The argument name should express what the caller wants
(he wants to know, whether the connection can be activated
for an internal or external activation request).
Whether that involves checking device-specific overrides, is
not the point -- nm_device_check_connection_compatible() is
also a virtual function with device-specific overrides.
There are three configuration options that contain device specs:
'main.ignore-carrier', 'main.no-auto-default', and
'keyfile.unmanaged-devices'.
Unify the parsing of them by splitting the device spec with
nm_match_spec_split(). This changes behavior for parsing of these
properties.
Also get rid of logging warnings when parsing 'keyfile.unmanaged-devices'.
There are currently three device spec properties: 'main.ignore-carrier',
'main.no-auto-default' and 'keyfile.unmanaged-devices'.
The first two, called g_key_file_parse_value_as_string() to split
the string into individual device specs. This uses ',' as separator
and supports escaping using '\\'.
'keyfile.unmanaged-devices' is split using ',' or ';' as separator
without supporting escaping.
Add a new function nm_match_spec_split(), to unify these two behaviors
and support both formats. That is, both previous formats are mostly
supported, but obviously there are some behavioral changes if the string
contains one of '\\', ',', or ';'.
nm_match_spec_split() is copied from glibs g_key_file_parse_value_as_string()
and adjusted.
Extend nm_match_spec_*() to support an "except:" prefix to negate
the result of a match. "except:" only works when followed by
an exact match type, for example "except:interface-name:vboxnet0",
but not "except:vboxnet0".
A matching "except:" spec always wins, regardless of other positive
matchings.
This includes several changes how to match device specs:
- matching the interface name is no longer case-insenstive as
interface names themselves are case-sensitive.
- Now we skip patterns that start with "mac:" or "s390-subchannels:"
for comparing interface names. Previously a spec "mac:1" would have
matched an interface named "mac:1", now it doesn't.
To match such an interface, you would have to specify
"interface-name:mac:1".
- previously, a pattern "a" would have matched an interface
named "interface-name:a", now it doesn't. Since valid interface
name (in the kernel) can be at most 15 characters long, this is
however no problem.
- if the spec has the prefix "interface-name:", we support
simple globbing using GPatternSpec. Globbing without exact
spec type will still not match "vboxnet*" -- with the exception
of "*".
You can disable globbing by putting an '=' immediately
after the ':'.
(a) "interface-name:em1" | matches "em1"
(b) "interface-name:em*" | matches "em", "em1", "em2", etc.
(c) "interface-name:em\*" | matches "em\", "em\1", etc.
(d) "interface-name:=em*" | matches "em*"
(e) "em*" | matches "em*"
We have nm_keyfile_plugin_utils_should_ignore_file() to ignore certain
files based on patterns. We also need a matching escape function to
avoid saving connections with a name we would ignore later.
https://bugzilla.gnome.org/show_bug.cgi?id=735824
After refactoring libnm-core to use GBytes instead of
GByteArray/DBUS_TYPE_G_UCHAR_ARRAY, it was forgotten to update
keyfile writer.
This causes keyfile writer to skip the NMSetting8021x:password-raw setting
and raise a g_critical() warning.
Fixes: c43f88907b
==12663== 45 bytes in 1 blocks are definitely lost in loss record 2,464 of 4,708
==12663== at 0x4C29BCF: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==12663== by 0x7F4A6F5: g_malloc (gmem.c:97)
==12663== by 0x7F6301E: g_strdup (gstrfuncs.c:356)
==12663== by 0x4B8AE5: nm_manager_new (nm-manager.c:4793)
==12663== by 0x432F3D: main (main.c:413)
==29353== 620 (+620) (32 (+32) direct, 588 (+588) indirect) bytes in 1 (+1) blocks are definitely lost in loss record 6,905 of 7,076
==29353== at 0x7CDBAC8: g_type_create_instance (gtype.c:1844)
==29353== by 0x7CBF356: g_object_new_internal (gobject.c:1774)
==29353== by 0x7CC0D4C: g_object_newv (gobject.c:1922)
==29353== by 0x7CC14E3: g_object_new (gobject.c:1614)
==29353== by 0x50B58A: nm_secret_agent_new (nm-secret-agent.c:489)
==29353== by 0x50915F: impl_agent_manager_register_with_capabilities (nm-agent-manager.c:309)
==29353== by 0x62649BE: invoke_object_method (dbus-gobject.c:1899)
==29353== by 0x62649BE: object_registration_message (dbus-gobject.c:2161)
==29353== by 0x649D5CE: _dbus_object_tree_dispatch_and_unlock (dbus-object-tree.c:1018)
==29353== by 0x648F193: dbus_connection_dispatch (dbus-connection.c:4718)
==29353== by 0x6261DB4: message_queue_dispatch (dbus-gmain.c:90)
==29353== by 0x7F44AEA: g_main_dispatch (gmain.c:3111)
==29353== by 0x7F44AEA: g_main_context_dispatch (gmain.c:3710)
==29353== by 0x7F44E87: g_main_context_iterate.isra.29 (gmain.c:3781)
==5177== 6 (+6) bytes in 1 (+1) blocks are definitely lost in loss record 118 of 6,581
==5177== at 0x4C29BCF: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==5177== by 0x7F4A6F5: g_malloc (gmem.c:97)
==5177== by 0x7F6301E: g_strdup (gstrfuncs.c:356)
==5177== by 0x4AD902: nm_auth_chain_set_data (nm-auth-utils.c:194)
==5177== by 0x50919E: impl_agent_manager_register_with_capabilities (nm-agent-manager.c:323)
==5177== by 0x62649BE: invoke_object_method (dbus-gobject.c:1899)
==5177== by 0x62649BE: object_registration_message (dbus-gobject.c:2161)
==5177== by 0x649D5CE: _dbus_object_tree_dispatch_and_unlock (dbus-object-tree.c:1018)
==5177== by 0x648F193: dbus_connection_dispatch (dbus-connection.c:4718)
==5177== by 0x6261DB4: message_queue_dispatch (dbus-gmain.c:90)
==5177== by 0x7F44AEA: g_main_dispatch (gmain.c:3111)
==5177== by 0x7F44AEA: g_main_context_dispatch (gmain.c:3710)
==5177== by 0x7F44E87: g_main_context_iterate.isra.29 (gmain.c:3781)
==5177== by 0x7F451B1: g_main_loop_run (gmain.c:3975)
==5177== 104 (+104) bytes in 1 (+1) blocks are definitely lost in loss record 5,502 of 6,581
==5177== at 0x4C29BCF: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==5177== by 0x7F4A6F5: g_malloc (gmem.c:97)
==5177== by 0x7F6159F: g_slice_alloc (gslice.c:1007)
==5177== by 0x7F61B6D: g_slice_alloc0 (gslice.c:1032)
==5177== by 0x7CDB9A3: g_type_create_instance (gtype.c:1847)
==5177== by 0x7CBF356: g_object_new_internal (gobject.c:1774)
==5177== by 0x7CC0D4C: g_object_newv (gobject.c:1922)
==5177== by 0x7CC14E3: g_object_new (gobject.c:1614)
==5177== by 0x79A4C57: g_simple_async_result_new (gsimpleasyncresult.c:319)
==5177== by 0x515B34: nm_connectivity_check_async (nm-connectivity.c:289)
==5177== by 0x515D74: run_check (nm-connectivity.c:217)
==5177== by 0x515DBF: idle_start_periodic_checks (nm-connectivity.c:229)
==1345== Invalid read of size 1
==1345== at 0x827DC15: vfprintf (vfprintf.c:1642)
==1345== by 0x8345D04: __vasprintf_chk (vasprintf_chk.c:66)
==1345== by 0x7F882DB: vasprintf (stdio2.h:210)
==1345== by 0x7F882DB: g_vasprintf (gprintf.c:316)
==1345== by 0x7F6319C: g_strdup_vprintf (gstrfuncs.c:507)
==1345== by 0x7F63258: g_strdup_printf (gstrfuncs.c:533)
==1345== by 0x472833: nm_platform_link_to_string (nm-platform.c:2337)
==1345== by 0x472A05: log_link (nm-platform.c:2754)
==1345== by 0x9DC5D5F: ffi_call_unix64 (unix64.S:76)
==1345== by 0x9DC57D0: ffi_call (ffi64.c:525)
==1345== by 0x7CBA553: g_cclosure_marshal_generic (gclosure.c:1448)
==1345== by 0x7CB9D34: g_closure_invoke (gclosure.c:768)
==1345== by 0x7CCB34B: signal_emit_unlocked_R (gsignal.c:3483)
==1345== Address 0xa91b5a0 is 0 bytes inside a block of size 5 free'd
==1345== at 0x4C2ACE9: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==1345== by 0x68E7D6D: link_free_data (link.c:223)
==1345== by 0x6D47B1F: nl_object_free (object.c:186)
==1345== by 0x46C31C: put_nl_object (nm-linux-platform.c:222)
==1345== by 0x46C31C: link_change (nm-linux-platform.c:2354)
==1345== by 0x46C87F: link_set_user_ipv6ll_enabled (nm-linux-platform.c:2583)
==1345== by 0x4476C4: set_nm_ipv6ll (nm-device.c:4418)
==1345== by 0x4476C4: ip6_managed_setup (nm-device.c:7515)
==1345== by 0x453F12: _set_state_full (nm-device.c:7665)
==1345== by 0x4B6609: add_device (nm-manager.c:1885)
==1345== by 0x4B6880: system_create_virtual_device (nm-manager.c:1126)
==1345== by 0x4B6B40: system_create_virtual_devices (nm-manager.c:1163)
==1345== by 0x4B6E00: platform_link_added (nm-manager.c:2213)
==1345== by 0x4B6E00: platform_link_cb (nm-manager.c:2228)
==1345== by 0x9DC5D5F: ffi_call_unix64 (unix64.S:76)
ndp_close() does not do that -- it only closes the socket. It's safe to call
even if we didn't start solicitation as it has a NULL-check.
==7745== 80 (+80) bytes in 2 (+2) blocks are definitely lost in loss record 3,983 of 5,735
==7745== at 0x4C29BCF: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==7745== by 0x6F57A2D: ndp_msgrcv_handler_register (libndp.c:1697)
==7745== by 0x47572E: start (nm-lndp-rdisc.c:691)
==7745== by 0x44A457: addrconf6_start_with_link_ready (nm-device.c:4280)
==7745== by 0x44C1E7: linklocal6_complete (nm-device.c:3931)
==7745== by 0x44C1E7: update_ip_config (nm-device.c:6667)
==7745== by 0x44C2F8: queued_ip_config_change (nm-device.c:6688)
==7745== by 0x7F44AEA: g_main_dispatch (gmain.c:3111)
==7745== by 0x7F44AEA: g_main_context_dispatch (gmain.c:3710)
==7745== by 0x7F44E87: g_main_context_iterate.isra.29 (gmain.c:3781)
==7745== by 0x7F451B1: g_main_loop_run (gmain.c:3975)
==7745== by 0x432F74: main (main.c:460)
==7745== 37 (+37) bytes in 1 (+1) blocks are definitely lost in loss record 2,679 of 5,735
==7745== at 0x4C29BCF: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==7745== by 0x7F4A6F5: g_malloc (gmem.c:97)
==7745== by 0x7F6301E: g_strdup (gstrfuncs.c:356)
==7745== by 0x45B097: set_property (nm-dhcp-client.c:851)
==7745== by 0x7CBF688: object_set_property (gobject.c:1415)
==7745== by 0x7CBF688: g_object_new_internal (gobject.c:1808)
==7745== by 0x7CC1194: g_object_new_valist (gobject.c:2034)
==7745== by 0x7CC14D0: g_object_new (gobject.c:1617)
==7745== by 0x45FF9F: client_start (nm-dhcp-manager.c:253)
==7745== by 0x460393: nm_dhcp_manager_start_ip4 (nm-dhcp-manager.c:308)
==7745== by 0x44EB16: dhcp4_start (nm-device.c:3168)
==7745== by 0x44EE15: act_stage3_ip4_config_start (nm-device.c:3440)
==7745== by 0x455C9F: nm_device_activate_stage3_ip4_start (nm-device.c:4657)
==7745== 11 (+11) bytes in 1 (+1) blocks are definitely lost in loss record 408 of 5,735
==7745== at 0x4C29BCF: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==7745== by 0x7F4A6F5: g_malloc (gmem.c:97)
==7745== by 0x7F6301E: g_strdup (gstrfuncs.c:356)
==7745== by 0x45C188: nm_dhcp_client_start_ip4 (nm-dhcp-client.c:417)
==7745== by 0x460147: client_start (nm-dhcp-manager.c:268)
==7745== by 0x460393: nm_dhcp_manager_start_ip4 (nm-dhcp-manager.c:308)
==7745== by 0x44EB16: dhcp4_start (nm-device.c:3168)
==7745== by 0x44EE15: act_stage3_ip4_config_start (nm-device.c:3440)
==7745== by 0x455C9F: nm_device_activate_stage3_ip4_start (nm-device.c:4657)
==7745== by 0x456467: nm_device_activate_stage3_ip_config_start (nm-device.c:4801)
==7745== by 0x7F44AEA: g_main_dispatch (gmain.c:3111)
==7745== by 0x7F44AEA: g_main_context_dispatch (gmain.c:3710)
==7745== by 0x7F44E87: g_main_context_iterate.isra.29 (gmain.c:3781)
==4203== 97 (+97) bytes in 2 (+2) blocks are definitely lost in loss record 4,586 of 5,632
==4203== at 0x4C29BCF: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==4203== by 0x7F4A6F5: g_malloc (gmem.c:97)
==4203== by 0x7F6301E: g_strdup (gstrfuncs.c:356)
==4203== by 0x47E4C8: nm_settings_connection_set_filename (nm-settings-connection.c:2228)
==4203== by 0x7CBF6EC: object_set_property (gobject.c:1415)
==4203== by 0x7CBF6EC: g_object_new_internal (gobject.c:1828)
==4203== by 0x7CC1194: g_object_new_valist (gobject.c:2034)
==4203== by 0x7CC14D0: g_object_new (gobject.c:1617)
==4203== by 0x12A08193: nm_ifcfg_connection_new (nm-ifcfg-connection.c:229)
==4203== by 0x12A0542B: update_connection (plugin.c:225)
==4203== by 0x12A0696A: add_connection (plugin.c:715)
==4203== by 0x4814BB: nm_settings_add_connection (nm-settings.c:1030)
==4203== by 0x4817DE: pk_add_cb (nm-settings.c:1136)
Access to connection configuration should not be blocked by absence of a
user session tracked using logind or consolekit. Access control based on
UID is sufficient.
This patch ensures that the user can always access connections even if
he doesn't have a session tracked by logind or consolekit and even when
NetworkManager is not built with logind or consolekit support.
Please note that presence or absence of a session tracked by logind or
consolekit doesn't carry any security information.
Acked-By: Thomas Haller <thaller@redhat.com>
Acked-By: Dan Williams <dcbw@redhat.com>
Agent registration should not be blocked by absence of a user session
tracked using logind or consolekit. Access control based on UID is
sufficient.
This patch ensures that the user can always register a secret agent,
even if he doesn't have a session tracked by logind or consolekit and
even when NetworkManager is not built with logind or consolekit support.
Please note checking for presence or absence of a user session tracked
by logind has no value in this context.
Acked-By: Thomas Haller <thaller@redhat.com>
Acked-By: Dan Williams <dcbw@redhat.com>
First, configure.ac's grep was wrong and wasn't setting DHCPCD_SUPPORTS_IPV6,
which caused dhcpcd to acquire a DHCPv6 address when NM didn't think that
was going to happen, and thus DHCP options couldn't be parsed.
Second, even if that does happen, don't just assert and quit, but set the
DHCP state to failed.
https://bugzilla.gnome.org/show_bug.cgi?id=743700
During dipose(), NMDefaultRouteManager unrefed all the source pointers
in its list -- thereby having dangling pointers in the list of entries.
The unrefing can cause the final destruction of the device (during
shutdown), which would again call into NMDefaultRouteManager.
Fix this by ensuring that after disposing starts, all external calls
into NMDefaultRouteManager return early.
#0 0x00007ffff4a2cc60 in g_logv (log_domain=0x535b51 "NetworkManager", log_level=G_LOG_LEVEL_CRITICAL, format=<optimized out>, args=args@entry=0x7fffffffd530) at gmessages.c:1046
#1 0x00007ffff4a2ce9f in g_log (log_domain=log_domain@entry=0x535b51 "NetworkManager", log_level=log_level@entry=G_LOG_LEVEL_CRITICAL, format=format@entry=0x528f68 "file %s: line %d (%s): should not be reached") at gmessages.c:1079
#2 0x000000000049b83b in _ipx_update_default_route (vtable=vtable@entry=0x7a49c0 <vtable_ip6>, self=0x7d1350 [NMDefaultRouteManager], source=source@entry=0x8b64e0) at nm-default-route-manager.c:659
#3 0x000000000049c652 in nm_default_route_manager_ip6_update_default_route (self=<optimized out>, source=source@entry=0x8b64e0) at nm-default-route-manager.c:819
#4 0x00000000004526a8 in _cleanup_generic_post (self=self@entry=0x8b64e0, deconfigure=deconfigure@entry=0) at devices/nm-device.c:7235
#5 0x0000000000452bc0 in dispose (object=0x8b64e0) at devices/nm-device.c:8324
#6 0x00007ffff4d29cbc in g_object_unref (_object=0x8b64e0) at gobject.c:3133
#7 0x0000000000499091 in _entry_free (entry=0x8bf140) at nm-default-route-manager.c:187
#8 0x00007ffff49fa82b in g_ptr_array_foreach (array=0x81d220, func=0x499080 <_entry_free>, user_data=0x0) at garray.c:1502
#9 0x00007ffff49fa8c0 in ptr_array_free (array=0x81d220, flags=FREE_SEGMENT) at garray.c:1088
#10 0x00007ffff49fa939 in g_ptr_array_free (array=<optimized out>, free_segment=free_segment@entry=1) at garray.c:1075
#11 0x000000000049abcf in dispose (object=0x7d1350 [NMDefaultRouteManager]) at nm-default-route-manager.c:1357
#12 0x00007ffff4d29cbc in g_object_unref (_object=0x7d1350) at gobject.c:3133
#13 0x00007ffff7deb507 in _dl_fini () at dl-fini.c:252
#14 0x00007ffff4658382 in __run_exit_handlers (status=status@entry=0, listp=0x7ffff49d66a0 <__exit_funcs>, run_list_atexit=run_list_atexit@entry=true) at exit.c:82
#15 0x00007ffff46583d5 in __GI_exit (status=status@entry=0) at exit.c:104
#16 0x0000000000432fd6 in main (argc=1, argv=0x7fffffffdeb8) at main.c:473
We don't need the bus for the tests and the manager may warn when it
is not available.
$ (cd src/tests/config/; env -i DBUS_SYSTEM_BUS_ADDRESS=meow ./test-config)
/config/parse-error: OK
/config/no-auto-default: NetworkManager-Message: <info> Could not connect to the system bus; only the private D-Bus socket will be available.
/bin/sh: line 5: 29997 Trace/breakpoint trap ${dir}$tst
FAIL: test-config
This reverts commit 6994454461 for the
most part. It's not sufficient to disable logging warnings. Creating
a DBus Manager might affect the system in undesired ways.
The class itself is not thread-safe, so no need for guarding
the creation with g_once_init_*().
Also, assert against multiple creation and log a line when
creating the singleton. The getter is now more similar to what
is created by NM_DEFINE_SINGLETON_GETTER().
We don't need the bus for the tests and the manager may warn it's not
available:
/config/parse-error: OK
/config/no-auto-default: NetworkManager-Message: <info> Could not connect to the system bus; only the private D-Bus socket will be available.
/bin/sh: line 5: 29997 Trace/breakpoint trap ${dir}$tst
FAIL: test-config
Fixes: e7356ef0a6
