Send connman mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.01.org/mailman/listinfo/connman
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of connman digest..."
Today's Topics:
1. Re: [PATCH 1/5] vpn: Move settings from main.c to
vpn-settings.c (Daniel Wagner)
2. Re: [PATCH v2 2/5] vpn: Add support for configurable DAC
privileges in settings. (Daniel Wagner)
3. Re: [PATCH v2 3/5] task: Add support for a custom setup
function (Daniel Wagner)
4. Re: [PATCH v2 4/5] vpn: Run VPN plugin binaries with
configurable DAC privileges (Daniel Wagner)
5. Re: [PATCH v2 5/5] man: Document DAC privilege configuration
in VPN configuration file (Daniel Wagner)
6. Re: [PATCH] dnsproxy: Remove DNS servers of disconnected/idle
service (Daniel Wagner)
7. Re: [PATCH] config: Add support matching on device name for
provisioning (Daniel Wagner)
8. Re: [PATCH v2 5/5] man: Document DAC privilege configuration
in VPN configuration file (Jussi Laakkonen)
9. Re: [PATCH v2 3/5] task: Add support for a custom setup
function (Jussi Laakkonen)
----------------------------------------------------------------------
Message: 1
Date: Thu, 9 May 2019 08:50:01 +0200
From: Daniel Wagner <[email protected]>
To: Jussi Laakkonen <[email protected]>, [email protected]
Subject: Re: [PATCH 1/5] vpn: Move settings from main.c to
vpn-settings.c
Message-ID: <[email protected]>
Content-Type: text/plain; charset=utf-8; format=flowed
Hi Jussi,
On 4/29/19 5:39 PM, Jussi Laakkonen wrote:
> Move VPN settings to vpn-settings.c.
Patch applied.
Thansk,
Daniel
------------------------------
Message: 2
Date: Thu, 9 May 2019 08:51:11 +0200
From: Daniel Wagner <[email protected]>
To: Jussi Laakkonen <[email protected]>
Cc: [email protected]
Subject: Re: [PATCH v2 2/5] vpn: Add support for configurable DAC
privileges in settings.
Message-ID: <[email protected]>
Content-Type: text/plain; charset=utf-8; format=flowed
Hi Jussi,
On 5/2/19 12:51 PM, Jussi Laakkonen wrote:
> This adds support for configurable DAC privileges (user, group and
> supplementary groups) set by connman-vpnd when running VPN binary for a
> VPN plugin.
Patch applied after nitpicking a bit...
> +char **vpn_settings_get_binary_supplementary_groups
> + (struct vpn_plugin_data *data)
I changed the formating here...
> +{
> + if (data && data->binary_supplementary_groups)
> + return data->binary_supplementary_groups;
> +
> + return connman_vpn_settings.binary_supplementary_groups;
> +}
> +
> unsigned int __vpn_settings_get_timeout_inputreq()
> {
> return connman_vpn_settings.timeout_inputreq;
> }
>
> +static char *get_string(GKeyFile *config, const char *group, const char *key)
> +{
> + char *str = g_key_file_get_string(config, group, key, NULL);
> + return str ? g_strstrip(str) : NULL;
> +}
> +
> +static char **get_string_list(GKeyFile *config, const char *group,
> + const char *key)
and here.
Thanks,
Daniel
------------------------------
Message: 3
Date: Thu, 9 May 2019 08:52:55 +0200
From: Daniel Wagner <[email protected]>
To: Jussi Laakkonen <[email protected]>
Cc: [email protected]
Subject: Re: [PATCH v2 3/5] task: Add support for a custom setup
function
Message-ID: <[email protected]>
Content-Type: text/plain; charset=utf-8; format=flowed
Hi Jussi,
On 5/2/19 12:51 PM, Jussi Laakkonen wrote:
> This commit adds support for a custom setup function for a task with an
> additional user data. The callback function prototype is simple:
> void (* connman_task_setup_t) (void *setup_data);
>
> Purpose of this is to do custom work when task is being setup. Callback
> function is registered at connman_task_create() and is executed as final
> step in task_setup() using the additional task setup user data.
Patch applied after
> ---
>
> Changes since V2:
> * Rename custom_setup_func to setup_func
> * Rename user_data to setup_data to follow same naming convention
>
> include/task.h | 6 +++++-
> src/task.c | 13 ++++++++++++-
> vpn/plugins/vpn.c | 2 +-
> 3 files changed, 18 insertions(+), 3 deletions(-)
>
> diff --git a/include/task.h b/include/task.h
> index 9977d634..dd67e7d2 100644
> --- a/include/task.h
> +++ b/include/task.h
> @@ -42,7 +42,11 @@ typedef void (* connman_task_exit_t) (struct connman_task
> *task,
> typedef DBusMessage * (* connman_task_notify_t) (struct connman_task *task,
> DBusMessage *message, void *user_data);
>
> -struct connman_task *connman_task_create(const char *program);
> +typedef void (* connman_task_setup_t) (void *setup_data);
> +
> +struct connman_task *connman_task_create(const char *program,
> + connman_task_setup_t custom_task_setup,
s/custom_task_setup/task_setup/
> - data->task = connman_task_create(vpn_driver_data->program);
> + data->task = connman_task_create(vpn_driver_data->program, NULL);
and adding additional NULL argument. A test compile run complained :)
Thanks,
Daniel
------------------------------
Message: 4
Date: Thu, 9 May 2019 08:53:31 +0200
From: Daniel Wagner <[email protected]>
To: Jussi Laakkonen <[email protected]>, [email protected]
Subject: Re: [PATCH v2 4/5] vpn: Run VPN plugin binaries with
configurable DAC privileges
Message-ID: <[email protected]>
Content-Type: text/plain; charset=utf-8; format=flowed
Hi Jussi,
On 5/2/19 12:51 PM, Jussi Laakkonen wrote:
> This enables to support running VPN plugin binaries with configurable
> DAC privileges. Function vpn_task_setup() is registered as a custom
> setup callback function into task.c and is called when the task setup
> function is called prior to running the task.
>
> When a VPN plugin registers itself (with vpn_register()) the DAC
> privilege configuration for it is loaded from config with
> vpn_settings_parse_vpn_plugin_config(). This configuration is stored by
> vpn-settings.c and is free'd when the VPN plugin is unregistered with
> vpn_unregister(). DAC privilege configuration of a plugin is passed as
> custom setup user data to connman_task_create() when vpn_connect() is
> called.
>
> DAC privilege configuration is set when a VPN plugin is to be connected
> (vpn_task_setup() is called). Function vpn_task_setup() sets the DAC
> privileges in following order: change group, set supplementary groups
> and change user id. Use of setgid(), setgroups() and setuid() needs
> CAP_SETGID and CAP_SETUID capabilities.
Patch applied.
Thanks,
Daniel
------------------------------
Message: 5
Date: Thu, 9 May 2019 08:54:33 +0200
From: Daniel Wagner <[email protected]>
To: Jussi Laakkonen <[email protected]>
Cc: [email protected]
Subject: Re: [PATCH v2 5/5] man: Document DAC privilege configuration
in VPN configuration file
Message-ID: <[email protected]>
Content-Type: text/plain; charset=utf-8; format=flowed
Hi Jussi,
On 5/2/19 12:51 PM, Jussi Laakkonen wrote:
> Added documentation of the DAC privilege configuration to manual pages.
> Detailed both connman-vpn.conf and VPN plugin specific configuration.
Patch applied after
> +.P
> +DAC privileges (user, group and supplementary groups) of a VPN binary ran by
> \fBconnman-vpn\fP(8) can be controlled by this configuration. Configuration in
> +.B connman-vpn.conf
> +is for all VPN types and can be overridden by defining separate configs into
> +.B @sysconfdir@/connman/vpn-plugin/
> +using the plugin name + .conf suffix using the same syntax. For example, for
> OpenVPN the path to config is
> +.B @sysconfdir@/connman/vpn-plugin/openvpn.conf
> +which will override any value in the main configuration.
adding a couple of newlines in order to shorten the line length.
Please verify that I didn't break anything.
Thanks,
Daniel
------------------------------
Message: 6
Date: Thu, 9 May 2019 08:59:43 +0200
From: Daniel Wagner <[email protected]>
To: Jussi Laakkonen <[email protected]>
Cc: [email protected]
Subject: Re: [PATCH] dnsproxy: Remove DNS servers of disconnected/idle
service
Message-ID: <[email protected]>
Content-Type: text/plain; charset=utf-8; format=flowed
Hi Jussi,
On 5/6/19 5:35 PM, Jussi Laakkonen wrote:
> This addresses the issue of having changing interface indexes with,
> e.g., VPNs that causes the DNS servers to accumulate in the list when
> the index of a VPN changes but the service and DNS server addresses
> remain the same. Reason for this is how find_server() behaves when
> adding new DNS servers.
>
> VPNs can change interface index more rapidly as they can be connected
> when the previous VPN connection is still disconnecting or cleaning up
> and the previous interface is up so new interface for the new VPN
> connection is brought up. The service, however, is still the same and so
> are the DNS servers.
>
> When such thing happens and the DNS servers do not change,
> "src/dnsproxy.c:ns_resolv() Cannot send message to server 8.8.8.8 sock
> 47 protocol 17 (Invalid argument/22)" is given as error. If there are
> no new DNS servers set by the new VPN connection DNS does not work until
> there is some other change triggering. Reason for this is that connected
> UDP sockets are used and when the error happens "netstat -un" displays
> bunch of connections with IP different to what is currently used.
>
> By adding this service state listener enabling removal of the DNS
> servers of the disconnecting/idle service the issue described is
> eliminated. Removal of the DNS servers is done using the index of the
> disconnecting service, allowing to remove the DNS servers of a service
> that has begun its disconnection process. As a result the DNS server
> list keeps clean and when the VPN is re-connected with new interface the
> DNS servers are added again but they have correct interfaces set and
> further DNS requests can be sent.
Thanks for the bugfix! Patch applied.
Daniel
------------------------------
Message: 7
Date: Thu, 9 May 2019 09:01:22 +0200
From: Daniel Wagner <[email protected]>
To: [email protected]
Subject: Re: [PATCH] config: Add support matching on device name for
provisioning
Message-ID: <[email protected]>
Content-Type: text/plain; charset=utf-8; format=flowed
On 4/29/19 9:22 PM, Daniel Wagner wrote:
> While matching on the MAC address is working for plain interfaces, it
> wont work for managing VLAN interfaces. The VLAN interfaces share the
> same MAC address with the parent interface.
>
> The argument that the MAC address is the only stable way to identify a
> device is a bit weak because the MAC can be changed via udev or other
> means.
>
> Furthermore, with systemd's feature of stable interface name it makes
> things a lot easier for embedded system with a pre-provisioning
> rootfs. Such devices have different MAC address but all of them have
> the same interface name.
Patch applied.
------------------------------
Message: 8
Date: Thu, 9 May 2019 10:13:17 +0300
From: Jussi Laakkonen <[email protected]>
To: Daniel Wagner <[email protected]>
Cc: [email protected]
Subject: Re: [PATCH v2 5/5] man: Document DAC privilege configuration
in VPN configuration file
Message-ID: <[email protected]>
Content-Type: text/plain; charset=utf-8; format=flowed
Hi Daniel,
On 5/9/19 9:54 AM, Daniel Wagner wrote:
> Hi Jussi,
>
> On 5/2/19 12:51 PM, Jussi Laakkonen wrote:
>> Added documentation of the DAC privilege configuration to manual pages.
>> Detailed both connman-vpn.conf and VPN plugin specific configuration.
>
> Patch applied after
>
>> +.P
>> +DAC privileges (user, group and supplementary groups) of a VPN binary
>> ran by \fBconnman-vpn\fP(8) can be controlled by this configuration.
>> Configuration in
>> +.B connman-vpn.conf
>> +is for all VPN types and can be overridden by defining separate
>> configs into
>> +.B @sysconfdir@/connman/vpn-plugin/
>> +using the plugin name + .conf suffix using the same syntax. For
>> example, for OpenVPN the path to config is
>> +.B? @sysconfdir@/connman/vpn-plugin/openvpn.conf
>> +which will override any value in the main configuration.
>
> adding a couple of newlines in order to shorten the line length.
>
> Please verify that I didn't break anything.
>
The changes you made on the formatting are merely cosmetic changes.
Those are fine.
I usually tend to forget some formatting rules as the style I've used
pleases my eyes more :). But no worries.
> Thanks,
> Daniel
Cheers,
Jussi
------------------------------
Message: 9
Date: Thu, 9 May 2019 10:41:18 +0300
From: Jussi Laakkonen <[email protected]>
To: Daniel Wagner <[email protected]>
Cc: [email protected]
Subject: Re: [PATCH v2 3/5] task: Add support for a custom setup
function
Message-ID: <[email protected]>
Content-Type: text/plain; charset=utf-8; format=flowed
Hi Daniel,
On 5/9/19 9:52 AM, Daniel Wagner wrote:
> Hi Jussi,
>
> On 5/2/19 12:51 PM, Jussi Laakkonen wrote:
>> This commit adds support for a custom setup function for a task with an
>> additional user data. The callback function prototype is simple:
>> void (* connman_task_setup_t) (void *setup_data);
>>
>> Purpose of this is to do custom work when task is being setup. Callback
>> function is registered at connman_task_create() and is executed as final
>> step in task_setup() using the additional task setup user data.
>
> Patch applied after
>
>> ---
>>
>> Changes since V2:
>> ? * Rename custom_setup_func to setup_func
>> ? * Rename user_data to setup_data to follow same naming convention
>>
>> ? include/task.h??? |? 6 +++++-
>> ? src/task.c??????? | 13 ++++++++++++-
>> ? vpn/plugins/vpn.c |? 2 +-
>> ? 3 files changed, 18 insertions(+), 3 deletions(-)
>>
>> diff --git a/include/task.h b/include/task.h
>> index 9977d634..dd67e7d2 100644
>> --- a/include/task.h
>> +++ b/include/task.h
>> @@ -42,7 +42,11 @@ typedef void (* connman_task_exit_t) (struct
>> connman_task *task,
>> ? typedef DBusMessage * (* connman_task_notify_t) (struct connman_task
>> *task,
>> ????????????????? DBusMessage *message, void *user_data);
>> -struct connman_task *connman_task_create(const char *program);
>> +typedef void (* connman_task_setup_t) (void *setup_data);
>> +
>> +struct connman_task *connman_task_create(const char *program,
>> +??????????????? connman_task_setup_t custom_task_setup,
>
> s/custom_task_setup/task_setup/
>
>> -??? data->task = connman_task_create(vpn_driver_data->program);
>> +??? data->task = connman_task_create(vpn_driver_data->program, NULL);
>
> and adding additional NULL argument. A test compile run complained :)
>
Ah, sorry, my bad. I usually compile after applying all patches to
master, not in between them. There was something amiss in the splitting
process of this from our fork to upstream. Thank you for fixing this :)
> Thanks,
> Daniel
Cheers,
Jussi
------------------------------
Subject: Digest Footer
_______________________________________________
connman mailing list
[email protected]
https://lists.01.org/mailman/listinfo/connman
------------------------------
End of connman Digest, Vol 43, Issue 10
***************************************
