From: Roy Marples Date: Mon, 19 Sep 2016 09:08:11 +0000 (+0000) Subject: Allow dhcpcd to be built without Authentiction support for system media with X-Git-Tag: v6.11.4~22 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e5fc8ac453a34770a7b37c2c3d965aa6dc6c9eb3;p=thirdparty%2Fdhcpcd.git Allow dhcpcd to be built without Authentiction support for system media with extreme size constraints. --- diff --git a/Makefile b/Makefile index a73fd34d..d7b5c31d 100644 --- a/Makefile +++ b/Makefile @@ -17,11 +17,7 @@ CFLAGS+= -std=${CSTD} SRCS+= ${DHCPCD_SRCS} DHCPCD_DEFS?= dhcpcd-definitions.conf -SRCS+= auth.c -CPPFLAGS+= -I./crypt -CRYPT_SRCS= crypt/hmac_md5.c ${MD5_SRC} ${SHA256_SRC} - -OBJS+= ${SRCS:.c=.o} ${COMPAT_SRCS:.c=.o} ${CRYPT_SRCS:.c=.o} +OBJS+= ${SRCS:.c=.o} ${AUTH_SRCS:.c=.o} ${COMPAT_SRCS:.c=.o} SCRIPT= ${LIBEXECDIR}/dhcpcd-run-hooks HOOKDIR= ${LIBEXECDIR}/dhcpcd-hooks diff --git a/README b/README index 893aba8d..79c709e1 100644 --- a/README +++ b/README @@ -19,6 +19,8 @@ Currently this just removes non important options out of dhcpcd-definitions.conf, the custom logger and support for DHCPv6 Prefix Delegation. Other features maybe dropped as and when required. +dhcpcd can also be made smaller by removing Authentication support with +--disable-auth. If you're cross compiling you may need set the platform if OS is different from the host. diff --git a/auth.h b/auth.h index c5db0631..cfc17df8 100644 --- a/auth.h +++ b/auth.h @@ -63,12 +63,14 @@ TAILQ_HEAD(token_head, token); struct auth { int options; +#ifdef AUTH uint8_t protocol; uint8_t algorithm; uint8_t rdm; uint64_t last_replay; uint8_t last_replay_set; struct token_head tokens; +#endif }; struct authstate { diff --git a/configure b/configure index c5b8a218..4b43f3c5 100755 --- a/configure +++ b/configure @@ -23,6 +23,7 @@ FORK= STATIC= DEVS= EMBEDDED= +AUTH= POLL= SMALL= STATUSARG= @@ -48,6 +49,8 @@ for x do --enable-ipv6) INET6=yes;; --disable-embedded) EMBEDDED=no;; --enable-embedded) EMBEDDED=yes;; + --disable-auth) AUTH=no;; + --enable-auth) AUTH=yes;; --prefix) PREFIX=$var;; --sysconfdir) SYSCONFDIR=$var;; --bindir|--sbindir) SBINDIR=$var;; @@ -480,6 +483,13 @@ else echo "EMBEDDEDINSTALL= _embeddedinstall" >>$CONFIG_MK fi +if [ -z "$AUTH" -o "$AUTH" = yes ]; then + echo "Enabling Authentiaction" + echo "CPPFLAGS+= -DAUTH" >>$CONFIG_MK + echo "AUTH_SRCS= auth.c crypt/hmac_md5.c" >>$CONFIG_MK + echo "AUTH_SRCS+= \${MD5_SRC} \${SHA256_SRC}" >>$CONFIG_MK +fi + if [ "$OS" = linux ]; then printf "Testing for nl80211 ... " cat <_nl80211.c diff --git a/dhcp.c b/dhcp.c index f3d9cada..9bfb7b2c 100644 --- a/dhcp.c +++ b/dhcp.c @@ -726,8 +726,8 @@ static ssize_t make_message(struct bootp **bootpm, const struct interface *ifp, uint8_t type) { struct bootp *bootp; - uint8_t *lp, *p, *e, *auth; - uint8_t *n_params = NULL, auth_len; + uint8_t *lp, *p, *e; + uint8_t *n_params = NULL; uint32_t ul; uint16_t sz; size_t len, i; @@ -739,6 +739,9 @@ make_message(struct bootp **bootpm, const struct interface *ifp, uint8_t type) const char *hostname; const struct vivco *vivco; int mtu; +#ifdef AUTH + uint8_t *auth, auth_len; +#endif if ((mtu = if_getmtu(ifp)) == -1) logger(ifp->ctx, LOG_ERR, @@ -971,6 +974,7 @@ make_message(struct bootp **bootpm, const struct interface *ifp, uint8_t type) p += ifo->vendor[0] + 1; } +#ifdef AUTH if ((ifo->auth.options & DHCPCD_AUTH_SENDREQUIRE) != DHCPCD_AUTH_SENDREQUIRE) { @@ -980,6 +984,7 @@ make_message(struct bootp **bootpm, const struct interface *ifp, uint8_t type) *p++ = 1; *p++ = AUTH_ALG_HMAC_MD5; } +#endif if (ifo->vivco_len) { AREA_CHECK(sizeof(ul)); @@ -1053,10 +1058,9 @@ make_message(struct bootp **bootpm, const struct interface *ifp, uint8_t type) *n_params = (uint8_t)(p - n_params - 1); } - /* silence GCC */ +#ifdef AUTH + auth = NULL; /* appease GCC */ auth_len = 0; - auth = NULL; - if (ifo->auth.options & DHCPCD_AUTH_SEND) { ssize_t alen = dhcp_auth_encode(&ifo->auth, state->auth.token, @@ -1077,6 +1081,7 @@ make_message(struct bootp **bootpm, const struct interface *ifp, uint8_t type) p += auth_len; } } +#endif *p++ = DHO_END; len = (size_t)(p - (uint8_t *)bootp); @@ -1091,9 +1096,11 @@ make_message(struct bootp **bootpm, const struct interface *ifp, uint8_t type) len++; } +#ifdef AUTH if (ifo->auth.options & DHCPCD_AUTH_SEND && auth_len != 0) dhcp_auth_encode(&ifo->auth, state->auth.token, (uint8_t *)bootp, len, 4, type, auth, auth_len); +#endif return (ssize_t)len; @@ -1129,9 +1136,11 @@ read_lease(struct interface *ifp, struct bootp **bootp) struct dhcp_state *state = D_STATE(ifp); uint8_t *lease; size_t bytes; - const uint8_t *auth; uint8_t type; +#ifdef AUTH + const uint8_t *auth; size_t auth_len; +#endif /* Safety */ *bootp = NULL; @@ -1184,6 +1193,7 @@ read_lease(struct interface *ifp, struct bootp **bootp) DHO_MESSAGETYPE) == -1) type = 0; +#ifdef AUTH /* Authenticate the message */ auth = get_option(ifp->ctx, (struct bootp *)lease, bytes, DHO_AUTHENTICATION, &auth_len); @@ -1211,6 +1221,7 @@ read_lease(struct interface *ifp, struct bootp **bootp) free(lease); return 0; } +#endif out: *bootp = (struct bootp *)lease; @@ -2560,7 +2571,9 @@ dhcp_drop(struct interface *ifp, const char *reason) } eloop_timeout_delete(ifp->ctx->eloop, NULL, ifp); +#ifdef AUTH dhcp_auth_reset(&state->auth); +#endif dhcp_close(ifp); free(state->offer); @@ -2681,12 +2694,14 @@ dhcp_handledhcp(struct interface *ifp, struct bootp *bootp, size_t bootp_len, struct if_options *ifo = ifp->options; struct dhcp_lease *lease = &state->lease; uint8_t type, tmp; - const uint8_t *auth; struct in_addr addr; unsigned int i; - size_t auth_len; char *msg; bool bootp_copied; + const uint8_t *auth; +#ifdef AUTH + size_t auth_len; +#endif #ifdef IN_IFF_DUPLICATED struct ipv4_addr *ia; #endif @@ -2726,6 +2741,7 @@ dhcp_handledhcp(struct interface *ifp, struct bootp *bootp, size_t bootp_len, return; } +#ifdef AUTH /* Authenticate the message */ auth = get_option(ifp->ctx, bootp, bootp_len, DHO_AUTHENTICATION, &auth_len); @@ -2753,6 +2769,9 @@ dhcp_handledhcp(struct interface *ifp, struct bootp *bootp, size_t bootp_len, } LOGDHCP0(LOG_WARNING, "no authentication"); } +#else + auth = NULL; +#endif /* RFC 3203 */ if (type == DHCP_FORCERENEW) { diff --git a/dhcp6.c b/dhcp6.c index 1b25fe06..3423f767 100644 --- a/dhcp6.c +++ b/dhcp6.c @@ -501,7 +501,7 @@ dhcp6_makemessage(struct interface *ifp) const struct dhcp6_option *si, *unicast; size_t l, n, len, ml; uint8_t type; - uint16_t u16, n_options, auth_len; + uint16_t u16, n_options; struct if_options *ifo; const struct dhcp_opt *opt, *opt2; uint8_t IA, *p; @@ -511,6 +511,9 @@ dhcp6_makemessage(struct interface *ifp) const char *hostname; int fqdn; struct dhcp6_ia_addr *iap; +#ifdef AUTH + uint16_t auth_len; +#endif #ifndef SMALL struct dhcp6_option *eo; struct dhcp6_pd_addr *pdp; @@ -699,6 +702,7 @@ dhcp6_makemessage(struct interface *ifp) return -1; } +#ifdef AUTH auth_len = 0; if (ifo->auth.options & DHCPCD_AUTH_SEND) { ssize_t alen = dhcp_auth_encode(&ifo->auth, @@ -715,6 +719,7 @@ dhcp6_makemessage(struct interface *ifp) len += sizeof(*o) + auth_len; } } +#endif state->send = malloc(len); if (state->send == NULL) @@ -922,6 +927,7 @@ dhcp6_makemessage(struct interface *ifp) } } +#ifdef AUTH /* This has to be the last option */ if (ifo->auth.options & DHCPCD_AUTH_SEND && auth_len != 0) { o = D6_NEXT_OPTION(o); @@ -929,6 +935,7 @@ dhcp6_makemessage(struct interface *ifp) o->len = htons((uint16_t)auth_len); /* data will be filled at send message time */ } +#endif return 0; } @@ -972,6 +979,7 @@ static void dhcp6_delete_delegates(struct interface *ifp) } #endif +#ifdef AUTH static ssize_t dhcp6_update_auth(struct interface *ifp, struct dhcp6_message *m, size_t len) { @@ -991,6 +999,7 @@ dhcp6_update_auth(struct interface *ifp, struct dhcp6_message *m, size_t len) 6, state->send->type, D6_OPTION_DATA(o), ntohs(o->len)); } +#endif static int dhcp6_sendmessage(struct interface *ifp, void (*callback)(void *)) @@ -1130,6 +1139,7 @@ logsend: /* Update the elapsed time */ dhcp6_updateelapsed(ifp, state->send, state->send_len); +#ifdef AUTH if (ifp->options->auth.options & DHCPCD_AUTH_SEND && dhcp6_update_auth(ifp, state->send, state->send_len) == -1) { @@ -1138,6 +1148,7 @@ logsend: if (errno != ESRCH) return -1; } +#endif ctx = ifp->ctx->ipv6; dst.sin6_scope_id = ifp->index; @@ -2226,11 +2237,13 @@ dhcp6_readlease(struct interface *ifp, int validate) struct stat st; int fd; uint8_t *lease; - const struct dhcp6_option *o; struct timespec acquired; time_t now; int retval; bool fd_opened; +#ifdef AUTH + const struct dhcp6_option *o; +#endif state = D6_STATE(ifp); if (state->leasefile[0] == '\0') { @@ -2294,6 +2307,7 @@ dhcp6_readlease(struct interface *ifp, int validate) auth: retval = 0; +#ifdef AUTH /* Authenticate the message */ o = dhcp6_getmoption(D6_OPTION_AUTH, state->new, state->new_len); if (o) { @@ -2321,6 +2335,7 @@ auth: "%s: authentication now required", ifp->name); goto ex; } +#endif return fd; @@ -2827,6 +2842,7 @@ dhcp6_handledata(void *arg) } } +#ifdef AUTH /* Authenticate the message */ auth = dhcp6_getmoption(D6_OPTION_AUTH, r, len); if (auth) { @@ -2857,6 +2873,9 @@ dhcp6_handledata(void *arg) logger(ifp->ctx, LOG_WARNING, "%s: no authentication from %s", ifp->name, ctx->sfrom); } +#else + auth = NULL; +#endif op = dhcp6_get_op(r->type); switch(r->type) { diff --git a/if-options.c b/if-options.c index 3b624199..9028883a 100644 --- a/if-options.c +++ b/if-options.c @@ -427,12 +427,14 @@ parse_iaid(uint8_t *iaid, const char *arg, size_t len) return parse_iaid1(iaid, arg, len, 1); } +#ifdef AUTH static int parse_uint32(uint32_t *i, const char *arg) { return parse_iaid1((uint8_t *)i, arg, sizeof(uint32_t), 0); } +#endif static char ** splitv(struct dhcpcd_ctx *ctx, int *argc, char **argv, const char *arg) @@ -622,6 +624,7 @@ strskipwhite(const char *s) return UNCONST(s); } +#ifdef AUTH /* Find the end pointer of a string. */ static char * strend(const char *s) @@ -643,6 +646,7 @@ strend(const char *s) } return UNCONST(++s); } +#endif static int parse_option(struct dhcpcd_ctx *ctx, const char *ifname, struct if_options *ifo, @@ -661,8 +665,10 @@ parse_option(struct dhcpcd_ctx *ctx, const char *ifname, struct if_options *ifo, struct dhcp_opt **dop, *ndop; size_t *dop_len, dl, odl; struct vivco *vivco; - struct token *token; struct group *grp; +#ifdef AUTH + struct token *token; +#endif #ifdef _REENTRANT struct group grpbuf; #endif @@ -1896,6 +1902,7 @@ err_sla: break; case O_AUTHPROTOCOL: ARG_REQUIRED; +#ifdef AUTH fp = strwhite(arg); if (fp) *fp++ = '\0'; @@ -1944,8 +1951,13 @@ err_sla: } ifo->auth.options |= DHCPCD_AUTH_SEND; break; +#else + logger(ctx, LOG_ERR, "no authentication support"); + return -1; +#endif case O_AUTHTOKEN: ARG_REQUIRED; +#ifdef AUTH fp = strwhite(arg); if (fp == NULL) { logger(ctx, LOG_ERR, "authtoken requires a realm"); @@ -2038,6 +2050,10 @@ err_sla: token->key = malloc(token->key_len); parse_string((char *)token->key, token->key_len, arg); TAILQ_INSERT_TAIL(&ifo->auth.tokens, token, next); +#else + logger(ctx, LOG_ERR, "no authentication support"); + return -1; +#endif break; case O_AUTHNOTREQUIRED: ifo->auth.options &= ~DHCPCD_AUTH_REQUIRE; @@ -2244,7 +2260,9 @@ default_config(struct dhcpcd_ctx *ctx) ifo->reboot = DEFAULT_REBOOT; ifo->metric = -1; ifo->auth.options |= DHCPCD_AUTH_REQUIRE; +#ifdef AUTH TAILQ_INIT(&ifo->auth.tokens); +#endif /* Inherit some global defaults */ if (ctx->options & DHCPCD_PERSISTENT) @@ -2564,7 +2582,9 @@ free_options(struct if_options *ifo) size_t i; struct dhcp_opt *opt; struct vivco *vo; +#ifdef AUTH struct token *token; +#endif if (ifo) { if (ifo->environ) { @@ -2617,6 +2637,7 @@ free_options(struct if_options *ifo) #endif free(ifo->ia); +#ifdef AUTH while ((token = TAILQ_FIRST(&ifo->auth.tokens))) { TAILQ_REMOVE(&ifo->auth.tokens, token, next); if (token->realm_len) @@ -2624,6 +2645,7 @@ free_options(struct if_options *ifo) free(token->key); free(token); } +#endif free(ifo); } }