1. 15 Jun, 2011 5 commits
    • Dan Williams's avatar
      vpn: fix handling of connections with only system secrets · fb62f395
      Dan Williams authored
      The core problem was the nm_connection_need_secrets() call in
      nm-agent-manager.c's get_start() function; for VPN settings this
      always returns TRUE.  Thus if a VPN connection had only system
      secrets, when the agent manager checked if additional secrets
      were required, they would be, and agents would be asked for
      secrets they didn't have and couldn't provide.  Thus the
      connection would fail.  nm_connection_need_secrets() simply
      can't know if VPN secrets are really required because it
      doesn't know anything about the internal VPN private data;
      only the plugin itself can tell us if secrets are required.
      If the system secrets are sufficient we shouldn't be asking any
      agents for secrets at all.  So implement a three-step secrets
      path for VPN connections.  First we retrieve existing system
      secrets, and ask the plugin if these are sufficient.  Second we
      request both existing system secrets and existing agent secrets
      and again ask the plugin if these are sufficient.  If both those
      fail, we ask agents for new secrets.
    • Jiří Klimeš's avatar
    • Jiří Klimeš's avatar
    • Jiří Klimeš's avatar
      core: socket() returns -1 on failure · acc3025d
      Jiří Klimeš authored
    • Jiří Klimeš's avatar
      ifcfg-rh: socket() returns -1 on failure · 17bc5867
      Jiří Klimeš authored
  2. 14 Jun, 2011 10 commits
  3. 13 Jun, 2011 2 commits
  4. 08 Jun, 2011 4 commits
  5. 07 Jun, 2011 4 commits
    • Dan Williams's avatar
      settings: ensure transient secrets are ignored when rereading connections (rh #703785) · 9cba854f
      Dan Williams authored
      When a connection changes on-disk, the in-memory copy of it may contain
      transient secrets (agent-owned or not saved) that dont' get written out
      to disk.  When comparing the on-disk copy to the in-memory copy make sure
      transient secrets are ignored so that we don't re-read the on-disk copy
    • Dan Williams's avatar
      libnm-util: add new compare flags for ignoring various types of secrets · 864db9f9
      Dan Williams authored
      It turns out we need a way to ignore transient (agent-owned or unsaved)
      secrets during connection comparison.  For example, if the user is
      connecting to a network where the password is not saved, other
      changes could trigger a writeout of that connection to disk when
      connecting, which would the connection back in due to inotify, and the
      re-read connection would then no longer be recognized as the same as
      the in-memory connection due to the transient secret which obviously
      wasn't read in from disk.
      Adding these compare flags allows the code to not bother writing the
      connection out to disk when the only difference between the on-disk
      and in-memory connections are secrets that shouldn't get written to
      disk anyway.
    • Dan Williams's avatar
      core: simplify device activation precheck · a2acfdd4
      Dan Williams authored
      The FIXME is correct; comparing the whole connection is just dumb now
      since all connections are owned by NM, so we can simply compare pointers
      to figure out of the incoming activation request is using the same
      connection as the current activation request.  Plus, this comparison
      would fail entirely if the connection has transient/always-ask secrets.
    • Dan Williams's avatar
      core: more BT device removed log message less noisy · f1329b48
      Dan Williams authored
      Don't log when any BT device is removed, just log when a device
      we actually care about is removed.
  6. 06 Jun, 2011 3 commits
  7. 02 Jun, 2011 1 commit
    • Dan Williams's avatar
      core: add some logging for activation and disconnection · 650c5467
      Dan Williams authored
      'vperic' had an interesting problem on IRC where every 10 minutes
      the ethernet would change state from ACTIVATED -> DISCONNECTED with
      a reason code of 0; the only thing I can find is that something was
      telling NM to activate a connection periodically, becasue that appears
      to be the only place that changes state to DISCONNECTED with a
      reason code of 0.  No logging; no apparent carrier changes.
      So log this condition just in case we run into it later.
  8. 01 Jun, 2011 5 commits
    • Dan Williams's avatar
      keyfile: better handle cert/key files that don't exist (bgo #649807) · d2ae0bac
      Dan Williams authored
      The keyfile code has to handle a few different formats of cert/key values,
      and wasn't doing a good enough job of detecting plain paths as values.  By
      default the writer will write out a plain path (ie, not prefixed with file://)
      and the reader will handle that correctly, *unless* that file does not
      exist, at which the reader assumed it was a byte array.  This caused the
      read-in keyfile not to match the in-memory connection (since the in-memory
      connection though the cert/key held a path, but the read-in one thought it
      contained a blob) and this seems to eventually have triggered a write-out
      with the new values (as a blob), which would then drop a .pem file into
      system-connections/ containing the path that should have been in the
      keyfile in the first place.
      This all happened because we assumed that the given path for the cert or
      key would actually be valid, which doesn't seem to be the case for a lot
      of people.  Clearly these connections won't work (since the certificate or
      key does not exist) but the keyfile plugin shouldn't be messing up the
      connection's settings at the very least.
      Fix that by handling the check of whether the cert/key data is a path or
      not in a less restrictive manner and add some testcases to make sure that
      everything works as we expect.
    • Dan Williams's avatar
      keyfile: write relative cert/key paths too · 0f37efd7
      Dan Williams authored
      If the cert/key path is relative to the keyfile then don't
      bother writing the absolute path out.  This also prevents the
      keyfile plugin from rewriting a relative path to an absolute one,
      preventing some annoyance for people that hand-edit keyfiles.
    • Dan Williams's avatar
      keyfile: convert relative cert/key paths to absolute ones when reading · 06ec2a53
      Dan Williams authored
      Passing a relative path to wpa_supplicant does no good since the supplicant
      may not have the same working directory as NetworkManager.  Relative paths
      used in keyfiles are assumed to be relative to the keyfile itself anyway,
      so actually use the absolute path we compute for the cert/key instead of
      leaving it relative.
    • Dan Williams's avatar
      keyfile: ignore .pem and .der file changes · c1dd5307
      Dan Williams authored
      Since the keyfile plugin only stores the paths of these files,
      we don't really care about what's in them.  We also don't want
      to attempt to read them as keyfiles, which produces warnings
      in the logs.
    • Dan Williams's avatar
      libnm-glib: fix up empty object path demarshalling after 8afce859 · 10ea7a91
      Dan Williams authored
      G_VALUE_HOLDS will fail if the value variable is NULL, so we only
      want to check that the GValue holds the right type if the value
      is valid.  NULL means "no object path" in demarshallers.
  9. 31 May, 2011 1 commit
  10. 30 May, 2011 2 commits
  11. 27 May, 2011 3 commits