nm_utils_hwaddr_ntoa() and nm_utils_hwaddr_aton() are like
ether_ntoa()/ether_aton(), but handle IPoIB too.
nm_utils_hwaddr_atoba() is like _aton() but returns a GByteArray,
since that's what's wanted in many places.
Also remove nm_ether_ntop() and replace uses of it with
nm_utils_hwaddr_ntoa().
We have to send agent-owned secrets to agents via SaveSecrets() D-Bus call for
newly created connections, the same way we do for connection updates.
Without the change secrets aren't saved for new created VPN connections,
only after a connection update.
Moves the logic of naming connections into its own function. Allows each
connection type to provide a "hard" prefix which will always be used.
Bonding uses this to prefix all bonding connections with "Bond".
If a DEVICE= line is available, append it to the end of connection name
for easier identification of the real device behind it.
Appends the suffix "[slave-of <MASTER>]" to all connections which are
configured as a slave of a bond.
Examples:
myName -> myName (eth0)
System eth0 -> System eth0
myName2 -> Bond myName2 (bond0)
System bond0 -> Bond bond0
myName -> myName (eth0) [slave-of bond0]
System eth0 -> System eth0 [slave-of bond0]
Signed-off-by: Thomas Graf <tgraf@redhat.com>
Adds a MASTER= directive to ifcfg-rh allowing a connection to define
itself as bonding slave.
Adds a connection property "master" which contains the in-kernel device
name or UUID of the master connection.
Adds a connection property "slave-type" which defines the type of slave
this connection represents. Currently this is only set by bonding but
eventually this will be used by VLAN and bridging.
Enforces that no bonding slave connection has any IPv4 or IPv6
configuration set.
Changes make_ip4_setting() to take a universal flag indicating whether
to allow disabling ip4 config or not and use it for both, ip6 and
bonding special case.
Signed-off-by: Thomas Graf <tgraf@redhat.com>
A bonding device is like a virtual ethernet device. We therefore reuse
nm-device-ethernet and add some special handling to detect bonding
connections.
Changes v2:
- Fixed memory leak
Signed-off-by: Thomas Graf <tgraf@redhat.com>
Introduced a new TYPE=bond for ifcfg-rh configuration files.
Alternatively BONDING_MASTER=yes can be specified instead of
setting the type explicitely to maintain backwards compatibility
with existing configuration files.
Bonding device files require a DEVICE= line to be present which
specifies the virtual bonding interface in the kernel. We do not
allow auto-generation of the name in order to keep confusion to
a minimum when reusing existing bonding interfaces.
The BONDING_OPTS= parameter can be used to specify various bonding
related options, such as:
- mode
- miimon
- updelay
- downdelay
- arp_interval
- arp_ip_target
By default, the NMSettingBond class uses a miimon value of 100 which
seems like a sensible default value for 99% of all configurations.
If this is not suitable, an arp_ip_target needs to be specified
manually.
A writer is not yet implemented.
Changes v2:
- renamed DeviceName property to InterfaceName
- moved code to validate device name to dev_valid_name() for future use
Signed-off-by: Thomas Graf <tgraf@redhat.com>
Even with the previous fix some cases were still undistinguishable. For example,SSID like '11;12;' is both valid an intlist and a string.
So this commit:
- escapes ';' character with '\' when writing, and removes '\' while reading
This clearly differentiates between intlist x strings.
- changes regex pattern to allow spaces before ';' in intlist format
Intlists have to end with a ';' since that's how they are written
out, and that's the only way we can actually distinguish between
intlist SSIDs and string SSIDs, really.
When connection was changed with the editor from WPA to WEP, KEY_MGMT was
not cleared. This resulted in infinite loop of ifcfg plugin under some
circumstances ("Available to all users" unchecked, I think).
The re-read connection was regarded as WPA and thus it differed from the
stored one.
NM already includes <linux/if.h> in some places, f.e. nm-netlink-monitor and
we can't mix usage of the two. Stick to using <linux/if.h> as it provides
additional flag definitions such as operational link state and link mode.
Signed-off-by: Thomas Graf <tgraf@redhat.com>
SSIDs don't want NULL termination, but some of the certificate code
checked for it. New-style plain strings would never be NULL
terminated (by accident) so fix that and make the code simpler too.
Found by Gary Ching-Pang Lin <chingpang@gmail.com>
When a default wired connection is saved, it gets deleted first since it
has to be re-created using a settings plugin. But with the settings
rework in 0.9, default wired refcounting changed and the default
wired connection wasn't kept alive in default_wired_try_update()
over the removal/readd. This caused a use-after-free.
* When a connection name (ID) was changed via nm-connection-editor, a new file
path was created, but the old one was not removed. That resulted in two files
and in turn in duplicated connections.
* When two connections with the same name (ID) were present, e.g. files ABC and
ABC-70656842-98ac-4221-aa8b-0d4174770, and nm-connection-editor was used to
edit ABC-70656842-98ac-4221-aa8b-0d4174770, the operation failed.
What we want to do here is keep separate caches of system and
agent secrets. For system secrets, we cache them because NM
periodically clears secrets using nm_connection_clear_secrets() to
ensure they don't stay around in memory, and that transient secrets
get requested again when they are needed. For agent secrets, we
only want them during activation, but a connection read from disk
will not include agent secrets becuase by definition they aren't
stored in system settings along with the connection. Thus we need
to keep the agent/transient secrets somewhere for the duration of
the activation to ensure they don't get deleted.
This removes the copy-back hack in update_auth_cb() which copied
agent/transient secrets back into the connection over top of the
transient secrets that had been copied back in
nm_settings_connection_replace_settings(). No reason to copy
them twice if we keep an agent/transient secrets hash and do
the right thing with it.
The core problem was that the Update would trigger a write to
disk to save the connection's new settings, which called
nm_settings_connection_replace_settings(). Which saved existing
transient (agent/unsaved) secrets, replaced settings with the
new ones from Update(), then copied back the old transient
secrets. This was to ensure that changes triggered from getting
agent secrets during activation (which might write the connection
out to disk if new system secrets were provided, which triggered
an inotify read-back of the connection, which blew away the
transient secrets just returned from the agent) didn't blow away
transient secrets. Unfortunately that fix was too general.
As a quick hack for now, copy the new secrets and re-apply them
after nm_connection_replace_settings() has run. We'll do the
actual fix later, but it's more involved and needs more testing
so we don't want to apply it this close to release.
Changing NM_CONTROLED from "no" to "yes" worked just the first time.
Fix that by storing unmanaged spec when interface becomes unmanaged
and adjust condition identifying "no-change" updates to the ifcfg
file.
Chain up to parent's commit_changes() even if in-memory and on-disk data are the
same; they are the same when another process changes the on-disk file. Just make
sure not to write out the data needlessly when same.
This fixes a regression caused by 9cba854fa0.
It exhibits e.g. by not auto-activating connection when ONBOOT is changed from
"no" to "yes". Connection "updated" signal was not emitted and listeners like
NMPolicy was not prodded.
The regex was capturing integers larger than 3 digits, which aren't
valid SSID integer list items because each byte of the SSID cannot be
larger than 255. Add an explicit testcase for intlist SSIDs too.
The previous regex was causing a testcase failure with an SSID of
'1337' which it was interpreting as a single element intlist, but
should have been interpreted as a string since it's clear > 255.
When secrets are flagged as agent-owned in a connection configuration file, but
actually not available, we have to return an empty hash (nm_connection_to_hash()
returns NULL).
It's not a valid prefix since NM determines the default routes
automatically, and thus routes and addresses with a prefix of
zero should not be used in config files.
Use case:
A user has an auto-activatable connection with secrets in a keyring. While
booting NM starts and tries to activate the connection, but it fails because of
missing secrets. Then the user logs in, but the connection is marked as invalid
and is not tried again.
This commit solves the issue by removing invalid flag and activating the
connection when a secret agent registers.
Signed-off-by: Jiří Klimeš <jklimes@redhat.com>
