fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2025-12-27 17:30:09 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
NetworkManager/src
History
Thomas Haller 87baa2678a dhcp6: don't enforce DUID content for sd_dhcp6_client_set_duid() 
There are various functions to set the DUID of a DHCPv6 client.
However, none of them allows to set arbitrary data. The closest is
sd_dhcp6_client_set_duid(), which would still do validation of the
DUID's content via dhcp_validate_duid_len().

Relax the validation and only log a debug message if the DUID
does not validate.

Note that dhcp_validate_duid_len() already is not very strict. For example
with DUID_TYPE_LLT it only ensures that the length is suitable to contain
hwtype and time. It does not further check that the length of hwaddr is non-zero
or suitable for hwtype. Also, non-well-known DUID types are accepted for
extensibility. Why reject certain DUIDs but allowing clearly wrong formats
otherwise?

The validation and failure should happen earlier, when accepting the
unsuitable DUID. At that point, there is more context of what is wrong,
and a better failure reason (or warning) can be reported to the user. Rejecting
the DUID when setting up the DHCPv6 client seems not optimal, in particular
because the DHCPv6 client does not care about actual content of the
DUID and treats it as opaque blob.

Also, NetworkManager (which uses this code) allows to configure the entire
binary DUID in binary. It intentionally does not validate the binary
content any further. Hence, it needs to be able to set _invalid_ DUIDs,
provided that some basic constraints are satisfied (like the maximum length).

sd_dhcp6_client_set_duid() has two callers: both set the DUID obtained
from link_get_duid(), which comes from configuration.
`man networkd.conf` says: "The configured DHCP DUID should conform to
the specification in RFC 3315, RFC 6355.". It does not not state that
it MUST conform.

Note that dhcp_validate_duid_len() has another caller: DHCPv4's
dhcp_client_set_iaid_duid_internal(). In this case, continue with
strict validation, as the callers are more controlled. Also, there is
already sd_dhcp_client_set_client_id() which can be used to bypass
this check and set arbitrary client identifiers.

ab4a88bc29
(cherry picked from commit d65ee3bb18)
2018-12-21 20:46:18 +01:00
..
devices device: ensure IP configuration is restored when link goes up 2018-12-21 17:57:59 +01:00
dhcp core: add nm_utils_detect_arp_type_from_addrlen() helper 2018-12-14 14:15:44 +01:00
dns all: cleanup GChecksum handling 2018-11-14 14:17:34 +01:00
dnsmasq dnsmasq/shared: fix setting DNS nameserver and search for shared dnsmasq 2018-11-29 14:36:25 +01:00
initrd initrd: cmdline-reader: fix setting uint properties 2018-10-23 13:24:42 +02:00
ndisc build: avoid header conflict for <linux/if.h> and <net/if.h> with "nm-platform.h" 2018-11-14 14:39:10 +01:00
platform platform: sriov: write new values when we can't read old ones 2018-12-12 15:38:35 +01:00
ppp ppp: cleanup logging in impl_ppp_manager_set_ifindex() 2018-09-12 09:46:28 +02:00
settings ifcfg-rh: fix reading SR-IOV settings 2018-12-13 18:24:47 +01:00
supplicant all: cleanup GChecksum handling 2018-11-14 14:17:34 +01:00
systemd dhcp6: don't enforce DUID content for sd_dhcp6_client_set_duid() 2018-12-21 20:46:18 +01:00
tests core: fix match spec behavior for a list of all "except:" 2018-12-11 14:05:21 +01:00
vpn vpn: disconnect signal handlers from proxy in NMVpnConnection::dispose() 2018-09-14 15:24:31 +02:00
main-utils.c all: don't use gchar/gshort/gint/glong but C types 2018-07-11 12:02:06 +02:00
main-utils.h all: cleanup includes in header files 2016-08-17 19:51:17 +02:00
main.c dbus: don't even bother connecting in configure-and-quit mode 2018-10-17 17:06:18 +02:00
meson.build meson: Fix platform tests 2018-10-22 13:25:50 +02:00
NetworkManagerUtils.c device: add "dhcp-plugin" match spec for device 2018-11-14 12:38:05 +01:00
NetworkManagerUtils.h device: add "dhcp-plugin" match spec for device 2018-11-14 12:38:05 +01:00
nm-act-request.c shared: drop duplicate c-list.h header 2018-04-18 15:22:14 +02:00
nm-act-request.h core: specify an activation reason for active connections 2018-04-08 09:40:14 +02:00
nm-active-connection.c settings: use delegation instead of inheritance for NMSettingsConnection and NMConnection 2018-08-28 22:27:55 +02:00
nm-active-connection.h core: rework passing user-data to nm_active_connection_authorize() 2018-04-24 09:03:39 +02:00
nm-audit-manager.c all: remove consecutive empty lines 2018-04-30 16:24:52 +02:00
nm-audit-manager.h checkpoint: allow resetting the rollback timeout via D-Bus 2018-04-04 14:02:13 +02:00
nm-auth-manager.c auth-manager: use the correct function to deallocate a GError 2018-05-02 14:55:01 +02:00
nm-auth-manager.h auth-manager: add helper function nm_auth_call_result_eval() 2018-04-13 09:09:46 +02:00
nm-auth-subject.c all: don't use gchar/gshort/gint/glong but C types 2018-07-11 12:02:06 +02:00
nm-auth-subject.h all: remove consecutive empty lines 2018-04-30 16:24:52 +02:00
nm-auth-utils.c core: add nm_auth_is_subject_in_acl_set_error() helper 2018-04-18 07:55:15 +02:00
nm-auth-utils.h core: add nm_auth_is_subject_in_acl_set_error() helper 2018-04-18 07:55:15 +02:00
nm-checkpoint-manager.c settings: use delegation instead of inheritance for NMSettingsConnection and NMConnection 2018-08-28 22:27:55 +02:00
nm-checkpoint-manager.h checkpoint: allow resetting the rollback timeout via D-Bus 2018-04-04 14:02:13 +02:00
nm-checkpoint.c settings: use delegation instead of inheritance for NMSettingsConnection and NMConnection 2018-08-28 22:27:55 +02:00
nm-checkpoint.h checkpoint: allow resetting the rollback timeout via D-Bus 2018-04-04 14:02:13 +02:00
nm-config-data.c device: add "dhcp-plugin" match spec for device 2018-11-14 12:38:05 +01:00
nm-config-data.h device: add "dhcp-plugin" match spec for device 2018-11-14 12:38:05 +01:00
nm-config.c config: add --configure-and-quit=initrd mode 2018-10-17 17:06:29 +02:00
nm-config.h config: add --configure-and-quit=initrd mode 2018-10-17 17:06:29 +02:00
nm-connectivity.c connectivity: fix crash when removing easy-handle from curl callback 2018-09-17 18:23:10 +02:00
nm-connectivity.h libnm: add nm_connectivity_state_cmp() helper 2018-12-11 09:31:39 +01:00
nm-core-utils.c core: add nm_utils_detect_arp_type_from_addrlen() helper 2018-12-14 14:15:44 +01:00
nm-core-utils.h core: add nm_utils_detect_arp_type_from_addrlen() helper 2018-12-14 14:15:44 +01:00
nm-dbus-manager.c dbus: register object manager object before requesting dbus name 2018-11-29 07:58:05 +01:00
nm-dbus-manager.h settings: use delegation instead of inheritance for NMSettingsConnection and NMConnection 2018-08-28 22:27:55 +02:00
nm-dbus-object.c core/dbus: stop NMDBusManager and reject future method calls 2018-04-24 10:25:26 +02:00
nm-dbus-object.h core/dbus: stop NMDBusManager and reject future method calls 2018-04-24 10:25:26 +02:00
nm-dbus-utils.c core: don't explicitly set D-Bus path properties to "/" 2018-04-18 07:55:15 +02:00
nm-dbus-utils.h core/dbus: stop NMDBusManager and reject future method calls 2018-04-24 10:25:26 +02:00
nm-dcb.c all: don't use gchar/gshort/gint/glong but C types 2018-07-11 12:02:06 +02:00
nm-dcb.h all: cleanup includes in header files 2016-08-17 19:51:17 +02:00
nm-dhcp4-config.c core: sort DHCP options that are exported on D-Bus 2018-04-23 15:43:39 +02:00
nm-dhcp4-config.h core: refactor private data in "src" 2016-10-04 09:50:56 +02:00
nm-dhcp6-config.c core: sort DHCP options that are exported on D-Bus 2018-04-23 15:43:39 +02:00
nm-dhcp6-config.h core: refactor private data in "src" 2016-10-04 09:50:56 +02:00
nm-dispatcher.c all: use the elvis operator wherever possible 2018-05-10 14:36:58 +02:00
nm-dispatcher.h all: remove consecutive empty lines 2018-04-30 16:24:52 +02:00
nm-firewall-manager.c all: use the elvis operator wherever possible 2018-05-10 14:36:58 +02:00
nm-firewall-manager.h firewall: merge "started" signal and "available" property 2017-04-21 09:09:01 +02:00
nm-hostname-manager.c hostname: drop define IFCFG_DIR which is only used once 2018-07-17 17:46:01 +02:00
nm-hostname-manager.h hostname: cache hostname-manager's hostname property 2017-05-12 17:29:33 +02:00
nm-iface-helper.c config: add --configure-and-quit=initrd mode 2018-10-17 17:06:29 +02:00
nm-ip4-config.c all: cleanup GChecksum handling 2018-11-14 14:17:34 +01:00
nm-ip4-config.h ip-config: add @intersect_routes argument to intersect functions 2018-10-08 18:10:23 +02:00
nm-ip6-config.c all: cleanup GChecksum handling 2018-11-14 14:17:34 +01:00
nm-ip6-config.h ip-config: add @intersect_routes argument to intersect functions 2018-10-08 18:10:23 +02:00
nm-logging.c all: don't use gchar/gshort/gint/glong but C types 2018-07-11 12:02:06 +02:00
nm-logging.h build: always define NM_MORE_LOGGING define and don't check with #ifdef 2018-08-27 17:49:29 +02:00
nm-manager.c connectivity: fix determining the global connectivity state 2018-12-11 09:32:11 +01:00
nm-manager.h core: extend nm_manager_get_activatable_connections() for autoconnect and multi-connect 2018-08-08 11:24:29 +02:00
nm-netns.c all: get rid of a handful of unused-but-set variables 2017-12-18 13:29:32 +01:00
nm-netns.h core: rework handling of default-routes and drop NMDefaultRouteManager 2017-09-08 11:11:21 +02:00
nm-pacrunner-manager.c all: remove consecutive empty lines 2018-04-30 16:24:52 +02:00
nm-pacrunner-manager.h proxy: introduce call-id for clearing pacmanager configuration 2017-04-23 18:12:09 +02:00
nm-policy.c wwan: rework when settings/device are blocked for autoconnection 2018-12-14 14:30:05 +01:00
nm-policy.h policy: track best active connections rather than best devices 2018-07-09 14:56:59 +02:00
nm-proxy-config.c proxy: reorder parts in nm-proxy-config.c and nm-pacrunner-manager.c 2016-10-04 11:58:32 +02:00
nm-proxy-config.h proxy: remove unnecessary APIs 2016-10-04 11:44:44 +02:00
nm-rfkill-manager.c all: don't use gchar/gshort/gint/glong but C types 2018-07-11 12:02:06 +02:00
nm-rfkill-manager.h core: refactor private data in "src" 2016-10-04 09:50:56 +02:00
nm-session-monitor.c all: avoid g_memdup() 2018-09-07 11:24:17 +02:00
nm-session-monitor.h core: refactor private data in "src" 2016-10-04 09:50:56 +02:00
nm-sleep-monitor.c all: don't use gchar/gshort/gint/glong but C types 2018-07-11 12:02:06 +02:00
nm-sleep-monitor.h core: refactor private data in "src" 2016-10-04 09:50:56 +02:00
nm-test-utils-core.h build: avoid header conflict for <linux/if.h> and <net/if.h> with "nm-platform.h" 2018-11-14 14:39:10 +01:00
nm-types.h merge: branch 'wireguard-platform' of https://github.com/jbeta/NetworkManager 2018-07-09 11:08:12 +02:00
org.freedesktop.NetworkManager.conf all: replace "it's" with "its" where needed 2018-04-18 14:14:07 +02:00