noauthrequired also allows unauthenticated FORCERENEW and RECONFIGURE

messages.

diff --git a/dhcp.c b/dhcp.c
index e7fc9e46050b56b88a4dccbbb903c8d94f550e59..4fc01a6b30de50c510f1227b43367611bbcf97af 100644 (file)
--- a/dhcp.c
+++ b/dhcp.c
@@ -2531,12 +2531,15 @@ dhcp_handledhcp(struct interface *ifp, struct dhcp_message **dhcpp,
                else
                        logger(ifp->ctx, LOG_DEBUG,
                            "%s: accepted reconfigure key", ifp->name);
-       } else if (ifo->auth.options & DHCPCD_AUTH_REQUIRE) {
-               log_dhcp1(LOG_ERR, "no authentication", ifp, dhcp, from, 0);
-               return;
-       } else if (ifo->auth.options & DHCPCD_AUTH_SEND)
+       } else if (ifo->auth.options & DHCPCD_AUTH_SEND) {
+               if (ifo->auth.options & DHCPCD_AUTH_REQUIRE) {
+                       log_dhcp1(LOG_ERR, "no authentication",
+                           ifp, dhcp, from, 0);
+                       return;
+               }
                log_dhcp1(LOG_WARNING, "no authentication",
                    ifp, dhcp, from, 0);
+       }
 
        /* RFC 3203 */
        if (type == DHCP_FORCERENEW) {
@@ -2550,7 +2553,8 @@ dhcp_handledhcp(struct interface *ifp, struct dhcp_message **dhcpp,
                if (auth == NULL) {
                        log_dhcp(LOG_ERR, "unauthenticated Force Renew",
                            ifp, dhcp, from);
-                       return;
+                       if (ifo->auth.options & DHCPCD_AUTH_REQUIRE)
+                               return;
                }
                if (state->state != DHS_BOUND && state->state != DHS_INFORM) {
                        log_dhcp(LOG_DEBUG, "not bound, ignoring Force Renew",

diff --git a/dhcp6.c b/dhcp6.c
index 842e1316078c3d20dfb3832927ab2a0e362194f5..20836b3a8a523867951362470344f15b999e6f93 100644 (file)
--- a/dhcp6.c
+++ b/dhcp6.c
@@ -2750,13 +2750,16 @@ dhcp6_handledata(void *arg)
                else
                        logger(ifp->ctx, LOG_DEBUG,
                            "%s: accepted reconfigure key", ifp->name);
-       } else if (ifo->auth.options & DHCPCD_AUTH_REQUIRE) {
-               logger(ifp->ctx, LOG_ERR,
-                   "%s: no authentication from %s", ifp->name, ctx->sfrom);
-               return;
-       } else if (ifo->auth.options & DHCPCD_AUTH_SEND)
+       } else if (ifo->auth.options & DHCPCD_AUTH_SEND) {
+               if (ifo->auth.options & DHCPCD_AUTH_REQUIRE) {
+                       logger(ifp->ctx, LOG_ERR,
+                           "%s: no authentication from %s",
+                           ifp->name, ctx->sfrom);
+                       return;
+               }
                logger(ifp->ctx, LOG_WARNING,
                    "%s: no authentication from %s", ifp->name, ctx->sfrom);
+       }
 
        op = dhcp6_get_op(r->type);
        switch(r->type) {
@@ -2860,7 +2863,8 @@ dhcp6_handledata(void *arg)
                        logger(ifp->ctx, LOG_ERR,
                            "%s: unauthenticated %s from %s",
                            ifp->name, op, ctx->sfrom);
-                       return;
+                       if (ifo->auth.options & DHCPCD_AUTH_REQUIRE)
+                               return;
                }
                logger(ifp->ctx, LOG_INFO, "%s: %s from %s",
                    ifp->name, op, ctx->sfrom);

diff --git a/dhcpcd.c b/dhcpcd.c
index da5a17090fb4aaf688de170fb9d505b57f699ce6..051866566246c938a7cc5a100c8e0431dbabc18b 100644 (file)
--- a/dhcpcd.c
+++ b/dhcpcd.c
@@ -572,10 +572,6 @@ configure_interface1(struct interface *ifp)
                }
        }
 #endif
-
-       /* If we are not sending an authentication option, don't require it */
-       if (!(ifo->auth.options & DHCPCD_AUTH_SEND))
-               ifo->auth.options &= ~DHCPCD_AUTH_REQUIRE;
 }
 
 int

diff --git a/dhcpcd.conf.5.in b/dhcpcd.conf.5.in
index 1f9dbf52ba8bba811f1eb500bab82f5f5e786ace..a5766cd0cea94a200303d35b3a560813a69997e7 100644 (file)
--- a/dhcpcd.conf.5.in
+++ b/dhcpcd.conf.5.in
@@ -22,7 +22,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd July 28, 2015
+.Dd August 1, 2015
 .Dt DHCPCD.CONF 5
 .Os
 .Sh NAME
@@ -407,6 +407,7 @@ Don't send any ARP requests.
 This also disables IPv4LL.
 .It Ic noauthrequired
 Don't require authentication even though we requested it.
+Also allows FORCERENEW and RECONFIGURE messages without authentication.
 .It Ic nodelay
 Don't delay for an initial randomised time when starting protocols.
 .It Ic nodev