3db0db213ea9abdc92ba995fe9a5e4a7b40927bb
[dragonfly.git] / sbin / dhclient / options.c
1 /*      $OpenBSD: src/sbin/dhclient/options.c,v 1.39 2011/05/11 14:38:36 krw Exp $      */
2
3 /* DHCP options parsing and reassembly. */
4
5 /*
6  * Copyright (c) 1995, 1996, 1997, 1998 The Internet Software Consortium.
7  * All rights reserved.
8  *
9  * Redistribution and use in source and binary forms, with or without
10  * modification, are permitted provided that the following conditions
11  * are met:
12  *
13  * 1. Redistributions of source code must retain the above copyright
14  *    notice, this list of conditions and the following disclaimer.
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in the
17  *    documentation and/or other materials provided with the distribution.
18  * 3. Neither the name of The Internet Software Consortium nor the names
19  *    of its contributors may be used to endorse or promote products derived
20  *    from this software without specific prior written permission.
21  *
22  * THIS SOFTWARE IS PROVIDED BY THE INTERNET SOFTWARE CONSORTIUM AND
23  * CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
24  * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
25  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
26  * DISCLAIMED.  IN NO EVENT SHALL THE INTERNET SOFTWARE CONSORTIUM OR
27  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
28  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
29  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
30  * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
31  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
32  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
33  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34  * SUCH DAMAGE.
35  *
36  * This software has been written for the Internet Software Consortium
37  * by Ted Lemon <mellon@fugue.com> in cooperation with Vixie
38  * Enterprises.  To learn more about the Internet Software Consortium,
39  * see ``http://www.vix.com/isc''.  To learn more about Vixie
40  * Enterprises, see ``http://www.vix.com''.
41  */
42
43 #include <ctype.h>
44
45 #include "dhcpd.h"
46
47 int parse_option_buffer(struct option_data *, unsigned char *, int);
48
49 /*
50  * Parse options out of the specified buffer, storing addresses of
51  * option values in options and setting client->options_valid if
52  * no errors are encountered.
53  */
54 int
55 parse_option_buffer(struct option_data *options, unsigned char *buffer,
56     int length)
57 {
58         unsigned char *s, *t, *end = buffer + length;
59         int len, code;
60
61         for (s = buffer; *s != DHO_END && s < end; ) {
62                 code = s[0];
63
64                 /* Pad options don't have a length - just skip them. */
65                 if (code == DHO_PAD) {
66                         s++;
67                         continue;
68                 }
69
70                 /*
71                  * All options other than DHO_PAD and DHO_END have a
72                  * one-byte length field.
73                  */
74                 if (s + 2 > end)
75                         len = 0;
76                 else
77                         len = s[1];
78
79                 /*
80                  * If the option claims to extend beyond the end of the buffer
81                  * then mark the options buffer bad.
82                  */
83                 if (s + len + 2 > end) {
84                         warning("option %s (%d) larger than buffer.",
85                             dhcp_options[code].name, len);
86                         warning("rejecting bogus offer.");
87                         return (0);
88                 }
89                 /*
90                  * If we haven't seen this option before, just make
91                  * space for it and copy it there.
92                  */
93                 if (!options[code].data) {
94                         if (!(t = calloc(1, len + 1)))
95                                 error("Can't allocate storage for option %s.",
96                                     dhcp_options[code].name);
97                         /*
98                          * Copy and NUL-terminate the option (in case
99                          * it's an ASCII string).
100                          */
101                         memcpy(t, &s[2], len);
102                         t[len] = 0;
103                         options[code].len = len;
104                         options[code].data = t;
105                 } else {
106                         /*
107                          * If it's a repeat, concatenate it to whatever
108                          * we last saw.   This is really only required
109                          * for clients, but what the heck...
110                          */
111                         t = calloc(1, len + options[code].len + 1);
112                         if (!t)
113                                 error("Can't expand storage for option %s.",
114                                     dhcp_options[code].name);
115                         memcpy(t, options[code].data, options[code].len);
116                         memcpy(t + options[code].len, &s[2], len);
117                         options[code].len += len;
118                         t[options[code].len] = 0;
119                         free(options[code].data);
120                         options[code].data = t;
121                 }
122                 s += len + 2;
123         }
124
125         return (1);
126 }
127
128 /*
129  * Copy as many options as fit in buflen bytes of buf. Return the
130  * offset of the start of the last option copied. A caller can check
131  * to see if it's DHO_END to decide if all the options were copied.
132  */
133 int
134 cons_options(struct option_data *options)
135 {
136         unsigned char *buf = client->packet.options;
137         int buflen = 576 - DHCP_FIXED_LEN;
138         int ix, incr, length, bufix, code, lastopt = -1;
139
140         bzero(buf, buflen);
141
142         memcpy(buf, DHCP_OPTIONS_COOKIE, 4);
143         if (options[DHO_DHCP_MESSAGE_TYPE].data) {
144                 memcpy(&buf[4], DHCP_OPTIONS_MESSAGE_TYPE, 3);
145                 buf[6] = options[DHO_DHCP_MESSAGE_TYPE].data[0];
146                 bufix = 7;
147         } else
148                 bufix = 4;
149
150         for (code = DHO_SUBNET_MASK; code < DHO_END; code++) {
151                 if (!options[code].data || code == DHO_DHCP_MESSAGE_TYPE)
152                         continue;
153
154                 length = options[code].len;
155                 if (bufix + length + 2*((length+254)/255) >= buflen)
156                         return (lastopt);
157
158                 lastopt = bufix;
159                 ix = 0;
160
161                 while (length) {
162                         incr = length > 255 ? 255 : length;
163
164                         buf[bufix++] = code;
165                         buf[bufix++] = incr;
166                         memcpy(buf + bufix, options[code].data + ix, incr);
167
168                         length -= incr;
169                         ix += incr;
170                         bufix += incr;
171                 }
172         }
173
174         if (bufix < buflen) {
175                 buf[bufix] = DHO_END;
176                 lastopt = bufix;
177         }
178
179         return (lastopt);
180 }
181
182 /*
183  * Format the specified option so that a human can easily read it.
184  */
185 char *
186 pretty_print_option(unsigned int code, unsigned char *data, int len,
187     int emit_commas, int emit_quotes)
188 {
189         static char optbuf[32768]; /* XXX */
190         int hunksize = 0, numhunk = -1, numelem = 0;
191         char fmtbuf[32], *op = optbuf;
192         int i, j, k, opleft = sizeof(optbuf);
193         unsigned char *dp = data;
194         struct in_addr foo;
195         char comma;
196
197         /* Code should be between 0 and 255. */
198         if (code > 255)
199                 error("pretty_print_option: bad code %d", code);
200
201         if (emit_commas)
202                 comma = ',';
203         else
204                 comma = ' ';
205
206         /* Figure out the size of the data. */
207         for (i = 0; dhcp_options[code].format[i]; i++) {
208                 if (!numhunk) {
209                         warning("%s: Excess information in format string: %s",
210                             dhcp_options[code].name,
211                             &(dhcp_options[code].format[i]));
212                         break;
213                 }
214                 numelem++;
215                 fmtbuf[i] = dhcp_options[code].format[i];
216                 switch (dhcp_options[code].format[i]) {
217                 case 'A':
218                         --numelem;
219                         fmtbuf[i] = 0;
220                         numhunk = 0;
221                         if (hunksize == 0) {
222                                 warning("%s: no size indicator before A"
223                                     " in format string: %s",
224                                     dhcp_options[code].name,
225                                     dhcp_options[code].format);
226                                 return ("<fmt error>");
227                         }
228                         break;
229                 case 'X':
230                         for (k = 0; k < len; k++)
231                                 if (!isascii(data[k]) ||
232                                     !isprint(data[k]))
233                                         break;
234                         if (k == len) {
235                                 fmtbuf[i] = 't';
236                                 numhunk = -2;
237                         } else {
238                                 fmtbuf[i] = 'x';
239                                 hunksize++;
240                                 comma = ':';
241                                 numhunk = 0;
242                         }
243                         fmtbuf[i + 1] = 0;
244                         break;
245                 case 't':
246                         fmtbuf[i] = 't';
247                         fmtbuf[i + 1] = 0;
248                         numhunk = -2;
249                         break;
250                 case 'I':
251                 case 'l':
252                 case 'L':
253                         hunksize += 4;
254                         break;
255                 case 's':
256                 case 'S':
257                         hunksize += 2;
258                         break;
259                 case 'b':
260                 case 'B':
261                 case 'f':
262                         hunksize++;
263                         break;
264                 case 'e':
265                         break;
266                 default:
267                         warning("%s: garbage in format string: %s",
268                             dhcp_options[code].name,
269                             &(dhcp_options[code].format[i]));
270                         break;
271                 }
272         }
273
274         /* Check for too few bytes... */
275         if (hunksize > len) {
276                 warning("%s: expecting at least %d bytes; got %d",
277                     dhcp_options[code].name, hunksize, len);
278                 return ("<error>");
279         }
280         /* Check for too many bytes... */
281         if (numhunk == -1 && hunksize < len)
282                 warning("%s: %d extra bytes",
283                     dhcp_options[code].name, len - hunksize);
284
285         /* If this is an array, compute its size. */
286         if (!numhunk)
287                 numhunk = len / hunksize;
288         /* See if we got an exact number of hunks. */
289         if (numhunk > 0 && numhunk * hunksize < len)
290                 warning("%s: %d extra bytes at end of array",
291                     dhcp_options[code].name, len - numhunk * hunksize);
292
293         /* A one-hunk array prints the same as a single hunk. */
294         if (numhunk < 0)
295                 numhunk = 1;
296
297         /* Cycle through the array (or hunk) printing the data. */
298         for (i = 0; i < numhunk; i++) {
299                 for (j = 0; j < numelem; j++) {
300                         int opcount;
301                         size_t oplen;
302                         switch (fmtbuf[j]) {
303                         case 't':
304                                 if (emit_quotes) {
305                                         *op++ = '"';
306                                         opleft--;
307                                 }
308                                 for (; dp < data + len; dp++) {
309                                         if (!isascii(*dp) ||
310                                             !isprint(*dp)) {
311                                                 if (dp + 1 != data + len ||
312                                                     *dp != 0) {
313                                                         size_t oplen;
314                                                         snprintf(op, opleft,
315                                                             "\\%03o", *dp);
316                                                         oplen = strlen(op);
317                                                         op += oplen;
318                                                         opleft -= oplen;
319                                                 }
320                                         } else if (*dp == '"' ||
321                                             *dp == '\'' ||
322                                             *dp == '$' ||
323                                             *dp == '`' ||
324                                             *dp == '\\') {
325                                                 *op++ = '\\';
326                                                 *op++ = *dp;
327                                                 opleft -= 2;
328                                         } else {
329                                                 *op++ = *dp;
330                                                 opleft--;
331                                         }
332                                 }
333                                 if (emit_quotes) {
334                                         *op++ = '"';
335                                         opleft--;
336                                 }
337
338                                 *op = 0;
339                                 break;
340                         case 'I':
341                                 foo.s_addr = htonl(getULong(dp));
342                                 opcount = strlcpy(op, inet_ntoa(foo), opleft);
343                                 if (opcount >= opleft)
344                                         goto toobig;
345                                 opleft -= opcount;
346                                 dp += 4;
347                                 break;
348                         case 'l':
349                                 opcount = snprintf(op, opleft, "%ld",
350                                     (long)getLong(dp));
351                                 if (opcount >= opleft || opcount == -1)
352                                         goto toobig;
353                                 opleft -= opcount;
354                                 dp += 4;
355                                 break;
356                         case 'L':
357                                 opcount = snprintf(op, opleft, "%ld",
358                                     (unsigned long)getULong(dp));
359                                 if (opcount >= opleft || opcount == -1)
360                                         goto toobig;
361                                 opleft -= opcount;
362                                 dp += 4;
363                                 break;
364                         case 's':
365                                 opcount = snprintf(op, opleft, "%d",
366                                     getShort(dp));
367                                 if (opcount >= opleft || opcount == -1)
368                                         goto toobig;
369                                 opleft -= opcount;
370                                 dp += 2;
371                                 break;
372                         case 'S':
373                                 opcount = snprintf(op, opleft, "%d",
374                                     getUShort(dp));
375                                 if (opcount >= opleft || opcount == -1)
376                                         goto toobig;
377                                 opleft -= opcount;
378                                 dp += 2;
379                                 break;
380                         case 'b':
381                                 opcount = snprintf(op, opleft, "%d",
382                                     *(char *)dp++);
383                                 if (opcount >= opleft || opcount == -1)
384                                         goto toobig;
385                                 opleft -= opcount;
386                                 break;
387                         case 'B':
388                                 opcount = snprintf(op, opleft, "%d", *dp++);
389                                 if (opcount >= opleft || opcount == -1)
390                                         goto toobig;
391                                 opleft -= opcount;
392                                 break;
393                         case 'x':
394                                 opcount = snprintf(op, opleft, "%x", *dp++);
395                                 if (opcount >= opleft || opcount == -1)
396                                         goto toobig;
397                                 opleft -= opcount;
398                                 break;
399                         case 'f':
400                                 opcount = strlcpy(op,
401                                     *dp++ ? "true" : "false", opleft);
402                                 if (opcount >= opleft)
403                                         goto toobig;
404                                 opleft -= opcount;
405                                 break;
406                         default:
407                                 warning("Unexpected format code %c", fmtbuf[j]);
408                         }
409                         oplen = strlen(op);
410                         op += oplen;
411                         opleft -= oplen;
412                         if (opleft < 1)
413                                 goto toobig;
414                         if (j + 1 < numelem && comma != ':') {
415                                 *op++ = ' ';
416                                 opleft--;
417                         }
418                 }
419                 if (i + 1 < numhunk) {
420                         *op++ = comma;
421                         opleft--;
422                 }
423                 if (opleft < 1)
424                         goto toobig;
425
426         }
427         return (optbuf);
428  toobig:
429         warning("dhcp option too large");
430         return ("<error>");
431 }
432
433 void
434 do_packet(int len, unsigned int from_port, struct iaddr from,
435     struct hardware *hfrom)
436 {
437         struct dhcp_packet *packet = &client->packet;
438         struct option_data options[256];
439         struct iaddrlist *ap;
440         void (*handler)(struct iaddr, struct option_data *);
441         char *type;
442         int i, options_valid = 1;
443
444         if (packet->hlen > sizeof(packet->chaddr)) {
445                 note("Discarding packet with invalid hlen.");
446                 return;
447         }
448
449         /*
450          * Silently drop the packet if the client hardware address in the
451          * packet is not the hardware address of the interface being managed.
452          */
453         if ((ifi->hw_address.hlen != packet->hlen) ||
454             (memcmp(ifi->hw_address.haddr, packet->chaddr, packet->hlen)))
455                 return;
456
457         memset(options, 0, sizeof(options));
458
459         if (memcmp(&packet->options, DHCP_OPTIONS_COOKIE, 4) == 0) {
460                 /* Parse the BOOTP/DHCP options field. */
461                 options_valid = parse_option_buffer(options,
462                     &packet->options[4], sizeof(packet->options) - 4);
463
464                 /* Only DHCP packets have overload areas for options. */
465                 if (options_valid &&
466                     options[DHO_DHCP_MESSAGE_TYPE].data &&
467                     options[DHO_DHCP_OPTION_OVERLOAD].data) {
468                         if (options[DHO_DHCP_OPTION_OVERLOAD].data[0] & 1)
469                                 options_valid = parse_option_buffer(options,
470                                     (unsigned char *)packet->file,
471                                     sizeof(packet->file));
472                         if (options_valid &&
473                             options[DHO_DHCP_OPTION_OVERLOAD].data[0] & 2)
474                                 options_valid = parse_option_buffer(options,
475                                     (unsigned char *)packet->sname,
476                                     sizeof(packet->sname));
477                 }
478         }
479
480         type = "";
481         handler = NULL;
482
483         if (options[DHO_DHCP_MESSAGE_TYPE].data) {
484                 /* Always try a DHCP packet, even if a bad option was seen. */
485                 switch (options[DHO_DHCP_MESSAGE_TYPE].data[0]) {
486                 case DHCPOFFER:
487                         handler = dhcpoffer;
488                         type = "DHCPOFFER";
489                         break;
490                 case DHCPNAK:
491                         handler = dhcpnak;
492                         type = "DHCPNACK";
493                         break;
494                 case DHCPACK:
495                         handler = dhcpack;
496                         type = "DHCPACK";
497                         break;
498                 default:
499                         break;
500                 }
501         } else if (options_valid && packet->op == BOOTREPLY) {
502                 handler = dhcpoffer;
503                 type = "BOOTREPLY";
504         }
505
506         if (handler && client->xid == client->packet.xid) {
507                 if (hfrom->hlen == 6)
508                         note("%s from %s (%s)", type, piaddr(from),
509                             ether_ntoa((struct ether_addr *)hfrom->haddr));
510                 else
511                         note("%s from %s", type, piaddr(from));
512         } else
513                 handler = NULL;
514
515         for (ap = config->reject_list; ap && handler; ap = ap->next)
516                 if (addr_eq(from, ap->addr)) {
517                         note("%s from %s rejected.", type, piaddr(from));
518                         handler = NULL;
519                 }
520
521         if (handler)
522                 (*handler)(from, options);
523
524         for (i = 0; i < 256; i++)
525                 if (options[i].len && options[i].data)
526                         free(options[i].data);
527 }