From cd7687ff60b150a85391812191d114ec8a39e5b8 Mon Sep 17 00:00:00 2001 From: Lubomir Rintel Date: Tue, 8 Mar 2022 12:23:40 +0100 Subject: [PATCH 1/7] cli: add color codes for deprecated features Follow-up commits are going color Wi-Fi networks and connections that rely on deprecated features differently, to provide a visual cue. Add color definitions for those. --- man/nmcli.xml | 14 ++++++++++++++ src/libnmc-setting/nm-meta-setting-desc.h | 2 ++ src/nmcli/nmcli.c | 6 +++++- 3 files changed, 21 insertions(+), 1 deletion(-) diff --git a/man/nmcli.xml b/man/nmcli.xml index fad874f6a9..fabb590f24 100644 --- a/man/nmcli.xml +++ b/man/nmcli.xml @@ -1880,6 +1880,13 @@ + + + + Connection that uses deprecated settings. It might not be possible to activate it. + + + @@ -2104,6 +2111,13 @@ + + + + Wi-Fi network that might be impossible to connect to due to use of deprecated functionality. + + + diff --git a/src/libnmc-setting/nm-meta-setting-desc.h b/src/libnmc-setting/nm-meta-setting-desc.h index 9190525304..b08d4c08c9 100644 --- a/src/libnmc-setting/nm-meta-setting-desc.h +++ b/src/libnmc-setting/nm-meta-setting-desc.h @@ -91,6 +91,7 @@ typedef enum { NM_META_COLOR_CONNECTION_INVISIBLE, NM_META_COLOR_CONNECTION_EXTERNAL, NM_META_COLOR_CONNECTION_UNKNOWN, + NM_META_COLOR_CONNECTION_DEPRECATED, NM_META_COLOR_CONNECTIVITY_FULL, NM_META_COLOR_CONNECTIVITY_LIMITED, NM_META_COLOR_CONNECTIVITY_NONE, @@ -126,6 +127,7 @@ typedef enum { NM_META_COLOR_WIFI_SIGNAL_GOOD, NM_META_COLOR_WIFI_SIGNAL_POOR, NM_META_COLOR_WIFI_SIGNAL_UNKNOWN, + NM_META_COLOR_WIFI_DEPRECATED, NM_META_COLOR_DISABLED, NM_META_COLOR_ENABLED, _NM_META_COLOR_NUM diff --git a/src/nmcli/nmcli.c b/src/nmcli/nmcli.c index fa5ce42687..96b8ec4a13 100644 --- a/src/nmcli/nmcli.c +++ b/src/nmcli/nmcli.c @@ -43,6 +43,7 @@ [NM_META_COLOR_CONNECTION_DISCONNECTING] = "31", \ [NM_META_COLOR_CONNECTION_INVISIBLE] = "2", \ [NM_META_COLOR_CONNECTION_EXTERNAL] = "32;2", \ + [NM_META_COLOR_CONNECTION_DEPRECATED] = "2", \ [NM_META_COLOR_CONNECTIVITY_FULL] = "32", \ [NM_META_COLOR_CONNECTIVITY_LIMITED] = "33", \ [NM_META_COLOR_CONNECTIVITY_NONE] = "31", \ @@ -73,6 +74,7 @@ [NM_META_COLOR_WIFI_SIGNAL_GOOD] = "33", \ [NM_META_COLOR_WIFI_SIGNAL_POOR] = "36", \ [NM_META_COLOR_WIFI_SIGNAL_UNKNOWN] = "2", \ + [NM_META_COLOR_WIFI_DEPRECATED] = "2", \ [NM_META_COLOR_ENABLED] = "32", \ [NM_META_COLOR_DISABLED] = "31", \ }, \ @@ -549,6 +551,7 @@ static NM_UTILS_STRING_TABLE_LOOKUP_DEFINE( {"connection-external", NM_META_COLOR_CONNECTION_EXTERNAL}, {"connection-invisible", NM_META_COLOR_CONNECTION_INVISIBLE}, {"connection-unknown", NM_META_COLOR_CONNECTION_UNKNOWN}, + {"connection-deprecated", NM_META_COLOR_CONNECTION_DEPRECATED}, {"connectivity-full", NM_META_COLOR_CONNECTIVITY_FULL}, {"connectivity-limited", NM_META_COLOR_CONNECTIVITY_LIMITED}, {"connectivity-none", NM_META_COLOR_CONNECTIVITY_NONE}, @@ -585,7 +588,8 @@ static NM_UTILS_STRING_TABLE_LOOKUP_DEFINE( {"wifi-signal-fair", NM_META_COLOR_WIFI_SIGNAL_FAIR}, {"wifi-signal-good", NM_META_COLOR_WIFI_SIGNAL_GOOD}, {"wifi-signal-poor", NM_META_COLOR_WIFI_SIGNAL_POOR}, - {"wifi-signal-unknown", NM_META_COLOR_WIFI_SIGNAL_UNKNOWN}, ); + {"wifi-signal-unknown", NM_META_COLOR_WIFI_SIGNAL_UNKNOWN}, + {"wifi-deprecated", NM_META_COLOR_WIFI_DEPRECATED}, ); static gboolean parse_color_scheme(char *palette_buffer, NmcColorPalette *out_palette, GError **error) From 422ae6bea6f3dec49eb20f2aa969ab101441641f Mon Sep 17 00:00:00 2001 From: Lubomir Rintel Date: Tue, 8 Mar 2022 12:27:30 +0100 Subject: [PATCH 2/7] cli: device: factor out checking whether an AP is a WEP one This is going to be useful elsewhere. We're going to mark WEP APs as deprecated. --- src/nmcli/devices.c | 56 ++++++++++++++++++++++++++++----------------- 1 file changed, 35 insertions(+), 21 deletions(-) diff --git a/src/nmcli/devices.c b/src/nmcli/devices.c index ded2a9eb8c..f3da212d31 100644 --- a/src/nmcli/devices.c +++ b/src/nmcli/devices.c @@ -1216,6 +1216,21 @@ get_device(NmCli *nmc, int *argc, const char *const **argv, GError **error) return devices[i]; } +static bool +_ap_is_wep(NMAccessPoint *ap) +{ + NM80211ApFlags flags = nm_access_point_get_flags(ap); + NM80211ApSecurityFlags wpa_flags = nm_access_point_get_wpa_flags(ap); + NM80211ApSecurityFlags rsn_flags = nm_access_point_get_rsn_flags(ap); + + if ((flags & NM_802_11_AP_FLAGS_PRIVACY) && (wpa_flags == NM_802_11_AP_SEC_NONE) + && (rsn_flags == NM_802_11_AP_SEC_NONE)) { + return TRUE; + } + + return FALSE; +} + static int compare_aps(gconstpointer a, gconstpointer b, gpointer user_data) { @@ -1262,7 +1277,6 @@ fill_output_access_point(NMAccessPoint *ap, const APInfo *info) { NmcOutputField *arr; gboolean active; - NM80211ApFlags flags; NM80211ApSecurityFlags wpa_flags, rsn_flags; guint32 freq, bitrate; guint8 strength; @@ -1285,7 +1299,6 @@ fill_output_access_point(NMAccessPoint *ap, const APInfo *info) active = (info->active_ap == ap); /* Get AP properties */ - flags = nm_access_point_get_flags(ap); wpa_flags = nm_access_point_get_wpa_flags(ap); rsn_flags = nm_access_point_get_rsn_flags(ap); ssid = nm_access_point_get_ssid(ap); @@ -1314,26 +1327,27 @@ fill_output_access_point(NMAccessPoint *ap, const APInfo *info) security_str = g_string_new(NULL); - if ((flags & NM_802_11_AP_FLAGS_PRIVACY) && (wpa_flags == NM_802_11_AP_SEC_NONE) - && (rsn_flags == NM_802_11_AP_SEC_NONE)) { + if (_ap_is_wep(ap)) { g_string_append(security_str, "WEP "); - } - if (wpa_flags != NM_802_11_AP_SEC_NONE) { - g_string_append(security_str, "WPA1 "); - } - if ((rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_PSK) - || (rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_802_1X)) { - g_string_append(security_str, "WPA2 "); - } - if (rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_SAE) { - g_string_append(security_str, "WPA3 "); - } - if (NM_FLAGS_ANY(rsn_flags, NM_802_11_AP_SEC_KEY_MGMT_OWE | NM_802_11_AP_SEC_KEY_MGMT_OWE_TM)) { - g_string_append(security_str, "OWE "); - } - if ((wpa_flags & NM_802_11_AP_SEC_KEY_MGMT_802_1X) - || (rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_802_1X)) { - g_string_append(security_str, "802.1X "); + } else { + if (wpa_flags != NM_802_11_AP_SEC_NONE) { + g_string_append(security_str, "WPA1 "); + } + if ((rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_PSK) + || (rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_802_1X)) { + g_string_append(security_str, "WPA2 "); + } + if (rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_SAE) { + g_string_append(security_str, "WPA3 "); + } + if (NM_FLAGS_ANY(rsn_flags, + NM_802_11_AP_SEC_KEY_MGMT_OWE | NM_802_11_AP_SEC_KEY_MGMT_OWE_TM)) { + g_string_append(security_str, "OWE "); + } + if ((wpa_flags & NM_802_11_AP_SEC_KEY_MGMT_802_1X) + || (rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_802_1X)) { + g_string_append(security_str, "802.1X "); + } } if (security_str->len > 0) From 550e3bbdd8f503d7246aa104e00792e768be9f25 Mon Sep 17 00:00:00 2001 From: Lubomir Rintel Date: Tue, 8 Mar 2022 12:09:05 +0100 Subject: [PATCH 3/7] cli: device: color WEP APs differently in "wifi list" Provide a visual cue suggesting that an attempt to associate with an WEP access point might not work. Whether it actually will work up to the daemon. --- src/nmcli/devices.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/nmcli/devices.c b/src/nmcli/devices.c index f3da212d31..2bfc4cece3 100644 --- a/src/nmcli/devices.c +++ b/src/nmcli/devices.c @@ -1237,6 +1237,9 @@ compare_aps(gconstpointer a, gconstpointer b, gpointer user_data) NMAccessPoint *apa = *(NMAccessPoint **) a; NMAccessPoint *apb = *(NMAccessPoint **) b; + /* Sort the deprecated WEP connections last. */ + NM_CMP_DIRECT(_ap_is_wep(apb), _ap_is_wep(apa)); + NM_CMP_DIRECT(nm_access_point_get_strength(apb), nm_access_point_get_strength(apa)); NM_CMP_DIRECT(nm_access_point_get_frequency(apa), nm_access_point_get_frequency(apb)); NM_CMP_DIRECT(nm_access_point_get_max_bitrate(apb), nm_access_point_get_max_bitrate(apa)); @@ -1382,6 +1385,8 @@ fill_output_access_point(NMAccessPoint *ap, const APInfo *info) /* Set colors */ color = wifi_signal_to_color(strength); + if (_ap_is_wep(ap)) + color = NM_META_COLOR_WIFI_DEPRECATED; set_val_color_all(arr, color); if (active) arr[15].color = NM_META_COLOR_CONNECTION_ACTIVATED; From f377114d6e2d07bb46cd22c027c175c64932bce9 Mon Sep 17 00:00:00 2001 From: Lubomir Rintel Date: Tue, 8 Mar 2022 12:24:48 +0100 Subject: [PATCH 4/7] cli: connection: check for deprecated features Check if a connection uses something that is likely not to work -- either now or in future. The ultimate decision on whether it's going to work is up to the daemon. We just use the result to color the connection differently to provide slight visual cue to the user. --- src/nmcli/connections.c | 40 ++++++++++++++++++++++++++++++++++++---- 1 file changed, 36 insertions(+), 4 deletions(-) diff --git a/src/nmcli/connections.c b/src/nmcli/connections.c index a045fff0bc..81d051971a 100644 --- a/src/nmcli/connections.c +++ b/src/nmcli/connections.c @@ -513,6 +513,40 @@ _con_show_fcn_get_type(NMConnection *c, NMActiveConnection *ac, NMMetaAccessorGe return connection_type_to_display(s, get_type); } +static const char * +_connection_check_deprecated(NMConnection *c) +{ + NMSettingWirelessSecurity *s_wsec; + const char *key_mgmt; + const char *type; + + type = nm_connection_get_connection_type(c); + + if (strcmp(type, NM_SETTING_WIMAX_SETTING_NAME) == 0) + return _("WiMax is no longer supported"); + + s_wsec = nm_connection_get_setting_wireless_security(c); + if (s_wsec) { + key_mgmt = nm_setting_wireless_security_get_key_mgmt(s_wsec); + if (NM_IN_STRSET(key_mgmt, "ieee8021x", "none")) + return _("WEP encryption is known to be insecure"); + } + + return NULL; +} + +static NMMetaColor +_connection_to_color(NMConnection *c, NMActiveConnection *ac) +{ + if (ac) + return nmc_active_connection_state_to_color(ac); + + if (_connection_check_deprecated(c)) + return NM_META_COLOR_CONNECTION_DEPRECATED; + + return NM_META_COLOR_CONNECTION_UNKNOWN; +} + static gconstpointer _metagen_con_show_get_fcn(NMC_META_GENERIC_INFO_GET_FCN_ARGS) { @@ -523,7 +557,7 @@ _metagen_con_show_get_fcn(NMC_META_GENERIC_INFO_GET_FCN_ARGS) const char *s; char *s_mut; - NMC_HANDLE_COLOR(nmc_active_connection_state_to_color(ac)); + NMC_HANDLE_COLOR(_connection_to_color(c, ac)); if (c) s_con = nm_connection_get_setting_connection(c); @@ -1478,9 +1512,6 @@ nmc_active_connection_state_to_color(NMActiveConnection *ac) { NMActiveConnectionState state; - if (!ac) - return NM_META_COLOR_CONNECTION_UNKNOWN; - if (NM_FLAGS_HAS(nm_active_connection_get_state_flags(ac), NM_ACTIVATION_STATE_FLAG_EXTERNAL)) return NM_META_COLOR_CONNECTION_EXTERNAL; @@ -1881,6 +1912,7 @@ con_show_get_items_cmp(gconstpointer pa, gconstpointer pb, gpointer user_data) } } + NM_CMP_DIRECT(!!_connection_check_deprecated(c_a), !!_connection_check_deprecated(c_b)); NM_CMP_DIRECT_STRCMP0(nm_connection_get_uuid(c_a), nm_connection_get_uuid(c_b)); NM_CMP_DIRECT_STRCMP0(nm_connection_get_path(c_a), nm_connection_get_path(c_b)); } From b3f79ac3661532d105442937c18957eab0cad76d Mon Sep 17 00:00:00 2001 From: Lubomir Rintel Date: Tue, 8 Mar 2022 12:02:40 +0100 Subject: [PATCH 5/7] cli: connection: factor out warning from "add" callback We sometimes emit warnings after a connection is added. Currently there's a warning when the connection ID collides with another one (and a suggestion to use an UUID instead). Let's move the check into a separate routine, so that we can reuse it elsewhere, such as on connection "modify" (in a following commit). --- src/nmcli/connections.c | 61 ++++++++++++++++++++++++----------------- 1 file changed, 36 insertions(+), 25 deletions(-) diff --git a/src/nmcli/connections.c b/src/nmcli/connections.c index 81d051971a..fdfac3abaf 100644 --- a/src/nmcli/connections.c +++ b/src/nmcli/connections.c @@ -5240,6 +5240,41 @@ nmc_process_connection_properties(NmCli *nmc, return TRUE; } +static void +connection_warnings(NmCli *nmc, NMConnection *connection) +{ + const GPtrArray *connections; + guint i, found; + const char *id; + + connections = nm_client_get_connections(nmc->client); + if (!connections) + return; + + id = nm_connection_get_id(connection); + found = 0; + for (i = 0; i < connections->len; i++) { + NMConnection *candidate = NM_CONNECTION(connections->pdata[i]); + + if ((NMConnection *) connection == candidate) + continue; + if (nm_streq0(nm_connection_get_id(candidate), id)) + found++; + } + + if (found > 0) { + g_printerr(g_dngettext(GETTEXT_PACKAGE, + "Warning: There is another connection with the name '%1$s'. " + "Reference the connection by its uuid '%2$s'\n", + "Warning: There are %3$u other connections with the name " + "'%1$s'. Reference the connection by its uuid '%2$s'\n", + found), + id, + nm_connection_get_uuid(NM_CONNECTION(connection)), + found); + } +} + static void add_connection_cb(GObject *client, GAsyncResult *result, gpointer user_data) { @@ -5247,8 +5282,6 @@ add_connection_cb(GObject *client, GAsyncResult *result, gpointer user_data) NmCli *nmc = info->nmc; NMRemoteConnection *connection; GError *error = NULL; - const GPtrArray *connections; - guint i, found; connection = nm_client_add_connection2_finish(NM_CLIENT(client), result, NULL, &error); if (error) { @@ -5259,29 +5292,7 @@ add_connection_cb(GObject *client, GAsyncResult *result, gpointer user_data) g_error_free(error); nmc->return_value = NMC_RESULT_ERROR_CON_ACTIVATION; } else { - connections = nm_client_get_connections(nmc->client); - if (connections) { - found = 0; - for (i = 0; i < connections->len; i++) { - NMConnection *candidate = NM_CONNECTION(connections->pdata[i]); - - if ((NMConnection *) connection == candidate) - continue; - if (nm_streq0(nm_connection_get_id(candidate), info->new_id)) - found++; - } - if (found > 0) { - g_printerr(g_dngettext(GETTEXT_PACKAGE, - "Warning: There is another connection with the name '%1$s'. " - "Reference the connection by its uuid '%2$s'\n", - "Warning: There are %3$u other connections with the name " - "'%1$s'. Reference the connection by its uuid '%2$s'\n", - found), - info->new_id, - nm_connection_get_uuid(NM_CONNECTION(connection)), - found); - } - } + connection_warnings(nmc, NM_CONNECTION(connection)); /* We print here human readable text, but as scripts might parse this output * (with LANG=C), this is important to not change in the future. At least From 061c3424743ceb54425ae28be685e5a9c43ea147 Mon Sep 17 00:00:00 2001 From: Lubomir Rintel Date: Tue, 8 Mar 2022 12:02:50 +0100 Subject: [PATCH 6/7] cli: connection: check for warnings after "modify" Run the same checks after "nmcli c modify" as we do for "nmcli c add". That is -- warn if the resulting connection has a connection ID collision. --- src/nmcli/connections.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/nmcli/connections.c b/src/nmcli/connections.c index fdfac3abaf..221761da22 100644 --- a/src/nmcli/connections.c +++ b/src/nmcli/connections.c @@ -8897,6 +8897,8 @@ modify_connection_cb(GObject *connection, GAsyncResult *result, gpointer user_da error->message); nmc->return_value = NMC_RESULT_ERROR_UNKNOWN; } else { + connection_warnings(nmc, NM_CONNECTION(connection)); + if (nmc->nmc_config.print_output == NMC_PRINT_PRETTY) { g_print(_("Connection '%s' (%s) successfully modified.\n"), nm_connection_get_id(NM_CONNECTION(connection)), From 5b4b00b8d2ec78ce28bf01589142ef605df36e69 Mon Sep 17 00:00:00 2001 From: Lubomir Rintel Date: Tue, 8 Mar 2022 12:04:27 +0100 Subject: [PATCH 7/7] cli: connection: check for deprecated features on "add"/"modify" If the user happens to create a WiMax or Wi-Fi WEP connection they get a warning. --- src/nmcli/connections.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/nmcli/connections.c b/src/nmcli/connections.c index 221761da22..bb73bb4918 100644 --- a/src/nmcli/connections.c +++ b/src/nmcli/connections.c @@ -5246,6 +5246,11 @@ connection_warnings(NmCli *nmc, NMConnection *connection) const GPtrArray *connections; guint i, found; const char *id; + const char *deprecated; + + deprecated = _connection_check_deprecated(NM_CONNECTION(connection)); + if (deprecated) + g_printerr(_("Warning: %s.\n"), deprecated); connections = nm_client_get_connections(nmc->client); if (!connections)