From: Roy Marples Date: Sat, 25 Jan 2014 02:23:41 +0000 (+0000) Subject: Reply authentication every time we send a message as have updated X-Git-Tag: v6.3.0~89 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=37c6edb125a9ad41afc7c7ccf32dad26af174ffb;p=thirdparty%2Fdhcpcd.git Reply authentication every time we send a message as have updated the elapsed time. --- diff --git a/auth.c b/auth.c index e088bd3e..b3a583d7 100644 --- a/auth.c +++ b/auth.c @@ -328,7 +328,9 @@ get_next_rdm_monotonic(void) rdm++; fseek(fp, 0, SEEK_SET); - if (fprintf(fp, "0x%016" PRIu64 "\n", rdm) != 19) { + if (ftruncate(fileno(fp)) == -1 || + fprintf(fp, "0x%016" PRIu64 "\n", rdm) != 19) + { if (!last_rdm_set) { last_rdm = rdm; last_rdm_set = 1; diff --git a/dhcp6.c b/dhcp6.c index 65039c84..132951b6 100644 --- a/dhcp6.c +++ b/dhcp6.c @@ -669,16 +669,7 @@ dhcp6_makemessage(struct interface *ifp) o = D6_NEXT_OPTION(o); o->code = htons(D6_OPTION_AUTH); o->len = htons(auth_len); - if (dhcp_auth_encode(&ifo->auth, state->auth.token, - (uint8_t *)state->send, state->send_len, - 6, state->send->type, - D6_OPTION_DATA(o), auth_len) == -1) - { - printf ("oh dear\n"); - free(state->send); - state->send = NULL; - return -1; - } + /* data will be filled at send message time */ } return 0; @@ -721,6 +712,27 @@ static void dhcp6_delete_delegates(struct interface *ifp) } } + +static int +dhcp6_update_auth(struct interface *ifp, struct dhcp6_message *m, ssize_t len) +{ + struct dhcp6_state *state; + const struct dhcp6_option *co; + struct dhcp6_option *o; + + co = dhcp6_getmoption(D6_OPTION_AUTH, m, len); + if (co == NULL) + return -1; + + o = __UNCONST(co); + state = D6_STATE(ifp); + + return dhcp_auth_encode(&ifp->options->auth, state->auth.token, + (uint8_t *)state->send, state->send_len, + 6, state->send->type, + D6_OPTION_DATA(o), ntohs(o->len)); +} + static int dhcp6_sendmessage(struct interface *ifp, void (*callback)(void *)) { @@ -840,6 +852,10 @@ logsend: /* Update the elapsed time */ dhcp6_updateelapsed(ifp, state->send, state->send_len); + if (dhcp6_update_auth(ifp, state->send, state->send_len) == -1) { + syslog(LOG_ERR, "%s: dhcp6_updateauth: %m", ifp->name); + return -1; + } to.sin6_scope_id = ifp->index; sndhdr.msg_name = (caddr_t)&to; diff --git a/dhcpcd.8.in b/dhcpcd.8.in index 5a1c2503..8c12c6ab 100644 --- a/dhcpcd.8.in +++ b/dhcpcd.8.in @@ -670,7 +670,3 @@ of the last replay value sent reset. We could change this to use a NTP time stamp instead, but it's more likely the RTC on this host is broken which would cause the same result. -.Pp -WIDE DHCPv6 server sometimes fails to authenticate a -.Nm -message.