Add a new device state reason code for unsupported IP method. It is
returned, for example, when users select manual IP configuration for
WWAN connections:
# nmcli connection mod Gsm ipv4.method manual ipv4.address 1.2.3.4/32
# nmcli connection up Gsm
Error: Connection activation failed: The selected IP method is not
supported
compared to the old:
Error: Connection activation failed: IP configuration could not be
reserved (no available address, timeout, etc.)
Note that we could instead fail the connection validation if the
method is not supported by the connection type, but adding such
limitation now could make existing connections invalid.
https://bugzilla.redhat.com/show_bug.cgi?id=1459529
(cherry picked from commit aa820e9386)
Probably not critical, because it will still include
the terminating NULL, and just continue to fill the
temporary buffer with static addresses.
Found by coverity.
Fixes: bfb9fd0d2f
(cherry picked from commit c274b565a6)
$ nmcli con add type wifi ifname wlan0 \
wifi-sec.key-mgmt none \
wifi-sec.wep-key0 $ascii_key \
ssid <TAB>
completes the line with:
"Info:\ WEP\ key\ is\ guessed\ to\ be\ of\ '2\ \(passphrase\)'"
The environment warning function should not emit warning when
completing arguments.
(cherry picked from commit 5e239d2c04)
Commit 6a4af482f0 ("nmtui: always create ethernet settings for VLAN
and wireless security for wifi.") changed nmtui to always add the
wireless security setting to the new connection, but without
initializing it. This leads to a crash that was fixed in 40fcf67a84
("tui: fix crash creating Wi-Fi connection").
There is an additional bug: connections without authentication can't
be saved because the wireless security setting has uninitialized
fields.
To fix this, revert both patches (the first partially) because the
previous code did the right thing as it added the setting only when
needed.
Fixes: 6a4af482f0https://bugzilla.redhat.com/show_bug.cgi?id=1518167
(cherry picked from commit fead82f419)
$ nmcli connection down p
path
Connection 'p' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)
Don't do completion when not requested.
(cherry picked from commit 021d797089)
Change the activation procedure for connections that require secrets
in the following way:
- nmcli creates a secret-agent and leaves it disabled so that
incoming requests are queued
- nmcli calls ActivateConnection()
- when the method returns success, the secret-agent gets enabled and
all queued requests are processed
When the user activates a connection which is already auto-activating,
NM will deactivate the current active-connection and will call
CancelGetSecrets() for it before the new ActivateConnection()
returns. In this way, when the secret-agent is enabled by nmcli, we
have the guarantee that there aren't any queued requests for
the deactivating connections.
https://bugzilla.redhat.com/show_bug.cgi?id=1438476
The number of authentication retires is useful also for passwords aside
802-1x settings. For example, src/devices/wifi/nm-device-wifi.c also has
a retry counter and uses a hard-coded value of 3.
Move the setting, so that it can be used in general. Although it is still
not implemented for other settings.
This is an API and ABI break.
nmcli typically doesn't run setuid, nor uses file capabilities or is labelled
for a SELinux domain trainsition upon execution.
But in case anyone has any reason to do that, we should follow good
security practices and not exec whatever is set in the environment.
We want to support large number of routes. Reduce the number
of copies, by adding internal accessor functions.
Also, work around a complaint from coverity:
46. NetworkManager-1.9.2/libnm-core/nm-utils.c:1987:
dereference: Dereferencing a null pointer "names".
nmc_read_connection_properties() iterates over the input arguments, and
completes the connection.
Initially, the type is not yet known, in that case, we should not wrongly
assume that this is a generic connection. Later, when the type is specified,
con_settings() will return the correct settings.
Previously, this would wrongly add a [generic] section:
$ nmcli connection add type ethernet ifname eth1 con-name ethie autoconnect no ipv4.method auto ethernet.cloned-mac-address random
With the fix, it still works to specify the type later:
$ nmcli connection add ifname eth1 con-name ethie autoconnect no ipv4.method auto type ethernet
but it doesn't work, to specify the type after type-specific options:
$ nmcli connection add ifname eth1 con-name ethie autoconnect no ipv4.method auto ethernet.cloned-mac-address random type ethernet
Error: invalid or not allowed setting 'ethernet': 'ethernet' not among [connection, ipv4, ipv6, proxy].
The patch doesn't change the latter limitation.
Fixes: c5324ed285
Replace the usage of g_str_hash() with our own nm_str_hash().
GLib's g_str_hash() uses djb2 hashing function, just like we
do at the moment. The only difference is, that we use a diffrent
seed value.
Note, that we initialize the hash seed with random data (by calling
getrandom() or reading /dev/urandom). That is a change compared to
before.
This change of the hashing function and accessing the random pool
might be undesired for libnm/libnm-core. Hence, the change is not
done there as it possibly changes behavior for public API. Maybe
we should do that later though.
At this point, there isn't much of a change. This patch becomes
interesting, if we decide to use a different hashing algorithm.
nmtui determines the activation result by tracking the active
connection state but that is not enough, as the active connection may
disappear or because we need to consider also the device state in some
particular cases.
Use the same logic implemented in nmcli that is now provided by the
nmc_activation_get_effective_state() helper.
