changeset 2269:43c72364c4b7 draft

Reset reconfigure token when dropping a lease. Only send a reconfigure accept option if we aren't sending any authentication OR don't require authentication.
author Roy Marples <roy@marples.name>
date Fri, 31 Jan 2014 18:33:11 +0000
parents a149336d9977
children ac944f101beb
files auth.c auth.h dhcp.c dhcp6.c
diffstat 4 files changed, 44 insertions(+), 8 deletions(-) [+]
line wrap: on
line diff
--- a/auth.c	Fri Jan 31 15:55:16 2014 +0000
+++ b/auth.c	Fri Jan 31 18:33:11 2014 +0000
@@ -74,6 +74,16 @@
 
 #define HMAC_LENGTH	16
 
+void
+dhcp_auth_reset(struct authstate *state)
+{
+
+	if (state->reconf) {
+		free(state->reconf);
+		state->reconf = NULL;
+	}
+}
+
 /*
  * Authenticate a DHCP message.
  * m and mlen refer to the whole message.
@@ -215,6 +225,12 @@
 			/* Nothing to validate, just accepting the key */
 			return state->reconf;
 		case 2:
+			if (!((mp == 4 && mt == DHCP_FORCERENEW) ||
+			    (mp == 6 && mt == DHCP6_RECONFIGURE)))
+			{
+				errno = EINVAL;
+				return NULL;
+			}
 			if (state->reconf == NULL) {
 				errno = ENOENT;
 				return NULL;
--- a/auth.h	Fri Jan 31 15:55:16 2014 +0000
+++ b/auth.h	Fri Jan 31 18:33:11 2014 +0000
@@ -34,6 +34,8 @@
 #define DHCPCD_AUTH_REQUIRE	(1 << 1)
 #define DHCPCD_AUTH_RDM_COUNTER	(1 << 2)
 
+#define DHCPCD_AUTH_SENDREQUIRE	(DHCPCD_AUTH_SEND | DHCPCD_AUTH_REQUIRE)
+
 #define AUTH_PROTO_TOKEN	0
 #define AUTH_PROTO_DELAYED	1
 #define AUTH_PROTO_DELAYEDREALM	2
@@ -69,6 +71,8 @@
 	struct token *reconf;
 };
 
+void dhcp_auth_reset(struct authstate *);
+
 const struct token * dhcp_auth_validate(struct authstate *,
     const struct auth *,
     const uint8_t *, unsigned int, int, int,
--- a/dhcp.c	Fri Jan 31 15:55:16 2014 +0000
+++ b/dhcp.c	Fri Jan 31 18:33:11 2014 +0000
@@ -867,10 +867,14 @@
 			p += ifo->vendor[0] + 1;
 		}
 
-		/* We support HMAC-MD5 */
-		*p++ = DHO_FORCERENEW_NONCE;
-		*p++ = 1;
-		*p++ = AUTH_ALG_HMAC_MD5;
+		if ((ifo->auth.options & DHCPCD_AUTH_SENDREQUIRE) !=
+		    DHCPCD_AUTH_SENDREQUIRE)
+		{
+			/* We support HMAC-MD5 */
+			*p++ = DHO_FORCERENEW_NONCE;
+			*p++ = 1;
+			*p++ = AUTH_ALG_HMAC_MD5;
+		}
 
 		if (ifo->vivco_len) {
 			*p++ = DHO_VIVCO;
@@ -2014,6 +2018,7 @@
 	state = D_STATE(ifp);
 	if (state == NULL)
 		return;
+	dhcp_auth_reset(&state->auth);
 	dhcp_close(ifp);
 	arp_close(ifp);
 	eloop_timeouts_delete(ifp, dhcp_expire, NULL);
--- a/dhcp6.c	Fri Jan 31 15:55:16 2014 +0000
+++ b/dhcp6.c	Fri Jan 31 18:33:11 2014 +0000
@@ -419,7 +419,9 @@
 		if (fqdn != FQDN_DISABLE)
 			len += sizeof(*o) + 1 + encode_rfc1035(hostname, NULL);
 
-		len += sizeof(*o); /* Reconfigure Accept */
+		if ((ifo->auth.options & DHCPCD_AUTH_SENDREQUIRE) !=
+		    DHCPCD_AUTH_SENDREQUIRE)
+			len += sizeof(*o); /* Reconfigure Accept */
 	}
 
 	len += sizeof(*state->send);
@@ -653,9 +655,13 @@
 			o->len = htons(l + 1);
 		}
 
-		o = D6_NEXT_OPTION(o);
-		o->code = htons(D6_OPTION_RECONF_ACCEPT);
-		o->len = 0;
+		if ((ifo->auth.options & DHCPCD_AUTH_SENDREQUIRE) !=
+		    DHCPCD_AUTH_SENDREQUIRE)
+		{
+			o = D6_NEXT_OPTION(o);
+			o->code = htons(D6_OPTION_RECONF_ACCEPT);
+			o->len = 0;
+		}
 
 		if (n_options) {
 			o = D6_NEXT_OPTION(o);
@@ -2637,6 +2643,10 @@
 	 * of which interface is delegating as we remeber it by pointer.
 	 * So if we need to change this behaviour, we need to change
 	 * how we remember which interface delegated.
+	 *
+	 * XXX The below is no longer true due to the change of the
+	 * default IAID, but do PPP links have stable ethernet addresses?
+	 *
 	 * To make it more interesting, on some OS's with PPP links
 	 * there is no guarantee the delegating interface will have
 	 * the same name or index so think very hard before changing
@@ -2650,6 +2660,7 @@
 
 	state = D6_STATE(ifp);
 	if (state) {
+		dhcp_auth_reset(&state->auth);
 		if (ifp->options->options & DHCPCD_RELEASE) {
 			if (ifp->carrier != LINK_DOWN)
 				dhcp6_startrelease(ifp);