Add support for Fedora's dhclient's built-in RFC3442 classless static
routes format.
Since the Fedora format uses the same name as the dhcpcd format, we
need to refactor a bunch of the code to ensure we can distinguish
between the types. Do this at runtime now by consolidating the
classless static routes parsing code into the DHCP Client base class
and rework the unit tests so that we can test all variations of the
classless static route parsing code at the same time.
This also fixes a bug with the dhcpcd classless static route
gateway handling that would return the wrong gateway address.
Many thanks to Jiri Popelka from Red Hat for the initial patch
and explanations.
Everyone uses pm-utils still for sleep/wake support, and that's
traditionally how NM was put to sleep and woken up. But pm-utils
uses dbus-send without --print-reply so dbus-send quits immediately
after sending the message. That doesn't give NM enough time to
get the senders UID and thus validate the request, so the request
gets denied, and sometimes NM stays asleep after the machine is
woken up.
Instead, don't get the sender's UID and try to authorize it, but
just let the request go through. Rely on D-Bus permissions to
make sure that only root can call sleep/wake methods.
If the supplicant dies a number of times within a short period of
time, make it go sit in the corner for a bit instead of continuously
trying to start it and have it die again.
Instead of just exposing a "running" value, instead make a meta
"available" value that's a combination of whether the supplicant
is actually running plus whether we want to talk to it right now
or not.
interface_add() could get called from two places: by the wifi/eth
device class when activating (which if the supplicant isn't yet
running will D-Bus activate it) and from the NameOwnerChanged
handler for the wpa_supplicant dbus service smgr_running_cb().
So if the supplicant wasn't running, nm_supplicant_interface_new()
would call interface_add() to bring the supplicant to life via
activation, then go on and create priv->iface_proxy. When the
supplicant appeared and D-Bus sent the NameOwnerChanged,
smgr_running_cb() would also call interface_add(), creating a
second priv->iface_proxy. The first one got lost and lived after
its parent NMSupplicantInterface was killed, and could still
respond to signals over the bus.
Prevent that by adding another state, STARTING, that indicates
that we've already started talking to the supplicant. Also be
extra paranoid about disconnecting signal handlers on the proxy.
config.h defines _GNU_SOURCE, which in turn defines the bits necessary
for kill, isblank, and isascii. So wherever we use those, we need
to make sure config.h is included.
Try to preserve custom hostnames (ie, anything not a localhost* variant,
the current hostname, or the previous hostname) when rewriting the
127.0.0.1/::1 localhost mapping lines.
G_SLICE debugging uncovered a use-after-free when freeing the
batched user connection settings callback list. We don't
actually care about the DBusPendingCalls anyway, so just make
the list a counter and simplify the code in the process.
NM-added mappings for active IP addresses were not getting properly
removed when the address disappeared of NM quit, because the bits
of code that determine whether or not /etc/hosts should change were
not taking the disappearance of the IP address into account, and
were leaving the file unchanged.
To fix that, if there is no default IP address, but there are NM-added
IP address entries in /etc/hosts, make sure we update /etc/hosts and
remove them.
We only really need one state for the supplicant interface which
simplifies handling in the Wifi and Wired device classes quite a
bit. It also simplifies the supplicant interface class too.
One behavioral change in the device classes is not running the
supplicant interface state changes from an idle; we'll have to
see if that causes problems. ISTR long ago that processing the
state change signals directly caused some issues, but we've
significantly reworked somethings since then so we may be able
to get away with this now.
Move GObject stuff to the bottom to reduce prototype abuse and
remove unneeded prefixes from stuff that's private to the class
itself. We also don't need the 'supplicant-manager' or 'device'
properties since they weren't used anywhere.
Move GObject stuff to the bottom to reduce prototype abuse and
remove unneeded prefixes from stuff that's private to the class
itself. We also don't need the 'supplicant-manager' or 'device'
properties since they weren't used anywhere.
Previously, NM reset permanent MAC to an interface while disconnecting. That
basically ignored MAC addresses set before NM started managing the interface.
Now, the initial MAC address is remembered and set back to the interface when
disconnecting.
Should be returning NULL here since the actual hostname is returned in the
for() loop if the plugin supports hostnames. But if the plugin for some
reason returns an empty string (which they aren't supposed to do) then
hostname would be left assigned to an already-freed value, which was then
returned to higher layers.
==12331== Invalid free() / delete / delete[]
==12331== at 0x4024B3A: free (vg_replace_malloc.c:366)
==12331== by 0x448BFC5: g_free (gmem.c:191)
==12331== by 0x43E0E05: value_free_string (gvaluetypes.c:268)
==12331== by 0x43DC587: g_value_unset (gvalue.c:276)
==12331== by 0x80B297F: notify (nm-sysconfig-settings.c:229)
==12331== by 0x43C64E7: g_cclosure_marshal_VOID__PARAM (gmarshal.c:531)
==12331== by 0x43B78B8: g_type_class_meta_marshal (gclosure.c:878)
==12331== by 0x43B9251: g_closure_invoke (gclosure.c:767)
==12331== by 0x43CD239: signal_emit_unlocked_R (gsignal.c:3178)
==12331== by 0x43CEDB3: g_signal_emit_valist (gsignal.c:2981)
==12331== by 0x43CF255: g_signal_emit (gsignal.c:3038)
==12331== by 0x43BD630: g_object_dispatch_properties_changed (gobject.c:801)
==12331== Address 0x479f208 is 0 bytes inside a block of size 1 free'd
==12331== at 0x4024B3A: free (vg_replace_malloc.c:366)
==12331== by 0x448BFC5: g_free (gmem.c:191)
==12331== by 0x80B1A08: nm_sysconfig_settings_get_hostname (nm-sysconfig-settings.c:280)
==12331== by 0x80B27C7: get_property (nm-sysconfig-settings.c:1415)
==12331== by 0x43BC707: g_object_get_property (gobject.c:935)
==12331== by 0x80B288D: notify (nm-sysconfig-settings.c:225)
==12331== by 0x43C64E7: g_cclosure_marshal_VOID__PARAM (gmarshal.c:531)
==12331== by 0x43B78B8: g_type_class_meta_marshal (gclosure.c:878)
==12331== by 0x43B9251: g_closure_invoke (gclosure.c:767)
==12331== by 0x43CD239: signal_emit_unlocked_R (gsignal.c:3178)
==12331== by 0x43CEDB3: g_signal_emit_valist (gsignal.c:2981)
==12331== by 0x43CF255: g_signal_emit (gsignal.c:3038)
We don't want to require a full 802.1x reauth when using OTP tokens
and roaming between APs in the same ESS, since that takes a long time
(user has to find the token and type in the code).
It's still got a bunch of issues that need debugging, like when VPN
nameservers exist but no domain and thus not doing split DNS, sometimes
hosts outside the VPN don't resolve correctly, which was previously
masked by having the non-VPN nameservers in /etc/resolv.conf where
glibc would erroneously use them instead of asking BIND. To be fixed
in a subsequent patch.
The dnsmasq plugin seems to work great though.
Caching DNS with dnsmasq works well enough to merge for now. THere
are still some issues with the BIND plugin because BIND is god-awful
unecessarily complex so we'll disable that in a further commit.
If all nameservers are listed in resolv.conf, glibc apparently
tries them all (even if 'options rotate' isn't specified??). Leading
to queries for internet hosts being directed to VPN-specific DNS
servers in split-DNS situations. I've verified this with wireshark;
I see queries going out over the tunnel to VPN nameservers for
non-internal addresses, while BIND itself never logs anything about
queries to VPN nameservers for that same address. Thus the only
thing left is to blame glibc...
Despite most guides saying that without restricting to port 53 queries
won't get through a firewall, I cannot make it work with this option.
DNS queries through a WRT54G just time out even when the WRT54G isn't
caching anything itself (ie, explicit upstream nameservers are the
forwarders in the bind config).
This was supposed to hook up to the bits Adam Langley did last year
for his local-dns-cache DBus service, but I misunderstood the
architecture. It was a separate service, not Chromium itself. But
it's unclear what happened to his local-dns-cache since the project
doesn't seem to have any commits in a year and I'm unsure if it's
actually being used. So remove this stuff for now.
Use a pseudo-hash to quickly check whether the DNS config has really
changed or not. This is certainly better than the 500 line patch I
did then scrapped in favor of this approach... yay. This helps ensure
that we don't kill then respawn caching DNS servers more often than
we have to.
If the VPN client didn't provide a domain we still want to use the
VPN nameservers first, we just can't do split DNS. Also use
--strict-order to ensure VPN nameservers are always chosen first.
