Most callers of nm_auth_chain_new() call nm_dbus_manager_get_caller_info()
right before that, so just fold the get_caller_info() call into
nm_auth_chain_new() to reduce code complexity in callers. Yes, this
means sometimes we call nm_dbus_manager_get_caller_info() twice,
but that's not really a problem.
Normally, users which are not part of a login session can't access
connections. Root won't always be part of a login session, so
allow root to bypass visibility checks. The code already bypassed
the ACL checks for root, but in multiple places. Consolidate those
checks into one function.
Since dbus senders are faked for private connections, we can't just
call dbus_bus_get_unix_user() on fake senders. They need to be
checked against the NMDBusManager's list of private connections
first.
Instead of doing something like
<get caller UID>
if (root) {
perform_operation()
other boilerplate stuff
return;
}
nm_auth_chain_new(perform_operation)
...
just have root also go through the auth chain, which is now
short circuited for root. This ensures we always use the same
code paths for root and non-root, and that fixes made in one path
are also executed for the other.
dbus-glib has had dbus_g_connection_lookup_g_object() since 0.72
(circa 2006) so instead of parsing the object paths ourselves, let
dbus-glib tell us what object it is, and rely on GObject property
permissions to block writes at the object level, and dbus-glib to
block writes at the D-Bus level based on the introspection XML.
Plus, we can use the various ways to get the caller UID that were
added in previous patches to simplify authentication.
For cases where NM may run without a bus daemon in root-only
environments, like an initramfs. For disconnection, since private
connection just get a disconnect message instead of NameOwnerChanged
signals broadcast by a bus daemon, just synthesize the NameOwnerChanged
signals using our fake owner name. It's just easier to do this rather
than modify any code that cares about disconnects.
Note that the new private socket is only enabled if built with
dbus-glib >= 0.100 as there are bugs in previous versions in the
implementation of dbus_g_proxy_new_for_peer() which clients must
use to talk to the private socket.
When providing a service on the bus daemon and a private connection,
we'll need to track objects so we can register them with the
private connection too. Thus all registration/unregistration
calls have to go through the NMDBusManager, not straight to
dbus-glib.
The error is now pushed to things that request PK auth so that we don't
lose it, because we don't want to unconditionally log it from NM, but
still want things to know that their request couldn't be fulfilled
because PK wasn't running.
Don't create a GError with a domain of 0, which causes a glib warning,
and make it clearer when we're early-finishing with an error and when
we're not.
test-keyfile.c: In function 'test_read_string_ssid':
test-keyfile.c:1154:51: error: argument to 'sizeof' in 'memcmp' call is the
same expression as the second source; did you mean to provide an explicit
length? [-Werror=sizeof-pointer-memaccess]
ASSERT (memcmp (array->data, expected_ssid, sizeof (expected_ssid)) == 0,
Make the main/dns config key be a single value rather than a list of
plugins. Since there is currently only one valid value for it
("dnsmasq"), this is backward-compatible.
In the future, it will be possible to specify custom DNS-configuring
scripts here, which is a more flexible way of handling complicated
behavior than trying to create chainable internal plugins.
Remove the unused NMDnsPlugin::init method, some unused #includes, and
an out-of-date comment.
Use the correct macro for the default "/etc/resolv.conf" path.
Simplify NMDnsManager::dispose() a bit.
Make nm_dns_dnsmasq_new() return an NMDnsPlugin* rather than
NMDnsDnsmasq*.
Add an ignore-carrier option to NetworkManager.conf, for specifying
devices where carrier state should be ignored for purposes of
activating/deactivating connections.
Add a new configuration directory ($nmconfdir/conf.d by default,
overridable via the --config-dir command-line option) that can contain
".conf" files that will be parsed in asciibetical order to override
the main NetworkManager.conf file.
In addition to simple overrides, the conf files also support appending
to the value of a previously-set list-valued key, by doing, eg,
"plugins+=foo"
https://bugzilla.gnome.org/show_bug.cgi?id=688857
Add some new API to NMConfig so that NMSettings and its plugins can
use NMConfig to look up values rather than reparsing the config file
themselves.
Also, move the no-auto-default cache from NetworkManager.conf to
$NMSTATEDIR/no-auto-default.state, so NM isn't rewriting its own
config file at runtime.
NMSettings would try to create an NMDefaultWiredConnection for any
NMDeviceWired subclass, and there was some code to deal with
InfiniBand in the code. But nm_default_wired_connection_new() required
the hwaddr length to be ETH_ALEN, so InfiniBand would never have
worked (and probably shouldn't have, since people generally don't want
the auto-default behavior on servers anyway). And we certainly never
intended for this code to apply to bridges and bonds. So fix it to
only apply to ethernet devices, and remove the vestigial
InfiniBand-related code.
Most of the various nm_foo_manager_get/new() calls never return NULL,
so just g_assert() that fact rather than logging a separate error
message for each one.
Rather than passing specific bits of data to NMDHCPManager and
NMDnsManager, just let them call nm_config_get() and then get the data
themselves.
Also, remove the GError argument from nm_dhcp_manager_new(), since the
function never returned NULL. This in turn means there is no longer
any need for a distinction between nm_dhcp_manager_new() and
nm_dhcp_manager_get(), so remove the former.
Add NMConfigDevice, which is mostly just a wrapper around
nm_device_get_hw_address() and nm_device_spec_match_list(), and
implement it in NMDevice. This will be used for config options that
match devices. (We can't use NMDevice directly for dependency
reasons.)
There is no reason to configure the connectivity-check options from
the command line rather than from the config file. Keep the options,
for backward-compatibility, but remove them from the man page and hide
them from --help.
The list of log domains in the --log-domains documentation had gotten
out of date. Fix this by adding nm_logging_all_domain_to_string()
(and, for completeness, nm_logging_all_levels_to_string()), and use
those to fill in the help string.
Rather than having main.c parse them and then hand them all to
nm_config_new(), just let nm-config provide its own GOptionEntry
array to merge in with main's.
It's a singleton that always exists. Callers shouldn't have to
refcount it.
Also, move its cleanup code from dispose() to finalize(), and remove
some unnecessary checks in it.
gcc 4.8.0 has a new warning that triggers on
static void
compute_hash (NMDnsManager *self, guint8 buffer[HASH_LEN])
{
...
memset (buffer, 0, sizeof (buffer));
...
}
because "sizeof (buffer)" is *not* HASH_LEN, it's sizeof(guint8*). The
memset() was not necessary anyway since the g_checksum_get_digest()
after it will always end up filling in buffer, so just remove it.
https://bugzilla.gnome.org/show_bug.cgi?id=697041
When the default leasefile location got moved from distro-specific
dhclient locations to a single NM-specific location, that apparently
broke scripts and external tools that depended on the old location,
like dract netbooting.
During a netboot, DHCP is started from the initramfs and gets a
lease, and the leasefile lives in the initramfs. When the real
system is started, and the rootfs switches from the initramfs to
the actual rootfs, something needs to copy the leasefiles over to
where NetworkManager can find them. For dracut at least, various
dracut scripts were doing this, and copying to the old location
in /var/lib/dhclient or /var/lib/dhcp. Which means NM can no
longer find them, and proceeds to acquire a new DHCP lease when
taking over the existing connection, rather than renewing the
existing lease. This can lead to loss of network connectivity
and thus the netboot process fails.
If no leasefile for the connection in the new location exists,
look in the old locations and copy that leasefile over to the new
location.
MM won't always be present, and if it's not, your logs will fill up
with warnings about MM not being able to be launched. And when
running with systemd, you'll get a different class of errors like:
<warn> error poking ModemManager: GDBus.Error:org.freedesktop.systemd1.LoadFailed:
Unit dbus-org.freedesktop.ModemManager1.service failed to load: No such file or
directory. See system logs and 'systemctl status
dbus-org.freedesktop.ModemManager1.service' for details.
and I'm tired of chasing and special-casing all the launch-failed
errors that D-Bus and systemd use.
Plus, we have dynamic log level changing via the D-Bus interface so if
people need to debug this, just chaning the log level will tell you
what's wrong.
The PPP interface may be gone already, especially if the connection
was terminated by the PPP peer. It's pointless to warn in these
cases since getitng the final stats is best-effort anyway.
Not all systems have machine-id in /etc, some still have it in /var/lib/dbus/
especially if they aren't using systemd. Furthermore, if we don't have
any machine-id file (like in the future, if we don't have a messaebus
daemon running) fall back to a random DUID as a last resort.
