| blob | 8e1a48cf609b0d9cb73e64cd41980e252aa7b502 |
1 /* dhcp.c
3 DHCP Protocol engine. */
5 /*
6 * Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC")
7 * Copyright (c) 1995-2003 by Internet Software Consortium
8 *
9 * Permission to use, copy, modify, and distribute this software for any
10 * purpose with or without fee is hereby granted, provided that the above
11 * copyright notice and this permission notice appear in all copies.
12 *
13 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES
14 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
15 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR
16 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
17 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
19 * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 *
21 * Internet Systems Consortium, Inc.
22 * 950 Charter Street
23 * Redwood City, CA 94063
24 * <info@isc.org>
25 * http://www.isc.org/
26 *
27 * This software has been written for Internet Systems Consortium
28 * by Ted Lemon in cooperation with Vixie Enterprises and Nominum, Inc.
29 * To learn more about Internet Systems Consortium, see
30 * ``http://www.isc.org/''. To learn more about Vixie Enterprises,
31 * see ``http://www.vix.com''. To learn more about Nominum, Inc., see
32 * ``http://www.nominum.com''.
33 */
35 #ifndef lint
37 "$Id: dhcp.c,v 1.192.2.44 2004/11/24 17:39:19 dhankins Exp $ Copyright (c) 2004 Internet Systems Consortium. All rights reserved.\n";
54 "DHCPINFORM"
55 };
58 #if defined (TRACING)
59 # define send_packet trace_packet_send
60 #endif
64 {
77 bad_packet:
83 /* %Audit% Cannot exceed 28 bytes. %2004.06.17,Safe% */
86 }
98 }
100 /* There is a problem with the relay agent information option,
101 which is that in order for a normal relay agent to append
102 this option, the relay agent has to have been involved in
103 getting the packet from the client to the server. Note
104 that this is the software entity known as the relay agent,
105 _not_ the hardware entity known as a router in which the
106 relay agent may be running, so the fact that a router has
107 forwarded a packet does not mean that the relay agent in
108 the router was involved.
110 So when the client is in INIT or INIT-REBOOT or REBINDING
111 state, the relay agent gets to tack on its options, but
112 when it's not, the relay agent doesn't get to do this,
113 which means that any decisions the DHCP server may make
114 based on the agent options will be made incorrectly.
116 We work around this in the following way: if this is a
117 DHCPREQUEST and doesn't have relay agent information
118 options, we see if there's an existing lease for this IP
119 address and this client that _does_ have stashed agent
120 options. If so, then we tack those options onto the
121 packet as if they came from the client. Later on, when we
122 are deciding whether to steal the agent options from the
123 packet, if the agent options stashed on the lease are the
124 same as those stashed on the packet, we don't steal them -
125 this ensures that the client never receives its agent
126 options. */
133 {
142 /* If there are no agent options on the lease, it's not
143 interesting. */
147 /* The client should not be unicasting a renewal if its lease
148 has expired, so make it go through the process of getting
149 its agent options legally. */
155 DHO_DHCP_CLIENT_IDENTIFIER);
171 }
183 /* Okay, so we found a lease that matches the client. */
188 }
189 nolease:
191 /* Classify the client. */
193 DHO_HOST_NAME))) {
199 }
200 }
234 }
235 out:
238 }
243 {
246 TIME when;
251 #if defined (FAILOVER_PROTOCOL)
253 #endif
262 else
267 /* %Audit% This is log output. %2004.06.17,Safe%
268 * If we truncate we hope the user can get a hint from the log.
269 */
275 : (lease
284 /* Sourceless packets don't make sense here. */
289 }
291 #if defined (FAILOVER_PROTOCOL)
295 /* If the lease is ours to allocate, then allocate it,
296 but set the allocatedp flag. */
300 /* If the lease is active, do load balancing to see who
301 allocates the lease (if it's active, it already belongs
302 to the client, or we wouldn't have gotten it from
303 find_lease (). */
307 ;
309 /* Otherwise, we can't let the client have this lease. */
311 #if defined (DEBUG_FIND_LEASE)
315 #endif
317 }
318 }
319 #endif
321 /* If we didn't find a lease, try to allocate one... */
328 msgbuf);
329 else
331 msgbuf,
334 }
335 #if defined (FAILOVER_PROTOCOL)
338 #endif
341 }
343 #if defined (FAILOVER_PROTOCOL)
351 }
355 /* Do load balancing if configured. */
356 /* If the lease is newly allocated, and we're not the server that
357 the client would normally get with load balancing, and the
358 failover protocol state is normal, let the other server get this.
359 XXX Check protocol spec to make sure that predicating this on
360 XXX allocatedp is okay - I'm doing this so that the client won't
361 XXX be forced to switch servers (and IP addresses) just because
362 XXX of bad luck, when it's possible for it to get the address it
363 XXX is requesting. Not sure this is allowed. */
366 /* peer_has_leases only has a chance to be set if we called
367 * allocate_lease() above.
368 */
376 }
377 }
378 #endif
380 /* If it's an expired lease, get rid of any bindings. */
384 /* Set the lease to really expire in 2 minutes, unless it has
385 not yet expired, in which case leave its expiry time alone. */
391 out:
394 }
400 {
412 #if defined (FAILOVER_PROTOCOL)
414 #endif
419 DHO_DHCP_REQUESTED_ADDRESS);
434 }
436 /* Find the lease that matches the address requested by the
437 client. */
444 /* XXX consider using allocatedp arg to find_lease to see
445 XXX that this isn't a compliant DHCPREQUEST. */
451 else
457 DHO_DHCP_SERVER_IDENTIFIER);
467 /* piaddr() should not return more than a 15 byte string.
468 * safe.
469 */
475 /* %Audit% This is log output. %2004.06.17,Safe%
476 * If we truncate we hope the user can get a hint from the log.
477 */
485 : (lease
494 #if defined (FAILOVER_PROTOCOL)
502 }
503 /* Don't load balance if the client is RENEWING or REBINDING.
504 If it's RENEWING, we are the only server to hear it, so
505 we have to serve it. If it's REBINDING, it's out of
506 communication with the other server, so there's no point
507 in waiting to serve it. However, if the lease we're
508 offering is not a free lease, then we may be the only
509 server that can offer it, so we can't load balance if
510 the lease isn't in the free or backup state. */
519 }
520 }
522 /* Don't let a client allocate a lease using DHCPREQUEST
523 if the lease isn't ours to allocate. */
529 }
531 /* If the lease is in a transitional state, we can't
532 renew it. */
540 }
542 /* It's actually very unlikely that we'll ever get here,
543 but if we do, tell the client to stop using the lease,
544 because the administrator reset it. */
550 }
552 /* At this point it's possible that we will get a broadcast
553 DHCPREQUEST for a lease that we didn't offer, because
554 both we and the peer are in a position to offer it.
555 In that case, we probably shouldn't answer. In order
556 to not answer, we would have to compare the server
557 identifier sent by the client with the list of possible
558 server identifiers we can send, and if the client's
559 identifier isn't on the list, drop the DHCPREQUEST.
560 We aren't currently doing that for two reasons - first,
561 it's not clear that all clients do the right thing
562 with respect to sending the client identifier, which
563 could mean that we might simply not respond to a client
564 that is depending on us to respond. Secondly, we allow
565 the user to specify the server identifier to send, and
566 we don't enforce that the server identifier should be
567 one of our IP addresses. This is probably not a big
568 deal, but it's theoretically an issue.
570 The reason we care about this is that if both servers
571 send a DHCPACK to the DHCPREQUEST, they are then going
572 to send dueling BNDUPD messages, which could cause
573 trouble. I think it causes no harm, but it seems
574 wrong. */
577 #endif
579 /* If a client on a given network REQUESTs a lease on an
580 address on a different network, NAK it. If the Requested
581 Address option was used, the protocol says that it must
582 have been broadcast, so we can trust the source network
583 information.
585 If ciaddr was specified and Requested Address was not, then
586 we really only know for sure what network a packet came from
587 if it came through a BOOTP gateway - if it came through an
588 IP router, we'll just have to assume that it's cool.
590 If we don't think we know where the packet came from, it
591 came through a gateway from an unknown network, so it's not
592 from a RENEWING client. If we recognize the network it
593 *thinks* it's on, we can NAK it even though we don't
594 recognize the network it's *actually* on; otherwise we just
595 have to ignore it.
597 We don't currently try to take advantage of access to the
598 raw packet, because it's not available on all platforms.
599 So a packet that was unicast to us through a router from a
600 RENEWING client is going to look exactly like a packet that
601 was broadcast to us from an INIT-REBOOT client.
603 Since we can't tell the difference between these two kinds
604 of packets, if the packet appears to have come in off the
605 local wire, we have to treat it as if it's a RENEWING
606 client. This means that we can't NAK a RENEWING client on
607 the local wire that has a bogus address. The good news is
608 that we won't ACK it either, so it should revert to INIT
609 state and send us a DHCPDISCOVER, which we *can* work with.
611 Because we can't detect that a RENEWING client is on the
612 wrong wire, it's going to sit there trying to renew until
613 it gets to the REBIND state, when we *can* NAK it because
614 the packet will get to us through a BOOTP gateway. We
615 shouldn't actually see DHCPREQUEST packets from RENEWING
616 clients on the wrong wire anyway, since their idea of their
617 local router will be wrong. In any case, the protocol
618 doesn't really allow us to NAK a DHCPREQUEST from a
619 RENEWING client, so we can punt on this issue. */
626 /* If we don't know where it came from but we do know
627 where it claims to have come from, it didn't come
628 from there. */
634 }
635 /* Otherwise, ignore it. */
637 (subnet
640 }
642 /* If we do know where it came from and it asked for an
643 address that is not on that shared network, nak it. */
649 {
653 }
656 }
657 }
659 /* If the address the client asked for is ours, but it wasn't
660 available for the client, NAK it. */
665 }
667 /* Otherwise, send the lease to the client if we found one. */
673 out:
679 }
684 {
693 /* DHCPRELEASE must not specify address in requested-address
694 option, but old protocol specs weren't explicit about this,
695 so let it go. */
697 DHO_DHCP_REQUESTED_ADDRESS))) {
702 }
705 DHO_DHCP_CLIENT_IDENTIFIER);
715 /* See if we can find a lease that matches the IP address
716 the client is claiming. */
723 }
728 }
729 }
732 }
734 /* The client is supposed to pass a valid client-identifier,
735 but the spec on this has changed historically, so try the
736 IP address in ciaddr if the client-identifier fails. */
741 }
744 /* If the hardware address doesn't match, don't do the release. */
756 else
761 /* %Audit% Cannot exceed 16 bytes. %2004.06.17,Safe%
762 * We copy this out to stack because we actually want to log two
763 * inet_ntoa()'s in this message.
764 */
768 /* %Audit% This is log output. %2004.06.17,Safe%
769 * If we truncate we hope the user can get a hint from the log.
770 */
773 cstr,
778 : (lease
788 #if defined (FAILOVER_PROTOCOL)
796 }
798 /* DHCPRELEASE messages are unicast, so if the client
799 sent the DHCPRELEASE to us, it's not going to send it
800 to the peer. Not sure why this would happen, and
801 if it does happen I think we still have to change the
802 lease state, so that's what we're doing.
803 XXX See what it says in the draft about this. */
804 }
805 #endif
807 /* If we found a lease, release it. */
810 }
812 out:
815 }
820 {
832 /* DHCPDECLINE must specify address. */
834 DHO_DHCP_REQUESTED_ADDRESS)))
853 else
858 /* %Audit% This is log output. %2004.06.17,Safe%
859 * If we truncate we hope the user can get a hint from the log.
860 */
868 : (lease
879 /* Execute statements in scope starting with the subnet scope. */
889 /* Execute statements in the class scopes. */
891 execute_statements_in_scope
896 }
898 /* Drop the request if dhcpdeclines are being ignored. */
905 /* If we found a lease, mark it as unusable and complain. */
907 #if defined (FAILOVER_PROTOCOL)
917 }
919 /* DHCPDECLINE messages are broadcast, so we can safely
920 ignore the DHCPDECLINE if the peer has the lease.
921 XXX Of course, at this point that information has been
922 lost. */
923 }
924 #endif
928 }
936 out:
941 }
946 {
962 /* The client should set ciaddr to its IP address, but apparently
963 it's common for clients not to do this, so we'll use their IP
964 source address if they didn't set ciaddr. */
971 }
973 /* %Audit% This is log output. %2004.06.17,Safe%
974 * If we truncate we hope the user can get a hint from the log.
975 */
979 /* If the IP source address is zero, don't respond. */
983 }
985 /* Find the subnet that the client is on. */
989 /* Sourceless packets don't make sense here. */
994 }
996 /* We don't respond to DHCPINFORM packets if we're not authoritative.
997 It would be nice if a per-host value could override this, but
998 there's overhead involved in checking this, so let's see how people
999 react first. */
1014 }
1019 }
1027 /* Execute statements in scope starting with the subnet scope. */
1036 /* Execute statements in the class scopes. */
1038 execute_statements_in_scope
1043 }
1045 /* Figure out the filename. */
1056 else
1060 }
1062 /* Choose a server name as above. */
1072 else
1076 }
1078 /* Set a flag if this client is a lame Microsoft client that NUL
1079 terminates string options and expects us to do likewise. */
1082 DHO_HOST_NAME))) {
1090 }
1091 }
1093 /* Put in DHCP-specific options. */
1101 }
1103 }
1107 use_primary:
1120 }
1122 }
1132 }
1137 }
1139 /* Use the subnet mask from the subnet declaration if no other
1140 mask has been provided. */
1151 }
1153 }
1154 }
1156 /* If a site option space has been specified, use that for
1157 site option codes. */
1168 MDL)) {
1174 }
1182 }
1186 /* Use the parameter list from the scope if there is one. */
1188 DHO_DHCP_PARAMETER_REQUEST_LIST);
1190 /* Otherwise, if the client has provided a list of options
1191 that it wishes returned, use it to prioritize. Otherwise,
1192 prioritize based on the default priority list. */
1196 DHO_DHCP_PARAMETER_REQUEST_LIST);
1204 #ifdef DEBUG_PACKET
1207 #endif
1211 /* Figure out the address of the boot file server. */
1219 /* If there was more than one answer,
1220 take the first. */
1224 }
1225 }
1227 /* Set up the option buffer... */
1238 /* Make sure that the packet is at least as big as a BOOTP packet. */
1254 /* Report what we're sending... */
1257 #ifdef DEBUG_PACKET
1260 #endif
1262 /* Set up the common stuff... */
1264 #ifdef HAVE_SA_LEN
1266 #endif
1269 /* Use the IP address we derived for the client. */
1280 }
1285 {
1305 /* Set DHCP_MESSAGE_TYPE to DHCPNAK */
1310 }
1317 }
1322 /* Set DHCP_MESSAGE to whatever the message is */
1327 }
1335 }
1342 use_primary:
1354 }
1356 }
1370 }
1376 }
1378 /* If there were agent options in the incoming packet, return
1379 them. */
1383 option_chain_head_reference
1388 MDL);
1389 }
1391 /* Do not use the client's requested parameter list. */
1393 DHO_DHCP_PARAMETER_REQUEST_LIST);
1395 /* Set up the option buffer... */
1403 /* memset (&raw.ciaddr, 0, sizeof raw.ciaddr);*/
1416 /* Report what we're sending... */
1428 #ifdef DEBUG_PACKET
1433 #endif
1435 #if 0
1440 #endif
1442 /* Set up the common stuff... */
1444 #ifdef HAVE_SA_LEN
1446 #endif
1451 /* Make sure that the packet is at least as big as a BOOTP packet. */
1455 /* If this was gatewayed, send it back to the gateway.
1456 Otherwise, broadcast it on the local network. */
1461 else
1470 }
1474 }
1480 }
1486 TIME when;
1489 {
1494 TIME lease_time;
1495 TIME offered_lease_time;
1497 TIME min_lease_time;
1498 TIME max_lease_time;
1499 TIME default_lease_time;
1503 isc_result_t result;
1505 TIME ping_timeout;
1512 /* If we're already acking this lease, don't do it again. */
1516 /* If the lease carries a host record, remember it. */
1520 /* Allocate a lease state structure... */
1528 /* See if we got a server identifier option. */
1533 /* If there were agent options in the incoming packet, return
1534 them. Do not return the agent options if they were stashed
1535 on the lease. */
1544 option_chain_head_reference
1549 MDL);
1550 }
1552 /* If we are offering a lease that is still currently valid, preserve
1553 the events. We need to do this because if the client does not
1554 REQUEST our offer, it will expire in 2 minutes, overriding the
1555 expire time in the currently in force lease. We want the expire
1556 events to be executed at that point. */
1558 /* Get rid of any old expiry or release statements - by
1559 executing the statements below, we will be inserting new
1560 ones if there are any to insert. */
1563 MDL);
1566 MDL);
1569 MDL);
1570 }
1572 /* Execute statements in scope starting with the subnet scope. */
1580 /* If the lease is from a pool, run the pool scope. */
1582 (execute_statements_in_scope
1588 /* Execute statements from class scopes. */
1590 execute_statements_in_scope
1598 }
1600 /* See if the client is only supposed to have one lease at a time,
1601 and if so, find its other leases and release them. We can only
1602 do this on DHCPREQUEST. It's a little weird to do this before
1603 looking at permissions, because the client might not actually
1604 _get_ a lease after we've done the permission check, but the
1605 assumption for this option is that the client has exactly one
1606 network interface, and will only ever remember one lease. So
1607 if it sends a DHCPREQUEST, and doesn't get the lease, it's already
1608 forgotten about its old lease, so we can too. */
1611 SV_ONE_LEASE_PER_CLIENT)) &&
1629 }
1632 /* Don't release expired leases, and don't
1633 release the lease we're going to assign. */
1649 }
1650 }
1659 }
1664 SV_DUPLICATES)) &&
1673 find_lease_by_hw_addr
1681 }
1697 }
1698 }
1707 }
1708 }
1711 /* Make sure this packet satisfies the configured minimum
1712 number of seconds. */
1716 SV_MIN_SECS))) {
1731 }
1733 }
1734 }
1736 /* Try to find a matching host declaration for this lease.
1737 */
1742 /* Try to find a host_decl that matches the client
1743 identifier or hardware address on the packet, and
1744 has no fixed IP address. If there is one, hang
1745 it off the lease so that its option definitions
1746 can be used. */
1748 DHO_DHCP_CLIENT_IDENTIFIER);
1758 }
1764 MDL);
1768 }
1771 }
1774 }
1776 /* If we have a host_decl structure, run the options associated
1777 with its group. Wether the host decl struct is old or not. */
1789 /* Drop the request if it's not allowed for this client. By
1790 default, unknown clients are allowed. */
1793 SV_BOOT_UNKNOWN_CLIENTS)) &&
1806 }
1808 /* Drop the request if it's not allowed for this client. */
1811 SV_ALLOW_BOOTP)) &&
1824 }
1826 /* Drop the request if booting is specifically denied. */
1828 SV_ALLOW_BOOTING);
1842 }
1844 /* If we are configured to do per-class billing, do it. */
1846 /* See if the lease is currently being billed to a
1847 class, and if so, whether or not it can continue to
1848 be billed to that class. */
1856 }
1858 /* If we don't have an active billing, see if we need
1859 one, and if we do, try to do so. */
1864 }
1874 msg);
1878 /* XXX possibly not necessary: */
1880 }
1881 }
1882 }
1883 }
1885 /* Figure out the filename. */
1893 /* Choose a server name as above. */
1895 SV_SERVER_NAME);
1902 /* At this point, we have a lease that we can offer the client.
1903 Now we construct a lease structure that contains what we want,
1904 and call supersede_lease to do the right thing with it. */
1914 }
1916 /* Use the ip address of the lease that we finally found in
1917 the database. */
1920 /* Start now. */
1923 /* Figure out how long a lease to assign. If this is a
1924 dynamic BOOTP lease, its duration must be infinite. */
1928 SV_DEFAULT_LEASE_TIME))) {
1935 default_lease_time =
1938 }
1939 }
1942 DHO_DHCP_LEASE_TIME)))
1948 else
1958 }
1960 /* See if there's a maximum lease time. */
1963 SV_MAX_LEASE_TIME))) {
1970 max_lease_time =
1973 }
1974 }
1976 /* Enforce the maximum lease length. */
1986 SV_MIN_LEASE_TIME))) {
1995 }
1996 }
2001 else
2003 }
2005 #if defined (FAILOVER_PROTOCOL)
2006 /* Okay, we know the lease duration. Now check the
2007 failover state, if any. */
2010 }
2015 /* If the lease time we arrived at exceeds what
2016 the peer has, we can only issue a lease of
2017 peer -> mclt, but we can tell the peer we
2018 want something longer in the future. */
2019 /* XXX This may result in updates that only push
2020 XXX the peer's expiry time for this lease up
2021 XXX by a few seconds - think about this again
2022 XXX later. */
2025 /* Here we're assuming that if we don't have
2026 to update tstp, there's already an update
2027 queued. May want to revisit this. */
2033 /* Now choose a lease time that is either
2034 MCLT, for a lease that's never before been
2035 assigned, or TSFP + MCLT for a lease that
2036 has.
2037 XXX Note that TSFP may be < cur_time.
2038 XXX What do we do in this case?
2039 XXX should the expiry timer on the lease
2040 XXX set tsfp and tstp to zero? */
2046 }
2055 }
2056 }
2059 }
2062 /* If the lease duration causes the time value to wrap,
2063 use the maximum expiry time. */
2066 else
2070 else
2073 /* Don't make lease active until we actually get a
2074 DHCPREQUEST. */
2077 else
2083 SV_BOOTP_LEASE_LENGTH))) {
2092 }
2093 }
2096 SV_BOOTP_LEASE_CUTOFF))) {
2104 cur_time);
2106 }
2107 }
2111 }
2115 /* Record the uid, if given... */
2117 DHO_DHCP_CLIENT_IDENTIFIER);
2133 /* XXX inelegant */
2138 }
2140 }
2145 }
2152 /* Set a flag if this client is a broken client that NUL
2153 terminates string options and expects us to do likewise. */
2156 else
2159 /* Save any bindings. */
2163 }
2168 /* If we got relay agent information options, and the packet really
2169 looks like it came through a relay agent, and if this feature is
2170 not disabled, save the relay agent information options that came
2171 in with the packet, so that we can use them at renewal time when
2172 the packet won't have gone through a relay agent. */
2180 SV_STASH_AGENT_OPTIONS);
2189 option_chain_head_reference
2193 MDL);
2194 }
2195 }
2197 /* Replace the old lease hostname with the new one, if it's changed. */
2205 else
2212 /* Hasn't changed. */
2223 }
2225 }
2227 /* Record the hardware address, if given... */
2235 /* If there are statements to execute when the lease is
2236 committed, execute them. */
2245 MDL);
2246 }
2248 #ifdef NSUPDATE
2249 /* Perform DDNS updates, if configured to. */
2252 SV_DDNS_UPDATES)) ||
2259 }
2262 /* Don't call supersede_lease on a mocked-up lease. */
2264 /* Copy the hardware address into the static lease
2265 structure. */
2272 /* Install the new information about this lease in the
2273 database. If this is a DHCPACK or a dynamic BOOTREPLY
2274 and we can't write the lease, don't ACK it (or BOOTREPLY
2275 it) either. */
2283 }
2284 }
2287 /* Remember the interface on which the packet arrived. */
2290 /* Remember the giaddr, xid, secs, flags and hops. */
2299 /* If we're always supposed to broadcast to this client, set
2300 the broadcast bit in the bootp flags field. */
2302 SV_ALWAYS_BROADCAST)) &&
2309 /* Get the Maximum Message Size option from the packet, if one
2310 was sent. */
2312 DHO_DHCP_MAX_MESSAGE_SIZE);
2323 DHO_DHCP_MAX_MESSAGE_SIZE);
2333 }
2334 }
2336 /* Get the Subnet Selection option from the packet, if one
2337 was sent. */
2339 DHO_SUBNET_SELECTION))) {
2341 /* Make a copy of the data. */
2352 }
2356 }
2358 /* Now, if appropriate, put in DHCP-specific options that
2359 override those. */
2370 }
2372 }
2376 use_primary:
2389 }
2391 }
2407 }
2413 }
2415 offered_lease_time =
2433 }
2435 }
2437 /* Renewal time is lease time * 0.5. */
2455 }
2457 }
2459 /* Rebinding time is lease time * 0.875. */
2477 }
2479 }
2486 }
2488 /* Figure out the address of the boot file server. */
2497 /* If there was more than one answer,
2498 take the first. */
2502 }
2503 }
2505 /* Use the subnet mask from the subnet declaration if no other
2506 mask has been provided. */
2518 }
2520 }
2521 }
2523 /* Use the hostname from the host declaration if there is one
2524 and no hostname has otherwise been provided, and if the
2525 use-host-decl-name flag is set. */
2530 (evaluate_boolean_option_cache
2544 }
2546 }
2547 }
2549 /* If we don't have a hostname yet, and we've been asked to do
2550 a reverse lookup to find the hostname, do it. */
2553 (evaluate_boolean_option_cache
2577 }
2579 }
2580 }
2581 }
2583 /* If so directed, use the leased IP address as the router address.
2584 This supposedly makes Win95 machines ARP for all IP addresses,
2585 so if the local router does proxy arp, you win. */
2605 }
2607 }
2608 }
2609 }
2611 /* If a site option space has been specified, use that for
2612 site option codes. */
2623 MDL)) {
2626 }
2634 }
2636 /* If the client has provided a list of options that it wishes
2637 returned, use it to prioritize. If there's a parameter
2638 request list in scope, use that in preference. Otherwise
2639 use the default priority list. */
2642 DHO_DHCP_PARAMETER_REQUEST_LIST);
2646 DHO_DHCP_PARAMETER_REQUEST_LIST);
2653 #ifdef DEBUG_PACKET
2656 #endif
2662 /* Hang the packet off the lease state. */
2665 /* If this is a DHCPOFFER, ping the lease address before actually
2666 sending the offer. */
2670 SV_PING_CHECKS)) ||
2679 /* Determine wether to use configured or default ping timeout.
2680 */
2682 SV_PING_TIMEOUT)) &&
2689 else
2696 #ifdef DEBUG
2698 #endif
2707 }
2708 }
2712 {
2731 /* Compose a response for the client... */
2735 /* Copy in the filename if given; otherwise, flag the filename
2736 buffer as available for options. */
2748 /* Copy in the server name if given; otherwise, flag the
2749 server_name buffer as available for options. */
2766 /* See if this is a Microsoft client that NUL-terminates its
2767 strings and expects us to do likewise... */
2770 else
2773 /* See if this is a bootp client... */
2776 else
2779 /* Insert such options as will fit into the buffer. */
2804 else
2809 /* Say what we're doing... */
2826 /* Set up the hardware address... */
2831 #ifdef HAVE_SA_LEN
2833 #endif
2836 #ifdef DEBUG_PACKET
2838 #endif
2840 /* Make sure outgoing packets are at least as big
2841 as a BOOTP packet. */
2845 /* If this was gatewayed, send it back to the gateway... */
2850 else
2863 }
2865 /* If the client is RENEWING, unicast to the client using the
2866 regular IP stack. Some clients, particularly those that
2867 follow RFC1541, are buggy, and send both ciaddr and server
2868 identifier. We deal with this situation by assuming that
2869 if we got both dhcp-server-identifier and ciaddr, and
2870 giaddr was not set, then the client is on the local
2871 network, and we can therefore unicast or broadcast to it
2872 successfully. A client in REQUESTING state on another
2873 network that's making this mistake will have set giaddr,
2874 and will therefore get a relayed response from the above
2875 code. */
2879 /* XXX This won't work if giaddr isn't zero, but it is: */
2895 }
2897 /* If it comes from a client that already knows its address
2898 and is not requesting a broadcast response, and we can
2899 unicast to a client without using the ARP protocol, sent it
2900 directly to that client. */
2906 /* Otherwise, broadcast it on the local network. */
2912 }
2921 /* Free all of the entries in the option_state structure
2922 now that we're done with them. */
2926 }
2932 {
2953 /* Look up the requested address. */
2955 DHO_DHCP_REQUESTED_ADDRESS);
2969 }
2971 /* Try to find a host or lease that's been assigned to the
2972 specified unique client identifier. */
2974 DHO_DHCP_CLIENT_IDENTIFIER);
2982 /* Remember this for later. */
2985 /* First, try to find a fixed host entry for the specified
2986 client identifier... */
2989 /* Remember if we know of this client. */
2992 }
2994 #if defined (DEBUG_FIND_LEASE)
2998 }
2999 #endif
3004 }
3008 }
3010 /* If we didn't find a fixed lease using the uid, try doing
3011 it with the hardware address... */
3016 /* Remember if we know of this client. */
3023 #if defined (DEBUG_FIND_LEASE)
3027 }
3028 #endif
3029 }
3030 }
3032 /* If fixed_lease is present but does not match the requested
3033 IP address, and this is a DHCPREQUEST, then we can't return
3034 any other lease, so we might as well return now. */
3042 #if defined (DEBUG_FIND_LEASE)
3046 #endif
3048 }
3050 /* If we found leases matching the client identifier, loop through
3051 the n_uid pointer looking for one that's actually valid. We
3052 can't do this until we get here because we depend on
3053 packet -> known, which may be set by either the uid host
3054 lookup or the haddr host lookup. */
3056 #if defined (DEBUG_FIND_LEASE)
3059 #endif
3061 #if defined (FAILOVER_PROTOCOL)
3062 /* When failover is active, it's possible that there could
3063 be two "free" leases for the same uid, but only one of
3064 them that's available for this failover peer to allocate. */
3067 #if defined (DEBUG_FIND_LEASE)
3070 #endif
3072 }
3073 #endif
3076 #if defined (DEBUG_FIND_LEASE)
3079 #endif
3081 }
3087 #if defined (DEBUG_FIND_LEASE)
3090 #endif
3091 n_uid:
3101 }
3103 }
3105 }
3106 #if defined (DEBUG_FIND_LEASE)
3110 #endif
3112 /* Find a lease whose hardware address matches, whose client
3113 identifier matches, that's permitted, and that's on the
3114 correct subnet. */
3120 #if defined (DEBUG_FIND_LEASE)
3123 #endif
3124 #if defined (FAILOVER_PROTOCOL)
3125 /* When failover is active, it's possible that there could
3126 be two "free" leases for the same uid, but only one of
3127 them that's available for this failover peer to allocate. */
3130 #if defined (DEBUG_FIND_LEASE)
3133 #endif
3135 }
3136 #endif
3145 #if defined (DEBUG_FIND_LEASE)
3148 #endif
3151 }
3153 #if defined (DEBUG_FIND_LEASE)
3156 #endif
3159 }
3164 #if defined (DEBUG_FIND_LEASE)
3167 #endif
3170 n_hw:
3177 }
3179 }
3181 }
3182 #if defined (DEBUG_FIND_LEASE)
3186 #endif
3188 /* Try to find a lease that's been allocated to the client's
3189 IP address. */
3195 #if defined (DEBUG_FIND_LEASE)
3199 #endif
3201 /* If ip_lease is valid at this point, set ours to one, so that
3202 even if we choose a different lease, we know that the address
3203 the client was requesting was ours, and thus we can NAK it. */
3207 /* If the requested IP address isn't on the network the packet
3208 came from, don't use it. Allow abandoned leases to be matched
3209 here - if the client is requesting it, there's a decent chance
3210 that it's because the lease database got trashed and a client
3211 that thought it had this lease answered an ARP or PING, causing the
3212 lease to be abandoned. If so, this request probably came from
3213 that client. */
3217 #if defined (DEBUG_FIND_LEASE)
3219 #endif
3222 }
3224 /* Toss ip_lease if it hasn't yet expired and doesn't belong to the
3225 client. */
3237 /* If we're not doing failover, the only state in which
3238 we can allocate this lease to the client is FTS_FREE.
3239 If we are doing failover, things are more complicated.
3240 If the lease is free or backup, we let the caller decide
3241 whether or not to give it out. */
3244 #if defined (DEBUG_FIND_LEASE)
3246 #endif
3247 /* If we're rejecting it because the peer has
3248 it, don't set "ours", because we shouldn't NAK. */
3255 }
3257 /* If we got an ip_lease and a uid_lease or hw_lease, and ip_lease
3258 is not active, and is not ours to reallocate, forget about it. */
3263 #if defined (DEBUG_FIND_LEASE)
3265 #endif
3267 }
3269 /* If for some reason the client has more than one lease
3270 on the subnet that matches its uid, pick the one that
3271 it asked for and (if we can) free the other. */
3282 (print_hw_addr
3290 /* If the client is REQUESTing the lease,
3291 it shouldn't still be using the old
3292 one, so we can free it for allocation. */
3300 }
3303 }
3304 }
3306 /* If we get to here and fixed_lease is not null, that means
3307 that there are both a dynamic lease and a fixed-address
3308 declaration for the same IP address. */
3311 db_conflict:
3323 );
3328 }
3331 #if defined (DEBUG_FIND_LEASE)
3333 #endif
3335 }
3336 }
3338 /* If we get to here with both fixed_lease and ip_lease not
3339 null, then we have a configuration file bug. */
3343 /* Toss extra pointers to the same lease... */
3345 #if defined (DEBUG_FIND_LEASE)
3347 #endif
3349 }
3352 #if defined (DEBUG_FIND_LEASE)
3354 #endif
3355 }
3358 #if defined (DEBUG_FIND_LEASE)
3360 #endif
3361 }
3363 /* Make sure the client is permitted to use the requested lease. */
3372 }
3382 }
3392 }
3394 /* If we've already eliminated the lease, it wasn't there to
3395 begin with. If we have come up with a matching lease,
3396 set the message to bad network in case we have to throw it out. */
3399 }
3401 /* If this is a DHCPREQUEST, make sure the lease we're going to return
3402 matches the requested IP address. If it doesn't, don't return a
3403 lease at all. */
3406 #if defined (DEBUG_FIND_LEASE)
3408 #endif
3410 }
3412 /* At this point, if fixed_lease is nonzero, we can assign it to
3413 this client. */
3417 #if defined (DEBUG_FIND_LEASE)
3419 #endif
3420 }
3422 /* If we got a lease that matched the ip address and don't have
3423 a better offer, use that; otherwise, release it. */
3428 #if defined (DEBUG_FIND_LEASE)
3430 #endif
3432 #if defined (DEBUG_FIND_LEASE)
3434 #endif
3438 }
3440 }
3442 /* If we got a lease that matched the client identifier, we may want
3443 to use it, but if we already have a lease we like, we must free
3444 the lease that matched the client identifier. */
3451 #if defined (DEBUG_FIND_LEASE)
3453 #endif
3458 #if defined (DEBUG_FIND_LEASE)
3460 #endif
3461 }
3463 }
3465 /* The lease that matched the hardware address is treated likewise. */
3468 #if defined (DEBUG_FIND_LEASE)
3470 #endif
3472 /* We're a little lax here - if the client didn't
3473 send a client identifier and it's a bootp client,
3474 but the lease has a client identifier, we still
3475 let the client have a lease. */
3477 (have_client_identifier
3487 #if defined (DEBUG_FIND_LEASE)
3489 #endif
3491 #if defined (DEBUG_FIND_LEASE)
3494 #endif
3495 }
3496 }
3498 }
3500 /* If we found a host_decl but no matching address, try to
3501 find a host_decl that has no address, and if there is one,
3502 hang it off the lease so that we can use the supplied
3503 options. */
3513 }
3520 }
3521 }
3522 }
3524 /* If we find an abandoned lease, but it's the one the client
3525 requested, we assume that previous bugginess on the part
3526 of the client, or a server database loss, caused the lease to
3527 be abandoned, so we reclaim it and let the client have it. */
3535 /* Otherwise, if it's not the one the client requested, we do not
3536 return it - instead, we claim it's ours, causing a DHCPNAK to be
3537 sent if this lookup is for a DHCPREQUEST, and force the client
3538 to go back through the allocation process. */
3542 }
3547 out:
3563 #if defined (DEBUG_FIND_LEASE)
3566 #endif
3570 }
3571 #if defined (DEBUG_FIND_LEASE)
3573 #endif
3575 }
3577 /* Search the provided host_decl structure list for an address that's on
3578 the specified shared network. If one is found, mock up and return a
3579 lease structure for it; otherwise return the null pointer. */
3583 {
3586 isc_result_t status;
3598 }
3602 else
3608 }
3620 }
3622 /* Look through all the pools in a list starting with the specified pool
3623 for a free lease. We try to find a virgin lease if we can. If we
3624 don't find a virgin lease, we try to find a non-virgin lease that's
3625 free. If we can't find one of those, we try to reclaim an abandoned
3626 lease. If all of these possibilities fail to pan out, we don't return
3627 a lease at all. */
3631 {
3642 #if defined (FAILOVER_PROTOCOL)
3643 /* Peer_has_leases just says that we found at least one
3644 free lease. If no free lease is returned, the caller
3645 can deduce that this means the peer is hogging all the
3646 free leases, so we can print a better error message. */
3647 /* XXX Do we need code here to ignore PEER_IS_OWNER and
3648 * XXX just check tstp if we're in, e.g., PARTNER_DOWN?
3649 * XXX Where do we deal with CONFLICT_DETECTED, et al? */
3650 /* XXX This should be handled by the lease binding "state
3651 * XXX machine" - that is, when we get here, if a lease
3652 * XXX could be allocated, it will have the correct
3653 * XXX binding state so that the following code will
3654 * XXX result in its being allocated. */
3655 /* Skip to the most expired lease in the pool that is not
3656 * owned by a failover peer. */
3668 }
3670 #endif
3671 {
3674 else
3676 }
3684 }
3704 }
3713 }
3716 }
3718 /* Determine whether or not a permit exists on a particular permit list
3719 that matches the specified packet, returning nonzero if so, zero if
3720 not. */
3725 {
3769 }
3771 }
3772 }
3774 }
3778 {
3784 /* See if there's a subnet selection option. */
3786 DHO_SUBNET_SELECTION);
3788 /* If there's no SSO and no giaddr, then use the shared_network
3789 from the interface, if there is one. If not, fail. */
3792 shared_network_reference
3796 }
3798 }
3800 /* If there's an SSO, and it's valid, use it to figure out the
3801 subnet. If it's not valid, fail. */
3810 }
3813 }
3820 }
3822 /* If we know the subnet on which the IP address lives, use it. */
3828 }
3830 /* Otherwise, fail. */
3832 }