1. 13 Sep, 2021 1 commit
    • Thomas Haller's avatar
      nmcli: make relatives path for `nmcli connection load` absolute · d4a367b4
      Thomas Haller authored
      NetworkManager (the daemon) has no defined working directory, so
      it can only handle absolute path names. This is in general and also for
      the LoadConnections() D-Bus call.
      
      That means, nmcli should make relative paths absolute.
      
      We don't use g_canonicalize_filename() because that also cleans up
      double slash and "/./". I don't think we should do that in this case, we
      should only prepend $PWD to make the path absolute.
      
      #794
      d4a367b4
  2. 26 Aug, 2021 2 commits
  3. 02 Aug, 2021 2 commits
  4. 29 Jul, 2021 2 commits
    • Thomas Haller's avatar
      cli: fix leak of text for libreadline · 72433a10
      Thomas Haller authored
      Coverity warns about this:
      
          Error: RESOURCE_LEAK (CWE-772):
          NetworkManager-1.32.4/src/nmcli/agent.c:87: alloc_fn: Storage is returned from allocation function "g_strdup".
          NetworkManager-1.32.4/src/nmcli/agent.c:87: var_assign: Assigning: "pre_input_deftext" = storage returned from "g_strdup(secret->value)".
          NetworkManager-1.32.4/src/nmcli/agent.c:87: overwrite_var: Overwriting "pre_input_deftext" in "pre_input_deftext = g_strdup(secret->value)" leaks the storage that "pre_input_deftext" points to.
          #   85|               /* Prefill the password if we have it. */
          #   86|               rl_startup_hook   = set_deftext;
          #   87|->             pre_input_deftext = g_strdup(secret->value);
          #   88|           }
          #   89|           if (secret->no_prompt_entry_id)
      
          Error: RESOURCE_LEAK (CWE-772):
          NetworkManager-1.32.4/src/nmcli/common.c:712: alloc_fn: Storage is returned from allocation function "g_strdup".
          NetworkManager-1.32.4/src/nmcli/common.c:712: var_assign: Assigning: "nmc_rl_pre_input_deftext" = storage returned from "g_strdup(secret->value)".
          NetworkManager-1.32.4/src/nmcli/common.c:712: overwrite_var: Overwriting "nmc_rl_pre_input_deftext" in "nmc_rl_pre_input_deftext = g_strdup(secret->value)" leaks the storage that "nmc_rl_pre_input_deftext" points to.
          #  710|                           /* Prefill the password if we have it. */
          #  711|                           rl_startup_hook          = nmc_rl_set_deftext;
          #  712|->                         nmc_rl_pre_input_deftext = g_strdup(secret->value);
          #  713|                       }
          #  714|                   }
      72433a10
    • Thomas Haller's avatar
      all: unify and rename strv helper API · 4c3aac89
      Thomas Haller authored
      Naming is important, because the name of a thing should give you a good
      idea what it does. Also, to find a thing, it needs a good name in the
      first place. But naming is also hard.
      
      Historically, some strv helper API was named as nm_utils_strv_*(),
      and some API had a leading underscore (as it is internal API).
      
      This was all inconsistent. Do some renaming and try to unify things.
      
      We get rid of the leading underscore if this is just a regular
      (internal) helper. But not for example from _nm_strv_find_first(),
      because that is the implementation of nm_strv_find_first().
      
        - _nm_utils_strv_cleanup()                 -> nm_strv_cleanup()
        - _nm_utils_strv_cleanup_const()           -> nm_strv_cleanup_const()
        - _nm_utils_strv_cmp_n()                   -> _nm_strv_cmp_n()
        - _nm_utils_strv_dup()                     -> _nm_strv_dup()
        - _nm_utils_strv_dup_packed()              -> _nm_strv_dup_packed()
        - _nm_utils_strv_find_first()              -> _nm_strv_find_first()
        -...
      4c3aac89
  5. 14 Jul, 2021 2 commits
    • Lukasz Majewski's avatar
      cli: Provide optional support for libedit instead of readline · d1dad6ae
      Lukasz Majewski authored
      The libreadline starting from version 6 is licensed as GPLv3. For some
      use cases it is not acceptable to use this license.
      
      In the NetworkManager the libreadline is used by nmcli.
      This change allows using libedit instead of libreadline.
      
      Following adjustments were made:
      1. The history_set_history_state() is not supported in the libedit.
         Instead, the where_history() with remove_history() were used to remove
         the history content if needed.
      
      2. rl_complete_with_tilde_expansion - it is the binary flag used only
         when one wants to have the expansion support. The libedit is not
         supporting and hence exporting this flag.
      d1dad6ae
    • Lukasz Majewski's avatar
      cli: Provide rl_completion_display_matches_hook function only for libreadline · 82344502
      Lukasz Majewski authored
      When one wants to compile the nmcli with libedit (GPLv2 replacement of
      libreadline) the rl_completion_display_matches_hook hook shall be left
      untouched (as NULL) as it is not supported in libedit.
      82344502
  6. 08 Jul, 2021 3 commits
    • Thomas Haller's avatar
      cli: fail `nmcli connection up $PROFILE ifname $DEVICE` for non-existing virtual device · d0349f17
      Thomas Haller authored
        $ nmcli connection add type dummy con-name x autoconnect no ipv4.method disabled ipv6.method disabled ifname d0
        $ mcli connection up x ifname bogus
        Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/12)
      
      This is not right. A non-existing ifname argument was simply ignored
      and nmcli would tell NetworkManager to activate the profile (on any
      device).
      
      Instead, if the user specifies a device argument, also for a virtual
      type, it must exist.
      
      Note that usually for virtual devices (like 'dummy'), the device
      in fact does not exist, so passing `ifname` is likely to fail.
      If the device already exists, then the command is no going to work
      as expected, with
      
        $ mcli connection up x ifname d0
      
      succeeding, while
      
        $ mcli connection up x ifname d1
      
      fails (as intended) with
      
        Error: device 'd1' not compatible with connection 'x': The interface names of the device and the connection didn't match..
      d0349f17
    • Thomas Haller's avatar
      cli: improve error message for device not found · bb3c93bf
      Thomas Haller authored
        $ nmcli connection add type ethernet con-name x autoconnect no ipv4.method disabled ipv6.method disabled
        $ nmcli connection up x ifname bogus
        Error: device 'bogus' not compatible with connection 'x'.
      
      Better would be:
      
        Error: device 'bogus' not found for connection 'x'.
      bb3c93bf
    • Thomas Haller's avatar
  7. 11 Jun, 2021 2 commits
    • Thomas Haller's avatar
      cli: avoid coverity warning in do_connection_down() · 91f5c5e7
      Thomas Haller authored
          Error: USE_AFTER_FREE (CWE-416): [#def729] [important]
          NetworkManager-1.31.90/src/nmcli/connections.c:3288: freed_arg: "connection_cb_info_finish" frees "info".
          NetworkManager-1.31.90/src/nmcli/connections.c:3287: pass_freed_arg: Passing freed pointer "info" as an argument to "g_signal_handlers_disconnect_matched".
          # 3285|
          # 3286|               if (info) {
          # 3287|->                 g_signal_handlers_disconnect_by_func(active, down_active_connection_state_cb, info);
          # 3288|                   connection_cb_info_finish(info, active);
          # 3289|               }
      
      (cherry picked from commit 627503ad)
      91f5c5e7
    • Thomas Haller's avatar
      cli: avoid coverity warning in do_connection_down() · 627503ad
      Thomas Haller authored
          Error: USE_AFTER_FREE (CWE-416): [#def729] [important]
          NetworkManager-1.31.90/src/nmcli/connections.c:3288: freed_arg: "connection_cb_info_finish" frees "info".
          NetworkManager-1.31.90/src/nmcli/connections.c:3287: pass_freed_arg: Passing freed pointer "info" as an argument to "g_signal_handlers_disconnect_matched".
          # 3285|
          # 3286|               if (info) {
          # 3287|->                 g_signal_handlers_disconnect_by_func(active, down_active_connection_state_cb, info);
          # 3288|                   connection_cb_info_finish(info, active);
          # 3289|               }
      627503ad
  8. 03 May, 2021 3 commits
  9. 17 Apr, 2021 1 commit
  10. 01 Apr, 2021 1 commit
  11. 15 Mar, 2021 1 commit
  12. 02 Mar, 2021 1 commit
  13. 24 Feb, 2021 1 commit
  14. 09 Feb, 2021 1 commit
  15. 05 Jan, 2021 1 commit
    • Thomas Haller's avatar
      all: update deprecated SPDX license identifiers · 977ea352
      Thomas Haller authored
      These SPDX license identifiers are deprecated ([1]). Update them.
      
      [1] https://spdx.org/licenses/
      
        sed \
           -e '1 s%^/\* SPDX-License-Identifier: \(GPL-2.0\|LGPL-2.1\)+ \*/$%/* SPDX-License-Identifier: \1-or-later */%' \
           -e '1,2 s%^\(--\|#\|//\) SPDX-License-Identifier: \(GPL-2.0\|LGPL-2.1\)+$%\1 SPDX-License-Identifier: \2-or-later%' \
           -i \
           $(git grep -l SPDX-License-Identifier -- \
               ':(exclude)shared/c-*/' \
               ':(exclude)shared/n-*/' \
               ':(exclude)shared/systemd/src' \
               ':(exclude)src/systemd/src')
      977ea352
  16. 13 Dec, 2020 1 commit
    • Thomas Haller's avatar
      all: remove unnecessary <netinet/ether.h> includes · 7f4a7bf4
      Thomas Haller authored
      <netinet/ether.h> with musl defines ethhdr struct, which conflicts
      with <linux/if_ether.h>. The latter is included by "nm-utils.h",
      so this is a problem.
      
      Drop includes of "netinet/ether.h" that are not necessary.
      7f4a7bf4
  17. 27 Nov, 2020 1 commit
    • Fernando Fernández Mancera's avatar
      veth: add support to configure veth interfaces · cd0cf922
      Fernando Fernández Mancera authored
      NetworkManager is now able to configure veth interfaces throught the
      NMSettingVeth. Veth interfaces only have "peer" property.
      
      In order to support Veth interfaces in NetworkManager the design need
      to pass the following requirements:
      
       * Veth setting only has "peer" attribute.
       * Ethernet profiles must be applicable to Veth interfaces.
       * When creating a veth interface, the peer will be managed by
         NetworkManager but will not have a profile.
       * Veth connection can reapply only if the peer has not been modified.
       * In order to modify the veth peer, NetworkManager must deactivate the
         connection and create a new one with peer modified.
      
      In general, it should support the basis of veth interfaces but without
      breaking any existing feature or use case. The users that are using veth
      interfaces as ethernet should not notice anything changed unless they
      specified the veth peer setting.
      
      Creating a Veth interface in NetworkManager is useful even without the
      support for namespaces for some use cases, e.g "connecting one side of
      the veth to an OVS bridge and the other side to a Linux bridge" this is
      done when using OVN kubernetes [1][2]. In addition, it would provide
      persistent configuration and rollback support for Veth interfaces.
      
      [1] https://bugzilla.redhat.com/show_bug.cgi?id=1885605
      [2] https://bugzilla.redhat.com/show_bug.cgi?id=1894139
      
      Signed-off-by: Fernando Fernández Mancera's avatarFernando Fernandez Mancera <ffmancera@riseup.net>
      cd0cf922
  18. 18 Nov, 2020 2 commits
    • Thomas Haller's avatar
      cli: replace if-else-if construct in nmc_process_connection_properties() by continue · 8dc28e4b
      Thomas Haller authored
      The if-else-if constuct spans many lines and it is not easy to see that
      there is no common action after the if-else-if construct.
      
      Instead, at the end of each if-block, just "continue" the loop. This
      is similar to a "return-early" apprach and it mean you don't need
      to think what happens at the end of the if-block.
      8dc28e4b
    • Thomas Haller's avatar
      cli: don't fail `nmcli con modify $PROFILE remove $SETTING` for non-existing setting · 1d6c2601
      Thomas Haller authored
      Removing a setting that is not present should not be an error. The user
      asked that the profile doesn't have the requested setting, and that
      should succeed (even if that results in no actual change).
      
      Consider when you want to make a hotspot profile "open". That implies
      to remove the "wifi-sec" and "802-1x" settings. But you may
      not check before whether the profile is already open, and whether
      it already has those settings. We should just allow
      
        $ nmcli connection modify "$PROFILE" remove wifi-sec remove 802-1x
      
      to succeed, regardless whether this changes anything or not.
      
      Likewise, if you do
      
        $ nmcli connection modify "$PROFILE" con-name foo
        $ nmcli connection modify "$PROFILE" con-name foo
      
      then the second command doesn't fail with "the name is
      already \"foo\"". It just succeeds.
      1d6c2601
  19. 16 Nov, 2020 1 commit
  20. 22 Oct, 2020 1 commit
  21. 09 Oct, 2020 2 commits
    • Thomas Haller's avatar
      cli: fix showing active state for `nmcli con show` with fields · bb802507
      Thomas Haller authored
      With "connection.multi-connect", a profile can be activated multiple
      times on a device with `nmcli connection show`. Also, a profile may be
      in the process of deactivating on one device, while activating on
      another one. So, in general it's possible that `nmcli connection show`
      lists the same profile on multiple lines (reflecting their multiple
      activation states).
      
      If the user requests no fields that are part of the activation state,
      then the active connections are ignored. For example with `nmcli
      -f UUID,NAME connection show`. In that case, each profile is listed only
      once.
      
      On the other hand, with `nmcli -g UUID,NAME,DEVICE connection show` the
      user again requested also to see the activation state, and a profile can
      appear multiple times.
      
      To handle that, we need to consider which fields were requested.
      
      There was a bug where the "ACTIVE" field was not treated as part of the
      activation state. That results in `nmcli -f UUID,NAME,ACTIVE connection
      show` always returning "no". Fix that.
      
      Fixes: a1b25a47 ('cli: rework printing of `nmcli connection` for multiple active connections')
      
      #547
      
      !642
      (cherry picked from commit 4eb3b5b9)
      bb802507
    • Thomas Haller's avatar
      cli: fix showing active state for `nmcli con show` with fields · 4eb3b5b9
      Thomas Haller authored
      With "connection.multi-connect", a profile can be activated multiple
      times on a device with `nmcli connection show`. Also, a profile may be
      in the process of deactivating on one device, while activating on
      another one. So, in general it's possible that `nmcli connection show`
      lists the same profile on multiple lines (reflecting their multiple
      activation states).
      
      If the user requests no fields that are part of the activation state,
      then the active connections are ignored. For example with `nmcli
      -f UUID,NAME connection show`. In that case, each profile is listed only
      once.
      
      On the other hand, with `nmcli -g UUID,NAME,DEVICE connection show` the
      user again requested also to see the activation state, and a profile can
      appear multiple times.
      
      To handle that, we need to consider which fields were requested.
      
      There was a bug where the "ACTIVE" field was not treated as part of the
      activation state. That results in `nmcli -f UUID,NAME,ACTIVE connection
      show` always returning "no". Fix that.
      
      Fixes: a1b25a47 ('cli: rework printing of `nmcli connection` for multiple active connections')
      
      NetworkManager/NetworkManager#547
      
      NetworkManager/NetworkManager!642
      4eb3b5b9
  22. 29 Sep, 2020 2 commits
  23. 28 Sep, 2020 3 commits
  24. 02 Sep, 2020 1 commit
  25. 25 Aug, 2020 1 commit
  26. 19 Jul, 2020 1 commit