From 078bd7b1a98c83e67c52143ac0ff38a66a3bea18 Mon Sep 17 00:00:00 2001 From: Beniamino Galvani Date: Thu, 19 Jan 2017 17:25:19 +0100 Subject: [PATCH 1/6] libnm-core: add auth-timeout property to the 802.1x setting The property can be used to tune the authentication timeout. It's especially useful to speed up the failure in case the port doesn't support 802.1X and make NM try a different, non-authenticated connection. --- libnm-core/nm-setting-8021x.c | 44 +++++++++++++++++++++++++++++++++++ libnm-core/nm-setting-8021x.h | 5 +++- libnm/libnm.ver | 1 + 3 files changed, 49 insertions(+), 1 deletion(-) diff --git a/libnm-core/nm-setting-8021x.c b/libnm-core/nm-setting-8021x.c index c90e42fa40..869182feb6 100644 --- a/libnm-core/nm-setting-8021x.c +++ b/libnm-core/nm-setting-8021x.c @@ -115,6 +115,7 @@ typedef struct { char *phase2_private_key_password; NMSettingSecretFlags phase2_private_key_password_flags; gboolean system_ca_certs; + gint auth_timeout; } NMSetting8021xPrivate; enum { @@ -162,6 +163,7 @@ enum { PROP_PIN, PROP_PIN_FLAGS, PROP_SYSTEM_CA_CERTS, + PROP_AUTH_TIMEOUT, LAST_PROP }; @@ -2724,6 +2726,25 @@ nm_setting_802_1x_get_phase2_private_key_format (NMSetting8021x *setting) return NM_SETTING_802_1X_CK_FORMAT_UNKNOWN; } +/** + * nm_setting_802_1x_get_auth_timeout: + * @setting: the #NMSetting8021x + * + * Returns the value contained in the #NMSetting8021x:auth-timeout property. + * + * Returns: the configured authentication timeout in seconds. Zero means the + * global default value. + * + * Since: 1.8 + **/ +gint +nm_setting_802_1x_get_auth_timeout (NMSetting8021x *setting) +{ + g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), 0); + + return NM_SETTING_802_1X_GET_PRIVATE (setting)->auth_timeout; +} + static void need_secrets_password (NMSetting8021x *self, GPtrArray *secrets, @@ -3590,6 +3611,9 @@ set_property (GObject *object, guint prop_id, case PROP_SYSTEM_CA_CERTS: priv->system_ca_certs = g_value_get_boolean (value); break; + case PROP_AUTH_TIMEOUT: + priv->auth_timeout = g_value_get_int (value); + break; default: G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); break; @@ -3733,6 +3757,9 @@ get_property (GObject *object, guint prop_id, case PROP_SYSTEM_CA_CERTS: g_value_set_boolean (value, priv->system_ca_certs); break; + case PROP_AUTH_TIMEOUT: + g_value_set_int (value, priv->auth_timeout); + break; default: G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); break; @@ -4763,4 +4790,21 @@ nm_setting_802_1x_class_init (NMSetting8021xClass *setting_class) G_PARAM_READWRITE | G_PARAM_CONSTRUCT | G_PARAM_STATIC_STRINGS)); + + /** + * NMSetting8021x:auth-timeout: + * + * A timeout for the authentication. Zero means the global default; if the + * global default is not set, the authentication timeout is 25 seconds. + * + * Since: 1.8 + **/ + g_object_class_install_property + (object_class, PROP_AUTH_TIMEOUT, + g_param_spec_int (NM_SETTING_802_1X_AUTH_TIMEOUT, "", "", + 0, G_MAXINT32, 0, + G_PARAM_READWRITE | + NM_SETTING_PARAM_FUZZY_IGNORE | + G_PARAM_STATIC_STRINGS)); + } diff --git a/libnm-core/nm-setting-8021x.h b/libnm-core/nm-setting-8021x.h index 15ba07b3ac..a47c26a722 100644 --- a/libnm-core/nm-setting-8021x.h +++ b/libnm-core/nm-setting-8021x.h @@ -150,6 +150,7 @@ typedef enum { /*< underscore_name=nm_setting_802_1x_auth_flags >*/ #define NM_SETTING_802_1X_PIN "pin" #define NM_SETTING_802_1X_PIN_FLAGS "pin-flags" #define NM_SETTING_802_1X_SYSTEM_CA_CERTS "system-ca-certs" +#define NM_SETTING_802_1X_AUTH_TIMEOUT "auth-timeout" /* PRIVATE KEY NOTE: when setting PKCS#12 private keys directly via properties * using the "blob" scheme, the data must be passed in PKCS#12 binary format. @@ -355,7 +356,9 @@ NMSettingSecretFlags nm_setting_802_1x_get_phase2_private_key_password_flags ( NMSetting8021xCKFormat nm_setting_802_1x_get_phase2_private_key_format (NMSetting8021x *setting); NM_AVAILABLE_IN_1_8 -NMSetting8021xAuthFlags nm_setting_802_1x_get_phase1_auth_flags (NMSetting8021x *setting); +NMSetting8021xAuthFlags nm_setting_802_1x_get_phase1_auth_flags (NMSetting8021x *setting); +NM_AVAILABLE_IN_1_8 +gint nm_setting_802_1x_get_auth_timeout (NMSetting8021x *setting); G_END_DECLS diff --git a/libnm/libnm.ver b/libnm/libnm.ver index 45953911d5..5473ffaa2f 100644 --- a/libnm/libnm.ver +++ b/libnm/libnm.ver @@ -1147,6 +1147,7 @@ global: libnm_1_8_0 { global: nm_setting_802_1x_auth_flags_get_type; + nm_setting_802_1x_get_auth_timeout; nm_setting_802_1x_get_ca_cert_password; nm_setting_802_1x_get_ca_cert_password_flags; nm_setting_802_1x_get_client_cert_password; From 9a215d332b04797561f2a7744004f99f1117f9b1 Mon Sep 17 00:00:00 2001 From: Beniamino Galvani Date: Thu, 19 Jan 2017 17:25:23 +0100 Subject: [PATCH 2/6] cli: add support for 802-1x.auth-timeout property --- clients/cli/settings.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/clients/cli/settings.c b/clients/cli/settings.c index 59083b3daa..3d3760dc62 100644 --- a/clients/cli/settings.c +++ b/clients/cli/settings.c @@ -166,6 +166,7 @@ NmcOutputField nmc_fields_setting_8021X[] = { SETTING_FIELD (NM_SETTING_802_1X_PIN), /* 41 */ SETTING_FIELD (NM_SETTING_802_1X_PIN_FLAGS), /* 42 */ SETTING_FIELD (NM_SETTING_802_1X_SYSTEM_CA_CERTS), /* 43 */ + SETTING_FIELD (NM_SETTING_802_1X_AUTH_TIMEOUT), /* 44 */ {NULL, NULL, 0, NULL, FALSE, FALSE, 0} }; #define NMC_FIELDS_SETTING_802_1X_ALL "name"","\ @@ -211,7 +212,8 @@ NmcOutputField nmc_fields_setting_8021X[] = { NM_SETTING_802_1X_PHASE2_PRIVATE_KEY_PASSWORD_FLAGS","\ NM_SETTING_802_1X_PIN","\ NM_SETTING_802_1X_PIN_FLAGS","\ - NM_SETTING_802_1X_SYSTEM_CA_CERTS + NM_SETTING_802_1X_SYSTEM_CA_CERTS","\ + NM_SETTING_802_1X_AUTH_TIMEOUT /* Available fields for NM_SETTING_WIRELESS_SETTING_NAME */ NmcOutputField nmc_fields_setting_wireless[] = { @@ -1713,6 +1715,7 @@ DEFINE_SECRET_FLAGS_GETTER (nmc_property_802_1X_get_phase2_private_key_password_ DEFINE_GETTER (nmc_property_802_1X_get_pin, NM_SETTING_802_1X_PIN) DEFINE_SECRET_FLAGS_GETTER (nmc_property_802_1X_get_pin_flags, NM_SETTING_802_1X_PIN_FLAGS) DEFINE_GETTER (nmc_property_802_1X_get_system_ca_certs, NM_SETTING_802_1X_SYSTEM_CA_CERTS) +DEFINE_GETTER (nmc_property_802_1X_get_auth_timeout, NM_SETTING_802_1X_AUTH_TIMEOUT) static char * nmc_property_802_1X_get_ca_cert (NMSetting *setting, NmcPropertyGetType get_type) @@ -6479,6 +6482,13 @@ nmc_properties_init (void) NULL, NULL, NULL); + nmc_add_prop_funcs (GLUE (802_1X, AUTH_TIMEOUT), + nmc_property_802_1X_get_auth_timeout, + nmc_property_set_int, + NULL, + NULL, + NULL, + NULL); /* Add editable properties for NM_SETTING_ADSL_SETTING_NAME */ nmc_add_prop_funcs (GLUE (ADSL, USERNAME), @@ -8779,6 +8789,7 @@ setting_802_1X_details (NMSetting *setting, NmCli *nmc, const char *one_prop, g set_val_str (arr, 41, GET_SECRET (secrets, setting, nmc_property_802_1X_get_pin)); set_val_str (arr, 42, nmc_property_802_1X_get_pin_flags (setting, NMC_PROPERTY_GET_PRETTY)); set_val_str (arr, 43, nmc_property_802_1X_get_system_ca_certs (setting, NMC_PROPERTY_GET_PRETTY)); + set_val_str (arr, 44, nmc_property_802_1X_get_auth_timeout (setting, NMC_PROPERTY_GET_PRETTY)); g_ptr_array_add (nmc->output_data, arr); print_data (nmc); /* Print all data */ From 556a46959fa02720dd50faf7db616ef68be0d817 Mon Sep 17 00:00:00 2001 From: Beniamino Galvani Date: Thu, 19 Jan 2017 17:25:26 +0100 Subject: [PATCH 3/6] ifcfg-rh: add support for 802-1x.auth-timeout property --- libnm-core/nm-setting-8021x.c | 7 +++++++ src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c | 4 ++++ src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c | 7 +++++++ 3 files changed, 18 insertions(+) diff --git a/libnm-core/nm-setting-8021x.c b/libnm-core/nm-setting-8021x.c index 869182feb6..840fcad460 100644 --- a/libnm-core/nm-setting-8021x.c +++ b/libnm-core/nm-setting-8021x.c @@ -4799,6 +4799,13 @@ nm_setting_802_1x_class_init (NMSetting8021xClass *setting_class) * * Since: 1.8 **/ + /* ---ifcfg-rh--- + * property: auth-timeout + * variable: IEEE_8021X_AUTH_TIMEOUT(+) + * default: 0 + * description: Timeout in seconds for the 802.1X authentication. Zero means the global default or 25. + * ---end--- + */ g_object_class_install_property (object_class, PROP_AUTH_TIMEOUT, g_param_spec_int (NM_SETTING_802_1X_AUTH_TIMEOUT, "", "", diff --git a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c index 99a0c5cf7e..e83b933dd7 100644 --- a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c +++ b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c @@ -3087,6 +3087,7 @@ fill_8021x (shvarFile *ifcfg, shvarFile *keys = NULL; char *value; char **list = NULL, **iter; + gint64 timeout; value = svGetValueString (ifcfg, "IEEE_8021X_EAP_METHODS"); if (!value) { @@ -3187,6 +3188,9 @@ fill_8021x (shvarFile *ifcfg, g_object_set (s_8021x, NM_SETTING_802_1X_PHASE2_DOMAIN_SUFFIX_MATCH, value, NULL); g_free (value); + timeout = svGetValueInt64 (ifcfg, "IEEE_8021X_AUTH_TIMEOUT", 10, 0, G_MAXINT32, 0); + g_object_set (s_8021x, NM_SETTING_802_1X_AUTH_TIMEOUT, (gint32) timeout, NULL); + if (list) g_strfreev (list); if (keys) diff --git a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c index 57fb700b4f..f32bef2526 100644 --- a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c +++ b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c @@ -366,6 +366,7 @@ write_8021x_setting (NMConnection *connection, GString *phase2_auth; GString *str; guint32 i, num; + gint timeout; s_8021x = nm_connection_get_setting_802_1x (connection); if (!s_8021x) { @@ -504,6 +505,12 @@ write_8021x_setting (NMConnection *connection, svSetValueString (ifcfg, "IEEE_8021X_PHASE2_DOMAIN_SUFFIX_MATCH", nm_setting_802_1x_get_phase2_domain_suffix_match (s_8021x)); + timeout = nm_setting_802_1x_get_auth_timeout (s_8021x); + if (timeout > 0) + svSetValueInt64 (ifcfg, "IEEE_8021X_AUTH_TIMEOUT", timeout); + else + svUnsetValue (ifcfg, "IEEE_8021X_AUTH_TIMEOUT"); + success = write_8021x_certs (s_8021x, FALSE, ifcfg, error); if (success) { /* phase2/inner certs */ From 07570e245ac97054027acd928ed09ae2b83e62b0 Mon Sep 17 00:00:00 2001 From: Beniamino Galvani Date: Thu, 19 Jan 2017 17:25:29 +0100 Subject: [PATCH 4/6] device: add support for 802-1x.auth-timeout Use the per-connection authentication timeout for 802.1X Ethernet, MACsec and Wi-Fi connections. In case the value is not defined, fall back to the global one. --- src/devices/nm-device-ethernet.c | 8 ++++++-- src/devices/nm-device-macsec.c | 9 ++++++--- src/devices/nm-device.c | 27 +++++++++++++++++++++++++++ src/devices/nm-device.h | 1 + src/devices/wifi/nm-device-wifi.c | 8 ++++++-- 5 files changed, 46 insertions(+), 7 deletions(-) diff --git a/src/devices/nm-device-ethernet.c b/src/devices/nm-device-ethernet.c index 9a2fd8c2f8..4a0367f1f0 100644 --- a/src/devices/nm-device-ethernet.c +++ b/src/devices/nm-device-ethernet.c @@ -751,6 +751,7 @@ static gboolean supplicant_interface_init (NMDeviceEthernet *self) { NMDeviceEthernetPrivate *priv = NM_DEVICE_ETHERNET_GET_PRIVATE (self); + guint timeout; supplicant_interface_release (self); @@ -770,8 +771,11 @@ supplicant_interface_init (NMDeviceEthernet *self) G_CALLBACK (supplicant_iface_state_cb), self); - /* Set up a timeout on the connection attempt to fail it after 25 seconds */ - priv->supplicant.con_timeout_id = g_timeout_add_seconds (25, supplicant_connection_timeout_cb, self); + /* Set up a timeout on the connection attempt */ + timeout = nm_device_get_supplicant_timeout (NM_DEVICE (self)); + priv->supplicant.con_timeout_id = g_timeout_add_seconds (timeout, + supplicant_connection_timeout_cb, + self); return TRUE; } diff --git a/src/devices/nm-device-macsec.c b/src/devices/nm-device-macsec.c index 6c8b98cba3..350502d652 100644 --- a/src/devices/nm-device-macsec.c +++ b/src/devices/nm-device-macsec.c @@ -551,6 +551,7 @@ supplicant_interface_init (NMDeviceMacsec *self) { NMDeviceMacsecPrivate *priv = NM_DEVICE_MACSEC_GET_PRIVATE (self); NMDevice *parent; + guint timeout; parent = nm_device_parent_get_device (NM_DEVICE (self)); g_return_val_if_fail (parent, FALSE); @@ -573,9 +574,11 @@ supplicant_interface_init (NMDeviceMacsec *self) G_CALLBACK (supplicant_iface_state_cb), self); - /* Set up a timeout on the connection attempt to fail it after 25 seconds */ - priv->supplicant.con_timeout_id = g_timeout_add_seconds (25, supplicant_connection_timeout_cb, self); - + /* Set up a timeout on the connection attempt */ + timeout = nm_device_get_supplicant_timeout (NM_DEVICE (self)); + priv->supplicant.con_timeout_id = g_timeout_add_seconds (timeout, + supplicant_connection_timeout_cb, + self); return TRUE; } diff --git a/src/devices/nm-device.c b/src/devices/nm-device.c index e70594d17d..eceb5c383a 100644 --- a/src/devices/nm-device.c +++ b/src/devices/nm-device.c @@ -12946,6 +12946,33 @@ nm_device_spec_match_list (NMDevice *self, const GSList *specs) return m == NM_MATCH_SPEC_MATCH; } +guint +nm_device_get_supplicant_timeout (NMDevice *self) +{ + NMConnection *connection; + NMSetting8021x *s_8021x; + gs_free char *value = NULL; + gint timeout; +#define SUPPLICANT_DEFAULT_TIMEOUT 25 + + g_return_val_if_fail (NM_IS_DEVICE (self), SUPPLICANT_DEFAULT_TIMEOUT); + + connection = nm_device_get_applied_connection (self); + g_return_val_if_fail (connection, SUPPLICANT_DEFAULT_TIMEOUT); + s_8021x = nm_connection_get_setting_802_1x (connection); + g_return_val_if_fail (s_8021x, SUPPLICANT_DEFAULT_TIMEOUT); + + timeout = nm_setting_802_1x_get_auth_timeout (s_8021x); + if (timeout > 0) + return timeout; + + value = nm_config_data_get_connection_default (NM_CONFIG_GET_DATA, + "802-1x.auth-timeout", + self); + return _nm_utils_ascii_str_to_int64 (value, 10, 1, G_MAXINT32, + SUPPLICANT_DEFAULT_TIMEOUT); +} + /*****************************************************************************/ static const char * diff --git a/src/devices/nm-device.h b/src/devices/nm-device.h index eb527cc374..4ddb817290 100644 --- a/src/devices/nm-device.h +++ b/src/devices/nm-device.h @@ -640,5 +640,6 @@ gboolean nm_device_update_hw_address (NMDevice *self); void nm_device_update_initial_hw_address (NMDevice *self); void nm_device_update_permanent_hw_address (NMDevice *self, gboolean force_freeze); void nm_device_update_dynamic_ip_setup (NMDevice *self); +guint nm_device_get_supplicant_timeout (NMDevice *self); #endif /* __NETWORKMANAGER_DEVICE_H__ */ diff --git a/src/devices/wifi/nm-device-wifi.c b/src/devices/wifi/nm-device-wifi.c index 3af6c89f6e..e217a6c7ee 100644 --- a/src/devices/wifi/nm-device-wifi.c +++ b/src/devices/wifi/nm-device-wifi.c @@ -2575,6 +2575,7 @@ act_stage2_config (NMDevice *device, NMDeviceStateReason *reason) const char *setting_name; NMSettingWireless *s_wireless; GError *error = NULL; + guint timeout; g_return_val_if_fail (reason != NULL, NM_ACT_STAGE_RETURN_FAILURE); @@ -2646,8 +2647,11 @@ act_stage2_config (NMDevice *device, NMDeviceStateReason *reason) nm_supplicant_interface_assoc (priv->sup_iface, config, supplicant_iface_assoc_cb, self); - /* Set up a timeout on the association attempt to fail after 25 seconds */ - priv->sup_timeout_id = g_timeout_add_seconds (25, supplicant_connection_timeout_cb, self); + /* Set up a timeout on the association attempt */ + timeout = nm_device_get_supplicant_timeout (NM_DEVICE (self)); + priv->sup_timeout_id = g_timeout_add_seconds (timeout, + supplicant_connection_timeout_cb, + self); if (!priv->periodic_source_id) priv->periodic_source_id = g_timeout_add_seconds (6, periodic_update_cb, self); From 4a6fd0e83ec0d83547b1f3a1a916f85e9f450d8c Mon Sep 17 00:00:00 2001 From: Beniamino Galvani Date: Thu, 19 Jan 2017 17:25:31 +0100 Subject: [PATCH 5/6] device: honor the connection.autoconnect-retries for 802.1X NMDeviceEthernet and NMDeviceMacsec implement their own retry policy for connection using 802.1X, and consider the credentials wrong when the authentication fails for 3 times. In such case, they also disable autoconnection for the device by setting the state reason NO_SECRETS. This means that it's not possible at the moment to choose how many times the authentication will be retried since they don't use the standard reconnection logic. Change NMDeviceEthernet and NMDeviceMacsec to use the number of retries from connection.autoconnect-retries instead of a hardcoded value to decide how many times the authentication must be restarted. --- src/devices/nm-device-ethernet.c | 29 ++++++++++++++++------------- src/devices/nm-device-macsec.c | 28 ++++++++++++++++------------ 2 files changed, 32 insertions(+), 25 deletions(-) diff --git a/src/devices/nm-device-ethernet.c b/src/devices/nm-device-ethernet.c index 4a0367f1f0..ae3300a53a 100644 --- a/src/devices/nm-device-ethernet.c +++ b/src/devices/nm-device-ethernet.c @@ -59,8 +59,6 @@ _LOG_DECLARE_SELF(NMDeviceEthernet); /*****************************************************************************/ -static NM_CACHED_QUARK_FCN ("wired-secrets-tries", wired_secret_tries_quark) - #define PPPOE_RECONNECT_DELAY 7 #define PPPOE_ENCAP_OVERHEAD 8 /* 2 bytes for PPP, 6 for PPPoE */ @@ -258,16 +256,17 @@ _update_s390_subchannels (NMDeviceEthernet *self) } static void -clear_secrets_tries (NMDevice *device) +reset_autoconnect_retries (NMDevice *device) { NMActRequest *req; - NMConnection *connection; + NMSettingsConnection *connection; req = nm_device_get_act_request (device); if (req) { - connection = nm_act_request_get_applied_connection (req); - /* Clear wired secrets tries on success, failure, or when deactivating */ - g_object_set_qdata (G_OBJECT (connection), wired_secret_tries_quark (), NULL); + connection = nm_act_request_get_settings_connection (req); + g_return_if_fail (connection); + /* Reset autoconnect retries on success, failure, or when deactivating */ + nm_settings_connection_reset_autoconnect_retries (connection); } } @@ -283,7 +282,7 @@ device_state_changed (NMDevice *device, if ( new_state == NM_DEVICE_STATE_ACTIVATED || new_state == NM_DEVICE_STATE_FAILED || new_state == NM_DEVICE_STATE_DISCONNECTED) - clear_secrets_tries (device); + reset_autoconnect_retries (device); } static void @@ -681,15 +680,20 @@ handle_auth_or_fail (NMDeviceEthernet *self, gboolean new_secrets) { const char *setting_name; - guint32 tries; NMConnection *applied_connection; + NMSettingsConnection *settings_connection; + int tries_left; applied_connection = nm_act_request_get_applied_connection (req); + settings_connection = nm_act_request_get_settings_connection (req); - tries = GPOINTER_TO_UINT (g_object_get_qdata (G_OBJECT (applied_connection), wired_secret_tries_quark ())); - if (tries > 3) + tries_left = nm_settings_connection_get_autoconnect_retries (settings_connection); + if (tries_left == 0) return NM_ACT_STAGE_RETURN_FAILURE; + if (tries_left > 0) + nm_settings_connection_set_autoconnect_retries (settings_connection, tries_left - 1); + nm_device_state_changed (NM_DEVICE (self), NM_DEVICE_STATE_NEED_AUTH, NM_DEVICE_STATE_REASON_NONE); nm_active_connection_clear_secrets (NM_ACTIVE_CONNECTION (req)); @@ -699,7 +703,6 @@ handle_auth_or_fail (NMDeviceEthernet *self, wired_secrets_get_secrets (self, setting_name, NM_SECRET_AGENT_GET_SECRETS_FLAG_ALLOW_INTERACTION | (new_secrets ? NM_SECRET_AGENT_GET_SECRETS_FLAG_REQUEST_NEW : 0)); - g_object_set_qdata (G_OBJECT (applied_connection), wired_secret_tries_quark (), GUINT_TO_POINTER (++tries)); } else _LOGI (LOGD_DEVICE, "Cleared secrets, but setting didn't need any secrets."); @@ -1370,7 +1373,7 @@ deactivate (NMDevice *device) GError *error = NULL; /* Clear wired secrets tries when deactivating */ - clear_secrets_tries (device); + reset_autoconnect_retries (device); nm_clear_g_source (&priv->pppoe_wait_id); diff --git a/src/devices/nm-device-macsec.c b/src/devices/nm-device-macsec.c index 350502d652..465a5bff54 100644 --- a/src/devices/nm-device-macsec.c +++ b/src/devices/nm-device-macsec.c @@ -89,8 +89,6 @@ G_DEFINE_TYPE (NMDeviceMacsec, nm_device_macsec, NM_TYPE_DEVICE) /******************************************************************/ -static NM_CACHED_QUARK_FCN ("macsec-secrets-tries", macsec_secrets_tries_quark) - static void macsec_secrets_cancel (NMDeviceMacsec *self); /******************************************************************/ @@ -480,15 +478,20 @@ handle_auth_or_fail (NMDeviceMacsec *self, gboolean new_secrets) { const char *setting_name; - guint32 tries; + int tries_left; NMConnection *applied_connection; + NMSettingsConnection *settings_connection; applied_connection = nm_act_request_get_applied_connection (req); + settings_connection = nm_act_request_get_settings_connection (req); - tries = GPOINTER_TO_UINT (g_object_get_qdata (G_OBJECT (applied_connection), macsec_secrets_tries_quark ())); - if (tries > 3) + tries_left = nm_settings_connection_get_autoconnect_retries (settings_connection); + if (tries_left == 0) return NM_ACT_STAGE_RETURN_FAILURE; + if (tries_left > 0) + nm_settings_connection_set_autoconnect_retries (settings_connection, tries_left - 1); + nm_device_state_changed (NM_DEVICE (self), NM_DEVICE_STATE_NEED_AUTH, NM_DEVICE_STATE_REASON_NONE); nm_active_connection_clear_secrets (NM_ACTIVE_CONNECTION (req)); @@ -498,7 +501,6 @@ handle_auth_or_fail (NMDeviceMacsec *self, macsec_secrets_get_secrets (self, setting_name, NM_SECRET_AGENT_GET_SECRETS_FLAG_ALLOW_INTERACTION | (new_secrets ? NM_SECRET_AGENT_GET_SECRETS_FLAG_REQUEST_NEW : 0)); - g_object_set_qdata (G_OBJECT (applied_connection), macsec_secrets_tries_quark (), GUINT_TO_POINTER (++tries)); } else _LOGI (LOGD_DEVICE, "Cleared secrets, but setting didn't need any secrets."); @@ -735,17 +737,19 @@ link_changed (NMDevice *device, update_properties (device); } + static void -clear_secrets_tries (NMDevice *device) +reset_autoconnect_retries (NMDevice *device) { NMActRequest *req; - NMConnection *connection; + NMSettingsConnection *connection; req = nm_device_get_act_request (device); if (req) { - connection = nm_act_request_get_applied_connection (req); - /* Clear macsec secrets tries on success, failure, or when deactivating */ - g_object_set_qdata (G_OBJECT (connection), macsec_secrets_tries_quark (), NULL); + connection = nm_act_request_get_settings_connection (req); + g_return_if_fail (connection); + /* Reset autoconnect retries on success, failure, or when deactivating */ + nm_settings_connection_reset_autoconnect_retries (connection); } } @@ -761,7 +765,7 @@ device_state_changed (NMDevice *device, if ( new_state == NM_DEVICE_STATE_ACTIVATED || new_state == NM_DEVICE_STATE_FAILED || new_state == NM_DEVICE_STATE_DISCONNECTED) - clear_secrets_tries (device); + reset_autoconnect_retries (device); } /******************************************************************/ From 8588630c26c27f475fd2c7927da7d407384c8ef7 Mon Sep 17 00:00:00 2001 From: Thomas Haller Date: Fri, 20 Jan 2017 14:50:26 +0100 Subject: [PATCH 6/6] settings: log changes to NMSettingsConnection's autoconnect_retries --- src/settings/nm-settings-connection.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/settings/nm-settings-connection.c b/src/settings/nm-settings-connection.c index 51dd67e11b..43076845a6 100644 --- a/src/settings/nm-settings-connection.c +++ b/src/settings/nm-settings-connection.c @@ -2573,7 +2573,7 @@ nm_settings_connection_get_autoconnect_retries (NMSettingsConnection *self) priv->autoconnect_retries = retries; } - return NM_SETTINGS_CONNECTION_GET_PRIVATE (self)->autoconnect_retries; + return priv->autoconnect_retries; } void @@ -2582,7 +2582,10 @@ nm_settings_connection_set_autoconnect_retries (NMSettingsConnection *self, { NMSettingsConnectionPrivate *priv = NM_SETTINGS_CONNECTION_GET_PRIVATE (self); - priv->autoconnect_retries = retries; + if (priv->autoconnect_retries != retries) { + _LOGT ("autoconnect-retries: set %d", retries); + priv->autoconnect_retries = retries; + } if (retries) priv->autoconnect_retry_time = 0; else