device: change default value for cloned-mac-address to "preserve" (bgo#770611)

Long ago before commit 1b49f94, NetworkManager did not touch the MAC address at all. Since 0.8.2 NetworkManager would modify the MAC address, and eventually it would reset the permanent MAC address of the device. This prevents a user from externally setting the MAC address via tools like macchanger and rely on NetworkManager not to reset it to the permanent MAC address. This is considered a security regression in bgo#708820. This only changed with commit 9a354cd and 1.4.0. Since then it is possible to configure "cloned-mac-address=preserve", which instead uses the "initial" MAC address when the device activates. That also changed that the "initial" MAC address is the address which was externally configured on the device as last. In other words, the "initial" MAC address is picked up from external changes, unless it was NetworkManager itself who configured the address when activating a connection. However, in absence of an explicit configuration the default for "cloned-mac-address" is still "permanent". Meaning, the user has to explicitly configure that NetworkManager should not touch the MAC address. It makes sense to change the upstream default to "preserve". Although this is a change in behavior since 0.8.2, it seems a better default. This change has the drastic effect that all the existing connections out there with "cloned-mac-address=$(nil)" change behavior after upgrade. I think most users won't notice, because their devices have the permanent address set by default anyway. I would think that there are few users who intentionally configured "cloned-mac-address=" to have NetworkManager restore the permanent address. https://bugzilla.gnome.org/show_bug.cgi?id=770611
author: Thomas Haller <thaller@redhat.com> 2016-09-01 16:18:34 +0200
committer: Thomas Haller <thaller@redhat.com> 2016-09-12 14:01:57 +0200
commit: fae5ecec5a4d9987a1915441602cb78275a9f490 (patch)
tree: 67f2567d79d3fa5264e007f6caec6040b84d785a
parent: eb8da4c2820690a55e1ced721f710eb616fecb60 (diff)
5 files changed, 17 insertions, 10 deletions
diff --git a/NEWS b/NEWS
index 77b7463b1f..35336019c5 100644
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,11 @@ This is a new stable release of NetworkManager.  Notable changes include:
 
 * Fix emission of NM-style PropertiesChanged signals and deprecate them
     for PropertiesChanged on "org.freedesktop.DBus.Properties" interface.
+* Change the meaning of unset "cloned-mac-address" settings from "permanent" to
+    "preserve". This changes the default value and affects existing connections
+    during upgrade that did not explicitly configure cloned-mac-address. This
+    has the effect that externally configured MAC addresses are preserved
+    by default instead of setting the permanent address (bgo#770611).
 
 ============================================
 NetworkManager-1.4
diff --git a/libnm-core/nm-setting-wired.c b/libnm-core/nm-setting-wired.c
index 131bbbb7bf..d2eea05411 100644
--- a/libnm-core/nm-setting-wired.c
+++ b/libnm-core/nm-setting-wired.c
@@ -1095,8 +1095,8 @@ nm_setting_wired_class_init (NMSettingWiredClass *setting_wired_class)
 	/**
 	 * NMSettingWired:cloned-mac-address:
 	 *
-	 * If specified, request that the device use this MAC address instead of its
-	 * permanent MAC address.  This is known as MAC cloning or spoofing.
+	 * If specified, request that the device use this MAC address instead.
+	 * This is known as MAC cloning or spoofing.
 	 *
 	 * Beside explicitly specifing a MAC address, the special values "preserve", "permanent",
 	 * "random" and "stable" are supported.
@@ -1107,7 +1107,8 @@ nm_setting_wired_class_init (NMSettingWiredClass *setting_wired_class)
 	 * the connection's UUID) and a machine dependent key.
 	 *
 	 * If unspecified, the value can be overwritten via global defaults, see manual
-	 * of NetworkManager.conf. If still unspecified, it defaults to "permanent".
+	 * of NetworkManager.conf. If still unspecified, it defaults to "preserve"
+	 * (older versions of NetworkManager may use a different default value).
 	 *
 	 * On D-Bus, this field is expressed as "assigned-mac-address" or the deprecated
 	 * "cloned-mac-address".
diff --git a/libnm-core/nm-setting-wireless.c b/libnm-core/nm-setting-wireless.c
index 06d18008af..a31f7586d2 100644
--- a/libnm-core/nm-setting-wireless.c
+++ b/libnm-core/nm-setting-wireless.c
@@ -1337,8 +1337,8 @@ nm_setting_wireless_class_init (NMSettingWirelessClass *setting_wireless_class)
 	/**
 	 * NMSettingWireless:cloned-mac-address:
 	 *
-	 * If specified, request that the device use this MAC address instead of its
-	 * permanent MAC address.  This is known as MAC cloning or spoofing.
+	 * If specified, request that the device use this MAC address instead.
+	 * This is known as MAC cloning or spoofing.
 	 *
 	 * Beside explicitly specifing a MAC address, the special values "preserve", "permanent",
 	 * "random" and "stable" are supported.
@@ -1349,7 +1349,8 @@ nm_setting_wireless_class_init (NMSettingWirelessClass *setting_wireless_class)
 	 * the connection's UUID) and a machine dependent key.
 	 *
 	 * If unspecified, the value can be overwritten via global defaults, see manual
-	 * of NetworkManager.conf. If still unspecified, it defaults to "permanent".
+	 * of NetworkManager.conf. If still unspecified, it defaults to "preserve"
+	 * (older versions of NetworkManager may use a different default value).
 	 *
 	 * On D-Bus, this field is expressed as "assigned-mac-address" or the deprecated
 	 * "cloned-mac-address".
diff --git a/man/NetworkManager.conf.xml b/man/NetworkManager.conf.xml
index 7d68fb343c..32ce5b477c 100644
--- a/man/NetworkManager.conf.xml
+++ b/man/NetworkManager.conf.xml
@@ -571,7 +571,7 @@ ipv6.ip6-privacy=0
         </varlistentry>
         <varlistentry>
           <term><varname>ethernet.cloned-mac-address</varname></term>
-          <listitem><para>If left unspecified, it defaults to "permanent".</para></listitem>
+          <listitem><para>If left unspecified, it defaults to "preserve".</para></listitem>
         </varlistentry>
         <varlistentry>
           <term><varname>ethernet.generate-mac-address-mask</varname></term>
@@ -605,7 +605,7 @@ ipv6.ip6-privacy=0
         </varlistentry>
         <varlistentry>
           <term><varname>wifi.cloned-mac-address</varname></term>
-          <listitem><para>If left unspecified, it defaults to "permanent".</para></listitem>
+          <listitem><para>If left unspecified, it defaults to "preserve".</para></listitem>
         </varlistentry>
         <varlistentry>
           <term><varname>wifi.generate-mac-address-mask</varname></term>
diff --git a/src/devices/nm-device.c b/src/devices/nm-device.c
index 7fc61509c0..b3f1fa85fc 100644
--- a/src/devices/nm-device.c
+++ b/src/devices/nm-device.c
@@ -11737,8 +11737,8 @@ _get_cloned_mac_address_setting (NMDevice *self, NMConnection *connection, gbool
 		a = nm_config_data_get_connection_default (NM_CONFIG_GET_DATA,
 		                                           is_wifi ? "wifi.cloned-mac-address" : "ethernet.cloned-mac-address",
 		                                           self);
-		/* default is permanent. */
-		addr = NM_CLONED_MAC_PERMANENT;
+
+		addr = NM_CLONED_MAC_PRESERVE;
 
 		if (!a) {
 			if (is_wifi) {
author	Thomas Haller <thaller@redhat.com>	2016-09-01 16:18:34 +0200
committer	Thomas Haller <thaller@redhat.com>	2016-09-12 14:01:57 +0200
commit	fae5ecec5a4d9987a1915441602cb78275a9f490 (patch)
tree	67f2567d79d3fa5264e007f6caec6040b84d785a
parent	eb8da4c2820690a55e1ced721f710eb616fecb60 (diff)