From: Alan T. DeKok Date: Wed, 28 Jun 2023 13:30:49 +0000 (-0400) Subject: uodate dynamic clients for dhcpv4 and dhcpv6 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=de81c5b0deaaccb757d4aef41f15164173158341;p=thirdparty%2Ffreeradius-server.git uodate dynamic clients for dhcpv4 and dhcpv6 It turns out the old code would also _always_ add a client, even if there was a NAK. Oh well. That's now fixed. --- diff --git a/src/listen/dhcpv4/proto_dhcpv4.c b/src/listen/dhcpv4/proto_dhcpv4.c index 2436d7dc9ea..8cd591f0b67 100644 --- a/src/listen/dhcpv4/proto_dhcpv4.c +++ b/src/listen/dhcpv4/proto_dhcpv4.c @@ -274,6 +274,15 @@ static ssize_t mod_encode(UNUSED void const *instance, request_t *request, uint8 fr_assert(buffer_len >= sizeof(client)); + /* + * We don't accept the new client, so don't do + * anything. + */ + if (request->reply->code != FR_DHCP_ACK) { + *buffer = true; + return 1; + } + /* * Allocate the client. If that fails, send back a NAK. * diff --git a/src/listen/dhcpv6/proto_dhcpv6.c b/src/listen/dhcpv6/proto_dhcpv6.c index 45d716f5cf9..3dbfebc3670 100644 --- a/src/listen/dhcpv6/proto_dhcpv6.c +++ b/src/listen/dhcpv6/proto_dhcpv6.c @@ -271,6 +271,15 @@ static ssize_t mod_encode(UNUSED void const *instance, request_t *request, uint8 fr_assert(buffer_len >= sizeof(client)); + /* + * We don't accept the new client, so don't do + * anything. + */ + if (request->reply->code != FR_DHCPV6_REPLY) { + *buffer = true; + return 1; + } + /* * Allocate the client. If that fails, send back a NAK. * diff --git a/src/process/dhcpv4/base.c b/src/process/dhcpv4/base.c index 43001419dd7..aa0a19fa227 100644 --- a/src/process/dhcpv4/base.c +++ b/src/process/dhcpv4/base.c @@ -125,6 +125,10 @@ typedef struct { CONF_SECTION *lease_unknown; CONF_SECTION *lease_active; CONF_SECTION *do_not_respond; + + CONF_SECTION *new_client; + CONF_SECTION *add_client; + CONF_SECTION *deny_client; } process_dhcpv4_sections_t; typedef struct { @@ -138,6 +142,7 @@ typedef struct { #define PROCESS_CODE_DO_NOT_RESPOND FR_DHCP_DO_NOT_RESPOND #define PROCESS_PACKET_CODE_VALID FR_DHCP_PROCESS_CODE_VALID #define PROCESS_INST process_dhcpv4_t +#define PROCESS_CODE_DYNAMIC_CLIENT FR_DHCP_ACK #include RESUME(check_yiaddr) @@ -421,6 +426,10 @@ static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mc dhcpv4_packet_debug(request, request->packet, &request->request_pairs, true); + if (unlikely(request_is_dynamic_client(request))) { + return new_client(p_result, mctx, request); + } + return state->recv(p_result, mctx, request); } @@ -540,6 +549,8 @@ static const virtual_server_compile_t compile_list[] = { .offset = PROCESS_CONF_OFFSET(do_not_respond), }, + DYNAMIC_CLIENT_SECTIONS, + COMPILE_TERMINATOR }; diff --git a/src/process/dhcpv6/base.c b/src/process/dhcpv6/base.c index bdc0c282d48..d42d5742242 100644 --- a/src/process/dhcpv6/base.c +++ b/src/process/dhcpv6/base.c @@ -60,6 +60,10 @@ typedef struct { CONF_SECTION *send_relay_reply; CONF_SECTION *do_not_respond; + + CONF_SECTION *new_client; + CONF_SECTION *add_client; + CONF_SECTION *deny_client; } process_dhcpv6_sections_t; typedef struct { @@ -171,6 +175,7 @@ fr_dict_enum_autoload_t process_dhcpv6_dict_enum[] = { #define PROCESS_CODE_DO_NOT_RESPOND FR_DHCPV6_DO_NOT_RESPOND #define PROCESS_PACKET_CODE_VALID FR_DHCPV6_PROCESS_CODE_VALID #define PROCESS_INST process_dhcpv6_t +#define PROCESS_CODE_DYNAMIC_CLIENT FR_DHCPV6_REPLY /* * DHCPv6 is nonstandard in that we reply @@ -273,6 +278,9 @@ static const virtual_server_compile_t compile_list[] = { .component = MOD_POST_AUTH, .offset = PROCESS_CONF_OFFSET(do_not_respond) }, + + DYNAMIC_CLIENT_SECTIONS, + COMPILE_TERMINATOR }; @@ -736,6 +744,10 @@ static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mc dhcpv6_packet_debug(request, request->packet, &request->request_pairs, true); + if (unlikely(request_is_dynamic_client(request))) { + return new_client(p_result, mctx, request); + } + return state->recv(p_result, mctx, request); }