fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2025-12-26 05:20:08 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

core: honor the ipv4.dhcp-reject-servers property

Browse source
This commit is contained in:
Beniamino Galvani 2020-07-15 17:28:35 +02:00
parent 757fa4711f
commit 7f217d0345
12 changed files with 123 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
src/devices/nm-device.c
View file

@ -8876,6 +8876,7 @@ dhcp4_start (NMDevice *self)
NMSettingConnection *s_con;
GError *error = NULL;
const NMPlatformLink *pllink;
const char *const *reject_servers;
connection = nm_device_get_applied_connection (self);
g_return_val_if_fail (connection, FALSE);
@ -8898,6 +8899,7 @@ dhcp4_start (NMDevice *self)
client_id = dhcp4_get_client_id (self, connection, hwaddr);
vendor_class_identifier
= dhcp4_get_vendor_class_identifier (self, NM_SETTING_IP4_CONFIG (s_ip4));
reject_servers = nm_setting_ip_config_get_dhcp_reject_servers (s_ip4, NULL);
g_warn_if_fail (priv->dhcp_data_4.client == NULL);
priv->dhcp_data_4.client = nm_dhcp_manager_start_ip4 (nm_dhcp_manager_get (),
@ -8919,6 +8921,7 @@ dhcp4_start (NMDevice *self)
priv->dhcp_anycast_address,
NULL,
vendor_class_identifier,
reject_servers,
&error);
if (!priv->dhcp_data_4.client) {
_LOGW (LOGD_DHCP4, "failure to start DHCP: %s", error->message);

53
src/dhcp/nm-dhcp-client.c
View file

@ -52,6 +52,7 @@ NM_GOBJECT_PROPERTIES_DEFINE (NMDhcpClient,
PROP_HOSTNAME_FLAGS,
PROP_MUD_URL,
PROP_VENDOR_CLASS_IDENTIFIER,
PROP_REJECT_SERVERS,
);
typedef struct _NMDhcpClientPrivate {
@ -62,6 +63,7 @@ typedef struct _NMDhcpClientPrivate {
char * uuid;
GBytes * client_id;
char * hostname;
const char **reject_servers;
char * mud_url;
GBytes * vendor_class_identifier;
pid_t pid;
@ -332,6 +334,14 @@ nm_dhcp_client_get_vendor_class_identifier (NMDhcpClient *self)
return NM_DHCP_CLIENT_GET_PRIVATE (self)->vendor_class_identifier;
}
const char *const *
nm_dhcp_client_get_reject_servers (NMDhcpClient *self)
{
g_return_val_if_fail (NM_IS_DHCP_CLIENT (self), NULL);
return (const char *const *) NM_DHCP_CLIENT_GET_PRIVATE (self)->reject_servers;
}
/*****************************************************************************/
static const char *state_table[NM_DHCP_STATE_MAX + 1] = {
@ -954,6 +964,38 @@ nm_dhcp_client_handle_event (gpointer unused,
return TRUE;
}
gboolean
nm_dhcp_client_server_id_is_rejected (NMDhcpClient *self, gconstpointer addr)
{
NMDhcpClientPrivate *priv = NM_DHCP_CLIENT_GET_PRIVATE (self);
in_addr_t addr4 = *(in_addr_t *) addr;
guint i;
/* IPv6 not implemented yet */
nm_assert (priv->addr_family == AF_INET);
if (!priv->reject_servers || !priv->reject_servers[0])
return FALSE;
for (i = 0; priv->reject_servers[i]; i++) {
in_addr_t r_addr;
in_addr_t mask;
int r_prefix;
if (!nm_utils_parse_inaddr_prefix_bin (AF_INET,
priv->reject_servers[i],
NULL,
&r_addr,
&r_prefix))
nm_assert_not_reached ();
mask = _nm_utils_ip4_prefix_to_netmask (r_prefix < 0 ? 32 : r_prefix);
if ((addr4 & mask) == (r_addr & mask))
return TRUE;
}
return FALSE;
}
/*****************************************************************************/
static void
@ -1090,6 +1132,10 @@ set_property (GObject *object, guint prop_id,
/* construct-only */
priv->vendor_class_identifier = g_value_dup_boxed (value);
break;
case PROP_REJECT_SERVERS:
/* construct-only */
priv->reject_servers = nm_utils_strv_dup_packed (g_value_get_boxed (value), -1);
break;
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
break;
@ -1131,6 +1177,7 @@ dispose (GObject *object)
nm_clear_g_free (&priv->hostname);
nm_clear_g_free (&priv->uuid);
nm_clear_g_free (&priv->mud_url);
nm_clear_g_free (&priv->reject_servers);
nm_clear_pointer (&priv->client_id, g_bytes_unref);
nm_clear_pointer (&priv->hwaddr, g_bytes_unref);
nm_clear_pointer (&priv->bcast_hwaddr, g_bytes_unref);
@ -1258,6 +1305,12 @@ nm_dhcp_client_class_init (NMDhcpClientClass *client_class)
G_PARAM_WRITABLE | G_PARAM_CONSTRUCT_ONLY |
G_PARAM_STATIC_STRINGS);
obj_properties[PROP_REJECT_SERVERS] =
g_param_spec_boxed (NM_DHCP_CLIENT_REJECT_SERVERS, "", "",
G_TYPE_STRV,
G_PARAM_WRITABLE | G_PARAM_CONSTRUCT_ONLY |
G_PARAM_STATIC_STRINGS);
g_object_class_install_properties (object_class, _PROPERTY_ENUMS_LAST, obj_properties);
signals[SIGNAL_STATE_CHANGED] =

5
src/dhcp/nm-dhcp-client.h
View file

@ -39,6 +39,7 @@
#define NM_DHCP_CLIENT_IAID_EXPLICIT "iaid-explicit"
#define NM_DHCP_CLIENT_HOSTNAME_FLAGS "hostname-flags"
#define NM_DHCP_CLIENT_VENDOR_CLASS_IDENTIFIER "vendor-class-identifier"
#define NM_DHCP_CLIENT_REJECT_SERVERS "reject-servers"
#define NM_DHCP_CLIENT_SIGNAL_STATE_CHANGED "state-changed"
#define NM_DHCP_CLIENT_SIGNAL_PREFIX_DELEGATED "prefix-delegated"
@ -144,9 +145,11 @@ GBytes *nm_dhcp_client_get_client_id (NMDhcpClient *self);
const char *nm_dhcp_client_get_hostname (NMDhcpClient *self);
const char *nm_dhcp_client_get_mud_url (NMDhcpClient *self);
const char *const *nm_dhcp_client_get_reject_servers (NMDhcpClient *self);
NMDhcpHostnameFlags nm_dhcp_client_get_hostname_flags (NMDhcpClient *self);
gboolean nm_dhcp_client_get_info_only (NMDhcpClient *self);
gboolean nm_dhcp_client_get_use_fqdn (NMDhcpClient *self);
@ -208,6 +211,8 @@ void nm_dhcp_client_set_client_id_bin (NMDhcpClient *self,
void nm_dhcp_client_emit_ipv6_prefix_delegated (NMDhcpClient *self,
const NMPlatformIP6Address *prefix);
gboolean nm_dhcp_client_server_id_is_rejected (NMDhcpClient *self, gconstpointer addr);
/*****************************************************************************
* Client data
*****************************************************************************/

14
src/dhcp/nm-dhcp-dhclient-utils.c
View file

@ -307,6 +307,7 @@ nm_dhcp_dhclient_create_config (const char *interface,
gboolean use_fqdn,
NMDhcpHostnameFlags hostname_flags,
const char *mud_url,
const char *const *reject_servers,
const char *orig_path,
const char *orig_contents,
GBytes **out_new_client_id)
@ -319,6 +320,7 @@ nm_dhcp_dhclient_create_config (const char *interface,
g_return_val_if_fail (!anycast_addr || nm_utils_hwaddr_valid (anycast_addr, ETH_ALEN), NULL);
g_return_val_if_fail (NM_IN_SET (addr_family, AF_INET, AF_INET6), NULL);
g_return_val_if_fail (!reject_servers || addr_family == AF_INET, NULL);
nm_assert (!out_new_client_id || !*out_new_client_id);
new_contents = g_string_new (_("# Created by NetworkManager\n"));
@ -473,6 +475,18 @@ nm_dhcp_dhclient_create_config (const char *interface,
}
add_mud_url_config (new_contents, mud_url, addr_family);
if ( reject_servers
&& reject_servers[0]) {
g_string_append (new_contents, "reject ");
for (i = 0; reject_servers[i]; i++) {
if (i != 0)
g_string_append (new_contents, ", ");
g_string_append (new_contents, reject_servers[i]);
}
g_string_append (new_contents, ";\n");
}
if (addr_family == AF_INET) {
add_ip4_config (new_contents, client_id, hostname, use_fqdn, hostname_flags);
add_request (reqs, "rfc3442-classless-static-routes");

1
src/dhcp/nm-dhcp-dhclient-utils.h
View file

@ -18,6 +18,7 @@ char *nm_dhcp_dhclient_create_config (const char *interface,
gboolean use_fqdn,
NMDhcpHostnameFlags hostname_flags,
const char *mud_url,
const char *const *reject_servers,
const char *orig_path,
const char *orig_contents,
GBytes **out_new_client_id);

6
src/dhcp/nm-dhcp-dhclient.c
View file

@ -148,6 +148,7 @@ merge_dhclient_config (NMDhcpDhclient *self,
gboolean use_fqdn,
NMDhcpHostnameFlags hostname_flags,
const char *mud_url,
const char *const *reject_servers,
const char *orig_path,
GBytes **out_new_client_id,
GError **error)
@ -178,6 +179,7 @@ merge_dhclient_config (NMDhcpDhclient *self,
use_fqdn,
hostname_flags,
mud_url,
reject_servers,
orig_path,
orig,
out_new_client_id);
@ -271,6 +273,7 @@ create_dhclient_config (NMDhcpDhclient *self,
gboolean use_fqdn,
NMDhcpHostnameFlags hostname_flags,
const char *mud_url,
const char *const *reject_servers,
GBytes **out_new_client_id)
{
gs_free char *orig = NULL;
@ -300,6 +303,7 @@ create_dhclient_config (NMDhcpDhclient *self,
use_fqdn,
hostname_flags,
mud_url,
reject_servers,
orig,
out_new_client_id,
&error)) {
@ -501,6 +505,7 @@ ip4_start (NMDhcpClient *client,
nm_dhcp_client_get_use_fqdn (client),
nm_dhcp_client_get_hostname_flags (client),
nm_dhcp_client_get_mud_url (client),
nm_dhcp_client_get_reject_servers (client),
&new_client_id);
if (!priv->conf_file) {
nm_utils_error_set_literal (error,
@ -546,6 +551,7 @@ ip6_start (NMDhcpClient *client,
TRUE,
nm_dhcp_client_get_hostname_flags (client),
nm_dhcp_client_get_mud_url (client),
NULL,
NULL);
if (!priv->conf_file) {
nm_utils_error_set_literal (error,

5
src/dhcp/nm-dhcp-manager.c
View file

@ -226,6 +226,7 @@ client_start (NMDhcpManager *self,
const char *last_ip4_address,
guint needed_prefixes,
GBytes *vendor_class_identifier,
const char *const *reject_servers,
GError **error)
{
NMDhcpManagerPrivate *priv;
@ -318,6 +319,7 @@ client_start (NMDhcpManager *self,
NM_DHCP_CLIENT_TIMEOUT, (guint) timeout,
NM_DHCP_CLIENT_HOSTNAME_FLAGS, (guint) hostname_flags,
NM_DHCP_CLIENT_VENDOR_CLASS_IDENTIFIER, vendor_class_identifier,
NM_DHCP_CLIENT_REJECT_SERVERS, reject_servers,
NM_DHCP_CLIENT_FLAGS, (guint) (0
| (hostname_use_fqdn ? NM_DHCP_CLIENT_FLAGS_USE_FQDN : 0)
| (info_only ? NM_DHCP_CLIENT_FLAGS_INFO_ONLY : 0)
@ -399,6 +401,7 @@ nm_dhcp_manager_start_ip4 (NMDhcpManager *self,
const char *dhcp_anycast_addr,
const char *last_ip_address,
GBytes *vendor_class_identifier,
const char *const *reject_servers,
GError **error)
{
NMDhcpManagerPrivate *priv;
@ -459,6 +462,7 @@ nm_dhcp_manager_start_ip4 (NMDhcpManager *self,
last_ip_address,
0,
vendor_class_identifier,
reject_servers,
error);
}
@ -523,6 +527,7 @@ nm_dhcp_manager_start_ip6 (NMDhcpManager *self,
NULL,
needed_prefixes,
NULL,
NULL,
error);
}

1
src/dhcp/nm-dhcp-manager.h
View file

@ -49,6 +49,7 @@ NMDhcpClient * nm_dhcp_manager_start_ip4 (NMDhcpManager *manager,
const char *dhcp_anycast_addr,
const char *last_ip_address,
GBytes *vendor_class_identifier,
const char *const *reject_servers,
GError **error);
NMDhcpClient * nm_dhcp_manager_start_ip6 (NMDhcpManager *manager,

21
src/dhcp/nm-dhcp-nettools.c
View file

@ -1072,16 +1072,31 @@ dhcp4_event_handle (NMDhcpNettools *self,
NDhcp4ClientEvent *event)
{
NMDhcpNettoolsPrivate *priv = NM_DHCP_NETTOOLS_GET_PRIVATE (self);
struct in_addr server_id;
char addr_str[INET_ADDRSTRLEN];
int r;
_LOGT ("client event %d", event->event);
switch (event->event) {
case N_DHCP4_CLIENT_EVENT_OFFER:
/* always accept the first lease */
r = n_dhcp4_client_lease_select (event->offer.lease);
if (r)
r = n_dhcp4_client_lease_get_server_identifier (event->offer.lease, &server_id);
if (r) {
_LOGW ("selecting lease failed: %d", r);
return TRUE;
}
if (nm_dhcp_client_server_id_is_rejected (NM_DHCP_CLIENT (self), &server_id)) {
_LOGD ("server-id %s is in the reject-list, ignoring",
nm_utils_inet_ntop (AF_INET, &server_id, addr_str));
return TRUE;
}
r = n_dhcp4_client_lease_select (event->offer.lease);
if (r) {
_LOGW ("selecting lease failed: %d", r);
return TRUE;
}
break;
case N_DHCP4_CLIENT_EVENT_RETRACTED:
case N_DHCP4_CLIENT_EVENT_EXPIRED:

15
src/dhcp/nm-dhcp-systemd.c
View file

@ -524,6 +524,10 @@ dhcp_event_cb (sd_dhcp_client *client, int event, gpointer user_data)
{
NMDhcpSystemd *self = NM_DHCP_SYSTEMD (user_data);
NMDhcpSystemdPrivate *priv = NM_DHCP_SYSTEMD_GET_PRIVATE (self);
char addr_str[INET_ADDRSTRLEN];
sd_dhcp_lease *lease;
struct in_addr addr;
int r;
nm_assert (priv->client4 == client);
@ -544,6 +548,17 @@ dhcp_event_cb (sd_dhcp_client *client, int event, gpointer user_data)
bound4_handle (self, FALSE);
break;
case SD_DHCP_CLIENT_EVENT_SELECTING:
r = sd_dhcp_client_get_lease (priv->client4, &lease);
if (r < 0)
return r;
r = sd_dhcp_lease_get_server_identifier (lease, &addr);
if (r < 0)
return r;
if (nm_dhcp_client_server_id_is_rejected (NM_DHCP_CLIENT (user_data), &addr)) {
_LOGD ("server-id %s is in the reject-list, ignoring",
nm_utils_inet_ntop (AF_INET, &addr, addr_str));
return -ENOMSG;
}
break;
default:
_LOGW ("unhandled DHCP event %d", event);

1
src/dhcp/tests/test-dhcp-dhclient.c
View file

@ -55,6 +55,7 @@ test_config (const char *orig,
use_fqdn,
hostname_flags,
mud_url,
NULL,
"/path/to/dhclient.conf",
orig,
&new_client_id);

1
src/nm-iface-helper.c
View file

@ -539,6 +539,7 @@ main (int argc, char *argv[])
NULL,
global_opt.dhcp4_address,
NULL,
NULL,
&error);
if (!dhcp4_client)
g_error ("failure to start DHCP: %s", error->message);