colin/NetworkManager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

device: honor the connection.autoconnect-retries for 802.1X

Browse Source 
NMDeviceEthernet and NMDeviceMacsec implement their own retry policy
for connection using 802.1X, and consider the credentials wrong when
the authentication fails for 3 times. In such case, they also disable
autoconnection for the device by setting the state reason NO_SECRETS.

This means that it's not possible at the moment to choose how many
times the authentication will be retried since they don't use the
standard reconnection logic.

Change NMDeviceEthernet and NMDeviceMacsec to use the number of
retries from connection.autoconnect-retries instead of a hardcoded
value to decide how many times the authentication must be restarted.
This commit is contained in:
Beniamino Galvani
2017-01-19 17:25:31 +01:00
parent 07570e245a
commit 4a6fd0e83e
2 changed files with 32 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
src/devices/nm-device-ethernet.c
View File

@@ -59,8 +59,6 @@ _LOG_DECLARE_SELF(NMDeviceEthernet);
/*****************************************************************************/ /*****************************************************************************/
static NM_CACHED_QUARK_FCN ("wired-secrets-tries", wired_secret_tries_quark)
#define PPPOE_RECONNECT_DELAY 7 #define PPPOE_RECONNECT_DELAY 7
#define PPPOE_ENCAP_OVERHEAD 8 /* 2 bytes for PPP, 6 for PPPoE */ #define PPPOE_ENCAP_OVERHEAD 8 /* 2 bytes for PPP, 6 for PPPoE */
@@ -258,16 +256,17 @@ _update_s390_subchannels (NMDeviceEthernet *self)
} }
static void static void
clear_secrets_tries (NMDevice *device) reset_autoconnect_retries (NMDevice *device)
{ {
NMActRequest *req; NMActRequest *req;
NMConnection *connection; NMSettingsConnection *connection;
req = nm_device_get_act_request (device); req = nm_device_get_act_request (device);
if (req) { if (req) {
connection = nm_act_request_get_applied_connection (req); connection = nm_act_request_get_settings_connection (req);
/* Clear wired secrets tries on success, failure, or when deactivating */ g_return_if_fail (connection);
g_object_set_qdata (G_OBJECT (connection), wired_secret_tries_quark (), NULL); /* Reset autoconnect retries on success, failure, or when deactivating */
nm_settings_connection_reset_autoconnect_retries (connection);
} }
} }
@@ -283,7 +282,7 @@ device_state_changed (NMDevice *device,
if ( new_state == NM_DEVICE_STATE_ACTIVATED if ( new_state == NM_DEVICE_STATE_ACTIVATED
|| new_state == NM_DEVICE_STATE_FAILED || new_state == NM_DEVICE_STATE_FAILED
|| new_state == NM_DEVICE_STATE_DISCONNECTED) || new_state == NM_DEVICE_STATE_DISCONNECTED)
clear_secrets_tries (device); reset_autoconnect_retries (device);
} }
static void static void
@@ -681,15 +680,20 @@ handle_auth_or_fail (NMDeviceEthernet *self,
gboolean new_secrets) gboolean new_secrets)
{ {
const char *setting_name; const char *setting_name;
guint32 tries;
NMConnection *applied_connection; NMConnection *applied_connection;
NMSettingsConnection *settings_connection;
int tries_left;
applied_connection = nm_act_request_get_applied_connection (req); applied_connection = nm_act_request_get_applied_connection (req);
settings_connection = nm_act_request_get_settings_connection (req);
tries = GPOINTER_TO_UINT (g_object_get_qdata (G_OBJECT (applied_connection), wired_secret_tries_quark ())); tries_left = nm_settings_connection_get_autoconnect_retries (settings_connection);
if (tries > 3) if (tries_left == 0)
return NM_ACT_STAGE_RETURN_FAILURE; return NM_ACT_STAGE_RETURN_FAILURE;
if (tries_left > 0)
nm_settings_connection_set_autoconnect_retries (settings_connection, tries_left - 1);
nm_device_state_changed (NM_DEVICE (self), NM_DEVICE_STATE_NEED_AUTH, NM_DEVICE_STATE_REASON_NONE); nm_device_state_changed (NM_DEVICE (self), NM_DEVICE_STATE_NEED_AUTH, NM_DEVICE_STATE_REASON_NONE);
nm_active_connection_clear_secrets (NM_ACTIVE_CONNECTION (req)); nm_active_connection_clear_secrets (NM_ACTIVE_CONNECTION (req));
@@ -699,7 +703,6 @@ handle_auth_or_fail (NMDeviceEthernet *self,
wired_secrets_get_secrets (self, setting_name, wired_secrets_get_secrets (self, setting_name,
NM_SECRET_AGENT_GET_SECRETS_FLAG_ALLOW_INTERACTION NM_SECRET_AGENT_GET_SECRETS_FLAG_ALLOW_INTERACTION
| (new_secrets ? NM_SECRET_AGENT_GET_SECRETS_FLAG_REQUEST_NEW : 0)); | (new_secrets ? NM_SECRET_AGENT_GET_SECRETS_FLAG_REQUEST_NEW : 0));
g_object_set_qdata (G_OBJECT (applied_connection), wired_secret_tries_quark (), GUINT_TO_POINTER (++tries));
} else } else
_LOGI (LOGD_DEVICE, "Cleared secrets, but setting didn't need any secrets."); _LOGI (LOGD_DEVICE, "Cleared secrets, but setting didn't need any secrets.");
@@ -1370,7 +1373,7 @@ deactivate (NMDevice *device)
GError *error = NULL; GError *error = NULL;
/* Clear wired secrets tries when deactivating */ /* Clear wired secrets tries when deactivating */
clear_secrets_tries (device); reset_autoconnect_retries (device);
nm_clear_g_source (&priv->pppoe_wait_id); nm_clear_g_source (&priv->pppoe_wait_id);

28
src/devices/nm-device-macsec.c
View File

@@ -89,8 +89,6 @@ G_DEFINE_TYPE (NMDeviceMacsec, nm_device_macsec, NM_TYPE_DEVICE)
/******************************************************************/ /******************************************************************/
static NM_CACHED_QUARK_FCN ("macsec-secrets-tries", macsec_secrets_tries_quark)
static void macsec_secrets_cancel (NMDeviceMacsec *self); static void macsec_secrets_cancel (NMDeviceMacsec *self);
/******************************************************************/ /******************************************************************/
@@ -480,15 +478,20 @@ handle_auth_or_fail (NMDeviceMacsec *self,
gboolean new_secrets) gboolean new_secrets)
{ {
const char *setting_name; const char *setting_name;
guint32 tries; int tries_left;
NMConnection *applied_connection; NMConnection *applied_connection;
NMSettingsConnection *settings_connection;
applied_connection = nm_act_request_get_applied_connection (req); applied_connection = nm_act_request_get_applied_connection (req);
settings_connection = nm_act_request_get_settings_connection (req);
tries = GPOINTER_TO_UINT (g_object_get_qdata (G_OBJECT (applied_connection), macsec_secrets_tries_quark ())); tries_left = nm_settings_connection_get_autoconnect_retries (settings_connection);
if (tries > 3) if (tries_left == 0)
return NM_ACT_STAGE_RETURN_FAILURE; return NM_ACT_STAGE_RETURN_FAILURE;
if (tries_left > 0)
nm_settings_connection_set_autoconnect_retries (settings_connection, tries_left - 1);
nm_device_state_changed (NM_DEVICE (self), NM_DEVICE_STATE_NEED_AUTH, NM_DEVICE_STATE_REASON_NONE); nm_device_state_changed (NM_DEVICE (self), NM_DEVICE_STATE_NEED_AUTH, NM_DEVICE_STATE_REASON_NONE);
nm_active_connection_clear_secrets (NM_ACTIVE_CONNECTION (req)); nm_active_connection_clear_secrets (NM_ACTIVE_CONNECTION (req));
@@ -498,7 +501,6 @@ handle_auth_or_fail (NMDeviceMacsec *self,
macsec_secrets_get_secrets (self, setting_name, macsec_secrets_get_secrets (self, setting_name,
NM_SECRET_AGENT_GET_SECRETS_FLAG_ALLOW_INTERACTION NM_SECRET_AGENT_GET_SECRETS_FLAG_ALLOW_INTERACTION
| (new_secrets ? NM_SECRET_AGENT_GET_SECRETS_FLAG_REQUEST_NEW : 0)); | (new_secrets ? NM_SECRET_AGENT_GET_SECRETS_FLAG_REQUEST_NEW : 0));
g_object_set_qdata (G_OBJECT (applied_connection), macsec_secrets_tries_quark (), GUINT_TO_POINTER (++tries));
} else } else
_LOGI (LOGD_DEVICE, "Cleared secrets, but setting didn't need any secrets."); _LOGI (LOGD_DEVICE, "Cleared secrets, but setting didn't need any secrets.");
@@ -735,17 +737,19 @@ link_changed (NMDevice *device,
update_properties (device); update_properties (device);
} }
static void static void
clear_secrets_tries (NMDevice *device) reset_autoconnect_retries (NMDevice *device)
{ {
NMActRequest *req; NMActRequest *req;
NMConnection *connection; NMSettingsConnection *connection;
req = nm_device_get_act_request (device); req = nm_device_get_act_request (device);
if (req) { if (req) {
connection = nm_act_request_get_applied_connection (req); connection = nm_act_request_get_settings_connection (req);
/* Clear macsec secrets tries on success, failure, or when deactivating */ g_return_if_fail (connection);
g_object_set_qdata (G_OBJECT (connection), macsec_secrets_tries_quark (), NULL); /* Reset autoconnect retries on success, failure, or when deactivating */
nm_settings_connection_reset_autoconnect_retries (connection);
} }
} }
@@ -761,7 +765,7 @@ device_state_changed (NMDevice *device,
if ( new_state == NM_DEVICE_STATE_ACTIVATED if ( new_state == NM_DEVICE_STATE_ACTIVATED
|| new_state == NM_DEVICE_STATE_FAILED || new_state == NM_DEVICE_STATE_FAILED
|| new_state == NM_DEVICE_STATE_DISCONNECTED) || new_state == NM_DEVICE_STATE_DISCONNECTED)
clear_secrets_tries (device); reset_autoconnect_retries (device);
} }
/******************************************************************/ /******************************************************************/