1. 09 Dec, 2018 2 commits
    • Thomas Haller's avatar
      core: improve and fix keeping connection active based on "connection.permissions" · b635b4d4
      Thomas Haller authored
      By setting "connection.permissions", a profile is restricted to a
      particular user.
      That means for example, that another user cannot see, modify, delete,
      activate or deactivate the profile. It also means, that the profile
      will only autoconnect when the user is logged in (has a session).
      
      Note that root is always able to activate the profile. Likewise, the
      user is also allowed to manually activate the own profile, even if no
      session currently exists (which can easily happen with `sudo`).
      
      When the user logs out (the session goes away), we want do disconnect
      the profile, however there are conflicting goals here:
      
      1) if the profile was activate by root user, then logging out the user
         should not disconnect the profile. The patch fixes that by not
         binding the activation to the connection, if the activation is done
         by the root user.
      
      2) if the profile was activated by the owner when it had no session,
         then it should stay alive until the user logs in (once) and logs
         out again. This is already handled by the previous commit.
      
         Yes, this point is odd. If you first do
      
            $ sudo -u $OTHER_USER nmcli connection up $PROFILE
      
         the profile activates despite not having a session. If you then
      
            $ ssh guest@localhost nmcli device
      
         you'll still see the profile active. However, the moment the SSH session
         ends, a session closes and the profile disconnects. It's unclear, how to
         solve that any better. I think, a user who cares about this, should not
         activate the profile without having a session in the first place.
      
      There are quite some special cases, in particular with internal
      activations. In those cases we need to decide whether to bind the
      activation to the profile's visibility.
      
      Also, expose the "bind" setting in the D-Bus API. Note, that in the future
      this flag may be modified via D-Bus API. Like we may also add related API
      that allows to tweak the lifetime of the activation.
      
      Also, I think we broke handling of connection visiblity with 37e8c53e
      "core: Introduce helper class to track connection keep alive". This
      should be fixed now too, with improved behavior.
      
      Fixes: 37e8c53e
      
      https://bugzilla.redhat.com/show_bug.cgi?id=1530977
      b635b4d4
    • Thomas Haller's avatar
      keep-alive: use NMKeepAlive API directly instead of via NMActiveConnection · f95a5263
      Thomas Haller authored
      NMKeepAlive is a proper GObject type, with a specific API that on the one
      end allows to configure watches/bindings, and on the other end exposes
      and is-alive property and the owner instance. That's great, as NMActiveConnection
      is not concerned with either end (moving complexity away from
      "nm-active-connection.c") and as we later can reuse NMKeepAlive with
      NMSettingsConnection.
      
      However, we don't need to wrap this API by NMActiveConnection. Doing so
      means, we need to expose all the watch/bind functions also as part of
      NMActiveConnection API.
      
      The only ugliness here is, that NMPolicy subscribes to property changed
      signal of the keep alive instance, which would fail horribly if
      NMActiveConnection ever decides to swap the keep alive instance (in
      which case NMPolicy would have to disconnect the signal, and possibly
      reconnect it to another NMKeepAlive instance). We avoid that by just not
      doing that and documenting it.
      f95a5263
  2. 17 Nov, 2018 2 commits
    • Benjamin Berg's avatar
      core: Add option to AddAndActivateConnection2 to bind the lifetime · eb883e34
      Benjamin Berg authored
      This allows binding the lifetime of the created connection to the
      existance of the requesting dbus client. This feature is useful if one
      has a service specific connection (e.g. P2P wireless) which will not be
      useful without the specific service.
      
      This is simply a mechanism to ensure proper connection cleanup if the
      requesting service has a failure.
      eb883e34
    • Benjamin Berg's avatar
      core: Introduce helper class to track connection keep alive · 37e8c53e
      Benjamin Berg authored
      For P2P connections it makes sense to bind the connection to the status
      of the operation that is being done. One example is that a wifi display
      (miracast) P2P connection should be shut down when streaming fails for
      some reason.
      
      This new helper class allows binding a connection to the presence of a
      DBus path meaning that it will be torn down if the process disappears.
      37e8c53e
  3. 24 Apr, 2018 1 commit
    • Thomas Haller's avatar
      core: rework passing user-data to nm_active_connection_authorize() · 9abe3dc1
      Thomas Haller authored
      Previously, nm_active_connection_authorize() accepts two user-data
      pointers for convenience.
      
      nm_active_connection_authorize() has three callers. One only requires
      one user-data, one passes two user-data pointers, and one requires
      three pointer.
      
      Also, the way how the third passes the user data (via
      g_object_set_qdata_full()) is not great.
      
      Let's only use one user-data pointer. We commonly do that, and it's easy
      enough to allocate a buffer to pack multiple pointers together.
      9abe3dc1
  4. 18 Apr, 2018 1 commit
  5. 08 Apr, 2018 1 commit
  6. 12 Mar, 2018 1 commit
    • Thomas Haller's avatar
      core/dbus: rework D-Bus implementation to use lower layer GDBusConnection API · 297d4985
      Thomas Haller authored
      Previously, we used the generated GDBusInterfaceSkeleton types and glued
      them via the NMExportedObject base class to our NM types. We also used
      GDBusObjectManagerServer.
      
      Don't do that anymore. The resulting code was more complicated despite (or
      because?) using generated classes. It was hard to understand, complex, had
      ordering-issues, and had a runtime and memory overhead.
      
      This patch refactors this entirely and uses the lower layer API GDBusConnection
      directly. It replaces the generated code, GDBusInterfaceSkeleton, and
      GDBusObjectManagerServer. All this is now done by NMDbusObject and NMDBusManager
      and static descriptor instances of type GDBusInterfaceInfo.
      
      This adds a net plus of more then 1300 lines of hand written code. I claim
      that this implementation is easier to understand. Note that previously we
      also required extensive and complex glue code to bind our objects to the
      generated skeleton objects. Instead, now glue our objects directly to
      GDBusConnection. The result is more immediate and gets rid of layers of
      code in between.
      Now that the D-Bus glue us more under our control, we can address issus and
      bottlenecks better, instead of adding code to bend the generated skeletons
      to our needs.
      
      Note that the current implementation now only supports one D-Bus connection.
      That was effectively the case already, although there were places (and still are)
      where the code pretends it could also support connections from a private socket.
      We dropped private socket support mainly because it was unused, untested and
      buggy, but also because GDBusObjectManagerServer could not export the same
      objects on multiple connections. Now, it would be rather straight forward to
      fix that and re-introduce ObjectManager on each private connection. But this
      commit doesn't do that yet, and the new code intentionally supports only one
      D-Bus connection.
      Also, the D-Bus startup was simplified. There is no retry, either nm_dbus_manager_start()
      succeeds, or it detects the initrd case. In the initrd case, bus manager never tries to
      connect to D-Bus. Since the initrd scenario is not yet used/tested, this is good enough
      for the moment. It could be easily extended later, for example with polling whether the
      system bus appears (like was done previously). Also, restart of D-Bus daemon isn't
      supported either -- just like before.
      
      Note how NMDBusManager now implements the ObjectManager D-Bus interface
      directly.
      
      Also, this fixes race issues in the server, by no longer delaying
      PropertiesChanged signals. NMExportedObject would collect changed
      properties and send the signal out in idle_emit_properties_changed()
      on idle. This messes up the ordering of change events w.r.t. other
      signals and events on the bus. Note that not only NMExportedObject
      messed up the ordering. Also the generated code would hook into
      notify() and process change events in and idle handle, exhibiting the
      same ordering issue too.
      No longer do that. PropertiesChanged signals will be sent right away
      by hooking into dispatch_properties_changed(). This means, changing
      a property in quick succession will no longer be combined and is
      guaranteed to emit signals for each individual state. Quite possibly
      we emit now more PropertiesChanged signals then before.
      However, we are now able to group a set of changes by using standard
      g_object_freeze_notify()/g_object_thaw_notify(). We probably should
      make more use of that.
      
      Also, now that our signals are all handled in the right order, we
      might find places where we still emit them in the wrong order. But that
      is then due to the order in which our GObjects emit signals, not due
      to an ill behavior of the D-Bus glue. Possibly we need to identify
      such ordering issues and fix them.
      
      Numbers (for contrib/rpm --without debug on x86_64):
      
      - the patch changes the code size of NetworkManager by
        - 2809360 bytes
        + 2537528 bytes (-9.7%)
      
      - Runtime measurements are harder because there is a large variance
        during testing. In other words, the numbers are not reproducible.
        Currently, the implementation performs no caching of GVariants at all,
        but it would be rather simple to add it, if that turns out to be
        useful.
        Anyway, without strong claim, it seems that the new form tends to
        perform slightly better. That would be no surprise.
      
        $ time (for i in {1..1000}; do nmcli >/dev/null || break; echo -n .;  done)
        - real    1m39.355s
        + real    1m37.432s
      
        $ time (for i in {1..2000}; do busctl call org.freedesktop.NetworkManager /org/freedesktop org.freedesktop.DBus.ObjectManager GetManagedObjects > /dev/null || break; echo -n .; done)
        - real    0m26.843s
        + real    0m25.281s
      
      - Regarding RSS size, just looking at the processes in similar
        conditions, doesn't give a large difference. On my system they
        consume about 19MB RSS. It seems that the new version has a
        slightly smaller RSS size.
        - 19356 RSS
        + 18660 RSS
      297d4985
  7. 07 Feb, 2018 1 commit
  8. 27 Nov, 2017 2 commits
  9. 05 Oct, 2017 1 commit
  10. 17 Mar, 2017 1 commit
  11. 16 Mar, 2017 4 commits
    • Thomas Haller's avatar
      device: track system interface state in NMDevice · 850c9779
      Thomas Haller authored
      When deciding whether to touch a device we sometimes look at whether
      the active connection is external/assumed. In many cases however,
      there is no active connection around (e.g. while moving the device
      from state unmanaged to disconnected before assuming).
      So in most cases we instead look at the device-state-reason to decide
      whether to touch the interface (see nm_device_state_reason_check()).
      
      Often it's desirable to have no state and passing data as function
      arguments. However, the state reason has to be passed along several hops
      (e.g. a queued state change). Or a change to a master/slave can affect
      the slave/master, where we pass on the state reason. Or an intermediate
      event might invalidate a previous state reason. Passing the state
      whether to touch a device or not as a state-reason is cumbersome
      and limited.
      
      Instead, the device should be aware of whats going on. Add a
      sys-iface-state with:
        - SYS_IFACE_STATE_EXTERNAL: meaning, NM should not touch it
        - SYS_IFACE_STATE_ASSUME: meaning, NM is gracefully taking over
        - SYS_IFACE_STATE_MANAGED: meaning, the device is managed by NM
        - SYS_IFACE_STATE_REMOVED: the device no longer exists
      
      This replaces most checks of nm_device_state_reason_check() and
      nm_active_connection_get_activation_type() by instead looking at
      the sys-iface-state of the device.
      
      This patch probably has still issues, but the previous behavior was
      not very clear either. We will need to identify those issues in future
      tests and tweak the behavior. At least, now there is one flag that
      describes how to behave.
      850c9779
    • Thomas Haller's avatar
      core/trivial: rename activation-type related checks for device and active-connection · fa015f2a
      Thomas Haller authored
      nm_device_uses_assumed_connection() basically called
      nm_active_connection_get_assumed() on the device.
      
      Rename those functions to be closer to the activation-type
      flags.
      
      The concepts of "assume", "external", and "assume_or_external"
      will make sense with the following commits.
      fa015f2a
    • Thomas Haller's avatar
    • Thomas Haller's avatar
      core: add activation-type property to active-connection · 8a31e66d
      Thomas Haller authored
      It is still unused, but will be useful to mark a connection
      whether it is a full activation or assumed.
      8a31e66d
  12. 03 Oct, 2016 1 commit
  13. 26 Sep, 2016 1 commit
  14. 26 Mar, 2016 1 commit
  15. 16 Feb, 2016 1 commit
    • Thomas Haller's avatar
      core: add version-id to NMActiveConnection · b96a40c2
      Thomas Haller authored
      This field will be later used by NMDevice's Reapply and
      GetAppliedConnection methods. The usecase is to first fetch
      the currently applied connection, adjust it and reapply it.
      Using the version-id, a concurrent modification can be detected
      and Reapply can reject the invocation.
      b96a40c2
  16. 18 Sep, 2015 1 commit
    • Lubomir Rintel's avatar
      core: separate active and applied connection · 06da3532
      Lubomir Rintel authored
      Clone the connection upon activation. This makes it safe for the user
      to modify the original connection while it is activated.
      
      This involves several changes:
      
      - NMActiveConnection gets @settings_connection and @applied_connection.
        To support add-and-activate, we constructing a NMActiveConnection with
        no connection set. Previously, we would set the "connection" field to
        a temporary NMConnection. Now NMManager piggybacks this temporary
        connection as object-data (TAG_ACTIVE_CONNETION_ADD_AND_ACTIVATE).
      
      - get rid of the functions nm_active_connection_get_connection_type()
        and nm_active_connection_get_connection_uuid(). From their names
        it is unclear whether this returns the settings or applied connection.
        The (few) callers should figure that out themselves.
      
      - rename nm_active_connection_get_id() to
        nm_active_connection_get_settings_connection_id(). This function
        is only used internally for logging.
      
      - dispatcher calls now get two connections as well. The
        applied-connection is used for the connection data, while
        the settings-connection is used for the connection path.
      
      - needs special handling for properties that apply immediately
        when changed (nm_device_reapply_settings_immediately()).
      Co-Authored-By: Thomas Haller's avatarThomas Haller <thaller@redhat.com>
      
      https://bugzilla.gnome.org/show_bug.cgi?id=724041
      06da3532
  17. 24 Jul, 2015 3 commits
    • Dan Winship's avatar
      core: move D-Bus export/unexport into NMExportedObject · c1dd3b6e
      Dan Winship authored
      Move D-Bus export/unexport handling into NMExportedObject and remove
      type-specific export/get_path methods (export paths are now specified
      at the class level, and NMExportedObject handles the counters for all
      exported types automatically).
      
      Since all exportable objects now use the same get_path() method, we
      can also add some helper methods to simplify get_property()
      implementations for object-path and object-path-array properties.
      c1dd3b6e
    • Dan Winship's avatar
      core: add an NMExportedObject base class · 6fcc1dee
      Dan Winship authored
      Add NMExportedObject, make it the base class of all D-Bus-exported
      types, and move the nm-properties-changed-signal logic into it. (Also,
      make NMSettings use the same properties-changed code as everything
      else, which it was not previously doing, presumably for historical
      reasons).
      
      (This is mostly just shuffling code around at this point, but
      NMExportedObject will be more important in the gdbus port, since
      gdbus-codegen doesn't do a very good job of supporting objects that
      export multiple interfaces [as each NMDevice subclass does, for
      example], so we will need more glue/helper code in NMExportedObject
      then.)
      6fcc1dee
    • Dan Winship's avatar
      all: rename nm-glib-compat.h to nm-glib.h, use everywhere · 3452ee2a
      Dan Winship authored
      Rather than randomly including one or more of <glib.h>,
      <glib-object.h>, and <gio/gio.h> everywhere (and forgetting to include
      "nm-glib-compat.h" most of the time), rename nm-glib-compat.h to
      nm-glib.h, include <gio/gio.h> from there, and then change all .c
      files in NM to include "nm-glib.h" rather than including the glib
      headers directly.
      
      (Public headers files still have to include the real glib headers,
      since nm-glib.h isn't installed...)
      
      Also, remove glib includes from header files that are already
      including a base object header file (which must itself already include
      the glib headers).
      3452ee2a
  18. 09 Jun, 2015 1 commit
  19. 07 Nov, 2014 1 commit
  20. 16 Aug, 2014 1 commit
    • Dan Winship's avatar
      all: fix up multiple-include-guard defines · c81fb49a
      Dan Winship authored
      Previously, src/nm-ip4-config.h, libnm/nm-ip4-config.h, and
      libnm-glib/nm-ip4-config.h all used "NM_IP4_CONFIG_H" as an include
      guard, which meant that nm-test-utils.h could not tell which of them
      was being included (and so, eg, if you tried to include
      nm-ip4-config.h in a libnm test, it would fail to compile because
      nm-test-utils.h was referring to symbols in src/nm-ip4-config.h).
      
      Fix this by changing the include guards in the non-API-stable parts of
      the tree:
      
        - libnm-glib/nm-ip4-config.h remains   NM_IP4_CONFIG_H
        - libnm/nm-ip4-config.h now uses     __NM_IP4_CONFIG_H__
        - src/nm-ip4-config.h now uses       __NETWORKMANAGER_IP4_CONFIG_H__
      
      And likewise for all other headers.
      
      The two non-"nm"-prefixed headers, libnm/NetworkManager.h and
      src/NetworkManagerUtils.h are now __NETWORKMANAGER_H__ and
      __NETWORKMANAGER_UTILS_H__ respectively, which, while not entirely
      consistent with the general scheme, do still mostly make sense in
      isolation.
      c81fb49a
  21. 23 Jul, 2014 1 commit
    • Dan Winship's avatar
      core: fill in nm-types.h, clean out other headers · b28f6526
      Dan Winship authored
      Clean up some of the cross-includes between headers (which made it so
      that, eg, if you included NetworkManagerUtils.h in a test program, you
      would need to build the test with -I$(top_srcdir)/src/platform, and if
      you included nm-device.h you'd need $(POLKIT_CFLAGS)) by moving all
      GObject struct definitions for src/ and src/settings/ into nm-types.h
      (which already existed to solve the NMDevice/NMActRequest circular
      references).
      
      Update various .c files to explicitly include the headers they used to
      get implicitly, and remove some now-unnecessary -I options from
      Makefiles.
      b28f6526
  22. 05 Mar, 2014 2 commits
  23. 19 Dec, 2013 1 commit
  24. 03 Dec, 2013 1 commit
    • Dan Winship's avatar
      settings: port NMAgentManager, etc, to use NMAuthSubject · f3c2851c
      Dan Winship authored
      Rather than explicitly passing around a UID and a flag saying whether
      or not it's relevant.
      
      (This also fixes a bug where the wrong UID was being recorded in
      nm-settings-connection.c::auth_start(), which caused problems such as
      agent-owned secrets not getting saved because of a perceived UID
      mismatch.)
      f3c2851c
  25. 08 Nov, 2013 1 commit
  26. 31 Oct, 2013 6 commits