From 143471815da42574030f9d0d447ddf282ef4760f Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Sat, 18 Jun 2016 19:14:33 +0200
Subject: [PATCH] device: fail activation on failure to set cloned MAC address

When a user want to explicitly spoof the MAC address, a failure
to do so should fail activation. For one, failing to do so may
be a security problem. In any case, if user asks to configure the
interface in a certain way and we fail to do so that shall result
in a failure to activate.
---
 src/devices/nm-device-ethernet.c  | 5 ++++-
 src/devices/nm-device-macvlan.c   | 5 +++--
 src/devices/nm-device-tun.c       | 3 ++-
 src/devices/nm-device-vlan.c      | 3 ++-
 src/devices/nm-device-vxlan.c     | 3 ++-
 src/devices/wifi/nm-device-wifi.c | 3 ++-
 6 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/src/devices/nm-device-ethernet.c b/src/devices/nm-device-ethernet.c
index d26ef71d65..db2eb4f5f3 100644
--- a/src/devices/nm-device-ethernet.c
+++ b/src/devices/nm-device-ethernet.c
@@ -810,8 +810,11 @@ act_stage1_prepare (NMDevice *dev, NMDeviceStateReason *reason)
 
 	ret = NM_DEVICE_CLASS (nm_device_ethernet_parent_class)->act_stage1_prepare (dev, reason);
 	if (ret == NM_ACT_STAGE_RETURN_SUCCESS) {
-		nm_device_hw_addr_set_cloned (dev, nm_device_get_applied_connection (dev), FALSE);
+		if (!nm_device_hw_addr_set_cloned (dev, nm_device_get_applied_connection (dev), FALSE))
+			ret = NM_ACT_STAGE_RETURN_FAILURE;
+	}
 
+	if (ret == NM_ACT_STAGE_RETURN_SUCCESS) {
 		/* If we're re-activating a PPPoE connection a short while after
 		 * a previous PPPoE connection was torn down, wait a bit to allow the
 		 * remote side to handle the disconnection.  Otherwise the peer may
diff --git a/src/devices/nm-device-macvlan.c b/src/devices/nm-device-macvlan.c
index 0fa83af949..583f260e8d 100644
--- a/src/devices/nm-device-macvlan.c
+++ b/src/devices/nm-device-macvlan.c
@@ -510,8 +510,9 @@ act_stage1_prepare (NMDevice *dev, NMDeviceStateReason *reason)
 	if (ret != NM_ACT_STAGE_RETURN_SUCCESS)
 		return ret;
 
-	nm_device_hw_addr_set_cloned (dev, nm_device_get_applied_connection (dev), FALSE);
-	return TRUE;
+	if (!nm_device_hw_addr_set_cloned (dev, nm_device_get_applied_connection (dev), FALSE))
+		return NM_ACT_STAGE_RETURN_FAILURE;
+	return NM_ACT_STAGE_RETURN_SUCCESS;
 }
 
 static void
diff --git a/src/devices/nm-device-tun.c b/src/devices/nm-device-tun.c
index 2e8f832e16..1f42d06015 100644
--- a/src/devices/nm-device-tun.c
+++ b/src/devices/nm-device-tun.c
@@ -303,7 +303,8 @@ act_stage1_prepare (NMDevice *device, NMDeviceStateReason *reason)
 	if (g_strcmp0 (priv->mode, "tap"))
 		return NM_ACT_STAGE_RETURN_SUCCESS;
 
-	nm_device_hw_addr_set_cloned (device, nm_device_get_applied_connection (device), FALSE);
+	if (!nm_device_hw_addr_set_cloned (device, nm_device_get_applied_connection (device), FALSE))
+		return NM_ACT_STAGE_RETURN_FAILURE;
 
 	return NM_ACT_STAGE_RETURN_SUCCESS;
 }
diff --git a/src/devices/nm-device-vlan.c b/src/devices/nm-device-vlan.c
index 5e82f69b77..c710917419 100644
--- a/src/devices/nm-device-vlan.c
+++ b/src/devices/nm-device-vlan.c
@@ -558,7 +558,8 @@ act_stage1_prepare (NMDevice *dev, NMDeviceStateReason *reason)
 	if (ret != NM_ACT_STAGE_RETURN_SUCCESS)
 		return ret;
 
-	nm_device_hw_addr_set_cloned (dev, nm_device_get_applied_connection (dev), FALSE);
+	if (!nm_device_hw_addr_set_cloned (dev, nm_device_get_applied_connection (dev), FALSE))
+		return NM_ACT_STAGE_RETURN_FAILURE;
 
 	/* Change MAC address to parent's one if needed */
 	if (priv->parent)
diff --git a/src/devices/nm-device-vxlan.c b/src/devices/nm-device-vxlan.c
index 40e5b5512a..674c2a787d 100644
--- a/src/devices/nm-device-vxlan.c
+++ b/src/devices/nm-device-vxlan.c
@@ -519,7 +519,8 @@ act_stage1_prepare (NMDevice *device, NMDeviceStateReason *reason)
 	if (ret != NM_ACT_STAGE_RETURN_SUCCESS)
 		return ret;
 
-	nm_device_hw_addr_set_cloned (device, nm_device_get_applied_connection (device), FALSE);
+	if (!nm_device_hw_addr_set_cloned (device, nm_device_get_applied_connection (device), FALSE))
+		return NM_ACT_STAGE_RETURN_FAILURE;
 
 	return NM_ACT_STAGE_RETURN_SUCCESS;
 }
diff --git a/src/devices/wifi/nm-device-wifi.c b/src/devices/wifi/nm-device-wifi.c
index 8471a20730..1437767127 100644
--- a/src/devices/wifi/nm-device-wifi.c
+++ b/src/devices/wifi/nm-device-wifi.c
@@ -2315,7 +2315,8 @@ act_stage1_prepare (NMDevice *device, NMDeviceStateReason *reason)
 	}
 
 	/* Set spoof MAC to the interface */
-	nm_device_hw_addr_set_cloned (device, connection, TRUE);
+	if (!nm_device_hw_addr_set_cloned (device, connection, TRUE))
+		return NM_ACT_STAGE_RETURN_FAILURE;
 
 	/* AP mode never uses a specific object or existing scanned AP */
 	if (priv->mode != NM_802_11_MODE_AP) {