Polish gp service

GPService/gpservice.cpp

@@ -1,51 +1,14 @@
 #include "gpservice.h"
 #include "gpservice_adaptor.h"
 
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include <fcntl.h>
-#include <signal.h>
-#include <sys/stat.h>
-#include <sys/wait.h>
-#include <sys/ioctl.h>
-#include <linux/if_tun.h>
-#include <net/if.h>
-#include <pwd.h>
-#include <grp.h>
-
 #include <QFileInfo>
-#include <QDebug>
 #include <QtDBus>
-#include <QIODevice>
-#include <QProcess>
 #include <QDateTime>
 #include <QVariant>
 
-struct {
-    uid_t tun_owner;
-    gid_t tun_group;
-} tun_user;
-
-class SandboxProcess : public QProcess
-{
-protected:
-    void setupChildProcess() override;
-};
-
-void SandboxProcess::setupChildProcess()
-{
-    /*if (initgroups (NM_OPENCONNECT_USER, tun_user.tun_group) ||
-            setgid (tun_user.tun_group) ||
-            setuid (tun_user.tun_owner)) {
-        qDebug() << "Failed to drop privileges when spawning openconnect";
-    }*/
-}
-
 GPService::GPService(QObject *parent)
     : QObject(parent)
-    , openconnect(new SandboxProcess)
+    , openconnect(new QProcess)
 {
     // Register the DBus service
     new GPServiceAdaptor(this);
@@ -61,6 +24,21 @@ GPService::GPService(QObject *parent)
     QObject::connect(openconnect, QOverload<int, QProcess::ExitStatus>::of(&QProcess::finished), this, &GPService::onProcessFinished);
 }
 
+GPService::~GPService()
+{
+    delete openconnect;
+}
+
+QString GPService::findBinary()
+{
+    for (int i = 0; i < binaryPaths->length(); i++) {
+        if (QFileInfo::exists(binaryPaths[i])) {
+            return binaryPaths[i];
+        }
+    }
+    return nullptr;
+}
+
 void GPService::quit()
 {
     if (openconnect->state() == QProcess::NotRunning) {
@@ -84,20 +62,9 @@ void GPService::connect(QString server, QString username, QString passwd)
         return;
     }
 
-    char *tunName = "tun0"; // createPersistentTundev();
-    // Failed to create device
-    if (tunName == nullptr) {
-        log("Could not create tun, exiting.");
-        return;
-    }
-
-    // openconnect --protocol=gp -i vpn0 -s 'sudo -E /etc/vpnc/vpnc-script' -u "zyue@microstrategy.com" --passwd-on-stdin "https://vpn.microstrategy.com/gateway:prelogin-cookie"
     QStringList args;
-    args << "--protocol=gp"
+    args << QCoreApplication::arguments().mid(1)
-         << "--no-dtls"
+     << "--protocol=gp"
-        // << "-i" << tunName
-        // << "-s" << "sudo -E /etc/vpnc/vpnc-script"
-        // << "-U" << NM_OPENCONNECT_USER
      << "-u" << username
      << "--passwd-on-stdin"
      << server;
@@ -162,95 +129,3 @@ void GPService::log(QString msg)
     qDebug() << record;
     emit logAvailable(record);
 }
-
-QString GPService::findBinary()
-{
-    for (int i = 0; i < binaryPaths->length(); i++) {
-        if (QFileInfo::exists(binaryPaths[i])) {
-            return binaryPaths[i];
-        }
-    }
-
-    return nullptr;
-}
-
-char *GPService::createPersistentTundev()
-{
-    struct passwd *pw;
-    struct ifreq ifr;
-    int fd;
-    int i;
-
-    pw = getpwnam(NM_OPENCONNECT_USER);
-    if (!pw)
-        return nullptr;
-
-    tun_user.tun_owner = pw->pw_uid;
-    tun_user.tun_group = pw->pw_gid;
-
-    fd = open("/dev/net/tun", O_RDWR);
-    if (fd < 0) {
-        qDebug("Failed to open /dev/net/tun");
-        return nullptr;
-    }
-
-    memset(&ifr, 0, sizeof(ifr));
-    ifr.ifr_flags = IFF_TUN | IFF_NO_PI;
-
-    for (i = 0; i < 256; i++) {
-        sprintf(ifr.ifr_name, "gpvpn%d", i);
-
-        int retcode = ioctl(fd, TUNSETIFF, (void *)&ifr);
-
-        if (!retcode) {
-            break;
-        }
-    }
-
-    if (i == 256) {
-        qDebug("Failed to create tun");
-        return nullptr;
-    }
-
-    if (ioctl(fd, TUNSETOWNER, tun_user.tun_owner) < 0) {
-        qDebug("TUNSETOWNER");
-        return nullptr;
-    }
-
-    if (ioctl(fd, TUNSETPERSIST, 1)) {
-        qDebug("TUNSETPERSIST");
-        return nullptr;
-    }
-    close(fd);
-    qDebug("Created tundev %s\n", ifr.ifr_name);
-    return strdup(ifr.ifr_name);
-}
-
-void GPService::destroyPersistentTundev(char *tun_name)
-{
-    struct ifreq ifr;
-    int fd;
-
-    fd = open("/dev/net/tun", O_RDWR);
-    if (fd < 0) {
-        qDebug() << "Failed to open /dev/net/tun";
-        return;
-    }
-
-    memset(&ifr, 0, sizeof(ifr));
-    ifr.ifr_flags = IFF_TUN | IFF_NO_PI;
-    strcpy(ifr.ifr_name, tun_name);
-
-    if (ioctl(fd, TUNSETIFF, (void *)&ifr) < 0) {
-        qDebug() << "TUNSETIFF";
-        return;
-    }
-
-    if (ioctl(fd, TUNSETPERSIST, 0)) {
-        qDebug() << "TUNSETPERSIST";
-        return;
-    }
-
-    qDebug() << "Destroyed  tundev %s\n" << tun_name;
-    close(fd);
-}

GPService/gpservice.h

@@ -4,8 +4,6 @@
 #include <QObject>
 #include <QProcess>
 
-#define NM_OPENCONNECT_USER "nm-openconnect"
-
 static const QString binaryPaths[] {
     "/usr/bin/openconnect",
     "/usr/sbin/openconnect",
@@ -21,6 +19,7 @@ class GPService : public QObject
     Q_CLASSINFO("D-Bus Interface", "com.yuezk.qt.GPService")
 public:
     explicit GPService(QObject *parent = nullptr);
+    ~GPService();
 
 signals:
     void connected();
@@ -46,8 +45,6 @@ private:
 
     void log(QString msg);
     static QString findBinary();
-    static char *createPersistentTundev();
-    static void destroyPersistentTundev(char *tun_name);
 };
 
 #endif // GLOBALPROTECTSERVICE_H

GPService/systemd/gpservice.service

@@ -6,4 +6,4 @@ Wants=network.target
 [Service]
 Type=dbus
 BusName=com.yuezk.qt.GPService
-ExecStart=/usr/local/bin/gpservice
+ExecStart=/usr/local/bin/gpservice --no-dtls -U nm-openconnect