Add these aliases for the setting names '802-3-ethernet',
'802-11-wireless', and '802-11-wireless-security' and write them by
default. It's much friendlier for administrators to type, and a lot
less ugly.
Also works for:
[connection]
type=ethernet
Most callers of nm_auth_chain_new() call nm_dbus_manager_get_caller_info()
right before that, so just fold the get_caller_info() call into
nm_auth_chain_new() to reduce code complexity in callers. Yes, this
means sometimes we call nm_dbus_manager_get_caller_info() twice,
but that's not really a problem.
Normally, users which are not part of a login session can't access
connections. Root won't always be part of a login session, so
allow root to bypass visibility checks. The code already bypassed
the ACL checks for root, but in multiple places. Consolidate those
checks into one function.
Instead of doing something like
<get caller UID>
if (root) {
perform_operation()
other boilerplate stuff
return;
}
nm_auth_chain_new(perform_operation)
...
just have root also go through the auth chain, which is now
short circuited for root. This ensures we always use the same
code paths for root and non-root, and that fixes made in one path
are also executed for the other.
When providing a service on the bus daemon and a private connection,
we'll need to track objects so we can register them with the
private connection too. Thus all registration/unregistration
calls have to go through the NMDBusManager, not straight to
dbus-glib.
test-keyfile.c: In function 'test_read_string_ssid':
test-keyfile.c:1154:51: error: argument to 'sizeof' in 'memcmp' call is the
same expression as the second source; did you mean to provide an explicit
length? [-Werror=sizeof-pointer-memaccess]
ASSERT (memcmp (array->data, expected_ssid, sizeof (expected_ssid)) == 0,
Add some new API to NMConfig so that NMSettings and its plugins can
use NMConfig to look up values rather than reparsing the config file
themselves.
Also, move the no-auto-default cache from NetworkManager.conf to
$NMSTATEDIR/no-auto-default.state, so NM isn't rewriting its own
config file at runtime.
NMSettings would try to create an NMDefaultWiredConnection for any
NMDeviceWired subclass, and there was some code to deal with
InfiniBand in the code. But nm_default_wired_connection_new() required
the hwaddr length to be ETH_ALEN, so InfiniBand would never have
worked (and probably shouldn't have, since people generally don't want
the auto-default behavior on servers anyway). And we certainly never
intended for this code to apply to bridges and bonds. So fix it to
only apply to ethernet devices, and remove the vestigial
InfiniBand-related code.
STP defaults to yes in NetworkManager (and the initscripts), so a missing
STP value in an ifcfg file means yes/on. Calling svSetValue(STP, NULL)
clears that line from the ifcfg, and thus STP gets interpreted as yes.
Explicitly set stp to "no" so that the value actually gets saved.
Just code cleanup: This is much less error-prone than manual nesting,
and will mesh very well with future changes to use the libgsystem
cleanup macros.
Avoid warnings about GValueArray being deprecated by adding macros
that wrap G_GNUC_BEGIN_IGNORE_DEPRECATIONS /
G_GNUC_END_IGNORE_DEPRECATIONS around the GValueArray calls.
For settings corresponding to devices that have a :carrier property
(ie bond, bridge, infiniband, vlan, and wired), add a :carrier-detect
property specifying how that affects the connection:
yes: The connection can only be activated when the device
has carrier, and will be deactivated if the device loses
carrier (for more than 4 seconds).
no: The connection ignores carrier on the device; it can be
activated when there is no carrier, and stays activated
when carrier is lost.
on-activate: The connection can only be activated when the
device has carrier, but it will not be deactivated if the
device loses carrier.
https://bugzilla.gnome.org/show_bug.cgi?id=688284
nm_settings_connection_init() was calling nm_connection_set_path(),
but this was pointless since that would end up getting cleared by the
property's default value shortly after init() returned (and
claim_connection() depended on this). So remove that code.
https://bugzilla.gnome.org/show_bug.cgi?id=693829
GObject creation cannot normally fail, except for types that implement
GInitable and take a GError in their _new() method. Some NM types
override constructor() and return NULL in some cases, but these
generally only happen in the case of programmer error (eg, failing to
set a mandatory property), and so crashing is reasonable (and most
likely inevitable anyway).
So, remove all NULL checks after calls to g_object_new() and its
myriad wrappers.
https://bugzilla.gnome.org/show_bug.cgi?id=693678
g_malloc(), etc, never return NULL, by API contract. Likewise, by
extension, no other glib function ever returns NULL due to lack of
memory. So remove lots of unnecessary checks (the vast majority of
which would have immediately crashed had they ever run anyway, since
g_set_error(), g_warning(), and nm_log_*() all need to allocate
memory).
https://bugzilla.gnome.org/show_bug.cgi?id=693678
If no config file was specified, and if no other plugins were given
on the command-line, the keyfile plugin would not be loaded. This
meant no connections would be read, and no connections could be
created either.
Always load the keyfile plugin.
The code flow is actually somewhat simpler this way since the
subclasses don't have to ask NMDeviceWired for the address
every time. Plus then NMDeviceWired doesn't have to know
anything about its subclasses in the constructor.
Two issues here: first, the daemon code was using the wrong D-Bus type
(strings instead of object-path) to send the connection path to the
secret agent, which resulted in a method-not-found error and nothing
happening in the agent.
Second, the agent-side method call verification code would fail the
request anyway, becuase verify_request() determined success based
on the reconstructed connection, which isn't given when canceling
secrets requests.
Allows to attach any connection to a bridge using the BRIDGE= key.
IP configuration is optional for bridge components but not
prohibited. Test case included.
Can't leave the backup files lying around when doing 'make distcheck',
so when backup up a file, return the backup file path so that the
caller can (optionally) remove it.
If the certificate path from the supplicant config is not absolute,
we need to make it absolute. When building with a different builddir,
the certificate from the supplicant config is actually in the srcdir,
but the builddir is the current PWD.
