1 /* dnsmasq is Copyright (c) 2000-2009 Simon Kelley
2 
3    This program is free software; you can redistribute it and/or modify
4    it under the terms of the GNU General Public License as published by
5    the Free Software Foundation; version 2 dated June, 1991, or
6    (at your option) version 3 dated 29 June, 2007.
7 
8    This program is distributed in the hope that it will be useful,
9    but WITHOUT ANY WARRANTY; without even the implied warranty of
10    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
11    GNU General Public License for more details.
12 
13    You should have received a copy of the GNU General Public License
14    along with this program.  If not, see <http://www.gnu.org/licenses/>.
15 */
16 
17 #include "dnsmasq.h"
18 
19 #ifdef HAVE_DHCP
20 
21 struct iface_param {
22   struct in_addr relay, primary;
23   struct dhcp_context *current;
24   int ind;
25 };
26 
27 static int complete_context(struct in_addr local, int if_index,
28 			    struct in_addr netmask, struct in_addr broadcast, void *vparam);
29 
dhcp_init(void)30 void dhcp_init(void)
31 {
32   int fd = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP);
33   struct sockaddr_in saddr;
34   int oneopt = 1;
35 #if defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DONT)
36   int mtu = IP_PMTUDISC_DONT;
37 #endif
38 
39   if (fd == -1)
40     die (_("cannot create DHCP socket: %s"), NULL, EC_BADNET);
41 
42   if (!fix_fd(fd) ||
43 #if defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DONT)
44       setsockopt(fd, SOL_IP, IP_MTU_DISCOVER, &mtu, sizeof(mtu)) == -1 ||
45 #endif
46 #if defined(HAVE_LINUX_NETWORK)
47       setsockopt(fd, SOL_IP, IP_PKTINFO, &oneopt, sizeof(oneopt)) == -1 ||
48 #else
49       setsockopt(fd, IPPROTO_IP, IP_RECVIF, &oneopt, sizeof(oneopt)) == -1 ||
50 #endif
51       setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &oneopt, sizeof(oneopt)) == -1)
52     die(_("failed to set options on DHCP socket: %s"), NULL, EC_BADNET);
53 
54   /* When bind-interfaces is set, there might be more than one dnmsasq
55      instance binding port 67. That's OK if they serve different networks.
56      Need to set REUSEADDR to make this posible, or REUSEPORT on *BSD. */
57   if (daemon->options & OPT_NOWILD)
58     {
59 #ifdef SO_REUSEPORT
60       int rc = setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &oneopt, sizeof(oneopt));
61 #else
62       int rc = setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &oneopt, sizeof(oneopt));
63 #endif
64       if (rc == -1)
65 	die(_("failed to set SO_REUSE{ADDR|PORT} on DHCP socket: %s"), NULL, EC_BADNET);
66     }
67 
68   memset(&saddr, 0, sizeof(saddr));
69   saddr.sin_family = AF_INET;
70   saddr.sin_port = htons(daemon->dhcp_server_port);
71   saddr.sin_addr.s_addr = INADDR_ANY;
72 #ifdef HAVE_SOCKADDR_SA_LEN
73   saddr.sin_len = sizeof(struct sockaddr_in);
74 #endif
75 
76   if (bind(fd, (struct sockaddr *)&saddr, sizeof(struct sockaddr_in)))
77     die(_("failed to bind DHCP server socket: %s"), NULL, EC_BADNET);
78 
79   daemon->dhcpfd = fd;
80 
81 #if defined(HAVE_BSD_NETWORK)
82   /* When we're not using capabilities, we need to do this here before
83      we drop root. Also, set buffer size small, to avoid wasting
84      kernel buffers */
85 
86   if (daemon->options & OPT_NO_PING)
87     daemon->dhcp_icmp_fd = -1;
88   else if ((daemon->dhcp_icmp_fd = make_icmp_sock()) == -1 ||
89 	   setsockopt(daemon->dhcp_icmp_fd, SOL_SOCKET, SO_RCVBUF, &oneopt, sizeof(oneopt)) == -1 )
90     die(_("cannot create ICMP raw socket: %s."), NULL, EC_BADNET);
91 
92   /* Make BPF raw send socket */
93   init_bpf();
94 #endif
95 
96   check_dhcp_hosts(1);
97 
98   daemon->dhcp_packet.iov_len = sizeof(struct dhcp_packet);
99   daemon->dhcp_packet.iov_base = safe_malloc(daemon->dhcp_packet.iov_len);
100 }
101 
dhcp_packet(time_t now)102 void dhcp_packet(time_t now)
103 {
104   struct dhcp_packet *mess;
105   struct dhcp_context *context;
106   struct iname *tmp;
107   struct ifreq ifr;
108   struct msghdr msg;
109   struct sockaddr_in dest;
110   struct cmsghdr *cmptr;
111   struct iovec iov;
112   ssize_t sz;
113   int iface_index = 0, unicast_dest = 0, is_inform = 0;
114   struct in_addr iface_addr, *addrp = NULL;
115   struct iface_param parm;
116 
117   union {
118     struct cmsghdr align; /* this ensures alignment */
119 #if defined(HAVE_LINUX_NETWORK)
120     char control[CMSG_SPACE(sizeof(struct in_pktinfo))];
121 #elif defined(HAVE_SOLARIS_NETWORK)
122     char control[CMSG_SPACE(sizeof(unsigned int))];
123 #elif defined(HAVE_BSD_NETWORK)
124     char control[CMSG_SPACE(sizeof(struct sockaddr_dl))];
125 #endif
126   } control_u;
127 
128   msg.msg_control = NULL;
129   msg.msg_controllen = 0;
130   msg.msg_name = NULL;
131   msg.msg_namelen = 0;
132   msg.msg_iov = &daemon->dhcp_packet;
133   msg.msg_iovlen = 1;
134 
135   while (1)
136     {
137       msg.msg_flags = 0;
138       while ((sz = recvmsg(daemon->dhcpfd, &msg, MSG_PEEK | MSG_TRUNC)) == -1 && errno == EINTR);
139 
140       if (sz == -1)
141 	return;
142 
143       if (!(msg.msg_flags & MSG_TRUNC))
144 	break;
145 
146       /* Very new Linux kernels return the actual size needed,
147 	 older ones always return truncated size */
148       if ((size_t)sz == daemon->dhcp_packet.iov_len)
149 	{
150 	  if (!expand_buf(&daemon->dhcp_packet, sz + 100))
151 	    return;
152 	}
153       else
154 	{
155 	  expand_buf(&daemon->dhcp_packet, sz);
156 	  break;
157 	}
158     }
159 
160   /* expand_buf may have moved buffer */
161   mess = (struct dhcp_packet *)daemon->dhcp_packet.iov_base;
162   msg.msg_controllen = sizeof(control_u);
163   msg.msg_control = control_u.control;
164   msg.msg_flags = 0;
165   msg.msg_name = &dest;
166   msg.msg_namelen = sizeof(dest);
167 
168   while ((sz = recvmsg(daemon->dhcpfd, &msg, 0)) == -1 && errno == EINTR);
169 
170   if ((msg.msg_flags & MSG_TRUNC) || sz < (ssize_t)(sizeof(*mess) - sizeof(mess->options)))
171     return;
172 
173 #if defined (HAVE_LINUX_NETWORK)
174   if (msg.msg_controllen >= sizeof(struct cmsghdr))
175     for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
176       if (cmptr->cmsg_level == SOL_IP && cmptr->cmsg_type == IP_PKTINFO)
177 	{
178 	  iface_index = ((struct in_pktinfo *)CMSG_DATA(cmptr))->ipi_ifindex;
179 	  if (((struct in_pktinfo *)CMSG_DATA(cmptr))->ipi_addr.s_addr != INADDR_BROADCAST)
180 	    unicast_dest = 1;
181 	}
182 
183 #elif defined(HAVE_BSD_NETWORK)
184   if (msg.msg_controllen >= sizeof(struct cmsghdr))
185     for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
186       if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_RECVIF)
187         iface_index = ((struct sockaddr_dl *)CMSG_DATA(cmptr))->sdl_index;
188 
189 
190 #elif defined(HAVE_SOLARIS_NETWORK)
191   if (msg.msg_controllen >= sizeof(struct cmsghdr))
192     for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
193       if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_RECVIF)
194 	iface_index = *((unsigned int *)CMSG_DATA(cmptr));
195 
196 #endif
197 
198   if (!indextoname(daemon->dhcpfd, iface_index, ifr.ifr_name))
199     return;
200 
201 #ifdef MSG_BCAST
202   /* OpenBSD tells us when a packet was broadcast */
203   if (!(msg.msg_flags & MSG_BCAST))
204     unicast_dest = 1;
205 #endif
206 
207   ifr.ifr_addr.sa_family = AF_INET;
208   if (ioctl(daemon->dhcpfd, SIOCGIFADDR, &ifr) != -1 )
209     {
210       addrp = &iface_addr;
211       iface_addr = ((struct sockaddr_in *) &ifr.ifr_addr)->sin_addr;
212     }
213 
214   if (!iface_check(AF_INET, (struct all_addr *)addrp, ifr.ifr_name, &iface_index))
215     return;
216 
217   for (tmp = daemon->dhcp_except; tmp; tmp = tmp->next)
218     if (tmp->name && (strcmp(tmp->name, ifr.ifr_name) == 0))
219       return;
220 
221   /* interface may have been changed by alias in iface_check */
222   if (!addrp)
223     {
224       if (ioctl(daemon->dhcpfd, SIOCGIFADDR, &ifr) == -1)
225 	{
226 	  my_syslog(MS_DHCP | LOG_WARNING, _("DHCP packet received on %s which has no address"), ifr.ifr_name);
227 	  return;
228 	}
229       else
230 	iface_addr = ((struct sockaddr_in *) &ifr.ifr_addr)->sin_addr;
231     }
232 
233   /* unlinked contexts are marked by context->current == context */
234   for (context = daemon->dhcp; context; context = context->next)
235     context->current = context;
236 
237   parm.relay = mess->giaddr;
238   parm.primary = iface_addr;
239   parm.current = NULL;
240   parm.ind = iface_index;
241 
242   if (!iface_enumerate(&parm, complete_context, NULL))
243     return;
244   lease_prune(NULL, now); /* lose any expired leases */
245   iov.iov_len = dhcp_reply(parm.current, ifr.ifr_name, iface_index, (size_t)sz,
246 			   now, unicast_dest, &is_inform);
247   lease_update_file(now);
248   lease_update_dns();
249 
250   if (iov.iov_len == 0)
251     return;
252 
253   msg.msg_name = &dest;
254   msg.msg_namelen = sizeof(dest);
255   msg.msg_control = NULL;
256   msg.msg_controllen = 0;
257   msg.msg_iov = &iov;
258   iov.iov_base = daemon->dhcp_packet.iov_base;
259 
260   /* packet buffer may have moved */
261   mess = (struct dhcp_packet *)daemon->dhcp_packet.iov_base;
262 
263 #ifdef HAVE_SOCKADDR_SA_LEN
264   dest.sin_len = sizeof(struct sockaddr_in);
265 #endif
266 
267   if (mess->giaddr.s_addr)
268     {
269       /* Send to BOOTP relay  */
270       dest.sin_port = htons(daemon->dhcp_server_port);
271       dest.sin_addr = mess->giaddr;
272     }
273   else if (mess->ciaddr.s_addr)
274     {
275       /* If the client's idea of its own address tallys with
276 	 the source address in the request packet, we believe the
277 	 source port too, and send back to that.  If we're replying
278 	 to a DHCPINFORM, trust the source address always. */
279       if ((!is_inform && dest.sin_addr.s_addr != mess->ciaddr.s_addr) ||
280 	  dest.sin_port == 0 || dest.sin_addr.s_addr == 0)
281 	{
282 	  dest.sin_port = htons(daemon->dhcp_client_port);
283 	  dest.sin_addr = mess->ciaddr;
284 	}
285     }
286 #if defined(HAVE_LINUX_NETWORK)
287   else if ((ntohs(mess->flags) & 0x8000) || mess->hlen == 0 ||
288 	   mess->hlen > sizeof(ifr.ifr_addr.sa_data) || mess->htype == 0)
289     {
290       /* broadcast to 255.255.255.255 (or mac address invalid) */
291       struct in_pktinfo *pkt;
292       msg.msg_control = control_u.control;
293       msg.msg_controllen = sizeof(control_u);
294       cmptr = CMSG_FIRSTHDR(&msg);
295       pkt = (struct in_pktinfo *)CMSG_DATA(cmptr);
296       pkt->ipi_ifindex = iface_index;
297       pkt->ipi_spec_dst.s_addr = 0;
298       msg.msg_controllen = cmptr->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo));
299       cmptr->cmsg_level = SOL_IP;
300       cmptr->cmsg_type = IP_PKTINFO;
301       dest.sin_addr.s_addr = INADDR_BROADCAST;
302       dest.sin_port = htons(daemon->dhcp_client_port);
303     }
304   else
305     {
306       /* unicast to unconfigured client. Inject mac address direct into ARP cache.
307 	 struct sockaddr limits size to 14 bytes. */
308       struct arpreq req;
309       dest.sin_addr = mess->yiaddr;
310       dest.sin_port = htons(daemon->dhcp_client_port);
311       *((struct sockaddr_in *)&req.arp_pa) = dest;
312       req.arp_ha.sa_family = mess->htype;
313       memcpy(req.arp_ha.sa_data, mess->chaddr, mess->hlen);
314       strncpy(req.arp_dev, ifr.ifr_name, 16);
315       req.arp_flags = ATF_COM;
316       ioctl(daemon->dhcpfd, SIOCSARP, &req);
317     }
318 #elif defined(HAVE_SOLARIS_NETWORK)
319   else if ((ntohs(mess->flags) & 0x8000) || mess->hlen != ETHER_ADDR_LEN || mess->htype != ARPHRD_ETHER)
320     {
321       /* broadcast to 255.255.255.255 (or mac address invalid) */
322       dest.sin_addr.s_addr = INADDR_BROADCAST;
323       dest.sin_port = htons(daemon->dhcp_client_port);
324       /* note that we don't specify the interface here: that's done by the
325 	 IP_BOUND_IF sockopt lower down. */
326     }
327   else
328     {
329       /* unicast to unconfigured client. Inject mac address direct into ARP cache.
330 	 Note that this only works for ethernet on solaris, because we use SIOCSARP
331 	 and not SIOCSXARP, which would be perfect, except that it returns ENXIO
332 	 mysteriously. Bah. Fall back to broadcast for other net types. */
333       struct arpreq req;
334       dest.sin_addr = mess->yiaddr;
335       dest.sin_port = htons(daemon->dhcp_client_port);
336       *((struct sockaddr_in *)&req.arp_pa) = dest;
337       req.arp_ha.sa_family = AF_UNSPEC;
338       memcpy(req.arp_ha.sa_data, mess->chaddr, mess->hlen);
339       req.arp_flags = ATF_COM;
340       ioctl(daemon->dhcpfd, SIOCSARP, &req);
341     }
342 #elif defined(HAVE_BSD_NETWORK)
343   else
344     {
345       send_via_bpf(mess, iov.iov_len, iface_addr, &ifr);
346       return;
347     }
348 #endif
349 
350 #ifdef HAVE_SOLARIS_NETWORK
351   setsockopt(daemon->dhcpfd, IPPROTO_IP, IP_BOUND_IF, &iface_index, sizeof(iface_index));
352 #endif
353 
354   while(sendmsg(daemon->dhcpfd, &msg, 0) == -1 && retry_send());
355 }
356 
357 /* This is a complex routine: it gets called with each (address,netmask,broadcast) triple
358    of each interface (and any relay address) and does the  following things:
359 
360    1) Discards stuff for interfaces other than the one on which a DHCP packet just arrived.
361    2) Fills in any netmask and broadcast addresses which have not been explicitly configured.
362    3) Fills in local (this host) and router (this host or relay) addresses.
363    4) Links contexts which are valid for hosts directly connected to the arrival interface on ->current.
364 
365    Note that the current chain may be superceded later for configured hosts or those coming via gateways. */
366 
complete_context(struct in_addr local,int if_index,struct in_addr netmask,struct in_addr broadcast,void * vparam)367 static int complete_context(struct in_addr local, int if_index,
368 			    struct in_addr netmask, struct in_addr broadcast, void *vparam)
369 {
370   struct dhcp_context *context;
371   struct iface_param *param = vparam;
372 
373   for (context = daemon->dhcp; context; context = context->next)
374     {
375       if (!(context->flags & CONTEXT_NETMASK) &&
376 	  (is_same_net(local, context->start, netmask) ||
377 	   is_same_net(local, context->end, netmask)))
378       {
379 	if (context->netmask.s_addr != netmask.s_addr &&
380 	    !(is_same_net(local, context->start, netmask) &&
381 	      is_same_net(local, context->end, netmask)))
382 	  {
383 	    strcpy(daemon->dhcp_buff, inet_ntoa(context->start));
384 	    strcpy(daemon->dhcp_buff2, inet_ntoa(context->end));
385 	    my_syslog(MS_DHCP | LOG_WARNING, _("DHCP range %s -- %s is not consistent with netmask %s"),
386 		      daemon->dhcp_buff, daemon->dhcp_buff2, inet_ntoa(netmask));
387 	  }
388  	context->netmask = netmask;
389       }
390 
391       if (context->netmask.s_addr)
392 	{
393 	  if (is_same_net(local, context->start, context->netmask) &&
394 	      is_same_net(local, context->end, context->netmask))
395 	    {
396 	      /* link it onto the current chain if we've not seen it before */
397 	      if (if_index == param->ind && context->current == context)
398 		{
399 		  context->router = local;
400 		  context->local = local;
401 		  context->current = param->current;
402 		  param->current = context;
403 		}
404 
405 	      if (!(context->flags & CONTEXT_BRDCAST))
406 		{
407 		  if (is_same_net(broadcast, context->start, context->netmask))
408 		    context->broadcast = broadcast;
409 		  else
410 		    context->broadcast.s_addr  = context->start.s_addr | ~context->netmask.s_addr;
411 		}
412 	    }
413 	  else if (param->relay.s_addr && is_same_net(param->relay, context->start, context->netmask))
414 	    {
415 	      context->router = param->relay;
416 	      context->local = param->primary;
417 	      /* fill in missing broadcast addresses for relayed ranges */
418 	      if (!(context->flags & CONTEXT_BRDCAST))
419 		context->broadcast.s_addr  = context->start.s_addr | ~context->netmask.s_addr;
420 	    }
421 
422 	}
423     }
424 
425   return 1;
426 }
427 
address_available(struct dhcp_context * context,struct in_addr taddr,struct dhcp_netid * netids)428 struct dhcp_context *address_available(struct dhcp_context *context,
429 				       struct in_addr taddr,
430 				       struct dhcp_netid *netids)
431 {
432   /* Check is an address is OK for this network, check all
433      possible ranges. Make sure that the address isn't in use
434      by the server itself. */
435 
436   unsigned int start, end, addr = ntohl(taddr.s_addr);
437   struct dhcp_context *tmp;
438 
439   for (tmp = context; tmp; tmp = tmp->current)
440     if (taddr.s_addr == context->router.s_addr)
441       return NULL;
442 
443   for (tmp = context; tmp; tmp = tmp->current)
444     {
445       start = ntohl(tmp->start.s_addr);
446       end = ntohl(tmp->end.s_addr);
447 
448       if (!(tmp->flags & CONTEXT_STATIC) &&
449 	  addr >= start &&
450 	  addr <= end &&
451 	  match_netid(tmp->filter, netids, 1))
452 	return tmp;
453     }
454 
455   return NULL;
456 }
457 
narrow_context(struct dhcp_context * context,struct in_addr taddr,struct dhcp_netid * netids)458 struct dhcp_context *narrow_context(struct dhcp_context *context,
459 				    struct in_addr taddr,
460 				    struct dhcp_netid *netids)
461 {
462   /* We start of with a set of possible contexts, all on the current physical interface.
463      These are chained on ->current.
464      Here we have an address, and return the actual context correponding to that
465      address. Note that none may fit, if the address came a dhcp-host and is outside
466      any dhcp-range. In that case we return a static range if possible, or failing that,
467      any context on the correct subnet. (If there's more than one, this is a dodgy
468      configuration: maybe there should be a warning.) */
469 
470   struct dhcp_context *tmp;
471 
472   if (!(tmp = address_available(context, taddr, netids)))
473     {
474       for (tmp = context; tmp; tmp = tmp->current)
475 	if (is_same_net(taddr, tmp->start, tmp->netmask) &&
476 	    (tmp->flags & CONTEXT_STATIC))
477 	  break;
478 
479       if (!tmp)
480 	for (tmp = context; tmp; tmp = tmp->current)
481 	  if (is_same_net(taddr, tmp->start, tmp->netmask))
482 	    break;
483     }
484 
485   /* Only one context allowed now */
486   if (tmp)
487     tmp->current = NULL;
488 
489   return tmp;
490 }
491 
config_find_by_address(struct dhcp_config * configs,struct in_addr addr)492 struct dhcp_config *config_find_by_address(struct dhcp_config *configs, struct in_addr addr)
493 {
494   struct dhcp_config *config;
495 
496   for (config = configs; config; config = config->next)
497     if ((config->flags & CONFIG_ADDR) && config->addr.s_addr == addr.s_addr)
498       return config;
499 
500   return NULL;
501 }
502 
503 /* Is every member of check matched by a member of pool?
504    If tagnotneeded, untagged is OK */
match_netid(struct dhcp_netid * check,struct dhcp_netid * pool,int tagnotneeded)505 int match_netid(struct dhcp_netid *check, struct dhcp_netid *pool, int tagnotneeded)
506 {
507   struct dhcp_netid *tmp1;
508 
509   if (!check && !tagnotneeded)
510     return 0;
511 
512   for (; check; check = check->next)
513     {
514       if (check->net[0] != '#')
515 	{
516 	  for (tmp1 = pool; tmp1; tmp1 = tmp1->next)
517 	    if (strcmp(check->net, tmp1->net) == 0)
518 	      break;
519 	  if (!tmp1)
520 	    return 0;
521 	}
522       else
523 	for (tmp1 = pool; tmp1; tmp1 = tmp1->next)
524 	  if (strcmp((check->net)+1, tmp1->net) == 0)
525 	    return 0;
526     }
527   return 1;
528 }
529 
address_allocate(struct dhcp_context * context,struct in_addr * addrp,unsigned char * hwaddr,int hw_len,struct dhcp_netid * netids,time_t now)530 int address_allocate(struct dhcp_context *context,
531 		     struct in_addr *addrp, unsigned char *hwaddr, int hw_len,
532 		     struct dhcp_netid *netids, time_t now)
533 {
534   /* Find a free address: exclude anything in use and anything allocated to
535      a particular hwaddr/clientid/hostname in our configuration.
536      Try to return from contexts which match netids first. */
537 
538   struct in_addr start, addr;
539   struct dhcp_context *c, *d;
540   int i, pass;
541   unsigned int j;
542 
543   /* hash hwaddr */
544   for (j = 0, i = 0; i < hw_len; i++)
545     j += hwaddr[i] + (hwaddr[i] << 8) + (hwaddr[i] << 16);
546 
547   for (pass = 0; pass <= 1; pass++)
548     for (c = context; c; c = c->current)
549       if (c->flags & CONTEXT_STATIC)
550 	continue;
551       else if (!match_netid(c->filter, netids, pass))
552 	continue;
553       else
554 	{
555 	  /* pick a seed based on hwaddr then iterate until we find a free address. */
556 	  start.s_addr = addr.s_addr =
557 	    htonl(ntohl(c->start.s_addr) +
558 		  ((j + c->addr_epoch) % (1 + ntohl(c->end.s_addr) - ntohl(c->start.s_addr))));
559 
560 	  do {
561 	    /* eliminate addresses in use by the server. */
562 	    for (d = context; d; d = d->current)
563 	      if (addr.s_addr == d->router.s_addr)
564 		break;
565 
566 	    /* Addresses which end in .255 and .0 are broken in Windows even when using
567 	       supernetting. ie dhcp-range=192.168.0.1,192.168.1.254,255,255,254.0
568 	       then 192.168.0.255 is a valid IP address, but not for Windows as it's
569 	       in the class C range. See  KB281579. We therefore don't allocate these
570 	       addresses to avoid hard-to-diagnose problems. Thanks Bill. */
571 	    if (!d &&
572 		!lease_find_by_addr(addr) &&
573 		!config_find_by_address(daemon->dhcp_conf, addr) &&
574 		(!IN_CLASSC(ntohl(addr.s_addr)) ||
575 		 ((ntohl(addr.s_addr) & 0xff) != 0xff && ((ntohl(addr.s_addr) & 0xff) != 0x0))))
576 	      {
577 		struct ping_result *r, *victim = NULL;
578 		int count, max = (int)(0.6 * (((float)PING_CACHE_TIME)/
579 					      ((float)PING_WAIT)));
580 
581 		*addrp = addr;
582 
583 		if (daemon->options & OPT_NO_PING)
584 		  return 1;
585 
586 		/* check if we failed to ping addr sometime in the last
587 		   PING_CACHE_TIME seconds. If so, assume the same situation still exists.
588 		   This avoids problems when a stupid client bangs
589 		   on us repeatedly. As a final check, if we did more
590 		   than 60% of the possible ping checks in the last
591 		   PING_CACHE_TIME, we are in high-load mode, so don't do any more. */
592 		for (count = 0, r = daemon->ping_results; r; r = r->next)
593 		  if (difftime(now, r->time) >  (float)PING_CACHE_TIME)
594 		    victim = r; /* old record */
595 		  else if (++count == max || r->addr.s_addr == addr.s_addr)
596 		    return 1;
597 
598 		if (icmp_ping(addr))
599 		  /* address in use: perturb address selection so that we are
600 		     less likely to try this address again. */
601 		  c->addr_epoch++;
602 		else
603 		  {
604 		    /* at this point victim may hold an expired record */
605 		    if (!victim)
606 		      {
607 			if ((victim = whine_malloc(sizeof(struct ping_result))))
608 			  {
609 			    victim->next = daemon->ping_results;
610 			    daemon->ping_results = victim;
611 			  }
612 		      }
613 
614 		    /* record that this address is OK for 30s
615 		       without more ping checks */
616 		    if (victim)
617 		      {
618 			victim->addr = addr;
619 			victim->time = now;
620 		      }
621 		    return 1;
622 		  }
623 	      }
624 
625 	    addr.s_addr = htonl(ntohl(addr.s_addr) + 1);
626 
627 	    if (addr.s_addr == htonl(ntohl(c->end.s_addr) + 1))
628 	      addr = c->start;
629 
630 	  } while (addr.s_addr != start.s_addr);
631 	}
632   return 0;
633 }
634 
is_addr_in_context(struct dhcp_context * context,struct dhcp_config * config)635 static int is_addr_in_context(struct dhcp_context *context, struct dhcp_config *config)
636 {
637   if (!context) /* called via find_config() from lease_update_from_configs() */
638     return 1;
639   if (!(config->flags & CONFIG_ADDR))
640     return 1;
641   for (; context; context = context->current)
642     if (is_same_net(config->addr, context->start, context->netmask))
643       return 1;
644 
645   return 0;
646 }
647 
config_has_mac(struct dhcp_config * config,unsigned char * hwaddr,int len,int type)648 int config_has_mac(struct dhcp_config *config, unsigned char *hwaddr, int len, int type)
649 {
650   struct hwaddr_config *conf_addr;
651 
652   for (conf_addr = config->hwaddr; conf_addr; conf_addr = conf_addr->next)
653     if (conf_addr->wildcard_mask == 0 &&
654 	conf_addr->hwaddr_len == len &&
655 	(conf_addr->hwaddr_type == type || conf_addr->hwaddr_type == 0) &&
656 	memcmp(conf_addr->hwaddr, hwaddr, len) == 0)
657       return 1;
658 
659   return 0;
660 }
661 
find_config(struct dhcp_config * configs,struct dhcp_context * context,unsigned char * clid,int clid_len,unsigned char * hwaddr,int hw_len,int hw_type,char * hostname)662 struct dhcp_config *find_config(struct dhcp_config *configs,
663 				struct dhcp_context *context,
664 				unsigned char *clid, int clid_len,
665 				unsigned char *hwaddr, int hw_len,
666 				int hw_type, char *hostname)
667 {
668   int count, new;
669   struct dhcp_config *config, *candidate;
670   struct hwaddr_config *conf_addr;
671 
672   if (clid)
673     for (config = configs; config; config = config->next)
674       if (config->flags & CONFIG_CLID)
675 	{
676 	  if (config->clid_len == clid_len &&
677 	      memcmp(config->clid, clid, clid_len) == 0 &&
678 	      is_addr_in_context(context, config))
679 	    return config;
680 
681 	  /* dhcpcd prefixes ASCII client IDs by zero which is wrong, but we try and
682 	     cope with that here */
683 	  if (*clid == 0 && config->clid_len == clid_len-1  &&
684 	      memcmp(config->clid, clid+1, clid_len-1) == 0 &&
685 	      is_addr_in_context(context, config))
686 	    return config;
687 	}
688 
689 
690   for (config = configs; config; config = config->next)
691     if (config_has_mac(config, hwaddr, hw_len, hw_type) &&
692 	is_addr_in_context(context, config))
693       return config;
694 
695   if (hostname && context)
696     for (config = configs; config; config = config->next)
697       if ((config->flags & CONFIG_NAME) &&
698 	  hostname_isequal(config->hostname, hostname) &&
699 	  is_addr_in_context(context, config))
700 	return config;
701 
702   /* use match with fewest wildcast octets */
703   for (candidate = NULL, count = 0, config = configs; config; config = config->next)
704     if (is_addr_in_context(context, config))
705       for (conf_addr = config->hwaddr; conf_addr; conf_addr = conf_addr->next)
706 	if (conf_addr->wildcard_mask != 0 &&
707 	    conf_addr->hwaddr_len == hw_len &&
708 	    (conf_addr->hwaddr_type == hw_type || conf_addr->hwaddr_type == 0) &&
709 	    (new = memcmp_masked(conf_addr->hwaddr, hwaddr, hw_len, conf_addr->wildcard_mask)) > count)
710 	  {
711 	    count = new;
712 	    candidate = config;
713 	  }
714 
715   return candidate;
716 }
717 
dhcp_read_ethers(void)718 void dhcp_read_ethers(void)
719 {
720   FILE *f = fopen(ETHERSFILE, "r");
721   unsigned int flags;
722   char *buff = daemon->namebuff;
723   char *ip, *cp;
724   struct in_addr addr;
725   unsigned char hwaddr[ETHER_ADDR_LEN];
726   struct dhcp_config **up, *tmp;
727   struct dhcp_config *config;
728   int count = 0, lineno = 0;
729 
730   addr.s_addr = 0; /* eliminate warning */
731 
732   if (!f)
733     {
734       my_syslog(MS_DHCP | LOG_ERR, _("failed to read %s: %s"), ETHERSFILE, strerror(errno));
735       return;
736     }
737 
738   /* This can be called again on SIGHUP, so remove entries created last time round. */
739   for (up = &daemon->dhcp_conf, config = daemon->dhcp_conf; config; config = tmp)
740     {
741       tmp = config->next;
742       if (config->flags & CONFIG_FROM_ETHERS)
743 	{
744 	  *up = tmp;
745 	  /* cannot have a clid */
746 	  if (config->flags & CONFIG_NAME)
747 	    free(config->hostname);
748 	  free(config->hwaddr);
749 	  free(config);
750 	}
751       else
752 	up = &config->next;
753     }
754 
755   while (fgets(buff, MAXDNAME, f))
756     {
757       char *host = NULL;
758 
759       lineno++;
760 
761       while (strlen(buff) > 0 && isspace((int)buff[strlen(buff)-1]))
762 	buff[strlen(buff)-1] = 0;
763 
764       if ((*buff == '#') || (*buff == '+') || (*buff == 0))
765 	continue;
766 
767       for (ip = buff; *ip && !isspace((int)*ip); ip++);
768       for(; *ip && isspace((int)*ip); ip++)
769 	*ip = 0;
770       if (!*ip || parse_hex(buff, hwaddr, ETHER_ADDR_LEN, NULL, NULL) != ETHER_ADDR_LEN)
771 	{
772 	  my_syslog(MS_DHCP | LOG_ERR, _("bad line at %s line %d"), ETHERSFILE, lineno);
773 	  continue;
774 	}
775 
776       /* check for name or dotted-quad */
777       for (cp = ip; *cp; cp++)
778 	if (!(*cp == '.' || (*cp >='0' && *cp <= '9')))
779 	  break;
780 
781       if (!*cp)
782 	{
783 	  if ((addr.s_addr = inet_addr(ip)) == (in_addr_t)-1)
784 	    {
785 	      my_syslog(MS_DHCP | LOG_ERR, _("bad address at %s line %d"), ETHERSFILE, lineno);
786 	      continue;
787 	    }
788 
789 	  flags = CONFIG_ADDR;
790 
791 	  for (config = daemon->dhcp_conf; config; config = config->next)
792 	    if ((config->flags & CONFIG_ADDR) && config->addr.s_addr == addr.s_addr)
793 	      break;
794 	}
795       else
796 	{
797 	  int nomem;
798 	  if (!(host = canonicalise(ip, &nomem)) || !legal_hostname(host))
799 	    {
800 	      if (!nomem)
801 		my_syslog(MS_DHCP | LOG_ERR, _("bad name at %s line %d"), ETHERSFILE, lineno);
802 	      free(host);
803 	      continue;
804 	    }
805 
806 	  flags = CONFIG_NAME;
807 
808 	  for (config = daemon->dhcp_conf; config; config = config->next)
809 	    if ((config->flags & CONFIG_NAME) && hostname_isequal(config->hostname, host))
810 	      break;
811 	}
812 
813       if (config && (config->flags & CONFIG_FROM_ETHERS))
814 	{
815 	  my_syslog(MS_DHCP | LOG_ERR, _("ignoring %s line %d, duplicate name or IP address"), ETHERSFILE, lineno);
816 	  continue;
817 	}
818 
819       if (!config)
820 	{
821 	  for (config = daemon->dhcp_conf; config; config = config->next)
822 	    {
823 	      struct hwaddr_config *conf_addr = config->hwaddr;
824 	      if (conf_addr &&
825 		  conf_addr->next == NULL &&
826 		  conf_addr->wildcard_mask == 0 &&
827 		  conf_addr->hwaddr_len == ETHER_ADDR_LEN &&
828 		  (conf_addr->hwaddr_type == ARPHRD_ETHER || conf_addr->hwaddr_type == 0) &&
829 		  memcmp(conf_addr->hwaddr, hwaddr, ETHER_ADDR_LEN) == 0)
830 		break;
831 	    }
832 
833 	  if (!config)
834 	    {
835 	      if (!(config = whine_malloc(sizeof(struct dhcp_config))))
836 		continue;
837 	      config->flags = CONFIG_FROM_ETHERS;
838 	      config->hwaddr = NULL;
839 	      config->domain = NULL;
840 	      config->next = daemon->dhcp_conf;
841 	      daemon->dhcp_conf = config;
842 	    }
843 
844 	  config->flags |= flags;
845 
846 	  if (flags & CONFIG_NAME)
847 	    {
848 	      config->hostname = host;
849 	      host = NULL;
850 	    }
851 
852 	  if (flags & CONFIG_ADDR)
853 	    config->addr = addr;
854 	}
855 
856       config->flags |= CONFIG_NOCLID;
857       if (!config->hwaddr)
858 	config->hwaddr = whine_malloc(sizeof(struct hwaddr_config));
859       if (config->hwaddr)
860 	{
861 	  memcpy(config->hwaddr->hwaddr, hwaddr, ETHER_ADDR_LEN);
862 	  config->hwaddr->hwaddr_len = ETHER_ADDR_LEN;
863 	  config->hwaddr->hwaddr_type = ARPHRD_ETHER;
864 	  config->hwaddr->wildcard_mask = 0;
865 	  config->hwaddr->next = NULL;
866 	}
867       count++;
868 
869       free(host);
870 
871     }
872 
873   fclose(f);
874 
875   my_syslog(MS_DHCP | LOG_INFO, _("read %s - %d addresses"), ETHERSFILE, count);
876 }
877 
check_dhcp_hosts(int fatal)878 void check_dhcp_hosts(int fatal)
879 {
880   /* If the same IP appears in more than one host config, then DISCOVER
881      for one of the hosts will get the address, but REQUEST will be NAKed,
882      since the address is reserved by the other one -> protocol loop.
883      Also check that FQDNs match the domain we are using. */
884 
885   struct dhcp_config *configs, *cp;
886 
887   for (configs = daemon->dhcp_conf; configs; configs = configs->next)
888     {
889       char *domain;
890 
891       if ((configs->flags & DHOPT_BANK) || fatal)
892        {
893 	 for (cp = configs->next; cp; cp = cp->next)
894 	   if ((configs->flags & cp->flags & CONFIG_ADDR) && configs->addr.s_addr == cp->addr.s_addr)
895 	     {
896 	       if (fatal)
897 		 die(_("duplicate IP address %s in dhcp-config directive."),
898 		     inet_ntoa(cp->addr), EC_BADCONF);
899 	       else
900 		 my_syslog(MS_DHCP | LOG_ERR, _("duplicate IP address %s in %s."),
901 			   inet_ntoa(cp->addr), daemon->dhcp_hosts_file);
902 	       configs->flags &= ~CONFIG_ADDR;
903 	     }
904 
905 	 /* split off domain part */
906 	 if ((configs->flags & CONFIG_NAME) && (domain = strip_hostname(configs->hostname)))
907 	   configs->domain = domain;
908        }
909     }
910 }
911 
dhcp_update_configs(struct dhcp_config * configs)912 void dhcp_update_configs(struct dhcp_config *configs)
913 {
914   /* Some people like to keep all static IP addresses in /etc/hosts.
915      This goes through /etc/hosts and sets static addresses for any DHCP config
916      records which don't have an address and whose name matches.
917      We take care to maintain the invariant that any IP address can appear
918      in at most one dhcp-host. Since /etc/hosts can be re-read by SIGHUP,
919      restore the status-quo ante first. */
920 
921   struct dhcp_config *config;
922   struct crec *crec;
923 
924   for (config = configs; config; config = config->next)
925     if (config->flags & CONFIG_ADDR_HOSTS)
926       config->flags &= ~(CONFIG_ADDR | CONFIG_ADDR_HOSTS);
927 
928 
929   if (daemon->port != 0)
930     for (config = configs; config; config = config->next)
931       if (!(config->flags & CONFIG_ADDR) &&
932 	  (config->flags & CONFIG_NAME) &&
933 	  (crec = cache_find_by_name(NULL, config->hostname, 0, F_IPV4)) &&
934 	  (crec->flags & F_HOSTS))
935 	{
936 	  if (cache_find_by_name(crec, config->hostname, 0, F_IPV4))
937 	    {
938 	      /* use primary (first) address */
939 	      while (crec && !(crec->flags & F_REVERSE))
940 		crec = cache_find_by_name(crec, config->hostname, 0, F_IPV4);
941 	      if (!crec)
942 		continue; /* should be never */
943 	      my_syslog(MS_DHCP | LOG_WARNING, _("%s has more than one address in hostsfile, using %s for DHCP"),
944 			config->hostname, inet_ntoa(crec->addr.addr.addr.addr4));
945 	    }
946 
947 	  if (config_find_by_address(configs, crec->addr.addr.addr.addr4))
948 	    my_syslog(MS_DHCP | LOG_WARNING, _("duplicate IP address %s (%s) in dhcp-config directive"),
949 		      inet_ntoa(crec->addr.addr.addr.addr4), config->hostname);
950 	  else
951 	    {
952 	      config->addr = crec->addr.addr.addr.addr4;
953 	      config->flags |= CONFIG_ADDR | CONFIG_ADDR_HOSTS;
954 	    }
955 	}
956 }
957 
958 /* If we've not found a hostname any other way, try and see if there's one in /etc/hosts
959    for this address. If it has a domain part, that must match the set domain and
960    it gets stripped. The set of legal domain names is bigger than the set of legal hostnames
961    so check here that the domain name is legal as a hostname. */
host_from_dns(struct in_addr addr)962 char *host_from_dns(struct in_addr addr)
963 {
964   struct crec *lookup;
965   char *hostname = NULL;
966   char *d1, *d2;
967 
968   if (daemon->port == 0)
969     return NULL; /* DNS disabled. */
970 
971   lookup = cache_find_by_addr(NULL, (struct all_addr *)&addr, 0, F_IPV4);
972   if (lookup && (lookup->flags & F_HOSTS))
973     {
974       hostname = daemon->dhcp_buff;
975       strncpy(hostname, cache_get_name(lookup), 256);
976       hostname[255] = 0;
977       d1 = strip_hostname(hostname);
978       d2 = get_domain(addr);
979       if (!legal_hostname(hostname) || (d1 && (!d2 || !hostname_isequal(d1, d2))))
980 	hostname = NULL;
981     }
982 
983   return hostname;
984 }
985 
986 /* return domain or NULL if none. */
strip_hostname(char * hostname)987 char *strip_hostname(char *hostname)
988 {
989   char *dot = strchr(hostname, '.');
990 
991   if (!dot)
992     return NULL;
993 
994   *dot = 0; /* truncate */
995   if (strlen(dot+1) != 0)
996     return dot+1;
997 
998   return NULL;
999 }
1000 
1001 #endif
1002 
1003