src/nm-activation-request.c

   1 /* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */
   2 /* NetworkManager -- Network link manager
   3  *
   4  * This program is free software; you can redistribute it and/or modify
   5  * it under the terms of the GNU General Public License as published by
   6  * the Free Software Foundation; either version 2 of the License, or
   7  * (at your option) any later version.
   8  *
   9  * This program is distributed in the hope that it will be useful,
  10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  * GNU General Public License for more details.
  13  *
  14  * You should have received a copy of the GNU General Public License along
  15  * with this program; if not, write to the Free Software Foundation, Inc.,
  16  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  17  *
  18  * Copyright (C) 2005 - 2012 Red Hat, Inc.
  19  * Copyright (C) 2007 - 2008 Novell, Inc.
  20  */
  21
  22 #include "nm-default.h"
  23
  24 #include <string.h>
  25 #include <stdlib.h>
  26 #include <sys/wait.h>
  27 #include <unistd.h>
  28
  29 #include "nm-activation-request.h"
  30 #include "nm-setting-wireless-security.h"
  31 #include "nm-setting-8021x.h"
  32 #include "nm-device.h"
  33 #include "nm-active-connection.h"
  34 #include "nm-settings-connection.h"
  35 #include "nm-auth-subject.h"
  36
  37 G_DEFINE_TYPE (NMActRequest, nm_act_request, NM_TYPE_ACTIVE_CONNECTION)
  38
  39 #define NM_ACT_REQUEST_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o), \
  40                                        NM_TYPE_ACT_REQUEST, \
  41                                        NMActRequestPrivate))
  42
  43 typedef struct {
  44         char *table;
  45         char *rule;
  46 } ShareRule;
  47
  48 typedef struct {
  49         GSList *secrets_calls;
  50         gboolean shared;
  51         GSList *share_rules;
  52 } NMActRequestPrivate;
  53
  54 enum {
  55         PROP_0,
  56         PROP_IP4_CONFIG,
  57         PROP_DHCP4_CONFIG,
  58         PROP_IP6_CONFIG,
  59         PROP_DHCP6_CONFIG,
  60
  61         LAST_PROP
  62 };
  63
  64 /*******************************************************************/
  65
  66 NMSettingsConnection *
  67 nm_act_request_get_settings_connection (NMActRequest *req)
  68 {
  69         g_return_val_if_fail (NM_IS_ACT_REQUEST (req), NULL);
  70
  71         return nm_active_connection_get_settings_connection (NM_ACTIVE_CONNECTION (req));
  72 }
  73
  74 NMConnection *
  75 nm_act_request_get_applied_connection (NMActRequest *req)
  76 {
  77         g_return_val_if_fail (NM_IS_ACT_REQUEST (req), NULL);
  78
  79         return nm_active_connection_get_applied_connection (NM_ACTIVE_CONNECTION (req));
  80 }
  81
  82 /*******************************************************************/
  83
  84 struct _NMActRequestGetSecretsCallId {
  85         NMActRequest *self;
  86         NMActRequestSecretsFunc callback;
  87         gpointer callback_data;
  88         NMSettingsConnectionCallId call_id;
  89 };
  90
  91 typedef struct _NMActRequestGetSecretsCallId GetSecretsInfo;
  92
  93 static GetSecretsInfo *
  94 _get_secrets_info_new (NMActRequest *self, NMActRequestSecretsFunc callback, gpointer callback_data)
  95 {
  96         GetSecretsInfo *info;
  97
  98         info = g_slice_new0 (GetSecretsInfo);
  99         info->self = self;
 100         info->callback = callback;
 101         info->callback_data = callback_data;
 102
 103         return info;
 104 }
 105
 106 static void
 107 _get_secrets_info_free (GetSecretsInfo *info)
 108 {
 109         g_slice_free (GetSecretsInfo, info);
 110 }
 111
 112 static void
 113 get_secrets_cb (NMSettingsConnection *connection,
 114                 NMSettingsConnectionCallId call_id_s,
 115                 const char *agent_username,
 116                 const char *setting_name,
 117                 GError *error,
 118                 gpointer user_data)
 119 {
 120         GetSecretsInfo *info = user_data;
 121         NMActRequestPrivate *priv;
 122
 123         g_return_if_fail (info && info->call_id == call_id_s);
 124         g_return_if_fail (NM_IS_ACT_REQUEST (info->self));
 125
 126         if (g_error_matches (error, G_IO_ERROR, G_IO_ERROR_CANCELLED))
 127                 return;
 128
 129         priv = NM_ACT_REQUEST_GET_PRIVATE (info->self);
 130
 131         g_return_if_fail (g_slist_find (priv->secrets_calls, info));
 132
 133         priv->secrets_calls = g_slist_remove (priv->secrets_calls, info);
 134
 135         if (info->callback)
 136                 info->callback (info->self, info, connection, error, info->callback_data);
 137
 138         _get_secrets_info_free (info);
 139 }
 140
 141 /**
 142  * nm_act_request_get_secrets:
 143  * @self:
 144  * @setting_name:
 145  * @flags:
 146  * @hint:
 147  * @callback:
 148  * @callback_data:
 149  *
 150  * Asnychronously starts the request for secrets. This function cannot
 151  * fail.
 152  *
 153  * The return call-id can be used to cancel the request. You are
 154  * only allowed to cancel a still pending operation (once).
 155  * The callback will always be invoked once, even for canceling
 156  * or disposing of NMActRequest.
 157  *
 158  * Returns: a call-id.
 159  */
 160 NMActRequestGetSecretsCallId
 161 nm_act_request_get_secrets (NMActRequest *self,
 162                             const char *setting_name,
 163                             NMSecretAgentGetSecretsFlags flags,
 164                             const char *hint,
 165                             NMActRequestSecretsFunc callback,
 166                             gpointer callback_data)
 167 {
 168         NMActRequestPrivate *priv;
 169         GetSecretsInfo *info;
 170         NMSettingsConnectionCallId call_id_s;
 171         NMSettingsConnection *settings_connection;
 172         NMConnection *applied_connection;
 173         const char *hints[2] = { hint, NULL };
 174
 175         g_return_val_if_fail (NM_IS_ACT_REQUEST (self), 0);
 176
 177         priv = NM_ACT_REQUEST_GET_PRIVATE (self);
 178
 179         settings_connection = nm_act_request_get_settings_connection (self);
 180         applied_connection = nm_act_request_get_applied_connection (self);
 181
 182         info = _get_secrets_info_new (self, callback, callback_data);
 183
 184         priv->secrets_calls = g_slist_append (priv->secrets_calls, info);
 185
 186         if (nm_active_connection_get_user_requested (NM_ACTIVE_CONNECTION (self)))
 187                 flags |= NM_SECRET_AGENT_GET_SECRETS_FLAG_USER_REQUESTED;
 188
 189         call_id_s = nm_settings_connection_get_secrets (settings_connection,
 190                                                         applied_connection,
 191                                                         nm_active_connection_get_subject (NM_ACTIVE_CONNECTION (self)),
 192                                                         setting_name,
 193                                                         flags,
 194                                                         hints,
 195                                                         get_secrets_cb,
 196                                                         info);
 197         info->call_id = call_id_s;
 198         g_return_val_if_fail (call_id_s, NULL);
 199         return info;
 200 }
 201
 202 static void
 203 _do_cancel_secrets (NMActRequest *self, GetSecretsInfo *info, gboolean is_disposing)
 204 {
 205         NMActRequestPrivate *priv = NM_ACT_REQUEST_GET_PRIVATE (self);
 206
 207         nm_assert (info && info->self == self);
 208         nm_assert (g_slist_find (priv->secrets_calls, info));
 209
 210         priv->secrets_calls = g_slist_remove (priv->secrets_calls, info);
 211
 212         nm_settings_connection_cancel_secrets (nm_act_request_get_settings_connection (self), info->call_id);
 213
 214         if (info->callback) {
 215                 gs_free_error GError *error = NULL;
 216
 217                 nm_utils_error_set_cancelled (&error, is_disposing, "NMActRequest");
 218                 info->callback (self, info, NULL, error, info->callback_data);
 219         }
 220
 221         _get_secrets_info_free (info);
 222 }
 223
 224 void
 225 nm_act_request_cancel_secrets (NMActRequest *self, NMActRequestGetSecretsCallId call_id)
 226 {
 227         NMActRequestPrivate *priv;
 228
 229         g_return_if_fail (NM_IS_ACT_REQUEST (self));
 230         g_return_if_fail (call_id);
 231
 232         priv = NM_ACT_REQUEST_GET_PRIVATE (self);
 233
 234         if (!g_slist_find (priv->secrets_calls, call_id))
 235                 g_return_if_reached ();
 236
 237         _do_cancel_secrets (self, call_id, FALSE);
 238 }
 239
 240 void
 241 nm_act_request_clear_secrets (NMActRequest *self)
 242 {
 243         g_return_if_fail (NM_IS_ACT_REQUEST (self));
 244
 245         nm_active_connection_clear_secrets ((NMActiveConnection *) self);
 246 }
 247
 248 /********************************************************************/
 249
 250 static void
 251 clear_share_rules (NMActRequest *req)
 252 {
 253         NMActRequestPrivate *priv = NM_ACT_REQUEST_GET_PRIVATE (req);
 254         GSList *iter;
 255
 256         for (iter = priv->share_rules; iter; iter = g_slist_next (iter)) {
 257                 ShareRule *rule = (ShareRule *) iter->data;
 258
 259                 g_free (rule->table);
 260                 g_free (rule->rule);
 261                 g_free (rule);
 262         }
 263
 264         g_slist_free (priv->share_rules);
 265         priv->share_rules = NULL;
 266 }
 267
 268 void
 269 nm_act_request_set_shared (NMActRequest *req, gboolean shared)
 270 {
 271         NMActRequestPrivate *priv = NM_ACT_REQUEST_GET_PRIVATE (req);
 272         GSList *list, *iter;
 273
 274         g_return_if_fail (NM_IS_ACT_REQUEST (req));
 275
 276         NM_ACT_REQUEST_GET_PRIVATE (req)->shared = shared;
 277
 278         /* Tear the rules down in reverse order when sharing is stopped */
 279         list = g_slist_copy (priv->share_rules);
 280         if (!shared)
 281                 list = g_slist_reverse (list);
 282
 283         /* Send the rules to iptables */
 284         for (iter = list; iter; iter = g_slist_next (iter)) {
 285                 ShareRule *rule = (ShareRule *) iter->data;
 286                 char *envp[1] = { NULL };
 287                 gs_strfreev char **argv = NULL;
 288                 gs_free char *cmd = NULL;
 289
 290                 cmd = g_strdup_printf ("%s --table %s %s %s",
 291                                        IPTABLES_PATH,
 292                                        rule->table,
 293                                        shared ? "--insert" : "--delete",
 294                                        rule->rule);
 295                 if (!cmd)
 296                         continue;
 297
 298                 argv = g_strsplit (cmd, " ", 0);
 299                 if (argv && argv[0]) {
 300                         int status;
 301                         GError *error = NULL;
 302
 303                         nm_log_info (LOGD_SHARING, "Executing: %s", cmd);
 304                         if (!g_spawn_sync ("/", argv, envp, G_SPAWN_STDOUT_TO_DEV_NULL | G_SPAWN_STDERR_TO_DEV_NULL,
 305                                            NULL, NULL, NULL, NULL, &status, &error)) {
 306                                 nm_log_warn (LOGD_SHARING, "Error executing command: %s",
 307                                              error->message);
 308                                 g_clear_error (&error);
 309                         } else if (WEXITSTATUS (status)) {
 310                                 nm_log_warn (LOGD_SHARING, "** Command returned exit status %d.",
 311                                              WEXITSTATUS (status));
 312                         }
 313                 }
 314         }
 315
 316         g_slist_free (list);
 317
 318         /* Clear the share rule list when sharing is stopped */
 319         if (!shared)
 320                 clear_share_rules (req);
 321 }
 322
 323 gboolean
 324 nm_act_request_get_shared (NMActRequest *req)
 325 {
 326         g_return_val_if_fail (NM_IS_ACT_REQUEST (req), FALSE);
 327
 328         return NM_ACT_REQUEST_GET_PRIVATE (req)->shared;
 329 }
 330
 331 void
 332 nm_act_request_add_share_rule (NMActRequest *req,
 333                                const char *table,
 334                                const char *table_rule)
 335 {
 336         NMActRequestPrivate *priv = NM_ACT_REQUEST_GET_PRIVATE (req);
 337         ShareRule *rule;
 338
 339         g_return_if_fail (NM_IS_ACT_REQUEST (req));
 340         g_return_if_fail (table != NULL);
 341         g_return_if_fail (table_rule != NULL);
 342
 343         rule = g_malloc0 (sizeof (ShareRule));
 344         rule->table = g_strdup (table);
 345         rule->rule = g_strdup (table_rule);
 346         priv->share_rules = g_slist_prepend (priv->share_rules, rule);
 347 }
 348
 349 /********************************************************************/
 350
 351 static void
 352 device_notify (GObject    *object,
 353                GParamSpec *pspec,
 354                gpointer    self)
 355 {
 356         g_object_notify (self, pspec->name);
 357 }
 358
 359 static void
 360 device_state_changed (NMActiveConnection *active,
 361                       NMDevice *device,
 362                       NMDeviceState new_state,
 363                       NMDeviceState old_state)
 364 {
 365         NMActiveConnectionState cur_ac_state = nm_active_connection_get_state (active);
 366         NMActiveConnectionState ac_state = NM_ACTIVE_CONNECTION_STATE_UNKNOWN;
 367
 368         /* Decide which device state changes to handle when this active connection
 369          * is not the device's current request.  Two cases here: (a) the AC is
 370          * pending and not yet active, and (b) the AC was active but the device is
 371          * entering DISCONNECTED state (which clears the device's current AC before
 372          * emitting the state change signal).
 373          */
 374         if (NM_ACTIVE_CONNECTION (nm_device_get_act_request (device)) != active) {
 375                 /* Some other request is activating; this one must be pending */
 376                 if (new_state >= NM_DEVICE_STATE_PREPARE)
 377                         return;
 378                 else if (new_state == NM_DEVICE_STATE_DISCONNECTED) {
 379                         /* This request hasn't started activating yet; the device is
 380                          * disconnecting and cleaning up a previous activation request.
 381                          */
 382                         if (cur_ac_state < NM_ACTIVE_CONNECTION_STATE_ACTIVATING)
 383                                 return;
 384
 385                         /* Catch device disconnections after this request has been active */
 386                 }
 387
 388                 /* All states < DISCONNECTED are fatal and handled */
 389         }
 390
 391         /* Set NMActiveConnection state based on the device's state */
 392         switch (new_state) {
 393         case NM_DEVICE_STATE_PREPARE:
 394         case NM_DEVICE_STATE_CONFIG:
 395         case NM_DEVICE_STATE_NEED_AUTH:
 396         case NM_DEVICE_STATE_IP_CONFIG:
 397         case NM_DEVICE_STATE_IP_CHECK:
 398         case NM_DEVICE_STATE_SECONDARIES:
 399                 ac_state = NM_ACTIVE_CONNECTION_STATE_ACTIVATING;
 400                 break;
 401         case NM_DEVICE_STATE_ACTIVATED:
 402                 ac_state = NM_ACTIVE_CONNECTION_STATE_ACTIVATED;
 403
 404                 g_signal_connect (device, "notify::" NM_DEVICE_IP4_CONFIG,
 405                                   G_CALLBACK (device_notify), active);
 406                 g_signal_connect (device, "notify::" NM_DEVICE_DHCP4_CONFIG,
 407                                   G_CALLBACK (device_notify), active);
 408                 g_signal_connect (device, "notify::" NM_DEVICE_IP6_CONFIG,
 409                                   G_CALLBACK (device_notify), active);
 410                 g_signal_connect (device, "notify::" NM_DEVICE_DHCP6_CONFIG,
 411                                   G_CALLBACK (device_notify), active);
 412                 break;
 413         case NM_DEVICE_STATE_DEACTIVATING:
 414                 ac_state = NM_ACTIVE_CONNECTION_STATE_DEACTIVATING;
 415                 break;
 416         case NM_DEVICE_STATE_FAILED:
 417         case NM_DEVICE_STATE_DISCONNECTED:
 418         case NM_DEVICE_STATE_UNMANAGED:
 419         case NM_DEVICE_STATE_UNAVAILABLE:
 420                 ac_state = NM_ACTIVE_CONNECTION_STATE_DEACTIVATED;
 421
 422                 g_signal_handlers_disconnect_by_func (device, G_CALLBACK (device_notify), active);
 423                 break;
 424         default:
 425                 break;
 426         }
 427
 428         if (   ac_state == NM_ACTIVE_CONNECTION_STATE_DEACTIVATED
 429             || ac_state == NM_ACTIVE_CONNECTION_STATE_UNKNOWN) {
 430                 nm_active_connection_set_default (active, FALSE);
 431                 nm_active_connection_set_default6 (active, FALSE);
 432         }
 433
 434         nm_active_connection_set_state (active, ac_state);
 435 }
 436
 437 static void
 438 master_failed (NMActiveConnection *self)
 439 {
 440         NMDevice *device;
 441         NMDeviceState device_state;
 442
 443         /* If the connection has an active device, fail it */
 444         device = nm_active_connection_get_device (self);
 445         if (device) {
 446                 device_state = nm_device_get_state (device);
 447                 if (nm_device_is_activating (device) || (device_state == NM_DEVICE_STATE_ACTIVATED)) {
 448                         nm_device_state_changed (device,
 449                                                  NM_DEVICE_STATE_FAILED,
 450                                                  NM_DEVICE_STATE_REASON_DEPENDENCY_FAILED);
 451                         return;
 452                 }
 453         }
 454
 455         /* If no device, or the device wasn't active, just move to deactivated state */
 456         nm_active_connection_set_state (self, NM_ACTIVE_CONNECTION_STATE_DEACTIVATED);
 457 }
 458
 459 /********************************************************************/
 460
 461 /**
 462  * nm_act_request_new:
 463  *
 464  * @settings_connection: (allow-none): the connection to activate @device with
 465  * @specific_object: the object path of the specific object (ie, WiFi access point,
 466  *    etc) that will be used to activate @connection and @device
 467  * @subject: the #NMAuthSubject representing the requestor of the activation
 468  * @device: the device/interface to configure according to @connection
 469  *
 470  * Creates a new device-based activation request.
 471  *
 472  * Returns: the new activation request on success, %NULL on error.
 473  */
 474 NMActRequest *
 475 nm_act_request_new (NMSettingsConnection *settings_connection,
 476                     const char *specific_object,
 477                     NMAuthSubject *subject,
 478                     NMDevice *device)
 479 {
 480         g_return_val_if_fail (!settings_connection || NM_IS_SETTINGS_CONNECTION (settings_connection), NULL);
 481         g_return_val_if_fail (NM_IS_DEVICE (device), NULL);
 482         g_return_val_if_fail (NM_IS_AUTH_SUBJECT (subject), NULL);
 483
 484         return (NMActRequest *) g_object_new (NM_TYPE_ACT_REQUEST,
 485                                               NM_ACTIVE_CONNECTION_INT_SETTINGS_CONNECTION, settings_connection,
 486                                               NM_ACTIVE_CONNECTION_INT_DEVICE, device,
 487                                               NM_ACTIVE_CONNECTION_SPECIFIC_OBJECT, specific_object,
 488                                               NM_ACTIVE_CONNECTION_INT_SUBJECT, subject,
 489                                               NULL);
 490 }
 491
 492 static void
 493 nm_act_request_init (NMActRequest *req)
 494 {
 495 }
 496
 497 static void
 498 dispose (GObject *object)
 499 {
 500         NMActRequest *self = NM_ACT_REQUEST (object);
 501         NMActRequestPrivate *priv = NM_ACT_REQUEST_GET_PRIVATE (self);
 502
 503         /* Kill any in-progress secrets requests */
 504         while (priv->secrets_calls)
 505                 _do_cancel_secrets (self, priv->secrets_calls->data, TRUE);
 506
 507         /* Clear any share rules */
 508         if (priv->share_rules) {
 509                 nm_act_request_set_shared (NM_ACT_REQUEST (object), FALSE);
 510                 clear_share_rules (NM_ACT_REQUEST (object));
 511         }
 512
 513         G_OBJECT_CLASS (nm_act_request_parent_class)->dispose (object);
 514 }
 515
 516 static void
 517 get_property (GObject *object, guint prop_id,
 518               GValue *value, GParamSpec *pspec)
 519 {
 520         NMDevice *device;
 521
 522         device = nm_active_connection_get_device (NM_ACTIVE_CONNECTION (object));
 523         if (!device) {
 524                 g_value_set_string (value, "/");
 525                 return;
 526         }
 527
 528         switch (prop_id) {
 529         case PROP_IP4_CONFIG:
 530                 g_object_get_property (G_OBJECT (device), NM_DEVICE_IP4_CONFIG, value);
 531                 break;
 532         case PROP_DHCP4_CONFIG:
 533                 g_object_get_property (G_OBJECT (device), NM_DEVICE_DHCP4_CONFIG, value);
 534                 break;
 535         case PROP_IP6_CONFIG:
 536                 g_object_get_property (G_OBJECT (device), NM_DEVICE_IP6_CONFIG, value);
 537                 break;
 538         case PROP_DHCP6_CONFIG:
 539                 g_object_get_property (G_OBJECT (device), NM_DEVICE_DHCP6_CONFIG, value);
 540                 break;
 541         default:
 542                 G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
 543                 break;
 544         }
 545 }
 546
 547 static void
 548 nm_act_request_class_init (NMActRequestClass *req_class)
 549 {
 550         GObjectClass *object_class = G_OBJECT_CLASS (req_class);
 551         NMActiveConnectionClass *active_class = NM_ACTIVE_CONNECTION_CLASS (req_class);
 552
 553         g_type_class_add_private (req_class, sizeof (NMActRequestPrivate));
 554
 555         /* virtual methods */
 556         object_class->dispose = dispose;
 557         object_class->get_property = get_property;
 558         active_class->master_failed = master_failed;
 559         active_class->device_state_changed = device_state_changed;
 560
 561         /* properties */
 562         g_object_class_override_property (object_class, PROP_IP4_CONFIG,
 563                                           NM_ACTIVE_CONNECTION_IP4_CONFIG);
 564         g_object_class_override_property (object_class, PROP_DHCP4_CONFIG,
 565                                           NM_ACTIVE_CONNECTION_DHCP4_CONFIG);
 566         g_object_class_override_property (object_class, PROP_IP6_CONFIG,
 567                                           NM_ACTIVE_CONNECTION_IP6_CONFIG);
 568         g_object_class_override_property (object_class, PROP_DHCP6_CONFIG,
 569                                           NM_ACTIVE_CONNECTION_DHCP6_CONFIG);
 570 }
 571