First, define structs. Then forward declare functions. Reorder code
to have a certain order that is also used by other files (or should
be).
(cherry picked from commit 4c84f74326)
Previously, NMPolicy would explicitly check whether the connection is not visible,
to skip autoconnect.
We have nm_settings_connection_autoconnect_is_blocked() function, that can do that.
The advantage is, that at various places we call nm_settings_connection_autoconnect_is_blocked()
to determine whether autoconnect is blocked. By declaring invisible connections
as blocked from autoconnect as well, we short-cut various autoconnection attempts,
that previoulsy only failed later during auto_activate_device().
(cherry picked from commit ccc93639a0)
The accessor functions just look whether a certain flag is set. As these
functions have a different name then the flags, this is more confusing
then helpful. For example, if you want to know where the NM_GENERATED
flag matters, you had to know to grep for nm_settings_connection_get_nm_generated()
in addition to NM_SETTINGS_CONNECTION_FLAGS_NM_GENERATED.
The accessor function hid that the property was implemented as
a connection flag. For example, it was not immediately obvious
that nm_settings_connection_get_nm_generated() is the same
as having the NM_SETTINGS_CONNECTION_FLAGS_NM_GENERATED flag
set.
Drop them.
(cherry picked from commit 545e3111c8)
It seems more idiomatic to have a mask+value argument, instead
of setting all flags at once. At least, other setters work this
way, so change it for consistency.
(cherry picked from commit 4549bd07a1)
We already need to re-emit the notify::flags signal.
It's cumbersome to do this for boolean properties, so
re-use the flags to also track the visibility state.
(cherry picked from commit 0e1abe5ef3)
It doesn't really matter, because in the next step we
are about to remove the connection.
However, once the connection is deleted from file, it's
clear that it has no more file-name.
(cherry picked from commit 1fd5c52eaf)
Commonly, we don't monitor files and hence don't need the inotify-helper
instance. We already access and construct the instance lazy, by
accessing the singleton getter only when needed.
However, path_watch_stop() would always access the singleton, hence
always create such an instance. In most cases there is nothing to clean,
and no such instance shall be created.
(cherry picked from commit 31f2a46639)
ifnet shall use the new_connection argument, not NM_CONNECTION(self).
Also, let the caller of the virtual function provide the right new_connection,
not having the virtual function figure that out.
(cherry picked from commit 8a675f3d13)
We already have Update(), UpdateUnsaved() and Save(), which serve
similar purposes. We will need a form of update with another argument.
Most notably, to block autoconnect while doing the update.
Other use cases could be to prevent reapplying connection.zone and
connection.metered, to to reapply all changes.
Instead of adding a specific update function that only serves that
new use-case, add a extensible Update2() function. It can be extended
to cope with future variants of update.
(cherry picked from commit 98ee18d888)
commit involves more then just replacing the setting and writing them
out. What? Dunno. It's complex.
But let's not bypass the commit-changes function. That one is supposed
to get it right.
(cherry picked from commit d26c749ea6)
It's complicated what happens during a commit/replace/update (whatever
you call it).
It doesn't get simpler by spreading it out to various functions.
Let's have one large function (_commit_changes_full()) which does
all the steps necessary. There should be no alternative ways
how to update a connection.
(cherry picked from commit ad9deb6968)
All callers of _replace_settings_full() now use _commit_changes_full().
commit-changes should contain all the logic what to do when updating
a connection. Now, the connection might optionally be written to disk.
(cherry picked from commit 7a0900be7c)
_commit_changes_full() calls _replace_settings_full() which already emits signals
about the changed connection. We should mark the connectin as saved earlier.
In fact, we can tell _replace_settings_full() to mark it as not-unsaved
via the persist-mode parameter.
(cherry picked from commit 4fd5e6e1bb)
_replace_settings_full() does more then just replace the settings.
It at least also sets some flags, like saved/unsaved depending
on @persist_mode.
_replace_settings_full() also emits the "updated" signal. Note that
previously it would just return without signal if nm_connection_compare()
indicates that there is no difference. But the caller probably cares
about whether the user tries to change the connection at all, not
whether the change actually introduced a real difference in the
settings. Like, policy might re-set the autoconnect blocked flags.
But it should do so on every user-update, regardless of whether
a change was actually made.
It makes sense to call _replace_settings_full() with a @new_connection
of %NULL, to mean: just update the flags, but keep the current connection.
Extend _replace_settings_full() to allow for that.
Also, update update_auth_cb() to always call _replace_settings_full(),
even if no new connection is provided. In this case, only update
the connection flags accordingly.
(cherry picked from commit 9988f9dbbb)
Note how nm_settings_connection_commit_changes() would call
prepare() a second time. Don't do that.
Also, move the prepare step earlier, and call _replace_settings_full()
without preparing the new connection again.
(cherry picked from commit 3706fd17eb)
The current behavior of update_unsaved is confusing. Give the argument
an enum with a name that describes better what's happening. Also, it
makes the uses grep-able.
(cherry picked from commit 9531da8b3e)
The wireless-security setting has a 'wep-key-type' property that is
used to specify the WEP key type and is needed because some keys could
be interpreted both as a passphrase or a hex/ascii key.
The ifcfg-rh plugin currently stores the key type implicitly: if
wep-key-type is 'passphrase' it uses the KEY_PASSPHRASE%d variable, if
it's 'key' the KEY%d variable and when it's 'unknown' it uses either
variables depending on the detected type (preferring 'key' in case
both are compatible).
This means that some connections will be read differently from how
they were written, because once the KEY (or KEY_PASSPHRASE) is read
there is no way to know whether the 'wep-key-type' property was 'key'
(or 'passphrase') or 'unknown'.
Fix this by persisting the key type explicitly in the file. The new
variable is redundant in most cases because the variables used for
keys also determine the key type.
https://bugzilla.redhat.com/show_bug.cgi?id=1518177
(cherry picked from commit c6eb18ee05)
Until now the ifcfg-rh plugin merged the values of 'ipv4.dns-options'
and 'ipv6.dns-options' and wrote the result to the RES_OPTIONS
variable. This is wrong because writing a connection and reading it
back gives a different connection compared to the original.
This behavior existed since when DNS options were introduced, but it
became more evident now that we reread the connection after write,
because after doing a:
$ nmcli connection modify ethie ipv4.dns-options ndots:2
the connection has both ipv4.dns-options and ipv6.dns-options set. In
order to delete the option, an user has to delete it from both
settings:
$ nmcli connection modify ethie ipv4.dns-options "" ipv6.dns-options ""
To improve this let's use different variables for IPv4 and IPv6. To
keep backwards compatibility IPv4 still uses RES_OPTIONS, while IPv6
uses a new IPV6_RES_OPTIONS variable.
https://bugzilla.redhat.com/show_bug.cgi?id=1517794
(cherry picked from commit 8379785560)
The matching works fuzzy and is not reliable. That is why we store
which connection should be assumed after restart in the state file
of NetworkManager.
In that case, we don't need to do a full check (with the possibility
of a false-reject). Just check for the minimum required properties:
the type and slave-type.
Yes, if the user modifies the connection while restarting NM, then
we might wrongly assume a connection that no longer would match.
But NM should not read minds, it should do as indicated.
(cherry picked from commit cc74cffe12)
This was added by cfb2af1df2, but it's
wrong. Here we reset the autoconnect-blocked-reasons when going to sleep,
not when waking up.
(cherry picked from commit 88549b031a)
_deactivate_if_active() takes a NMPolicy instance while the
connection_removed signal handler takes a NMPolicyPrivate pointer.
(cherry picked from commit c9db2c17aa)
Waiting for carrier on startup is probably the same times that carrier
needs, e.g. on an MTU change. Use the same timing.
Note, that as carrier-wait-timeout is no configurable, this
configuration applies to both -- as the manual page already
claims to do.
(cherry picked from commit 245590bacd)
When activation of the connection fails with no-secrets, we block
autoconnect due to that. However, NMPolicy also unblocks such
autoconnect, whenever a new secret-agent registers. The reason
is obviously, that the new secret-agent might be able to provide
the previously missing secrets.
However, there is a race between
- making the secret request, failing activation and blocking autoconnect
- new secret-agent registers
If the secret-agent registers after making the request, but before we
block autoconnect, then autoconnect stays blocked.
[1511468634.5759] device (wlp4s0): state change: config -> need-auth (reason 'none', sys-iface-state: 'managed')
[1511468634.5772] device (wlp4s0): No agents were available for this request.
[1511468638.4082] agent-manager: req[0x55ea7e58a5d0, :1.32/org.kde.plasma.networkmanagement/1000]: agent registered
[1511468638.4082] policy: re-enabling autoconnect for all connections with failed secrets
[1511468664.6280] device (wlp4s0): state change: need-auth -> failed (reason 'no-secrets', sys-iface-state: 'managed')
[1511468664.6287] policy: connection 'tuxmobil' now blocked from autoconnect due to no secrets
Note the long timing between making the secret request and the
activation failure. This race already existed before, but now with
WPS push-button method enabled by default, the duraction of the
activation is much longer and the race is easy to hit.
https://bugzilla.gnome.org/show_bug.cgi?id=790571
(cherry picked from commit e2c8ef45ac)
