Send connman mailing list submissions to
[email protected]
To subscribe or unsubscribe via email, send a message with subject or
body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of connman digest..."
Today's Topics:
1. [PATCH] l2tp: Remove use of lock option for pppd (Jussi Laakkonen)
2. [PATCH] vpn: Set to use C locale with tasks used for running VPN processes
(Jussi Laakkonen)
3. Re: [PATCH] vpn: Set to use C locale with tasks used for running VPN
processes
(David Woodhouse)
4. Re: [PATCH] vpn: Set to use C locale with tasks used for running VPN
processes
(Jussi Laakkonen)
5. [PATCH v2] vpnc: Set to use C locale prior to running the task
(Jussi Laakkonen)
----------------------------------------------------------------------
Date: Thu, 24 Oct 2019 11:14:37 +0300
From: Jussi Laakkonen <[email protected]>
Subject: [PATCH] l2tp: Remove use of lock option for pppd
To: [email protected]
Message-ID: <[email protected]>
Content-Type: text/plain; charset=UTF-8
Connection with L2TP plugin cannot be established if the "lock" option
is used. When running xl2tpd in terminal with the file content created
by the plugin following is reported and connection fails:
xl2tpd -D -C control -c connman-xl2tpd.conf
xl2tpd[17773]: setsockopt recvref[30]: Protocol not available
xl2tpd[17773]: Using l2tp kernel support.
xl2tpd[17773]: xl2tpd version xl2tpd-1.3.8 started on Sailfish PID:17773
xl2tpd[17773]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
xl2tpd[17773]: Forked by Scott Balmos and David Stipp, (C) 2001
xl2tpd[17773]: Inherited by Jeff McAdams, (C) 2002
xl2tpd[17773]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
xl2tpd[17773]: Listening on IP address a.b.c.d, port 32000
xl2tpd[17773]: Connecting to host w.x.y.z, port 1701
xl2tpd[17773]: Connection established to w.x.y.z, 1701. Local: 18554, Remote:
20429 (ref=0/0).
xl2tpd[17773]: Calling on tunnel 18554
xl2tpd[17773]: Call established with w.x.y.z, Local: 42029, Remote: 24137,
Serial: 1 (ref=0/0)
xl2tpd[17773]: start_pppd: I'm running:
xl2tpd[17773]: "/usr/sbin/pppd"
xl2tpd[17773]: "plugin"
xl2tpd[17773]: "pppol2tp.so"
xl2tpd[17773]: "pppol2tp"
xl2tpd[17773]: "7"
xl2tpd[17773]: "passive"
xl2tpd[17773]: "nodetach"
xl2tpd[17773]: ":" ยง
xl2tpd[17773]: "name"
xl2tpd[17773]: "user"
xl2tpd[17773]: "file"
xl2tpd[17773]: "/path/to/l2tp/connman-ppp-option.conf"
/usr/sbin/pppd: In file /path/to/l2tp/connman-ppp-option.conf: unrecognized
option 'lock'
xl2tpd[17773]: child_handler : pppd exited for call 24137 with code 2
xl2tpd[17773]: call_close: Call 42029 to w.x.y.z disconnected
xl2tpd[17773]: write_packet: tty is not open yet.
xl2tpd[17773]: Terminating pppd: sending TERM signal to pid 17774
xl2tpd[17773]: get_call: can't find call 42029 in tunnel 18554
(ref=0/0)xl2tpd[17773]: get_call: can't find call 42029 in tunnel 18554
Tested with PPP built from commit
8e77984ac5d7acbe68b2b2f590abd17564c9730d.
---
vpn/plugins/l2tp.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/vpn/plugins/l2tp.c b/vpn/plugins/l2tp.c
index 2255daaa..705c87af 100644
--- a/vpn/plugins/l2tp.c
+++ b/vpn/plugins/l2tp.c
@@ -381,7 +381,6 @@ static int write_pppd_option(struct vpn_provider *provider,
int fd)
const char *opt_s;
l2tp_write_option(fd, "nodetach", NULL);
- l2tp_write_option(fd, "lock", NULL);
l2tp_write_option(fd, "logfd", "2");
l2tp_write_option(fd, "usepeerdns", NULL);
l2tp_write_option(fd, "noipdefault", NULL);
--
2.20.1
------------------------------
Date: Thu, 24 Oct 2019 13:20:23 +0300
From: Jussi Laakkonen <[email protected]>
Subject: [PATCH] vpn: Set to use C locale with tasks used for running
VPN processes
To: [email protected]
Message-ID: <[email protected]>
Set LANG and LC_ALL to C locale for each task used to run VPN processes.
This ensures that no translations are used.
The user for running VPN process can be changed with DACPrivileges
configuration (see commit 171989601a7a4fadafda20a7e6d30e9ada3fb516). If
the user is changed to other than what connman is ran with a specific
language may have been set. Plugins relying on correct output would fail in
such case.
---
vpn/plugins/vpn.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/vpn/plugins/vpn.c b/vpn/plugins/vpn.c
index eef8550e..16946c80 100644
--- a/vpn/plugins/vpn.c
+++ b/vpn/plugins/vpn.c
@@ -624,6 +624,15 @@ static int vpn_connect(struct vpn_provider *provider,
goto exist_err;
}
+ /*
+ * Change to use C locale, some VPN plugins use screen scraping for
+ * error parsing. To be on the safe side, set both LANG and LC_ALL.
+ * This is required especially when the VPN processes are ran using
+ * user other than root.
+ */
+ connman_task_add_variable(data->task,"LANG", "C");
+ connman_task_add_variable(data->task,"LC_ALL", "C");
+
ret = vpn_driver_data->vpn_driver->connect(provider, data->task,
data->if_name, cb, dbus_sender,
user_data);
--
2.20.1
------------------------------
Date: Thu, 24 Oct 2019 11:28:47 +0100
From: David Woodhouse <[email protected]>
Subject: Re: [PATCH] vpn: Set to use C locale with tasks used for
running VPN processes
To: [email protected],Jussi Laakkonen <[email protected]>
Message-ID: <[email protected]>
Content-Type: multipart/alternative;
boundary="----TPO4OZH2LUYBKDZIROAVU2CMVBTEEE"
------TPO4OZH2LUYBKDZIROAVU2CMVBTEEE
Content-Type: text/plain;
charset=utf-8
Content-Transfer-Encoding: quoted-printable
I suspect this is going to break anything using non-ASCII passwords=2E Open=
Connect is not designed to be screen-scraped=2E As discussed, it has interf=
aces which *are* designed to be used in this circumstance=2E
On 24 October 2019 11:20:23 BST, Jussi Laakkonen <jussi=2Elaakkonen@jolla=
=2Ecom> wrote:
>Set LANG and LC_ALL to C locale for each task used to run VPN
>processes=2E
>This ensures that no translations are used=2E
>
>The user for running VPN process can be changed with DACPrivileges
>configuration (see commit 171989601a7a4fadafda20a7e6d30e9ada3fb516)=2E If
>the user is changed to other than what connman is ran with a specific
>language may have been set=2E Plugins relying on correct output would
>fail in
>such case=2E
>---
> vpn/plugins/vpn=2Ec | 9 +++++++++
> 1 file changed, 9 insertions(+)
>
>diff --git a/vpn/plugins/vpn=2Ec b/vpn/plugins/vpn=2Ec
>index eef8550e=2E=2E16946c80 100644
>--- a/vpn/plugins/vpn=2Ec
>+++ b/vpn/plugins/vpn=2Ec
>@@ -624,6 +624,15 @@ static int vpn_connect(struct vpn_provider
>*provider,
> goto exist_err;
> }
>=20
>+ /*
>+ * Change to use C locale, some VPN plugins use screen scraping for
>+ * error parsing=2E To be on the safe side, set both LANG and LC_ALL=2E
>+ * This is required especially when the VPN processes are ran using
>+ * user other than root=2E
>+ */
>+ connman_task_add_variable(data->task,"LANG", "C");
>+ connman_task_add_variable(data->task,"LC_ALL", "C");
>+
> ret =3D vpn_driver_data->vpn_driver->connect(provider, data->task,
> data->if_name, cb, dbus_sender,
> user_data);
>--=20
>2=2E20=2E1
>_______________________________________________
>connman mailing list -- connman@lists=2E01=2Eorg
>To unsubscribe send an email to connman-leave@lists=2E01=2Eorg
--=20
Sent from my Android device with K-9 Mail=2E Please excuse my brevity=2E
------TPO4OZH2LUYBKDZIROAVU2CMVBTEEE
Content-Type: text/html;
charset=utf-8
Content-Transfer-Encoding: quoted-printable
<html><head></head><body>I suspect this is going to break anything using no=
n-ASCII passwords=2E OpenConnect is not designed to be screen-scraped=2E As=
discussed, it has interfaces which *are* designed to be used in this circu=
mstance=2E<br><br><br><div class=3D"gmail_quote">On 24 October 2019 11:20:2=
3 BST, Jussi Laakkonen <jussi=2Elaakkonen@jolla=2Ecom> wrote:<blockqu=
ote class=3D"gmail_quote" style=3D"margin: 0pt 0pt 0pt 0=2E8ex; border-left=
: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<pre class=3D"k9mail">Set LANG and LC_ALL to C locale for each task used t=
o run VPN processes=2E<br>This ensures that no translations are used=2E<br>=
<br>The user for running VPN process can be changed with DACPrivileges<br>c=
onfiguration (see commit 171989601a7a4fadafda20a7e6d30e9ada3fb516)=2E If<br=
>the user is changed to other than what connman is ran with a specific<br>l=
anguage may have been set=2E Plugins relying on correct output would fail i=
n<br>such case=2E<hr> vpn/plugins/vpn=2Ec | 9 +++++++++<br> 1 file changed,=
9 insertions(+)<br><br>diff --git a/vpn/plugins/vpn=2Ec b/vpn/plugins/vpn=
=2Ec<br>index eef8550e=2E=2E16946c80 100644<br>--- a/vpn/plugins/vpn=2Ec<br=
>+++ b/vpn/plugins/vpn=2Ec<br>@@ -624,6 +624,15 @@ static int vpn_connect(s=
truct vpn_provider *provider,<br> goto exist_err;<br> }<br>
<br>+ /*<br>=
+ * Change to use C locale, some VPN plugins use screen scraping
for<br>+ =
* error parsing=2E To be on the safe side, set both LANG and LC_ALL=2E<br>=
+ * This is required especially when the VPN processes are ran
using<br>+ =
* user other than root=2E<br>+ */<br>+
connman_task_add_variable(data->=
;task,"LANG", "C");<br>+
connman_task_add_variable(data->task,"LC_ALL", =
"C");<br>+<br> ret =3D vpn_driver_data->vpn_driver->connect(provider=
, data->task,<br>
data->if_name, cb, dbus_sender,<br>
use=
r_data);</pre></blockquote></div><br>-- <br>Sent from my Android device wit=
h K-9 Mail=2E Please excuse my brevity=2E</body></html>
------TPO4OZH2LUYBKDZIROAVU2CMVBTEEE--
------------------------------
Date: Thu, 24 Oct 2019 13:34:51 +0300
From: Jussi Laakkonen <[email protected]>
Subject: Re: [PATCH] vpn: Set to use C locale with tasks used for
running VPN processes
To: David Woodhouse <[email protected]>, [email protected]
Message-ID: <[email protected]>
Content-Type: text/plain; charset=utf-8; format=flowed
Hi David,
On 10/24/19 1:28 PM, David Woodhouse wrote:
> I suspect this is going to break anything using non-ASCII passwords.
> OpenConnect is not designed to be screen-scraped. As discussed, it has
> interfaces which *are* designed to be used in this circumstance.
>
Thanks for raising this concern. It may be indeed that this should be
applied only for the VPNC plugin, as it clearly states that content is
to be in ASCII mode. I thought I get best input here. Thanks.
I'll change this to set the LANG/LC_ALL only with VPNC plugin. The
OpenConnect change is in the works as we speak.
BR,
Jussi
------------------------------
Date: Thu, 24 Oct 2019 14:00:30 +0300
From: Jussi Laakkonen <[email protected]>
Subject: [PATCH v2] vpnc: Set to use C locale prior to running the
task
To: [email protected]
Message-ID: <[email protected]>
Set LANG and LC_ALL to C locale for the VPNC process. This ensures that
no translations are used. VPNC relies on errors printed to stderr, and
having translated content makes plugin fail. All VPNC options are ASCII
string according to specifiation.
The user for running VPN process can be changed with DACPrivileges
configuration (see commit 171989601a7a4fadafda20a7e6d30e9ada3fb516). If
the user is changed to other than what connman is ran with a specific
language may have been set.
---
Changes since V2:
* Set LANG and LC_ALL only for VPNC plugin. It may be too risky to set
this for all plugins by default, hence the potential breakage of non-
ASCII passwords noted by David Woodhouse.
vpn/plugins/vpnc.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/vpn/plugins/vpnc.c b/vpn/plugins/vpnc.c
index 8927a6f7..632e680f 100644
--- a/vpn/plugins/vpnc.c
+++ b/vpn/plugins/vpnc.c
@@ -450,6 +450,15 @@ static int run_connect(struct vc_private_data *data)
DBG("provider %p task %p interface %s user_data %p", provider, task,
if_name, data->user_data);
+ /*
+ * Change to use C locale, options should be in ASCII according to
+ * documentation. To be on the safe side, set both LANG and LC_ALL.
+ * This is required especially when the VPNC processe is ran using an
+ * user other than root.
+ */
+ connman_task_add_variable(task,"LANG", "C");
+ connman_task_add_variable(task,"LC_ALL", "C");
+
connman_task_add_argument(task, "--non-inter", NULL);
connman_task_add_argument(task, "--no-detach", NULL);
--
2.20.1
------------------------------
Subject: Digest Footer
_______________________________________________
connman mailing list -- [email protected]
To unsubscribe send an email to [email protected]
------------------------------
End of connman Digest, Vol 48, Issue 31
***************************************
