Commit a6733c8b authored by Jiří Klimeš's avatar Jiří Klimeš

core: add MAC address blacklisting feature for WiFi and ethernet connections

"mac-address-blacklist" property is added to the ethernet and WiFi connections.
It is the MAC addresses list of devices on which the connection won't be
activated.

Original patch (NM_0_8 branch) from Thomas Bechtold <thomasbechtold@jpberlin.de>
parent f340c44f
...@@ -342,6 +342,7 @@ global: ...@@ -342,6 +342,7 @@ global:
nm_setting_wired_get_cloned_mac_address; nm_setting_wired_get_cloned_mac_address;
nm_setting_wired_get_duplex; nm_setting_wired_get_duplex;
nm_setting_wired_get_mac_address; nm_setting_wired_get_mac_address;
nm_setting_wired_get_mac_address_blacklist;
nm_setting_wired_get_mtu; nm_setting_wired_get_mtu;
nm_setting_wired_get_num_s390_options; nm_setting_wired_get_num_s390_options;
nm_setting_wired_get_port; nm_setting_wired_get_port;
...@@ -362,6 +363,7 @@ global: ...@@ -362,6 +363,7 @@ global:
nm_setting_wireless_get_channel; nm_setting_wireless_get_channel;
nm_setting_wireless_get_cloned_mac_address; nm_setting_wireless_get_cloned_mac_address;
nm_setting_wireless_get_mac_address; nm_setting_wireless_get_mac_address;
nm_setting_wireless_get_mac_address_blacklist;
nm_setting_wireless_get_mode; nm_setting_wireless_get_mode;
nm_setting_wireless_get_mtu; nm_setting_wireless_get_mtu;
nm_setting_wireless_get_num_seen_bssids; nm_setting_wireless_get_num_seen_bssids;
......
...@@ -19,7 +19,7 @@ ...@@ -19,7 +19,7 @@
* Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, * Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301 USA. * Boston, MA 02110-1301 USA.
* *
* (C) Copyright 2007 - 2010 Red Hat, Inc. * (C) Copyright 2007 - 2011 Red Hat, Inc.
* (C) Copyright 2007 - 2008 Novell, Inc. * (C) Copyright 2007 - 2008 Novell, Inc.
*/ */
...@@ -27,6 +27,7 @@ ...@@ -27,6 +27,7 @@
#include <ctype.h> #include <ctype.h>
#include <net/ethernet.h> #include <net/ethernet.h>
#include <dbus/dbus-glib.h> #include <dbus/dbus-glib.h>
#include <netinet/ether.h>
#include "nm-setting-wired.h" #include "nm-setting-wired.h"
#include "nm-param-spec-specialized.h" #include "nm-param-spec-specialized.h"
...@@ -79,6 +80,7 @@ typedef struct { ...@@ -79,6 +80,7 @@ typedef struct {
gboolean auto_negotiate; gboolean auto_negotiate;
GByteArray *device_mac_address; GByteArray *device_mac_address;
GByteArray *cloned_mac_address; GByteArray *cloned_mac_address;
GSList *mac_address_blacklist;
guint32 mtu; guint32 mtu;
GPtrArray *s390_subchannels; GPtrArray *s390_subchannels;
char *s390_nettype; char *s390_nettype;
...@@ -93,6 +95,7 @@ enum { ...@@ -93,6 +95,7 @@ enum {
PROP_AUTO_NEGOTIATE, PROP_AUTO_NEGOTIATE,
PROP_MAC_ADDRESS, PROP_MAC_ADDRESS,
PROP_CLONED_MAC_ADDRESS, PROP_CLONED_MAC_ADDRESS,
PROP_MAC_ADDRESS_BLACKLIST,
PROP_MTU, PROP_MTU,
PROP_S390_SUBCHANNELS, PROP_S390_SUBCHANNELS,
PROP_S390_NETTYPE, PROP_S390_NETTYPE,
...@@ -165,6 +168,14 @@ nm_setting_wired_get_cloned_mac_address (NMSettingWired *setting) ...@@ -165,6 +168,14 @@ nm_setting_wired_get_cloned_mac_address (NMSettingWired *setting)
return NM_SETTING_WIRED_GET_PRIVATE (setting)->cloned_mac_address; return NM_SETTING_WIRED_GET_PRIVATE (setting)->cloned_mac_address;
} }
const GSList *
nm_setting_wired_get_mac_address_blacklist (NMSettingWired *setting)
{
g_return_val_if_fail (NM_IS_SETTING_WIRED (setting), NULL);
return NM_SETTING_WIRED_GET_PRIVATE (setting)->mac_address_blacklist;
}
guint32 guint32
nm_setting_wired_get_mtu (NMSettingWired *setting) nm_setting_wired_get_mtu (NMSettingWired *setting)
{ {
...@@ -363,6 +374,7 @@ verify (NMSetting *setting, GSList *all_settings, GError **error) ...@@ -363,6 +374,7 @@ verify (NMSetting *setting, GSList *all_settings, GError **error)
const char *valid_duplex[] = { "half", "full", NULL }; const char *valid_duplex[] = { "half", "full", NULL };
const char *valid_nettype[] = { "qeth", "lcs", "ctc", NULL }; const char *valid_nettype[] = { "qeth", "lcs", "ctc", NULL };
GHashTableIter iter; GHashTableIter iter;
GSList* mac_blacklist_iter;
const char *key, *value; const char *key, *value;
if (priv->port && !_nm_utils_string_in_list (priv->port, valid_ports)) { if (priv->port && !_nm_utils_string_in_list (priv->port, valid_ports)) {
...@@ -389,6 +401,19 @@ verify (NMSetting *setting, GSList *all_settings, GError **error) ...@@ -389,6 +401,19 @@ verify (NMSetting *setting, GSList *all_settings, GError **error)
return FALSE; return FALSE;
} }
for (mac_blacklist_iter = priv->mac_address_blacklist; mac_blacklist_iter;
mac_blacklist_iter = mac_blacklist_iter->next) {
struct ether_addr addr;
if (!ether_aton_r (mac_blacklist_iter->data, &addr)) {
g_set_error (error,
NM_SETTING_WIRED_ERROR,
NM_SETTING_WIRED_ERROR_INVALID_PROPERTY,
NM_SETTING_WIRED_MAC_ADDRESS_BLACKLIST);
return FALSE;
}
}
if ( priv->s390_subchannels if ( priv->s390_subchannels
&& !(priv->s390_subchannels->len == 3 || priv->s390_subchannels->len == 2)) { && !(priv->s390_subchannels->len == 3 || priv->s390_subchannels->len == 2)) {
g_set_error (error, g_set_error (error,
...@@ -456,6 +481,8 @@ finalize (GObject *object) ...@@ -456,6 +481,8 @@ finalize (GObject *object)
if (priv->cloned_mac_address) if (priv->cloned_mac_address)
g_byte_array_free (priv->cloned_mac_address, TRUE); g_byte_array_free (priv->cloned_mac_address, TRUE);
nm_utils_slist_free (priv->mac_address_blacklist, g_free);
G_OBJECT_CLASS (nm_setting_wired_parent_class)->finalize (object); G_OBJECT_CLASS (nm_setting_wired_parent_class)->finalize (object);
} }
...@@ -497,6 +524,10 @@ set_property (GObject *object, guint prop_id, ...@@ -497,6 +524,10 @@ set_property (GObject *object, guint prop_id,
g_byte_array_free (priv->cloned_mac_address, TRUE); g_byte_array_free (priv->cloned_mac_address, TRUE);
priv->cloned_mac_address = g_value_dup_boxed (value); priv->cloned_mac_address = g_value_dup_boxed (value);
break; break;
case PROP_MAC_ADDRESS_BLACKLIST:
nm_utils_slist_free (priv->mac_address_blacklist, g_free);
priv->mac_address_blacklist = g_value_dup_boxed (value);
break;
case PROP_MTU: case PROP_MTU:
priv->mtu = g_value_get_uint (value); priv->mtu = g_value_get_uint (value);
break; break;
...@@ -550,6 +581,9 @@ get_property (GObject *object, guint prop_id, ...@@ -550,6 +581,9 @@ get_property (GObject *object, guint prop_id,
case PROP_CLONED_MAC_ADDRESS: case PROP_CLONED_MAC_ADDRESS:
g_value_set_boxed (value, nm_setting_wired_get_cloned_mac_address (setting)); g_value_set_boxed (value, nm_setting_wired_get_cloned_mac_address (setting));
break; break;
case PROP_MAC_ADDRESS_BLACKLIST:
g_value_set_boxed (value, nm_setting_wired_get_mac_address_blacklist (setting));
break;
case PROP_MTU: case PROP_MTU:
g_value_set_uint (value, nm_setting_wired_get_mtu (setting)); g_value_set_uint (value, nm_setting_wired_get_mtu (setting));
break; break;
...@@ -685,6 +719,25 @@ nm_setting_wired_class_init (NMSettingWiredClass *setting_class) ...@@ -685,6 +719,25 @@ nm_setting_wired_class_init (NMSettingWiredClass *setting_class)
"This is known as MAC cloning or spoofing.", "This is known as MAC cloning or spoofing.",
DBUS_TYPE_G_UCHAR_ARRAY, DBUS_TYPE_G_UCHAR_ARRAY,
G_PARAM_READWRITE | NM_SETTING_PARAM_SERIALIZE)); G_PARAM_READWRITE | NM_SETTING_PARAM_SERIALIZE));
/**
* NMSettingWired:mac-address-blacklist:
*
* If specified, this connection will never apply to the ethernet device
* whose permanent MAC address matches an address in the list. Each
* MAC address is in the standard hex-digits-and-colons notation
* (00:11:22:33:44:55).
**/
g_object_class_install_property
(object_class, PROP_MAC_ADDRESS_BLACKLIST,
_nm_param_spec_specialized (NM_SETTING_WIRED_MAC_ADDRESS_BLACKLIST,
"MAC Address Blacklist",
"If specified, this connection will never apply to "
"the ethernet device whose permanent MAC address matches "
"an address in the list. Each MAC address is in the "
"standard hex-digits-and-colons notation (00:11:22:33:44:55).",
DBUS_TYPE_G_LIST_OF_STRING,
G_PARAM_READWRITE | NM_SETTING_PARAM_SERIALIZE | NM_SETTING_PARAM_FUZZY_IGNORE));
/** /**
* NMSettingWired:mtu: * NMSettingWired:mtu:
......
...@@ -19,7 +19,7 @@ ...@@ -19,7 +19,7 @@
* Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, * Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301 USA. * Boston, MA 02110-1301 USA.
* *
* (C) Copyright 2007 - 2010 Red Hat, Inc. * (C) Copyright 2007 - 2011 Red Hat, Inc.
* (C) Copyright 2007 - 2008 Novell, Inc. * (C) Copyright 2007 - 2008 Novell, Inc.
*/ */
...@@ -58,6 +58,7 @@ GQuark nm_setting_wired_error_quark (void); ...@@ -58,6 +58,7 @@ GQuark nm_setting_wired_error_quark (void);
#define NM_SETTING_WIRED_AUTO_NEGOTIATE "auto-negotiate" #define NM_SETTING_WIRED_AUTO_NEGOTIATE "auto-negotiate"
#define NM_SETTING_WIRED_MAC_ADDRESS "mac-address" #define NM_SETTING_WIRED_MAC_ADDRESS "mac-address"
#define NM_SETTING_WIRED_CLONED_MAC_ADDRESS "cloned-mac-address" #define NM_SETTING_WIRED_CLONED_MAC_ADDRESS "cloned-mac-address"
#define NM_SETTING_WIRED_MAC_ADDRESS_BLACKLIST "mac-address-blacklist"
#define NM_SETTING_WIRED_MTU "mtu" #define NM_SETTING_WIRED_MTU "mtu"
#define NM_SETTING_WIRED_S390_SUBCHANNELS "s390-subchannels" #define NM_SETTING_WIRED_S390_SUBCHANNELS "s390-subchannels"
#define NM_SETTING_WIRED_S390_NETTYPE "s390-nettype" #define NM_SETTING_WIRED_S390_NETTYPE "s390-nettype"
...@@ -86,6 +87,7 @@ const char * nm_setting_wired_get_duplex (NMSettingWired *setting ...@@ -86,6 +87,7 @@ const char * nm_setting_wired_get_duplex (NMSettingWired *setting
gboolean nm_setting_wired_get_auto_negotiate (NMSettingWired *setting); gboolean nm_setting_wired_get_auto_negotiate (NMSettingWired *setting);
const GByteArray *nm_setting_wired_get_mac_address (NMSettingWired *setting); const GByteArray *nm_setting_wired_get_mac_address (NMSettingWired *setting);
const GByteArray *nm_setting_wired_get_cloned_mac_address (NMSettingWired *setting); const GByteArray *nm_setting_wired_get_cloned_mac_address (NMSettingWired *setting);
const GSList *nm_setting_wired_get_mac_address_blacklist (NMSettingWired *setting);
guint32 nm_setting_wired_get_mtu (NMSettingWired *setting); guint32 nm_setting_wired_get_mtu (NMSettingWired *setting);
const GPtrArray * nm_setting_wired_get_s390_subchannels (NMSettingWired *setting); const GPtrArray * nm_setting_wired_get_s390_subchannels (NMSettingWired *setting);
......
...@@ -19,7 +19,7 @@ ...@@ -19,7 +19,7 @@
* Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, * Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301 USA. * Boston, MA 02110-1301 USA.
* *
* (C) Copyright 2007 - 2010 Red Hat, Inc. * (C) Copyright 2007 - 2011 Red Hat, Inc.
* (C) Copyright 2007 - 2008 Novell, Inc. * (C) Copyright 2007 - 2008 Novell, Inc.
*/ */
...@@ -89,6 +89,7 @@ typedef struct { ...@@ -89,6 +89,7 @@ typedef struct {
guint32 tx_power; guint32 tx_power;
GByteArray *device_mac_address; GByteArray *device_mac_address;
GByteArray *cloned_mac_address; GByteArray *cloned_mac_address;
GSList *mac_address_blacklist;
guint32 mtu; guint32 mtu;
GSList *seen_bssids; GSList *seen_bssids;
char *security; char *security;
...@@ -105,6 +106,7 @@ enum { ...@@ -105,6 +106,7 @@ enum {
PROP_TX_POWER, PROP_TX_POWER,
PROP_MAC_ADDRESS, PROP_MAC_ADDRESS,
PROP_CLONED_MAC_ADDRESS, PROP_CLONED_MAC_ADDRESS,
PROP_MAC_ADDRESS_BLACKLIST,
PROP_MTU, PROP_MTU,
PROP_SEEN_BSSIDS, PROP_SEEN_BSSIDS,
PROP_SEC, PROP_SEC,
...@@ -367,6 +369,14 @@ nm_setting_wireless_get_cloned_mac_address (NMSettingWireless *setting) ...@@ -367,6 +369,14 @@ nm_setting_wireless_get_cloned_mac_address (NMSettingWireless *setting)
return NM_SETTING_WIRELESS_GET_PRIVATE (setting)->cloned_mac_address; return NM_SETTING_WIRELESS_GET_PRIVATE (setting)->cloned_mac_address;
} }
const GSList *
nm_setting_wireless_get_mac_address_blacklist (NMSettingWireless *setting)
{
g_return_val_if_fail (NM_IS_SETTING_WIRELESS (setting), NULL);
return NM_SETTING_WIRELESS_GET_PRIVATE (setting)->mac_address_blacklist;
}
guint32 guint32
nm_setting_wireless_get_mtu (NMSettingWireless *setting) nm_setting_wireless_get_mtu (NMSettingWireless *setting)
{ {
...@@ -524,6 +534,18 @@ verify (NMSetting *setting, GSList *all_settings, GError **error) ...@@ -524,6 +534,18 @@ verify (NMSetting *setting, GSList *all_settings, GError **error)
return FALSE; return FALSE;
} }
for (iter = priv->mac_address_blacklist; iter; iter = iter->next) {
struct ether_addr addr;
if (!ether_aton_r (iter->data, &addr)) {
g_set_error (error,
NM_SETTING_WIRELESS_ERROR,
NM_SETTING_WIRELESS_ERROR_INVALID_PROPERTY,
NM_SETTING_WIRELESS_MAC_ADDRESS_BLACKLIST);
return FALSE;
}
}
for (iter = priv->seen_bssids; iter; iter = iter->next) { for (iter = priv->seen_bssids; iter; iter = iter->next) {
struct ether_addr addr; struct ether_addr addr;
...@@ -571,7 +593,7 @@ finalize (GObject *object) ...@@ -571,7 +593,7 @@ finalize (GObject *object)
g_byte_array_free (priv->device_mac_address, TRUE); g_byte_array_free (priv->device_mac_address, TRUE);
if (priv->cloned_mac_address) if (priv->cloned_mac_address)
g_byte_array_free (priv->cloned_mac_address, TRUE); g_byte_array_free (priv->cloned_mac_address, TRUE);
nm_utils_slist_free (priv->mac_address_blacklist, g_free);
nm_utils_slist_free (priv->seen_bssids, g_free); nm_utils_slist_free (priv->seen_bssids, g_free);
G_OBJECT_CLASS (nm_setting_wireless_parent_class)->finalize (object); G_OBJECT_CLASS (nm_setting_wireless_parent_class)->finalize (object);
...@@ -621,6 +643,10 @@ set_property (GObject *object, guint prop_id, ...@@ -621,6 +643,10 @@ set_property (GObject *object, guint prop_id,
g_byte_array_free (priv->cloned_mac_address, TRUE); g_byte_array_free (priv->cloned_mac_address, TRUE);
priv->cloned_mac_address = g_value_dup_boxed (value); priv->cloned_mac_address = g_value_dup_boxed (value);
break; break;
case PROP_MAC_ADDRESS_BLACKLIST:
nm_utils_slist_free (priv->mac_address_blacklist, g_free);
priv->mac_address_blacklist = g_value_dup_boxed (value);
break;
case PROP_MTU: case PROP_MTU:
priv->mtu = g_value_get_uint (value); priv->mtu = g_value_get_uint (value);
break; break;
...@@ -672,6 +698,9 @@ get_property (GObject *object, guint prop_id, ...@@ -672,6 +698,9 @@ get_property (GObject *object, guint prop_id,
case PROP_CLONED_MAC_ADDRESS: case PROP_CLONED_MAC_ADDRESS:
g_value_set_boxed (value, nm_setting_wireless_get_cloned_mac_address (setting)); g_value_set_boxed (value, nm_setting_wireless_get_cloned_mac_address (setting));
break; break;
case PROP_MAC_ADDRESS_BLACKLIST:
g_value_set_boxed (value, nm_setting_wireless_get_mac_address_blacklist (setting));
break;
case PROP_MTU: case PROP_MTU:
g_value_set_uint (value, nm_setting_wireless_get_mtu (setting)); g_value_set_uint (value, nm_setting_wireless_get_mtu (setting));
break; break;
...@@ -868,6 +897,25 @@ nm_setting_wireless_class_init (NMSettingWirelessClass *setting_class) ...@@ -868,6 +897,25 @@ nm_setting_wireless_class_init (NMSettingWirelessClass *setting_class)
DBUS_TYPE_G_UCHAR_ARRAY, DBUS_TYPE_G_UCHAR_ARRAY,
G_PARAM_READWRITE | NM_SETTING_PARAM_SERIALIZE)); G_PARAM_READWRITE | NM_SETTING_PARAM_SERIALIZE));
/**
* NMSettingWireless:mac-address-blacklist:
*
* If specified, this connection will never apply to the WiFi device
* whose permanent MAC address matches an address in the list. Each
* MAC address is in the standard hex-digits-and-colons notation.
* (00:11:22:33:44:55).
**/
g_object_class_install_property
(object_class, PROP_MAC_ADDRESS_BLACKLIST,
_nm_param_spec_specialized (NM_SETTING_WIRELESS_MAC_ADDRESS_BLACKLIST,
"MAC Address Blacklist",
"If specified, this connection will never apply to "
"the WiFi device whose permanent MAC address matches "
"an address in the list. Each MAC address is in the "
"standard hex-digits-and-colons notation (00:11:22:33:44:55).",
DBUS_TYPE_G_LIST_OF_STRING,
G_PARAM_READWRITE | NM_SETTING_PARAM_SERIALIZE | NM_SETTING_PARAM_FUZZY_IGNORE));
/** /**
* NMSettingWireless:seen-bssids: * NMSettingWireless:seen-bssids:
* *
......
...@@ -19,7 +19,7 @@ ...@@ -19,7 +19,7 @@
* Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, * Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301 USA. * Boston, MA 02110-1301 USA.
* *
* (C) Copyright 2007 - 2010 Red Hat, Inc. * (C) Copyright 2007 - 2011 Red Hat, Inc.
* (C) Copyright 2007 - 2008 Novell, Inc. * (C) Copyright 2007 - 2008 Novell, Inc.
*/ */
...@@ -65,6 +65,7 @@ GQuark nm_setting_wireless_error_quark (void); ...@@ -65,6 +65,7 @@ GQuark nm_setting_wireless_error_quark (void);
#define NM_SETTING_WIRELESS_TX_POWER "tx-power" #define NM_SETTING_WIRELESS_TX_POWER "tx-power"
#define NM_SETTING_WIRELESS_MAC_ADDRESS "mac-address" #define NM_SETTING_WIRELESS_MAC_ADDRESS "mac-address"
#define NM_SETTING_WIRELESS_CLONED_MAC_ADDRESS "cloned-mac-address" #define NM_SETTING_WIRELESS_CLONED_MAC_ADDRESS "cloned-mac-address"
#define NM_SETTING_WIRELESS_MAC_ADDRESS_BLACKLIST "mac-address-blacklist"
#define NM_SETTING_WIRELESS_MTU "mtu" #define NM_SETTING_WIRELESS_MTU "mtu"
#define NM_SETTING_WIRELESS_SEEN_BSSIDS "seen-bssids" #define NM_SETTING_WIRELESS_SEEN_BSSIDS "seen-bssids"
#define NM_SETTING_WIRELESS_SEC "security" #define NM_SETTING_WIRELESS_SEC "security"
...@@ -99,6 +100,7 @@ guint32 nm_setting_wireless_get_rate (NMSettingWireless ...@@ -99,6 +100,7 @@ guint32 nm_setting_wireless_get_rate (NMSettingWireless
guint32 nm_setting_wireless_get_tx_power (NMSettingWireless *setting); guint32 nm_setting_wireless_get_tx_power (NMSettingWireless *setting);
const GByteArray *nm_setting_wireless_get_mac_address (NMSettingWireless *setting); const GByteArray *nm_setting_wireless_get_mac_address (NMSettingWireless *setting);
const GByteArray *nm_setting_wireless_get_cloned_mac_address (NMSettingWireless *setting); const GByteArray *nm_setting_wireless_get_cloned_mac_address (NMSettingWireless *setting);
const GSList *nm_setting_wireless_get_mac_address_blacklist (NMSettingWireless *setting);
guint32 nm_setting_wireless_get_mtu (NMSettingWireless *setting); guint32 nm_setting_wireless_get_mtu (NMSettingWireless *setting);
const char *nm_setting_wireless_get_security (NMSettingWireless *setting); const char *nm_setting_wireless_get_security (NMSettingWireless *setting);
......
...@@ -852,16 +852,17 @@ test_connection_diff_a_only (void) ...@@ -852,16 +852,17 @@ test_connection_diff_a_only (void)
{ NULL, NM_SETTING_DIFF_RESULT_UNKNOWN } { NULL, NM_SETTING_DIFF_RESULT_UNKNOWN }
} }, } },
{ NM_SETTING_WIRED_SETTING_NAME, { { NM_SETTING_WIRED_SETTING_NAME, {
{ NM_SETTING_WIRED_PORT, NM_SETTING_DIFF_RESULT_IN_A }, { NM_SETTING_WIRED_PORT, NM_SETTING_DIFF_RESULT_IN_A },
{ NM_SETTING_WIRED_SPEED, NM_SETTING_DIFF_RESULT_IN_A }, { NM_SETTING_WIRED_SPEED, NM_SETTING_DIFF_RESULT_IN_A },
{ NM_SETTING_WIRED_DUPLEX, NM_SETTING_DIFF_RESULT_IN_A }, { NM_SETTING_WIRED_DUPLEX, NM_SETTING_DIFF_RESULT_IN_A },
{ NM_SETTING_WIRED_AUTO_NEGOTIATE, NM_SETTING_DIFF_RESULT_IN_A }, { NM_SETTING_WIRED_AUTO_NEGOTIATE, NM_SETTING_DIFF_RESULT_IN_A },
{ NM_SETTING_WIRED_MAC_ADDRESS, NM_SETTING_DIFF_RESULT_IN_A }, { NM_SETTING_WIRED_MAC_ADDRESS, NM_SETTING_DIFF_RESULT_IN_A },
{ NM_SETTING_WIRED_CLONED_MAC_ADDRESS, NM_SETTING_DIFF_RESULT_IN_A }, { NM_SETTING_WIRED_CLONED_MAC_ADDRESS, NM_SETTING_DIFF_RESULT_IN_A },
{ NM_SETTING_WIRED_MTU, NM_SETTING_DIFF_RESULT_IN_A }, { NM_SETTING_WIRED_MAC_ADDRESS_BLACKLIST, NM_SETTING_DIFF_RESULT_IN_A },
{ NM_SETTING_WIRED_S390_SUBCHANNELS, NM_SETTING_DIFF_RESULT_IN_A }, { NM_SETTING_WIRED_MTU, NM_SETTING_DIFF_RESULT_IN_A },
{ NM_SETTING_WIRED_S390_NETTYPE, NM_SETTING_DIFF_RESULT_IN_A }, { NM_SETTING_WIRED_S390_SUBCHANNELS, NM_SETTING_DIFF_RESULT_IN_A },
{ NM_SETTING_WIRED_S390_OPTIONS, NM_SETTING_DIFF_RESULT_IN_A }, { NM_SETTING_WIRED_S390_NETTYPE, NM_SETTING_DIFF_RESULT_IN_A },
{ NM_SETTING_WIRED_S390_OPTIONS, NM_SETTING_DIFF_RESULT_IN_A },
{ NULL, NM_SETTING_DIFF_RESULT_UNKNOWN }, { NULL, NM_SETTING_DIFF_RESULT_UNKNOWN },
} }, } },
{ NM_SETTING_IP4_CONFIG_SETTING_NAME, { { NM_SETTING_IP4_CONFIG_SETTING_NAME, {
......
...@@ -34,6 +34,7 @@ ...@@ -34,6 +34,7 @@
#include <unistd.h> #include <unistd.h>
#include <linux/if.h> #include <linux/if.h>
#include <errno.h> #include <errno.h>
#include <netinet/ether.h>
#include <gudev/gudev.h> #include <gudev/gudev.h>
...@@ -881,6 +882,8 @@ real_get_best_auto_connection (NMDevice *dev, ...@@ -881,6 +882,8 @@ real_get_best_auto_connection (NMDevice *dev,
NMSettingWired *s_wired; NMSettingWired *s_wired;
const char *connection_type; const char *connection_type;
gboolean is_pppoe = FALSE; gboolean is_pppoe = FALSE;
const GSList *mac_blacklist, *mac_blacklist_iter;
gboolean mac_blacklist_found = FALSE;
s_con = (NMSettingConnection *) nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION); s_con = (NMSettingConnection *) nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION);
g_assert (s_con); g_assert (s_con);
...@@ -909,6 +912,25 @@ real_get_best_auto_connection (NMDevice *dev, ...@@ -909,6 +912,25 @@ real_get_best_auto_connection (NMDevice *dev,
mac = nm_setting_wired_get_mac_address (s_wired); mac = nm_setting_wired_get_mac_address (s_wired);
if (try_mac && mac && memcmp (mac->data, &priv->perm_hw_addr, ETH_ALEN)) if (try_mac && mac && memcmp (mac->data, &priv->perm_hw_addr, ETH_ALEN))
continue; continue;
/* Check for MAC address blacklist */
mac_blacklist = nm_setting_wired_get_mac_address_blacklist (s_wired);
for (mac_blacklist_iter = mac_blacklist; mac_blacklist_iter;
mac_blacklist_iter = g_slist_next (mac_blacklist_iter)) {
struct ether_addr addr;
if (!ether_aton_r (mac_blacklist_iter->data, &addr)) {
g_warn_if_reached ();
continue;
}
if (memcmp (&addr, &priv->perm_hw_addr, ETH_ALEN) == 0) {
mac_blacklist_found = TRUE;
break;
}
}
/* Found device MAC address in the blacklist - do not use this connection */
if (mac_blacklist_found)
continue;
} }
return connection; return connection;
...@@ -1605,6 +1627,7 @@ real_check_connection_compatible (NMDevice *device, ...@@ -1605,6 +1627,7 @@ real_check_connection_compatible (NMDevice *device,
gboolean is_pppoe = FALSE; gboolean is_pppoe = FALSE;
const GByteArray *mac; const GByteArray *mac;
gboolean try_mac = TRUE; gboolean try_mac = TRUE;
const GSList *mac_blacklist, *mac_blacklist_iter;
s_con = NM_SETTING_CONNECTION (nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION)); s_con = NM_SETTING_CONNECTION (nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION));
g_assert (s_con); g_assert (s_con);
...@@ -1645,6 +1668,25 @@ real_check_connection_compatible (NMDevice *device, ...@@ -1645,6 +1668,25 @@ real_check_connection_compatible (NMDevice *device,
"The connection's MAC address did not match this device."); "The connection's MAC address did not match this device.");
return FALSE; return FALSE;
} }
/* Check for MAC address blacklist */
mac_blacklist = nm_setting_wired_get_mac_address_blacklist (s_wired);
for (mac_blacklist_iter = mac_blacklist; mac_blacklist_iter;
mac_blacklist_iter = g_slist_next (mac_blacklist_iter)) {
struct ether_addr addr;
if (!ether_aton_r (mac_blacklist_iter->data, &addr)) {
g_warn_if_reached ();
continue;
}
if (memcmp (&addr, &priv->perm_hw_addr, ETH_ALEN) == 0) {
g_set_error (error,
NM_ETHERNET_ERROR, NM_ETHERNET_ERROR_CONNECTION_INCOMPATIBLE,
"The connection's MAC address (%s) is blacklisted in %s.",
(char *) mac_blacklist_iter->data, NM_SETTING_WIRED_MAC_ADDRESS_BLACKLIST);
return FALSE;
}
}
} }
// FIXME: check bitrate against device capabilities // FIXME: check bitrate against device capabilities
......
...@@ -33,6 +33,7 @@ ...@@ -33,6 +33,7 @@
#include <linux/sockios.h> #include <linux/sockios.h>
#include <linux/ethtool.h> #include <linux/ethtool.h>
#include <sys/ioctl.h> #include <sys/ioctl.h>
#include <netinet/ether.h>
#include "nm-glib-compat.h" #include "nm-glib-compat.h"
#include "nm-device.h" #include "nm-device.h"
...@@ -1314,6 +1315,7 @@ real_check_connection_compatible (NMDevice *device, ...@@ -1314,6 +1315,7 @@ real_check_connection_compatible (NMDevice *device,
NMSettingConnection *s_con; NMSettingConnection *s_con;
NMSettingWireless *s_wireless; NMSettingWireless *s_wireless;
const GByteArray *mac; const GByteArray *mac;
const GSList *mac_blacklist, *mac_blacklist_iter;
s_con = NM_SETTING_CONNECTION (nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION)); s_con = NM_SETTING_CONNECTION (nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION));
g_assert (s_con); g_assert (s_con);
...@@ -1341,6 +1343,25 @@ real_check_connection_compatible (NMDevice *device, ...@@ -1341,6 +1343,25 @@ real_check_connection_compatible (NMDevice *device,
return FALSE; return FALSE;
} }
/* Check for MAC address blacklist */
mac_blacklist = nm_setting_wireless_get_mac_address_blacklist (s_wireless);
for (mac_blacklist_iter = mac_blacklist; mac_blacklist_iter;
mac_blacklist_iter = g_slist_next (mac_blacklist_iter)) {
struct ether_addr addr;
if (!ether_aton_r (mac_blacklist_iter->data, &addr)) {
g_warn_if_reached ();
continue;
}
if (memcmp (&addr, &priv->perm_hw_addr, ETH_ALEN) == 0) {
g_set_error (error,
NM_WIFI_ERROR, NM_WIFI_ERROR_CONNECTION_INCOMPATIBLE,
"The connection's MAC address (%s) is blacklisted in %s.",
(char *) mac_blacklist_iter->data, NM_SETTING_WIRELESS_MAC_ADDRESS_BLACKLIST);
return FALSE;
}
}
// FIXME: check channel/freq/band against bands the hardware supports // FIXME: check channel/freq/band against bands the hardware supports
// FIXME: check encryption against device capabilities // FIXME: check encryption against device capabilities
// FIXME: check bitrate against device capabilities // FIXME: check bitrate against device capabilities
...@@ -1585,6 +1606,8 @@ real_get_best_auto_connection (NMDevice *dev, ...@@ -1585,6 +1606,8 @@ real_get_best_auto_connection (NMDevice *dev,
NMSettingConnection *s_con; NMSettingConnection *s_con;
NMSettingWireless *s_wireless; NMSettingWireless *s_wireless;
const GByteArray *mac; const GByteArray *mac;
const GSList *mac_blacklist, *mac_blacklist_iter;
gboolean mac_blacklist_found = FALSE;
NMSettingIP4Config *s_ip4; NMSettingIP4Config *s_ip4;
const char *method = NULL; const char *method = NULL;
...@@ -1602,7 +1625,26 @@ real_get_best_auto_connection (NMDevice *dev, ...@@ -1602,7 +1625,26 @@ real_get_best_auto_connection (NMDevice *dev,
mac = nm_setting_wireless_get_mac_address (s_wireless); mac = nm_setting_wireless_get_mac_address (s_wireless);
if (mac && memcmp (mac->data, &priv->perm_hw_addr, ETH_ALEN)) if (mac && memcmp (mac->data, &priv->perm_hw_addr, ETH_ALEN))
continue;
/* Check for MAC address blacklist */
mac_blacklist = nm_setting_wireless_get_mac_address_blacklist (s_wireless);
for (mac_blacklist_iter = mac_blacklist; mac_blacklist_iter;
mac_blacklist_iter = g_slist_next (mac_blacklist_iter)) {
struct ether_addr addr;
if (!ether_aton_r (mac_blacklist_iter->data, &addr)) {
g_warn_if_reached ();
continue; continue;
}
if (memcmp (&addr, &priv->perm_hw_addr, ETH_ALEN) == 0) {
mac_blacklist_found = TRUE;
break;
}
}
/* Found device MAC address in the blacklist - do not use this connection */
if (mac_blacklist_found)
continue;
/* Use the connection if it's a shared connection */ /* Use the connection if it's a shared connection */
s_ip4 = (NMSettingIP4Config *) nm_connection_get_setting (connection, NM_TYPE_SETTING_IP4_CONFIG); s_ip4 = (NMSettingIP4Config *) nm_connection_get_setting (connection, NM_TYPE_SETTING_IP4_CONFIG);
......
...@@ -2017,7 +2017,9 @@ pending_activate (NMManager *self, PendingActivation *pending) ...@@ -2017,7 +2017,9 @@ pending_activate (NMManager *self, PendingActivation *pending)
if (!path) { if (!path) {
nm_log_warn (LOGD_CORE, "connection %s failed to activate: (%d) %s", nm_log_warn (LOGD_CORE, "connection %s failed to activate: (%d) %s",
pending->connection_path, error->code, error->message); pending->connection_path,
error ? error->code : -1,
error && error->message ? error->message : "(unknown)");
} else } else
g_object_notify (G_OBJECT (pending->manager), NM_MANAGER_ACTIVE_CONNECTIONS); g_object_notify (G_OBJECT (pending->manager), NM_MANAGER_ACTIVE_CONNECTIONS);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment