1 /* dnsmasq is Copyright (c) 2000-2009 Simon Kelley
2 
3    This program is free software; you can redistribute it and/or modify
4    it under the terms of the GNU General Public License as published by
5    the Free Software Foundation; version 2 dated June, 1991, or
6    (at your option) version 3 dated 29 June, 2007.
7 
8    This program is distributed in the hope that it will be useful,
9    but WITHOUT ANY WARRANTY; without even the implied warranty of
10    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
11    GNU General Public License for more details.
12 
13    You should have received a copy of the GNU General Public License
14    along with this program.  If not, see <http://www.gnu.org/licenses/>.
15 */
16 
17 #include "dnsmasq.h"
18 
19 #ifdef HAVE_DHCP
20 
21 #define BOOTREQUEST              1
22 #define BOOTREPLY                2
23 #define DHCP_COOKIE              0x63825363
24 
25 /* The Linux in-kernel DHCP client silently ignores any packet
26    smaller than this. Sigh...........   */
27 #define MIN_PACKETSZ             300
28 
29 #define OPTION_PAD               0
30 #define OPTION_NETMASK           1
31 #define OPTION_ROUTER            3
32 #define OPTION_DNSSERVER         6
33 #define OPTION_HOSTNAME          12
34 #define OPTION_DOMAINNAME        15
35 #define OPTION_BROADCAST         28
36 #define OPTION_VENDOR_CLASS_OPT  43
37 #define OPTION_REQUESTED_IP      50
38 #define OPTION_LEASE_TIME        51
39 #define OPTION_OVERLOAD          52
40 #define OPTION_MESSAGE_TYPE      53
41 #define OPTION_SERVER_IDENTIFIER 54
42 #define OPTION_REQUESTED_OPTIONS 55
43 #define OPTION_MESSAGE           56
44 #define OPTION_MAXMESSAGE        57
45 #define OPTION_T1                58
46 #define OPTION_T2                59
47 #define OPTION_VENDOR_ID         60
48 #define OPTION_CLIENT_ID         61
49 #define OPTION_SNAME             66
50 #define OPTION_FILENAME          67
51 #define OPTION_USER_CLASS        77
52 #define OPTION_CLIENT_FQDN       81
53 #define OPTION_AGENT_ID          82
54 #define OPTION_ARCH              93
55 #define OPTION_PXE_UUID          97
56 #define OPTION_SUBNET_SELECT     118
57 #define OPTION_END               255
58 
59 #define SUBOPT_CIRCUIT_ID        1
60 #define SUBOPT_REMOTE_ID         2
61 #define SUBOPT_SUBNET_SELECT     5     /* RFC 3527 */
62 #define SUBOPT_SUBSCR_ID         6     /* RFC 3393 */
63 #define SUBOPT_SERVER_OR         11    /* RFC 5107 */
64 
65 #define SUBOPT_PXE_BOOT_ITEM     71    /* PXE standard */
66 #define SUBOPT_PXE_DISCOVERY     6
67 #define SUBOPT_PXE_SERVERS       8
68 #define SUBOPT_PXE_MENU          9
69 #define SUBOPT_PXE_MENU_PROMPT   10
70 
71 #define DHCPDISCOVER             1
72 #define DHCPOFFER                2
73 #define DHCPREQUEST              3
74 #define DHCPDECLINE              4
75 #define DHCPACK                  5
76 #define DHCPNAK                  6
77 #define DHCPRELEASE              7
78 #define DHCPINFORM               8
79 
80 #define have_config(config, mask) ((config) && ((config)->flags & (mask)))
81 #define option_len(opt) ((int)(((unsigned char *)(opt))[1]))
82 #define option_ptr(opt, i) ((void *)&(((unsigned char *)(opt))[2u+(unsigned int)(i)]))
83 
84 static int sanitise(unsigned char *opt, char *buf);
85 static struct in_addr server_id(struct dhcp_context *context, struct in_addr override, struct in_addr fallback);
86 static unsigned int calc_time(struct dhcp_context *context, struct dhcp_config *config, unsigned char *opt);
87 static void option_put(struct dhcp_packet *mess, unsigned char *end, int opt, int len, unsigned int val);
88 static void option_put_string(struct dhcp_packet *mess, unsigned char *end,
89 			      int opt, char *string, int null_term);
90 static struct in_addr option_addr(unsigned char *opt);
91 static struct in_addr option_addr_arr(unsigned char *opt, int offset);
92 static unsigned int option_uint(unsigned char *opt, int i, int size);
93 static void log_packet(char *type, void *addr, unsigned char *ext_mac,
94 		       int mac_len, char *interface, char *string, u32 xid);
95 static unsigned char *option_find(struct dhcp_packet *mess, size_t size, int opt_type, int minsize);
96 static unsigned char *option_find1(unsigned char *p, unsigned char *end, int opt, int minsize);
97 static size_t dhcp_packet_size(struct dhcp_packet *mess, struct dhcp_netid *netid,
98 			       unsigned char *agent_id, unsigned char *real_end);
99 static void clear_packet(struct dhcp_packet *mess, unsigned char *end);
100 static void do_options(struct dhcp_context *context,
101 		       struct dhcp_packet *mess,
102 		       unsigned char *real_end,
103 		       unsigned char *req_options,
104 		       char *hostname,
105 		       char *domain, char *config_domain,
106 		       struct dhcp_netid *netid,
107 		       struct in_addr subnet_addr,
108 		       unsigned char fqdn_flags,
109 		       int null_term, int pxearch,
110 		       unsigned char *uuid);
111 
112 
113 static void match_vendor_opts(unsigned char *opt, struct dhcp_opt *dopt);
114 static void do_encap_opts(struct dhcp_opt *opts, int encap, int flag, struct dhcp_packet *mess, unsigned char *end, int null_term);
115 static void pxe_misc(struct dhcp_packet *mess, unsigned char *end, unsigned char *uuid);
116 static int prune_vendor_opts(struct dhcp_netid *netid);
117 static struct dhcp_opt *pxe_opts(int pxe_arch, struct dhcp_netid *netid);
118 struct dhcp_boot *find_boot(struct dhcp_netid *netid);
119 
120 
dhcp_reply(struct dhcp_context * context,char * iface_name,int int_index,size_t sz,time_t now,int unicast_dest,int * is_inform)121 size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index,
122 		  size_t sz, time_t now, int unicast_dest, int *is_inform)
123 {
124   unsigned char *opt, *clid = NULL;
125   struct dhcp_lease *ltmp, *lease = NULL;
126   struct dhcp_vendor *vendor;
127   struct dhcp_mac *mac;
128   struct dhcp_netid_list *id_list;
129   int clid_len = 0, ignore = 0, do_classes = 0, selecting = 0, pxearch = -1;
130   struct dhcp_packet *mess = (struct dhcp_packet *)daemon->dhcp_packet.iov_base;
131   unsigned char *end = (unsigned char *)(mess + 1);
132   unsigned char *real_end = (unsigned char *)(mess + 1);
133   char *hostname = NULL, *offer_hostname = NULL, *client_hostname = NULL, *domain = NULL;
134   int hostname_auth = 0, borken_opt = 0;
135   unsigned char *req_options = NULL;
136   char *message = NULL;
137   unsigned int time;
138   struct dhcp_config *config;
139   struct dhcp_netid *netid;
140   struct in_addr subnet_addr, fallback, override;
141   unsigned short fuzz = 0;
142   unsigned int mess_type = 0;
143   unsigned char fqdn_flags = 0;
144   unsigned char *agent_id = NULL, *uuid = NULL;
145   unsigned char *emac = NULL;
146   int emac_len = 0;
147   struct dhcp_netid known_id, iface_id;
148   struct dhcp_opt *o;
149   unsigned char pxe_uuid[17];
150 
151   subnet_addr.s_addr = override.s_addr = 0;
152 
153   /* set tag with name == interface */
154   iface_id.net = iface_name;
155   iface_id.next = NULL;
156   netid = &iface_id;
157 
158   if (mess->op != BOOTREQUEST || mess->hlen > DHCP_CHADDR_MAX)
159     return 0;
160 
161   if (mess->htype == 0 && mess->hlen != 0)
162     return 0;
163 
164   /* check for DHCP rather than BOOTP */
165   if ((opt = option_find(mess, sz, OPTION_MESSAGE_TYPE, 1)))
166     {
167       mess_type = option_uint(opt, 0, 1);
168 
169       /* only insist on a cookie for DHCP. */
170       if (*((u32 *)&mess->options) != htonl(DHCP_COOKIE))
171 	return 0;
172 
173       /* two things to note here: expand_buf may move the packet,
174 	 so reassign mess from daemon->packet. Also, the size
175 	 sent includes the IP and UDP headers, hence the magic "-28" */
176       if ((opt = option_find(mess, sz, OPTION_MAXMESSAGE, 2)))
177 	{
178 	  size_t size = (size_t)option_uint(opt, 0, 2) - 28;
179 
180 	  if (size > DHCP_PACKET_MAX)
181 	    size = DHCP_PACKET_MAX;
182 	  else if (size < sizeof(struct dhcp_packet))
183 	    size = sizeof(struct dhcp_packet);
184 
185 	  if (expand_buf(&daemon->dhcp_packet, size))
186 	    {
187 	      mess = (struct dhcp_packet *)daemon->dhcp_packet.iov_base;
188 	      real_end = end = ((unsigned char *)mess) + size;
189 	    }
190 	}
191 
192       /* Some buggy clients set ciaddr when they shouldn't, so clear that here since
193 	 it can affect the context-determination code. */
194       if ((option_find(mess, sz, OPTION_REQUESTED_IP, INADDRSZ) || mess_type == DHCPDISCOVER))
195 	mess->ciaddr.s_addr = 0;
196 
197       if ((opt = option_find(mess, sz, OPTION_AGENT_ID, 1)))
198 	{
199 	  /* Any agent-id needs to be copied back out, verbatim, as the last option
200 	     in the packet. Here, we shift it to the very end of the buffer, if it doesn't
201 	     get overwritten, then it will be shuffled back at the end of processing.
202 	     Note that the incoming options must not be overwritten here, so there has to
203 	     be enough free space at the end of the packet to copy the option. */
204 	  unsigned char *sopt;
205 	  unsigned int total = option_len(opt) + 2;
206 	  unsigned char *last_opt = option_find(mess, sz, OPTION_END, 0);
207 	  if (last_opt && last_opt < end - total)
208 	    {
209 	      end -= total;
210 	      agent_id = end;
211 	      memcpy(agent_id, opt, total);
212 	    }
213 
214 	  /* look for RFC3527 Link selection sub-option */
215 	  if ((sopt = option_find1(option_ptr(opt, 0), option_ptr(opt, option_len(opt)), SUBOPT_SUBNET_SELECT, INADDRSZ)))
216 	    subnet_addr = option_addr(sopt);
217 
218 	  /* look for RFC5107 server-identifier-override */
219 	  if ((sopt = option_find1(option_ptr(opt, 0), option_ptr(opt, option_len(opt)), SUBOPT_SERVER_OR, INADDRSZ)))
220 	    override = option_addr(sopt);
221 
222 	  /* if a circuit-id or remote-is option is provided, exact-match to options. */
223 	  for (vendor = daemon->dhcp_vendors; vendor; vendor = vendor->next)
224 	    {
225 	      int search;
226 
227 	      if (vendor->match_type == MATCH_CIRCUIT)
228 		search = SUBOPT_CIRCUIT_ID;
229 	      else if (vendor->match_type == MATCH_REMOTE)
230 		search = SUBOPT_REMOTE_ID;
231 	      else if (vendor->match_type == MATCH_SUBSCRIBER)
232 		search = SUBOPT_SUBSCR_ID;
233 	      else
234 		continue;
235 
236 	      if ((sopt = option_find1(option_ptr(opt, 0), option_ptr(opt, option_len(opt)), search, 1)) &&
237 		  vendor->len == option_len(sopt) &&
238 		  memcmp(option_ptr(sopt, 0), vendor->data, vendor->len) == 0)
239 		{
240 		  vendor->netid.next = netid;
241 		  netid = &vendor->netid;
242 		  break;
243 		}
244 	    }
245 	}
246 
247       /* Check for RFC3011 subnet selector - only if RFC3527 one not present */
248       if (subnet_addr.s_addr == 0 && (opt = option_find(mess, sz, OPTION_SUBNET_SELECT, INADDRSZ)))
249 	subnet_addr = option_addr(opt);
250 
251       /* If there is no client identifier option, use the hardware address */
252       if ((opt = option_find(mess, sz, OPTION_CLIENT_ID, 1)))
253 	{
254 	  clid_len = option_len(opt);
255 	  clid = option_ptr(opt, 0);
256 	}
257 
258       /* do we have a lease in store? */
259       lease = lease_find_by_client(mess->chaddr, mess->hlen, mess->htype, clid, clid_len);
260 
261       /* If this request is missing a clid, but we've seen one before,
262 	 use it again for option matching etc. */
263       if (lease && !clid && lease->clid)
264 	{
265 	  clid_len = lease->clid_len;
266 	  clid = lease->clid;
267 	}
268 
269       /* find mac to use for logging and hashing */
270       emac = extended_hwaddr(mess->htype, mess->hlen, mess->chaddr, clid_len, clid, &emac_len);
271     }
272 
273   for (mac = daemon->dhcp_macs; mac; mac = mac->next)
274     if (mac->hwaddr_len == mess->hlen &&
275 	(mac->hwaddr_type == mess->htype || mac->hwaddr_type == 0) &&
276 	memcmp_masked(mac->hwaddr, mess->chaddr, mess->hlen, mac->mask))
277       {
278 	mac->netid.next = netid;
279 	netid = &mac->netid;
280       }
281 
282   /* Determine network for this packet. Our caller will have already linked all the
283      contexts which match the addresses of the receiving interface but if the
284      machine has an address already, or came via a relay, or we have a subnet selector,
285      we search again. If we don't have have a giaddr or explicit subnet selector,
286      use the ciaddr. This is necessary because a  machine which got a lease via a
287      relay won't use the relay to renew. If matching a ciaddr fails but we have a context
288      from the physical network, continue using that to allow correct DHCPNAK generation later. */
289   if (mess->giaddr.s_addr || subnet_addr.s_addr || mess->ciaddr.s_addr)
290     {
291       struct dhcp_context *context_tmp, *context_new = NULL;
292       struct in_addr addr;
293       int force = 0;
294 
295       if (subnet_addr.s_addr)
296 	{
297 	  addr = subnet_addr;
298 	  force = 1;
299 	}
300       else if (mess->giaddr.s_addr)
301 	{
302 	  addr = mess->giaddr;
303 	  force = 1;
304 	}
305       else
306 	{
307 	  /* If ciaddr is in the hardware derived set of contexts, leave that unchanged */
308 	  addr = mess->ciaddr;
309 	  for (context_tmp = context; context_tmp; context_tmp = context_tmp->current)
310 	    if (context_tmp->netmask.s_addr &&
311 		is_same_net(addr, context_tmp->start, context_tmp->netmask) &&
312 		is_same_net(addr, context_tmp->end, context_tmp->netmask))
313 	      {
314 		context_new = context;
315 		break;
316 	      }
317 	}
318 
319       if (!context_new)
320 	for (context_tmp = daemon->dhcp; context_tmp; context_tmp = context_tmp->next)
321 	  if (context_tmp->netmask.s_addr  &&
322 	      is_same_net(addr, context_tmp->start, context_tmp->netmask) &&
323 	      is_same_net(addr, context_tmp->end, context_tmp->netmask))
324 	    {
325 	      context_tmp->current = context_new;
326 	      context_new = context_tmp;
327 	    }
328 
329       if (context_new || force)
330 	context = context_new;
331 
332     }
333 
334   if (!context)
335     {
336 //      my_syslog(MS_DHCP | LOG_WARNING, _("no address range available for DHCP request %s %s"),
337 //		subnet_addr.s_addr ? _("with subnet selector") : _("via"),
338 //		subnet_addr.s_addr ? inet_ntoa(subnet_addr) : (mess->giaddr.s_addr ? inet_ntoa(mess->giaddr) : iface_name));
339       return 0;
340     }
341 
342   /* keep _a_ local address available. */
343   fallback = context->local;
344 
345   if (daemon->options & OPT_LOG_OPTS)
346     {
347       struct dhcp_context *context_tmp;
348       for (context_tmp = context; context_tmp; context_tmp = context_tmp->current)
349 	{
350 	  strcpy(daemon->namebuff, inet_ntoa(context_tmp->start));
351 	  if (context_tmp->flags & (CONTEXT_STATIC | CONTEXT_PROXY))
352 	    my_syslog(MS_DHCP | LOG_INFO, _("%u Available DHCP subnet: %s/%s"),
353 		      ntohl(mess->xid), daemon->namebuff, inet_ntoa(context_tmp->netmask));
354 	  else
355 	    my_syslog(MS_DHCP | LOG_INFO, _("%u Available DHCP range: %s -- %s"),
356 		      ntohl(mess->xid), daemon->namebuff, inet_ntoa(context_tmp->end));
357 	}
358     }
359 
360   mess->op = BOOTREPLY;
361 
362   config = find_config(daemon->dhcp_conf, context, clid, clid_len,
363 		       mess->chaddr, mess->hlen, mess->htype, NULL);
364 
365   /* set "known" tag for known hosts */
366   if (config)
367     {
368       known_id.net = "known";
369       known_id.next = netid;
370       netid = &known_id;
371     }
372 
373   if (mess_type == 0)
374     {
375       /* BOOTP request */
376       struct dhcp_netid id, bootp_id;
377       struct in_addr *logaddr = NULL;
378 
379       /* must have a MAC addr for bootp */
380       if (mess->htype == 0 || mess->hlen == 0 || (context->flags & CONTEXT_PROXY))
381 	return 0;
382 
383       if (have_config(config, CONFIG_DISABLE))
384 	message = _("disabled");
385 
386       end = mess->options + 64; /* BOOTP vend area is only 64 bytes */
387 
388       if (have_config(config, CONFIG_NAME))
389 	{
390 	  hostname = config->hostname;
391 	  domain = config->domain;
392 	}
393 
394       if (have_config(config, CONFIG_NETID))
395 	{
396 	  config->netid.next = netid;
397 	  netid = &config->netid;
398 	}
399 
400       /* Match incoming filename field as a netid. */
401       if (mess->file[0])
402 	{
403 	  memcpy(daemon->dhcp_buff2, mess->file, sizeof(mess->file));
404 	  daemon->dhcp_buff2[sizeof(mess->file) + 1] = 0; /* ensure zero term. */
405 	  id.net = (char *)daemon->dhcp_buff2;
406 	  id.next = netid;
407 	  netid = &id;
408 	}
409 
410       /* Add "bootp" as a tag to allow different options, address ranges etc
411 	 for BOOTP clients */
412       bootp_id.net = "bootp";
413       bootp_id.next = netid;
414       netid = &bootp_id;
415 
416       for (id_list = daemon->dhcp_ignore; id_list; id_list = id_list->next)
417 	if (match_netid(id_list->list, netid, 0))
418 	  message = _("ignored");
419 
420       if (!message)
421 	{
422 	  int nailed = 0;
423 
424 	  if (have_config(config, CONFIG_ADDR))
425 	    {
426 	      nailed = 1;
427 	      logaddr = &config->addr;
428 	      mess->yiaddr = config->addr;
429 	      if ((lease = lease_find_by_addr(config->addr)) &&
430 		  (lease->hwaddr_len != mess->hlen ||
431 		   lease->hwaddr_type != mess->htype ||
432 		   memcmp(lease->hwaddr, mess->chaddr, lease->hwaddr_len) != 0))
433 		message = _("address in use");
434 	    }
435 	  else
436 	    {
437 	      if (!(lease = lease_find_by_client(mess->chaddr, mess->hlen, mess->htype, NULL, 0)) ||
438 		  !address_available(context, lease->addr, netid))
439 		{
440 		   if (lease)
441 		     {
442 		       /* lease exists, wrong network. */
443 		       lease_prune(lease, now);
444 		       lease = NULL;
445 		     }
446 		   if (!address_allocate(context, &mess->yiaddr, mess->chaddr, mess->hlen, netid, now))
447 		     message = _("no address available");
448 		}
449 	      else
450 		mess->yiaddr = lease->addr;
451 	    }
452 
453 	  if (!message && !(context = narrow_context(context, mess->yiaddr, netid)))
454 	    message = _("wrong network");
455 	  else if (context->netid.net)
456 	    {
457 	      context->netid.next = netid;
458 	      netid = &context->netid;
459 	    }
460 
461 	  if (!message && !nailed)
462 	    {
463 	      for (id_list = daemon->bootp_dynamic; id_list; id_list = id_list->next)
464 		if ((!id_list->list) || match_netid(id_list->list, netid, 0))
465 		  break;
466 	      if (!id_list)
467 		message = _("no address configured");
468 	    }
469 
470 	  if (!message &&
471 	      !lease &&
472 	      (!(lease = lease_allocate(mess->yiaddr))))
473 	    message = _("no leases left");
474 
475 	  if (!message)
476 	    {
477 	      logaddr = &mess->yiaddr;
478 
479 	      lease_set_hwaddr(lease, mess->chaddr, NULL, mess->hlen, mess->htype, 0);
480 	      if (hostname)
481 		lease_set_hostname(lease, hostname, 1);
482 	      /* infinite lease unless nailed in dhcp-host line. */
483 	      lease_set_expires(lease,
484 				have_config(config, CONFIG_TIME) ? config->lease_time : 0xffffffff,
485 				now);
486 	      lease_set_interface(lease, int_index);
487 
488 	      clear_packet(mess, end);
489 	      do_options(context, mess, end, NULL, hostname, get_domain(mess->yiaddr),
490 			 domain, netid, subnet_addr, 0, 0, 0, NULL);
491 	    }
492 	}
493 
494       log_packet("BOOTP", logaddr, mess->chaddr, mess->hlen, iface_name, message, mess->xid);
495 
496       return message ? 0 : dhcp_packet_size(mess, netid, agent_id, real_end);
497     }
498 
499   if ((opt = option_find(mess, sz, OPTION_CLIENT_FQDN, 4)))
500     {
501       /* http://tools.ietf.org/wg/dhc/draft-ietf-dhc-fqdn-option/draft-ietf-dhc-fqdn-option-10.txt */
502       int len = option_len(opt);
503       char *pq = daemon->dhcp_buff;
504       unsigned char *pp, *op = option_ptr(opt, 0);
505 
506       fqdn_flags = *op;
507       len -= 3;
508       op += 3;
509       pp = op;
510 
511       /* Always force update, since the client has no way to do it itself. */
512       if (!(fqdn_flags & 0x01))
513 	fqdn_flags |= 0x02;
514 
515       fqdn_flags &= ~0x08;
516       fqdn_flags |= 0x01;
517 
518       if (fqdn_flags & 0x04)
519 	while (*op != 0 && ((op + (*op) + 1) - pp) < len)
520 	  {
521 	    memcpy(pq, op+1, *op);
522 	    pq += *op;
523 	    op += (*op)+1;
524 	    *(pq++) = '.';
525 	  }
526       else
527 	{
528 	  memcpy(pq, op, len);
529 	  if (len > 0 && op[len-1] == 0)
530 	    borken_opt = 1;
531 	  pq += len + 1;
532 	}
533 
534       if (pq != daemon->dhcp_buff)
535 	pq--;
536 
537       *pq = 0;
538 
539       if (legal_hostname(daemon->dhcp_buff))
540 	offer_hostname = client_hostname = daemon->dhcp_buff;
541     }
542   else if ((opt = option_find(mess, sz, OPTION_HOSTNAME, 1)))
543     {
544       int len = option_len(opt);
545       memcpy(daemon->dhcp_buff, option_ptr(opt, 0), len);
546       /* Microsoft clients are broken, and need zero-terminated strings
547 	 in options. We detect this state here, and do the same in
548 	 any options we send */
549       if (len > 0 && daemon->dhcp_buff[len-1] == 0)
550 	borken_opt = 1;
551       else
552 	daemon->dhcp_buff[len] = 0;
553       if (legal_hostname(daemon->dhcp_buff))
554 	client_hostname = daemon->dhcp_buff;
555     }
556 
557   if (client_hostname && daemon->options & OPT_LOG_OPTS)
558     my_syslog(MS_DHCP | LOG_INFO, _("%u client provides name: %s"), ntohl(mess->xid), client_hostname);
559 
560   if (have_config(config, CONFIG_NAME))
561     {
562       hostname = config->hostname;
563       domain = config->domain;
564       hostname_auth = 1;
565       /* be careful not to send an OFFER with a hostname not matching the DISCOVER. */
566       if (fqdn_flags != 0 || !client_hostname || hostname_isequal(hostname, client_hostname))
567         offer_hostname = hostname;
568     }
569   else if (client_hostname)
570     {
571       domain = strip_hostname(client_hostname);
572 
573       if (strlen(client_hostname) != 0)
574 	{
575 	  hostname = client_hostname;
576 	  if (!config)
577 	    {
578 	      /* Search again now we have a hostname.
579 		 Only accept configs without CLID and HWADDR here, (they won't match)
580 		 to avoid impersonation by name. */
581 	      struct dhcp_config *new = find_config(daemon->dhcp_conf, context, NULL, 0,
582 						    mess->chaddr, mess->hlen,
583 						    mess->htype, hostname);
584 	      if (new && !have_config(new, CONFIG_CLID) && !new->hwaddr)
585 		{
586 		  config = new;
587 		  /* set "known" tag for known hosts */
588 		  known_id.net = "known";
589 		  known_id.next = netid;
590 		  netid = &known_id;
591 		}
592 	    }
593 	}
594     }
595 
596   if (have_config(config, CONFIG_NETID))
597     {
598       config->netid.next = netid;
599       netid = &config->netid;
600     }
601 
602   /* dhcp-match. If we have hex-and-wildcards, look for a left-anchored match.
603      Otherwise assume the option is an array, and look for a matching element.
604      If no data given, existance of the option is enough. */
605   for (o = daemon->dhcp_match; o; o = o->next)
606     {
607       int i, matched = 0;
608 
609       if (!(opt = option_find(mess, sz, o->opt, 1)) ||
610 	  o->len > option_len(opt))
611 	continue;
612 
613       if (o->len == 0)
614 	matched = 1;
615       else if (o->flags & DHOPT_HEX)
616 	{
617 	  if (memcmp_masked(o->val, option_ptr(opt, 0), o->len, o->u.wildcard_mask))
618 	    matched = 1;
619 	}
620       else
621 	for (i = 0; i <= (option_len(opt) - o->len); )
622 	  {
623 	    if (memcmp(o->val, option_ptr(opt, i), o->len) == 0)
624 	      {
625 		matched = 1;
626 		break;
627 	      }
628 
629 	    if (o->flags & DHOPT_STRING)
630 	      i++;
631 	    else
632 	      i += o->len;
633 	  }
634 
635       if (matched)
636 	{
637 	  o->netid->next = netid;
638 	  netid = o->netid;
639 	}
640     }
641 
642   /* user-class options are, according to RFC3004, supposed to contain
643      a set of counted strings. Here we check that this is so (by seeing
644      if the counts are consistent with the overall option length) and if
645      so zero the counts so that we don't get spurious matches between
646      the vendor string and the counts. If the lengths don't add up, we
647      assume that the option is a single string and non RFC3004 compliant
648      and just do the substring match. dhclient provides these broken options.
649      The code, later, which sends user-class data to the lease-change script
650      relies on the transformation done here.
651   */
652 
653   if ((opt = option_find(mess, sz, OPTION_USER_CLASS, 1)))
654     {
655       unsigned char *ucp = option_ptr(opt, 0);
656       int tmp, j;
657       for (j = 0; j < option_len(opt); j += ucp[j] + 1);
658       if (j == option_len(opt))
659 	for (j = 0; j < option_len(opt); j = tmp)
660 	  {
661 	    tmp = j + ucp[j] + 1;
662 	    ucp[j] = 0;
663 	  }
664     }
665 
666   for (vendor = daemon->dhcp_vendors; vendor; vendor = vendor->next)
667     {
668       int mopt;
669 
670       if (vendor->match_type == MATCH_VENDOR)
671 	mopt = OPTION_VENDOR_ID;
672       else if (vendor->match_type == MATCH_USER)
673 	mopt = OPTION_USER_CLASS;
674       else
675 	continue;
676 
677       if ((opt = option_find(mess, sz, mopt, 1)))
678 	{
679 	  int i;
680 	  for (i = 0; i <= (option_len(opt) - vendor->len); i++)
681 	    if (memcmp(vendor->data, option_ptr(opt, i), vendor->len) == 0)
682 	      {
683 		vendor->netid.next = netid;
684 		netid = &vendor->netid;
685 		break;
686 	      }
687 	}
688     }
689 
690   /* mark vendor-encapsulated options which match the client-supplied vendor class */
691   match_vendor_opts(option_find(mess, sz, OPTION_VENDOR_ID, 1), daemon->dhcp_opts);
692 
693   if (daemon->options & OPT_LOG_OPTS)
694     {
695       if (sanitise(option_find(mess, sz, OPTION_VENDOR_ID, 1), daemon->namebuff))
696 	my_syslog(MS_DHCP | LOG_INFO, _("%u Vendor class: %s"), ntohl(mess->xid), daemon->namebuff);
697       if (sanitise(option_find(mess, sz, OPTION_USER_CLASS, 1), daemon->namebuff))
698 	my_syslog(MS_DHCP | LOG_INFO, _("%u User class: %s"), ntohl(mess->xid), daemon->namebuff);
699     }
700 
701   /* if all the netids in the ignore list are present, ignore this client */
702   for (id_list = daemon->dhcp_ignore; id_list; id_list = id_list->next)
703     if (match_netid(id_list->list, netid, 0))
704       ignore = 1;
705 
706   /* Can have setting to ignore the client ID for a particular MAC address or hostname */
707   if (have_config(config, CONFIG_NOCLID))
708     clid = NULL;
709 
710   /* Check if client is PXE client. */
711   if (daemon->enable_pxe &&
712       (opt = option_find(mess, sz, OPTION_VENDOR_ID, 9)) &&
713       strncmp(option_ptr(opt, 0), "PXEClient", 9) == 0)
714     {
715       if ((opt = option_find(mess, sz, OPTION_PXE_UUID, 17)))
716 	{
717 	  memcpy(pxe_uuid, option_ptr(opt, 0), 17);
718 	  uuid = pxe_uuid;
719 	}
720 
721       /* Check if this is really a PXE bootserver request, and handle specially if so. */
722       if ((mess_type == DHCPREQUEST || mess_type == DHCPINFORM) &&
723 	  (opt = option_find(mess, sz, OPTION_VENDOR_CLASS_OPT, 1)) &&
724 	  (opt = option_find1(option_ptr(opt, 0), option_ptr(opt, option_len(opt)), SUBOPT_PXE_BOOT_ITEM, 4)))
725 	{
726 	  struct pxe_service *service;
727 	  int type = option_uint(opt, 0, 2);
728 	  int layer = option_uint(opt, 2, 2);
729 	  unsigned char save71[4];
730 	  struct dhcp_opt opt71;
731 
732 	  if (ignore)
733 	    return 0;
734 
735 	  if (layer & 0x8000)
736 	    {
737 	      my_syslog(MS_DHCP | LOG_ERR, _("PXE BIS not supported"));
738 	      return 0;
739 	    }
740 
741 	  memcpy(save71, option_ptr(opt, 0), 4);
742 
743 	  for (service = daemon->pxe_services; service; service = service->next)
744 	    if (service->type == type)
745 	      break;
746 
747 	  if (!service || !service->basename)
748 	    return 0;
749 
750 	  clear_packet(mess, end);
751 
752 	  mess->yiaddr = mess->ciaddr;
753 	  mess->ciaddr.s_addr = 0;
754 	  if (service->server.s_addr != 0)
755 	    mess->siaddr = service->server;
756 	  else
757 	    mess->siaddr = context->local;
758 
759 	  snprintf((char *)mess->file, sizeof(mess->file), "%s.%d", service->basename, layer);
760 	  option_put(mess, end, OPTION_MESSAGE_TYPE, 1, DHCPACK);
761 	  option_put(mess, end, OPTION_SERVER_IDENTIFIER, INADDRSZ, htonl(context->local.s_addr));
762 	  pxe_misc(mess, end, uuid);
763 
764 	  prune_vendor_opts(netid);
765 	  opt71.val = save71;
766 	  opt71.opt = SUBOPT_PXE_BOOT_ITEM;
767 	  opt71.len = 4;
768 	  opt71.flags = DHOPT_VENDOR_MATCH;
769 	  opt71.netid = NULL;
770 	  opt71.next = daemon->dhcp_opts;
771 	  do_encap_opts(&opt71, OPTION_VENDOR_CLASS_OPT, DHOPT_VENDOR_MATCH, mess, end, 0);
772 
773 	  log_packet("PXE", &mess->yiaddr, emac, emac_len, iface_name, (char *)mess->file, mess->xid);
774 	  return dhcp_packet_size(mess, netid, agent_id, real_end);
775 	}
776 
777       if ((opt = option_find(mess, sz, OPTION_ARCH, 2)))
778 	{
779 	  pxearch = option_uint(opt, 0, 2);
780 
781 	  /* proxy DHCP here. The DHCPREQUEST stuff is for gPXE */
782 	  if ((mess_type == DHCPDISCOVER || mess_type == DHCPREQUEST) &&
783 	      (context->flags & CONTEXT_PROXY))
784 	    {
785 	      struct dhcp_boot *boot = find_boot(netid);
786 
787 	      mess->yiaddr.s_addr = 0;
788 	      if  (mess_type == DHCPDISCOVER || mess->ciaddr.s_addr == 0)
789 		{
790 		  mess->ciaddr.s_addr = 0;
791 		  mess->flags |= htons(0x8000); /* broadcast */
792 		}
793 
794 	      clear_packet(mess, end);
795 
796 	      /* Provide the bootfile here, for gPXE, and in case we have no menu items
797 		 and set discovery_control = 8 */
798 	      if (boot)
799 		{
800 		  if (boot->next_server.s_addr)
801 		    mess->siaddr = boot->next_server;
802 
803 		  if (boot->file)
804 		    strncpy((char *)mess->file, boot->file, sizeof(mess->file)-1);
805 		}
806 
807 	      option_put(mess, end, OPTION_MESSAGE_TYPE, 1,
808 			 mess_type == DHCPDISCOVER ? DHCPOFFER : DHCPACK);
809 	      option_put(mess, end, OPTION_SERVER_IDENTIFIER, INADDRSZ, htonl(context->local.s_addr));
810 	      pxe_misc(mess, end, uuid);
811 	      prune_vendor_opts(netid);
812 	      do_encap_opts(pxe_opts(pxearch, netid), OPTION_VENDOR_CLASS_OPT, DHOPT_VENDOR_MATCH, mess, end, 0);
813 
814 	      log_packet("PXE", NULL, emac, emac_len, iface_name, ignore ? "proxy" : "proxy-ignored", mess->xid);
815 	      return ignore ? 0 : dhcp_packet_size(mess, netid, agent_id, real_end);
816 	    }
817 	}
818     }
819 
820   /* if we're just a proxy server, go no further */
821   if (context->flags & CONTEXT_PROXY)
822     return 0;
823 
824   if ((opt = option_find(mess, sz, OPTION_REQUESTED_OPTIONS, 0)))
825     {
826       req_options = (unsigned char *)daemon->dhcp_buff2;
827       memcpy(req_options, option_ptr(opt, 0), option_len(opt));
828       req_options[option_len(opt)] = OPTION_END;
829     }
830 
831   switch (mess_type)
832     {
833     case DHCPDECLINE:
834       if (!(opt = option_find(mess, sz, OPTION_SERVER_IDENTIFIER, INADDRSZ)) ||
835 	  option_addr(opt).s_addr != server_id(context, override, fallback).s_addr)
836 	return 0;
837 
838       /* sanitise any message. Paranoid? Moi? */
839       sanitise(option_find(mess, sz, OPTION_MESSAGE, 1), daemon->dhcp_buff);
840 
841       if (!(opt = option_find(mess, sz, OPTION_REQUESTED_IP, INADDRSZ)))
842 	return 0;
843 
844       log_packet("DHCPDECLINE", option_ptr(opt, 0), emac, emac_len, iface_name, daemon->dhcp_buff, mess->xid);
845 
846       if (lease && lease->addr.s_addr == option_addr(opt).s_addr)
847 	lease_prune(lease, now);
848 
849       if (have_config(config, CONFIG_ADDR) &&
850 	  config->addr.s_addr == option_addr(opt).s_addr)
851 	{
852 	  prettyprint_time(daemon->dhcp_buff, DECLINE_BACKOFF);
853 	  my_syslog(MS_DHCP | LOG_WARNING, _("disabling DHCP static address %s for %s"),
854 		    inet_ntoa(config->addr), daemon->dhcp_buff);
855 	  config->flags |= CONFIG_DECLINED;
856 	  config->decline_time = now;
857 	}
858       else
859 	/* make sure this host gets a different address next time. */
860 	for (; context; context = context->current)
861 	  context->addr_epoch++;
862 
863       return 0;
864 
865     case DHCPRELEASE:
866       if (!(context = narrow_context(context, mess->ciaddr, netid)) ||
867 	  !(opt = option_find(mess, sz, OPTION_SERVER_IDENTIFIER, INADDRSZ)) ||
868 	  option_addr(opt).s_addr != server_id(context, override, fallback).s_addr)
869 	return 0;
870 
871       if (lease && lease->addr.s_addr == mess->ciaddr.s_addr)
872 	lease_prune(lease, now);
873       else
874 	message = _("unknown lease");
875 
876       log_packet("DHCPRELEASE", &mess->ciaddr, emac, emac_len, iface_name, message, mess->xid);
877 
878       return 0;
879 
880     case DHCPDISCOVER:
881       if (ignore || have_config(config, CONFIG_DISABLE))
882 	{
883 	  message = _("ignored");
884 	  opt = NULL;
885 	}
886       else
887 	{
888 	  struct in_addr addr, conf;
889 
890 	  addr.s_addr = conf.s_addr = 0;
891 
892 	  if ((opt = option_find(mess, sz, OPTION_REQUESTED_IP, INADDRSZ)))
893 	    addr = option_addr(opt);
894 
895 	  if (have_config(config, CONFIG_ADDR))
896 	    {
897 	      char *addrs = inet_ntoa(config->addr);
898 
899 	      if ((ltmp = lease_find_by_addr(config->addr)) &&
900 		  ltmp != lease &&
901 		  !config_has_mac(config, ltmp->hwaddr, ltmp->hwaddr_len, ltmp->hwaddr_type))
902 		{
903 		  int len;
904 		  unsigned char *mac = extended_hwaddr(ltmp->hwaddr_type, ltmp->hwaddr_len,
905 						       ltmp->hwaddr, ltmp->clid_len, ltmp->clid, &len);
906 		  my_syslog(MS_DHCP | LOG_WARNING, _("not using configured address %s because it is leased to %s"),
907 			    addrs, print_mac(daemon->namebuff, mac, len));
908 		}
909 	      else
910 		{
911 		  struct dhcp_context *tmp;
912 		  for (tmp = context; tmp; tmp = tmp->current)
913 		    if (context->router.s_addr == config->addr.s_addr)
914 		      break;
915 		  if (tmp)
916 		    my_syslog(MS_DHCP | LOG_WARNING, _("not using configured address %s because it is in use by the server or relay"), addrs);
917 		  else if (have_config(config, CONFIG_DECLINED) &&
918 			   difftime(now, config->decline_time) < (float)DECLINE_BACKOFF)
919 		    my_syslog(MS_DHCP | LOG_WARNING, _("not using configured address %s because it was previously declined"), addrs);
920 		  else
921 		    conf = config->addr;
922 		}
923 	    }
924 
925 	  if (conf.s_addr)
926 	    mess->yiaddr = conf;
927 	  else if (lease &&
928 		   address_available(context, lease->addr, netid) &&
929 		   !config_find_by_address(daemon->dhcp_conf, lease->addr))
930 	    mess->yiaddr = lease->addr;
931 	  else if (opt && address_available(context, addr, netid) && !lease_find_by_addr(addr) &&
932 		   !config_find_by_address(daemon->dhcp_conf, addr))
933 	    mess->yiaddr = addr;
934 	  else if (emac_len == 0)
935 	    message = _("no unique-id");
936 	  else if (!address_allocate(context, &mess->yiaddr, emac, emac_len, netid, now))
937 	    message = _("no address available");
938 	}
939 
940       log_packet("DHCPDISCOVER", opt ? option_ptr(opt, 0) : NULL, emac, emac_len, iface_name, message, mess->xid);
941 
942       if (message || !(context = narrow_context(context, mess->yiaddr, netid)))
943 	return 0;
944 
945       log_packet("DHCPOFFER" , &mess->yiaddr, emac, emac_len, iface_name, NULL, mess->xid);
946 
947       if (context->netid.net)
948 	{
949 	  context->netid.next = netid;
950 	  netid = &context->netid;
951 	}
952 
953       time = calc_time(context, config, option_find(mess, sz, OPTION_LEASE_TIME, 4));
954       clear_packet(mess, end);
955       option_put(mess, end, OPTION_MESSAGE_TYPE, 1, DHCPOFFER);
956       option_put(mess, end, OPTION_SERVER_IDENTIFIER, INADDRSZ, ntohl(server_id(context, override, fallback).s_addr));
957       option_put(mess, end, OPTION_LEASE_TIME, 4, time);
958       /* T1 and T2 are required in DHCPOFFER by HP's wacky Jetdirect client. */
959       if (time != 0xffffffff)
960 	{
961 	  option_put(mess, end, OPTION_T1, 4, (time/2));
962 	  option_put(mess, end, OPTION_T2, 4, (time*7)/8);
963 	}
964       do_options(context, mess, end, req_options, offer_hostname, get_domain(mess->yiaddr),
965 		 domain, netid, subnet_addr, fqdn_flags, borken_opt, pxearch, uuid);
966 
967       return dhcp_packet_size(mess, netid, agent_id, real_end);
968 
969     case DHCPREQUEST:
970       if (ignore || have_config(config, CONFIG_DISABLE))
971 	return 0;
972       if ((opt = option_find(mess, sz, OPTION_REQUESTED_IP, INADDRSZ)))
973 	{
974 	  /* SELECTING  or INIT_REBOOT */
975 	  mess->yiaddr = option_addr(opt);
976 
977 	  /* send vendor and user class info for new or recreated lease */
978 	  do_classes = 1;
979 
980 	  if ((opt = option_find(mess, sz, OPTION_SERVER_IDENTIFIER, INADDRSZ)))
981 	    {
982 	      /* SELECTING */
983 	      selecting = 1;
984 
985 	      if (override.s_addr != 0)
986 		{
987 		  if (option_addr(opt).s_addr != override.s_addr)
988 		    return 0;
989 		}
990 	      else
991 		{
992 		  for (; context; context = context->current)
993 		    if (context->local.s_addr == option_addr(opt).s_addr)
994 		      break;
995 
996 		  if (!context)
997 		    {
998 		      /* In auth mode, a REQUEST sent to the wrong server
999 			 should be faulted, so that the client establishes
1000 			 communication with us, otherwise, silently ignore. */
1001 		      if (!(daemon->options & OPT_AUTHORITATIVE))
1002 			return 0;
1003 		      message = _("wrong server-ID");
1004 		    }
1005 		}
1006 
1007 	      /* If a lease exists for this host and another address, squash it. */
1008 	      if (lease && lease->addr.s_addr != mess->yiaddr.s_addr)
1009 		{
1010 		  lease_prune(lease, now);
1011 		  lease = NULL;
1012 		}
1013 	    }
1014 	  else
1015 	    {
1016 	      /* INIT-REBOOT */
1017 	      if (!lease && !(daemon->options & OPT_AUTHORITATIVE))
1018 		return 0;
1019 
1020 	      if (lease && lease->addr.s_addr != mess->yiaddr.s_addr)
1021 		{
1022 		  message = _("wrong address");
1023 		  /* avoid loops when client brain-dead */
1024 		  lease_prune(lease, now);
1025 		  lease = NULL;
1026 		}
1027 	    }
1028 	}
1029       else
1030 	{
1031 	  /* RENEWING or REBINDING */
1032 	  /* Check existing lease for this address.
1033 	     We allow it to be missing if dhcp-authoritative mode
1034 	     as long as we can allocate the lease now - checked below.
1035 	     This makes for a smooth recovery from a lost lease DB */
1036 	  if ((lease && mess->ciaddr.s_addr != lease->addr.s_addr) ||
1037 	      (!lease && !(daemon->options & OPT_AUTHORITATIVE)))
1038 	    {
1039 	      message = _("lease not found");
1040 	      /* ensure we broadcast NAK */
1041 	      unicast_dest = 0;
1042 	    }
1043 	  /* desynchronise renewals */
1044 	  fuzz = rand16();
1045 	  mess->yiaddr = mess->ciaddr;
1046 	}
1047 
1048       log_packet("DHCPREQUEST", &mess->yiaddr, emac, emac_len, iface_name, NULL, mess->xid);
1049 
1050       if (!message)
1051 	{
1052 	  struct dhcp_config *addr_config;
1053 	  struct dhcp_context *tmp = NULL;
1054 
1055 	  if (have_config(config, CONFIG_ADDR))
1056 	    for (tmp = context; tmp; tmp = tmp->current)
1057 	      if (context->router.s_addr == config->addr.s_addr)
1058 		break;
1059 
1060 	  if (!(context = narrow_context(context, mess->yiaddr, netid)))
1061 	    {
1062 	      /* If a machine moves networks whilst it has a lease, we catch that here. */
1063 	      message = _("wrong network");
1064 	      /* ensure we broadcast NAK */
1065 	      unicast_dest = 0;
1066 	    }
1067 
1068 	  /* Check for renewal of a lease which is outside the allowed range. */
1069 	  else if (!address_available(context, mess->yiaddr, netid) &&
1070 		   (!have_config(config, CONFIG_ADDR) || config->addr.s_addr != mess->yiaddr.s_addr))
1071 	    message = _("address not available");
1072 
1073 	  /* Check if a new static address has been configured. Be very sure that
1074 	     when the client does DISCOVER, it will get the static address, otherwise
1075 	     an endless protocol loop will ensue. */
1076 	  else if (!tmp && !selecting &&
1077 		   have_config(config, CONFIG_ADDR) &&
1078 		   (!have_config(config, CONFIG_DECLINED) ||
1079 		    difftime(now, config->decline_time) > (float)DECLINE_BACKOFF) &&
1080 		   config->addr.s_addr != mess->yiaddr.s_addr &&
1081 		   (!(ltmp = lease_find_by_addr(config->addr)) || ltmp == lease))
1082 	    message = _("static lease available");
1083 
1084 	  /* Check to see if the address is reserved as a static address for another host */
1085 	  else if ((addr_config = config_find_by_address(daemon->dhcp_conf, mess->yiaddr)) && addr_config != config)
1086 	    message = _("address reserved");
1087 
1088 	  else if (!lease && (ltmp = lease_find_by_addr(mess->yiaddr)))
1089 	    {
1090 	      /* If a host is configured with more than one MAC address, it's OK to 'nix
1091 		 a lease from one of it's MACs to give the address to another. */
1092 	      if (config && config_has_mac(config, ltmp->hwaddr, ltmp->hwaddr_len, ltmp->hwaddr_type))
1093 		{
1094 		  my_syslog(MS_DHCP | LOG_INFO, _("abandoning lease to %s of %s"),
1095 			    print_mac(daemon->namebuff, ltmp->hwaddr, ltmp->hwaddr_len),
1096 			    inet_ntoa(ltmp->addr));
1097 		  lease = ltmp;
1098 		}
1099 	      else
1100 		message = _("address in use");
1101 	    }
1102 
1103 	  if (!message)
1104 	    {
1105 	      if (emac_len == 0)
1106 		message = _("no unique-id");
1107 
1108 	      else if (!lease)
1109 		{
1110 		  if ((lease = lease_allocate(mess->yiaddr)))
1111 		    do_classes = 1;
1112 		  else
1113 		    message = _("no leases left");
1114 		}
1115 	    }
1116 	}
1117 
1118       if (message)
1119 	{
1120 	  log_packet("DHCPNAK", &mess->yiaddr, emac, emac_len, iface_name, message, mess->xid);
1121 
1122 	  mess->yiaddr.s_addr = 0;
1123 	  clear_packet(mess, end);
1124 	  option_put(mess, end, OPTION_MESSAGE_TYPE, 1, DHCPNAK);
1125 	  option_put(mess, end, OPTION_SERVER_IDENTIFIER, INADDRSZ, ntohl(server_id(context, override, fallback).s_addr));
1126 	  option_put_string(mess, end, OPTION_MESSAGE, message, borken_opt);
1127 	  /* This fixes a problem with the DHCP spec, broadcasting a NAK to a host on
1128 	     a distant subnet which unicast a REQ to us won't work. */
1129 	  if (!unicast_dest || mess->giaddr.s_addr != 0 ||
1130 	      mess->ciaddr.s_addr == 0 || is_same_net(context->local, mess->ciaddr, context->netmask))
1131 	    {
1132 	      mess->flags |= htons(0x8000); /* broadcast */
1133 	      mess->ciaddr.s_addr = 0;
1134 	    }
1135 	}
1136       else
1137 	{
1138 	   if (do_classes)
1139 	     {
1140 	       if (mess->giaddr.s_addr)
1141 		 lease->giaddr = mess->giaddr;
1142 
1143 	       lease->changed = 1;
1144 	       /* copy user-class and vendor class into new lease, for the script */
1145 	       if ((opt = option_find(mess, sz, OPTION_USER_CLASS, 1)))
1146 		 {
1147 		   int len = option_len(opt);
1148 		   unsigned char *ucp = option_ptr(opt, 0);
1149 		   /* If the user-class option started as counted strings, the first byte will be zero. */
1150 		   if (len != 0 && ucp[0] == 0)
1151 		     ucp++, len--;
1152 		   free(lease->userclass);
1153 		   if ((lease->userclass = whine_malloc(len+1)))
1154 		     {
1155 		       memcpy(lease->userclass, ucp, len);
1156 		       lease->userclass[len] = 0;
1157 		       lease->userclass_len = len+1;
1158 		     }
1159 		 }
1160 	       if ((opt = option_find(mess, sz, OPTION_VENDOR_ID, 1)))
1161 		 {
1162 		   int len = option_len(opt);
1163 		   unsigned char *ucp = option_ptr(opt, 0);
1164 		   free(lease->vendorclass);
1165 		   if ((lease->vendorclass = whine_malloc(len+1)))
1166 		     {
1167 		       memcpy(lease->vendorclass, ucp, len);
1168 		       lease->vendorclass[len] = 0;
1169 		       lease->vendorclass_len = len+1;
1170 		     }
1171 		 }
1172 	       if ((opt = option_find(mess, sz, OPTION_HOSTNAME, 1)))
1173 		 {
1174 		   int len = option_len(opt);
1175 		   unsigned char *ucp = option_ptr(opt, 0);
1176 		   free(lease->supplied_hostname);
1177 		   if ((lease->supplied_hostname = whine_malloc(len+1)))
1178 		     {
1179 		       memcpy(lease->supplied_hostname, ucp, len);
1180 		       lease->supplied_hostname[len] = 0;
1181 		       lease->supplied_hostname_len = len+1;
1182 		     }
1183 		 }
1184 	     }
1185 
1186 	   if (!hostname_auth && (client_hostname = host_from_dns(mess->yiaddr)))
1187 	     {
1188 	      hostname = client_hostname;
1189 	      hostname_auth = 1;
1190 	    }
1191 
1192 	  if (context->netid.net)
1193 	    {
1194 	      context->netid.next = netid;
1195 	      netid = &context->netid;
1196 	    }
1197 
1198 	  time = calc_time(context, config, option_find(mess, sz, OPTION_LEASE_TIME, 4));
1199 	  lease_set_hwaddr(lease, mess->chaddr, clid, mess->hlen, mess->htype, clid_len);
1200 
1201 	  /* if all the netids in the ignore_name list are present, ignore client-supplied name */
1202 	  if (!hostname_auth)
1203 	    {
1204 	      for (id_list = daemon->dhcp_ignore_names; id_list; id_list = id_list->next)
1205 		if ((!id_list->list) || match_netid(id_list->list, netid, 0))
1206 		  break;
1207 	      if (id_list)
1208 		hostname = NULL;
1209 	    }
1210 	  if (hostname)
1211 	    lease_set_hostname(lease, hostname, hostname_auth);
1212 
1213 	  lease_set_expires(lease, time, now);
1214 	  lease_set_interface(lease, int_index);
1215 
1216 	  if (override.s_addr != 0)
1217 	    lease->override = override;
1218 	  else
1219 	    override = lease->override;
1220 
1221 	  log_packet("DHCPACK", &mess->yiaddr, emac, emac_len, iface_name, hostname, mess->xid);
1222 
1223 	  clear_packet(mess, end);
1224 	  option_put(mess, end, OPTION_MESSAGE_TYPE, 1, DHCPACK);
1225 	  option_put(mess, end, OPTION_SERVER_IDENTIFIER, INADDRSZ, ntohl(server_id(context, override, fallback).s_addr));
1226 	  option_put(mess, end, OPTION_LEASE_TIME, 4, time);
1227 	  if (time != 0xffffffff)
1228 	    {
1229 	      while (fuzz > (time/16))
1230 		fuzz = fuzz/2;
1231 	      option_put(mess, end, OPTION_T1, 4, (time/2) - fuzz);
1232 	      option_put(mess, end, OPTION_T2, 4, ((time/8)*7) - fuzz);
1233 	    }
1234 	  do_options(context, mess, end, req_options, hostname, get_domain(mess->yiaddr),
1235 		     domain, netid, subnet_addr, fqdn_flags, borken_opt, pxearch, uuid);
1236 	}
1237 
1238       return dhcp_packet_size(mess, netid, agent_id, real_end);
1239 
1240     case DHCPINFORM:
1241       if (ignore || have_config(config, CONFIG_DISABLE))
1242 	message = _("ignored");
1243 
1244       log_packet("DHCPINFORM", &mess->ciaddr, emac, emac_len, iface_name, message, mess->xid);
1245 
1246       if (message || mess->ciaddr.s_addr == 0)
1247 	return 0;
1248 
1249       /* For DHCPINFORM only, cope without a valid context */
1250       context = narrow_context(context, mess->ciaddr, netid);
1251 
1252       /* Find a least based on IP address if we didn't
1253 	 get one from MAC address/client-d */
1254       if (!lease &&
1255 	  (lease = lease_find_by_addr(mess->ciaddr)) &&
1256 	  lease->hostname)
1257 	hostname = lease->hostname;
1258 
1259       if (!hostname)
1260 	hostname = host_from_dns(mess->ciaddr);
1261 
1262       log_packet("DHCPACK", &mess->ciaddr, emac, emac_len, iface_name, hostname, mess->xid);
1263 
1264       if (context && context->netid.net)
1265 	{
1266 	  context->netid.next = netid;
1267 	  netid = &context->netid;
1268 	}
1269 
1270       if (lease)
1271 	{
1272 	  if (override.s_addr != 0)
1273 	    lease->override = override;
1274 	  else
1275 	    override = lease->override;
1276 	}
1277 
1278       clear_packet(mess, end);
1279       option_put(mess, end, OPTION_MESSAGE_TYPE, 1, DHCPACK);
1280       option_put(mess, end, OPTION_SERVER_IDENTIFIER, INADDRSZ, ntohl(server_id(context, override, fallback).s_addr));
1281 
1282       if (lease)
1283 	{
1284 	  if (lease->expires == 0)
1285 	    time = 0xffffffff;
1286 	  else
1287 	    time = (unsigned int)difftime(lease->expires, now);
1288 	  option_put(mess, end, OPTION_LEASE_TIME, 4, time);
1289 	  lease_set_interface(lease, int_index);
1290 	}
1291 
1292       do_options(context, mess, end, req_options, hostname, get_domain(mess->ciaddr),
1293 		 domain, netid, subnet_addr, fqdn_flags, borken_opt, pxearch, uuid);
1294 
1295       *is_inform = 1; /* handle reply differently */
1296       return dhcp_packet_size(mess, netid, agent_id, real_end);
1297     }
1298 
1299   return 0;
1300 }
1301 
1302 /* find a good value to use as MAC address for logging and address-allocation hashing.
1303    This is normally just the chaddr field from the DHCP packet,
1304    but eg Firewire will have hlen == 0 and use the client-id instead.
1305    This could be anything, but will normally be EUI64 for Firewire.
1306    We assume that if the first byte of the client-id equals the htype byte
1307    then the client-id is using the usual encoding and use the rest of the
1308    client-id: if not we can use the whole client-id. This should give
1309    sane MAC address logs. */
extended_hwaddr(int hwtype,int hwlen,unsigned char * hwaddr,int clid_len,unsigned char * clid,int * len_out)1310 unsigned char *extended_hwaddr(int hwtype, int hwlen, unsigned char *hwaddr,
1311 				      int clid_len, unsigned char *clid, int *len_out)
1312 {
1313   if (hwlen == 0 && clid && clid_len > 3)
1314     {
1315       if (clid[0]  == hwtype)
1316 	{
1317 	  *len_out = clid_len - 1 ;
1318 	  return clid + 1;
1319 	}
1320 
1321 #if defined(ARPHRD_EUI64) && defined(ARPHRD_IEEE1394)
1322       if (clid[0] ==  ARPHRD_EUI64 && hwtype == ARPHRD_IEEE1394)
1323 	{
1324 	  *len_out = clid_len - 1 ;
1325 	  return clid + 1;
1326 	}
1327 #endif
1328 
1329       *len_out = clid_len;
1330       return clid;
1331     }
1332 
1333   *len_out = hwlen;
1334   return hwaddr;
1335 }
1336 
calc_time(struct dhcp_context * context,struct dhcp_config * config,unsigned char * opt)1337 static unsigned int calc_time(struct dhcp_context *context, struct dhcp_config *config, unsigned char *opt)
1338 {
1339   unsigned int time = have_config(config, CONFIG_TIME) ? config->lease_time : context->lease_time;
1340 
1341   if (opt)
1342     {
1343       unsigned int req_time = option_uint(opt, 0, 4);
1344       if (req_time < 120 )
1345 	req_time = 120; /* sanity */
1346       if (time == 0xffffffff || (req_time != 0xffffffff && req_time < time))
1347 	time = req_time;
1348     }
1349 
1350   return time;
1351 }
1352 
server_id(struct dhcp_context * context,struct in_addr override,struct in_addr fallback)1353 static struct in_addr server_id(struct dhcp_context *context, struct in_addr override, struct in_addr fallback)
1354 {
1355   if (override.s_addr != 0)
1356     return override;
1357   else if (context)
1358     return context->local;
1359   else
1360     return fallback;
1361 }
1362 
sanitise(unsigned char * opt,char * buf)1363 static int sanitise(unsigned char *opt, char *buf)
1364 {
1365   char *p;
1366   int i;
1367 
1368   *buf = 0;
1369 
1370   if (!opt)
1371     return 0;
1372 
1373   p = option_ptr(opt, 0);
1374 
1375   for (i = option_len(opt); i > 0; i--)
1376     {
1377       char c = *p++;
1378       if (isprint((int)c))
1379 	*buf++ = c;
1380     }
1381   *buf = 0; /* add terminator */
1382 
1383   return 1;
1384 }
1385 
log_packet(char * type,void * addr,unsigned char * ext_mac,int mac_len,char * interface,char * string,u32 xid)1386 static void log_packet(char *type, void *addr, unsigned char *ext_mac,
1387 		       int mac_len, char *interface, char *string, u32 xid)
1388 {
1389   struct in_addr a;
1390 
1391   /* addr may be misaligned */
1392   if (addr)
1393     memcpy(&a, addr, sizeof(a));
1394 
1395   print_mac(daemon->namebuff, ext_mac, mac_len);
1396 
1397   if(daemon->options & OPT_LOG_OPTS)
1398      my_syslog(MS_DHCP | LOG_INFO, "%u %s(%s) %s%s%s %s",
1399 	       ntohl(xid),
1400 	       type,
1401 	       interface,
1402 	       addr ? inet_ntoa(a) : "",
1403 	       addr ? " " : "",
1404 	       daemon->namebuff,
1405 	       string ? string : "");
1406   else
1407     my_syslog(MS_DHCP | LOG_INFO, "%s(%s) %s%s%s %s",
1408 	      type,
1409 	      interface,
1410 	      addr ? inet_ntoa(a) : "",
1411 	      addr ? " " : "",
1412 	      daemon->namebuff,
1413 	      string ? string : "");
1414 }
1415 
log_options(unsigned char * start,u32 xid)1416 static void log_options(unsigned char *start, u32 xid)
1417 {
1418   while (*start != OPTION_END)
1419     {
1420       int is_ip, is_name, i;
1421       char *text = option_string(start[0], &is_ip, &is_name);
1422       unsigned char trunc = option_len(start);
1423 
1424       if (is_ip)
1425 	for (daemon->namebuff[0]= 0, i = 0; i <= trunc - INADDRSZ; i += INADDRSZ)
1426 	  {
1427 	    if (i != 0)
1428 	      strncat(daemon->namebuff, ", ", 256 - strlen(daemon->namebuff));
1429 	    strncat(daemon->namebuff, inet_ntoa(option_addr_arr(start, i)), 256 - strlen(daemon->namebuff));
1430 	  }
1431       else if (!is_name || !sanitise(start, daemon->namebuff))
1432 	{
1433 	  if (trunc > 13)
1434 	    trunc = 13;
1435 	  print_mac(daemon->namebuff, option_ptr(start, 0), trunc);
1436 	}
1437 
1438       my_syslog(MS_DHCP | LOG_INFO, "%u sent size:%3d option:%3d%s%s%s%s%s",
1439 		ntohl(xid), option_len(start), start[0],
1440 		text ? ":" : "", text ? text : "",
1441 		trunc == 0 ? "" : "  ",
1442 		trunc == 0 ? "" : daemon->namebuff,
1443 		trunc == option_len(start) ? "" : "...");
1444       start += start[1] + 2;
1445     }
1446 }
1447 
option_find1(unsigned char * p,unsigned char * end,int opt,int minsize)1448 static unsigned char *option_find1(unsigned char *p, unsigned char *end, int opt, int minsize)
1449 {
1450   while (1)
1451     {
1452       if (p > end)
1453 	return NULL;
1454       else if (*p == OPTION_END)
1455 	return opt == OPTION_END ? p : NULL;
1456       else if (*p == OPTION_PAD)
1457 	p++;
1458       else
1459 	{
1460 	  int opt_len;
1461 	  if (p > end - 2)
1462 	    return NULL; /* malformed packet */
1463 	  opt_len = option_len(p);
1464 	  if (p > end - (2 + opt_len))
1465 	    return NULL; /* malformed packet */
1466 	  if (*p == opt && opt_len >= minsize)
1467 	    return p;
1468 	  p += opt_len + 2;
1469 	}
1470     }
1471 }
1472 
option_find(struct dhcp_packet * mess,size_t size,int opt_type,int minsize)1473 static unsigned char *option_find(struct dhcp_packet *mess, size_t size, int opt_type, int minsize)
1474 {
1475   unsigned char *ret, *overload;
1476 
1477   /* skip over DHCP cookie; */
1478   if ((ret = option_find1(&mess->options[0] + sizeof(u32), ((unsigned char *)mess) + size, opt_type, minsize)))
1479     return ret;
1480 
1481   /* look for overload option. */
1482   if (!(overload = option_find1(&mess->options[0] + sizeof(u32), ((unsigned char *)mess) + size, OPTION_OVERLOAD, 1)))
1483     return NULL;
1484 
1485   /* Can we look in filename area ? */
1486   if ((overload[2] & 1) &&
1487       (ret = option_find1(&mess->file[0], &mess->file[128], opt_type, minsize)))
1488     return ret;
1489 
1490   /* finally try sname area */
1491   if ((overload[2] & 2) &&
1492       (ret = option_find1(&mess->sname[0], &mess->sname[64], opt_type, minsize)))
1493     return ret;
1494 
1495   return NULL;
1496 }
1497 
option_addr_arr(unsigned char * opt,int offset)1498 static struct in_addr option_addr_arr(unsigned char *opt, int offset)
1499 {
1500   /* this worries about unaligned data in the option. */
1501   /* struct in_addr is network byte order */
1502   struct in_addr ret;
1503 
1504   memcpy(&ret, option_ptr(opt, offset), INADDRSZ);
1505 
1506   return ret;
1507 }
1508 
option_addr(unsigned char * opt)1509 static struct in_addr option_addr(unsigned char *opt)
1510 {
1511   return option_addr_arr(opt, 0);
1512 }
1513 
option_uint(unsigned char * opt,int offset,int size)1514 static unsigned int option_uint(unsigned char *opt, int offset, int size)
1515 {
1516   /* this worries about unaligned data and byte order */
1517   unsigned int ret = 0;
1518   int i;
1519   unsigned char *p = option_ptr(opt, offset);
1520 
1521   for (i = 0; i < size; i++)
1522     ret = (ret << 8) | *p++;
1523 
1524   return ret;
1525 }
1526 
dhcp_skip_opts(unsigned char * start)1527 static unsigned char *dhcp_skip_opts(unsigned char *start)
1528 {
1529   while (*start != 0)
1530     start += start[1] + 2;
1531   return start;
1532 }
1533 
1534 /* only for use when building packet: doesn't check for bad data. */
find_overload(struct dhcp_packet * mess)1535 static unsigned char *find_overload(struct dhcp_packet *mess)
1536 {
1537   unsigned char *p = &mess->options[0] + sizeof(u32);
1538 
1539   while (*p != 0)
1540     {
1541       if (*p == OPTION_OVERLOAD)
1542 	return p;
1543       p += p[1] + 2;
1544     }
1545   return NULL;
1546 }
1547 
dhcp_packet_size(struct dhcp_packet * mess,struct dhcp_netid * netid,unsigned char * agent_id,unsigned char * real_end)1548 static size_t dhcp_packet_size(struct dhcp_packet *mess, struct dhcp_netid *netid,
1549 			       unsigned char *agent_id, unsigned char *real_end)
1550 {
1551   unsigned char *p = dhcp_skip_opts(&mess->options[0] + sizeof(u32));
1552   unsigned char *overload;
1553   size_t ret;
1554   struct dhcp_netid_list *id_list;
1555   struct dhcp_netid *n;
1556 
1557   /* move agent_id back down to the end of the packet */
1558   if (agent_id)
1559     {
1560       memmove(p, agent_id, real_end - agent_id);
1561       p += real_end - agent_id;
1562       memset(p, 0, real_end - p); /* in case of overlap */
1563     }
1564 
1565   /* We do logging too */
1566   if (netid && (daemon->options & OPT_LOG_OPTS))
1567     {
1568       char *s = daemon->namebuff;
1569       for (*s = 0; netid; netid = netid->next)
1570 	{
1571 	  /* kill dupes. */
1572 	  for (n = netid->next; n; n = n->next)
1573 	    if (strcmp(netid->net, n->net) == 0)
1574 	      break;
1575 
1576 	  if (!n)
1577 	    {
1578 	      strncat (s, netid->net, (MAXDNAME-1) - strlen(s));
1579 	      if (netid->next)
1580 		strncat (s, ", ", (MAXDNAME-1) - strlen(s));
1581 	    }
1582 	}
1583       my_syslog(MS_DHCP | LOG_INFO, _("%u tags: %s"), ntohl(mess->xid), s);
1584     }
1585 
1586   /* add END options to the regions. */
1587   overload = find_overload(mess);
1588 
1589   if (overload && (option_uint(overload, 0, 1) & 1))
1590     {
1591       *dhcp_skip_opts(mess->file) = OPTION_END;
1592       if (daemon->options & OPT_LOG_OPTS)
1593 	log_options(mess->file, mess->xid);
1594     }
1595   else if ((daemon->options & OPT_LOG_OPTS) && strlen((char *)mess->file) != 0)
1596     my_syslog(MS_DHCP | LOG_INFO, _("%u bootfile name: %s"), ntohl(mess->xid), (char *)mess->file);
1597 
1598   if (overload && (option_uint(overload, 0, 1) & 2))
1599     {
1600       *dhcp_skip_opts(mess->sname) = OPTION_END;
1601       if (daemon->options & OPT_LOG_OPTS)
1602 	log_options(mess->sname, mess->xid);
1603     }
1604   else if ((daemon->options & OPT_LOG_OPTS) && strlen((char *)mess->sname) != 0)
1605     my_syslog(MS_DHCP | LOG_INFO, _("%u server name: %s"), ntohl(mess->xid), (char *)mess->sname);
1606 
1607 
1608   *p++ = OPTION_END;
1609 
1610   if (daemon->options & OPT_LOG_OPTS)
1611     {
1612       if (mess->siaddr.s_addr != 0)
1613 	my_syslog(MS_DHCP | LOG_INFO, _("%u next server: %s"), ntohl(mess->xid), inet_ntoa(mess->siaddr));
1614 
1615       log_options(&mess->options[0] + sizeof(u32), mess->xid);
1616     }
1617 
1618   for (id_list = daemon->force_broadcast; id_list; id_list = id_list->next)
1619     if (match_netid(id_list->list, netid, 0))
1620       mess->flags |= htons(0x8000); /* force broadcast */
1621 
1622   ret = (size_t)(p - (unsigned char *)mess);
1623 
1624   if (ret < MIN_PACKETSZ)
1625     ret = MIN_PACKETSZ;
1626 
1627   return ret;
1628 }
1629 
free_space(struct dhcp_packet * mess,unsigned char * end,int opt,int len)1630 static unsigned char *free_space(struct dhcp_packet *mess, unsigned char *end, int opt, int len)
1631 {
1632   unsigned char *p = dhcp_skip_opts(&mess->options[0] + sizeof(u32));
1633 
1634   if (p + len + 3 >= end)
1635     /* not enough space in options area, try and use overload, if poss */
1636     {
1637       unsigned char *overload;
1638 
1639       if (!(overload = find_overload(mess)) &&
1640 	  (mess->file[0] == 0 || mess->sname[0] == 0))
1641 	{
1642 	  /* attempt to overload fname and sname areas, we've reserved space for the
1643 	     overflow option previuously. */
1644 	  overload = p;
1645 	  *(p++) = OPTION_OVERLOAD;
1646 	  *(p++) = 1;
1647 	}
1648 
1649       p = NULL;
1650 
1651       /* using filename field ? */
1652       if (overload)
1653 	{
1654 	  if (mess->file[0] == 0)
1655 	    overload[2] |= 1;
1656 
1657 	  if (overload[2] & 1)
1658 	    {
1659 	      p = dhcp_skip_opts(mess->file);
1660 	      if (p + len + 3 >= mess->file + sizeof(mess->file))
1661 		p = NULL;
1662 	    }
1663 
1664 	  if (!p)
1665 	    {
1666 	      /* try to bring sname into play (it may be already) */
1667 	      if (mess->sname[0] == 0)
1668 		overload[2] |= 2;
1669 
1670 	      if (overload[2] & 2)
1671 		{
1672 		  p = dhcp_skip_opts(mess->sname);
1673 		  if (p + len + 3 >= mess->sname + sizeof(mess->file))
1674 		    p = NULL;
1675 		}
1676 	    }
1677 	}
1678 
1679       if (!p)
1680 	my_syslog(MS_DHCP | LOG_WARNING, _("cannot send DHCP/BOOTP option %d: no space left in packet"), opt);
1681     }
1682 
1683   if (p)
1684     {
1685       *(p++) = opt;
1686       *(p++) = len;
1687     }
1688 
1689   return p;
1690 }
1691 
option_put(struct dhcp_packet * mess,unsigned char * end,int opt,int len,unsigned int val)1692 static void option_put(struct dhcp_packet *mess, unsigned char *end, int opt, int len, unsigned int val)
1693 {
1694   int i;
1695   unsigned char *p = free_space(mess, end, opt, len);
1696 
1697   if (p)
1698     for (i = 0; i < len; i++)
1699       *(p++) = val >> (8 * (len - (i + 1)));
1700 }
1701 
option_put_string(struct dhcp_packet * mess,unsigned char * end,int opt,char * string,int null_term)1702 static void option_put_string(struct dhcp_packet *mess, unsigned char *end, int opt,
1703 			      char *string, int null_term)
1704 {
1705   unsigned char *p;
1706   size_t len = strlen(string);
1707 
1708   if (null_term && len != 255)
1709     len++;
1710 
1711   if ((p = free_space(mess, end, opt, len)))
1712     memcpy(p, string, len);
1713 }
1714 
1715 /* return length, note this only does the data part */
do_opt(struct dhcp_opt * opt,unsigned char * p,struct dhcp_context * context,int null_term)1716 static int do_opt(struct dhcp_opt *opt, unsigned char *p, struct dhcp_context *context, int null_term)
1717 {
1718   int len = opt->len;
1719 
1720   if ((opt->flags & DHOPT_STRING) && null_term && len != 255)
1721     len++;
1722 
1723   if (p && len != 0)
1724     {
1725       if (context && (opt->flags & DHOPT_ADDR))
1726 	{
1727 	  int j;
1728 	  struct in_addr *a = (struct in_addr *)opt->val;
1729 	  for (j = 0; j < opt->len; j+=INADDRSZ, a++)
1730 	    {
1731 	      /* zero means "self" (but not in vendorclass options.) */
1732 	      if (a->s_addr == 0)
1733 		memcpy(p, &context->local, INADDRSZ);
1734 	      else
1735 		memcpy(p, a, INADDRSZ);
1736 	      p += INADDRSZ;
1737 	    }
1738 	}
1739       else
1740 	memcpy(p, opt->val, len);
1741     }
1742   return len;
1743 }
1744 
in_list(unsigned char * list,int opt)1745 static int in_list(unsigned char *list, int opt)
1746 {
1747   int i;
1748 
1749    /* If no requested options, send everything, not nothing. */
1750   if (!list)
1751     return 1;
1752 
1753   for (i = 0; list[i] != OPTION_END; i++)
1754     if (opt == list[i])
1755       return 1;
1756 
1757   return 0;
1758 }
1759 
option_find2(struct dhcp_netid * netid,struct dhcp_opt * opts,int opt)1760 static struct dhcp_opt *option_find2(struct dhcp_netid *netid, struct dhcp_opt *opts, int opt)
1761 {
1762   struct dhcp_opt *tmp;
1763   for (tmp = opts; tmp; tmp = tmp->next)
1764     if (tmp->opt == opt && !(tmp->flags & (DHOPT_ENCAPSULATE | DHOPT_VENDOR)))
1765       if (match_netid(tmp->netid, netid, netid ? 0 : 1))
1766 	return tmp;
1767 
1768   return netid ? option_find2(NULL, opts, opt) : NULL;
1769 }
1770 
1771 /* mark vendor-encapsulated options which match the client-supplied  or
1772    config-supplied vendor class */
match_vendor_opts(unsigned char * opt,struct dhcp_opt * dopt)1773 static void match_vendor_opts(unsigned char *opt, struct dhcp_opt *dopt)
1774 {
1775   for (; dopt; dopt = dopt->next)
1776     {
1777       dopt->flags &= ~DHOPT_VENDOR_MATCH;
1778       if (opt && (dopt->flags & DHOPT_VENDOR))
1779 	{
1780 	  int i, len = 0;
1781 	  if (dopt->u.vendor_class)
1782 	    len = strlen((char *)dopt->u.vendor_class);
1783 	  for (i = 0; i <= (option_len(opt) - len); i++)
1784 	    if (len == 0 || memcmp(dopt->u.vendor_class, option_ptr(opt, i), len) == 0)
1785 	      {
1786 		dopt->flags |= DHOPT_VENDOR_MATCH;
1787 		break;
1788 	      }
1789 	}
1790     }
1791 }
1792 
do_encap_opts(struct dhcp_opt * opt,int encap,int flag,struct dhcp_packet * mess,unsigned char * end,int null_term)1793 static void do_encap_opts(struct dhcp_opt *opt, int encap, int flag,
1794 			  struct dhcp_packet *mess, unsigned char *end, int null_term)
1795 {
1796   int len, enc_len;
1797   struct dhcp_opt *start;
1798   unsigned char *p;
1799 
1800   /* find size in advance */
1801   for (enc_len = 0, start = opt; opt; opt = opt->next)
1802     if (opt->flags & flag)
1803       {
1804 	int new = do_opt(opt, NULL, NULL, null_term) + 2;
1805 	if (enc_len + new <= 255)
1806 	  enc_len += new;
1807 	else
1808 	  {
1809 	    p = free_space(mess, end, encap, enc_len);
1810 	    for (; start && start != opt; start = start->next)
1811 	      if (p && (start->flags & flag))
1812 		{
1813 		  len = do_opt(start, p + 2, NULL, null_term);
1814 		  *(p++) = start->opt;
1815 		  *(p++) = len;
1816 		  p += len;
1817 		}
1818 	    enc_len = new;
1819 	    start = opt;
1820 	  }
1821       }
1822 
1823   if (enc_len != 0 &&
1824       (p = free_space(mess, end, encap, enc_len + 1)))
1825     {
1826       for (; start; start = start->next)
1827 	if (start->flags & flag)
1828 	  {
1829 	    len = do_opt(start, p + 2, NULL, null_term);
1830 	    *(p++) = start->opt;
1831 	    *(p++) = len;
1832 	    p += len;
1833 	  }
1834       *p = OPTION_END;
1835     }
1836 }
1837 
pxe_misc(struct dhcp_packet * mess,unsigned char * end,unsigned char * uuid)1838 static void pxe_misc(struct dhcp_packet *mess, unsigned char *end, unsigned char *uuid)
1839 {
1840   unsigned char *p;
1841 
1842   option_put_string(mess, end, OPTION_VENDOR_ID, "PXEClient", 0);
1843   if (uuid && (p = free_space(mess, end, OPTION_PXE_UUID, 17)))
1844     memcpy(p, uuid, 17);
1845 }
1846 
prune_vendor_opts(struct dhcp_netid * netid)1847 static int prune_vendor_opts(struct dhcp_netid *netid)
1848 {
1849   int force = 0;
1850   struct dhcp_opt *opt;
1851 
1852   /* prune vendor-encapsulated options based on netid, and look if we're forcing them to be sent */
1853   for (opt = daemon->dhcp_opts; opt; opt = opt->next)
1854     if (opt->flags & DHOPT_VENDOR_MATCH)
1855       {
1856 	if (!match_netid(opt->netid, netid, 1))
1857 	  opt->flags &= ~DHOPT_VENDOR_MATCH;
1858 	else if (opt->flags & DHOPT_FORCE)
1859 	  force = 1;
1860       }
1861   return force;
1862 }
1863 
pxe_opts(int pxe_arch,struct dhcp_netid * netid)1864 static struct dhcp_opt *pxe_opts(int pxe_arch, struct dhcp_netid *netid)
1865 {
1866 #define NUM_OPTS 4
1867 
1868   unsigned  char *p, *q;
1869   struct pxe_service *service;
1870   static struct dhcp_opt *o, *ret;
1871   int i, j = NUM_OPTS - 1;
1872 
1873   /* We pass back references to these, hence they are declared static */
1874   static unsigned char discovery_control;
1875   static unsigned char fake_prompt[] = { 0, 'P', 'X', 'E' };
1876   static struct dhcp_opt *fake_opts = NULL;
1877 
1878   /* We are found by broadcast, so disable multicast. It gets switched on again
1879      if we point to other servers and don't give a unicast address. Note that
1880      we don't provide our own address for services we are the boot server for because unicast
1881      discovery is to port 4011 and we don't listen there. If you are using proxy DHCP
1882      and DHCP relays, the relay will need to forward to the proxy too. */
1883   discovery_control = 2;
1884 
1885   ret = daemon->dhcp_opts;
1886 
1887   if (!fake_opts && !(fake_opts = whine_malloc(NUM_OPTS * sizeof(struct dhcp_opt))))
1888     return ret;
1889 
1890   for (i = 0; i < NUM_OPTS; i++)
1891     {
1892       fake_opts[i].flags = DHOPT_VENDOR_MATCH;
1893       fake_opts[i].netid = NULL;
1894       fake_opts[i].next = i == (NUM_OPTS - 1) ? ret : &fake_opts[i+1];
1895     }
1896 
1897   /* create the data for the PXE_MENU and PXE_SERVERS options. */
1898   p = (unsigned char *)daemon->dhcp_buff;
1899   q = (unsigned char *)daemon->dhcp_buff2;
1900 
1901   for (i = 0, service = daemon->pxe_services; service; service = service->next)
1902     if (pxe_arch == service->CSA && match_netid(service->netid, netid, 1))
1903       {
1904 	size_t len = strlen(service->menu);
1905 	/* opt 43 max size is 255. encapsulated option has type and length
1906 	   bytes, so its max size is 253. */
1907 	if (p - (unsigned char *)daemon->dhcp_buff + len + 3 < 253)
1908 	  {
1909 	    *(p++) = service->type >> 8;
1910 	    *(p++) = service->type;
1911 	    *(p++) = len;
1912 	    memcpy(p, service->menu, len);
1913 	    p += len;
1914 	    i++;
1915 	  }
1916 	else
1917 	  {
1918 	  toobig:
1919 	    my_syslog(MS_DHCP | LOG_ERR, _("PXE menu too large"));
1920 	    return daemon->dhcp_opts;
1921 	  }
1922 
1923 	if (!service->basename)
1924 	  {
1925 	    if (service->server.s_addr != 0)
1926 	      {
1927 		if (q - (unsigned char *)daemon->dhcp_buff2 + 3 + INADDRSZ >= 253)
1928 		  goto toobig;
1929 
1930 		/* Boot service with known address - give it */
1931 		*(q++) = service->type >> 8;
1932 		*(q++) = service->type;
1933 		*(q++) = 1;
1934 		/* dest misaligned */
1935 		memcpy(q, &service->server.s_addr, INADDRSZ);
1936 		q += INADDRSZ;
1937 	      }
1938 	    else if (service->type != 0)
1939 	      /* We're not supplying a server, so let the client multicast.
1940 		 type zero is "local boot" so no need for M/C on that. */
1941 	      discovery_control = 0;
1942 	  }
1943       }
1944 
1945   /* if no prompt, wait forever if there's a choice */
1946   fake_prompt[0] = (i > 1) ? 255 : 0;
1947 
1948   if (i == 0)
1949     discovery_control = 8; /* no menu - just use use mess->filename */
1950   else
1951     {
1952       ret = &fake_opts[j--];
1953       ret->len = p - (unsigned char *)daemon->dhcp_buff;
1954       ret->val = (unsigned char *)daemon->dhcp_buff;
1955       ret->opt = SUBOPT_PXE_MENU;
1956 
1957       if (q - (unsigned char *)daemon->dhcp_buff2 != 0)
1958 	{
1959 	  ret = &fake_opts[j--];
1960 	  ret->len = q - (unsigned char *)daemon->dhcp_buff2;
1961 	  ret->val = (unsigned char *)daemon->dhcp_buff2;
1962 	  ret->opt = SUBOPT_PXE_SERVERS;
1963 	}
1964     }
1965 
1966   for (o = daemon->dhcp_opts; o; o = o->next)
1967     if ((o->flags & DHOPT_VENDOR_MATCH) && o->opt == SUBOPT_PXE_MENU_PROMPT)
1968       break;
1969 
1970   if (!o)
1971     {
1972       ret = &fake_opts[j--];
1973       ret->len = sizeof(fake_prompt);
1974       ret->val = fake_prompt;
1975       ret->opt = SUBOPT_PXE_MENU_PROMPT;
1976     }
1977 
1978   if (discovery_control != 0)
1979     {
1980       ret = &fake_opts[j--];
1981       ret->len = 1;
1982       ret->opt = SUBOPT_PXE_DISCOVERY;
1983       ret->val= &discovery_control;
1984     }
1985 
1986   return ret;
1987 }
1988 
clear_packet(struct dhcp_packet * mess,unsigned char * end)1989 static void clear_packet(struct dhcp_packet *mess, unsigned char *end)
1990 {
1991   memset(mess->sname, 0, sizeof(mess->sname));
1992   memset(mess->file, 0, sizeof(mess->file));
1993   memset(&mess->options[0] + sizeof(u32), 0, end - (&mess->options[0] + sizeof(u32)));
1994   mess->siaddr.s_addr = 0;
1995 }
1996 
find_boot(struct dhcp_netid * netid)1997 struct dhcp_boot *find_boot(struct dhcp_netid *netid)
1998 {
1999   struct dhcp_boot *boot;
2000 
2001   /* decide which dhcp-boot option we're using */
2002   for (boot = daemon->boot_config; boot; boot = boot->next)
2003     if (match_netid(boot->netid, netid, 0))
2004       break;
2005   if (!boot)
2006     /* No match, look for one without a netid */
2007     for (boot = daemon->boot_config; boot; boot = boot->next)
2008       if (match_netid(boot->netid, netid, 1))
2009 	break;
2010 
2011   return boot;
2012 }
2013 
do_options(struct dhcp_context * context,struct dhcp_packet * mess,unsigned char * end,unsigned char * req_options,char * hostname,char * domain,char * config_domain,struct dhcp_netid * netid,struct in_addr subnet_addr,unsigned char fqdn_flags,int null_term,int pxe_arch,unsigned char * uuid)2014 static void do_options(struct dhcp_context *context,
2015 		       struct dhcp_packet *mess,
2016 		       unsigned char *end,
2017 		       unsigned char *req_options,
2018 		       char *hostname,
2019 		       char *domain, char *config_domain,
2020 		       struct dhcp_netid *netid,
2021 		       struct in_addr subnet_addr,
2022 		       unsigned char fqdn_flags,
2023 		       int null_term, int pxe_arch,
2024 		       unsigned char *uuid)
2025 {
2026   struct dhcp_opt *opt, *config_opts = daemon->dhcp_opts;
2027   struct dhcp_boot *boot;
2028   unsigned char *p;
2029   int i, len, force_encap = 0;
2030   unsigned char f0 = 0, s0 = 0;
2031   int done_file = 0, done_server = 0;
2032 
2033   if (config_domain && (!domain || !hostname_isequal(domain, config_domain)))
2034     my_syslog(MS_DHCP | LOG_WARNING, _("Ignoring domain %s for DHCP host name %s"), config_domain, hostname);
2035 
2036   /* logging */
2037   if ((daemon->options & OPT_LOG_OPTS) && req_options)
2038     {
2039       char *q = daemon->namebuff;
2040       for (i = 0; req_options[i] != OPTION_END; i++)
2041 	{
2042 	  char *s = option_string(req_options[i], NULL, NULL);
2043 	  q += snprintf(q, MAXDNAME - (q - daemon->namebuff),
2044 			"%d%s%s%s",
2045 			req_options[i],
2046 			s ? ":" : "",
2047 			s ? s : "",
2048 			req_options[i+1] == OPTION_END ? "" : ", ");
2049 	  if (req_options[i+1] == OPTION_END || (q - daemon->namebuff) > 40)
2050 	    {
2051 	      q = daemon->namebuff;
2052 	      my_syslog(MS_DHCP | LOG_INFO, _("%u requested options: %s"), ntohl(mess->xid), daemon->namebuff);
2053 	    }
2054 	}
2055     }
2056 
2057   if (context)
2058     mess->siaddr = context->local;
2059 
2060   /* See if we can send the boot stuff as options.
2061      To do this we need a requested option list, BOOTP
2062      and very old DHCP clients won't have this, we also
2063      provide an manual option to disable it.
2064      Some PXE ROMs have bugs (surprise!) and need zero-terminated
2065      names, so we always send those.  */
2066   if ((boot = find_boot(netid)))
2067     {
2068       if (boot->sname)
2069 	{
2070 	  if (!(daemon->options & OPT_NO_OVERRIDE) &&
2071 	      req_options &&
2072 	      in_list(req_options, OPTION_SNAME))
2073 	    option_put_string(mess, end, OPTION_SNAME, boot->sname, 1);
2074 	  else
2075 	    strncpy((char *)mess->sname, boot->sname, sizeof(mess->sname)-1);
2076 	}
2077 
2078       if (boot->file)
2079 	{
2080 	  if (!(daemon->options & OPT_NO_OVERRIDE) &&
2081 	      req_options &&
2082 	      in_list(req_options, OPTION_FILENAME))
2083 	    option_put_string(mess, end, OPTION_FILENAME, boot->file, 1);
2084 	  else
2085 	    strncpy((char *)mess->file, boot->file, sizeof(mess->file)-1);
2086 	}
2087 
2088       if (boot->next_server.s_addr)
2089 	mess->siaddr = boot->next_server;
2090     }
2091   else
2092     /* Use the values of the relevant options if no dhcp-boot given and
2093        they're not explicitly asked for as options. OPTION_END is used
2094        as an internal way to specify siaddr without using dhcp-boot, for use in
2095        dhcp-optsfile. */
2096     {
2097       if ((!req_options || !in_list(req_options, OPTION_FILENAME)) && mess->file[0] == 0 &&
2098 	  (opt = option_find2(netid, config_opts, OPTION_FILENAME)) && !(opt->flags & DHOPT_FORCE))
2099 	{
2100 	  strncpy((char *)mess->file, (char *)opt->val, sizeof(mess->file)-1);
2101 	  done_file = 1;
2102 	}
2103 
2104       if ((!req_options || !in_list(req_options, OPTION_SNAME)) &&
2105 	  (opt = option_find2(netid, config_opts, OPTION_SNAME)) && !(opt->flags & DHOPT_FORCE))
2106 	{
2107 	  strncpy((char *)mess->sname, (char *)opt->val, sizeof(mess->sname)-1);
2108 	  done_server = 1;
2109 	}
2110 
2111       if ((opt = option_find2(netid, config_opts, OPTION_END)))
2112 	mess->siaddr.s_addr = ((struct in_addr *)opt->val)->s_addr;
2113     }
2114 
2115   /* We don't want to do option-overload for BOOTP, so make the file and sname
2116      fields look like they are in use, even when they aren't. This gets restored
2117      at the end of this function. */
2118 
2119   if (!req_options || (daemon->options & OPT_NO_OVERRIDE))
2120     {
2121       f0 = mess->file[0];
2122       mess->file[0] = 1;
2123       s0 = mess->sname[0];
2124       mess->sname[0] = 1;
2125     }
2126 
2127   /* At this point, if mess->sname or mess->file are zeroed, they are available
2128      for option overload, reserve space for the overload option. */
2129   if (mess->file[0] == 0 || mess->sname[0] == 0)
2130     end -= 3;
2131 
2132   /* rfc3011 says this doesn't need to be in the requested options list. */
2133   if (subnet_addr.s_addr)
2134     option_put(mess, end, OPTION_SUBNET_SELECT, INADDRSZ, ntohl(subnet_addr.s_addr));
2135 
2136   /* replies to DHCPINFORM may not have a valid context */
2137   if (context)
2138     {
2139       if (!option_find2(netid, config_opts, OPTION_NETMASK))
2140 	option_put(mess, end, OPTION_NETMASK, INADDRSZ, ntohl(context->netmask.s_addr));
2141 
2142       /* May not have a "guessed" broadcast address if we got no packets via a relay
2143 	 from this net yet (ie just unicast renewals after a restart */
2144       if (context->broadcast.s_addr &&
2145 	  !option_find2(netid, config_opts, OPTION_BROADCAST))
2146 	option_put(mess, end, OPTION_BROADCAST, INADDRSZ, ntohl(context->broadcast.s_addr));
2147 
2148       /* Same comments as broadcast apply, and also may not be able to get a sensible
2149 	 default when using subnet select.  User must configure by steam in that case. */
2150       if (context->router.s_addr &&
2151 	  in_list(req_options, OPTION_ROUTER) &&
2152 	  !option_find2(netid, config_opts, OPTION_ROUTER))
2153 	option_put(mess, end, OPTION_ROUTER, INADDRSZ, ntohl(context->router.s_addr));
2154 
2155       if (in_list(req_options, OPTION_DNSSERVER) &&
2156 	  !option_find2(netid, config_opts, OPTION_DNSSERVER))
2157 	option_put(mess, end, OPTION_DNSSERVER, INADDRSZ, ntohl(context->local.s_addr));
2158     }
2159 
2160   if (domain && in_list(req_options, OPTION_DOMAINNAME) &&
2161       !option_find2(netid, config_opts, OPTION_DOMAINNAME))
2162     option_put_string(mess, end, OPTION_DOMAINNAME, domain, null_term);
2163 
2164   /* Note that we ignore attempts to set the fqdn using --dhc-option=81,<name> */
2165   if (hostname)
2166     {
2167       if (in_list(req_options, OPTION_HOSTNAME) &&
2168 	  !option_find2(netid, config_opts, OPTION_HOSTNAME))
2169 	option_put_string(mess, end, OPTION_HOSTNAME, hostname, null_term);
2170 
2171       if (fqdn_flags != 0)
2172 	{
2173 	  len = strlen(hostname) + 3;
2174 
2175 	  if (fqdn_flags & 0x04)
2176 	    len += 2;
2177 	  else if (null_term)
2178 	    len++;
2179 
2180 	  if (domain)
2181 	    len += strlen(domain) + 1;
2182 
2183 	  if ((p = free_space(mess, end, OPTION_CLIENT_FQDN, len)))
2184 	    {
2185 	      *(p++) = fqdn_flags;
2186 	      *(p++) = 255;
2187 	      *(p++) = 255;
2188 
2189 	      if (fqdn_flags & 0x04)
2190 		{
2191 		  p = do_rfc1035_name(p, hostname);
2192 		  if (domain)
2193 		    p = do_rfc1035_name(p, domain);
2194 		  *p++ = 0;
2195 		}
2196 	      else
2197 		{
2198 		  memcpy(p, hostname, strlen(hostname));
2199 		  p += strlen(hostname);
2200 		  if (domain)
2201 		    {
2202 		      *(p++) = '.';
2203 		      memcpy(p, domain, strlen(domain));
2204 		      p += strlen(domain);
2205 		    }
2206 		  if (null_term)
2207 		    *(p++) = 0;
2208 		}
2209 	    }
2210 	}
2211     }
2212 
2213   for (opt = config_opts; opt; opt = opt->next)
2214     {
2215       int optno = opt->opt;
2216 
2217       /* was it asked for, or are we sending it anyway? */
2218       if (!(opt->flags & DHOPT_FORCE) && !in_list(req_options, optno))
2219 	continue;
2220 
2221       /* prohibit some used-internally options */
2222       if (optno == OPTION_CLIENT_FQDN ||
2223 	  optno == OPTION_MAXMESSAGE ||
2224 	  optno == OPTION_OVERLOAD ||
2225 	  optno == OPTION_PAD ||
2226 	  optno == OPTION_END)
2227 	continue;
2228 
2229       if (optno == OPTION_SNAME && done_server)
2230 	continue;
2231 
2232       if (optno == OPTION_FILENAME && done_file)
2233 	continue;
2234 
2235       /* netids match and not encapsulated? */
2236       if (opt != option_find2(netid, config_opts, optno))
2237 	continue;
2238 
2239       /* For the options we have default values on
2240 	 dhc-option=<optionno> means "don't include this option"
2241 	 not "include a zero-length option" */
2242       if (opt->len == 0 &&
2243 	  (optno == OPTION_NETMASK ||
2244 	   optno == OPTION_BROADCAST ||
2245 	   optno == OPTION_ROUTER ||
2246 	   optno == OPTION_DNSSERVER ||
2247 	   optno == OPTION_DOMAINNAME ||
2248 	   optno == OPTION_HOSTNAME))
2249 	continue;
2250 
2251       /* vendor-class comes from elsewhere for PXE */
2252       if (pxe_arch != -1 && optno == OPTION_VENDOR_ID)
2253 	continue;
2254 
2255       /* always force null-term for filename and servername - buggy PXE again. */
2256       len = do_opt(opt, NULL, context,
2257 		   (optno == OPTION_SNAME || optno == OPTION_FILENAME) ? 1 : null_term);
2258 
2259       if ((p = free_space(mess, end, optno, len)))
2260 	{
2261 	  do_opt(opt, p, context,
2262 		 (optno == OPTION_SNAME || optno == OPTION_FILENAME) ? 1 : null_term);
2263 
2264 	  /* If we send a vendor-id, revisit which vendor-ops we consider
2265 	     it appropriate to send. */
2266 	  if (optno == OPTION_VENDOR_ID)
2267 	    match_vendor_opts(p - 2, config_opts);
2268 	}
2269     }
2270 
2271   /* Now send options to be encapsulated in arbitrary options,
2272      eg dhcp-option=encap:172,17,.......
2273      The may be more that one "outer" to do, so group
2274      all the options which match each outer in turn. */
2275   for (opt = config_opts; opt; opt = opt->next)
2276     opt->flags &= ~DHOPT_ENCAP_DONE;
2277 
2278   for (opt = config_opts; opt; opt = opt->next)
2279     if ((opt->flags & (DHOPT_ENCAPSULATE | DHOPT_ENCAP_DONE)) ==  DHOPT_ENCAPSULATE)
2280       {
2281 	struct dhcp_opt *o;
2282 	int found = 0;
2283 
2284 	for (o = config_opts; o; o = o->next)
2285 	  {
2286 	    o->flags &= ~DHOPT_ENCAP_MATCH;
2287 	    if ((o->flags & DHOPT_ENCAPSULATE) && opt->u.encap == o->u.encap)
2288 	      {
2289 		o->flags |= DHOPT_ENCAP_DONE;
2290 		if (match_netid(o->netid, netid, 1) &&
2291 		    (o->flags & DHOPT_FORCE || in_list(req_options, o->u.encap)))
2292 		  {
2293 		    o->flags |= DHOPT_ENCAP_MATCH;
2294 		    found = 1;
2295 		  }
2296 	      }
2297 	  }
2298 
2299 	if (found)
2300 	  do_encap_opts(config_opts, opt->u.encap, DHOPT_ENCAP_MATCH, mess, end, null_term);
2301       }
2302 
2303   /* Must precede pxe_opts, since it overwrites req_options */
2304   force_encap = prune_vendor_opts(netid);
2305   if (in_list(req_options, OPTION_VENDOR_CLASS_OPT))
2306     force_encap = 1;
2307 
2308   if (pxe_arch != -1)
2309     {
2310       pxe_misc(mess, end, uuid);
2311       config_opts = pxe_opts(pxe_arch, netid);
2312     }
2313 
2314   if (force_encap)
2315     do_encap_opts(config_opts, OPTION_VENDOR_CLASS_OPT, DHOPT_VENDOR_MATCH, mess, end, null_term);
2316 
2317    /* restore BOOTP anti-overload hack */
2318   if (!req_options || (daemon->options & OPT_NO_OVERRIDE))
2319     {
2320       mess->file[0] = f0;
2321       mess->sname[0] = s0;
2322     }
2323 }
2324 
2325 #endif
2326