svGetValue() had the meaning of returning a string, except the
empty word "" was coerced to NULL.
svGetValueFull() had the meaing of returing the value as string,
including the empty word.
Rename those functions to better express what they do.
Same for svSetValue*().
It is wrong to allow access to unquoted ifcfg-rh values.
All users of this ~feature~ misused it to encode meaning
in the type of quotation, which is wrong.
Also, shvar.h is not able to fully parse shell. We can improve
that, but it should be handled internally, in one place. Not by
callers applying some quirks after getting a "verbatim" value.
It is wrong to move the handling of quotes outside of shvar.h.
The ifcfg-rh core library (shvar.h) should handle quotation
transparently.
It is also wrong to encode meaning of the WPA_PSK depending on whether
the value is quoted or not. A psk that is 64 chars *must* be in hex
representation, and anything else is taken literal.
Also, the special handling of bash-syntax with $' was wrong. Including
the unit test "keys-test-wifi-wpa-psk-2" which contained invalid shell.
Support for $' must be done inside of shvar.h, for all properties alike
not just for WPA_PSK.
Let shvar.h do the escaping/unescaping of the ESSID.
We should not treat a value differently whether it is quoted or not.
Also, cutting away double quotes and calling svUnescape() is just wrong.
Now, we write a value in hex if it contains non-printable characters
or if the reader would treat it like a hex value. Reader treats ESSID
now as hex if it starts with "0x" followed by pairs of hex digits.
svUnescape() has no problem with extremely long strings.
It does not allocate any memory and has O(n) complexity.
No problem.
If somebody has a problem with extremely large files it's
shvarFile itself which caches the entire file in memory.
Also, libnm-core allows team configs to be 1 MB in size.
So, allow that here too.
It's not clear why we would read the CIPHER_GROUP/CIPHER_PAIRWISE
verbatim=TRUE (without shell unescaping). Especially since ifcfg-rh
writer does
svSetValue (ifcfg, "CIPHER_PAIRWISE", str->str, FALSE);
Depending on how arguments are passed to the called function,
this could lead to a crash.
Maybe not on 32 bit machines where the size of the pointer is
the size of an int.
Maybe not on x86_64, where the arguments are passed in registers.
Fixes: b88c309167
In some places we use g_file_set_contents() after a umask() to limit
the permissions of the created file. Unfortunately if the containing
directory has a default ACL the umask will be ignored and the new file
will have a mode equal to the default ACL (since g_file_set_contents()
opens the file with mode 0666).
Calling a chmod() after the file gets created is insecure (see commit
60b7ed3bdc) and so the only solution seems to be to reimplement
g_file_set_contents() and accept a mode as parameter.
We already had similar functions in the tree, consolidate them into a
new generic utility function.
https://bugzilla.gnome.org/show_bug.cgi?id=769702
Don't have the test recompile parts of the settings plugin.
Instead, build one core library that is used both by the test
and the settings plugin.
Advantage: might save some compilation time, but more importantly: the
test use the same object code then NetworkManager itself, avoiding
different behavior due to compilation flags.
We don't need need separate unit tests for basic tests that can
just run in the same test-run. If you really need to run only
a particular set of tests, try
./src/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh -p /settings/plugins/ifcfg-rh/utils
Results in less compilation (time), and less binaries to test during
`make check`.
First of all, G_LOG_DOMAIN only matters when using g_log() directly.
Inside core, we always want to log via nm-logging. Every call to a
g_log() is a bug in the first place (like a failed assertion that logs
a g_critical() during g_return_if_fail()).
So, for all practic purposes, the logging domain is not used.
For nm-logging, the G_LOG_DOMAIN has no effect. Unless we find a proper
use of this domain, G_LOG_DOMAIN should not differ from what the rest of
core.
The numeric value of NM_SETTING_PROXY_METHOD_NONE should be zero,
as that is the more natural default.
Also, cast all uses of the enum values in g_object_set() to
(int).
Unnecessary APIs have been removed from nm-setting-proxy, client like
nm-connection-editor are expected to create a PAC script snippet the load
the location of file in NM.
src: Fixes in nm-device.c and nm-vpn-connection.c to update PacRunner
at the right place and moment. When a device goes up PacRunner is
configured with the Device IPxConfigs and Proxy Config. When it goes
down the same configuration is removed from PacRunner.
ifcfg-rh: Fixed to read and write proxy settings to the ifcfg network
scripts.
- use _NM_GET_PRIVATE() and _NM_GET_PRIVATE_PTR() everywhere.
- reorder statements, to have GObject related functions (init, dispose,
constructed) at the bottom of each file and in a consistent order w.r.t.
each other.
- unify whitespaces in signal and properties declarations.
- use NM_GOBJECT_PROPERTIES_DEFINE() and _notify()
- drop unused signal slots in class structures
- drop unused header files for device factories
Since we possibly already link against libjansson, we can also expose some
helper utils which allows nmcli to do basic validation of JSON without
requiring to duplicate the effort of using libjansson.
Also, tighten up the cecks to ensure that we have a JSON object at hand.
We are really interested in that and not of arrays or literals.
An empty 802-11-wireless-security.proto is equivalent to
'wpa,rsn'. Previously we added the two protocols when reading the
connection and the variables were missing, with the result that an
empty value would be read as 'wpa,rsn' at the next restart. This is
harmless but makes the two connections appear as different, with bad
effects when 'monitor-connection-files' is enabled.
Ensure that the original value persists after a write/read cycle.
https://bugzilla.gnome.org/show_bug.cgi?id=770907
Now that we validate the JSON syntax of a team/team-port
configuration, any existing connection with invalid JSON configuration
would fail to load and disappear upon upgrade. Instead, modify the
setting plugins to emit a warning but still load the connection with
empty configuration.
Depending on the connection we are about to read,
we would assert that the user provided a @out_unhandled
argument.
That means, the user must always provide a valid @out_unhandled
pointer, because he cannot know beforehand how the reading
of the ifcfg file goes.
Clear some IP related entries from the ifcfg-rh file if
the connection is a slave connection.
Also, drop utils_ignore_ip_config(). It is guaranteed, that
writer only handles connections that verify(). Such connections
have an IPv4/IPv6 setting if (and only if) they are not slave
types.
https://bugzilla.redhat.com/show_bug.cgi?id=1368761
NM_CONTROLLED=no is an explicit user configuration. There is no point in
issuing a warning that the user doesn't want to manage a device.
<warn> [1467722628.7388] ifcfg-rh: Ignoring connection /etc/sysconfig/network-scripts/ifcfg-eth0 (5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03,"System eth0") / device 'eth0' due to NM_CONTROLLED=no.
Also, don't truncate the device spec, instead show the full
device spec, it may contains a MAC address or a s390 subchannel.
