From 2730dc60dea99e4b2116b82a343d1cd6f25dfeaf Mon Sep 17 00:00:00 2001 From: Thomas Haller Date: Thu, 2 Nov 2017 09:25:40 +0100 Subject: [PATCH 1/4] all: move setting 802-1x.auth-retries to connection.auth-retries The number of authentication retires is useful also for passwords aside 802-1x settings. For example, src/devices/wifi/nm-device-wifi.c also has a retry counter and uses a hard-coded value of 3. Move the setting, so that it can be used in general. Although it is still not implemented for other settings. This is an API and ABI break. --- clients/common/nm-meta-setting-desc.c | 6 +-- clients/common/settings-docs.c.in | 2 +- libnm-core/nm-setting-8021x.c | 53 ------------------ libnm-core/nm-setting-8021x.h | 3 -- libnm-core/nm-setting-connection.c | 54 +++++++++++++++++++ libnm-core/nm-setting-connection.h | 4 ++ libnm-core/tests/test-general.c | 1 + libnm/libnm.ver | 1 + man/NetworkManager.conf.xml | 10 ++-- src/devices/nm-device-ethernet.c | 10 ++-- src/devices/nm-device-macsec.c | 8 +-- src/devices/nm-device.c | 24 ++++----- src/devices/nm-device.h | 8 +-- .../plugins/ifcfg-rh/nms-ifcfg-rh-reader.c | 7 +-- .../plugins/ifcfg-rh/nms-ifcfg-rh-writer.c | 20 +++---- 15 files changed, 106 insertions(+), 105 deletions(-) diff --git a/clients/common/nm-meta-setting-desc.c b/clients/common/nm-meta-setting-desc.c index 573bee7cb8..1ed6b433d8 100644 --- a/clients/common/nm-meta-setting-desc.c +++ b/clients/common/nm-meta-setting-desc.c @@ -4691,9 +4691,6 @@ static const NMMetaPropertyInfo *const property_infos_802_1X[] = { PROPERTY_INFO_WITH_DESC (NM_SETTING_802_1X_AUTH_TIMEOUT, .property_type = &_pt_gobject_int, ), - PROPERTY_INFO_WITH_DESC (NM_SETTING_802_1X_AUTH_RETRIES, - .property_type = &_pt_gobject_int, - ), NULL }; @@ -4972,6 +4969,9 @@ static const NMMetaPropertyInfo *const property_infos_CONNECTION[] = { ), ), ), + PROPERTY_INFO_WITH_DESC (NM_SETTING_CONNECTION_AUTH_RETRIES, + .property_type = &_pt_gobject_int, + ), PROPERTY_INFO_WITH_DESC (NM_SETTING_CONNECTION_TIMESTAMP, .property_type = &_pt_gobject_readonly, ), diff --git a/clients/common/settings-docs.c.in b/clients/common/settings-docs.c.in index c56f0a8af7..b523a39428 100644 --- a/clients/common/settings-docs.c.in +++ b/clients/common/settings-docs.c.in @@ -43,7 +43,6 @@ #define DESCRIBE_DOC_NM_SETTING_WIRELESS_SECURITY_WPS_METHOD N_("Flags indicating which mode of WPS is to be used if any. There's little point in changing the default setting as NetworkManager will automatically determine whether it's feasible to start WPS enrollment from the Access Point capabilities. WPS can be disabled by setting this property to a value of 1.") #define DESCRIBE_DOC_NM_SETTING_802_1X_ALTSUBJECT_MATCHES N_("List of strings to be matched against the altSubjectName of the certificate presented by the authentication server. If the list is empty, no verification of the server certificate's altSubjectName is performed.") #define DESCRIBE_DOC_NM_SETTING_802_1X_ANONYMOUS_IDENTITY N_("Anonymous identity string for EAP authentication methods. Used as the unencrypted identity with EAP types that support different tunneled identity like EAP-TTLS.") -#define DESCRIBE_DOC_NM_SETTING_802_1X_AUTH_RETRIES N_("The number of retries for the authentication. Zero means to try indefinitely; -1 means to use a global default. If the global default is not set, the authentication retries for 3 times before failing the connection.") #define DESCRIBE_DOC_NM_SETTING_802_1X_AUTH_TIMEOUT N_("A timeout for the authentication. Zero means the global default; if the global default is not set, the authentication timeout is 25 seconds.") #define DESCRIBE_DOC_NM_SETTING_802_1X_CA_CERT N_("Contains the CA certificate if used by the EAP method specified in the \"eap\" property. Certificate data is specified using a \"scheme\"; two are currently supported: blob and path. When using the blob scheme (which is backwards compatible with NM 0.7.x) this property should be set to the certificate's DER encoded data. When using the path scheme, this property should be set to the full UTF-8 encoded path of the certificate, prefixed with the string \"file://\" and ending with a terminating NUL byte. This property can be unset even if the EAP method supports CA certificates, but this allows man-in-the-middle attacks and is NOT recommended.") #define DESCRIBE_DOC_NM_SETTING_802_1X_CA_CERT_PASSWORD N_("The password used to access the CA certificate stored in \"ca-cert\" property. Only makes sense if the certificate is stored on a PKCS#11 token that requires a login.") @@ -135,6 +134,7 @@ #define DESCRIBE_DOC_NM_SETTING_CDMA_PASSWORD N_("The password used to authenticate with the network, if required. Many providers do not require a password, or accept any password. But if a password is required, it is specified here.") #define DESCRIBE_DOC_NM_SETTING_CDMA_PASSWORD_FLAGS N_("Flags indicating how to handle the \"password\" property.") #define DESCRIBE_DOC_NM_SETTING_CDMA_USERNAME N_("The username used to authenticate with the network, if required. Many providers do not require a username, or accept any username. But if a username is required, it is specified here.") +#define DESCRIBE_DOC_NM_SETTING_CONNECTION_AUTH_RETRIES N_("The number of retries for the authentication. Zero means to try indefinitely; -1 means to use a global default. If the global default is not set, the authentication retries for 3 times before failing the connection. Currently this only applies to 802-1x authentication.") #define DESCRIBE_DOC_NM_SETTING_CONNECTION_AUTOCONNECT N_("Whether or not the connection should be automatically connected by NetworkManager when the resources for the connection are available. TRUE to automatically activate the connection, FALSE to require manual intervention to activate the connection.") #define DESCRIBE_DOC_NM_SETTING_CONNECTION_AUTOCONNECT_PRIORITY N_("The autoconnect priority. If the connection is set to autoconnect, connections with higher priority will be preferred. Defaults to 0. The higher number means higher priority.") #define DESCRIBE_DOC_NM_SETTING_CONNECTION_AUTOCONNECT_RETRIES N_("The number of times a connection should be tried when autoactivating before giving up. Zero means forever, -1 means the global default (4 times if not overridden). Setting this to 1 means to try activation only once before blocking autoconnect. Note that after a timeout, NetworkManager will try to autoconnect again.") diff --git a/libnm-core/nm-setting-8021x.c b/libnm-core/nm-setting-8021x.c index b9f37df8d7..af195211dc 100644 --- a/libnm-core/nm-setting-8021x.c +++ b/libnm-core/nm-setting-8021x.c @@ -116,7 +116,6 @@ typedef struct { NMSettingSecretFlags phase2_private_key_password_flags; gboolean system_ca_certs; gint auth_timeout; - gint auth_retries; } NMSetting8021xPrivate; enum { @@ -165,7 +164,6 @@ enum { PROP_PIN_FLAGS, PROP_SYSTEM_CA_CERTS, PROP_AUTH_TIMEOUT, - PROP_AUTH_RETRIES, LAST_PROP }; @@ -2747,25 +2745,6 @@ nm_setting_802_1x_get_auth_timeout (NMSetting8021x *setting) return NM_SETTING_802_1X_GET_PRIVATE (setting)->auth_timeout; } -/** - * nm_setting_802_1x_get_auth_retries: - * @setting: the #NMSetting8021x - * - * Returns the value contained in the #NMSetting8021x:auth-retries property. - * - * Returns: the configured authentication retries in seconds. Zero means - * infinity and -1 means a global default value. - * - * Since: 1.10 - **/ -gint -nm_setting_802_1x_get_auth_retries (NMSetting8021x *setting) -{ - g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), -1); - - return NM_SETTING_802_1X_GET_PRIVATE (setting)->auth_retries; -} - static void need_secrets_password (NMSetting8021x *self, GPtrArray *secrets, @@ -3644,9 +3623,6 @@ set_property (GObject *object, guint prop_id, case PROP_AUTH_TIMEOUT: priv->auth_timeout = g_value_get_int (value); break; - case PROP_AUTH_RETRIES: - priv->auth_retries = g_value_get_int (value); - break; default: G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); break; @@ -3793,9 +3769,6 @@ get_property (GObject *object, guint prop_id, case PROP_AUTH_TIMEOUT: g_value_set_int (value, priv->auth_timeout); break; - case PROP_AUTH_RETRIES: - g_value_set_int (value, priv->auth_retries); - break; default: G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); break; @@ -4851,30 +4824,4 @@ nm_setting_802_1x_class_init (NMSetting8021xClass *setting_class) G_PARAM_READWRITE | NM_SETTING_PARAM_FUZZY_IGNORE | G_PARAM_STATIC_STRINGS)); - - /** - * NMSetting8021x:auth-retries: - * - * The number of retries for the authentication. Zero means to try indefinitely; -1 means - * to use a global default. If the global default is not set, the authentication - * retries for 3 times before failing the connection. - * - * Since: 1.10 - **/ - /* ---ifcfg-rh--- - * property: auth-retries - * variable: IEEE_8021X_AUTH_RETRIES(+) - * default: 0 - * description: Number of retries for the 802.1X authentication. - * ---end--- - */ - g_object_class_install_property - (object_class, PROP_AUTH_RETRIES, - g_param_spec_int (NM_SETTING_802_1X_AUTH_RETRIES, "", "", - -1, G_MAXINT32, -1, - G_PARAM_READWRITE | - G_PARAM_CONSTRUCT | - NM_SETTING_PARAM_FUZZY_IGNORE | - G_PARAM_STATIC_STRINGS)); - } diff --git a/libnm-core/nm-setting-8021x.h b/libnm-core/nm-setting-8021x.h index 53f5bb5239..e1631e2d51 100644 --- a/libnm-core/nm-setting-8021x.h +++ b/libnm-core/nm-setting-8021x.h @@ -151,7 +151,6 @@ typedef enum { /*< underscore_name=nm_setting_802_1x_auth_flags >*/ #define NM_SETTING_802_1X_PIN_FLAGS "pin-flags" #define NM_SETTING_802_1X_SYSTEM_CA_CERTS "system-ca-certs" #define NM_SETTING_802_1X_AUTH_TIMEOUT "auth-timeout" -#define NM_SETTING_802_1X_AUTH_RETRIES "auth-retries" /* PRIVATE KEY NOTE: when setting PKCS#12 private keys directly via properties * using the "blob" scheme, the data must be passed in PKCS#12 binary format. @@ -362,8 +361,6 @@ NM_AVAILABLE_IN_1_8 NMSetting8021xAuthFlags nm_setting_802_1x_get_phase1_auth_flags (NMSetting8021x *setting); NM_AVAILABLE_IN_1_8 gint nm_setting_802_1x_get_auth_timeout (NMSetting8021x *setting); -NM_AVAILABLE_IN_1_10 -gint nm_setting_802_1x_get_auth_retries (NMSetting8021x *setting); G_END_DECLS diff --git a/libnm-core/nm-setting-connection.c b/libnm-core/nm-setting-connection.c index 22b1f3891d..24c65e7c5e 100644 --- a/libnm-core/nm-setting-connection.c +++ b/libnm-core/nm-setting-connection.c @@ -80,6 +80,7 @@ typedef struct { guint gateway_ping_timeout; NMMetered metered; NMSettingConnectionLldp lldp; + gint auth_retries; } NMSettingConnectionPrivate; enum { @@ -103,6 +104,7 @@ enum { PROP_METERED, PROP_LLDP, PROP_STABLE_ID, + PROP_AUTH_RETRIES, LAST_PROP }; @@ -552,6 +554,25 @@ nm_setting_connection_get_autoconnect_retries (NMSettingConnection *setting) return NM_SETTING_CONNECTION_GET_PRIVATE (setting)->autoconnect_retries; } +/** + * nm_setting_connection_get_auth_retries: + * @setting: the #NMSettingConnection + * + * Returns the value contained in the #NMSettingConnection:auth-retries property. + * + * Returns: the configured authentication retries. Zero means + * infinity and -1 means a global default value. + * + * Since: 1.10 + **/ +gint +nm_setting_connection_get_auth_retries (NMSettingConnection *setting) +{ + g_return_val_if_fail (NM_IS_SETTING_CONNECTION (setting), -1); + + return NM_SETTING_CONNECTION_GET_PRIVATE (setting)->auth_retries; +} + /** * nm_setting_connection_get_timestamp: * @setting: the #NMSettingConnection @@ -1308,6 +1329,9 @@ set_property (GObject *object, guint prop_id, case PROP_LLDP: priv->lldp = g_value_get_int (value); break; + case PROP_AUTH_RETRIES: + priv->auth_retries = g_value_get_int (value); + break; default: G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); break; @@ -1393,6 +1417,9 @@ get_property (GObject *object, guint prop_id, case PROP_LLDP: g_value_set_int (value, priv->lldp); break; + case PROP_AUTH_RETRIES: + g_value_set_int (value, priv->auth_retries); + break; default: G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); break; @@ -1928,4 +1955,31 @@ nm_setting_connection_class_init (NMSettingConnectionClass *setting_class) G_PARAM_READWRITE | G_PARAM_CONSTRUCT | G_PARAM_STATIC_STRINGS)); + + /** + * NMSettingConnection:auth-retries: + * + * The number of retries for the authentication. Zero means to try indefinitely; -1 means + * to use a global default. If the global default is not set, the authentication + * retries for 3 times before failing the connection. + * + * Currently this only applies to 802-1x authentication. + * + * Since: 1.10 + **/ + /* ---ifcfg-rh--- + * property: auth-retries + * variable: AUTH_RETRIES(+) + * default: 0 + * description: Number of retries for authentication. + * ---end--- + */ + g_object_class_install_property + (object_class, PROP_AUTH_RETRIES, + g_param_spec_int (NM_SETTING_CONNECTION_AUTH_RETRIES, "", "", + -1, G_MAXINT32, -1, + G_PARAM_READWRITE | + G_PARAM_CONSTRUCT | + NM_SETTING_PARAM_FUZZY_IGNORE | + G_PARAM_STATIC_STRINGS)); } diff --git a/libnm-core/nm-setting-connection.h b/libnm-core/nm-setting-connection.h index bd5b98ff4a..02a7f5b10a 100644 --- a/libnm-core/nm-setting-connection.h +++ b/libnm-core/nm-setting-connection.h @@ -63,6 +63,7 @@ G_BEGIN_DECLS #define NM_SETTING_CONNECTION_GATEWAY_PING_TIMEOUT "gateway-ping-timeout" #define NM_SETTING_CONNECTION_METERED "metered" #define NM_SETTING_CONNECTION_LLDP "lldp" +#define NM_SETTING_CONNECTION_AUTH_RETRIES "auth-retries" /* Types for property values */ /** @@ -166,6 +167,9 @@ NMMetered nm_setting_connection_get_metered (NMSettingConnection *setting); NM_AVAILABLE_IN_1_2 NMSettingConnectionLldp nm_setting_connection_get_lldp (NMSettingConnection *setting); +NM_AVAILABLE_IN_1_10 +gint nm_setting_connection_get_auth_retries (NMSettingConnection *setting); + G_END_DECLS #endif /* __NM_SETTING_CONNECTION_H__ */ diff --git a/libnm-core/tests/test-general.c b/libnm-core/tests/test-general.c index 0dc7616d6c..188cb28e63 100644 --- a/libnm-core/tests/test-general.c +++ b/libnm-core/tests/test-general.c @@ -2571,6 +2571,7 @@ test_connection_diff_a_only (void) { NM_SETTING_CONNECTION_GATEWAY_PING_TIMEOUT, NM_SETTING_DIFF_RESULT_IN_A }, { NM_SETTING_CONNECTION_METERED, NM_SETTING_DIFF_RESULT_IN_A }, { NM_SETTING_CONNECTION_LLDP, NM_SETTING_DIFF_RESULT_IN_A }, + { NM_SETTING_CONNECTION_AUTH_RETRIES, NM_SETTING_DIFF_RESULT_IN_A }, { NULL, NM_SETTING_DIFF_RESULT_UNKNOWN } } }, { NM_SETTING_WIRED_SETTING_NAME, { diff --git a/libnm/libnm.ver b/libnm/libnm.ver index 1b245b277b..18ff993de4 100644 --- a/libnm/libnm.ver +++ b/libnm/libnm.ver @@ -1193,6 +1193,7 @@ global: nm_device_ppp_get_type; nm_ip_route_equal_full; nm_setting_bridge_get_group_forward_mask; + nm_setting_connection_get_auth_retries; nm_setting_ip_config_get_route_table; nm_setting_ovs_bridge_get_fail_mode; nm_setting_ovs_bridge_get_mcast_snooping_enable; diff --git a/man/NetworkManager.conf.xml b/man/NetworkManager.conf.xml index 357474eaf8..e2a914264f 100644 --- a/man/NetworkManager.conf.xml +++ b/man/NetworkManager.conf.xml @@ -641,6 +641,11 @@ ipv6.ip6-privacy=0 A default value is only consulted if the corresponding per-connection value explicitly allows for that. + + connection.auth-retries + If left unspecified, the default value is 3 tries before failing the connection. + + connection.autoconnect-slaves @@ -742,11 +747,6 @@ ipv6.ip6-privacy=0 If left unspecified, the default value "optional" will be used. - - 802-1x.auth-retries - If left unspecified, the default value is 3 tries before failing the connection. - - diff --git a/src/devices/nm-device-ethernet.c b/src/devices/nm-device-ethernet.c index 672ae3cd52..dd9d4c7715 100644 --- a/src/devices/nm-device-ethernet.c +++ b/src/devices/nm-device-ethernet.c @@ -272,7 +272,7 @@ device_state_changed (NMDevice *device, NM_DEVICE_STATE_FAILED, NM_DEVICE_STATE_DISCONNECTED)) { priv = NM_DEVICE_ETHERNET_GET_PRIVATE (NM_DEVICE_ETHERNET (device)); - priv->auth_retries = NM_DEVICE_802_1X_AUTH_RETRIES_UNSET; + priv->auth_retries = NM_DEVICE_AUTH_RETRIES_UNSET; } } @@ -284,7 +284,7 @@ nm_device_ethernet_init (NMDeviceEthernet *self) priv = G_TYPE_INSTANCE_GET_PRIVATE (self, NM_TYPE_DEVICE_ETHERNET, NMDeviceEthernetPrivate); self->_priv = priv; - priv->auth_retries = NM_DEVICE_802_1X_AUTH_RETRIES_UNSET; + priv->auth_retries = NM_DEVICE_AUTH_RETRIES_UNSET; priv->s390_options = g_hash_table_new_full (nm_str_hash, g_str_equal, g_free, g_free); } @@ -677,8 +677,8 @@ handle_auth_or_fail (NMDeviceEthernet *self, priv = NM_DEVICE_ETHERNET_GET_PRIVATE (self); - if (!nm_device_802_1x_auth_retries_try_next (NM_DEVICE (self), - &priv->auth_retries)) + if (!nm_device_auth_retries_try_next (NM_DEVICE (self), + &priv->auth_retries)) return NM_ACT_STAGE_RETURN_FAILURE; nm_device_state_changed (NM_DEVICE (self), NM_DEVICE_STATE_NEED_AUTH, NM_DEVICE_STATE_REASON_NONE); @@ -1344,7 +1344,7 @@ deactivate (NMDevice *device) GError *error = NULL; /* Clear wired secrets tries when deactivating */ - priv->auth_retries = NM_DEVICE_802_1X_AUTH_RETRIES_UNSET; + priv->auth_retries = NM_DEVICE_AUTH_RETRIES_UNSET; nm_clear_g_source (&priv->pppoe_wait_id); diff --git a/src/devices/nm-device-macsec.c b/src/devices/nm-device-macsec.c index d8e2cc9dbb..3d95d73478 100644 --- a/src/devices/nm-device-macsec.c +++ b/src/devices/nm-device-macsec.c @@ -484,8 +484,8 @@ handle_auth_or_fail (NMDeviceMacsec *self, priv = NM_DEVICE_MACSEC_GET_PRIVATE (self); - if (!nm_device_802_1x_auth_retries_try_next (NM_DEVICE (self), - &priv->auth_retries)) + if (!nm_device_auth_retries_try_next (NM_DEVICE (self), + &priv->auth_retries)) return NM_ACT_STAGE_RETURN_FAILURE; nm_device_state_changed (NM_DEVICE (self), NM_DEVICE_STATE_NEED_AUTH, NM_DEVICE_STATE_REASON_NONE); @@ -750,7 +750,7 @@ device_state_changed (NMDevice *device, NM_DEVICE_STATE_FAILED, NM_DEVICE_STATE_DISCONNECTED)) { priv = NM_DEVICE_MACSEC_GET_PRIVATE (NM_DEVICE_MACSEC (device)); - priv->auth_retries = NM_DEVICE_802_1X_AUTH_RETRIES_UNSET; + priv->auth_retries = NM_DEVICE_AUTH_RETRIES_UNSET; } } @@ -812,7 +812,7 @@ nm_device_macsec_init (NMDeviceMacsec *self) { NMDeviceMacsecPrivate *priv = NM_DEVICE_MACSEC_GET_PRIVATE (self); - priv->auth_retries = NM_DEVICE_802_1X_AUTH_RETRIES_UNSET; + priv->auth_retries = NM_DEVICE_AUTH_RETRIES_UNSET; } static void diff --git a/src/devices/nm-device.c b/src/devices/nm-device.c index 36cfc9c9af..4be9a3687f 100644 --- a/src/devices/nm-device.c +++ b/src/devices/nm-device.c @@ -14024,42 +14024,38 @@ nm_device_get_supplicant_timeout (NMDevice *self) } gboolean -nm_device_802_1x_auth_retries_try_next (NMDevice *self, int *p_auth_retries) +nm_device_auth_retries_try_next (NMDevice *self, int *p_auth_retries) { - NMConnection *applied_connection; - NMSetting8021x *security; + NMSettingConnection *s_con; int auth_retries = *p_auth_retries; - if (G_UNLIKELY (auth_retries == NM_DEVICE_802_1X_AUTH_RETRIES_UNSET)) { + if (G_UNLIKELY (auth_retries == NM_DEVICE_AUTH_RETRIES_UNSET)) { auth_retries = -1; - applied_connection = nm_device_get_applied_connection (NM_DEVICE (self)); - if (applied_connection) { - security = nm_connection_get_setting_802_1x (applied_connection); - if (security) - auth_retries = nm_setting_802_1x_get_auth_retries (security); - } + s_con = NM_SETTING_CONNECTION (nm_device_get_applied_setting (self, NM_TYPE_SETTING_CONNECTION)); + if (s_con) + auth_retries = nm_setting_connection_get_auth_retries (s_con); if (auth_retries == -1) { gs_free char *value = NULL; value = nm_config_data_get_connection_default (NM_CONFIG_GET_DATA, - "802-1x.auth-retries", + "connection.auth-retries", self); auth_retries = _nm_utils_ascii_str_to_int64 (value, 10, -1, G_MAXINT32, -1); } if (auth_retries == 0) - auth_retries = NM_DEVICE_802_1X_AUTH_RETRIES_INFINITY; + auth_retries = NM_DEVICE_AUTH_RETRIES_INFINITY; else if (auth_retries == -1) - auth_retries = NM_DEVICE_802_1X_AUTH_RETRIES_DEFAULT; + auth_retries = NM_DEVICE_AUTH_RETRIES_DEFAULT; else nm_assert (auth_retries > 0); *p_auth_retries = auth_retries; } - if (auth_retries == NM_DEVICE_802_1X_AUTH_RETRIES_INFINITY) + if (auth_retries == NM_DEVICE_AUTH_RETRIES_INFINITY) return TRUE; if (auth_retries <= 0) { nm_assert (auth_retries == 0); diff --git a/src/devices/nm-device.h b/src/devices/nm-device.h index 6e4aa0d9e2..90f9c1fc03 100644 --- a/src/devices/nm-device.h +++ b/src/devices/nm-device.h @@ -736,11 +736,11 @@ void nm_device_update_permanent_hw_address (NMDevice *self, gboolean force_freez void nm_device_update_dynamic_ip_setup (NMDevice *self); guint nm_device_get_supplicant_timeout (NMDevice *self); -#define NM_DEVICE_802_1X_AUTH_RETRIES_UNSET -1 -#define NM_DEVICE_802_1X_AUTH_RETRIES_INFINITY -2 -#define NM_DEVICE_802_1X_AUTH_RETRIES_DEFAULT 3 +#define NM_DEVICE_AUTH_RETRIES_UNSET -1 +#define NM_DEVICE_AUTH_RETRIES_INFINITY -2 +#define NM_DEVICE_AUTH_RETRIES_DEFAULT 3 -gboolean nm_device_802_1x_auth_retries_try_next (NMDevice *self, int *p_auth_retry); +gboolean nm_device_auth_retries_try_next (NMDevice *self, int *p_auth_retry); gboolean nm_device_hw_addr_get_cloned (NMDevice *self, NMConnection *connection, diff --git a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c index 7b487f0f93..4754bea5d3 100644 --- a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c +++ b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c @@ -193,6 +193,7 @@ make_connection_setting (const char *file, const char *v; gs_free char *stable_id = NULL; const char *const *iter; + int vint64; ifcfg_name = utils_get_ifcfg_name (file, TRUE); if (!ifcfg_name) @@ -329,6 +330,9 @@ make_connection_setting (const char *file, break; } + vint64 = svGetValueInt64 (ifcfg, "AUTH_RETRIES", 10, -1, G_MAXINT32, -1); + g_object_set (s_con, NM_SETTING_CONNECTION_AUTH_RETRIES, (gint) vint64, NULL); + return NM_SETTING (s_con); } @@ -3358,9 +3362,6 @@ next: timeout = svGetValueInt64 (ifcfg, "IEEE_8021X_AUTH_TIMEOUT", 10, 0, G_MAXINT32, 0); g_object_set (s_8021x, NM_SETTING_802_1X_AUTH_TIMEOUT, (gint) timeout, NULL); - timeout = svGetValueInt64 (ifcfg, "IEEE_8021X_AUTH_RETRIES", 10, -1, G_MAXINT32, -1); - g_object_set (s_8021x, NM_SETTING_802_1X_AUTH_RETRIES, (gint) timeout, NULL); - return g_steal_pointer (&s_8021x); } diff --git a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c index fafaa848bd..a2c0bc7f62 100644 --- a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c +++ b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c @@ -560,9 +560,6 @@ write_8021x_setting (NMConnection *connection, vint = nm_setting_802_1x_get_auth_timeout (s_8021x); svSetValueInt64_cond (ifcfg, "IEEE_8021X_AUTH_TIMEOUT", vint > 0, vint); - vint = nm_setting_802_1x_get_auth_retries (s_8021x); - svSetValueInt64_cond (ifcfg, "IEEE_8021X_AUTH_RETRIES", vint > 0, vint); - if (!write_8021x_certs (s_8021x, secrets, blobs, FALSE, ifcfg, error)) return FALSE; @@ -1723,7 +1720,7 @@ write_connection_setting (NMSettingConnection *s_con, shvarFile *ifcfg) guint32 n, i; GString *str; const char *master, *master_iface = NULL, *type; - gint i_int; + gint vint; const char *tmp; svSetValueStr (ifcfg, "NAME", nm_setting_connection_get_id (s_con)); @@ -1732,15 +1729,15 @@ write_connection_setting (NMSettingConnection *s_con, shvarFile *ifcfg) svSetValueStr (ifcfg, "DEVICE", nm_setting_connection_get_interface_name (s_con)); svSetValueBoolean (ifcfg, "ONBOOT", nm_setting_connection_get_autoconnect (s_con)); - i_int = nm_setting_connection_get_autoconnect_priority (s_con); - if (i_int != NM_SETTING_CONNECTION_AUTOCONNECT_PRIORITY_DEFAULT) - svSetValueInt64 (ifcfg, "AUTOCONNECT_PRIORITY", i_int); + vint = nm_setting_connection_get_autoconnect_priority (s_con); + if (vint != NM_SETTING_CONNECTION_AUTOCONNECT_PRIORITY_DEFAULT) + svSetValueInt64 (ifcfg, "AUTOCONNECT_PRIORITY", vint); else svUnsetValue (ifcfg, "AUTOCONNECT_PRIORITY"); - i_int = nm_setting_connection_get_autoconnect_retries (s_con); - if (i_int != -1) - svSetValueInt64 (ifcfg, "AUTOCONNECT_RETRIES", i_int); + vint = nm_setting_connection_get_autoconnect_retries (s_con); + if (vint != -1) + svSetValueInt64 (ifcfg, "AUTOCONNECT_RETRIES", vint); else svUnsetValue (ifcfg, "AUTOCONNECT_RETRIES"); @@ -1874,6 +1871,9 @@ write_connection_setting (NMSettingConnection *s_con, shvarFile *ifcfg) default: svUnsetValue (ifcfg, "CONNECTION_METERED"); } + + vint = nm_setting_connection_get_auth_retries (s_con); + svSetValueInt64_cond (ifcfg, "AUTH_RETRIES", vint >= 0, vint); } static char * From 6705c71263825aebd690e67acba095c9c837f2a4 Mon Sep 17 00:00:00 2001 From: Thomas Haller Date: Thu, 2 Nov 2017 10:12:59 +0100 Subject: [PATCH 2/4] ifcfg-rh: use svSetValueInt64_cond() in write_connection_setting() --- .../plugins/ifcfg-rh/nms-ifcfg-rh-writer.c | 24 +++++++++---------- 1 file changed, 11 insertions(+), 13 deletions(-) diff --git a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c index a2c0bc7f62..d16f46be1a 100644 --- a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c +++ b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c @@ -1721,6 +1721,7 @@ write_connection_setting (NMSettingConnection *s_con, shvarFile *ifcfg) GString *str; const char *master, *master_iface = NULL, *type; gint vint; + guint32 vuint32; const char *tmp; svSetValueStr (ifcfg, "NAME", nm_setting_connection_get_id (s_con)); @@ -1730,16 +1731,14 @@ write_connection_setting (NMSettingConnection *s_con, shvarFile *ifcfg) svSetValueBoolean (ifcfg, "ONBOOT", nm_setting_connection_get_autoconnect (s_con)); vint = nm_setting_connection_get_autoconnect_priority (s_con); - if (vint != NM_SETTING_CONNECTION_AUTOCONNECT_PRIORITY_DEFAULT) - svSetValueInt64 (ifcfg, "AUTOCONNECT_PRIORITY", vint); - else - svUnsetValue (ifcfg, "AUTOCONNECT_PRIORITY"); + svSetValueInt64_cond (ifcfg, "AUTOCONNECT_PRIORITY", + vint != NM_SETTING_CONNECTION_AUTOCONNECT_PRIORITY_DEFAULT, + vint); vint = nm_setting_connection_get_autoconnect_retries (s_con); - if (vint != -1) - svSetValueInt64 (ifcfg, "AUTOCONNECT_RETRIES", vint); - else - svUnsetValue (ifcfg, "AUTOCONNECT_RETRIES"); + svSetValueInt64_cond (ifcfg, "AUTOCONNECT_RETRIES", + vint != -1, + vint); /* Only save the value for master connections */ type = nm_setting_connection_get_connection_type (s_con); @@ -1855,11 +1854,10 @@ write_connection_setting (NMSettingConnection *s_con, shvarFile *ifcfg) g_string_free (str, TRUE); } - if (nm_setting_connection_get_gateway_ping_timeout (s_con)) { - svSetValueInt64 (ifcfg, "GATEWAY_PING_TIMEOUT", - nm_setting_connection_get_gateway_ping_timeout (s_con)); - } else - svUnsetValue (ifcfg, "GATEWAY_PING_TIMEOUT"); + vuint32 = nm_setting_connection_get_gateway_ping_timeout (s_con); + svSetValueInt64_cond (ifcfg, "GATEWAY_PING_TIMEOUT", + vuint32 != 0, + vuint32); switch (nm_setting_connection_get_metered (s_con)) { case NM_METERED_YES: From 32acaccf2af0dbf8154e5221972130eeaa67a718 Mon Sep 17 00:00:00 2001 From: Thomas Haller Date: Thu, 2 Nov 2017 10:56:30 +0100 Subject: [PATCH 3/4] device: move tracking auth_retry to NMDevice It will be also used by NMDeviceWifi. It might waste a 4 bytes for device types that don't require authentication. But it deduplicates code. --- src/devices/nm-device-ethernet.c | 19 +------------------ src/devices/nm-device-macsec.c | 16 +--------------- src/devices/nm-device.c | 25 +++++++++++++++++++++---- src/devices/nm-device.h | 6 +----- 4 files changed, 24 insertions(+), 42 deletions(-) diff --git a/src/devices/nm-device-ethernet.c b/src/devices/nm-device-ethernet.c index dd9d4c7715..7807100f5b 100644 --- a/src/devices/nm-device-ethernet.c +++ b/src/devices/nm-device-ethernet.c @@ -115,8 +115,6 @@ typedef struct _NMDeviceEthernetPrivate { DcbWait dcb_wait; guint dcb_timeout_id; - int auth_retries; - bool dcb_handle_carrier_changes:1; } NMDeviceEthernetPrivate; @@ -262,18 +260,8 @@ device_state_changed (NMDevice *device, NMDeviceState old_state, NMDeviceStateReason reason) { - NMDeviceEthernetPrivate *priv; - if (new_state > NM_DEVICE_STATE_ACTIVATED) wired_secrets_cancel (NM_DEVICE_ETHERNET (device)); - - if (NM_IN_SET (new_state, - NM_DEVICE_STATE_ACTIVATED, - NM_DEVICE_STATE_FAILED, - NM_DEVICE_STATE_DISCONNECTED)) { - priv = NM_DEVICE_ETHERNET_GET_PRIVATE (NM_DEVICE_ETHERNET (device)); - priv->auth_retries = NM_DEVICE_AUTH_RETRIES_UNSET; - } } static void @@ -284,7 +272,6 @@ nm_device_ethernet_init (NMDeviceEthernet *self) priv = G_TYPE_INSTANCE_GET_PRIVATE (self, NM_TYPE_DEVICE_ETHERNET, NMDeviceEthernetPrivate); self->_priv = priv; - priv->auth_retries = NM_DEVICE_AUTH_RETRIES_UNSET; priv->s390_options = g_hash_table_new_full (nm_str_hash, g_str_equal, g_free, g_free); } @@ -677,8 +664,7 @@ handle_auth_or_fail (NMDeviceEthernet *self, priv = NM_DEVICE_ETHERNET_GET_PRIVATE (self); - if (!nm_device_auth_retries_try_next (NM_DEVICE (self), - &priv->auth_retries)) + if (!nm_device_auth_retries_try_next (NM_DEVICE (self))) return NM_ACT_STAGE_RETURN_FAILURE; nm_device_state_changed (NM_DEVICE (self), NM_DEVICE_STATE_NEED_AUTH, NM_DEVICE_STATE_REASON_NONE); @@ -1343,9 +1329,6 @@ deactivate (NMDevice *device) NMSettingDcb *s_dcb; GError *error = NULL; - /* Clear wired secrets tries when deactivating */ - priv->auth_retries = NM_DEVICE_AUTH_RETRIES_UNSET; - nm_clear_g_source (&priv->pppoe_wait_id); if (priv->ppp_manager) { diff --git a/src/devices/nm-device-macsec.c b/src/devices/nm-device-macsec.c index 3d95d73478..9558727860 100644 --- a/src/devices/nm-device-macsec.c +++ b/src/devices/nm-device-macsec.c @@ -72,7 +72,6 @@ typedef struct { Supplicant supplicant; guint supplicant_timeout_id; NMActRequestGetSecretsCallId macsec_secrets_id; - int auth_retries; } NMDeviceMacsecPrivate; struct _NMDeviceMacsec { @@ -484,8 +483,7 @@ handle_auth_or_fail (NMDeviceMacsec *self, priv = NM_DEVICE_MACSEC_GET_PRIVATE (self); - if (!nm_device_auth_retries_try_next (NM_DEVICE (self), - &priv->auth_retries)) + if (!nm_device_auth_retries_try_next (NM_DEVICE (self))) return NM_ACT_STAGE_RETURN_FAILURE; nm_device_state_changed (NM_DEVICE (self), NM_DEVICE_STATE_NEED_AUTH, NM_DEVICE_STATE_REASON_NONE); @@ -741,17 +739,8 @@ device_state_changed (NMDevice *device, NMDeviceState old_state, NMDeviceStateReason reason) { - NMDeviceMacsecPrivate *priv; - if (new_state > NM_DEVICE_STATE_ACTIVATED) macsec_secrets_cancel (NM_DEVICE_MACSEC (device)); - - if (NM_IN_SET (new_state, NM_DEVICE_STATE_ACTIVATED, - NM_DEVICE_STATE_FAILED, - NM_DEVICE_STATE_DISCONNECTED)) { - priv = NM_DEVICE_MACSEC_GET_PRIVATE (NM_DEVICE_MACSEC (device)); - priv->auth_retries = NM_DEVICE_AUTH_RETRIES_UNSET; - } } /******************************************************************/ @@ -810,9 +799,6 @@ get_property (GObject *object, guint prop_id, static void nm_device_macsec_init (NMDeviceMacsec *self) { - NMDeviceMacsecPrivate *priv = NM_DEVICE_MACSEC_GET_PRIVATE (self); - - priv->auth_retries = NM_DEVICE_AUTH_RETRIES_UNSET; } static void diff --git a/src/devices/nm-device.c b/src/devices/nm-device.c index 4be9a3687f..e979b87541 100644 --- a/src/devices/nm-device.c +++ b/src/devices/nm-device.c @@ -89,6 +89,10 @@ _LOG_DECLARE_SELF (NMDevice); #define CARRIER_WAIT_TIME_MS 5000 #define CARRIER_WAIT_TIME_AFTER_MTU_MS 10000 +#define NM_DEVICE_AUTH_RETRIES_UNSET -1 +#define NM_DEVICE_AUTH_RETRIES_INFINITY -2 +#define NM_DEVICE_AUTH_RETRIES_DEFAULT 3 + /*****************************************************************************/ typedef void (*ActivationHandleFunc) (NMDevice *self); @@ -238,6 +242,8 @@ typedef struct _NMDevicePrivate { int parent_ifindex; + int auth_retries; + union { const guint8 hw_addr_len; /* read-only */ guint8 hw_addr_len_; @@ -12877,6 +12883,10 @@ _set_state_full (NMDevice *self, NM_DEVICE_SYS_IFACE_STATE_ASSUME)) nm_device_sys_iface_state_set (self, NM_DEVICE_SYS_IFACE_STATE_MANAGED); + if ( state <= NM_DEVICE_STATE_DISCONNECTED + || state >= NM_DEVICE_STATE_ACTIVATED) + priv->auth_retries = NM_DEVICE_AUTH_RETRIES_UNSET; + if (state > NM_DEVICE_STATE_DISCONNECTED) nm_device_assume_state_reset (self); @@ -14024,10 +14034,16 @@ nm_device_get_supplicant_timeout (NMDevice *self) } gboolean -nm_device_auth_retries_try_next (NMDevice *self, int *p_auth_retries) +nm_device_auth_retries_try_next (NMDevice *self) { + NMDevicePrivate *priv; NMSettingConnection *s_con; - int auth_retries = *p_auth_retries; + int auth_retries; + + g_return_val_if_fail (NM_IS_DEVICE (self), FALSE); + + priv = NM_DEVICE_GET_PRIVATE (self); + auth_retries = priv->auth_retries; if (G_UNLIKELY (auth_retries == NM_DEVICE_AUTH_RETRIES_UNSET)) { auth_retries = -1; @@ -14052,7 +14068,7 @@ nm_device_auth_retries_try_next (NMDevice *self, int *p_auth_retries) else nm_assert (auth_retries > 0); - *p_auth_retries = auth_retries; + priv->auth_retries = auth_retries; } if (auth_retries == NM_DEVICE_AUTH_RETRIES_INFINITY) @@ -14061,7 +14077,7 @@ nm_device_auth_retries_try_next (NMDevice *self, int *p_auth_retries) nm_assert (auth_retries == 0); return FALSE; } - (*p_auth_retries)--; + priv->auth_retries--; return TRUE; } @@ -14100,6 +14116,7 @@ nm_device_init (NMDevice *self) priv->netns = g_object_ref (NM_NETNS_GET); + priv->auth_retries = NM_DEVICE_AUTH_RETRIES_UNSET; priv->type = NM_DEVICE_TYPE_UNKNOWN; priv->capabilities = NM_DEVICE_CAP_NM_SUPPORTED; priv->state = NM_DEVICE_STATE_UNMANAGED; diff --git a/src/devices/nm-device.h b/src/devices/nm-device.h index 90f9c1fc03..350a17b2c1 100644 --- a/src/devices/nm-device.h +++ b/src/devices/nm-device.h @@ -736,11 +736,7 @@ void nm_device_update_permanent_hw_address (NMDevice *self, gboolean force_freez void nm_device_update_dynamic_ip_setup (NMDevice *self); guint nm_device_get_supplicant_timeout (NMDevice *self); -#define NM_DEVICE_AUTH_RETRIES_UNSET -1 -#define NM_DEVICE_AUTH_RETRIES_INFINITY -2 -#define NM_DEVICE_AUTH_RETRIES_DEFAULT 3 - -gboolean nm_device_auth_retries_try_next (NMDevice *self, int *p_auth_retry); +gboolean nm_device_auth_retries_try_next (NMDevice *self); gboolean nm_device_hw_addr_get_cloned (NMDevice *self, NMConnection *connection, From 72756994d4dcbc79cbbb1afe31d033b28ad87352 Mon Sep 17 00:00:00 2001 From: Thomas Haller Date: Thu, 2 Nov 2017 10:19:19 +0100 Subject: [PATCH 4/4] wifi: use connection.auth-retries to handle authentication in NMDeviceWifi --- src/devices/wifi/nm-device-wifi.c | 31 ++++--------------------------- 1 file changed, 4 insertions(+), 27 deletions(-) diff --git a/src/devices/wifi/nm-device-wifi.c b/src/devices/wifi/nm-device-wifi.c index 3d9c967747..8bfddbd924 100644 --- a/src/devices/wifi/nm-device-wifi.c +++ b/src/devices/wifi/nm-device-wifi.c @@ -63,8 +63,6 @@ _LOG_DECLARE_SELF(NMDeviceWifi); #define SCAN_RAND_MAC_ADDRESS_EXPIRE_MIN 5 -static NM_CACHED_QUARK_FCN ("wireless-secrets-tries", wireless_secrets_tries_quark) - /*****************************************************************************/ NM_GOBJECT_PROPERTIES_DEFINE (NMDeviceWifi, @@ -2336,7 +2334,6 @@ handle_auth_or_fail (NMDeviceWifi *self, { NMDeviceWifiPrivate *priv = NM_DEVICE_WIFI_GET_PRIVATE (self); const char *setting_name; - guint32 tries; NMConnection *applied_connection; NMSettingWirelessSecurity *s_wsec; const char *bssid = NULL; @@ -2352,14 +2349,12 @@ handle_auth_or_fail (NMDeviceWifi *self, g_return_val_if_fail (req, FALSE); } - applied_connection = nm_act_request_get_applied_connection (req); - - tries = GPOINTER_TO_UINT (g_object_get_qdata (G_OBJECT (applied_connection), wireless_secrets_tries_quark ())); - if (tries > 3) + if (!nm_device_auth_retries_try_next (NM_DEVICE (self))) return FALSE; nm_device_state_changed (NM_DEVICE (self), NM_DEVICE_STATE_NEED_AUTH, NM_DEVICE_STATE_REASON_NONE); + applied_connection = nm_act_request_get_applied_connection (req); s_wsec = nm_connection_get_setting_wireless_security (applied_connection); wps_method = nm_setting_wireless_security_get_wps_method (s_wsec); @@ -2408,7 +2403,6 @@ handle_auth_or_fail (NMDeviceWifi *self, if (new_secrets) get_secret_flags |= NM_SECRET_AGENT_GET_SECRETS_FLAG_REQUEST_NEW; wifi_secrets_get_secrets (self, setting_name, get_secret_flags); - g_object_set_qdata (G_OBJECT (applied_connection), wireless_secrets_tries_quark (), GUINT_TO_POINTER (++tries)); return TRUE; } @@ -3074,9 +3068,6 @@ activation_success_handler (NMDevice *device) /* Clear any critical protocol notification in the wifi stack */ nm_platform_wifi_indicate_addressing_running (nm_device_get_platform (device), ifindex, FALSE); - /* Clear wireless secrets tries on success */ - g_object_set_qdata (G_OBJECT (applied_connection), wireless_secrets_tries_quark (), NULL); - /* There should always be a current AP, either a fake one because we haven't * seen a scan result for the activated AP yet, or a real one from the * supplicant's scan list. @@ -3122,21 +3113,6 @@ activation_success_handler (NMDevice *device) priv->scan_interval = SCAN_INTERVAL_MIN + (SCAN_INTERVAL_STEP * 2); } -static void -activation_failure_handler (NMDevice *device) -{ - NMConnection *applied_connection; - - applied_connection = nm_device_get_applied_connection (device); - g_assert (applied_connection); - - /* Clear wireless secrets tries on failure */ - g_object_set_qdata (G_OBJECT (applied_connection), wireless_secrets_tries_quark (), NULL); - - /* Clear any critical protocol notification in the wifi stack */ - nm_platform_wifi_indicate_addressing_running (nm_device_get_platform (device), nm_device_get_ifindex (device), FALSE); -} - static void device_state_changed (NMDevice *device, NMDeviceState new_state, @@ -3191,7 +3167,8 @@ device_state_changed (NMDevice *device, activation_success_handler (device); break; case NM_DEVICE_STATE_FAILED: - activation_failure_handler (device); + /* Clear any critical protocol notification in the wifi stack */ + nm_platform_wifi_indicate_addressing_running (nm_device_get_platform (device), nm_device_get_ifindex (device), FALSE); break; case NM_DEVICE_STATE_DISCONNECTED: /* Kick off a scan to get latest results */