Change the activation procedure for connections that require secrets
in the following way:
- nmcli creates a secret-agent and leaves it disabled so that
incoming requests are queued
- nmcli calls ActivateConnection()
- when the method returns success, the secret-agent gets enabled and
all queued requests are processed
When the user activates a connection which is already auto-activating,
NM will deactivate the current active-connection and will call
CancelGetSecrets() for it before the new ActivateConnection()
returns. In this way, when the secret-agent is enabled by nmcli, we
have the guarantee that there aren't any queued requests for
the deactivating connections.
https://bugzilla.redhat.com/show_bug.cgi?id=1438476
The number of authentication retires is useful also for passwords aside
802-1x settings. For example, src/devices/wifi/nm-device-wifi.c also has
a retry counter and uses a hard-coded value of 3.
Move the setting, so that it can be used in general. Although it is still
not implemented for other settings.
This is an API and ABI break.
nmcli typically doesn't run setuid, nor uses file capabilities or is labelled
for a SELinux domain trainsition upon execution.
But in case anyone has any reason to do that, we should follow good
security practices and not exec whatever is set in the environment.
We want to support large number of routes. Reduce the number
of copies, by adding internal accessor functions.
Also, work around a complaint from coverity:
46. NetworkManager-1.9.2/libnm-core/nm-utils.c:1987:
dereference: Dereferencing a null pointer "names".
nmc_read_connection_properties() iterates over the input arguments, and
completes the connection.
Initially, the type is not yet known, in that case, we should not wrongly
assume that this is a generic connection. Later, when the type is specified,
con_settings() will return the correct settings.
Previously, this would wrongly add a [generic] section:
$ nmcli connection add type ethernet ifname eth1 con-name ethie autoconnect no ipv4.method auto ethernet.cloned-mac-address random
With the fix, it still works to specify the type later:
$ nmcli connection add ifname eth1 con-name ethie autoconnect no ipv4.method auto type ethernet
but it doesn't work, to specify the type after type-specific options:
$ nmcli connection add ifname eth1 con-name ethie autoconnect no ipv4.method auto ethernet.cloned-mac-address random type ethernet
Error: invalid or not allowed setting 'ethernet': 'ethernet' not among [connection, ipv4, ipv6, proxy].
The patch doesn't change the latter limitation.
Fixes: c5324ed285
Replace the usage of g_str_hash() with our own nm_str_hash().
GLib's g_str_hash() uses djb2 hashing function, just like we
do at the moment. The only difference is, that we use a diffrent
seed value.
Note, that we initialize the hash seed with random data (by calling
getrandom() or reading /dev/urandom). That is a change compared to
before.
This change of the hashing function and accessing the random pool
might be undesired for libnm/libnm-core. Hence, the change is not
done there as it possibly changes behavior for public API. Maybe
we should do that later though.
At this point, there isn't much of a change. This patch becomes
interesting, if we decide to use a different hashing algorithm.
nmtui determines the activation result by tracking the active
connection state but that is not enough, as the active connection may
disappear or because we need to consider also the device state in some
particular cases.
Use the same logic implemented in nmcli that is now provided by the
nmc_activation_get_effective_state() helper.
In a later commit we'll add a new generic client function used by
nmcli and nmtui. nm-client-utils.c seems the right place for it, so
move the file to the base library that is used by both clients.
While at it, also put in that file some functions that will be needed
by nmtui.
So that the man page will display:
The permitted values are: NM_SETTING_IP6_CONFIG_ADDR_GEN_MODE_EUI64
(0) or NM_SETTING_IP6_CONFIG_ADDR_GEN_MODE_STABLE_PRIVACY (1).
instead of
The permitted values are: "eui64" or "stable-privacy".
since the latter is not useful at all for a int32 property.
Unfortunately the enum names are quite long and don't look very well
in a table, but that's another problem.
When adding a new Wi-Fi connection, nmtui crashes.
Usually, a verified Wi-Fi connection always has key_mgnt set.
However, the client doesn't have the luxury to assume that all
connections verify. Especially, while creating a new connection.
#0 0x00007ffff4fe5baa in __strcmp_sse2_unaligned () at ../sysdeps/x86_64/multiarch/strcmp-sse2-unaligned.S:31
#1 0x000055555556654c in get_security_type (binding=0x5555557d1cf0) at clients/tui/nm-editor-bindings.c:591
#2 0x000055555556593b in wireless_security_changed (object=0x0, pspec=0x0, user_data=0x5555557d1cf0) at clients/tui/nm-editor-bindings.c:628
#3 0x000055555556536d in nm_editor_bind_wireless_security_method (connection=0x5555558028e0, s_wsec=0x555555892eb0 [NMSettingWirelessSecurity], target=0x555555935e10, target_property=0x55555559311b "active-id", flags=(G_BINDING_BIDIRECTIONAL | G_BINDING_SYNC_CREATE)) at clients/tui/nm-editor-bindings.c:796
#4 0x000055555557a3aa in nmt_page_wifi_constructed (object=0x5555559349e0 [NmtPageWifi]) at clients/tui/nmt-page-wifi.c:338
#5 0x00007ffff5e6b670 in g_object_new_internal (class=class@entry=0x5555557c14c0, params=params@entry=0x7fffffffc440, n_params=n_params@entry=2) at gobject.c:1823
#6 0x00007ffff5e6d24d in g_object_new_valist (object_type=object_type@entry=93824994775616, first_property_name=first_property_name@entry=0x5555555920c6 "connection", var_args=var_args@entry=0x7fffffffc590) at gobject.c:2042
#7 0x00007ffff5e6d691 in g_object_new (object_type=93824994775616, first_property_name=0x5555555920c6 "connection") at gobject.c:1626
#8 0x000055555557985a in nmt_page_wifi_new (conn=0x5555558028e0, deventry=0x5555557d15e0 [NmtDeviceEntry]) at clients/tui/nmt-page-wifi.c:45
#9 0x000055555556f7e2 in nmt_editor_constructed (object=0x555555922af0 [NmtEditor]) at clients/tui/nmt-editor.c:374
#10 0x00007ffff5e6b670 in g_object_new_internal (class=class@entry=0x555555932750, params=params@entry=0x7fffffffcac0, n_params=n_params@entry=4) at gobject.c:1823
#11 0x00007ffff5e6d24d in g_object_new_valist (object_type=object_type@entry=93824996288016, first_property_name=first_property_name@entry=0x5555555920c6 "connection", var_args=var_args@entry=0x7fffffffcc10) at gobject.c:2042
#12 0x00007ffff5e6d691 in g_object_new (object_type=93824996288016, first_property_name=0x5555555920c6 "connection") at gobject.c:1626
#13 0x000055555556f261 in nmt_editor_new (connection=0x555555802880) at clients/tui/nmt-editor.c:109
#14 0x0000555555562b35 in nmt_edit_connection (connection=0x555555802880) at clients/tui/nmtui-edit.c:448
#15 0x0000555555563a29 in create_connection (widget=0x55555588b150 [NmtNewtListbox], list=0x555555922a00) at clients/tui/nmtui-edit.c:185
#16 0x0000555555563a5d in create_connection_and_quit (widget=0x55555588b150 [NmtNewtListbox], list=0x555555922a00) at clients/tui/nmtui-edit.c:192
#20 0x00007ffff5e81b0f in <emit signal ??? on instance 0x55555588b150 [NmtNewtListbox]> (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>) at gsignal.c:3447
#17 0x00007ffff5e6630d in g_closure_invoke (closure=0x555555929260, return_value=0x0, n_param_values=1, param_values=0x7fffffffcfe0, invocation_hint=0x7fffffffcf60) at gclosure.c:804
#18 0x00007ffff5e7898e in signal_emit_unlocked_R (node=node@entry=0x55555582ac70, detail=detail@entry=0, instance=instance@entry=0x55555588b150, emission_return=emission_return@entry=0x0, instance_and_params=instance_and_params@entry=0x7fffffffcfe0) at gsignal.c:3635
#19 0x00007ffff5e811a5 in g_signal_emit_valist (instance=0x55555588b150, signal_id=<optimized out>, detail=0, var_args=var_args@entry=0x7fffffffd1b0) at gsignal.c:3391
#21 0x000055555558e43f in nmt_newt_widget_activated (widget=0x55555588b150 [NmtNewtListbox]) at clients/tui/newt/nmt-newt-widget.c:329
#22 0x0000555555584fc8 in nmt_newt_form_iterate (form=0x555555922a00 [NmtAddConnection]) at clients/tui/newt/nmt-newt-form.c:309
#23 0x0000555555585d62 in nmt_newt_form_keypress_callback (fd=1435623072, condition=G_IO_IN, user_data=0x0) at clients/tui/newt/nmt-newt-form.c:335
#24 0x00007ffff598a247 in g_main_dispatch (context=0x5555557c3af0) at gmain.c:3234
#25 0x00007ffff598a247 in g_main_context_dispatch (context=context@entry=0x5555557c3af0) at gmain.c:3899
#26 0x00007ffff598a5e8 in g_main_context_iterate (context=0x5555557c3af0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3972
#27 0x00007ffff598a902 in g_main_loop_run (loop=0x55555591b190) at gmain.c:4168
#28 0x00005555555609b5 in main (argc=1, argv=0x7fffffffd5e8) at clients/tui/nmtui.c:298
Fixes: 6a4af482f0
We added "ipv4.route-table-sync" and "ipv6.route-table-sync" to not change
behavior for users that configured policy routing outside of NetworkManager,
for example, via a dispatcher script. Users had to explicitly opt-in
for NetworkManager to fully manage all routing tables.
These settings were awkward. Replace them with new settings "ipv4.route-table"
and "ipv6.route-table". Note that this commit breaks API/ABI on the unstable
development branch by removing recently added API.
As before, a connection will have no route-table set by default. This
has the meaning that policy-routing is not enabled and only the main table
will be fully synced. Once the user sets a table, we recognize that and
NetworkManager manages all routing tables.
The new route-table setting has other important uses: analog to
"ipv4.route-metric", it is the default that applies to all routes.
Currently it only works for static routes, not DHCP, SLAAC,
default-route, etc. That will be implemented later.
For static routes, each route still can explicitly set a table, and
overwrite the per-connection setting in "ipv4.route-table" and
"ipv6.route-table".
'nmcli device wifi connect' only supports WEP and WPA-PSK at the
moment, but not WPA-EAP. If the AP supports both WPA-PSK and WPA-EAP,
nmcli doesn't add the PSK to the connection, causing a connection
failure. Fix this.
https://bugzilla.redhat.com/show_bug.cgi?id=1492064
DHCP timeout may now be explicitly disabled by setting the
ipv[4,6].dhcp-timeout options to "infinity".
This will set the DHCP timeout value to MAXINT32.
There are basically three options:
1) use a separate _get_fcn_gobject_dcb_priority() getter and
implement them as a new type _pt_gobject_dcb_priority.
2a) implement them as _pt_gobject_int and set nicks as value_infos,
repeating the nicks 3 times.
2b) like 2a, but use a macro to define how the DCB priority shall
behave at one place.
I think 1) is ugly. In the previous form, it also does not support
setting the property to "unset". We should implement properties as
types, and modify their behavior (by setting value_infos), instead
of implementing multiple, different types.
I slightly prefer 2b) over 2a) because it defines the behavior once,
but it's a bit harder to follow.
- Reduce duplicated code and implement the property according to
best-practice for integer types.
- Do not translate the output
- This way, the setter also supprts the nick names
