If there's no SSID, we can't connect at all. So if a client passes
in a hidden AP, and doesn't send the SSID in the partial connection
info, we can't make a connection with it. Return an error instead
of crashing.
This reverts commit 2b12825faa.
Fixes the problem, but the real issue was clients passing AP objects
that don't have an SSID; we need to reject connection creation
requests where the SSID can't be found.
A network with hidden SSID can appear in gnome-shell indicator applet as
<unknown> entry. Clicking it can make NM crash if there is no SSID in wireless
setting nor in AP.
The ETSI specs state that valid characters are only ASCII alphanumeric
characters, but then state that APNs should generally follow DNS
naming rules. Well, that means a lot more characters are allowed,
but modems don't like many of them. So let's slowly allow more
characters as people find ones that actually are used. The restriction
was originally put in place to disallow spaces, because they
certainly aren't allowed APN characters and modems and the
network puke when they see spaces.
Neither gnutls nor NSS fully support PKCS#8 so we don't have complete
support here, but at least recognize the keys and make an attempt to
check the private key if we can.
This reverts commit e5e3dbf415.
The patch fixes the issue but it should really be resolved by the
NM dispatcher code in NetworkManagerUtils.c flattening the DHCP
Options property instead, keeping the dispatcher code simpler.
When removing all NSPs in the scan list clearly we should be clearing
out the current NSP as well, since it just got removed from the scan
list. And make sure the current NSP is cleared when activation fails
or when the device becomes disconnected, since it's not connected to
anything and thus can't have a current NSP either.
The current NSP should only be set during the activation attempt and
while the device is connected.
The WiMAX SDK will reject connect requests while the device is scanning,
which happens when right after suspend or when the wimax radio is
turned on. Postpone the connect attempt until the device says it's
not scanning anymore instead of having the connect attempt fail
and be retried.
1) Don't require NM, but run after it. This allows this service
to be installed without bringing up NetworkManager. Add -x so that
it exits if NM isn't running.
2) Install as a want of network.target, instead of multi-user.target.
This allows us to skip it if nothing requires network.target or the
legacy $network SysV capability.
Unfortunately, GObject Introspection can no longer describe deeper
types, like those inside nested hash tables, which NM uses extensively
for the NMConnection type and other places. So we have to remove
those descriptions. But this moves us back into compliance with
GOI annotation formats.
Clarify that these are supposed to be paths in the argument name;
this shouldn't break API as it's just an argument rename. Helps
users figure out what the argument should be without as much trouble
as 'value', which is what it was before.
The current check caught stuff in the .ver file that was outdated, but
didn't quite get stuff that was supposed to be exported but wasn't,
in some cases. Update the regex to ensure that symbols that are
not exported, but that start with "nm_" (and aren't GObject
boilerplate) get flagged during the check.
Update internal code to return to a previous pattern of treating symbols
that start with "_" internal, and expecting symbols that start with
"nm_" to be exported.
Also fixes cases where random glibc symbols would get flagged:
00040ff4 l O *ABS* 00000000 .hidden _GLOBAL_OFFSET_TABLE_
00041380 l O .data 00000000 .hidden __dso_handle
000406e8 l O .dtors 00000000 .hidden __DTOR_END__
0000fbe4 l F .text 00000000 .hidden __i686.get_pc_thunk.cx
0002f980 l F .text 00000014 .hidden __stack_chk_fail_local
0000b1e7 l F .text 00000000 .hidden __i686.get_pc_thunk.bx
00040e60 l O *ABS* 00000000 .hidden _DYNAMIC
For VPN connections, the interface name would be that of the VPN's
IP interface, but the script environment would be the that of the
VPN's parent device. Enhance the environment by adding any VPN
specific details as additional environment variables prefixed by
"VPN_". Leave the existing environment setup intact for backwards
compatiblity.
Additionally, the dispatcher never got updated for IPv6 support,
so push IPv6 configuration and DHCPv6 configuration into the
environment too.
Even better, push everything the dispatcher needs to it instead
of making the dispatcher make D-Bus requests back to NM, which
sometimes fails if NM has already torn down the device or the
connection which the device was using.
And add some testcases to ensure that we don't break backwards compat,
the testcases here were grabbed from a 0.8.4 machine with a hacked up
dispatcher to dump everything it was given from NM.
Enable the supplicant's optimized background scanning functionality
for WPA Enterprise setups so that roaming works correctly. Otherwise
there are issues pingponging between APs and having an up-to-date
scan list for roaming, since NM only scans every 2 minutes. The
supplicant can trigger optimized scans based on signal quality
thresholds and such and make these roaming decisions much better
than NM can.
First, -Wstrict-prototypes wasn't actually getting used because
-Werror was already in CFLAGS and AC_TRY_COMPILE doesn't produce
main() functions with valid strict prototypes. Suck. But even
fixing that, the WiMAX SDK won't build with the flag, so just rip
it out.
Like the *_filter_connections() functions, but for just one connection,
and now the *_filter_connections() functions call these new ones so
it's really just moving code around and not anything new.
These new functions more closely match the usage I've seen from
gnome-shell's network.js and elsewhere.
AC_PROG_CXX should be unconditionally run, as it doesn't fail out
if a C++ compiler is not found, which is fine. It'll check for
one, but we only use it if --enable-qt=yes is given at configure
time. If --enable-qt=no is set, we do not want to do anything
C++ related, which is why it was conditionalized (incorrectly)
the first time around.
This commit changes rfkill state handling slightly in the following
ways:
- when checking whether a user toggle request can change radio state,
ignore states we can change in radio_enabled_for_rstate() as a result
of the toggle; this fixes WiMAX enable/disable because a softblock
can be changed by telling wimaxd to enable the radio. As a side-effect
this also fixes handling of WiFi when altering the rfkill state as well.
- make WiFi user toggle requests change wifi killswitch state; this has
been long requested and on the TODO list for a while and it turns out
to be a lot easier to do these days. This provides the expected
behavior when disabling wireless from user agent menus since there's
not an easy way to do this other than dropping to shell and running
rfkill.
Allow clients to get a device by its IP interface name instead
of having to get the device list and iterate through each one,
and read the interface name to get what they want.
If the client knows the UUID, add a convenience function to get
the connection path directly, instead of having to iterate the
whole connection list and get each connection's details and then
check the UUID.
