Since D-Bus doesn't allow NULL or zero-length object paths, NM
uses "/" as a placeholder here. Make sure the generic marshalling
code handles that so we don't have to do it in multiple places and
simplify handling of NULL objects somewhat.
Enables easier traversal of the object hierarchy; if a client is
watching signals on a device they can easily get back to the
parent NMActiveConnection object to grab connection details or
status.
Here's the problem:
- NM requests secrets
- secret agent returns secrets including some that are agent-owned or
not-saved (ie, transient secrets)
- for whatever reason (other secrets are system-owned, whatever) the
connection gets written back out to disk
- at some point later inotify triggers a connection re-read from disk
- the connection is read from disk, but doesn't contain the agent-owned
or not-saved secrets, because they obviously don't get saved
- nm_settings_connection_replace_and_commit() blows away the agent-owned
or not-saved secrets that the agent originally returned
- device activation no longer has the transient secrets
Re-reading connection data from disk shouldn't change transient secrets;
instead we need to merge the just-read system-owned secrets with whatever
transient secrets an agent sent. Transient secrets should only be cleared
by nm_connection_clear_secrets() to ensure that they stick around for as
long as we need them.
This used to only happen for user-created APs, but the supplicant
always wants a frequency no matter what, and the kernel drivers will
normally merge with any other IBSS with the same SSID no matter what
frequency is used, so we might as well just pass something since
it doesn't really matter in the end anyway.
As a bonus we get to remove the user_created stuff since it doesn't
really matter much anymore.
Commit e083cd5c63 stopped openconnect from
saving its secrets. It'd been working for a whole three minutes since my
previous commit.
We need to have at least one secret with an *extant* flags setting of
NM_SETTING_SECRET_FLAG_NONE, in order to trigger a write-out of the new
set of secrets. And we might as well list all the secrets we *know* the
auth-dialog is going to use, although we know there will be some secrets
that we cannot predict in advance (the form entry boxes).
All non-VPN secrets are considered system-owned if they do not
have any explicitly set secret flags, and this makes VPN secrets
treated the same way. As part of the import process plugins and
the applet already update secret flags. This ensures that VPN
secrets are treated consistently throughout the codebase.
Retries counter was not initialized when connections were loaded. That forced
the counter to start from -1 and continue decreasing on connection failures.
And connection attempts never stopped.
Instead of just with the old environment variable. This means we'll
log pppd debug output when the log level is changed via the D-Bus
interface now too.
Previously a secret marked NOT_SAVED or NOT_REQUIRED would be
treated as a system secret when checking returned secrets. That's
incorrect since unsaved or not required secrets aren't stored
by system settings.
Evil hack; but the problem is that before this commit anyone who
migrated connections wouldn't have the right secrets flag set in
their openconnect connections. Figuring out some way of updating
those connections now is harder and we don't want people to have
to go through the delete-connection-file-change-applet-stamp-rerun
dance. So we'll live with this for now...
Use one global PolkitAuthority object; we only really need to use it
in one place anyway. So consolidate the code that uses polkit into
nm-manager-auth.c.
If there's no SSID, we can't connect at all. So if a client passes
in a hidden AP, and doesn't send the SSID in the partial connection
info, we can't make a connection with it. Return an error instead
of crashing.
This reverts commit 2b12825faa.
Fixes the problem, but the real issue was clients passing AP objects
that don't have an SSID; we need to reject connection creation
requests where the SSID can't be found.
A network with hidden SSID can appear in gnome-shell indicator applet as
<unknown> entry. Clicking it can make NM crash if there is no SSID in wireless
setting nor in AP.
The ETSI specs state that valid characters are only ASCII alphanumeric
characters, but then state that APNs should generally follow DNS
naming rules. Well, that means a lot more characters are allowed,
but modems don't like many of them. So let's slowly allow more
characters as people find ones that actually are used. The restriction
was originally put in place to disallow spaces, because they
certainly aren't allowed APN characters and modems and the
network puke when they see spaces.
Neither gnutls nor NSS fully support PKCS#8 so we don't have complete
support here, but at least recognize the keys and make an attempt to
check the private key if we can.
This reverts commit e5e3dbf415.
The patch fixes the issue but it should really be resolved by the
NM dispatcher code in NetworkManagerUtils.c flattening the DHCP
Options property instead, keeping the dispatcher code simpler.
When removing all NSPs in the scan list clearly we should be clearing
out the current NSP as well, since it just got removed from the scan
list. And make sure the current NSP is cleared when activation fails
or when the device becomes disconnected, since it's not connected to
anything and thus can't have a current NSP either.
The current NSP should only be set during the activation attempt and
while the device is connected.
The WiMAX SDK will reject connect requests while the device is scanning,
which happens when right after suspend or when the wimax radio is
turned on. Postpone the connect attempt until the device says it's
not scanning anymore instead of having the connect attempt fail
and be retried.
1) Don't require NM, but run after it. This allows this service
to be installed without bringing up NetworkManager. Add -x so that
it exits if NM isn't running.
2) Install as a want of network.target, instead of multi-user.target.
This allows us to skip it if nothing requires network.target or the
legacy $network SysV capability.
Unfortunately, GObject Introspection can no longer describe deeper
types, like those inside nested hash tables, which NM uses extensively
for the NMConnection type and other places. So we have to remove
those descriptions. But this moves us back into compliance with
GOI annotation formats.
Clarify that these are supposed to be paths in the argument name;
this shouldn't break API as it's just an argument rename. Helps
users figure out what the argument should be without as much trouble
as 'value', which is what it was before.
