colin/NetworkManager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3ee36a6f7458d44f1197a9d00b51c580033f29a7
NetworkManager/docs/api/migrating-to-09.xml

479 lines
22 KiB
XML
Raw Blame History

<?xml version="1.0"?>
<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
<!ENTITY % local.common.attrib "xmlns:xi CDATA #FIXED 'http://www.w3.org/2003/XInclude'">
]>
<chapter id="ref-migrating">
<title>Migrating from NetworkManager 0.8 to NetworkManager 0.9</title>
<para>
NetworkManager 0.9 is a new major version of NetworkManager that breaks
both API and ABI compared to previous versions. These changes are
intended to make communication with NetworkManager much simpler, especially
for network control and configuration programs. Thankfully, most changes
are not difficult to implement, and the advantages of the simpler
architecture of NetworkManager 0.9 greatly outweight the effort of
updating client programs.
</para>
<section>
<title>Architecture and D-Bus API Changes in 0.9</title>
<para>
This section details the architectural and D-Bus API changes in
NetworkManager 0.9.
</para>
<section>
<title>Elimination of the User Settings Service</title>
<para>
Previously there were two "settings services", or D-Bus services that
provided and saved network configuration information. NetworkManager
owned the "system" settings service, and one user-level applet owned the
"user" settings service. Now, the "user" settings service has been
eliminated, so clients only have to track one D-Bus service to read and
update network configuration. The functionality of the old user settings
service has been replaced with a "permissions" key on each connection
object to preserve the ability to restrict which users can use the
connection, and with a "secret agent" D-Bus API for user-session-level
secure storage of network secrets and passwords.
</para>
<para>
Elimination of the user settings service provides the following advantages
for clients of NetworkManager:
<itemizedlist>
<listitem>Simpler discovery of network configuration and change tracking</listitem>
<listitem>Simpler storage of user-level network secrets by control applets</listitem>
<listitem>Correct operation of fast-user switching and multi-seat configurations</listitem>
<listitem>More granular network connection permissions for system administrators</listitem>
<listitem>Connections are now system-wide by default (unless restricted by the user or system administrator)</listitem>
<listitem>Easier deployment of user-specific connections (ie, VPNs)</listitem>
</itemizedlist>
</para>
<para>
With this change, D-Bus methods that previously took a "service name"
argument (like
<literal>org.freedesktop.NetworkManager.ActivateConnection</literal>) and
objects with service name properties (like ActiveConnection objects) no
longer have those arguments or properties.
</para>
<para>
<emphasis role="strong">Action:</emphasis> if you develop a network control
applet that talks to NetworkManager and used to provide a user settings
service, you can eliminate that code and rely on NetworkManager for all
storage of network configuration. Your applet should now implement the
Secret Agent D-Bus API (see below) to store user-specific secrets, and
add legacy user-specific configuration to NetworkManager when run. More
information about both these changes follows.
</para>
</section>
<section>
<title>User Secret Agents</title>
<para>
Even with the elimination of the user settings service, in some cases it
is still desirable to store secrets in the user's session and not in
system-wide storage (and thus available to all users). To allow this
functionality the concept of agents has been introduced. Using the new
<ulink url="spec.html#org.freedesktop.NetworkManager.AgentManager">
<literal>org.freedesktop.NetworkManager.AgentManager</literal></ulink>
D-Bus interface provided by NetworkManager, user applications can register
themselves as "secret agents", ie programs capable of saving and providing
secrets to NetworkManager. The agent should export the
<ulink url="spec.html#org.freedesktop.NetworkManager.SecretAgent">
<literal>org.freedesktop.NetworkManager.SecretAgent</literal></ulink>
D-Bus interface, but should NOT claim a bus name on the system or session
bus. Instead, NetworkManager talks to the agent directly over the D-Bus
connection which the agent used to register itself.
</para>
<para>
Each agent must send a unique identifier to NetworkManager when it
registers. This identifier must follow certain rules (see the NM D-Bus
API documentation for more details) but looks essentially the same as
a D-Bus service name. Only one agent using a given identifier may be
registered at the same time. The agent is automatically unregistered
if it disconnects from D-Bus or exits.
</para>
<para>
When NetworkManager requires secrets during the attempt to connect to a
network, and no secrets are available from the internal settings service,
NetworkManager queries each registered agent for secrets. Agents that
are in "active" user sessions (as determined by ConsoleKit) are preferred
over inactive ones. Only agents belonging to users who have permission
to view and modify the connection are queried. For more information on
connection permissions, see below.
</para>
When secrets are requested, the agent is also sent a set of flags that
modify the behavior of the request. By default, the agent should never
attempt to query the user for secrets, but should simply return any
available saved secrets. Other flags allow the agent to explicitly
request new secrets from the user.
<para>
<emphasis role="strong">Action:</emphasis> the parts of a previous user
settings service that handled secrets may be easily repurposed as the bulk
of the implementation of a secret agent. The agent is sent all available
connection settings, and from those should be able to retrieve or save
any saved user secrets, or to request new secrets from the user.
</para>
</section>
<section>
<title>Settings Service Interface Changes</title>
<para>
With the elimination of the user settings service, the old
<literal>org.freedesktop.NetworkManagerUserSettings</literal> and
<literal>org.freedesktop.NetworkManagerSystemSettings</literal> D-Bus
service names are no longer used. Instead NetworkManager provides the
settings service using its own D-Bus service name,
<literal>org.freedesktop.NetworkManager</literal>. The object path of
the settings service has also changed to
<literal>/org/freedesktop/NetworkManager/Settings</literal>.
</para>
<para>
Additionally, the D-Bus interface of the settings service has changed
to <ulink url="spec.html#org.freedesktop.NetworkManager.Settings">
<literal>org.freedesktop.NetworkManager.Settings</literal></ulink> from
the old interface name of
<literal>org.freedesktop.NetworkManagerSettings</literal>, and the old
<literal>org.freedesktop.NetworkManagerSettings.System</literal>
interface has been merged into the new
<ulink url="spec.html#org.freedesktop.NetworkManager.Settings">
<literal>org.freedesktop.NetworkManager.Settings</literal></ulink> interface
as the split no longer made sense. This includes the
<literal>SaveHostname</literal> method and the <literal>Hostname</literal>
and <literal>CanModify</literal> properties.
</para>
<para>
<emphasis role="strong">Action:</emphasis> change the service name and
object path that your application uses to request system network settings
to <literal>org.freedesktop.NetworkManager</literal> and
<literal>/org/freedesktop/NetworkManager/Settings</literal> respectively,
and update the D-Bus interface that codes uses to talk to the settings
service to <ulink url="spec.html#org.freedesktop.NetworkManager.Settings">
<literal>org.freedesktop.NetworkManager.Settings</literal></ulink>.
Listen for hostname changes using the new interface name as well.
</para>
</section>
<section>
<title>Connection Object Interface Changes</title>
<para>
Consistent with the interface changes to the Settings object, the
Connection object's D-Bus interface has changed to
<ulink url="spec.html#org.freedesktop.NetworkManager.Settings.Connection">
<literal>org.freedesktop.NetworkManager.Settings.Connection</literal></ulink>
from the previous
<literal>org.freedesktop.NetworkManagerSettings.Connection</literal>.
</para>
<para>
Additionally, the
<literal>org.freedesktop.NetworkManager.Settings.Connection.Updated</literal>
signal of the Connection object no longer includes the updated settings
data argument, as that might allow users who are not authorized to
view the connection details to do so. Instead, when a client receives the
Updated signal, it should requery the Connection's settings with the
<literal>org.freedesktop.NetworkManager.Settings.Connection.GetSettings</literal>
method. If the client receives an error as a result of this method call,
it should assume the connection has been deleted.
</para>
<para>
<emphasis role="strong">Action:</emphasis> where code manipulates
Connection objects, update the D-Bus interface that code uses to be
<literal>org.freedesktop.NetworkManager.Settings.Connection</literal>.
Additionally, code that listens for the
<literal>org.freedesktop.NetworkManager.Settings.Connection.Updated</literal>
signal should no longer expect the new settings data as an argument, but
instead should request the new settings data using the
<literal>org.freedesktop.NetworkManager.Settings.Connection.GetSettings</literal>
method.
</para>
</section>
<section>
<title>Permissions Methods Consolidation</title>
<para>
Previously there were two D-Bus method calls to retrieve the list of
operations that a user client could perform, and two signals notifying
callers that they should recheck permissions. Those two calls were:
<itemizedlist>
<listitem>
<literal>org.freedesktop.NetworkManagerSettings.System.GetPermissions</literal>
which returned a bitfield of operations the caller was allowed to
perform related to modify system network settings and the machine
hostname
</listitem>
<listitem>
<literal>org.freedesktop.NetworkManager.GetPermissions</literal> which
returned a dictionary mapping permission names to result strings like
"yes", "auth", or "no", relating to network control permissions like
the ability to enable or disable WiFi.
</listitem>
</itemizedlist>
These two calls have been consolidated into an enhanced
<literal>org.freedesktop.NetworkManager.GetPermissions</literal> call that
uses the same arguments, but includes all permissions, including those which
the settings service used to handle.
</para>
<para>
With this change, the bitfield items from
<literal>org.freedesktop.NetworkManagerSettings.System.GetPermissions</literal>
are now string-based permissions. The mapping is as follows:
<table>
<tgroup cols="2">
<thead>
<row><entry>Old bitfield value</entry><entry>New permission name</entry></row>
</thead>
<tbody>
<row>
<entry><screen>0x1 (connection-modify)</screen></entry>
<entry>
<literal>org.freedesktop.NetworkManager.settings.modify.system</literal>
or <literal>org.freedesktop.NetworkManager.settings.modify.system</literal>
depending on the permissions of the connection.
</entry>
</row>
<row>
<entry><screen>0x2 (wifi-share-protected)</screen></entry>
<entry>
<literal>org.freedesktop.NetworkManager.wifi.share.protected</literal>
</entry>
</row>
<row>
<entry><screen>0x4 (wifi-share-open)</screen></entry>
<entry>
<literal>org.freedesktop.NetworkManager.wifi.share.open</literal>
</entry>
</row>
<row>
<entry><screen>0x8 (hostname-modify)</screen></entry>
<entry>
<literal>org.freedesktop.NetworkManager.settings.modify.hostname</literal>
</entry>
</row>
</tbody>
</tgroup>
</table>
</para>
<para>
<emphasis role="strong">Action:</emphasis> modify handling of existing
code that checks permissions to recognize the new permissions names for
old system settings permissions, and remove code that used to call
<literal>org.freedesktop.NetworkManagerSettings.System.GetPermissions</literal>.
</para>
</section>
<section>
<title>AddConnection Returns Object Path of New Connection</title>
<para>
The <ulink url="spec.html#org.freedesktop.NetworkManager.Settings">
<literal>org.freedesktop.NetworkManager.Settings.AddConnection</literal>
</ulink> method call now returns the object path of the newly added
connection. Previously, if code wanted to manipulate a connection
post-addition, it had to wait for the new connection to be announced via
the NewConnection signal by matching connection UUIDs. Now the object
path is returned and this workaround is no longer required.
</para>
<para>
<emphasis role="strong">Action:</emphasis> update code that adds new
connections to handle the object path returned from AddConnection, and
remove workarounds for finding the new connection via signals.
</para>
</section>
<section>
<title>Support for WiMAX Devices</title>
<para>
NetworkManager now supports Intel WiMAX mobile broadband devices. A
corresponding device type (<literal>NM_DEVICE_TYPE_WIMAX</literal>) and
a new <ulink url="spec.html#org.freedesktop.NetworkManager.Device.WiMax">
<literal>org.freedesktop.NetworkManager.Device.WiMax</literal></ulink>
D-Bus interface have been added. Furthermore, to support connection to
different WiMAX Network Service Providers (NSPs) the
<ulink url="spec.html#org.freedesktop.NetworkManager.Device.WiMax.Nsp">
<literal>org.freedesktop.NetworkManager.Device.WiMax.Nsp</literal></ulink>
interface has been added to access information about each available
WiMAX network.
</para>
<para>
<emphasis role="strong">Action:</emphasis> update code that handles
devices and/or displays status to users to recognize the new device type,
and to display available WiMAX NSPs similar to how WiFi Access Points
are displayed. Also update code that creates new connections to allow
creation of new WiMAX connections.
</para>
</section>
<section>
<title>New Device States</title>
<para>
A few <ulink url="spec.html#type-NM_DEVICE_STATE">new device states</ulink>
have been added, and all device states have been renumbered for flexibility.
The new devices states IP_CHECK, SECONDARIES, and DEACTIVATING.
</para>
<para>
<emphasis role="strong">Action:</emphasis> where code checks device state
or shows UI indication of the device's state, make sure the new device
states are processed correctly, and that code in switch()-type statements
is updated to handle the new states.
</para>
</section>
<section>
<title>New Active Connection State</title>
<para>
Along with the new device states, an
<ulink url="spec.html#type-NM_ACTIVE_CONNECTION_STATE">additional
ActiveConnection state</ulink> has been added: DEACTIVATING. This state
is entered when the connection is being torn down and deactivated.
</para>
<para>
<emphasis role="strong">Action:</emphasis> where code checks active
connection states or shows UI indication of active connection states, make
sure the DEACTIVATING state is processed correctly, and that code in
switch()-type statements is updated to handle it.
</para>
</section>
<section>
<title>Consolidated Modem Devices</title>
<para>
Many new mobile broadband devices support multiple access families, like
Qualcomm Gobi cards (CDMA/EVDO and GSM/UMTS), or multi-mode EVDO/LTE
or UMTS/LTE modems like the Pantech UML290. The previous hard split
between CDMA/EVDO and GSM/UMTS device classes was not flexible enough to
deal with these new multi-mode devices. Thus the previously separate
CDMA and GSM device classes have been combined into a single Modem
device class, which exposes both hardware "ModemCapabilities" and
runtime "CurrentCapabilities" which represent generic access technology
families like CDMA/EVDO, GSM/UMTS, and LTE which the device supports.
ModemCapabilities indicate all the access technology families which the
modem is capable of supporting, while CurrentCapabilities indicate the
immediate access technology families the device supports without reloading
the firmware and thus restarting the device.
</para>
<para>
Along with this change, the
<literal>org.freedesktop.NetworkManager.Device.Serial</literal>
interface has been removed as it's functionality will be incorporated
into the
<ulink url="spec.html#org.freedesktop.NetworkManager.Device.Modem">
<literal>org.freedesktop.NetworkManager.Device.Modem</literal></ulink>
interface in the future.
</para>
<para>
<emphasis role="strong">Action:</emphasis> combine code that checks for
the old CDMA and GSM device types, and instead handle the new Modem device
type. Where behavior must change based on the capabilities of the device,
check the CurrentCapabilities device property to determine whether to
treat the device as CDMA, GSM, or LTE for purposes of configuration and
status.
</para>
</section>
<section>
<title>Secret Property Flags</title>
<para>
In the Connection object's configuration properties, each setting's secret
properties (like WiFi passphrases, or public key passwords, etc) now has
an associated "flags" property that changes how NetworkManager treats the
secret. The "flags" property is a bitfield of one or more of the
following values:
<table>
<tgroup cols="2">
<thead>
<row><entry>Flag Value</entry><entry>Meaning</entry></row>
</thead>
<tbody>
<row>
<entry><screen>0x00 (none)</screen></entry>
<entry>
NetworkManager is responsible for providing and storing this
secret (default)
</entry>
</row>
<row>
<entry><screen>0x01 (agent-owned)</screen></entry>
<entry>
A user secret agent is responsible for providing and storing
this secret; when it is required agents will be asked to
retrieve it
</entry>
</row>
<row>
<entry><screen>0x02 (not saved)</screen></entry>
<entry>
The secret is not saved, and should be requested each time it
is required. Used for OTP/token configurations where the
secret changes periodically, or if the user simply wants to
manually enter the secret each time.
</entry>
</row>
<row>
<entry><screen>0x04 (not required)</screen></entry>
<entry>
In situations where it cannot be automatically determined that
the secret is required (some VPNs and PPP providers dont require
all possible secrets) this flag indicates that the specific
secret is not required.
</entry>
</row>
</tbody>
</tgroup>
</table>
</para>
<para>
<emphasis role="strong">Action:</emphasis> user interface code which
handles entry of connection secrets should be updated to read and set
secret flags. For example, code that creates new VPN connections may want
to set the "agent-owned" flag to ensure that the user's VPN password is
not available to all users. EAP-TLS and VPN interface code might add a
checkbox that toggles the "not saved" bit to indicate that the
password/PIN code should be requested from a hardware token each time it
is required.
</para>
</section>
<section>
<title>Deprecated Methods Removed</title>
<para>
A few methods and signals of the <literal>org.freedesktop.NetworkManager</literal>
interface deprecated in version 0.7 have been removed. All the
replacement methods and signals have existed since version 0.7 and so are
not new to this version of NetworkManager, but some older programs may
be using removed items. The following table lists the removed items and
their replacements:
<table>
<tgroup cols="2">
<thead>
<row><entry>Removed Item</entry><entry>Replacement</entry></row>
</thead>
<tbody>
<row>
<entry><screen>StateChange signal</screen></entry>
<entry>
Use the <literal>StateChanged</literal> signal, which has the
same arguments.
</entry>
</row>
<row>
<entry><screen>sleep() and wake() methods</screen></entry>
<entry>
Use the <literal>Sleep()</literal> method instead, which takes
a boolean argument indicating whether NetworkManager should
go to sleep or wake up.
</entry>
</row>
</tbody>
</tgroup>
</table>
</para>
<para>
<emphasis role="strong">Action:</emphasis> update code to use these
replacement methods and properties where it used old deprecated ones
</para>
</section>
</section>
</chapter>
Reference in New Issue View Git Blame Copy Permalink