Impact of this bug is likely limited to Ad-Hoc connections that don't
require a scan before activation since by the time the scan has finished,
the NMSupplicantInterface will be set up. However, this shows a bug where
Ad-Hoc connections can be immediately activated even if they don't have
the latest timestamp, because a scan hasn't completed yet and thus we don't
know if there are any usable APs around. Could be fixed by only letting
auto-activations happen after the first successful scan anyway. But whatever...
Log messages look like this:
NetworkManager: <info> Activation (wlan0/wireless): connection 'Wireless connection 1' requires no security. No secrets needed.
NetworkManager: <info> Config: added 'ssid' value 'foobar'
NetworkManager: <info> Config: added 'mode' value '1'
NetworkManager: <info> Config: added 'frequency' value '2412'
NetworkManager: <info> Config: added 'key_mgmt' value 'NONE'
(NetworkManager:28239): GLib-GObject-CRITICAL **: g_object_ref: assertion `G_IS_OBJECT (object)' failed
(NetworkManager:28239): GLib-GObject-CRITICAL **: g_type_instance_get_private: assertion `instance != NULL && instance->g_class != NULL' failed
NetworkManager: dbus_g_proxy_begin_call: assertion `DBUS_IS_G_PROXY (proxy)' failed
NetworkManager: <WARN> real_act_stage2_config(): Activation (wlan0/wireless): couldn't send wireless configuration to the supplicant.
NetworkManager: <info> (wlan0): device state change: 5 -> 9 (reason 9)
NetworkManager: <info> Activation (wlan0) failed for access point (foobar)
NetworkManager: <info> Marking connection 'Wireless connection 1' invalid.
This happened because the nm_device_wifi_set_enabled() only checked for
the existence of the NMSupplicantInterface, but not whether the supplicant
interface was ready to be used. The supplicant interface would be in the
middle of the getInterface or addInterface call and wouldn't have
initialized priv->iface_proxy yet, which is where that error message was
coming from.
So don't change device state from the wifi_enabled handler, just init
the supplicant interface (it should have been torn down already by
device_state_changed() when the device goes to UNAVAILABLE or UNMANAGED)
and wait for the supplicant interface state change to READY to change
the NMDeviceWifi state to DISCONNECTED in supplicant_iface_state_cb_handler().
Link against libm (using the LT_LIB_M macro and the $LIBM variable) as
we are using pow() and otherwise fail to build with stricter linkers like
binutils-gold.
The device type is set at object construction before the object is
ever exported, thus the first time a client gets the value it will
be correct, and the value should never change. As such, the
property never needs to be part of PropertiesChanged signals.
Previously, ppp code would flip device state to _NEED_AUTH before
asking for secrets update; this is not the case anymore after landing
of f28a0df4a66e8f6c98327691c9c90df0604bbd28; hence, we need to
allow update of secrets in all ACTIVATING stages.
This patch updates this behaviour for all device classes with ppp
support.
Due to dbus-glib limitations we still have to keep two copies of this,
and furthermore PropertiesChanged won't yet trigger for the VPN bits
since there's no way to push out signals on a different interface.
It's a singleton, but PolicyKit didn't increment the reference count
when returning from polkit_authority_get() like we expected (which has
since been fixed upstream). So for now, just don't unref the authority
at all.
Since we don't do that, there's a chance that some PolicyKit calls could
be outstanding when either the NMSysconfigSettings object or one of the
NMSysconfigConnection objects are around, so we make sure we cancel any
PolicyKit calls when the object gets disposed. This is tricky, because
canceling them from the dispose may mean that the callback gets called
after the object is actually destroyed, so we have to be careful not to
access any private object data from the callbacks in that situation.
Based on a patch from Alexander Sack, but hugely
modified by me to make use of allocated realpath results
instead of stack-based arrays, and to fix an omission in
the original patch that would still have used the
non-realpath-resolved path to /etc/resolv.conf when doing
the atomic rename of the tempfile to resolv.conf.
device->want_signal was never set to TRUE when addrconf was started,
causing random netlink events (say for link-local address addition
or removal) to trigger the config-changed signal from
nm_ip6_device_sync_from_netlink() at the wrong time. This would
cause IPv6 address configuration to look like it succeeded, when
in fact the config timeout was still in-force. Thus device
activation would proceed if IPv4 was enabled, but a few seconds later
the device would be deactivated due to the still active IPv6
timeout.
So fix that and clarify when the events from the IPv6 manager happen,
and what the want_signal variable is really for.
Two errors here; first, need_secrets_tls() was not updated correctly
for the certificate paths changes that landed recently, and would
have incorrectly returned "no secrets required" for the PATH scheme.
Second, an incorrect strcmp() comparison in need_secrets_phase2()
meant that the wrong TTLS phase2 method would get asked if it
required secrets.
The error object passed to the plugin's add-connection handler wasn't
getting properly cleared if an earlier plugin had failed to write
the connection and fell back to the current plugin.
NM previously only cleared secrets when the VPN service daemon quit,
and the service daemons are on a 10-second inactivity timer. So if
the user tried to re-activate the failed VPN connection within 10
seconds the old secrets would get used, which clearly isn't what we
want. Ensure that whenever the VPN connection fails or disconnects,
we ask the settings service for secrets again the next time.
NM didn't pass it to MM anyway, so it was mainly unused, but the band settings
were still wrong. Fix that (and still preserve ABI) by adding a new property
for allowed bands that can actually hold all the bands instead of limiting
to 16-bits. Clean up some of the deprecation stuff at the same time to make
it clearer what's deprecated and what to do about it.
Commit 715ddd2045 broke sharing because
sometimes a multi-argument string gets passed in rule->rule. Revert
most of that commit. A bunch of cleanups by dcbw too.
