dhclient - Sequential options processing more friendly.
[dragonfly.git] / sbin / dhclient / options.c
CommitLineData
3c8fe83f 1/* $OpenBSD: src/sbin/dhclient/options.c,v 1.39 2011/05/11 14:38:36 krw Exp $ */
846204b6
HT
2
3/* DHCP options parsing and reassembly. */
4
5/*
6 * Copyright (c) 1995, 1996, 1997, 1998 The Internet Software Consortium.
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. Neither the name of The Internet Software Consortium nor the names
19 * of its contributors may be used to endorse or promote products derived
20 * from this software without specific prior written permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE INTERNET SOFTWARE CONSORTIUM AND
23 * CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
24 * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
25 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
26 * DISCLAIMED. IN NO EVENT SHALL THE INTERNET SOFTWARE CONSORTIUM OR
27 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
29 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
30 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
31 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
32 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
33 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 * SUCH DAMAGE.
35 *
36 * This software has been written for the Internet Software Consortium
37 * by Ted Lemon <mellon@fugue.com> in cooperation with Vixie
38 * Enterprises. To learn more about the Internet Software Consortium,
39 * see ``http://www.vix.com/isc''. To learn more about Vixie
40 * Enterprises, see ``http://www.vix.com''.
41 */
42
43#include <ctype.h>
44
45#include "dhcpd.h"
46
47int parse_option_buffer(struct option_data *, unsigned char *, int);
48
49/*
50 * Parse options out of the specified buffer, storing addresses of
51 * option values in options and setting client->options_valid if
52 * no errors are encountered.
53 */
54int
55parse_option_buffer(struct option_data *options, unsigned char *buffer,
56 int length)
57{
58 unsigned char *s, *t, *end = buffer + length;
59 int len, code;
60
61 for (s = buffer; *s != DHO_END && s < end; ) {
62 code = s[0];
63
64 /* Pad options don't have a length - just skip them. */
65 if (code == DHO_PAD) {
66 s++;
67 continue;
68 }
69
70 /*
71 * All options other than DHO_PAD and DHO_END have a
72 * one-byte length field.
73 */
74 if (s + 2 > end)
75 len = 0;
76 else
77 len = s[1];
78
79 /*
80 * If the option claims to extend beyond the end of the buffer
81 * then mark the options buffer bad.
82 */
83 if (s + len + 2 > end) {
84 warning("option %s (%d) larger than buffer.",
85 dhcp_options[code].name, len);
86 warning("rejecting bogus offer.");
87 return (0);
88 }
89 /*
90 * If we haven't seen this option before, just make
91 * space for it and copy it there.
92 */
93 if (!options[code].data) {
94 if (!(t = calloc(1, len + 1)))
95 error("Can't allocate storage for option %s.",
96 dhcp_options[code].name);
97 /*
98 * Copy and NUL-terminate the option (in case
99 * it's an ASCII string).
100 */
101 memcpy(t, &s[2], len);
102 t[len] = 0;
103 options[code].len = len;
104 options[code].data = t;
105 } else {
106 /*
107 * If it's a repeat, concatenate it to whatever
108 * we last saw. This is really only required
109 * for clients, but what the heck...
110 */
111 t = calloc(1, len + options[code].len + 1);
112 if (!t)
113 error("Can't expand storage for option %s.",
114 dhcp_options[code].name);
115 memcpy(t, options[code].data, options[code].len);
116 memcpy(t + options[code].len, &s[2], len);
117 options[code].len += len;
118 t[options[code].len] = 0;
119 free(options[code].data);
120 options[code].data = t;
121 }
122 s += len + 2;
123 }
124
125 return (1);
126}
127
128/*
129 * Copy as many options as fit in buflen bytes of buf. Return the
130 * offset of the start of the last option copied. A caller can check
131 * to see if it's DHO_END to decide if all the options were copied.
132 */
133int
3c8fe83f 134cons_options(struct option_data *options)
846204b6 135{
3c8fe83f
AHJ
136 unsigned char *buf = client->packet.options;
137 int buflen = 576 - DHCP_FIXED_LEN;
846204b6
HT
138 int ix, incr, length, bufix, code, lastopt = -1;
139
140 bzero(buf, buflen);
141
3c8fe83f
AHJ
142 memcpy(buf, DHCP_OPTIONS_COOKIE, 4);
143 if (options[DHO_DHCP_MESSAGE_TYPE].data) {
144 memcpy(&buf[4], DHCP_OPTIONS_MESSAGE_TYPE, 3);
145 buf[6] = options[DHO_DHCP_MESSAGE_TYPE].data[0];
146 bufix = 7;
147 } else
148 bufix = 4;
846204b6
HT
149
150 for (code = DHO_SUBNET_MASK; code < DHO_END; code++) {
3c8fe83f 151 if (!options[code].data || code == DHO_DHCP_MESSAGE_TYPE)
846204b6
HT
152 continue;
153
154 length = options[code].len;
155 if (bufix + length + 2*((length+254)/255) >= buflen)
156 return (lastopt);
157
158 lastopt = bufix;
159 ix = 0;
160
161 while (length) {
162 incr = length > 255 ? 255 : length;
163
164 buf[bufix++] = code;
165 buf[bufix++] = incr;
166 memcpy(buf + bufix, options[code].data + ix, incr);
167
168 length -= incr;
169 ix += incr;
170 bufix += incr;
171 }
172 }
173
174 if (bufix < buflen) {
175 buf[bufix] = DHO_END;
176 lastopt = bufix;
177 }
178
179 return (lastopt);
180}
181
182/*
183 * Format the specified option so that a human can easily read it.
184 */
185char *
186pretty_print_option(unsigned int code, unsigned char *data, int len,
187 int emit_commas, int emit_quotes)
188{
189 static char optbuf[32768]; /* XXX */
190 int hunksize = 0, numhunk = -1, numelem = 0;
191 char fmtbuf[32], *op = optbuf;
192 int i, j, k, opleft = sizeof(optbuf);
193 unsigned char *dp = data;
194 struct in_addr foo;
195 char comma;
196
197 /* Code should be between 0 and 255. */
198 if (code > 255)
199 error("pretty_print_option: bad code %d", code);
200
201 if (emit_commas)
202 comma = ',';
203 else
204 comma = ' ';
205
206 /* Figure out the size of the data. */
207 for (i = 0; dhcp_options[code].format[i]; i++) {
208 if (!numhunk) {
209 warning("%s: Excess information in format string: %s",
210 dhcp_options[code].name,
211 &(dhcp_options[code].format[i]));
212 break;
213 }
214 numelem++;
215 fmtbuf[i] = dhcp_options[code].format[i];
216 switch (dhcp_options[code].format[i]) {
217 case 'A':
218 --numelem;
219 fmtbuf[i] = 0;
220 numhunk = 0;
efbe5ab2
AHJ
221 if (hunksize == 0) {
222 warning("%s: no size indicator before A"
223 " in format string: %s",
224 dhcp_options[code].name,
225 dhcp_options[code].format);
226 return ("<fmt error>");
227 }
846204b6
HT
228 break;
229 case 'X':
230 for (k = 0; k < len; k++)
231 if (!isascii(data[k]) ||
232 !isprint(data[k]))
233 break;
234 if (k == len) {
235 fmtbuf[i] = 't';
236 numhunk = -2;
237 } else {
238 fmtbuf[i] = 'x';
239 hunksize++;
240 comma = ':';
241 numhunk = 0;
242 }
243 fmtbuf[i + 1] = 0;
244 break;
245 case 't':
246 fmtbuf[i] = 't';
247 fmtbuf[i + 1] = 0;
248 numhunk = -2;
249 break;
250 case 'I':
251 case 'l':
252 case 'L':
253 hunksize += 4;
254 break;
255 case 's':
256 case 'S':
257 hunksize += 2;
258 break;
259 case 'b':
260 case 'B':
261 case 'f':
262 hunksize++;
263 break;
264 case 'e':
265 break;
266 default:
267 warning("%s: garbage in format string: %s",
268 dhcp_options[code].name,
269 &(dhcp_options[code].format[i]));
270 break;
271 }
272 }
273
274 /* Check for too few bytes... */
275 if (hunksize > len) {
276 warning("%s: expecting at least %d bytes; got %d",
277 dhcp_options[code].name, hunksize, len);
278 return ("<error>");
279 }
280 /* Check for too many bytes... */
281 if (numhunk == -1 && hunksize < len)
282 warning("%s: %d extra bytes",
283 dhcp_options[code].name, len - hunksize);
284
285 /* If this is an array, compute its size. */
286 if (!numhunk)
287 numhunk = len / hunksize;
288 /* See if we got an exact number of hunks. */
289 if (numhunk > 0 && numhunk * hunksize < len)
290 warning("%s: %d extra bytes at end of array",
291 dhcp_options[code].name, len - numhunk * hunksize);
292
293 /* A one-hunk array prints the same as a single hunk. */
294 if (numhunk < 0)
295 numhunk = 1;
296
297 /* Cycle through the array (or hunk) printing the data. */
298 for (i = 0; i < numhunk; i++) {
299 for (j = 0; j < numelem; j++) {
300 int opcount;
301 size_t oplen;
302 switch (fmtbuf[j]) {
303 case 't':
304 if (emit_quotes) {
305 *op++ = '"';
306 opleft--;
307 }
308 for (; dp < data + len; dp++) {
309 if (!isascii(*dp) ||
310 !isprint(*dp)) {
311 if (dp + 1 != data + len ||
312 *dp != 0) {
313 size_t oplen;
314 snprintf(op, opleft,
315 "\\%03o", *dp);
316 oplen = strlen(op);
317 op += oplen;
318 opleft -= oplen;
319 }
320 } else if (*dp == '"' ||
321 *dp == '\'' ||
322 *dp == '$' ||
323 *dp == '`' ||
324 *dp == '\\') {
325 *op++ = '\\';
326 *op++ = *dp;
327 opleft -= 2;
328 } else {
329 *op++ = *dp;
330 opleft--;
331 }
332 }
333 if (emit_quotes) {
334 *op++ = '"';
335 opleft--;
336 }
337
338 *op = 0;
339 break;
340 case 'I':
341 foo.s_addr = htonl(getULong(dp));
342 opcount = strlcpy(op, inet_ntoa(foo), opleft);
343 if (opcount >= opleft)
344 goto toobig;
345 opleft -= opcount;
346 dp += 4;
347 break;
348 case 'l':
349 opcount = snprintf(op, opleft, "%ld",
350 (long)getLong(dp));
351 if (opcount >= opleft || opcount == -1)
352 goto toobig;
353 opleft -= opcount;
354 dp += 4;
355 break;
356 case 'L':
357 opcount = snprintf(op, opleft, "%ld",
358 (unsigned long)getULong(dp));
359 if (opcount >= opleft || opcount == -1)
360 goto toobig;
361 opleft -= opcount;
362 dp += 4;
363 break;
364 case 's':
365 opcount = snprintf(op, opleft, "%d",
366 getShort(dp));
367 if (opcount >= opleft || opcount == -1)
368 goto toobig;
369 opleft -= opcount;
370 dp += 2;
371 break;
372 case 'S':
373 opcount = snprintf(op, opleft, "%d",
374 getUShort(dp));
375 if (opcount >= opleft || opcount == -1)
376 goto toobig;
377 opleft -= opcount;
378 dp += 2;
379 break;
380 case 'b':
381 opcount = snprintf(op, opleft, "%d",
382 *(char *)dp++);
383 if (opcount >= opleft || opcount == -1)
384 goto toobig;
385 opleft -= opcount;
386 break;
387 case 'B':
388 opcount = snprintf(op, opleft, "%d", *dp++);
389 if (opcount >= opleft || opcount == -1)
390 goto toobig;
391 opleft -= opcount;
392 break;
393 case 'x':
394 opcount = snprintf(op, opleft, "%x", *dp++);
395 if (opcount >= opleft || opcount == -1)
396 goto toobig;
397 opleft -= opcount;
398 break;
399 case 'f':
400 opcount = strlcpy(op,
401 *dp++ ? "true" : "false", opleft);
402 if (opcount >= opleft)
403 goto toobig;
404 opleft -= opcount;
405 break;
406 default:
407 warning("Unexpected format code %c", fmtbuf[j]);
408 }
409 oplen = strlen(op);
410 op += oplen;
411 opleft -= oplen;
412 if (opleft < 1)
413 goto toobig;
414 if (j + 1 < numelem && comma != ':') {
415 *op++ = ' ';
416 opleft--;
417 }
418 }
419 if (i + 1 < numhunk) {
420 *op++ = comma;
421 opleft--;
422 }
423 if (opleft < 1)
424 goto toobig;
425
426 }
427 return (optbuf);
428 toobig:
429 warning("dhcp option too large");
430 return ("<error>");
431}
432
433void
434do_packet(int len, unsigned int from_port, struct iaddr from,
435 struct hardware *hfrom)
436{
437 struct dhcp_packet *packet = &client->packet;
438 struct option_data options[256];
439 struct iaddrlist *ap;
440 void (*handler)(struct iaddr, struct option_data *);
441 char *type;
442 int i, options_valid = 1;
443
444 if (packet->hlen > sizeof(packet->chaddr)) {
445 note("Discarding packet with invalid hlen.");
446 return;
447 }
448
449 /*
450 * Silently drop the packet if the client hardware address in the
451 * packet is not the hardware address of the interface being managed.
452 */
453 if ((ifi->hw_address.hlen != packet->hlen) ||
454 (memcmp(ifi->hw_address.haddr, packet->chaddr, packet->hlen)))
455 return;
456
457 memset(options, 0, sizeof(options));
458
459 if (memcmp(&packet->options, DHCP_OPTIONS_COOKIE, 4) == 0) {
460 /* Parse the BOOTP/DHCP options field. */
461 options_valid = parse_option_buffer(options,
462 &packet->options[4], sizeof(packet->options) - 4);
463
464 /* Only DHCP packets have overload areas for options. */
465 if (options_valid &&
466 options[DHO_DHCP_MESSAGE_TYPE].data &&
467 options[DHO_DHCP_OPTION_OVERLOAD].data) {
468 if (options[DHO_DHCP_OPTION_OVERLOAD].data[0] & 1)
469 options_valid = parse_option_buffer(options,
470 (unsigned char *)packet->file,
471 sizeof(packet->file));
472 if (options_valid &&
473 options[DHO_DHCP_OPTION_OVERLOAD].data[0] & 2)
474 options_valid = parse_option_buffer(options,
475 (unsigned char *)packet->sname,
476 sizeof(packet->sname));
477 }
478 }
479
480 type = "";
481 handler = NULL;
482
483 if (options[DHO_DHCP_MESSAGE_TYPE].data) {
484 /* Always try a DHCP packet, even if a bad option was seen. */
485 switch (options[DHO_DHCP_MESSAGE_TYPE].data[0]) {
486 case DHCPOFFER:
487 handler = dhcpoffer;
488 type = "DHCPOFFER";
489 break;
490 case DHCPNAK:
491 handler = dhcpnak;
492 type = "DHCPNACK";
493 break;
494 case DHCPACK:
495 handler = dhcpack;
496 type = "DHCPACK";
497 break;
498 default:
499 break;
500 }
501 } else if (options_valid && packet->op == BOOTREPLY) {
502 handler = dhcpoffer;
503 type = "BOOTREPLY";
504 }
505
b1dd9915
AHJ
506 if (handler && client->xid == client->packet.xid) {
507 if (hfrom->hlen == 6)
508 note("%s from %s (%s)", type, piaddr(from),
509 ether_ntoa((struct ether_addr *)hfrom->haddr));
510 else
511 note("%s from %s", type, piaddr(from));
512 } else
513 handler = NULL;
514
846204b6
HT
515 for (ap = config->reject_list; ap && handler; ap = ap->next)
516 if (addr_eq(from, ap->addr)) {
517 note("%s from %s rejected.", type, piaddr(from));
518 handler = NULL;
519 }
520
521 if (handler)
522 (*handler)(from, options);
523
524 for (i = 0; i < 256; i++)
525 if (options[i].len && options[i].data)
526 free(options[i].data);
527}