Commit graph

27012 commits

Author SHA1 Message Date
Thomas Haller
eece6fc684
wifi: fix parsing Microsoft Network Cost IE
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/734

Fixes: 5307b1ed73 ('wifi: guess metered flag based on Network Cost information element')

https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/879
(cherry picked from commit 8327312c51)
(cherry picked from commit a4d2106ace)
2021-06-10 16:11:31 +02:00
Thomas Haller
14ed2386ae
core: fix leak in _config_data_get_main_auth_polkit()
Found by Coverity:

  Error: RESOURCE_LEAK (CWE-772):
  NetworkManager-1.31.3/src/core/nm-config-data.c:450: alloc_fn: Storage is returned from allocation function "nm_config_data_get_value".
  NetworkManager-1.31.3/src/core/nm-config-data.c:450: var_assign: Assigning: "str" = storage returned from "nm_config_data_get_value(self, "main", "auth-polkit", (enum [unnamed type of NMConfigGetValueFlags])6)".
  NetworkManager-1.31.3/src/core/nm-config-data.c:454: noescape: Resource "str" is not freed or pointed-to in "nm_auth_polkit_mode_from_string".
  NetworkManager-1.31.3/src/core/nm-config-data.c:465: leaked_storage: Variable "str" going out of scope leaks the storage it points to.
  #  463|           NM_SET_OUT(out_invalid_config, FALSE);
  #  464|
  #  465|->     return auth_polkit_mode;
  #  466|   }
  #  467|

Fixes: 6d7446e52f ('core: add main.auth-polkit option "root-only"')
(cherry picked from commit ceaa1c369f)
(cherry picked from commit 0392743c48)
2021-06-10 16:11:31 +02:00
Thomas Haller
a44a8c5eee
cli: fix RETURN_STR_EMPTYUNSET() macro for printing handle_emptyunset string
This was currently unused, because actually no property of type string
had handle_emptyunuset set.

Fixes: e9ee4e39f1 ('cli: handle string properties that can both be empty and %NULL')
(cherry picked from commit 2c37a34d53)
(cherry picked from commit e8de0433c2)
2021-06-10 16:11:31 +02:00
Thomas Haller
27811afdc8
build: ignore "docs/api/NetworkManager.actions" build artifact
I still don't understand why we get now these ".actions" build
artifacts. Anyway, I don't think we need to care. Just ignore
it.

(cherry picked from commit abccc8b8fe)
2021-06-10 16:11:31 +02:00
Beniamino Galvani
bd4f6706b5 core: merge branch 'bg/assume'
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/852

(cherry picked from commit aeea0203b4)

(cherry picked from commit 57dd1281fa)
2021-05-31 10:19:49 +02:00
Beniamino Galvani
401f522033 core: don't reset assume state too early
If the device is still unmanaged by platform-init (which means that
udev didn't emit the event for the interface) when the device gets
realized, we currently clear the assume state. Later, when the device
becomes managed, NM is not able to properly assume the device using
the UUID.

This situation arises, for example, when NM already configured the
device in initrd; after NM is restarted in the real root, udev events
can be delayed causing this race condition.

Among all unamanaged flags, platform-init is the only one that can be
delayed externally. We should not clear the assume state if the device
has only platform-init in the unmanaged flags.

(cherry picked from commit 3c4450aa4d)
(cherry picked from commit 18022299bf)
2021-05-31 10:19:49 +02:00
Beniamino Galvani
587c70aace managed: remove unneeded call to nm_device_assume_state_reset()
_set_state_full() in NMDevice already calls
nm_device_assume_state_reset() when the device reaches state >
DISCONNECTED.

(cherry picked from commit 5dc6d73243)
(cherry picked from commit efe8046c1d)
2021-05-31 10:19:48 +02:00
Beniamino Galvani
7bbfd1db43 device: add NM_UNMANAGED_ALL
(cherry picked from commit f244aa6907)
(cherry picked from commit 943aa1a858)
2021-05-31 10:19:48 +02:00
Beniamino Galvani
bad9455dd4 release: bump version to 1.28.3 (development) 2021-04-19 09:21:27 +02:00
Beniamino Galvani
c60bfee67f release: bump version to 1.28.2 2021-04-19 09:21:27 +02:00
Beniamino Galvani
e2204a16d3 NEWS: update 2021-04-19 09:00:31 +02:00
Jonas Jelten
6e4b1b25cb
initrd: fix auto-establishment for dhcp6 and auto6 methods
Fixes: ecc074b2f8 ('initrd: add command line parser')

https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/586
(cherry picked from commit cc7bf676eb)
(cherry picked from commit 1bf4c3039a)
2021-04-12 16:06:25 +02:00
Beniamino Galvani
88ac79b309
initrd: fix may-fail for IPv6
(cherry picked from commit 5f73646524)
(cherry picked from commit 1bf1a902be)
2021-04-12 16:06:19 +02:00
Thomas Haller
2695d10278
libnm: fix nm_device_set_autoconnect() to use correct D-Bus property name
Fixes: ce0e898fb4 ('libnm: refactor caching of D-Bus objects in NMClient')
(cherry picked from commit 6b64fac06d)
(cherry picked from commit 950b7d573b)
2021-04-12 16:03:59 +02:00
Thomas Haller
7cb48c4608
build: fix detection of python for autotools
The goal of this code is to detect python, but prefer python3 while
also allowing the user to override the path.

That did not work in all cases, due to what seems like a bug in
AM_PATH_PYTHON(). AM_PATH_PYTHON() is documented to ignore failure
if [action-if-not-found] is given. So one might assume that:

  AM_PATH_PYTHON([3], [], [PYTHON=])
  if test -z "$PYTHON"; then
    AM_PATH_PYTHON([], [], [PYTHON=python])
  fi

first tries to look for v3, and if that fails search for any python
interpreter. That did not work however with:

  $ ./configure PYTHON=/usr/bin/python2
  ...
  checking pkg-config is at least version 0.9.0... yes
  checking whether /usr/bin/python2 version is >= 3... no
  configure: error: Python interpreter is too old

because the first AM_PATH_PYTHON() is fatal.

Work around that.

Fixes: 54a1cfa973 ('build: prefer python3 over python2 in autotools's configure script')
(cherry picked from commit 91bf576a43)
(cherry picked from commit 58a24f4f66)
2021-04-12 16:02:14 +02:00
Thomas Haller
16e5b307a3
core: fix crash in nm_wildcard_match_check()
It's not entirely clear how to treat %NULL.
Clearly "match.interface-name=eth0" should not
match with an interface %NULL. But what about
"match.interface-name=!eth0"? It's now implemented
that negative matches still succeed against %NULL.
What about "match.interface-name=*"? That probably
should also match with %NULL. So we treat %NULL really
like "".

Against commit 11cd443448 ('iwd: Don't call IWD methods when device
unmanaged'), we got this backtrace:

    #0  0x00007f1c164069f1 in __strnlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:62
    #1  0x00007f1c1637ac9e in __fnmatch (pattern=<optimized out>, string=<optimized out>, string@entry=0x0, flags=flags@entry=0) at fnmatch.c:379
            p = 0x0
            res = <optimized out>
            orig_pattern = <optimized out>
            n = <optimized out>
            wpattern = 0x7fff8d860730 L"pci-0000:03:00.0"
            ps = {__count = 0, __value = {__wch = 0, __wchb = "\000\000\000"}}
            wpattern_malloc = 0x0
            wstring_malloc = 0x0
            wstring = <optimized out>
            alloca_used = 80
            __PRETTY_FUNCTION__ = "__fnmatch"
    #2  0x0000564484a978bf in nm_wildcard_match_check (str=0x0, patterns=<optimized out>, num_patterns=<optimized out>) at src/core/nm-core-utils.c:1959
            is_inverted = 0
            is_mandatory = 0
            match = <optimized out>
            p = 0x564486c43fa0 "pci-0000:03:00.0"
            has_optional = 0
            has_any_optional = 0
            i = <optimized out>
    #3  0x0000564484bf4797 in check_connection_compatible (self=<optimized out>, connection=<optimized out>, error=0x0) at src/core/devices/nm-device.c:7499
            patterns = <optimized out>
            device_driver = 0x564486c76bd0 "veth"
            num_patterns = 1
            priv = 0x564486cbe0b0
            __func__ = "check_connection_compatible"
            device_iface = <optimized out>
            local = 0x564486c99a60
            conn_iface = 0x0
            klass = <optimized out>
            s_match = 0x564486c63df0 [NMSettingMatch]
    #4  0x0000564484c38491 in check_connection_compatible (device=0x564486cbe590 [NMDeviceVeth], connection=0x564486c6b160, error=0x0) at src/core/devices/nm-device-ethernet.c:348
            self = 0x564486cbe590 [NMDeviceVeth]
            s_wired = <optimized out>

Fixes: 3ced486f41 ('libnm/match: extend syntax for match patterns with '|', '&', '!' and '\\'')

https://bugzilla.redhat.com/show_bug.cgi?id=1942741

CVE-2021-20297

(cherry picked from commit 420784e342)
(cherry picked from commit eaba0b4845)
2021-04-12 16:00:27 +02:00
Beniamino Galvani
d221474008 initrd: fix crash parsing empty rd.znet argument
Ignore a rd.znet argument without subchannels. When using net.ifnames
(the default), subchannels are used to build the interface name, which
is required to match the right connection.

With net.ifnames=0 the interface name is build using a prefix and a
global counter and therefore in theory it is possible to omit
subchannels. However, without subchannels there won't be a udev rule
that renames the interface and so it can't work.

https://bugzilla.redhat.com/show_bug.cgi?id=1931284
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/783
(cherry picked from commit 0f8fe3c76b)
(cherry picked from commit d0d2d97ca5)
2021-03-17 10:17:35 +01:00
Adarsh J
f55eeff70a
initrd: add support for rd.net.timeout.carrier
Add support for `carrier-wait-timeout` setting from kernel cmdline.

This will create a new `15-carrier-timeout.conf` file in
/run/NetworkManager/conf.d with the parameter value as specified.

The setting also inserts `match-device` to `*`, matching all devices.

NB: The parameter on kernel cmdline is specified in seconds. This is
done to be backwards compatible with with network-legacy module. However
the generated setting will automatically multiply specified value by
1000 and store timeout value in ms.

https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/626

https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/730
(cherry picked from commit e300138892)
2021-03-12 12:53:18 +01:00
Thomas Haller
4dfeec4eca
shared: fix behavior of NM_G_MUTEX_LOCKED()
The idea of NM_G_MUTEX_LOCKED() macro is not only to register a mutex
for unlocking (via nm_auto_unlock_g_mutex) but also to lock it at
the same time.

That is a useful helper macro. If you have to lock the mutex yourself,
it makes usage less convenient. At which point you don't need the macro
anymore and you should instead take full control and lock/unlock yourself.

Fix the macro and change behavior. The macro was not used so far, so
it's not a problem.

Fixes: dd33b3a14e ('shared: add nm_auto_unlock_g_mutex and NM_G_MUTEX_LOCKED() helper macros')
(cherry picked from commit 098ac7dbc0)
(cherry picked from commit 3c27a3ed5f)
2021-03-12 12:43:21 +01:00
Thomas Haller
d26f17f24c
wwan: fix leaking "bearer" in connect_ready()
Fixes: 105ee6e5a9 ('device: fix crash by handling connection cancellation')

https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/669
(cherry picked from commit 5747bdb8b8)
(cherry picked from commit 65e88671d6)
2021-03-12 12:43:15 +01:00
Thomas Haller
9c3e6a1034
platform/tests: relax unit test for setting IFLA_BR_FORWARD_DELAY/forward_delay
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/665

Fixes: e9278d8659 ('platform/tests: ignore failure for adding bridge with iproute2')
(cherry picked from commit 1e81827e6f)
(cherry picked from commit 04aa208e9a)
2021-03-12 12:43:11 +01:00
Thomas Haller
dae9f89ab7
libnm: fix tracking object state in NMClient cache
NMClient has a NMLDBusObject instance for each D-Bus object
that it sees. This object can be in different states, like that we
already saw it on D-Bus or that it is only referred to by another
property. Due to a bug, we would wrongly not update the state and
trigger an assertion.

Reproduce with python-dbusmock (commit e89e28bf1bc0254a1eb71b71cf68ef7a97d11e5b)
by running `pytest -v -s tests/test_networkmanager.py -k test_one_wifi_with_accesspoints`.
With LIBNM_CLIENT_DEBUG we get:

>>> libnm-dbus[96085]: <trace> [6464.06459] nmclient[c9bf1eaa1f4b6c99]: [/org/freedesktop/NetworkManager/Devices/mock_WiFi2]: properties-changed: properties changed for interface org.freedesktop.NetworkManager.Device { {'ActiveConnection': <objectpath '/org/freedesktop/NetworkManager/ActiveConnection/0'>} }
    libnm-dbus[96085]: <trace> [6464.06459] nmclient[c9bf1eaa1f4b6c99]: [/org/freedesktop/NetworkManager/Devices/mock_WiFi2]: properties-changed: set property org.freedesktop.NetworkManager.Device.ActiveConnection
    libnm-dbus[96085]: <trace> [6464.06459] nmclient[c9bf1eaa1f4b6c99]: [/org/freedesktop/NetworkManager/Devices/mock_WiFi2]: changed-type 0x01 linked
    libnm-dbus[96085]: <trace> [6464.06459] nmclient[c9bf1eaa1f4b6c99]: [/org/freedesktop/NetworkManager/Devices/mock_WiFi2]: changed-type 0x01 consumed
>>> libnm-dbus[96085]: <trace> [6464.06459] nmclient[c9bf1eaa1f4b6c99]: [/org/freedesktop/NetworkManager/ActiveConnection/0]: set D-Bus object state watched-only
    libnm-dbus[96085]: <trace> [6464.06459] nmclient[c9bf1eaa1f4b6c99]: [/org/freedesktop/NetworkManager/Devices/mock_WiFi2]: changed-type 0x02 linked
    libnm-dbus[96085]: <trace> [6464.06459] nmclient[c9bf1eaa1f4b6c99]: [/org/freedesktop/NetworkManager]: changed-type 0x02 linked
    libnm-dbus[96085]: <trace> [6464.06459] nmclient[c9bf1eaa1f4b6c99]: [/org/freedesktop/NetworkManager/Devices/mock_WiFi2]: changed-type 0x02 consumed
>>> libnm-dbus[96085]: <error> [6464.06459] nmclient[c9bf1eaa1f4b6c99]: [/org/freedesktop/NetworkManager/Devices/mock_WiFi2]: property ActiveConnection references /org/freedesktop/NetworkManager/ActiveConnection/0 but object is not present on D-Bus
    libnm-dbus[96085]: <trace> [6464.06459] nmclient[c9bf1eaa1f4b6c99]: [/org/freedesktop/NetworkManager]: changed-type 0x02 consumed
    libnm-dbus[96085]: <trace> [6464.06460] nmclient[c9bf1eaa1f4b6c99]: [/org/freedesktop/NetworkManager/Devices/mock_WiFi2]: properties-changed: properties changed for interface org.freedesktop.NetworkManager.Device { {'State': <uint32 100>} }
    libnm-dbus[96085]: <trace> [6464.06460] nmclient[c9bf1eaa1f4b6c99]: [/org/freedesktop/NetworkManager/Devices/mock_WiFi2]: properties-changed: set property org.freedesktop.NetworkManager.Device.State
    libnm-dbus[96085]: <trace> [6464.06460] nmclient[c9bf1eaa1f4b6c99]: [/org/freedesktop/NetworkManager/Devices/mock_WiFi2]: changed-type 0x01 linked
    libnm-dbus[96085]: <trace> [6464.06460] nmclient[c9bf1eaa1f4b6c99]: [/org/freedesktop/NetworkManager/Devices/mock_WiFi2]: changed-type 0x01 consumed
    libnm-dbus[96085]: <trace> [6464.06460] nmclient[c9bf1eaa1f4b6c99]: [/org/freedesktop/NetworkManager/Devices/mock_WiFi2]: changed-type 0x02 linked
    libnm-dbus[96085]: <trace> [6464.06460] nmclient[c9bf1eaa1f4b6c99]: [/org/freedesktop/NetworkManager]: changed-type 0x02 linked
    libnm-dbus[96085]: <trace> [6464.06461] nmclient[c9bf1eaa1f4b6c99]: [/org/freedesktop/NetworkManager/Devices/mock_WiFi2]: changed-type 0x02 consumed
    libnm-dbus[96085]: <trace> [6464.06461] nmclient[c9bf1eaa1f4b6c99]: [/org/freedesktop/NetworkManager]: changed-type 0x02 consumed
    libnm-dbus[96085]: <trace> [6464.06462] nmclient[c9bf1eaa1f4b6c99]: [/org/freedesktop/NetworkManager/Devices/mock_WiFi2]: properties-changed: properties changed for interface org.freedesktop.NetworkManager.Device { {'StateReason': <(uint32 100, uint32 0)>} }
    libnm-dbus[96085]: <trace> [6464.06462] nmclient[c9bf1eaa1f4b6c99]: [/org/freedesktop/NetworkManager/Devices/mock_WiFi2]: properties-changed: set property org.freedesktop.NetworkManager.Device.StateReason
    libnm-dbus[96085]: <trace> [6464.06462] nmclient[c9bf1eaa1f4b6c99]: [/org/freedesktop/NetworkManager/Devices/mock_WiFi2]: changed-type 0x01 linked
    libnm-dbus[96085]: <trace> [6464.06462] nmclient[c9bf1eaa1f4b6c99]: [/org/freedesktop/NetworkManager/Devices/mock_WiFi2]: changed-type 0x01 consumed
    libnm-dbus[96085]: <trace> [6464.06462] nmclient[c9bf1eaa1f4b6c99]: [/org/freedesktop/NetworkManager/Devices/mock_WiFi2]: changed-type 0x02 linked
    libnm-dbus[96085]: <trace> [6464.06462] nmclient[c9bf1eaa1f4b6c99]: [/org/freedesktop/NetworkManager]: changed-type 0x02 linked
    libnm-dbus[96085]: <trace> [6464.06462] nmclient[c9bf1eaa1f4b6c99]: [/org/freedesktop/NetworkManager/Devices/mock_WiFi2]: changed-type 0x02 consumed
    libnm-dbus[96085]: <trace> [6464.06462] nmclient[c9bf1eaa1f4b6c99]: [/org/freedesktop/NetworkManager]: changed-type 0x02 consumed
>>> libnm-dbus[96085]: <trace> [6464.06465] nmclient[c9bf1eaa1f4b6c99]: [/org/freedesktop/NetworkManager/ActiveConnection/0]: interfaces-added: properties changed for interface org.freedesktop.NetworkManager.Connection.Active { {'Devices': <[objectpath '/org/freedesktop/NetworkManager/Devices/mock_WiFi2']>, 'Default6': <false>, 'Default': <true>, 'Type': <'802-11-wireless'>, 'Vpn': <false>, 'Connection': <objectpath '/org/freedesktop/NetworkManager/Settings/Mock_AP3'>, 'Master': <objectpath '/'>, 'SpecificObject': <objectpath '/org/freedesktop/NetworkManager/AccessPoint/Mock_AP3'>, 'Uuid': <'72757a57-8cb6-4052-a18f-4e2be4ba27d9'>, 'State': <uint32 2>, 'Id': <'AP_3'>} }
>>> here we lack "set D-Bus object state on-dbus"
    libnm-dbus[96085]: <trace> [6464.06465] nmclient[c9bf1eaa1f4b6c99]: [/org/freedesktop/NetworkManager/ActiveConnection/0]: interfaces-added: set property org.freedesktop.NetworkManager.Connection.Active.Devices
    libnm-dbus[96085]: <trace> [6464.06465] nmclient[c9bf1eaa1f4b6c99]: [/org/freedesktop/NetworkManager/ActiveConnection/0]: interfaces-added: set property org.freedesktop.NetworkManager.Connection.Active.Default6
    libnm-dbus[96085]: <trace> [6464.06465] nmclient[c9bf1eaa1f4b6c99]: [/org/freedesktop/NetworkManager/ActiveConnection/0]: interfaces-added: set property org.freedesktop.NetworkManager.Connection.Active.Default
    libnm-dbus[96085]: <trace> [6464.06465] nmclient[c9bf1eaa1f4b6c99]: [/org/freedesktop/NetworkManager/ActiveConnection/0]: interfaces-added: set property org.freedesktop.NetworkManager.Connection.Active.Type
    libnm-dbus[96085]: <trace> [6464.06465] nmclient[c9bf1eaa1f4b6c99]: [/org/freedesktop/NetworkManager/ActiveConnection/0]: interfaces-added: set property org.freedesktop.NetworkManager.Connection.Active.Vpn
    libnm-dbus[96085]: <trace> [6464.06465] nmclient[c9bf1eaa1f4b6c99]: [/org/freedesktop/NetworkManager/ActiveConnection/0]: interfaces-added: set property org.freedesktop.NetworkManager.Connection.Active.Connection
    libnm-dbus[96085]: <trace> [6464.06465] nmclient[c9bf1eaa1f4b6c99]: [/org/freedesktop/NetworkManager/ActiveConnection/0]: interfaces-added: set property org.freedesktop.NetworkManager.Connection.Active.Master
    libnm-dbus[96085]: <trace> [6464.06465] nmclient[c9bf1eaa1f4b6c99]: [/org/freedesktop/NetworkManager/ActiveConnection/0]: interfaces-added: set property org.freedesktop.NetworkManager.Connection.Active.SpecificObject
    libnm-dbus[96085]: <trace> [6464.06466] nmclient[c9bf1eaa1f4b6c99]: [/org/freedesktop/NetworkManager/ActiveConnection/0]: interfaces-added: set property org.freedesktop.NetworkManager.Connection.Active.Uuid
    libnm-dbus[96085]: <trace> [6464.06466] nmclient[c9bf1eaa1f4b6c99]: [/org/freedesktop/NetworkManager/ActiveConnection/0]: interfaces-added: set property org.freedesktop.NetworkManager.Connection.Active.State
    libnm-dbus[96085]: <trace> [6464.06466] nmclient[c9bf1eaa1f4b6c99]: [/org/freedesktop/NetworkManager/ActiveConnection/0]: interfaces-added: set property org.freedesktop.NetworkManager.Connection.Active.Id
    libnm-dbus[96085]: <trace> [6464.06466] nmclient[c9bf1eaa1f4b6c99]: [/org/freedesktop/NetworkManager/ActiveConnection/0]: changed-type 0x01 linked
    libnm-dbus[96085]: <trace> [6464.06466] nmclient[c9bf1eaa1f4b6c99]: [/org/freedesktop/NetworkManager/ActiveConnection/0]: changed-type 0x01 consumed
    Bail out! libnm:ERROR:libnm/nm-client.c:2863:_dbus_handle_obj_changed_dbus: assertion failed: (dbobj->obj_state >= NML_DBUS_OBJ_STATE_ON_DBUS)

Backtrace:

  #3  0x00007f0bd11173bf in g_assertion_message_expr
      (domain=domain@entry=0x7f0bd1576018 "libnm", file=file@entry=0x7f0bd1576006 "libnm/nm-client.c", line=line@entry=2863, func=func@entry=0x7f0bd157f1b0 <__func__.170> "_dbus_handle_obj_changed_dbus", expr=expr@entry=0x7f0bd157cba0 "dbobj->obj_state >= NML_DBUS_OBJ_STATE_ON_DBUS") at ../glib/gtestutils.c:2963
  #4  0x00007f0bd14959dd in _dbus_handle_obj_changed_dbus (self=self@entry=0x5612d4f5a130, log_context=<optimized out>) at libnm/nm-client.c:2863
  #5  0x00007f0bd1495c29 in _dbus_handle_changes (self=self@entry=0x5612d4f5a130, log_context=<optimized out>, allow_init_start_check_complete=allow_init_start_check_complete@entry=1)
      at libnm/nm-client.c:2909
  #6  0x00007f0bd1497e56 in _dbus_managed_objects_changed_cb
      (connection=<optimized out>, sender_name=<optimized out>, arg_object_path=<optimized out>, interface_name=<optimized out>, signal_name=<optimized out>, parameters=0x7f0bb800d720, user_data=0x5612d4f5a130) at libnm/nm-client.c:3172
  #7  0x00007f0bd132a8df in emit_signal_instance_in_idle_cb (data=data@entry=0x7f0bb8003700) at ../gio/gdbusconnection.c:3789
  #8  0x00007f0bd10f1b5b in g_idle_dispatch (source=source@entry=0x7f0bb8012260, callback=0x7f0bd132a860 <emit_signal_instance_in_idle_cb>, user_data=0x7f0bb8003700) at ../glib/gmain.c:5836
  #9  0x00007f0bd10f2a9f in g_main_dispatch (context=0x5612d4f4b630) at ../glib/gmain.c:3325
  #10 g_main_context_dispatch (context=0x5612d4f4b630) at ../glib/gmain.c:4043
  #11 0x00007f0bd1144a98 in g_main_context_iterate.constprop.0 (context=0x5612d4f4b630, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4119
  #12 0x00007f0bd10f2163 in g_main_loop_run (loop=0x5612d4f4b720) at ../glib/gmain.c:4317
  #13 0x00005612d44b6543 in main (argc=7, argv=0x7fff4414f1d8) at clients/cli/nmcli.c:1036

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982613
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/662

Fixes: ce0e898fb4 ('libnm: refactor caching of D-Bus objects in NMClient')
(cherry picked from commit e1e9abdf04)
(cherry picked from commit 1db2314a73)
2021-03-12 12:43:06 +01:00
Thomas Haller
c861e87b7f
cloud-setup: fix replacing IPv4 addresses during update
If previously the profile would track two addresses ("10.116.1.130/24",
"10.116.1.65/24"), and during an update the second address was removed
(leaving "10.116.1.130/24"), then the addresses of the profile were
wrongly not changed.

The effect is that removing a secondary IP address might not take
effect.

Fix that.

https://bugzilla.redhat.com/show_bug.cgi?id=1920838

Fixes: 69f048bf0c ('cloud-setup: add tool for automatic IP configuration in cloud')
(cherry picked from commit bbd36be44a)
2021-03-12 12:43:03 +01:00
Beniamino Galvani
d3d5b807d6 devices: fail optional-802.1X connections if supplicant disappears
802-1x.optional=yes means that NM should tolerate a failure or a
timeout of the 802.1X authentication and should keep the connection
up. Even if the authentication doesn't succeed, NM keeps the
supplicant running so that it can continue trying.

If the supplicant disappears because it crashed or was killed
externally, NM should fail the connection so that it can be retried.

The current code is wrong also because after releasing the supplicant
interface, it calls wired_auth_cond_fail() which tries to connect a
signal to priv->supplicant.iface (which is NULL).

https://bugzilla.redhat.com/show_bug.cgi?id=1934291
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/776
(cherry picked from commit 840e54a96c)
(cherry picked from commit b4ba6e7af5)
2021-03-12 09:57:24 +01:00
Beniamino Galvani
237e4e0545 initrd: apply the MTU from bond= argument to the bond connection
Currently the MTU specified in:

 bond=<bondname>[:<bondslaves>:[:<options>[:<mtu>]]]

gets applied to the bond ports. Instead it should be applied to the
bond itself.

Fixes: ecc074b2f8 ('initrd: add command line parser')

https://bugzilla.redhat.com/show_bug.cgi?id=1932502
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/767
(cherry picked from commit 8df3ef5063)
(cherry picked from commit 43d16d2cd6)
2021-03-08 10:36:52 +01:00
Beniamino Galvani
086452e9ab dhcp: nettools: export broadcast and server-id options
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/426
(cherry picked from commit 020a2707c4)
2021-02-10 09:16:26 +01:00
Thomas Haller
221547bc21
libnm: suppress "-Warray-bounds" warning in nm_team_link_watcher_new_ethtool()
gcc-11.0.0-0.7.fc34 warns here:

    CC       libnm-core/libnm_core_la-nm-setting-team.lo
  libnm-core/nm-setting-team.c: In function ‘nm_team_link_watcher_new_ethtool’:
  libnm-core/nm-setting-team.c:127:33: error: array subscript ‘NMTeamLinkWatcher[0]’ is partly outside array bounds of ‘unsigned char[16]’ [-Werror=array-bounds]
    127 |     watcher->ref_count          = 1;
        |     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~
  libnm-core/nm-setting-team.c:125:15: note: referencing an object of size 16 allocated by ‘g_malloc’
    125 |     watcher = g_malloc(nm_offsetofend(NMTeamLinkWatcher, ethtool));
        |               ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  libnm-core/nm-setting-team.c:128:33: error: array subscript ‘NMTeamLinkWatcher[0]’ is partly outside array bounds of ‘unsigned char[16]’ [-Werror=array-bounds]
    128 |     watcher->type               = LINK_WATCHER_ETHTOOL;
        |     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~
  libnm-core/nm-setting-team.c:125:15: note: referencing an object of size 16 allocated by ‘g_malloc’
    125 |     watcher = g_malloc(nm_offsetofend(NMTeamLinkWatcher, ethtool));
        |               ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  libnm-core/nm-setting-team.c:129:33: error: array subscript ‘NMTeamLinkWatcher[0]’ is partly outside array bounds of ‘unsigned char[16]’ [-Werror=array-bounds]
    129 |     watcher->ethtool.delay_up   = delay_up;
        |     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~
  libnm-core/nm-setting-team.c:125:15: note: referencing an object of size 16 allocated by ‘g_malloc’
    125 |     watcher = g_malloc(nm_offsetofend(NMTeamLinkWatcher, ethtool));
        |               ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  libnm-core/nm-setting-team.c:130:33: error: array subscript ‘NMTeamLinkWatcher[0]’ is partly outside array bounds of ‘unsigned char[16]’ [-Werror=array-bounds]
    130 |     watcher->ethtool.delay_down = delay_down;
        |     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~
  libnm-core/nm-setting-team.c:125:15: note: referencing an object of size 16 allocated by ‘g_malloc’
    125 |     watcher = g_malloc(nm_offsetofend(NMTeamLinkWatcher, ethtool));
        |               ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Maybe we should not use this trick and just malloc() a struct of the
intended size, however:

 - the code below does a similar thing, doing it differently for ethtool
   watcher is confusing.

 - the NMTeamLinkWatcher is a union which cannot alter its type. In no
   case is it correct to access the fields of the wrong union type. By
   allocating a smaller chunk, valgrind might catch such bugs.
   Also, NMTeamLinkWatcher's definition is private to the C source file,
   in no case must anybody assume that the rest of the buffer actually
   exists.

Hence, workaround the warning by suppressing it.

(cherry picked from commit e5699dbcb7)
2021-02-09 10:56:10 +01:00
Frederic Martinsons
39f79c6898
Correct python black rules
Signed-off-by: Frederic Martinsons <frederic.martinsons@sigfox.com>
(cherry picked from commit 1f5c7f7d81)
2021-02-09 10:55:13 +01:00
Thomas Haller
786e9de3b5
libnm: fix NMVpnConnectionStateReason for glib-mkenums
The previous form was confusing glib-mkenums parser. Simplify
it.

Fixes: 5022e3b8ee ('libnm: revert coercing NMVpnConnectionStateReason to NMActiveConnectionStateReason')

https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/646
(cherry picked from commit 087a3b4955)
2021-02-09 10:55:13 +01:00
Thomas Haller
adabef8e86
wireguard: fix configuring larger number of allowed-ips on WireGuard link
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/640

Fixes: a5c894c35f ('platform: create wireguard netdev interface')
(cherry picked from commit a67c312d5d)
2021-02-09 10:55:13 +01:00
Thomas Haller
66fc6dd692
wifi: fix caching ap-flags for supplicant-interface
Fixes: b83f07916a ('supplicant: large rework of wpa_supplicant handling')

https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/631
(cherry picked from commit 1d04770002)
2021-02-09 10:55:13 +01:00
Thomas Haller
c1870b389d
ndisc: merge branch 'th/ndisc-dns-lifetimes'
https://bugzilla.redhat.com/show_bug.cgi?id=1874743

https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/725

(cherry picked from commit 010ad9eeb8)
2021-02-09 10:54:25 +01:00
Thomas Haller
34b08f8a96
ndisc: don't artificially extend the lifetime of DNSSL/RDNSS options
RFCs actually expect to honor the lifetime. See for example [1].

This is just not right, and totally arbitrary. It was added
when our libndp based implementation was added, but unclear
why this was done (beyond the code comment).

[1] page 204, v6LC.2.2.25: Processing Router Advertisement DNS (Host
    only) at https://ipv6ready.org/docs/Core_Conformance_5_0_0.pdf

(cherry picked from commit 68528f7af5)
2021-02-09 10:54:24 +01:00
Thomas Haller
08492516e7
ndisc: fix encoding DNS Search List Option in RA
The format is different than what was implemented.

Read [1] or see systemd's implementation ([2]).

[1] https://tools.ietf.org/html/rfc8106#section-5.2
[2] 65ab27211c/src/libsystemd-network/sd-radv.c (L791)

Fixes: 6387856602 ('ndisc/lndp: add ability to announce the managed IPv6 configuration')
(cherry picked from commit 872f265859)
2021-02-09 10:54:24 +01:00
Thomas Haller
5dfbbb8ffe
ndisc: minor cleanup in send_ra()
- use size_t variable for memory sizes and guint for iterating
  over GArray.

(cherry picked from commit 8d9662e16f)
2021-02-09 10:54:24 +01:00
Thomas Haller
933e6470fc
ndisc: pack structs for lndp options
There is no actual change in behavior, because "struct nd_opt_hdr"
as two uint8_t, so in practice this struct was always packed already.

But make it explicit, because it's clear that we use these structs
to set the binary message and they need a well defined (packed) memory
layout.

(cherry picked from commit e3c464b56c)
2021-02-09 10:54:24 +01:00
Thomas Haller
dc0d4ec817
ndisc: add comment and static assert for struct sizes for ndisc packet layout
Obviously, there is no change in behavior. It's just an assertion.

(cherry picked from commit 96d7ddc865)
2021-02-09 10:54:24 +01:00
Thomas Haller
ec0fc593fa
shared: add nm_str_buf_append_{dirty,c_len}() helpers
(cherry picked from commit 5a213541ea)
2021-02-09 10:54:24 +01:00
Beniamino Galvani
94044c7441 wifi: auto-activate devices as soon as the first scan finishes
Currently if we detect that a scan finished in
_scan_notify_is_scanning(), we call immediately _scan_kickoff() (which
might start a new scan) and then we check again whether the device can
autoactivate or whether to remove the wifi-scan pending action.

This means that if the scan takes long enough, when
_scan_notify_is_scanning() is called, it is already time to start
another scan and the device activation will be delayed. It will be
delayed until the scan duration becomes shorter than the
exponentially-growing periodic scan interval.

Fix this by delaying the next scan immediately after a scan result.

Co-authored-by: Thomas Haller <thaller@redhat.com>

https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/574
(cherry picked from commit 16d649ea92)
2021-02-09 09:05:39 +01:00
Beniamino Galvani
7a357dc5c7 dhcp: merge branch 'bg/dhcp6-pd-stateless'
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/647

(cherry picked from commit 26aab27587)
2021-02-08 11:18:15 +01:00
Beniamino Galvani
cf6c9253f6 dhcp: fix requesting prefixes in stateless mode
According to RFC3315 section 15.12, Information-request messages can't
include a IA option (such as IA_NA or IA_PD).

When doing stateless DHCPv6, we start the client in the appropriate
mode to issue an Information-request message: with "-S" for dhclient or
calling sd_dhcp6_client_set_information_request(TRUE) for systemd.

However, if we need a prefix later, the client must be restarted to
ask the prefix. Currently both dhclient and systemd clients are still
configured to send an Information-request with prefixes. Fix that.

(cherry picked from commit 6ed95bd8e5)
2021-02-08 11:18:15 +01:00
Beniamino Galvani
eacd1dacfa device: preserve the DHCPv6 mode when renewing the lease
(cherry picked from commit 1460054815)
2021-02-08 11:18:14 +01:00
Beniamino Galvani
daad4e2fee device: check ifindex before changing ethernet link settings
During the call to deactivate(), the device can already have lost the
ifindex. Add a check for that to prevent assertion:

 ((src/platform/nm-platform.c:3306)): assertion 'g_return_val_if_fail(ifindex > 0, FALSE)' failed

 0   g_logv (libglib-2.0.so.0 + 0x5bf67)
 1   g_log (libglib-2.0.so.0 + 0x5c223)
 2   _nm_g_return_if_fail_warning.lto_priv.0 (NetworkManager + 0x4c69f)
 3   nm_platform_ethtool_set_link_settings (NetworkManager + 0x183418)
 4   deactivate.lto_priv.1 (NetworkManager + 0x27dfd1)
 5   nm_device_cleanup (NetworkManager + 0x25b047)
 6   _set_state_full (NetworkManager + 0x24f4d8)
 7   nm_device_unrealize (NetworkManager + 0x259e63)
 8   _platform_link_cb_idle (NetworkManager + 0x27097f)
 9   g_idle_dispatch (libglib-2.0.so.0 + 0x5305b)
 10  g_main_context_dispatch (libglib-2.0.so.0 + 0x53f8f)
 11  g_main_context_iterate.constprop.0 (libglib-2.0.so.0 + 0xa74d8)
 12  g_main_loop_run (libglib-2.0.so.0 + 0x53673)
 13  main (NetworkManager + 0x4bdba)
 14  __libc_start_main (libc.so.6 + 0x27b75)
 15  _start (NetworkManager + 0x4c3ee)

https://bugzilla.redhat.com/show_bug.cgi?id=1923062
(cherry picked from commit 2757da7eac)
2021-02-01 15:31:49 +01:00
Beniamino Galvani
aa2bc9e6e4 initrd: fix leak in test
Fixes: 6069ef4b8b ('initrd: accept a zero-byte prefix for BOOTIF')
(cherry picked from commit 07ee187cb5)
2021-01-14 21:49:23 +01:00
Beniamino Galvani
516433f769 initrd: accept a zero-byte prefix for BOOTIF
The BOOTIF MAC address can be prefixed with a hardware address
type. Typically it is 01 (for ethernet), but the legacy network module
accepts (and strips) any byte value.

It seems wrong to take any address type without validation. In
addition to "01", also accept a zero type which, according to the
bugzilla below, is used in some configurations to mean "undefined".

While at it, also accept ':' as separator for the first byte.

https://bugzilla.redhat.com/show_bug.cgi?id=1904099
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/713
(cherry picked from commit 6069ef4b8b)
2021-01-14 19:41:16 +01:00
Beniamino Galvani
88eb0beb52 device: clean up dispatcher calls when canceling an activation
Ensure the callback for dispatcher calls is not executed, or it will
resume the activation chain we want to interrupt.

https://bugzilla.redhat.com/show_bug.cgi?id=1888348
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/723
(cherry picked from commit 8180b0180b)
2021-01-14 09:11:38 +01:00
Thomas Haller
e40fb23b1c
platform: avoid "-Wmaybe-uninitialized" warning in ip_route_add()
When building without "more-asserts" and LTO enabled, we can get
a warning about uninitalized "obj" variable:

    src/platform/nm-linux-platform.c: In function 'ip_route_add':
    src/platform/nm-platform.c:4761:24: warning: 'MEM[(struct NMPlatformIPRoute *)&obj + 24B].rt_source' may be used uninitialized in this function [-Wmaybe-uninitialized]
     4761 |     route->rt_source = nmp_utils_ip_config_source_round_trip_rtprot(route->rt_source);
          |                        ^
    src/platform/nm-platform.h:2139:25: warning: 'BIT_FIELD_REF <MEM[(const struct NMPlatformIPRoute *)&obj + 24B], 8, 72>' may be used uninitialized in this function [-Wmaybe-uninitialized]
     2139 |     return r->table_any ? 254u /* RT_TABLE_MAIN */
          |

That is due to the "default" switch case which was unhandled
when building without more-asserts". Avoid that by reworking the
code.

(cherry picked from commit fc6475bbf7)
2021-01-08 14:03:31 +01:00
Thomas Haller
f8b75e0a4c
platform/tests: workaround failure to add veth device on copr
On copr builds, the unit tests sometimes fail to create a veth
interface. In those cases, kernel rejects the netlink request
with EPERM. copr uses mock on Fedora 33 hosts.

I think this is a kernel bug. Add a workaround by retrying a few times.

(cherry picked from commit 02f4b0cbd5)
2021-01-08 10:05:27 +01:00
Thomas Haller
60c70e2fd2
contrib/rpm: support default options for debug,test in generated spec file
"build_clean.sh" (and "build.sh") scripts can both create a source
tarball (via `make dist`/`make distcheck`), an SRPM (and a spec file),
or build RPMs from the SRPM.

Note that the generated spec file has various options, like

    %bcond_without nmtui
    %bcond_without debug
    %bcond_without test

When building an RPM from the SRPM, you can specify the "--with" or
"--without" option for rpmbuild. This is also what the "-w" / "-W" options
for "build_clean.sh" do.

However, the SRPM still has the intrinsic defaults, and if you later
build an RPM from it, you would have to pass "--with" / "--without"
to rpmbuild.

Often that is not conveniently possible, for example, when you build the
SRPM in koji.

Extend the scripts so that also the defaults for "-w debug" and "-w
test" can be specified when generating the SRPM. You can do that with
the new options "--default-for-{debug,test}" to "build_clean.sh".

Alternatively, it suffices to specify the previously supported
"-w" / "-W" options. That way, we will pass those options to rpmbuild,
but also set them as defaults in the generate spec file. The new
options "--default-for-{debug,test}" are only needed if you want
the default in the spec file to be different then what you use
when creating the SRPM.

(cherry picked from commit a3f2cee0e6)
2021-01-07 09:17:09 +01:00
Thomas Haller
8ae41e282f
contrib/rpm: on rhel-9 let a test failure or compiler warning fail the build
We always run the unit tests during package build and also enable all compiler
warnings. However, by default we used to ignore failures. That is, because
rebuilding a package on another, future distro led to frequent, annoying build
failures. Especially compiler warnings appear easily when using a
different compiler version.

The default mostly matters here when you want to build the package in
brew/koji, where you don't have a possibility to explicitly select the
build option.

Note that rpmdiff detects failures in the build log, and thus we usually
would not miss failures for builds we add to errata. Also, all our CI
tests build packages with a manner where they would not allow a failure
of the unit tests. So, we run these unit tests frequently and in a
manner where we notice a failure.

For rhel-9 builds, change the default here and let test failures and
compiler warnings be fatal to the build.

(cherry picked from commit e68e5c0a4c)
2021-01-07 09:16:56 +01:00