From: Roy Marples Date: Fri, 31 Jan 2014 18:33:11 +0000 (+0000) Subject: Reset reconfigure token when dropping a lease. X-Git-Tag: v6.3.0~64 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=f9e15277390970d9325cf17c2173f63039401ce7;p=thirdparty%2Fdhcpcd.git Reset reconfigure token when dropping a lease. Only send a reconfigure accept option if we aren't sending any authentication OR don't require authentication. --- diff --git a/auth.c b/auth.c index e5f787fc..ad9075fd 100644 --- a/auth.c +++ b/auth.c @@ -74,6 +74,16 @@ ntohll(uint64_t x) #define HMAC_LENGTH 16 +void +dhcp_auth_reset(struct authstate *state) +{ + + if (state->reconf) { + free(state->reconf); + state->reconf = NULL; + } +} + /* * Authenticate a DHCP message. * m and mlen refer to the whole message. @@ -215,6 +225,12 @@ dhcp_auth_validate(struct authstate *state, const struct auth *auth, /* Nothing to validate, just accepting the key */ return state->reconf; case 2: + if (!((mp == 4 && mt == DHCP_FORCERENEW) || + (mp == 6 && mt == DHCP6_RECONFIGURE))) + { + errno = EINVAL; + return NULL; + } if (state->reconf == NULL) { errno = ENOENT; return NULL; diff --git a/auth.h b/auth.h index 3f578a85..9234ca50 100644 --- a/auth.h +++ b/auth.h @@ -34,6 +34,8 @@ #define DHCPCD_AUTH_REQUIRE (1 << 1) #define DHCPCD_AUTH_RDM_COUNTER (1 << 2) +#define DHCPCD_AUTH_SENDREQUIRE (DHCPCD_AUTH_SEND | DHCPCD_AUTH_REQUIRE) + #define AUTH_PROTO_TOKEN 0 #define AUTH_PROTO_DELAYED 1 #define AUTH_PROTO_DELAYEDREALM 2 @@ -69,6 +71,8 @@ struct authstate { struct token *reconf; }; +void dhcp_auth_reset(struct authstate *); + const struct token * dhcp_auth_validate(struct authstate *, const struct auth *, const uint8_t *, unsigned int, int, int, diff --git a/dhcp.c b/dhcp.c index 6ea91525..280a676f 100644 --- a/dhcp.c +++ b/dhcp.c @@ -867,10 +867,14 @@ make_message(struct dhcp_message **message, p += ifo->vendor[0] + 1; } - /* We support HMAC-MD5 */ - *p++ = DHO_FORCERENEW_NONCE; - *p++ = 1; - *p++ = AUTH_ALG_HMAC_MD5; + if ((ifo->auth.options & DHCPCD_AUTH_SENDREQUIRE) != + DHCPCD_AUTH_SENDREQUIRE) + { + /* We support HMAC-MD5 */ + *p++ = DHO_FORCERENEW_NONCE; + *p++ = 1; + *p++ = AUTH_ALG_HMAC_MD5; + } if (ifo->vivco_len) { *p++ = DHO_VIVCO; @@ -2014,6 +2018,7 @@ dhcp_drop(struct interface *ifp, const char *reason) state = D_STATE(ifp); if (state == NULL) return; + dhcp_auth_reset(&state->auth); dhcp_close(ifp); arp_close(ifp); eloop_timeouts_delete(ifp, dhcp_expire, NULL); diff --git a/dhcp6.c b/dhcp6.c index 046736fa..eb5c7996 100644 --- a/dhcp6.c +++ b/dhcp6.c @@ -419,7 +419,9 @@ dhcp6_makemessage(struct interface *ifp) if (fqdn != FQDN_DISABLE) len += sizeof(*o) + 1 + encode_rfc1035(hostname, NULL); - len += sizeof(*o); /* Reconfigure Accept */ + if ((ifo->auth.options & DHCPCD_AUTH_SENDREQUIRE) != + DHCPCD_AUTH_SENDREQUIRE) + len += sizeof(*o); /* Reconfigure Accept */ } len += sizeof(*state->send); @@ -653,9 +655,13 @@ dhcp6_makemessage(struct interface *ifp) o->len = htons(l + 1); } - o = D6_NEXT_OPTION(o); - o->code = htons(D6_OPTION_RECONF_ACCEPT); - o->len = 0; + if ((ifo->auth.options & DHCPCD_AUTH_SENDREQUIRE) != + DHCPCD_AUTH_SENDREQUIRE) + { + o = D6_NEXT_OPTION(o); + o->code = htons(D6_OPTION_RECONF_ACCEPT); + o->len = 0; + } if (n_options) { o = D6_NEXT_OPTION(o); @@ -2637,6 +2643,10 @@ dhcp6_freedrop(struct interface *ifp, int drop, const char *reason) * of which interface is delegating as we remeber it by pointer. * So if we need to change this behaviour, we need to change * how we remember which interface delegated. + * + * XXX The below is no longer true due to the change of the + * default IAID, but do PPP links have stable ethernet addresses? + * * To make it more interesting, on some OS's with PPP links * there is no guarantee the delegating interface will have * the same name or index so think very hard before changing @@ -2650,6 +2660,7 @@ dhcp6_freedrop(struct interface *ifp, int drop, const char *reason) state = D6_STATE(ifp); if (state) { + dhcp_auth_reset(&state->auth); if (ifp->options->options & DHCPCD_RELEASE) { if (ifp->carrier != LINK_DOWN) dhcp6_startrelease(ifp);