This reverts commit f43586fc17.
This broke stuff as "name" was set on various places after construction. So we
revert the commit for now, and will rework it.
dhcpcd v5.99 and later automatically enabled IPv6 behavior unless
specifically disabled. This is undesirable for two reason:
1) dhcpcd sends IPv4 Router Solicitations, which NetworkManager
handles itself, so there's no need to do it twice. NetworkManager
knows better than dhcpcd whether IPv6 is supposed to be used for
that interface or not.
2) Some devices don't react well to IPv6 when they aren't expecting
it. For example, older Qualcomm Gobi-based devices will listen
for Router Solicitations and attempt to set up IPv6, but if other
settings are not done correctly, or the firmware doesn't actually
support it, the firmware will then crash. So simply upgrading your
dhcpcd from 5.x to 6.x magically stops WWAN working for these
devices.
Make the name property CONSTRUCT_ONLY. With this there is also no more
need to overwrite the constructor().
Signed-off-by: Thomas Haller <thaller@redhat.com>
The public property is called NM_SETTING_VLAN_INTERFACE_NAME,
so also the internal field and the PROP_* enum should carry
the same name.
Signed-off-by: Thomas Haller <thaller@redhat.com>
Previously, the device activation would stall in this case, because
the code wasn't expecting it to happen. In particular, this happens
when trying to assume a device that is up but has no IP config.
https://bugzilla.gnome.org/show_bug.cgi?id=715181
When request for getting secrets is being freed in request_free(),
cancel_callback is get_cancel_cb(). It uses parent->current as a secret agent
object. However, this object can be already freed and thus there is a problem
getting priv in nm_secret_agent_cancel_secrets:
g_return_if_fail (self != NULL);
priv = NM_SECRET_AGENT_GET_PRIVATE (self);
(gdb) p self
$66 = (NMSecretAgent *) 0x7fae9afd42e0
(gdb) p *self
$67 = {parent = {g_type_instance = {g_class = 0x0}, ref_count = 0, qdata = 0x0}}
#0 nm_secret_agent_cancel_secrets (self=0x7fae9afd42e0, call=0x1) at settings/nm-secret-agent.c:325
#1 0x00007fae9a774882 in request_free (req=0x7fae9afc48f0) at settings/nm-agent-manager.c:496
#2 0x00007fae967b251a in g_hash_table_remove_internal (hash_table=0x7fae9aefdf00, key=0x2, notify=1) at ghash.c:1276
#3 0x00007fae9a72b340 in dispose (object=0x7fae9af77200) at nm-activation-request.c:446
#4 0x00007fae96cbeee8 in g_object_unref (_object=0x7fae9af77200) at gobject.c:3160
#5 0x00007fae9a73d87c in _active_connection_cleanup (user_data=<optimized out>) at nm-manager.c:359
#6 0x00007fae967c32a6 in g_main_dispatch (context=0x7fae9aedb180) at gmain.c:3066
#7 g_main_context_dispatch (context=context@entry=0x7fae9aedb180) at gmain.c:3642
#8 0x00007fae967c3628 in g_main_context_iterate (context=0x7fae9aedb180, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3713
#9 0x00007fae967c3a3a in g_main_loop_run (loop=0x7fae9aedb860) at gmain.c:3907
So we need to ref() 'agent' when adding it to pending list, so that the object
is not freed if the secret agent unregisters and is removed.
Test case:
1. run NM and nm-applet
2. activate a Wi-Fi network
3. nm-applet will ask for a password; ignore the popup window and kill nm-applet
4. start nm-applet again
5. click the same Wi-Fi network in nm-applet
6. NM will experience problems in nm_secret_agent_cancel_secrets() or crashes
(the procedure may not be 100%, but reproduces most of the time)
https://bugzilla.redhat.com/show_bug.cgi?id=922855
GLib-CRITICAL **: g_hash_table_iter_next: assertion 'ri->version == ri->hash_table->version' failed
It is not allowed to modify hash table while it is iterated. Unfortunately,
request_remove_agent() may remove the request from the 'requests' hash table,
making it not usable in the loop hash table looping.
We need to store the request into a temporary list and call request_next_agent()
on them later (after the hash loop).
Test case:
1. start NM and nm-applet
2. activate a Wi-Fi WPA connection
3. nm-applet displays a dialog asking for a password
4. kill nm-applet
5. NetworkManager removes the nm-applet's secret agent
and runs into removing the request from hash table in the
iterating loop (via get_complete_cb)
#0 get_complete_cb (parent=0x7f3f250f2970, secrets=0x0, agent_dbus_owner=0x0, agent_username=0x0, error=0x7f3f250f7830, user_data=0x7f3f25020e10)
at settings/nm-agent-manager.c:1111
#1 0x00007f3f23b46ea5 in req_complete_error (error=0x7f3f250f7830, req=0x7f3f250f2970) at settings/nm-agent-manager.c:509
#2 request_next_agent (req=0x7f3f250f2970) at settings/nm-agent-manager.c:615
#3 0x00007f3f23b48596 in request_remove_agent (agent=0x7f3f250f4a20, req=0x7f3f250f2970) at settings/nm-agent-manager.c:631
#4 remove_agent (self=<optimized out>, owner=0x7f3f250dbff0 ":1.275") at settings/nm-agent-manager.c:130
#5 0x00007f3f23b4868d in impl_agent_manager_unregister (self=0x7f3f25020e10, context=0x7f3f250f5480) at settings/nm-agent-manager.c:374
#0 0x00007f3f1fb9c4e9 in g_logv (log_domain=0x7f3f1fbfef4e "GLib", log_level=G_LOG_LEVEL_CRITICAL, format=<optimized out>, args=args@entry=0x7fff156b77c0) at gmessages.c:989
#1 0x00007f3f1fb9c63f in g_log (log_domain=log_domain@entry=0x7f3f1fbfef4e "GLib", log_level=log_level@entry=G_LOG_LEVEL_CRITICAL,
format=format@entry=0x7f3f1fc0889a "%s: assertion '%s' failed") at gmessages.c:1025
#2 0x00007f3f1fb9c679 in g_return_if_fail_warning (log_domain=log_domain@entry=0x7f3f1fbfef4e "GLib",
pretty_function=pretty_function@entry=0x7f3f1fc03c30 <__PRETTY_FUNCTION__.4571> "g_hash_table_iter_next",
expression=expression@entry=0x7f3f1fc038f0 "ri->version == ri->hash_table->version") at gmessages.c:1034
#3 0x00007f3f1fb849c0 in g_hash_table_iter_next (iter=<optimized out>, key=<optimized out>, value=<optimized out>) at ghash.c:733
#4 0x00007f3f23b484e5 in remove_agent (self=<optimized out>, owner=0x7f3f250dbff0 ":1.275") at settings/nm-agent-manager.c:129
#5 0x00007f3f23b4868d in impl_agent_manager_unregister (self=0x7f3f25020e10, context=0x7f3f250f5480) at settings/nm-agent-manager.c:374
There can be multiple default routes for an interface with different
metrics. Grab the gateway of the default route with the lowest
metric as the overall gateway of the IP config. Otherwise the rest
could get left in the config and applied at random times.
If the interface who's IP configuration is being captured has the default
route, then read DNS servers from resolv.conf into the NMIP[4|6]Config.
This allows NetworkManager to repopulate resolv.conf if anything changes.
For example, if the system does not define a persistent hostname, then
when a device which has generated a connection activates, a hostname
lookup will be performed. The results of that lookup may change resolv.conf,
and thus NetworkManager must rewrite resolv.conf. Without capturing
DNS information at startup when generating connections, an empty
resolv.conf would be written.
When generating connections at startup for active interfaces, the
generation code may not always be able to read DNS information for
the connection. Thus, the device's IP4Config won't have any
nameservers and the device won't be considered for reverse-address
lookup. However, since any device that gets this far is already
the "best" device and has the default route, and thus should be the
one used for reverse-address lookup.
Second, reorganize the code better handle dual-stack in the
future by checking the IP configs directly, instead of the
devices. Since 'best4' and 'best6' may be different devices,
we want to operate on the IP configs, not devices, to handle
situations where the best IP4Config may not be suitable for
reverse lookup, but the best IP6Config is.
https://bugzilla.redhat.com/show_bug.cgi?id=1031763
When doing nm_auth_chain_unref(), the code iterated over the ->calls and
cancelled them. However, some of these calls might not have passed on to
polkit_authority_check_authorization(), but instead being scheduled with
g_idle_add(). These calls have to be canceled too because the NMAuthChain
will already be destroyed when auth_call_complete() calls.
Now, we g_source_remove() these calls and free them immediatly. Before
these calls leaked and led to use after free crash.
Also fix a memory leak by always get the results with
polkit_authority_check_authorization_finish(), even when being
cancelled.
This is the backtrace of the crash:
#0 0x00007f166efda359 in g_slist_remove () from /lib64/libglib-2.0.so.0
#1 0x00007f167311bcc1 in auth_call_complete ()
#2 0x00007f166efbde06 in g_main_context_dispatch ()
from /lib64/libglib-2.0.so.0
#3 0x00007f166efbe158 in g_main_context_iterate.isra.22 ()
from /lib64/libglib-2.0.so.0
#4 0x00007f166efbe55a in g_main_loop_run () from /lib64/libglib-2.0.so.0
#5 0x00007f16730d3c0d in main ()
Co-Authored-By: Dan Williams <dcbw@redhat.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
Note:
Tilde expansion is enabled, so ~/abc<TAB> expands the string to /home/joe/abc.
However, when user did not use the completion and typed "~/myfile" manually,
the path could not be opened.
nmcli 802-1x.ca-cert> set ~/newca.crt
Error: failed to set 'ca-cert' property: Failed to open file '~/newca.crt': No such file or directory
nmcli con add type team config /home/cimrman/team-config.json
libteam (and in turn NetworkManager) configures team devices via plain config
data in JSON format. However, it is useful and more user-friendly for nmcli to
accept also a file name that contains the config data, and read it. Thus the
user is not forced to type whole (possibly long) config on the command line.
The router has no idea what the local configuration or user preferences are,
so sending routes with a prefix length of 0 is at best misinformed and at
worst breaks things. The kernel also ignores plen=0 routes in its in-kernel
RA processing code in net/ipv6/ndisc.c.
https://bugzilla.redhat.com/show_bug.cgi?id=1029213
Else loopback is managed, and could be easily disconnected, which causes various
issues with applications. So do not manage it for now, to be on the safer side.
https://bugzilla.redhat.com/show_bug.cgi?id=1032594
Bug rh#1017884 describes a crash, where dbus_init() failed, which causes
a g_warning(). While writing the warning, a SIGTERM hit, and the
signal_handler() tries to call again g_message().
The logging functions of glib are not reentrant and call abort() when
invoked recursivly. The solution, is to use g_unix_signal_add, which
will dispatch the handler on the mainloop asynchronously.
This bug is not that serious, because the dispatcher was about to
terminate anyway. However, it gets registered as a crash by the system
(ABRT).
https://bugzilla.redhat.com/show_bug.cgi?id=1017884
Signed-off-by: Thomas Haller <thaller@redhat.com>
result_cb invokes a function pointer provided by the user. Nothing prevents
the user from destroying the NMRemoteConnection in the callback, which leads
to a crash. Take an additional ref of NMRemoteConnection to keep it
alive.
This probably caused a crash for nm-applet:
https://bugzilla.redhat.com/show_bug.cgi?id=1030403
Signed-off-by: Thomas Haller <thaller@redhat.com>
When activating a team slave and 'teamd' binary is not installed, the
priv->state of master device will be NM_DEVICE_STATE_FAILED, which is greater
than NM_DEVICE_STATE_ACTIVATED.
<info> Activation (nm-team) Stage 1 of 5 (Device Prepare) started...
<warn> Activation (nm-team) to start teamd: not found
<info> (nm-team): device state change: prepare -> failed (reason 'none') [40 120 0]
...
<debug> master_state_cb(): (0x81d6968): master ActiveConnection [0x91d69d0] 'team0' failed
<info> (eth1): device state change: config -> failed (reason 'dependency-failed') [50 120 50]
...
<debug> slave_state_changed(): (nm-team): slave eth1 state change 50 (config) -> 120 (failed)
--- ASSERTION ---
Without this patch, the following fails with a rather obscure message
about missing make target.
./autogen.sh && make && make distcheck
...
*** No rule to make target `NetworkManager.8', needed by `distdir'. Stop.
Swap the order of the subdirectories 'docs' and 'man' to build
'docs' earlier. This way, `make distcheck` fails in the directory 'docs'
with a better error message:
*** gtk-doc must be installed and enabled in order to make dist
Also, add 'man/nmcli-examples.5' to the list of files, to determine
whether to use the pre generated doc files.
Signed-off-by: Thomas Haller <thaller@redhat.com>
Like 'team', 'team-slave' also understands the property 'config'.
Add it to bash completion for the 'connection add' command.
Signed-off-by: Thomas Haller <thaller@redhat.com>
Set accept_ra and use_tempaddr to "0" when managing a device (and
restore them to their original values after unmanaging it) to ensure
that calling nm_device_bring_up() on a managed device won't ever cause
kernel IPv6 autoconf to happen. Remove some other redundant accept_ra
setting.
Fix up the deconfigure case of dispose() to clear the device's IP6
config as well as its IP4 config.
https://bugzilla.gnome.org/show_bug.cgi?id=700414
