Send connman mailing list submissions to
[email protected]
To subscribe or unsubscribe via email, send a message with subject or
body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of connman digest..."
Today's Topics:
1. [PATCH v2 0/2] Remove GDateTime API usage (Daniel Wagner)
2. [PATCH v2 1/2] service: Remove GDateTime API usage (Daniel Wagner)
3. [PATCH v2 2/2] tools: Remove GDateTime API usage (Daniel Wagner)
4. Re: [RFC 1/2] Storage based service retrieval (Daniel Wagner)
5. [PATCH 00/10] Rewrite of OpenVPN plugin, VPN agent additions and VPN
provider fixes
(Jussi Laakkonen)
6. [PATCH 01/10] vpn-agent: Present l2tp/pptp password input requests
correctly
(Jussi Laakkonen)
7. [PATCH 02/10] vpn-agent: Allow control of VPN credential storage/retrieval
(Jussi Laakkonen)
8. [PATCH 03/10] doc: Document VPN agent credential storage/retrieval options
(Jussi Laakkonen)
----------------------------------------------------------------------
Date: Mon, 11 Nov 2019 09:52:35 +0100
From: Daniel Wagner <[email protected]>
Subject: [PATCH v2 0/2] Remove GDateTime API usage
To: [email protected]
Cc: Daniel Wagner <[email protected]>
Message-ID: <[email protected]>
As it turns out, the GDateTime was introduced in 2.26 but not the
iso8601 function.
changes since v1:
- added error handling
- use gettimeofday() like Glib does
- backwards compatibility added to string parser
Daniel Wagner (2):
service: Remove GDateTime API usage
tools: Remove GDateTime API usage
src/service.c | 59 +++++++++++++++++++++++++++++++---------------
tools/stats-tool.c | 13 +++-------
2 files changed, 43 insertions(+), 29 deletions(-)
--
2.23.0
------------------------------
Date: Mon, 11 Nov 2019 09:52:36 +0100
From: Daniel Wagner <[email protected]>
Subject: [PATCH v2 1/2] service: Remove GDateTime API usage
To: [email protected]
Cc: Daniel Wagner <[email protected]>
Message-ID: <[email protected]>
The g_date_time_new_from_iso8601() was introduced with GLib v2.56. We
don't want to update our version dependency. Instead just use plain
POSIX APIs. The Glib code uses gettimeofday() to implement
g_date_time_new_now(), so use the same interface to avoid breakage.
Furthermore, the Glib code writes the timestamps with sub seconds
values, e.g. "2019-10-20T14:45:31.079935Z". The new code only writes
with second precision. That means the string parser needs to be able
to deal with the old time and new format.
---
src/service.c | 59 ++++++++++++++++++++++++++++++++++-----------------
1 file changed, 40 insertions(+), 19 deletions(-)
diff --git a/src/service.c b/src/service.c
index 7e1446b7cf3b..ec4dea78c65f 100644
--- a/src/service.c
+++ b/src/service.c
@@ -30,6 +30,7 @@
#include <gdbus.h>
#include <ctype.h>
#include <stdint.h>
+#include <sys/time.h>
#include <connman/storage.h>
#include <connman/setting.h>
@@ -84,7 +85,7 @@ struct connman_service {
bool hidden;
bool ignore;
bool autoconnect;
- GDateTime *modified;
+ struct timeval modified;
unsigned int order;
char *name;
char *passphrase;
@@ -380,27 +381,50 @@ static void set_split_routing(struct connman_service
*service, bool value)
static void update_modified(struct connman_service *service)
{
- GTimeZone *tz;
+ gettimeofday(&service->modified, NULL);
+}
+
+static void update_modified_from_iso8601(struct connman_service *service, char
*str)
+{
+ time_t t;
+ struct tm tm;
+ char *p;
+
+ p = strptime(str, "%FT%T", &tm);
+ if (!p) {
+ DBG("Invalid time string");
+ return;
+ }
+
+ if (*p != 'Z') {
+ // backwards compatibility
+ if (*p != '.' || p[strlen(p) - 1] != 'Z') {
+ DBG("Invalid time string");
+ return;
+ }
+ }
- if (service->modified)
- g_date_time_unref(service->modified);
+ t = mktime(&tm);
+ if (t < 0)
+ return;
- tz = g_time_zone_new_local();
- service->modified = g_date_time_new_now(tz);
- g_time_zone_unref(tz);
+ service->modified.tv_sec = t;
+ service->modified.tv_usec = 0;
}
-static void update_modified_from_iso8601(struct connman_service *service,
- char *str)
+static char *get_modified_format_iso8601(struct connman_service *service)
{
- GTimeZone *tz;
+ char buf[255];
+ time_t t;
+ struct tm tm;
- if (service->modified)
- g_date_time_unref(service->modified);
+ t = service->modified.tv_sec;
+ if (!localtime_r(&t, &tm))
+ return NULL;
+ if (!strftime(buf, sizeof(buf), "%FT%TZ", &tm))
+ return NULL;
- tz = g_time_zone_new_local();
- service->modified = g_date_time_new_from_iso8601(str, tz);
- g_time_zone_unref(tz);
+ return g_strdup(buf);
}
int __connman_service_load_modifiable(struct connman_service *service)
@@ -728,7 +752,7 @@ static int service_save(struct connman_service *service)
break;
}
- str = g_date_time_format_iso8601(service->modified);
+ str = get_modified_format_iso8601(service);
if (str) {
g_key_file_set_string(keyfile, service->identifier,
"Modified", str);
@@ -5086,9 +5110,6 @@ static void service_free(gpointer user_data)
g_free(service->config_file);
g_free(service->config_entry);
- if (service->modified)
- g_date_time_unref(service->modified);
-
if (service->stats.timer)
g_timer_destroy(service->stats.timer);
if (service->stats_roaming.timer)
--
2.23.0
------------------------------
Date: Mon, 11 Nov 2019 09:52:37 +0100
From: Daniel Wagner <[email protected]>
Subject: [PATCH v2 2/2] tools: Remove GDateTime API usage
To: [email protected]
Cc: Daniel Wagner <[email protected]>
Message-ID: <[email protected]>
The g_date_time_new_from_iso8601() was introduced with GLib v2.56. We
don't want to update our version dependency. So let's use good old
POSIX APIs instead.
---
tools/stats-tool.c | 13 +++----------
1 file changed, 3 insertions(+), 10 deletions(-)
diff --git a/tools/stats-tool.c b/tools/stats-tool.c
index 193eed24565f..105dc4973edb 100644
--- a/tools/stats-tool.c
+++ b/tools/stats-tool.c
@@ -108,18 +108,11 @@ static char *option_last_file_name = NULL;
static bool parse_start_ts(const char *key, const char *value,
gpointer user_data, GError **error)
{
- GTimeZone *tz;
- GDateTime *dt;
+ struct tm tm;
- tz = g_time_zone_new_local();
- dt = g_date_time_new_from_iso8601(value, tz);
- g_time_zone_unref(tz);
- if (!dt)
- return false;
+ strptime(value, "%FT%TZ", &tm);
+ option_start_ts = mktime(&tm);
- option_start_ts = g_date_time_get_second(dt);
-
- g_date_time_unref(dt);
return true;
}
--
2.23.0
------------------------------
Date: Mon, 11 Nov 2019 10:12:55 +0100
From: Daniel Wagner <[email protected]>
Subject: Re: [RFC 1/2] Storage based service retrieval
To: "Ryll, Jan (GED-SDD2)" <[email protected]>, "[email protected]"
<[email protected]>
Message-ID: <[email protected]>
Content-Type: text/plain; charset=windows-1252; format=flowed
Hi Jan,
On 08.11.19 15:00, Ryll, Jan (GED-SDD2) wrote:
> Hi,
>
> this RFC seems to fit to my question “what if a wifi network service is
> not available anymore and I need to remove/clear the credential /
> Passphrase? How could I achieve this?”.
>
> So I read the comments and agree with Patrik. The GetKnownServices()
> method should return also the currently unavailable/absent networks for
> which a service folder exists.
Indeed, Patrik brings up a good point. Probably adding a call like
RemoveKnowService(Object Path) would work, where one can add a object
path retrieved via GetKnownServices().
Another thing which I would like to see is GetKnownServices returning
the information stored in the settings file. Just be looking at the
object path, it will be hard to figure which known service should be
deleted.
> In my case there are many service folders like
>
> /var/lib/connman/wifi_38b4d3ffe973_4c4544455f48435f32383434_managed_psk
>
> /var/lib/connman/wifi_38b4d3ffe973_4c45765455f484366f323758_managed_psk
>
> …
>
> This folders should be also removable after the change with the service
> remove functionality.
>
> Could this be a solution?
Yes, this sounds reasonable. A 'remove' should really clean up. So those
folder should be delete alongside.
Thanks,
Daniel
------------------------------
Date: Mon, 11 Nov 2019 16:01:44 +0200
From: Jussi Laakkonen <[email protected]>
Subject: [PATCH 00/10] Rewrite of OpenVPN plugin, VPN agent additions
and VPN provider fixes
To: [email protected]
Message-ID: <[email protected]>
This contains changes to three different components necessary for the OpenVPN
plugin rewrite. This work is a combined effort of 4 authors.
First, VPN agent is amended with three boolean control values in order to
allow controlling of credential storing, retrieval and whether to keep the old
credentials or not. The last one is meant to be used in situations where the
second credential request is to be done and the second credentials are not to
be stored, but the setting of AllowStoreCredentials to false should not affect
to storing of the main credentials. Also, the parametrization in the generic
requests of vpn-agent.c has been improved to support hiding of the password.
Second, vpn-provider.c is amended to handle ENOENT when connection callback is
called and to have a function to record an error without creating a signal out
of it and changing state. This is the case when the authentication credentials
are handled within the VPN process lifetime and it does not shutdown after the
credentials are invalid but requests them via other means from plugin. In such
case it is imperative just to record the error as otherwise signaling about
the error while the VPN process is still running would have undesired effects.
And last, VPN agent support was implemented to OpenVPN plugin. OpenVPN
management interface is used to get credential as well as encrypted private
key password requests. These requests are forwarded to VPN agent. Credential
request is same as with other VPN plugins but is handled within the OpenVPN
process lifetime, during which the credentials can be requested multiple times
without restart. For this reason each authentication error is not need to be
signaled but only recorded to inform VPN agent. The private key password
request is also a different case as the private key password is not to be
stored by the VPN agent. In this case VPN agent is requested not to store or
retrieve the private key password but is instructed to keep the other (main)
credentials.
David Llewellyn-Jones (2):
vpn-agent: Allow control of VPN credential storage/retrieval
doc: Document VPN agent credential storage/retrieval options
Jussi Laakkonen (7):
vpn-agent: Implement VPN agent setting to keep credentials
doc: Add KeepCredentials documentation to VPN agent API
vpn-provider: Expose __vpn_provider_get_ident() to plugins
vpn-provider: Add function to add errors without state change
vpn-provider: Handle ENOENT in connect_cb
openvpn: Rewrite plugin to support VPN agent and encrypted private
keys
doc: Add VPN agent API documentation for OpenVPN.PrivateKeyPassword
Matt Vogt (1):
vpn-agent: Present l2tp/pptp password input requests correctly
doc/vpn-agent-api.txt | 62 +++-
vpn/plugins/openvpn.c | 764 +++++++++++++++++++++++++++++++++++++++---
vpn/vpn-agent.c | 48 ++-
vpn/vpn-agent.h | 5 +
vpn/vpn-provider.c | 29 +-
vpn/vpn-provider.h | 2 +
vpn/vpn.h | 2 +-
7 files changed, 847 insertions(+), 65 deletions(-)
--
2.20.1
------------------------------
Date: Mon, 11 Nov 2019 16:01:45 +0200
From: Jussi Laakkonen <[email protected]>
Subject: [PATCH 01/10] vpn-agent: Present l2tp/pptp password input
requests correctly
To: [email protected]
Cc: Matt Vogt <[email protected]>
Message-ID: <[email protected]>
From: Matt Vogt <[email protected]>
Pass the proper type to request_input_append_user_info() instead of
always using "string" as type.
---
vpn/vpn-agent.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/vpn/vpn-agent.c b/vpn/vpn-agent.c
index aa73ec54..15b8a20d 100644
--- a/vpn/vpn-agent.c
+++ b/vpn/vpn-agent.c
@@ -105,6 +105,7 @@ void vpn_agent_append_host_and_name(DBusMessageIter *iter,
struct user_info_data {
struct vpn_provider *provider;
const char *username_str;
+ const char *type_str;
};
static void request_input_append_user_info(DBusMessageIter *iter,
@@ -112,10 +113,10 @@ static void
request_input_append_user_info(DBusMessageIter *iter,
{
struct user_info_data *data = user_data;
struct vpn_provider *provider = data->provider;
- const char *str = "string";
+ const char *str = NULL;
connman_dbus_dict_append_basic(iter, "Type",
- DBUS_TYPE_STRING, &str);
+ DBUS_TYPE_STRING, &data->type_str);
str = "mandatory";
connman_dbus_dict_append_basic(iter, "Requirement",
DBUS_TYPE_STRING, &str);
@@ -137,11 +138,13 @@ void vpn_agent_append_user_info(DBusMessageIter *iter,
.username_str = username_str
};
+ data.type_str = "string";
connman_dbus_dict_append_dict(iter, "Username",
request_input_append_user_info,
&data);
data.username_str = NULL;
+ data.type_str = "password";
connman_dbus_dict_append_dict(iter, "Password",
request_input_append_user_info,
&data);
--
2.20.1
------------------------------
Date: Mon, 11 Nov 2019 16:01:46 +0200
From: Jussi Laakkonen <[email protected]>
Subject: [PATCH 02/10] vpn-agent: Allow control of VPN credential
storage/retrieval
To: [email protected]
Cc: David Llewellyn-Jones <[email protected]>
Message-ID: <[email protected]>
From: David Llewellyn-Jones <[email protected]>
When using the VPN the UI can request credentials from the user. These
can optionally be stored if the user selects the option to store them in
the dialogue.
There may be times when the VPN should prevent the user from choosing to
store credentials. This change allows connman to request for them not to
be stored.
---
vpn/vpn-agent.c | 34 ++++++++++++++++++++++++++++++++++
vpn/vpn-agent.h | 4 ++++
2 files changed, 38 insertions(+)
diff --git a/vpn/vpn-agent.c b/vpn/vpn-agent.c
index 15b8a20d..dbed17f5 100644
--- a/vpn/vpn-agent.c
+++ b/vpn/vpn-agent.c
@@ -150,6 +150,40 @@ void vpn_agent_append_user_info(DBusMessageIter *iter,
&data);
}
+static void request_input_append_flag(DBusMessageIter *iter,
+ void *user_data)
+{
+ dbus_bool_t data = (dbus_bool_t)GPOINTER_TO_INT(user_data);
+ const char *str = NULL;
+
+ str = "boolean";
+ connman_dbus_dict_append_basic(iter, "Type",
+ DBUS_TYPE_STRING, &str);
+
+ str = "control";
+ connman_dbus_dict_append_basic(iter, "Requirement",
+ DBUS_TYPE_STRING, &str);
+
+ connman_dbus_dict_append_basic(iter, "Value",
+ DBUS_TYPE_BOOLEAN, &data);
+}
+
+void vpn_agent_append_allow_credential_storage(DBusMessageIter *iter,
+ bool allow)
+{
+ connman_dbus_dict_append_dict(iter, "AllowStoreCredentials",
+ request_input_append_flag,
+ GINT_TO_POINTER(allow));
+}
+
+void vpn_agent_append_allow_credential_retrieval(DBusMessageIter *iter,
+ bool allow)
+{
+ connman_dbus_dict_append_dict(iter, "AllowRetrieveCredentials",
+ request_input_append_flag,
+ GINT_TO_POINTER(allow));
+}
+
struct failure_data {
struct vpn_provider *provider;
const char* type_str;
diff --git a/vpn/vpn-agent.h b/vpn/vpn-agent.h
index 1dcaa4ec..89f4e81f 100644
--- a/vpn/vpn-agent.h
+++ b/vpn/vpn-agent.h
@@ -38,6 +38,10 @@ bool vpn_agent_check_reply_has_dict(DBusMessage *reply);
void vpn_agent_append_user_info(DBusMessageIter *iter,
struct vpn_provider *provider,
const char *username_str);
+void vpn_agent_append_allow_credential_storage(DBusMessageIter *iter,
+ bool allow);
+void vpn_agent_append_allow_credential_retrieval(DBusMessageIter *iter,
+ bool allow);
void vpn_agent_append_auth_failure(DBusMessageIter *iter,
struct vpn_provider *provider,
const char *information);
--
2.20.1
------------------------------
Date: Mon, 11 Nov 2019 16:01:47 +0200
From: Jussi Laakkonen <[email protected]>
Subject: [PATCH 03/10] doc: Document VPN agent credential
storage/retrieval options
To: [email protected]
Cc: David Llewellyn-Jones <[email protected]>
Message-ID: <[email protected]>
From: David Llewellyn-Jones <[email protected]>
Document the AllowStoreCredentials and AllowRetrieveCredentials added
to VPN agent API.
---
doc/vpn-agent-api.txt | 43 ++++++++++++++++++++++++++++++++++++++++---
1 file changed, 40 insertions(+), 3 deletions(-)
diff --git a/doc/vpn-agent-api.txt b/doc/vpn-agent-api.txt
index c27eddd5..6b74cf83 100644
--- a/doc/vpn-agent-api.txt
+++ b/doc/vpn-agent-api.txt
@@ -78,7 +78,7 @@ Fields string Username
string OpenConnect.ClientCert
Informational field containing a pkcs11 URL or a path
- name for the client certificate.
+ name for the client certificate.
string OpenConnect.Cookie
@@ -107,6 +107,22 @@ Fields string Username
Return the final VPN server to use after possible
web authentication logins, selections and redirections.
+ boolean AllowStoreCredentials
+
+ Indicates to the receiving UI whether the values
+ entered by the user can be stored for future use.
+ "Requirement" should be set to "control". A "Value"
+ of true indicates that the option to store the
+ credentials can be offered to the user, false
+ indicates that no such option should be presented.
+
+ boolean AllowRetrieveCredentials
+
+ Tells the receiving UI whether to attempt to retrieve
+ previously stored values. "Requirement" should be set
+ to "control". "Value" should be set to true if
+ previously stored values can be used, false otherwise.
+
string VpnAgent.AuthFailure
Informational field that can be used to indicate VPN
@@ -122,8 +138,8 @@ Arguments string Type
string Requirement
Contains the requirement option. Valid values are
- "mandatory", "optional", "alternate" or
- "informational".
+ "mandatory", "optional", "alternate", "informational"
+ and "control".
The "alternate" value specifies that this field can be
returned as an alternative to another one.
@@ -135,6 +151,11 @@ Arguments string Type
is here only to provide an information so a value is
attached to it.
+ A "control" argument is used to specify behaviour. The
+ effect will depend on the field name and value, but
+ control fields will not usually be presented directly
+ to the user, and are not expected to be returned.
+
array{string} Alternates
Contains the list of alternate field names this
@@ -174,3 +195,19 @@ Examples Requesting a username and password for L2TP
network
"Requirement" : "informational"
} }
==> { "OpenConnect.Cookie" : "0123456@adfsf@asasdf" }
+
+ Requesting a username and password but without allowing
+ the values entered by the user to be stored.
+
+ RequestInput("/vpn2",
+ { "Username" : { "Type" : "string",
+ "Requirement" : "mandatory"
+ } }
+ { "Password" : { "Type" : "password",
+ "Requirement" : "mandatory"
+ } }
+ { "AllowStoreCredentials" : { "Type" :
"boolean",
+ "Requirement" : "control",
+ "Value": false
+ } }
+ ==> { "Username" : "foo", "Password" : "secret123" }
--
2.20.1
------------------------------
Subject: Digest Footer
_______________________________________________
connman mailing list -- [email protected]
To unsubscribe send an email to [email protected]
------------------------------
End of connman Digest, Vol 49, Issue 11
***************************************
