[DHCP]
[reactos.git] / reactos / base / services / dhcp / options.c
1 /* $OpenBSD: options.c,v 1.15 2004/12/26 03:17:07 deraadt Exp $ */
2
3 /* DHCP options parsing and reassembly. */
4
5 /*
6 * Copyright (c) 1995, 1996, 1997, 1998 The Internet Software Consortium.
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. Neither the name of The Internet Software Consortium nor the names
19 * of its contributors may be used to endorse or promote products derived
20 * from this software without specific prior written permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE INTERNET SOFTWARE CONSORTIUM AND
23 * CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
24 * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
25 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
26 * DISCLAIMED. IN NO EVENT SHALL THE INTERNET SOFTWARE CONSORTIUM OR
27 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
29 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
30 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
31 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
32 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
33 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 * SUCH DAMAGE.
35 *
36 * This software has been written for the Internet Software Consortium
37 * by Ted Lemon <mellon@fugue.com> in cooperation with Vixie
38 * Enterprises. To learn more about the Internet Software Consortium,
39 * see ``http://www.vix.com/isc''. To learn more about Vixie
40 * Enterprises, see ``http://www.vix.com''.
41 */
42
43 #include <ctype.h>
44 #include <string.h>
45
46 #define DHCP_OPTION_DATA
47 #include "rosdhcp.h"
48 #include "dhcpd.h"
49
50 int bad_options = 0;
51 int bad_options_max = 5;
52
53 void parse_options(struct packet *);
54 void parse_option_buffer(struct packet *, unsigned char *, int);
55 int store_options(unsigned char *, int, struct tree_cache **,
56 unsigned char *, int, int, int, int);
57
58
59 /*
60 * Parse all available options out of the specified packet.
61 */
62 void
63 parse_options(struct packet *packet)
64 {
65 /* Initially, zero all option pointers. */
66 memset(packet->options, 0, sizeof(packet->options));
67
68 /* If we don't see the magic cookie, there's nothing to parse. */
69 if (memcmp(packet->raw->options, DHCP_OPTIONS_COOKIE, 4)) {
70 packet->options_valid = 0;
71 return;
72 }
73
74 /*
75 * Go through the options field, up to the end of the packet or
76 * the End field.
77 */
78 parse_option_buffer(packet, &packet->raw->options[4],
79 packet->packet_length - DHCP_FIXED_NON_UDP - 4);
80
81 /*
82 * If we parsed a DHCP Option Overload option, parse more
83 * options out of the buffer(s) containing them.
84 */
85 if (packet->options_valid &&
86 packet->options[DHO_DHCP_OPTION_OVERLOAD].data) {
87 if (packet->options[DHO_DHCP_OPTION_OVERLOAD].data[0] & 1)
88 parse_option_buffer(packet,
89 (unsigned char *)packet->raw->file,
90 sizeof(packet->raw->file));
91 if (packet->options[DHO_DHCP_OPTION_OVERLOAD].data[0] & 2)
92 parse_option_buffer(packet,
93 (unsigned char *)packet->raw->sname,
94 sizeof(packet->raw->sname));
95 }
96 }
97
98 /*
99 * Parse options out of the specified buffer, storing addresses of
100 * option values in packet->options and setting packet->options_valid if
101 * no errors are encountered.
102 */
103 void
104 parse_option_buffer(struct packet *packet,
105 unsigned char *buffer, int length)
106 {
107 unsigned char *s, *t, *end = buffer + length;
108 int len, code;
109
110 for (s = buffer; *s != DHO_END && s < end; ) {
111 code = s[0];
112
113 /* Pad options don't have a length - just skip them. */
114 if (code == DHO_PAD) {
115 s++;
116 continue;
117 }
118 if (s + 2 > end) {
119 len = 65536;
120 goto bogus;
121 }
122
123 /*
124 * All other fields (except end, see above) have a
125 * one-byte length.
126 */
127 len = s[1];
128
129 /*
130 * If the length is outrageous, silently skip the rest,
131 * and mark the packet bad. Unfortunately some crappy
132 * dhcp servers always seem to give us garbage on the
133 * end of a packet. so rather than keep refusing, give
134 * up and try to take one after seeing a few without
135 * anything good.
136 */
137 if (s + len + 2 > end) {
138 bogus:
139 bad_options++;
140 warning("option %s (%d) %s.",
141 dhcp_options[code].name, len,
142 "larger than buffer");
143 if (bad_options == bad_options_max) {
144 packet->options_valid = 1;
145 bad_options = 0;
146 warning("Many bogus options seen in offers. "
147 "Taking this offer in spite of bogus "
148 "options - hope for the best!");
149 } else {
150 warning("rejecting bogus offer.");
151 packet->options_valid = 0;
152 }
153 return;
154 }
155 /*
156 * If we haven't seen this option before, just make
157 * space for it and copy it there.
158 */
159 if (!packet->options[code].data) {
160 if (!(t = calloc(1, len + 1)))
161 error("Can't allocate storage for option %s.",
162 dhcp_options[code].name);
163 /*
164 * Copy and NUL-terminate the option (in case
165 * it's an ASCII string.
166 */
167 memcpy(t, &s[2], len);
168 t[len] = 0;
169 packet->options[code].len = len;
170 packet->options[code].data = t;
171 } else {
172 /*
173 * If it's a repeat, concatenate it to whatever
174 * we last saw. This is really only required
175 * for clients, but what the heck...
176 */
177 t = calloc(1, len + packet->options[code].len + 1);
178 if (!t) {
179 error("Can't expand storage for option %s.",
180 dhcp_options[code].name);
181 return;
182 }
183 memcpy(t, packet->options[code].data,
184 packet->options[code].len);
185 memcpy(t + packet->options[code].len,
186 &s[2], len);
187 packet->options[code].len += len;
188 t[packet->options[code].len] = 0;
189 free(packet->options[code].data);
190 packet->options[code].data = t;
191 }
192 s += len + 2;
193 }
194 packet->options_valid = 1;
195 }
196
197 /*
198 * cons options into a big buffer, and then split them out into the
199 * three separate buffers if needed. This allows us to cons up a set of
200 * vendor options using the same routine.
201 */
202 int
203 cons_options(struct packet *inpacket, struct dhcp_packet *outpacket,
204 int mms, struct tree_cache **options,
205 int overload, /* Overload flags that may be set. */
206 int terminate, int bootpp, u_int8_t *prl, int prl_len)
207 {
208 unsigned char priority_list[300], buffer[4096];
209 int priority_len, main_buffer_size, mainbufix, bufix;
210 int option_size, length;
211
212 /*
213 * If the client has provided a maximum DHCP message size, use
214 * that; otherwise, if it's BOOTP, only 64 bytes; otherwise use
215 * up to the minimum IP MTU size (576 bytes).
216 *
217 * XXX if a BOOTP client specifies a max message size, we will
218 * honor it.
219 */
220 if (!mms &&
221 inpacket &&
222 inpacket->options[DHO_DHCP_MAX_MESSAGE_SIZE].data &&
223 (inpacket->options[DHO_DHCP_MAX_MESSAGE_SIZE].len >=
224 sizeof(u_int16_t)))
225 mms = getUShort(
226 inpacket->options[DHO_DHCP_MAX_MESSAGE_SIZE].data);
227
228 if (mms)
229 main_buffer_size = mms - DHCP_FIXED_LEN;
230 else if (bootpp)
231 main_buffer_size = 64;
232 else
233 main_buffer_size = 576 - DHCP_FIXED_LEN;
234
235 if (main_buffer_size > sizeof(buffer))
236 main_buffer_size = sizeof(buffer);
237
238 /* Preload the option priority list with mandatory options. */
239 priority_len = 0;
240 priority_list[priority_len++] = DHO_DHCP_MESSAGE_TYPE;
241 priority_list[priority_len++] = DHO_DHCP_SERVER_IDENTIFIER;
242 priority_list[priority_len++] = DHO_DHCP_LEASE_TIME;
243 priority_list[priority_len++] = DHO_DHCP_MESSAGE;
244
245 /*
246 * If the client has provided a list of options that it wishes
247 * returned, use it to prioritize. Otherwise, prioritize based
248 * on the default priority list.
249 */
250 if (inpacket &&
251 inpacket->options[DHO_DHCP_PARAMETER_REQUEST_LIST].data) {
252 int prlen =
253 inpacket->options[DHO_DHCP_PARAMETER_REQUEST_LIST].len;
254 if (prlen + priority_len > sizeof(priority_list))
255 prlen = sizeof(priority_list) - priority_len;
256
257 memcpy(&priority_list[priority_len],
258 inpacket->options[DHO_DHCP_PARAMETER_REQUEST_LIST].data,
259 prlen);
260 priority_len += prlen;
261 prl = priority_list;
262 } else if (prl) {
263 if (prl_len + priority_len > sizeof(priority_list))
264 prl_len = sizeof(priority_list) - priority_len;
265
266 memcpy(&priority_list[priority_len], prl, prl_len);
267 priority_len += prl_len;
268 prl = priority_list;
269 } else {
270 memcpy(&priority_list[priority_len],
271 dhcp_option_default_priority_list,
272 sizeof_dhcp_option_default_priority_list);
273 priority_len += sizeof_dhcp_option_default_priority_list;
274 }
275
276 /* Copy the options into the big buffer... */
277 option_size = store_options(
278 buffer,
279 (main_buffer_size - 7 + ((overload & 1) ? DHCP_FILE_LEN : 0) +
280 ((overload & 2) ? DHCP_SNAME_LEN : 0)),
281 options, priority_list, priority_len, main_buffer_size,
282 (main_buffer_size + ((overload & 1) ? DHCP_FILE_LEN : 0)),
283 terminate);
284
285 /* Put the cookie up front... */
286 memcpy(outpacket->options, DHCP_OPTIONS_COOKIE, 4);
287 mainbufix = 4;
288
289 /*
290 * If we're going to have to overload, store the overload option
291 * at the beginning. If we can, though, just store the whole
292 * thing in the packet's option buffer and leave it at that.
293 */
294 if (option_size <= main_buffer_size - mainbufix) {
295 memcpy(&outpacket->options[mainbufix],
296 buffer, option_size);
297 mainbufix += option_size;
298 if (mainbufix < main_buffer_size)
299 outpacket->options[mainbufix++] = DHO_END;
300 length = DHCP_FIXED_NON_UDP + mainbufix;
301 } else {
302 outpacket->options[mainbufix++] = DHO_DHCP_OPTION_OVERLOAD;
303 outpacket->options[mainbufix++] = 1;
304 if (option_size >
305 main_buffer_size - mainbufix + DHCP_FILE_LEN)
306 outpacket->options[mainbufix++] = 3;
307 else
308 outpacket->options[mainbufix++] = 1;
309
310 memcpy(&outpacket->options[mainbufix],
311 buffer, main_buffer_size - mainbufix);
312 bufix = main_buffer_size - mainbufix;
313 length = DHCP_FIXED_NON_UDP + mainbufix;
314 if (overload & 1) {
315 if (option_size - bufix <= DHCP_FILE_LEN) {
316 memcpy(outpacket->file,
317 &buffer[bufix], option_size - bufix);
318 mainbufix = option_size - bufix;
319 if (mainbufix < DHCP_FILE_LEN)
320 outpacket->file[mainbufix++] = (char)DHO_END;
321 while (mainbufix < DHCP_FILE_LEN)
322 outpacket->file[mainbufix++] = (char)DHO_PAD;
323 } else {
324 memcpy(outpacket->file,
325 &buffer[bufix], DHCP_FILE_LEN);
326 bufix += DHCP_FILE_LEN;
327 }
328 }
329 if ((overload & 2) && option_size < bufix) {
330 memcpy(outpacket->sname,
331 &buffer[bufix], option_size - bufix);
332
333 mainbufix = option_size - bufix;
334 if (mainbufix < DHCP_SNAME_LEN)
335 outpacket->file[mainbufix++] = (char)DHO_END;
336 while (mainbufix < DHCP_SNAME_LEN)
337 outpacket->file[mainbufix++] = (char)DHO_PAD;
338 }
339 }
340 return (length);
341 }
342
343 /*
344 * Store all the requested options into the requested buffer.
345 */
346 int
347 store_options(unsigned char *buffer, int buflen, struct tree_cache **options,
348 unsigned char *priority_list, int priority_len, int first_cutoff,
349 int second_cutoff, int terminate)
350 {
351 int bufix = 0, option_stored[256], i, ix, tto;
352
353 /* Zero out the stored-lengths array. */
354 memset(option_stored, 0, sizeof(option_stored));
355
356 /*
357 * Copy out the options in the order that they appear in the
358 * priority list...
359 */
360 for (i = 0; i < priority_len; i++) {
361 /* Code for next option to try to store. */
362 int code = priority_list[i];
363 int optstart;
364
365 /*
366 * Number of bytes left to store (some may already have
367 * been stored by a previous pass).
368 */
369 int length;
370
371 /* If no data is available for this option, skip it. */
372 if (!options[code]) {
373 continue;
374 }
375
376 /*
377 * The client could ask for things that are mandatory,
378 * in which case we should avoid storing them twice...
379 */
380 if (option_stored[code])
381 continue;
382 option_stored[code] = 1;
383
384 /* We should now have a constant length for the option. */
385 length = options[code]->len;
386
387 /* Do we add a NUL? */
388 if (terminate && dhcp_options[code].format[0] == 't') {
389 length++;
390 tto = 1;
391 } else
392 tto = 0;
393
394 /* Try to store the option. */
395
396 /*
397 * If the option's length is more than 255, we must
398 * store it in multiple hunks. Store 255-byte hunks
399 * first. However, in any case, if the option data will
400 * cross a buffer boundary, split it across that
401 * boundary.
402 */
403 ix = 0;
404
405 optstart = bufix;
406 while (length) {
407 unsigned char incr = length > 255 ? 255 : length;
408
409 /*
410 * If this hunk of the buffer will cross a
411 * boundary, only go up to the boundary in this
412 * pass.
413 */
414 if (bufix < first_cutoff &&
415 bufix + incr > first_cutoff)
416 incr = first_cutoff - bufix;
417 else if (bufix < second_cutoff &&
418 bufix + incr > second_cutoff)
419 incr = second_cutoff - bufix;
420
421 /*
422 * If this option is going to overflow the
423 * buffer, skip it.
424 */
425 if (bufix + 2 + incr > buflen) {
426 bufix = optstart;
427 break;
428 }
429
430 /* Everything looks good - copy it in! */
431 buffer[bufix] = code;
432 buffer[bufix + 1] = incr;
433 if (tto && incr == length) {
434 memcpy(buffer + bufix + 2,
435 options[code]->value + ix, incr - 1);
436 buffer[bufix + 2 + incr - 1] = 0;
437 } else
438 memcpy(buffer + bufix + 2,
439 options[code]->value + ix, incr);
440 length -= incr;
441 ix += incr;
442 bufix += 2 + incr;
443 }
444 }
445 return (bufix);
446 }
447
448 /*
449 * Format the specified option so that a human can easily read it.
450 */
451 char *
452 pretty_print_option(unsigned int code, unsigned char *data, int len,
453 int emit_commas, int emit_quotes)
454 {
455 static char optbuf[32768]; /* XXX */
456 int hunksize = 0, numhunk = -1, numelem = 0;
457 char fmtbuf[32], *op = optbuf;
458 int i, j, k, opleft = sizeof(optbuf);
459 unsigned char *dp = data;
460 struct in_addr foo;
461 char comma;
462
463 /* Code should be between 0 and 255. */
464 if (code > 255)
465 error("pretty_print_option: bad code %d", code);
466
467 if (emit_commas)
468 comma = ',';
469 else
470 comma = ' ';
471
472 /* Figure out the size of the data. */
473 for (i = 0; dhcp_options[code].format[i]; i++) {
474 if (!numhunk) {
475 warning("%s: Excess information in format string: %s",
476 dhcp_options[code].name,
477 &(dhcp_options[code].format[i]));
478 break;
479 }
480 numelem++;
481 fmtbuf[i] = dhcp_options[code].format[i];
482 switch (dhcp_options[code].format[i]) {
483 case 'A':
484 --numelem;
485 fmtbuf[i] = 0;
486 numhunk = 0;
487 break;
488 case 'X':
489 for (k = 0; k < len; k++)
490 if (!isascii(data[k]) ||
491 !isprint(data[k]))
492 break;
493 if (k == len) {
494 fmtbuf[i] = 't';
495 numhunk = -2;
496 } else {
497 fmtbuf[i] = 'x';
498 hunksize++;
499 comma = ':';
500 numhunk = 0;
501 }
502 fmtbuf[i + 1] = 0;
503 break;
504 case 't':
505 fmtbuf[i] = 't';
506 fmtbuf[i + 1] = 0;
507 numhunk = -2;
508 break;
509 case 'I':
510 case 'l':
511 case 'L':
512 hunksize += 4;
513 break;
514 case 's':
515 case 'S':
516 hunksize += 2;
517 break;
518 case 'b':
519 case 'B':
520 case 'f':
521 hunksize++;
522 break;
523 case 'e':
524 break;
525 default:
526 warning("%s: garbage in format string: %s",
527 dhcp_options[code].name,
528 &(dhcp_options[code].format[i]));
529 break;
530 }
531 }
532
533 /* Check for too few bytes... */
534 if (hunksize > len) {
535 warning("%s: expecting at least %d bytes; got %d",
536 dhcp_options[code].name, hunksize, len);
537 return ("<error>");
538 }
539 /* Check for too many bytes... */
540 if (numhunk == -1 && hunksize < len)
541 warning("%s: %d extra bytes",
542 dhcp_options[code].name, len - hunksize);
543
544 /* If this is an array, compute its size. */
545 if (!numhunk)
546 numhunk = len / hunksize;
547 /* See if we got an exact number of hunks. */
548 if (numhunk > 0 && numhunk * hunksize < len)
549 warning("%s: %d extra bytes at end of array",
550 dhcp_options[code].name, len - numhunk * hunksize);
551
552 /* A one-hunk array prints the same as a single hunk. */
553 if (numhunk < 0)
554 numhunk = 1;
555
556 /* Cycle through the array (or hunk) printing the data. */
557 for (i = 0; i < numhunk; i++) {
558 for (j = 0; j < numelem; j++) {
559 int opcount;
560 switch (fmtbuf[j]) {
561 case 't':
562 if (emit_quotes) {
563 *op++ = '"';
564 opleft--;
565 }
566 for (; dp < data + len; dp++) {
567 if (!isascii(*dp) ||
568 !isprint(*dp)) {
569 if (dp + 1 != data + len ||
570 *dp != 0) {
571 _snprintf(op, opleft,
572 "\\%03o", *dp);
573 op += 4;
574 opleft -= 4;
575 }
576 } else if (*dp == '"' ||
577 *dp == '\'' ||
578 *dp == '$' ||
579 *dp == '`' ||
580 *dp == '\\') {
581 *op++ = '\\';
582 *op++ = *dp;
583 opleft -= 2;
584 } else {
585 *op++ = *dp;
586 opleft--;
587 }
588 }
589 if (emit_quotes) {
590 *op++ = '"';
591 opleft--;
592 }
593
594 *op = 0;
595 break;
596 case 'I':
597 foo.s_addr = htonl(getULong(dp));
598 strncpy(op, inet_ntoa(foo), opleft - 1);
599 op[opleft - 1] = ANSI_NULL;
600 opcount = strlen(op);
601 if (opcount >= opleft)
602 goto toobig;
603 opleft -= opcount;
604 dp += 4;
605 break;
606 case 'l':
607 opcount = _snprintf(op, opleft, "%ld",
608 (long)getLong(dp));
609 if (opcount >= opleft || opcount == -1)
610 goto toobig;
611 opleft -= opcount;
612 dp += 4;
613 break;
614 case 'L':
615 opcount = _snprintf(op, opleft, "%ld",
616 (unsigned long)getULong(dp));
617 if (opcount >= opleft || opcount == -1)
618 goto toobig;
619 opleft -= opcount;
620 dp += 4;
621 break;
622 case 's':
623 opcount = _snprintf(op, opleft, "%d",
624 getShort(dp));
625 if (opcount >= opleft || opcount == -1)
626 goto toobig;
627 opleft -= opcount;
628 dp += 2;
629 break;
630 case 'S':
631 opcount = _snprintf(op, opleft, "%d",
632 getUShort(dp));
633 if (opcount >= opleft || opcount == -1)
634 goto toobig;
635 opleft -= opcount;
636 dp += 2;
637 break;
638 case 'b':
639 opcount = _snprintf(op, opleft, "%d",
640 *(char *)dp++);
641 if (opcount >= opleft || opcount == -1)
642 goto toobig;
643 opleft -= opcount;
644 break;
645 case 'B':
646 opcount = _snprintf(op, opleft, "%d", *dp++);
647 if (opcount >= opleft || opcount == -1)
648 goto toobig;
649 opleft -= opcount;
650 break;
651 case 'x':
652 opcount = _snprintf(op, opleft, "%x", *dp++);
653 if (opcount >= opleft || opcount == -1)
654 goto toobig;
655 opleft -= opcount;
656 break;
657 case 'f':
658 opcount = (size_t) strncpy(op, *dp++ ? "true" : "false", opleft - 1);
659 op[opleft - 1] = ANSI_NULL;
660 if (opcount >= opleft)
661 goto toobig;
662 opleft -= opcount;
663 break;
664 default:
665 warning("Unexpected format code %c", fmtbuf[j]);
666 }
667 op += strlen(op);
668 opleft -= strlen(op);
669 if (opleft < 1)
670 goto toobig;
671 if (j + 1 < numelem && comma != ':') {
672 *op++ = ' ';
673 opleft--;
674 }
675 }
676 if (i + 1 < numhunk) {
677 *op++ = comma;
678 opleft--;
679 }
680 if (opleft < 1)
681 goto toobig;
682
683 }
684 return (optbuf);
685 toobig:
686 warning("dhcp option too large");
687 return ("<error>");
688 }
689
690 void
691 do_packet(struct interface_info *interface, struct dhcp_packet *packet,
692 int len, unsigned int from_port, struct iaddr from, struct hardware *hfrom)
693 {
694 struct packet tp;
695 int i;
696
697 if (packet->hlen > sizeof(packet->chaddr)) {
698 note("Discarding packet with invalid hlen.");
699 return;
700 }
701
702 memset(&tp, 0, sizeof(tp));
703 tp.raw = packet;
704 tp.packet_length = len;
705 tp.client_port = from_port;
706 tp.client_addr = from;
707 tp.interface = interface;
708 tp.haddr = hfrom;
709
710 parse_options(&tp);
711 if (tp.options_valid &&
712 tp.options[DHO_DHCP_MESSAGE_TYPE].data)
713 tp.packet_type = tp.options[DHO_DHCP_MESSAGE_TYPE].data[0];
714 if (tp.packet_type)
715 dhcp(&tp);
716 else
717 bootp(&tp);
718
719 /* Free the data associated with the options. */
720 for (i = 0; i < 256; i++)
721 if (tp.options[i].len && tp.options[i].data)
722 free(tp.options[i].data);
723 }