Also rewrite resolv.conf if the configuration didn't actually change.
Especially, react on SIGUSR1 which does not reload the configuration but
only writes "resolv.conf".
https://bugzilla.redhat.com/show_bug.cgi?id=1062301
(cherry picked from commit 68f1203c7c)
Add nm_utils_setpgid() as a g_spawn*() child setup function for
calling setpgid(), and use it where appropriate rather than
reimplementing it every time.
(cherry picked from commit fb792af7cb)
There's no point in calling setpgid() on short-lived processes, so
remove the setpgid() calls when spawning dispatcher scripts, iptables,
iscsiadmin, and netconf.
(cherry picked from commit c22e3f327a)
Replace the pthread_sigwait()-based signal handling with
g_unix_signal_add()-based handling, and get rid of all the
now-unnecessary calls to nm_unblock_posix_signals() when spawning
subprocesses.
As a bonus, this also fixes the "^C in gdb kills NM too" bug.
(cherry picked from commit c5b3e93792)
NM always prepends the list of DNS domains received through DHCP to
the search list in /etc/resolv.conf, overriding the DHCP-supplied DNS
domain search order. This behavior is not entirely correct since it
changes the search order provided by system administrators.
We cannot simply avoid adding the DNS domain list to the search list
because this would break some configurations that rely on the 'domain'
option to deliver the search list.
This patch modifies the behavior of DNS manager to:
- insert the DHCP-provided 'domain' at the end of 'searches' option
so that 'searches' is always preferred
- ignore 'domain' if 'searches' option exists and 'domain' is a
single domain
https://bugzilla.gnome.org/show_bug.cgi?id=748900
(cherry picked from commit 6edc737173)
Fixes the following warnings in nm-dns-manager.c with NETCONFIG_PATH set:
dns-manager/nm-dns-manager.c: In function 'dispatch_netconfig':
dns-manager/nm-dns-manager.c:313:2: warning: implicit declaration of function 'waitpid' [-Wimplicit-function-declaration]
ret = waitpid (pid, NULL, 0);
^
dns-manager/nm-dns-manager.c:271:14: warning: unused variable 'tmp' [-Wunused-variable]
char *str, *tmp;
^
dns-manager/nm-dns-manager.c:329:13: warning: 'ret' may be used uninitialized in this function [-Wmaybe-uninitialized]
return ret > 0;
^
Fixes the following error in nm-dns-manager.c with NETCONFIG_PATH set:
dns-manager/nm-dns-manager.c:320:4: error: too many arguments to function 'g_set_error_literal'
g_set_error_literal (error,
If the child dies, or something kills the child externally, refresh
DNS which should respawn the child, similar to what we do with
wpa_supplicant, teamd, etc.
https://bugzilla.gnome.org/show_bug.cgi?id=728342
NM was killing the dnsmasq local caching nameserver process and immediately
starting a new one, and new process couldn't bind to 127.0.0.1 because the
old one hadn't quit yet. Thus the new process quit, and the user was
left with no split DNS at all.
While this does introduce more synchronous waiting into the connection
process, it's not that much time and NM will kill dnsmasq if it hasn't
quit after 1 second. The longer-term fix is to use dnsmasq's D-Bus
interface to update DNS without respawning it.
https://bugzilla.gnome.org/show_bug.cgi?id=728342https://bugzilla.redhat.com/show_bug.cgi?id=1161232
config.h should be included from every .c file, and it should be
included before any other include. Fix that.
(As a side effect of how I did this, this also changes us to
consistently use "config.h" rather than <config.h>. To the extent that
it matters [which is not much], quotes are more correct anyway, since
we're talking about a file in our own build tree, not a system
include.)
A number of classes in core had their own error domains that aren't
really necessary.
In the case of NMDcbError, NMDhcpManagerError, NMDnsManagerError,
NMDnsmasqManagerError, NMPppManagerError, and NMSessionMonitorError,
most of the codes they defined weren't even being used, and at any
rate, the errors were always returned into contexts where they would
just have their message extracted and then get thrown away without
anyone ever looking at the domain or code. So all uses of those
domains can just be replaced with NM_MANAGER_ERROR_FAILED without any
loss of information.
NMAuthManagerError only had 1 error code, and it just indicated
"something went wrong", so it can be replaced with
NM_MANAGER_ERROR_FAILED without loss of information.
(nm-auth-manager.c has also been fixed to return
NM_MANAGER_ERROR_FAILED when the CheckAuthorization D-Bus call fails,
rather than returning whatever error domain/code the D-Bus call
returned.)
NMVpnManagerError used 2 of its 4 error codes, and they could actually
end up getting returned across D-Bus in some cases. But there are
NMManagerError codes that are semantically similar enough to make the
NMVpnManagerError ones unnecessary.
Instead of having basically the same code in a bunch of different
place to find helper programs, just have one place do it. Yes, this
does mean that the same sequence of paths is searched for all helpers
(so for example, dnsmasq will no longer be found first in /usr/local)
but I think consistency is the better option here.
https://bugzilla.gnome.org/show_bug.cgi?id=734131
Previously, src/nm-ip4-config.h, libnm/nm-ip4-config.h, and
libnm-glib/nm-ip4-config.h all used "NM_IP4_CONFIG_H" as an include
guard, which meant that nm-test-utils.h could not tell which of them
was being included (and so, eg, if you tried to include
nm-ip4-config.h in a libnm test, it would fail to compile because
nm-test-utils.h was referring to symbols in src/nm-ip4-config.h).
Fix this by changing the include guards in the non-API-stable parts of
the tree:
- libnm-glib/nm-ip4-config.h remains NM_IP4_CONFIG_H
- libnm/nm-ip4-config.h now uses __NM_IP4_CONFIG_H__
- src/nm-ip4-config.h now uses __NETWORKMANAGER_IP4_CONFIG_H__
And likewise for all other headers.
The two non-"nm"-prefixed headers, libnm/NetworkManager.h and
src/NetworkManagerUtils.h are now __NETWORKMANAGER_H__ and
__NETWORKMANAGER_UTILS_H__ respectively, which, while not entirely
consistent with the general scheme, do still mostly make sense in
isolation.
Out-of-tree build fails with:
../../src/dns-manager/nm-dns-manager.c:38:33: fatal error: libnm-util/nm-utils.h: No such file or directory
Fixes regression introduced by commit 7580cfef20.
Signed-off-by: Thomas Haller <thaller@redhat.com>
Use nm_utils_inet4_ntop() and nm_utils_inet6_ntop() instead.
And get rid of the unneeded error-checking.
gcc warns:
make[4]: Entering directory `/data/src/NetworkManager/src'
CC nm-dns-manager.lo
dns-manager/nm-dns-manager.c: In function 'merge_one_ip4_config':
dns-manager/nm-dns-manager.c:137:37: warning: ordered comparison of pointer with integer zero [-Wextra]
if (inet_ntop (AF_INET, &addr, buf, INET_ADDRSTRLEN) > 0)
^
dns-manager/nm-dns-manager.c:168:37: warning: ordered comparison of pointer with integer zero [-Wextra]
if (inet_ntop (AF_INET, &addr, buf, INET_ADDRSTRLEN) > 0)
^
dns-manager/nm-dns-manager.c: In function 'merge_one_ip6_config':
dns-manager/nm-dns-manager.c:197:64: warning: ordered comparison of pointer with integer zero [-Wextra]
if (inet_ntop (AF_INET, &(addr->s6_addr32[3]), buf, INET_ADDRSTRLEN) > 0)
^
dns-manager/nm-dns-manager.c:200:38: warning: ordered comparison of pointer with integer zero [-Wextra]
if (inet_ntop (AF_INET6, addr, buf, INET6_ADDRSTRLEN) > 0) {
^
Signed-off-by: Thomas Haller <thaller@redhat.com>
When building with '--disable-concheck' with libsoup installed,
configure would set HAVE_LIBSOUP. But without connection
checking, we didn't link against libsoup, resulting in a
linker error.
Add a new configure option '--with-libsoup' / '--without-libsoup'
to control whether linking against libsoup.
The combination '--without-libsoup --enable-concheck' does not
make sense.
https://bugzilla.gnome.org/show_bug.cgi?id=734062
Signed-off-by: Thomas Haller <thaller@redhat.com>
Clean up some of the cross-includes between headers (which made it so
that, eg, if you included NetworkManagerUtils.h in a test program, you
would need to build the test with -I$(top_srcdir)/src/platform, and if
you included nm-device.h you'd need $(POLKIT_CFLAGS)) by moving all
GObject struct definitions for src/ and src/settings/ into nm-types.h
(which already existed to solve the NMDevice/NMActRequest circular
references).
Update various .c files to explicitly include the headers they used to
get implicitly, and remove some now-unnecessary -I options from
Makefiles.
The script is called synchronously from NetworkManager so it can handle
asynchronicity itself. The long-term plan is to incorporate the script
partially into the new plugin and partially into a dnssec-trigger
library which will be used instead of dnssec-trigger daemon.
https://bugzilla.gnome.org/show_bug.cgi?id=699810
Acked-By: Thomas Haller <thaller@redhat.com>
Acked-By: Dan Williams <dcbw@redhat.com>
dfe194ee made it so that we don't use "public suffixes" as resolv.conf
search domains (eg, we don't add "search com" if the hostname is
"example.com"). However, if this results in us writing a resolv.conf
with no "search" line at all, then the resolver will fall back to
using the parent domain of the hostname as a search domain anyway,
thwarting us.
To fix that, use the domain itself as a search domain in this case,
since that's likely to be the expected behavior anyway. (And even if
it's not, there doesn't appear to be any way to block the resolver
from using the hostname's parent domain as a search domain unless we
specify at least one search domain ourselves.)
https://bugzilla.gnome.org/show_bug.cgi?id=729137
resolv.conf(5) says:
The domain and search keywords are mutually exclusive. If more than
one instance of these keywords is present, the last instance wins.
NM always writes out a "search" line if it writes a "domain" line, so
the "domain" line is always a no-op. So drop it.
https://bugzilla.gnome.org/show_bug.cgi?id=729137
VPN services that use the kernel's IPSec stack (like OpenSwan/LibreSWAN)
obviously don't have a tunnel interface, so don't require one. If
those services provide Link-Local IPv6 DNS servers they simply won't
work, but perhaps we can filter those out later or warn about them.
If the hostname is "foo.example.com" then we want to add
"search example.com" to resolv.conf, but if it's just "example.com",
we don't want to add "search com" (rh #812394).
So if NetworkManager is being built with recent libsoup, use
soup_tld_domain_is_public_suffix() to double-check the domain before
adding it. (If it is not being built with libsoup, or is being built
with too old a version, we just skip that test, keeping the old
behavior.)
NMPolicy only updates the NMDnsManager's hostname when it changes,
which previously did not include at startup. Meaning if your hostname
never changed, NMDnsManager would never learn it (and so would never
add an appropriate "search" line to resolv.conf). Fix that.
If /etc/resolv.conf has the immutable flag set, then behave as though
"dns=none" was specified (rather than repeatedly trying and failing to
update it).
Add a property indicating whether NMDnsManager is ignoring
resolv.conf, managing it by explicitly putting nameservers into it, or
managing it by proxying to another service (eg, dnsmasq) with
"nameserver 127.0.0.1".
ip6_addr_to_string did assume, that inet_ntop might write a scope id to
the result. But it does not (and cannot, because struct in6_addr does
not have any interface identifer).
Simplify and rework the function.
Also fix a memory leak.
https://bugzilla.gnome.org/show_bug.cgi?id=711684
Signed-off-by: Thomas Haller <thaller@redhat.com>
These are (most likely) only warnings and not severe bugs.
Some of these changes are mostly made to get a clean run of
Coverity without any warnings.
Error found by running Coverity scan
https://bugzilla.redhat.com/show_bug.cgi?id=1025894
Co-Authored-By: Jiří Klimeš <jklimes@redhat.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
Although having different parts of NM in different subdirectories
keeps the source tree neat, it has made the build messy, particularly
because of cross-dependencies between the subdirs.
Reorganize to build all of the pieces of the NetworkManager binary
from src/Makefile, and only use recursive make for test programs,
helper binaries, and plugins.
As part of this, get rid of all the per-directory convenience
libraries, and switch to building a single top-level
libNetworkManager.la, containing everything except main.c, which all
of the test programs can then link against.
Make the main/dns config key be a single value rather than a list of
plugins. Since there is currently only one valid value for it
("dnsmasq"), this is backward-compatible.
In the future, it will be possible to specify custom DNS-configuring
scripts here, which is a more flexible way of handling complicated
behavior than trying to create chainable internal plugins.
