squash! all: add stable-id specifiers "${HOST}" and "${DEVICE}"th/per-host-stable-id

>>> NEW COMMIT MESSAGE

all: add stable-id specifier "${DEVICE}"

Add new stable-id specifier "${DEVICE}" to explicitly declare that the
connection's identity differs per-device.

Note that for settings like "ipv6.addr-gen-mode=stable" we already hash
the interface's name. So, in combination with addr-gen-mode, using this
specifier has no real use. But for example, we don't do that for
"ipv4.dhcp-client-id=stable".

The point is, in various context we possibly anyway already include a
per-device token into the generation algorithm. But that is not the
case for all of them.

Especially for the DHCPv4 client identifier which is supposed to differ
between interfaces (according to RFC). While we don't do that by default
with "ipv4.dhcp-client-id=stable", it can be now configured by the user.
Note that the fact that the client-id by default is the same accross interfaces,
is not a common problem, because commonly profiles are restricted to one device
via connection.interface-name.

4 files changed, 5 insertions, 56 deletions

diff --git a/src/devices/nm-device.c b/src/devices/nm-device.c
index 5ad38d45ca..d133452b87 100644
--- a/src/devices/nm-device.c
+++ b/src/devices/nm-device.c
@@ -1177,7 +1177,6 @@ _get_stable_id (NMDevice *self,
 		uuid = nm_connection_get_uuid (connection);
 
 		stable_type = nm_utils_stable_id_parse (stable_id,
-		                                        NULL,
 		                                        nm_device_get_ip_iface (self),
 		                                        NULL,
 		                                        uuid,
@@ -1199,12 +1198,12 @@ _get_stable_id (NMDevice *self,
 			nm_assert (stable_type == NM_UTILS_STABLE_TYPE_RANDOM);
 			priv->current_stable_id = nm_str_realloc (nm_utils_stable_id_random ());
 		}
-
 		_LOGT (LOGD_DEVICE,
-		       "stable-id: type=%d, \"%s\"%s",
+		       "stable-id: type=%d, \"%s\""
+		       "%s%s%s",
 		       (int) priv->current_stable_id_type,
 		       priv->current_stable_id,
-		       stable_type == NM_UTILS_STABLE_TYPE_GENERATED ? " (generated)" : "");
+		       NM_PRINT_FMT_QUOTED (stable_type == NM_UTILS_STABLE_TYPE_GENERATED, " from \"", generated, "\"", ""));
 	}
 
 	*out_stable_type = priv->current_stable_id_type;
@@ -13501,8 +13500,6 @@ nm_device_spawn_iface_helper (NMDevice *self)
 		if (nm_logging_enabled (LOGL_DEBUG, LOGD_DEVICE)) {
 			char *tmp;
 
-			/* Beware, we may print here --stable-id, which may contain ${HOST} specifier,
-			 * which essentially is the SHA1 sum of secret-key. */
 			tmp = g_strjoinv (" ", (char **) argv->pdata);
 			_LOGD (LOGD_DEVICE, "running '%s'", tmp);
 			g_free (tmp);
diff --git a/src/nm-core-utils.c b/src/nm-core-utils.c
index 5e381cd314..b1a4cc25a2 100644
--- a/src/nm-core-utils.c
+++ b/src/nm-core-utils.c
@@ -2896,44 +2896,6 @@ nm_utils_secret_key_get (const guint8 **out_secret_key,
 	return secret_key->is_good;
 }
 
-static gboolean
-_secret_key_get_opaque (guint32 salt /* number in host-order */,
-                        char *out_hashed_key /* at least 41 bytes */)
-{
-	gboolean good_secret_key;
-	const guint8 *secret_key;
-	gsize key_len;
-	GChecksum *sum;
-	guint8 buf[20];
-	gsize buf_size;
-
-	/* returns the SHA1 sum of the secret-key in ASCII. Also, it includes
-	 * a salt, so that one cannot obtain the secret-key from the hashed value. */
-
-	nm_assert (salt != 0);
-	nm_assert (out_hashed_key);
-
-	salt = htons (salt);
-
-	good_secret_key = nm_utils_secret_key_get (&secret_key, &key_len);
-
-	sum = g_checksum_new (G_CHECKSUM_SHA1);
-	g_checksum_update (sum, (const guchar *) &salt, sizeof (salt));
-	g_checksum_update (sum, (const guchar *) secret_key, key_len);
-
-	buf_size = sizeof (buf);
-	g_checksum_get_digest (sum, buf, &buf_size);
-	nm_assert (buf_size == sizeof (buf));
-
-	g_checksum_free (sum);
-
-	/* converting a buffer of 20 bytes to ascii (without delimiter) requires
-	 * at least 41 bytes. @out_hashed_key must be this large.  */
-	_nm_utils_bin2str_full (buf, sizeof (buf), '\0', FALSE, out_hashed_key);
-
-	return good_secret_key;
-}
-
 /*****************************************************************************/
 
 const char *
@@ -3219,7 +3181,6 @@ _stable_id_append (GString *str,
 
 NMUtilsStableType
 nm_utils_stable_id_parse (const char *stable_id,
-                          const char *hostid,
                           const char *deviceid,
                           const char *bootid,
                           const char *uuid,
@@ -3227,7 +3188,6 @@ nm_utils_stable_id_parse (const char *stable_id,
 {
 	gsize i, idx_start;
 	GString *str = NULL;
-	char hostid_buf[41];
 
 	g_return_val_if_fail (out_generated, NM_UTILS_STABLE_TYPE_RANDOM);
 
@@ -3298,14 +3258,7 @@ nm_utils_stable_id_parse (const char *stable_id,
 			_stable_id_append (str, uuid);
 		else if (CHECK_PREFIX ("${BOOT}"))
 			_stable_id_append (str, bootid ?: nm_utils_get_boot_id ());
-		else if (CHECK_PREFIX ("${HOST}")) {
-			if (!hostid) {
-				/* use an arbitrary, but fixed salt. */
-				_secret_key_get_opaque (336556219u, hostid_buf);
-				hostid = hostid_buf;
-			}
-			_stable_id_append (str, hostid);
-		} else if (CHECK_PREFIX ("${DEVICE}"))
+		else if (CHECK_PREFIX ("${DEVICE}"))
 			_stable_id_append (str, deviceid);
 		else if (g_str_has_prefix (&stable_id[i], "${RANDOM}")) {
 			/* RANDOM makes not so much sense for cloned-mac-address
diff --git a/src/nm-core-utils.h b/src/nm-core-utils.h
index 01bf9f1ba8..7f406d214c 100644
--- a/src/nm-core-utils.h
+++ b/src/nm-core-utils.h
@@ -340,7 +340,6 @@ typedef enum {
 } NMUtilsStableType;
 
 NMUtilsStableType nm_utils_stable_id_parse (const char *stable_id,
-                                            const char *hostid,
                                             const char *deviceid,
                                             const char *bootid,
                                             const char *uuid,
diff --git a/src/tests/test-general.c b/src/tests/test-general.c
index b52aea91ae..4db05ac847 100644
--- a/src/tests/test-general.c
+++ b/src/tests/test-general.c
@@ -1621,7 +1621,7 @@ do_test_stable_id_parse (const char *stable_id,
 	else
 		g_assert (stable_id);
 
-	stable_type = nm_utils_stable_id_parse (stable_id, "_HOST", "_DEVICE", "_BOOT", "_CONNECTION", &generated);
+	stable_type = nm_utils_stable_id_parse (stable_id, "_DEVICE", "_BOOT", "_CONNECTION", &generated);
 
 	g_assert_cmpint (expected_stable_type, ==, stable_type);