Send connman mailing list submissions to
        connman@lists.01.org

To subscribe or unsubscribe via email, send a message with subject or
body 'help' to
        connman-requ...@lists.01.org

You can reach the person managing the list at
        connman-ow...@lists.01.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of connman digest..."

Today's Topics:

   1. Re: [PATCH 09/11] service: Change IPv6 support if split routing value 
changes on IPv4 VPN
      (Jussi Laakkonen)
   2. RE: [PATCH] service: Prevent auto connection during passphrase request
      (VAUTRIN Emmanuel (Canal Plus Prestataire))
   3. RE: [PATCH] timeserver: Fix time update manual->auto at startup
      (VAUTRIN Emmanuel (Canal Plus Prestataire))


----------------------------------------------------------------------

Date: Wed, 7 Apr 2021 13:57:05 +0300
From: Jussi Laakkonen <jussi.laakko...@jolla.com>
Subject: Re: [PATCH 09/11] service: Change IPv6 support if split
        routing value changes on IPv4 VPN
To: Daniel Wagner <w...@monom.org>
Cc: connman@lists.01.org
Message-ID: <2a3e20ec-8af6-8103-20bc-9c7be57d5...@jolla.com>
Content-Type: text/plain; charset=utf-8; format=flowed

Hi Daniel,

On 4/6/21 9:49 PM, Daniel Wagner wrote:
> On Tue, Apr 06, 2021 at 05:00:23PM +0300, Jussi Laakkonen wrote:
>>>> Just expose that facility from core ConnMan and let the VPN providers
>>>> use it as they desire.
>>
>> I actually had this in mind as a next step to have a per provider option to
>> really control whether to disable IPv6 or not. Some amount of work goes to
>> that as well and I think OpenConnect and WireGuard plugins are ones that are
>> capable of both v4 and v6.
>>
>> What do you Daniel say, should I try to include that per provider option
>> here or work it as later, and perhaps amend the TODO on that part?
> 
> This makes sense to me. I think we shouldn't encoded the policy into
> the core itself. Probably it would be good to have the interface and
> config interface sorted out first.
> 

I was thinking a simple boolean to struct connman_provider, which is 
changed via PropertyChanged signals that are listened by plugins/vpn.c 
and are emitted by vpn/vpn-provider.c. That boolean then replaces the 
usages of
     if (provider->family == AF_INET)

and is by default set as "true" to indicate that IPv6 should be disabled.

The value then can be changed by the a VPN using the:
     vpn_provider.c:vpn_provider_set_boolean().


In order to minimize changes I though this to be true by default, as I 
mentioned in other mails to the list, many of the VPN plugins still use 
IPv4 only. But you'd prefer future proofing more it is all the same to 
me to do it just the opposite. Still, security is for me an opt-out 
always :).

Or did you have something else in mind? I'm not sure if I followed the 
last sentence of yours.

Cheers,
  Jussi

------------------------------

Date: Wed, 7 Apr 2021 15:08:48 +0000
From: "VAUTRIN Emmanuel (Canal Plus Prestataire)"
        <emmanuel.vaut...@cpexterne.org>
Subject: RE: [PATCH] service: Prevent auto connection during
        passphrase request
To: Daniel Wagner <w...@monom.org>
Cc: "connman@lists.01.org" <connman@lists.01.org>
Message-ID:  <pr1pr02mb479461508d4bc77ee603d12493...@pr1pr02mb4794.eur
        prd02.prod.outlook.com>
Content-Type: text/plain; charset="iso-8859-1"

Avoid concurrent associations between a user connection to a secure
service, blocked by an agent passphrase input request, and a starting
auto connection on a different service of the same interface.
---
 src/service.c | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/src/service.c b/src/service.c
index 7dfa89f23164..e938ab0e3a80 100644
--- a/src/service.c
+++ b/src/service.c
@@ -49,6 +49,7 @@ static DBusConnection *connection = NULL;
 
 static GList *service_list = NULL;
 static GHashTable *service_hash = NULL;
+static GHashTable *passphrase_requested = NULL;
 static GSList *counter_list = NULL;
 static unsigned int autoconnect_id = 0;
 static unsigned int vpn_autoconnect_id = 0;
@@ -4200,6 +4201,7 @@ static bool auto_connect_service(GList *services,
        bool ignore[MAX_CONNMAN_SERVICE_TYPES] = { };
        bool autoconnecting = false;
        GList *list;
+       int index;
 
        DBG("preferred %d sessions %d reason %s", preferred, active_count,
                reason2string(reason));
@@ -4215,6 +4217,11 @@ static bool auto_connect_service(GList *services,
                        continue;
                }
 
+               index = __connman_service_get_index(service);
+               if (g_hash_table_lookup(passphrase_requested,
+                                       GINT_TO_POINTER(index)))
+                       return true;
+
                if (service->pending ||
                                is_connecting(service->state) ||
                                is_connected(service->state)) {
@@ -5765,6 +5772,7 @@ static void request_input_cb(struct connman_service 
*service,
        struct connman_device *device;
        const char *security;
        int err = 0;
+       int index;
 
        DBG("RequestInput return, %p", service);
 
@@ -5827,6 +5835,11 @@ static void request_input_cb(struct connman_service 
*service,
                err = __connman_service_set_passphrase(service, passphrase);
 
  done:
+       index = __connman_service_get_index(service);
+       g_hash_table_replace(passphrase_requested,
+                               GINT_TO_POINTER(index),
+                               GINT_TO_POINTER(false));
+
        if (err >= 0) {
                /* We forget any previous error. */
                set_error(service, CONNMAN_SERVICE_ERROR_UNKNOWN);
@@ -6678,6 +6691,7 @@ static int service_connect(struct connman_service 
*service)
 int __connman_service_connect(struct connman_service *service,
                        enum connman_service_connect_reason reason)
 {
+       int index;
        int err;
 
        DBG("service %p state %s connect reason %s -> %s",
@@ -6758,6 +6772,13 @@ int __connman_service_connect(struct connman_service 
*service,
                        if (service->hidden && err != -EINPROGRESS)
                                service->pending = pending;
 
+                       if (err == -EINPROGRESS) {
+                               index = __connman_service_get_index(service);
+                               g_hash_table_replace(passphrase_requested,
+                                               GINT_TO_POINTER(index),
+                                               GINT_TO_POINTER(true));
+                       }
+
                        return err;
                }
        }
@@ -7748,6 +7769,8 @@ int __connman_service_init(void)
        service_hash = g_hash_table_new_full(g_str_hash, g_str_equal,
                                                        NULL, service_free);
 
+       passphrase_requested = g_hash_table_new(g_direct_hash, g_direct_equal);
+
        services_notify = g_new0(struct _services_notify, 1);
        services_notify->remove = g_hash_table_new_full(g_str_hash,
                        g_str_equal, g_free, NULL);
@@ -7780,6 +7803,9 @@ void __connman_service_cleanup(void)
        g_hash_table_destroy(service_hash);
        service_hash = NULL;
 
+       g_hash_table_destroy(passphrase_requested);
+       passphrase_requested = NULL;
+
        g_slist_free(counter_list);
        counter_list = NULL;
 
-- 
2.25.1


------------------------------

Date: Wed, 7 Apr 2021 17:28:50 +0000
From: "VAUTRIN Emmanuel (Canal Plus Prestataire)"
        <emmanuel.vaut...@cpexterne.org>
Subject: RE: [PATCH] timeserver: Fix time update manual->auto at
        startup
To: Daniel Wagner <w...@monom.org>
Cc: "connman@lists.01.org" <connman@lists.01.org>
Message-ID:  <pr1pr02mb479403f9ea2a7eaf706af0c293...@pr1pr02mb4794.eur
        prd02.prod.outlook.com>
Content-Type: text/plain; charset="iso-8859-1"

When resetting the time synchronization, always set the associated
service, even when the timeserver list is empty, to enable future
synchronization, when switching time update from manual to auto.
---
 src/timeserver.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/timeserver.c b/src/timeserver.c
index a55f1f795a9c..9732565c25ca 100644
--- a/src/timeserver.c
+++ b/src/timeserver.c
@@ -386,6 +386,7 @@ static void ts_reset(struct connman_service *service)
        __connman_service_timeserver_changed(service, timeservers_list);
 
        if (!timeservers_list) {
+               ts_service = service;
                DBG("No timeservers set.");
                return;
        }
-- 
2.25.1

------------------------------

Subject: Digest Footer

_______________________________________________
connman mailing list -- connman@lists.01.org
To unsubscribe send an email to connman-le...@lists.01.org


------------------------------

End of connman Digest, Vol 66, Issue 12
***************************************

Reply via email to