mirror of
https://gitlab.freedesktop.org/NetworkManager/NetworkManager
synced 2024-07-21 10:14:41 +00:00
598 lines
17 KiB
C
598 lines
17 KiB
C
// SPDX-License-Identifier: GPL-2.0+
|
|
/*
|
|
* Copyright (C) 2008 - 2011 Red Hat, Inc.
|
|
*/
|
|
|
|
#include "nm-default.h"
|
|
|
|
#include "nm-dispatcher-utils.h"
|
|
|
|
#include "nm-dbus-interface.h"
|
|
#include "nm-connection.h"
|
|
#include "nm-setting-ip4-config.h"
|
|
#include "nm-setting-ip6-config.h"
|
|
#include "nm-setting-connection.h"
|
|
|
|
#include "nm-libnm-core-aux/nm-dispatcher-api.h"
|
|
#include "nm-utils.h"
|
|
|
|
/*****************************************************************************/
|
|
|
|
static gboolean
|
|
_is_valid_key (const char *line, gssize len)
|
|
{
|
|
gsize i, l;
|
|
char ch;
|
|
|
|
if (!line)
|
|
return FALSE;
|
|
|
|
if (len < 0)
|
|
len = strlen (line);
|
|
|
|
if (len == 0)
|
|
return FALSE;
|
|
|
|
ch = line[0];
|
|
if ( !(ch >= 'A' && ch <= 'Z')
|
|
&& !NM_IN_SET (ch, '_'))
|
|
return FALSE;
|
|
|
|
l = (gsize) len;
|
|
|
|
for (i = 1; i < l; i++) {
|
|
ch = line[i];
|
|
|
|
if ( !(ch >= 'A' && ch <= 'Z')
|
|
&& !(ch >= '0' && ch <= '9')
|
|
&& !NM_IN_SET (ch, '_'))
|
|
return FALSE;
|
|
}
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
static gboolean
|
|
_is_valid_line (const char *line)
|
|
{
|
|
const char *d;
|
|
|
|
if (!line)
|
|
return FALSE;
|
|
|
|
d = strchr (line, '=');
|
|
if (!d || d == line)
|
|
return FALSE;
|
|
|
|
return _is_valid_key (line, d - line);
|
|
}
|
|
|
|
static char *
|
|
_sanitize_var_name (const char *key)
|
|
{
|
|
char *sanitized;
|
|
|
|
nm_assert (key);
|
|
|
|
if (!key[0])
|
|
return NULL;
|
|
|
|
sanitized = g_ascii_strup (key, -1);
|
|
if (!NM_STRCHAR_ALL (sanitized, ch, (ch >= 'A' && ch <= 'Z')
|
|
|| (ch >= '0' && ch <= '9')
|
|
|| NM_IN_SET (ch, '_'))) {
|
|
g_free (sanitized);
|
|
return NULL;
|
|
}
|
|
|
|
nm_assert (_is_valid_key (sanitized, -1));
|
|
return sanitized;
|
|
}
|
|
|
|
static void
|
|
_items_add_str_take (GPtrArray *items, char *line)
|
|
{
|
|
nm_assert (items);
|
|
nm_assert (_is_valid_line (line));
|
|
|
|
g_ptr_array_add (items, line);
|
|
}
|
|
|
|
static void
|
|
_items_add_str (GPtrArray *items, const char *line)
|
|
{
|
|
_items_add_str_take (items, g_strdup (line));
|
|
}
|
|
|
|
static void
|
|
_items_add_key (GPtrArray *items, const char *prefix, const char *key, const char *value)
|
|
{
|
|
nm_assert (items);
|
|
nm_assert (_is_valid_key (key, -1));
|
|
nm_assert (value);
|
|
|
|
_items_add_str_take (items, g_strconcat (prefix ?: "", key, "=", value, NULL));
|
|
}
|
|
|
|
static void
|
|
_items_add_key0 (GPtrArray *items, const char *prefix, const char *key, const char *value)
|
|
{
|
|
nm_assert (items);
|
|
nm_assert (_is_valid_key (key, -1));
|
|
|
|
if (!value) {
|
|
/* for convenience, allow NULL values to indicate to skip the line. */
|
|
return;
|
|
}
|
|
|
|
_items_add_str_take (items, g_strconcat (prefix ?: "", key, "=", value, NULL));
|
|
}
|
|
|
|
G_GNUC_PRINTF (2, 3)
|
|
static void
|
|
_items_add_printf (GPtrArray *items, const char *fmt, ...)
|
|
{
|
|
va_list ap;
|
|
char *line;
|
|
|
|
nm_assert (items);
|
|
nm_assert (fmt);
|
|
|
|
va_start (ap, fmt);
|
|
line = g_strdup_vprintf (fmt, ap);
|
|
va_end (ap);
|
|
_items_add_str_take (items, line);
|
|
}
|
|
|
|
static void
|
|
_items_add_strv (GPtrArray *items, const char *prefix, const char *key, const char *const*values)
|
|
{
|
|
gboolean has;
|
|
guint i;
|
|
GString *str;
|
|
|
|
nm_assert (items);
|
|
nm_assert (_is_valid_key (key, -1));
|
|
|
|
if (!values || !values[0]) {
|
|
/* Only add an item if the list of @values is not empty */
|
|
return;
|
|
}
|
|
|
|
str = g_string_new (NULL);
|
|
|
|
if (prefix)
|
|
g_string_append (str, prefix);
|
|
g_string_append (str, key);
|
|
g_string_append_c (str, '=');
|
|
|
|
has = FALSE;
|
|
for (i = 0; values[i]; i++) {
|
|
if (!values[i][0])
|
|
continue;
|
|
if (has)
|
|
g_string_append_c (str, ' ');
|
|
else
|
|
has = TRUE;
|
|
g_string_append (str, values[i]);
|
|
}
|
|
|
|
_items_add_str_take (items, g_string_free (str, FALSE));
|
|
}
|
|
|
|
/*****************************************************************************/
|
|
|
|
static void
|
|
construct_proxy_items (GPtrArray *items, GVariant *proxy_config, const char *prefix)
|
|
{
|
|
GVariant *variant;
|
|
|
|
nm_assert (items);
|
|
|
|
if (!proxy_config)
|
|
return;
|
|
|
|
variant = g_variant_lookup_value (proxy_config, "pac-url", G_VARIANT_TYPE_STRING);
|
|
if (variant) {
|
|
_items_add_key (items, prefix, "PROXY_PAC_URL",
|
|
g_variant_get_string (variant, NULL));
|
|
g_variant_unref (variant);
|
|
}
|
|
|
|
variant = g_variant_lookup_value (proxy_config, "pac-script", G_VARIANT_TYPE_STRING);
|
|
if (variant) {
|
|
_items_add_key (items, prefix, "PROXY_PAC_SCRIPT",
|
|
g_variant_get_string (variant, NULL));
|
|
g_variant_unref (variant);
|
|
}
|
|
}
|
|
|
|
static void
|
|
construct_ip_items (GPtrArray *items, int addr_family, GVariant *ip_config, const char *prefix)
|
|
{
|
|
GVariant *val;
|
|
guint i;
|
|
guint nroutes = 0;
|
|
char four_or_six;
|
|
|
|
if (!ip_config)
|
|
return;
|
|
|
|
if (!prefix)
|
|
prefix = "";
|
|
|
|
four_or_six = nm_utils_addr_family_to_char (addr_family);
|
|
|
|
val = g_variant_lookup_value (ip_config,
|
|
"addresses",
|
|
addr_family == AF_INET
|
|
? G_VARIANT_TYPE ("aau")
|
|
: G_VARIANT_TYPE ("a(ayuay)"));
|
|
if (val) {
|
|
gs_unref_ptrarray GPtrArray *addresses = NULL;
|
|
gs_free char *gateway_free = NULL;
|
|
const char *gateway;
|
|
|
|
if (addr_family == AF_INET)
|
|
addresses = nm_utils_ip4_addresses_from_variant (val, &gateway_free);
|
|
else
|
|
addresses = nm_utils_ip6_addresses_from_variant (val, &gateway_free);
|
|
|
|
gateway = gateway_free ?: "0.0.0.0";
|
|
|
|
if (addresses && addresses->len) {
|
|
for (i = 0; i < addresses->len; i++) {
|
|
NMIPAddress *addr = addresses->pdata[i];
|
|
|
|
_items_add_printf (items,
|
|
"%sIP%c_ADDRESS_%d=%s/%d %s",
|
|
prefix,
|
|
four_or_six,
|
|
i,
|
|
nm_ip_address_get_address (addr),
|
|
nm_ip_address_get_prefix (addr),
|
|
gateway);
|
|
}
|
|
|
|
_items_add_printf (items,
|
|
"%sIP%c_NUM_ADDRESSES=%u",
|
|
prefix,
|
|
four_or_six,
|
|
addresses->len);
|
|
}
|
|
|
|
_items_add_key (items,
|
|
prefix,
|
|
addr_family == AF_INET
|
|
? "IP4_GATEWAY"
|
|
: "IP6_GATEWAY",
|
|
gateway);
|
|
|
|
g_variant_unref (val);
|
|
}
|
|
|
|
val = g_variant_lookup_value (ip_config,
|
|
"nameservers",
|
|
addr_family == AF_INET
|
|
? G_VARIANT_TYPE ("au")
|
|
: G_VARIANT_TYPE ("aay"));
|
|
if (val) {
|
|
gs_strfreev char **v = NULL;
|
|
|
|
if (addr_family == AF_INET)
|
|
v = nm_utils_ip4_dns_from_variant (val);
|
|
else
|
|
v = nm_utils_ip6_dns_from_variant (val);
|
|
_items_add_strv (items,
|
|
prefix,
|
|
addr_family == AF_INET
|
|
? "IP4_NAMESERVERS"
|
|
: "IP6_NAMESERVERS",
|
|
NM_CAST_STRV_CC (v));
|
|
g_variant_unref (val);
|
|
}
|
|
|
|
val = g_variant_lookup_value (ip_config, "domains", G_VARIANT_TYPE_STRING_ARRAY);
|
|
if (val) {
|
|
gs_free const char **v = NULL;
|
|
|
|
v = g_variant_get_strv (val, NULL);
|
|
_items_add_strv (items, prefix,
|
|
addr_family == AF_INET
|
|
? "IP4_DOMAINS"
|
|
: "IP6_DOMAINS",
|
|
v);
|
|
g_variant_unref (val);
|
|
}
|
|
|
|
|
|
if (addr_family == AF_INET) {
|
|
val = g_variant_lookup_value (ip_config, "wins-servers", G_VARIANT_TYPE ("au"));
|
|
if (val) {
|
|
gs_strfreev char **v = NULL;
|
|
|
|
v = nm_utils_ip4_dns_from_variant (val);
|
|
_items_add_strv (items, prefix, "IP4_WINS_SERVERS", NM_CAST_STRV_CC (v));
|
|
g_variant_unref (val);
|
|
}
|
|
}
|
|
|
|
val = g_variant_lookup_value (ip_config,
|
|
"routes",
|
|
addr_family == AF_INET
|
|
? G_VARIANT_TYPE ("aau")
|
|
: G_VARIANT_TYPE ("a(ayuayu)"));
|
|
if (val) {
|
|
gs_unref_ptrarray GPtrArray *routes = NULL;
|
|
|
|
if (addr_family == AF_INET)
|
|
routes = nm_utils_ip4_routes_from_variant (val);
|
|
else
|
|
routes = nm_utils_ip6_routes_from_variant (val);
|
|
|
|
if ( routes
|
|
&& routes->len > 0) {
|
|
const char *const DEFAULT_GW = addr_family == AF_INET ? "0.0.0.0" : "::";
|
|
|
|
nroutes = routes->len;
|
|
|
|
for (i = 0; i < routes->len; i++) {
|
|
NMIPRoute *route = routes->pdata[i];
|
|
|
|
_items_add_printf (items,
|
|
"%sIP%c_ROUTE_%u=%s/%d %s %u",
|
|
prefix,
|
|
four_or_six,
|
|
i,
|
|
nm_ip_route_get_dest (route),
|
|
nm_ip_route_get_prefix (route),
|
|
nm_ip_route_get_next_hop (route) ?: DEFAULT_GW,
|
|
(guint) NM_MAX ((gint64) 0, nm_ip_route_get_metric (route)));
|
|
}
|
|
}
|
|
|
|
g_variant_unref (val);
|
|
}
|
|
if (nroutes > 0 || addr_family == AF_INET) {
|
|
/* we also set IP4_NUM_ROUTES=0, but don't do so for addresses and IPv6 routes.
|
|
* Historic reasons. */
|
|
_items_add_printf (items, "%sIP%c_NUM_ROUTES=%u", prefix, four_or_six, nroutes);
|
|
}
|
|
}
|
|
|
|
static void
|
|
construct_device_dhcp_items (GPtrArray *items, int addr_family, GVariant *dhcp_config)
|
|
{
|
|
GVariantIter iter;
|
|
const char *key;
|
|
GVariant *val;
|
|
char four_or_six;
|
|
gboolean found_unknown_245 = FALSE;
|
|
gs_unref_variant GVariant *private_245_val = NULL;
|
|
|
|
if (!dhcp_config)
|
|
return;
|
|
|
|
if (!g_variant_is_of_type (dhcp_config, G_VARIANT_TYPE_VARDICT))
|
|
return;
|
|
|
|
four_or_six = nm_utils_addr_family_to_char (addr_family);
|
|
|
|
g_variant_iter_init (&iter, dhcp_config);
|
|
while (g_variant_iter_next (&iter, "{&sv}", &key, &val)) {
|
|
if (g_variant_is_of_type (val, G_VARIANT_TYPE_STRING)) {
|
|
gs_free char *ucased = NULL;
|
|
|
|
ucased = _sanitize_var_name (key);
|
|
if (ucased) {
|
|
_items_add_printf (items,
|
|
"DHCP%c_%s=%s",
|
|
four_or_six,
|
|
ucased,
|
|
g_variant_get_string (val, NULL));
|
|
|
|
/* MS Azure sends the server endpoint in the dhcp private
|
|
* option 245. cloud-init searches the Azure server endpoint
|
|
* value looking for the standard dhclient label used for
|
|
* that option, which is "unknown_245".
|
|
* The 11-dhclient script shipped with Fedora and RHEL dhcp
|
|
* package converts our dispatcher environment vars to the
|
|
* dhclient ones (new_<some_option>) and calls dhclient hook
|
|
* scripts.
|
|
* Let's make cloud-init happy and let's duplicate the dhcp
|
|
* option 245 with the legacy name of the default dhclient
|
|
* label also when using the internal client.
|
|
* Note however that the dhclient plugin will have unknown_
|
|
* labels represented as ascii string when possible, falling
|
|
* back to hex string otherwise.
|
|
* private_ labels instead are always in hex string format.
|
|
* This shouldn't affect the MS Azure server endpoint value,
|
|
* as it usually belongs to the 240.0.0.0/4 network and so
|
|
* is always represented as an hex string. Moreover, cloudinit
|
|
* code checks just for an hex value in unknown_245.
|
|
*/
|
|
if (addr_family == AF_INET) {
|
|
if (nm_streq (key, "private_245"))
|
|
private_245_val = g_variant_ref (val);
|
|
else if (nm_streq (key, "unknown_245"))
|
|
found_unknown_245 = true;
|
|
}
|
|
}
|
|
}
|
|
g_variant_unref (val);
|
|
}
|
|
|
|
if (private_245_val != NULL && !found_unknown_245) {
|
|
_items_add_printf (items,
|
|
"DHCP4_UNKNOWN_245=%s",
|
|
g_variant_get_string (private_245_val, NULL));
|
|
}
|
|
}
|
|
|
|
/*****************************************************************************/
|
|
|
|
char **
|
|
nm_dispatcher_utils_construct_envp (const char *action,
|
|
GVariant *connection_dict,
|
|
GVariant *connection_props,
|
|
GVariant *device_props,
|
|
GVariant *device_proxy_props,
|
|
GVariant *device_ip4_props,
|
|
GVariant *device_ip6_props,
|
|
GVariant *device_dhcp4_props,
|
|
GVariant *device_dhcp6_props,
|
|
const char *connectivity_state,
|
|
const char *vpn_ip_iface,
|
|
GVariant *vpn_proxy_props,
|
|
GVariant *vpn_ip4_props,
|
|
GVariant *vpn_ip6_props,
|
|
char **out_iface,
|
|
const char **out_error_message)
|
|
{
|
|
const char *iface = NULL;
|
|
const char *ip_iface = NULL;
|
|
const char *uuid = NULL;
|
|
const char *id = NULL;
|
|
const char *path = NULL;
|
|
const char *filename = NULL;
|
|
gboolean external;
|
|
NMDeviceState dev_state = NM_DEVICE_STATE_UNKNOWN;
|
|
GVariant *variant;
|
|
gs_unref_ptrarray GPtrArray *items = NULL;
|
|
const char *error_message_backup;
|
|
|
|
if (!out_error_message)
|
|
out_error_message = &error_message_backup;
|
|
|
|
g_return_val_if_fail (action != NULL, NULL);
|
|
g_return_val_if_fail (out_iface != NULL, NULL);
|
|
g_return_val_if_fail (*out_iface == NULL, NULL);
|
|
|
|
items = g_ptr_array_new_with_free_func (g_free);
|
|
|
|
/* Hostname and connectivity changes don't require a device nor contain a connection */
|
|
if (NM_IN_STRSET (action, NMD_ACTION_HOSTNAME,
|
|
NMD_ACTION_CONNECTIVITY_CHANGE))
|
|
goto done;
|
|
|
|
/* Connection properties */
|
|
if (g_variant_lookup (connection_props, NMD_CONNECTION_PROPS_PATH, "&o", &path))
|
|
_items_add_key (items, NULL, "CONNECTION_DBUS_PATH", path);
|
|
|
|
if (g_variant_lookup (connection_props, NMD_CONNECTION_PROPS_EXTERNAL, "b", &external) && external)
|
|
_items_add_str (items, "CONNECTION_EXTERNAL=1");
|
|
|
|
if (g_variant_lookup (connection_props, NMD_CONNECTION_PROPS_FILENAME, "&s", &filename))
|
|
_items_add_key (items, NULL, "CONNECTION_FILENAME", filename);
|
|
|
|
/* Canonicalize the VPN interface name; "" is used when passing it through
|
|
* D-Bus so make sure that's fixed up here.
|
|
*/
|
|
if (vpn_ip_iface && !vpn_ip_iface[0])
|
|
vpn_ip_iface = NULL;
|
|
|
|
if (!g_variant_lookup (device_props, NMD_DEVICE_PROPS_INTERFACE, "&s", &iface)) {
|
|
*out_error_message = "Missing or invalid required value " NMD_DEVICE_PROPS_INTERFACE "!";
|
|
return NULL;
|
|
}
|
|
if (!*iface)
|
|
iface = NULL;
|
|
|
|
variant = g_variant_lookup_value (device_props, NMD_DEVICE_PROPS_IP_INTERFACE, NULL);
|
|
if (variant) {
|
|
if (!g_variant_is_of_type (variant, G_VARIANT_TYPE_STRING)) {
|
|
*out_error_message = "Invalid value " NMD_DEVICE_PROPS_IP_INTERFACE "!";
|
|
return NULL;
|
|
}
|
|
g_variant_unref (variant);
|
|
(void) g_variant_lookup (device_props, NMD_DEVICE_PROPS_IP_INTERFACE, "&s", &ip_iface);
|
|
}
|
|
|
|
if (!g_variant_lookup (device_props, NMD_DEVICE_PROPS_TYPE, "u", NULL)) {
|
|
*out_error_message = "Missing or invalid required value " NMD_DEVICE_PROPS_TYPE "!";
|
|
return NULL;
|
|
}
|
|
|
|
variant = g_variant_lookup_value (device_props, NMD_DEVICE_PROPS_STATE, G_VARIANT_TYPE_UINT32);
|
|
if (!variant) {
|
|
*out_error_message = "Missing or invalid required value " NMD_DEVICE_PROPS_STATE "!";
|
|
return NULL;
|
|
}
|
|
dev_state = g_variant_get_uint32 (variant);
|
|
g_variant_unref (variant);
|
|
|
|
if (!g_variant_lookup (device_props, NMD_DEVICE_PROPS_PATH, "o", NULL)) {
|
|
*out_error_message = "Missing or invalid required value " NMD_DEVICE_PROPS_PATH "!";
|
|
return NULL;
|
|
}
|
|
|
|
{
|
|
gs_unref_variant GVariant *con_setting = NULL;
|
|
|
|
con_setting = g_variant_lookup_value (connection_dict, NM_SETTING_CONNECTION_SETTING_NAME, NM_VARIANT_TYPE_SETTING);
|
|
if (!con_setting) {
|
|
*out_error_message = "Failed to read connection setting";
|
|
return NULL;
|
|
}
|
|
|
|
if (!g_variant_lookup (con_setting, NM_SETTING_CONNECTION_UUID, "&s", &uuid)) {
|
|
*out_error_message = "Connection hash did not contain the UUID";
|
|
return NULL;
|
|
}
|
|
|
|
if (!g_variant_lookup (con_setting, NM_SETTING_CONNECTION_ID, "&s", &id)) {
|
|
*out_error_message = "Connection hash did not contain the ID";
|
|
return NULL;
|
|
}
|
|
|
|
_items_add_key0 (items, NULL, "CONNECTION_UUID", uuid);
|
|
_items_add_key0 (items, NULL, "CONNECTION_ID", id);
|
|
_items_add_key0 (items, NULL, "DEVICE_IFACE", iface);
|
|
_items_add_key0 (items, NULL, "DEVICE_IP_IFACE", ip_iface);
|
|
}
|
|
|
|
/* Device items aren't valid if the device isn't activated */
|
|
if ( iface
|
|
&& dev_state == NM_DEVICE_STATE_ACTIVATED) {
|
|
construct_proxy_items (items, device_proxy_props, NULL);
|
|
construct_ip_items (items, AF_INET, device_ip4_props, NULL);
|
|
construct_ip_items (items, AF_INET6, device_ip6_props, NULL);
|
|
construct_device_dhcp_items (items, AF_INET, device_dhcp4_props);
|
|
construct_device_dhcp_items (items, AF_INET6, device_dhcp6_props);
|
|
}
|
|
|
|
if (vpn_ip_iface) {
|
|
_items_add_key (items, NULL, "VPN_IP_IFACE", vpn_ip_iface);
|
|
construct_proxy_items (items, vpn_proxy_props, "VPN_");
|
|
construct_ip_items (items, AF_INET, vpn_ip4_props, "VPN_");
|
|
construct_ip_items (items, AF_INET6, vpn_ip6_props, "VPN_");
|
|
}
|
|
|
|
/* Backwards compat: 'iface' is set in this order:
|
|
* 1) VPN interface name
|
|
* 2) Device IP interface name
|
|
* 3) Device interface anme
|
|
*/
|
|
if (vpn_ip_iface)
|
|
*out_iface = g_strdup (vpn_ip_iface);
|
|
else if (ip_iface)
|
|
*out_iface = g_strdup (ip_iface);
|
|
else
|
|
*out_iface = g_strdup (iface);
|
|
|
|
done:
|
|
/* The connectivity_state value will only be meaningful for 'connectivity-change' events
|
|
* (otherwise it will be "UNKNOWN"), so we only set the environment variable in those cases.
|
|
*/
|
|
if (!NM_IN_STRSET (connectivity_state, NULL, "UNKNOWN"))
|
|
_items_add_key (items, NULL, "CONNECTIVITY_STATE", connectivity_state);
|
|
|
|
_items_add_key0 (items, NULL, "PATH", g_getenv ("PATH"));
|
|
|
|
_items_add_key (items, NULL, "NM_DISPATCHER_ACTION", action);
|
|
|
|
*out_error_message = NULL;
|
|
g_ptr_array_add (items, NULL);
|
|
return (char **) g_ptr_array_free (g_steal_pointer (&items), FALSE);
|
|
}
|