Keyfile plugin writer had a bug, when writing IP6 routes with gateway
"::". Instead of writing "net/plen,,metric" it wrote "net/plen,metric".
- fix this bug and add test cases. Also, add a workaround to reader, to
accept such wrongly written IP6 routes as valid.
- change the writer for IP4 addresses, IP4 routes and IP6 routes to
omit the gateway and the metric, if it is 0.0.0.0/::/0, respectively.
Also change the reader, to accept such empty gateway as valid.
It only omits the gateway, if the metric is not 0, this means it would
write:
route1=1.2.3.4/24,0.0.0.0,1
instead of
route1=1.2.3.4/24,,1
Both representations are now supported by the reader, but older plugin
versions could only read the former (thus, we keep writing that
version).
With a metric of zero, it would instead write:
route1=1.2.3.4/24
- some refactoring and code cleanup. Fix a memory leak.
https://bugzilla.gnome.org/show_bug.cgi?id=719851
Signed-off-by: Thomas Haller <thaller@redhat.com>
Rather than explicitly passing around a UID and a flag saying whether
or not it's relevant.
(This also fixes a bug where the wrong UID was being recorded in
nm-settings-connection.c::auth_start(), which caused problems such as
agent-owned secrets not getting saved because of a perceived UID
mismatch.)
If the connection describes a bridge/bond/team/etc slave, where the
slave setting (like NMSettingBridgePort or NMSettingTeamPort) has all
default values, the setting does not get written out because the
plugin does not write default values. But then when reading the
connection back in, we need to add that all-default slave type setting
since it's required for a valid connection.
These are (most likely) only warnings and not severe bugs.
Some of these changes are mostly made to get a clean run of
Coverity without any warnings.
Error found by running Coverity scan
https://bugzilla.redhat.com/show_bug.cgi?id=1025894
Co-Authored-By: Jiří Klimeš <jklimes@redhat.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
If the connection has never been saved to disk, it won't have a path yet,
but that doesn't mean we should crash. Next, when reloading connections,
only try to do connection matching on connections that have paths, otherwise
all in-memory-only connections would be removed at the end of
read_connections().
Unfortunately, $(AM_CPPFLAGS) gets overridden by per-target _CPPFLAGS
variables, which $(INCLUDES) did not, so this requires some additional
changes.
In most places, I have just gotten rid of the per-target _CPPFLAGS
variables; in directories with a single target, the per-target
variable is unnecessary, and in directories with multiple targets, the
per-target variable is often undesirable, since it forces some files
to be compiled twice, even though there ends up being no difference
between the two files.
In nm_keyfile_plugin_connection_from_file(), disable the "bad owner"
check.
As root you can read all files anyway, or if necessary even chown them,
and for
other users the standard file permissions will do a fine job.
This fixes running "make check" as root.
https://bugzilla.gnome.org/show_bug.cgi?id=701112
Plugins that could save connections to disk previously depended on inotify
events from the kernel to know when to signal connection removal; that is
in response to a 'delete' request they would unlink the backing filesystem
resources, get the inotify signal, and cause NM_SETTINGS_CONNECTION_REMOVED
to be emitted.
Unsaved connections don't have any backing resources, so they would never
get the signal emitted, and NMSettings would never forget about them.
Also, when monitor-connection-files=false in the configuration, obviously
the inotify signals will never come in because they aren't set up.
Given that we can no longer rely on inotify, it's best to just explicitly
send out the NM_SETTINGS_CONNECTION_REMOVED signal whenever a connection
is deleted via the D-Bus interface or internally.
Bonding options are written straight into [bond] group like:
[bond]
interface-name=bbb
mode-active-backup
miimon=300
So we have to handle them explicitly.
Add a "monitor-connection-files" config option, which can be set to
"false" to disable automatic reloading of connections on file change.
To go with this, add a new ReloadConnections method on
o.fd.NM.Settings that can be used to manually reload connections, and
add an nm-cli command to call it.
ifcfg-rh didn't let you unmanage an InfiniBand device by hardware
address because it was recording the hardware address with uppercase
letters, while nm_match_spec_hwaddr() required lowercase. Fix this by
making nm_match_spec_hwaddr() match case-insensitively (and remove the
manual lowercasing that several other places were doing to work around
this.)
keyfile didn't let you unmanage an InfiniBand device by hardware
address because it only accepted ARPHRD_ETHER hardware addresses. Fix
that by using nm_utils_hwaddr_valid() instead.
We don't always want to immediately write new connections to disk, to
facilitate "runtime" or "temporary" connections where an interface's
runtime config isn't backed by on-disk config. Also, just because
an interface's configuration is changed doesn't necessarily mean
that new configuration should be written to disk either.
Add D-Bus methods for adding new connections and for updating existing
connections that don't immediately save the connection to disk.
Also add infrastructure to indicate to plugins that the new connection
shouldn't be immediately saved if the connection was added with the
new method.
Use the new NMConnection 'changed' signal to mark connections
as dirty/unsaved, and reset that when they get flushed to disk.
Previously, the 'Updated' signal was emitted only when the
connection was changed and flushed to disk, but now we have
more granular needs, and the signal is emitted whenever the
connection actually *is* changed, regardless of whether its
flushed to disk or not.
Settings with all-default values are not written to reduce
complexity of the keyfile (and be more human-readable friendly)
and that includes VLAN settings with a VLAN ID of zero. So
when reading this file back, if there is no 'base type' setting
(eg, the setting specified by the connection::type property)
then just add that setting. nm_connection_verify() will catch
cases where an empty 'base type' setting is invalid.
Add these aliases for the setting names '802-3-ethernet',
'802-11-wireless', and '802-11-wireless-security' and write them by
default. It's much friendlier for administrators to type, and a lot
less ugly.
Also works for:
[connection]
type=ethernet
test-keyfile.c: In function 'test_read_string_ssid':
test-keyfile.c:1154:51: error: argument to 'sizeof' in 'memcmp' call is the
same expression as the second source; did you mean to provide an explicit
length? [-Werror=sizeof-pointer-memaccess]
ASSERT (memcmp (array->data, expected_ssid, sizeof (expected_ssid)) == 0,
Just code cleanup: This is much less error-prone than manual nesting,
and will mesh very well with future changes to use the libgsystem
cleanup macros.
Avoid warnings about GValueArray being deprecated by adding macros
that wrap G_GNUC_BEGIN_IGNORE_DEPRECATIONS /
G_GNUC_END_IGNORE_DEPRECATIONS around the GValueArray calls.
GObject creation cannot normally fail, except for types that implement
GInitable and take a GError in their _new() method. Some NM types
override constructor() and return NULL in some cases, but these
generally only happen in the case of programmer error (eg, failing to
set a mandatory property), and so crashing is reasonable (and most
likely inevitable anyway).
So, remove all NULL checks after calls to g_object_new() and its
myriad wrappers.
https://bugzilla.gnome.org/show_bug.cgi?id=693678
Use --enable-doc and --enable-tests instead of --with-docs and
--with-tests. This is consistent with other features and with
--enable-gtk-doc option. Support current variants as fallback.
Don't build tests unless --enable-tests is specified.
You can now use 'address=' even for IPv6 and it's the encouraged way
to set up a single address manually. For multiple addresses,
'address0=', 'address1=', etc, should be preferred.
Example:
address=10.0.0.15/24/10.0.0.1
address0=192.168.0.1/24
address1=10.0.0.16/32
Example (backward compatibility):
addresses=10.0.0.15/24/10.0.0.1
addresses0=192.168.0.1/24
addresses1=10.0.0.16/32
IPv4 and IPv6 address configuration is now handled together and supports
the following syntax (slashes can be replaced with semicolons):
address/plen
address/plen,gateway
IPv4 and IPv6 route configuration is also handled uniformly and supports
the following syntax:
address/plen (for device routes)
address/plen,gateway (for gateway routes)
address/plen,gateway,metric (for gateway routes with metric)
For compatibility reasons, slash (/), comma (,) and semicolon (;) are
considered equal by the parser. The /plen part is optional for both
addresses and routes for compatibility reasons.
Leaving out the prefix length is not considered a good idea. IPv6
addresses default to 64 and IPv4 now defaults to 24 which is the closest
possible IPv4 counterpart. Routes default to single addresses.
Example 1:
[ipv4]
method=manual
addresses1=192.168.56.5/24,192.168.56.1
addresses2=192.168.57.5/24
routes1=4.5.6.0/24
routes2=1.2.3.0/24,4.5.6.7
routes3=7.8.9.0/24,4.5.6.7,99
[ipv6]
method=manual
addresses1=2001:db8:a🅱️:3/64,2001:db8:a🅱️:1
addresses2=2001:db8:c:d::3/64
routes1=2001:db8:e:f::/64,2001:db8:a🅱️:4
Example 2 (equivalent):
[ipv4]
method=manual
addresses1=192.168.56.5;24;192.168.56.1
addresses2=192.168.57.5;24
routes1=4.5.6.0;24
routes2=1.2.3.0;24;4.5.6.7
routes3=7.8.9.0;24;4.5.6.7;99
[ipv6]
method=manual
addresses1=2001:db8:a🅱️:3;64;2001:db8:a🅱️:1
addresses2=2001:db8:c:d::3;64
routes1=2001:db8:e:f::;64;2001:db8:a🅱️:4
For writing, I have arbitrarily chosen one of the formats 'reader'
can parse. Address and prefix length are separated by slash (/),
everything else is separated by comma (,).
addresses1=address/plen,gateway
routes1=address/plen,gateway,metric
Note: The modified 'reader' exposes a bug in the 'writer' and ignores
out badly-formatted routes. This problem is also fixed by this
commit. Keyfile tests now pass.
