Modems often don't expose all the required properties until they have
been unlocked, and that includes the IP types supported by the modem.
With an autoconnect WWAN connection where the SIM requires a PIN, there
were two problems:
1) the PIN is a secret and we don't have it until it's explicitly requested
during the activation process, so we cannot gate GSM connection availability
on whether a PIN is present since this happens long before we request secrets
2) when the modem is locked it may not report the supported IP types, which
caused an auto-activation to fail early becuase IP compatibility is checked
before the PIN is sent to the modem
Rework connection activation flow into a series of concrete steps, where the
PIN is sent to the modem if required, and only after the modem is actually
unlocked does the connection proceed. This does mean that any connection
marked 'autoconnect' can theoretically enable a PIN-locked modem even if
the connection has no PIN defined, but there's no good way around that.
NetworkManager would activate the connection
Device subclasses can call nm_device_recheck_available() at any time,
and the function would change the device's state to UNKNOWN in cases
where the device was available already. For WWAN devices, availability
is rechecked every time the modem state changes, resulting in:
NetworkManager[28919]: <info> (ttyUSB4): modem state changed, 'disabled' --> 'enabling' (reason: user-requested)
NetworkManager[28919]: <debug> [1445538582.116727] [devices/nm-device.c:2769] recheck_available(): [0x23bd710] (ttyUSB4): device is available, will transition to unknown
NetworkManager[28919]: <info> (ttyUSB4): modem state changed, 'enabling' --> 'searching' (reason: user-requested)
NetworkManager[28919]: <debug> [1445538582.776317] [devices/nm-device.c:2769] recheck_available(): [0x23bd710] (ttyUSB4): device is available, will transition to unknown
These properties limit whether the connection applies to a certain WWAN modem
based on the modem's device ID or SIM ID (as reported by the WWAN management
service), or through the MCC/MNC ID of the operator that issued the SIM card.
Old init-scripts that did not yet understand this key will have
mac-address-randomization explicitly disabled. This is to ensure
that old connections don't change behavior.
Thus, the writer must always write the value explicitly.
Downside is, if somebody creates a quick ifcfg-file, the feature
is disabled by default.
If the supplicant supports it and the connection requests it, tell
the supplicant to randomize the MAC address for the association.
In addition, like both iOS, Android, and other OSs always randomize
the MAC address when performing a WiFi scan.
NMExportedObject now derives from GDBusObjectSkeleton, which is what
GDBusObjectManagerServer wants. The main GDBusConnection and each
private server connection now gets a new GDBusObjectManagerServer,
and exported objects are registered with that instead of individually
exporting each GDBusInterfaceSkeleton.
Previously exported objects were not referenced by the BusManager,
but instead removed from the exports hash via weak references. The
GDBusObjectManagerServer instead references exported objects, which
can make them live much longer than they did before.
Co-Authored-By: Thomas Haller <thaller@redhat.com>
With ObjectManager we can not export ObjectSkeletons to multiple connections --
the manager would unexport the InterfaceSkeletons upon its destruction.
It seems easiest to just drop the private socket altogether; It was broken for
broken for some time and noone noticed anyway. Also startup before D-Bus is
still broken: NetworkManager would reconnect to the bus but multiple managers
won't notice the bus is around (we'll never see firewalld or policykit come up).
We should probably just stop pretending we support operation without a real
D-Bus server. With the advent of kdbus this makes even more sense.
In debug-mode, test_ip4_address_peer_zero() used to print the
result of `ip address show`. That fails for fake-platform
because the device does not exists.
Just don't do that.
Commit d518278011 changed
the hashing for the APs to use direct-hashing.
That was wrong because get_ap_by_path() needs a full
string-comparison.
Fixes: d518278011
When exiting after an error we must set the quitting flag in
nm-exported-object.c because during program destruction there can be
still exported objects which get disposed.
Fixes the following assertion:
NetworkManager[14241]: (nm-exported-object.c:826):nm_exported_object_dispose: code should not be reached
Process terminating with default action of signal 5 (SIGTRAP)
at 0x7ACFD3B: _g_log_abort (gmessages.c:315)
by 0x7ACFD3B: g_logv (gmessages.c:1041)
by 0x7ACFEAE: g_log (gmessages.c:1079)
by 0x7AD0196: g_warn_message (gmessages.c:1112)
by 0x20F5B0: nm_exported_object_dispose (nm-exported-object.c:826)
by 0x316FC4: dispose (nm-settings.c:2222)
by 0x7841A5B: g_object_unref (gobject.c:3137)
by 0x2330F3: dispose (nm-manager.c:5249)
by 0x7841A5B: g_object_unref (gobject.c:3137)
by 0x23C511: _nm_singleton_instance_destroy (NetworkManagerUtils.c:174)
by 0x400FBE6: _dl_fini (in /usr/lib64/ld-2.21.so)
by 0x8009647: __run_exit_handlers (in /usr/lib64/libc-2.21.so)
by 0x8009694: exit (in /usr/lib64/libc-2.21.so)
Now that NM follows the supplicant's scan list and CurrentBSS, any AP that isn't
known to the supplicant will be 'fake', and priv->current_ap always tracks
CurrentBSS.
We can then simplify link_timeout_cb() because any AP that would have been
force-removed before will now be marked "fake" if it's unknown to the supplicant,
and will always be removed by set_current_ap(), so we can remove the force
argument. To better fix#733105 we never want to remove an AP known to
the supplicant, even if it we failed to connect to it.
https://bugzilla.gnome.org/show_bug.cgi?id=733105
Since commit 7cb323d923,
nm_ap_new_from_properties() will always return an
AP with BSSID set. Restore the assertion during
try_fill_ssid_for_hidden_ap().
This reverts commit e9bc18d2a7.
Differently from GLib timeout sources, systemd ones are always
one-shot and therefore we must return G_SOURCE_REMOVE in the callback,
otherwise the timer will be scheduled again.
In most cases things were working correctly because usually the
callback also unreferences the source event, but when this doesn't
happen the timer will trigger multiple times as reported in the bug
below.
https://bugzilla.redhat.com/show_bug.cgi?id=1278506
Fixes: 1b1222ffdf
Prevsiouly, the ifcfg-rh service and the regular NetworkManager
were both exported on the same D-Bus connection. That had the
effect, that on both services ("com.redhat.ifcfgrh1" and
"org.freedesktop.NetworkManager") all objects were visible.
This is also problematic later when we use GDBusObjectManager
for the org.freedesktop.NetworkManager service.
Export the ifcfg service on a separate bus connection.
One downside is, that we don't bother exporting the service
on the private socket and thus the service is not available
without D-Bus daemon.
Also, if the bus disconnects, we don't retry or recover. Instead
the D-Bus service is dead until restart.
Previously most objects were implicitly unexported when they were
destroyed, but since refcounts may make the object live longer than
intended, we should explicitly unexport them when they should no
longer be present on the bus.
This means we can assume that objects will always be un-exported
already when they are destroyed, *except* when quitting where most
objects will live until exit because NM leaves interfaces up and
running on quit.
The @aps hash has the D-Bus path of the exported
object as key. It already rightly saved to additionally
copy the string and relied on the path being stable.
When doing that, we can just go one step further and
use direct-hashing instead of string-hashing.
Note that NMExportedObject already promises that
the path will not change as long as the object is
exported. See code comments in the export/unexport
functions.
For future use of ObjectManager, we must explicitly unexport
the AP and no longer depend on having it unexported during
deconstruction (because object manager keeps the instance alive).
Also refactor adding/removal of APs and move the export/unexport
calls to the place where we emit the signal.
First add the new AP, before setting it as current.
Also set the AP *after* thawing the notifications. Otherwise
it is not clear which notification gets raised first as their
order is undefined. But we want that the client first sees
the new AP and later gets a notification about having a new
current.
Exporting the object already in the *_init() function will later
break because the object is not yet fully initialized at that point.
Add a convenient flag so that the NMExportedObject parent implementation
automatically can export itself. This saves the derived class from
overwriting the constructed() method.
Also add an assertion to catch such bugs.
If the current agent disappears and we already triggered the permission check
for it then the callback for that permission check will fire after we
progressed to the next agent:
# nmcli c --wait 0 up vpn
When another agent, such as GNOME Shell is registered, then get_done_cb() for
the nmcli will be called after we started the permission check for GNOME Shell,
resulting in an assertion fail:
get_done_cb: assertion 'call_id == parent->current_call_id' failed
Otherwise we'd hit an assert and rightly so!
Program received signal SIGTRAP, Trace/breakpoint trap.
g_logv (log_domain=0x5555556b2f80 "NetworkManager", log_level=G_LOG_LEVEL_WARNING, format=<optimized out>, args=args@entry=0x7fffffffcd10) at gmessages.c:1046
1046 g_private_set (&g_log_depth, GUINT_TO_POINTER (depth));
(gdb) bt
#0 g_logv (log_domain=0x5555556b2f80 "NetworkManager", log_level=G_LOG_LEVEL_WARNING, format=<optimized out>, args=args@entry=0x7fffffffcd10) at gmessages.c:1046
#1 0x00007ffff4a4ea3f in g_log (log_domain=log_domain@entry=0x5555556b2f80 "NetworkManager", log_level=log_level@entry=G_LOG_LEVEL_WARNING, format=format@entry=0x7ffff4ac1e4c "%s") at gmessages.c:1079
#2 0x00007ffff4a4ed56 in g_warn_message (domain=domain@entry=0x5555556b2f80 "NetworkManager", file=file@entry=0x5555556aca93 "devices/nm-device.c", line=line@entry=1101,
func=func@entry=0x5555556b22e0 <__FUNCTION__.35443> "nm_device_release_one_slave", warnexpr=warnexpr@entry=0x0) at gmessages.c:1112
#3 0x00005555555ba80a in nm_device_release_one_slave (self=self@entry=0x5555559ec4c0, slave=slave@entry=0x5555559f7800, configure=configure@entry=1, reason=reason@entry=NM_DEVICE_STATE_REASON_NONE)
at devices/nm-device.c:1101
#4 0x00005555555c264b in slave_state_changed (slave=0x5555559f7800, slave_new_state=NM_DEVICE_STATE_FAILED, slave_old_state=NM_DEVICE_STATE_IP_CONFIG, reason=NM_DEVICE_STATE_REASON_NONE, self=0x5555559ec4c0)
at devices/nm-device.c:1700
#5 0x00007ffff339cdac in ffi_call_unix64 () at ../src/x86/unix64.S:76
#6 0x00007ffff339c6d5 in ffi_call (cif=cif@entry=0x7fffffffd1c0, fn=<optimized out>, rvalue=0x7fffffffd130, avalue=avalue@entry=0x7fffffffd0b0) at ../src/x86/ffi64.c:522
#7 0x00007ffff4d45678 in g_cclosure_marshal_generic (closure=0x5555559b0160, return_gvalue=0x0, n_param_values=<optimized out>, param_values=<optimized out>, invocation_hint=<optimized out>, marshal_data=0x0)
at gclosure.c:1454
#8 0x00007ffff4d44e38 in g_closure_invoke (closure=0x5555559b0160, return_value=return_value@entry=0x0, n_param_values=4, param_values=param_values@entry=0x7fffffffd3c0,
invocation_hint=invocation_hint@entry=0x7fffffffd360) at gclosure.c:768
#9 0x00007ffff4d5675d in signal_emit_unlocked_R (node=node@entry=0x55555598a6f0, detail=detail@entry=0, instance=instance@entry=0x5555559f7800, emission_return=emission_return@entry=0x0,
instance_and_params=instance_and_params@entry=0x7fffffffd3c0) at gsignal.c:3553
#10 0x00007ffff4d5e4c1 in g_signal_emit_valist (instance=instance@entry=0x5555559f7800, signal_id=signal_id@entry=72, detail=detail@entry=0, var_args=var_args@entry=0x7fffffffd5f8) at gsignal.c:3309
#11 0x00007ffff4d5ecc8 in g_signal_emit_by_name (instance=instance@entry=0x5555559f7800, detailed_signal=detailed_signal@entry=0x5555556c0405 "state-changed") at gsignal.c:3405
#12 0x00005555555bd0e0 in _set_state_full (self=self@entry=0x5555559f7800, state=state@entry=NM_DEVICE_STATE_FAILED, reason=reason@entry=NM_DEVICE_STATE_REASON_NONE, quitting=quitting@entry=0)
at devices/nm-device.c:8580
#13 0x00005555555be0e7 in nm_device_state_changed (self=self@entry=0x5555559f7800, state=state@entry=NM_DEVICE_STATE_FAILED, reason=reason@entry=NM_DEVICE_STATE_REASON_NONE) at devices/nm-device.c:8741
#14 0x00005555555c0a45 in queued_set_state (user_data=<optimized out>) at devices/nm-device.c:8765
#15 0x00007ffff4a4779a in g_main_dispatch (context=0x5555559433c0) at gmain.c:3109
#16 g_main_context_dispatch (context=context@entry=0x5555559433c0) at gmain.c:3708
#17 0x00007ffff4a47ae8 in g_main_context_iterate (context=0x5555559433c0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3779
#18 0x00007ffff4a47dba in g_main_loop_run (loop=0x555555943480) at gmain.c:3973
#19 0x000055555559713d in main (argc=1, argv=0x7fffffffdb78) at main.c:512
(gdb)
Previsously, _LOGT() could be disabled at compile time. Thus it
was different then the other macros _LOGD(), _LOGI(), etc.
OTOH, _LOGt() was the macro that always was compiled in.
Swap the name of the macros. Now the upper-case macros are always
enabled, while the lower-case macro _LOGt() is enabled depending
on compile configuration.
Device activation normally fails during one of the stages and in that
case the activation chain is implicitly interrupted.
But in some cases the device fails for external events (as a failure
of master connection) while the activation sequence is still running
and so we need to ensure that any pending activation source gets
cleared upon entering the failed state.
https://bugzilla.redhat.com/show_bug.cgi?id=1270814
