- only add an async version. I think sync requests are fundamentally flawed
because they mess up the order of D-Bus messages. Hence, also don't
call the function *_async(), like we do for other functions. As there
is only the async form, it doesn't have a suffix.
- Don't accept a NMConnection as @settings argument, but a GVariant.
In general, keep the libnm API closer to the D-Bus API and don't hide
the underlying function with a less powerful form. The user still can
conveniently call the function with
nm_remote_connection_update2 (connection,
nm_connection_to_dbus (NM_CONNECTION (connection),
NM_CONNECTION_SERIALIZE_ALL),
save_to_disk
? NM_SETTINGS_UPDATE2_FLAG_TO_DISK
: NM_SETTINGS_UPDATE2_FLAG_IN_MEMORY,
NULL,
cancellable,
callback,
user_data);
I believe the parts of libnm that invoke D-Bus methods, should be
close to the D-Bus API. Not like nm_remote_connection_commit_changes()
which has no corresponding D-Bus method.
(cherry picked from commit d00eb95c55)
We already have Update(), UpdateUnsaved() and Save(), which serve
similar purposes. We will need a form of update with another argument.
Most notably, to block autoconnect while doing the update.
Other use cases could be to prevent reapplying connection.zone and
connection.metered, to to reapply all changes.
Instead of adding a specific update function that only serves that
new use-case, add a extensible Update2() function. It can be extended
to cope with future variants of update.
(cherry picked from commit 98ee18d888)
commit involves more then just replacing the setting and writing them
out. What? Dunno. It's complex.
But let's not bypass the commit-changes function. That one is supposed
to get it right.
(cherry picked from commit d26c749ea6)
It's complicated what happens during a commit/replace/update (whatever
you call it).
It doesn't get simpler by spreading it out to various functions.
Let's have one large function (_commit_changes_full()) which does
all the steps necessary. There should be no alternative ways
how to update a connection.
(cherry picked from commit ad9deb6968)
All callers of _replace_settings_full() now use _commit_changes_full().
commit-changes should contain all the logic what to do when updating
a connection. Now, the connection might optionally be written to disk.
(cherry picked from commit 7a0900be7c)
_commit_changes_full() calls _replace_settings_full() which already emits signals
about the changed connection. We should mark the connectin as saved earlier.
In fact, we can tell _replace_settings_full() to mark it as not-unsaved
via the persist-mode parameter.
(cherry picked from commit 4fd5e6e1bb)
_replace_settings_full() does more then just replace the settings.
It at least also sets some flags, like saved/unsaved depending
on @persist_mode.
_replace_settings_full() also emits the "updated" signal. Note that
previously it would just return without signal if nm_connection_compare()
indicates that there is no difference. But the caller probably cares
about whether the user tries to change the connection at all, not
whether the change actually introduced a real difference in the
settings. Like, policy might re-set the autoconnect blocked flags.
But it should do so on every user-update, regardless of whether
a change was actually made.
It makes sense to call _replace_settings_full() with a @new_connection
of %NULL, to mean: just update the flags, but keep the current connection.
Extend _replace_settings_full() to allow for that.
Also, update update_auth_cb() to always call _replace_settings_full(),
even if no new connection is provided. In this case, only update
the connection flags accordingly.
(cherry picked from commit 9988f9dbbb)
Note how nm_settings_connection_commit_changes() would call
prepare() a second time. Don't do that.
Also, move the prepare step earlier, and call _replace_settings_full()
without preparing the new connection again.
(cherry picked from commit 3706fd17eb)
The current behavior of update_unsaved is confusing. Give the argument
an enum with a name that describes better what's happening. Also, it
makes the uses grep-able.
(cherry picked from commit 9531da8b3e)
The wireless-security setting has a 'wep-key-type' property that is
used to specify the WEP key type and is needed because some keys could
be interpreted both as a passphrase or a hex/ascii key.
The ifcfg-rh plugin currently stores the key type implicitly: if
wep-key-type is 'passphrase' it uses the KEY_PASSPHRASE%d variable, if
it's 'key' the KEY%d variable and when it's 'unknown' it uses either
variables depending on the detected type (preferring 'key' in case
both are compatible).
This means that some connections will be read differently from how
they were written, because once the KEY (or KEY_PASSPHRASE) is read
there is no way to know whether the 'wep-key-type' property was 'key'
(or 'passphrase') or 'unknown'.
Fix this by persisting the key type explicitly in the file. The new
variable is redundant in most cases because the variables used for
keys also determine the key type.
https://bugzilla.redhat.com/show_bug.cgi?id=1518177
(cherry picked from commit c6eb18ee05)
$ nmcli con add type wifi ifname wlan0 \
wifi-sec.key-mgmt none \
wifi-sec.wep-key0 $ascii_key \
ssid <TAB>
completes the line with:
"Info:\ WEP\ key\ is\ guessed\ to\ be\ of\ '2\ \(passphrase\)'"
The environment warning function should not emit warning when
completing arguments.
(cherry picked from commit 5e239d2c04)
Until now the ifcfg-rh plugin merged the values of 'ipv4.dns-options'
and 'ipv6.dns-options' and wrote the result to the RES_OPTIONS
variable. This is wrong because writing a connection and reading it
back gives a different connection compared to the original.
This behavior existed since when DNS options were introduced, but it
became more evident now that we reread the connection after write,
because after doing a:
$ nmcli connection modify ethie ipv4.dns-options ndots:2
the connection has both ipv4.dns-options and ipv6.dns-options set. In
order to delete the option, an user has to delete it from both
settings:
$ nmcli connection modify ethie ipv4.dns-options "" ipv6.dns-options ""
To improve this let's use different variables for IPv4 and IPv6. To
keep backwards compatibility IPv4 still uses RES_OPTIONS, while IPv6
uses a new IPV6_RES_OPTIONS variable.
https://bugzilla.redhat.com/show_bug.cgi?id=1517794
(cherry picked from commit 8379785560)
Commit 6a4af482f0 ("nmtui: always create ethernet settings for VLAN
and wireless security for wifi.") changed nmtui to always add the
wireless security setting to the new connection, but without
initializing it. This leads to a crash that was fixed in 40fcf67a84
("tui: fix crash creating Wi-Fi connection").
There is an additional bug: connections without authentication can't
be saved because the wireless security setting has uninitialized
fields.
To fix this, revert both patches (the first partially) because the
previous code did the right thing as it added the setting only when
needed.
Fixes: 6a4af482f0https://bugzilla.redhat.com/show_bug.cgi?id=1518167
(cherry picked from commit fead82f419)
The matching works fuzzy and is not reliable. That is why we store
which connection should be assumed after restart in the state file
of NetworkManager.
In that case, we don't need to do a full check (with the possibility
of a false-reject). Just check for the minimum required properties:
the type and slave-type.
Yes, if the user modifies the connection while restarting NM, then
we might wrongly assume a connection that no longer would match.
But NM should not read minds, it should do as indicated.
(cherry picked from commit cc74cffe12)
This was added by cfb2af1df2, but it's
wrong. Here we reset the autoconnect-blocked-reasons when going to sleep,
not when waking up.
(cherry picked from commit 88549b031a)
_deactivate_if_active() takes a NMPolicy instance while the
connection_removed signal handler takes a NMPolicyPrivate pointer.
(cherry picked from commit c9db2c17aa)
Waiting for carrier on startup is probably the same times that carrier
needs, e.g. on an MTU change. Use the same timing.
Note, that as carrier-wait-timeout is no configurable, this
configuration applies to both -- as the manual page already
claims to do.
(cherry picked from commit 245590bacd)
$ nmcli connection down p
path
Connection 'p' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)
Don't do completion when not requested.
(cherry picked from commit 021d797089)
When activation of the connection fails with no-secrets, we block
autoconnect due to that. However, NMPolicy also unblocks such
autoconnect, whenever a new secret-agent registers. The reason
is obviously, that the new secret-agent might be able to provide
the previously missing secrets.
However, there is a race between
- making the secret request, failing activation and blocking autoconnect
- new secret-agent registers
If the secret-agent registers after making the request, but before we
block autoconnect, then autoconnect stays blocked.
[1511468634.5759] device (wlp4s0): state change: config -> need-auth (reason 'none', sys-iface-state: 'managed')
[1511468634.5772] device (wlp4s0): No agents were available for this request.
[1511468638.4082] agent-manager: req[0x55ea7e58a5d0, :1.32/org.kde.plasma.networkmanagement/1000]: agent registered
[1511468638.4082] policy: re-enabling autoconnect for all connections with failed secrets
[1511468664.6280] device (wlp4s0): state change: need-auth -> failed (reason 'no-secrets', sys-iface-state: 'managed')
[1511468664.6287] policy: connection 'tuxmobil' now blocked from autoconnect due to no secrets
Note the long timing between making the secret request and the
activation failure. This race already existed before, but now with
WPS push-button method enabled by default, the duraction of the
activation is much longer and the race is easy to hit.
https://bugzilla.gnome.org/show_bug.cgi?id=790571
(cherry picked from commit e2c8ef45ac)
We want to only check for autoconnect all, if something happend that
makes it possible that we can autoconnect now (while we couldn't
previously).
It's not a real problem to check more often then strictly necessary.
But add a check to rule out a few false-positives to avoid the
overhead of checking all devices for autoconnect.
(cherry picked from commit f0147a9c47)
