From: Roy Marples Date: Sat, 1 Aug 2015 08:38:42 +0000 (+0000) Subject: noauthrequired also allows unauthenticated FORCERENEW and RECONFIGURE X-Git-Tag: v6.9.2~19 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d672ebdab63bd309aa10f9ea1687c409a1fe1dbd;p=thirdparty%2Fdhcpcd.git noauthrequired also allows unauthenticated FORCERENEW and RECONFIGURE messages. --- diff --git a/dhcp.c b/dhcp.c index e7fc9e46..4fc01a6b 100644 --- a/dhcp.c +++ b/dhcp.c @@ -2531,12 +2531,15 @@ dhcp_handledhcp(struct interface *ifp, struct dhcp_message **dhcpp, else logger(ifp->ctx, LOG_DEBUG, "%s: accepted reconfigure key", ifp->name); - } else if (ifo->auth.options & DHCPCD_AUTH_REQUIRE) { - log_dhcp1(LOG_ERR, "no authentication", ifp, dhcp, from, 0); - return; - } else if (ifo->auth.options & DHCPCD_AUTH_SEND) + } else if (ifo->auth.options & DHCPCD_AUTH_SEND) { + if (ifo->auth.options & DHCPCD_AUTH_REQUIRE) { + log_dhcp1(LOG_ERR, "no authentication", + ifp, dhcp, from, 0); + return; + } log_dhcp1(LOG_WARNING, "no authentication", ifp, dhcp, from, 0); + } /* RFC 3203 */ if (type == DHCP_FORCERENEW) { @@ -2550,7 +2553,8 @@ dhcp_handledhcp(struct interface *ifp, struct dhcp_message **dhcpp, if (auth == NULL) { log_dhcp(LOG_ERR, "unauthenticated Force Renew", ifp, dhcp, from); - return; + if (ifo->auth.options & DHCPCD_AUTH_REQUIRE) + return; } if (state->state != DHS_BOUND && state->state != DHS_INFORM) { log_dhcp(LOG_DEBUG, "not bound, ignoring Force Renew", diff --git a/dhcp6.c b/dhcp6.c index 842e1316..20836b3a 100644 --- a/dhcp6.c +++ b/dhcp6.c @@ -2750,13 +2750,16 @@ dhcp6_handledata(void *arg) else logger(ifp->ctx, LOG_DEBUG, "%s: accepted reconfigure key", ifp->name); - } else if (ifo->auth.options & DHCPCD_AUTH_REQUIRE) { - logger(ifp->ctx, LOG_ERR, - "%s: no authentication from %s", ifp->name, ctx->sfrom); - return; - } else if (ifo->auth.options & DHCPCD_AUTH_SEND) + } else if (ifo->auth.options & DHCPCD_AUTH_SEND) { + if (ifo->auth.options & DHCPCD_AUTH_REQUIRE) { + logger(ifp->ctx, LOG_ERR, + "%s: no authentication from %s", + ifp->name, ctx->sfrom); + return; + } logger(ifp->ctx, LOG_WARNING, "%s: no authentication from %s", ifp->name, ctx->sfrom); + } op = dhcp6_get_op(r->type); switch(r->type) { @@ -2860,7 +2863,8 @@ dhcp6_handledata(void *arg) logger(ifp->ctx, LOG_ERR, "%s: unauthenticated %s from %s", ifp->name, op, ctx->sfrom); - return; + if (ifo->auth.options & DHCPCD_AUTH_REQUIRE) + return; } logger(ifp->ctx, LOG_INFO, "%s: %s from %s", ifp->name, op, ctx->sfrom); diff --git a/dhcpcd.c b/dhcpcd.c index da5a1709..05186656 100644 --- a/dhcpcd.c +++ b/dhcpcd.c @@ -572,10 +572,6 @@ configure_interface1(struct interface *ifp) } } #endif - - /* If we are not sending an authentication option, don't require it */ - if (!(ifo->auth.options & DHCPCD_AUTH_SEND)) - ifo->auth.options &= ~DHCPCD_AUTH_REQUIRE; } int diff --git a/dhcpcd.conf.5.in b/dhcpcd.conf.5.in index 1f9dbf52..a5766cd0 100644 --- a/dhcpcd.conf.5.in +++ b/dhcpcd.conf.5.in @@ -22,7 +22,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd July 28, 2015 +.Dd August 1, 2015 .Dt DHCPCD.CONF 5 .Os .Sh NAME @@ -407,6 +407,7 @@ Don't send any ARP requests. This also disables IPv4LL. .It Ic noauthrequired Don't require authentication even though we requested it. +Also allows FORCERENEW and RECONFIGURE messages without authentication. .It Ic nodelay Don't delay for an initial randomised time when starting protocols. .It Ic nodev