| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
| |
Make NMSettingBond have individual properties like other settings
types.
https://bugzilla.redhat.com/show_bug.cgi?id=1032808
Co-Authored-By: Thomas Haller <thaller@redhat.com>
Co-Authored-By: Dan Williams <dcbw@redhat.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
|
|
|
|
|
|
| |
Suppress logging the following line:
<warn> Error creating directory "/var/run/NetworkManager": 17 (File exists)
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
We can only create virtual interfaces when the connection has autoconnect
property *and* the device was not manually disconnected before.
Without this commit NetworkManager would auto-activate all virtual connections
when a change was done (e.g. new virtual connection was addded).
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When a device is initialized to be managed, it will transition through states
unmanaged -> unavailable -> disconnected. We don't want to remove software
devices during this initial transition to disconnected, because it prevents
auto-activation.
Test case:
$ nmcli con add type vlan ifname myvlan dev eth0 id 123
NM should immediately create myvlan interface and automatically activate it.
https://bugzilla.redhat.com/show_bug.cgi?id=1035814
|
|
|
|
|
| |
If an agent returns a UserCanceled error in response to a secrets
request, don't ask any other remaining secret agents for secrets.
|
|
|
|
|
|
| |
When an activation request requires secrets, if there is a secret
agent in the process that made the request, then prefer that to all
other secret agents.
|
|
|
|
|
|
|
|
|
|
| |
Rather than explicitly passing around a UID and a flag saying whether
or not it's relevant.
(This also fixes a bug where the wrong UID was being recorded in
nm-settings-connection.c::auth_start(), which caused problems such as
agent-owned secrets not getting saved because of a perceived UID
mismatch.)
|
|
|
|
| |
and ensure that main() frees the singleton before exiting
|
|
|
|
|
| |
If the prefix length was 128, that could cause an access beyond the
end of the array. Found by Thomas Haller.
|
|
|
|
|
|
|
| |
When moving over the platform, setting of the IPv4 broadcast address
got lost. Bring it back.
https://bugzilla.redhat.com/show_bug.cgi?id=1032819
|
| |
|
|\
| |
| |
| | |
https://bugzilla.gnome.org/show_bug.cgi?id=715196
|
| |
| |
| |
| |
| |
| |
| | |
Slaves have no IP configuration and should not have any IP settings.
This fixes connection comparison between generated slave connections
and persistent slave connections, as persistent slave connections won't
have any IP configuration.
|
| |
| |
| |
| |
| | |
Generic connections need an interface name, and that can only be
stored in the Connection setting.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This reverts commit 9a019f1fb5b7d99a7d4ec7af89212402ea81793a.
Generic connections should be bound to their interface names in a more generic
way instead of in nm-device.c. The Generic device itself should set the
attributes it needs when generating the connection, like other device types do.
This will be done in a following commit.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If the connection describes a bridge/bond/team/etc slave, where the
slave setting (like NMSettingBridgePort or NMSettingTeamPort) has all
default values, the setting does not get written out because the
plugin does not write default values. But then when reading the
connection back in, we need to add that all-default slave type setting
since it's required for a valid connection.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Zero values are actually valid values for various bridge options
and should be written out. Otherwise, when reading the property
back in, it gets assigned the default value which is often not
zero, causing the wrong value to be set in the connection.
Only properties with default values should not be written out.
|
|/
|
|
|
| |
The only property that is not serializes is each settings' 'name'
property, so the flag serves no purpose.
|
|
|
|
| |
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the migration to NMPlatform, support for ptp/peer addresses was
accidentally dropped. This broke OpenVPN configurations using 'p2p'
topology, which send a different peer address than the local address
for tunX, plus the server may also push routes that use the peer
address as the next hop. NetworkManager was unable to add these
routes, because the kernel had no idea how to talk to the peer,
because the peer's address was not assigned to any interface or
reachable over any routes.
Partly based on a patch from Dan Williams.
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=1036545
|
|
|
|
|
|
|
| |
This commit fixes a regression from a1f16cd4d9fff66d7feeee0846e554c9c3a5f998
(nm-policy.c change).
https://bugzilla.redhat.com/show_bug.cgi?id=1029854
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
nm_connection_get_virtual_iface_name() doesn't work when determining virtual
connections, because for VLANs it can return NULL.
See also commit e1e4740648d3ee522c8a80d1af6282afce94f53d.
https://bugzilla.redhat.com/show_bug.cgi?id=1034908
|
| |
|
| |
|
|
|
|
|
|
|
| |
This reverts commit f43586fc179b3e7ca82be110390c04336b5da37b.
This broke stuff as "name" was set on various places after construction. So we
revert the commit for now, and will rework it.
|
|
|
|
|
| |
It always uses RUNDIR and the change to NMRUNDIR was in error. This
could cause NetworkManager not to be able to kill old dhcpcd processes.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
dhcpcd v5.99 and later automatically enabled IPv6 behavior unless
specifically disabled. This is undesirable for two reason:
1) dhcpcd sends IPv4 Router Solicitations, which NetworkManager
handles itself, so there's no need to do it twice. NetworkManager
knows better than dhcpcd whether IPv6 is supposed to be used for
that interface or not.
2) Some devices don't react well to IPv6 when they aren't expecting
it. For example, older Qualcomm Gobi-based devices will listen
for Router Solicitations and attempt to set up IPv6, but if other
settings are not done correctly, or the firmware doesn't actually
support it, the firmware will then crash. So simply upgrading your
dhcpcd from 5.x to 6.x magically stops WWAN working for these
devices.
|
|
|
|
|
|
|
| |
Make the name property CONSTRUCT_ONLY. With this there is also no more
need to overwrite the constructor().
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
|
|
|
| |
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
|
|
|
|
|
|
|
| |
The public property is called NM_SETTING_VLAN_INTERFACE_NAME,
so also the internal field and the PROP_* enum should carry
the same name.
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
|
|
|
| |
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Previously, the device activation would stall in this case, because
the code wasn't expecting it to happen. In particular, this happens
when trying to assume a device that is up but has no IP config.
https://bugzilla.gnome.org/show_bug.cgi?id=715181
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When request for getting secrets is being freed in request_free(),
cancel_callback is get_cancel_cb(). It uses parent->current as a secret agent
object. However, this object can be already freed and thus there is a problem
getting priv in nm_secret_agent_cancel_secrets:
g_return_if_fail (self != NULL);
priv = NM_SECRET_AGENT_GET_PRIVATE (self);
(gdb) p self
$66 = (NMSecretAgent *) 0x7fae9afd42e0
(gdb) p *self
$67 = {parent = {g_type_instance = {g_class = 0x0}, ref_count = 0, qdata = 0x0}}
#0 nm_secret_agent_cancel_secrets (self=0x7fae9afd42e0, call=0x1) at settings/nm-secret-agent.c:325
#1 0x00007fae9a774882 in request_free (req=0x7fae9afc48f0) at settings/nm-agent-manager.c:496
#2 0x00007fae967b251a in g_hash_table_remove_internal (hash_table=0x7fae9aefdf00, key=0x2, notify=1) at ghash.c:1276
#3 0x00007fae9a72b340 in dispose (object=0x7fae9af77200) at nm-activation-request.c:446
#4 0x00007fae96cbeee8 in g_object_unref (_object=0x7fae9af77200) at gobject.c:3160
#5 0x00007fae9a73d87c in _active_connection_cleanup (user_data=<optimized out>) at nm-manager.c:359
#6 0x00007fae967c32a6 in g_main_dispatch (context=0x7fae9aedb180) at gmain.c:3066
#7 g_main_context_dispatch (context=context@entry=0x7fae9aedb180) at gmain.c:3642
#8 0x00007fae967c3628 in g_main_context_iterate (context=0x7fae9aedb180, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3713
#9 0x00007fae967c3a3a in g_main_loop_run (loop=0x7fae9aedb860) at gmain.c:3907
So we need to ref() 'agent' when adding it to pending list, so that the object
is not freed if the secret agent unregisters and is removed.
Test case:
1. run NM and nm-applet
2. activate a Wi-Fi network
3. nm-applet will ask for a password; ignore the popup window and kill nm-applet
4. start nm-applet again
5. click the same Wi-Fi network in nm-applet
6. NM will experience problems in nm_secret_agent_cancel_secrets() or crashes
(the procedure may not be 100%, but reproduces most of the time)
https://bugzilla.redhat.com/show_bug.cgi?id=922855
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
GLib-CRITICAL **: g_hash_table_iter_next: assertion 'ri->version == ri->hash_table->version' failed
It is not allowed to modify hash table while it is iterated. Unfortunately,
request_remove_agent() may remove the request from the 'requests' hash table,
making it not usable in the loop hash table looping.
We need to store the request into a temporary list and call request_next_agent()
on them later (after the hash loop).
Test case:
1. start NM and nm-applet
2. activate a Wi-Fi WPA connection
3. nm-applet displays a dialog asking for a password
4. kill nm-applet
5. NetworkManager removes the nm-applet's secret agent
and runs into removing the request from hash table in the
iterating loop (via get_complete_cb)
#0 get_complete_cb (parent=0x7f3f250f2970, secrets=0x0, agent_dbus_owner=0x0, agent_username=0x0, error=0x7f3f250f7830, user_data=0x7f3f25020e10)
at settings/nm-agent-manager.c:1111
#1 0x00007f3f23b46ea5 in req_complete_error (error=0x7f3f250f7830, req=0x7f3f250f2970) at settings/nm-agent-manager.c:509
#2 request_next_agent (req=0x7f3f250f2970) at settings/nm-agent-manager.c:615
#3 0x00007f3f23b48596 in request_remove_agent (agent=0x7f3f250f4a20, req=0x7f3f250f2970) at settings/nm-agent-manager.c:631
#4 remove_agent (self=<optimized out>, owner=0x7f3f250dbff0 ":1.275") at settings/nm-agent-manager.c:130
#5 0x00007f3f23b4868d in impl_agent_manager_unregister (self=0x7f3f25020e10, context=0x7f3f250f5480) at settings/nm-agent-manager.c:374
#0 0x00007f3f1fb9c4e9 in g_logv (log_domain=0x7f3f1fbfef4e "GLib", log_level=G_LOG_LEVEL_CRITICAL, format=<optimized out>, args=args@entry=0x7fff156b77c0) at gmessages.c:989
#1 0x00007f3f1fb9c63f in g_log (log_domain=log_domain@entry=0x7f3f1fbfef4e "GLib", log_level=log_level@entry=G_LOG_LEVEL_CRITICAL,
format=format@entry=0x7f3f1fc0889a "%s: assertion '%s' failed") at gmessages.c:1025
#2 0x00007f3f1fb9c679 in g_return_if_fail_warning (log_domain=log_domain@entry=0x7f3f1fbfef4e "GLib",
pretty_function=pretty_function@entry=0x7f3f1fc03c30 <__PRETTY_FUNCTION__.4571> "g_hash_table_iter_next",
expression=expression@entry=0x7f3f1fc038f0 "ri->version == ri->hash_table->version") at gmessages.c:1034
#3 0x00007f3f1fb849c0 in g_hash_table_iter_next (iter=<optimized out>, key=<optimized out>, value=<optimized out>) at ghash.c:733
#4 0x00007f3f23b484e5 in remove_agent (self=<optimized out>, owner=0x7f3f250dbff0 ":1.275") at settings/nm-agent-manager.c:129
#5 0x00007f3f23b4868d in impl_agent_manager_unregister (self=0x7f3f25020e10, context=0x7f3f250f5480) at settings/nm-agent-manager.c:374
|
|
|
|
|
|
|
| |
This reverts commit c1768154c4cfdc394cd175396157e5e4c48359af.
Not supposed to be committed yet, see dcbw/dbus-properties for the
real patch.
|
|
|
|
| |
g_inet_address_to_string() returns an allocated value.
|
|
|
|
| |
Helps other bindings.
|
|\
| |
| |
| |
| |
| |
| |
| |
| | |
(rh #1031763)
Ensures that resolv.conf is valid when assuming an already-configured device
that may have DNS information already written to resolv.conf.
https://bugzilla.redhat.com/show_bug.cgi?id=1031763
|
| |
| |
| |
| |
| |
| |
| | |
There can be multiple default routes for an interface with different
metrics. Grab the gateway of the default route with the lowest
metric as the overall gateway of the IP config. Otherwise the rest
could get left in the config and applied at random times.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If the interface who's IP configuration is being captured has the default
route, then read DNS servers from resolv.conf into the NMIP[4|6]Config.
This allows NetworkManager to repopulate resolv.conf if anything changes.
For example, if the system does not define a persistent hostname, then
when a device which has generated a connection activates, a hostname
lookup will be performed. The results of that lookup may change resolv.conf,
and thus NetworkManager must rewrite resolv.conf. Without capturing
DNS information at startup when generating connections, an empty
resolv.conf would be written.
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When generating connections at startup for active interfaces, the
generation code may not always be able to read DNS information for
the connection. Thus, the device's IP4Config won't have any
nameservers and the device won't be considered for reverse-address
lookup. However, since any device that gets this far is already
the "best" device and has the default route, and thus should be the
one used for reverse-address lookup.
Second, reorganize the code better handle dual-stack in the
future by checking the IP configs directly, instead of the
devices. Since 'best4' and 'best6' may be different devices,
we want to operate on the IP configs, not devices, to handle
situations where the best IP4Config may not be suitable for
reverse lookup, but the best IP6Config is.
https://bugzilla.redhat.com/show_bug.cgi?id=1031763
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When doing nm_auth_chain_unref(), the code iterated over the ->calls and
cancelled them. However, some of these calls might not have passed on to
polkit_authority_check_authorization(), but instead being scheduled with
g_idle_add(). These calls have to be canceled too because the NMAuthChain
will already be destroyed when auth_call_complete() calls.
Now, we g_source_remove() these calls and free them immediatly. Before
these calls leaked and led to use after free crash.
Also fix a memory leak by always get the results with
polkit_authority_check_authorization_finish(), even when being
cancelled.
This is the backtrace of the crash:
#0 0x00007f166efda359 in g_slist_remove () from /lib64/libglib-2.0.so.0
#1 0x00007f167311bcc1 in auth_call_complete ()
#2 0x00007f166efbde06 in g_main_context_dispatch ()
from /lib64/libglib-2.0.so.0
#3 0x00007f166efbe158 in g_main_context_iterate.isra.22 ()
from /lib64/libglib-2.0.so.0
#4 0x00007f166efbe55a in g_main_loop_run () from /lib64/libglib-2.0.so.0
#5 0x00007f16730d3c0d in main ()
Co-Authored-By: Dan Williams <dcbw@redhat.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
|
|
|
|
|
|
| |
This will allow callers to distinguish "no such connection" from
"connection failed to activate", etc.
https://bugzilla.redhat.com/show_bug.cgi?id=1022256
|
| |
|
|
|
|
| |
Signed-off-by: Thomas Haller <thaller@redhat.com>
|