1 /* $NetBSD: options.c,v 1.1.1.3 2014/07/12 11:57:46 spz Exp $ */ 2 /* options.c 3 4 DHCP options parsing and reassembly. */ 5 6 /* 7 * Copyright (c) 2004-2012,2014 by Internet Systems Consortium, Inc. ("ISC") 8 * Copyright (c) 1995-2003 by Internet Software Consortium 9 * 10 * Permission to use, copy, modify, and distribute this software for any 11 * purpose with or without fee is hereby granted, provided that the above 12 * copyright notice and this permission notice appear in all copies. 13 * 14 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES 15 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 16 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR 17 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 18 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 19 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT 20 * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 21 * 22 * Internet Systems Consortium, Inc. 23 * 950 Charter Street 24 * Redwood City, CA 94063 25 * <info@isc.org> 26 * https://www.isc.org/ 27 * 28 */ 29 30 #include <sys/cdefs.h> 31 __RCSID("$NetBSD: options.c,v 1.1.1.3 2014/07/12 11:57:46 spz Exp $"); 32 33 #define DHCP_OPTION_DATA 34 #include "dhcpd.h" 35 #include <omapip/omapip_p.h> 36 #include <limits.h> 37 38 struct option *vendor_cfg_option; 39 40 static int pretty_text(char **, char *, const unsigned char **, 41 const unsigned char *, int); 42 static int pretty_domain(char **, char *, const unsigned char **, 43 const unsigned char *); 44 static int prepare_option_buffer(struct universe *universe, struct buffer *bp, 45 unsigned char *buffer, unsigned length, 46 unsigned code, int terminatep, 47 struct option_cache **opp); 48 49 /* Parse all available options out of the specified packet. */ 50 51 int parse_options (packet) 52 struct packet *packet; 53 { 54 struct option_cache *op = (struct option_cache *)0; 55 56 /* Allocate a new option state. */ 57 if (!option_state_allocate (&packet -> options, MDL)) { 58 packet -> options_valid = 0; 59 return 0; 60 } 61 62 /* If we don't see the magic cookie, there's nothing to parse. */ 63 if (memcmp (packet -> raw -> options, DHCP_OPTIONS_COOKIE, 4)) { 64 packet -> options_valid = 0; 65 return 1; 66 } 67 68 /* Go through the options field, up to the end of the packet 69 or the End field. */ 70 if (!parse_option_buffer (packet -> options, 71 &packet -> raw -> options [4], 72 (packet -> packet_length - 73 DHCP_FIXED_NON_UDP - 4), 74 &dhcp_universe)) { 75 76 /* STSN servers have a bug where they send a mangled 77 domain-name option, and whatever is beyond that in 78 the packet is junk. Microsoft clients accept this, 79 which is probably why whoever implemented the STSN 80 server isn't aware of the problem yet. To work around 81 this, we will accept corrupt packets from the server if 82 they contain a valid DHCP_MESSAGE_TYPE option, but 83 will not accept any corrupt client packets (the ISC DHCP 84 server is sufficiently widely used that it is probably 85 beneficial for it to be picky) and will not accept 86 packets whose type can't be determined. */ 87 88 if ((op = lookup_option (&dhcp_universe, packet -> options, 89 DHO_DHCP_MESSAGE_TYPE))) { 90 if (!op -> data.data || 91 (op -> data.data [0] != DHCPOFFER && 92 op -> data.data [0] != DHCPACK && 93 op -> data.data [0] != DHCPNAK)) 94 return 0; 95 } else 96 return 0; 97 } 98 99 /* If we parsed a DHCP Option Overload option, parse more 100 options out of the buffer(s) containing them. */ 101 if ((op = lookup_option (&dhcp_universe, packet -> options, 102 DHO_DHCP_OPTION_OVERLOAD))) { 103 if (op -> data.data [0] & 1) { 104 if (!parse_option_buffer 105 (packet -> options, 106 (unsigned char *)packet -> raw -> file, 107 sizeof packet -> raw -> file, 108 &dhcp_universe)) 109 return 0; 110 } 111 if (op -> data.data [0] & 2) { 112 if (!parse_option_buffer 113 (packet -> options, 114 (unsigned char *)packet -> raw -> sname, 115 sizeof packet -> raw -> sname, 116 &dhcp_universe)) 117 return 0; 118 } 119 } 120 packet -> options_valid = 1; 121 return 1; 122 } 123 124 /* Parse options out of the specified buffer, storing addresses of option 125 * values in packet->options. 126 */ 127 int parse_option_buffer (options, buffer, length, universe) 128 struct option_state *options; 129 const unsigned char *buffer; 130 unsigned length; 131 struct universe *universe; 132 { 133 unsigned len, offset; 134 unsigned code; 135 struct option_cache *op = NULL, *nop = NULL; 136 struct buffer *bp = (struct buffer *)0; 137 struct option *option = NULL; 138 char *reason = "general failure"; 139 140 if (!buffer_allocate (&bp, length, MDL)) { 141 log_error ("no memory for option buffer."); 142 return 0; 143 } 144 memcpy (bp -> data, buffer, length); 145 146 for (offset = 0; 147 (offset + universe->tag_size) <= length && 148 (code = universe->get_tag(buffer + offset)) != universe->end; ) { 149 offset += universe->tag_size; 150 151 /* Pad options don't have a length - just skip them. */ 152 if (code == DHO_PAD) 153 continue; 154 155 /* Don't look for length if the buffer isn't that big. */ 156 if ((offset + universe->length_size) > length) { 157 reason = "code tag at end of buffer - missing " 158 "length field"; 159 goto bogus; 160 } 161 162 /* All other fields (except PAD and END handled above) 163 * have a length field, unless it's a DHCPv6 zero-length 164 * options space (eg any of the enterprise-id'd options). 165 * 166 * Zero-length-size option spaces basically consume the 167 * entire options buffer, so have at it. 168 */ 169 if (universe->get_length != NULL) 170 len = universe->get_length(buffer + offset); 171 else if (universe->length_size == 0) 172 len = length - universe->tag_size; 173 else { 174 log_fatal("Improperly configured option space(%s): " 175 "may not have a nonzero length size " 176 "AND a NULL get_length function.", 177 universe->name); 178 179 /* Silence compiler warnings. */ 180 return 0; 181 } 182 183 offset += universe->length_size; 184 185 option_code_hash_lookup(&option, universe->code_hash, &code, 186 0, MDL); 187 188 /* If the length is outrageous, the options are bad. */ 189 if (offset + len > length) { 190 reason = "option length exceeds option buffer length"; 191 bogus: 192 log_error("parse_option_buffer: malformed option " 193 "%s.%s (code %u): %s.", universe->name, 194 option ? option->name : "<unknown>", 195 code, reason); 196 buffer_dereference (&bp, MDL); 197 return 0; 198 } 199 200 /* If the option contains an encapsulation, parse it. If 201 the parse fails, or the option isn't an encapsulation (by 202 far the most common case), or the option isn't entirely 203 an encapsulation, keep the raw data as well. */ 204 if (!(option && 205 (option->format[0] == 'e' || 206 option->format[0] == 'E') && 207 (parse_encapsulated_suboptions(options, option, 208 bp->data + offset, len, 209 universe, NULL)))) { 210 op = lookup_option(universe, options, code); 211 212 if (op != NULL && universe->concat_duplicates) { 213 struct data_string new; 214 memset(&new, 0, sizeof new); 215 if (!buffer_allocate(&new.buffer, 216 op->data.len + len, 217 MDL)) { 218 log_error("parse_option_buffer: " 219 "No memory."); 220 buffer_dereference(&bp, MDL); 221 return 0; 222 } 223 /* Copy old option to new data object. */ 224 memcpy(new.buffer->data, op->data.data, 225 op->data.len); 226 /* Concat new option behind old. */ 227 memcpy(new.buffer->data + op->data.len, 228 bp->data + offset, len); 229 new.len = op->data.len + len; 230 new.data = new.buffer->data; 231 /* Save new concat'd object. */ 232 data_string_forget(&op->data, MDL); 233 data_string_copy(&op->data, &new, MDL); 234 data_string_forget(&new, MDL); 235 } else if (op != NULL) { 236 /* We must append this statement onto the 237 * end of the list. 238 */ 239 while (op->next != NULL) 240 op = op->next; 241 242 if (!option_cache_allocate(&nop, MDL)) { 243 log_error("parse_option_buffer: " 244 "No memory."); 245 buffer_dereference(&bp, MDL); 246 return 0; 247 } 248 249 option_reference(&nop->option, op->option, MDL); 250 251 nop->data.buffer = NULL; 252 buffer_reference(&nop->data.buffer, bp, MDL); 253 nop->data.data = bp->data + offset; 254 nop->data.len = len; 255 256 option_cache_reference(&op->next, nop, MDL); 257 option_cache_dereference(&nop, MDL); 258 } else { 259 if (save_option_buffer(universe, options, bp, 260 bp->data + offset, len, 261 code, 1) == 0) { 262 log_error("parse_option_buffer: " 263 "save_option_buffer failed"); 264 buffer_dereference(&bp, MDL); 265 return 0; 266 } 267 } 268 } 269 option_dereference(&option, MDL); 270 offset += len; 271 } 272 buffer_dereference (&bp, MDL); 273 return 1; 274 } 275 276 /* If an option in an option buffer turns out to be an encapsulation, 277 figure out what to do. If we don't know how to de-encapsulate it, 278 or it's not well-formed, return zero; otherwise, return 1, indicating 279 that we succeeded in de-encapsulating it. */ 280 281 struct universe *find_option_universe (struct option *eopt, const char *uname) 282 { 283 int i; 284 char *s, *t; 285 struct universe *universe = (struct universe *)0; 286 287 /* Look for the E option in the option format. */ 288 s = strchr (eopt -> format, 'E'); 289 if (!s) { 290 log_error ("internal encapsulation format error 1."); 291 return 0; 292 } 293 /* Look for the universe name in the option format. */ 294 t = strchr (++s, '.'); 295 /* If there was no trailing '.', or there's something after the 296 trailing '.', the option is bogus and we can't use it. */ 297 if (!t || t [1]) { 298 log_error ("internal encapsulation format error 2."); 299 return 0; 300 } 301 if (t == s && uname) { 302 for (i = 0; i < universe_count; i++) { 303 if (!strcmp (universes [i] -> name, uname)) { 304 universe = universes [i]; 305 break; 306 } 307 } 308 } else if (t != s) { 309 for (i = 0; i < universe_count; i++) { 310 if (strlen (universes [i] -> name) == t - s && 311 !memcmp (universes [i] -> name, 312 s, (unsigned)(t - s))) { 313 universe = universes [i]; 314 break; 315 } 316 } 317 } 318 return universe; 319 } 320 321 /* If an option in an option buffer turns out to be an encapsulation, 322 figure out what to do. If we don't know how to de-encapsulate it, 323 or it's not well-formed, return zero; otherwise, return 1, indicating 324 that we succeeded in de-encapsulating it. */ 325 326 int parse_encapsulated_suboptions (struct option_state *options, 327 struct option *eopt, 328 const unsigned char *buffer, 329 unsigned len, struct universe *eu, 330 const char *uname) 331 { 332 int i; 333 struct universe *universe = find_option_universe (eopt, uname); 334 335 /* If we didn't find the universe, we can't do anything with it 336 right now (e.g., we can't decode vendor options until we've 337 decoded the packet and executed the scopes that it matches). */ 338 if (!universe) 339 return 0; 340 341 /* If we don't have a decoding function for it, we can't decode 342 it. */ 343 if (!universe -> decode) 344 return 0; 345 346 i = (*universe -> decode) (options, buffer, len, universe); 347 348 /* If there is stuff before the suboptions, we have to keep it. */ 349 if (eopt -> format [0] != 'E') 350 return 0; 351 /* Otherwise, return the status of the decode function. */ 352 return i; 353 } 354 355 int fqdn_universe_decode (struct option_state *options, 356 const unsigned char *buffer, 357 unsigned length, struct universe *u) 358 { 359 struct buffer *bp = (struct buffer *)0; 360 361 /* FQDN options have to be at least four bytes long. */ 362 if (length < 3) 363 return 0; 364 365 /* Save the contents of the option in a buffer. */ 366 if (!buffer_allocate (&bp, length + 4, MDL)) { 367 log_error ("no memory for option buffer."); 368 return 0; 369 } 370 memcpy (&bp -> data [3], buffer + 1, length - 1); 371 372 if (buffer [0] & 4) /* encoded */ 373 bp -> data [0] = 1; 374 else 375 bp -> data [0] = 0; 376 if (!save_option_buffer(&fqdn_universe, options, bp, 377 bp->data, 1, FQDN_ENCODED, 0)) { 378 bad: 379 buffer_dereference (&bp, MDL); 380 return 0; 381 } 382 383 if (buffer [0] & 1) /* server-update */ 384 bp -> data [2] = 1; 385 else 386 bp -> data [2] = 0; 387 if (buffer [0] & 2) /* no-client-update */ 388 bp -> data [1] = 1; 389 else 390 bp -> data [1] = 0; 391 392 /* XXX Ideally we should store the name in DNS format, so if the 393 XXX label isn't in DNS format, we convert it to DNS format, 394 XXX rather than converting labels specified in DNS format to 395 XXX the plain ASCII representation. But that's hard, so 396 XXX not now. */ 397 398 /* Not encoded using DNS format? */ 399 if (!bp -> data [0]) { 400 unsigned i; 401 402 /* Some broken clients NUL-terminate this option. */ 403 if (buffer [length - 1] == 0) { 404 --length; 405 bp -> data [1] = 1; 406 } 407 408 /* Determine the length of the hostname component of the 409 name. If the name contains no '.' character, it 410 represents a non-qualified label. */ 411 for (i = 3; i < length && buffer [i] != '.'; i++); 412 i -= 3; 413 414 /* Note: If the client sends a FQDN, the first '.' will 415 be used as a NUL terminator for the hostname. */ 416 if (i && (!save_option_buffer(&fqdn_universe, options, bp, 417 &bp->data[5], i, 418 FQDN_HOSTNAME, 0))) 419 goto bad; 420 /* Note: If the client sends a single label, the 421 FQDN_DOMAINNAME option won't be set. */ 422 if (length > 4 + i && 423 (!save_option_buffer(&fqdn_universe, options, bp, 424 &bp -> data[6 + i], length - 4 - i, 425 FQDN_DOMAINNAME, 1))) 426 goto bad; 427 /* Also save the whole name. */ 428 if (length > 3) { 429 if (!save_option_buffer(&fqdn_universe, options, bp, 430 &bp -> data [5], length - 3, 431 FQDN_FQDN, 1)) 432 goto bad; 433 } 434 } else { 435 unsigned len; 436 unsigned total_len = 0; 437 unsigned first_len = 0; 438 int terminated = 0; 439 unsigned char *s; 440 441 s = &bp -> data[5]; 442 443 while (s < &bp -> data[0] + length + 2) { 444 len = *s; 445 if (len > 63) { 446 log_info ("fancy bits in fqdn option"); 447 return 0; 448 } 449 if (len == 0) { 450 terminated = 1; 451 break; 452 } 453 if (s + len > &bp -> data [0] + length + 3) { 454 log_info ("fqdn tag longer than buffer"); 455 return 0; 456 } 457 458 if (first_len == 0) { 459 first_len = len; 460 } 461 462 *s = '.'; 463 s += len + 1; 464 total_len += len + 1; 465 } 466 467 /* We wind up with a length that's one too many because 468 we shouldn't increment for the last label, but there's 469 no way to tell we're at the last label until we exit 470 the loop. :'*/ 471 if (total_len > 0) 472 total_len--; 473 474 if (!terminated) { 475 first_len = total_len; 476 } 477 478 if (first_len > 0 && 479 !save_option_buffer(&fqdn_universe, options, bp, 480 &bp -> data[6], first_len, 481 FQDN_HOSTNAME, 0)) 482 goto bad; 483 if (total_len > 0 && first_len != total_len) { 484 if (!save_option_buffer(&fqdn_universe, options, bp, 485 &bp->data[6 + first_len], 486 total_len - first_len, 487 FQDN_DOMAINNAME, 1)) 488 goto bad; 489 } 490 if (total_len > 0) 491 if (!save_option_buffer (&fqdn_universe, options, bp, 492 &bp -> data [6], total_len, 493 FQDN_FQDN, 1)) 494 goto bad; 495 } 496 497 if (!save_option_buffer (&fqdn_universe, options, bp, 498 &bp -> data [1], 1, 499 FQDN_NO_CLIENT_UPDATE, 0)) 500 goto bad; 501 if (!save_option_buffer (&fqdn_universe, options, bp, 502 &bp -> data [2], 1, 503 FQDN_SERVER_UPDATE, 0)) 504 goto bad; 505 506 if (!save_option_buffer (&fqdn_universe, options, bp, 507 &bp -> data [3], 1, 508 FQDN_RCODE1, 0)) 509 goto bad; 510 if (!save_option_buffer (&fqdn_universe, options, bp, 511 &bp -> data [4], 1, 512 FQDN_RCODE2, 0)) 513 goto bad; 514 515 buffer_dereference (&bp, MDL); 516 return 1; 517 } 518 519 /* 520 * Load all options into a buffer, and then split them out into the three 521 * separate fields in the dhcp packet (options, file, and sname) where 522 * options can be stored. 523 * 524 * returns 0 on error, length of packet on success 525 */ 526 int 527 cons_options(struct packet *inpacket, struct dhcp_packet *outpacket, 528 struct lease *lease, struct client_state *client_state, 529 int mms, struct option_state *in_options, 530 struct option_state *cfg_options, 531 struct binding_scope **scope, 532 int overload_avail, int terminate, int bootpp, 533 struct data_string *prl, const char *vuname) 534 { 535 #define PRIORITY_COUNT 300 536 unsigned priority_list[PRIORITY_COUNT]; 537 int priority_len; 538 unsigned char buffer[4096], agentopts[1024]; 539 unsigned index = 0; 540 unsigned mb_size = 0, mb_max = 0; 541 unsigned option_size = 0, agent_size = 0; 542 unsigned length; 543 int i; 544 struct option_cache *op; 545 struct data_string ds; 546 pair pp, *hash; 547 int overload_used = 0; 548 int of1 = 0, of2 = 0; 549 550 memset(&ds, 0, sizeof ds); 551 552 /* 553 * If there's a Maximum Message Size option in the incoming packet 554 * and no alternate maximum message size has been specified, or 555 * if the one specified in the packet is shorter than the 556 * alternative, take the one in the packet. 557 */ 558 559 if (inpacket && 560 (op = lookup_option(&dhcp_universe, inpacket->options, 561 DHO_DHCP_MAX_MESSAGE_SIZE)) && 562 (evaluate_option_cache(&ds, inpacket, lease, 563 client_state, in_options, 564 cfg_options, scope, op, MDL) != 0)) { 565 if (ds.len >= sizeof (u_int16_t)) { 566 i = getUShort(ds.data); 567 if(!mms || (i < mms)) 568 mms = i; 569 } 570 data_string_forget(&ds, MDL); 571 } 572 573 /* 574 * If the client has provided a maximum DHCP message size, 575 * use that, up to the MTU limit. Otherwise, if it's BOOTP, 576 * only 64 bytes; otherwise use up to the minimum IP MTU size 577 * (576 bytes). 578 * 579 * XXX if a BOOTP client specifies a max message size, we will 580 * honor it. 581 */ 582 if (mms) { 583 if (mms < DHCP_MTU_MIN) 584 /* Enforce minimum packet size, per RFC 2132 */ 585 mb_size = DHCP_MIN_OPTION_LEN; 586 else if (mms > DHCP_MTU_MAX) 587 /* 588 * TODO: Packets longer than 1500 bytes really 589 * should be allowed, but it requires upstream 590 * changes to the way the packet is allocated. For 591 * now, we forbid them. They won't be needed very 592 * often anyway. 593 */ 594 mb_size = DHCP_MAX_OPTION_LEN; 595 else 596 mb_size = mms - DHCP_FIXED_LEN; 597 } else if (bootpp) { 598 mb_size = 64; 599 if (inpacket != NULL && 600 (inpacket->packet_length >= 64 + DHCP_FIXED_NON_UDP)) 601 mb_size = inpacket->packet_length - DHCP_FIXED_NON_UDP; 602 } else 603 mb_size = DHCP_MIN_OPTION_LEN; 604 605 /* 606 * If answering a client message, see whether any relay agent 607 * options were included with the message. If so, save them 608 * to copy back in later, and make space in the main buffer 609 * to accommodate them 610 */ 611 if (client_state == NULL) { 612 priority_list[0] = DHO_DHCP_AGENT_OPTIONS; 613 priority_len = 1; 614 agent_size = store_options(NULL, agentopts, 0, 615 sizeof(agentopts), 616 inpacket, lease, client_state, 617 in_options, cfg_options, scope, 618 priority_list, priority_len, 619 0, 0, 0, NULL); 620 621 mb_size += agent_size; 622 if (mb_size > DHCP_MAX_OPTION_LEN) 623 mb_size = DHCP_MAX_OPTION_LEN; 624 } 625 626 /* 627 * Set offsets for buffer data to be copied into filename 628 * and servername fields 629 */ 630 mb_max = mb_size; 631 632 if (overload_avail & 1) { 633 of1 = mb_max; 634 mb_max += DHCP_FILE_LEN; 635 } 636 637 if (overload_avail & 2) { 638 of2 = mb_max; 639 mb_max += DHCP_SNAME_LEN; 640 } 641 642 /* 643 * Preload the option priority list with protocol-mandatory options. 644 * This effectively gives these options the highest priority. 645 * This provides the order for any available options, the option 646 * must be in the option cache in order to actually be included. 647 */ 648 priority_len = 0; 649 priority_list[priority_len++] = DHO_DHCP_MESSAGE_TYPE; 650 priority_list[priority_len++] = DHO_DHCP_SERVER_IDENTIFIER; 651 priority_list[priority_len++] = DHO_DHCP_LEASE_TIME; 652 priority_list[priority_len++] = DHO_DHCP_RENEWAL_TIME; 653 priority_list[priority_len++] = DHO_DHCP_REBINDING_TIME; 654 priority_list[priority_len++] = DHO_DHCP_MESSAGE; 655 priority_list[priority_len++] = DHO_DHCP_REQUESTED_ADDRESS; 656 priority_list[priority_len++] = DHO_ASSOCIATED_IP; 657 658 if (prl != NULL && prl->len > 0) { 659 if ((op = lookup_option(&dhcp_universe, cfg_options, 660 DHO_SUBNET_SELECTION))) { 661 if (priority_len < PRIORITY_COUNT) 662 priority_list[priority_len++] = 663 DHO_SUBNET_SELECTION; 664 } 665 666 data_string_truncate(prl, (PRIORITY_COUNT - priority_len)); 667 668 /* 669 * Copy the client's PRL onto the priority_list after our high 670 * priority header. 671 */ 672 for (i = 0; i < prl->len; i++) { 673 /* 674 * Prevent client from changing order of delivery 675 * of relay agent information option. 676 */ 677 if (prl->data[i] != DHO_DHCP_AGENT_OPTIONS) 678 priority_list[priority_len++] = prl->data[i]; 679 } 680 681 /* 682 * If the client doesn't request the FQDN option explicitly, 683 * to indicate priority, consider it lowest priority. Fit 684 * in the packet if there is space. Note that the option 685 * may only be included if the client supplied one. 686 */ 687 if ((inpacket != NULL) && (priority_len < PRIORITY_COUNT) && 688 (lookup_option(&fqdn_universe, inpacket->options, 689 FQDN_ENCODED) != NULL)) 690 priority_list[priority_len++] = DHO_FQDN; 691 692 /* 693 * Some DHCP Servers will give the subnet-mask option if 694 * it is not on the parameter request list - so some client 695 * implementations have come to rely on this - so we will 696 * also make sure we supply this, at lowest priority. 697 * 698 * This is only done in response to DHCPDISCOVER or 699 * DHCPREQUEST messages, to avoid providing the option on 700 * DHCPINFORM or DHCPLEASEQUERY responses (if the client 701 * didn't request it). 702 */ 703 if ((inpacket != NULL) && (priority_len < PRIORITY_COUNT) && 704 ((inpacket->packet_type == DHCPDISCOVER) || 705 (inpacket->packet_type == DHCPREQUEST))) 706 priority_list[priority_len++] = DHO_SUBNET_MASK; 707 } else { 708 /* 709 * First, hardcode some more options that ought to be 710 * sent first...these are high priority to have in the 711 * packet. 712 */ 713 priority_list[priority_len++] = DHO_SUBNET_MASK; 714 priority_list[priority_len++] = DHO_ROUTERS; 715 priority_list[priority_len++] = DHO_DOMAIN_NAME_SERVERS; 716 priority_list[priority_len++] = DHO_HOST_NAME; 717 priority_list[priority_len++] = DHO_FQDN; 718 719 /* 720 * Append a list of the standard DHCP options from the 721 * standard DHCP option space. Actually, if a site 722 * option space hasn't been specified, we wind up 723 * treating the dhcp option space as the site option 724 * space, and the first for loop is skipped, because 725 * it's slightly more general to do it this way, 726 * taking the 1Q99 DHCP futures work into account. 727 */ 728 if (cfg_options->site_code_min) { 729 for (i = 0; i < OPTION_HASH_SIZE; i++) { 730 hash = cfg_options->universes[dhcp_universe.index]; 731 if (hash) { 732 for (pp = hash[i]; pp; pp = pp->cdr) { 733 op = (struct option_cache *)(pp->car); 734 if (op->option->code < 735 cfg_options->site_code_min && 736 priority_len < PRIORITY_COUNT && 737 op->option->code != DHO_DHCP_AGENT_OPTIONS) 738 priority_list[priority_len++] = 739 op->option->code; 740 } 741 } 742 } 743 } 744 745 /* 746 * Now cycle through the site option space, or if there 747 * is no site option space, we'll be cycling through the 748 * dhcp option space. 749 */ 750 for (i = 0; i < OPTION_HASH_SIZE; i++) { 751 hash = cfg_options->universes[cfg_options->site_universe]; 752 if (hash != NULL) 753 for (pp = hash[i]; pp; pp = pp->cdr) { 754 op = (struct option_cache *)(pp->car); 755 if (op->option->code >= 756 cfg_options->site_code_min && 757 priority_len < PRIORITY_COUNT && 758 op->option->code != DHO_DHCP_AGENT_OPTIONS) 759 priority_list[priority_len++] = 760 op->option->code; 761 } 762 } 763 764 /* 765 * Put any spaces that are encapsulated on the list, 766 * sort out whether they contain values later. 767 */ 768 for (i = 0; i < cfg_options->universe_count; i++) { 769 if (universes[i]->enc_opt && 770 priority_len < PRIORITY_COUNT && 771 universes[i]->enc_opt->universe == &dhcp_universe) { 772 if (universes[i]->enc_opt->code != 773 DHO_DHCP_AGENT_OPTIONS) 774 priority_list[priority_len++] = 775 universes[i]->enc_opt->code; 776 } 777 } 778 779 /* 780 * The vendor option space can't stand on its own, so always 781 * add it to the list. 782 */ 783 if (priority_len < PRIORITY_COUNT) 784 priority_list[priority_len++] = 785 DHO_VENDOR_ENCAPSULATED_OPTIONS; 786 } 787 788 /* Put the cookie up front... */ 789 memcpy(buffer, DHCP_OPTIONS_COOKIE, 4); 790 index += 4; 791 792 /* Copy the options into the big buffer... */ 793 option_size = store_options(&overload_used, buffer, index, mb_max, 794 inpacket, lease, client_state, 795 in_options, cfg_options, scope, 796 priority_list, priority_len, 797 of1, of2, terminate, vuname); 798 799 /* If store_options() failed */ 800 if (option_size == 0) 801 return 0; 802 803 /* How much was stored in the main buffer? */ 804 index += option_size; 805 806 /* 807 * If we're going to have to overload, store the overload 808 * option first. 809 */ 810 if (overload_used) { 811 if (mb_size - agent_size - index < 3) 812 return 0; 813 814 buffer[index++] = DHO_DHCP_OPTION_OVERLOAD; 815 buffer[index++] = 1; 816 buffer[index++] = overload_used; 817 818 if (overload_used & 1) 819 memcpy(outpacket->file, &buffer[of1], DHCP_FILE_LEN); 820 821 if (overload_used & 2) 822 memcpy(outpacket->sname, &buffer[of2], DHCP_SNAME_LEN); 823 } 824 825 /* Now copy in preserved agent options, if any */ 826 if (agent_size) { 827 if (mb_size - index >= agent_size) { 828 memcpy(&buffer[index], agentopts, agent_size); 829 index += agent_size; 830 } else 831 log_error("Unable to store relay agent information " 832 "in reply packet."); 833 } 834 835 /* Tack a DHO_END option onto the packet if we need to. */ 836 if (index < mb_size) 837 buffer[index++] = DHO_END; 838 839 /* Copy main buffer into the options buffer of the packet */ 840 memcpy(outpacket->options, buffer, index); 841 842 /* Figure out the length. */ 843 length = DHCP_FIXED_NON_UDP + index; 844 return length; 845 } 846 847 /* 848 * XXX: We currently special case collecting VSIO options. 849 * We should be able to handle this in a more generic fashion, by 850 * including any encapsulated options that are present and desired. 851 * This will look something like the VSIO handling VSIO code. 852 * We may also consider handling the ORO-like options within 853 * encapsulated spaces. 854 */ 855 856 struct vsio_state { 857 char *buf; 858 int buflen; 859 int bufpos; 860 }; 861 862 static void 863 vsio_options(struct option_cache *oc, 864 struct packet *packet, 865 struct lease *dummy_lease, 866 struct client_state *dummy_client_state, 867 struct option_state *dummy_opt_state, 868 struct option_state *opt_state, 869 struct binding_scope **dummy_binding_scope, 870 struct universe *universe, 871 void *void_vsio_state) { 872 struct vsio_state *vs = (struct vsio_state *)void_vsio_state; 873 struct data_string ds; 874 int total_len; 875 876 memset(&ds, 0, sizeof(ds)); 877 if (evaluate_option_cache(&ds, packet, NULL, 878 NULL, opt_state, NULL, 879 &global_scope, oc, MDL)) { 880 total_len = ds.len + universe->tag_size + universe->length_size; 881 if (total_len <= (vs->buflen - vs->bufpos)) { 882 if (universe->tag_size == 1) { 883 vs->buf[vs->bufpos++] = oc->option->code; 884 } else if (universe->tag_size == 2) { 885 putUShort((unsigned char *)vs->buf+vs->bufpos, 886 oc->option->code); 887 vs->bufpos += 2; 888 } else if (universe->tag_size == 4) { 889 putULong((unsigned char *)vs->buf+vs->bufpos, 890 oc->option->code); 891 vs->bufpos += 4; 892 } 893 if (universe->length_size == 1) { 894 vs->buf[vs->bufpos++] = ds.len; 895 } else if (universe->length_size == 2) { 896 putUShort((unsigned char *)vs->buf+vs->bufpos, 897 ds.len); 898 vs->bufpos += 2; 899 } else if (universe->length_size == 4) { 900 putULong((unsigned char *)vs->buf+vs->bufpos, 901 ds.len); 902 vs->bufpos += 4; 903 } 904 memcpy(vs->buf + vs->bufpos, ds.data, ds.len); 905 vs->bufpos += ds.len; 906 } else { 907 log_debug("No space for option %d in VSIO space %s.", 908 oc->option->code, universe->name); 909 } 910 data_string_forget(&ds, MDL); 911 } else { 912 log_error("Error evaluating option %d in VSIO space %s.", 913 oc->option->code, universe->name); 914 } 915 } 916 917 /* 918 * Stores the options from the DHCPv6 universe into the buffer given. 919 * 920 * Required options are given as a 0-terminated list of option codes. 921 * Once those are added, the ORO is consulted. 922 */ 923 924 int 925 store_options6(char *buf, int buflen, 926 struct option_state *opt_state, 927 struct packet *packet, 928 const int *required_opts, 929 struct data_string *oro) { 930 int i, j; 931 struct option_cache *oc; 932 struct option *o; 933 struct data_string ds; 934 int bufpos; 935 int oro_size; 936 u_int16_t code; 937 int in_required_opts; 938 int vsio_option_code; 939 int vsio_wanted; 940 struct vsio_state vs; 941 unsigned char *tmp; 942 943 bufpos = 0; 944 vsio_wanted = 0; 945 946 /* 947 * Find the option code for the VSIO universe. 948 */ 949 vsio_option_code = 0; 950 o = vsio_universe.enc_opt; 951 while (o != NULL) { 952 if (o->universe == &dhcpv6_universe) { 953 vsio_option_code = o->code; 954 break; 955 } 956 o = o->universe->enc_opt; 957 } 958 if (vsio_option_code == 0) { 959 log_fatal("No VSIO option code found."); 960 } 961 962 if (required_opts != NULL) { 963 for (i=0; required_opts[i] != 0; i++) { 964 if (required_opts[i] == vsio_option_code) { 965 vsio_wanted = 1; 966 } 967 968 oc = lookup_option(&dhcpv6_universe, 969 opt_state, required_opts[i]); 970 if (oc == NULL) { 971 continue; 972 } 973 memset(&ds, 0, sizeof(ds)); 974 for (; oc != NULL ; oc = oc->next) { 975 if (evaluate_option_cache(&ds, packet, NULL, 976 NULL, opt_state, 977 NULL, &global_scope, 978 oc, MDL)) { 979 if ((ds.len + 4) <= 980 (buflen - bufpos)) { 981 tmp = (unsigned char *)buf; 982 tmp += bufpos; 983 /* option tag */ 984 putUShort(tmp, 985 required_opts[i]); 986 /* option length */ 987 putUShort(tmp+2, ds.len); 988 /* option data */ 989 memcpy(tmp+4, ds.data, ds.len); 990 /* update position */ 991 bufpos += (4 + ds.len); 992 } else { 993 log_debug("No space for " 994 "option %d", 995 required_opts[i]); 996 } 997 data_string_forget(&ds, MDL); 998 } else { 999 log_error("Error evaluating option %d", 1000 required_opts[i]); 1001 } 1002 } 1003 } 1004 } 1005 1006 if (oro == NULL) { 1007 oro_size = 0; 1008 } else { 1009 oro_size = oro->len / 2; 1010 } 1011 for (i=0; i<oro_size; i++) { 1012 memcpy(&code, oro->data+(i*2), 2); 1013 code = ntohs(code); 1014 1015 /* 1016 * See if we've already included this option because 1017 * it is required. 1018 */ 1019 in_required_opts = 0; 1020 if (required_opts != NULL) { 1021 for (j=0; required_opts[j] != 0; j++) { 1022 if (required_opts[j] == code) { 1023 in_required_opts = 1; 1024 break; 1025 } 1026 } 1027 } 1028 if (in_required_opts) { 1029 continue; 1030 } 1031 1032 /* 1033 * See if this is the VSIO option. 1034 */ 1035 if (code == vsio_option_code) { 1036 vsio_wanted = 1; 1037 } 1038 1039 /* 1040 * Not already added, find this option. 1041 */ 1042 oc = lookup_option(&dhcpv6_universe, opt_state, code); 1043 memset(&ds, 0, sizeof(ds)); 1044 for (; oc != NULL ; oc = oc->next) { 1045 if (evaluate_option_cache(&ds, packet, NULL, NULL, 1046 opt_state, NULL, 1047 &global_scope, oc, MDL)) { 1048 if ((ds.len + 4) <= (buflen - bufpos)) { 1049 tmp = (unsigned char *)buf + bufpos; 1050 /* option tag */ 1051 putUShort(tmp, code); 1052 /* option length */ 1053 putUShort(tmp+2, ds.len); 1054 /* option data */ 1055 memcpy(tmp+4, ds.data, ds.len); 1056 /* update position */ 1057 bufpos += (4 + ds.len); 1058 } else { 1059 log_debug("No space for option %d", 1060 code); 1061 } 1062 data_string_forget(&ds, MDL); 1063 } else { 1064 log_error("Error evaluating option %d", code); 1065 } 1066 } 1067 } 1068 1069 if (vsio_wanted) { 1070 for (i=0; i < opt_state->universe_count; i++) { 1071 if (opt_state->universes[i] != NULL) { 1072 o = universes[i]->enc_opt; 1073 if ((o != NULL) && 1074 (o->universe == &vsio_universe)) { 1075 /* 1076 * Add the data from this VSIO option. 1077 */ 1078 vs.buf = buf; 1079 vs.buflen = buflen; 1080 vs.bufpos = bufpos+8; 1081 option_space_foreach(packet, NULL, 1082 NULL, 1083 NULL, opt_state, 1084 NULL, 1085 universes[i], 1086 (void *)&vs, 1087 vsio_options); 1088 1089 /* 1090 * If there was actually data here, 1091 * add the "header". 1092 */ 1093 if (vs.bufpos > bufpos+8) { 1094 tmp = (unsigned char *)buf + 1095 bufpos; 1096 putUShort(tmp, 1097 vsio_option_code); 1098 putUShort(tmp+2, 1099 vs.bufpos-bufpos-4); 1100 putULong(tmp+4, o->code); 1101 1102 bufpos = vs.bufpos; 1103 } 1104 } 1105 } 1106 } 1107 } 1108 1109 return bufpos; 1110 } 1111 1112 /* 1113 * Store all the requested options into the requested buffer. 1114 * XXX: ought to be static 1115 */ 1116 int 1117 store_options(int *ocount, 1118 unsigned char *buffer, unsigned index, unsigned buflen, 1119 struct packet *packet, struct lease *lease, 1120 struct client_state *client_state, 1121 struct option_state *in_options, 1122 struct option_state *cfg_options, 1123 struct binding_scope **scope, 1124 unsigned *priority_list, int priority_len, 1125 unsigned first_cutoff, int second_cutoff, int terminate, 1126 const char *vuname) 1127 { 1128 int bufix = 0, six = 0, tix = 0; 1129 int i; 1130 int ix; 1131 int tto; 1132 int bufend, sbufend; 1133 struct data_string od; 1134 struct option_cache *oc; 1135 struct option *option = NULL; 1136 unsigned code; 1137 1138 /* 1139 * These arguments are relative to the start of the buffer, so 1140 * reduce them by the current buffer index, and advance the 1141 * buffer pointer to where we're going to start writing. 1142 */ 1143 buffer = &buffer[index]; 1144 buflen -= index; 1145 if (first_cutoff) 1146 first_cutoff -= index; 1147 if (second_cutoff) 1148 second_cutoff -= index; 1149 1150 /* Calculate the start and end of each section of the buffer */ 1151 bufend = sbufend = buflen; 1152 if (first_cutoff) { 1153 if (first_cutoff >= buflen) 1154 log_fatal("%s:%d:store_options: Invalid first cutoff.", MDL); 1155 bufend = first_cutoff; 1156 1157 if (second_cutoff) { 1158 if (second_cutoff >= buflen) 1159 log_fatal("%s:%d:store_options: Invalid second cutoff.", 1160 MDL); 1161 sbufend = second_cutoff; 1162 } 1163 } else if (second_cutoff) { 1164 if (second_cutoff >= buflen) 1165 log_fatal("%s:%d:store_options: Invalid second cutoff.", MDL); 1166 bufend = second_cutoff; 1167 } 1168 1169 memset (&od, 0, sizeof od); 1170 1171 /* Eliminate duplicate options from the parameter request list. 1172 * Enforce RFC-mandated ordering of options that are present. 1173 */ 1174 for (i = 0; i < priority_len - 1; i++) { 1175 /* Eliminate duplicates. */ 1176 tto = 0; 1177 for (ix = i + 1; ix < priority_len + tto; ix++) { 1178 if (tto) 1179 priority_list [ix - tto] = 1180 priority_list [ix]; 1181 if (priority_list [i] == priority_list [ix]) { 1182 tto++; 1183 priority_len--; 1184 } 1185 } 1186 1187 /* Enforce ordering of SUBNET_MASK options, according to 1188 * RFC2132 Section 3.3: 1189 * 1190 * If both the subnet mask and the router option are 1191 * specified in a DHCP reply, the subnet mask option MUST 1192 * be first. 1193 * 1194 * This guidance does not specify what to do if the client 1195 * PRL explicitly requests the options out of order, it is 1196 * a general statement. 1197 */ 1198 if (priority_list[i] == DHO_SUBNET_MASK) { 1199 for (ix = i - 1 ; ix >= 0 ; ix--) { 1200 if (priority_list[ix] == DHO_ROUTERS) { 1201 /* swap */ 1202 priority_list[ix] = DHO_SUBNET_MASK; 1203 priority_list[i] = DHO_ROUTERS; 1204 break; 1205 } 1206 } 1207 } 1208 } 1209 1210 /* Copy out the options in the order that they appear in the 1211 priority list... */ 1212 for (i = 0; i < priority_len; i++) { 1213 /* Number of bytes left to store (some may already 1214 have been stored by a previous pass). */ 1215 unsigned length; 1216 int optstart, soptstart, toptstart; 1217 struct universe *u; 1218 int have_encapsulation = 0; 1219 struct data_string encapsulation; 1220 int splitup; 1221 1222 memset (&encapsulation, 0, sizeof encapsulation); 1223 have_encapsulation = 0; 1224 1225 if (option != NULL) 1226 option_dereference(&option, MDL); 1227 1228 /* Code for next option to try to store. */ 1229 code = priority_list [i]; 1230 1231 /* Look up the option in the site option space if the code 1232 is above the cutoff, otherwise in the DHCP option space. */ 1233 if (code >= cfg_options -> site_code_min) 1234 u = universes [cfg_options -> site_universe]; 1235 else 1236 u = &dhcp_universe; 1237 1238 oc = lookup_option (u, cfg_options, code); 1239 1240 if (oc && oc->option) 1241 option_reference(&option, oc->option, MDL); 1242 else 1243 option_code_hash_lookup(&option, u->code_hash, &code, 0, MDL); 1244 1245 /* If it's a straight encapsulation, and the user supplied a 1246 * value for the entire option, use that. Otherwise, search 1247 * the encapsulated space. 1248 * 1249 * If it's a limited encapsulation with preceding data, and the 1250 * user supplied values for the preceding bytes, search the 1251 * encapsulated space. 1252 */ 1253 if ((option != NULL) && 1254 (((oc == NULL) && (option->format[0] == 'E')) || 1255 ((oc != NULL) && (option->format[0] == 'e')))) { 1256 static char *s, *t; 1257 struct option_cache *tmp; 1258 struct data_string name; 1259 1260 s = strchr (option->format, 'E'); 1261 if (s) 1262 t = strchr (++s, '.'); 1263 if (s && t) { 1264 memset (&name, 0, sizeof name); 1265 1266 /* A zero-length universe name means the vendor 1267 option space, if one is defined. */ 1268 if (t == s) { 1269 if (vendor_cfg_option) { 1270 tmp = lookup_option (vendor_cfg_option -> universe, 1271 cfg_options, 1272 vendor_cfg_option -> code); 1273 if (tmp) 1274 /* No need to check the return as we check name.len below */ 1275 (void) evaluate_option_cache (&name, packet, lease, 1276 client_state, 1277 in_options, 1278 cfg_options, 1279 scope, tmp, MDL); 1280 } else if (vuname) { 1281 name.data = (unsigned char *)s; 1282 name.len = strlen (s); 1283 } 1284 } else { 1285 name.data = (unsigned char *)s; 1286 name.len = t - s; 1287 } 1288 1289 /* If we found a universe, and there are options configured 1290 for that universe, try to encapsulate it. */ 1291 if (name.len) { 1292 have_encapsulation = 1293 (option_space_encapsulate 1294 (&encapsulation, packet, lease, client_state, 1295 in_options, cfg_options, scope, &name)); 1296 data_string_forget (&name, MDL); 1297 } 1298 } 1299 } 1300 1301 /* In order to avoid memory leaks, we have to get to here 1302 with any option cache that we allocated in tmp not being 1303 referenced by tmp, and whatever option cache is referenced 1304 by oc being an actual reference. lookup_option doesn't 1305 generate a reference (this needs to be fixed), so the 1306 preceding goop ensures that if we *didn't* generate a new 1307 option cache, oc still winds up holding an actual reference. */ 1308 1309 /* If no data is available for this option, skip it. */ 1310 if (!oc && !have_encapsulation) { 1311 continue; 1312 } 1313 1314 /* Find the value of the option... */ 1315 od.len = 0; 1316 if (oc) { 1317 /* No need to check the return as we check od.len below */ 1318 (void) evaluate_option_cache (&od, packet, 1319 lease, client_state, in_options, 1320 cfg_options, scope, oc, MDL); 1321 1322 /* If we have encapsulation for this option, and an oc 1323 * lookup succeeded, but the evaluation failed, it is 1324 * either because this is a complex atom (atoms before 1325 * E on format list) and the top half of the option is 1326 * not configured, or this is a simple encapsulated 1327 * space and the evaluator is giving us a NULL. Prefer 1328 * the evaluator's opinion over the subspace. 1329 */ 1330 if (!od.len) { 1331 data_string_forget (&encapsulation, MDL); 1332 data_string_forget (&od, MDL); 1333 continue; 1334 } 1335 } 1336 1337 /* We should now have a constant length for the option. */ 1338 length = od.len; 1339 if (have_encapsulation) { 1340 length += encapsulation.len; 1341 1342 /* od.len can be nonzero if we got here without an 1343 * oc (cache lookup failed), but did have an encapsulated 1344 * simple encapsulation space. 1345 */ 1346 if (!od.len) { 1347 data_string_copy (&od, &encapsulation, MDL); 1348 data_string_forget (&encapsulation, MDL); 1349 } else { 1350 struct buffer *bp = (struct buffer *)0; 1351 if (!buffer_allocate (&bp, length, MDL)) { 1352 option_cache_dereference (&oc, MDL); 1353 data_string_forget (&od, MDL); 1354 data_string_forget (&encapsulation, MDL); 1355 continue; 1356 } 1357 memcpy (&bp -> data [0], od.data, od.len); 1358 memcpy (&bp -> data [od.len], encapsulation.data, 1359 encapsulation.len); 1360 data_string_forget (&od, MDL); 1361 data_string_forget (&encapsulation, MDL); 1362 od.data = &bp -> data [0]; 1363 buffer_reference (&od.buffer, bp, MDL); 1364 buffer_dereference (&bp, MDL); 1365 od.len = length; 1366 od.terminated = 0; 1367 } 1368 } 1369 1370 /* Do we add a NUL? */ 1371 if (terminate && option && format_has_text(option->format)) { 1372 length++; 1373 tto = 1; 1374 } else { 1375 tto = 0; 1376 } 1377 1378 /* Try to store the option. */ 1379 1380 /* If the option's length is more than 255, we must store it 1381 in multiple hunks. Store 255-byte hunks first. However, 1382 in any case, if the option data will cross a buffer 1383 boundary, split it across that boundary. */ 1384 1385 if (length > 255) 1386 splitup = 1; 1387 else 1388 splitup = 0; 1389 1390 ix = 0; 1391 optstart = bufix; 1392 soptstart = six; 1393 toptstart = tix; 1394 while (length) { 1395 unsigned incr = length; 1396 int *pix; 1397 unsigned char *base; 1398 1399 /* Try to fit it in the options buffer. */ 1400 if (!splitup && 1401 ((!six && !tix && (i == priority_len - 1) && 1402 (bufix + 2 + length < bufend)) || 1403 (bufix + 5 + length < bufend))) { 1404 base = buffer; 1405 pix = &bufix; 1406 /* Try to fit it in the second buffer. */ 1407 } else if (!splitup && first_cutoff && 1408 (first_cutoff + six + 3 + length < sbufend)) { 1409 base = &buffer[first_cutoff]; 1410 pix = &six; 1411 /* Try to fit it in the third buffer. */ 1412 } else if (!splitup && second_cutoff && 1413 (second_cutoff + tix + 3 + length < buflen)) { 1414 base = &buffer[second_cutoff]; 1415 pix = &tix; 1416 /* Split the option up into the remaining space. */ 1417 } else { 1418 splitup = 1; 1419 1420 /* Use any remaining options space. */ 1421 if (bufix + 6 < bufend) { 1422 incr = bufend - bufix - 5; 1423 base = buffer; 1424 pix = &bufix; 1425 /* Use any remaining first_cutoff space. */ 1426 } else if (first_cutoff && 1427 (first_cutoff + six + 4 < sbufend)) { 1428 incr = sbufend - (first_cutoff + six) - 3; 1429 base = &buffer[first_cutoff]; 1430 pix = &six; 1431 /* Use any remaining second_cutoff space. */ 1432 } else if (second_cutoff && 1433 (second_cutoff + tix + 4 < buflen)) { 1434 incr = buflen - (second_cutoff + tix) - 3; 1435 base = &buffer[second_cutoff]; 1436 pix = &tix; 1437 /* Give up, roll back this option. */ 1438 } else { 1439 bufix = optstart; 1440 six = soptstart; 1441 tix = toptstart; 1442 break; 1443 } 1444 } 1445 1446 if (incr > length) 1447 incr = length; 1448 if (incr > 255) 1449 incr = 255; 1450 1451 /* Everything looks good - copy it in! */ 1452 base [*pix] = code; 1453 base [*pix + 1] = (unsigned char)incr; 1454 if (tto && incr == length) { 1455 if (incr > 1) 1456 memcpy (base + *pix + 2, 1457 od.data + ix, (unsigned)(incr - 1)); 1458 base [*pix + 2 + incr - 1] = 0; 1459 } else { 1460 memcpy (base + *pix + 2, 1461 od.data + ix, (unsigned)incr); 1462 } 1463 length -= incr; 1464 ix += incr; 1465 *pix += 2 + incr; 1466 } 1467 data_string_forget (&od, MDL); 1468 } 1469 1470 if (option != NULL) 1471 option_dereference(&option, MDL); 1472 1473 /* If we can overload, and we have, then PAD and END those spaces. */ 1474 if (first_cutoff && six) { 1475 if ((first_cutoff + six + 1) < sbufend) 1476 memset (&buffer[first_cutoff + six + 1], DHO_PAD, 1477 sbufend - (first_cutoff + six + 1)); 1478 else if (first_cutoff + six >= sbufend) 1479 log_fatal("Second buffer overflow in overloaded options."); 1480 1481 buffer[first_cutoff + six] = DHO_END; 1482 if (ocount != NULL) 1483 *ocount |= 1; /* So that caller knows there's data there. */ 1484 } 1485 1486 if (second_cutoff && tix) { 1487 if (second_cutoff + tix + 1 < buflen) { 1488 memset (&buffer[second_cutoff + tix + 1], DHO_PAD, 1489 buflen - (second_cutoff + tix + 1)); 1490 } else if (second_cutoff + tix >= buflen) 1491 log_fatal("Third buffer overflow in overloaded options."); 1492 1493 buffer[second_cutoff + tix] = DHO_END; 1494 if (ocount != NULL) 1495 *ocount |= 2; /* So that caller knows there's data there. */ 1496 } 1497 1498 if ((six || tix) && (bufix + 3 > bufend)) 1499 log_fatal("Not enough space for option overload option."); 1500 1501 return bufix; 1502 } 1503 1504 /* Return true if the format string has a variable length text option 1505 * ("t"), return false otherwise. 1506 */ 1507 1508 int 1509 format_has_text(format) 1510 const char *format; 1511 { 1512 const char *p; 1513 1514 p = format; 1515 while (*p != '\0') { 1516 switch (*p++) { 1517 case 'd': 1518 case 't': 1519 return 1; 1520 1521 /* These symbols are arbitrary, not fixed or 1522 * determinable length...text options with them is 1523 * invalid (whatever the case, they are never NULL 1524 * terminated). 1525 */ 1526 case 'A': 1527 case 'a': 1528 case 'X': 1529 case 'x': 1530 case 'D': 1531 return 0; 1532 1533 case 'c': 1534 /* 'c' only follows 'D' atoms, and indicates that 1535 * compression may be used. If there was a 'D' 1536 * atom already, we would have returned. So this 1537 * is an error, but continue looking for 't' anyway. 1538 */ 1539 log_error("format_has_text(%s): 'c' atoms are illegal " 1540 "except after 'D' atoms.", format); 1541 break; 1542 1543 /* 'E' is variable length, but not arbitrary...you 1544 * can find its length if you can find an END option. 1545 * N is (n)-byte in length but trails a name of a 1546 * space defining the enumeration values. So treat 1547 * both the same - valid, fixed-length fields. 1548 */ 1549 case 'E': 1550 case 'N': 1551 /* Consume the space name. */ 1552 while ((*p != '\0') && (*p++ != '.')) 1553 ; 1554 break; 1555 1556 default: 1557 break; 1558 } 1559 } 1560 1561 return 0; 1562 } 1563 1564 /* Determine the minimum length of a DHCP option prior to any variable 1565 * or inconsistent length formats, according to its configured format 1566 * variable (and possibly from supplied option cache contents for variable 1567 * length format symbols). 1568 */ 1569 1570 int 1571 format_min_length(format, oc) 1572 const char *format; 1573 struct option_cache *oc; 1574 { 1575 const char *p, *name; 1576 int min_len = 0; 1577 int last_size = 0; 1578 struct enumeration *espace; 1579 1580 p = format; 1581 while (*p != '\0') { 1582 switch (*p++) { 1583 case '6': /* IPv6 Address */ 1584 min_len += 16; 1585 last_size = 16; 1586 break; 1587 1588 case 'I': /* IPv4 Address */ 1589 case 'l': /* int32_t */ 1590 case 'L': /* uint32_t */ 1591 case 'T': /* Lease Time, uint32_t equivalent */ 1592 min_len += 4; 1593 last_size = 4; 1594 break; 1595 1596 case 's': /* int16_t */ 1597 case 'S': /* uint16_t */ 1598 min_len += 2; 1599 last_size = 2; 1600 break; 1601 1602 case 'N': /* Enumeration value. */ 1603 /* Consume space name. */ 1604 name = p; 1605 p = strchr(p, '.'); 1606 if (p == NULL) 1607 log_fatal("Corrupt format: %s", format); 1608 1609 espace = find_enumeration(name, p - name); 1610 if (espace == NULL) { 1611 log_error("Unknown enumeration: %s", format); 1612 /* Max is safest value to return. */ 1613 return INT_MAX; 1614 } 1615 1616 min_len += espace->width; 1617 last_size = espace->width; 1618 p++; 1619 1620 break; 1621 1622 case 'b': /* int8_t */ 1623 case 'B': /* uint8_t */ 1624 case 'F': /* Flag that is always true. */ 1625 case 'f': /* Flag */ 1626 min_len++; 1627 last_size = 1; 1628 break; 1629 1630 case 'o': /* Last argument is optional. */ 1631 min_len -= last_size; 1632 1633 /* XXX: It MAY be possible to sense the end of an 1634 * encapsulated space, but right now this is too 1635 * hard to support. Return a safe value. 1636 */ 1637 case 'e': /* Encapsulation hint (there is an 'E' later). */ 1638 case 'E': /* Encapsulated options. */ 1639 return min_len; 1640 1641 case 'd': /* "Domain name" */ 1642 case 'D': /* "rfc1035 formatted names" */ 1643 case 't': /* "ASCII Text" */ 1644 case 'X': /* "ASCII or Hex Conditional */ 1645 case 'x': /* "Hex" */ 1646 case 'A': /* Array of all that precedes. */ 1647 case 'a': /* Array of preceding symbol. */ 1648 case 'Z': /* nothing. */ 1649 return min_len; 1650 1651 case 'c': /* Compress flag for D atom. */ 1652 log_error("format_min_length(%s): 'c' atom is illegal " 1653 "except after 'D' atom.", format); 1654 return INT_MAX; 1655 1656 default: 1657 /* No safe value is known. */ 1658 log_error("format_min_length(%s): No safe value " 1659 "for unknown format symbols.", format); 1660 return INT_MAX; 1661 } 1662 } 1663 1664 return min_len; 1665 } 1666 1667 1668 /* Format the specified option so that a human can easily read it. */ 1669 1670 const char *pretty_print_option (option, data, len, emit_commas, emit_quotes) 1671 struct option *option; 1672 const unsigned char *data; 1673 unsigned len; 1674 int emit_commas; 1675 int emit_quotes; 1676 { 1677 static char optbuf [32768]; /* XXX */ 1678 static char *endbuf = &optbuf[sizeof(optbuf)]; 1679 int hunksize = 0; 1680 int opthunk = 0; 1681 int hunkinc = 0; 1682 int numhunk = -1; 1683 int numelem = 0; 1684 int count; 1685 int i, j, k, l; 1686 char fmtbuf[32] = ""; 1687 struct iaddr iaddr; 1688 struct enumeration *enumbuf[32]; /* MUST be same as fmtbuf */ 1689 char *op = optbuf; 1690 const unsigned char *dp = data; 1691 char comma; 1692 unsigned long tval; 1693 isc_boolean_t a_array = ISC_FALSE; 1694 int len_used; 1695 1696 if (emit_commas) 1697 comma = ','; 1698 else 1699 comma = ' '; 1700 1701 memset (enumbuf, 0, sizeof enumbuf); 1702 1703 /* Figure out the size of the data. */ 1704 for (l = i = 0; option -> format [i]; i++, l++) { 1705 if (l >= sizeof(fmtbuf) - 1) 1706 log_fatal("Bounds failure on internal buffer at " 1707 "%s:%d", MDL); 1708 1709 if (!numhunk) { 1710 log_error ("%s: Extra codes in format string: %s", 1711 option -> name, 1712 &(option -> format [i])); 1713 break; 1714 } 1715 numelem++; 1716 fmtbuf [l] = option -> format [i]; 1717 switch (option -> format [i]) { 1718 case 'a': 1719 a_array = ISC_TRUE; 1720 /* Fall through */ 1721 case 'A': 1722 --numelem; 1723 fmtbuf [l] = 0; 1724 numhunk = 0; 1725 break; 1726 case 'E': 1727 /* Skip the universe name. */ 1728 while (option -> format [i] && 1729 option -> format [i] != '.') 1730 i++; 1731 /* Fall Through! */ 1732 case 'X': 1733 for (k = 0; k < len; k++) { 1734 if (!isascii (data [k]) || 1735 !isprint (data [k])) 1736 break; 1737 } 1738 /* If we found no bogus characters, or the bogus 1739 character we found is a trailing NUL, it's 1740 okay to print this option as text. */ 1741 if (k == len || (k + 1 == len && data [k] == 0)) { 1742 fmtbuf [l] = 't'; 1743 numhunk = -2; 1744 } else { 1745 fmtbuf [l] = 'x'; 1746 hunksize++; 1747 comma = ':'; 1748 numhunk = 0; 1749 a_array = ISC_TRUE; 1750 hunkinc = 1; 1751 } 1752 fmtbuf [l + 1] = 0; 1753 break; 1754 case 'c': 1755 /* The 'c' atom is a 'D' modifier only. */ 1756 log_error("'c' atom not following D atom in format " 1757 "string: %s", option->format); 1758 break; 1759 case 'D': 1760 /* 1761 * Skip the 'c' atom, if present. It does not affect 1762 * how we convert wire->text format (if compression is 1763 * present either way, we still process it). 1764 */ 1765 if (option->format[i+1] == 'c') 1766 i++; 1767 fmtbuf[l + 1] = 0; 1768 numhunk = -2; 1769 break; 1770 case 'd': 1771 fmtbuf[l] = 't'; 1772 /* Fall Through ! */ 1773 case 't': 1774 fmtbuf[l + 1] = 0; 1775 numhunk = -2; 1776 break; 1777 case 'N': 1778 k = i; 1779 while (option -> format [i] && 1780 option -> format [i] != '.') 1781 i++; 1782 enumbuf [l] = 1783 find_enumeration (&option -> format [k] + 1, 1784 i - k - 1); 1785 if (enumbuf[l] == NULL) { 1786 hunksize += 1; 1787 hunkinc = 1; 1788 } else { 1789 hunksize += enumbuf[l]->width; 1790 hunkinc = enumbuf[l]->width; 1791 } 1792 break; 1793 case '6': 1794 hunksize += 16; 1795 hunkinc = 16; 1796 break; 1797 case 'I': 1798 case 'l': 1799 case 'L': 1800 case 'T': 1801 hunksize += 4; 1802 hunkinc = 4; 1803 break; 1804 case 's': 1805 case 'S': 1806 hunksize += 2; 1807 hunkinc = 2; 1808 break; 1809 case 'b': 1810 case 'B': 1811 case 'f': 1812 case 'F': 1813 hunksize++; 1814 hunkinc = 1; 1815 break; 1816 case 'e': 1817 case 'Z': 1818 break; 1819 case 'o': 1820 opthunk += hunkinc; 1821 break; 1822 default: 1823 log_error ("%s: garbage in format string: %s", 1824 option -> name, 1825 &(option -> format [i])); 1826 break; 1827 } 1828 } 1829 1830 /* Check for too few bytes... */ 1831 if (hunksize - opthunk > len) { 1832 log_error ("%s: expecting at least %d bytes; got %d", 1833 option -> name, 1834 hunksize, len); 1835 return "<error>"; 1836 } 1837 /* Check for too many bytes... */ 1838 if (numhunk == -1 && hunksize < len) 1839 log_error ("%s: %d extra bytes", 1840 option -> name, 1841 len - hunksize); 1842 1843 /* If this is an array, compute its size. */ 1844 if (numhunk == 0) { 1845 if (a_array == ISC_TRUE) { 1846 /* 1847 * It is an 'a' type array - we repeat the 1848 * last format type. A binary string for 'X' 1849 * is also like this. hunkinc is the size 1850 * of the last format type and we add 1 to 1851 * cover the entire first record. 1852 */ 1853 numhunk = ((len - hunksize) / hunkinc) + 1; 1854 len_used = hunksize + ((numhunk - 1) * hunkinc); 1855 } else { 1856 /* 1857 * It is an 'A' type array - we repeat the 1858 * entire record 1859 */ 1860 numhunk = len / hunksize; 1861 len_used = numhunk * hunksize; 1862 } 1863 1864 /* See if we got an exact number of hunks. */ 1865 if (len_used < len) { 1866 log_error ("%s: %d extra bytes at end of array\n", 1867 option -> name, 1868 len - len_used); 1869 } 1870 } 1871 1872 1873 /* A one-hunk array prints the same as a single hunk. */ 1874 if (numhunk < 0) 1875 numhunk = 1; 1876 1877 /* Cycle through the array (or hunk) printing the data. */ 1878 for (i = 0; i < numhunk; i++) { 1879 if ((a_array == ISC_TRUE) && (i != 0) && (numelem > 0)) { 1880 /* 1881 * For 'a' type of arrays we repeat 1882 * only the last format character 1883 * We should never hit the case of numelem == 0 1884 * but let's include the check to be safe. 1885 */ 1886 j = numelem - 1; 1887 } else { 1888 /* 1889 * for other types of arrays or the first 1890 * time through for 'a' types, we go through 1891 * the entire set of format characters. 1892 */ 1893 j = 0; 1894 } 1895 1896 for (; j < numelem; j++) { 1897 switch (fmtbuf [j]) { 1898 case 't': 1899 /* endbuf-1 leaves room for NULL. */ 1900 k = pretty_text(&op, endbuf - 1, &dp, 1901 data + len, emit_quotes); 1902 if (k == -1) { 1903 log_error("Error printing text."); 1904 break; 1905 } 1906 *op = 0; 1907 break; 1908 case 'D': /* RFC1035 format name list */ 1909 for( ; dp < (data + len) ; dp += k) { 1910 unsigned char nbuff[NS_MAXCDNAME]; 1911 const unsigned char *nbp, *nend; 1912 1913 nend = &nbuff[sizeof(nbuff)]; 1914 1915 /* If this is for ISC DHCP consumption 1916 * (emit_quotes), lay it out as a list 1917 * of STRING tokens. Otherwise, it is 1918 * a space-separated list of DNS- 1919 * escaped names as /etc/resolv.conf 1920 * might digest. 1921 */ 1922 if (dp != data) { 1923 if (op + 2 > endbuf) 1924 break; 1925 1926 if (emit_quotes) 1927 *op++ = ','; 1928 *op++ = ' '; 1929 } 1930 1931 /* XXX: if fmtbuf[j+1] != 'c', we 1932 * should warn if the data was 1933 * compressed anyway. 1934 */ 1935 k = MRns_name_unpack(data, 1936 data + len, 1937 dp, nbuff, 1938 sizeof(nbuff)); 1939 1940 if (k == -1) { 1941 log_error("Invalid domain " 1942 "list."); 1943 break; 1944 } 1945 1946 /* If emit_quotes, then use ISC DHCP 1947 * escapes. Otherwise, rely only on 1948 * ns_name_ntop(). 1949 */ 1950 if (emit_quotes) { 1951 nbp = nbuff; 1952 pretty_domain(&op, endbuf-1, 1953 &nbp, nend); 1954 } else { 1955 /* ns_name_ntop() includes 1956 * a trailing NUL in its 1957 * count. 1958 */ 1959 count = MRns_name_ntop( 1960 nbuff, op, 1961 (endbuf-op)-1); 1962 1963 if (count <= 0) { 1964 log_error("Invalid " 1965 "domain name."); 1966 break; 1967 } 1968 1969 /* Consume all but the trailing 1970 * NUL. 1971 */ 1972 op += count - 1; 1973 1974 /* Replace the trailing NUL 1975 * with the implicit root 1976 * (in the unlikely event the 1977 * domain name /is/ the root). 1978 */ 1979 *op++ = '.'; 1980 } 1981 } 1982 *op = '\0'; 1983 break; 1984 /* pretty-printing an array of enums is 1985 going to get ugly. */ 1986 case 'N': 1987 if (!enumbuf [j]) { 1988 tval = *dp++; 1989 goto enum_as_num; 1990 } 1991 1992 switch (enumbuf[j]->width) { 1993 case 1: 1994 tval = getUChar(dp); 1995 break; 1996 1997 case 2: 1998 tval = getUShort(dp); 1999 break; 2000 2001 case 4: 2002 tval = getULong(dp); 2003 break; 2004 2005 default: 2006 log_fatal("Impossible case at %s:%d.", 2007 MDL); 2008 return "<double impossible condition>"; 2009 } 2010 2011 for (i = 0; ;i++) { 2012 if (!enumbuf [j] -> values [i].name) 2013 goto enum_as_num; 2014 if (enumbuf [j] -> values [i].value == 2015 tval) 2016 break; 2017 } 2018 strcpy (op, enumbuf [j] -> values [i].name); 2019 dp += enumbuf[j]->width; 2020 break; 2021 2022 enum_as_num: 2023 sprintf(op, "%lu", tval); 2024 break; 2025 2026 case 'I': 2027 iaddr.len = 4; 2028 memcpy(iaddr.iabuf, dp, 4); 2029 strcpy(op, piaddr(iaddr)); 2030 dp += 4; 2031 break; 2032 case '6': 2033 iaddr.len = 16; 2034 memcpy(iaddr.iabuf, dp, 16); 2035 strcpy(op, piaddr(iaddr)); 2036 dp += 16; 2037 break; 2038 case 'l': 2039 sprintf (op, "%ld", (long)getLong (dp)); 2040 dp += 4; 2041 break; 2042 case 'T': 2043 tval = getULong (dp); 2044 if (tval == -1) 2045 sprintf (op, "%s", "infinite"); 2046 else 2047 sprintf(op, "%lu", tval); 2048 break; 2049 case 'L': 2050 sprintf(op, "%lu", 2051 (unsigned long)getULong(dp)); 2052 dp += 4; 2053 break; 2054 case 's': 2055 sprintf (op, "%d", (int)getShort (dp)); 2056 dp += 2; 2057 break; 2058 case 'S': 2059 sprintf(op, "%u", (unsigned)getUShort(dp)); 2060 dp += 2; 2061 break; 2062 case 'b': 2063 sprintf (op, "%d", *(const char *)dp++); 2064 break; 2065 case 'B': 2066 sprintf (op, "%d", *dp++); 2067 break; 2068 case 'X': 2069 case 'x': 2070 sprintf (op, "%x", *dp++); 2071 break; 2072 case 'f': 2073 strcpy (op, *dp++ ? "true" : "false"); 2074 break; 2075 case 'F': 2076 strcpy (op, "true"); 2077 break; 2078 case 'e': 2079 case 'Z': 2080 *op = '\0'; 2081 break; 2082 default: 2083 log_error ("Unexpected format code %c", 2084 fmtbuf [j]); 2085 } 2086 op += strlen (op); 2087 if (dp == data + len) 2088 break; 2089 if (j + 1 < numelem && comma != ':') 2090 *op++ = ' '; 2091 } 2092 if (i + 1 < numhunk) { 2093 *op++ = comma; 2094 } 2095 if (dp == data + len) 2096 break; 2097 } 2098 return optbuf; 2099 } 2100 2101 int get_option (result, universe, packet, lease, client_state, 2102 in_options, cfg_options, options, scope, code, file, line) 2103 struct data_string *result; 2104 struct universe *universe; 2105 struct packet *packet; 2106 struct lease *lease; 2107 struct client_state *client_state; 2108 struct option_state *in_options; 2109 struct option_state *cfg_options; 2110 struct option_state *options; 2111 struct binding_scope **scope; 2112 unsigned code; 2113 const char *file; 2114 int line; 2115 { 2116 struct option_cache *oc; 2117 2118 if (!universe -> lookup_func) 2119 return 0; 2120 oc = ((*universe -> lookup_func) (universe, options, code)); 2121 if (!oc) 2122 return 0; 2123 if (!evaluate_option_cache (result, packet, lease, client_state, 2124 in_options, cfg_options, scope, oc, 2125 file, line)) 2126 return 0; 2127 return 1; 2128 } 2129 2130 void set_option (universe, options, option, op) 2131 struct universe *universe; 2132 struct option_state *options; 2133 struct option_cache *option; 2134 enum statement_op op; 2135 { 2136 struct option_cache *oc, *noc; 2137 2138 switch (op) { 2139 case if_statement: 2140 case add_statement: 2141 case eval_statement: 2142 case break_statement: 2143 default: 2144 log_error ("bogus statement type in set_option."); 2145 break; 2146 2147 case default_option_statement: 2148 oc = lookup_option (universe, options, 2149 option -> option -> code); 2150 if (oc) 2151 break; 2152 save_option (universe, options, option); 2153 break; 2154 2155 case supersede_option_statement: 2156 case send_option_statement: 2157 /* Install the option, replacing any existing version. */ 2158 save_option (universe, options, option); 2159 break; 2160 2161 case append_option_statement: 2162 case prepend_option_statement: 2163 oc = lookup_option (universe, options, 2164 option -> option -> code); 2165 if (!oc) { 2166 save_option (universe, options, option); 2167 break; 2168 } 2169 /* If it's not an expression, make it into one. */ 2170 if (!oc -> expression && oc -> data.len) { 2171 if (!expression_allocate (&oc -> expression, MDL)) { 2172 log_error ("Can't allocate const expression."); 2173 break; 2174 } 2175 oc -> expression -> op = expr_const_data; 2176 data_string_copy 2177 (&oc -> expression -> data.const_data, 2178 &oc -> data, MDL); 2179 data_string_forget (&oc -> data, MDL); 2180 } 2181 noc = (struct option_cache *)0; 2182 if (!option_cache_allocate (&noc, MDL)) 2183 break; 2184 if (op == append_option_statement) { 2185 if (!make_concat (&noc -> expression, 2186 oc -> expression, 2187 option -> expression)) { 2188 option_cache_dereference (&noc, MDL); 2189 break; 2190 } 2191 } else { 2192 if (!make_concat (&noc -> expression, 2193 option -> expression, 2194 oc -> expression)) { 2195 option_cache_dereference (&noc, MDL); 2196 break; 2197 } 2198 } 2199 option_reference(&(noc->option), oc->option, MDL); 2200 save_option (universe, options, noc); 2201 option_cache_dereference (&noc, MDL); 2202 break; 2203 } 2204 } 2205 2206 struct option_cache *lookup_option (universe, options, code) 2207 struct universe *universe; 2208 struct option_state *options; 2209 unsigned code; 2210 { 2211 if (!options) 2212 return (struct option_cache *)0; 2213 if (universe -> lookup_func) 2214 return (*universe -> lookup_func) (universe, options, code); 2215 else 2216 log_error ("can't look up options in %s space.", 2217 universe -> name); 2218 return (struct option_cache *)0; 2219 } 2220 2221 struct option_cache *lookup_hashed_option (universe, options, code) 2222 struct universe *universe; 2223 struct option_state *options; 2224 unsigned code; 2225 { 2226 int hashix; 2227 pair bptr; 2228 pair *hash; 2229 2230 /* Make sure there's a hash table. */ 2231 if (universe -> index >= options -> universe_count || 2232 !(options -> universes [universe -> index])) 2233 return (struct option_cache *)0; 2234 2235 hash = options -> universes [universe -> index]; 2236 2237 hashix = compute_option_hash (code); 2238 for (bptr = hash [hashix]; bptr; bptr = bptr -> cdr) { 2239 if (((struct option_cache *)(bptr -> car)) -> option -> code == 2240 code) 2241 return (struct option_cache *)(bptr -> car); 2242 } 2243 return (struct option_cache *)0; 2244 } 2245 2246 /* Save a specified buffer into an option cache. */ 2247 int 2248 save_option_buffer(struct universe *universe, struct option_state *options, 2249 struct buffer *bp, unsigned char *buffer, unsigned length, 2250 unsigned code, int terminatep) 2251 { 2252 struct option_cache *op = NULL; 2253 int status = 1; 2254 2255 status = prepare_option_buffer(universe, bp, buffer, length, code, 2256 terminatep, &op); 2257 2258 if (status == 0) 2259 goto cleanup; 2260 2261 save_option(universe, options, op); 2262 2263 cleanup: 2264 if (op != NULL) 2265 option_cache_dereference(&op, MDL); 2266 2267 return status; 2268 } 2269 2270 /* Append a specified buffer onto the tail of an option cache. */ 2271 int 2272 append_option_buffer(struct universe *universe, struct option_state *options, 2273 struct buffer *bp, unsigned char *buffer, unsigned length, 2274 unsigned code, int terminatep) 2275 { 2276 struct option_cache *op = NULL; 2277 int status = 1; 2278 2279 status = prepare_option_buffer(universe, bp, buffer, length, code, 2280 terminatep, &op); 2281 2282 if (status == 0) 2283 goto cleanup; 2284 2285 also_save_option(universe, options, op); 2286 2287 cleanup: 2288 if (op != NULL) 2289 option_cache_dereference(&op, MDL); 2290 2291 return status; 2292 } 2293 2294 /* Create/copy a buffer into a new option cache. */ 2295 static int 2296 prepare_option_buffer(struct universe *universe, struct buffer *bp, 2297 unsigned char *buffer, unsigned length, unsigned code, 2298 int terminatep, struct option_cache **opp) 2299 { 2300 struct buffer *lbp = NULL; 2301 struct option *option = NULL; 2302 struct option_cache *op; 2303 int status = 1; 2304 2305 /* Code sizes of 8, 16, and 32 bits are allowed. */ 2306 switch(universe->tag_size) { 2307 case 1: 2308 if (code > 0xff) 2309 return 0; 2310 break; 2311 case 2: 2312 if (code > 0xffff) 2313 return 0; 2314 break; 2315 case 4: 2316 if (code > 0xffffffff) 2317 return 0; 2318 break; 2319 2320 default: 2321 log_fatal("Inconsistent universe tag size at %s:%d.", MDL); 2322 } 2323 2324 option_code_hash_lookup(&option, universe->code_hash, &code, 0, MDL); 2325 2326 /* If we created an option structure for each option a client 2327 * supplied, it's possible we may create > 2^32 option structures. 2328 * That's not feasible. So by failing to enter these option 2329 * structures into the code and name hash tables, references will 2330 * never be more than 1 - when the option cache is destroyed, this 2331 * will be cleaned up. 2332 */ 2333 if (!option) { 2334 char nbuf[sizeof("unknown-4294967295")]; 2335 2336 sprintf(nbuf, "unknown-%u", code); 2337 2338 option = new_option(nbuf, MDL); 2339 2340 if (!option) 2341 return 0; 2342 2343 option->format = default_option_format; 2344 option->universe = universe; 2345 option->code = code; 2346 2347 /* new_option() doesn't set references, pretend. */ 2348 option->refcnt = 1; 2349 } 2350 2351 if (!option_cache_allocate (opp, MDL)) { 2352 log_error("No memory for option code %s.%s.", 2353 universe->name, option->name); 2354 status = 0; 2355 goto cleanup; 2356 } 2357 2358 /* Pointer rather than double pointer makes for less parens. */ 2359 op = *opp; 2360 2361 option_reference(&op->option, option, MDL); 2362 2363 /* If we weren't passed a buffer in which the data are saved and 2364 refcounted, allocate one now. */ 2365 if (!bp) { 2366 if (!buffer_allocate (&lbp, length + terminatep, MDL)) { 2367 log_error ("no memory for option buffer."); 2368 2369 status = 0; 2370 goto cleanup; 2371 } 2372 memcpy (lbp -> data, buffer, length + terminatep); 2373 bp = lbp; 2374 buffer = &bp -> data [0]; /* Refer to saved buffer. */ 2375 } 2376 2377 /* Reference buffer copy to option cache. */ 2378 op -> data.buffer = (struct buffer *)0; 2379 buffer_reference (&op -> data.buffer, bp, MDL); 2380 2381 /* Point option cache into buffer. */ 2382 op -> data.data = buffer; 2383 op -> data.len = length; 2384 2385 if (terminatep) { 2386 /* NUL terminate (we can get away with this because we (or 2387 the caller!) allocated one more than the buffer size, and 2388 because the byte following the end of an option is always 2389 the code of the next option, which the caller is getting 2390 out of the *original* buffer. */ 2391 buffer [length] = 0; 2392 op -> data.terminated = 1; 2393 } else 2394 op -> data.terminated = 0; 2395 2396 /* If this option is ultimately a text option, null determinate to 2397 * comply with RFC2132 section 2. Mark a flag so this can be sensed 2398 * later to echo NULLs back to clients that supplied them (they 2399 * probably expect them). 2400 */ 2401 if (format_has_text(option->format)) { 2402 int min_len = format_min_length(option->format, op); 2403 2404 while ((op->data.len > min_len) && 2405 (op->data.data[op->data.len-1] == '\0')) { 2406 op->data.len--; 2407 op->flags |= OPTION_HAD_NULLS; 2408 } 2409 } 2410 2411 /* And let go of our references. */ 2412 cleanup: 2413 if (lbp != NULL) 2414 buffer_dereference(&lbp, MDL); 2415 option_dereference(&option, MDL); 2416 2417 return status; 2418 } 2419 2420 static void 2421 count_options(struct option_cache *dummy_oc, 2422 struct packet *dummy_packet, 2423 struct lease *dummy_lease, 2424 struct client_state *dummy_client_state, 2425 struct option_state *dummy_opt_state, 2426 struct option_state *opt_state, 2427 struct binding_scope **dummy_binding_scope, 2428 struct universe *dummy_universe, 2429 void *void_accumulator) { 2430 int *accumulator = (int *)void_accumulator; 2431 2432 *accumulator += 1; 2433 } 2434 2435 static void 2436 collect_oro(struct option_cache *oc, 2437 struct packet *dummy_packet, 2438 struct lease *dummy_lease, 2439 struct client_state *dummy_client_state, 2440 struct option_state *dummy_opt_state, 2441 struct option_state *opt_state, 2442 struct binding_scope **dummy_binding_scope, 2443 struct universe *dummy_universe, 2444 void *void_oro) { 2445 struct data_string *oro = (struct data_string *)void_oro; 2446 2447 putUShort(oro->buffer->data + oro->len, oc->option->code); 2448 oro->len += 2; 2449 } 2450 2451 /* build_server_oro() is presently unusued, but may be used at a future date 2452 * with support for Reconfigure messages (as a hint to the client about new 2453 * option value contents). 2454 */ 2455 void 2456 build_server_oro(struct data_string *server_oro, 2457 struct option_state *options, 2458 const char *file, int line) { 2459 int num_opts; 2460 int i; 2461 struct option *o; 2462 2463 /* 2464 * Count the number of options, so we can allocate enough memory. 2465 * We want to mention sub-options too, so check all universes. 2466 */ 2467 num_opts = 0; 2468 option_space_foreach(NULL, NULL, NULL, NULL, options, 2469 NULL, &dhcpv6_universe, (void *)&num_opts, 2470 count_options); 2471 for (i=0; i < options->universe_count; i++) { 2472 if (options->universes[i] != NULL) { 2473 o = universes[i]->enc_opt; 2474 while (o != NULL) { 2475 if (o->universe == &dhcpv6_universe) { 2476 num_opts++; 2477 break; 2478 } 2479 o = o->universe->enc_opt; 2480 } 2481 } 2482 } 2483 2484 /* 2485 * Allocate space. 2486 */ 2487 memset(server_oro, 0, sizeof(*server_oro)); 2488 if (!buffer_allocate(&server_oro->buffer, num_opts * 2, MDL)) { 2489 log_fatal("no memory to build server ORO"); 2490 } 2491 server_oro->data = server_oro->buffer->data; 2492 2493 /* 2494 * Copy the data in. 2495 * We want to mention sub-options too, so check all universes. 2496 */ 2497 server_oro->len = 0; /* gets set in collect_oro */ 2498 option_space_foreach(NULL, NULL, NULL, NULL, options, 2499 NULL, &dhcpv6_universe, (void *)server_oro, 2500 collect_oro); 2501 for (i=0; i < options->universe_count; i++) { 2502 if (options->universes[i] != NULL) { 2503 o = universes[i]->enc_opt; 2504 while (o != NULL) { 2505 if (o->universe == &dhcpv6_universe) { 2506 unsigned char *tmp; 2507 tmp = server_oro->buffer->data; 2508 putUShort(tmp + server_oro->len, 2509 o->code); 2510 server_oro->len += 2; 2511 break; 2512 } 2513 o = o->universe->enc_opt; 2514 } 2515 } 2516 } 2517 } 2518 2519 /* Wrapper function to put an option cache into an option state. */ 2520 void 2521 save_option(struct universe *universe, struct option_state *options, 2522 struct option_cache *oc) 2523 { 2524 if (universe->save_func) 2525 (*universe->save_func)(universe, options, oc, ISC_FALSE); 2526 else 2527 log_error("can't store options in %s space.", universe->name); 2528 } 2529 2530 /* Wrapper function to append an option cache into an option state's list. */ 2531 void 2532 also_save_option(struct universe *universe, struct option_state *options, 2533 struct option_cache *oc) 2534 { 2535 if (universe->save_func) 2536 (*universe->save_func)(universe, options, oc, ISC_TRUE); 2537 else 2538 log_error("can't store options in %s space.", universe->name); 2539 } 2540 2541 void 2542 save_hashed_option(struct universe *universe, struct option_state *options, 2543 struct option_cache *oc, isc_boolean_t appendp) 2544 { 2545 int hashix; 2546 pair bptr; 2547 pair *hash = options -> universes [universe -> index]; 2548 struct option_cache **ocloc; 2549 2550 if (oc -> refcnt == 0) 2551 abort (); 2552 2553 /* Compute the hash. */ 2554 hashix = compute_option_hash (oc -> option -> code); 2555 2556 /* If there's no hash table, make one. */ 2557 if (!hash) { 2558 hash = (pair *)dmalloc (OPTION_HASH_SIZE * sizeof *hash, MDL); 2559 if (!hash) { 2560 log_error ("no memory to store %s.%s", 2561 universe -> name, oc -> option -> name); 2562 return; 2563 } 2564 memset (hash, 0, OPTION_HASH_SIZE * sizeof *hash); 2565 options -> universes [universe -> index] = (void *)hash; 2566 } else { 2567 /* Try to find an existing option matching the new one. */ 2568 for (bptr = hash [hashix]; bptr; bptr = bptr -> cdr) { 2569 if (((struct option_cache *) 2570 (bptr -> car)) -> option -> code == 2571 oc -> option -> code) 2572 break; 2573 } 2574 2575 /* Deal with collisions on the hash list. */ 2576 if (bptr) { 2577 ocloc = (struct option_cache **)&bptr->car; 2578 2579 /* 2580 * If appendp is set, append it onto the tail of the 2581 * ->next list. If it is not set, rotate it into 2582 * position at the head of the list. 2583 */ 2584 if (appendp) { 2585 do { 2586 ocloc = &(*ocloc)->next; 2587 } while (*ocloc != NULL); 2588 } else { 2589 option_cache_dereference(ocloc, MDL); 2590 } 2591 2592 option_cache_reference(ocloc, oc, MDL); 2593 return; 2594 } 2595 } 2596 2597 /* Otherwise, just put the new one at the head of the list. */ 2598 bptr = new_pair (MDL); 2599 if (!bptr) { 2600 log_error ("No memory for option_cache reference."); 2601 return; 2602 } 2603 bptr -> cdr = hash [hashix]; 2604 bptr -> car = 0; 2605 option_cache_reference ((struct option_cache **)&bptr -> car, oc, MDL); 2606 hash [hashix] = bptr; 2607 } 2608 2609 void delete_option (universe, options, code) 2610 struct universe *universe; 2611 struct option_state *options; 2612 int code; 2613 { 2614 if (universe -> delete_func) 2615 (*universe -> delete_func) (universe, options, code); 2616 else 2617 log_error ("can't delete options from %s space.", 2618 universe -> name); 2619 } 2620 2621 void delete_hashed_option (universe, options, code) 2622 struct universe *universe; 2623 struct option_state *options; 2624 int code; 2625 { 2626 int hashix; 2627 pair bptr, prev = (pair)0; 2628 pair *hash = options -> universes [universe -> index]; 2629 2630 /* There may not be any options in this space. */ 2631 if (!hash) 2632 return; 2633 2634 /* Try to find an existing option matching the new one. */ 2635 hashix = compute_option_hash (code); 2636 for (bptr = hash [hashix]; bptr; bptr = bptr -> cdr) { 2637 if (((struct option_cache *)(bptr -> car)) -> option -> code 2638 == code) 2639 break; 2640 prev = bptr; 2641 } 2642 /* If we found one, wipe it out... */ 2643 if (bptr) { 2644 if (prev) 2645 prev -> cdr = bptr -> cdr; 2646 else 2647 hash [hashix] = bptr -> cdr; 2648 option_cache_dereference 2649 ((struct option_cache **)(&bptr -> car), MDL); 2650 free_pair (bptr, MDL); 2651 } 2652 } 2653 2654 extern struct option_cache *free_option_caches; /* XXX */ 2655 2656 int option_cache_dereference (ptr, file, line) 2657 struct option_cache **ptr; 2658 const char *file; 2659 int line; 2660 { 2661 if (!ptr || !*ptr) { 2662 log_error ("Null pointer in option_cache_dereference: %s(%d)", 2663 file, line); 2664 #if defined (POINTER_DEBUG) 2665 abort (); 2666 #else 2667 return 0; 2668 #endif 2669 } 2670 2671 (*ptr) -> refcnt--; 2672 rc_register (file, line, ptr, *ptr, (*ptr) -> refcnt, 1, RC_MISC); 2673 if (!(*ptr) -> refcnt) { 2674 if ((*ptr) -> data.buffer) 2675 data_string_forget (&(*ptr) -> data, file, line); 2676 if ((*ptr)->option) 2677 option_dereference(&(*ptr)->option, MDL); 2678 if ((*ptr) -> expression) 2679 expression_dereference (&(*ptr) -> expression, 2680 file, line); 2681 if ((*ptr) -> next) 2682 option_cache_dereference (&((*ptr) -> next), 2683 file, line); 2684 /* Put it back on the free list... */ 2685 (*ptr) -> expression = (struct expression *)free_option_caches; 2686 free_option_caches = *ptr; 2687 dmalloc_reuse (free_option_caches, (char *)0, 0, 0); 2688 } 2689 if ((*ptr) -> refcnt < 0) { 2690 log_error ("%s(%d): negative refcnt!", file, line); 2691 #if defined (DEBUG_RC_HISTORY) 2692 dump_rc_history (*ptr); 2693 #endif 2694 #if defined (POINTER_DEBUG) 2695 abort (); 2696 #else 2697 *ptr = (struct option_cache *)0; 2698 return 0; 2699 #endif 2700 } 2701 *ptr = (struct option_cache *)0; 2702 return 1; 2703 2704 } 2705 2706 int hashed_option_state_dereference (universe, state, file, line) 2707 struct universe *universe; 2708 struct option_state *state; 2709 const char *file; 2710 int line; 2711 { 2712 pair *heads; 2713 pair cp, next; 2714 int i; 2715 2716 /* Get the pointer to the array of hash table bucket heads. */ 2717 heads = (pair *)(state -> universes [universe -> index]); 2718 if (!heads) 2719 return 0; 2720 2721 /* For each non-null head, loop through all the buckets dereferencing 2722 the attached option cache structures and freeing the buckets. */ 2723 for (i = 0; i < OPTION_HASH_SIZE; i++) { 2724 for (cp = heads [i]; cp; cp = next) { 2725 next = cp -> cdr; 2726 option_cache_dereference 2727 ((struct option_cache **)&cp -> car, 2728 file, line); 2729 free_pair (cp, file, line); 2730 } 2731 } 2732 2733 dfree (heads, file, line); 2734 state -> universes [universe -> index] = (void *)0; 2735 return 1; 2736 } 2737 2738 /* The 'data_string' primitive doesn't have an appension mechanism. 2739 * This function must then append a new option onto an existing buffer 2740 * by first duplicating the original buffer and appending the desired 2741 * values, followed by coping the new value into place. 2742 */ 2743 int 2744 append_option(struct data_string *dst, struct universe *universe, 2745 struct option *option, struct data_string *src) 2746 { 2747 struct data_string tmp; 2748 2749 if (src->len == 0 && option->format[0] != 'Z') 2750 return 0; 2751 2752 memset(&tmp, 0, sizeof(tmp)); 2753 2754 /* Allocate a buffer to hold existing data, the current option's 2755 * tag and length, and the option's content. 2756 */ 2757 if (!buffer_allocate(&tmp.buffer, 2758 (dst->len + universe->length_size + 2759 universe->tag_size + src->len), MDL)) { 2760 /* XXX: This kills all options presently stored in the 2761 * destination buffer. This is the way the original code 2762 * worked, and assumes an 'all or nothing' approach to 2763 * eg encapsulated option spaces. It may or may not be 2764 * desirable. 2765 */ 2766 data_string_forget(dst, MDL); 2767 return 0; 2768 } 2769 tmp.data = tmp.buffer->data; 2770 2771 /* Copy the existing data off the destination. */ 2772 if (dst->len != 0) 2773 memcpy(tmp.buffer->data, dst->data, dst->len); 2774 tmp.len = dst->len; 2775 2776 /* Place the new option tag and length. */ 2777 (*universe->store_tag)(tmp.buffer->data + tmp.len, option->code); 2778 tmp.len += universe->tag_size; 2779 (*universe->store_length)(tmp.buffer->data + tmp.len, src->len); 2780 tmp.len += universe->length_size; 2781 2782 /* Copy the option contents onto the end. */ 2783 memcpy(tmp.buffer->data + tmp.len, src->data, src->len); 2784 tmp.len += src->len; 2785 2786 /* Play the shell game. */ 2787 data_string_forget(dst, MDL); 2788 data_string_copy(dst, &tmp, MDL); 2789 data_string_forget(&tmp, MDL); 2790 return 1; 2791 } 2792 2793 int 2794 store_option(struct data_string *result, struct universe *universe, 2795 struct packet *packet, struct lease *lease, 2796 struct client_state *client_state, 2797 struct option_state *in_options, struct option_state *cfg_options, 2798 struct binding_scope **scope, struct option_cache *oc) 2799 { 2800 struct data_string tmp; 2801 struct universe *subu=NULL; 2802 int status; 2803 char *start, *end; 2804 2805 memset(&tmp, 0, sizeof(tmp)); 2806 2807 if (evaluate_option_cache(&tmp, packet, lease, client_state, 2808 in_options, cfg_options, scope, oc, MDL)) { 2809 /* If the option is an extended 'e'ncapsulation (not a 2810 * direct 'E'ncapsulation), append the encapsulated space 2811 * onto the currently prepared value. 2812 */ 2813 do { 2814 if (oc->option->format && 2815 oc->option->format[0] == 'e') { 2816 /* Skip forward to the universe name. */ 2817 start = strchr(oc->option->format, 'E'); 2818 if (start == NULL) 2819 break; 2820 2821 /* Locate the name-terminating '.'. */ 2822 end = strchr(++start, '.'); 2823 2824 /* A zero-length name is not allowed in 2825 * these kinds of encapsulations. 2826 */ 2827 if (end == NULL || start == end) 2828 break; 2829 2830 universe_hash_lookup(&subu, universe_hash, 2831 start, end - start, MDL); 2832 2833 if (subu == NULL) { 2834 log_error("store_option: option %d " 2835 "refers to unknown " 2836 "option space '%.*s'.", 2837 oc->option->code, 2838 (int)(end - start), start); 2839 break; 2840 } 2841 2842 /* Append encapsulations, if any. We 2843 * already have the prepended values, so 2844 * we send those even if there are no 2845 * encapsulated options (and ->encapsulate() 2846 * returns zero). 2847 */ 2848 subu->encapsulate(&tmp, packet, lease, 2849 client_state, in_options, 2850 cfg_options, scope, subu); 2851 subu = NULL; 2852 } 2853 } while (ISC_FALSE); 2854 2855 status = append_option(result, universe, oc->option, &tmp); 2856 data_string_forget(&tmp, MDL); 2857 2858 return status; 2859 } 2860 2861 return 0; 2862 } 2863 2864 int option_space_encapsulate (result, packet, lease, client_state, 2865 in_options, cfg_options, scope, name) 2866 struct data_string *result; 2867 struct packet *packet; 2868 struct lease *lease; 2869 struct client_state *client_state; 2870 struct option_state *in_options; 2871 struct option_state *cfg_options; 2872 struct binding_scope **scope; 2873 struct data_string *name; 2874 { 2875 struct universe *u = NULL; 2876 int status = 0; 2877 2878 universe_hash_lookup(&u, universe_hash, 2879 (const char *)name->data, name->len, MDL); 2880 if (u == NULL) { 2881 log_error("option_space_encapsulate: option space '%.*s' does " 2882 "not exist, but is configured.", 2883 (int)name->len, name->data); 2884 return status; 2885 } 2886 2887 if (u->encapsulate != NULL) { 2888 if (u->encapsulate(result, packet, lease, client_state, 2889 in_options, cfg_options, scope, u)) 2890 status = 1; 2891 } else 2892 log_error("encapsulation requested for '%s' with no support.", 2893 name->data); 2894 2895 return status; 2896 } 2897 2898 /* Attempt to store any 'E'ncapsulated options that have not yet been 2899 * placed on the option buffer by the above (configuring a value in 2900 * the space over-rides any values in the child universe). 2901 * 2902 * Note that there are far fewer universes than there will ever be 2903 * options in any universe. So it is faster to traverse the 2904 * configured universes, checking if each is encapsulated in the 2905 * current universe, and if so attempting to do so. 2906 * 2907 * For each configured universe for this configuration option space, 2908 * which is encapsulated within the current universe, can not be found 2909 * by the lookup function (the universe-specific encapsulation 2910 * functions would already have stored such a value), and encapsulates 2911 * at least one option, append it. 2912 */ 2913 static int 2914 search_subencapsulation(struct data_string *result, struct packet *packet, 2915 struct lease *lease, struct client_state *client_state, 2916 struct option_state *in_options, 2917 struct option_state *cfg_options, 2918 struct binding_scope **scope, 2919 struct universe *universe) 2920 { 2921 struct data_string sub; 2922 struct universe *subu; 2923 int i, status = 0; 2924 2925 memset(&sub, 0, sizeof(sub)); 2926 for (i = 0 ; i < cfg_options->universe_count ; i++) { 2927 subu = universes[i]; 2928 2929 if (subu == NULL) 2930 log_fatal("Impossible condition at %s:%d.", MDL); 2931 2932 if (subu->enc_opt != NULL && 2933 subu->enc_opt->universe == universe && 2934 subu->enc_opt->format != NULL && 2935 subu->enc_opt->format[0] == 'E' && 2936 lookup_option(universe, cfg_options, 2937 subu->enc_opt->code) == NULL && 2938 subu->encapsulate(&sub, packet, lease, client_state, 2939 in_options, cfg_options, 2940 scope, subu)) { 2941 if (append_option(result, universe, 2942 subu->enc_opt, &sub)) 2943 status = 1; 2944 2945 data_string_forget(&sub, MDL); 2946 } 2947 } 2948 2949 return status; 2950 } 2951 2952 int hashed_option_space_encapsulate (result, packet, lease, client_state, 2953 in_options, cfg_options, scope, universe) 2954 struct data_string *result; 2955 struct packet *packet; 2956 struct lease *lease; 2957 struct client_state *client_state; 2958 struct option_state *in_options; 2959 struct option_state *cfg_options; 2960 struct binding_scope **scope; 2961 struct universe *universe; 2962 { 2963 pair p, *hash; 2964 int status; 2965 int i; 2966 2967 if (universe -> index >= cfg_options -> universe_count) 2968 return 0; 2969 2970 hash = cfg_options -> universes [universe -> index]; 2971 if (!hash) 2972 return 0; 2973 2974 /* For each hash bucket, and each configured option cache within 2975 * that bucket, append the option onto the buffer in encapsulated 2976 * format appropriate to the universe. 2977 */ 2978 status = 0; 2979 for (i = 0; i < OPTION_HASH_SIZE; i++) { 2980 for (p = hash [i]; p; p = p -> cdr) { 2981 if (store_option(result, universe, packet, lease, 2982 client_state, in_options, cfg_options, 2983 scope, (struct option_cache *)p->car)) 2984 status = 1; 2985 } 2986 } 2987 2988 if (search_subencapsulation(result, packet, lease, client_state, 2989 in_options, cfg_options, scope, universe)) 2990 status = 1; 2991 2992 return status; 2993 } 2994 2995 int nwip_option_space_encapsulate (result, packet, lease, client_state, 2996 in_options, cfg_options, scope, universe) 2997 struct data_string *result; 2998 struct packet *packet; 2999 struct lease *lease; 3000 struct client_state *client_state; 3001 struct option_state *in_options; 3002 struct option_state *cfg_options; 3003 struct binding_scope **scope; 3004 struct universe *universe; 3005 { 3006 pair ocp; 3007 int status; 3008 static struct option_cache *no_nwip; 3009 struct data_string ds; 3010 struct option_chain_head *head; 3011 3012 if (universe -> index >= cfg_options -> universe_count) 3013 return 0; 3014 head = ((struct option_chain_head *) 3015 cfg_options -> universes [nwip_universe.index]); 3016 if (!head) 3017 return 0; 3018 3019 status = 0; 3020 for (ocp = head -> first; ocp; ocp = ocp -> cdr) { 3021 if (store_option (result, universe, packet, 3022 lease, client_state, in_options, 3023 cfg_options, scope, 3024 (struct option_cache *)ocp -> car)) 3025 status = 1; 3026 } 3027 3028 /* If there's no data, the nwip suboption is supposed to contain 3029 a suboption saying there's no data. */ 3030 if (!status) { 3031 if (!no_nwip) { 3032 unsigned one = 1; 3033 static unsigned char nni [] = { 1, 0 }; 3034 3035 memset (&ds, 0, sizeof ds); 3036 ds.data = nni; 3037 ds.len = 2; 3038 if (option_cache_allocate (&no_nwip, MDL)) 3039 data_string_copy (&no_nwip -> data, &ds, MDL); 3040 if (!option_code_hash_lookup(&no_nwip->option, 3041 nwip_universe.code_hash, 3042 &one, 0, MDL)) 3043 log_fatal("Nwip option hash does not contain " 3044 "1 (%s:%d).", MDL); 3045 } 3046 if (no_nwip) { 3047 if (store_option (result, universe, packet, lease, 3048 client_state, in_options, 3049 cfg_options, scope, no_nwip)) 3050 status = 1; 3051 } 3052 } else { 3053 memset (&ds, 0, sizeof ds); 3054 3055 /* If we have nwip options, the first one has to be the 3056 nwip-exists-in-option-area option. */ 3057 if (!buffer_allocate (&ds.buffer, result -> len + 2, MDL)) { 3058 data_string_forget (result, MDL); 3059 return 0; 3060 } 3061 ds.data = &ds.buffer -> data [0]; 3062 ds.buffer -> data [0] = 2; 3063 ds.buffer -> data [1] = 0; 3064 memcpy (&ds.buffer -> data [2], result -> data, result -> len); 3065 data_string_forget (result, MDL); 3066 data_string_copy (result, &ds, MDL); 3067 data_string_forget (&ds, MDL); 3068 } 3069 3070 return status; 3071 } 3072 3073 /* We don't want to use ns_name_pton()...it doesn't tell us how many bytes 3074 * it has consumed, and it plays havoc with our escapes. 3075 * 3076 * So this function does DNS encoding, and returns either the number of 3077 * octects consumed (on success), or -1 on failure. 3078 */ 3079 static int 3080 fqdn_encode(unsigned char *dst, int dstlen, const unsigned char *src, 3081 int srclen) 3082 { 3083 unsigned char *out; 3084 int i, j, len, outlen=0; 3085 3086 out = dst; 3087 for (i = 0, j = 0 ; i < srclen ; i = j) { 3088 while ((j < srclen) && (src[j] != '.') && (src[j] != '\0')) 3089 j++; 3090 3091 len = j - i; 3092 if ((outlen + 1 + len) > dstlen) 3093 return -1; 3094 3095 *out++ = len; 3096 outlen++; 3097 3098 /* We only do one FQDN, ending in one root label. */ 3099 if (len == 0) 3100 return outlen; 3101 3102 memcpy(out, src + i, len); 3103 out += len; 3104 outlen += len; 3105 3106 /* Advance past the root label. */ 3107 j++; 3108 } 3109 3110 if ((outlen + 1) > dstlen) 3111 return -1; 3112 3113 /* Place the root label. */ 3114 *out++ = 0; 3115 outlen++; 3116 3117 return outlen; 3118 } 3119 3120 int fqdn_option_space_encapsulate (result, packet, lease, client_state, 3121 in_options, cfg_options, scope, universe) 3122 struct data_string *result; 3123 struct packet *packet; 3124 struct lease *lease; 3125 struct client_state *client_state; 3126 struct option_state *in_options; 3127 struct option_state *cfg_options; 3128 struct binding_scope **scope; 3129 struct universe *universe; 3130 { 3131 pair ocp; 3132 struct data_string results [FQDN_SUBOPTION_COUNT + 1]; 3133 int status = 1; 3134 int i; 3135 unsigned len; 3136 struct buffer *bp = (struct buffer *)0; 3137 struct option_chain_head *head; 3138 3139 /* If there's no FQDN universe, don't encapsulate. */ 3140 if (fqdn_universe.index >= cfg_options -> universe_count) 3141 return 0; 3142 head = ((struct option_chain_head *) 3143 cfg_options -> universes [fqdn_universe.index]); 3144 if (!head) 3145 return 0; 3146 3147 /* Figure out the values of all the suboptions. */ 3148 memset (results, 0, sizeof results); 3149 for (ocp = head -> first; ocp; ocp = ocp -> cdr) { 3150 struct option_cache *oc = (struct option_cache *)(ocp -> car); 3151 if (oc -> option -> code > FQDN_SUBOPTION_COUNT) 3152 continue; 3153 /* No need to check the return code, we check the length later */ 3154 (void) evaluate_option_cache (&results[oc->option->code], 3155 packet, lease, client_state, 3156 in_options, cfg_options, scope, 3157 oc, MDL); 3158 } 3159 /* We add a byte for the flags field. 3160 * We add two bytes for the two RCODE fields. 3161 * We add a byte because we will prepend a label count. 3162 * We add a byte because the input len doesn't count null termination, 3163 * and we will add a root label. 3164 */ 3165 len = 5 + results [FQDN_FQDN].len; 3166 /* Save the contents of the option in a buffer. */ 3167 if (!buffer_allocate (&bp, len, MDL)) { 3168 log_error ("no memory for option buffer."); 3169 status = 0; 3170 goto exit; 3171 } 3172 buffer_reference (&result -> buffer, bp, MDL); 3173 result -> len = 3; 3174 result -> data = &bp -> data [0]; 3175 3176 memset (&bp -> data [0], 0, len); 3177 /* XXX: The server should set bit 4 (yes, 4, not 3) to 1 if it is 3178 * not going to perform any ddns updates. The client should set the 3179 * bit if it doesn't want the server to perform any updates. 3180 * The problem is at this layer of abstraction we have no idea if 3181 * the caller is a client or server. 3182 * 3183 * See RFC4702, Section 3.1, 'The "N" bit'. 3184 * 3185 * if (?) 3186 * bp->data[0] |= 8; 3187 */ 3188 if (results [FQDN_NO_CLIENT_UPDATE].len && 3189 results [FQDN_NO_CLIENT_UPDATE].data [0]) 3190 bp -> data [0] |= 2; 3191 if (results [FQDN_SERVER_UPDATE].len && 3192 results [FQDN_SERVER_UPDATE].data [0]) 3193 bp -> data [0] |= 1; 3194 if (results [FQDN_RCODE1].len) 3195 bp -> data [1] = results [FQDN_RCODE1].data [0]; 3196 if (results [FQDN_RCODE2].len) 3197 bp -> data [2] = results [FQDN_RCODE2].data [0]; 3198 3199 if (results [FQDN_ENCODED].len && 3200 results [FQDN_ENCODED].data [0]) { 3201 bp->data[0] |= 4; 3202 if (results [FQDN_FQDN].len) { 3203 i = fqdn_encode(&bp->data[3], len - 3, 3204 results[FQDN_FQDN].data, 3205 results[FQDN_FQDN].len); 3206 3207 if (i < 0) { 3208 status = 0; 3209 goto exit; 3210 } 3211 3212 result->len += i; 3213 result->terminated = 0; 3214 } 3215 } else { 3216 if (results [FQDN_FQDN].len) { 3217 memcpy (&bp -> data [3], results [FQDN_FQDN].data, 3218 results [FQDN_FQDN].len); 3219 result -> len += results [FQDN_FQDN].len; 3220 result -> terminated = 0; 3221 } 3222 } 3223 exit: 3224 for (i = 1; i <= FQDN_SUBOPTION_COUNT; i++) { 3225 if (results [i].len) 3226 data_string_forget (&results [i], MDL); 3227 } 3228 buffer_dereference (&bp, MDL); 3229 if (!status) 3230 data_string_forget(result, MDL); 3231 return status; 3232 } 3233 3234 /* 3235 * Trap invalid attempts to inspect FQND6 contents. 3236 */ 3237 struct option_cache * 3238 lookup_fqdn6_option(struct universe *universe, struct option_state *options, 3239 unsigned code) 3240 { 3241 log_fatal("Impossible condition at %s:%d.", MDL); 3242 return NULL; 3243 } 3244 3245 /* 3246 * Trap invalid attempts to save options directly to FQDN6 rather than FQDN. 3247 */ 3248 void 3249 save_fqdn6_option(struct universe *universe, struct option_state *options, 3250 struct option_cache *oc, isc_boolean_t appendp) 3251 { 3252 log_fatal("Impossible condition at %s:%d.", MDL); 3253 } 3254 3255 /* 3256 * Trap invalid attempts to delete an option out of the FQDN6 universe. 3257 */ 3258 void 3259 delete_fqdn6_option(struct universe *universe, struct option_state *options, 3260 int code) 3261 { 3262 log_fatal("Impossible condition at %s:%d.", MDL); 3263 } 3264 3265 /* Shill to the DHCPv4 fqdn option cache any attempts to traverse the 3266 * V6's option cache entry. 3267 * 3268 * This function is called speculatively by dhclient to setup 3269 * environment variables. But it would have already called the 3270 * foreach on the normal fqdn universe, so this is superfluous. 3271 */ 3272 void 3273 fqdn6_option_space_foreach(struct packet *packet, struct lease *lease, 3274 struct client_state *client_state, 3275 struct option_state *in_options, 3276 struct option_state *cfg_options, 3277 struct binding_scope **scope, 3278 struct universe *u, void *stuff, 3279 void (*func)(struct option_cache *, 3280 struct packet *, 3281 struct lease *, 3282 struct client_state *, 3283 struct option_state *, 3284 struct option_state *, 3285 struct binding_scope **, 3286 struct universe *, void *)) 3287 { 3288 /* Pretend it is empty. */ 3289 return; 3290 } 3291 3292 /* Turn the FQDN option space into a DHCPv6 FQDN option buffer. 3293 */ 3294 int 3295 fqdn6_option_space_encapsulate(struct data_string *result, 3296 struct packet *packet, struct lease *lease, 3297 struct client_state *client_state, 3298 struct option_state *in_options, 3299 struct option_state *cfg_options, 3300 struct binding_scope **scope, 3301 struct universe *universe) 3302 { 3303 pair ocp; 3304 struct option_chain_head *head; 3305 struct option_cache *oc; 3306 unsigned char *data; 3307 int i, len, rval = 0, count; 3308 struct data_string results[FQDN_SUBOPTION_COUNT + 1]; 3309 3310 if (fqdn_universe.index >= cfg_options->universe_count) 3311 return 0; 3312 head = ((struct option_chain_head *) 3313 cfg_options->universes[fqdn_universe.index]); 3314 if (head == NULL) 3315 return 0; 3316 3317 memset(results, 0, sizeof(results)); 3318 for (ocp = head->first ; ocp != NULL ; ocp = ocp->cdr) { 3319 oc = (struct option_cache *)(ocp->car); 3320 if (oc->option->code > FQDN_SUBOPTION_COUNT) 3321 log_fatal("Impossible condition at %s:%d.", MDL); 3322 /* No need to check the return code, we check the length later */ 3323 (void) evaluate_option_cache(&results[oc->option->code], packet, 3324 lease, client_state, in_options, 3325 cfg_options, scope, oc, MDL); 3326 } 3327 3328 /* We add a byte for the flags field at the start of the option. 3329 * We add a byte because we will prepend a label count. 3330 * We add a byte because the input length doesn't include a trailing 3331 * NULL, and we will add a root label. 3332 */ 3333 len = results[FQDN_FQDN].len + 3; 3334 if (!buffer_allocate(&result->buffer, len, MDL)) { 3335 log_error("No memory for virtual option buffer."); 3336 goto exit; 3337 } 3338 data = result->buffer->data; 3339 result->data = data; 3340 3341 /* The first byte is the flags field. */ 3342 result->len = 1; 3343 data[0] = 0; 3344 /* XXX: The server should set bit 3 (yes, 3, not 4) to 1 if we 3345 * are not going to perform any DNS updates. The problem is 3346 * that at this layer of abstraction, we do not know if the caller 3347 * is the client or the server. 3348 * 3349 * See RFC4704 Section 4.1, 'The "N" bit'. 3350 * 3351 * if (?) 3352 * data[0] |= 4; 3353 */ 3354 if (results[FQDN_NO_CLIENT_UPDATE].len && 3355 results[FQDN_NO_CLIENT_UPDATE].data[0]) 3356 data[0] |= 2; 3357 if (results[FQDN_SERVER_UPDATE].len && 3358 results[FQDN_SERVER_UPDATE].data[0]) 3359 data[0] |= 1; 3360 3361 /* If there is no name, we're done. */ 3362 if (results[FQDN_FQDN].len == 0) { 3363 rval = 1; 3364 goto exit; 3365 } 3366 3367 /* Convert textual representation to DNS format. */ 3368 count = fqdn_encode(data + 1, len - 1, 3369 results[FQDN_FQDN].data, results[FQDN_FQDN].len); 3370 3371 if (count < 0) { 3372 rval = 0; 3373 data_string_forget(result, MDL); 3374 goto exit; 3375 } 3376 3377 result->len += count; 3378 result->terminated = 0; 3379 3380 /* Success! */ 3381 rval = 1; 3382 3383 exit: 3384 for (i = 1 ; i <= FQDN_SUBOPTION_COUNT ; i++) { 3385 if (result[i].len) 3386 data_string_forget(&results[i], MDL); 3387 } 3388 3389 return rval; 3390 } 3391 3392 /* Read the DHCPv6 FQDN option's contents into the FQDN virtual space. 3393 */ 3394 int 3395 fqdn6_universe_decode(struct option_state *options, 3396 const unsigned char *buffer, unsigned length, 3397 struct universe *u) 3398 { 3399 struct buffer *bp = NULL; 3400 unsigned char *first_dot; 3401 int len, hlen, dlen; 3402 3403 /* The FQDN option has to be at least 1 byte long. */ 3404 if (length < 1) 3405 return 0; 3406 3407 /* Save the contents of the option in a buffer. There are 3 3408 * one-byte values we record from the packet, so we go ahead 3409 * and allocate a bigger buffer to accommodate them. But the 3410 * 'length' we got (because it is a DNS encoded string) is 3411 * one longer than we need...so we only add two extra octets. 3412 */ 3413 if (!buffer_allocate(&bp, length + 2, MDL)) { 3414 log_error("No memory for dhcp6.fqdn option buffer."); 3415 return 0; 3416 } 3417 3418 /* The v6 FQDN is always 'encoded' per DNS. */ 3419 bp->data[0] = 1; 3420 if (!save_option_buffer(&fqdn_universe, options, bp, 3421 bp->data, 1, FQDN_ENCODED, 0)) 3422 goto error; 3423 3424 /* XXX: We need to process 'The "N" bit'. */ 3425 3426 if (buffer[0] & 1) /* server-update. */ 3427 bp->data[2] = 1; 3428 else 3429 bp->data[2] = 0; 3430 3431 if (!save_option_buffer(&fqdn_universe, options, bp, bp->data + 2, 1, 3432 FQDN_SERVER_UPDATE, 0)) 3433 goto error; 3434 3435 if (buffer[0] & 2) /* no-client-update. */ 3436 bp->data[1] = 1; 3437 else 3438 bp->data[1] = 0; 3439 3440 if (!save_option_buffer(&fqdn_universe, options, bp, bp->data + 1, 1, 3441 FQDN_NO_CLIENT_UPDATE, 0)) 3442 goto error; 3443 3444 /* Convert the domain name to textual representation for config. */ 3445 len = MRns_name_ntop(buffer + 1, (char *)bp->data + 3, length - 1); 3446 if (len == -1) { 3447 log_error("Unable to convert dhcp6.fqdn domain name to " 3448 "printable form."); 3449 goto error; 3450 } 3451 3452 /* Save the domain name. */ 3453 if (len > 0) { 3454 unsigned char *fqdn_start = bp->data + 3; 3455 3456 if (!save_option_buffer(&fqdn_universe, options, bp, 3457 fqdn_start, len, FQDN_FQDN, 1)) 3458 goto error; 3459 3460 first_dot = (unsigned char *)strchr((char *)fqdn_start, '.'); 3461 3462 if (first_dot != NULL) { 3463 hlen = first_dot - fqdn_start; 3464 dlen = len - hlen; 3465 } else { 3466 hlen = len; 3467 dlen = 0; 3468 } 3469 3470 if (!save_option_buffer(&fqdn_universe, options, bp, 3471 fqdn_start, len, FQDN_FQDN, 1) || 3472 ((hlen > 0) && 3473 !save_option_buffer(&fqdn_universe, options, bp, 3474 fqdn_start, hlen, 3475 FQDN_HOSTNAME, 0)) || 3476 ((dlen > 0) && 3477 !save_option_buffer(&fqdn_universe, options, bp, 3478 first_dot, dlen, FQDN_DOMAINNAME, 0))) 3479 goto error; 3480 } 3481 3482 buffer_dereference(&bp, MDL); 3483 return 1; 3484 3485 error: 3486 buffer_dereference(&bp, MDL); 3487 return 0; 3488 } 3489 3490 void option_space_foreach (struct packet *packet, struct lease *lease, 3491 struct client_state *client_state, 3492 struct option_state *in_options, 3493 struct option_state *cfg_options, 3494 struct binding_scope **scope, 3495 struct universe *u, void *stuff, 3496 void (*func) (struct option_cache *, 3497 struct packet *, 3498 struct lease *, struct client_state *, 3499 struct option_state *, 3500 struct option_state *, 3501 struct binding_scope **, 3502 struct universe *, void *)) 3503 { 3504 if (u -> foreach) 3505 (*u -> foreach) (packet, lease, client_state, in_options, 3506 cfg_options, scope, u, stuff, func); 3507 } 3508 3509 void suboption_foreach (struct packet *packet, struct lease *lease, 3510 struct client_state *client_state, 3511 struct option_state *in_options, 3512 struct option_state *cfg_options, 3513 struct binding_scope **scope, 3514 struct universe *u, void *stuff, 3515 void (*func) (struct option_cache *, 3516 struct packet *, 3517 struct lease *, struct client_state *, 3518 struct option_state *, 3519 struct option_state *, 3520 struct binding_scope **, 3521 struct universe *, void *), 3522 struct option_cache *oc, 3523 const char *vsname) 3524 { 3525 struct universe *universe = find_option_universe (oc -> option, 3526 vsname); 3527 if (universe -> foreach) 3528 (*universe -> foreach) (packet, lease, client_state, 3529 in_options, cfg_options, 3530 scope, universe, stuff, func); 3531 } 3532 3533 void hashed_option_space_foreach (struct packet *packet, struct lease *lease, 3534 struct client_state *client_state, 3535 struct option_state *in_options, 3536 struct option_state *cfg_options, 3537 struct binding_scope **scope, 3538 struct universe *u, void *stuff, 3539 void (*func) (struct option_cache *, 3540 struct packet *, 3541 struct lease *, 3542 struct client_state *, 3543 struct option_state *, 3544 struct option_state *, 3545 struct binding_scope **, 3546 struct universe *, void *)) 3547 { 3548 pair *hash; 3549 int i; 3550 struct option_cache *oc; 3551 3552 if (cfg_options -> universe_count <= u -> index) 3553 return; 3554 3555 hash = cfg_options -> universes [u -> index]; 3556 if (!hash) 3557 return; 3558 for (i = 0; i < OPTION_HASH_SIZE; i++) { 3559 pair p; 3560 /* XXX save _all_ options! XXX */ 3561 for (p = hash [i]; p; p = p -> cdr) { 3562 oc = (struct option_cache *)p -> car; 3563 (*func) (oc, packet, lease, client_state, 3564 in_options, cfg_options, scope, u, stuff); 3565 } 3566 } 3567 } 3568 3569 void 3570 save_linked_option(struct universe *universe, struct option_state *options, 3571 struct option_cache *oc, isc_boolean_t appendp) 3572 { 3573 pair *tail; 3574 struct option_chain_head *head; 3575 struct option_cache **ocloc; 3576 3577 if (universe -> index >= options -> universe_count) 3578 return; 3579 head = ((struct option_chain_head *) 3580 options -> universes [universe -> index]); 3581 if (!head) { 3582 if (!option_chain_head_allocate (((struct option_chain_head **) 3583 &options -> universes 3584 [universe -> index]), MDL)) 3585 return; 3586 head = ((struct option_chain_head *) 3587 options -> universes [universe -> index]); 3588 } 3589 3590 /* Find the tail of the list. */ 3591 for (tail = &head -> first; *tail; tail = &((*tail) -> cdr)) { 3592 ocloc = (struct option_cache **)&(*tail)->car; 3593 3594 if (oc->option->code == (*ocloc)->option->code) { 3595 if (appendp) { 3596 do { 3597 ocloc = &(*ocloc)->next; 3598 } while (*ocloc != NULL); 3599 } else { 3600 option_cache_dereference(ocloc, MDL); 3601 } 3602 option_cache_reference(ocloc, oc, MDL); 3603 return; 3604 } 3605 } 3606 3607 *tail = cons (0, 0); 3608 if (*tail) { 3609 option_cache_reference ((struct option_cache **) 3610 (&(*tail) -> car), oc, MDL); 3611 } 3612 } 3613 3614 int linked_option_space_encapsulate (result, packet, lease, client_state, 3615 in_options, cfg_options, scope, universe) 3616 struct data_string *result; 3617 struct packet *packet; 3618 struct lease *lease; 3619 struct client_state *client_state; 3620 struct option_state *in_options; 3621 struct option_state *cfg_options; 3622 struct binding_scope **scope; 3623 struct universe *universe; 3624 { 3625 int status = 0; 3626 pair oc; 3627 struct option_chain_head *head; 3628 3629 if (universe -> index >= cfg_options -> universe_count) 3630 return status; 3631 head = ((struct option_chain_head *) 3632 cfg_options -> universes [universe -> index]); 3633 if (!head) 3634 return status; 3635 3636 for (oc = head -> first; oc; oc = oc -> cdr) { 3637 if (store_option (result, universe, packet, 3638 lease, client_state, in_options, cfg_options, 3639 scope, (struct option_cache *)(oc -> car))) 3640 status = 1; 3641 } 3642 3643 if (search_subencapsulation(result, packet, lease, client_state, 3644 in_options, cfg_options, scope, universe)) 3645 status = 1; 3646 3647 return status; 3648 } 3649 3650 void delete_linked_option (universe, options, code) 3651 struct universe *universe; 3652 struct option_state *options; 3653 int code; 3654 { 3655 pair *tail, tmp = (pair)0; 3656 struct option_chain_head *head; 3657 3658 if (universe -> index >= options -> universe_count) 3659 return; 3660 head = ((struct option_chain_head *) 3661 options -> universes [universe -> index]); 3662 if (!head) 3663 return; 3664 3665 for (tail = &head -> first; *tail; tail = &((*tail) -> cdr)) { 3666 if (code == 3667 ((struct option_cache *)(*tail) -> car) -> option -> code) 3668 { 3669 tmp = (*tail) -> cdr; 3670 option_cache_dereference ((struct option_cache **) 3671 (&(*tail) -> car), MDL); 3672 dfree (*tail, MDL); 3673 (*tail) = tmp; 3674 break; 3675 } 3676 } 3677 } 3678 3679 struct option_cache *lookup_linked_option (universe, options, code) 3680 struct universe *universe; 3681 struct option_state *options; 3682 unsigned code; 3683 { 3684 pair oc; 3685 struct option_chain_head *head; 3686 3687 if (universe -> index >= options -> universe_count) 3688 return 0; 3689 head = ((struct option_chain_head *) 3690 options -> universes [universe -> index]); 3691 if (!head) 3692 return 0; 3693 3694 for (oc = head -> first; oc; oc = oc -> cdr) { 3695 if (code == 3696 ((struct option_cache *)(oc -> car)) -> option -> code) { 3697 return (struct option_cache *)(oc -> car); 3698 } 3699 } 3700 3701 return (struct option_cache *)0; 3702 } 3703 3704 int linked_option_state_dereference (universe, state, file, line) 3705 struct universe *universe; 3706 struct option_state *state; 3707 const char *file; 3708 int line; 3709 { 3710 return (option_chain_head_dereference 3711 ((struct option_chain_head **) 3712 (&state -> universes [universe -> index]), MDL)); 3713 } 3714 3715 void linked_option_space_foreach (struct packet *packet, struct lease *lease, 3716 struct client_state *client_state, 3717 struct option_state *in_options, 3718 struct option_state *cfg_options, 3719 struct binding_scope **scope, 3720 struct universe *u, void *stuff, 3721 void (*func) (struct option_cache *, 3722 struct packet *, 3723 struct lease *, 3724 struct client_state *, 3725 struct option_state *, 3726 struct option_state *, 3727 struct binding_scope **, 3728 struct universe *, void *)) 3729 { 3730 pair car; 3731 struct option_chain_head *head; 3732 3733 if (u -> index >= cfg_options -> universe_count) 3734 return; 3735 head = ((struct option_chain_head *) 3736 cfg_options -> universes [u -> index]); 3737 if (!head) 3738 return; 3739 for (car = head -> first; car; car = car -> cdr) { 3740 (*func) ((struct option_cache *)(car -> car), 3741 packet, lease, client_state, 3742 in_options, cfg_options, scope, u, stuff); 3743 } 3744 } 3745 3746 void do_packet (interface, packet, len, from_port, from, hfrom) 3747 struct interface_info *interface; 3748 struct dhcp_packet *packet; 3749 unsigned len; 3750 unsigned int from_port; 3751 struct iaddr from; 3752 struct hardware *hfrom; 3753 { 3754 struct option_cache *op; 3755 struct packet *decoded_packet; 3756 #if defined (DEBUG_MEMORY_LEAKAGE) 3757 unsigned long previous_outstanding = dmalloc_outstanding; 3758 #endif 3759 3760 #if defined (TRACING) 3761 trace_inpacket_stash(interface, packet, len, from_port, from, hfrom); 3762 #endif 3763 3764 decoded_packet = NULL; 3765 if (!packet_allocate(&decoded_packet, MDL)) { 3766 log_error("do_packet: no memory for incoming packet!"); 3767 return; 3768 } 3769 decoded_packet->raw = packet; 3770 decoded_packet->packet_length = len; 3771 decoded_packet->client_port = from_port; 3772 decoded_packet->client_addr = from; 3773 interface_reference(&decoded_packet->interface, interface, MDL); 3774 decoded_packet->haddr = hfrom; 3775 3776 if (packet->hlen > sizeof packet->chaddr) { 3777 packet_dereference(&decoded_packet, MDL); 3778 log_info("Discarding packet with bogus hlen."); 3779 return; 3780 } 3781 3782 /* If there's an option buffer, try to parse it. */ 3783 if (decoded_packet->packet_length >= DHCP_FIXED_NON_UDP + 4) { 3784 if (!parse_options(decoded_packet)) { 3785 if (decoded_packet->options) 3786 option_state_dereference 3787 (&decoded_packet->options, MDL); 3788 packet_dereference (&decoded_packet, MDL); 3789 return; 3790 } 3791 3792 if (decoded_packet->options_valid && 3793 (op = lookup_option(&dhcp_universe, 3794 decoded_packet->options, 3795 DHO_DHCP_MESSAGE_TYPE))) { 3796 struct data_string dp; 3797 memset(&dp, 0, sizeof dp); 3798 evaluate_option_cache(&dp, decoded_packet, NULL, NULL, 3799 decoded_packet->options, NULL, 3800 NULL, op, MDL); 3801 if (dp.len > 0) 3802 decoded_packet->packet_type = dp.data[0]; 3803 else 3804 decoded_packet->packet_type = 0; 3805 data_string_forget(&dp, MDL); 3806 } 3807 } 3808 3809 if (validate_packet(decoded_packet) != 0) { 3810 if (decoded_packet->packet_type) 3811 dhcp(decoded_packet); 3812 else 3813 bootp(decoded_packet); 3814 } 3815 3816 /* If the caller kept the packet, they'll have upped the refcnt. */ 3817 packet_dereference(&decoded_packet, MDL); 3818 3819 #if defined (DEBUG_MEMORY_LEAKAGE) 3820 log_info("generation %ld: %ld new, %ld outstanding, %ld long-term", 3821 dmalloc_generation, 3822 dmalloc_outstanding - previous_outstanding, 3823 dmalloc_outstanding, dmalloc_longterm); 3824 dmalloc_dump_outstanding(); 3825 #endif 3826 #if defined (DEBUG_RC_HISTORY_EXHAUSTIVELY) 3827 dump_rc_history(0); 3828 #endif 3829 } 3830 3831 int 3832 packet6_len_okay(const char *packet, int len) { 3833 if (len < 1) { 3834 return 0; 3835 } 3836 if ((packet[0] == DHCPV6_RELAY_FORW) || 3837 (packet[0] == DHCPV6_RELAY_REPL)) { 3838 if (len >= offsetof(struct dhcpv6_relay_packet, options)) { 3839 return 1; 3840 } else { 3841 return 0; 3842 } 3843 } else { 3844 if (len >= offsetof(struct dhcpv6_packet, options)) { 3845 return 1; 3846 } else { 3847 return 0; 3848 } 3849 } 3850 } 3851 3852 #ifdef DHCPv6 3853 void 3854 do_packet6(struct interface_info *interface, const char *packet, 3855 int len, int from_port, const struct iaddr *from, 3856 isc_boolean_t was_unicast) { 3857 unsigned char msg_type; 3858 const struct dhcpv6_packet *msg; 3859 const struct dhcpv6_relay_packet *relay; 3860 struct packet *decoded_packet; 3861 #if defined (DEBUG_MEMORY_LEAKAGE) 3862 unsigned long previous_outstanding = dmalloc_outstanding; 3863 #endif 3864 3865 if (!packet6_len_okay(packet, len)) { 3866 log_info("do_packet6: " 3867 "short packet from %s port %d, len %d, dropped", 3868 piaddr(*from), from_port, len); 3869 return; 3870 } 3871 3872 decoded_packet = NULL; 3873 if (!packet_allocate(&decoded_packet, MDL)) { 3874 log_error("do_packet6: no memory for incoming packet."); 3875 return; 3876 } 3877 3878 if (!option_state_allocate(&decoded_packet->options, MDL)) { 3879 log_error("do_packet6: no memory for options."); 3880 packet_dereference(&decoded_packet, MDL); 3881 return; 3882 } 3883 3884 /* IPv4 information, already set to 0 */ 3885 /* decoded_packet->packet_type = 0; */ 3886 /* memset(&decoded_packet->haddr, 0, sizeof(decoded_packet->haddr)); */ 3887 /* decoded_packet->circuit_id = NULL; */ 3888 /* decoded_packet->circuit_id_len = 0; */ 3889 /* decoded_packet->remote_id = NULL; */ 3890 /* decoded_packet->remote_id_len = 0; */ 3891 decoded_packet->raw = (struct dhcp_packet *)packet; 3892 decoded_packet->packet_length = (unsigned)len; 3893 decoded_packet->client_port = from_port; 3894 decoded_packet->client_addr = *from; 3895 interface_reference(&decoded_packet->interface, interface, MDL); 3896 3897 decoded_packet->unicast = was_unicast; 3898 3899 msg_type = packet[0]; 3900 if ((msg_type == DHCPV6_RELAY_FORW) || 3901 (msg_type == DHCPV6_RELAY_REPL)) { 3902 int relaylen = (int)(offsetof(struct dhcpv6_relay_packet, options)); 3903 relay = (const struct dhcpv6_relay_packet *)packet; 3904 decoded_packet->dhcpv6_msg_type = relay->msg_type; 3905 3906 /* relay-specific data */ 3907 decoded_packet->dhcpv6_hop_count = relay->hop_count; 3908 memcpy(&decoded_packet->dhcpv6_link_address, 3909 relay->link_address, sizeof(relay->link_address)); 3910 memcpy(&decoded_packet->dhcpv6_peer_address, 3911 relay->peer_address, sizeof(relay->peer_address)); 3912 3913 if (!parse_option_buffer(decoded_packet->options, 3914 relay->options, len - relaylen, 3915 &dhcpv6_universe)) { 3916 /* no logging here, as parse_option_buffer() logs all 3917 cases where it fails */ 3918 packet_dereference(&decoded_packet, MDL); 3919 return; 3920 } 3921 } else { 3922 int msglen = (int)(offsetof(struct dhcpv6_packet, options)); 3923 msg = (const struct dhcpv6_packet *)packet; 3924 decoded_packet->dhcpv6_msg_type = msg->msg_type; 3925 3926 /* message-specific data */ 3927 memcpy(decoded_packet->dhcpv6_transaction_id, 3928 msg->transaction_id, 3929 sizeof(decoded_packet->dhcpv6_transaction_id)); 3930 3931 if (!parse_option_buffer(decoded_packet->options, 3932 msg->options, len - msglen, 3933 &dhcpv6_universe)) { 3934 /* no logging here, as parse_option_buffer() logs all 3935 cases where it fails */ 3936 packet_dereference(&decoded_packet, MDL); 3937 return; 3938 } 3939 } 3940 3941 dhcpv6(decoded_packet); 3942 3943 packet_dereference(&decoded_packet, MDL); 3944 3945 #if defined (DEBUG_MEMORY_LEAKAGE) 3946 log_info("generation %ld: %ld new, %ld outstanding, %ld long-term", 3947 dmalloc_generation, 3948 dmalloc_outstanding - previous_outstanding, 3949 dmalloc_outstanding, dmalloc_longterm); 3950 dmalloc_dump_outstanding(); 3951 #endif 3952 #if defined (DEBUG_RC_HISTORY_EXHAUSTIVELY) 3953 dump_rc_history(0); 3954 #endif 3955 } 3956 #endif /* DHCPv6 */ 3957 3958 int 3959 pretty_escape(char **dst, char *dend, const unsigned char **src, 3960 const unsigned char *send) 3961 { 3962 int count = 0; 3963 3964 /* If there aren't as many bytes left as there are in the source 3965 * buffer, don't even bother entering the loop. 3966 */ 3967 if (dst == NULL || dend == NULL || src == NULL || send == NULL || 3968 *dst == NULL || *src == NULL || (*dst >= dend) || (*src > send) || 3969 ((send - *src) > (dend - *dst))) 3970 return -1; 3971 3972 for ( ; *src < send ; (*src)++) { 3973 if (!isascii (**src) || !isprint (**src)) { 3974 /* Skip trailing NUL. */ 3975 if ((*src + 1) != send || **src != '\0') { 3976 if (*dst + 4 > dend) 3977 return -1; 3978 3979 sprintf(*dst, "\\%03o", 3980 **src); 3981 (*dst) += 4; 3982 count += 4; 3983 } 3984 } else if (**src == '"' || **src == '\'' || **src == '$' || 3985 **src == '`' || **src == '\\' || **src == '|' || 3986 **src == '&') { 3987 if (*dst + 2 > dend) 3988 return -1; 3989 3990 **dst = '\\'; 3991 (*dst)++; 3992 **dst = **src; 3993 (*dst)++; 3994 count += 2; 3995 } else { 3996 if (*dst + 1 > dend) 3997 return -1; 3998 3999 **dst = **src; 4000 (*dst)++; 4001 count++; 4002 } 4003 } 4004 4005 return count; 4006 } 4007 4008 static int 4009 pretty_text(char **dst, char *dend, const unsigned char **src, 4010 const unsigned char *send, int emit_quotes) 4011 { 4012 int count; 4013 4014 if (dst == NULL || dend == NULL || src == NULL || send == NULL || 4015 *dst == NULL || *src == NULL || 4016 ((*dst + (emit_quotes ? 2 : 0)) > dend) || (*src > send)) 4017 return -1; 4018 4019 if (emit_quotes) { 4020 **dst = '"'; 4021 (*dst)++; 4022 } 4023 4024 /* dend-1 leaves 1 byte for the closing quote. */ 4025 count = pretty_escape(dst, dend - (emit_quotes ? 1 : 0), src, send); 4026 4027 if (count == -1) 4028 return -1; 4029 4030 if (emit_quotes && (*dst < dend)) { 4031 **dst = '"'; 4032 (*dst)++; 4033 4034 /* Includes quote prior to pretty_escape(); */ 4035 count += 2; 4036 } 4037 4038 return count; 4039 } 4040 4041 static int 4042 pretty_domain(char **dst, char *dend, const unsigned char **src, 4043 const unsigned char *send) 4044 { 4045 const unsigned char *tend; 4046 int count = 2; 4047 int tsiz, status; 4048 4049 if (dst == NULL || dend == NULL || src == NULL || send == NULL || 4050 *dst == NULL || *src == NULL || 4051 ((*dst + 2) > dend) || (*src >= send)) 4052 return -1; 4053 4054 **dst = '"'; 4055 (*dst)++; 4056 4057 do { 4058 /* Continue loop until end of src buffer. */ 4059 if (*src >= send) 4060 break; 4061 4062 /* Consume tag size. */ 4063 tsiz = **src; 4064 (*src)++; 4065 4066 /* At root, finis. */ 4067 if (tsiz == 0) 4068 break; 4069 4070 tend = (*src) + tsiz; 4071 4072 /* If the tag exceeds the source buffer, it's illegal. 4073 * This should also trap compression pointers (which should 4074 * not be in these buffers). 4075 */ 4076 if (tend > send) 4077 return -1; 4078 4079 /* dend-2 leaves room for a trailing dot and quote. */ 4080 status = pretty_escape(dst, dend-2, src, tend); 4081 4082 if ((status == -1) || ((*dst + 2) > dend)) 4083 return -1; 4084 4085 **dst = '.'; 4086 (*dst)++; 4087 count += status + 1; 4088 } 4089 while(1); 4090 4091 **dst = '"'; 4092 (*dst)++; 4093 4094 return count; 4095 } 4096 4097 /* 4098 * Add the option identified with the option number and data to the 4099 * options state. 4100 */ 4101 int 4102 add_option(struct option_state *options, 4103 unsigned int option_num, 4104 void *data, 4105 unsigned int data_len) 4106 { 4107 struct option_cache *oc; 4108 struct option *option; 4109 4110 /* INSIST(options != NULL); */ 4111 /* INSIST(data != NULL); */ 4112 4113 option = NULL; 4114 if (!option_code_hash_lookup(&option, dhcp_universe.code_hash, 4115 &option_num, 0, MDL)) { 4116 log_error("Attempting to add unknown option %d.", option_num); 4117 return 0; 4118 } 4119 4120 oc = NULL; 4121 if (!option_cache_allocate(&oc, MDL)) { 4122 log_error("No memory for option cache adding %s (option %d).", 4123 option->name, option_num); 4124 return 0; 4125 } 4126 4127 if (!make_const_data(&oc->expression, 4128 data, 4129 data_len, 4130 0, 4131 0, 4132 MDL)) { 4133 log_error("No memory for constant data adding %s (option %d).", 4134 option->name, option_num); 4135 option_cache_dereference(&oc, MDL); 4136 return 0; 4137 } 4138 4139 option_reference(&(oc->option), option, MDL); 4140 save_option(&dhcp_universe, options, oc); 4141 option_cache_dereference(&oc, MDL); 4142 4143 return 1; 4144 } 4145 4146 /** 4147 * Checks if received BOOTP/DHCPv4 packet is sane 4148 * 4149 * @param packet received, decoded packet 4150 * 4151 * @return 1 if packet is sane, 0 if it is not 4152 */ 4153 int validate_packet(struct packet *packet) 4154 { 4155 struct option_cache *oc = NULL; 4156 4157 oc = lookup_option (&dhcp_universe, packet->options, 4158 DHO_DHCP_CLIENT_IDENTIFIER); 4159 if (oc) { 4160 /* Let's check if client-identifier is sane */ 4161 if (oc->data.len == 0) { 4162 log_debug("Dropped DHCPv4 packet with zero-length client-id"); 4163 return (0); 4164 4165 } else if (oc->data.len == 1) { 4166 /* 4167 * RFC2132, section 9.14 states that minimum length of client-id 4168 * is 2. We will allow single-character client-ids for now (for 4169 * backwards compatibility), but warn the user that support for 4170 * this is against the standard. 4171 */ 4172 log_debug("Accepted DHCPv4 packet with one-character client-id - " 4173 "a future version of ISC DHCP will reject this"); 4174 } 4175 } else { 4176 /* 4177 * If hlen is 0 we don't have any identifier, we warn the user 4178 * but continue processing the packet as we can. 4179 */ 4180 if (packet->raw->hlen == 0) { 4181 log_debug("Received DHCPv4 packet without client-id" 4182 " option and empty hlen field."); 4183 } 4184 } 4185 4186 /* @todo: Add checks for other received options */ 4187 4188 return (1); 4189 } 4190