GError codes are only unique per domain, so logging the code without
also indicating the domain is not helpful. And anyway, if the error
messages are not distinctive enough to tell the whole story then we
should fix the error messages.
Based-on-patch-by: Dan Winship <danw@gnome.org>
If the plugin supports interactive mode, but the VPN binary (like vpnc
or openvpn) doesn't support it, then the plugin should return
NM_VPN_PLUGIN_ERROR_INTERACTIVE_NOT_SUPPORTED from its connect_interactive()
hook. This lets NetworkManager know to fall back to plain Connect().
Since this notification is done through an error return, the VPN service
plugin code sees the failure and moves the plugin state back to
STOPPED. NetworkManager sees that state change, and terminates the
connection attempt while waiting for a reply to the Connect() method.
(VPN service plugins that don't support interactive mode at all don't
have this problem because that error is returned before the plugin's
state is moved to STARTING.)
To fix this, do two things:
1) if the connect_interactive() hook fails and returns the error
NM_VPN_PLUGIN_ERROR_INTERACTIVE_NOT_SUPPORTED, postpone the STOPPED
state change for a few seconds to allow NM time to fall back to
plain Connect(). We still want to move the plugin state back to
STOPPED eventually, because otherwise it could stay in STARTING
forever.
2) change state to STARTING only if the connect/connect_interactive
plugin hooks were successful. Otherwise the plugin would still be
in STARTING state, and it's not valid to call Connect()/ConnectInteractive()
during the STARTING state.
https://mail.gnome.org/archives/networkmanager-list/2016-February/msg00091.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1298732
- All internal source files (except "examples", which are not internal)
should include "config.h" first. As also all internal source
files should include "nm-default.h", let "config.h" be included
by "nm-default.h" and include "nm-default.h" as first in every
source file.
We already wanted to include "nm-default.h" before other headers
because it might contains some fixes (like "nm-glib.h" compatibility)
that is required first.
- After including "nm-default.h", we optinally allow for including the
corresponding header file for the source file at hand. The idea
is to ensure that each header file is self contained.
- Don't include "config.h" or "nm-default.h" in any header file
(except "nm-sd-adapt.h"). Public headers anyway must not include
these headers, and internal headers are never included after
"nm-default.h", as of the first previous point.
- Include all internal headers with quotes instead of angle brackets.
In practice it doesn't matter, because in our public headers we must
include other headers with angle brackets. As we use our public
headers also to compile our interal source files, effectively the
result must be the same. Still do it for consistency.
- Except for <config.h> itself. Include it with angle brackets as suggested by
https://www.gnu.org/software/autoconf/manual/autoconf.html#Configuration-Headers
- "gsystem-local-alloc.h" and <gio/gio.h> are already included via
"nm-default.h". No need to include them separately.
- include "nm-macros-internal.h" via "nm-default.h" and drop all
explict includes.
- in the modified files, ensure that we always include "config.h"
and "nm-default.h" first. As second, include the header file
for the current source file (if applicable). Then follow external
includes and finally internal nm includes.
- include nm headers inside source code files with quotes
- internal header files don't need to include default headers.
They can savely assume that "nm-default.h" is already included
and with it glib, nm-glib.h, nm-macros-internal.h, etc.
We now (since 3272ff6 libnm/libnm-glib: don't quit in the middle of asking for
secrets) always hook on the quit timer when NM asks the plugin if it needs
secrets. The timer is 20 seconds, which seems too short.
Let's make it three minutes. Don't bother adding another timer or using a
distinct timeout: it does no harm for the plugin to remain unused for three
minutes on a bus.
Another option would be to completely unhook it; however the plugin wouldn't
learn if the user cancelled the NM's secrets request and would remain unused
on the bus forever.
Rather than randomly including one or more of <glib.h>,
<glib-object.h>, and <gio/gio.h> everywhere (and forgetting to include
"nm-glib-compat.h" most of the time), rename nm-glib-compat.h to
nm-glib.h, include <gio/gio.h> from there, and then change all .c
files in NM to include "nm-glib.h" rather than including the glib
headers directly.
(Public headers files still have to include the real glib headers,
since nm-glib.h isn't installed...)
Also, remove glib includes from header files that are already
including a base object header file (which must itself already include
the glib headers).
Add a file containing the defines like DBUS_INTERFACE_DBUS from
dbus-shared.h, and use it from the gdbus-using files.
Also, convert a bunch of other places that were previously hardcoding
the string values to use the defines instead, and fix the ifcfg-rh
plugin to properly namespace its own D-Bus-related defines.
If the VPN plugin terminated and the user started it again, then the
quit timer will still be running and it sometimes happens that the
VPN plugin will quit while the UI is asking the user for secrets.
That's not very nice, so don't do that.
Reproducer: while connect to the VPN, suspend your laptop. Then
resume it, and immediately re-start the VPN connection. Watch the
secrets dialog disappear within a very short time.
https://bugzilla.gnome.org/show_bug.cgi?id=752237
config.h should be included from every .c file, and it should be
included before any other include. Fix that.
(As a side effect of how I did this, this also changes us to
consistently use "config.h" rather than <config.h>. To the extent that
it matters [which is not much], quotes are more correct anyway, since
we're talking about a file in our own build tree, not a system
include.)
Some libnm-glib object properties were only documented in the
GParamSpec strings, not via gtk-doc comments, so they became
undocumented when the paramspec strings went away. Fix that.
(Also fix incorrect gtk-doc syntax with several NMClient properties.)
- Remove list of authors from files that had them; these serve no
purpose except to quickly get out of date (and were only used in
libnm-util and not libnm-glib anyway).
- Just say "Copyright", not "(C) Copyright" or "Copyright (C)"
- Put copyright statement after the license, not before
- Remove "NetworkManager - Network link manager" from the few files
that contained it, and "libnm_glib -- Access network status &
information from glib applications" from the many files that
contained it.
- Remove vim modeline from nm-device-olpc-mesh.[ch], add emacs modeline
to files that were missing it.
Remove all remaining GParamSpec name and blurb strings (and fix
indentation while we're there), and add G_PARAM_STATIC_STRINGS to all
paramspecs that were lacking it.
When receiving updated VPN IP configuration from the helper after the
initial connect event, the library overwrites the already initialized
GValue fields by calling g_value_init() again. This is an error and causes
the following warning:
(nm-openvpn-service:27645): GLib-GObject-WARNING **: gvalue.c:183: cannot initialize GValue with type gchararray, the value has already been initialized as gchararray
Signed-off-by: Thomas Haller <thaller@redhat.com>
The errors were documented as org.freedesktop.NetworkManager.VPN.Error.*,
but the actual values were org.freedesktop.NetworkManager.VPN.Plugin.*
Also update the errors documentation.
The ConnectInteractive() -> Connect() fallback code doesn't work, because
_connect_internal() changes the state to NM_VPN_SERVICE_STATE_STARTING before
checking if it can implement ConnectInteractive(), and then when the Connect()
call comes in, the VPN is not in STOPPED or INIT, so it returns an error.
The commit moves setting state to STARTING after the ConnectInteractive() check
availability, in the plugin. We introduce new plugin error and set it when the
the plugin does not implement ConnectInteractive(). NetworkManager uses this
error for ConnectInteractive() -> Connect() fallback.
https://bugzilla.gnome.org/show_bug.cgi?id=708255
There are three additions to the D-Bus interface for VPN plugins as
part of this patch:
1) ConnectInteractive(): called by NM instead of Connect() to let
the plugin know that it can request additional secrets during the
connection process using SecretsRequired
2) SecretsRequired: a new signal emitted by the plugin to indicate
to NetworkManager that additional secrets are required to connect;
can only be called if NetworkManager initiated the connection by
calling the ConnectInteractive() method
3) NewSecrets(): a new method of the plugin that NetworkManager calls
when new secrets requested by the SecretsRequired signal have been
retrieved from secret agents
We need new methods because agents need to be aware of the hints that
the VPN plugins may send with the SecretsRequired signal (detailing
the specific secrets that are required) and at this time, not all
agents support passing those hints to the VPN plugin authentication
dialogs.
Old plugins (ie, that aren't IPv6 capable) don't send the 'config'
signal, and thus have no way of signalling which IP methods they
have support for. Which means they won't set priv->has_ip4 and
thus the connect timer will kill the connection after a minute.
So track whether we got a 'config' signal, and if we didn't, but
we did get an 'ip4-config' signal (which means this is an old
plugin) then we just assume that the plugin supports IPv4. This
allows the connect timer to be canceled and the plugin to advance
to the STARTED state.
Add new API to allow passing both IPv4 and IPv6 configuration
information from VPN plugins to the backend.
Now instead of a single Ip4Config, a plugin has Config, Ip4Config, and
Ip6Config. "Config" contains information which is neither IPv4 nor
IPv6 specific, and also indicates which of Ip4Config and Ip6Config are
present. Ip4Config now only contains the IPv4-specific bits of
configuration.
There is backward compatibility in both directions: if the daemon is
new and the VPN plugin is old, then NM will notice that the plugin
emitted the Ip4Config signal without having emitted the Config signal
first, and so will assume that it is IPv4-only, and that the generic
bits of configuration have been included with the Ip4Config. If the
daemon is old and the plugin is new, then NMVPNPlugin will copy the
values from the generic config into the IPv4 config as well. (In fact,
NMVPNPlugin *always* does this, because it's harmless, and it's easier
than actually checking the daemon version.)
Currently the VPN is still configured all-at-once, after both IPv4 and
IPv6 information has been received, but the APIs allow for the
possibility of configuring them one at a time in the future.
In some situations, objects might get used after being disposed, so
clear out their various priv fields so we don't try to access unreffed
objects, freed strings, etc.
https://bugzilla.gnome.org/show_bug.cgi?id=674473
Rather than generating enum classes by hand (and complaining in each
file that "this should really be standard"), use glib-mkenums.
Unfortunately, we need a very new version of glib-mkenums in order to
deal with NM's naming conventions and to fix a few other bugs, so just
import that into the source tree temporarily.
Also, to simplify the use of glib-mkenums, import Makefile.glib from
https://bugzilla.gnome.org/654395.
To avoid having to run glib-mkenums for every subdirectory of src/,
add a new "generated" directory, and put the generated enums files
there.
Finally, use Makefile.glib for marshallers too, and generate separate
ones for libnm-glib and NetworkManager.
Clients need to do their own logging using glib or whatever; these
macros while somewhat helpful were not flexible and are not a
substitute for actual logging in the client. g_warning, g_message,
and g_error are more suitable anyway.
* libnm-glib/nm-vpn-plugin.c
- (nm_vpn_plugin_connect): stop plugin after connection failure from
an idle handler so the Connect reply gets delivered before the
stop StateChanged signal
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3920 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
Add a GError argument to nm_connection_verify() and nm_setting_verify(),
and add error enums to each NMSetting subclass. Each NMSetting subclass now
returns a descriptive GError when verification fails.
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3751 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
Massive fixup of libnm-glib to:
a) have all objects (with the exception of VPN) cache their properties and
update them asynchronously on PropertiesChanged signals from NM
b) return internal const data for most attributes/properties instead of
allocated values that the caller must free
c) cache wrapped objects such that a given D-Bus path will always map to the
same GObject returned by libnm-glib
d) remove a few signals and move them to GObject property notifications
e) match recent NM D-Bus API changes for activation/deactivation
f) remove some private functions from libnm-glib headers
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3491 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
* introspection/nm-vpn-plugin.xml
libnm-glib/nm-vpn-plugin.c
libnm-glib/nm-vpn-plugin.h
- (impl_vpn_plugin_need_secrets): implement a call that should return
the name of the NMSetting in an NMConnection that may require
secrets specific to that VPN plugin
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@2892 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
* libnm-glib/nm-vpn-plugin.c (nm_vpn_plugin_connect): Update the
* plugin activation
method.
(impl_vpn_plugin_connect): Convert properties hash to
NMConnection, activate, and
unreference the connection.
* introspection/nm-vpn-plugin.xml: Modify the 'Connect' method
* arguments: instead of
passing properties hash and routes string list, pass
NMConnection (in hashed form).
* src/vpn-manager/nm-vpn-connection.c
* (nm_vpn_connection_get_routes): Return routes
as GSList, no need to copy stuff around anymore.
(nm_vpn_connection_activate): Update the plugin activation
method.
* src/NetworkManagerSystem.c
* (nm_system_vpn_device_set_from_ip4_config): Convert
routes argument to GSList.
* vpn-daemons/vpnc/src/nm-vpnc-service.c (real_connect):
The arguments have changed, update.
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@2890 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
* src/vpn-manager/nm-vpn-connection.[ch]:
* src/vpn-manager/nm-vpn-manager.[ch]:
* src/vpn-manager/nm-vpn-service.[ch]: Rewrite the vpn handling
* code. Using
dbus-glib, GObjects, signals etc.
* libnm-glib/nm-vpn-manager.[ch]:
* libnm-glib/nm-vpn-connection.[ch]: Now that the NM
* implementation changed
so much, rewrite these too.
* libnm-glib/Makefile.am: Add new files to build, build new
* binding files for
the new introspection files.
* libnm-glib/nm-client.[ch]: Remove all VPN related stuff from
* here.
* libnm-glib/nm-dbus-utils.[ch]: Renamed from nm-utils.[ch] that
* was shadowing
the header with the same name from libnm-utils.
* libnm-glib/nm-vpn-plugin.[ch]: Implement.
* libnm-util/Makefile.am: Add nm-utils.[ch] to build.
* introspection/nm-vpn-plugin.xml: Implement.
* introspection/nm-vpn-connection.xml: Implement.
* introspection/nm-vpn-manager.xml: Implement.
* src/NetworkManagerSystem.c
* (nm_system_vpn_device_set_from_ip4_config): Remove
the named manager argument, it can just as easily get it as the
caller.
(nm_system_vpn_device_unset_from_ip4_config): Ditto.
* src/vpn-manager/nm-dbus-vpn.[ch]: Remove.
* src/nm-dbus-manager.h: Fix up the name_owner signal signature.
* src/dhcp-manager/nm-dhcp-manager.c (garray_to_string): Remove,
* use one from
libnm-utils.
* libnm-util/nm-connection.c: Ditto.
* src/NetworkManagerMain.h: Remove, it's finally empty.
* configure.in: Remove utils/ from build.
* include/NetworkManagerVPN.h: Add some more defines to reduce
* the amount
of hard-coded strings.
* utils/: Move it over to libnm-util.
* test/Makefile.am: Link against libnm-util now that util/ is
* gone.
* dispatcher-daemon/Makefile.am: Ditto.
* src/Makefile.am: Ditto.
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@2798 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
