Age | Commit message (Collapse) | Author | Files | Lines |
|
If all the technologies were powered off, then offline mode could
not be disabled.
Fixes BMC#26018
|
|
|
|
The hash table is now the owner of the service entry instead of the
service list.
|
|
The hash table is now the owner of the service entry instead of
the service list.
|
|
When a new session is created we need to get the initial list
of services which match the session AllowedBearers criteria. As soon
the session is running add or removed services are tracked via the
notifier interface.
We concluded that exposing all the services is not really necessary
and therefore we are using currently two callbacks to get the initial
list. That exposes implementation details from session to service, that
is GSequence. We also need to expose the type 'struct service_entry'.
Instead doing so we are using an iterator and keep all the
implementation details in session.c.
|
|
tech_data is allocated on the stack and is therefore not initilized
with NULL.
|
|
|
|
A basic type was always read independent of the argument type which
on some systems lead to a crash and on others only to a warning
printout.
|
|
To keep it more logical, rename the unsigned variable in the code.
|
|
When adding VPN monitoring capabilities, also clean up the monitor code.
|
|
Show a list of VPN connections known to the VPN daemon.
Also allow D-Bus path names to start with numbers, as it is fine with
the D-Bus library to define such path names. Fix up help command
pretty-printing as the VPN command is slightly longer.
|
|
Add helper function for printing VPN connections. Show also configuration
and failure states using 'C' and 'F' as configuration might take some
time and failure conveys practical information to the user.
|
|
|
|
|
|
Register an empty Release callback so that the message will be sent.
|
|
|
|
|
|
Use the UID as identification.
|
|
For SELinux we need to store the complete context for iptables
to work.
|
|
The session core needs to the know which kind of session
identification method has been selected in the plugin in order
to use the right iptables rules etc.
|
|
When the session core ask to create a configuration, then we
first ask the D-Bus server which UID/GID the session belongs to.
If possible we also ask for the SELinux context. Then we try
to figure out which file containts the configuration for
SElinux, UID or GID identification.
The order of matching preference is SELinux, UID and finally GID.
|
|
Use struct policy_data instead of struct create_data.
|
|
The old assumption was that a config file is associtated
with one session only. With introducing UID/GID support a policy
might be used for several sessions. Furthermore, it was assumed
that the file name is the key/ident to identify a session and
a file containts exactly one policy.
Here are the new rules for writing a policy file.
- A valid file name contains letters or numbers and must have a '.policy'
suffix.
- The file name has not semantical meaning
- A policy file may contain contain more than 1 policy
- Each policy entry starts with 'policy_'
- Each policy entry shall have one and exactly one valid key (e.g.
selinux)
The implementation has two main hash tables, file_hash and session_hash
which owns 'the file' respectively the session config. Additionally there
is a hash table which connects a policy with a session (selinux_hash).
|
|
|
|
The update flag can be removed as it is no longer needed.
|
|
g_strplit() will eventually strdup the tokens so no need to
strdup() 'context'. But we an ugly cast (from 'const unsigned char *'
to 'const char *') is needed for g_strsplit() to make the compiler happy.
|
|
Let's remove the small allocations error path because glib will
abort on memory exhausting anyway. Basically we remove dead code.
|
|
When removing the entry clear all references towards it.
|
|
Remember which session this struct service_entry belongs to when
removing the entries again.
|
|
|
|
The current situation is that a failed timeserver name resolution
removes the timeserver immediately from the list of used timeservers
and failing to connect to the nameserver IP address removes the
timeserver after a 2 second delay. Currently no mechanism exists to
re-create the list of nameservers once the list has been exhausted or
the more preferred timeservers have been removed from it.
This implementation combats both problems where less used timeservers
further away end up being used despite a more optimal closer one
becoming available as well as the problem of exhausting the
nameserver list. This is done by periodially waking up and checking
the timeserver in use. If the timeserver in use is not the most
preferred one or the list of timeservers is empty, the timeserver
list is recreated and the timeserver polling procedure is restarted.
|
|
xtables_find_match() returns two different kind of pointers.
The first type is pointing to the function pointer table loaded
via dlopen(). The second type is a copy (via plain malloc) of the
first type. xtables_find_match() marks the copies/clones with
m == m->next. So we need to free the struct xtables_match which
point back to themself.
Also fix the issue that we didn't handle multple match instances
at the same time.
The memory leak is only visible when having more than one match
of a kind.
|
|
|
|
The code was relevant only for Manager.ProvisionService method call
which was removed a long time ago.
|
|
The Protected setting was relevant only for Manager.ProvisionService
method call which was removed a long time ago.
|
|
Also set the returned value appropriately when removing or adding
configuration files.
|
|
For VPN connections created via configuration files the immutable flag
is set and it ensures no modifications are allowed. The protected
feature implementation was a left-over from service configuration code.
Removing the code fixes a bug where only VPN entries of different types
can be provisioned in the same provisioning file.
|
|
Instead really trying to allocate all possible 69888 blocks, let's
reserve the first two IP pools and then we only need to allocate
255 blocks. That should bring down the runtime considerable.
|
|
Domains property was not updated when Domains.Configuration was changed.
If Domains.Configuration is for example set to empty when using DHCP,
the Domains property is to be updated with the value configured via DHCP.
Fixes BMC#26010
|
|
For VPNs, the index is available from provider, for other services from
network.
Fixes BMC#26009
|
|
Addresses and gateway for the service IPv4 property being used in the
system are available from ipconfig->system when the property is set to
'manual'.
|
|
Accept also correctly spelled version of 'preferred' option.
|
|
|
|
|
|
|
|
|
|
IdleTimeout hasn't so far been implemented in any release and will be
handled by other means if needed.
|
|
When timeservers are set, recreate timeserver polling list only if the
service is the the default one.
|
|
Fixes BMC#25958
|
|
|