1. 26 Aug, 2010 2 commits
    • Dan Williams's avatar
      core: consolidate all permissions checking into main D-Bus interface · 3945f75b
      Dan Williams authored
      Moves the system settings permissions checking into the core service's
      permissions checking, which at the same time enables 3-way permission
      reporting (yes, no, auth) instead of the old yes/no that we had for
      system settings permissions before.  This allows UI to show a lock
      icon or such when the user could authenticate to gain the permission.
      
      It also moves the wifi-create permissions' namespace to the main
      namespace (not .settings) since they really should be checked before
      starting a shared wifi connection, rather than having anything to do
      with the settings service.
      3945f75b
    • Dan Williams's avatar
      022d8e66
  2. 25 Aug, 2010 1 commit
    • Dan Williams's avatar
      core: validate Enable/Disable WiFi and WWAN requests (rh #626337) · f917852d
      Dan Williams authored
      Since these were properties they are harder to validate the caller as
      dbus-glib doesn't have any hooks before the property is set.  So we
      install a low-level dbus filter function to catch property Set
      requests before they get to dbus-glib and handle the property access
      there.
      f917852d
  3. 24 Aug, 2010 5 commits
  4. 18 Aug, 2010 2 commits
  5. 17 Aug, 2010 4 commits
  6. 15 Aug, 2010 1 commit
  7. 14 Aug, 2010 1 commit
  8. 13 Aug, 2010 6 commits
    • Dan Williams's avatar
      core: fix builds with polkit >= 0.97 · f0e8055c
      Dan Williams authored
      polkit_authority_get() is deprecated, should use
      polkit_authority_get_sync() instead.
      f0e8055c
    • Zephaniah E. Loss-Cutler-Hull's avatar
      d5468c85
    • Dan Williams's avatar
      ifupdown: make testcase parsing quiet · ba355b6a
      Dan Williams authored
      Removes messages about invalid ENI formatting when running the
      testcases.
      ba355b6a
    • Peter Marschall's avatar
      ifupdown: make parser for /etc/network/interfaces more robust · a5b77939
      Peter Marschall authored
      The previous implementation of the parser for /etc/network/interfaces had
      quite a few drawbacks:
      - it expected the lines to be terminated with "\n", even the last line
      - it ignored line wraps with "\\" followed by "\n"
      - it expected over-long lines to be shorter than 510 characters
      - it ignored line wraps on over-long lines
      - it treated spaces and tabs differently
      - it did not make sure to really tokenize on word boundaries
      - it treated the equivalent stanzas "auto" and "allow-auto" differently
      - it ignored the fact that the "allow-*" stanzas can take multiple arguments
        that need to be separated to be recognized NetworkManager's processing later
      - it allowed "non-block" stanzas to appear before a block
      
      This patch is a rewrite of the parser to fix the issues mentioned:
      - it accepts the last line even if it is not terminated by "\n"
      - it skips over-long lines, emits a warning and even takes into account
        that over-long lines may be wrapped to next lines
      - it un-wraps wrapped lines
      - it uses spaces and tabs equivalently to tokenize the input
      - it treats "allow-auto" as a synonym to "auto"
      - it splits multi-argument "auto"/"allow-*" into multiple
        single-argument stanzas of the same type
      - it warns on data stanzas before the first block stanza
      a5b77939
    • Dan Williams's avatar
      ifupdown: add ifparser testcases · 4397f446
      Dan Williams authored
      ENI snippets from Peter Marschall <peter@adpm.de>
      4397f446
    • Daniel Gnoutcheff's avatar
      b0fb908e
  9. 12 Aug, 2010 4 commits
  10. 11 Aug, 2010 5 commits
    • Dan Williams's avatar
      core: fix unmanaging of devices when quitting · 37c578a2
      Dan Williams authored
      When NM quits, we don't want to unmanage a device that has
      an active connection and can take that connection over again when
      NM starts back up.  This makes '/etc/init.d/NetworkManager restart'
      work seamlessly.  All other devices get unmanaged so their
      connection (and any dependent VPN connections or wpa_supplicant
      processes) get terminated.  This bug caused active VPN connections
      over wifi to be left running even when they didn't have IP
      connectivity.
      
      There were two bugs:
      
      1) the NMDevice class implemented connection_match_config() for
      all device subclasses, but only Ethernet devices can assume
      connections at startup.  Thus the quit-time check passed for
      active wifi devices too, and they weren't properly cleaned up
      
      2) The logic for figuring out which devices to clean up after when
      quitting was somewhat flawed; we want to default to unmanaging
      devices and then skip that step for ones that meet specific
      criteria.  Instead the code defaulted to leaving all devices active
      at shutdown.
      37c578a2
    • Dan Williams's avatar
      core: work around dbus-glib property access bug (CVE-2010-1172) (rh #585394) · 92babdb6
      Dan Williams authored
      More info:
      https://bugzilla.redhat.com/show_bug.cgi?id=585394
      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1172
      
      dbus-glib was not properly enforcing the 'access' permissions on
      object properties exported using its API.  There were 2 specific bugs:
      
      1) dbus-glib did not enforce the introspection read/write property
      permissions, so if the GObject property definition allowed write
      access (which is sometimes desirable), D-Bus clients could modify
      that value even if the introspection said it was read-only
      
      2) dbus-glib was not filtering out GObject properties that were
      not listed in the introspection XML.  Thus, if the GObject defined
      more properties than were listed in the introspection XML (which is
      also often useful, and NM uses this quite a bit) those properties
      would also be exposed to D-Bus clients.
      
      To fix this completely, you need to:
      
      1) get dbus-glib master when the patch is commited, OR grab the
      patch from https://bugzilla.redhat.com/show_bug.cgi?id=585394 and
      build a new dbus-glib
      
      2) rebuild NetworkManager against the new dbus-glib
      92babdb6
    • Dan Williams's avatar
      core: ensure dhcp_manager exists before trying to unref it (bgo #626610) · 96a9ce41
      Dan Williams authored
      If a new device wasn't supported, it gets destroyed by the
      NMDevice constructor() method.  But in the constructor paths
      the DHCP manager isn't created yet, and so we attempt to unref
      a non-existent DHCP manager.  Usually just a harmless warning,
      but apparently a crash sometimes.
      96a9ce41
    • Aron Xu's avatar
      a4e6519d
    • Dan Williams's avatar
      ip6: handle DHCPv6 initial routing better · 17f630d4
      Dan Williams authored
      DHCPv6 doesn't really use broadcast; instead clients use reserved
      multicast addresses to talk to the server.  ff02::1:2 (link scope)
      and ff05::1:3 (site scope) are used.  This means the routing table
      has to have a route that can handle outgoing traffic to these
      addresses, which is ff00::/8.  The kernel sometimes adds one for us,
      so we need to (a) make sure we don't tear that route down, and
      (b) that if it's not there before we start DHCPv6, that we add it.
      
      Otherwise dhclient complains about not being able to send outgoing
      traffic from it's send_packet6() function with "no route to host".
      It will then use an expired lease, which causes NM to assign that
      leases IP address to the interface, whcih causes the kernel to
      assign the required ff00::/8 route, and then dhclient performs a
      renew (since the expired lease has expired of course) and then
      everything works out in the end.  But the latency sucks.
      
      So make DHCPv6 faster by ensuring that dhclient has the routes
      it needs before we start the DHCP session.
      17f630d4
  11. 10 Aug, 2010 9 commits