From: Roy Marples Date: Thu, 7 Aug 2014 09:43:18 +0000 (+0000) Subject: Improve error when the authentication token cannot be found. X-Git-Tag: v6.4.4~57 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=0dc49454a909cadf5b269876c45a64d9b8dec1e6;p=thirdparty%2Fdhcpcd.git Improve error when the authentication token cannot be found. Improve documentation for setting up authentication. --- diff --git a/dhcp.c b/dhcp.c index 4b63e178..6f6d1226 100644 --- a/dhcp.c +++ b/dhcp.c @@ -989,7 +989,10 @@ make_message(struct dhcp_message **message, auth_len = (size_t)dhcp_auth_encode(&ifo->auth, state->auth.token, NULL, 0, 4, type, NULL, 0); - if (auth_len > 0) { + if ((ssize_t)auth_len == -1) + syslog(LOG_ERR, "%s: dhcp_auth_encode: %m", + iface->name); + else if (auth_len > 0) { len = (size_t)((p + auth_len) - m); if (auth_len > 255 || len > sizeof(*dhcp)) goto toobig; @@ -997,9 +1000,7 @@ make_message(struct dhcp_message **message, *p++ = (uint8_t)auth_len; auth = p; p += auth_len; - } else if ((ssize_t)auth_len == -1) - syslog(LOG_ERR, "%s: dhcp_auth_encode: %m", - iface->name); + } } *p++ = DHO_END; diff --git a/dhcp6.c b/dhcp6.c index 86337cd0..9dcdce34 100644 --- a/dhcp6.c +++ b/dhcp6.c @@ -645,9 +645,11 @@ dhcp6_makemessage(struct interface *ifp) if (ifo->auth.options & DHCPCD_AUTH_SEND) { auth_len = (size_t)dhcp_auth_encode(&ifo->auth, state->auth.token, NULL, 0, 6, type, NULL, 0); - if ((ssize_t)auth_len == -1) + if ((ssize_t)auth_len == -1) { + syslog(LOG_ERR, "%s: dhcp_auth_encode: %m", + ifp->name); auth_len = 0; - else if (auth_len> 0) + } else if (auth_len> 0) len += sizeof(*o) + auth_len; } else auth_len = 0; /* appease GCC */ @@ -1045,7 +1047,8 @@ logsend: dhcp6_update_auth(ifp, state->send, state->send_len) == -1) { syslog(LOG_ERR, "%s: dhcp6_updateauth: %m", ifp->name); - return -1; + if (errno != ESRCH) + return -1; } ctx = ifp->ctx->ipv6; diff --git a/dhcpcd.conf.5.in b/dhcpcd.conf.5.in index 4a648c02..cc10a16a 100644 --- a/dhcpcd.conf.5.in +++ b/dhcpcd.conf.5.in @@ -22,7 +22,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd July 14, 2014 +.Dd August 7, 2014 .Dt DHCPCD.CONF 5 .Os .Sh NAME @@ -71,7 +71,7 @@ Example: .D1 static ip_address=192.168.0.10/24 .It Ic authprotocol Ar protocol Ar algorithm Ar rdm Authenticate DHCP messages. -See the Supported Protocols section. +See the Supported Authentication Protocols section. .It Ic authtoken Ar secretid Ar realm Ar expire Ar key Define a shared key for use in authentication. .Ar realm can be "" to for use with the @@ -84,6 +84,18 @@ You can use the keyword or .Ar 0 which means the token never expires. +For the token protocol, +.Ar secretid +needs to be 0 and +.Ar realm +needs to be "". +If +.Nm dhcpcd +has the error +.D1 dhcp_auth_encode: Invalid argument +then it means that +.Nm dhcpcd +could not find the correct authentication token in your configuration. .It Ic background Background immediately. This is useful for startup scripts which don't disable link messages for @@ -703,10 +715,10 @@ References an option from the global definition .D1 embed uint32 enterprise_number .D1 # Options defined for the enterprise number .D1 encap 1 ipaddress ipaddress -.Ss Supported protocols +.Ss Supported Authentication Protocols .Bl -tag -width -indent .It Ic token -Sends and expects the token with the secretid 0 in each message. +Sends and expects the token with the secretid 0 and realm of "" in each message. .It Ic delayedrealm Delayed Authentication. .Nm dhcpcd @@ -723,7 +735,7 @@ This token is used to authenicate all other messages. .It Ic delayed Same as above, but without a realm. .El -.Ss Supported algorithms +.Ss Supported Authentication Algorithms If none specified, .Ic hmac-md5 is the default.