delta/NetworkManager.git/src/nm-active-connection.c, branch th/strsplit gitlab.freedesktop.org: NetworkManager/NetworkManager.git all/trivial: rename NM_UTILS_LOOKUP_STR() to have "_A" suffix 2019-01-15T08:52:01+00:00 Thomas Haller thaller@redhat.com 2019-01-10T08:17:28+00:00 617bdbd8c274caea00c964315b7e7c2db32febf9 NM_UTILS_LOOKUP_STR() uses alloca(). Partly to avoid the overhead of malloc(), but more important because it's convenient to use. It does not require to declare a varible to manage the lifetime of the heap allocation. It's quite safe, because the stack allocation is of a fixed size of only a few bytes. Overall, I think the convenience that we get (resulting in simpler code) outweighs the danger of stack allocation in this case. It's still worth it. However, as it uses alloca(), it still must not be used inside a (unbound) loop and it is obviously a macro. Rename the macros to have a _A() suffix. This should make the peculiarities more apparent. 
NM_UTILS_LOOKUP_STR() uses alloca(). Partly to avoid the overhead of
malloc(), but more important because it's convenient to use. It does
not require to declare a varible to manage the lifetime of the heap
allocation.

It's quite safe, because the stack allocation is of a fixed size of only
a few bytes. Overall, I think the convenience that we get (resulting in
simpler code) outweighs the danger of stack allocation in this case. It's
still worth it.
However, as it uses alloca(), it still must not be used inside a (unbound)
loop and it is obviously a macro.

Rename the macros to have a _A() suffix. This should make the
peculiarities more apparent.
core: improve and fix keeping connection active based on "connection.permissions" 2018-12-09T13:47:32+00:00 Thomas Haller thaller@redhat.com 2018-11-21T12:30:16+00:00 b635b4d4194514baf6bf5b32f1116210c8822668 By setting "connection.permissions", a profile is restricted to a particular user. That means for example, that another user cannot see, modify, delete, activate or deactivate the profile. It also means, that the profile will only autoconnect when the user is logged in (has a session). Note that root is always able to activate the profile. Likewise, the user is also allowed to manually activate the own profile, even if no session currently exists (which can easily happen with `sudo`). When the user logs out (the session goes away), we want do disconnect the profile, however there are conflicting goals here: 1) if the profile was activate by root user, then logging out the user should not disconnect the profile. The patch fixes that by not binding the activation to the connection, if the activation is done by the root user. 2) if the profile was activated by the owner when it had no session, then it should stay alive until the user logs in (once) and logs out again. This is already handled by the previous commit. Yes, this point is odd. If you first do $ sudo -u $OTHER_USER nmcli connection up $PROFILE the profile activates despite not having a session. If you then $ ssh guest@localhost nmcli device you'll still see the profile active. However, the moment the SSH session ends, a session closes and the profile disconnects. It's unclear, how to solve that any better. I think, a user who cares about this, should not activate the profile without having a session in the first place. There are quite some special cases, in particular with internal activations. In those cases we need to decide whether to bind the activation to the profile's visibility. Also, expose the "bind" setting in the D-Bus API. Note, that in the future this flag may be modified via D-Bus API. Like we may also add related API that allows to tweak the lifetime of the activation. Also, I think we broke handling of connection visiblity with 37e8c53eeed "core: Introduce helper class to track connection keep alive". This should be fixed now too, with improved behavior. Fixes: 37e8c53eeed579fe34a68819cd12f3295d581394 https://bugzilla.redhat.com/show_bug.cgi?id=1530977 
By setting "connection.permissions", a profile is restricted to a
particular user.
That means for example, that another user cannot see, modify, delete,
activate or deactivate the profile. It also means, that the profile
will only autoconnect when the user is logged in (has a session).

Note that root is always able to activate the profile. Likewise, the
user is also allowed to manually activate the own profile, even if no
session currently exists (which can easily happen with `sudo`).

When the user logs out (the session goes away), we want do disconnect
the profile, however there are conflicting goals here:

1) if the profile was activate by root user, then logging out the user
   should not disconnect the profile. The patch fixes that by not
   binding the activation to the connection, if the activation is done
   by the root user.

2) if the profile was activated by the owner when it had no session,
   then it should stay alive until the user logs in (once) and logs
   out again. This is already handled by the previous commit.

   Yes, this point is odd. If you first do

      $ sudo -u $OTHER_USER nmcli connection up $PROFILE

   the profile activates despite not having a session. If you then

      $ ssh guest@localhost nmcli device

   you'll still see the profile active. However, the moment the SSH session
   ends, a session closes and the profile disconnects. It's unclear, how to
   solve that any better. I think, a user who cares about this, should not
   activate the profile without having a session in the first place.

There are quite some special cases, in particular with internal
activations. In those cases we need to decide whether to bind the
activation to the profile's visibility.

Also, expose the "bind" setting in the D-Bus API. Note, that in the future
this flag may be modified via D-Bus API. Like we may also add related API
that allows to tweak the lifetime of the activation.

Also, I think we broke handling of connection visiblity with 37e8c53eeed
"core: Introduce helper class to track connection keep alive". This
should be fixed now too, with improved behavior.

Fixes: 37e8c53eeed579fe34a68819cd12f3295d581394

https://bugzilla.redhat.com/show_bug.cgi?id=1530977
device: arm keep-alive instance when queuing active-connection for activation 2018-12-09T13:47:32+00:00 Thomas Haller thaller@redhat.com 2018-11-20T15:01:32+00:00 a4bdb161eb50ab4e8f4f0336b9aef531a85923d4 Now that the keep-alive instance defaults to ALIVE by default, we can always arm it when starting to activate the active-connection. The keep-alive instance may have been armed earlier already: for example, when binding its lifetime to a D-Bus name or when watching the connection's visible state. However, at the moment when we queue the active-connection for activation, we also want to make sure that the keep-alive instance is armed. It is nicer for consistancy reasons. Note, that nm_keep_alive_arm() has no effect if nm_keep_alive_disarm() was called earlier already. Also note, that NMActiveConnection will disarm the keep-alive instance, when changing to a state greater than ACTIVATED. So, all works together nicely. Also, no longer arm the keep-alive instance in the constructor of NMActiveConnection. It would essentially mean, that the instances is aremd very early. Also, as alternative point of interest, arm the keep-alive instance when registering the signal handler in "nm-policy.c". 
Now that the keep-alive instance defaults to ALIVE by default, we can
always arm it when starting to activate the active-connection.

The keep-alive instance may have been armed earlier already:
for example, when binding its lifetime to a D-Bus name or
when watching the connection's visible state.

However, at the moment when we queue the active-connection for
activation, we also want to make sure that the keep-alive instance is
armed. It is nicer for consistancy reasons.

Note, that nm_keep_alive_arm() has no effect if nm_keep_alive_disarm()
was called earlier already. Also note, that NMActiveConnection will
disarm the keep-alive instance, when changing to a state greater than
ACTIVATED. So, all works together nicely.

Also, no longer arm the keep-alive instance in the constructor of
NMActiveConnection. It would essentially mean, that the instances
is aremd very early.

Also, as alternative point of interest, arm the keep-alive instance
when registering the signal handler in "nm-policy.c".
keep-alive: use NMKeepAlive API directly instead of via NMActiveConnection 2018-12-09T13:47:31+00:00 Thomas Haller thaller@redhat.com 2018-11-20T13:51:22+00:00 f95a5263667a03aaf67635d28532c242d3025bd9 NMKeepAlive is a proper GObject type, with a specific API that on the one end allows to configure watches/bindings, and on the other end exposes and is-alive property and the owner instance. That's great, as NMActiveConnection is not concerned with either end (moving complexity away from "nm-active-connection.c") and as we later can reuse NMKeepAlive with NMSettingsConnection. However, we don't need to wrap this API by NMActiveConnection. Doing so means, we need to expose all the watch/bind functions also as part of NMActiveConnection API. The only ugliness here is, that NMPolicy subscribes to property changed signal of the keep alive instance, which would fail horribly if NMActiveConnection ever decides to swap the keep alive instance (in which case NMPolicy would have to disconnect the signal, and possibly reconnect it to another NMKeepAlive instance). We avoid that by just not doing that and documenting it. 
NMKeepAlive is a proper GObject type, with a specific API that on the one
end allows to configure watches/bindings, and on the other end exposes
and is-alive property and the owner instance. That's great, as NMActiveConnection
is not concerned with either end (moving complexity away from
"nm-active-connection.c") and as we later can reuse NMKeepAlive with
NMSettingsConnection.

However, we don't need to wrap this API by NMActiveConnection. Doing so
means, we need to expose all the watch/bind functions also as part of
NMActiveConnection API.

The only ugliness here is, that NMPolicy subscribes to property changed
signal of the keep alive instance, which would fail horribly if
NMActiveConnection ever decides to swap the keep alive instance (in
which case NMPolicy would have to disconnect the signal, and possibly
reconnect it to another NMKeepAlive instance). We avoid that by just not
doing that and documenting it.
keep-alive: let NMKeepAlive instance access the owner object that it is keeping alive 2018-12-09T13:47:31+00:00 Thomas Haller thaller@redhat.com 2018-11-20T14:31:59+00:00 9e8c3d2ebf2efd61658e69ef8c3db3df3b0b8f0a NMKeepAlive is a full API independent of NMActiveConnection. For good reasons: - it moves complexity away from nm-active-connection.c - in the future, we can use NMKeepAlive also for NMSettingsConnection As such, the user should also directly interact with NMKeepAlive, instead of going through NMActiveConnection. For that to work, it must be possible to get the owner of the NMKeepAlive instance, which is kept alive. 
NMKeepAlive is a full API independent of NMActiveConnection. For good
reasons:

  - it moves complexity away from nm-active-connection.c

  - in the future, we can use NMKeepAlive also for NMSettingsConnection

As such, the user should also directly interact with NMKeepAlive,
instead of going through NMActiveConnection. For that to work, it
must be possible to get the owner of the NMKeepAlive instance,
which is kept alive.
keep-alive: rename nm_keep_alive_sink() to nm_keep_alive_arm() 2018-12-09T13:47:31+00:00 Thomas Haller thaller@redhat.com 2018-11-20T12:24:30+00:00 7578e59ba973a9b51a216d562cc9d1cb83ea3a91 The names "floating" and "sink()" are well known and good. However, "disarm()" seems the best name for the counterpart operation, better than "float()", "unsink()", or "freeze()". Since we have "nm_keep_alive_disarm()", for consitency rename - "floating" -> (not) "armed" - "sink()" -> "arm()" 
The names "floating" and "sink()" are well known and good.

However, "disarm()" seems the best name for the counterpart operation,
better than "float()", "unsink()", or "freeze()".

Since we have "nm_keep_alive_disarm()", for consitency rename

  - "floating" -> (not) "armed"
  - "sink()"   -> "arm()"
keep-alive: drop "floating" argument from nm_keep_alive_new() 2018-12-09T13:47:31+00:00 Thomas Haller thaller@redhat.com 2018-11-20T12:16:54+00:00 a1e811b427e63b8db5be01300f3eb50ff72fd37c All callers only want to create floating instances at first. Also, it seems to make generally more sense this way: you create a floating instance, set it up, and then arm it. This simplifies nm_keep_alive_new(), which previously was adding additional code that wasn't accessible via plain g_object_new(). 
All callers only want to create floating instances at first.
Also, it seems to make generally more sense this way: you create
a floating instance, set it up, and then arm it.

This simplifies nm_keep_alive_new(), which previously was adding
additional code that wasn't accessible via plain g_object_new().
keep-alive: add nm_keep_alive_disarm() to silence notifications once we disconnect 2018-12-09T13:47:31+00:00 Thomas Haller thaller@redhat.com 2018-11-20T10:28:33+00:00 15033be1a3edd9e57d18ce65e0ab9c56c115bf9d The NMKeepAlive instance is useful to find out when we should disconnect. The moment when we start disconnecting, we don't care about it anymore. Add a nm_keep_alive_disarm() function to suppress property change events about the alive state, after that point. Emitting further events from that point on is only confusing. Yes, this means, a NMKeepAlive instance shall not be re-used for multiple purposes. Create a separate keep-alive instace for each target that should be guarded. Also, once disarmed, we can release all resources that the NMKeepAlive instance was holding until now. 
The NMKeepAlive instance is useful to find out when we should disconnect.
The moment when we start disconnecting, we don't care about it anymore.

Add a nm_keep_alive_disarm() function to suppress property change events about
the alive state, after that point. Emitting further events from that point
on is only confusing.

Yes, this means, a NMKeepAlive instance shall not be re-used for
multiple purposes. Create a separate keep-alive instace for each target
that should be guarded.

Also, once disarmed, we can release all resources that the NMKeepAlive instance
was holding until now.
keep-alive: various style fixes 2018-11-17T11:50:58+00:00 Thomas Haller thaller@redhat.com 2018-11-17T11:46:14+00:00 58923de4e4b1fab098707065a21f9055fb0a4602 Some trivial changes: - move nm_keep_alive_new() after nm_keep_alive_init(), so that the functions that initialize the instance are beside each other. - prefer nm_streq*() over strcmp(). - wrap some lines. - remove some empty lines. 
Some trivial changes:

- move nm_keep_alive_new() after nm_keep_alive_init(), so that the
  functions that initialize the instance are beside each other.
- prefer nm_streq*() over strcmp().
- wrap some lines.
- remove some empty lines.
keep-alive: drop unused error argument 2018-11-17T11:43:25+00:00 Thomas Haller thaller@redhat.com 2018-11-17T11:43:25+00:00 7842a58055eecaae2cef530f7383dc900bb49636