We're already connected; shouldn't need secrets again but
if we do, we'll ask for them again. Fixes an issue where
reconnect would use an old one-time-password.
It's the thing that owns the secrets anyway, and it simplifies things to
have the secrets handling there instead of half in NMActRequest and
half in NMManager. It also means we can get rid of the ugly signals
that NMSettingsConnection had to emit to get agent's secrets, and
we can consolidate the requests for the persistent secrets that the
NMSettingsConnection owned into NMSettingsConnection itself instead
of also in NMAgentManager.
Since the NMActRequest and the NMVPNConnection classes already tracked
the underlying NMSettingsConnection representing the activation, its
trivial to just have them ask the NMSettingsConnection for secrets
instead of talking to the NMAgentManager. Thus, only the
NMSettingsConnection now has to know about the agent manager, and it
presents a cleaner interface to other objects further up the chain,
instead of having bits of the secrets request splattered around the
activation request, the VPN connection, the NMManager, etc.
When a user makes an explicit request for secrets via GetSecrets
or activates a device, don't ask other users' agents for secrets.
Restrict secrets request to agents owned by the user that made the
initial activate or GetSecrets request.
Automatic activations still request secrets from any available agent.
Simplifies code internally, and makes it easier for clients as well in
some cases where they want to control what ends up in the resulting
hash and what does not.
Due to limitations in dbus-glib, where one GObject cannot have more
than one introspection XML object attached to it, we used to include
more than one <interface> in the VPNConnection object introspection
XML. This was suboptimal for two reasons:
1) it duplicated the Connection.Active introspection XML which
made it harder for clients to use the introspection data in a
dynamic fashion, besides looking ugly in the docs
2) not many other programs use this feature of dbus-glib, which
means it didn't get a lot of testing, and broke, which sucks
for NM.
To fix this issue, create a base class for NMVpnConnection that
handles the Connection.Active API, and make NMVpnConnection itself
handle just the VPN pieces that it layers on top. This makes
dbus-glib happy because we aren't using two <interface> blocks
in the same introspection XML, and it makes the NM code more
robust because we can re-use the existing Connection.Active
introspection XML in the NMVpnConnectionBase class.
Filter registered agents for each secrets request to ensure that the
connection for which secrets are requested is visible to that agent,
and add that agent to the queue. Ask each agent in the queue until
one returns usable secrets. Ensure that if new agents register
or existing agents quit during the secrets request, that the queue
is updated accordingly, and ensure that an agent that's already
been asked for secrets, unregisters, and re-registers before the
secrets request is comple, isn't asked for secrets twice.
Instead of a bizare mechanism of signals back to the manager
object that used to be required because of the user/system settings
split, let each place that needs secrets request those secrets
itself. This flattens the secrets request process a ton and
the code flow significantly.
Previously the get secrets flow was something like this:
nm_act_request_get_secrets ()
nm_secrets_provider_interface_get_secrets ()
emits manager-get-secrets signal
provider_get_secerts ()
system_get_secrets ()
system_get_secrets_idle_cb ()
nm_sysconfig_connection_get_secrets ()
system_get_secrets_reply_cb ()
nm_secrets_provider_interface_get_secrets_result ()
signal failure or success
now instead we do something like this:
nm_agent_manager_get_secrets ()
nm_agent_manager_get_secrets ()
request_start_secrets ()
nm_sysconfig_connection_get_secrets ()
return failure or success to callback
NMSysconfigSettings has the authoritative list of connections, no reason
to duplicate all that tracking code in NMManager. Add the missing bits
that the manager had to NMSysconfigSettings, and point NMPolicy at the
settings object instead of NMManager for that.
config.h defines _GNU_SOURCE, which in turn defines the bits necessary
for kill, isblank, and isascii. So wherever we use those, we need
to make sure config.h is included.
Remove all references to connection scope and user-settings services
from the various internal APIs of the daemon. The external DBus API
remains unchanged, albeit in stub form for scope stuff.
priv->ip_iface gets destroyed in vpn_cleanup() when the class
signal handler handles FAILED/DISCONNECTED, but the dispatcher
is only called *after* that, so it gets a NULL ip_iface. Fix that
so that the dispatcher always gets the tunnel interface for
vpn-up and vpn-down.
Use the interfaces kernel index when we can to avoid unecessary
iface->index lookups; and let callers figure out which address
family they really want to flush.
Some stuff we build (the DHCP manager) gets built independently
so that we can use it for unit tests. For that, we need to build
the logging bits separately too, since the independent DHCP
library can't use them if they are embedded in NM.
NM previously only cleared secrets when the VPN service daemon quit,
and the service daemons are on a 10-second inactivity timer. So if
the user tried to re-activate the failed VPN connection within 10
seconds the old secrets would get used, which clearly isn't what we
want. Ensure that whenever the VPN connection fails or disconnects,
we ask the settings service for secrets again the next time.
Or really, any time the parent IP4 config is cleared which is pretty
much only when the device is going down. Avoids a warning when
nm_system_add_ip4_vpn_gateway_route() can't get the parent IP4Config
because it doesn't exist.
Since NM adds the gateway host route in the manner that's correct
for the current routing situation, we don't really want random
gateway host routes from the VPN server getting added instead.
The only thing that doesn't work yet is the system-settings service's
"auto eth" connections for ethernet devices that don't have an existing
connection. Might also have issues with unmanaged devices that can't
provide a MAC address until they are brought up, but we'll see.
0.7 requires dbus 1.1 or greater (for system bus activation), so make that
explicit, and remove compat code for D-Bus 0.6 and earlier. Consolidate
the various glib pkgconfig checks into one, since most anything will require
gthread, glib, and gobject anyway. Fixup the docs makefile to be more
automake-compatible and let 'make clean' actually work correctly when
docs are built.
Don't do anything with WINS servers (dispatcher scripts installed with
samba could certainly update samba's idea of WINS servers), but at least
provide them so that the VPNs that can get upstream WINS servers can
at least make other stuff aware of them.
* src/vpn-manager/nm-vpn-connection.c
- (plugin_state_changed): clear secrets before setting the connection
state to FAILED, since doing so may destroy the connection itself,
since the NMVPNService owning this NMVPNConnection will unref it
when the NMVPNConnection is failed or stopped
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/branches/NETWORKMANAGER_0_7@4374 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
