|
 |
52f25a |
From d7590dd02fd47cc32e0e76e19578116c83910591 Mon Sep 17 00:00:00 2001
|
|
|
c48088 |
From: Thomas Haller <thaller@redhat.com>
|
|
|
c48088 |
Date: Fri, 24 Feb 2017 20:25:56 +0100
|
|
|
c48088 |
Subject: [PATCH] Revert "device: change default value for cloned-mac-address
|
|
|
c48088 |
to "preserve" (bgo#770611)"
|
|
|
c48088 |
|
|
|
c48088 |
https://bugzilla.redhat.com/show_bug.cgi?id=1413312
|
|
|
c48088 |
|
|
|
c48088 |
This reverts commit fae5ecec5a4d9987a1915441602cb78275a9f490.
|
|
|
c48088 |
---
|
|
|
52f25a |
clients/common/settings-docs.h.in | 4 ++--
|
|
|
c48088 |
libnm-core/nm-setting-wired.c | 7 +++----
|
|
|
c48088 |
libnm-core/nm-setting-wireless.c | 7 +++----
|
|
|
c48088 |
man/NetworkManager.conf.xml | 4 ++--
|
|
|
c48088 |
src/devices/nm-device.c | 3 ++-
|
|
|
c48088 |
5 files changed, 12 insertions(+), 13 deletions(-)
|
|
|
c48088 |
|
|
|
52f25a |
diff --git a/clients/common/settings-docs.h.in b/clients/common/settings-docs.h.in
|
|
|
52f25a |
index 7ad8c19a6..5aca99eee 100644
|
|
|
52f25a |
--- a/clients/common/settings-docs.h.in
|
|
|
52f25a |
+++ b/clients/common/settings-docs.h.in
|
|
|
c48088 |
@@ -7,7 +7,7 @@
|
|
|
c48088 |
#define DESCRIBE_DOC_NM_SETTING_WIRELESS_BAND N_("802.11 frequency band of the network. One of \"a\" for 5GHz 802.11a or \"bg\" for 2.4GHz 802.11. This will lock associations to the Wi-Fi network to the specific band, i.e. if \"a\" is specified, the device will not associate with the same network in the 2.4GHz band even if the network's settings are compatible. This setting depends on specific driver capability and may not work with all drivers.")
|
|
|
c48088 |
#define DESCRIBE_DOC_NM_SETTING_WIRELESS_BSSID N_("If specified, directs the device to only associate with the given access point. This capability is highly driver dependent and not supported by all devices. Note: this property does not control the BSSID used when creating an Ad-Hoc network and is unlikely to in the future.")
|
|
|
c48088 |
#define DESCRIBE_DOC_NM_SETTING_WIRELESS_CHANNEL N_("Wireless channel to use for the Wi-Fi connection. The device will only join (or create for Ad-Hoc networks) a Wi-Fi network on the specified channel. Because channel numbers overlap between bands, this property also requires the \"band\" property to be set.")
|
|
|
c48088 |
-#define DESCRIBE_DOC_NM_SETTING_WIRELESS_CLONED_MAC_ADDRESS N_("If specified, request that the device use this MAC address instead. This is known as MAC cloning or spoofing. Beside explicitly specifying a MAC address, the special values \"preserve\", \"permanent\", \"random\" and \"stable\" are supported. \"preserve\" means not to touch the MAC address on activation. \"permanent\" means to use the permanent hardware address of the device. \"random\" creates a random MAC address on each connect. \"stable\" creates a hashed MAC address based on connection.stable-id and a machine dependent key. If unspecified, the value can be overwritten via global defaults, see manual of NetworkManager.conf. If still unspecified, it defaults to \"preserve\" (older versions of NetworkManager may use a different default value). On D-Bus, this field is expressed as \"assigned-mac-address\" or the deprecated \"cloned-mac-address\".")
|
|
|
c48088 |
+#define DESCRIBE_DOC_NM_SETTING_WIRELESS_CLONED_MAC_ADDRESS N_("If specified, request that the device use this MAC address instead of its permanent MAC address. This is known as MAC cloning or spoofing. Beside explicitly specifying a MAC address, the special values \"preserve\", \"permanent\", \"random\" and \"stable\" are supported. \"preserve\" means not to touch the MAC address on activation. \"permanent\" means to use the permanent hardware address of the device. \"random\" creates a random MAC address on each connect. \"stable\" creates a hashed MAC address based on connection.stable-id and a machine dependent key. If unspecified, the value can be overwritten via global defaults, see manual of NetworkManager.conf. If still unspecified, it defaults to \"permanent\". On D-Bus, this field is expressed as \"assigned-mac-address\" or the deprecated \"cloned-mac-address\".")
|
|
|
c48088 |
#define DESCRIBE_DOC_NM_SETTING_WIRELESS_GENERATE_MAC_ADDRESS_MASK N_("With \"cloned-mac-address\" setting \"random\" or \"stable\", by default all bits of the MAC address are scrambled and a locally-administered, unicast MAC address is created. This property allows to specify that certain bits are fixed. Note that the least significant bit of the first MAC address will always be unset to create a unicast MAC address. If the property is NULL, it is eligible to be overwritten by a default connection setting. If the value is still NULL or an empty string, the default is to create a locally-administered, unicast MAC address. If the value contains one MAC address, this address is used as mask. The set bits of the mask are to be filled with the current MAC address of the device, while the unset bits are subject to randomization. Setting \"FE:FF:FF:00:00:00\" means to preserve the OUI of the current MAC address and only randomize the lower 3 bytes using the \"random\" or \"stable\" algorithm. If the value contains one additional MAC address after the mask, this address is used instead of the current MAC address to fill the bits that shall not be randomized. For example, a value of \"FE:FF:FF:00:00:00 68:F7:28:00:00:00\" will set the OUI of the MAC address to 68:F7:28, while the lower bits are randomized. A value of \"02:00:00:00:00:00 00:00:00:00:00:00\" will create a fully scrambled globally-administered, burned-in MAC address. If the value contains more than one additional MAC addresses, one of them is chosen randomly. For example, \"02:00:00:00:00:00 00:00:00:00:00:00 02:00:00:00:00:00\" will create a fully scrambled MAC address, randomly locally or globally administered.")
|
|
|
52f25a |
#define DESCRIBE_DOC_NM_SETTING_WIRELESS_HIDDEN N_("If TRUE, indicates this network is a non-broadcasting network that hides its SSID. In this case various workarounds may take place, such as probe-scanning the SSID for more reliable network discovery. However, these workarounds expose inherent insecurities with hidden SSID networks, and thus hidden SSID networks should be used with caution. Note that marking the network as hidden may be a privacy issue for you, as the explicit probe-scans may be distinctly recognizable on the air.")
|
|
|
c48088 |
#define DESCRIBE_DOC_NM_SETTING_WIRELESS_MAC_ADDRESS N_("If specified, this connection will only apply to the Wi-Fi device whose permanent MAC address matches. This property does not change the MAC address of the device (i.e. MAC spoofing).")
|
|
|
52f25a |
@@ -89,7 +89,7 @@
|
|
|
c48088 |
#define DESCRIBE_DOC_NM_SETTING_802_1X_SUBJECT_MATCH N_("Substring to be matched against the subject of the certificate presented by the authentication server. When unset, no verification of the authentication server certificate's subject is performed. This property provides little security, if any, and its use is deprecated in favor of NMSetting8021x:domain-suffix-match.")
|
|
|
c48088 |
#define DESCRIBE_DOC_NM_SETTING_802_1X_SYSTEM_CA_CERTS N_("When TRUE, overrides the \"ca-path\" and \"phase2-ca-path\" properties using the system CA directory specified at configure time with the --system-ca-path switch. The certificates in this directory are added to the verification chain in addition to any certificates specified by the \"ca-cert\" and \"phase2-ca-cert\" properties. If the path provided with --system-ca-path is rather a file name (bundle of trusted CA certificates), it overrides \"ca-cert\" and \"phase2-ca-cert\" properties instead (sets ca_cert/ca_cert2 options for wpa_supplicant).")
|
|
|
52f25a |
#define DESCRIBE_DOC_NM_SETTING_WIRED_AUTO_NEGOTIATE N_("When TRUE, enforce auto-negotiation of speed and duplex mode. If \"speed\" and \"duplex\" properties are both specified, only that single mode will be advertised and accepted during the link auto-negotiation process: this works only for BASE-T 802.3 specifications and is useful for enforcing gigabits modes, as in these cases link negotiation is mandatory. When FALSE, \"speed\" and \"duplex\" properties should be both set or link configuration will be skipped.")
|
|
|
c48088 |
-#define DESCRIBE_DOC_NM_SETTING_WIRED_CLONED_MAC_ADDRESS N_("If specified, request that the device use this MAC address instead. This is known as MAC cloning or spoofing. Beside explicitly specifying a MAC address, the special values \"preserve\", \"permanent\", \"random\" and \"stable\" are supported. \"preserve\" means not to touch the MAC address on activation. \"permanent\" means to use the permanent hardware address if the device has one (otherwise this is treated as \"preserve\"). \"random\" creates a random MAC address on each connect. \"stable\" creates a hashed MAC address based on connection.stable-id and a machine dependent key. If unspecified, the value can be overwritten via global defaults, see manual of NetworkManager.conf. If still unspecified, it defaults to \"preserve\" (older versions of NetworkManager may use a different default value). On D-Bus, this field is expressed as \"assigned-mac-address\" or the deprecated \"cloned-mac-address\".")
|
|
|
c48088 |
+#define DESCRIBE_DOC_NM_SETTING_WIRED_CLONED_MAC_ADDRESS N_("If specified, request that the device use this MAC address instead of its permanent MAC address. This is known as MAC cloning or spoofing. Beside explicitly specifying a MAC address, the special values \"preserve\", \"permanent\", \"random\" and \"stable\" are supported. \"preserve\" means not to touch the MAC address on activation. \"permanent\" means to use the permanent hardware address if the device has one (otherwise this is treated as \"preserve\"). \"random\" creates a random MAC address on each connect. \"stable\" creates a hashed MAC address based on connection.stable-id and a machine dependent key. If unspecified, the value can be overwritten via global defaults, see manual of NetworkManager.conf. If still unspecified, it defaults to \"permanent\". On D-Bus, this field is expressed as \"assigned-mac-address\" or the deprecated \"cloned-mac-address\".")
|
|
|
52f25a |
#define DESCRIBE_DOC_NM_SETTING_WIRED_DUPLEX N_("When a value is set, either \"half\" or \"full\", configures the device to use the specified duplex mode. If \"auto-negotiate\" is \"yes\" the specified duplex mode will be the only one advertised during link negotiation: this works only for BASE-T 802.3 specifications and is useful for enforcing gigabits modes, as in these cases link negotiation is mandatory. If the value is unset (the default), the link configuration will be either skipped (if \"auto-negotiate\" is \"no\", the default) or will be auto-negotiated (if \"auto-negotiate\" is \"yes\") and the local device will advertise all the supported duplex modes. Must be set together with the \"speed\" property if specified. Before specifying a duplex mode be sure your device supports it.")
|
|
|
c48088 |
#define DESCRIBE_DOC_NM_SETTING_WIRED_GENERATE_MAC_ADDRESS_MASK N_("With \"cloned-mac-address\" setting \"random\" or \"stable\", by default all bits of the MAC address are scrambled and a locally-administered, unicast MAC address is created. This property allows to specify that certain bits are fixed. Note that the least significant bit of the first MAC address will always be unset to create a unicast MAC address. If the property is NULL, it is eligible to be overwritten by a default connection setting. If the value is still NULL or an empty string, the default is to create a locally-administered, unicast MAC address. If the value contains one MAC address, this address is used as mask. The set bits of the mask are to be filled with the current MAC address of the device, while the unset bits are subject to randomization. Setting \"FE:FF:FF:00:00:00\" means to preserve the OUI of the current MAC address and only randomize the lower 3 bytes using the \"random\" or \"stable\" algorithm. If the value contains one additional MAC address after the mask, this address is used instead of the current MAC address to fill the bits that shall not be randomized. For example, a value of \"FE:FF:FF:00:00:00 68:F7:28:00:00:00\" will set the OUI of the MAC address to 68:F7:28, while the lower bits are randomized. A value of \"02:00:00:00:00:00 00:00:00:00:00:00\" will create a fully scrambled globally-administered, burned-in MAC address. If the value contains more than one additional MAC addresses, one of them is chosen randomly. For example, \"02:00:00:00:00:00 00:00:00:00:00:00 02:00:00:00:00:00\" will create a fully scrambled MAC address, randomly locally or globally administered.")
|
|
|
c48088 |
#define DESCRIBE_DOC_NM_SETTING_WIRED_MAC_ADDRESS N_("If specified, this connection will only apply to the Ethernet device whose permanent MAC address matches. This property does not change the MAC address of the device (i.e. MAC spoofing).")
|
|
|
c48088 |
diff --git a/libnm-core/nm-setting-wired.c b/libnm-core/nm-setting-wired.c
|
|
|
52f25a |
index 5da9ce7d7..ccbc42f90 100644
|
|
|
c48088 |
--- a/libnm-core/nm-setting-wired.c
|
|
|
c48088 |
+++ b/libnm-core/nm-setting-wired.c
|
|
|
52f25a |
@@ -1149,8 +1149,8 @@ nm_setting_wired_class_init (NMSettingWiredClass *setting_wired_class)
|
|
|
c48088 |
/**
|
|
|
c48088 |
* NMSettingWired:cloned-mac-address:
|
|
|
c48088 |
*
|
|
|
c48088 |
- * If specified, request that the device use this MAC address instead.
|
|
|
c48088 |
- * This is known as MAC cloning or spoofing.
|
|
|
c48088 |
+ * If specified, request that the device use this MAC address instead of its
|
|
|
c48088 |
+ * permanent MAC address. This is known as MAC cloning or spoofing.
|
|
|
c48088 |
*
|
|
|
c48088 |
* Beside explicitly specifying a MAC address, the special values "preserve", "permanent",
|
|
|
c48088 |
* "random" and "stable" are supported.
|
|
|
52f25a |
@@ -1162,8 +1162,7 @@ nm_setting_wired_class_init (NMSettingWiredClass *setting_wired_class)
|
|
|
c48088 |
* machine dependent key.
|
|
|
c48088 |
*
|
|
|
c48088 |
* If unspecified, the value can be overwritten via global defaults, see manual
|
|
|
c48088 |
- * of NetworkManager.conf. If still unspecified, it defaults to "preserve"
|
|
|
c48088 |
- * (older versions of NetworkManager may use a different default value).
|
|
|
c48088 |
+ * of NetworkManager.conf. If still unspecified, it defaults to "permanent".
|
|
|
c48088 |
*
|
|
|
c48088 |
* On D-Bus, this field is expressed as "assigned-mac-address" or the deprecated
|
|
|
c48088 |
* "cloned-mac-address".
|
|
|
c48088 |
diff --git a/libnm-core/nm-setting-wireless.c b/libnm-core/nm-setting-wireless.c
|
|
|
52f25a |
index 89a2df8eb..e80d153f1 100644
|
|
|
c48088 |
--- a/libnm-core/nm-setting-wireless.c
|
|
|
c48088 |
+++ b/libnm-core/nm-setting-wireless.c
|
|
|
52f25a |
@@ -1396,8 +1396,8 @@ nm_setting_wireless_class_init (NMSettingWirelessClass *setting_wireless_class)
|
|
|
c48088 |
/**
|
|
|
c48088 |
* NMSettingWireless:cloned-mac-address:
|
|
|
c48088 |
*
|
|
|
c48088 |
- * If specified, request that the device use this MAC address instead.
|
|
|
c48088 |
- * This is known as MAC cloning or spoofing.
|
|
|
c48088 |
+ * If specified, request that the device use this MAC address instead of its
|
|
|
c48088 |
+ * permanent MAC address. This is known as MAC cloning or spoofing.
|
|
|
c48088 |
*
|
|
|
c48088 |
* Beside explicitly specifying a MAC address, the special values "preserve", "permanent",
|
|
|
c48088 |
* "random" and "stable" are supported.
|
|
|
52f25a |
@@ -1408,8 +1408,7 @@ nm_setting_wireless_class_init (NMSettingWirelessClass *setting_wireless_class)
|
|
|
c48088 |
* machine dependent key.
|
|
|
c48088 |
*
|
|
|
c48088 |
* If unspecified, the value can be overwritten via global defaults, see manual
|
|
|
c48088 |
- * of NetworkManager.conf. If still unspecified, it defaults to "preserve"
|
|
|
c48088 |
- * (older versions of NetworkManager may use a different default value).
|
|
|
c48088 |
+ * of NetworkManager.conf. If still unspecified, it defaults to "permanent".
|
|
|
c48088 |
*
|
|
|
c48088 |
* On D-Bus, this field is expressed as "assigned-mac-address" or the deprecated
|
|
|
c48088 |
* "cloned-mac-address".
|
|
|
c48088 |
diff --git a/man/NetworkManager.conf.xml b/man/NetworkManager.conf.xml
|
|
|
52f25a |
index 17bc42f34..aa8e66946 100644
|
|
|
c48088 |
--- a/man/NetworkManager.conf.xml
|
|
|
c48088 |
+++ b/man/NetworkManager.conf.xml
|
|
|
52f25a |
@@ -661,7 +661,7 @@ ipv6.ip6-privacy=0
|
|
|
c48088 |
</varlistentry>
|
|
|
c48088 |
<varlistentry>
|
|
|
c48088 |
<term><varname>ethernet.cloned-mac-address</varname></term>
|
|
|
c48088 |
- <listitem><para>If left unspecified, it defaults to "preserve".</para></listitem>
|
|
|
c48088 |
+ <listitem><para>If left unspecified, it defaults to "permanent".</para></listitem>
|
|
|
c48088 |
</varlistentry>
|
|
|
c48088 |
<varlistentry>
|
|
|
c48088 |
<term><varname>ethernet.generate-mac-address-mask</varname></term>
|
|
|
52f25a |
@@ -733,7 +733,7 @@ ipv6.ip6-privacy=0
|
|
|
c48088 |
</varlistentry>
|
|
|
c48088 |
<varlistentry>
|
|
|
c48088 |
<term><varname>wifi.cloned-mac-address</varname></term>
|
|
|
c48088 |
- <listitem><para>If left unspecified, it defaults to "preserve".</para></listitem>
|
|
|
c48088 |
+ <listitem><para>If left unspecified, it defaults to "permanent".</para></listitem>
|
|
|
c48088 |
</varlistentry>
|
|
|
c48088 |
<varlistentry>
|
|
|
c48088 |
<term><varname>wifi.generate-mac-address-mask</varname></term>
|
|
|
c48088 |
diff --git a/src/devices/nm-device.c b/src/devices/nm-device.c
|
|
|
52f25a |
index 5a5cb50e9..613e87034 100644
|
|
|
c48088 |
--- a/src/devices/nm-device.c
|
|
|
c48088 |
+++ b/src/devices/nm-device.c
|
|
|
52f25a |
@@ -14628,7 +14628,8 @@ _get_cloned_mac_address_setting (NMDevice *self, NMConnection *connection, gbool
|
|
|
c48088 |
is_wifi ? "wifi.cloned-mac-address" : "ethernet.cloned-mac-address",
|
|
|
c48088 |
self);
|
|
|
c48088 |
|
|
|
c48088 |
- addr = NM_CLONED_MAC_PRESERVE;
|
|
|
c48088 |
+ /* RHEL patches the default to permanent (rh#1413312) */
|
|
|
c48088 |
+ addr = NM_CLONED_MAC_PERMANENT;
|
|
|
c48088 |
|
|
|
c48088 |
if (!a) {
|
|
|
c48088 |
if (is_wifi) {
|
|
|
c48088 |
--
|
|
|
52f25a |
2.17.0
|
|
|
c48088 |
|