The static connection profiles are 'configured'.
So, now we have:
nmcli connection show configured [[id|uuid|path] <ID>]
- shows configured connections
nmcli connection show active [[id|uuid|path|apath] <ID>]
- shows active connections
Without arguments the commands list all connections; with an argument, the details
of the requested connection is shown.
and also allow identifying connetions with 'path' and 'apath' that accepts either
the whole D-Dus path or just an index.
nmcli connection down [id|uuid|path|apath] <ID>
Example:
nmcli connection down con1
nmcli connection down con1 con2 apath 1 id my-wifi
and also allow identifying connetions with 'path' that accepts either the whole
D-Dus path or just an index.
nmcli connection up [id|uuid|path] <ID>
Examples:
nmcli connection up "My Home Wi-Fi"
nmcli connection up id "My Home Wi-Fi"
nmcli connection up path /org/freedesktop/NetworkManager/Settings/18
nmcli connection up path 18
Note:
In order to be able to identify connections with just index number, the 'path'
keyword has to be provided.
and also allow identifying connetions with 'path' that accepts either the whole
D-Dus path or just an index.
nmcli connection delete [id|uuid|path] <ID>
Example:
nmcli connection delete "Wired 1" "Wired 2" "Wired 3"
nmcli connection delete id MyMain id "Quick Test 1" "Quick Test 2" path 23 path 47
And also allow:
- identifying connetions with 'path'/'apath' accepting either the whole D-Dus path
or just an index
- multiple connections on cmdline at once
nmcli connection list [[id|uuid|path] <ID>]
nmcli connection status [[id|uuid|path|apath] <ID>]
Examples:
nmcli c l
nmcli c l "My Wi-Fi 1" airpoirt1 cpath 23 id "My Wi-Fi 2"
nmcli c s
nmcli c s apath 1 ee19b893-e2a7-42cf-ac82-34506f07a05f
Both the VpnState property and the VpnStateChanged dbus signals update the
NMVPNConnection's 'vpn-state' GObject property, so we should ensure that
when either updates it due to a D-Bus event, GObject signals are sent
out for both too.
Though the client shouldn't be calling anything when NM isn't running
(because clients have nm_client_get_manager_running()), make sure
that NMClient never calls a NetworkManager method when NM isn't
on the bus.
Next, ensure NMObject doesn't try to refresh properties when NM isn't
running. Creating an NMClient may trigger a property refresh request,
but if NM isn't running, defer that until NM starts, to ensure that
we don't D-Bus autostart NM.
Third, ensure NMRemoteSettings doesn't attempt to list connections
unless NM is running.
This prevents service activation of NetworkManager in lieu of dbus-glib
learning about DBUS_HEADER_FLAG_NO_AUTO_START.
libnm-glib handles connecting to the bus automatically if NULL
is passed for the bus object. Do that; plus this lets us use
the private bus connection if present.
Use the D-Bus connection helper whenever we need a connection to
NM, which by default tries to use a private connection instead of
the shared bus connection whenever the user is root. Doing this
by default will not change the behavior of libnm-glib, and allows
tools like nmcli and libnm-glib-using clients to work in minimal
environments (those without a bus daemon) by default.
When using a private connection, we need to use dbus_g_proxy_new_for_peer()
because the bus isn't involved. Since many parts of libnm-glib create a
proxy for their corresponding remote object, consolidate the proxy creation
logic.
A later patch will add logic to use a private connection versus a bus-based
one.
A number of places in the code need to get a connection to NM through
D-Bus, and that connection could be either a shared bus connection or
a private connection. Consolidate that logic.
Unfortunately only dbus-glib >= 0.100 correctly supports private
connections (commit 8b7e4a1c4ae055864e26db4addbcc2dc38ee6963 fixes
this problem) so the private connection functionality is not enabled
for older dbus-glib versions.
Allows DHCP to work when a bus daemon isn't running. This also
fixes a race condition where when multiple interfaces are attempting
to get a DHCP lease at the same time, if one DHCP client instance
triggers the callout, that instance gets the bus name, and any
other client triggering the callout at that time will fail because
the bus name is already taken. Since this commit allows using
a private socket, where no process has a bus name, this race is
avoided.
Also move the DHCP helper from callouts/ to src/dhcp-manager/ to
consolidate all the DHCP stuff and clean up some of the helper's
code.
Most callers of nm_auth_chain_new() call nm_dbus_manager_get_caller_info()
right before that, so just fold the get_caller_info() call into
nm_auth_chain_new() to reduce code complexity in callers. Yes, this
means sometimes we call nm_dbus_manager_get_caller_info() twice,
but that's not really a problem.
Normally, users which are not part of a login session can't access
connections. Root won't always be part of a login session, so
allow root to bypass visibility checks. The code already bypassed
the ACL checks for root, but in multiple places. Consolidate those
checks into one function.
Since dbus senders are faked for private connections, we can't just
call dbus_bus_get_unix_user() on fake senders. They need to be
checked against the NMDBusManager's list of private connections
first.
Instead of doing something like
<get caller UID>
if (root) {
perform_operation()
other boilerplate stuff
return;
}
nm_auth_chain_new(perform_operation)
...
just have root also go through the auth chain, which is now
short circuited for root. This ensures we always use the same
code paths for root and non-root, and that fixes made in one path
are also executed for the other.
dbus-glib has had dbus_g_connection_lookup_g_object() since 0.72
(circa 2006) so instead of parsing the object paths ourselves, let
dbus-glib tell us what object it is, and rely on GObject property
permissions to block writes at the object level, and dbus-glib to
block writes at the D-Bus level based on the introspection XML.
Plus, we can use the various ways to get the caller UID that were
added in previous patches to simplify authentication.
For cases where NM may run without a bus daemon in root-only
environments, like an initramfs. For disconnection, since private
connection just get a disconnect message instead of NameOwnerChanged
signals broadcast by a bus daemon, just synthesize the NameOwnerChanged
signals using our fake owner name. It's just easier to do this rather
than modify any code that cares about disconnects.
Note that the new private socket is only enabled if built with
dbus-glib >= 0.100 as there are bugs in previous versions in the
implementation of dbus_g_proxy_new_for_peer() which clients must
use to talk to the private socket.
When providing a service on the bus daemon and a private connection,
we'll need to track objects so we can register them with the
private connection too. Thus all registration/unregistration
calls have to go through the NMDBusManager, not straight to
dbus-glib.
The error is now pushed to things that request PK auth so that we don't
lose it, because we don't want to unconditionally log it from NM, but
still want things to know that their request couldn't be fulfilled
because PK wasn't running.
Don't create a GError with a domain of 0, which causes a glib warning,
and make it clearer when we're early-finishing with an error and when
we're not.
test-keyfile.c: In function 'test_read_string_ssid':
test-keyfile.c:1154:51: error: argument to 'sizeof' in 'memcmp' call is the
same expression as the second source; did you mean to provide an explicit
length? [-Werror=sizeof-pointer-memaccess]
ASSERT (memcmp (array->data, expected_ssid, sizeof (expected_ssid)) == 0,
Make the main/dns config key be a single value rather than a list of
plugins. Since there is currently only one valid value for it
("dnsmasq"), this is backward-compatible.
In the future, it will be possible to specify custom DNS-configuring
scripts here, which is a more flexible way of handling complicated
behavior than trying to create chainable internal plugins.
Remove the unused NMDnsPlugin::init method, some unused #includes, and
an out-of-date comment.
Use the correct macro for the default "/etc/resolv.conf" path.
Simplify NMDnsManager::dispose() a bit.
Make nm_dns_dnsmasq_new() return an NMDnsPlugin* rather than
NMDnsDnsmasq*.
Add an ignore-carrier option to NetworkManager.conf, for specifying
devices where carrier state should be ignored for purposes of
activating/deactivating connections.
Add a new configuration directory ($nmconfdir/conf.d by default,
overridable via the --config-dir command-line option) that can contain
".conf" files that will be parsed in asciibetical order to override
the main NetworkManager.conf file.
In addition to simple overrides, the conf files also support appending
to the value of a previously-set list-valued key, by doing, eg,
"plugins+=foo"
https://bugzilla.gnome.org/show_bug.cgi?id=688857
