The previous nm-dhcp-systemd code for logging the lease expiry time,
and exporting that value to D-Bus was clamping the value to
G_MAXUINT32-1, but that's unnecessary on x86_64, and incorrect on x86
(since time_t is signed).
Correctly adding a value to the current time and not overflowing seems
to be more-or-less impossible without having separate cases for 4- and
8-byte time_t. Since this was basically just for logging purposes
anyway, just log the number of seconds rather than the timestamp, and
then we don't have to worry about sizeof(time_t).
VLAN device watches the parent and reacts to its state change. However, on
creation, the device was made managed, even if the parent was unmanaged. Fix
that and export VLAN parent device property too. The property is added to
libnm/libnm-glib and nmcli as well.
https://bugzilla.redhat.com/show_bug.cgi?id=1114681
Rename NMSecretAgent to NMSecretAgentOld, to leave the name
"NMSecretAgent" open for a new-and-improved version in NM 1.2.
Also, a handful of NMSecretAgentSimple fixups.
https://bugzilla.gnome.org/show_bug.cgi?id=740345
set_connection_path() is almost always called right before enable(),
and it's unclear why it would be called anywhere else. So just
merge the two methods.
nm_secret_agent_simple_*() functions should take an
NMSecretAgentSimple, not an NMSecretAgent.
The type macros were incorrectly validating against
NM_TYPE_SECRET_AGENT rather than NM_TYPE_SECRET_AGENT_SIMPLE.
/libnm/crypto/PKCS#8: OK
/libnm/crypto/cert/pem: ==16241== Conditional jump or move depends on uninitialised value(s)
==16241== at 0x121967: crypto_load_and_verify_certificate (crypto.c:605)
==16241== by 0x12512E: nm_utils_file_is_certificate (nm-utils.c:2279)
==16241== by 0x1201F1: test_cert (test-crypto.c:113)
nmt-editor.c: In function ‘nmt_editor_constructed’:
nmt-editor.c:365:2: error: ‘page’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
add_sections_for_page (editor, grid, page);
^
If an NmtEditorGrid row has a widget, but no label, then we make the
widget span both the label and widget columns. But previously we
weren't doing the same for rows with labels but no widgets. (In fact,
we didn't even allow rows with no widgets; label-only rows had to
specify dummy widgets.)
Fix it so that labels will span into an empty widget column. (This
ensures that a long section name won't force the entire grid to have
an overwide label column).
Also, in both the "no label" and "no widget" cases, still show the
"extra" column if it's present.
Rather than having NmtEditor need to know that DSL requires a DSL
page, and Ethernet page, and a PPP page, just have the DSL page itself
return multiple sections.
Instead of having NmtEditorPage be a widget itself, have it just be an
object that returns a list of NmtEditorSections, where
NmtEditorSection is a subclass of NmtNewtSection.
(This will be important when adding VPN pages, which will be split up
into multiple sections, but with the different sections needing to
cooperate on updating the NMSettingVpn. This reorganization lets us
have an NMPageVpn containing multiple sections, with the NMPageVpn
object handling the coordination between the sections.)
All page types except NmtPageMain are displayed as collapsible
sections. NmtPageMain behaved quite differently from everything else.
So merge it into its container, NmtEditor.
Rename NmtPageDevice to NmtEditorPageDevice, and rename NmtPageGrid to
NmtEditorGrid.
Now all types with names starting with "NmtPage" are instantiable page
types, not abstract classes or low-level widgets.
Add nm-utils methods to check if a file is a certificate or private
key file.
nm-applet currently has its own internal versions of these, but they
ended up having to duplicate a bunch of logic that we already have in
crypto.c.
Update crypto_verify_private_key() and
crypto_verify_private_key_data() to indicate whether the key was
encrypted or not.
Rename crypto_decrypt_private_key() and
crypto_decrypt_private_key_data() to
crypto_decrypt_openssl_private_key*, since that's the only private key
format they deal with, and the old names made them sound more generic
than they were. Also, update the openssl private key parsing code to
recognize unencrypted private keys as well. (Previously we accepted
unencrypted PKCS#8 keys, but not unencrypted openssl-style keys.)
If we're activating the device without knowing the connection in advance, defer
servicing the requests for the secrets until we set the path.
[lkundrak@fedora20-2 ~]$ nmcli --ask c ifname wlan0
(process:18405): libnm-CRITICAL **: nm_object_get_path: assertion 'NM_IS_OBJECT (object)' failed
Error: Connection activation failed: The device has no connections available.
[lkundrak@fedora20-2 ~]$
We've previously been just watching for state changes into UNMANAGED state. No
state change is emitted upon removal of a device which is already unmanaged.
https://bugzilla.gnome.org/show_bug.cgi?id=737659
Before, we would only track a device in NMDefaultRouteManager
if it had a default route. Otherwise the entry for the device
was removed.
That was wrong, because having no entry meant that the interface
is assumed and hence we would not touch the interface. Instead we must
esplicitly track devices without default route to know when an interface
has no default route.
Signed-off-by: Thomas Haller <thaller@redhat.com>
It's better to add the more important routes first. Otherwise there
might be a short time when a lower priority route has precedence.
Signed-off-by: Thomas Haller <thaller@redhat.com>
The previous commit made NM enforce the default route on interfaces for
which NM manages a default route.
For interfaces that are configured never-default, NM will now pick up
any externally configured default route, as if it was managed by NM.
This is important, because NMDefaultRouteManager needs a notion of which
is the best device. Without this change, it was agnostic to default routes
on managed, never-default interfaces.
Signed-off-by: Thomas Haller <thaller@redhat.com>
Monitor default routes from platform, and resync the default routes
on changes.
For one, this fixes the following use-case: have an assumed device em1
with two routes of metric 20 and 21. Activate em2, which will get effective
metric 22.
When externally removing route em1/20, em2 would resync the effective metric to
20. This is correct and already worked before. However, when deleting em1/21,
nothing happened. With this change, em2 would resync to metric 21 to fill the gap.
However this commit has much bigger effects: whenever the user externally adds
a default route to an interface for which NM manages an default route, NM will
delete it.
Also, when deleting the default route (managed by NM), NM would readd
it. Effectivly, the user can no longer mess with the default route on
interfaces for which it manages the default route.
If the connection is configured never-default, the user still can add
default routes and NM will not touch them.
Obviously, this has no effect for assumed devices either and the user
can externally add and remove default routes as he wishes.
https://bugzilla.gnome.org/show_bug.cgi?id=735512
Signed-off-by: Thomas Haller <thaller@redhat.com>
Don't only consider the best route of assumed devices when syncing the route
metrics. This fixes the following scenario:
Have em1 assumed, with two default routes (metric 20 and 21).
When activating em2, NMDefaultRouteManager would have determined
21 as the effective metric, thus replacing the assumed route of em1.
Since we don't want to touch assumed interfaces, it is wrong to
replace their default routes.
Instead, keep track of all the assumed default routes and consider their
metrics when choosing effective_metric.
Signed-off-by: Thomas Haller <thaller@redhat.com>
When calling update_default_route(), NMDefaultRouteManager will look at the
source, and determine whether it has a default route or not. For example
for device sources, this means calling nm_device_get_ip4_default_route().
If the source indicates that it has no default route, the effect of
calling update_default_route() is the same as calling
remove_default_route() (hence, remove() can be replaced by update()).
If the source however still indicates a default route, the behavior
would be different. This case would be an undesired inconsistancy,
because source and NMDefaultRouteManager would disagree of whether
the source has a default route.
Source must always properly indicate whether it has a default route
or not, hence this situation does not arise.
Hence it is always better to call update().
Signed-off-by: Thomas Haller <thaller@redhat.com>
The case of having a metric MAXUINT32 is special, because in face of
multiple default routes with the same metric, NMDefaultRouteManager
cannot reduce the effective metric (because there is no lower priority
value).
This case works already correct, just when adding such a default route,
ensure that we add it to the *first* entry.
Signed-off-by: Thomas Haller <thaller@redhat.com>
