider, "Host");
if (option == NULL) {
connman_error("Host not set; cannot enable VPN");
return -EINVAL;
}
task_append_config_data(provider, task);
connman_task_add_argument(task, "--syslog", NULL);
connman_task_add_argument(task, "--script-security", "2");
connman_task_add_argument(task, "--up",
SCRIPTDIR "/openvpn-script");
connman_task_add_argument(task, "--up-restart", NULL);
connman_task_add_argument(task, "--setenv", NULL);
connman_task_add_argument(task, "CONNMAN_BUSNAME",
dbus_bus_get_unique_name(connection));
connman_task_add_argument(task, "--setenv", NULL);
connman_task_add_argument(task, "CONNMAN_INTERFACE",
CONNMAN_TASK_INTERFACE);
connman_task_add_argument(task, "--setenv", NULL);
connman_task_add_argument(task, "CONNMAN_PATH",
connman_task_get_path(task));
connman_task_add_argument(task, "--dev", if_name);
connman_task_add_argument(task, "--dev-type", "tun");
connman_task_add_argument(task, "--tls-client", NULL);
connman_task_add_argument(task, "--nobind", NULL);
connman_task_add_argument(task, "--persist-key", NULL);
connman_task_add_argument(task, "--persist-tun", NULL);
connman_task_add_argument(task, "--route-noexec", NULL);
connman_task_add_argument(task, "--ifconfig-noexec", NULL);
/*
* Disable client restarts because we can't handle this at the
* moment. The problem is that when OpenVPN decides to switch
* from CONNECTED state to RECONNECTING and then to RESOLVE,
* it is not possible to do a DNS lookup. The DNS server is
* not accessable through the tunnel anymore and so we end up
* trying to resolve the OpenVPN servers address.
*/
connman_task_add_argument(task, "--ping-restart", "0");
connman_task_add_argument(task, "--client", NULL);
fd = fileno(stderr);
err = connman_task_run(task, vpn_died, provider,
NULL, &fd, &fd);
if (err < 0) {
connman_error("openvpn failed to start");
return -EIO;
}
return 0;
}
