fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2026-05-01 09:08:05 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
NetworkManager/libnm-core
History
Thomas Haller b635b4d419 core: improve and fix keeping connection active based on "connection.permissions" 
By setting "connection.permissions", a profile is restricted to a
particular user.
That means for example, that another user cannot see, modify, delete,
activate or deactivate the profile. It also means, that the profile
will only autoconnect when the user is logged in (has a session).

Note that root is always able to activate the profile. Likewise, the
user is also allowed to manually activate the own profile, even if no
session currently exists (which can easily happen with `sudo`).

When the user logs out (the session goes away), we want do disconnect
the profile, however there are conflicting goals here:

1) if the profile was activate by root user, then logging out the user
   should not disconnect the profile. The patch fixes that by not
   binding the activation to the connection, if the activation is done
   by the root user.

2) if the profile was activated by the owner when it had no session,
   then it should stay alive until the user logs in (once) and logs
   out again. This is already handled by the previous commit.

   Yes, this point is odd. If you first do

      $ sudo -u $OTHER_USER nmcli connection up $PROFILE

   the profile activates despite not having a session. If you then

      $ ssh guest@localhost nmcli device

   you'll still see the profile active. However, the moment the SSH session
   ends, a session closes and the profile disconnects. It's unclear, how to
   solve that any better. I think, a user who cares about this, should not
   activate the profile without having a session in the first place.

There are quite some special cases, in particular with internal
activations. In those cases we need to decide whether to bind the
activation to the profile's visibility.

Also, expose the "bind" setting in the D-Bus API. Note, that in the future
this flag may be modified via D-Bus API. Like we may also add related API
that allows to tweak the lifetime of the activation.

Also, I think we broke handling of connection visiblity with 37e8c53eee
"core: Introduce helper class to track connection keep alive". This
should be fixed now too, with improved behavior.

Fixes: 37e8c53eee

https://bugzilla.redhat.com/show_bug.cgi?id=1530977
2018-12-09 14:47:32 +01:00
..
tests all: make use of NM_MAKE_STRV() macro 2018-12-01 15:16:48 +01:00
meson.build build: meson: add missing libnm-core header file 2018-09-13 11:51:13 +02:00
nm-connection-private.h build: refine the NETWORKMANAGER_COMPILATION define 2018-01-08 12:38:53 +01:00
nm-connection.c libnm: hash settings in NMConnection by gtype 2018-10-23 11:07:23 +02:00
nm-connection.h libnm-core: don't serialize synthetic properties in nm_setting_to_string() 2018-11-07 15:36:44 +01:00
nm-core-enum-types.c.template core: add NMSettingWpan 2018-06-26 16:21:54 +02:00
nm-core-enum-types.h.template build: use template files for enum types' sources generation 2017-12-18 11:25:06 +01:00
nm-core-internal.h libnm-core: don't serialize synthetic properties in nm_setting_to_string() 2018-11-07 15:36:44 +01:00
nm-core-types-internal.h platform/wireguard: rework parsing wireguard links in platform 2018-09-07 11:24:17 +02:00
nm-core-types.h all: add 'match' setting 2018-08-11 09:41:07 +02:00
nm-crypto-gnutls.c libnm/crypto: clean crypto implementations for gnutls/nss 2018-09-04 07:38:30 +02:00
nm-crypto-impl.h libnm/crypto: refactor to use enum for supported ciphers 2018-09-04 07:38:30 +02:00
nm-crypto-nss.c libnm/crypto: clean crypto implementations for gnutls/nss 2018-09-04 07:38:30 +02:00
nm-crypto.c all: cleanup GChecksum handling 2018-11-13 18:30:03 +01:00
nm-crypto.h libnm/crypto: mark nm_crypto_make_des_aes_key() as test-only function 2018-09-04 07:38:30 +02:00
nm-dbus-interface.h core: improve and fix keeping connection active based on "connection.permissions" 2018-12-09 14:47:32 +01:00
nm-dbus-utils.c libnm-core: expose internal _nm_dbus_typecheck_response() helper 2018-10-17 13:03:50 +02:00
nm-errors.c all: use NM_CACHED_QUARK_FCN() instead of G_DEFINE_QUARK() 2017-02-10 14:33:52 +01:00
nm-errors.h all: add new D-Bus API org.freedesktop.NetworkManager.Settings.Connection.Update2() 2017-12-05 11:50:52 +01:00
nm-json.c libnm-core: don't use RTLD_DEEPBIND when building with asan 2018-02-15 15:34:03 +01:00
nm-json.h libnm: only include "nm-jansson.h" from "nm-json.h" 2018-01-16 14:47:24 +01:00
nm-keyfile-internal.h keyfile: add helper functions to record loaded UUID files 2018-12-03 12:09:57 +01:00
nm-keyfile-utils.c all: don't use gchar/gshort/gint/glong but C types 2018-07-11 12:02:06 +02:00
nm-keyfile-utils.h all: don't use gchar/gshort/gint/glong but C types 2018-07-11 12:02:06 +02:00
nm-keyfile.c keyfile: cleanup nm_keyfile_utils_ignore_filename() 2018-12-03 12:09:57 +01:00
nm-property-compare.c all: don't use gchar/gshort/gint/glong but C types 2018-07-11 12:02:06 +02:00
nm-property-compare.h build: refine the NETWORKMANAGER_COMPILATION define 2018-01-08 12:38:53 +01:00
nm-setting-6lowpan.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-6lowpan.h libnm-core: add NMSetting{6Lowpan,Wpan}Class to a public header 2018-06-29 22:34:23 +02:00
nm-setting-8021x.c docs: misc. typos pt2 2018-09-17 11:26:13 +02:00
nm-setting-8021x.h all: don't use gchar/gshort/gint/glong but C types 2018-07-11 12:02:06 +02:00
nm-setting-adsl.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-adsl.h libnm-core: sensible docstrings for NMSettings* 2017-03-17 10:15:11 +01:00
nm-setting-bluetooth.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-bluetooth.h core/bluetooth: add NAP type 2017-05-31 20:15:52 +02:00
nm-setting-bond.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-bond.h libnm-core: sensible docstrings for NMSettings* 2017-03-17 10:15:11 +01:00
nm-setting-bridge-port.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-bridge-port.h libnm-core: sensible docstrings for NMSettings* 2017-03-17 10:15:11 +01:00
nm-setting-bridge.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-bridge.h bridge: introduce a bridge.group-forward-mask connection property 2017-07-27 09:35:11 +02:00
nm-setting-cdma.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-cdma.h libnm-core: sensible docstrings for NMSettings* 2017-03-17 10:15:11 +01:00
nm-setting-connection.c all: add "${MAC}" substituion for "connection.stable-id" 2018-11-13 19:09:34 +01:00
nm-setting-connection.h libnm-core: add connection.llmnr property 2018-09-06 09:07:41 +02:00
nm-setting-dcb.c docs: misc. typos pt2 2018-09-17 11:26:13 +02:00
nm-setting-dcb.h all: don't use gchar/gshort/gint/glong but C types 2018-07-11 12:02:06 +02:00
nm-setting-dummy.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-dummy.h libnm-core: sensible docstrings for NMSettings* 2017-03-17 10:15:11 +01:00
nm-setting-ethtool.c libnm, cli, ifcfg-rh: add NMSettingEthtool setting 2018-08-10 10:38:19 +02:00
nm-setting-ethtool.h libnm: add missing NM_AVAILABLE_IN_1_14 macro to new API 2018-09-14 16:54:40 +02:00
nm-setting-generic.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-generic.h libnm-core: sensible docstrings for NMSettings* 2017-03-17 10:15:11 +01:00
nm-setting-gsm.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-gsm.h libnm-core: sensible docstrings for NMSettings* 2017-03-17 10:15:11 +01:00
nm-setting-infiniband.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-infiniband.h libnm-core: sensible docstrings for NMSettings* 2017-03-17 10:15:11 +01:00
nm-setting-ip-config.c man: document global connection default for "ipv4.dns-priority" 2018-11-13 13:49:02 +01:00
nm-setting-ip-config.h all: don't use gchar/gshort/gint/glong but C types 2018-07-11 12:02:06 +02:00
nm-setting-ip-tunnel.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-ip-tunnel.h ip-tunnel: add support for tunnel flags 2018-01-05 18:25:08 +01:00
nm-setting-ip4-config.c dhcp: add "ipv4.dhcp-client-id=duid" setting 2018-11-13 19:09:34 +01:00
nm-setting-ip4-config.h libnm-core: sensible docstrings for NMSettings* 2017-03-17 10:15:11 +01:00
nm-setting-ip6-config.c doc: add hint about ipv4.dhcp-client-id=stable 2018-11-13 19:09:34 +01:00
nm-setting-ip6-config.h libnm-core: add ipv6.dhcp-duid property 2018-06-08 18:23:31 +02:00
nm-setting-macsec.c libnm-core: macsec: don't require a cak in verify() 2018-11-20 15:15:57 +01:00
nm-setting-macsec.h macsec: enable send-sci by default and make the option configurable 2018-06-14 15:13:11 +02:00
nm-setting-macvlan.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-macvlan.h libnm-core: sensible docstrings for NMSettings* 2017-03-17 10:15:11 +01:00
nm-setting-match.c all: add 'match' setting 2018-08-11 09:41:07 +02:00
nm-setting-match.h all: add 'match' setting 2018-08-11 09:41:07 +02:00
nm-setting-olpc-mesh.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-olpc-mesh.h libnm-core: sensible docstrings for NMSettings* 2017-03-17 10:15:11 +01:00
nm-setting-ovs-bridge.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-ovs-bridge.h libnm-core: add ovs-bridge setting 2017-10-30 17:40:08 +01:00
nm-setting-ovs-interface.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-ovs-interface.h libnm-core: add ovs-interface setting 2017-10-30 17:40:08 +01:00
nm-setting-ovs-patch.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-ovs-patch.h libnm-core: add ovs-patch setting 2017-10-30 17:40:08 +01:00
nm-setting-ovs-port.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-ovs-port.h libnm-core: add ovs-port setting 2017-10-30 17:40:08 +01:00
nm-setting-ppp.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-ppp.h libnm-core: sensible docstrings for NMSettings* 2017-03-17 10:15:11 +01:00
nm-setting-pppoe.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-pppoe.h libnm,clients: add 'parent' property to PPPoE setting 2017-08-05 08:03:15 +02:00
nm-setting-private.h libnm: add generic-data for implementing NMSetting 2018-08-10 10:38:19 +02:00
nm-setting-proxy.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-proxy.h libnm-core: sensible docstrings for NMSettings* 2017-03-17 10:15:11 +01:00
nm-setting-serial.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-serial.h libnm-core: sensible docstrings for NMSettings* 2017-03-17 10:15:11 +01:00
nm-setting-sriov.c libnm-core: use g_variant_type_equal() to compare variant types 2018-10-06 10:03:48 +02:00
nm-setting-sriov.h libnm-core: add SR-IOV setting 2018-07-11 16:16:22 +02:00
nm-setting-tc-config.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-tc-config.h all: remove consecutive empty lines 2018-04-30 16:24:52 +02:00
nm-setting-team-port.c Fix typos 2018-09-30 21:14:55 +02:00
nm-setting-team-port.h all: don't use gchar/gshort/gint/glong but C types 2018-07-11 12:02:06 +02:00
nm-setting-team.c libnm-core: fix other int comparisons in team setting 2018-10-08 11:28:14 +02:00
nm-setting-team.h all: don't use gchar/gshort/gint/glong but C types 2018-07-11 12:02:06 +02:00
nm-setting-tun.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-tun.h libnm-core: sensible docstrings for NMSettings* 2017-03-17 10:15:11 +01:00
nm-setting-user.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-user.h all: remove consecutive empty lines 2018-04-30 16:24:52 +02:00
nm-setting-vlan.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-vlan.h all: replace "it's" with "its" where needed 2018-04-18 14:14:07 +02:00
nm-setting-vpn.c shared: add nm-secret-utils.h helper 2018-09-04 07:38:30 +02:00
nm-setting-vpn.h all: remove consecutive empty lines 2018-04-30 16:24:52 +02:00
nm-setting-vxlan.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-vxlan.h libnm-core: sensible docstrings for NMSettings* 2017-03-17 10:15:11 +01:00
nm-setting-wimax.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-wimax.h libnm-core: sensible docstrings for NMSettings* 2017-03-17 10:15:11 +01:00
nm-setting-wired.c docs: misc. typos pt2 2018-09-17 11:26:13 +02:00
nm-setting-wired.h libnm-core: sensible docstrings for NMSettings* 2017-03-17 10:15:11 +01:00
nm-setting-wireless-security.c docs: misc. typos pt2 2018-09-17 11:26:13 +02:00
nm-setting-wireless-security.h docs: misc. typos pt2 2018-09-17 11:26:13 +02:00
nm-setting-wireless.c wifi: support hidden ssid in AP mode 2018-09-27 13:35:53 +02:00
nm-setting-wireless.h docs: misc. typos pt2 2018-09-17 11:26:13 +02:00
nm-setting-wpan.c core/setting-wpan: add page and channel properties 2018-10-07 15:46:02 +02:00
nm-setting-wpan.h core/setting-wpan: add page and channel properties 2018-10-07 15:46:02 +02:00
nm-setting.c libnm-core: don't serialize synthetic properties in nm_setting_to_string() 2018-11-07 15:36:44 +01:00
nm-setting.h docs: misc. typos pt2 2018-09-17 11:26:13 +02:00
nm-simple-connection.c docs: provide soft descriptions for NM{Simple,Remote}Connection 2018-06-28 20:38:52 +02:00
nm-simple-connection.h include: use double-quotes to include our own headers 2017-03-09 14:12:35 +01:00
nm-utils-private.h libnm: replace _nm_utils_bytes_to_dbus() with nm_utils_gbytes_get_variant_ay() 2018-08-22 10:49:34 +02:00
nm-utils.c all: make use of NM_MAKE_STRV() macro 2018-12-01 15:16:48 +01:00
nm-utils.h libnm-core: add SR-IOV setting 2018-07-11 16:16:22 +02:00
nm-version.h release: bump version to 1.15.0 (development) 2018-09-08 10:24:20 +02:00
nm-vpn-dbus-interface.h all: remove consecutive empty lines 2018-04-30 16:24:52 +02:00
nm-vpn-editor-plugin.c docs: misc. typos pt2 2018-09-17 11:26:13 +02:00
nm-vpn-editor-plugin.h all: remove consecutive empty lines 2018-04-30 16:24:52 +02:00
nm-vpn-plugin-info.c docs: misc. typos pt2 2018-09-17 11:26:13 +02:00
nm-vpn-plugin-info.h gobject-introspection: made several fixes to the annotations 2018-03-26 12:45:49 +02:00