| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
|
|
|
| |
GError codes are only unique per domain, so logging the code without
also indicating the domain is not helpful. And anyway, if the error
messages are not distinctive enough to tell the whole story then we
should fix the error messages.
Based-on-patch-by: Dan Winship <danw@gnome.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Functions that take a GError** MUST fill it in on error. There is no
need to check whether error is NULL if the function it was passed to
had a failing return value.
Likewise, a proper GError must have a non-NULL message, so there's no
need to double-check that either.
Based-on-patch-by: Dan Winship <danw@gnome.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- All internal source files (except "examples", which are not internal)
should include "config.h" first. As also all internal source
files should include "nm-default.h", let "config.h" be included
by "nm-default.h" and include "nm-default.h" as first in every
source file.
We already wanted to include "nm-default.h" before other headers
because it might contains some fixes (like "nm-glib.h" compatibility)
that is required first.
- After including "nm-default.h", we optinally allow for including the
corresponding header file for the source file at hand. The idea
is to ensure that each header file is self contained.
- Don't include "config.h" or "nm-default.h" in any header file
(except "nm-sd-adapt.h"). Public headers anyway must not include
these headers, and internal headers are never included after
"nm-default.h", as of the first previous point.
- Include all internal headers with quotes instead of angle brackets.
In practice it doesn't matter, because in our public headers we must
include other headers with angle brackets. As we use our public
headers also to compile our interal source files, effectively the
result must be the same. Still do it for consistency.
- Except for <config.h> itself. Include it with angle brackets as suggested by
https://www.gnu.org/software/autoconf/manual/autoconf.html#Configuration-Headers
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the current agent disappears and we already triggered the permission check
for it then the callback for that permission check will fire after we
progressed to the next agent:
# nmcli c --wait 0 up vpn
When another agent, such as GNOME Shell is registered, then get_done_cb() for
the nmcli will be called after we started the permission check for GNOME Shell,
resulting in an assertion fail:
get_done_cb: assertion 'call_id == parent->current_call_id' failed
|
|
|
|
| |
Fixes: 5d1cac81a0bcc66b891bc38f1a2cc4b84d47f08b
|
|
|
|
| |
Fixes: 5d1cac81a0bcc66b891bc38f1a2cc4b84d47f08b
|
|
|
|
|
|
|
| |
It might be that the user didn't supply the secrets in time and the dbus call
timed out. The agent should now hide the secrets dialog and we must let it know.
https://bugzilla.redhat.com/show_bug.cgi?id=1272023
|
|
|
|
| |
g_hash_table_insert()
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Clone the connection upon activation. This makes it safe for the user
to modify the original connection while it is activated.
This involves several changes:
- NMActiveConnection gets @settings_connection and @applied_connection.
To support add-and-activate, we constructing a NMActiveConnection with
no connection set. Previously, we would set the "connection" field to
a temporary NMConnection. Now NMManager piggybacks this temporary
connection as object-data (TAG_ACTIVE_CONNETION_ADD_AND_ACTIVATE).
- get rid of the functions nm_active_connection_get_connection_type()
and nm_active_connection_get_connection_uuid(). From their names
it is unclear whether this returns the settings or applied connection.
The (few) callers should figure that out themselves.
- rename nm_active_connection_get_id() to
nm_active_connection_get_settings_connection_id(). This function
is only used internally for logging.
- dispatcher calls now get two connections as well. The
applied-connection is used for the connection data, while
the settings-connection is used for the connection path.
- needs special handling for properties that apply immediately
when changed (nm_device_reapply_settings_immediately()).
Co-Authored-By: Thomas Haller <thaller@redhat.com>
https://bugzilla.gnome.org/show_bug.cgi?id=724041
|
|
|
|
|
|
|
|
|
|
| |
NMSecretAgent (and in turn NMAgentManager) used the @connection argument both
for the connection data, but also for the connection path. Detangle these, and
accept the path separate from the connection.
This makes NMSecretAgent and NMAgentManager truly operate on a plain
NMConnection, without the non-obvious requirement, that the path of the
connection must be set.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
nm_agent_manager_get_secrets()
Refactor agent-manager to always invoke the complete function for
nm_agent_manager_get_secrets().
In general, the complete function is always invoked asnychronously
when starting the operation. On the other hand, when cancelling the
operation or disposing the manager with pending operations, we now
(always) synchronously invoke the callback.
This makes it simpler for the user to reliably cancel the request
and perform potential cleanup.
This behavior bubbles up through NMSettingsConnection and NMActRequest,
and other callers that make directly or indicrectly make use of
nm_agent_manager_get_secrets().
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
NMSettingsConnection and NMActRequest
Instead of having the call_id of type guint32, make it an (opaque)
pointer type.
This has the advantage of strong typing and avoids the possiblity
of reusing an invalid integer (or overflow of the call-id counter).
OTOH, it has the disadvantage, that after a call_id is disposed,
it might be reused for future invocations (because malloc might
reuse the memory).
In fact, it is always an error to use a call_id that is already
completed. This commit also adds assertions to the cancel() calls
that the provided call_id is a pending call. Hence, such a bug
will be uncovered by assertions (that only might not tigger in
certain unlikely cases where a call-id got reused).
Note that for NMAgentManager, save_secrets() and delete_secrets()
both returned a call_id. But they didn't also provide a callback when
the operation completes. So the user trying to cancel such a call,
cannot know whether the operation is still in process and he cannot
avoid triggering an assertion.
Fix that by not returning a call-id for these operations. No caller
cared about it anyway.
For NMSettingsConnection, also track the internally scheduled requests
for so that we can cancel them on dispose.
|
| |
|
|
|
|
| |
instead of if-else-if
|
| |
|
|
|
|
|
| |
Let all implementations call request_start(), instead of
getting-secrets doing something special and call get_start().
|
|
|
|
|
| |
Drop the function pointers. Instead either inline them or
call them explicitly (possibly after switching on the request_type).
|
|
|
|
| |
Merge ConnectionRequest structure into Request.
|
|
|
|
| |
Fixes: 13386f760ac46564c363ea690d517d941fd1686e
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This code was unused, because we never enqueued any hashes
to the @asked list. Note that hashing also might give wrong
hash collisions, so this was buggy anyway.
Also, note that impl_agent_manager_register_with_capabilities()
already ensures that duplicate agents are not registered
in the first place (find_agent_by_identifier_and_uid()).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refactor the handling of the asynchronous requests so that now
NMSecretAgent has the following properties:
- The callback will *always* be invoked exactly once (sans crashes).
Even if you cancel the call or if you dispose NMSecretAgent with
pending calls. That allows the caller to rely on being called back
and possibly cleanup the user-data.
- Callbacks are always invoked asynchronously with respect to their
start-call.
- You can cancel all 3 types of operations, not only the 'GetSecrets'
call. Note that this will still not cancel the calls 'DeleteSecrets'
and 'SaveSecrets' on a D-Bus level.
When cancelling, the callback will be invoked synchronously with
respect to the cancel call, with an GError indicating the cancellation
(G_IO_ERROR_CANCELLED).
- During dispose, the callback is also invoked synchronously, with
some other error reason.
This also fixes a crash where handling of the asynchronous data was
messed up and the priv->requests hash would end up to containing dangling
pointers.
https://bugzilla.redhat.com/show_bug.cgi?id=1253407
|
|
|
|
|
|
|
| |
With gdbus, errors are now properly translated. We must check for
the error domain/code, intead of the dbus-error.
Fixes: df6706813a698e7a697739b0940bd8f528713aab
|
|
|
|
|
|
| |
void pointer
This gives some type safety.
|
|
|
|
|
| |
The latter makes use of the former. Ensure that NMSessionMonitor
lives long enough.
|
|
|
|
|
|
|
|
| |
Some functions from nm-session-monitor.c have an implicit access to
nm_session_monitor_get(). This is non-obvious behavior.
Instead require the explicit session-monitor instance to be
provided -- where needed.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Our gdbus generated types use the same names as their corresponding
"real" types, but with "NM" changed to "NMDBus".
Unfortunately, that means that introspection/nmdbus-manager.c (the
generated type for src/nm-manager.c) uses the same type name as the
entirely unrelated src/nm-dbus-manager.c.
Fix this by removing the "d" from src/nm-dbus-manager.c. (We could
rename the generated type instead, but then it becomes inconsistent
with all the other generated types, and we're already using it as
"NMDBusManager" in libnm/nm-manager.c.)
|
|
|
|
|
|
| |
Have NMSecretAgent emit "disconnected" when it detects that it has
been disconnected, rather than having both the agent and the agent
manager monitor it separately.
|
|
|
|
|
|
|
|
|
|
|
| |
Move D-Bus export/unexport handling into NMExportedObject and remove
type-specific export/get_path methods (export paths are now specified
at the class level, and NMExportedObject handles the counters for all
exported types automatically).
Since all exportable objects now use the same get_path() method, we
can also add some helper methods to simplify get_property()
implementations for object-path and object-path-array properties.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add NMExportedObject, make it the base class of all D-Bus-exported
types, and move the nm-properties-changed-signal logic into it. (Also,
make NMSettings use the same properties-changed code as everything
else, which it was not previously doing, presumably for historical
reasons).
(This is mostly just shuffling code around at this point, but
NMExportedObject will be more important in the gdbus port, since
gdbus-codegen doesn't do a very good job of supporting objects that
export multiple interfaces [as each NMDevice subclass does, for
example], so we will need more glue/helper code in NMExportedObject
then.)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rather than randomly including one or more of <glib.h>,
<glib-object.h>, and <gio/gio.h> everywhere (and forgetting to include
"nm-glib-compat.h" most of the time), rename nm-glib-compat.h to
nm-glib.h, include <gio/gio.h> from there, and then change all .c
files in NM to include "nm-glib.h" rather than including the glib
headers directly.
(Public headers files still have to include the real glib headers,
since nm-glib.h isn't installed...)
Also, remove glib includes from header files that are already
including a base object header file (which must itself already include
the glib headers).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
==29353== 620 (+620) (32 (+32) direct, 588 (+588) indirect) bytes in 1 (+1) blocks are definitely lost in loss record 6,905 of 7,076
==29353== at 0x7CDBAC8: g_type_create_instance (gtype.c:1844)
==29353== by 0x7CBF356: g_object_new_internal (gobject.c:1774)
==29353== by 0x7CC0D4C: g_object_newv (gobject.c:1922)
==29353== by 0x7CC14E3: g_object_new (gobject.c:1614)
==29353== by 0x50B58A: nm_secret_agent_new (nm-secret-agent.c:489)
==29353== by 0x50915F: impl_agent_manager_register_with_capabilities (nm-agent-manager.c:309)
==29353== by 0x62649BE: invoke_object_method (dbus-gobject.c:1899)
==29353== by 0x62649BE: object_registration_message (dbus-gobject.c:2161)
==29353== by 0x649D5CE: _dbus_object_tree_dispatch_and_unlock (dbus-object-tree.c:1018)
==29353== by 0x648F193: dbus_connection_dispatch (dbus-connection.c:4718)
==29353== by 0x6261DB4: message_queue_dispatch (dbus-gmain.c:90)
==29353== by 0x7F44AEA: g_main_dispatch (gmain.c:3111)
==29353== by 0x7F44AEA: g_main_context_dispatch (gmain.c:3710)
==29353== by 0x7F44E87: g_main_context_iterate.isra.29 (gmain.c:3781)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Agent registration should not be blocked by absence of a user session
tracked using logind or consolekit. Access control based on UID is
sufficient.
This patch ensures that the user can always register a secret agent,
even if he doesn't have a session tracked by logind or consolekit and
even when NetworkManager is not built with logind or consolekit support.
Please note checking for presence or absence of a user session tracked
by logind has no value in this context.
Acked-By: Thomas Haller <thaller@redhat.com>
Acked-By: Dan Williams <dcbw@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Also move the initilization of the instance into the constructed()
method.
NMAgentManager now owns a reference to the DBUS manager and Auth
manager and the dispose() function properly unregisters itself from
both.
|
|
|
|
|
|
|
| |
There's no need to call `nm_session_monitor_get()` individually for each
call to `nm_auth_is_subject_in_acl()`.
Acked-By: Thomas Haller <thaller@redhat.com>
|
|
|
|
| |
Acked-By: Thomas Haller <thaller@redhat.com>
|
|
|
|
|
|
| |
VPN connections always return true for nm_connection_need_secrets(), but the
documented behavior of GetSecrets() is just to return any secrets we have
(otherwise nmcli c --show-secrets would not be useful for VPN connections).
|
|
|
|
|
|
|
|
|
|
|
| |
config.h should be included from every .c file, and it should be
included before any other include. Fix that.
(As a side effect of how I did this, this also changes us to
consistently use "config.h" rather than <config.h>. To the extent that
it matters [which is not much], quotes are more correct anyway, since
we're talking about a file in our own build tree, not a system
include.)
|
|
|
|
|
| |
Move the definition of NMAgentManagerError to nm-errors, register it
with D-Bus, and verify in the tests that it maps correctly.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
assertion in agent_secrets_done_cb()
When secret providers return the connection hash in GetSecrets(),
this hash should only contain secrets. However, some providers also
return non-secret properties.
for_each_secret() iterated over all entries of the @secrets hash
and triggered the assertion in nm_setting_get_secret_flags() (see
below).
NM should not assert against user provided input. Change
nm_setting_get_secret_flags() to silently return FALSE, if the property
is not a secret.
Indeed, handling of secrets is very different for NMSettingVpn and
others. Hence nm_setting_get_secret_flags() has only an inconsistent
behavior and we have to fix all call sites to do the right thing
(depending on whether we have a VPN setting or not).
Now for_each_secret() checks whether the property is a secret
without hitting the assertion. Adjust all other calls of
nm_setting_get_secret_flags(), to anticipate non-secret flags and
assert/warn where appropriate.
Also, agent_secrets_done_cb() clears now all non-secrets properties
from the hash, using the new argument @remove_non_secrets when calling
for_each_secret().
#0 0x0000003370c504e9 in g_logv () from /lib64/libglib-2.0.so.0
#1 0x0000003370c5063f in g_log () from /lib64/libglib-2.0.so.0
#2 0x00007fa4b0c1c156 in get_secret_flags (setting=0x1e3ac60, secret_name=0x1ea9180 "security", verify_secret=1, out_flags=0x7fff7507857c, error=0x0) at nm-setting.c:1091
#3 0x00007fa4b0c1c2b2 in nm_setting_get_secret_flags (setting=0x1e3ac60, secret_name=0x1ea9180 "security", out_flags=0x7fff7507857c, error=0x0) at nm-setting.c:1124
#4 0x0000000000463d03 in for_each_secret (connection=0x1deb2f0, secrets=0x1e9f860, callback=0x464f1b <has_system_owned_secrets>, callback_data=0x7fff7507865c) at settings/nm-settings-connection.c:203
#5 0x000000000046525f in agent_secrets_done_cb (manager=0x1dddf50, call_id=1, agent_dbus_owner=0x1ddb9e0 ":1.39", agent_username=0x1e51710 "thom", agent_has_modify=1, setting_name=0x1e91f90 "802-11-wireless-security",
flags=NM_SETTINGS_GET_SECRETS_FLAG_ALLOW_INTERACTION, secrets=0x1e9f860, error=0x0, user_data=0x1deb2f0, other_data2=0x477d61 <get_secrets_cb>, other_data3=0x1ea92a0) at settings/nm-settings-connection.c:757
#6 0x00000000004dc4fd in get_complete_cb (parent=0x1ea6300, secrets=0x1e9f860, agent_dbus_owner=0x1ddb9e0 ":1.39", agent_username=0x1e51710 "thom", error=0x0, user_data=0x1dddf50) at settings/nm-agent-manager.c:1139
#7 0x00000000004dab54 in req_complete_success (req=0x1ea6300, secrets=0x1e9f860, agent_dbus_owner=0x1ddb9e0 ":1.39", agent_uname=0x1e51710 "thom") at settings/nm-agent-manager.c:502
#8 0x00000000004db86e in get_done_cb (agent=0x1e89530, call_id=0x1, secrets=0x1e9f860, error=0x0, user_data=0x1ea6300) at settings/nm-agent-manager.c:856
#9 0x00000000004de9d0 in get_callback (proxy=0x1e47530, call=0x1, user_data=0x1ea10f0) at settings/nm-secret-agent.c:267
#10 0x000000337380cad2 in complete_pending_call_and_unlock () from /lib64/libdbus-1.so.3
#11 0x000000337380fdc1 in dbus_connection_dispatch () from /lib64/libdbus-1.so.3
#12 0x000000342800ad65 in message_queue_dispatch () from /lib64/libdbus-glib-1.so.2
#13 0x0000003370c492a6 in g_main_context_dispatch () from /lib64/libglib-2.0.so.0
#14 0x0000003370c49628 in g_main_context_iterate.isra.24 () from /lib64/libglib-2.0.so.0
#15 0x0000003370c49a3a in g_main_loop_run () from /lib64/libglib-2.0.so.0
#16 0x000000000042e5c6 in main (argc=1, argv=0x7fff75078e88) at main.c:644
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This makes NetworkManager independent of <polkit/polkit.h>
development headers and libpolkit-gobject-1.so library.
Instead communicate directly with polkit using its DBUS
interface.
PolicyKit support is now always compiled in. You can control
polkit authorization with the configuration option
[main]
auth-polkit=yes|no
If the configure option is omitted, a build time default
value is used. This default value can be set with the
configure option --enable-polkit.
This commit adds a new class NMAuthManager that reimplements the
relevant DBUS client parts. It takes source code from the polkit
library.
https://bugzilla.gnome.org/show_bug.cgi?id=734146
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
|
|
|
| |
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Port libnm-core/libnm to GDBus.
The NetworkManager daemon continues to use dbus-glib; the
previously-added connection hash/variant conversion methods are now
moved to NetworkManagerUtils (along with a few other utilities that
are now only needed by the daemon code).
|
|
|
|
|
|
|
|
|
|
| |
In preparation for porting to GDBus, make nm_connection_to_dbus(),
etc, represent connections as GVariants of type 'a{sa{sv}}' rather
than as GHashTables-of-GHashTables-of-GValues.
This means we're constantly converting back and forth internally, but
this is just a stepping stone on the way to the full GDBus port, and
all of that code will go away again later.
|