Mercurial > hg > dhcpcd
changeset 2511:e1ab5b72e192 draft
Only one place should decide how netiface and netid are formed
for generating stable private addresses.
Ensure that dhcpcd.secret is readable only by dhcpcd.
| author | Roy Marples <roy@marples.name> |
|---|---|
| date | Tue, 03 Jun 2014 12:49:48 +0000 |
| parents | e46bc9fcf322 |
| children | c0bbe10f3794 |
| files | ipv6.c ipv6.h ipv6nd.c |
| diffstat | 3 files changed, 29 insertions(+), 16 deletions(-) [+] |
line wrap: on
line diff
--- a/ipv6.c Tue Jun 03 09:32:01 2014 +0000 +++ b/ipv6.c Tue Jun 03 12:49:48 2014 +0000 @@ -28,6 +28,7 @@ #include <sys/param.h> #include <sys/types.h> #include <sys/socket.h> +#include <sys/stat.h> #include <net/route.h> #include <netinet/in.h> @@ -238,7 +239,11 @@ } - if (!(fp = fopen(SECRET, "w"))) + /* Ensure that only the dhcpcd user can read the secret. + * Write permission is also denied as chaning it would remove + * it's stability. */ + if ((fp = fopen(SECRET, "w")) == NULL || + chmod(SECRET, S_IRUSR) == -1) goto eexit; x = fprintf(fp, "%s\n", hwaddr_ntoa(ctx->secret, ctx->secret_len, line, sizeof(line))); @@ -254,8 +259,8 @@ } /* RFC7217 */ -int -ipv6_makestableprivate(struct in6_addr *addr, +static int +ipv6_makestableprivate1(struct in6_addr *addr, const struct in6_addr *prefix, int prefix_len, const unsigned char *netiface, size_t netiface_len, const char *netid, size_t netid_len, @@ -309,6 +314,23 @@ } int +ipv6_makestableprivate(struct in6_addr *addr, + const struct in6_addr *prefix, int prefix_len, + const struct interface *ifp, + uint32_t dad_counter) +{ + + /* For our implementation, we shall set the hardware address + * as the interface identifier */ + + return ipv6_makestableprivate1(addr, prefix, prefix_len, + ifp->hwaddr, ifp->hwlen, + ifp->ssid, strlen(ifp->ssid), + dad_counter, + ifp->ctx->secret, ifp->ctx->secret_len); +} + +int ipv6_makeaddr(struct in6_addr *addr, const struct interface *ifp, const struct in6_addr *prefix, int prefix_len) { @@ -324,11 +346,8 @@ if (ipv6_readsecret(ifp->ctx) == -1) return -1; } - if (ipv6_makestableprivate(addr, prefix, prefix_len, - ifp->options->iaid, sizeof(ifp->options->iaid), - ifp->ssid, strlen(ifp->ssid), - 0, /* DAD counter starts at 0 */ - ifp->ctx->secret, ifp->ctx->secret_len) == -1) + if (ipv6_makestableprivate(addr, + prefix, prefix_len, ifp, 0) == -1) return -1; return 0; }
--- a/ipv6.h Tue Jun 03 09:32:01 2014 +0000 +++ b/ipv6.h Tue Jun 03 12:49:48 2014 +0000 @@ -167,10 +167,7 @@ ssize_t ipv6_printaddr(char *, size_t, const uint8_t *, const char *); int ipv6_makestableprivate(struct in6_addr *addr, const struct in6_addr *prefix, int prefix_len, - const unsigned char *netiface, size_t netiface_len, - const char *netid, size_t netid_len, - uint32_t dad_counter, - const unsigned char *secret, size_t secret_len); + const struct interface *ifp, uint32_t dad_counter); int ipv6_makeaddr(struct in6_addr *, const struct interface *, const struct in6_addr *, int); int ipv6_makeprefix(struct in6_addr *, const struct in6_addr *, int);
--- a/ipv6nd.c Tue Jun 03 09:32:01 2014 +0000 +++ b/ipv6nd.c Tue Jun 03 12:49:48 2014 +0000 @@ -612,10 +612,7 @@ syslog(LOG_ERR, "if_deladdress6: %m"); if (ipv6_makestableprivate(&ap->addr, &ap->prefix, ap->prefix_len, - ifp->options->iaid, sizeof(ifp->options->iaid), - ifp->ssid, strlen(ifp->ssid), - ap->dadcounter, - ifp->ctx->secret, ifp->ctx->secret_len) == -1) + ifp, ap->dadcounter) == -1) { syslog(LOG_ERR, "%s: ipv6_makestableprivate: %m",