If we find a "iface ..." line, add the interface to
well_known_interfaces no matter if there is a connection for it or not.
Otherwise we fail to mark devices as unmageded in cases like
iface wlan0 inet manual
wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
as NM does not know how to parse such a interface configuration.
Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=569215
The previous implementation of the parser for /etc/network/interfaces had
quite a few drawbacks:
- it expected the lines to be terminated with "\n", even the last line
- it ignored line wraps with "\\" followed by "\n"
- it expected over-long lines to be shorter than 510 characters
- it ignored line wraps on over-long lines
- it treated spaces and tabs differently
- it did not make sure to really tokenize on word boundaries
- it treated the equivalent stanzas "auto" and "allow-auto" differently
- it ignored the fact that the "allow-*" stanzas can take multiple arguments
that need to be separated to be recognized NetworkManager's processing later
- it allowed "non-block" stanzas to appear before a block
This patch is a rewrite of the parser to fix the issues mentioned:
- it accepts the last line even if it is not terminated by "\n"
- it skips over-long lines, emits a warning and even takes into account
that over-long lines may be wrapped to next lines
- it un-wraps wrapped lines
- it uses spaces and tabs equivalently to tokenize the input
- it treats "allow-auto" as a synonym to "auto"
- it splits multi-argument "auto"/"allow-*" into multiple
single-argument stanzas of the same type
- it warns on data stanzas before the first block stanza
NMSettingsConnectionInterface was created to allow the daemon and NM
clients to have common code that handled both system and user
connections. It's no longer needed now that user settings services are
gone.
This concludes the flattening of libnm-glib.
ifupdown only supports secrets for wireless connections, so attempts to
get non-wireless secrets need to fail. Previously, this was accomplished
by overriding NMSysconfigSettingsClass->get_secrets, the handler for
DBus GetSecrets() method calls. This had some problems:
- It created an information leak. The first thing the
NMSysconfigConnection implementation does is verify that the caller is
authorized to get secrets information, but nm-ifupdown-connection ends
up performing its additional check before authorization happens. Thus,
unauthorized users are able to determine that some connections don't
have secrets. This will become more significant when secrets handling
is revamped.
- We'd really like to devirtualize these DBus method call handlers.
They were inherited from from NMRemoteConnection, where we needed
these functions to be virtual so that user and system settings
services could implement them differently. That is no longer needed.
ifupdown was the last place were we actually "needed" these functions
to be virtual.
With this commit, we fix these problems by overriding
nm_settings_connection_interface_get_secrets instead.
In continuation of the theme, the removal of user settings services
means that the distinction between NMSysconfigConnection and
NMExportedConnection is no longer needed. Merge NMExportedConnection
into NMSysconfigConnection.
NMIfupdownConnection really is a subclass of NMSysconfigConnection (as
declared via the G_DEFINE_TYPE macro in nm-ifconfig-connection.c), but
the header incorrectly used NMExportedConnection* in the class and
instance structs. We got away with it because NMSysconfigConnection*
didn't contain anything other than the stuff inherited from
NMExportedConnection*, but it would have caused much trouble if we did
add something.
Otherwise it causes connections that we don't want exported to leak
out and be shown in the connection editor even though the device
isn't supposed to be managed.
The old NMExportedConnection was used for both client and server-side classes,
which was a mistake and made the code very complicated to follow. Additionally,
all PolicyKit operations were synchronous, and PK operations can block for a
long time (ie for user input) before returning, so they need to be async. But
NMExportedConnection and NMSysconfigConnection didn't allow for async PK ops
at all.
Use this opportunity to clean up the mess and create GInterfaces that both
server and client objects implement, so that the connection editor and applet
can operate on generic objects like they did before (using the interfaces) but
can perform specific operations (like async PK verification of callers) depending
on whether they are local or remote or whatever.
The only thing that doesn't work yet is the system-settings service's
"auto eth" connections for ethernet devices that don't have an existing
connection. Might also have issues with unmanaged devices that can't
provide a MAC address until they are brought up, but we'll see.
Plugins no longer need to hash WPA passphrases, so there's no need to keep
sha1 stuff around unless its for hasing other stuff (ifcfg-rh uses sha1
for certificate hashing for example, but has a private copy).
Fix a few problems... No plugin should return secrets in the GetSettings method,
which some plugins did. When that was committed in the commit "system-settings:
don't return secrets in the settings", it broke those plugins that didn't implement
GetSecrets. Each plugin can actually use the same code for GetSettings and
GetSecrets, so implement those generically in the NMExportedConnection class and
remove plugin-specific implementations that all did the same thing.
* libnm-util/libnm-util.ver
libnm-util/nm-setting-connection.c
libnm-util/nm-setting-connection.h
- Add a 'read-only' property that indicates the connection cannot be
modified
* system-settings/plugins/ifcfg-fedora/reader.c
system-settings/plugins/ifcfg-suse/parser.c
system-settings/plugins/ifupdown/parser.c
- These plugins are read-only at the moment
* system-settings/plugins/keyfile/reader.c
system-settings/plugins/keyfile/writer.c
- Read-only shouldn't get saved out to files or read in from them
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4227 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
* libnm-glib/nm-settings.c
libnm-glib/nm-settings.h
- Rename the "get_secrets" virtual function "service_get_secrets" to
clarify when it's used; NMExportedConnetion is a base-class for both
the client and service side, which is sort of confusing, and
get_secrets only makes sense on the service side.
* libnm-glib/nm-dbus-connection.c
- (get_secrets): remove, unused, and clients need to do extra work to
get secrets anyway since the call can block on the remote side
* system-settings/plugins/ifupdown/nm-ifupdown-connection.c
system-settings/plugins/keyfile/nm-keyfile-connection.c
- Fix up for get_secrets -> service_get_secrets
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4192 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
Implement managed mode. We bind devices configured in /etc/network/interfaces
to their connections by updating wired/wireless setting with the
mac address of the device.
* system-settings/plugins/ifupdown/plugin.c
- (get_net_address_for_udi): implement function to retrieve MAC
address of udi from hal in GByteArray format
- (bind_device_to_connection): bind mac address of device to
wired/wireless system connection
- (hal_device_added_cb): call bind_device_to_connection for
system connections with a matching interface.name
- (hal_device_added_cb): ensure that all code paths
properly free the "iface" string.
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4165 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
