Change the activation procedure for connections that require secrets
in the following way:
- nmcli creates a secret-agent and leaves it disabled so that
incoming requests are queued
- nmcli calls ActivateConnection()
- when the method returns success, the secret-agent gets enabled and
all queued requests are processed
When the user activates a connection which is already auto-activating,
NM will deactivate the current active-connection and will call
CancelGetSecrets() for it before the new ActivateConnection()
returns. In this way, when the secret-agent is enabled by nmcli, we
have the guarantee that there aren't any queued requests for
the deactivating connections.
https://bugzilla.redhat.com/show_bug.cgi?id=1438476
nmcli typically doesn't run setuid, nor uses file capabilities or is labelled
for a SELinux domain trainsition upon execution.
But in case anyone has any reason to do that, we should follow good
security practices and not exec whatever is set in the environment.
We want to support large number of routes. Reduce the number
of copies, by adding internal accessor functions.
Also, work around a complaint from coverity:
46. NetworkManager-1.9.2/libnm-core/nm-utils.c:1987:
dereference: Dereferencing a null pointer "names".
nmc_read_connection_properties() iterates over the input arguments, and
completes the connection.
Initially, the type is not yet known, in that case, we should not wrongly
assume that this is a generic connection. Later, when the type is specified,
con_settings() will return the correct settings.
Previously, this would wrongly add a [generic] section:
$ nmcli connection add type ethernet ifname eth1 con-name ethie autoconnect no ipv4.method auto ethernet.cloned-mac-address random
With the fix, it still works to specify the type later:
$ nmcli connection add ifname eth1 con-name ethie autoconnect no ipv4.method auto type ethernet
but it doesn't work, to specify the type after type-specific options:
$ nmcli connection add ifname eth1 con-name ethie autoconnect no ipv4.method auto ethernet.cloned-mac-address random type ethernet
Error: invalid or not allowed setting 'ethernet': 'ethernet' not among [connection, ipv4, ipv6, proxy].
The patch doesn't change the latter limitation.
Fixes: c5324ed285
Replace the usage of g_str_hash() with our own nm_str_hash().
GLib's g_str_hash() uses djb2 hashing function, just like we
do at the moment. The only difference is, that we use a diffrent
seed value.
Note, that we initialize the hash seed with random data (by calling
getrandom() or reading /dev/urandom). That is a change compared to
before.
This change of the hashing function and accessing the random pool
might be undesired for libnm/libnm-core. Hence, the change is not
done there as it possibly changes behavior for public API. Maybe
we should do that later though.
At this point, there isn't much of a change. This patch becomes
interesting, if we decide to use a different hashing algorithm.
In a later commit we'll add a new generic client function used by
nmcli and nmtui. nm-client-utils.c seems the right place for it, so
move the file to the base library that is used by both clients.
While at it, also put in that file some functions that will be needed
by nmtui.
'nmcli device wifi connect' only supports WEP and WPA-PSK at the
moment, but not WPA-EAP. If the AP supports both WPA-PSK and WPA-EAP,
nmcli doesn't add the PSK to the connection, causing a connection
failure. Fix this.
https://bugzilla.redhat.com/show_bug.cgi?id=1492064
As far as NetworkManager is concerned, the "connection.id" (also called
"con-name" in nmcli) is a pretty name and does not need to be unique.
UI components usually show the "connection.id" instead of the
"connection.uuid" identifier. It is hence likely, that the user
would not intentionally re-use the same name for multiple connection
profiles.
Print a warning to stderr when the user adds such a connection.
This only affects `nmcli connection add` and `nmcli connection import`,
but not `nmcli connection clone` and not interactive edit mode.
https://bugzilla.redhat.com/show_bug.cgi?id=1460796
Currently nmcli considers the state of the device associated to a
connection to determine the success of an activation; for VPNs the
device is the parent interface on which the VPN is established.
This means that VPNs on bond/bridge/team interfaces are reported as
connected immediately because of the special handling of master
devices state in check_activated().
The parent device state is not meaningful for VPNs, so don't track it.
Since properties are asked only when the connection has the related
setting, ensure that the connection type is set early so that the base
type gets added to the connection before evaluating other settings.
After NMSettingConnection properties, ask properties for the base
setting and then all other settings.
The INT signal can arrive after a new line has been processed in
nmc_readline_helper(). In such case, the handler gets uninstalled by
readline_cb() and nmc_seen_sigint() returns TRUE. However it's an
error to call rl_callback_read_char() without handler, don't do it.
Fixes the following:
"readline: readline_callback_read_char() called with no handler!"
#0 __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1 __GI_abort () at abort.c:90
#2 rl_callback_read_char () at ../callback.c:116
#3 nmc_readline_helper (prompt=prompt@entry=0x2aa0d229080 "nmcli> ") at clients/cli/common.c:1387
#4 nmc_readline (prompt_fmt=prompt_fmt@entry=0x2aa0036ac9e "%s") at clients/cli/common.c:1448
#5 do_connection_edit (connection=0x2aa0d215440, nmc=0x2aa00391298 <nm_cli>) at clients/cli/connections.c:7072
Fixes: 995229181chttps://bugzilla.redhat.com/show_bug.cgi?id=1458311
When running one of:
nmcli device wifi list ifname wlan0
nmcli device wifi connect ... ifname wlan0
nmcli wrongly adds the device name to the output.
Do the completion only when requested.
Fixes: 8679793f6b
Fixes: 1a0dfd31c4
nmcli closes its stdout when spawning the pager and thus, in editor
mode, nothing is printed once the pager terminates. For an interactive
mode like the editor, the pager seems not suitable, disable it.
Fixes: 24c079e4b2
In the previous code it is not clear to me that there won't be
a situation where we don't react on a state change, waiting for a
device-state-change that never comes.
Now, only wait for a better device-state reason if:
- we have a device
- and the ac-reason is unspecific (NM_ACTIVE_CONNECTION_STATE_REASON_DEVICE_DISCONNECTED)
- and the device still references the current active connection
- and the device state is not yet FAILED or DISCONNECTED.
The most important change is that we only wait longer, if the device's
active-connection is still the same as our current active connection.
I don't think this commit is really necessary, but I cannot understand
the previous logic.
See-also: 57a26fd2aa
This makes it a lot more convenient to deal with long outputs (such as
"nmcli c show id ...").
The implementation is essentially jacked from systemd. The bugs are
mine.
This basically uses "wifi" in place of "802-11-wireless" and analogously
for other setting types that have aliases unless a --terse option was
specified.
Apart from looking nicer it makes the default output less wide,
hopefully avoiding line breaks on 80 column terminals in basic use
cases.
Before refactoring nmcli recently, field names were marked for translation.
Note that for the property names, marking them had no effect as only
plain strings can be marked with N_().
Note how --fields are also an input argument. The input should be
independent of the locale and not translated. Likewise, when printing
the header names, they should not be translated to match the --fields
option.
$ LANG=de_DE.utf8 nmcli --fields GENERAL.DEVICE device show enp0s25
GENERAL.GERÄT: enp0s25
Drop the translation marks.
'nmcli connection show <con_id1> --show-secrets'
secrets were not shown.
'nmcli connection show <con_id1> --show-secrets <con_id2>'
secrets were shown only for connection ids following the
"--show-secrets" option (so only for 'con_id2').
Fix these behaviors showing secrets for all connections also
if the "--show-secrets" option is put after the connection ids.
If the D-Bus call to DeactivateConnection() fails, don't wait for the
connection to change state because this is not going to
happen. Instead, notify the user of the error and, if necessary, wait
for remaining connections to be deactivated.
https://bugzilla.redhat.com/show_bug.cgi?id=1422786
That allows for the property list to contain derived
property types. Also, the list can be directly passed
off as a "const NMMetaAbstractInfo *const*" list.
