diff --git a/dhcp-4.1.1-UseMulticast.patch b/dhcp-4.1.1-UseMulticast.patch new file mode 100644 index 0000000..8efcb74 --- /dev/null +++ b/dhcp-4.1.1-UseMulticast.patch @@ -0,0 +1,210 @@ +diff -up dhcp-4.1.1/server/dhcpv6.c.UseMulticast dhcp-4.1.1/server/dhcpv6.c +--- dhcp-4.1.1/server/dhcpv6.c.UseMulticast 2009-09-30 23:01:20.000000000 +0200 ++++ dhcp-4.1.1/server/dhcpv6.c 2010-03-12 19:59:50.000000000 +0100 +@@ -1206,6 +1206,29 @@ pick_v6_prefix(struct iasubopt **pref, i + } + + /* ++ * Is the D6O_UNICAST option defined in dhcpd.conf file. ++ */ ++isc_boolean_t ++is_unicast_option_defined(void) { ++ struct option_state *opt_state; ++ struct option_cache *oc; ++ ++ opt_state = NULL; ++ if (!option_state_allocate(&opt_state, MDL)) { ++ log_fatal("No memory for unicast option."); ++ } ++ ++ execute_statements_in_scope(NULL, NULL, NULL, NULL, NULL, ++ opt_state, &global_scope, root_group, NULL); ++ ++ oc = lookup_option(&dhcpv6_universe, opt_state, D6O_UNICAST); ++ ++ option_state_dereference(&opt_state, MDL); ++ ++ return (oc != NULL); ++} ++ ++/* + * lease_to_client() is called from several messages to construct a + * reply that contains all that we know about the client's correct lease + * (or projected lease). +@@ -1398,6 +1421,56 @@ lease_to_client(struct data_string *repl + reply.shared->group); + } + ++ /* reject unicast message, unless we set unicast option */ ++ if ((packet->unicast == ISC_TRUE) && !is_unicast_option_defined()) ++ /* ++ * RFC3315 section 18.2.1 (Request): ++ * ++ * When the server receives a Request message via unicast from a client ++ * to which the server has not sent a unicast option, the server ++ * discards the Request message and responds with a Reply message ++ * containing a Status Code option with the value UseMulticast, a Server ++ * Identifier option containing the server's DUID, the Client Identifier ++ * option from the client message, and no other options. ++ * ++ * Section 18.2.3 (Renew): ++ * ++ * When the server receives a Renew message via unicast from a client to ++ * which the server has not sent a unicast option, the server discards ++ * the Renew message and responds with a Reply message containing a ++ * Status Code option with the value UseMulticast, a Server Identifier ++ * option containing the server's DUID, the Client Identifier option ++ * from the client message, and no other options. ++ */ ++ { ++ /* Set the UseMulticast status code. */ ++ if (!set_status_code(STATUS_UseMulticast, ++ "Unicast not allowed by server.", ++ reply.opt_state)) { ++ log_error("lease_to_client: Unable to set " ++ "UseMulticast status code."); ++ goto exit; ++ } ++ ++ /* Rewind the cursor to the start. */ ++ reply.cursor = REPLY_OPTIONS_INDEX; ++ ++ /* ++ * Produce an reply that includes only: ++ * ++ * Status code. ++ * Server DUID. ++ * Client DUID. ++ */ ++ reply.cursor += store_options6((char *)reply.buf.data + ++ reply.cursor, ++ sizeof(reply.buf) - ++ reply.cursor, ++ reply.opt_state, reply.packet, ++ required_opts_NAA, ++ NULL); ++ } else if (no_resources_avail && (reply.ia_count != 0) && ++ (reply.packet->dhcpv6_msg_type == DHCPV6_SOLICIT)) + /* + * RFC3315 section 17.2.2 (Solicit): + * +@@ -1422,8 +1495,6 @@ lease_to_client(struct data_string *repl + * the server. + * Sends a Renew/Rebind if the IA is not in the Reply message. + */ +- if (no_resources_avail && (reply.ia_count != 0) && +- (reply.packet->dhcpv6_msg_type == DHCPV6_SOLICIT)) + { + /* Set the NoAddrsAvail status code. */ + if (!set_status_code(STATUS_NoAddrsAvail, +@@ -4097,7 +4168,6 @@ dhcpv6_solicit(struct data_string *reply + * Very similar to Solicit handling, except the server DUID is required. + */ + +-/* TODO: reject unicast messages, unless we set unicast option */ + static void + dhcpv6_request(struct data_string *reply_ret, struct packet *packet) { + struct data_string client_id; +@@ -4412,7 +4482,6 @@ exit: + * except for the error code of when addresses don't match. + */ + +-/* TODO: reject unicast messages, unless we set unicast option */ + static void + dhcpv6_renew(struct data_string *reply, struct packet *packet) { + struct data_string client_id; +@@ -4653,18 +4722,60 @@ iterate_over_ia_na(struct data_string *r + goto exit; + } + +- snprintf(status_msg, sizeof(status_msg), "%s received.", packet_type); +- if (!set_status_code(STATUS_Success, status_msg, opt_state)) { +- goto exit; +- } ++ /* reject unicast message, unless we set unicast option */ ++ if ((packet->unicast == ISC_TRUE) && !is_unicast_option_defined()) { ++ /* ++ * RFC3315 section 18.2.6 (Release): ++ * ++ * When the server receives a Release message via unicast from a client ++ * to which the server has not sent a unicast option, the server ++ * discards the Release message and responds with a Reply message ++ * containing a Status Code option with value UseMulticast, a Server ++ * Identifier option containing the server's DUID, the Client Identifier ++ * option from the client message, and no other options. ++ * ++ * Section 18.2.7 (Decline): ++ * ++ * When the server receives a Decline message via unicast from a client ++ * to which the server has not sent a unicast option, the server ++ * discards the Decline message and responds with a Reply message ++ * containing a Status Code option with the value UseMulticast, a Server ++ * Identifier option containing the server's DUID, the Client Identifier ++ * option from the client message, and no other options. ++ */ ++ snprintf(status_msg, sizeof(status_msg), ++ "%s received unicast.", packet_type); ++ if (!set_status_code(STATUS_UseMulticast, status_msg, opt_state)) { ++ goto exit; ++ } + +- /* +- * Add our options that are not associated with any IA_NA or IA_TA. +- */ +- reply_ofs += store_options6(reply_data+reply_ofs, +- sizeof(reply_data)-reply_ofs, ++ /* ++ * Produce an reply that includes only: ++ * ++ * Status code. ++ * Server DUID. ++ * Client DUID. ++ */ ++ reply_ofs += store_options6(reply_data+reply_ofs, ++ sizeof(reply_data)-reply_ofs, + opt_state, packet, +- required_opts, NULL); ++ required_opts_NAA, NULL); ++ ++ goto return_reply; ++ } else { ++ snprintf(status_msg, sizeof(status_msg), "%s received.", packet_type); ++ if (!set_status_code(STATUS_Success, status_msg, opt_state)) { ++ goto exit; ++ } ++ ++ /* ++ * Add our options that are not associated with any IA_NA or IA_TA. ++ */ ++ reply_ofs += store_options6(reply_data+reply_ofs, ++ sizeof(reply_data)-reply_ofs, ++ opt_state, packet, ++ required_opts, NULL); ++ } + + /* + * Loop through the IA_NA reported by the client, and deal with +@@ -4802,6 +4913,7 @@ iterate_over_ia_na(struct data_string *r + /* + * Return our reply to the caller. + */ ++return_reply: + reply_ret->len = reply_ofs; + reply_ret->buffer = NULL; + if (!buffer_allocate(&reply_ret->buffer, reply_ofs, MDL)) { +@@ -4847,7 +4959,6 @@ exit: + * we still need to be aware of this possibility. + */ + +-/* TODO: reject unicast messages, unless we set unicast option */ + /* TODO: IA_TA */ + static void + dhcpv6_decline(struct data_string *reply, struct packet *packet) { +@@ -5314,7 +5425,6 @@ exit: + * Release means a client is done with the leases. + */ + +-/* TODO: reject unicast messages, unless we set unicast option */ + static void + dhcpv6_release(struct data_string *reply, struct packet *packet) { + struct data_string client_id; diff --git a/dhcp-4.1.1-manpages.patch b/dhcp-4.1.1-manpages.patch index 6a3f602..1d1f988 100644 --- a/dhcp-4.1.1-manpages.patch +++ b/dhcp-4.1.1-manpages.patch @@ -473,6 +473,24 @@ diff -up dhcp-4.1.1/client/dhclient.conf.5.man dhcp-4.1.1/client/dhclient.conf.5 .PP In some cases, it may be desirable to send no parameter request list at all. To do this, simply write the request statement but specify +@@ -239,17 +239,6 @@ than the default requested lease time, w + obvious use for this statement is to send information to the server + that will allow it to differentiate between this client and other + clients or kinds of clients. +-.SH DHCPV6 OPERATION +-The client does not yet have a default DHCPv6 Option Request Option (ORO), +-nor has it been integrated with the 'request' and 'require' syntax above. +-It is neccessary to configure an ORO then. +-.PP +-.nf +- send dhcp6.oro 1, 2, 7, 12, 13, 23, 24, 39; +-.fi +-.PP +-The above ORO will request both identifiers (server, client), the preference, +-unicast, nameservers, domain-search, and FQDN(v6) options. + .SH DYNAMIC DNS + The client now has some very limited support for doing DNS updates + when a lease is acquired. This is prototypical, and probably doesn't @@ -659,6 +659,18 @@ database and will record the media type Whenever the client tries to renew the lease, it will use that same media type. The lease must expire before the client will go back to diff --git a/dhcp.spec b/dhcp.spec index 0b09345..b6974c8 100644 --- a/dhcp.spec +++ b/dhcp.spec @@ -13,7 +13,7 @@ Summary: Dynamic host configuration protocol software Name: dhcp Version: %{basever} -Release: 12%{?dist} +Release: 13%{?dist} # NEVER CHANGE THE EPOCH on this package. The previous maintainer (prior to # dcantrell maintaining the package) made incorrect use of the epoch and # that's why it is at 12 now. It should have never been used, but it was. @@ -54,6 +54,7 @@ Patch18: %{name}-4.1.1-add_timeout_when_NULL.patch Patch19: %{name}-4.1.1-64_bit_lease_parse.patch Patch20: %{name}-4.1.1-capability.patch Patch21: %{name}-4.1.1-logpid.patch +Patch22: %{name}-4.1.1-UseMulticast.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: autoconf @@ -207,6 +208,11 @@ libdhcpctl and libomapi static libraries are also included in this package. # with multiple dhclients running easier (#546792) %patch21 -p1 -b .logpid +# Discard unicast Request/Renew/Release/Decline message +# (unless we set unicast option) and respond with Reply +# with UseMulticast Status Code option (#573090) +%patch22 -p1 -b .UseMulticast + # Copy in documentation and example scripts for LDAP patch to dhcpd %{__install} -p -m 0755 ldap-for-dhcp-%{ldappatchver}/dhcpd-conf-to-ldap contrib/ @@ -489,6 +495,13 @@ fi %attr(0644,root,root) %{_mandir}/man3/omapi.3.gz %changelog +* Fri Mar 12 2010 Jiri Popelka - 12:4.1.1-13 +- Discard unicast Request/Renew/Release/Decline message + (unless we set unicast option) and respond with Reply + with UseMulticast Status Code option (#573090) +- Remove DHCPV6 OPERATION section from dhclient.conf.5 + describing deprecated 'send dhcp6.oro' syntax + * Thu Feb 25 2010 Jiri Popelka - 12:4.1.1-12 - Fix paths in man pages (#568031) - Remove odd tests in %%preun