[PATCH] network: Set service->favorite to false when invalid key error is set
by Saurav Babu
In following scenario connman continuously tries to auto connect to AP:
1. Connect to an AP.
2. Change AP Password.
3. Disconnection occurs and then connman always tries to autoconnect and
fails due to invalid key.
This patch sets service->favorite property to false on receiving invalid
key error so that connman never tries to autoconnect again to that AP
until it has been successfully connected again.
---
src/network.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/network.c b/src/network.c
index db3d2f3..df2115c 100644
--- a/src/network.c
+++ b/src/network.c
@@ -1223,6 +1223,8 @@ static void set_invalid_key_error(struct connman_network *network)
service = connman_service_lookup_from_network(network);
+ __connman_service_set_favorite(service, false);
+
__connman_service_indicate_error(service,
CONNMAN_SERVICE_ERROR_INVALID_KEY);
}
--
1.9.1
5 years, 5 months
Try to run connman/bluez as no-root
by Zheng, Wu
Hi Patrick,
We want to run connman/bluez as no-root.
Firstly, we can talk about for connman.
1. We use local patch to run connman/bluez as no-root. However, it exists risk(maybe, some cases can't be touch).
If upstream can support onnman/bluez as no-root, it will reduce the risk very much.
We have talked the topic in https://github.com/otcshare/meta-iot-os/pull/159
2. Gustavo have an solution for it.
Thanks.
"Connman/bluez/ofono can do privileged operations at the beginning and then drop to a different user OR spawn a child process that keeps the privileges and the main, unprivileged process, would talk via pipe to request operations that are executed in runtime.
a. create 2xpipe() [send, receive]
b. fork()
c. parent is comman, it will drop privileges. When needed it will write(child_write_fd...) and then read(master_read_fd... to wait for completion.
d. child is privileged, but it can drop all caps that are not needed and then enter a blocking while (read(child_read_fd, ...). It will execute command as instructed and reply with results.
We don't need to do it for all capabilities at the beginning, we can start with only /proc and /sys writes, so we'd define some set of helpers that you could easily change existing code, like:
int sysfs_write(const char *path, const char *mode, const char *data)
{
size_t payload_len = strlen(path) + strlen(mode) + strlen(data) + 3;
int cmd = SYSFS_WRITE;
int r, ret;
r = safe_write(child_write_fd, &cmd, sizeof(cmd));
if (r < 0) die("failed to communicate with privilege process");
r = safe_write(child_write_fd, &payload_len, sizeof(payload_len));
if (r < 0) die("failed to communicate with privilege process");
r = safe_write(child_write_fd, path, strlen(path) + 1);
if (r < 0) die("failed to communicate with privilege process");
r = safe_write(child_write_fd, mode, strlen(mode) + 1);
if (r < 0) die("failed to communicate with privilege process");
r = safe_write(child_write_fd, data, strlen(data) + 1);
if (r < 0) die("failed to communicate with privilege process");
r = read_safe(master_read_fd, &ret, sizeof(ret));
if (r < 0) die("failed to communicate with privilege process");
return ret;
}
Then http://git.kernel.org/cgit/network/connman/connman.git/tree/src/bridge.c#n41 could be changed without major work, it would replace internal fopen()/fprintf()/fclose() with that wrapper.
Ideally we'd move all operations that require privilege to that daemon, so the main process where the computation is done, can't do mistakes even if hacked since the interface to the write commands above would be limited to only write some files, we could even use the SECCOMP to disable other syscalls.
"
Do you have some ideas for running connman as no-root?
Thanks.
Best Regards
Zheng Wu
5 years, 5 months
