From 3161ff3d9da75d70fa3dcc0da0a462f8d95ffd61 Mon Sep 17 00:00:00 2001 From: David Cantrell Date: Jan 06 2009 23:50:29 +0000 Subject: - Upgraded to ISC dhcp-4.1.0 - Had to rename the -T option to -timeout as ISC is now using -T - Allow package rebuilders to easily enable DHCPv6 support with: rpmbuild --with DHCPv6 dhcp.spec Note that Fedora is still using the 'dhcpv6' package, but some users may want to experiment with the ISC DHCPv6 implementation locally. --- diff --git a/.cvsignore b/.cvsignore index d5917f3..867f1ae 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -dhcp-4.0.0.tar.gz +dhcp-4.1.0.tar.gz diff --git a/dhcp-4.0.0-CLOEXEC.patch b/dhcp-4.0.0-CLOEXEC.patch deleted file mode 100644 index 5a7bc69..0000000 --- a/dhcp-4.0.0-CLOEXEC.patch +++ /dev/null @@ -1,455 +0,0 @@ -diff -up dhcp-4.0.0/client/clparse.c.cloexec dhcp-4.0.0/client/clparse.c ---- dhcp-4.0.0/client/clparse.c.cloexec 2008-10-29 12:59:29.000000000 -1000 -+++ dhcp-4.0.0/client/clparse.c 2008-10-29 13:11:34.000000000 -1000 -@@ -221,7 +221,7 @@ int read_client_conf_file (const char *n - int token; - isc_result_t status; - -- if ((file = open (name, O_RDONLY)) < 0) -+ if ((file = open (name, O_RDONLY | O_CLOEXEC)) < 0) - return uerr2isc (errno); - - cfile = (struct parse *)0; -@@ -258,7 +258,7 @@ void read_client_leases () - - /* Open the lease file. If we can't open it, just return - - we can safely trust the server to remember our state. */ -- if ((file = open (path_dhclient_db, O_RDONLY)) < 0) -+ if ((file = open (path_dhclient_db, O_RDONLY | O_CLOEXEC)) < 0) - return; - cfile = (struct parse *)0; - /* new_parse() may fail if the file is of zero length. */ -diff -up dhcp-4.0.0/client/dhclient.c.cloexec dhcp-4.0.0/client/dhclient.c ---- dhcp-4.0.0/client/dhclient.c.cloexec 2008-10-29 12:59:29.000000000 -1000 -+++ dhcp-4.0.0/client/dhclient.c 2008-10-29 13:26:16.000000000 -1000 -@@ -125,11 +125,11 @@ main(int argc, char **argv) { - /* Make sure that file descriptors 0 (stdin), 1, (stdout), and - 2 (stderr) are open. To do this, we assume that when we - open a file the lowest available file descriptor is used. */ -- fd = open("/dev/null", O_RDWR); -+ fd = open("/dev/null", O_RDWR | O_CLOEXEC); - if (fd == 0) -- fd = open("/dev/null", O_RDWR); -+ fd = open("/dev/null", O_RDWR | O_CLOEXEC); - if (fd == 1) -- fd = open("/dev/null", O_RDWR); -+ fd = open("/dev/null", O_RDWR | O_CLOEXEC); - if (fd == 2) - log_perror = 0; /* No sense logging to /dev/null. */ - else if (fd != -1) -@@ -403,7 +403,7 @@ main(int argc, char **argv) { - int e; - - oldpid = 0; -- if ((pidfd = fopen(path_dhclient_pid, "r")) != NULL) { -+ if ((pidfd = fopen(path_dhclient_pid, "re")) != NULL) { - e = fscanf(pidfd, "%ld\n", &temp); - oldpid = (pid_t)temp; - -@@ -445,7 +445,7 @@ main(int argc, char **argv) { - strncpy(new_path_dhclient_pid, path_dhclient_pid, pfx); - sprintf(new_path_dhclient_pid + pfx, "-%s.pid", ip->name); - -- if ((pidfd = fopen(new_path_dhclient_pid, "r")) != NULL) { -+ if ((pidfd = fopen(new_path_dhclient_pid, "re")) != NULL) { - e = fscanf(pidfd, "%ld\n", &temp); - oldpid = (pid_t)temp; - -@@ -470,7 +470,7 @@ main(int argc, char **argv) { - int dhc_running = 0; - char procfn[256] = ""; - -- if ((pidfp = fopen(path_dhclient_pid, "r")) != NULL) { -+ if ((pidfp = fopen(path_dhclient_pid, "re")) != NULL) { - if ((fscanf(pidfp, "%ld", &temp)==1) && ((dhcpid=(pid_t)temp) > 0)) { - snprintf(procfn,256,"/proc/%u",dhcpid); - dhc_running = (access(procfn, F_OK) == 0); -@@ -2702,7 +2702,7 @@ void rewrite_client_leases () - - if (leaseFile != NULL) - fclose (leaseFile); -- leaseFile = fopen (path_dhclient_db, "w"); -+ leaseFile = fopen (path_dhclient_db, "we"); - if (leaseFile == NULL) { - log_error ("can't create %s: %m", path_dhclient_db); - return; -@@ -2806,7 +2806,7 @@ write_duid(struct data_string *duid) - return ISC_R_INVALIDARG; - - if (leaseFile == NULL) { /* XXX? */ -- leaseFile = fopen(path_dhclient_db, "w"); -+ leaseFile = fopen(path_dhclient_db, "we"); - if (leaseFile == NULL) { - log_error("can't create %s: %m", path_dhclient_db); - return ISC_R_IOERROR; -@@ -2853,7 +2853,7 @@ write_client6_lease(struct client_state - return ISC_R_INVALIDARG; - - if (leaseFile == NULL) { /* XXX? */ -- leaseFile = fopen(path_dhclient_db, "w"); -+ leaseFile = fopen(path_dhclient_db, "we"); - if (leaseFile == NULL) { - log_error("can't create %s: %m", path_dhclient_db); - return ISC_R_IOERROR; -@@ -2956,7 +2956,7 @@ int write_client_lease (client, lease, r - return 1; - - if (leaseFile == NULL) { /* XXX */ -- leaseFile = fopen (path_dhclient_db, "w"); -+ leaseFile = fopen (path_dhclient_db, "we"); - if (leaseFile == NULL) { - log_error ("can't create %s: %m", path_dhclient_db); - return 0; -@@ -3402,9 +3402,9 @@ void go_daemon () - close(2); - - /* Reopen them on /dev/null. */ -- open("/dev/null", O_RDWR); -- open("/dev/null", O_RDWR); -- open("/dev/null", O_RDWR); -+ open("/dev/null", O_RDWR | O_CLOEXEC); -+ open("/dev/null", O_RDWR | O_CLOEXEC); -+ open("/dev/null", O_RDWR | O_CLOEXEC); - - write_client_pid_file (); - -@@ -3416,14 +3416,14 @@ void write_client_pid_file () - FILE *pf; - int pfdesc; - -- pfdesc = open (path_dhclient_pid, O_CREAT | O_TRUNC | O_WRONLY, 0644); -+ pfdesc = open (path_dhclient_pid, O_CREAT | O_TRUNC | O_WRONLY | O_CLOEXEC, 0644); - - if (pfdesc < 0) { - log_error ("Can't create %s: %m", path_dhclient_pid); - return; - } - -- pf = fdopen (pfdesc, "w"); -+ pf = fdopen (pfdesc, "we"); - if (!pf) - log_error ("Can't fdopen %s: %m", path_dhclient_pid); - else { -diff -up dhcp-4.0.0/common/bpf.c.cloexec dhcp-4.0.0/common/bpf.c ---- dhcp-4.0.0/common/bpf.c.cloexec 2008-10-29 12:59:29.000000000 -1000 -+++ dhcp-4.0.0/common/bpf.c 2008-10-29 13:03:48.000000000 -1000 -@@ -94,7 +94,7 @@ int if_register_bpf (info) - for (b = 0; 1; b++) { - /* %Audit% 31 bytes max. %2004.06.17,Safe% */ - sprintf(filename, BPF_FORMAT, b); -- sock = open (filename, O_RDWR, 0); -+ sock = open (filename, O_RDWR | O_CLOEXEC, 0); - if (sock < 0) { - if (errno == EBUSY) { - continue; -diff -up dhcp-4.0.0/common/discover.c.cloexec dhcp-4.0.0/common/discover.c ---- dhcp-4.0.0/common/discover.c.cloexec 2007-10-05 12:29:51.000000000 -1000 -+++ dhcp-4.0.0/common/discover.c 2008-10-29 13:04:07.000000000 -1000 -@@ -388,7 +388,7 @@ begin_iface_scan(struct iface_conf_list - int len; - int i; - -- ifaces->fp = fopen("/proc/net/dev", "r"); -+ ifaces->fp = fopen("/proc/net/dev", "re"); - if (ifaces->fp == NULL) { - log_error("Error opening '/proc/net/dev' to list interfaces"); - return 0; -@@ -422,7 +422,7 @@ begin_iface_scan(struct iface_conf_list - } - - #ifdef DHCPv6 -- ifaces->fp6 = fopen("/proc/net/if_inet6", "r"); -+ ifaces->fp6 = fopen("/proc/net/if_inet6", "re"); - if (ifaces->fp6 == NULL) { - log_error("Error opening '/proc/net/if_inet6' to " - "list IPv6 interfaces; %m"); -diff -up dhcp-4.0.0/common/dlpi.c.cloexec dhcp-4.0.0/common/dlpi.c ---- dhcp-4.0.0/common/dlpi.c.cloexec 2008-10-29 12:59:29.000000000 -1000 -+++ dhcp-4.0.0/common/dlpi.c 2008-10-29 13:04:35.000000000 -1000 -@@ -795,7 +795,7 @@ dlpiopen(const char *ifname) { - } - *dp = '\0'; - -- return open (devname, O_RDWR, 0); -+ return open (devname, O_RDWR | O_CLOEXEC, 0); - } - - /* -diff -up dhcp-4.0.0/common/nit.c.cloexec dhcp-4.0.0/common/nit.c ---- dhcp-4.0.0/common/nit.c.cloexec 2008-10-29 12:59:29.000000000 -1000 -+++ dhcp-4.0.0/common/nit.c 2008-10-29 13:04:53.000000000 -1000 -@@ -81,7 +81,7 @@ int if_register_nit (info) - struct strioctl sio; - - /* Open a NIT device */ -- sock = open ("/dev/nit", O_RDWR); -+ sock = open ("/dev/nit", O_RDWR | O_CLOEXEC); - if (sock < 0) - log_fatal ("Can't open NIT device for %s: %m", info -> name); - -diff -up dhcp-4.0.0/common/resolv.c.cloexec dhcp-4.0.0/common/resolv.c ---- dhcp-4.0.0/common/resolv.c.cloexec 2007-11-30 11:51:43.000000000 -1000 -+++ dhcp-4.0.0/common/resolv.c 2008-10-29 13:05:08.000000000 -1000 -@@ -48,7 +48,7 @@ void read_resolv_conf (parse_time) - struct name_server *sp, *sl, *ns; - struct domain_search_list *dp, *dl, *nd; - -- if ((file = open (path_resolv_conf, O_RDONLY)) < 0) { -+ if ((file = open (path_resolv_conf, O_RDONLY | O_CLOEXEC)) < 0) { - log_error ("Can't open %s: %m", path_resolv_conf); - return; - } -diff -up dhcp-4.0.0/common/upf.c.cloexec dhcp-4.0.0/common/upf.c ---- dhcp-4.0.0/common/upf.c.cloexec 2008-10-29 12:59:29.000000000 -1000 -+++ dhcp-4.0.0/common/upf.c 2008-10-29 13:05:27.000000000 -1000 -@@ -77,7 +77,7 @@ int if_register_upf (info) - /* %Audit% Cannot exceed 36 bytes. %2004.06.17,Safe% */ - sprintf(filename, "/dev/pf/pfilt%d", b); - -- sock = open (filename, O_RDWR, 0); -+ sock = open (filename, O_RDWR | O_CLOEXEC, 0); - if (sock < 0) { - if (errno == EBUSY) { - continue; -diff -up dhcp-4.0.0/dst/dst_api.c.cloexec dhcp-4.0.0/dst/dst_api.c ---- dhcp-4.0.0/dst/dst_api.c.cloexec 2007-11-30 11:51:43.000000000 -1000 -+++ dhcp-4.0.0/dst/dst_api.c 2008-10-29 13:06:22.000000000 -1000 -@@ -436,7 +436,7 @@ dst_s_write_private_key(const DST_KEY *k - PRIVATE_KEY, PATH_MAX); - - /* Do not overwrite an existing file */ -- if ((fp = dst_s_fopen(file, "w", 0600)) != NULL) { -+ if ((fp = dst_s_fopen(file, "we", 0600)) != NULL) { - int nn; - if ((nn = fwrite(encoded_block, 1, len, fp)) != len) { - EREPORT(("dst_write_private_key(): Write failure on %s %d != %d errno=%d\n", -@@ -493,7 +493,7 @@ dst_s_read_public_key(const char *in_nam - * flags, proto, alg stored as decimal (or hex numbers FIXME). - * (FIXME: handle parentheses for line continuation.) - */ -- if ((fp = dst_s_fopen(name, "r", 0)) == NULL) { -+ if ((fp = dst_s_fopen(name, "re", 0)) == NULL) { - EREPORT(("dst_read_public_key(): Public Key not found %s\n", - name)); - return (NULL); -@@ -615,7 +615,7 @@ dst_s_write_public_key(const DST_KEY *ke - return (0); - } - /* create public key file */ -- if ((fp = dst_s_fopen(filename, "w+", 0644)) == NULL) { -+ if ((fp = dst_s_fopen(filename, "w+e", 0644)) == NULL) { - EREPORT(("DST_write_public_key: open of file:%s failed (errno=%d)\n", - filename, errno)); - return (0); -@@ -849,7 +849,7 @@ dst_s_read_private_key_file(char *name, - return (0); - } - /* first check if we can find the key file */ -- if ((fp = dst_s_fopen(filename, "r", 0)) == NULL) { -+ if ((fp = dst_s_fopen(filename, "re", 0)) == NULL) { - EREPORT(("dst_s_read_private_key_file: Could not open file %s in directory %s\n", - filename, dst_path[0] ? dst_path : - (char *) getcwd(NULL, PATH_MAX - 1))); -diff -up dhcp-4.0.0/dst/prandom.c.cloexec dhcp-4.0.0/dst/prandom.c ---- dhcp-4.0.0/dst/prandom.c.cloexec 2007-11-30 11:51:43.000000000 -1000 -+++ dhcp-4.0.0/dst/prandom.c 2008-10-29 13:06:50.000000000 -1000 -@@ -267,7 +267,7 @@ get_dev_random(u_char *output, unsigned - - s = stat("/dev/random", &st); - if (s == 0 && S_ISCHR(st.st_mode)) { -- if ((fd = open("/dev/random", O_RDONLY | O_NONBLOCK)) != -1) { -+ if ((fd = open("/dev/random", O_RDONLY | O_NONBLOCK | O_CLOEXEC)) != -1) { - if ((n = read(fd, output, size)) < 0) - n = 0; - close(fd); -@@ -478,7 +478,7 @@ digest_file(dst_work *work) - work->file_digest = dst_free_key(work->file_digest); - return (0); - } -- if ((fp = fopen(name, "r")) == NULL) -+ if ((fp = fopen(name, "re")) == NULL) - return (0); - for (no = 0; (i = fread(buf, sizeof(*buf), sizeof(buf), fp)) > 0; - no += i) -diff -up dhcp-4.0.0/minires/res_init.c.cloexec dhcp-4.0.0/minires/res_init.c ---- dhcp-4.0.0/minires/res_init.c.cloexec 2007-10-01 04:47:35.000000000 -1000 -+++ dhcp-4.0.0/minires/res_init.c 2008-10-29 13:07:12.000000000 -1000 -@@ -234,7 +234,7 @@ minires_vinit(res_state statp, int prein - (line[sizeof(name) - 1] == ' ' || \ - line[sizeof(name) - 1] == '\t')) - -- if ((fp = fopen(_PATH_RESCONF, "r")) != NULL) { -+ if ((fp = fopen(_PATH_RESCONF, "re")) != NULL) { - /* read the config file */ - while (fgets(buf, sizeof(buf), fp) != NULL) { - /* skip comments */ -diff -up dhcp-4.0.0/minires/res_query.c.cloexec dhcp-4.0.0/minires/res_query.c ---- dhcp-4.0.0/minires/res_query.c.cloexec 2007-09-05 07:32:10.000000000 -1000 -+++ dhcp-4.0.0/minires/res_query.c 2008-10-29 13:07:30.000000000 -1000 -@@ -391,7 +391,7 @@ res_hostalias(const res_state statp, con - if (statp->options & RES_NOALIASES) - return (NULL); - file = getenv("HOSTALIASES"); -- if (file == NULL || (fp = fopen(file, "r")) == NULL) -+ if (file == NULL || (fp = fopen(file, "re")) == NULL) - return (NULL); - setbuf(fp, NULL); - buf[sizeof(buf) - 1] = '\0'; -diff -up dhcp-4.0.0/omapip/trace.c.cloexec dhcp-4.0.0/omapip/trace.c ---- dhcp-4.0.0/omapip/trace.c.cloexec 2007-07-12 20:43:42.000000000 -1000 -+++ dhcp-4.0.0/omapip/trace.c 2008-10-29 13:08:04.000000000 -1000 -@@ -140,10 +140,10 @@ isc_result_t trace_begin (const char *fi - return ISC_R_INVALIDARG; - } - -- traceoutfile = open (filename, O_CREAT | O_WRONLY | O_EXCL, 0600); -+ traceoutfile = open (filename, O_CREAT | O_WRONLY | O_EXCL | O_CLOEXEC, 0600); - if (traceoutfile < 0 && errno == EEXIST) { - log_error ("WARNING: Overwriting trace file \"%s\"", filename); -- traceoutfile = open (filename, O_WRONLY | O_EXCL, 0600); -+ traceoutfile = open (filename, O_WRONLY | O_EXCL | O_CLOEXEC, 0600); - } - - if (traceoutfile < 0) { -@@ -429,7 +429,7 @@ void trace_file_replay (const char *file - isc_result_t result; - int len; - -- traceinfile = fopen (filename, "r"); -+ traceinfile = fopen (filename, "re"); - if (!traceinfile) { - log_error ("Can't open tracefile %s: %m", filename); - return; -diff -up dhcp-4.0.0/relay/dhcrelay.c.cloexec dhcp-4.0.0/relay/dhcrelay.c ---- dhcp-4.0.0/relay/dhcrelay.c.cloexec 2007-11-30 11:51:43.000000000 -1000 -+++ dhcp-4.0.0/relay/dhcrelay.c 2008-10-29 13:08:49.000000000 -1000 -@@ -112,11 +112,11 @@ main(int argc, char **argv) { - /* Make sure that file descriptors 0 (stdin), 1, (stdout), and - 2 (stderr) are open. To do this, we assume that when we - open a file the lowest available file descriptor is used. */ -- fd = open("/dev/null", O_RDWR); -+ fd = open("/dev/null", O_RDWR | O_CLOEXEC); - if (fd == 0) -- fd = open("/dev/null", O_RDWR); -+ fd = open("/dev/null", O_RDWR | O_CLOEXEC); - if (fd == 1) -- fd = open("/dev/null", O_RDWR); -+ fd = open("/dev/null", O_RDWR | O_CLOEXEC); - if (fd == 2) - log_perror = 0; /* No sense logging to /dev/null. */ - else if (fd != -1) -@@ -288,12 +288,12 @@ main(int argc, char **argv) { - exit (0); - - pfdesc = open (path_dhcrelay_pid, -- O_CREAT | O_TRUNC | O_WRONLY, 0644); -+ O_CREAT | O_TRUNC | O_WRONLY | O_CLOEXEC, 0644); - - if (pfdesc < 0) { - log_error ("Can't create %s: %m", path_dhcrelay_pid); - } else { -- pf = fdopen (pfdesc, "w"); -+ pf = fdopen (pfdesc, "we"); - if (!pf) - log_error ("Can't fdopen %s: %m", - path_dhcrelay_pid); -diff -up dhcp-4.0.0/server/confpars.c.cloexec dhcp-4.0.0/server/confpars.c ---- dhcp-4.0.0/server/confpars.c.cloexec 2008-10-29 12:59:28.000000000 -1000 -+++ dhcp-4.0.0/server/confpars.c 2008-10-29 13:09:17.000000000 -1000 -@@ -115,7 +115,7 @@ isc_result_t read_conf_file (const char - } - #endif - -- if ((file = open (filename, O_RDONLY)) < 0) { -+ if ((file = open (filename, O_RDONLY | O_CLOEXEC)) < 0) { - if (leasep) { - log_error ("Can't open lease database %s: %m --", - path_dhcpd_db); -diff -up dhcp-4.0.0/server/db.c.cloexec dhcp-4.0.0/server/db.c ---- dhcp-4.0.0/server/db.c.cloexec 2007-10-05 12:29:51.000000000 -1000 -+++ dhcp-4.0.0/server/db.c 2008-10-29 13:09:39.000000000 -1000 -@@ -974,7 +974,7 @@ void db_startup (testp) - } - #endif - if (!testp) { -- db_file = fopen (path_dhcpd_db, "a"); -+ db_file = fopen (path_dhcpd_db, "ae"); - if (!db_file) - log_fatal ("Can't open %s for append.", path_dhcpd_db); - expire_all_pools (); -@@ -1022,12 +1022,12 @@ int new_lease_file () - path_dhcpd_db, (int)t) >= sizeof newfname) - log_fatal("new_lease_file: lease file path too long"); - -- db_fd = open (newfname, O_WRONLY | O_TRUNC | O_CREAT, 0664); -+ db_fd = open (newfname, O_WRONLY | O_TRUNC | O_CREAT | O_CLOEXEC, 0664); - if (db_fd < 0) { - log_error ("Can't create new lease file: %m"); - return 0; - } -- if ((new_db_file = fdopen(db_fd, "w")) == NULL) { -+ if ((new_db_file = fdopen(db_fd, "we")) == NULL) { - log_error("Can't fdopen new lease file: %m"); - close(db_fd); - goto fdfail; -diff -up dhcp-4.0.0/server/dhcpd.c.cloexec dhcp-4.0.0/server/dhcpd.c ---- dhcp-4.0.0/server/dhcpd.c.cloexec 2008-10-29 12:59:28.000000000 -1000 -+++ dhcp-4.0.0/server/dhcpd.c 2008-10-29 13:10:42.000000000 -1000 -@@ -225,11 +225,11 @@ main(int argc, char **argv) { - /* Make sure that file descriptors 0 (stdin), 1, (stdout), and - 2 (stderr) are open. To do this, we assume that when we - open a file the lowest available file descriptor is used. */ -- fd = open("/dev/null", O_RDWR); -+ fd = open("/dev/null", O_RDWR | O_CLOEXEC); - if (fd == 0) -- fd = open("/dev/null", O_RDWR); -+ fd = open("/dev/null", O_RDWR | O_CLOEXEC); - if (fd == 1) -- fd = open("/dev/null", O_RDWR); -+ fd = open("/dev/null", O_RDWR | O_CLOEXEC); - if (fd == 2) - log_perror = 0; /* No sense logging to /dev/null. */ - else if (fd != -1) -@@ -658,7 +658,7 @@ main(int argc, char **argv) { - } - - /* Read previous pid file. */ -- if ((i = open (path_dhcpd_pid, O_RDONLY)) >= 0) { -+ if ((i = open (path_dhcpd_pid, O_RDONLY | O_CLOEXEC)) >= 0) { - status = read(i, pbuf, (sizeof pbuf) - 1); - close (i); - if (status > 0) { -@@ -676,7 +676,7 @@ main(int argc, char **argv) { - } - - /* Write new pid file. */ -- if ((i = open(path_dhcpd_pid, O_WRONLY|O_CREAT|O_TRUNC, 0644)) >= 0) { -+ if ((i = open(path_dhcpd_pid, O_WRONLY|O_CREAT|O_TRUNC|O_CLOEXEC, 0644)) >= 0) { - sprintf(pbuf, "%d\n", (int) getpid()); - write(i, pbuf, strlen(pbuf)); - close(i); -@@ -702,9 +702,9 @@ main(int argc, char **argv) { - close(2); - - /* Reopen them on /dev/null. */ -- open("/dev/null", O_RDWR); -- open("/dev/null", O_RDWR); -- open("/dev/null", O_RDWR); -+ open("/dev/null", O_RDWR | O_CLOEXEC); -+ open("/dev/null", O_RDWR | O_CLOEXEC); -+ open("/dev/null", O_RDWR | O_CLOEXEC); - log_perror = 0; /* No sense logging to /dev/null. */ - - chdir("/"); -diff -up dhcp-4.0.0/server/ldap.c.cloexec dhcp-4.0.0/server/ldap.c ---- dhcp-4.0.0/server/ldap.c.cloexec 2008-10-29 12:59:28.000000000 -1000 -+++ dhcp-4.0.0/server/ldap.c 2008-10-29 13:11:10.000000000 -1000 -@@ -685,7 +685,7 @@ ldap_start (void) - - if (ldap_debug_file != NULL && ldap_debug_fd == -1) - { -- if ((ldap_debug_fd = open (ldap_debug_file, O_CREAT | O_TRUNC | O_WRONLY, -+ if ((ldap_debug_fd = open (ldap_debug_file, O_CREAT | O_TRUNC | O_WRONLY | O_CLOEXEC, - S_IRUSR | S_IWUSR)) < 0) - log_error ("Error opening debug LDAP log file %s: %s", ldap_debug_file, - strerror (errno)); diff --git a/dhcp-4.0.0-NetworkManager-crash.patch b/dhcp-4.0.0-NetworkManager-crash.patch deleted file mode 100644 index aecb844..0000000 --- a/dhcp-4.0.0-NetworkManager-crash.patch +++ /dev/null @@ -1,12 +0,0 @@ ---- dhcp-4.0.0//client/clparse.c.nmcrash 2008-04-01 10:25:39.000000000 -1000 -+++ dhcp-4.0.0//client/clparse.c 2008-04-01 10:26:20.000000000 -1000 -@@ -227,6 +227,9 @@ int read_client_conf_file (const char *n - cfile = (struct parse *)0; - new_parse (&cfile, file, (char *)0, 0, path_dhclient_conf, 0); - -+ if (!cfile) -+ return ISC_R_BADPARSE; -+ - do { - token = peek_token (&val, (unsigned *)0, cfile); - if (token == END_OF_FILE) diff --git a/dhcp-4.0.0-default-requested-options.patch b/dhcp-4.0.0-default-requested-options.patch deleted file mode 100644 index 444258f..0000000 --- a/dhcp-4.0.0-default-requested-options.patch +++ /dev/null @@ -1,34 +0,0 @@ -diff -up dhcp-4.0.0/client/clparse.c.dho dhcp-4.0.0/client/clparse.c ---- dhcp-4.0.0/client/clparse.c.dho 2007-12-29 06:32:16.000000000 -1000 -+++ dhcp-4.0.0/client/clparse.c 2007-12-29 06:35:41.000000000 -1000 -@@ -37,7 +37,7 @@ - - struct client_config top_level_config; - --#define NUM_DEFAULT_REQUESTED_OPTS 9 -+#define NUM_DEFAULT_REQUESTED_OPTS 12 - struct option *default_requested_options[NUM_DEFAULT_REQUESTED_OPTS + 1]; - - static void parse_client_default_duid(struct parse *cfile); -@@ -107,6 +107,21 @@ isc_result_t read_client_conf () - option_code_hash_lookup(&default_requested_options[8], - dhcpv6_universe.code_hash, &code, 0, MDL); - -+ /* 10 */ -+ code = DHO_NIS_DOMAIN; -+ option_code_hash_lookup(&default_requested_options[9], -+ dhcp_universe.code_hash, &code, 0, MDL); -+ -+ /* 11 */ -+ code = DHO_NIS_SERVERS; -+ option_code_hash_lookup(&default_requested_options[10], -+ dhcp_universe.code_hash, &code, 0, MDL); -+ -+ /* 12 */ -+ code = DHO_NTP_SERVERS; -+ option_code_hash_lookup(&default_requested_options[11], -+ dhcp_universe.code_hash, &code, 0, MDL); -+ - for (code = 0 ; code < NUM_DEFAULT_REQUESTED_OPTS ; code++) { - if (default_requested_options[code] == NULL) - log_fatal("Unable to find option definition for " diff --git a/dhcp-4.0.0-dhclient-anycast.patch b/dhcp-4.0.0-dhclient-anycast.patch deleted file mode 100644 index 508f0aa..0000000 --- a/dhcp-4.0.0-dhclient-anycast.patch +++ /dev/null @@ -1,70 +0,0 @@ -diff -up dhcp-4.0.0/common/lpf.c.anycast dhcp-4.0.0/common/lpf.c ---- dhcp-4.0.0/common/lpf.c.anycast 2007-12-29 06:44:46.000000000 -1000 -+++ dhcp-4.0.0/common/lpf.c 2007-12-29 10:40:11.000000000 -1000 -@@ -331,6 +331,9 @@ ssize_t send_packet (interface, packet, - return send_fallback (interface, packet, raw, - len, from, to, hto); - -+ if (hto == NULL && interface->anycast_mac_addr.hlen) -+ hto = &interface->anycast_mac_addr; -+ - /* Assemble the headers... */ - assemble_hw_header (interface, (unsigned char *)hh, &hbufp, hto); - fudge = hbufp % 4; /* IP header must be word-aligned. */ -diff -up dhcp-4.0.0/common/conflex.c.anycast dhcp-4.0.0/common/conflex.c ---- dhcp-4.0.0/common/conflex.c.anycast 2007-12-29 06:44:46.000000000 -1000 -+++ dhcp-4.0.0/common/conflex.c 2007-12-29 10:39:30.000000000 -1000 -@@ -715,6 +715,8 @@ intern(char *atom, enum dhcp_token dfv) - } - if (!strcasecmp (atom + 1, "nd")) - return AND; -+ if (!strcasecmp (atom + 1, "nycast-mac")) -+ return ANYCAST_MAC; - if (!strcasecmp (atom + 1, "ppend")) - return APPEND; - if (!strcasecmp (atom + 1, "llow")) -diff -up dhcp-4.0.0/includes/dhcpd.h.anycast dhcp-4.0.0/includes/dhcpd.h ---- dhcp-4.0.0/includes/dhcpd.h.anycast 2007-12-29 06:44:46.000000000 -1000 -+++ dhcp-4.0.0/includes/dhcpd.h 2007-12-29 10:42:56.000000000 -1000 -@@ -1188,6 +1188,7 @@ struct interface_info { - int dlpi_sap_length; - struct hardware dlpi_broadcast_addr; - # endif /* DLPI_SEND || DLPI_RECEIVE */ -+ struct hardware anycast_mac_addr; - }; - - struct hardware_link { -diff -up dhcp-4.0.0/includes/dhctoken.h.anycast dhcp-4.0.0/includes/dhctoken.h ---- dhcp-4.0.0/includes/dhctoken.h.anycast 2007-12-29 06:44:46.000000000 -1000 -+++ dhcp-4.0.0/includes/dhctoken.h 2007-12-29 10:44:00.000000000 -1000 -@@ -346,7 +346,8 @@ enum dhcp_token { - WHITESPACE = 649, - TOKEN_ALSO = 650, - AFTER = 651, -- BOOTP_BROADCAST_ALWAYS = 652 -+ BOOTP_BROADCAST_ALWAYS = 652, -+ ANYCAST_MAC = 653 - }; - - #define is_identifier(x) ((x) >= FIRST_TOKEN && \ -diff -up dhcp-4.0.0/client/clparse.c.anycast dhcp-4.0.0/client/clparse.c ---- dhcp-4.0.0/client/clparse.c.anycast 2007-12-29 06:44:46.000000000 -1000 -+++ dhcp-4.0.0/client/clparse.c 2007-12-29 10:38:55.000000000 -1000 -@@ -550,6 +550,17 @@ void parse_client_statement (cfile, ip, - } - return; - -+ case ANYCAST_MAC: -+ token = next_token (&val, (unsigned *)0, cfile); -+ if (ip) { -+ parse_hardware_param (cfile, &ip -> anycast_mac_addr); -+ } else { -+ parse_warn (cfile, "anycast mac address parameter %s", -+ "not allowed here."); -+ skip_to_semi (cfile); -+ } -+ return; -+ - case REQUEST: - token = next_token (&val, (unsigned *)0, cfile); - if (config -> requested_options == default_requested_options) diff --git a/dhcp-4.0.0-dhclient-decline-backoff.patch b/dhcp-4.0.0-dhclient-decline-backoff.patch deleted file mode 100644 index 34b9a1f..0000000 --- a/dhcp-4.0.0-dhclient-decline-backoff.patch +++ /dev/null @@ -1,60 +0,0 @@ -diff -up dhcp-4.0.0//client/dhclient.c.backoff dhcp-4.0.0//client/dhclient.c ---- dhcp-4.0.0//client/dhclient.c.backoff 2008-08-01 10:09:17.000000000 -1000 -+++ dhcp-4.0.0//client/dhclient.c 2008-08-01 10:10:10.000000000 -1000 -@@ -1003,6 +1003,7 @@ void state_init (cpp) - void *cpp; - { - struct client_state *client = cpp; -+ enum dhcp_state init_state = client->state; - - ASSERT_STATE(state, S_INIT); - -@@ -1015,9 +1016,16 @@ void state_init (cpp) - client -> first_sending = cur_time; - client -> interval = client -> config -> initial_interval; - -- /* Add an immediate timeout to cause the first DHCPDISCOVER packet -- to go out. */ -- send_discover (client); -+ if (init_state != S_DECLINED) { -+ /* Add an immediate timeout to cause the first DHCPDISCOVER packet -+ to go out. */ -+ send_discover(client); -+ } else { -+ /* We've received an OFFER and it has been DECLINEd by dhclient-script. -+ * wait for a random time between 1 and backoff_cutoff seconds before -+ * trying again. */ -+ add_timeout(cur_time + ((1 + (random() >> 2)) % client->config->backoff_cutoff), send_discover, client, 0, 0); -+ } - } - - /* state_selecting is called when one or more DHCPOFFER packets have been -@@ -1284,6 +1292,7 @@ void bind_lease (client) - send_decline (client); - destroy_client_lease (client -> new); - client -> new = (struct client_lease *)0; -+ client -> state = S_DECLINED; - state_init (client); - return; - } -@@ -3439,6 +3448,7 @@ void client_location_changed () - case S_INIT: - case S_REBINDING: - case S_STOPPED: -+ case S_DECLINED: - break; - } - client -> state = S_INIT; -diff -up dhcp-4.0.0//includes/dhcpd.h.backoff dhcp-4.0.0//includes/dhcpd.h ---- dhcp-4.0.0//includes/dhcpd.h.backoff 2008-08-01 10:09:01.000000000 -1000 -+++ dhcp-4.0.0//includes/dhcpd.h 2008-08-01 10:10:10.000000000 -1000 -@@ -992,7 +992,8 @@ enum dhcp_state { - S_BOUND = 5, - S_RENEWING = 6, - S_REBINDING = 7, -- S_STOPPED = 8 -+ S_STOPPED = 8, -+ S_DECLINED = 9 - }; - - /* Authentication and BOOTP policy possibilities (not all values work diff --git a/dhcp-4.0.0-dhclient-usage.patch b/dhcp-4.0.0-dhclient-usage.patch deleted file mode 100644 index fd4c244..0000000 --- a/dhcp-4.0.0-dhclient-usage.patch +++ /dev/null @@ -1,43 +0,0 @@ -diff -up dhcp-4.0.0/client/dhclient.c.usage dhcp-4.0.0/client/dhclient.c ---- dhcp-4.0.0/client/dhclient.c.usage 2008-02-13 16:20:30.000000000 -1000 -+++ dhcp-4.0.0/client/dhclient.c 2008-02-13 16:21:05.000000000 -1000 -@@ -882,21 +882,30 @@ main(int argc, char **argv) { - - static void usage () - { -- log_info ("%s %s", message, PACKAGE_VERSION); -- log_info (copyright); -- log_info (arr); -- log_info (url); -+ printf ("%s %s\n", message, PACKAGE_VERSION); -+ printf (copyright); -+ printf ("\n"); -+ printf (arr); -+ printf ("\n"); -+ printf (url); -+ printf ("\n"); - -- log_error ("Usage: dhclient %s %s", -+ printf ("Usage: dhclient %s %s", - #ifdef DHCPv6 - "[-4|-6] [-1dvrx] [-nw] [-p ]", - #else /* DHCPv6 */ - "[-1dvrx] [-nw] [-p ]", - #endif /* DHCPv6 */ -- "[-s server]"); -- log_error (" [-cf config-file] [-lf lease-file]%s", -- "[-pf pid-file] [-e VAR=val]"); -- log_fatal (" [-sf script-file] [interface]"); -+ "[-s server]\n"); -+ printf (" [-cf config-file] [-lf lease-file]%s", -+ "[-pf pid-file] [-e VAR=val]\n"); -+ printf (" [ -I ] [-B]\n"); -+ printf (" [ -H | -F ] [ -T ]\n"); -+ printf (" [ -V ]\n"); -+ printf (" [ -R ]\n"); -+ printf (" [-sf script-file] [interface]\n"); -+ -+ exit (EXIT_FAILURE); - } - - isc_result_t find_class (struct class **c, diff --git a/dhcp-4.0.0-enable-timeout-functions.patch b/dhcp-4.0.0-enable-timeout-functions.patch deleted file mode 100644 index fb618a8..0000000 --- a/dhcp-4.0.0-enable-timeout-functions.patch +++ /dev/null @@ -1,16 +0,0 @@ -diff -up dhcp-4.0.0//common/dispatch.c.timeout dhcp-4.0.0//common/dispatch.c ---- dhcp-4.0.0//common/dispatch.c.timeout 2007-09-05 07:32:10.000000000 -1000 -+++ dhcp-4.0.0//common/dispatch.c 2008-08-01 10:11:35.000000000 -1000 -@@ -190,7 +190,6 @@ void cancel_timeout (where, what) - } - } - --#if defined (DEBUG_MEMORY_LEAKAGE_ON_EXIT) - void cancel_all_timeouts () - { - struct timeout *t, *n; -@@ -211,4 +210,3 @@ void relinquish_timeouts () - dfree (t, MDL); - } - } --#endif diff --git a/dhcp-4.0.0-errwarn-message.patch b/dhcp-4.0.0-errwarn-message.patch deleted file mode 100644 index 073eee8..0000000 --- a/dhcp-4.0.0-errwarn-message.patch +++ /dev/null @@ -1,30 +0,0 @@ -diff -up dhcp-4.0.0//omapip/errwarn.c.errwarn dhcp-4.0.0//omapip/errwarn.c ---- dhcp-4.0.0//omapip/errwarn.c.errwarn 2007-07-12 20:43:42.000000000 -1000 -+++ dhcp-4.0.0//omapip/errwarn.c 2008-08-01 10:06:05.000000000 -1000 -@@ -76,20 +76,13 @@ void log_fatal (const char * fmt, ... ) - - #if !defined (NOMINUM) - log_error ("%s", ""); -- log_error ("If you did not get this software from ftp.isc.org, please"); -- log_error ("get the latest from ftp.isc.org and install that before"); -- log_error ("requesting help."); -+ log_error ("This version of ISC DHCP is based on the release available"); -+ log_error ("on ftp.isc.org. Features have been added and other changes"); -+ log_error ("have been made to the base software release in order to make"); -+ log_error ("it work better with this distribution."); - log_error ("%s", ""); -- log_error ("If you did get this software from ftp.isc.org and have not"); -- log_error ("yet read the README, please read it before requesting help."); -- log_error ("If you intend to request help from the dhcp-server@isc.org"); -- log_error ("mailing list, please read the section on the README about"); -- log_error ("submitting bug reports and requests for help."); -- log_error ("%s", ""); -- log_error ("Please do not under any circumstances send requests for"); -- log_error ("help directly to the authors of this software - please"); -- log_error ("send them to the appropriate mailing list as described in"); -- log_error ("the README file."); -+ log_error ("Please report for this software via the Red Hat Bugzilla site:"); -+ log_error (" http://bugzilla.redhat.com"); - log_error ("%s", ""); - log_error ("exiting."); - #endif diff --git a/dhcp-4.0.0-failover-ports.patch b/dhcp-4.0.0-failover-ports.patch deleted file mode 100644 index 3b6ba00..0000000 --- a/dhcp-4.0.0-failover-ports.patch +++ /dev/null @@ -1,23 +0,0 @@ -diff -up dhcp-4.0.0//server/confpars.c.failover dhcp-4.0.0//server/confpars.c ---- dhcp-4.0.0//server/confpars.c.failover 2008-08-01 10:07:46.000000000 -1000 -+++ dhcp-4.0.0//server/confpars.c 2008-08-01 10:14:03.000000000 -1000 -@@ -1065,10 +1065,17 @@ void parse_failover_peer (cfile, group, - parse_warn (cfile, "peer address may not be omitted"); - - /* XXX - when/if we get a port number assigned, just set as default */ -+ /* See Red Hat Bugzilla 167292: -+ * we do now: dhcp-failover 647/tcp -+ * dhcp-failover 647/udp -+ * dhcp-failover 847/tcp -+ * dhcp-failover 847/udp -+ * IANA registration by Bernard Volz -+ */ - if (!peer -> me.port) -- parse_warn (cfile, "local port may not be omitted"); -+ peer -> me.port = 647; - if (!peer -> partner.port) -- parse_warn (cfile, "peer port may not be omitted"); -+ peer -> partner.port = 847; - - if (peer -> i_am == primary) { - if (!peer -> hba) { diff --git a/dhcp-4.0.0-fast-timeout.patch b/dhcp-4.0.0-fast-timeout.patch deleted file mode 100644 index 3085c55..0000000 --- a/dhcp-4.0.0-fast-timeout.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff -up dhcp-4.0.0//client/dhclient.c.fast_timeout dhcp-4.0.0//client/dhclient.c ---- dhcp-4.0.0//client/dhclient.c.fast_timeout 2008-08-01 10:10:10.000000000 -1000 -+++ dhcp-4.0.0//client/dhclient.c 2008-08-01 10:13:37.000000000 -1000 -@@ -3613,10 +3613,7 @@ isc_result_t dhclient_interface_startup_ - ip -> flags |= INTERFACE_RUNNING; - for (client = ip -> client; client; client = client -> next) { - client -> state = S_INIT; -- /* Set up a timeout to start the initialization -- process. */ -- add_timeout (cur_time + random () % 5, -- state_reboot, client, 0, 0); -+ add_timeout (cur_time, state_reboot, client, 0, 0); - } - } - return ISC_R_SUCCESS; diff --git a/dhcp-4.0.0-garbage-chars.patch b/dhcp-4.0.0-garbage-chars.patch deleted file mode 100644 index bdb0948..0000000 --- a/dhcp-4.0.0-garbage-chars.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up dhcp-4.0.0//common/tables.c.garbage dhcp-4.0.0//common/tables.c ---- dhcp-4.0.0//common/tables.c.garbage 2007-12-03 09:10:19.000000000 -1000 -+++ dhcp-4.0.0//common/tables.c 2008-08-05 14:59:08.000000000 -1000 -@@ -201,7 +201,7 @@ static struct option dhcp_options[] = { - { "netinfo-server-tag", "t", &dhcp_universe, 113, 1 }, - { "default-url", "t", &dhcp_universe, 114, 1 }, - { "subnet-selection", "I", &dhcp_universe, 118, 1 }, -- { "domain-search", "Dc", &dhcp_universe, 119, 1 }, -+ { "domain-search", "D", &dhcp_universe, 119, 1 }, - { "vivco", "Evendor-class.", &dhcp_universe, 124, 1 }, - { "vivso", "Evendor.", &dhcp_universe, 125, 1 }, - #if 0 diff --git a/dhcp-4.0.0-inherit-leases.patch b/dhcp-4.0.0-inherit-leases.patch deleted file mode 100644 index 642fdea..0000000 --- a/dhcp-4.0.0-inherit-leases.patch +++ /dev/null @@ -1,34 +0,0 @@ -diff -up dhcp-4.0.0/client/dhclient.c.inherit dhcp-4.0.0/client/dhclient.c ---- dhcp-4.0.0/client/dhclient.c.inherit 2008-08-01 11:34:29.000000000 -1000 -+++ dhcp-4.0.0/client/dhclient.c 2008-08-01 11:34:42.000000000 -1000 -@@ -2296,6 +2296,7 @@ void send_request (cpp) - { - struct client_state *client = cpp; - -+ int i; - int result; - int interval; - struct sockaddr_in destination; -@@ -2354,6 +2355,22 @@ void send_request (cpp) - /* Now do a preinit on the interface so that we can - discover a new address. */ - script_init (client, "PREINIT", (struct string_list *)0); -+ -+ /* Has an active lease */ -+ if (client -> interface -> addresses != NULL) { -+ for (i = 0; i < client -> interface -> address_count; i++) { -+ if (client -> active && -+ client -> active -> is_bootp && -+ client -> active -> expiry > cur_time && -+ client -> interface -> addresses[i].s_addr != 0 && -+ client -> active -> address.len == 4 && -+ memcpy (client -> active -> address.iabuf, &(client -> interface -> addresses[i]), 4) == 0) { -+ client_envadd (client, "", "keep_old_ip", "%s", "yes"); -+ break; -+ } -+ } -+ } -+ - if (client -> alias) - script_write_params (client, "alias_", - client -> alias); diff --git a/dhcp-4.0.0-invalid-dhclient-conf.patch b/dhcp-4.0.0-invalid-dhclient-conf.patch deleted file mode 100644 index 0501123..0000000 --- a/dhcp-4.0.0-invalid-dhclient-conf.patch +++ /dev/null @@ -1,16 +0,0 @@ -diff -up dhcp-4.0.0/client/dhclient.conf.invalid dhcp-4.0.0/client/dhclient.conf ---- dhcp-4.0.0/client/dhclient.conf.invalid 1997-06-02 12:50:44.000000000 -1000 -+++ dhcp-4.0.0/client/dhclient.conf 2008-10-23 10:01:58.000000000 -1000 -@@ -1,10 +1,10 @@ - send host-name "andare.fugue.com"; - send dhcp-client-identifier 1:0:a0:24:ab:fb:9c; - send dhcp-lease-time 3600; --supersede domain-name "fugue.com home.vix.com"; -+supersede domain-search "fugue.com home.vix.com"; - prepend domain-name-servers 127.0.0.1; - request subnet-mask, broadcast-address, time-offset, routers, -- domain-name, domain-name-servers, host-name; -+ domain-search, domain-name, domain-name-servers, host-name; - require subnet-mask, domain-name-servers; - timeout 60; - retry 60; diff --git a/dhcp-4.0.0-ldap-configuration.patch b/dhcp-4.0.0-ldap-configuration.patch deleted file mode 100644 index 3a7a1a7..0000000 --- a/dhcp-4.0.0-ldap-configuration.patch +++ /dev/null @@ -1,2684 +0,0 @@ -diff -up dhcp-4.0.0/server/Makefile.am.ldap dhcp-4.0.0/server/Makefile.am ---- dhcp-4.0.0/server/Makefile.am.ldap 2007-05-29 06:32:11.000000000 -1000 -+++ dhcp-4.0.0/server/Makefile.am 2008-02-06 14:34:44.000000000 -1000 -@@ -4,12 +4,10 @@ dist_sysconf_DATA = dhcpd.conf - sbin_PROGRAMS = dhcpd - dhcpd_SOURCES = dhcpd.c dhcp.c bootp.c confpars.c db.c class.c failover.c \ - omapi.c mdb.c stables.c salloc.c ddns.c dhcpleasequery.c \ -- dhcpv6.c mdb6.c -+ dhcpv6.c mdb6.c ldap.c ldap_casa.c - --# libomapi.a this is here twice to handle circular library dependencies :( --dhcpd_LDADD = ../common/libdhcp.a ../omapip/libomapi.a ../dst/libdst.a \ -- ../dhcpctl/libdhcpctl.a ../minires/libres.a \ -- ../omapip/libomapi.a -+dhcpd_LDADD = ../common/libdhcp.a ../omapip/libomapi.a ../minires/libres.a \ -+ ../dhcpctl/libdhcpctl.a ../dst/libdstnomd5.a -lldap - - man_MANS = dhcpd.8 dhcpd.conf.5 dhcpd.leases.5 - EXTRA_DIST = $(man_MANS) -diff -up dhcp-4.0.0/server/mdb.c.ldap dhcp-4.0.0/server/mdb.c ---- dhcp-4.0.0/server/mdb.c.ldap 2007-11-30 11:51:43.000000000 -1000 -+++ dhcp-4.0.0/server/mdb.c 2008-02-06 14:34:44.000000000 -1000 -@@ -600,6 +600,12 @@ int find_hosts_by_haddr (struct host_dec - const char *file, int line) - { - struct hardware h; -+ int ret; -+ -+#if defined(LDAP_CONFIGURATION) -+ if ((ret = find_haddr_in_ldap (hp, htype, hlen, haddr, file, line))) -+ return ret; -+#endif - - h.hlen = hlen + 1; - h.hbuf [0] = htype; -diff -up /dev/null dhcp-4.0.0/server/ldap_casa.c ---- /dev/null 2008-02-04 11:13:29.142014072 -1000 -+++ dhcp-4.0.0/server/ldap_casa.c 2008-02-06 14:34:44.000000000 -1000 -@@ -0,0 +1,138 @@ -+/* ldap_casa.c -+ -+ CASA routines for DHCPD... */ -+ -+/* Copyright (c) 2004 Internet Systems Consorium, Inc. ("ISC") -+ * Copyright (c) 1995-2003 Internet Software Consortium. -+ * Copyright (c) 2006 Novell, Inc. -+ -+ * All rights reserved. -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions are met: -+ * 1.Redistributions of source code must retain the above copyright notice, -+ * this list of conditions and the following disclaimer. -+ * 2.Redistributions in binary form must reproduce the above copyright notice, -+ * this list of conditions and the following disclaimer in the documentation -+ * and/or other materials provided with the distribution. -+ * 3.Neither the name of ISC, ISC DHCP, nor the names of its contributors -+ * may be used to endorse or promote products derived from this software -+ * without specific prior written permission. -+ -+ * THIS SOFTWARE IS PROVIDED BY INTERNET SYSTEMS CONSORTIUM AND CONTRIBUTORS -+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, -+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ISC OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN -+ * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -+ * POSSIBILITY OF SUCH DAMAGE. -+ -+ * This file was written by S Kalyanasundaram -+ */ -+ -+#if defined(LDAP_CASA_AUTH) -+#include "ldap_casa.h" -+#include "dhcpd.h" -+ -+int -+load_casa (void) -+{ -+ if( !(casaIDK = dlopen(MICASA_LIB,RTLD_LAZY))) -+ return 0; -+ p_miCASAGetCredential = (CASA_GetCredential_T) dlsym(casaIDK, "miCASAGetCredential"); -+ p_miCASASetCredential = (CASA_SetCredential_T) dlsym(casaIDK, "miCASASetCredential"); -+ p_miCASARemoveCredential = (CASA_RemoveCredential_T) dlsym(casaIDK, "miCASARemoveCredential"); -+ -+ if((p_miCASAGetCredential == NULL) || -+ (p_miCASASetCredential == NULL) || -+ (p_miCASARemoveCredential == NULL)) -+ { -+ if(casaIDK) -+ dlclose(casaIDK); -+ casaIDK = NULL; -+ p_miCASAGetCredential = NULL; -+ p_miCASASetCredential = NULL; -+ p_miCASARemoveCredential = NULL; -+ return 0; -+ } -+ else -+ return 1; -+} -+ -+static void -+release_casa(void) -+{ -+ if(casaIDK) -+ { -+ dlclose(casaIDK); -+ casaIDK = NULL; -+ } -+ -+ p_miCASAGetCredential = NULL; -+ p_miCASASetCredential = NULL; -+ p_miCASARemoveCredential = NULL; -+ -+} -+ -+int -+load_uname_pwd_from_miCASA (char **ldap_username, char **ldap_password) -+ { -+ int result = 0; -+ uint32_t credentialtype = SSCS_CRED_TYPE_SERVER_F; -+ SSCS_BASIC_CREDENTIAL credential; -+ SSCS_SECRET_ID_T applicationSecretId; -+ char *tempVar = NULL; -+ -+ const char applicationName[10] = "dhcp-ldap"; -+ -+ if ( load_casa() ) -+ { -+ memset(&credential, 0, sizeof(SSCS_BASIC_CREDENTIAL)); -+ memset(&applicationSecretId, 0, sizeof(SSCS_SECRET_ID_T)); -+ -+ applicationSecretId.len = strlen(applicationName) + 1; -+ memcpy (applicationSecretId.id, applicationName, applicationSecretId.len); -+ -+ credential.unFlags = USERNAME_TYPE_CN_F; -+ -+ result = p_miCASAGetCredential (0, -+ &applicationSecretId,NULL,&credentialtype, -+ &credential,NULL); -+ -+ if(credential.unLen) -+ { -+ tempVar = dmalloc (credential.unLen + 1, MDL); -+ if (!tempVar) -+ log_fatal ("no memory for ldap_username"); -+ memcpy(tempVar , credential.username, credential.unLen); -+ *ldap_username = tempVar; -+ -+ tempVar = dmalloc (credential.pwordLen + 1, MDL); -+ if (!tempVar) -+ log_fatal ("no memory for ldap_password"); -+ memcpy(tempVar, credential.password, credential.pwordLen); -+ *ldap_password = tempVar; -+ -+#if defined (DEBUG_LDAP) -+ log_info ("Authentication credential taken from CASA"); -+#endif -+ -+ release_casa(); -+ return 1; -+ -+ } -+ else -+ { -+ release_casa(); -+ return 0; -+ } -+ } -+ else -+ return 0; //casa libraries not loaded -+ } -+ -+#endif /* LDAP_CASA_AUTH */ -+ -diff -up dhcp-4.0.0/server/dhcpd.c.ldap dhcp-4.0.0/server/dhcpd.c ---- dhcp-4.0.0/server/dhcpd.c.ldap 2007-11-30 11:51:43.000000000 -1000 -+++ dhcp-4.0.0/server/dhcpd.c 2008-02-06 14:34:44.000000000 -1000 -@@ -505,6 +505,14 @@ main(int argc, char **argv) { - /* Add the ddns update style enumeration prior to parsing. */ - add_enumeration (&ddns_styles); - add_enumeration (&syslog_enum); -+#if defined (LDAP_CONFIGURATION) -+ add_enumeration (&ldap_methods); -+#if defined (USE_SSL) -+ add_enumeration (&ldap_ssl_usage_enum); -+ add_enumeration (&ldap_tls_reqcert_enum); -+ add_enumeration (&ldap_tls_crlcheck_enum); -+#endif -+#endif - - if (!group_allocate (&root_group, MDL)) - log_fatal ("Can't allocate root group!"); -diff -up /dev/null dhcp-4.0.0/server/ldap.c ---- /dev/null 2008-02-04 11:13:29.142014072 -1000 -+++ dhcp-4.0.0/server/ldap.c 2008-02-06 14:35:19.000000000 -1000 -@@ -0,0 +1,2004 @@ -+/* ldap.c -+ -+ Routines for reading the configuration from LDAP */ -+ -+/* -+ * Copyright (c) 2003-2006 Ntelos, Inc. -+ * All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. Neither the name of The Internet Software Consortium nor the names -+ * of its contributors may be used to endorse or promote products derived -+ * from this software without specific prior written permission. -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE INTERNET SOFTWARE CONSORTIUM AND -+ * CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, -+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -+ * DISCLAIMED. IN NO EVENT SHALL THE INTERNET SOFTWARE CONSORTIUM OR -+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF -+ * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND -+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, -+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT -+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * This LDAP module was written by Brian Masney . Its -+ * development was sponsored by Ntelos, Inc. (www.ntelos.com). -+ */ -+ -+#include "dhcpd.h" -+#include -+#include -+ -+#if defined(LDAP_CONFIGURATION) -+ -+#if defined(LDAP_CASA_AUTH) -+#include "ldap_casa.h" -+#endif -+ -+static LDAP * ld = NULL; -+static char *ldap_server = NULL, -+ *ldap_username = NULL, -+ *ldap_password = NULL, -+ *ldap_base_dn = NULL, -+ *ldap_dhcp_server_cn = NULL, -+ *ldap_debug_file = NULL; -+static int ldap_port = LDAP_PORT, -+ ldap_method = LDAP_METHOD_DYNAMIC, -+ ldap_referrals = -1, -+ ldap_debug_fd = -1; -+#if defined (USE_SSL) -+static int ldap_use_ssl = -1, /* try TLS if possible */ -+ ldap_tls_reqcert = -1, -+ ldap_tls_crlcheck = -1; -+static char *ldap_tls_ca_file = NULL, -+ *ldap_tls_ca_dir = NULL, -+ *ldap_tls_cert = NULL, -+ *ldap_tls_key = NULL, -+ *ldap_tls_ciphers = NULL, -+ *ldap_tls_randfile = NULL; -+#endif -+static struct ldap_config_stack *ldap_stack = NULL; -+ -+typedef struct ldap_dn_node { -+ struct ldap_dn_node *next; -+ size_t refs; -+ char *dn; -+} ldap_dn_node; -+ -+static ldap_dn_node *ldap_service_dn_head = NULL; -+static ldap_dn_node *ldap_service_dn_tail = NULL; -+ -+ -+static char * -+x_strncat(char *dst, const char *src, size_t dst_size) -+{ -+ size_t len = strlen(dst); -+ return strncat(dst, src, dst_size > len ? dst_size - len - 1: 0); -+} -+ -+static void -+ldap_parse_class (struct ldap_config_stack *item, struct parse *cfile) -+{ -+ struct berval **tempbv; -+ -+ if ((tempbv = ldap_get_values_len (ld, item->ldent, "cn")) == NULL || -+ tempbv[0] == NULL) -+ { -+ if (tempbv != NULL) -+ ldap_value_free_len (tempbv); -+ -+ return; -+ } -+ -+ x_strncat (cfile->inbuf, "class \"", LDAP_BUFFER_SIZE); -+ x_strncat (cfile->inbuf, tempbv[0]->bv_val, LDAP_BUFFER_SIZE); -+ x_strncat (cfile->inbuf, "\" {\n", LDAP_BUFFER_SIZE); -+ -+ item->close_brace = 1; -+ ldap_value_free_len (tempbv); -+} -+ -+ -+static void -+ldap_parse_subclass (struct ldap_config_stack *item, struct parse *cfile) -+{ -+ struct berval **tempbv, **classdata; -+ -+ if ((tempbv = ldap_get_values_len (ld, item->ldent, "cn")) == NULL || -+ tempbv[0] == NULL) -+ { -+ if (tempbv != NULL) -+ ldap_value_free_len (tempbv); -+ -+ return; -+ } -+ -+ if ((classdata = ldap_get_values_len (ld, item->ldent, -+ "dhcpClassData")) == NULL || -+ classdata[0] == NULL) -+ { -+ if (classdata != NULL) -+ ldap_value_free_len (classdata); -+ ldap_value_free_len (tempbv); -+ -+ return; -+ } -+ -+ x_strncat (cfile->inbuf, "subclass ", LDAP_BUFFER_SIZE); -+ x_strncat (cfile->inbuf, classdata[0]->bv_val, LDAP_BUFFER_SIZE); -+ x_strncat (cfile->inbuf, " ", LDAP_BUFFER_SIZE); -+ x_strncat (cfile->inbuf, tempbv[0]->bv_val, LDAP_BUFFER_SIZE); -+ x_strncat (cfile->inbuf, " {\n", LDAP_BUFFER_SIZE); -+ -+ item->close_brace = 1; -+ ldap_value_free_len (tempbv); -+ ldap_value_free_len (classdata); -+} -+ -+ -+static void -+ldap_parse_host (struct ldap_config_stack *item, struct parse *cfile) -+{ -+ struct berval **tempbv, **hwaddr; -+ -+ if ((tempbv = ldap_get_values_len (ld, item->ldent, "cn")) == NULL || -+ tempbv[0] == NULL) -+ { -+ if (tempbv != NULL) -+ ldap_value_free_len (tempbv); -+ -+ return; -+ } -+ -+ hwaddr = ldap_get_values_len (ld, item->ldent, "dhcpHWAddress"); -+ -+ x_strncat (cfile->inbuf, "host ", LDAP_BUFFER_SIZE); -+ x_strncat (cfile->inbuf, tempbv[0]->bv_val, LDAP_BUFFER_SIZE); -+ -+ if (hwaddr != NULL && hwaddr[0] != NULL) -+ { -+ x_strncat (cfile->inbuf, " {\nhardware ", LDAP_BUFFER_SIZE); -+ x_strncat (cfile->inbuf, hwaddr[0]->bv_val, LDAP_BUFFER_SIZE); -+ x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE); -+ ldap_value_free_len (hwaddr); -+ } -+ -+ item->close_brace = 1; -+ ldap_value_free_len (tempbv); -+} -+ -+ -+static void -+ldap_parse_shared_network (struct ldap_config_stack *item, struct parse *cfile) -+{ -+ struct berval **tempbv; -+ -+ if ((tempbv = ldap_get_values_len (ld, item->ldent, "cn")) == NULL || -+ tempbv[0] == NULL) -+ { -+ if (tempbv != NULL) -+ ldap_value_free_len (tempbv); -+ -+ return; -+ } -+ -+ x_strncat (cfile->inbuf, "shared-network \"", LDAP_BUFFER_SIZE); -+ x_strncat (cfile->inbuf, tempbv[0]->bv_val, LDAP_BUFFER_SIZE); -+ x_strncat (cfile->inbuf, "\" {\n", LDAP_BUFFER_SIZE); -+ -+ item->close_brace = 1; -+ ldap_value_free_len (tempbv); -+} -+ -+ -+static void -+parse_netmask (int netmask, char *netmaskbuf) -+{ -+ unsigned long nm; -+ int i; -+ -+ nm = 0; -+ for (i=1; i <= netmask; i++) -+ { -+ nm |= 1 << (32 - i); -+ } -+ -+ sprintf (netmaskbuf, "%d.%d.%d.%d", (int) (nm >> 24) & 0xff, -+ (int) (nm >> 16) & 0xff, -+ (int) (nm >> 8) & 0xff, -+ (int) nm & 0xff); -+} -+ -+ -+static void -+ldap_parse_subnet (struct ldap_config_stack *item, struct parse *cfile) -+{ -+ struct berval **tempbv, **netmaskstr; -+ char netmaskbuf[16]; -+ int i; -+ -+ if ((tempbv = ldap_get_values_len (ld, item->ldent, "cn")) == NULL || -+ tempbv[0] == NULL) -+ { -+ if (tempbv != NULL) -+ ldap_value_free_len (tempbv); -+ -+ return; -+ } -+ -+ if ((netmaskstr = ldap_get_values_len (ld, item->ldent, -+ "dhcpNetmask")) == NULL || -+ netmaskstr[0] == NULL) -+ { -+ if (netmaskstr != NULL) -+ ldap_value_free_len (netmaskstr); -+ ldap_value_free_len (tempbv); -+ -+ return; -+ } -+ -+ x_strncat (cfile->inbuf, "subnet ", LDAP_BUFFER_SIZE); -+ x_strncat (cfile->inbuf, tempbv[0]->bv_val, LDAP_BUFFER_SIZE); -+ -+ x_strncat (cfile->inbuf, " netmask ", LDAP_BUFFER_SIZE); -+ parse_netmask (strtol (netmaskstr[0]->bv_val, NULL, 10), netmaskbuf); -+ x_strncat (cfile->inbuf, netmaskbuf, LDAP_BUFFER_SIZE); -+ -+ x_strncat (cfile->inbuf, " {\n", LDAP_BUFFER_SIZE); -+ -+ ldap_value_free_len (tempbv); -+ ldap_value_free_len (netmaskstr); -+ -+ if ((tempbv = ldap_get_values_len (ld, item->ldent, "dhcpRange")) != NULL) -+ { -+ for (i=0; tempbv[i] != NULL; i++) -+ { -+ x_strncat (cfile->inbuf, "range", LDAP_BUFFER_SIZE); -+ x_strncat (cfile->inbuf, " ", LDAP_BUFFER_SIZE); -+ x_strncat (cfile->inbuf, tempbv[i]->bv_val, LDAP_BUFFER_SIZE); -+ x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE); -+ } -+ } -+ -+ item->close_brace = 1; -+} -+ -+ -+static void -+ldap_parse_pool (struct ldap_config_stack *item, struct parse *cfile) -+{ -+ struct berval **tempbv; -+ int i; -+ -+ x_strncat (cfile->inbuf, "pool {\n", LDAP_BUFFER_SIZE); -+ -+ if ((tempbv = ldap_get_values_len (ld, item->ldent, "dhcpRange")) != NULL) -+ { -+ x_strncat (cfile->inbuf, "range", LDAP_BUFFER_SIZE); -+ for (i=0; tempbv[i] != NULL; i++) -+ { -+ x_strncat (cfile->inbuf, " ", LDAP_BUFFER_SIZE); -+ x_strncat (cfile->inbuf, tempbv[i]->bv_val, LDAP_BUFFER_SIZE); -+ } -+ x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE); -+ ldap_value_free_len (tempbv); -+ } -+ -+ if ((tempbv = ldap_get_values_len (ld, item->ldent, "dhcpPermitList")) != NULL) -+ { -+ for (i=0; tempbv[i] != NULL; i++) -+ { -+ x_strncat (cfile->inbuf, tempbv[i]->bv_val, LDAP_BUFFER_SIZE); -+ x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE); -+ } -+ ldap_value_free_len (tempbv); -+ } -+ -+ item->close_brace = 1; -+} -+ -+ -+static void -+ldap_parse_group (struct ldap_config_stack *item, struct parse *cfile) -+{ -+ x_strncat (cfile->inbuf, "group {\n", LDAP_BUFFER_SIZE); -+ item->close_brace = 1; -+} -+ -+ -+static void -+ldap_parse_key (struct ldap_config_stack *item, struct parse *cfile) -+{ -+ struct berval **tempbv; -+ -+ if ((tempbv = ldap_get_values_len (ld, item->ldent, "cn")) != NULL) -+ { -+ x_strncat (cfile->inbuf, "key ", LDAP_BUFFER_SIZE); -+ x_strncat (cfile->inbuf, tempbv[0]->bv_val, LDAP_BUFFER_SIZE); -+ x_strncat (cfile->inbuf, " {\n", LDAP_BUFFER_SIZE); -+ ldap_value_free_len (tempbv); -+ } -+ -+ if ((tempbv = ldap_get_values_len (ld, item->ldent, "dhcpKeyAlgorithm")) != NULL) -+ { -+ x_strncat (cfile->inbuf, "algorithm ", LDAP_BUFFER_SIZE); -+ x_strncat (cfile->inbuf, tempbv[0]->bv_val, LDAP_BUFFER_SIZE); -+ x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE); -+ ldap_value_free_len (tempbv); -+ } -+ -+ if ((tempbv = ldap_get_values_len (ld, item->ldent, "dhcpKeySecret")) != NULL) -+ { -+ x_strncat (cfile->inbuf, "secret ", LDAP_BUFFER_SIZE); -+ x_strncat (cfile->inbuf, tempbv[0]->bv_val, LDAP_BUFFER_SIZE); -+ x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE); -+ ldap_value_free_len (tempbv); -+ } -+ -+ item->close_brace = 1; -+} -+ -+ -+static void -+ldap_parse_zone (struct ldap_config_stack *item, struct parse *cfile) -+{ -+ char *cnFindStart, *cnFindEnd; -+ struct berval **tempbv; -+ char *keyCn; -+ size_t len; -+ -+ if ((tempbv = ldap_get_values_len (ld, item->ldent, "cn")) != NULL) -+ { -+ x_strncat (cfile->inbuf, "zone ", LDAP_BUFFER_SIZE); -+ x_strncat (cfile->inbuf, tempbv[0]->bv_val, LDAP_BUFFER_SIZE); -+ x_strncat (cfile->inbuf, " {\n", LDAP_BUFFER_SIZE); -+ ldap_value_free_len (tempbv); -+ } -+ -+ if ((tempbv = ldap_get_values_len (ld, item->ldent, "dhcpDnsZoneServer")) != NULL) -+ { -+ x_strncat (cfile->inbuf, "primary ", LDAP_BUFFER_SIZE); -+ x_strncat (cfile->inbuf, tempbv[0]->bv_val, LDAP_BUFFER_SIZE); -+ -+ x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE); -+ ldap_value_free_len (tempbv); -+ } -+ -+ if ((tempbv = ldap_get_values_len (ld, item->ldent, "dhcpKeyDN")) != NULL) -+ { -+ cnFindStart = strchr(tempbv[0]->bv_val,'='); -+ if (cnFindStart != NULL) -+ cnFindEnd = strchr(++cnFindStart,','); -+ else -+ cnFindEnd = NULL; -+ -+ if (cnFindEnd != NULL && cnFindEnd > cnFindStart) -+ { -+ len = cnFindEnd - cnFindStart; -+ keyCn = dmalloc (len + 1, MDL); -+ } -+ else -+ { -+ len = 0; -+ keyCn = NULL; -+ } -+ -+ if (keyCn != NULL) -+ { -+ strncpy (keyCn, cnFindStart, len); -+ keyCn[len] = '\0'; -+ -+ x_strncat (cfile->inbuf, "key ", LDAP_BUFFER_SIZE); -+ x_strncat (cfile->inbuf, keyCn, LDAP_BUFFER_SIZE); -+ x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE); -+ -+ dfree (keyCn, MDL); -+ } -+ -+ ldap_value_free_len (tempbv); -+ } -+ -+ item->close_brace = 1; -+} -+ -+ -+static void -+add_to_config_stack (LDAPMessage * res, LDAPMessage * ent) -+{ -+ struct ldap_config_stack *ns; -+ -+ ns = dmalloc (sizeof (*ns), MDL); -+ ns->res = res; -+ ns->ldent = ent; -+ ns->close_brace = 0; -+ ns->processed = 0; -+ ns->next = ldap_stack; -+ ldap_stack = ns; -+} -+ -+ -+static void -+ldap_stop() -+{ -+ struct sigaction old, new; -+ -+ if (ld == NULL) -+ return; -+ -+ /* -+ ** ldap_unbind after a LDAP_SERVER_DOWN result -+ ** causes a SIGPIPE and dhcpd gets terminated, -+ ** since it doesn't handle it... -+ */ -+ -+ new.sa_flags = 0; -+ new.sa_handler = SIG_IGN; -+ sigemptyset (&new.sa_mask); -+ sigaction (SIGPIPE, &new, &old); -+ -+ ldap_unbind_ext_s (ld, NULL, NULL); -+ ld = NULL; -+ -+ sigaction (SIGPIPE, &old, &new); -+} -+ -+ -+static char * -+_do_lookup_dhcp_string_option (struct option_state *options, int option_name) -+{ -+ struct option_cache *oc; -+ struct data_string db; -+ char *ret; -+ -+ memset (&db, 0, sizeof (db)); -+ oc = lookup_option (&server_universe, options, option_name); -+ if (oc && -+ evaluate_option_cache (&db, (struct packet*) NULL, -+ (struct lease *) NULL, -+ (struct client_state *) NULL, options, -+ (struct option_state *) NULL, -+ &global_scope, oc, MDL) && -+ db.data != NULL && *db.data != '\0') -+ -+ { -+ ret = dmalloc (db.len + 1, MDL); -+ if (ret == NULL) -+ log_fatal ("no memory for ldap option %d value", option_name); -+ -+ memcpy (ret, db.data, db.len); -+ ret[db.len] = 0; -+ data_string_forget (&db, MDL); -+ } -+ else -+ ret = NULL; -+ -+ return (ret); -+} -+ -+ -+static int -+_do_lookup_dhcp_int_option (struct option_state *options, int option_name) -+{ -+ struct option_cache *oc; -+ struct data_string db; -+ int ret; -+ -+ memset (&db, 0, sizeof (db)); -+ oc = lookup_option (&server_universe, options, option_name); -+ if (oc && -+ evaluate_option_cache (&db, (struct packet*) NULL, -+ (struct lease *) NULL, -+ (struct client_state *) NULL, options, -+ (struct option_state *) NULL, -+ &global_scope, oc, MDL) && -+ db.data != NULL && *db.data != '\0') -+ { -+ ret = strtol ((const char *) db.data, NULL, 10); -+ data_string_forget (&db, MDL); -+ } -+ else -+ ret = 0; -+ -+ return (ret); -+} -+ -+ -+static int -+_do_lookup_dhcp_enum_option (struct option_state *options, int option_name) -+{ -+ struct option_cache *oc; -+ struct data_string db; -+ int ret = -1; -+ -+ memset (&db, 0, sizeof (db)); -+ oc = lookup_option (&server_universe, options, option_name); -+ if (oc && -+ evaluate_option_cache (&db, (struct packet*) NULL, -+ (struct lease *) NULL, -+ (struct client_state *) NULL, options, -+ (struct option_state *) NULL, -+ &global_scope, oc, MDL) && -+ db.data != NULL && *db.data != '\0') -+ { -+ if (db.len == 1) -+ ret = db.data [0]; -+ else -+ log_fatal ("invalid option name %d", option_name); -+ -+ data_string_forget (&db, MDL); -+ } -+ else -+ ret = 0; -+ -+ return (ret); -+} -+ -+int -+ldap_rebind_cb (LDAP *ld, LDAP_CONST char *url, ber_tag_t request, ber_int_t msgid, void *parms) -+{ -+ int ret; -+ LDAPURLDesc *ldapurl = NULL; -+ char *who = NULL; -+ struct berval creds; -+ -+ log_info("LDAP rebind to '%s'", url); -+ if ((ret = ldap_url_parse(url, &ldapurl)) != LDAP_SUCCESS) -+ { -+ log_error ("Error: Can not parse ldap rebind url '%s': %s", -+ url, ldap_err2string(ret)); -+ return ret; -+ } -+ -+ -+#if defined (USE_SSL) -+ if (strcasecmp(ldapurl->lud_scheme, "ldaps") == 0) -+ { -+ int opt = LDAP_OPT_X_TLS_HARD; -+ if ((ret = ldap_set_option (ld, LDAP_OPT_X_TLS, &opt)) != LDAP_SUCCESS) -+ { -+ log_error ("Error: Cannot init LDAPS session to %s:%d: %s", -+ ldapurl->lud_host, ldapurl->lud_port, ldap_err2string (ret)); -+ return ret; -+ } -+ else -+ { -+ log_info ("LDAPS session successfully enabled to %s", ldap_server); -+ } -+ } -+ else -+ if (strcasecmp(ldapurl->lud_scheme, "ldap") == 0 && -+ ldap_use_ssl != LDAP_SSL_OFF) -+ { -+ if ((ret = ldap_start_tls_s (ld, NULL, NULL)) != LDAP_SUCCESS) -+ { -+ log_error ("Error: Cannot start TLS session to %s:%d: %s", -+ ldapurl->lud_host, ldapurl->lud_port, ldap_err2string (ret)); -+ return ret; -+ } -+ else -+ { -+ log_info ("TLS session successfully started to %s:%d", -+ ldapurl->lud_host, ldapurl->lud_port); -+ } -+ } -+#endif -+ -+ -+ if (ldap_username != NULL || *ldap_username != '\0') -+ { -+ who = ldap_username; -+ creds.bv_val = strdup(ldap_password); -+ creds.bv_len = strlen(ldap_password); -+ } -+ -+ if ((ret = ldap_sasl_bind_s (ld, who, LDAP_SASL_SIMPLE, &creds, -+ NULL, NULL, NULL)) != LDAP_SUCCESS) -+ { -+ log_error ("Error: Cannot login into ldap server %s:%d: %s", -+ ldapurl->lud_host, ldapurl->lud_port, ldap_err2string (ret)); -+ } -+ return ret; -+} -+ -+static void -+ldap_start (void) -+{ -+ struct option_state *options; -+ int ret, version; -+ char *uri = NULL; -+ struct berval creds; -+ -+ if (ld != NULL) -+ return; -+ -+ if (ldap_server == NULL) -+ { -+ options = NULL; -+ option_state_allocate (&options, MDL); -+ -+ execute_statements_in_scope ((struct binding_value **) NULL, -+ (struct packet *) NULL, (struct lease *) NULL, -+ (struct client_state *) NULL, (struct option_state *) NULL, -+ options, &global_scope, root_group, (struct group *) NULL); -+ -+ ldap_server = _do_lookup_dhcp_string_option (options, SV_LDAP_SERVER); -+ ldap_dhcp_server_cn = _do_lookup_dhcp_string_option (options, -+ SV_LDAP_DHCP_SERVER_CN); -+ ldap_port = _do_lookup_dhcp_int_option (options, SV_LDAP_PORT); -+ ldap_base_dn = _do_lookup_dhcp_string_option (options, SV_LDAP_BASE_DN); -+ ldap_method = _do_lookup_dhcp_enum_option (options, SV_LDAP_METHOD); -+ ldap_debug_file = _do_lookup_dhcp_string_option (options, -+ SV_LDAP_DEBUG_FILE); -+ ldap_referrals = _do_lookup_dhcp_enum_option (options, SV_LDAP_REFERRALS); -+ -+#if defined (USE_SSL) -+ ldap_use_ssl = _do_lookup_dhcp_enum_option (options, SV_LDAP_SSL); -+ if( ldap_use_ssl != LDAP_SSL_OFF) -+ { -+ ldap_tls_reqcert = _do_lookup_dhcp_enum_option (options, SV_LDAP_TLS_REQCERT); -+ ldap_tls_ca_file = _do_lookup_dhcp_string_option (options, SV_LDAP_TLS_CA_FILE); -+ ldap_tls_ca_dir = _do_lookup_dhcp_string_option (options, SV_LDAP_TLS_CA_DIR); -+ ldap_tls_cert = _do_lookup_dhcp_string_option (options, SV_LDAP_TLS_CERT); -+ ldap_tls_key = _do_lookup_dhcp_string_option (options, SV_LDAP_TLS_KEY); -+ ldap_tls_crlcheck = _do_lookup_dhcp_enum_option (options, SV_LDAP_TLS_CRLCHECK); -+ ldap_tls_ciphers = _do_lookup_dhcp_string_option (options, SV_LDAP_TLS_CIPHERS); -+ ldap_tls_randfile = _do_lookup_dhcp_string_option (options, SV_LDAP_TLS_RANDFILE); -+ } -+#endif -+ -+#if defined (LDAP_CASA_AUTH) -+ if (!load_uname_pwd_from_miCASA(&ldap_username,&ldap_password)) -+ { -+#if defined (DEBUG_LDAP) -+ log_info ("Authentication credential taken from file"); -+#endif -+#endif -+ -+ ldap_username = _do_lookup_dhcp_string_option (options, SV_LDAP_USERNAME); -+ ldap_password = _do_lookup_dhcp_string_option (options, SV_LDAP_PASSWORD); -+ -+#if defined (LDAP_CASA_AUTH) -+ } -+#endif -+ -+ option_state_dereference (&options, MDL); -+ } -+ -+ if (ldap_server == NULL || ldap_base_dn == NULL) -+ { -+ log_info ("Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file"); -+ ldap_method = LDAP_METHOD_STATIC; -+ return; -+ } -+ -+ if (ldap_debug_file != NULL && ldap_debug_fd == -1) -+ { -+ if ((ldap_debug_fd = open (ldap_debug_file, O_CREAT | O_TRUNC | O_WRONLY, -+ S_IRUSR | S_IWUSR)) < 0) -+ log_error ("Error opening debug LDAP log file %s: %s", ldap_debug_file, -+ strerror (errno)); -+ } -+ -+#if defined (DEBUG_LDAP) -+ log_info ("Connecting to LDAP server %s:%d", ldap_server, ldap_port); -+#endif -+ -+#if defined (USE_SSL) -+ if (ldap_use_ssl == -1) -+ { -+ /* -+ ** There was no "ldap-ssl" option in dhcpd.conf (also not "off"). -+ ** Let's try, if we can use an anonymous TLS session without to -+ ** verify the server certificate -- if not continue without TLS. -+ */ -+ int opt = LDAP_OPT_X_TLS_ALLOW; -+ if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, -+ &opt)) != LDAP_SUCCESS) -+ { -+ log_error ("Warning: Cannot set LDAP TLS require cert option to 'allow': %s", -+ ldap_err2string (ret)); -+ } -+ } -+ -+ if (ldap_use_ssl != LDAP_SSL_OFF) -+ { -+ if (ldap_tls_reqcert != -1) -+ { -+ if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, -+ &ldap_tls_reqcert)) != LDAP_SUCCESS) -+ { -+ log_error ("Cannot set LDAP TLS require cert option: %s", -+ ldap_err2string (ret)); -+ } -+ } -+ -+ if( ldap_tls_ca_file != NULL) -+ { -+ if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_CACERTFILE, -+ ldap_tls_ca_file)) != LDAP_SUCCESS) -+ { -+ log_error ("Cannot set LDAP TLS CA certificate file %s: %s", -+ ldap_tls_ca_file, ldap_err2string (ret)); -+ } -+ } -+ if( ldap_tls_ca_dir != NULL) -+ { -+ if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_CACERTDIR, -+ ldap_tls_ca_dir)) != LDAP_SUCCESS) -+ { -+ log_error ("Cannot set LDAP TLS CA certificate dir %s: %s", -+ ldap_tls_ca_dir, ldap_err2string (ret)); -+ } -+ } -+ if( ldap_tls_cert != NULL) -+ { -+ if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_CERTFILE, -+ ldap_tls_cert)) != LDAP_SUCCESS) -+ { -+ log_error ("Cannot set LDAP TLS client certificate file %s: %s", -+ ldap_tls_cert, ldap_err2string (ret)); -+ } -+ } -+ if( ldap_tls_key != NULL) -+ { -+ if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_KEYFILE, -+ ldap_tls_key)) != LDAP_SUCCESS) -+ { -+ log_error ("Cannot set LDAP TLS certificate key file %s: %s", -+ ldap_tls_key, ldap_err2string (ret)); -+ } -+ } -+ if( ldap_tls_crlcheck != -1) -+ { -+ int opt = ldap_tls_crlcheck; -+ if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_CRLCHECK, -+ &opt)) != LDAP_SUCCESS) -+ { -+ log_error ("Cannot set LDAP TLS crl check option: %s", -+ ldap_err2string (ret)); -+ } -+ } -+ if( ldap_tls_ciphers != NULL) -+ { -+ if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_CIPHER_SUITE, -+ ldap_tls_ciphers)) != LDAP_SUCCESS) -+ { -+ log_error ("Cannot set LDAP TLS cipher suite %s: %s", -+ ldap_tls_ciphers, ldap_err2string (ret)); -+ } -+ } -+ if( ldap_tls_randfile != NULL) -+ { -+ if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_RANDOM_FILE, -+ ldap_tls_randfile)) != LDAP_SUCCESS) -+ { -+ log_error ("Cannot set LDAP TLS random file %s: %s", -+ ldap_tls_randfile, ldap_err2string (ret)); -+ } -+ } -+ } -+#endif -+ -+ /* enough for 'ldap://+ + hostname + ':' + port number */ -+ uri = malloc(strlen(ldap_server) + 16); -+ if (uri == NULL) -+ { -+ log_error ("Cannot build ldap init URI %s:%d", ldap_server, ldap_port); -+ return; -+ } -+ -+ sprintf(uri, "ldap://%s:%d", ldap_server, ldap_port); -+ ldap_initialize(&ld, uri); -+ -+ if (ld == NULL) -+ { -+ log_error ("Cannot init ldap session to %s:%d", ldap_server, ldap_port); -+ return; -+ } -+ -+ free(uri); -+ -+ version = LDAP_VERSION3; -+ if ((ret = ldap_set_option (ld, LDAP_OPT_PROTOCOL_VERSION, &version)) != LDAP_OPT_SUCCESS) -+ { -+ log_error ("Cannot set LDAP version to %d: %s", version, -+ ldap_err2string (ret)); -+ } -+ -+ if (ldap_referrals != -1) -+ { -+ if ((ret = ldap_set_option (ld, LDAP_OPT_REFERRALS, ldap_referrals ? -+ LDAP_OPT_ON : LDAP_OPT_OFF)) != LDAP_OPT_SUCCESS) -+ { -+ log_error ("Cannot %s LDAP referrals option: %s", -+ (ldap_referrals ? "enable" : "disable"), -+ ldap_err2string (ret)); -+ } -+ } -+ -+ if ((ret = ldap_set_rebind_proc(ld, ldap_rebind_cb, NULL)) != LDAP_SUCCESS) -+ { -+ log_error ("Warning: Cannot set ldap rebind procedure: %s", -+ ldap_err2string (ret)); -+ } -+ -+#if defined (USE_SSL) -+ if (ldap_use_ssl == LDAP_SSL_LDAPS || -+ (ldap_use_ssl == LDAP_SSL_ON && ldap_port == LDAPS_PORT)) -+ { -+ int opt = LDAP_OPT_X_TLS_HARD; -+ if ((ret = ldap_set_option (ld, LDAP_OPT_X_TLS, &opt)) != LDAP_SUCCESS) -+ { -+ log_error ("Error: Cannot init LDAPS session to %s:%d: %s", -+ ldap_server, ldap_port, ldap_err2string (ret)); -+ ldap_stop(); -+ return; -+ } -+ else -+ { -+ log_info ("LDAPS session successfully enabled to %s:%d", -+ ldap_server, ldap_port); -+ } -+ } -+ else if (ldap_use_ssl != LDAP_SSL_OFF) -+ { -+ if ((ret = ldap_start_tls_s (ld, NULL, NULL)) != LDAP_SUCCESS) -+ { -+ log_error ("Error: Cannot start TLS session to %s:%d: %s", -+ ldap_server, ldap_port, ldap_err2string (ret)); -+ ldap_stop(); -+ return; -+ } -+ else -+ { -+ log_info ("TLS session successfully started to %s:%d", -+ ldap_server, ldap_port); -+ } -+ } -+#endif -+ -+ if (ldap_username != NULL && *ldap_username != '\0') -+ { -+ creds.bv_val = strdup(ldap_password); -+ creds.bv_len = strlen(ldap_password); -+ -+ if ((ret = ldap_sasl_bind_s (ld, ldap_username, LDAP_SASL_SIMPLE, -+ &creds, NULL, NULL, NULL)) != LDAP_SUCCESS) -+ { -+ log_error ("Error: Cannot login into ldap server %s:%d: %s", -+ ldap_server, ldap_port, ldap_err2string (ret)); -+ ldap_stop(); -+ return; -+ } -+ } -+ -+#if defined (DEBUG_LDAP) -+ log_info ("Successfully logged into LDAP server %s", ldap_server); -+#endif -+} -+ -+ -+static void -+parse_external_dns (LDAPMessage * ent) -+{ -+ char *search[] = {"dhcpOptionsDN", "dhcpSharedNetworkDN", "dhcpSubnetDN", -+ "dhcpGroupDN", "dhcpHostDN", "dhcpClassesDN", -+ "dhcpPoolDN", NULL}; -+ LDAPMessage * newres, * newent; -+ struct berval **tempbv; -+ int i, j, ret; -+#if defined (DEBUG_LDAP) -+ char *dn; -+ -+ dn = ldap_get_dn (ld, ent); -+ if (dn != NULL) -+ { -+ log_info ("Parsing external DNs for '%s'", dn); -+ ldap_memfree (dn); -+ } -+#endif -+ -+ if (ld == NULL) -+ ldap_start (); -+ if (ld == NULL) -+ return; -+ -+ for (i=0; search[i] != NULL; i++) -+ { -+ if ((tempbv = ldap_get_values_len (ld, ent, search[i])) == NULL) -+ continue; -+ -+ for (j=0; tempbv[j] != NULL; j++) -+ { -+ if (*tempbv[j]->bv_val == '\0') -+ continue; -+ -+ if ((ret = ldap_search_ext_s(ld, tempbv[j]->bv_val, LDAP_SCOPE_BASE, -+ "objectClass=*", NULL, 0, NULL, -+ NULL, NULL, 0, &newres)) != LDAP_SUCCESS) -+ { -+ ldap_value_free_len (tempbv); -+ ldap_stop(); -+ return; -+ } -+ -+#if defined (DEBUG_LDAP) -+ log_info ("Adding contents of subtree '%s' to config stack from '%s' reference", tempbv[j], search[i]); -+#endif -+ for (newent = ldap_first_entry (ld, newres); -+ newent != NULL; -+ newent = ldap_next_entry (ld, newent)) -+ { -+#if defined (DEBUG_LDAP) -+ dn = ldap_get_dn (ld, newent); -+ if (dn != NULL) -+ { -+ log_info ("Adding LDAP result set starting with '%s' to config stack", dn); -+ ldap_memfree (dn); -+ } -+#endif -+ -+ add_to_config_stack (newres, newent); -+ /* don't free newres here */ -+ } -+ } -+ -+ ldap_value_free_len (tempbv); -+ } -+} -+ -+ -+static void -+free_stack_entry (struct ldap_config_stack *item) -+{ -+ struct ldap_config_stack *look_ahead_pointer = item; -+ int may_free_msg = 1; -+ -+ while (look_ahead_pointer->next != NULL) -+ { -+ look_ahead_pointer = look_ahead_pointer->next; -+ if (look_ahead_pointer->res == item->res) -+ { -+ may_free_msg = 0; -+ break; -+ } -+ } -+ -+ if (may_free_msg) -+ ldap_msgfree (item->res); -+ -+ dfree (item, MDL); -+} -+ -+ -+static void -+next_ldap_entry (struct parse *cfile) -+{ -+ struct ldap_config_stack *temp_stack; -+ -+ if (ldap_stack != NULL && ldap_stack->close_brace) -+ { -+ x_strncat (cfile->inbuf, "}\n", LDAP_BUFFER_SIZE); -+ ldap_stack->close_brace = 0; -+ } -+ -+ while (ldap_stack != NULL && -+ (ldap_stack->ldent == NULL || -+ (ldap_stack->ldent = ldap_next_entry (ld, ldap_stack->ldent)) == NULL)) -+ { -+ if (ldap_stack->close_brace) -+ { -+ x_strncat (cfile->inbuf, "}\n", LDAP_BUFFER_SIZE); -+ ldap_stack->close_brace = 0; -+ } -+ -+ temp_stack = ldap_stack; -+ ldap_stack = ldap_stack->next; -+ free_stack_entry (temp_stack); -+ } -+ -+ if (ldap_stack != NULL && ldap_stack->close_brace) -+ { -+ x_strncat (cfile->inbuf, "}\n", LDAP_BUFFER_SIZE); -+ ldap_stack->close_brace = 0; -+ } -+} -+ -+ -+static char -+check_statement_end (const char *statement) -+{ -+ char *ptr; -+ -+ if (statement == NULL || *statement == '\0') -+ return ('\0'); -+ -+ /* -+ ** check if it ends with "}", e.g.: -+ ** "zone my.domain. { ... }" -+ ** optionally followed by spaces -+ */ -+ ptr = strrchr (statement, '}'); -+ if (ptr != NULL) -+ { -+ /* skip following white-spaces */ -+ for (++ptr; isspace ((int)*ptr); ptr++); -+ -+ /* check if we reached the end */ -+ if (*ptr == '\0') -+ return ('}'); /* yes, block end */ -+ else -+ return (*ptr); -+ } -+ -+ /* -+ ** this should not happen, but... -+ ** check if it ends with ";", e.g.: -+ ** "authoritative;" -+ ** optionally followed by spaces -+ */ -+ ptr = strrchr (statement, ';'); -+ if (ptr != NULL) -+ { -+ /* skip following white-spaces */ -+ for (++ptr; isspace ((int)*ptr); ptr++); -+ -+ /* check if we reached the end */ -+ if (*ptr == '\0') -+ return (';'); /* ends with a ; */ -+ else -+ return (*ptr); -+ } -+ -+ return ('\0'); -+} -+ -+ -+static isc_result_t -+ldap_parse_entry_options (LDAPMessage *ent, char *buffer, size_t size, -+ int *lease_limit) -+{ -+ struct berval **tempbv; -+ int i; -+ -+ if (ent == NULL || buffer == NULL || size == 0) -+ return (ISC_R_FAILURE); -+ -+ if ((tempbv = ldap_get_values_len (ld, ent, "dhcpStatements")) != NULL) -+ { -+ for (i=0; tempbv[i] != NULL; i++) -+ { -+ if (lease_limit != NULL && -+ strncasecmp ("lease limit ", tempbv[i]->bv_val, 12) == 0) -+ { -+ *lease_limit = (int) strtol ((tempbv[i]->bv_val) + 12, NULL, 10); -+ continue; -+ } -+ -+ x_strncat (buffer, tempbv[i]->bv_val, size); -+ -+ switch((int) check_statement_end (tempbv[i]->bv_val)) -+ { -+ case '}': -+ case ';': -+ x_strncat (buffer, "\n", size); -+ break; -+ default: -+ x_strncat (buffer, ";\n", size); -+ break; -+ } -+ } -+ ldap_value_free_len (tempbv); -+ } -+ -+ if ((tempbv = ldap_get_values_len (ld, ent, "dhcpOption")) != NULL) -+ { -+ for (i=0; tempbv[i] != NULL; i++) -+ { -+ x_strncat (buffer, "option ", size); -+ x_strncat (buffer, tempbv[i]->bv_val, size); -+ switch ((int) check_statement_end (tempbv[i]->bv_val)) -+ { -+ case ';': -+ x_strncat (buffer, "\n", size); -+ break; -+ default: -+ x_strncat (buffer, ";\n", size); -+ break; -+ } -+ } -+ ldap_value_free_len (tempbv); -+ } -+ -+ return (ISC_R_SUCCESS); -+} -+ -+ -+static void -+ldap_generate_config_string (struct parse *cfile) -+{ -+ struct berval **objectClass; -+ char *dn; -+ struct ldap_config_stack *entry; -+ LDAPMessage * ent, * res; -+ int i, ignore, found; -+ int ret; -+ -+ if (ld == NULL) -+ ldap_start (); -+ if (ld == NULL) -+ return; -+ -+ entry = ldap_stack; -+ if ((objectClass = ldap_get_values_len (ld, entry->ldent, -+ "objectClass")) == NULL) -+ return; -+ -+ ignore = 0; -+ found = 1; -+ for (i=0; objectClass[i] != NULL; i++) -+ { -+ if (strcasecmp (objectClass[i]->bv_val, "dhcpSharedNetwork") == 0) -+ ldap_parse_shared_network (entry, cfile); -+ else if (strcasecmp (objectClass[i]->bv_val, "dhcpClass") == 0) -+ ldap_parse_class (entry, cfile); -+ else if (strcasecmp (objectClass[i]->bv_val, "dhcpSubnet") == 0) -+ ldap_parse_subnet (entry, cfile); -+ else if (strcasecmp (objectClass[i]->bv_val, "dhcpPool") == 0) -+ ldap_parse_pool (entry, cfile); -+ else if (strcasecmp (objectClass[i]->bv_val, "dhcpGroup") == 0) -+ ldap_parse_group (entry, cfile); -+ else if (strcasecmp (objectClass[i]->bv_val, "dhcpTSigKey") == 0) -+ ldap_parse_key (entry, cfile); -+ else if (strcasecmp (objectClass[i]->bv_val, "dhcpDnsZone") == 0) -+ ldap_parse_zone (entry, cfile); -+ else if (strcasecmp (objectClass[i]->bv_val, "dhcpHost") == 0) -+ { -+ if (ldap_method == LDAP_METHOD_STATIC) -+ ldap_parse_host (entry, cfile); -+ else -+ { -+ ignore = 1; -+ break; -+ } -+ } -+ else if (strcasecmp (objectClass[i]->bv_val, "dhcpSubClass") == 0) -+ { -+ if (ldap_method == LDAP_METHOD_STATIC) -+ ldap_parse_subclass (entry, cfile); -+ else -+ { -+ ignore = 1; -+ break; -+ } -+ } -+ else -+ found = 0; -+ -+ if (found && cfile->inbuf[0] == '\0') -+ { -+ ignore = 1; -+ break; -+ } -+ } -+ -+ ldap_value_free_len (objectClass); -+ -+ if (ignore) -+ { -+ next_ldap_entry (cfile); -+ return; -+ } -+ -+ ldap_parse_entry_options(entry->ldent, cfile->inbuf, -+ LDAP_BUFFER_SIZE-1, NULL); -+ -+ dn = ldap_get_dn (ld, entry->ldent); -+ -+#if defined(DEBUG_LDAP) -+ if (dn != NULL) -+ log_info ("Found LDAP entry '%s'", dn); -+#endif -+ -+ if (dn == NULL || -+ (ret = ldap_search_ext_s (ld, dn, LDAP_SCOPE_ONELEVEL, -+ "objectClass=*", NULL, 0, NULL, NULL, -+ NULL, 0, &res)) != LDAP_SUCCESS) -+ { -+ if (dn) -+ ldap_memfree (dn); -+ -+ ldap_stop(); -+ return; -+ } -+ -+ ldap_memfree (dn); -+ -+ if ((ent = ldap_first_entry (ld, res)) != NULL) -+ { -+ add_to_config_stack (res, ent); -+ parse_external_dns (entry->ldent); -+ } -+ else -+ { -+ ldap_msgfree (res); -+ parse_external_dns (entry->ldent); -+ next_ldap_entry (cfile); -+ } -+} -+ -+ -+static void -+ldap_close_debug_fd() -+{ -+ if (ldap_debug_fd != -1) -+ { -+ close (ldap_debug_fd); -+ ldap_debug_fd = -1; -+ } -+} -+ -+ -+static void -+ldap_write_debug (const void *buff, size_t size) -+{ -+ if (ldap_debug_fd != -1) -+ { -+ if (write (ldap_debug_fd, buff, size) < 0) -+ { -+ log_error ("Error writing to LDAP debug file %s: %s." -+ " Disabling log file.", ldap_debug_file, -+ strerror (errno)); -+ ldap_close_debug_fd(); -+ } -+ } -+} -+ -+static int -+ldap_read_function (struct parse *cfile) -+{ -+ cfile->inbuf[0] = '\0'; -+ cfile->buflen = 0; -+ -+ while (ldap_stack != NULL && *cfile->inbuf == '\0') -+ ldap_generate_config_string (cfile); -+ -+ if (ldap_stack == NULL && *cfile->inbuf == '\0') -+ return (EOF); -+ -+ cfile->bufix = 1; -+ cfile->buflen = strlen (cfile->inbuf) - 1; -+ if (cfile->buflen > 0) -+ ldap_write_debug (cfile->inbuf, cfile->buflen); -+ -+#if defined (DEBUG_LDAP) -+ log_info ("Sending config line '%s'", cfile->inbuf); -+#endif -+ -+ return (cfile->inbuf[0]); -+} -+ -+ -+static char * -+ldap_get_host_name (LDAPMessage * ent) -+{ -+ struct berval **name; -+ char *ret; -+ -+ ret = NULL; -+ if ((name = ldap_get_values_len (ld, ent, "cn")) == NULL || name[0] == NULL) -+ { -+ if (name != NULL) -+ ldap_value_free_len (name); -+ -+#if defined (DEBUG_LDAP) -+ ret = ldap_get_dn (ld, ent); -+ if (ret != NULL) -+ { -+ log_info ("Cannot get cn attribute for LDAP entry %s", ret); -+ ldap_memfree(ret); -+ } -+#endif -+ return (NULL); -+ } -+ -+ ret = dmalloc (strlen (name[0]->bv_val) + 1, MDL); -+ strcpy (ret, name[0]->bv_val); -+ ldap_value_free_len (name); -+ -+ return (ret); -+} -+ -+ -+static int -+getfqhostname(char *fqhost, size_t size) -+{ -+#if defined(MAXHOSTNAMELEN) -+ char hname[MAXHOSTNAMELEN]; -+#else -+ char hname[65]; -+#endif -+ struct hostent *hp; -+ -+ if(NULL == fqhost || 1 >= size) -+ return -1; -+ -+ memset(hname, 0, sizeof(hname)); -+ if( gethostname(hname, sizeof(hname)-1)) -+ return -1; -+ -+ if(NULL == (hp = gethostbyname(hname))) -+ return -1; -+ -+ strncpy(fqhost, hp->h_name, size-1); -+ fqhost[size-1] = '\0'; -+ return 0; -+} -+ -+ -+isc_result_t -+ldap_read_config (void) -+{ -+ LDAPMessage * ldres, * hostres, * ent, * hostent; -+ char hfilter[1024], sfilter[1024], fqdn[257]; -+ char *buffer, *hostdn; -+ ldap_dn_node *curr = NULL; -+ struct parse *cfile; -+ struct utsname unme; -+ isc_result_t res; -+ size_t length; -+ int ret, cnt; -+ struct berval **tempbv = NULL; -+ -+ if (ld == NULL) -+ ldap_start (); -+ if (ld == NULL) -+ return (ldap_server == NULL ? ISC_R_SUCCESS : ISC_R_FAILURE); -+ -+ buffer = dmalloc (LDAP_BUFFER_SIZE+1, MDL); -+ if (buffer == NULL) -+ return (ISC_R_FAILURE); -+ -+ cfile = (struct parse *) NULL; -+ res = new_parse (&cfile, -1, buffer, LDAP_BUFFER_SIZE, "LDAP", 0); -+ if (res != ISC_R_SUCCESS) -+ return (res); -+ -+ uname (&unme); -+ if (ldap_dhcp_server_cn != NULL) -+ { -+ snprintf (hfilter, sizeof (hfilter), -+ "(&(objectClass=dhcpServer)(cn=%s))", ldap_dhcp_server_cn); -+ } -+ else -+ { -+ if(0 == getfqhostname(fqdn, sizeof(fqdn))) -+ { -+ snprintf (hfilter, sizeof (hfilter), -+ "(&(objectClass=dhcpServer)(|(cn=%s)(cn=%s)))", -+ unme.nodename, fqdn); -+ } -+ else -+ { -+ snprintf (hfilter, sizeof (hfilter), -+ "(&(objectClass=dhcpServer)(cn=%s))", unme.nodename); -+ } -+ -+ } -+ hostres = NULL; -+ if ((ret = ldap_search_ext_s (ld, ldap_base_dn, LDAP_SCOPE_SUBTREE, -+ hfilter, NULL, 0, NULL, NULL, NULL, 0, -+ &hostres)) != LDAP_SUCCESS) -+ { -+ log_error ("Cannot find host LDAP entry %s %s", -+ ((ldap_dhcp_server_cn == NULL)?(unme.nodename):(ldap_dhcp_server_cn)), hfilter); -+ if(NULL != hostres) -+ ldap_msgfree (hostres); -+ ldap_stop(); -+ return (ISC_R_FAILURE); -+ } -+ -+ if ((hostent = ldap_first_entry (ld, hostres)) == NULL) -+ { -+ log_error ("Error: Cannot find LDAP entry matching %s", hfilter); -+ ldap_msgfree (hostres); -+ ldap_stop(); -+ return (ISC_R_FAILURE); -+ } -+ -+ hostdn = ldap_get_dn (ld, hostent); -+#if defined(DEBUG_LDAP) -+ if (hostdn != NULL) -+ log_info ("Found dhcpServer LDAP entry '%s'", hostdn); -+#endif -+ -+ if (hostdn == NULL || -+ (tempbv = ldap_get_values_len (ld, hostent, "dhcpServiceDN")) == NULL || -+ tempbv[0] == NULL) -+ { -+ log_error ("Error: Cannot find LDAP entry matching %s", hfilter); -+ -+ if (tempbv != NULL) -+ ldap_value_free_len (tempbv); -+ -+ if (hostdn) -+ ldap_memfree (hostdn); -+ ldap_msgfree (hostres); -+ ldap_stop(); -+ return (ISC_R_FAILURE); -+ } -+ -+#if defined(DEBUG_LDAP) -+ log_info ("LDAP: Parsing dhcpServer options '%s' ...", hostdn); -+#endif -+ -+ cfile->inbuf[0] = '\0'; -+ ldap_parse_entry_options(hostent, cfile->inbuf, LDAP_BUFFER_SIZE, NULL); -+ cfile->buflen = strlen (cfile->inbuf); -+ if(cfile->buflen > 0) -+ { -+ ldap_write_debug (cfile->inbuf, cfile->buflen); -+ -+ res = conf_file_subparse (cfile, root_group, ROOT_GROUP); -+ if (res != ISC_R_SUCCESS) -+ { -+ log_error ("LDAP: cannot parse dhcpServer entry '%s'", hostdn); -+ ldap_memfree (hostdn); -+ ldap_stop(); -+ return res; -+ } -+ cfile->inbuf[0] = '\0'; -+ } -+ ldap_msgfree (hostres); -+ -+ /* -+ ** attach ldap (tree) read function now -+ */ -+ cfile->bufix = cfile->buflen = 0; -+ cfile->read_function = ldap_read_function; -+ -+ res = ISC_R_SUCCESS; -+ for (cnt=0; tempbv[cnt] != NULL; cnt++) -+ { -+ snprintf(sfilter, sizeof(sfilter), "(&(objectClass=dhcpService)" -+ "(|(dhcpPrimaryDN=%s)(dhcpSecondaryDN=%s)))", -+ hostdn, hostdn); -+ ldres = NULL; -+ if ((ret = ldap_search_ext_s (ld, tempbv[cnt]->bv_val, LDAP_SCOPE_BASE, -+ sfilter, NULL, 0, NULL, NULL, NULL, -+ 0, &ldres)) != LDAP_SUCCESS) -+ { -+ log_error ("Error searching for dhcpServiceDN '%s': %s. Please update the LDAP entry '%s'", -+ tempbv[cnt]->bv_val, ldap_err2string (ret), hostdn); -+ if(NULL != ldres) -+ ldap_msgfree(ldres); -+ res = ISC_R_FAILURE; -+ break; -+ } -+ -+ if ((ent = ldap_first_entry (ld, ldres)) == NULL) -+ { -+ log_error ("Error: Cannot find dhcpService DN '%s' with primary or secondary server reference. Please update the LDAP server entry '%s'", -+ tempbv[cnt]->bv_val, hostdn); -+ -+ ldap_msgfree(ldres); -+ res = ISC_R_FAILURE; -+ break; -+ } -+ -+ /* -+ ** FIXME: how to free the remembered dn's on exit? -+ ** This should be OK if dmalloc registers the -+ ** memory it allocated and frees it on exit.. -+ */ -+ -+ curr = dmalloc (sizeof (*curr), MDL); -+ if (curr != NULL) -+ { -+ length = strlen (tempbv[cnt]->bv_val); -+ curr->dn = dmalloc (length + 1, MDL); -+ if (curr->dn == NULL) -+ { -+ dfree (curr, MDL); -+ curr = NULL; -+ } -+ else -+ strcpy (curr->dn, tempbv[cnt]->bv_val); -+ } -+ -+ if (curr != NULL) -+ { -+ curr->refs++; -+ -+ /* append to service-dn list */ -+ if (ldap_service_dn_tail != NULL) -+ ldap_service_dn_tail->next = curr; -+ else -+ ldap_service_dn_head = curr; -+ -+ ldap_service_dn_tail = curr; -+ } -+ else -+ log_fatal ("no memory to remember ldap service dn"); -+ -+#if defined (DEBUG_LDAP) -+ log_info ("LDAP: Parsing dhcpService DN '%s' ...", tempbv[cnt]); -+#endif -+ add_to_config_stack (ldres, ent); -+ res = conf_file_subparse (cfile, root_group, ROOT_GROUP); -+ if (res != ISC_R_SUCCESS) -+ { -+ log_error ("LDAP: cannot parse dhcpService entry '%s'", tempbv[cnt]->bv_val); -+ break; -+ } -+ } -+ -+ end_parse (&cfile); -+ ldap_close_debug_fd(); -+ -+ ldap_memfree (hostdn); -+ ldap_value_free_len (tempbv); -+ -+ if (res != ISC_R_SUCCESS) -+ { -+ struct ldap_config_stack *temp_stack; -+ -+ while ((curr = ldap_service_dn_head) != NULL) -+ { -+ ldap_service_dn_head = curr->next; -+ dfree (curr->dn, MDL); -+ dfree (curr, MDL); -+ } -+ -+ ldap_service_dn_tail = NULL; -+ -+ while ((temp_stack = ldap_stack) != NULL) -+ { -+ ldap_stack = temp_stack->next; -+ free_stack_entry (temp_stack); -+ } -+ -+ ldap_stop(); -+ } -+ -+ /* Unbind from ldap immediately after reading config in static mode. */ -+ if (ldap_method == LDAP_METHOD_STATIC) -+ ldap_stop(); -+ -+ return (res); -+} -+ -+ -+/* This function will parse the dhcpOption and dhcpStatements field in the LDAP -+ entry if it exists. Right now, type will be either HOST_DECL or CLASS_DECL. -+ If we are parsing a HOST_DECL, this always returns 0. If we are parsing a -+ CLASS_DECL, this will return what the current lease limit is in LDAP. If -+ there is no lease limit specified, we return 0 */ -+ -+static int -+ldap_parse_options (LDAPMessage * ent, struct group *group, -+ int type, struct host_decl *host, -+ struct class **class) -+{ -+ int declaration, lease_limit; -+ char option_buffer[8192]; -+ enum dhcp_token token; -+ struct parse *cfile; -+ isc_result_t res; -+ const char *val; -+ -+ lease_limit = 0; -+ *option_buffer = '\0'; -+ -+ /* This block of code will try to find the parent of the host, and -+ if it is a group object, fetch the options and apply to the host. */ -+ if (type == HOST_DECL) -+ { -+ char *hostdn, *basedn, *temp1, *temp2, filter[1024]; -+ LDAPMessage *groupdn, *entry; -+ int ret; -+ -+ hostdn = ldap_get_dn (ld, ent); -+ if( hostdn != NULL) -+ { -+ basedn = NULL; -+ -+ temp1 = strchr (hostdn, '='); -+ if (temp1 != NULL) -+ temp1 = strchr (++temp1, '='); -+ if (temp1 != NULL) -+ temp2 = strchr (++temp1, ','); -+ else -+ temp2 = NULL; -+ -+ if (temp2 != NULL) -+ { -+ snprintf (filter, sizeof(filter), -+ "(&(cn=%.*s)(objectClass=dhcpGroup))", -+ (int)(temp2 - temp1), temp1); -+ -+ basedn = strchr (temp1, ','); -+ if (basedn != NULL) -+ ++basedn; -+ } -+ -+ if (basedn != NULL && *basedn != '\0') -+ { -+ ret = ldap_search_ext_s (ld, basedn, LDAP_SCOPE_SUBTREE, filter, -+ NULL, 0, NULL, NULL, NULL, 0, &groupdn); -+ if (ret == LDAP_SUCCESS) -+ { -+ if ((entry = ldap_first_entry (ld, groupdn)) != NULL) -+ { -+ res = ldap_parse_entry_options (entry, option_buffer, -+ sizeof(option_buffer) - 1, -+ &lease_limit); -+ if (res != ISC_R_SUCCESS) -+ { -+ /* reset option buffer discarding any results */ -+ *option_buffer = '\0'; -+ lease_limit = 0; -+ } -+ } -+ ldap_msgfree( groupdn); -+ } -+ } -+ ldap_memfree( hostdn); -+ } -+ } -+ -+ res = ldap_parse_entry_options (ent, option_buffer, sizeof(option_buffer) - 1, -+ &lease_limit); -+ if (res != ISC_R_SUCCESS) -+ return (lease_limit); -+ -+ option_buffer[sizeof(option_buffer) - 1] = '\0'; -+ if (*option_buffer == '\0') -+ return (lease_limit); -+ -+ cfile = (struct parse *) NULL; -+ res = new_parse (&cfile, -1, option_buffer, strlen (option_buffer), -+ type == HOST_DECL ? "LDAP-HOST" : "LDAP-SUBCLASS", 0); -+ if (res != ISC_R_SUCCESS) -+ return (lease_limit); -+ -+#if defined (DEBUG_LDAP) -+ log_info ("Sending the following options: '%s'", option_buffer); -+#endif -+ -+ declaration = 0; -+ do -+ { -+ token = peek_token (&val, NULL, cfile); -+ if (token == END_OF_FILE) -+ break; -+ declaration = parse_statement (cfile, group, type, host, declaration); -+ } while (1); -+ -+ end_parse (&cfile); -+ -+ return (lease_limit); -+} -+ -+ -+ -+int -+find_haddr_in_ldap (struct host_decl **hp, int htype, unsigned hlen, -+ const unsigned char *haddr, const char *file, int line) -+{ -+ char buf[128], *type_str; -+ LDAPMessage * res, *ent; -+ struct host_decl * host; -+ isc_result_t status; -+ ldap_dn_node *curr; -+ int ret; -+ -+ if (ldap_method == LDAP_METHOD_STATIC) -+ return (0); -+ -+ if (ld == NULL) -+ ldap_start (); -+ if (ld == NULL) -+ return (0); -+ -+ switch (htype) -+ { -+ case HTYPE_ETHER: -+ type_str = "ethernet"; -+ break; -+ case HTYPE_IEEE802: -+ type_str = "token-ring"; -+ break; -+ case HTYPE_FDDI: -+ type_str = "fddi"; -+ break; -+ default: -+ log_info ("Ignoring unknown type %d", htype); -+ return (0); -+ } -+ -+ /* -+ ** FIXME: It is not guaranteed, that the dhcpHWAddress attribute -+ ** contains _exactly_ "type addr" with one space between! -+ */ -+ snprintf (buf, sizeof (buf), -+ "(&(objectClass=dhcpHost)(dhcpHWAddress=%s %s))", -+ type_str, print_hw_addr (htype, hlen, haddr)); -+ -+ res = ent = NULL; -+ for (curr = ldap_service_dn_head; -+ curr != NULL && *curr->dn != '\0'; -+ curr = curr->next) -+ { -+#if defined (DEBUG_LDAP) -+ log_info ("Searching for %s in LDAP tree %s", buf, curr->dn); -+#endif -+ ret = ldap_search_ext_s (ld, curr->dn, LDAP_SCOPE_SUBTREE, buf, NULL, 0, -+ NULL, NULL, NULL, 0, &res); -+ -+ if(ret == LDAP_SERVER_DOWN) -+ { -+ log_info ("LDAP server was down, trying to reconnect..."); -+ -+ ldap_stop(); -+ ldap_start(); -+ if(ld == NULL) -+ { -+ log_info ("LDAP reconnect failed - try again later..."); -+ return (0); -+ } -+ -+ ret = ldap_search_ext_s (ld, curr->dn, LDAP_SCOPE_SUBTREE, buf, NULL, -+ 0, NULL, NULL, NULL, 0, &res); -+ } -+ -+ if (ret == LDAP_SUCCESS) -+ { -+ if( (ent = ldap_first_entry (ld, res)) != NULL) -+ break; /* search OK and have entry */ -+ -+#if defined (DEBUG_LDAP) -+ log_info ("No host entry for %s in LDAP tree %s", -+ buf, curr->dn); -+#endif -+ if(res) -+ { -+ ldap_msgfree (res); -+ res = NULL; -+ } -+ } -+ else -+ { -+ if(res) -+ { -+ ldap_msgfree (res); -+ res = NULL; -+ } -+ -+ if (ret != LDAP_NO_SUCH_OBJECT && ret != LDAP_SUCCESS) -+ { -+ log_error ("Cannot search for %s in LDAP tree %s: %s", buf, -+ curr->dn, ldap_err2string (ret)); -+ ldap_stop(); -+ return (0); -+ } -+#if defined (DEBUG_LDAP) -+ else -+ { -+ log_info ("ldap_search_ext_s returned %s when searching for %s in %s", -+ ldap_err2string (ret), buf, curr->dn); -+ } -+#endif -+ } -+ } -+ -+ if (res && ent) -+ { -+#if defined (DEBUG_LDAP) -+ char *dn = ldap_get_dn (ld, ent); -+ if (dn != NULL) -+ { -+ log_info ("Found dhcpHWAddress LDAP entry %s", dn); -+ ldap_memfree(dn); -+ } -+#endif -+ -+ host = (struct host_decl *)0; -+ status = host_allocate (&host, MDL); -+ if (status != ISC_R_SUCCESS) -+ { -+ log_fatal ("can't allocate host decl struct: %s", -+ isc_result_totext (status)); -+ ldap_msgfree (res); -+ return (0); -+ } -+ -+ host->name = ldap_get_host_name (ent); -+ if (host->name == NULL) -+ { -+ host_dereference (&host, MDL); -+ ldap_msgfree (res); -+ return (0); -+ } -+ -+ if (!clone_group (&host->group, root_group, MDL)) -+ { -+ log_fatal ("can't clone group for host %s", host->name); -+ host_dereference (&host, MDL); -+ ldap_msgfree (res); -+ return (0); -+ } -+ -+ ldap_parse_options (ent, host->group, HOST_DECL, host, NULL); -+ -+ *hp = host; -+ ldap_msgfree (res); -+ return (1); -+ } -+ -+ -+ if(res) ldap_msgfree (res); -+ return (0); -+} -+ -+ -+int -+find_subclass_in_ldap (struct class *class, struct class **newclass, -+ struct data_string *data) -+{ -+ LDAPMessage * res, * ent; -+ int ret, lease_limit; -+ isc_result_t status; -+ ldap_dn_node *curr; -+ char buf[1024]; -+ -+ if (ldap_method == LDAP_METHOD_STATIC) -+ return (0); -+ -+ if (ld == NULL) -+ ldap_start (); -+ if (ld == NULL) -+ return (0); -+ -+ snprintf (buf, sizeof (buf), -+ "(&(objectClass=dhcpSubClass)(cn=%s)(dhcpClassData=%s))", -+ print_hex_1 (data->len, data->data, 60), -+ print_hex_2 (strlen (class->name), (u_int8_t *) class->name, 60)); -+#if defined (DEBUG_LDAP) -+ log_info ("Searching LDAP for %s", buf); -+#endif -+ -+ res = ent = NULL; -+ for (curr = ldap_service_dn_head; -+ curr != NULL && *curr->dn != '\0'; -+ curr = curr->next) -+ { -+#if defined (DEBUG_LDAP) -+ log_info ("Searching for %s in LDAP tree %s", buf, curr->dn); -+#endif -+ ret = ldap_search_ext_s (ld, curr->dn, LDAP_SCOPE_SUBTREE, buf, NULL, 0, -+ NULL, NULL, NULL, 0, &res); -+ -+ if(ret == LDAP_SERVER_DOWN) -+ { -+ log_info ("LDAP server was down, trying to reconnect..."); -+ -+ ldap_stop(); -+ ldap_start(); -+ -+ if(ld == NULL) -+ { -+ log_info ("LDAP reconnect failed - try again later..."); -+ return (0); -+ } -+ -+ ret = ldap_search_ext_s (ld, curr->dn, LDAP_SCOPE_SUBTREE, buf, -+ NULL, 0, NULL, NULL, NULL, 0, &res); -+ } -+ -+ if (ret == LDAP_SUCCESS) -+ { -+ if( (ent = ldap_first_entry (ld, res)) != NULL) -+ break; /* search OK and have entry */ -+ -+#if defined (DEBUG_LDAP) -+ log_info ("No subclass entry for %s in LDAP tree %s", -+ buf, curr->dn); -+#endif -+ if(res) -+ { -+ ldap_msgfree (res); -+ res = NULL; -+ } -+ } -+ else -+ { -+ if(res) -+ { -+ ldap_msgfree (res); -+ res = NULL; -+ } -+ -+ if (ret != LDAP_NO_SUCH_OBJECT && ret != LDAP_SUCCESS) -+ { -+ log_error ("Cannot search for %s in LDAP tree %s: %s", buf, -+ curr->dn, ldap_err2string (ret)); -+ ldap_stop(); -+ return (0); -+ } -+#if defined (DEBUG_LDAP) -+ else -+ { -+ log_info ("ldap_search_ext_s returned %s when searching for %s in %s", -+ ldap_err2string (ret), buf, curr->dn); -+ } -+#endif -+ } -+ } -+ -+ if (res && ent) -+ { -+#if defined (DEBUG_LDAP) -+ char *dn = ldap_get_dn (ld, ent); -+ if (dn != NULL) -+ { -+ log_info ("Found subclass LDAP entry %s", dn); -+ ldap_memfree(dn); -+ } -+#endif -+ -+ status = class_allocate (newclass, MDL); -+ if (status != ISC_R_SUCCESS) -+ { -+ log_error ("Cannot allocate memory for a new class"); -+ ldap_msgfree (res); -+ return (0); -+ } -+ -+ group_reference (&(*newclass)->group, class->group, MDL); -+ class_reference (&(*newclass)->superclass, class, MDL); -+ lease_limit = ldap_parse_options (ent, (*newclass)->group, -+ CLASS_DECL, NULL, newclass); -+ if (lease_limit == 0) -+ (*newclass)->lease_limit = class->lease_limit; -+ else -+ class->lease_limit = lease_limit; -+ -+ if ((*newclass)->lease_limit) -+ { -+ (*newclass)->billed_leases = -+ dmalloc ((*newclass)->lease_limit * sizeof (struct lease *), MDL); -+ if (!(*newclass)->billed_leases) -+ { -+ log_error ("no memory for billing"); -+ class_dereference (newclass, MDL); -+ ldap_msgfree (res); -+ return (0); -+ } -+ memset ((*newclass)->billed_leases, 0, -+ ((*newclass)->lease_limit * sizeof (*newclass)->billed_leases)); -+ } -+ -+ data_string_copy (&(*newclass)->hash_string, data, MDL); -+ -+ ldap_msgfree (res); -+ return (1); -+ } -+ -+ if(res) ldap_msgfree (res); -+ return (0); -+} -+ -+#endif -diff -up dhcp-4.0.0/server/confpars.c.ldap dhcp-4.0.0/server/confpars.c ---- dhcp-4.0.0/server/confpars.c.ldap 2007-11-30 11:51:43.000000000 -1000 -+++ dhcp-4.0.0/server/confpars.c 2008-02-06 14:34:44.000000000 -1000 -@@ -60,7 +60,17 @@ void parse_trace_setup () - - isc_result_t readconf () - { -- return read_conf_file (path_dhcpd_conf, root_group, ROOT_GROUP, 0); -+ isc_result_t res; -+ -+ res = read_conf_file (path_dhcpd_conf, root_group, ROOT_GROUP, 0); -+#if defined(LDAP_CONFIGURATION) -+ if (res != ISC_R_SUCCESS) -+ return (res); -+ -+ return ldap_read_config (); -+#else -+ return (res); -+#endif - } - - isc_result_t read_conf_file (const char *filename, struct group *group, -diff -up dhcp-4.0.0/server/class.c.ldap dhcp-4.0.0/server/class.c ---- dhcp-4.0.0/server/class.c.ldap 2007-09-05 07:32:10.000000000 -1000 -+++ dhcp-4.0.0/server/class.c 2008-02-06 14:34:44.000000000 -1000 -@@ -84,6 +84,7 @@ int check_collection (packet, lease, col - int matched = 0; - int status; - int ignorep; -+ int classfound; - - for (class = collection -> classes; class; class = class -> nic) { - #if defined (DEBUG_CLASS_MATCHING) -@@ -129,9 +130,15 @@ int check_collection (packet, lease, col - class -> submatch, MDL)); - if (status && data.len) { - nc = (struct class *)0; -- if (class_hash_lookup (&nc, class -> hash, -- (const char *)data.data, -- data.len, MDL)) { -+ classfound = class_hash_lookup (&nc, class -> hash, -+ (const char *)data.data, data.len, MDL); -+ -+#ifdef LDAP_CONFIGURATION -+ if (!classfound && find_subclass_in_ldap (class, &nc, &data)) -+ classfound = 1; -+#endif -+ -+ if (classfound) { - #if defined (DEBUG_CLASS_MATCHING) - log_info ("matches subclass %s.", - print_hex_1 (data.len, -diff -up dhcp-4.0.0/server/stables.c.ldap dhcp-4.0.0/server/stables.c ---- dhcp-4.0.0/server/stables.c.ldap 2007-11-20 08:34:37.000000000 -1000 -+++ dhcp-4.0.0/server/stables.c 2008-02-06 14:34:44.000000000 -1000 -@@ -238,9 +238,107 @@ static struct option server_options[] = - { "dhcpv6-lease-file-name", "t", &server_universe, 54, 1 }, - { "dhcpv6-pid-file-name", "t", &server_universe, 55, 1 }, - { "limit-addrs-per-ia", "L", &server_universe, 56, 1 }, -+#if defined(LDAP_CONFIGURATION) -+ { "ldap-server", "t", &server_universe, 57, 1 }, -+ { "ldap-port", "d", &server_universe, 58, 1 }, -+ { "ldap-username", "t", &server_universe, 59, 1 }, -+ { "ldap-password", "t", &server_universe, 60, 1 }, -+ { "ldap-base-dn", "t", &server_universe, 61, 1 }, -+ { "ldap-method", "Nldap-methods.", &server_universe, 62, 1 }, -+ { "ldap-debug-file", "t", &server_universe, 63, 1 }, -+ { "ldap-dhcp-server-cn", "t", &server_universe, 64, 1 }, -+ { "ldap-referrals", "f", &server_universe, 65, 1 }, -+#if defined(USE_SSL) -+ { "ldap-ssl", "Nldap-ssl-usage.", &server_universe, 66, 1 }, -+ { "ldap-tls-reqcert", "Nldap-tls-reqcert.", &server_universe, 67, 1 }, -+ { "ldap-tls-ca-file", "t", &server_universe, 68, 1 }, -+ { "ldap-tls-ca-dir", "t", &server_universe, 69, 1 }, -+ { "ldap-tls-cert", "t", &server_universe, 70, 1 }, -+ { "ldap-tls-key", "t", &server_universe, 71, 1 }, -+ { "ldap-tls-crlcheck", "Nldap-tls-crlcheck.", &server_universe, 72, 1 }, -+ { "ldap-tls-ciphers", "t", &server_universe, 73, 1 }, -+ { "ldap-tls-randfile", "t", &server_universe, 74, 1 }, -+#else -+ { "unknown-66", "X", &server_universe, 66, 1 }, -+ { "unknown-67", "X", &server_universe, 67, 1 }, -+ { "unknown-68", "X", &server_universe, 68, 1 }, -+ { "unknown-69", "X", &server_universe, 69, 1 }, -+ { "unknown-70", "X", &server_universe, 70, 1 }, -+ { "unknown-71", "X", &server_universe, 71, 1 }, -+ { "unknown-72", "X", &server_universe, 72, 1 }, -+ { "unknown-73", "X", &server_universe, 73, 1 }, -+ { "unknown-74", "X", &server_universe, 74, 1 }, -+#endif -+#else -+ { "unknown-57", "X", &server_universe, 57, 1 }, -+ { "unknown-58", "X", &server_universe, 58, 1 }, -+ { "unknown-59", "X", &server_universe, 59, 1 }, -+ { "unknown-60", "X", &server_universe, 60, 1 }, -+ { "unknown-61", "X", &server_universe, 61, 1 }, -+ { "unknown-62", "X", &server_universe, 62, 1 }, -+ { "unknown-63", "X", &server_universe, 63, 1 }, -+ { "unknown-64", "X", &server_universe, 64, 1 }, -+ { "unknown-65", "X", &server_universe, 65, 1 }, -+#endif - { NULL, NULL, NULL, 0, 0 } - }; - -+#if defined(LDAP_CONFIGURATION) -+struct enumeration_value ldap_values [] = { -+ { "static", LDAP_METHOD_STATIC }, -+ { "dynamic", LDAP_METHOD_DYNAMIC }, -+ { (char *) 0, 0 } -+}; -+ -+struct enumeration ldap_methods = { -+ (struct enumeration *)0, -+ "ldap-methods", 1, -+ ldap_values -+}; -+ -+#if defined(USE_SSL) -+struct enumeration_value ldap_ssl_usage_values [] = { -+ { "off", LDAP_SSL_OFF }, -+ { "on",LDAP_SSL_ON }, -+ { "ldaps", LDAP_SSL_LDAPS }, -+ { "start_tls", LDAP_SSL_TLS }, -+ { (char *) 0, 0 } -+}; -+ -+struct enumeration ldap_ssl_usage_enum = { -+ (struct enumeration *)0, -+ "ldap-ssl-usage", 1, -+ ldap_ssl_usage_values -+}; -+ -+struct enumeration_value ldap_tls_reqcert_values [] = { -+ { "never", LDAP_OPT_X_TLS_NEVER }, -+ { "hard", LDAP_OPT_X_TLS_HARD }, -+ { "demand", LDAP_OPT_X_TLS_DEMAND}, -+ { "allow", LDAP_OPT_X_TLS_ALLOW }, -+ { "try", LDAP_OPT_X_TLS_TRY }, -+ { (char *) 0, 0 } -+}; -+struct enumeration ldap_tls_reqcert_enum = { -+ (struct enumeration *)0, -+ "ldap-tls-reqcert", 1, -+ ldap_tls_reqcert_values -+}; -+ -+struct enumeration_value ldap_tls_crlcheck_values [] = { -+ { "none", LDAP_OPT_X_TLS_CRL_NONE}, -+ { "peer", LDAP_OPT_X_TLS_CRL_PEER}, -+ { "all", LDAP_OPT_X_TLS_CRL_ALL }, -+ { (char *) 0, 0 } -+}; -+struct enumeration ldap_tls_crlcheck_enum = { -+ (struct enumeration *)0, -+ "ldap-tls-crlcheck", 1, -+ ldap_tls_crlcheck_values -+}; -+#endif -+#endif -+ - struct enumeration_value ddns_styles_values [] = { - { "none", 0 }, - { "ad-hoc", 1 }, -diff -up dhcp-4.0.0/dst/Makefile.am.ldap dhcp-4.0.0/dst/Makefile.am ---- dhcp-4.0.0/dst/Makefile.am.ldap 2007-05-29 06:32:10.000000000 -1000 -+++ dhcp-4.0.0/dst/Makefile.am 2008-02-06 14:34:44.000000000 -1000 -@@ -2,7 +2,12 @@ AM_CPPFLAGS = -DMINIRES_LIB -DHMAC_MD5 - - lib_LIBRARIES = libdst.a - -+noinst_LIBRARIES = libdstnomd5.a -+ - libdst_a_SOURCES = dst_support.c dst_api.c hmac_link.c md5_dgst.c \ - base64.c prandom.c - -+libdstnomd5_a_SOURCES = dst_support.c dst_api.c hmac_link.c \ -+ base64.c prandom.c -+ - EXTRA_DIST = dst_internal.h md5.h md5_locl.h -diff -up dhcp-4.0.0/common/print.c.ldap dhcp-4.0.0/common/print.c ---- dhcp-4.0.0/common/print.c.ldap 2007-10-01 04:47:35.000000000 -1000 -+++ dhcp-4.0.0/common/print.c 2008-02-06 14:34:44.000000000 -1000 -@@ -163,9 +163,9 @@ char *print_base64 (const unsigned char - } - - char *print_hw_addr (htype, hlen, data) -- int htype; -- int hlen; -- unsigned char *data; -+ const int htype; -+ const int hlen; -+ const unsigned char *data; - { - static char habuf [49]; - char *s; -diff -up dhcp-4.0.0/common/conflex.c.ldap dhcp-4.0.0/common/conflex.c ---- dhcp-4.0.0/common/conflex.c.ldap 2007-10-31 09:13:33.000000000 -1000 -+++ dhcp-4.0.0/common/conflex.c 2008-02-06 14:34:44.000000000 -1000 -@@ -43,6 +43,7 @@ static enum dhcp_token read_string PROTO - static enum dhcp_token read_number PROTO ((int, struct parse *)); - static enum dhcp_token read_num_or_name PROTO ((int, struct parse *)); - static enum dhcp_token intern PROTO ((char *, enum dhcp_token)); -+static int read_function PROTO ((struct parse *)); - - isc_result_t new_parse (cfile, file, inbuf, buflen, name, eolp) - struct parse **cfile; -@@ -76,6 +77,10 @@ isc_result_t new_parse (cfile, file, inb - tmp->file = file; - tmp->eol_token = eolp; - -+ if (file != -1) { -+ tmp -> read_function = read_function; -+ } -+ - if (inbuf != NULL) { - tmp->inbuf = inbuf; - tmp->buflen = buflen; -@@ -170,9 +175,13 @@ static int get_char (cfile) - /* My kingdom for WITH... */ - int c; - -- if (cfile->bufix == cfile->buflen) -- c = EOF; -- else { -+ if (cfile->bufix == cfile->buflen) { -+ if (cfile -> read_function) { -+ c = cfile -> read_function (cfile); -+ } else { -+ c = EOF; -+ } -+ } else { - c = cfile->inbuf [cfile->bufix]; - cfile->bufix++; - } -@@ -1415,3 +1424,25 @@ intern(char *atom, enum dhcp_token dfv) - } - return dfv; - } -+ -+static int -+read_function (struct parse * cfile) -+{ -+ int c; -+ -+ ssize_t n = read (cfile -> file, cfile -> inbuf, cfile -> bufsiz); -+ if (n == 0) { -+ c = EOF; -+ cfile -> bufix = 0; -+ cfile -> buflen = 0; -+ } else if (n < 0) { -+ c = EOF; -+ cfile -> bufix = cfile -> buflen = 0; -+ } else { -+ c = cfile -> inbuf [0]; -+ cfile -> bufix = 1; -+ cfile -> buflen = n; -+ } -+ -+ return c; -+} -diff -up dhcp-4.0.0/includes/dhcpd.h.ldap dhcp-4.0.0/includes/dhcpd.h ---- dhcp-4.0.0/includes/dhcpd.h.ldap 2007-12-08 09:36:00.000000000 -1000 -+++ dhcp-4.0.0/includes/dhcpd.h 2008-02-06 14:34:44.000000000 -1000 -@@ -101,6 +101,11 @@ typedef time_t TIME; - #include - #include - -+#if defined(LDAP_CONFIGURATION) -+# include -+# include /* for uname() */ -+#endif -+ - #if !defined (BYTE_NAME_HASH_SIZE) - # define BYTE_NAME_HASH_SIZE 401 /* Default would be ridiculous. */ - #endif -@@ -290,6 +295,8 @@ struct parse { - size_t bufsiz; - - struct parse *saved_state; -+ -+ int (*read_function) (struct parse *); - }; - - /* Variable-length array of data. */ -@@ -421,6 +428,32 @@ struct hardware { - u_int8_t hbuf [17]; - }; - -+#if defined(LDAP_CONFIGURATION) -+# define LDAP_BUFFER_SIZE 8192 -+# define LDAP_METHOD_STATIC 0 -+# define LDAP_METHOD_DYNAMIC 1 -+#if defined (USE_SSL) -+# define LDAP_SSL_OFF 0 -+# define LDAP_SSL_ON 1 -+# define LDAP_SSL_TLS 2 -+# define LDAP_SSL_LDAPS 3 -+#endif -+ -+/* This is a tree of the current configuration we are building from LDAP */ -+struct ldap_config_stack { -+ LDAPMessage * res; /* Pointer returned from ldap_search */ -+ LDAPMessage * ldent; /* Current item in LDAP that we're processing. -+ in res */ -+ int close_brace; /* Put a closing } after we're through with -+ this item */ -+ int processed; /* We set this flag if this base item has been -+ processed. After this base item is processed, -+ we can start processing the children */ -+ struct ldap_config_stack *children; -+ struct ldap_config_stack *next; -+}; -+#endif -+ - typedef enum { - server_startup = 0, - server_running = 1, -@@ -626,6 +659,29 @@ struct lease_state { - # define DEFAULT_PING_TIMEOUT 1 - #endif - -+#if defined(LDAP_CONFIGURATION) -+# define SV_LDAP_SERVER 57 -+# define SV_LDAP_PORT 58 -+# define SV_LDAP_USERNAME 59 -+# define SV_LDAP_PASSWORD 60 -+# define SV_LDAP_BASE_DN 61 -+# define SV_LDAP_METHOD 62 -+# define SV_LDAP_DEBUG_FILE 63 -+# define SV_LDAP_DHCP_SERVER_CN 64 -+# define SV_LDAP_REFERRALS 65 -+#if defined (USE_SSL) -+# define SV_LDAP_SSL 66 -+# define SV_LDAP_TLS_REQCERT 67 -+# define SV_LDAP_TLS_CA_FILE 68 -+# define SV_LDAP_TLS_CA_DIR 69 -+# define SV_LDAP_TLS_CERT 70 -+# define SV_LDAP_TLS_KEY 71 -+# define SV_LDAP_TLS_CRLCHECK 72 -+# define SV_LDAP_TLS_CIPHERS 73 -+# define SV_LDAP_TLS_RANDFILE 74 -+#endif -+#endif -+ - #if !defined (DEFAULT_DEFAULT_LEASE_TIME) - # define DEFAULT_DEFAULT_LEASE_TIME 43200 - #endif -@@ -2035,7 +2091,7 @@ extern int db_time_format; - char *quotify_string (const char *, const char *, int); - char *quotify_buf (const unsigned char *, unsigned, const char *, int); - char *print_base64 (const unsigned char *, unsigned, const char *, int); --char *print_hw_addr PROTO ((int, int, unsigned char *)); -+char *print_hw_addr PROTO ((const int, const int, const unsigned char *)); - void print_lease PROTO ((struct lease *)); - void dump_raw PROTO ((const unsigned char *, unsigned)); - void dump_packet_option (struct option_cache *, struct packet *, -@@ -3158,6 +3214,20 @@ OMAPI_OBJECT_ALLOC_DECL (dhcp_failover_l - - const char *binding_state_print (enum failover_state); - -+/* ldap.c */ -+#if defined(LDAP_CONFIGURATION) -+extern struct enumeration ldap_methods; -+#if defined (USE_SSL) -+extern struct enumeration ldap_ssl_usage_enum; -+extern struct enumeration ldap_tls_reqcert_enum; -+extern struct enumeration ldap_tls_crlcheck_enum; -+#endif -+isc_result_t ldap_read_config (void); -+int find_haddr_in_ldap (struct host_decl **, int, unsigned, -+ const unsigned char *, const char *, int); -+int find_subclass_in_ldap (struct class *, struct class **, -+ struct data_string *); -+#endif - - /* mdb6.c */ - HASH_FUNCTIONS_DECL(ia_na, unsigned char *, struct ia_na, ia_na_hash_t); -diff -up dhcp-4.0.0/includes/site.h.ldap dhcp-4.0.0/includes/site.h ---- dhcp-4.0.0/includes/site.h.ldap 2006-07-31 12:19:51.000000000 -1000 -+++ dhcp-4.0.0/includes/site.h 2008-02-06 14:34:44.000000000 -1000 -@@ -183,3 +183,13 @@ - traces. */ - - #define TRACING -+ -+/* Define this if you want to read your config from LDAP. Read README.ldap -+ about how to set this up */ -+ -+#define LDAP_CONFIGURATION -+ -+/* Define this if you want to enable LDAP over a SSL connection. You will need -+ to add -lcrypto -lssl to the LIBS= line of server/Makefile */ -+ -+#define USE_SSL -diff -up /dev/null dhcp-4.0.0/includes/ldap_casa.h ---- /dev/null 2008-02-04 11:13:29.142014072 -1000 -+++ dhcp-4.0.0/includes/ldap_casa.h 2008-02-06 14:34:44.000000000 -1000 -@@ -0,0 +1,83 @@ -+/* ldap_casa.h -+ -+ Definition for CASA modules... */ -+ -+/* Copyright (c) 2004 Internet Systems Consorium, Inc. ("ISC") -+ * Copyright (c) 1995-2003 Internet Software Consortium. -+ * Copyright (c) 2006 Novell, Inc. -+ -+ * All rights reserved. -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions are met: -+ * 1.Redistributions of source code must retain the above copyright notice, -+ * this list of conditions and the following disclaimer. -+ * 2.Redistributions in binary form must reproduce the above copyright notice, -+ * this list of conditions and the following disclaimer in the documentation -+ * and/or other materials provided with the distribution. -+ * 3.Neither the name of ISC, ISC DHCP, nor the names of its contributors -+ * may be used to endorse or promote products derived from this software -+ * without specific prior written permission. -+ -+ * THIS SOFTWARE IS PROVIDED BY INTERNET SYSTEMS CONSORTIUM AND CONTRIBUTORS -+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, -+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ISC OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN -+ * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -+ * POSSIBILITY OF SUCH DAMAGE. -+ -+ * This file was written by S Kalyanasundaram -+ */ -+ -+#if defined(LDAP_CASA_AUTH) -+#ifndef __LDAP_CASA_H__ -+#define __LDAP_CASA_H__ -+ -+#include -+#include -+#include -+ -+#define MICASA_LIB "libmicasa.so.1" -+ -+SSCS_TYPEDEF_LIBCALL(int, CASA_GetCredential_T) -+( -+ uint32_t ssFlags, -+ SSCS_SECRET_ID_T *appSecretID, -+ SSCS_SECRET_ID_T *sharedSecretID, -+ uint32_t *credentialType, -+ void *credential, -+ SSCS_EXT_T *ext -+); -+SSCS_TYPEDEF_LIBCALL(int, CASA_SetCredential_T) -+( -+ uint32_t ssFlags, -+ SSCS_SECRET_ID_T *appSecretID, -+ SSCS_SECRET_ID_T *sharedSecretID, -+ uint32_t credentialType, -+ void *credential, -+ SSCS_EXT_T *ext -+); -+ -+SSCS_TYPEDEF_LIBCALL(int, CASA_RemoveCredential_T) -+( -+ uint32_t ssFlags, -+ SSCS_SECRET_ID_T *appSecretID, -+ SSCS_SECRET_ID_T *sharedSecretID, -+ SSCS_EXT_T *ext -+); -+static CASA_GetCredential_T p_miCASAGetCredential = NULL; -+static CASA_SetCredential_T p_miCASASetCredential = NULL; -+static CASA_RemoveCredential_T p_miCASARemoveCredential = NULL; -+static void *casaIDK = NULL; -+ -+int load_casa(void); -+static void release_casa(void); -+int load_uname_pwd_from_miCASA(char **, char **); -+ -+#endif /* __LDAP_CASA_H__ */ -+#endif /* LDAP_CASA_AUTH */ -+ diff --git a/dhcp-4.0.0-manpages.patch b/dhcp-4.0.0-manpages.patch deleted file mode 100644 index 88b0535..0000000 --- a/dhcp-4.0.0-manpages.patch +++ /dev/null @@ -1,642 +0,0 @@ -diff -up dhcp-4.0.0/client/dhclient-script.8.manpages dhcp-4.0.0/client/dhclient-script.8 ---- dhcp-4.0.0/client/dhclient-script.8.manpages 2006-02-24 13:16:27.000000000 -1000 -+++ dhcp-4.0.0/client/dhclient-script.8 2008-10-23 09:58:40.000000000 -1000 -@@ -47,16 +47,16 @@ customizations are needed, they should b - exit hooks provided (see HOOKS for details). These hooks will allow the - user to override the default behaviour of the client in creating a - .B /etc/resolv.conf --file. -+file, and to handle DHCP options not handled by default. - .PP - No standard client script exists for some operating systems, even though - the actual client may work, so a pioneering user may well need to create - a new script or modify an existing one. In general, customizations specific - to a particular computer should be done in the --.B ETCDIR/dhclient.conf -+.B /usr/local/etc/dhclient.conf - file. If you find that you can't make such a customization without - customizing --.B ETCDIR/dhclient.conf -+.B /usr/local/etc/dhclient.conf - or using the enter and exit hooks, please submit a bug report. - .SH HOOKS - When it starts, the client script first defines a shell function, -@@ -68,33 +68,53 @@ the enter hook script. - .PP - On after defining the make_resolv_conf function, the client script checks - for the presence of an executable --.B ETCDIR/dhclient-enter-hooks -+.B /usr/local/etc/dhclient-enter-hooks - script, and if present, it invokes the script inline, using the Bourne - shell '.' command. The entire environment documented under OPERATION - is available to this script, which may modify the environment if needed - to change the behaviour of the script. If an error occurs during the - execution of the script, it can set the exit_status variable to a nonzero - value, and --.B CLIENTBINDIR/dhclient-script -+.B /sbin/dhclient-script - will exit with that error code immediately after the client script exits. - .PP - After all processing has completed, --.B CLIENTBINDIR/dhclient-script -+.B /sbin/dhclient-script - checks for the presence of an executable --.B ETCDIR/dhclient-exit-hooks -+.B /usr/local/etc/dhclient-exit-hooks - script, which if present is invoked using the '.' command. The exit - status of dhclient-script will be passed to dhclient-exit-hooks in the - exit_status shell variable, and will always be zero if the script - succeeded at the task for which it was invoked. The rest of the - environment as described previously for dhclient-enter-hooks is also - present. The --.B ETCDIR/dhclient-exit-hooks -+.B /usr/local/etc/dhclient-exit-hooks - script can modify the valid of exit_status to change the exit status - of dhclient-script. -+.PP -+Immediately after dhclient brings an interface UP with a new IP address, -+subnet mask, and routes, in the REBOOT/BOUND states, it will check for the -+existence of an executable -+.B /usr/local/etc/dhclient-up-hooks -+script, and source it if found. This script can handle DHCP options in -+the environment that are not handled by default. A per-interface. -+.B /usr/local/etc/dhclient-${IF}-up-hooks -+script will override the generic script and be sourced when interface -+$IF has been brought up. -+.PP -+Immediately before dhclient brings an interface DOWN, removing its IP -+address, subnet mask, and routes, in the STOP/RELEASE states, it will -+check for the existence of an executable -+.B /usr/local/etc/dhclient-down-hooks -+script, and source it if found. This script can handle DHCP options in -+the environment that are not handled by default. A per-interface -+.B /usr/local/etc/dhclient-${IF}-down-hooks -+script will override the generic script and be sourced when interface -+$IF is about to be brought down. - .SH OPERATION - When dhclient needs to invoke the client configuration script, it - defines a set of variables in the environment, and then invokes --.B CLIENTBINDIR/dhclient-script. -+.B /sbin/dhclient-script. - In all cases, $reason is set to the name of the reason why the script - has been invoked. The following reasons are currently defined: - MEDIUM, PREINIT, BOUND, RENEW, REBIND, REBOOT, EXPIRE, FAIL, STOP, RELEASE, -diff -up dhcp-4.0.0/client/dhclient.8.manpages dhcp-4.0.0/client/dhclient.8 ---- dhcp-4.0.0/client/dhclient.8.manpages 2007-10-04 07:13:25.000000000 -1000 -+++ dhcp-4.0.0/client/dhclient.8 2008-10-23 09:58:40.000000000 -1000 -@@ -91,6 +91,33 @@ relay - .B -w - ] - [ -+.B -B -+] -+[ -+.B -I -+.I dhcp-client-identifier -+] -+[ -+.B -H -+.I host-name -+] -+[ -+.B -F -+.I fqdn.fqdn -+] -+[ -+.B -V -+.I vendor-class-identifier -+] -+[ -+.B -R -+.I request-option-list -+] -+[ -+.B -T -+.I timeout -+] -+[ - .B -v - ] - [ -@@ -118,16 +145,6 @@ important details about the network to w - the location of a default router, the location of a name server, and - so on. - .PP --If given the -4 command line argument (default), dhclient will use the --DHCPv4 protocol to obtain an IPv4 address and configuration parameters. --.PP --If given the -6 command line argument, dhclient will use the DHCPv6 --protocol to obtain whatever IPv6 addresses are available along with --configuration parameters. Information-request is not yet supported. --.PP --If given the --version command line argument, dhclient will print its --version number and exit. --.PP - On startup, dhclient reads the - .IR dhclient.conf - for configuration instructions. It then gets a list of all the -@@ -181,67 +198,183 @@ file. If interfaces are specified in t - only configure interfaces that are either specified in the - configuration file or on the command line, and will ignore all other - interfaces. --.PP --If the DHCP client should listen and transmit on a port other than the --standard (port 68), the --.B -p --flag may used. It should be followed by the udp port number that --dhclient should use. This is mostly useful for debugging purposes. --If a different port is specified for the client to listen on and --transmit on, the client will also use a different destination port - --one greater than the specified destination port. --.PP --The DHCP client normally transmits any protocol messages it sends --before acquiring an IP address to, 255.255.255.255, the IP limited --broadcast address. For debugging purposes, it may be useful to have --the server transmit these messages to some other address. This can --be specified with the --.B -s --flag, followed by the IP address or domain name of the destination. --.PP --For testing purposes, the giaddr field of all packets that the client --sends can be set using the --.B -g --flag, followed by the IP address to send. This is only useful for testing, --and should not be expected to work in any consistent or useful way. --.PP --The DHCP client will normally run in the foreground until it has --configured an interface, and then will revert to running in the --background. To run force dhclient to always run as a foreground --process, the --.B -d --flag should be specified. This is useful when running the client --under a debugger, or when running it out of inittab on System V --systems. --.PP --The dhclient daemon creates its own environment when executing the --dhclient-script to do the grunt work of interface configuration. --To define extra environment variables and their values, use the --.B -e --flag, followed by the environment variable name and value assignment, --just as one would assign a variable in a shell. Eg: --.B -e --.I IF_METRIC=1 --.PP --The client normally prints no output during its startup sequence. It --can be made to emit verbose messages displaying the startup sequence events --until it has acquired an address by supplying the --.B -v --command line argument. In either case, the client logs messages using --the --.B syslog (3) --facility. A --.B -q --command line argument is provided for backwards compatibility, but since --dhclient is quiet by default, it has no effect. --.PP --The client normally doesn't release the current lease as it is not --required by the DHCP protocol. Some cable ISPs require their clients --to notify the server if they wish to release an assigned IP address. -+.SH OPTIONS -+.TP -+.BI \-4 -+Use the DHCPv4 protocol to obtain an IPv4 address and configuration -+parameters. -+ -+.TP -+.BI \-6 -+Use the DHCPv6 protocol to obtain whatever IPv6 addresses are available -+along with configuration parameters. Information-request is not yet -+supported. -+ -+.TP -+.BI \-p\ -+The UDP port number the DHCP client should listen and transmit on. If -+unspecified, -+.B dhclient -+uses the default port 68. This option is mostly useful for debugging -+purposes. If a different port is specified for the client to listen and -+transmit on, the client will also use a different destination port - one -+greater than the specified destination port. -+ -+.TP -+.BI \-d -+Force -+.B dhclient -+to run as a foreground process. This is useful when running the client -+under a debugger, or when running it out of inittab on System V systems. -+ -+.TP -+.BI \-e\ VAR=value -+Define additional environment variables for the environment where -+dhclient-script executes. You may specify multiple -+.B \-e -+options on the command line. -+ -+.TP -+.BI \-q -+Suppress all terminal and log output except error messages. -+ -+.TP -+.BI \-1 -+Try one to get a lease. On failure, exit with code 2. -+ -+.TP -+.BI \-r -+Tell -+.B dhclient -+to release the current lease it has from the server. This is not required -+by the DHCP protocol, but some ISPs require their clients to notify the -+server if they wish to release an assigned IP address. -+ -+.TP -+.BI \-lf\ -+Path to the lease database file. If unspecified, the default -+.B /private/var/db/dhclient/dhclient.leases -+is used. -+ -+.TP -+.BI \-pf\ -+Path to the process ID file. If unspecified, the default -+.B /private/var/run/dhclient.pid -+is used. -+ -+.TP -+.BI \-cf\ -+Path to the client configuration file. If unspecified, the default -+.B /usr/local/etc/dhclient.conf -+is used. -+ -+.TP -+.BI \-sf\ -+Path to the network configuration script invoked by -+.B dhclient -+when it gets a lease. If unspecified, the default -+.B /sbin/dhclient-script -+is used. -+ -+.TP -+.BI \-s\ -+Specifiy the server IP address or fully qualified domain name to transmit -+DHCP protocol messages to. Normally, -+.B dhclient -+transmits these messages to 255.255.255.255 (the IP limited broadcast -+address). Overriding this is mostly useful for debugging purposes. -+ -+.TP -+.BI \-g\ -+Only for debugging. Set the giaddr field of all packets the client -+sends to the IP address specified. This should not be expected to work -+in any consistent or useful way. -+ -+.TP -+.BI \-n -+Do not configure any interfaces. Most useful combined with the -+.B -w -+option. -+ -+.TP -+.BI \-nw -+Become a daemon process immediately (nowait) rather than waiting until an IP -+address has been acquired. -+ -+.TP -+.BI \-w -+Keep running even if no network interfaces are found. The -+.B omshell -+program can be used to notify the client when a network interface has been -+added or removed so it can attempt to configure an IP address on that -+interface. -+ -+.TP -+.BI \-B -+Set the BOOTP broadcast flag in request packets so servers will always -+broadcast replies. -+ -+.TP -+.BI \-I\ -+Specify the dhcp-client-identifier option to send to the DHCP server. -+ -+.TP -+.BI \-H\ -+Specify the host-name option to send to the DHCP server. The host-name -+string only contains the client's hostname prefix, to which the server will -+append the ddns-domainname or domain-name options, if any, to derive the -+fully qualified domain name of the client. The -+.B -H -+option cannot be used with the -+.B -F -+option. -+ -+.TP -+.BI \-F\ -+Specify the fqdn.fqdn option to send to the DHCP server. This option cannot -+be used with the -+.B -H -+option. The fqdn.fqdn option must specify the complete domain name of the -+client host, which the server may use for dynamic DNS updates. -+ -+.TP -+.BI \-V\ -+Specify the vendor-class-identifier option to send to the DHCP server. -+ -+.TP -+.BI \-R\