system/NetworkManager
system/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager synced 2024-07-09 04:05:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

merge: branch 'jv/deprecate-wired-blacklist'

Browse Source 
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1890
This commit is contained in:
Fernando Fernandez Mancera 2024-03-20 15:44:45 +01:00
commit 065e67286d
19 changed files with 600 additions and 328 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
NEWS
View File

@ -13,6 +13,8 @@ USE AT YOUR OWN RISK. NOT RECOMMENDED FOR PRODUCTION USE!
* The reason why a device is unmanaged is now properly set in the
"StateReason" property of the "Device" D-Bus object. The property is
visible in nmcli via "nmcli -f all device show $DEV".
* Deprecated 802-11-wireless and 802-11-wired property 'mac-address-blacklist'
and introduced the 'mac-address-denylist' property.
=============================================
NetworkManager-1.46

12
src/core/devices/nm-device-ethernet.c
View File

@ -370,7 +370,7 @@ check_connection_compatible(NMDevice *device,
if (s_wired) {
const char *mac, *perm_hw_addr;
gboolean try_mac = TRUE;
const char *const *mac_blacklist;
const char *const *mac_denylist;
int i;
if (!match_subchans(self, s_wired, &try_mac)) {
@ -390,17 +390,17 @@ check_connection_compatible(NMDevice *device,
return FALSE;
}
/* Check for MAC address blacklist */
mac_blacklist = nm_setting_wired_get_mac_address_blacklist(s_wired);
for (i = 0; mac_blacklist[i]; i++) {
if (!nm_utils_hwaddr_valid(mac_blacklist[i], ETH_ALEN)) {
/* Check for MAC address denylist */
mac_denylist = nm_setting_wired_get_mac_address_denylist(s_wired);
for (i = 0; mac_denylist[i]; i++) {
if (!nm_utils_hwaddr_valid(mac_denylist[i], ETH_ALEN)) {
nm_utils_error_set_literal(error,
NM_UTILS_ERROR_CONNECTION_AVAILABLE_TEMPORARY,
"invalid MAC in blacklist");
return FALSE;
}
if (nm_utils_hwaddr_matches(mac_blacklist[i], -1, perm_hw_addr, -1)) {
if (nm_utils_hwaddr_matches(mac_denylist[i], -1, perm_hw_addr, -1)) {
nm_utils_error_set_literal(error,
NM_UTILS_ERROR_CONNECTION_AVAILABLE_TEMPORARY,
"permanent MAC address of device blacklisted");

2
src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c
View File

@ -1142,7 +1142,7 @@ write_wired_setting_impl(NMSettingWired *s_wired, shvarFile *ifcfg, gboolean is_
"GENERATE_MAC_ADDRESS_MASK",
nm_setting_wired_get_generate_mac_address_mask(s_wired));
macaddr_blacklist = nm_setting_wired_get_mac_address_blacklist(s_wired);
macaddr_blacklist = nm_setting_wired_get_mac_address_denylist(s_wired);
if (macaddr_blacklist[0]) {
gs_free char *blacklist_str = NULL;

7
src/libnm-client-impl/libnm.ver
View File

@ -1984,6 +1984,13 @@ global:
nm_setting_connection_down_on_poweroff_get_type;
nm_setting_connection_get_down_on_poweroff;
nm_setting_ip_config_get_dhcp_send_release;
nm_setting_wired_add_mac_denylist_item;
nm_setting_wired_clear_mac_denylist_items;
nm_setting_wired_get_mac_address_denylist;
nm_setting_wired_get_mac_denylist_item;
nm_setting_wired_get_num_mac_denylist_items;
nm_setting_wired_remove_mac_denylist_item;
nm_setting_wired_remove_mac_denylist_item_by_value;
nm_setting_wireless_add_mac_denylist_item;
nm_setting_wireless_clear_mac_denylist_items;
nm_setting_wireless_get_mac_address_denylist;

14
src/libnm-client-impl/nm-device-ethernet.c
View File

@ -195,7 +195,7 @@ connection_compatible(NMDevice *device, NMConnection *connection, GError **error
if (s_wired) {
const char *perm_addr, *s_mac;
gboolean try_mac = TRUE;
const char *const *mac_blacklist;
const char *const *mac_denylist;
int i;
/* Check s390 subchannels */
@ -232,20 +232,20 @@ connection_compatible(NMDevice *device, NMConnection *connection, GError **error
return FALSE;
}
/* Check for MAC address blacklist */
mac_blacklist = nm_setting_wired_get_mac_address_blacklist(s_wired);
for (i = 0; mac_blacklist[i]; i++) {
if (!nm_utils_hwaddr_valid(mac_blacklist[i], ETH_ALEN)) {
/* Check for MAC address denylist */
mac_denylist = nm_setting_wired_get_mac_address_denylist(s_wired);
for (i = 0; mac_denylist[i]; i++) {
if (!nm_utils_hwaddr_valid(mac_denylist[i], ETH_ALEN)) {
g_warn_if_reached();
g_set_error(error,
NM_DEVICE_ERROR,
NM_DEVICE_ERROR_INCOMPATIBLE_CONNECTION,
_("Invalid MAC in the blacklist: %s."),
mac_blacklist[i]);
mac_denylist[i]);
return FALSE;
}
if (nm_utils_hwaddr_matches(mac_blacklist[i], -1, perm_addr, -1)) {
if (nm_utils_hwaddr_matches(mac_denylist[i], -1, perm_addr, -1)) {
g_set_error(error,
NM_DEVICE_ERROR,
NM_DEVICE_ERROR_INCOMPATIBLE_CONNECTION,

5
src/libnm-core-impl/gen-metadata-nm-settings-libnm-core.xml.in
View File

@ -496,6 +496,11 @@
gprop-type="gchararray"
/>
<property name="mac-address-blacklist"
is-deprecated="1"
dbus-type="as"
gprop-type="GStrv"
/>
<property name="mac-address-denylist"
dbus-type="as"
gprop-type="GStrv"
/>

6
src/libnm-core-impl/nm-setting-private.h
View File

@ -429,6 +429,12 @@ GVariant *_nm_setting_wireless_mac_denylist_to_dbus(_NM_SETT_INFO_PROP_TO_DBUS_F
gboolean
_nm_setting_wireless_mac_blacklist_from_dbus(_NM_SETT_INFO_PROP_FROM_DBUS_FCN_ARGS _nm_nil);
gboolean _nm_setting_wired_mac_denylist_from_dbus(_NM_SETT_INFO_PROP_FROM_DBUS_FCN_ARGS _nm_nil);
GVariant *_nm_setting_wired_mac_denylist_to_dbus(_NM_SETT_INFO_PROP_TO_DBUS_FCN_ARGS _nm_nil);
gboolean _nm_setting_wired_mac_blacklist_from_dbus(_NM_SETT_INFO_PROP_FROM_DBUS_FCN_ARGS _nm_nil);
GVariant *_nm_setting_to_dbus(NMSetting *setting,
NMConnection *connection,
NMConnectionSerializationFlags flags,

487
src/libnm-core-impl/nm-setting-wired.c
View File

@ -39,6 +39,7 @@ NM_GOBJECT_PROPERTIES_DEFINE(NMSettingWired,
PROP_CLONED_MAC_ADDRESS,
PROP_GENERATE_MAC_ADDRESS_MASK,
PROP_MAC_ADDRESS_BLACKLIST,
PROP_MAC_ADDRESS_DENYLIST,
PROP_MTU,
PROP_S390_SUBCHANNELS,
PROP_S390_NETTYPE,
@ -53,20 +54,20 @@ typedef struct {
guint len;
guint n_alloc;
} s390_options;
GArray *mac_address_blacklist;
char **s390_subchannels;
char *port;
char *duplex;
char *device_mac_address;
char *cloned_mac_address;
char *generate_mac_address_mask;
char *s390_nettype;
char *wol_password;
int accept_all_mac_addresses;
guint32 wake_on_lan;
guint32 speed;
guint32 mtu;
bool auto_negotiate;
char **s390_subchannels;
char *port;
char *duplex;
char *device_mac_address;
char *cloned_mac_address;
char *generate_mac_address_mask;
char *s390_nettype;
char *wol_password;
NMValueStrv mac_address_denylist;
int accept_all_mac_addresses;
guint32 wake_on_lan;
guint32 speed;
guint32 mtu;
bool auto_negotiate;
} NMSettingWiredPrivate;
/**
@ -276,21 +277,198 @@ nm_setting_wired_get_generate_mac_address_mask(NMSettingWired *setting)
return NM_SETTING_WIRED_GET_PRIVATE(setting)->generate_mac_address_mask;
}
/**
* nm_setting_wired_get_mac_address_denylist:
* @setting: the #NMSettingWired
*
* Returns: the #NMSettingWired:mac-address-denylist property of the setting
*
* Since: 1.48
**/
const char *const *
nm_setting_wired_get_mac_address_denylist(NMSettingWired *setting)
{
g_return_val_if_fail(NM_IS_SETTING_WIRED(setting), NULL);
return nm_strvarray_get_strv_notnull(
NM_SETTING_WIRED_GET_PRIVATE(setting)->mac_address_denylist.arr,
NULL);
}
/**
* nm_setting_wired_get_num_mac_denylist_items:
* @setting: the #NMSettingWired
*
* Returns: the number of denylisted MAC addresses
*
* Since: 1.48
**/
guint
nm_setting_wired_get_num_mac_denylist_items(NMSettingWired *setting)
{
g_return_val_if_fail(NM_IS_SETTING_WIRED(setting), 0);
return nm_g_array_len(NM_SETTING_WIRED_GET_PRIVATE(setting)->mac_address_denylist.arr);
}
/**
* nm_setting_wired_get_mac_denylist_item:
* @setting: the #NMSettingWired
* @idx: the zero-based index of the MAC address entry
*
* Returns: the denylisted MAC address string (hex-digits-and-colons notation)
* at index @idx
*
* Since: 1.48
**/
const char *
nm_setting_wired_get_mac_denylist_item(NMSettingWired *setting, guint idx)
{
g_return_val_if_fail(NM_IS_SETTING_WIRED(setting), NULL);
return nm_strvarray_get_idxnull_or_greturn(
NM_SETTING_WIRED_GET_PRIVATE(setting)->mac_address_denylist.arr,
idx);
}
/**
* nm_setting_wired_add_mac_denylist_item:
* @setting: the #NMSettingWired
* @mac: the MAC address string (hex-digits-and-colons notation) to denylist
*
* Adds a new MAC address to the #NMSettingWired:mac-address-denylist property.
*
* Returns: %TRUE if the MAC address was added; %FALSE if the MAC address
* is invalid or was already present
*
* Since: 1.48
**/
gboolean
nm_setting_wired_add_mac_denylist_item(NMSettingWired *setting, const char *mac)
{
NMSettingWiredPrivate *priv;
guint8 mac_bin[ETH_ALEN];
const char *candidate;
guint i;
guint len;
g_return_val_if_fail(NM_IS_SETTING_WIRED(setting), FALSE);
g_return_val_if_fail(mac != NULL, FALSE);
if (!_nm_utils_hwaddr_aton_exact(mac, mac_bin, ETH_ALEN))
return FALSE;
priv = NM_SETTING_WIRED_GET_PRIVATE(setting);
len = nm_g_array_len(priv->mac_address_denylist.arr);
for (i = 0; i < len; i++) {
candidate = nm_g_array_index(priv->mac_address_denylist.arr, char *, i);
if (nm_utils_hwaddr_matches(mac_bin, ETH_ALEN, candidate, -1))
return FALSE;
}
nm_g_array_append_simple(nm_strvarray_ensure(&priv->mac_address_denylist.arr),
nm_utils_hwaddr_ntoa(mac_bin, ETH_ALEN));
_notify(setting, PROP_MAC_ADDRESS_DENYLIST);
return TRUE;
}
/**
* nm_setting_wired_remove_mac_denylist_item:
* @setting: the #NMSettingWired
* @idx: index number of the MAC address
*
* Removes the MAC address at index @idx from the denylist.
*
* Since: 1.48
**/
void
nm_setting_wired_remove_mac_denylist_item(NMSettingWired *setting, guint idx)
{
NMSettingWiredPrivate *priv;
g_return_if_fail(NM_IS_SETTING_WIRED(setting));
priv = NM_SETTING_WIRED_GET_PRIVATE(setting);
if (!priv->mac_address_denylist.arr) {
return;
}
g_return_if_fail(idx < priv->mac_address_denylist.arr->len);
g_array_remove_index(priv->mac_address_denylist.arr, idx);
_notify(setting, PROP_MAC_ADDRESS_DENYLIST);
}
/**
* nm_setting_wired_remove_mac_denylist_item_by_value:
* @setting: the #NMSettingWired
* @mac: the MAC address string (hex-digits-and-colons notation) to remove from
* the denylist
*
* Removes the MAC address @mac from the denylist.
*
* Returns: %TRUE if the MAC address was found and removed; %FALSE if it was not.
*
* Since: 1.48
**/
gboolean
nm_setting_wired_remove_mac_denylist_item_by_value(NMSettingWired *setting, const char *mac)
{
NMSettingWiredPrivate *priv;
guint8 mac_bin[ETH_ALEN];
const char *candidate;
guint i;
g_return_val_if_fail(NM_IS_SETTING_WIRED(setting), FALSE);
g_return_val_if_fail(mac != NULL, FALSE);
if (!_nm_utils_hwaddr_aton_exact(mac, mac_bin, ETH_ALEN))
return FALSE;
priv = NM_SETTING_WIRED_GET_PRIVATE(setting);
if (priv->mac_address_denylist.arr) {
for (i = 0; i < priv->mac_address_denylist.arr->len; i++) {
candidate = nm_g_array_index(priv->mac_address_denylist.arr, char *, i);
if (nm_utils_hwaddr_matches(mac_bin, ETH_ALEN, candidate, -1)) {
g_array_remove_index(priv->mac_address_denylist.arr, i);
_notify(setting, PROP_MAC_ADDRESS_DENYLIST);
return TRUE;
}
}
}
return FALSE;
}
/**
* nm_setting_wired_clear_mac_denylist_items:
* @setting: the #NMSettingWired
*
* Removes all denylisted MAC addresses.
*
* Since: 1.48
**/
void
nm_setting_wired_clear_mac_denylist_items(NMSettingWired *setting)
{
g_return_if_fail(NM_IS_SETTING_WIRED(setting));
if (nm_strvarray_clear(&NM_SETTING_WIRED_GET_PRIVATE(setting)->mac_address_denylist.arr))
_notify(setting, PROP_MAC_ADDRESS_DENYLIST);
}
/**
* nm_setting_wired_get_mac_address_blacklist:
* @setting: the #NMSettingWired
*
* Returns: the #NMSettingWired:mac-address-blacklist property of the setting
*
* Deprecated: 1.48. Use nm_setting_wired_get_mac_address_denylist() instead.
**/
const char *const *
nm_setting_wired_get_mac_address_blacklist(NMSettingWired *setting)
{
NMSettingWiredPrivate *priv;
g_return_val_if_fail(NM_IS_SETTING_WIRED(setting), NULL);
priv = NM_SETTING_WIRED_GET_PRIVATE(setting);
return nm_g_array_data(priv->mac_address_blacklist);
return nm_setting_wired_get_mac_address_denylist(setting);
}
/**
@ -298,13 +476,13 @@ nm_setting_wired_get_mac_address_blacklist(NMSettingWired *setting)
* @setting: the #NMSettingWired
*
* Returns: the number of blacklisted MAC addresses
*
* Deprecated: 1.48. Use nm_setting_wired_get_num_mac_denylist_items() instead.
**/
guint32
nm_setting_wired_get_num_mac_blacklist_items(NMSettingWired *setting)
{
g_return_val_if_fail(NM_IS_SETTING_WIRED(setting), 0);
return NM_SETTING_WIRED_GET_PRIVATE(setting)->mac_address_blacklist->len;
return nm_setting_wired_get_num_mac_denylist_items(setting);
}
/**
@ -312,27 +490,17 @@ nm_setting_wired_get_num_mac_blacklist_items(NMSettingWired *setting)
* @setting: the #NMSettingWired
* @idx: the zero-based index of the MAC address entry
*
* Since 1.46, access at index "len" is allowed and returns NULL.
* Since 1.48, access at index "len" is allowed and returns NULL.
*
* Returns: the blacklisted MAC address string (hex-digits-and-colons notation)
* at index @idx
*
* Deprecated: 1.48. Use nm_setting_wired_get_mac_denylist_item() instead.
**/
const char *
nm_setting_wired_get_mac_blacklist_item(NMSettingWired *setting, guint32 idx)
{
NMSettingWiredPrivate *priv;
g_return_val_if_fail(NM_IS_SETTING_WIRED(setting), NULL);
priv = NM_SETTING_WIRED_GET_PRIVATE(setting);
if (idx == priv->mac_address_blacklist->len) {
return NULL;
}
g_return_val_if_fail(idx < priv->mac_address_blacklist->len, NULL);
return nm_g_array_index(priv->mac_address_blacklist, const char *, idx);
return nm_setting_wired_get_mac_denylist_item(setting, idx);
}
/**
@ -344,31 +512,13 @@ nm_setting_wired_get_mac_blacklist_item(NMSettingWired *setting, guint32 idx)
*
* Returns: %TRUE if the MAC address was added; %FALSE if the MAC address
* is invalid or was already present
*
* Deprecated: 1.48. Use nm_setting_wired_add_mac_denylist_item() instead.
**/
gboolean
nm_setting_wired_add_mac_blacklist_item(NMSettingWired *setting, const char *mac)
{
NMSettingWiredPrivate *priv;
const char *candidate;
int i;
g_return_val_if_fail(NM_IS_SETTING_WIRED(setting), FALSE);
g_return_val_if_fail(mac != NULL, FALSE);
if (!nm_utils_hwaddr_valid(mac, ETH_ALEN))
return FALSE;
priv = NM_SETTING_WIRED_GET_PRIVATE(setting);
for (i = 0; i < priv->mac_address_blacklist->len; i++) {
candidate = nm_g_array_index(priv->mac_address_blacklist, char *, i);
if (nm_utils_hwaddr_matches(mac, -1, candidate, -1))
return FALSE;
}
mac = nm_utils_hwaddr_canonical(mac, ETH_ALEN);
g_array_append_val(priv->mac_address_blacklist, mac);
_notify(setting, PROP_MAC_ADDRESS_BLACKLIST);
return TRUE;
return nm_setting_wired_add_mac_denylist_item(setting, mac);
}
/**
@ -377,19 +527,13 @@ nm_setting_wired_add_mac_blacklist_item(NMSettingWired *setting, const char *mac
* @idx: index number of the MAC address
*
* Removes the MAC address at index @idx from the blacklist.
*
* Deprecated: 1.48. Use nm_setting_wired_remove_mac_denylist_item() instead.
**/
void
nm_setting_wired_remove_mac_blacklist_item(NMSettingWired *setting, guint32 idx)
{
NMSettingWiredPrivate *priv;
g_return_if_fail(NM_IS_SETTING_WIRED(setting));
priv = NM_SETTING_WIRED_GET_PRIVATE(setting);
g_return_if_fail(idx < priv->mac_address_blacklist->len);
g_array_remove_index(priv->mac_address_blacklist, idx);
_notify(setting, PROP_MAC_ADDRESS_BLACKLIST);
return nm_setting_wired_remove_mac_denylist_item(setting, idx);
}
/**
@ -401,27 +545,13 @@ nm_setting_wired_remove_mac_blacklist_item(NMSettingWired *setting, guint32 idx)
* Removes the MAC address @mac from the blacklist.
*
* Returns: %TRUE if the MAC address was found and removed; %FALSE if it was not.
*
* Deprecated: 1.48. Use nm_setting_wired_remove_mac_denylist_item_by_value() instead.
**/
gboolean
nm_setting_wired_remove_mac_blacklist_item_by_value(NMSettingWired *setting, const char *mac)
{
NMSettingWiredPrivate *priv;
const char *candidate;
int i;
g_return_val_if_fail(NM_IS_SETTING_WIRED(setting), FALSE);
g_return_val_if_fail(mac != NULL, FALSE);
priv = NM_SETTING_WIRED_GET_PRIVATE(setting);
for (i = 0; i < priv->mac_address_blacklist->len; i++) {
candidate = nm_g_array_index(priv->mac_address_blacklist, char *, i);
if (!nm_utils_hwaddr_matches(mac, -1, candidate, -1)) {
g_array_remove_index(priv->mac_address_blacklist, i);
_notify(setting, PROP_MAC_ADDRESS_BLACKLIST);
return TRUE;
}
}
return FALSE;
return nm_setting_wired_remove_mac_denylist_item_by_value(setting, mac);
}
/**
@ -429,14 +559,68 @@ nm_setting_wired_remove_mac_blacklist_item_by_value(NMSettingWired *setting, con
* @setting: the #NMSettingWired
*
* Removes all blacklisted MAC addresses.
*
* Deprecated: 1.48. Use nm_setting_wired_clear_mac_denylist_items() instead.
**/
void
nm_setting_wired_clear_mac_blacklist_items(NMSettingWired *setting)
{
g_return_if_fail(NM_IS_SETTING_WIRED(setting));
return nm_setting_wired_clear_mac_denylist_items(setting);
}
g_array_set_size(NM_SETTING_WIRED_GET_PRIVATE(setting)->mac_address_blacklist, 0);
_notify(setting, PROP_MAC_ADDRESS_BLACKLIST);
gboolean
_nm_setting_wired_mac_blacklist_from_dbus(_NM_SETT_INFO_PROP_FROM_DBUS_FCN_ARGS _nm_nil)
{
const gchar **mac_blacklist;
if (!_nm_setting_use_legacy_property(setting,
connection_dict,
NM_SETTING_WIRED_MAC_ADDRESS_BLACKLIST,
NM_SETTING_WIRED_MAC_ADDRESS_DENYLIST)) {
*out_is_modified = FALSE;
return TRUE;
}
mac_blacklist = g_variant_get_strv(value, NULL);
g_object_set(setting, NM_SETTING_WIRED_MAC_ADDRESS_BLACKLIST, mac_blacklist, NULL);
return TRUE;
}
gboolean
_nm_setting_wired_mac_denylist_from_dbus(_NM_SETT_INFO_PROP_FROM_DBUS_FCN_ARGS _nm_nil)
{
const gchar **mac_denylist;
if (!_nm_setting_use_legacy_property(setting,
connection_dict,
NM_SETTING_WIRED_MAC_ADDRESS_BLACKLIST,
NM_SETTING_WIRED_MAC_ADDRESS_DENYLIST)) {
*out_is_modified = FALSE;
return TRUE;
}
mac_denylist = g_variant_get_strv(value, NULL);
g_object_set(setting, NM_SETTING_WIRED_MAC_ADDRESS_DENYLIST, mac_denylist, NULL);
return TRUE;
}
GVariant *
_nm_setting_wired_mac_denylist_to_dbus(_NM_SETT_INFO_PROP_TO_DBUS_FCN_ARGS _nm_nil)
{
const char *const *mac_denylist;
/* FIXME: `mac-address-denylist` is an alias of `mac-address-blacklist` property.
* Serializing the property to the clients would break them as they won't
* be able to drop it if they are not aware of the existance of
* `mac-address-denylist`. In order to give them time to adapt their code,
* NetworkManager is not serializing `mac-address-denylist` on DBus.
*/
if (_nm_utils_is_manager_process) {
return NULL;
}
mac_denylist = nm_setting_wired_get_mac_address_denylist(NM_SETTING_WIRED(setting));
return g_variant_new_strv(mac_denylist, -1);
}
/**
@ -815,20 +999,22 @@ verify(NMSetting *setting, NMConnection *connection, GError **error)
return FALSE;
}
for (i = 0; i < priv->mac_address_blacklist->len; i++) {
const char *mac = nm_g_array_index(priv->mac_address_blacklist, const char *, i);
if (priv->mac_address_denylist.arr) {
for (i = 0; i < priv->mac_address_denylist.arr->len; i++) {
const char *mac = nm_g_array_index(priv->mac_address_denylist.arr, const char *, i);
if (!nm_utils_hwaddr_valid(mac, ETH_ALEN)) {
g_set_error(error,
NM_CONNECTION_ERROR,
NM_CONNECTION_ERROR_INVALID_PROPERTY,
_("'%s' is not a valid MAC address"),
mac);
g_prefix_error(error,
"%s.%s: ",
NM_SETTING_WIRED_SETTING_NAME,
NM_SETTING_WIRED_MAC_ADDRESS_BLACKLIST);
return FALSE;
if (!nm_utils_hwaddr_valid(mac, ETH_ALEN)) {
g_set_error(error,
NM_CONNECTION_ERROR,
NM_CONNECTION_ERROR_INVALID_PROPERTY,
_("'%s' is not a valid MAC address"),
mac);
g_prefix_error(error,
"%s.%s: ",
NM_SETTING_WIRED_SETTING_NAME,
NM_SETTING_WIRED_MAC_ADDRESS_DENYLIST);
return FALSE;
}
}
}
@ -992,14 +1178,6 @@ compare_fcn_cloned_mac_address(_NM_SETT_INFO_PROP_COMPARE_FCN_ARGS _nm_nil)
/*****************************************************************************/
static void
clear_blacklist_item(char **item_p)
{
g_free(*item_p);
}
/*****************************************************************************/
static void
get_property(GObject *object, guint prop_id, GValue *value, GParamSpec *pspec)
{
@ -1012,9 +1190,6 @@ get_property(GObject *object, guint prop_id, GValue *value, GParamSpec *pspec)
case PROP_CLONED_MAC_ADDRESS:
g_value_set_string(value, nm_setting_wired_get_cloned_mac_address(setting));
break;
case PROP_MAC_ADDRESS_BLACKLIST:
g_value_set_boxed(value, nm_g_array_data(priv->mac_address_blacklist));
break;
case PROP_S390_SUBCHANNELS:
g_value_set_boxed(value, priv->s390_subchannels);
break;
@ -1037,8 +1212,6 @@ static void
set_property(GObject *object, guint prop_id, const GValue *value, GParamSpec *pspec)
{
NMSettingWiredPrivate *priv = NM_SETTING_WIRED_GET_PRIVATE(object);
const char *const *blacklist;
const char *mac;
switch (prop_id) {
case PROP_CLONED_MAC_ADDRESS:
@ -1046,18 +1219,6 @@ set_property(GObject *object, guint prop_id, const GValue *value, GParamSpec *ps
priv->cloned_mac_address =
_nm_utils_hwaddr_canonical_or_invalid(g_value_get_string(value), ETH_ALEN);
break;
case PROP_MAC_ADDRESS_BLACKLIST:
blacklist = g_value_get_boxed(value);
g_array_set_size(priv->mac_address_blacklist, 0);
if (blacklist && *blacklist) {
guint i;
for (i = 0; blacklist[i]; i++) {
mac = _nm_utils_hwaddr_canonical_or_invalid(blacklist[i], ETH_ALEN);
g_array_append_val(priv->mac_address_blacklist, mac);
}
}
break;
case PROP_S390_SUBCHANNELS:
if (priv->s390_subchannels)
g_strfreev(priv->s390_subchannels);
@ -1135,13 +1296,7 @@ set_property(GObject *object, guint prop_id, const GValue *value, GParamSpec *ps
static void
nm_setting_wired_init(NMSettingWired *setting)
{
NMSettingWiredPrivate *priv = NM_SETTING_WIRED_GET_PRIVATE(setting);
/* We use GArray rather than GPtrArray so it will automatically be NULL-terminated */
priv->mac_address_blacklist = g_array_new(TRUE, FALSE, sizeof(char *));
g_array_set_clear_func(priv->mac_address_blacklist, (GDestroyNotify) clear_blacklist_item);
}
{}
/**
* nm_setting_wired_new:
@ -1164,7 +1319,6 @@ finalize(GObject *object)
_s390_options_clear(priv);
g_free(priv->cloned_mac_address);
g_array_unref(priv->mac_address_blacklist);
g_strfreev(priv->s390_subchannels);
G_OBJECT_CLASS(nm_setting_wired_parent_class)->finalize(object);
@ -1176,6 +1330,7 @@ nm_setting_wired_class_init(NMSettingWiredClass *klass)
GObjectClass *object_class = G_OBJECT_CLASS(klass);
NMSettingClass *setting_class = NM_SETTING_CLASS(klass);
GArray *properties_override = _nm_sett_info_property_override_create_array();
guint prop_idx;
object_class->get_property = get_property;
object_class->set_property = set_property;
@ -1486,11 +1641,67 @@ nm_setting_wired_class_init(NMSettingWiredClass *klass)
* example: HWADDR_BLACKLIST="00:22:68:11:69:08 00:11:22:11:44:55"
* ---end---
*/
_nm_setting_property_define_gprop_strv_oldstyle(properties_override,
obj_properties,
NM_SETTING_WIRED_MAC_ADDRESS_BLACKLIST,
PROP_MAC_ADDRESS_BLACKLIST,
NM_SETTING_PARAM_FUZZY_IGNORE);
prop_idx = _nm_setting_property_define_direct_strv(
properties_override,
obj_properties,
NM_SETTING_WIRED_MAC_ADDRESS_BLACKLIST,
PROP_MAC_ADDRESS_BLACKLIST,
NM_SETTING_PARAM_FUZZY_IGNORE,
NM_SETT_INFO_PROPERT_TYPE_DBUS(G_VARIANT_TYPE_STRING_ARRAY,
.direct_type = NM_VALUE_TYPE_STRV,
.compare_fcn = _nm_setting_property_compare_fcn_direct,
.to_dbus_fcn = _nm_setting_property_to_dbus_fcn_direct,
.from_dbus_fcn =
_nm_setting_wired_mac_blacklist_from_dbus, ),
NMSettingWiredPrivate,
mac_address_denylist,
.direct_set_strv_normalize_hwaddr = TRUE,
.direct_strv_not_null = TRUE,
.direct_is_aliased_field = TRUE,
.is_deprecated = TRUE);
/**
* NMSettingWired:mac-address-denylist:
*
* If specified, this connection will never apply to the Ethernet device
* whose permanent MAC address matches an address in the list. Each MAC
* address is in the standard hex-digits-and-colons notation
* (00:11:22:33:44:55).
**/
/* ---keyfile---
* property: mac-address-denylist
* format: list of MACs (separated with semicolons)
* description: MAC address denylist.
* example: mac-address-denylist= 00:22:68:12:79:A6;00:22:68:12:79:78
* ---end---
*/
/* ---ifcfg-rh---
* property: mac-address-denylist
* variable: HWADDR_BLACKLIST(+)
* description: It denies usage of the connection for any device whose address
* is listed.
* example: HWADDR_BLACKLIST="00:22:68:11:69:08 00:11:22:11:44:55"
* ---end---
*/
_nm_setting_property_define_direct_strv(
properties_override,
obj_properties,
NM_SETTING_WIRED_MAC_ADDRESS_DENYLIST,
PROP_MAC_ADDRESS_DENYLIST,
NM_SETTING_PARAM_FUZZY_IGNORE,
NM_SETT_INFO_PROPERT_TYPE_DBUS(G_VARIANT_TYPE_STRING_ARRAY,
.direct_type = NM_VALUE_TYPE_STRV,
.compare_fcn = _nm_setting_property_compare_fcn_direct,
.to_dbus_fcn = _nm_setting_wired_mac_denylist_to_dbus,
.from_dbus_fcn = _nm_setting_wired_mac_denylist_from_dbus, ),
NMSettingWiredPrivate,
mac_address_denylist,
.direct_set_strv_normalize_hwaddr = TRUE,
.direct_strv_not_null = TRUE,
.direct_also_notify = obj_properties[PROP_MAC_ADDRESS_BLACKLIST], );
nm_g_array_index(properties_override, NMSettInfoProperty, prop_idx).direct_also_notify =
obj_properties[PROP_MAC_ADDRESS_DENYLIST];
/**
* NMSettingWired:mtu:

3
src/libnm-core-impl/nm-setting.c
View File

@ -2733,7 +2733,8 @@ _nm_setting_property_compare_fcn_direct(_NM_SETT_INFO_PROP_COMPARE_FCN_ARGS _nm_
_nm_setting_connection_controller_to_dbus,
_nm_setting_connection_port_type_to_dbus,
_nm_setting_connection_autoconnect_ports_to_dbus,
_nm_setting_wireless_mac_denylist_to_dbus));
_nm_setting_wireless_mac_denylist_to_dbus,
_nm_setting_wired_mac_denylist_to_dbus));
if (!property_info->param_spec)
return nm_assert_unreachable_val(NM_TERNARY_DEFAULT);

1
src/libnm-core-impl/tests/test-general.c
View File

@ -4048,6 +4048,7 @@ test_connection_diff_a_only(void)
{NM_SETTING_WIRED_CLONED_MAC_ADDRESS, NM_SETTING_DIFF_RESULT_IN_A},
{NM_SETTING_WIRED_GENERATE_MAC_ADDRESS_MASK, NM_SETTING_DIFF_RESULT_IN_A},
{NM_SETTING_WIRED_MAC_ADDRESS_BLACKLIST, NM_SETTING_DIFF_RESULT_IN_A},
{NM_SETTING_WIRED_MAC_ADDRESS_DENYLIST, NM_SETTING_DIFF_RESULT_IN_A},
{NM_SETTING_WIRED_MTU, NM_SETTING_DIFF_RESULT_IN_A},
{NM_SETTING_WIRED_S390_SUBCHANNELS, NM_SETTING_DIFF_RESULT_IN_A},
{NM_SETTING_WIRED_S390_NETTYPE, NM_SETTING_DIFF_RESULT_IN_A},

3
src/libnm-core-impl/tests/test-setting.c
View File

@ -4734,7 +4734,8 @@ test_setting_metadata(void)
g_assert(g_variant_type_equal(sip->property_type->dbus_type, "as"));
g_assert(NM_IN_SET(sip->property_type->to_dbus_fcn,
_nm_setting_property_to_dbus_fcn_direct,
_nm_setting_wireless_mac_denylist_to_dbus));
_nm_setting_wireless_mac_denylist_to_dbus,
_nm_setting_wired_mac_denylist_to_dbus));
g_assert(sip->param_spec);
g_assert(sip->param_spec->value_type == G_TYPE_STRV);
} else

25
src/libnm-core-public/nm-setting-wired.h
View File

@ -73,6 +73,7 @@ typedef enum /*< flags >*/ {
#define NM_SETTING_WIRED_CLONED_MAC_ADDRESS "cloned-mac-address"
#define NM_SETTING_WIRED_GENERATE_MAC_ADDRESS_MASK "generate-mac-address-mask"
#define NM_SETTING_WIRED_MAC_ADDRESS_BLACKLIST "mac-address-blacklist"
#define NM_SETTING_WIRED_MAC_ADDRESS_DENYLIST "mac-address-denylist"
#define NM_SETTING_WIRED_MTU "mtu"
#define NM_SETTING_WIRED_S390_SUBCHANNELS "s390-subchannels"
#define NM_SETTING_WIRED_S390_NETTYPE "s390-nettype"
@ -99,14 +100,30 @@ NMTernary nm_setting_wired_get_accept_all_mac_addresses(NMSettingWired *setting)
NM_AVAILABLE_IN_1_4
const char *nm_setting_wired_get_generate_mac_address_mask(NMSettingWired *setting);
NM_DEPRECATED_IN_1_48
const char *const *nm_setting_wired_get_mac_address_blacklist(NMSettingWired *setting);
guint32 nm_setting_wired_get_num_mac_blacklist_items(NMSettingWired *setting);
const char *nm_setting_wired_get_mac_blacklist_item(NMSettingWired *setting, guint32 idx);
NM_DEPRECATED_IN_1_48
guint32 nm_setting_wired_get_num_mac_blacklist_items(NMSettingWired *setting);
NM_DEPRECATED_IN_1_48
const char *nm_setting_wired_get_mac_blacklist_item(NMSettingWired *setting, guint32 idx);
NM_DEPRECATED_IN_1_48
gboolean nm_setting_wired_add_mac_blacklist_item(NMSettingWired *setting, const char *mac);
void nm_setting_wired_remove_mac_blacklist_item(NMSettingWired *setting, guint32 idx);
NM_DEPRECATED_IN_1_48
void nm_setting_wired_remove_mac_blacklist_item(NMSettingWired *setting, guint32 idx);
NM_DEPRECATED_IN_1_48
gboolean nm_setting_wired_remove_mac_blacklist_item_by_value(NMSettingWired *setting,
const char *mac);
void nm_setting_wired_clear_mac_blacklist_items(NMSettingWired *setting);
NM_DEPRECATED_IN_1_48
void nm_setting_wired_clear_mac_blacklist_items(NMSettingWired *setting);
const char *const *nm_setting_wired_get_mac_address_denylist(NMSettingWired *setting);
guint32 nm_setting_wired_get_num_mac_denylist_items(NMSettingWired *setting);
const char *nm_setting_wired_get_mac_denylist_item(NMSettingWired *setting, guint32 idx);
gboolean nm_setting_wired_add_mac_denylist_item(NMSettingWired *setting, const char *mac);
void nm_setting_wired_remove_mac_denylist_item(NMSettingWired *setting, guint32 idx);
gboolean nm_setting_wired_remove_mac_denylist_item_by_value(NMSettingWired *setting,
const char *mac);
void nm_setting_wired_clear_mac_denylist_items(NMSettingWired *setting);
guint32 nm_setting_wired_get_mtu(NMSettingWired *setting);

18
src/libnm-core-public/nm-setting-wireless.h
View File

@ -169,20 +169,20 @@ const char *nm_setting_wireless_get_cloned_mac_address(NMSettingWireless *settin
NM_AVAILABLE_IN_1_4
const char *nm_setting_wireless_get_generate_mac_address_mask(NMSettingWireless *setting);
_NM_DEPRECATED_INCLUSIVE_LANGUAGE_1_48
NM_DEPRECATED_IN_1_48
const char *const *nm_setting_wireless_get_mac_address_blacklist(NMSettingWireless *setting);
_NM_DEPRECATED_INCLUSIVE_LANGUAGE_1_48
NM_DEPRECATED_IN_1_48
guint32 nm_setting_wireless_get_num_mac_blacklist_items(NMSettingWireless *setting);
_NM_DEPRECATED_INCLUSIVE_LANGUAGE_1_48
NM_DEPRECATED_IN_1_48
const char *nm_setting_wireless_get_mac_blacklist_item(NMSettingWireless *setting, guint32 idx);
_NM_DEPRECATED_INCLUSIVE_LANGUAGE_1_48
NM_DEPRECATED_IN_1_48
gboolean nm_setting_wireless_add_mac_blacklist_item(NMSettingWireless *setting, const char *mac);
_NM_DEPRECATED_INCLUSIVE_LANGUAGE_1_48
NM_DEPRECATED_IN_1_48
void nm_setting_wireless_remove_mac_blacklist_item(NMSettingWireless *setting, guint32 idx);
_NM_DEPRECATED_INCLUSIVE_LANGUAGE_1_48
gboolean nm_setting_wireless_remove_mac_blacklist_item_by_value(
NMSettingWireless *setting,
_NM_DEPRECATED_INCLUSIVE_LANGUAGE_1_48 const char *mac);
NM_DEPRECATED_IN_1_48
gboolean nm_setting_wireless_remove_mac_blacklist_item_by_value(NMSettingWireless *setting,
const char *mac);
NM_DEPRECATED_IN_1_48
void nm_setting_wireless_clear_mac_blacklist_items(NMSettingWireless *setting);
const char *const *nm_setting_wireless_get_mac_address_denylist(NMSettingWireless *setting);

1
src/libnm-core-public/nm-version.h
View File

@ -424,6 +424,5 @@
#define _NM_DEPRECATED_SYNC_METHOD NM_DEPRECATED_IN_1_24
#define _NM_DEPRECATED_SYNC_WRITABLE_PROPERTY /* NM_DEPRECATED_IN_1_22 */
#define _NM_DEPRECATED_INCLUSIVE_LANGUAGE_1_44 /* NM_DEPRECATED_IN_1_44 */
#define _NM_DEPRECATED_INCLUSIVE_LANGUAGE_1_48 /* NM_DEPRECATED_IN_1_48 */
#endif /* NM_VERSION_H */

15
src/libnmc-setting/nm-meta-setting-desc.c
View File

@ -8059,6 +8059,7 @@ static const NMMetaPropertyInfo *const property_infos_WIRED[] = {
),
PROPERTY_INFO_WITH_DESC (NM_SETTING_WIRED_MAC_ADDRESS_BLACKLIST,
.property_type = &_pt_multilist,
.hide_if_default = TRUE,
.property_typ_data = DEFINE_PROPERTY_TYP_DATA (
PROPERTY_TYP_DATA_SUBTYPE (multilist,
.get_num_fcn_u32 = MULTILIST_GET_NUM_FCN_U32 (NMSettingWired, nm_setting_wired_get_num_mac_blacklist_items),
@ -8071,6 +8072,20 @@ static const NMMetaPropertyInfo *const property_infos_WIRED[] = {
.list_items_doc_format = NM_META_PROPERTY_TYPE_FORMAT_MAC,
),
),
PROPERTY_INFO_WITH_DESC (NM_SETTING_WIRED_MAC_ADDRESS_DENYLIST,
.property_type = &_pt_multilist,
.property_typ_data = DEFINE_PROPERTY_TYP_DATA (
PROPERTY_TYP_DATA_SUBTYPE (multilist,
.get_num_fcn_u = MULTILIST_GET_NUM_FCN_U (NMSettingWired, nm_setting_wired_get_num_mac_denylist_items),
.add_fcn = MULTILIST_ADD_FCN (NMSettingWired, nm_setting_wired_add_mac_denylist_item),
.remove_by_idx_fcn_u = MULTILIST_REMOVE_BY_IDX_FCN_U (NMSettingWired, nm_setting_wired_remove_mac_denylist_item),
.remove_by_value_fcn = MULTILIST_REMOVE_BY_VALUE_FCN (NMSettingWired, nm_setting_wired_remove_mac_denylist_item_by_value),
.validate2_fcn = _multilist_validate2_fcn_mac_addr,
.strsplit_plain = TRUE,
),
.list_items_doc_format = NM_META_PROPERTY_TYPE_FORMAT_MAC,
),
),
PROPERTY_INFO_WITH_DESC (NM_SETTING_WIRED_MTU,
.is_cli_option = TRUE,
.property_alias = "mtu",

1
src/libnmc-setting/settings-docs.h.in
View File

@ -394,6 +394,7 @@
#define DESCRIBE_DOC_NM_SETTING_WIRED_GENERATE_MAC_ADDRESS_MASK N_("With \"cloned-mac-address\" setting \"random\" or \"stable\", by default all bits of the MAC address are scrambled and a locally-administered, unicast MAC address is created. This property allows to specify that certain bits are fixed. Note that the least significant bit of the first MAC address will always be unset to create a unicast MAC address. If the property is NULL, it is eligible to be overwritten by a default connection setting. If the value is still NULL or an empty string, the default is to create a locally-administered, unicast MAC address. If the value contains one MAC address, this address is used as mask. The set bits of the mask are to be filled with the current MAC address of the device, while the unset bits are subject to randomization. Setting \"FE:FF:FF:00:00:00\" means to preserve the OUI of the current MAC address and only randomize the lower 3 bytes using the \"random\" or \"stable\" algorithm. If the value contains one additional MAC address after the mask, this address is used instead of the current MAC address to fill the bits that shall not be randomized. For example, a value of \"FE:FF:FF:00:00:00 68:F7:28:00:00:00\" will set the OUI of the MAC address to 68:F7:28, while the lower bits are randomized. A value of \"02:00:00:00:00:00 00:00:00:00:00:00\" will create a fully scrambled globally-administered, burned-in MAC address. If the value contains more than one additional MAC addresses, one of them is chosen randomly. For example, \"02:00:00:00:00:00 00:00:00:00:00:00 02:00:00:00:00:00\" will create a fully scrambled MAC address, randomly locally or globally administered.")
#define DESCRIBE_DOC_NM_SETTING_WIRED_MAC_ADDRESS N_("If specified, this connection will only apply to the Ethernet device whose permanent MAC address matches. This property does not change the MAC address of the device (i.e. MAC spoofing).")
#define DESCRIBE_DOC_NM_SETTING_WIRED_MAC_ADDRESS_BLACKLIST N_("If specified, this connection will never apply to the Ethernet device whose permanent MAC address matches an address in the list. Each MAC address is in the standard hex-digits-and-colons notation (00:11:22:33:44:55).")
#define DESCRIBE_DOC_NM_SETTING_WIRED_MAC_ADDRESS_DENYLIST N_("If specified, this connection will never apply to the Ethernet device whose permanent MAC address matches an address in the list. Each MAC address is in the standard hex-digits-and-colons notation (00:11:22:33:44:55).")
#define DESCRIBE_DOC_NM_SETTING_WIRED_MTU N_("If non-zero, only transmit packets of the specified size or smaller, breaking larger packets up into multiple Ethernet frames.")
#define DESCRIBE_DOC_NM_SETTING_WIRED_PORT N_("Specific port type to use if the device supports multiple attachment methods. One of \"tp\" (Twisted Pair), \"aui\" (Attachment Unit Interface), \"bnc\" (Thin Ethernet) or \"mii\" (Media Independent Interface). If the device supports only one port type, this setting is ignored.")
#define DESCRIBE_DOC_NM_SETTING_WIRED_S390_NETTYPE N_("s390 network device type; one of \"qeth\", \"lcs\", or \"ctc\", representing the different types of virtual network devices available on s390 systems.")

3
src/nmcli/gen-metadata-nm-settings-nmcli.xml.in
View File

@ -363,6 +363,9 @@
<property name="mac-address-blacklist"
nmcli-description="If specified, this connection will never apply to the Ethernet device whose permanent MAC address matches an address in the list. Each MAC address is in the standard hex-digits-and-colons notation (00:11:22:33:44:55)."
format="list of MAC addresses" />
<property name="mac-address-denylist"
nmcli-description="If specified, this connection will never apply to the Ethernet device whose permanent MAC address matches an address in the list. Each MAC address is in the standard hex-digits-and-colons notation (00:11:22:33:44:55)."
format="list of MAC addresses" />
<property name="mtu"
alias="mtu"
nmcli-description="If non-zero, only transmit packets of the specified size or smaller, breaking larger packets up into multiple Ethernet frames."

320
src/tests/client/test-client.check-on-disk/test_003.expected
View File

File diff suppressed because it is too large Load Diff

3
tools/test-networkmanager-service.py
View File

@ -54,6 +54,9 @@ ALIASED_PROPERTIES = {
NM.SETTING_WIRELESS_MAC_ADDRESS_BLACKLIST, "mac-address-denylist"
)
],
NM.SETTING_WIRED_SETTING_NAME: [
AliasedProperty(NM.SETTING_WIRED_MAC_ADDRESS_BLACKLIST, "mac-address-denylist")
],
}
###############################################################################