After commits:
de0d623680 dns: don't fall back to other methods when resolvconf or netconfig fail
e573977b80 dns: allow runtime selection of resolv.conf manager
the method used to write /etc/resolv.conf is specified by a
configuration parameter and NM doesn't try other methods if the chosen
one has not success.
Restore the fallback to the 'none' method if resolvconf or netconfig
executables are not available, so that when the value of 'rc-manager'
is misconfigured the system continues to work properly.
https://bugzilla.gnome.org/show_bug.cgi?id=749286
"nm-utils-private.h" should not be used outside of libnm-core/.
core/ should only use public API or "nm-core-internal.h".
Also, "nm-setting-ip-config.h" is a public header and should
not contain internal defines. Move them to "nm-core-internal.h"
too.
Fixes: 019943bb5d
When update_dns() fails, callers expect 'error' argument to point to a
non-NULL error; but we are reusing the same variable when calling
update_resolv_conf() to update the private resolv.conf and thus the
function may return an empty error on failure.
Don't reuse the same error and pass a NULL argument instead, since we
don't care about errors when updating private resolv.conf.
Fixes: 5f9d348c20
NM always prepends the list of DNS domains received through DHCP to
the search list in /etc/resolv.conf, overriding the DHCP-supplied DNS
domain search order. This behavior is not entirely correct since it
changes the search order provided by system administrators.
We cannot simply avoid adding the DNS domain list to the search list
because this would break some configurations that rely on the 'domain'
option to deliver the search list.
This patch modifies the behavior of DNS manager to:
- insert the DHCP-provided 'domain' at the end of 'searches' option
so that 'searches' is always preferred
- ignore 'domain' if 'searches' option exists and 'domain' is a
single domain
https://bugzilla.gnome.org/show_bug.cgi?id=748900
dns-manager must include <gio/gio.h> itself. Otherwise
compilation only works with WITH_LIBSOUP, which includes
<gio/gio.h> via <libsoup/soup.h>.
This is an old error, but unnoticed until ad6dbc504b
which makes use of gio.h also without NETCONFIG_PATH.
Add a new 'rc-manager' configuration parameter that allows to select
the strategy used to write resolv.conf; currently supported values
are: none|resolvconf|netconfig, 'none' meaning that NM directly writes
the file.
The default value of the parameter is 'none'; however if a
RESOLVCONF_PATH (or NETCONFIG_PATH) is specified at build time, the
default value will be 'resolvconf' (or 'netconfig').
Fixes the following warnings in nm-dns-manager.c with NETCONFIG_PATH set:
dns-manager/nm-dns-manager.c: In function 'dispatch_netconfig':
dns-manager/nm-dns-manager.c:313:2: warning: implicit declaration of function 'waitpid' [-Wimplicit-function-declaration]
ret = waitpid (pid, NULL, 0);
^
dns-manager/nm-dns-manager.c:271:14: warning: unused variable 'tmp' [-Wunused-variable]
char *str, *tmp;
^
dns-manager/nm-dns-manager.c:329:13: warning: 'ret' may be used uninitialized in this function [-Wmaybe-uninitialized]
return ret > 0;
^
Fixes the following error in nm-dns-manager.c with NETCONFIG_PATH set:
dns-manager/nm-dns-manager.c:320:4: error: too many arguments to function 'g_set_error_literal'
g_set_error_literal (error,
If the child dies, or something kills the child externally, refresh
DNS which should respawn the child, similar to what we do with
wpa_supplicant, teamd, etc.
https://bugzilla.gnome.org/show_bug.cgi?id=728342
NM was killing the dnsmasq local caching nameserver process and immediately
starting a new one, and new process couldn't bind to 127.0.0.1 because the
old one hadn't quit yet. Thus the new process quit, and the user was
left with no split DNS at all.
While this does introduce more synchronous waiting into the connection
process, it's not that much time and NM will kill dnsmasq if it hasn't
quit after 1 second. The longer-term fix is to use dnsmasq's D-Bus
interface to update DNS without respawning it.
https://bugzilla.gnome.org/show_bug.cgi?id=728342https://bugzilla.redhat.com/show_bug.cgi?id=1161232
Add nm_utils_setpgid() as a g_spawn*() child setup function for
calling setpgid(), and use it where appropriate rather than
reimplementing it every time.
There's no point in calling setpgid() on short-lived processes, so
remove the setpgid() calls when spawning dispatcher scripts, iptables,
iscsiadmin, and netconf.
Replace the pthread_sigwait()-based signal handling with
g_unix_signal_add()-based handling, and get rid of all the
now-unnecessary calls to nm_unblock_posix_signals() when spawning
subprocesses.
As a bonus, this also fixes the "^C in gdb kills NM too" bug.
config.h should be included from every .c file, and it should be
included before any other include. Fix that.
(As a side effect of how I did this, this also changes us to
consistently use "config.h" rather than <config.h>. To the extent that
it matters [which is not much], quotes are more correct anyway, since
we're talking about a file in our own build tree, not a system
include.)
A number of classes in core had their own error domains that aren't
really necessary.
In the case of NMDcbError, NMDhcpManagerError, NMDnsManagerError,
NMDnsmasqManagerError, NMPppManagerError, and NMSessionMonitorError,
most of the codes they defined weren't even being used, and at any
rate, the errors were always returned into contexts where they would
just have their message extracted and then get thrown away without
anyone ever looking at the domain or code. So all uses of those
domains can just be replaced with NM_MANAGER_ERROR_FAILED without any
loss of information.
NMAuthManagerError only had 1 error code, and it just indicated
"something went wrong", so it can be replaced with
NM_MANAGER_ERROR_FAILED without loss of information.
(nm-auth-manager.c has also been fixed to return
NM_MANAGER_ERROR_FAILED when the CheckAuthorization D-Bus call fails,
rather than returning whatever error domain/code the D-Bus call
returned.)
NMVpnManagerError used 2 of its 4 error codes, and they could actually
end up getting returned across D-Bus in some cases. But there are
NMManagerError codes that are semantically similar enough to make the
NMVpnManagerError ones unnecessary.
Instead of having basically the same code in a bunch of different
place to find helper programs, just have one place do it. Yes, this
does mean that the same sequence of paths is searched for all helpers
(so for example, dnsmasq will no longer be found first in /usr/local)
but I think consistency is the better option here.
https://bugzilla.gnome.org/show_bug.cgi?id=734131
Previously, src/nm-ip4-config.h, libnm/nm-ip4-config.h, and
libnm-glib/nm-ip4-config.h all used "NM_IP4_CONFIG_H" as an include
guard, which meant that nm-test-utils.h could not tell which of them
was being included (and so, eg, if you tried to include
nm-ip4-config.h in a libnm test, it would fail to compile because
nm-test-utils.h was referring to symbols in src/nm-ip4-config.h).
Fix this by changing the include guards in the non-API-stable parts of
the tree:
- libnm-glib/nm-ip4-config.h remains NM_IP4_CONFIG_H
- libnm/nm-ip4-config.h now uses __NM_IP4_CONFIG_H__
- src/nm-ip4-config.h now uses __NETWORKMANAGER_IP4_CONFIG_H__
And likewise for all other headers.
The two non-"nm"-prefixed headers, libnm/NetworkManager.h and
src/NetworkManagerUtils.h are now __NETWORKMANAGER_H__ and
__NETWORKMANAGER_UTILS_H__ respectively, which, while not entirely
consistent with the general scheme, do still mostly make sense in
isolation.
Out-of-tree build fails with:
../../src/dns-manager/nm-dns-manager.c:38:33: fatal error: libnm-util/nm-utils.h: No such file or directory
Fixes regression introduced by commit 7580cfef20.
Signed-off-by: Thomas Haller <thaller@redhat.com>
Use nm_utils_inet4_ntop() and nm_utils_inet6_ntop() instead.
And get rid of the unneeded error-checking.
gcc warns:
make[4]: Entering directory `/data/src/NetworkManager/src'
CC nm-dns-manager.lo
dns-manager/nm-dns-manager.c: In function 'merge_one_ip4_config':
dns-manager/nm-dns-manager.c:137:37: warning: ordered comparison of pointer with integer zero [-Wextra]
if (inet_ntop (AF_INET, &addr, buf, INET_ADDRSTRLEN) > 0)
^
dns-manager/nm-dns-manager.c:168:37: warning: ordered comparison of pointer with integer zero [-Wextra]
if (inet_ntop (AF_INET, &addr, buf, INET_ADDRSTRLEN) > 0)
^
dns-manager/nm-dns-manager.c: In function 'merge_one_ip6_config':
dns-manager/nm-dns-manager.c:197:64: warning: ordered comparison of pointer with integer zero [-Wextra]
if (inet_ntop (AF_INET, &(addr->s6_addr32[3]), buf, INET_ADDRSTRLEN) > 0)
^
dns-manager/nm-dns-manager.c:200:38: warning: ordered comparison of pointer with integer zero [-Wextra]
if (inet_ntop (AF_INET6, addr, buf, INET6_ADDRSTRLEN) > 0) {
^
Signed-off-by: Thomas Haller <thaller@redhat.com>
When building with '--disable-concheck' with libsoup installed,
configure would set HAVE_LIBSOUP. But without connection
checking, we didn't link against libsoup, resulting in a
linker error.
Add a new configure option '--with-libsoup' / '--without-libsoup'
to control whether linking against libsoup.
The combination '--without-libsoup --enable-concheck' does not
make sense.
https://bugzilla.gnome.org/show_bug.cgi?id=734062
Signed-off-by: Thomas Haller <thaller@redhat.com>
Clean up some of the cross-includes between headers (which made it so
that, eg, if you included NetworkManagerUtils.h in a test program, you
would need to build the test with -I$(top_srcdir)/src/platform, and if
you included nm-device.h you'd need $(POLKIT_CFLAGS)) by moving all
GObject struct definitions for src/ and src/settings/ into nm-types.h
(which already existed to solve the NMDevice/NMActRequest circular
references).
Update various .c files to explicitly include the headers they used to
get implicitly, and remove some now-unnecessary -I options from
Makefiles.
The script is called synchronously from NetworkManager so it can handle
asynchronicity itself. The long-term plan is to incorporate the script
partially into the new plugin and partially into a dnssec-trigger
library which will be used instead of dnssec-trigger daemon.
https://bugzilla.gnome.org/show_bug.cgi?id=699810
Acked-By: Thomas Haller <thaller@redhat.com>
Acked-By: Dan Williams <dcbw@redhat.com>
dfe194ee made it so that we don't use "public suffixes" as resolv.conf
search domains (eg, we don't add "search com" if the hostname is
"example.com"). However, if this results in us writing a resolv.conf
with no "search" line at all, then the resolver will fall back to
using the parent domain of the hostname as a search domain anyway,
thwarting us.
To fix that, use the domain itself as a search domain in this case,
since that's likely to be the expected behavior anyway. (And even if
it's not, there doesn't appear to be any way to block the resolver
from using the hostname's parent domain as a search domain unless we
specify at least one search domain ourselves.)
https://bugzilla.gnome.org/show_bug.cgi?id=729137
resolv.conf(5) says:
The domain and search keywords are mutually exclusive. If more than
one instance of these keywords is present, the last instance wins.
NM always writes out a "search" line if it writes a "domain" line, so
the "domain" line is always a no-op. So drop it.
https://bugzilla.gnome.org/show_bug.cgi?id=729137
VPN services that use the kernel's IPSec stack (like OpenSwan/LibreSWAN)
obviously don't have a tunnel interface, so don't require one. If
those services provide Link-Local IPv6 DNS servers they simply won't
work, but perhaps we can filter those out later or warn about them.
If the hostname is "foo.example.com" then we want to add
"search example.com" to resolv.conf, but if it's just "example.com",
we don't want to add "search com" (rh #812394).
So if NetworkManager is being built with recent libsoup, use
soup_tld_domain_is_public_suffix() to double-check the domain before
adding it. (If it is not being built with libsoup, or is being built
with too old a version, we just skip that test, keeping the old
behavior.)
NMPolicy only updates the NMDnsManager's hostname when it changes,
which previously did not include at startup. Meaning if your hostname
never changed, NMDnsManager would never learn it (and so would never
add an appropriate "search" line to resolv.conf). Fix that.
If /etc/resolv.conf has the immutable flag set, then behave as though
"dns=none" was specified (rather than repeatedly trying and failing to
update it).
Add a property indicating whether NMDnsManager is ignoring
resolv.conf, managing it by explicitly putting nameservers into it, or
managing it by proxying to another service (eg, dnsmasq) with
"nameserver 127.0.0.1".
