The new domain-suffix-match and phase2-domain-suffix-match properties
can be used to match against a given server domain suffix in the
dNSName elements or in the SubjectName CN of the server certificate.
Also, add a comment to the old subject-match properties documentation
to suggest that they are deprecated and should not be used anymore.
We don't want to update the properties until the objects referred are complete.
Otherwise the clients get confused. Very confused:
https://bugzilla.redhat.com/show_bug.cgi?id=1313866
We already delay the notification signals. Let's replace that with delaying the
actual ObjectCreatedData processing instead.
GError codes are only unique per domain, so logging the code without
also indicating the domain is not helpful. And anyway, if the error
messages are not distinctive enough to tell the whole story then we
should fix the error messages.
Based-on-patch-by: Dan Winship <danw@gnome.org>
Functions that take a GError** MUST fill it in on error. There is no
need to check whether error is NULL if the function it was passed to
had a failing return value.
Likewise, a proper GError must have a non-NULL message, so there's no
need to double-check that either.
Based-on-patch-by: Dan Winship <danw@gnome.org>
If the plugin supports interactive mode, but the VPN binary (like vpnc
or openvpn) doesn't support it, then the plugin should return
NM_VPN_PLUGIN_ERROR_INTERACTIVE_NOT_SUPPORTED from its connect_interactive()
hook. This lets NetworkManager know to fall back to plain Connect().
Since this notification is done through an error return, the VPN service
plugin code sees the failure and moves the plugin state back to
STOPPED. NetworkManager sees that state change, and terminates the
connection attempt while waiting for a reply to the Connect() method.
(VPN service plugins that don't support interactive mode at all don't
have this problem because that error is returned before the plugin's
state is moved to STARTING.)
To fix this, do two things:
1) if the connect_interactive() hook fails and returns the error
NM_VPN_PLUGIN_ERROR_INTERACTIVE_NOT_SUPPORTED, postpone the STOPPED
state change for a few seconds to allow NM time to fall back to
plain Connect(). We still want to move the plugin state back to
STOPPED eventually, because otherwise it could stay in STARTING
forever.
2) change state to STARTING only if the connect/connect_interactive
plugin hooks were successful. Otherwise the plugin would still be
in STARTING state, and it's not valid to call Connect()/ConnectInteractive()
during the STARTING state.
https://mail.gnome.org/archives/networkmanager-list/2016-February/msg00091.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1298732
- All internal source files (except "examples", which are not internal)
should include "config.h" first. As also all internal source
files should include "nm-default.h", let "config.h" be included
by "nm-default.h" and include "nm-default.h" as first in every
source file.
We already wanted to include "nm-default.h" before other headers
because it might contains some fixes (like "nm-glib.h" compatibility)
that is required first.
- After including "nm-default.h", we optinally allow for including the
corresponding header file for the source file at hand. The idea
is to ensure that each header file is self contained.
- Don't include "config.h" or "nm-default.h" in any header file
(except "nm-sd-adapt.h"). Public headers anyway must not include
these headers, and internal headers are never included after
"nm-default.h", as of the first previous point.
- Include all internal headers with quotes instead of angle brackets.
In practice it doesn't matter, because in our public headers we must
include other headers with angle brackets. As we use our public
headers also to compile our interal source files, effectively the
result must be the same. Still do it for consistency.
- Except for <config.h> itself. Include it with angle brackets as suggested by
https://www.gnu.org/software/autoconf/manual/autoconf.html#Configuration-Headers
This breaks API and ABI for the functions related to Reapply,
which got introduced in the current 1.1 development phase.
The version-id is here to allow users to error out if the connection
on the device was changed by a concurrent action.
https://bugzilla.gnome.org/show_bug.cgi?id=761714
Some drivers (or things outside NM like 'powertop') may turn powersave
on, so don't touch it unless explicitly configured by user.
To achieve this, add new 'default' and 'ignore' options; the former
can be used to fall back to a globally configured setting, while the
latter tells NM not to touch the current setting.
When 'default' is specified, a missing global default configuration is
equivalent to 'ignore'.
It is possible to enable Wi-Fi power saving for all connections by
dropping a file in /etc/NetworkManager/conf.d with the following
content:
[connection]
wifi.powersave=3
https://bugzilla.gnome.org/show_bug.cgi?id=760125
- "gsystem-local-alloc.h" and <gio/gio.h> are already included via
"nm-default.h". No need to include them separately.
- include "nm-macros-internal.h" via "nm-default.h" and drop all
explict includes.
- in the modified files, ensure that we always include "config.h"
and "nm-default.h" first. As second, include the header file
for the current source file (if applicable). Then follow external
includes and finally internal nm includes.
- include nm headers inside source code files with quotes
- internal header files don't need to include default headers.
They can savely assume that "nm-default.h" is already included
and with it glib, nm-glib.h, nm-macros-internal.h, etc.
"nm-vpn-service-plugin.h" includes "nm-connection.h", so there is already no
way to use "nm-vpn-service-plugin.h" without also pulling in all "NetworkManager.h".
On the other hand, we might not include "nm-vpn-service-plugin.h" in
"NetworkManager.h" to keep the overall headers small (by default).
But let's just include it too. We already opted for convenience
over small-include by having one top-level header file.
The property is used to control duplicate address detection:
* -1 means default value
* 0 means no DAD is performed
* > 0 means timeout (in milliseconds) for arping responses
[bgalvani: moved setting from NMSettingIP4Config]
Add test showing how libnm/libnm-glib handles invalid connections,
i.e. connections that fail nm_connection_verify(). libnm implements
settings a static types (via different NMSetting types). This makes
it unavoidable that eventually a newer server version will
expose connections that fail verification in the client.
For example, master added a new base type NMSettingTun. This setting type
was not backported to legacy libnm-glib, thus such connection will not verify.
Also, we want that newer server versions are backward compatible with older
library versions. Thus also a pre-NMSettingTun libnm version has the same
problem.
The test shows that libnm is agnostic to whether the connection verifies.
That is consistent behavior, but possibly problematic because most
accessors to connections assert against a valid connection. Thus using
the common nm_connection*() functions on an invalid connection can lead
to problems.
Also, due to the static nature of our NMSetting types, some properties
can be silently dropped and thus mangling the connection without the
library user noticing.
libnm-glib prints a g_warning() whenever parsing an invalid connection.
When an invalid connection is added initially, it is exposed to the library
user. When a connection gets later invalidated due to an update, the
connection disappears and it stays missing even if a subsequent update
makes the connection valid again.
libnm-glib's behavior indicates that we might wanted to hide invalid
connections from the user. But it's very broken there.
Up to now, the "include" directory contained (only) header files that were
used project-wide by libs, core, clients, et al.
Since the directory now also contains a non-header file, the "include"
name is misleading. Instead of adding yet another directory that is
project-wide, with non-header-only content, rename the "include"
directory to "shared".
The unit tests for libnm and libnm-glib use a NetworkManager stub
service written in Python (test-networkmanager-service.py). As they
share the same server, it makes sense to also share the same utility
code to drive the stub.
Move the common code to include/.
Note that contrary to "nm-test-utils.h", "nm-test-libnm-utils.h" is not
a header-only file. Instead its implementation is in "nm-test-utils-impl.c".
The reason for that this split is, if we later have yet another non-header-only
test-utility, then all the implementations are in "nm-test-utils-impl.c", requiring
the tests to link only one object file.
Add a generic NMSettingTunnel which describes properties of tunnels
over IPv4 and IPv6 (GRE, SIT, IPIP, IPIP6, IP6GRE, etc.). Since those
tunnel types all have similar properties it makes sense to have a
single setting type for them.
Add function nm_utils_enum_get_values() which returns a string array
containing the enum values. It can be used, for example, to build a
list of allowed values for user.
