nm_supplicant_manager_iface_get() would cache and reuse the supplicant
interface. But no ref-counting was in place so that the first user returning
the interface via nm_supplicant_manager_iface_release() would destroy the
instance for others.
This is broken for a very long time. Which shows that we hardly ever
have a cache-hit and usually create a new instance. So, instead of
letting nm_supplicant_manager_create_interface() check for existing
supplicant interface, always create a new instance. This also makes
sense, because we would expect that per ifname only one instance is
requested at a time. Also add an assertion that we don't return
multiple supplicant interface instances for the same ifname.
Drop nm_supplicant_manager_iface_release() in favor of requiring users
to unref the returned instance.
Also, use a GSList instead of a GHashTable for the cache.
Also, previously callers would pass @is_wireless to nm_supplicant_manager_iface_get(),
but the cache lookup did not consider that value. That doesn't matter
now as we always create a new instance.
https://bugzilla.redhat.com/show_bug.cgi?id=1298007
(cherry picked from commit f1fba3eb02)
Also, don't only consider the @die_count whether to start the supplicant,
but check for is_available() -- which already considers @die_count and
@running.
(cherry picked from commit 063f9185b9)
If the list is expected to be modified, it also means that possibly
instances will be unrefed. Probably, not yet visited instances will
not be unrefed so there is no real problem.
Just be extra cautious and take a reference to all instances first.
(cherry picked from commit 004edecc81)
If the plugin supports interactive mode, but the VPN binary (like vpnc
or openvpn) doesn't support it, then the plugin should return
NM_VPN_PLUGIN_ERROR_INTERACTIVE_NOT_SUPPORTED from its connect_interactive()
hook. This lets NetworkManager know to fall back to plain Connect().
Since this notification is done through an error return, the VPN service
plugin code sees the failure and moves the plugin state back to
STOPPED. NetworkManager sees that state change, and terminates the
connection attempt while waiting for a reply to the Connect() method.
(VPN service plugins that don't support interactive mode at all don't
have this problem because that error is returned before the plugin's
state is moved to STARTING.)
To fix this, do two things:
1) if the connect_interactive() hook fails and returns the error
NM_VPN_PLUGIN_ERROR_INTERACTIVE_NOT_SUPPORTED, postpone the STOPPED
state change for a few seconds to allow NM time to fall back to
plain Connect(). We still want to move the plugin state back to
STOPPED eventually, because otherwise it could stay in STARTING
forever.
2) change state to STARTING only if the connect/connect_interactive
plugin hooks were successful. Otherwise the plugin would still be
in STARTING state, and it's not valid to call Connect()/ConnectInteractive()
during the STARTING state.
https://mail.gnome.org/archives/networkmanager-list/2016-February/msg00091.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1298732
(cherry picked from commit abc700c5c7)
Unenslaving from a bridge can cause a spurious RTM_DELLINK signal.
NMPlatform does raise those signals, but fixes the state of the
cache afterwards. Workaround the test failure.
Related: https://bugzilla.redhat.com/show_bug.cgi?id=1285719
(cherry picked from commit dec682f6d1)
Often a netlink event doesn't contain enough information to determine
the link type. Then we consult sysctl or ethtool. However, if we already
have the same object cached, we want to reused the (once detected) link-type.
There was a bug in lookup of the cached object.
(cherry picked from commit 9c0cfbbae6)
Due to a kernel bug [1], we sometimes receive spurious NEWLINK
messages after a wifi interface has disappeared. Since the link is not
present anymore we can't determine its type and thus it will show up
as a Ethernet one, with no address specified. Request the link again
to check if it really exists.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1302037https://bugzilla.gnome.org/show_bug.cgi?id=761151
(cherry picked from commit 97be12b662)
The existing checks assumed that all AP/AdHoc connections would use the
shared IP method. But what we really want to check for here is whether the
connection is AP/AdHoc. Leave the existing 'shared' check for backwards
compatibility.
Also move the check above the timestamp check, since the user shouldn't need
to manually set a timestamp just to get an AP-mode connection to autoconnect.
(cherry picked from commit e2637760f1)
We don't want to create backups of original files when
patching. Update the comment in the spec file to indicate
that.
(cherry picked from commit 455b981215)
Also add a new conditional "debug" to enable more assertions and
more logging, which is disabled by default.
Also add a conditional "test" to disable running the unit tests
(make check) while building the package.
http://rpm.org/wiki/PackagerDocs/ConditionalBuilds
(cherry picked from commit 87dc14476b)
NetworkManager-devel package contained development headers that
are useful without libnm-glib and without glib. But it is also
based on the legacy libnm-glib library as it has headers like
"/usr/include/NetworkManager/NetworkManager.h".
A glib-free devel package based on the new libnm library would
be needed to provide "/usr/include/libnm/nm-dbus-interface.h".
But that would amount to 4 devel packages. Instead, just move
the content of NetworkManager-devel into NetworkManager-glib-devel
package.
Note that NetworkManager-devel already contained several truely
libnm-glib dependent files, like the vala bindings (which require
libnm-glib). So that was another bug in the packaging and is fixed
by moving it all to NetworkManager-glib-devel.
https://bugzilla.gnome.org/show_bug.cgi?id=755938
(cherry picked from commit e01c17523a)
Drivers are stupid, and just like the platform ignores an all zeros
permanent address, so should it ignore all ones.
NetworkManager[509]: <debug> [1453743778.854919] [devices/nm-device.c:8885] nm_device_update_hw_address(): [0x190370] (eth0): hardware address now 86:18:52:xx:xx:xx
NetworkManager[509]: <debug> [1453743778.855438] [devices/nm-device.c:9138] constructed(): [0x190370] (eth0): read initial MAC address 86:18:52:xx:xx:xx
NetworkManager[509]: <debug> [1453743778.861602] [devices/nm-device.c:9148] constructed(): [0x190370] (eth0): read permanent MAC address FF:FF:FF:FF:FF:FF
(cherry picked from commit d442dcd174)
Two of these raised Coverity's eyebrows.
CID 59389 (#1 of 1): Insecure temporary file (SECURE_TEMP)
5. secure_temp: Calling mkstemp without securely setting umask first.
CID 59388 (#1 of 1): Insecure temporary file (SECURE_TEMP)
1. secure_temp: Calling mkstemp without securely setting umask first.
Last one raised mine.
When a connection is edited and saved, there's a small window during which and
unprivileged authenticated local user can read out connection secrets (e.g. a
VPN or Wi-Fi password). The security impact is perhaps of low severity as
there's no way to force another user to save their connection.
(cherry picked from commit 60b7ed3bdc)
First, cb751012a2 mistakenly converted the
act_stage_context_step() in connect_ready() to connect_context_clear()
instead of connect_context_step(). This would cause the IP Type retry
logic to fail and no further types to be tried. It also throws
away the ctx->first_error and causes all errors that MM returns on the
connect attempt to be dropped on the floor.
Second, not all errors should cause an advance to the next IP Type,
since some errors aren't related to it. Specifically, MM_CORE_ERROR_RETRY
when using Simple.Connect() means that a timeout was reached
in the internal connect logic, not a modem or network error. In
that case, try the connect again with the same IP Type before advancing
to the next type.
Fixes: cb751012a2
Tested-by: Ladislav Michl <ladis@linux-mips.org>
Tested-by: Tore Anderson <tore@fud.no>
(cherry picked from commit 1cf4727766)
Modems often don't expose all the required properties until they have
been unlocked, and that includes the IP types supported by the modem.
With an autoconnect WWAN connection where the SIM requires a PIN, there
were two problems:
1) the PIN is a secret and we don't have it until it's explicitly requested
during the activation process, so we cannot gate GSM connection availability
on whether a PIN is present since this happens long before we request secrets
2) when the modem is locked it may not report the supported IP types, which
caused an auto-activation to fail early becuase IP compatibility is checked
before the PIN is sent to the modem
Rework connection activation flow into a series of concrete steps, where the
PIN is sent to the modem if required, and only after the modem is actually
unlocked does the connection proceed. This does mean that any connection
marked 'autoconnect' can theoretically enable a PIN-locked modem even if
the connection has no PIN defined, but there's no good way around that.
NetworkManager would activate the connection
(cherry picked from commit cb751012a2)
Device subclasses can call nm_device_recheck_available() at any time,
and the function would change the device's state to UNKNOWN in cases
where the device was available already. For WWAN devices, availability
is rechecked every time the modem state changes, resulting in:
NetworkManager[28919]: <info> (ttyUSB4): modem state changed, 'disabled' --> 'enabling' (reason: user-requested)
NetworkManager[28919]: <debug> [1445538582.116727] [devices/nm-device.c:2769] recheck_available(): [0x23bd710] (ttyUSB4): device is available, will transition to unknown
NetworkManager[28919]: <info> (ttyUSB4): modem state changed, 'enabling' --> 'searching' (reason: user-requested)
NetworkManager[28919]: <debug> [1445538582.776317] [devices/nm-device.c:2769] recheck_available(): [0x23bd710] (ttyUSB4): device is available, will transition to unknown
(cherry picked from commit d9c6b9f3dd)
