1. 28 May, 2019 1 commit
  2. 11 Mar, 2019 1 commit
  3. 07 Mar, 2019 1 commit
  4. 22 Feb, 2019 1 commit
    • Thomas Haller's avatar
      all: move nm_utils_hexstr2bin*() to shared · 53b747ff
      Thomas Haller authored
      libnm exposes simplified variants of hexstr2bin in its public API. I
      think that was a mistake, because libnm should provide NetworkManager
      specific utils. It should not provide such string functions.
      
      However, nmcli used to need this, so it was added to libnm.
      
      The better approach is to add it to our internally shared static
      library, so that all interested components can make use of it.
      53b747ff
  5. 21 Feb, 2019 1 commit
  6. 12 Feb, 2019 3 commits
  7. 05 Feb, 2019 1 commit
  8. 19 Dec, 2018 1 commit
    • Thomas Haller's avatar
      all: don't use static buffer for nm_utils_inet*_ntop() · a51c09dc
      Thomas Haller authored
      While nm_utils_inet*_ntop() accepts a %NULL buffer to fallback
      to a static buffer, don't do that.
      
      I find the possibility of using a static buffer here error prone
      and something that should be avoided. There is of course the downside,
      that in some cases it requires an additional line of code to allocate
      the buffer on the stack as auto-variable.
      a51c09dc
  9. 13 Dec, 2018 1 commit
  10. 12 Dec, 2018 2 commits
    • Beniamino Galvani's avatar
      ifcfg-rh: fix persisting sriov setting · d48f389c
      Beniamino Galvani authored
      The writer should write all properties of the sriov setting when the
      setting exists without additional logic. Likewise, the reader should
      instantiate a sriov setting when any sriov key is present and blindly
      set properties from keys.
      
      The old code did not always preserve the presence of a sriov setting
      after a write/read cycle.
      
      Fixes: c02d1c48
      d48f389c
    • Beniamino Galvani's avatar
      cli: strictly validate SR-IOV attributes · 769e0726
      Beniamino Galvani authored
      Report an error when the user tries to add an unknown attribute
      instead of silently accepting (and ignoring) it.
      
      Note that this commit also changes the behavior of public API
      nm_utils_sriov_vf_from_str() to return an error when an unknown
      attribute is found. I think the previous behavior was buggy as wrong
      attributes were simply ignored without any way for the user to know.
      
      Fixes: a9b4532f
      769e0726
  11. 29 Nov, 2018 1 commit
    • Lubomir Rintel's avatar
      all: say Wi-Fi instead of "wifi" or "WiFi" · b385ad01
      Lubomir Rintel authored
      Correct the spelling across the *entire* tree, including translations,
      comments, etc. It's easier that way.
      
      Even the places where it's not exposed to the user, such as tests, so
      that we learn how is it spelled correctly.
      b385ad01
  12. 30 Sep, 2018 2 commits
  13. 17 Sep, 2018 1 commit
  14. 15 Sep, 2018 1 commit
  15. 06 Sep, 2018 1 commit
  16. 04 Sep, 2018 3 commits
    • Thomas Haller's avatar
      ifcfg-rh: don't use 802-1x certifcate setter functions · e3ac45c0
      Thomas Haller authored
      The certificate setter function like nm_setting_802_1x_set_ca_cert()
      actually load the file from disk, and validate whether it is a valid
      certificate. That is very wrong to do.
      
      For one, the certificates are external files, which are not embedded
      into the NMConnection. That means, strongly validating the files while
      loading the ifcfg files, is wrong because:
       - if validation fails, loading the file fails in its entirety with
         a warning in the log. That is not helpful to the user, who now
         can no longer use nmcli to fix the path of the certificate (because
         the profile failed to load in the first place).
       - even if the certificate is valid at load-time, there is no guarantee
         that it is valid later on, when we actually try to use the file. What
         good does such a validation do? nm_setting_802_1x_set_ca_cert() might
         make sense during nmcli_connection_modify(). At the moment when we
         create or update the profile, we do want to validate the input and
         be helpful to the user. Validating the file later on, when reloading
         the profile from disk seems undesirable.
       - note how keyfile also does not perform such validations (for good
         reasons, I presume).
      
      Also, there is so much wrong with how ifcfg reader handles EAP files.
      There is a lot of duplication, and trying to be too smart. I find it
      wrong how the "eap_readers" are nested. E.g. both eap_peap_reader() and
      "tls" method call to eap_tls_reader(), making it look like that
      NMSetting8021x can handle multiple EAP profiles separately. But it cannot. The
      802-1x profile is a flat set of properties like ca-cert and others. All
      EAP methods share these properties, so having this complex parsing
      is not only complicated, but also wrong. The reader should simply parse
      the shell variables, and let NMSetting8021x::verify() handle validation
      of the settings. Anyway, the patch does not address that.
      
      Also, the setting of the likes of NM_SETTING_802_1X_CLIENT_CERT_PASSWORD was
      awkwardly only done when
           privkey_format != NM_SETTING_802_1X_CK_FORMAT_PKCS12
        && scheme == NM_SETTING_802_1X_CK_SCHEME_PKCS11
      It is too smart. Just read it from file, if it contains invalid data, let
      verify() reject it. That is only partly addressed.
      
      Also note, how writer never actually writes the likes of
      IEEE_8021X_CLIENT_CERT_PASSWORD. That is another bug and not fixed
      either.
      e3ac45c0
    • Thomas Haller's avatar
      ifcfg-rh: rework parsing secrets · 6b763af1
      Thomas Haller authored
      - rename secret related functions to have a "_secret" prefix.
        Also, rename read_8021x_password() because it's not only useful
        for 802-1x.
      
      - In particular, this patch adds _secret_read_ifcfg() helper (formerly
        read_8021x_password()), which is smart enough to obtain secrets from
        the keys ifcfg file. We have other places where we don't get this
        right.
      
      - on a minor note, the patch also makes an effort to clear passwords
        and certifcate data from memory. Yes, there are countless places
        where we don't do that, but in this case, it's done and is as simple
        as replacing gs_free with nm_auto_free_secret, etc.
      6b763af1
    • Thomas Haller's avatar
      ifcfg-rh/trivial: rename variable for ifcfg keys file · 4b6aa207
      Thomas Haller authored
      The term "keys" is used ambigiously. Rename occurances which reference
      the "keys" ifcfg-rh file.
      
      While at it, rename the file "parsed" to "main_ifcfg". It follows the
      same pattern as the "keys_ifcfg" name.
      4b6aa207
  17. 22 Aug, 2018 1 commit
    • Thomas Haller's avatar
      wifi: don't use GBytesArray for NMWifiAP's ssid · 5cd4e6f3
      Thomas Haller authored
      GBytes makes more sense, because it's immutable.
      
      Also, since at other places we use GBytes, having
      different types is combersome and requires needless
      conversions.
      
      Also:
      
      - avoid nm_utils_escape_ssid() instead of _nm_utils_ssid_to_string().
        We use nm_utils_escape_ssid() when we want to log the SSID. However, it
        does not escape newlines, which is bad.
      
      - also no longer use nm_utils_same_ssid(). Since it no longer
        treated trailing NUL special, it is not different from
        g_bytes_equal().
      
      - also, don't use nm_utils_ssid_to_utf8() for logging anymore.
        For logging, _nm_utils_ssid_escape_utf8safe() is better because
        it is loss-less escaping which can be unambigously reverted.
      5cd4e6f3
  18. 11 Aug, 2018 2 commits
  19. 10 Aug, 2018 2 commits
    • Thomas Haller's avatar
      libnm, cli, ifcfg-rh: add NMSettingEthtool setting · df30651b
      Thomas Haller authored
      Note that in NetworkManager API (D-Bus, libnm, and nmcli),
      the features are called "feature-xyz". The "feature-" prefix
      is used, because NMSettingEthtool possibly will gain support
      for options that are not only -K|--offload|--features, for
      example -C|--coalesce.
      
      The "xzy" suffix is either how ethtool utility calls the feature
      ("tso", "rx"). Or, if ethtool utility specifies no alias for that
      feature, it's the name from kernel's ETH_SS_FEATURES ("tx-tcp6-segmentation").
      If possible, we prefer ethtool utility's naming.
      
      Also note, how the features "feature-sg", "feature-tso", and
      "feature-tx" actually refer to multiple underlying kernel features
      at once. This too follows what ethtool utility does.
      
      The functionality is not yet implemented server-side.
      df30651b
    • Thomas Haller's avatar
      ifcfg-rh: refactor parsing in parse_ethtool_option() to not call helper functions · bcbea6fe
      Thomas Haller authored
      Parsing can be complicated enough. It's simpler to just work
      top-to-bottom, without calling various helper functions. This was,
      you can see all the code in one place, without need to jump to
      the helper function to see what it is doing.
      
      In general, a static function that is only called once, does sometimes
      not simplify but obfuscate the code.
      bcbea6fe
  20. 08 Aug, 2018 1 commit
    • Thomas Haller's avatar
      all: add connection.multi-connect property for wildcard profiles · 55ae6923
      Thomas Haller authored
      Add a new option that allows to activate a profile multiple times
      (at the same time). Previoulsy, all profiles were implicitly
      NM_SETTING_CONNECTION_MULTI_CONNECT_SINGLE, meaning, that activating
      a profile that is already active will deactivate it first.
      
      This will make more sense, as we also add more match-options how
      profiles can be restricted to particular devices. We already have
      connection.type, connection.interface-name, and (ethernet|wifi).mac-address
      to restrict a profile to particular devices. For example, it is however
      not possible to specify a wildcard like "eth*" to match a profile to
      a set of devices by interface-name. That is another missing feature,
      and once we extend the matching capabilities, it makes more sense to
      activate a profile multiple times.
      
      See also https://bugzilla.redhat.com/show_bug.cgi?id=997998, which
      previously changed that a connection is restricted to a single activation
      at a time. This work relaxes that again.
      
      This only adds the new property, it is not used nor implemented yet.
      
      https://bugzilla.redhat.com/show_bug.cgi?id=1555012
      55ae6923
  21. 11 Jul, 2018 3 commits
    • Beniamino Galvani's avatar
      ifcfg-rh: SR-IOV support · c02d1c48
      Beniamino Galvani authored
      c02d1c48
    • Beniamino Galvani's avatar
      ifcfg-rh: add @match_key_type argument to svGetKeys() · 347e0d8b
      Beniamino Galvani authored
      Add a @match_key_type to svGetKeys() to filter the keys to be returned.
      347e0d8b
    • Thomas Haller's avatar
      all: don't use gchar/gshort/gint/glong but C types · e1c7a2b5
      Thomas Haller authored
      We commonly don't use the glib typedefs for char/short/int/long,
      but their C types directly.
      
          $ git grep '\<g\(char\|short\|int\|long\|float\|double\)\>' | wc -l
          587
          $ git grep '\<\(char\|short\|int\|long\|float\|double\)\>' | wc -l
          21114
      
      One could argue that using the glib typedefs is preferable in
      public API (of our glib based libnm library) or where it clearly
      is related to glib, like during
      
        g_object_set (obj, PROPERTY, (gint) value, NULL);
      
      However, that argument does not seem strong, because in practice we don't
      follow that argument today, and seldomly use the glib typedefs.
      Also, the style guide for this would be hard to formalize, because
      "using them where clearly related to a glib" is a very loose suggestion.
      
      Also note that glib typedefs will always just be typedefs of the
      underlying C types. There is no danger of glib changing the meaning
      of these typedefs (because that would be a major API break of glib).
      
      A simple style guide is instead: don't use these typedefs.
      
      No manual actions, I only ran the bash script:
      
        FILES=($(git ls-files '*.[hc]'))
        sed -i \
            -e 's/\<g\(char\|short\|int\|long\|float\|double\)\>\( [^ ]\)/\1\2/g' \
            -e 's/\<g\(char\|short\|int\|long\|float\|double\)\>  /\1   /g' \
            -e 's/\<g\(char\|short\|int\|long\|float\|double\)\>/\1/g' \
            "${FILES[@]}"
      e1c7a2b5
  22. 15 Jun, 2018 1 commit
  23. 09 Jun, 2018 3 commits
  24. 10 May, 2018 2 commits
    • Lubomir Rintel's avatar
      all: use the elvis operator wherever possible · e69d3869
      Lubomir Rintel authored
      Coccinelle:
      
        @@
        expression a, b;
        @@
        -a ? a : b
        +a ?: b
      
      Applied with:
      
        spatch --sp-file ternary.cocci --in-place --smpl-spacing --dir .
      
      With some manual adjustments on spots that Cocci didn't catch for
      reasons unknown.
      
      Thanks to the marvelous effort of the GNU compiler developer we can now
      spare a couple of bits that could be used for more important things,
      like this commit message. Standards commitees yet have to catch up.
      e69d3869
    • Lubomir Rintel's avatar
      all: add and utilize nm_utils_is_separator() · f0c1efbf
      Lubomir Rintel authored
      It is meant to be rather similar in nature to isblank() or
      g_ascii_isspace().
      
      Sadly, isblank() is locale dependent while g_ascii_isspace() also considers
      vertical whitespace as a space. That's no good for configuration files that
      are strucutured into lines, which happens to be a pretty common case.
      f0c1efbf
  25. 30 Apr, 2018 1 commit
  26. 21 Apr, 2018 1 commit
  27. 18 Apr, 2018 1 commit