From 9dbf3c4936395bebc5db124382209b8cd3fcb241 Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Wed, 16 Dec 2020 13:33:22 +0100 Subject: [PATCH] Fix for bug 10743 This adds in the option to have "deny known clients" in dhcpd.conf This is applied to the range command so applies to the dynamic addresses given. If you have just a range statement say in blue then if you are not using vlans you could have the situation where a known host in green might end up getting a lease from the blue range. Here a deny known-clients makes sense. Your range in this case would be limited to only unknown clients if deny known-clients was selected. dhcp WUI has been modified to add in this command. Error message has been added to check that a range has been specified if the deny unknown clients checkbox has been selected. Language files updated with additional items (English, German & Dutch). For more information on the history of this please see the bugzilla entry Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- doc/language_issues.en | 2 ++ doc/language_issues.es | 2 ++ doc/language_issues.fr | 2 ++ doc/language_issues.it | 2 ++ doc/language_issues.pl | 2 ++ doc/language_issues.ru | 2 ++ doc/language_issues.tr | 2 ++ doc/language_missings | 12 ++++++++++++ html/cgi-bin/dhcp.cgi | 19 ++++++++++++++++++- langs/de/cgi-bin/de.pl | 2 ++ langs/en/cgi-bin/en.pl | 2 ++ langs/nl/cgi-bin/nl.pl | 2 ++ 12 files changed, 50 insertions(+), 1 deletion(-) diff --git a/doc/language_issues.en b/doc/language_issues.en index b3c46de5ed..3955d3ae77 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -574,6 +574,7 @@ WARNING: untranslated string: dhcp advopt value = Option value WARNING: untranslated string: dhcp allow bootp = Allow bootp clients WARNING: untranslated string: dhcp bootp pxe data = Enter optional bootp pxe data for this fixed lease WARNING: untranslated string: dhcp configuration = DHCP configuration +WARNING: untranslated string: dhcp deny known clients: = Deny known clients: WARNING: untranslated string: dhcp dns enable update = Enable DNS Update (RFC2136): WARNING: untranslated string: dhcp dns key name = Key Name WARNING: untranslated string: dhcp dns update = DNS Update @@ -582,6 +583,7 @@ WARNING: untranslated string: dhcp dns update secret = Secret WARNING: untranslated string: dhcp server = DHCP Server WARNING: untranslated string: dhcp server disabled = DHCP server disabled. Stopped. WARNING: untranslated string: dhcp server enabled = DHCP server enabled. Restarting. +WARNING: untranslated string: dhcp valid range required when deny known clients checked = Valid range required when "Deny known clients:" is checked WARNING: untranslated string: dhcp-options = DHCP push options WARNING: untranslated string: dial = Connect WARNING: untranslated string: dial profile = Connect with profile diff --git a/doc/language_issues.es b/doc/language_issues.es index 9f62f03f25..2cd36a5a1c 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -886,11 +886,13 @@ WARNING: untranslated string: dh key move failed = Diffie-Hellman parameters mov WARNING: untranslated string: dh key warn = Creating DH-parameters with a length of 2048 bits takes up to several minutes. Lengths of 3072 or 4096 bits might needs several hours. Please be patient. WARNING: untranslated string: dh key warn1 = For weak systems or systems with little entropy, it is recommended to upload long Diffie-Hellman parameters by usage of the upload function. WARNING: untranslated string: dh parameter = Diffie-Hellman parameters +WARNING: untranslated string: dhcp deny known clients: = Deny known clients: WARNING: untranslated string: dhcp dns enable update = Enable DNS Update (RFC2136): WARNING: untranslated string: dhcp dns key name = Key Name WARNING: untranslated string: dhcp dns update = DNS Update WARNING: untranslated string: dhcp dns update algo = Algorithm WARNING: untranslated string: dhcp dns update secret = Secret +WARNING: untranslated string: dhcp valid range required when deny known clients checked = Valid range required when "Deny known clients:" is checked WARNING: untranslated string: disable = Disable WARNING: untranslated string: disconnected = Disconnected WARNING: untranslated string: dl client arch insecure = Download insecure Client Package (zip) diff --git a/doc/language_issues.fr b/doc/language_issues.fr index 90a7453609..279e1ba37d 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -879,6 +879,8 @@ WARNING: translation string unused: zoneconf val vlan tag assignment error WARNING: translation string unused: zoneconf val zoneslave amount error WARNING: untranslated string: asn lookup failed = AS lookup failed WARNING: untranslated string: autonomous system = Autonomous System +WARNING: untranslated string: dhcp deny known clients: = Deny known clients: +WARNING: untranslated string: dhcp valid range required when deny known clients checked = Valid range required when "Deny known clients:" is checked WARNING: untranslated string: dns enable safe-search youtube = Include YouTube in Safe Search WARNING: untranslated string: fwhost cust locationgrp = unknown string WARNING: untranslated string: fwhost err hostip = unknown string diff --git a/doc/language_issues.it b/doc/language_issues.it index 62e4f99533..4ac4754dc7 100644 --- a/doc/language_issues.it +++ b/doc/language_issues.it @@ -911,11 +911,13 @@ WARNING: untranslated string: crypto warning = Cryptographic warning WARNING: untranslated string: dangerous = Dangerous WARNING: untranslated string: default IP address = Default IP Address WARNING: untranslated string: desired = Desired +WARNING: untranslated string: dhcp deny known clients: = Deny known clients: WARNING: untranslated string: dhcp dns enable update = Enable DNS Update (RFC2136): WARNING: untranslated string: dhcp dns key name = Key Name WARNING: untranslated string: dhcp dns update = DNS Update WARNING: untranslated string: dhcp dns update algo = Algorithm WARNING: untranslated string: dhcp dns update secret = Secret +WARNING: untranslated string: dhcp valid range required when deny known clients checked = Valid range required when "Deny known clients:" is checked WARNING: untranslated string: disable = Disable WARNING: untranslated string: disconnected = Disconnected WARNING: untranslated string: dl client arch insecure = Download insecure Client Package (zip) diff --git a/doc/language_issues.pl b/doc/language_issues.pl index 9f62f03f25..2cd36a5a1c 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -886,11 +886,13 @@ WARNING: untranslated string: dh key move failed = Diffie-Hellman parameters mov WARNING: untranslated string: dh key warn = Creating DH-parameters with a length of 2048 bits takes up to several minutes. Lengths of 3072 or 4096 bits might needs several hours. Please be patient. WARNING: untranslated string: dh key warn1 = For weak systems or systems with little entropy, it is recommended to upload long Diffie-Hellman parameters by usage of the upload function. WARNING: untranslated string: dh parameter = Diffie-Hellman parameters +WARNING: untranslated string: dhcp deny known clients: = Deny known clients: WARNING: untranslated string: dhcp dns enable update = Enable DNS Update (RFC2136): WARNING: untranslated string: dhcp dns key name = Key Name WARNING: untranslated string: dhcp dns update = DNS Update WARNING: untranslated string: dhcp dns update algo = Algorithm WARNING: untranslated string: dhcp dns update secret = Secret +WARNING: untranslated string: dhcp valid range required when deny known clients checked = Valid range required when "Deny known clients:" is checked WARNING: untranslated string: disable = Disable WARNING: untranslated string: disconnected = Disconnected WARNING: untranslated string: dl client arch insecure = Download insecure Client Package (zip) diff --git a/doc/language_issues.ru b/doc/language_issues.ru index 5d16e0b185..a333d99394 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -888,11 +888,13 @@ WARNING: untranslated string: dh key move failed = Diffie-Hellman parameters mov WARNING: untranslated string: dh key warn = Creating DH-parameters with a length of 2048 bits takes up to several minutes. Lengths of 3072 or 4096 bits might needs several hours. Please be patient. WARNING: untranslated string: dh key warn1 = For weak systems or systems with little entropy, it is recommended to upload long Diffie-Hellman parameters by usage of the upload function. WARNING: untranslated string: dh parameter = Diffie-Hellman parameters +WARNING: untranslated string: dhcp deny known clients: = Deny known clients: WARNING: untranslated string: dhcp dns enable update = Enable DNS Update (RFC2136): WARNING: untranslated string: dhcp dns key name = Key Name WARNING: untranslated string: dhcp dns update = DNS Update WARNING: untranslated string: dhcp dns update algo = Algorithm WARNING: untranslated string: dhcp dns update secret = Secret +WARNING: untranslated string: dhcp valid range required when deny known clients checked = Valid range required when "Deny known clients:" is checked WARNING: untranslated string: disable = Disable WARNING: untranslated string: disconnected = Disconnected WARNING: untranslated string: disk access = Disk Access diff --git a/doc/language_issues.tr b/doc/language_issues.tr index 26530a9233..a080ee54fd 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -894,6 +894,8 @@ WARNING: untranslated string: crypto warning = Cryptographic warning WARNING: untranslated string: dangerous = Dangerous WARNING: untranslated string: default IP address = Default IP Address WARNING: untranslated string: desired = Desired +WARNING: untranslated string: dhcp deny known clients: = Deny known clients: +WARNING: untranslated string: dhcp valid range required when deny known clients checked = Valid range required when "Deny known clients:" is checked WARNING: untranslated string: disable = Disable WARNING: untranslated string: disconnected = Disconnected WARNING: untranslated string: dns check servers = Check DNS Servers diff --git a/doc/language_missings b/doc/language_missings index 12e3414028..ad70d5241a 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -222,11 +222,13 @@ < desired < details < dh +< dhcp deny known clients: < dhcp dns enable update < dhcp dns key name < dhcp dns update < dhcp dns update algo < dhcp dns update secret +< dhcp valid range required when deny known clients checked < dh key move failed < dh key warn < dh key warn1 @@ -962,6 +964,8 @@ < autonomous system < bewan adsl pci st < bewan adsl usb +< dhcp deny known clients: +< dhcp valid range required when deny known clients checked < dns enable safe-search youtube < g.dtm < g.lite @@ -1061,11 +1065,13 @@ < dangerous < default IP address < desired +< dhcp deny known clients: < dhcp dns enable update < dhcp dns key name < dhcp dns update < dhcp dns update algo < dhcp dns update secret +< dhcp valid range required when deny known clients checked < disable < Disabled < disconnected @@ -1945,11 +1951,13 @@ < desired < details < dh +< dhcp deny known clients: < dhcp dns enable update < dhcp dns key name < dhcp dns update < dhcp dns update algo < dhcp dns update secret +< dhcp valid range required when deny known clients checked < dh key move failed < dh key warn < dh key warn1 @@ -2822,11 +2830,13 @@ < desired < details < dh +< dhcp deny known clients: < dhcp dns enable update < dhcp dns key name < dhcp dns update < dhcp dns update algo < dhcp dns update secret +< dhcp valid range required when deny known clients checked < dh key move failed < dh key warn < dh key warn1 @@ -3568,6 +3578,8 @@ < dangerous < default IP address < desired +< dhcp deny known clients: +< dhcp valid range required when deny known clients checked < disable < Disabled < disconnected diff --git a/html/cgi-bin/dhcp.cgi b/html/cgi-bin/dhcp.cgi index 8c57c675dc..2ebdde8187 100644 --- a/html/cgi-bin/dhcp.cgi +++ b/html/cgi-bin/dhcp.cgi @@ -74,6 +74,7 @@ foreach my $itf (@ITFs) { $dhcpsettings{"DNS_UPDATE_KEY_NAME_${itf}"} = ''; $dhcpsettings{"DNS_UPDATE_KEY_SECRET_${itf}"} = ''; $dhcpsettings{"DNS_UPDATE_KEY_ALGO_${itf}"} = ''; + $dhcpsettings{"DENY_KNOWN_CLIENTS_${itf}"} = 'off'; } $dhcpsettings{'SORT_FLEASELIST'} = 'FIPADDR'; @@ -175,9 +176,16 @@ if ($dhcpsettings{'ACTION'} eq $Lang::tr{'save'}) { } } + if ($dhcpsettings{"DENY_KNOWN_CLIENTS_${itf}"} eq 'on') { + if (($dhcpsettings{"START_ADDR_${itf}"}) eq '' && ($dhcpsettings{"END_ADDR_${itf}"}) eq '') { + $errormessage = "DHCP on ${itf}: " . $Lang::tr{'dhcp valid range required when deny known clients checked'}; + goto ERROR; + } + if (!($dhcpsettings{"DEFAULT_LEASE_TIME_${itf}"} =~ /^\d+$/)) { $errormessage = "DHCP on ${itf}: " . $Lang::tr{'invalid default lease time'} . $dhcpsettings{'DEFAULT_LEASE_TIME_${itf}'}; goto ERROR; + } } if (!($dhcpsettings{"MAX_LEASE_TIME_${itf}"} =~ /^\d+$/)) { @@ -548,6 +556,7 @@ foreach my $itf (@ITFs) { my %checked=(); $checked{'ENABLE'}{'on'} = ( $dhcpsettings{"ENABLE_${itf}"} ne 'on') ? '' : "checked='checked'"; $checked{'ENABLEBOOTP'}{'on'} = ( $dhcpsettings{"ENABLEBOOTP_${itf}"} ne 'on') ? '' : "checked='checked'"; + $checked{'DENY_KNOWN_CLIENTS'}{'on'} = ( $dhcpsettings{"DENY_KNOWN_CLIENTS_${itf}"} ne 'on') ? '' : "checked='checked'"; if ($netsettings{"${itf}_DEV"} ne '' ) { # Show only defined interface my $lc_itf=lc($itf); @@ -563,6 +572,9 @@ print < $Lang::tr{'end address'} * + + $Lang::tr{'dhcp deny known clients:'} + $Lang::tr{'default lease time'} * @@ -1264,7 +1276,12 @@ sub buildconf { if ($dhcpsettings{"ENABLE_${itf}"} eq 'on' ){ print FILE "subnet " . $netsettings{"${itf}_NETADDRESS"} . " netmask ". $netsettings{"${itf}_NETMASK"} . " #$itf\n"; print FILE "{\n"; - print FILE "\trange " . $dhcpsettings{"START_ADDR_${itf}"} . ' ' . $dhcpsettings{"END_ADDR_${itf}"}.";\n" if ($dhcpsettings{"START_ADDR_${itf}"}); + if ($dhcpsettings{"START_ADDR_${itf}"}) { + print FILE "pool {\n"; + print FILE "\trange " . $dhcpsettings{"START_ADDR_${itf}"} . ' ' . $dhcpsettings{"END_ADDR_${itf}"}.";\n"; + print FILE "\tdeny known-clients;\n" if ($dhcpsettings{"DENY_KNOWN_CLIENTS_${itf}"} eq 'on'); + print FILE " }\n"; # pool + } print FILE "\toption subnet-mask " . $netsettings{"${itf}_NETMASK"} . ";\n"; print FILE "\toption domain-name \"" . $dhcpsettings{"DOMAIN_NAME_${itf}"} . "\";\n"; print FILE "\toption routers " . $netsettings{"${itf}_ADDRESS"} . ";\n"; diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 2fb46e7418..38c9783f83 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -781,6 +781,7 @@ 'dhcp bootp pxe data' => 'Geben Sie optionale BOOTP-PXE-Daten für diese feste Zuordnung ein', 'dhcp configuration' => 'DHCP-Konfiguration', 'dhcp create fixed leases' => 'Feste Zuordnungen erzeugen', +'dhcp deny known clients:' => 'Bekannte Clients verweigern:', 'dhcp dns enable update' => 'DNS-Update nach RFC 2136 aktivieren:', 'dhcp dns key name' => 'Schlüsselname', 'dhcp dns update' => 'DNS-Update', @@ -792,6 +793,7 @@ 'dhcp server' => 'DHCP-Server', 'dhcp server disabled' => 'DHCP-Server deaktiviert. Angehalten.', 'dhcp server enabled' => 'DHCP-Server aktiviert. Starte neu.', +'dhcp valid range required when deny known clients checked' => 'Gültiger Bereich erforderlich, wenn "Bekannte Clients verweigern:" aktiviert ist', 'dhcp-options' => 'DHCP push Optionen', 'dial' => 'Verbinden', 'dial profile' => 'Verbinde mit Profil', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index b5284effa1..5009132404 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -800,6 +800,7 @@ 'dhcp bootp pxe data' => 'Enter optional bootp pxe data for this fixed lease', 'dhcp configuration' => 'DHCP configuration', 'dhcp create fixed leases' => 'Create fixed leases', +'dhcp deny known clients:' => 'Deny known clients:', 'dhcp dns enable update' => 'Enable DNS Update (RFC2136):', 'dhcp dns key name' => 'Key Name', 'dhcp dns update' => 'DNS Update', @@ -813,6 +814,7 @@ 'dhcp server disabled on blue interface' => 'DHCP server disabled on BLUE interface', 'dhcp server enabled' => 'DHCP server enabled. Restarting.', 'dhcp server enabled on blue interface' => 'DHCP server enabled on BLUE interface', +'dhcp valid range required when deny known clients checked' => 'Valid range required when "Deny known clients:" is checked', 'dhcp-options' => 'DHCP push options', 'dial' => 'Connect', 'dial profile' => 'Connect with profile', diff --git a/langs/nl/cgi-bin/nl.pl b/langs/nl/cgi-bin/nl.pl index 53341a6f8f..191a16927c 100644 --- a/langs/nl/cgi-bin/nl.pl +++ b/langs/nl/cgi-bin/nl.pl @@ -702,6 +702,7 @@ 'dhcp bootp pxe data' => 'Voer optionele bootp pxe data in voor deze vaste lease', 'dhcp configuration' => 'DHCP configuratie', 'dhcp create fixed leases' => 'Aanmaken vaste leases', +'dhcp deny known clients:' => 'Bekende clients weigeren:', 'dhcp fixed lease err1' => 'Voor een vaste lease moet u het MAC-adres of de hostnaam invoeren, of beide.', 'dhcp fixed lease help1' => 'IP-adressen mogen ook als FQDN worden ingevoerd', 'dhcp mode' => 'DHCP', @@ -710,6 +711,7 @@ 'dhcp server disabled on blue interface' => 'DHCP server uitgeschakeld op de BLAUWE interface', 'dhcp server enabled' => 'DHCP server ingeschakeld. Herstarten.', 'dhcp server enabled on blue interface' => 'DHCP server ingeschakeld op de BLAUWE interface', +'dhcp valid range required when deny known clients checked' => 'Geldig bereik wanneer "Bekende clients weigeren:" is aangevinkt', 'dhcp-options' => 'DHCP push opties', 'dial' => 'Verbind', 'dial profile' => 'Verbind met profile', -- 2.39.2