summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* platform: avoid conflicts when reinstalling the device-routeth/bgo723178_device_route_metric_v2Thomas Haller2014-12-043-31/+96
| | | | | | | | | | | | | | | | | | | Since f32075d2fc11252e5661166b2f46c18c017929e9, we remove the kernel added IPv4 device route, and re-add it with appropriate metric. This could potentially replace existing, conflicting routes. Be more careful and only take any action when we don't have a conflicting route and when we add the address for the first time. The motivation for this was libreswan which might install a VPN route for a subnet that we also have configured on an interface. But the route conflict could happen easily for other reasons, for example if you configure a conflicting route manually. This is all avoided by not doing anything if we have any indication that some conflicts could arise. https://bugzilla.gnome.org/show_bug.cgi?id=723178
* libnm-util/tests: fix invalid g_test_expect_message() patternThomas Haller2014-12-041-2/+2
| | | | | | | | A failure to g_return_*() prints a critical warning which contains G_STRFUNC. Depending on the compiler this contains only the function name or the entire signature. Relax the assertion pattern to check the function name.
* libnm: don't allocate temporary buffer in nm_utils_uuid_generate_from_strings()Thomas Haller2014-12-041-12/+4
| | | | | | crypto_md5_sum() already accepts two separate strings: salt and password. No need to allocate a temporary buffer. Just pass @ns_uuid and @s separately.
* libnm: fix leak in nm_utils_uuid_generate_from_strings()Thomas Haller2014-12-041-5/+6
| | | | | | | | Did not free the GString instance @str. Thereby, also don't use GString. Just malloc() the temporary buffer. Fixes: e7661c9b525e5a4cd3bafe605b4fc464a4d5f620
* libnm: merge branch 'th/uuid-variant3-bgo740865'Thomas Haller2014-12-0417-35/+311
|\ | | | | | | https://bugzilla.gnome.org/show_bug.cgi?id=740865
| * libnm: allow empty strings for nm_utils_uuid_generate_from_string()Thomas Haller2014-12-042-17/+11
| | | | | | | | | | | | Since commit ef3de46c432743e2449612369d13eee66b22cb89 crypto_md5_hash() allows empty password. Also support empty strings for nm_utils_uuid_generate_from_string().
| * libnm: hide nm_utils_uuid_generate_from_string() from public APIThomas Haller2014-12-043-5/+5
| |
| * libnm: normalize missing connection UUIDThomas Haller2014-12-043-8/+49
| | | | | | | | | | Extend nm_connection_normalize() to add a connection UUID in case it is unset.
| * settings: change algorithm for UUID generation based on stringsThomas Haller2014-12-042-8/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | In several cases, connection uuids are generated based on some strings. Change the algorithm, to prefix the hashed identifier differently for each setting type. This makes collisions very unlikely. Also, change the algorithm, to create proper Variant3 UUIDs. This is a behavioral change, but it only affects code places that were added since nm-0-9-10 and were not yet part of a stable release.
| * core: add nm_utils_uuid_generate_from_strings()Thomas Haller2014-12-043-0/+95
| | | | | | | | | | Add function to create variant3 UUIDs based on a set of concatenated strings.
| * libnm: implement variant3 UUIDs according to rfc4122Thomas Haller2014-12-043-10/+51
| | | | | | | | | | | | Compare the results: perl -e 'use UUID::Tiny ":std"; print(uuid_to_string(create_uuid(UUID_V3, UUID_NS_DNS, "test"))."\n");' python -c 'from uuid import *; print(uuid3(UUID("6ba7b810-9dad-11d1-80b4-00c04fd430c8"), "test"))'
| * libnm: add a type argument to nm_utils_uuid_generate_from_string()Thomas Haller2014-12-048-19/+30
| | | | | | | | | | | | | | | | | | | | | | | | | | There are different types (variants) of UUIDs defined. Especially variants 3 and 5 are name based variants (rfc4122). The way we create our UUIDs in nm_utils_uuid_generate_from_string() however does not create them according to RFC and does not set the flags to indicate the variant. Modify the signature of nm_utils_uuid_generate_from_string() to accept a "uuid_type" argument, so that we later can add other algorithms without breaking API.
| * libnm: accept additional length argument in nm_utils_uuid_generate_from_string()Thomas Haller2014-12-048-12/+19
| | | | | | | | | | This makes the function also useful for non C-strings, non UTF-8-strings, and generic blobs.
| * libnm: don't heap allocate uuid temporary variableThomas Haller2014-12-042-12/+7
| |
| * libnm/test: add test for nm_utils_uuid_generate_from_string()Thomas Haller2014-12-044-0/+91
|/
* crypto/test: test crypto_md5_hash() for empty passwordsThomas Haller2014-12-041-0/+4
| | | | | Empty passwords are allowed since commit ef3de46c432743e2449612369d13eee66b22cb89 .
* libnm/crypto: fix uninitialized variable in crypto_md5_hash()Thomas Haller2014-12-041-2/+5
| | | | | | | @digest_len passed to g_checksum_get_digest() must be initialized to the size of the digest. It is an in-out paramter. Fixes: 48ff21b5bc42daa8b6f72db8d82fd9b21fde842e
* core: don't bounce disable_ipv6 when assuming connections (rh #1170530)Jiří Klimeš2014-12-041-1/+1
| | | | | | | | | | | Don't call set_nm_ipv6ll(self, TRUE) on any assumed connection since it would bounce disable_ipv6, which would break IPv6 connectivity. That is critical, for example, for installations via NFS. Fixes: d37b7bed305dbed7b5351038850ef6bbb7ed9c59 https://bugzilla.redhat.com/show_bug.cgi?id=1170530 Related: https://bugzilla.redhat.com/show_bug.cgi?id=1052157
* libnm-core: merge branch 'nm-utils-init-bgo740893'Dan Winship2014-12-0423-492/+262
|\ | | | | | | | | | | | | | | | | | | Drop nm_utils_init() and nm_utils_deinit(), and do some things via constructors and other things via just-in-time initialization. (Among other things, this fixes the fact that the daemon was failing to call nm_utils_init().) https://bugzilla.gnome.org/show_bug.cgi?id=740893
| * libnm-core: drop nm_utils_rsa_key_encrypt(), _encrypt_aes()Dan Winship2014-12-045-120/+20
| | | | | | | | | | | | | | | | In general, we shouldn't end up with an unencrypted copy of a certificate key anyway, so this function ought to be unnecessary (or at least, not broadly useful enough to be in the public API). nm-applet's GConf migration tool needs it, but that will eventually go away, and until then it can just use libnm-util.
| * libnm-core: relax restrictions on input arguments for crypto_md5_hash()Thomas Haller2014-12-043-14/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | crypto_md5_hash() only has two users: (a) crypto_make_des_aes_key() (b) nm_utils_uuid_generate_from_string() For (b) it is just a complicated way to compute the MD5 hash. The restrictions on salt and password don't matter. Actually they are harmful because we cannot compute the MD5 hash of the empty word. For (a), the caller should make sure to pass whatever restrictions he wants to enforce on the data. For example, it is counterintuitive, that crypto_md5_hash() would require @salt_len, enforce it to be at least 8 bytes, and then just use the first 8 bytes. If the caller (a) wants that behavior, he should make sure that he passes in 8 bytes. Likewise for the empty word. If the caller does not want to compute the hash of empty passwords, he must not hash them. Indeed, all of this was enforced by assertions, any caller already did the right thing.
| * libnm-core: combine duplicate crypto_make_des_aes_key() functionThomas Haller2014-12-043-37/+17
| |
| * libnm: remove nm_utils_init() from the public APIDan Winship2014-12-0411-71/+15
| | | | | | | | | | Remove nm_utils_init() from the public API, and just do it as a constructor instead.
| * libnm-core: call crypto_init() on the flyDan Winship2014-12-047-36/+86
| | | | | | | | | | | | | | | | Rather than requiring crypto_init() to have been called beforehand, just have every method that depends on it call it itself. This required adding a GError argument to crypto_is_pkcs12_data(), which in turn required a few other changes elsewhere.
| * libnm-core: reimplement crypto_md5_hash() using GChecksumDan Winship2014-12-046-171/+66
| | | | | | | | | | Reimplement crypto_md5_hash() using GChecksum. Remove the gboolean return value and GError argument, since it cannot fail now.
| * tests: add a test of libnm-core's crypto_md5_hash()Dan Winship2014-12-041-0/+54
| |
| * libnm-util: Note that nm_utils_deinit() is a no-opDan Winship2014-12-045-30/+5
| | | | | | | | | | nm_utils_deinit() is a no-op, so don't suggest that people need to call it.
| * libnm: drop nm_utils_deinit()Dan Winship2014-12-047-38/+3
|/ | | | It was a no-op anyway.
* libnm-core: fix the rule for parsing 'gateway' out of 'addresses' (rh #1170199)Dan Winship2014-12-032-26/+84
| | | | | | | We were always using the gateway field of the first address in ipv4.addresses / ipv6.addresses to set the gateway, but to be compatible with old behavior, we should actually be using the first non-0 gateway field (if the first one is 0).
* core: fix leak of generated connection if device is activeDan Williams2014-12-031-5/+4
| | | | | Don't generate (and add to settings) a connection if we aren't going to use it anyway.
* devices: don't release slaves on exit (rh #1169936)Dan Winship2014-12-031-1/+1
| | | | | | | | | | | | nm_device_removed() calls nm_device_release_one_slave() in order to fix up NetworkManager's master/slave bookkeeping, but we don't want to tell the kernel to actually unslave the device, since that would happen automatically anyway if the device was really removed, and shouldn't happen if the device is just being removed from NM's device list. (In particular, don't remove all libvirt-created virtual network devices from virbr0 when NetworkManager exits.)
* ifcfg-rh: don't include nm-utils-private.h outside of libnm-core/Thomas Haller2014-12-033-5/+4
|
* cli: g_strdup(NULL) returns NULL; simplify code for thatJiří Klimeš2014-12-031-40/+40
|
* contrib/rpm: ignore libgsystem/ repository in build_clean.shThomas Haller2014-12-031-1/+1
|
* cli: additional fix for nmcli connection downJiří Klimeš2014-12-031-6/+13
| | | | | | | nmcli crashed when a timeout was hit, because 'info' was used after freeing in down_timeout_cb(). Fixes 4a7c88621ddd8e8089f63071e3114003a0efc622.
* cli: fix deactivation for multiple connections (bgo #740775) (rh #1168383)Jiří Klimeš2014-12-032-43/+65
| | | | | | | | | | | $ nmcli connection down aa bb cc It has been broken by commit 20566c76de0d18162af020852ae1e2055addcfff. Fixups by dcbw. https://bugzilla.gnome.org/show_bug.cgi?id=740775 https://bugzilla.redhat.com/show_bug.cgi?id=1168383
* device: Deal with links that vanish during initializationLubomir Rintel2014-12-023-4/+9
| | | | | | | | | | | | | | | | | | | | | nm_device_get_hw_address() may return NULL and nm_platform_link_get_type may return NM_LINK_TYPE_NONE. While it might be a good idea to check for such cases at the init time it seems easier to just ignore it and prevent blowing up in subsequent deactivation. A quick test case: # while :; do ip link add moo0 type veth peer moo1; ip link del moo0 ; done Yields: NetworkManager:ERROR:devices/nm-device-ethernet.c:268:constructor: assertion failed: (link_type == NM_LINK_TYPE_ETHERNET || link_type == NM_LINK_TYPE_VETH) nm_device_set_hw_addr: assertion 'addr != NULL' failed https://bugzilla.gnome.org/show_bug.cgi?id=740992
* cli: wait for "con down" to deactivate the connection (bgo #740775) (rh ↵Dan Williams2014-12-011-3/+73
| | | | | | | | | | | | | #1168383) nmcli currently does not wait for the connection to fully deactivate, which can take some time due to dispatcher scripts or cleanup operations like DCB. Change it to wait until the connection is deactivated, or until a short timeout has expired. The user can adjust the timeout with "--wait" if they want. https://bugzilla.gnome.org/show_bug.cgi?id=740775 https://bugzilla.redhat.com/show_bug.cgi?id=1168383
* iface-helper: disambiguate route priority for IPv4 and IPv6Thomas Haller2014-12-012-16/+20
| | | | https://bugzilla.gnome.org/show_bug.cgi?id=740780
* core: rename NM_PLATFORM_ROUTE_METRIC_DEFAULT to ↵Thomas Haller2014-12-013-6/+12
| | | | | | | | | | | NM_PLATFORM_ROUTE_METRIC_DEFAULT_IP6 For IPv4, iproute for example defaults to a metric of 0. Hence, the name NM_PLATFORM_ROUTE_METRIC_DEFAULT was misleading. Also add a NM_PLATFORM_ROUTE_METRIC_DEFAULT_IP4 define for completeness. https://bugzilla.gnome.org/show_bug.cgi?id=740780
* nmcli/bash-completion: complete [+-] modifier for `connection modify` propertyThomas Haller2014-12-011-1/+6
| | | | | Fixes nmcli connection modify CONNECTION +conn<TAB>
* keyfile: assert in writer to have valid connection idThomas Haller2014-11-281-5/+1
| | | | | Few lines above we already verify the connection. We must have an @id.
* cli: fix setting ethernet.s390-subchannelsJiří Klimeš2014-11-281-12/+7
| | | | | | | It was not properly updated in a7c4d53d036c0f75b0903c95de7cb8fbdc47413f (when updating stuff to ne libnm). And allow 2 subchannels (libnm and ifcfg-rh allow it too).
* devices: NM_SETTING_WIRED_S390_SUBCHANNELS is now G_TYPE_STRV (rh #1168764)Jiří Klimeš2014-11-281-9/+8
| | | | | | | | Fixes crash on s390. The type change of the property was done in 6a4127cfa063a77e3ee886a999441c71f6a0e11c, but we forgot to update this function. https://bugzilla.redhat.com/show_bug.cgi?id=1168764
* core: adjust values for default route-metrics per device typeThomas Haller2014-11-262-21/+28
| | | | | | | | We recently changed default values for route metrics. Revise that again and increase the space between the default values. No strong reason to do this, but it seems better to have larger gaps and make use of the available range.
* vpn: don't choose route priority for VPN connections based on the parent deviceThomas Haller2014-11-261-12/+2
| | | | | | | | | | The parent device is just the device that happens to be the best device. It does not mean, that its route metric should be inherited to the VPN connection. This also makes the resulting route metric for VPN connections much more predictable: now it is either ipv4.route-metric from the connection, or it falls back to NM_VPN_ROUTE_METRIC_DEFAULT (10).
* libnm: (trivial) correct an example in NMSecretAgentOldGetSecretsFunc docsJiří Klimeš2014-11-261-1/+1
|
* build: fix wrongly linking against libreadline in all applicationsThomas Haller2014-11-261-0/+2
| | | | | | | | | | Every Makefile in the subtrees would include -lreadline as part of LIBS, hence every application would link against the library. This was broken since we added 'm4/ax_lib_readline.m4'. Fixes: 29297f8531e24d4df616c5c3acace9e23a695a02
* core: merge branch 'th/bgo723178_device_route_metric'Thomas Haller2014-11-2613-37/+90
|\ | | | | | | https://bugzilla.gnome.org/show_bug.cgi?id=723178
| * iface-helper: make priority variable guint32Thomas Haller2014-11-251-3/+4
| | | | | | | | | | | | | | Also read the command line argument as G_OPTION_ARG_INT64 type. Otherwise, on 32-bit integers, you could not enter any number larger then G_MAXINT32. Signed-off-by: Thomas Haller <thaller@redhat.com>
View Lorry Controller Status