This was added by commit 979b8920b4
(core: move virtual device autoconnect tracking bits out of NMManager)
to avoid autoconnecting software devices repeatedly. That was done,
because disconnecting a software device would delete the NMDevice
instance, and there is no property on a device to prevent autoconnect.
In the meantime, we only unrealize software devices and don't delete
them entirely. Also, the autoconnect-blocked flags of the device are
preserved when the device unrealized.
It was anyway odd, that deactivating one software-device would block
autoconnection for all matching connections.
- split NM_DEVICE_AUTOCONNECT_BLOCKED_INTERN in two parts:
"wrong-pin" and "manual-disconnect". Setting/unsetting them
should be tracked differently, as their reason differs.
- no longer initialize/clear the autoconnect-blocked reasons
during realize/unrealize of the device. Instead, initialize
it once when the object gets created (nm_device_init()), and
keep the settings beyond unrealize/realize cycles. This only
matters for software devices, as regular devices get deleted
after unrealizing once. But for software devices it is essential,
because we don't want to forget the autoconnect settings of
the device instance.
- drop verbose logging about blocking autoconnect due to failed
pin. We already log changes to autoconnect-blocked flags with
TRACE level. An additional message about this particular issue
seems not necessary at INFO level.
- in NMManager's do_sleep_wake(), no longer block autoconnect
for devices during sleep. We already unmanage the device, which
is a far more effective measure to prevent activation. We should
not also block autoconnect.
The flags allow for more then two reasons. Currently the only reasons
for allowing or disallowing autoconnect are "user" and "intern".
It's a bit odd, that NMDeviceAutoconnectBlockedFlags has a negative
meaning. So
nm_device_set_autoconnect_intern (device, FALSE);
gets replaced by
nm_device_set_autoconnect_blocked_set (device, NM_DEVICE_AUTOCONNECT_BLOCKED_INTERN);
and so on.
However, it's chosen this way, because autoconnect shall be allowed,
unless any blocked-reason is set. That is, to check whether autoconnect
is allowed, we do
if (!nm_device_get_autoconnect_blocked (device, NM_DEVICE_AUTOCONNECT_BLOCKED_ALL))
The alternative check would be
if (nm_device_get_autoconnect_allowed (device, NM_DEVICE_AUTOCONNECT_ALLOWED_ALL) == NM_DEVICE_AUTOCONNECT_ALLOWED_ALL)
which seems odd too.
So, add the inverse flags to block autoconnect.
Beside refactoring and inverting the meaning of the autoconnect
settings, there is no change in behavior.
nm_device_can_auto_connect() only has one caller, auto_activate_device()
in NMPolicy.
That caller already checks whether the connection has autoconnect
enabled, so drop the duplicate check.
This saves some duplication, but it also makes some sense:
NMSettingsConnection has a complex blocking of autoconnect,
so just looking at connection.autoconnect is not enough in
any case to determine whether the connection should autoconnect.
We move thus more handling of autoconnect to NMPolicy, where
it belongs.
OLPC devices cannot autoconnect, according to can_auto_connect().
We should instead reject any attempt to autoconnect earlier, via
get_autoconnect_allowed().
Currently the ifcfg-rh plugin doesn't explicitly store the connection
type for team slaves and is only able to read back ethernet and vlan
connections.
Leave this unchanged for ethernet and vlan slaves, but store the TYPE
variable for other connection types (Wi-Fi and Infiniband) so that we
can properly determine their type when the connection is read.
(cherry picked from commit 29a576496e)
Currently the ifcfg-rh plugin doesn't explicitly store the connection
type for team slaves and is only able to read back ethernet and vlan
connections.
Leave this unchanged for ethernet and vlan slaves, but store the TYPE
variable for other connection types (Wi-Fi and Infiniband) so that we
can properly determine their type when the connection is read.
Travis' version of glib-compile-resources does not support the
--internal flag:
GEN libnm/fake-typelib/typelibs.c
Unknown option --internal
make: *** [libnm/fake-typelib/typelibs.c] Error 1
We don't really need it anyway, because we have a linker version
script, that controls symbol visibility.
Fixes: 4d1f090aed
Register empty "NMClient" and "NetworkManager" GIR modules as soon as libnm is
loaded witch gnome-introspection. This prevents the real modules from being
loaded because they would in turn load libnm-glib and abort() and crash.
In particular this prevents the GNOME shell from crashing with
libnm-glib abort and allows gracefully disabling the extensions which
use the obsolete library.
Test:
$ cat test.js
const NM = imports.gi.NM;
print (NM.SecretAgentGetSecretsFlags.ALLOW_INTERACTION);
const NMClient = imports.gi.NMClient;
print (NMClient.SecretAgentGetSecretsFlags.ALLOW_INTERACTION);
Before:
$ gjs test.js
1
(gjs:16253): libnm-util-ERROR **: libnm symbols detected; Mixing libnm with libnm-util/libnm-glib is not supported
Trace/breakpoint trap (core dumped)
$
After:
$ gjs test.js
1
Gjs-Message: JS WARNING: [test.js 5]: reference to undefined property "SecretAgentGetSecretsFlags"
(gjs:16228): Gjs-WARNING **: JS ERROR: TypeError: NMClient.SecretAgentGetSecretsFlags is undefined
@test.js:5:1
JS_EvaluateScript() failed
Insert the new gateway at the end when it has the least preference.
Fixes the following runtime error:
src/ndisc/nm-ndisc.c:204:_ASSERT_data_gateways: assertion failed:
(_preference_to_priority (item_prev->preference) >=
_preference_to_priority (item->preference))
Change the activation procedure for connections that require secrets
in the following way:
- nmcli creates a secret-agent and leaves it disabled so that
incoming requests are queued
- nmcli calls ActivateConnection()
- when the method returns success, the secret-agent gets enabled and
all queued requests are processed
When the user activates a connection which is already auto-activating,
NM will deactivate the current active-connection and will call
CancelGetSecrets() for it before the new ActivateConnection()
returns. In this way, when the secret-agent is enabled by nmcli, we
have the guarantee that there aren't any queued requests for
the deactivating connections.
https://bugzilla.redhat.com/show_bug.cgi?id=1438476
`systemctl start network-online.target` should suffice to start
"NetworkManager.service".
That would work because
- "network-online.target" has "Wants=NetworkManager-wait-online.service"
- "NetworkManager-wait-online.service" has "Require=NetworkManager.service".
But previously, "NetworkManager-wait-online.service" would just
fail with missing dependency.
See also https://github.com/systemd/systemd/pull/6065 which does the
same for networkd's wait-online serice, and see rh#1452866 for a
use-case.
Related: https://bugzilla.redhat.com/show_bug.cgi?id=1452866
Don't compile ovs support when the RPM is built --without=ovs, to fix
the following error:
error: Installed (but unpackaged) file(s) found:
/usr/lib/systemd/system/NetworkManager.service.d/NetworkManager-ovs.conf
/usr/lib64/NetworkManager/libnm-device-plugin-ovs.so
/usr/share/man/man7/nm-openvswitch.7.gz
Fixes: 830a5a14cb
The number of authentication retires is useful also for passwords aside
802-1x settings. For example, src/devices/wifi/nm-device-wifi.c also has
a retry counter and uses a hard-coded value of 3.
Move the setting, so that it can be used in general. Although it is still
not implemented for other settings.
This is an API and ABI break.
Some cleanup of handling autoconnect behavior.
The introduction of NMSetting8021x:auth-retries property,
changes behavior in that password retries are no longer
controlled by NMSettingConnection:autoconnect-retries property.
https://bugzilla.redhat.com/show_bug.cgi?id=1401515
