[PATCH] vpn: Set to use C locale with tasks used for running VPN processes
by Jussi Laakkonen
Set LANG and LC_ALL to C locale for each task used to run VPN processes.
This ensures that no translations are used.
The user for running VPN process can be changed with DACPrivileges
configuration (see commit 171989601a7a4fadafda20a7e6d30e9ada3fb516). If
the user is changed to other than what connman is ran with a specific
language may have been set. Plugins relying on correct output would fail in
such case.
---
vpn/plugins/vpn.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/vpn/plugins/vpn.c b/vpn/plugins/vpn.c
index eef8550e..16946c80 100644
--- a/vpn/plugins/vpn.c
+++ b/vpn/plugins/vpn.c
@@ -624,6 +624,15 @@ static int vpn_connect(struct vpn_provider *provider,
goto exist_err;
}
+ /*
+ * Change to use C locale, some VPN plugins use screen scraping for
+ * error parsing. To be on the safe side, set both LANG and LC_ALL.
+ * This is required especially when the VPN processes are ran using
+ * user other than root.
+ */
+ connman_task_add_variable(data->task,"LANG", "C");
+ connman_task_add_variable(data->task,"LC_ALL", "C");
+
ret = vpn_driver_data->vpn_driver->connect(provider, data->task,
data->if_name, cb, dbus_sender,
user_data);
--
2.20.1
2 years, 7 months
[PATCH] l2tp: Inform VPN agent about authentication errors
by Jussi Laakkonen
Send "VpnAgent.AuthFailure" to VPN agent if there are authentication
errors to indicate that previous login has failed and new credentials
are required to be given. The authentication errors with L2TP are
recorded when in notify function (l2tp_notify()) auth error is given
as reason -> vpn.c:vpn_nofity() calls vpn_provider_indicate_error().
---
vpn/plugins/l2tp.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/vpn/plugins/l2tp.c b/vpn/plugins/l2tp.c
index 91137aae..2255daaa 100644
--- a/vpn/plugins/l2tp.c
+++ b/vpn/plugins/l2tp.c
@@ -605,6 +605,9 @@ static int request_input(struct vpn_provider *provider,
connman_dbus_dict_open(&iter, &dict);
+ if (vpn_provider_get_authentication_errors(provider))
+ vpn_agent_append_auth_failure(&dict, provider, NULL);
+
vpn_agent_append_user_info(&dict, provider, "L2TP.User");
vpn_agent_append_host_and_name(&dict, provider);
--
2.20.1
2 years, 7 months
[PATCH] l2tp: Cancel queued VPN agent msg when disconnected
by Jussi Laakkonen
Queued VPN agent messages must be canceled if the plugin timeouts
without starting the process. This fixes the issue of having multiple
VPN agent queries stacked on another in such scenario, where L2TP is
awaiting for user input.
---
vpn/plugins/l2tp.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/vpn/plugins/l2tp.c b/vpn/plugins/l2tp.c
index ff5f08b9..91137aae 100644
--- a/vpn/plugins/l2tp.c
+++ b/vpn/plugins/l2tp.c
@@ -795,7 +795,12 @@ static int l2tp_error_code(struct vpn_provider *provider, int exit_code)
static void l2tp_disconnect(struct vpn_provider *provider)
{
+ if (!provider)
+ return;
+
vpn_provider_set_string(provider, "L2TP.Password", NULL);
+
+ connman_agent_cancel(provider);
}
static struct vpn_driver vpn_driver = {
--
2.20.1
2 years, 7 months
[PATCH] vpnc: Inform VPN agent about authentication errors
by Jussi Laakkonen
Send "VpnAgent.AuthFailure" to VPN agent if there are authentication
errors to indicate that previous login has failed and new credentials
are required to be given. Authentication errors are detected from the
output of VPNC process in io_channel_cb().
---
vpn/plugins/vpnc.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/vpn/plugins/vpnc.c b/vpn/plugins/vpnc.c
index 808c36cd..8927a6f7 100644
--- a/vpn/plugins/vpnc.c
+++ b/vpn/plugins/vpnc.c
@@ -723,6 +723,9 @@ static int request_input_credentials(struct vc_private_data *data,
connman_dbus_dict_open(&iter, &dict);
+ if (vpn_provider_get_authentication_errors(data->provider))
+ vpn_agent_append_auth_failure(&dict, data->provider, NULL);
+
request_input_append_to_dict(data->provider, &dict,
request_input_append_password,
"VPNC.IPSec.Secret");
--
2.20.1
2 years, 7 months
Does Connman support to connect home WiFi network by WiFi modem WPS process?
by JH
Hi,
I installed connman to a device which connects to home WiFi modem.
There could be two ways to configure WiFi modem connection:
(1) Set up a wifi.config with WiFi modem Name and Passphrase
(currently working on my device)
(2) Press WiFi modem WPS button in 3 seconds to allow WiFi device
(client) automatically set up configuration to connect to WiFi modem.
Is there an option in connman configuration to support to connect to
the WiFi network automatically by pushing WiFi modem WPS button?
Thank you.
Kind regards,
- jh
2 years, 7 months
Re: Insights on connmand -d
by JH
Hi David,
How did you edit the service file to add -d? Also, how could you added
-d to service file in Yocto recipe?
I could not start connman after added -d
# vi /lib/systemd/system/connman.service
ExecStart=/usr/sbin/connmand -n -d
Job for connman.service failed because the control process exited with
error code.
See "systemctl status connman.service" and "journalctl -xe" for details.
Thank you.
Kind regards
On 10/22/19, David Weidenkopf <David.Weidenkopf(a)arthrex.com> wrote:
> Hi,
>
> We use a yocto build as well. I routinely edit the service file to add -d to
How did you edit the service file to add -d? Also, how could you added
-d to service file in Yocto recipe?
I could not start connman after added -d
# vi /lib/systemd/system/connman.service
ExecStart=/usr/sbin/connmand -n -d
Job for connman.service failed because the control process exited with
error code.
See "systemctl status connman.service" and "journalctl -xe" for details.
> increase logging. We don't use LTE, just WiFi.
I am using both WiFi and LTE, both could not come up in systemd
service, i could only bring them up run the connmand -d manually.
> Can you confirm exactly the steps you are trying and the expected result?
Is it the right way to edit connman.service above?
Thanks David.
> David
> ________________________________________
> From: JH [jupiter.hce(a)gmail.com]
> Sent: Monday, October 21, 2019 2:41 AM
> To: David Weidenkopf
> Cc: Daniel Wagner; connman
> Subject: Re: Insights on connmand -d
>
> Hi Daniel and David,
>
> The connman was built by Yocto recipe, automatically launched by
> systemd service set up by the Yocto connman recipe.
>
> Any suggestion how to fix that issue or any workarounds? The connman
> is installed in an embedded device, currently I use the debug port to
> access the device and to stop systemd connman and to run command -d
> manually, it is not feasible to do it when a device is installed
> remotely.
>
> Thank you.
>
> Kind regards,
>
> - jh
>
>
>
> On 10/2/19, JH <jupiter.hce(a)gmail.com> wrote:
>> On 10/2/19, David Weidenkopf <David.Weidenkopf(a)arthrex.com> wrote:
>>> What user are you running connmand -d as? What user is the service
>>> running
>>> as when you launch using systemctl?
>>
>> Running root in connmand -d and root for systemctl for connman.service
>> in imx6 platform.
>>
>> Thanks David.
>>
>>>
>>> ________________________________________
>>> From: JH [jupiter.hce(a)gmail.com]
>>> Sent: Monday, September 30, 2019 6:49 PM
>>> To: Daniel Wagner
>>> Cc: connman
>>> Subject: Re: Insights on connmand -d
>>>
>>> Hi Daniel,
>>>
>>> On 10/1/19, Daniel Wagner <wagi(a)monom.org> wrote:
>>>> Hi,
>>>>
>>>> On 9/30/19 12:51 AM, JH wrote:
>>>>> Could anyone give some insights on what connmand -d differs to
>>>>> connmand -n running by systemctl? From reading the documentation, my
>>>>> understanding is it should be identical except increasing debug level
>>>>> to printing out more debug messages, but the systemd service connmand
>>>>> -n incapable of bringing my LTE modem up makes my wandering what I
>>>>> could get wrong here, could the connman -n service messages be blocked
>>>>> by journal logs? Appreciate anyone helps to fix it,
>>>>
>>>> Yes the behavior of ConnMan doesn't change with or without '-d'. It
>>>> executes the exact same code. It's more like enabling a fancy function
>>>> tracer.
>>>
>>> That completed puzzled me, the LTE modem could not be up until I run
>>> systemctl stop connman and connmand -d. It is the latest version 1.36.
>>>
>>>
>>>> I don't know if journald blocks if the logging store gets full or not.
>>>> But you could try to increase the log buffer for testing. Just to rule
>>>> out this problem.
>>>
>>> Changed journald log buffer size, it did not help. Any suggestion how
>>> to debug and fix it?
>>>
>>> Thank you Daniel.
>>>
>>> Kind regards,
>>> _______________________________________________
>>> connman mailing list -- connman(a)lists.01.org
>>> To unsubscribe send an email to connman-leave(a)lists.01.org
>>> This e-mail and any files transmitted with it are the property of
>>> Arthrex,
>>> Inc. and/or its affiliates, are confidential, and are intended solely
>>> for
>>> the use of the individual or entity to whom this e-mail is addressed. If
>>> you
>>> are not one of the named recipient(s) or otherwise have reason to
>>> believe
>>> that you have received this message in error, please notify the sender
>>> at
>>> 239-643-5553 and delete this message immediately from your computer. Any
>>> other use, retention, dissemination forwarding, printing or copying of
>>> this
>>> e-mail is strictly prohibited. Please note that any views or opinions
>>> presented in this email are solely those of the author and do not
>>> necessarily represent those of the company. Finally, while Arthrex uses
>>> virus protection, the recipient should check this email and any
>>> attachments
>>> for the presence of viruses. The company accepts no liability for any
>>> damage
>>> caused by any virus transmitted by this email.
>>>
>>
> This e-mail and any files transmitted with it are the property of Arthrex,
> Inc. and/or its affiliates, are confidential, and are intended solely for
> the use of the individual or entity to whom this e-mail is addressed. If you
> are not one of the named recipient(s) or otherwise have reason to believe
> that you have received this message in error, please notify the sender at
> 239-643-5553 and delete this message immediately from your computer. Any
> other use, retention, dissemination forwarding, printing or copying of this
> e-mail is strictly prohibited. Please note that any views or opinions
> presented in this email are solely those of the author and do not
> necessarily represent those of the company. Finally, while Arthrex uses
> virus protection, the recipient should check this email and any attachments
> for the presence of viruses. The company accepts no liability for any damage
> caused by any virus transmitted by this email.
>
2 years, 7 months