Point in case:
# ip link add link dummy0 name dummy0.vlan type vlan id 4095
RTNETLINK answers: Numerical result out of range
This potentially causes existing (invalid) connections to disappear
as they now fail verification.
Instead of adjusting the range of the GObject property
NM_SETTING_VLAN_ID, reject it during vlan. This is a bit more
forgiving to an older client that isn't aware of this new restriction,
so he can first set the value without raising a critical warning.
This is an Ubuntu-specific patch to enable wireless powersave by default.
Should it not work for you for some reason, you can safely add:
powersave=0
to the section:
[802-11-wireless]
In the configuration file for your connection under
/etc/NetworkManager/system-connections/.
Up to now, the "include" directory contained (only) header files that were
used project-wide by libs, core, clients, et al.
Since the directory now also contains a non-header file, the "include"
name is misleading. Instead of adding yet another directory that is
project-wide, with non-header-only content, rename the "include"
directory to "shared".
Allow calling nm_connection_get_virtual_iface_name() on a non-verified
connection by not asserting asserting against a valid base-setting.
On nma-1-0 branch, nm-applet can crash with:
#3 0x00007ffff2993a7a in g_assertion_message_expr (domain=0x7ffff51fad86 "libnm-util", file=0x7ffff51fb728 "nm-connection.c", line=320, func=0x7ffff51fc028 "_get_type_setting", expr=<optimized out>) at gtestutils.c:2444
#4 0x00007ffff51ac52f in _get_type_setting (connection=0xa3c160 [NMRemoteConnection]) at nm-connection.c:320
#5 0x00007ffff51ac341 in nm_connection_get_virtual_iface_name (connection=0xa3c160 [NMRemoteConnection]) at nm-connection.c:1436
#6 0x0000000000415bdc in add_virtual_items (type=type@entry=0x43c11d "bridge", all_devices=all_devices@entry=0x7f6580, all_connections=all_connections@entry=0x9354a0, menu=menu@entry=0x922990 [GtkMenu], applet=applet@entry=0x6cc000 [NMApplet]) at applet.c:1640
#7 0x00000000004176f6 in nma_menu_add_devices (menu=menu@entry=0x922990 [GtkMenu], applet=applet@entry=0x6cc000 [NMApplet]) at applet.c:1713
#8 0x0000000000418315 in nma_menu_show_cb (menu=0x922990 [GtkMenu], applet=0x6cc000 [NMApplet]) at applet.c:1974
where the connection type is "tun".
Note that libnm accepts invalid connections and exposes them to the
user (albeit issuing a warning). Later on there are many places where
that can lead to further g_return*(), which is ugly indeed.
At least, we should not assert against valid connections (because that
crashes the user) and there is a well known fact that the base setting
will be missing for tun settings. No need to even warn about that in
nm_connection_get_virtual_iface_name() (we already got the warning
during replace_settings).
Since libnm is the preferred way to interact with NM now, we don't
want to add new device types to libnm-glib.
Make libnm-glib recognize TUN devices as generic ones and modify
NMDeviceGeneric to use the correct D-Bus interface based on the actual
device type.
We changed the default value of MSettingVlan:flags from 0 to
1 (NM_VLAN_FLAG_REORDER_HEADERS). That means, that old libnm
clients will not serialize 0 (their default).
This change broke the D-Bus API. The D-Bus API allows to omit a value
when meaning the default value. That means, we cannot change the
default value (in the D-Bus API!) without breaking previous assumptions.
A newer libnm version should treat a missing flags argument as the
old default value and thus preserve the original default value (in the
D-Bus API).
This has the downside that for the future we will continue to treat a missing
value as the old default value (0), and in order to get the new default
value (1), the client must explicitly set the flags.
We also must restore the original default value in libnm-glib.
libnm-glib does not support _nm_setting_class_override_property()
and thus it must keep thinking that the default value for the GObject
property continues to be 0. Otherwise, it would not serialize a 1, which
a new libnm would now interpret as 0.
https://bugzilla.redhat.com/show_bug.cgi?id=1250225
Fixes: 687b651598
The kernel defaults REORDER_HDR to 1 when creating a new VLAN, but
NetworkManager's VLAN flags property defaulted to 0. Thus REORDER_HDR was not
set for NM-created VLANs with default values.
We want to match the kernel default, so we change the default value for the
vlan.flags property. However, we do not want to change the flags for existing
connections if the property is missing in connection files. Thus we have to
update plugins for that. We also make sure that vlan.flags is always written
by 'keyfile' when the value is default. That way new connections have flags
property explicitly written and it will be loaded as expected.
https://bugzilla.redhat.com/show_bug.cgi?id=1250225
For libnm library, "nm-dbus-interface.h" contains defines like the D-Bus
paths of NetworkManager. It is desirable to have this header usable without
having a dependency on "glib.h", for example for a QT application. For that,
commit c0852964a8 removed that dependancy.
For libnm-glib library, the analog to "nm-dbus-interface.h" is
"NetworkManager.h", and the same applies there. Commit
159e827a72 removed that include.
However, that broke build on PackageKit [1] which expected to get the
version macros by including "NetworkManager.h". So at least for libnm-glib,
we need to preserve old behavior so that a user including
"NetworkManager.h" gets the version macros, but not "glib.h".
Extract the version macros to a new header file "nm-version-macros.h".
This header doesn't include "glib.h" and can be included from
"NetworkManager.h". This gives as previous behavior and a glib-free
include.
For libnm we still don't include "nm-version-macros.h" to "nm-dbus-interface.h".
Very few users will actually need the version macros, but not using
libnm.
Users that use libnm, should just include (libnm's) "NetworkManager.h" to
get all headers.
As a special case, a user who doesn't want to use glib/libnm, but still
needs both "nm-dbus-interface.h" and "nm-version-macros.h", can include
them both separately.
[1] https://github.com/hughsie/PackageKit/issues/85
Fixes: 4545a7fe96
This is a forward port of commit 6f616d4c4b
which added this patch on nm-1-0 branch.
However, the reason stated there is wrong because we don't need this
to fix Qt examples. Building Qt examples was fixed in that "nm-dbus-interface.h"
no longer drags in "nm-version.h".
On the other hand, we still want "nm-version.h" to be self-contained,
and include "glib.h" as it needs it.
Without marking the enumeration as flags, the types will be "enumeration"
instead of "bitfield". And python raises ValueError exception.
Example:
from gi.repository import NMClient, NetworkManager
client = NMClient.Client.new()
for dev in client.get_devices():
if dev.get_device_type() == NetworkManager.DeviceType.WIFI:
for ap in dev.get_access_points():
ap.get_rsn_flags()
raises "ValueError: invalid enum value: 648"
https://bugzilla.redhat.com/show_bug.cgi?id=1255436
Port remaining bits to gdbus and remove stray dbus-glib references
Drop the dbus-glib version check from configure, since nothing depends
on new dbus-glib any more.
Move nm-dbus-glib-types.h and nm-gvaluearray-compat.h from include/ to
libnm-util/ since they are now only used by libnm-util and libnm-glib.
The localization headers are now included via "nm-default.h".
Also fixes several places, where we wrongly included <glib/gi18n-lib.h>
instead of <glib/gi18n.h>. For example under "clients/" directory.
Add a bunch of compat defines to nm-vpn-plugin-ui-interface.h, to make
it easier to compile the same code against libnm-glib's
NMVpnPluginUiInterface and libnm's NMVpnEditorPlugin.
https://bugzilla.gnome.org/show_bug.cgi?id=752500
Rather than randomly including one or more of <glib.h>,
<glib-object.h>, and <gio/gio.h> everywhere (and forgetting to include
"nm-glib-compat.h" most of the time), rename nm-glib-compat.h to
nm-glib.h, include <gio/gio.h> from there, and then change all .c
files in NM to include "nm-glib.h" rather than including the glib
headers directly.
(Public headers files still have to include the real glib headers,
since nm-glib.h isn't installed...)
Also, remove glib includes from header files that are already
including a base object header file (which must itself already include
the glib headers).
g_convert_with_fallback() will fail if the SSID contains characters that
are not legal in the source encoding, which, if $LANG is not set, will
be ASCII. If this happens, replace all non-ASCII and non-printable
characters with '?'. It is possible that nm_utils_ssid_to_utf8() will
now return an empty string (e.g., the source string is actually
big-endian UTF-16 and g_strcanon() stops on the first byte), but it will
not return NULL.
https://bugzilla.redhat.com/show_bug.cgi?id=1243078
It yields completely unpredictable results on Ubuntu 12.04 (the global variable
successfully comparing to NULL despite demonstrably not NULL). Possibly a
toolchain bug.
We already have "nm-utils*.h" and "NetworkManagerUtils.h" headers. Rename
"include/nm-utils-internal.h" to "nm-macros-internal.h". I think that
name is better, because this file is header-only, internal, and
repository-wide.
Also, it will never contain non-header-only declarations because
there is no backing object file under "include/".
It will only contain macros and inline functions.
For existing devices, depending on the order that netlink sends interfaces to
us, the parent may be found after the VLAN interface and not be available when
the VLAN interface is constructed. Instead of failing construction, when a
NMDeviceVlan has no parent keep it unavailable for activation. Then have
the Manager notify existing devices when a new device is found, and let
NMDeviceVlan find the parent later and become available via that mechanism.
This doesn't apply to VLANs created by NM itself, because the kernel requires
a parent ifindex when creating a VLAN device. Thus this fix only applies to
VLANs created outside NetworkManager, or existing when NM starts up.
Even Fedora is no longer shipping the WiMAX SDK, so it's likely we'll
eventually accidentally break some of the code in src/devices/wimax/
(if we haven't already). Discussion on the list showed a consensus for
dropping support for WiMAX.
So, remove the SDK checks from configure.ac, remove the WiMAX device
plugin and associated manager support, and deprecate all the APIs.
For compatibility reasons, it is still possible to create and save
WiMAX connections, to toggle the software WiMAX rfkill state, and to
change the "WIMAX" log level, although none of these have any effect,
since no NMDeviceWimax will ever be created.
nmcli was only compiling in support for most WiMAX operations when NM
as a whole was built with WiMAX support, so that code has been removed
now as well. (It is still possible to use nmcli to create and edit
WiMAX connections, but those connections will never be activatable.)
Add new capabilities CAP_FREQ_2GHZ and CAP_FREQ_5GHZ to indicate the
frequency bands supported by a Wifi device.
Add also CAP_FREQ_VALID, which is set when the values of the other 2
capabilities are available.
Original patch by Dan Williams <dcbw@redhat.com>
https://bugzilla.gnome.org/show_bug.cgi?id=723295
We must never fail verification of a connection based on a password
because the password is re-requested during activation.
Otherwise, if the user enters an invalid password for a (previously)
valid connection, the connection becomes invalid. NetworkManager does
not expect or handle that requesting password can make a connection
invalid.
Invalid passwords should be treated as wrong passwords. Only a UI
(such as nm-connection-editor or nmcli) should validate passwords
against a certain scheme.
Note that there is need_secrets() which on the contrary must check for
valid passwords.
Error scenario:
Connect to a WEP Wi-Fi, via `nmcli device wifi connect SSID`. The
generated connection has wep-key-type=0 (UNKNOWN) and wep-key-flags=0.
When trying to connect, NM will ask for secrets and set the wep-key0
field. After that, verification can fail (e.g. if the password is longer
then 64 chars).
A valid blob cannot start with "file://", otherwise it would
break the implementation of the certificate properties in
NMSetting8021x. Simply reject every blob in nm_setting_802_1x_set_ca_cert()
et al. that is not valid according to get_cert_scheme().
get_cert_scheme() would return PATH scheme for binary data that
later will be rejected by verify_cert(). Even worse, get_cert_scheme()
would not check whether the path is NUL terminated, hence the following
can crash for an invalid connection:
if (nm_setting_802_1x_get_ca_cert_scheme (s_8021x) == NM_SETTING_802_1X_CK_SCHEME_PATH)
g_print ("path: %s", nm_setting_802_1x_get_ca_cert_path (s_8021x))
Combine the two functions so that already get_cert_scheme() does
the same validation as verify_cert().
Also change behavior and be more strict about invalid paths:
- Now, the value is considered a PATH candidate if it starts with "file://",
(sans NUL character).
A change is that before, the "file://" (without NUL) would have
been treated as BLOB, now it is an invalid PATH (UNKNOWN).
- If the binary starts with "file://" it is considered as PATH but it
is only valid, if all the fllowing is true:
(a) the last character must be NUL.
(b) there is no other intermediate NUL character.
Before, an intermediate NUL character would have been accepted
and the remainder would be ignored.
(c) there is at least one non-NUL character after "file://".
(d) the string must be fully valid utf8.
The conditions (b) and (c) are new and some invalid(?) paths
might no longer validate.
Checking (d) moved from verify_cert() to get_cert_scheme().
As set_cert_prop_helper() already called verify_cert(), this
causes no additional change beyond (b).
