search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
No empty .Rs/.Re
[netbsd-mini2440.git] / usr.sbin / bootp / bootpd / bootpd.c
blobc1c9dbebbb30b317632b7c09d48fb3d3dde4559c
1 /************************************************************************
2 Copyright 1988, 1991 by Carnegie Mellon University
3
4 All Rights Reserved
5
6 Permission to use, copy, modify, and distribute this software and its
7 documentation for any purpose and without fee is hereby granted, provided
8 that the above copyright notice appear in all copies and that both that
9 copyright notice and this permission notice appear in supporting
10 documentation, and that the name of Carnegie Mellon University not be used
11 in advertising or publicity pertaining to distribution of the software
12 without specific, written prior permission.
13
14 CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS
15 SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS.
16 IN NO EVENT SHALL CMU BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL
17 DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
18 PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
19 ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
20 SOFTWARE.
21 ************************************************************************/
22
23 #include <sys/cdefs.h>
24 #ifndef lint
25 __RCSID("$NetBSD: bootpd.c,v 1.22 2008/05/02 19:22:10 xtraeme Exp $");
26 #endif
27
28 /*
29 * BOOTP (bootstrap protocol) server daemon.
30 *
31 * Answers BOOTP request packets from booting client machines.
32 * See [SRI-NIC]<RFC>RFC951.TXT for a description of the protocol.
33 * See [SRI-NIC]<RFC>RFC1048.TXT for vendor-information extensions.
34 * See RFC 1395 for option tags 14-17.
35 * See accompanying man page -- bootpd.8
36 *
37 * HISTORY
38 * See ./Changes
39 *
40 * BUGS
41 * See ./ToDo
42 */
43
44 \f
45
46 #include <sys/types.h>
47 #include <sys/param.h>
48 #include <sys/socket.h>
49 #include <sys/ioctl.h>
50 #include <sys/file.h>
51 #include <sys/time.h>
52 #include <sys/stat.h>
53 #include <sys/poll.h>
54
55 #include <net/if.h>
56 #include <netinet/in.h>
57 #include <arpa/inet.h> /* inet_ntoa */
58
59 #ifndef NO_UNISTD
60 #include <unistd.h>
61 #endif
62 #include <stdlib.h>
63 #include <signal.h>
64 #include <stdio.h>
65 #include <string.h>
66 #include <strings.h>
67 #include <errno.h>
68 #include <ctype.h>
69 #include <netdb.h>
70 #include <syslog.h>
71 #include <assert.h>
72
73 #ifdef NO_SETSID
74 # include <fcntl.h> /* for O_RDONLY, etc */
75 #endif
76
77 #ifdef SVR4
78 /* Using sigset() avoids the need to re-arm each time. */
79 #define signal sigset
80 #endif
81
82 #include "bootp.h"
83 #include "hash.h"
84 #include "hwaddr.h"
85 #include "bootpd.h"
86 #include "dovend.h"
87 #include "getif.h"
88 #include "readfile.h"
89 #include "report.h"
90 #include "tzone.h"
91 #include "patchlevel.h"
92
93 #ifndef CONFIG_FILE
94 #define CONFIG_FILE "/etc/bootptab"
95 #endif
96 #ifndef DUMPTAB_FILE
97 #define DUMPTAB_FILE "/tmp/bootpd.dump"
98 #endif
99
100 \f
101
102 /*
103 * Externals, forward declarations, and global variables
104 */
105
106 extern void dumptab(const char *);
107
108 PRIVATE void catcher(int);
109 PRIVATE int chk_access(char *, int32 *);
110 #ifdef VEND_CMU
111 PRIVATE void dovend_cmu(struct bootp *, struct host *);
112 #endif
113 PRIVATE void dovend_rfc1048(struct bootp *, struct host *, int32);
114 PRIVATE void handle_reply(void);
115 PRIVATE void handle_request(void);
116 PRIVATE void sendreply(int forward, int32 dest_override);
117 PRIVATE void usage(void);
118 int main(int, char **);
119
120 /*
121 * IP port numbers for client and server obtained from /etc/services
122 */
123
124 u_short bootps_port, bootpc_port;
125
126
127 /*
128 * Internet socket and interface config structures
129 */
130
131 struct sockaddr_in bind_addr; /* Listening */
132 struct sockaddr_in recv_addr; /* Packet source */
133 struct sockaddr_in send_addr; /* destination */
134
135
136 /*
137 * option defaults
138 */
139 int debug = 0; /* Debugging flag (level) */
140 int actualtimeout = 15 * 60000; /* fifteen minutes */
141
142 /*
143 * General
144 */
145
146 int s; /* Socket file descriptor */
147 char *pktbuf; /* Receive packet buffer */
148 int pktlen;
149 const char *progname;
150 char *chdir_path;
151 char hostname[MAXHOSTNAMELEN + 1]; /* System host name */
152 struct in_addr my_ip_addr;
153
154 /* Flags set by signal catcher. */
155 PRIVATE int do_readtab = 0;
156 PRIVATE int do_dumptab = 0;
157
158 /*
159 * Globals below are associated with the bootp database file (bootptab).
160 */
161
162 const char *bootptab = CONFIG_FILE;
163 const char *bootpd_dump = DUMPTAB_FILE;
164
165 \f
166
167 /*
168 * Initialization such as command-line processing is done and then the
169 * main server loop is started.
170 */
171
172 int
173 main(int argc, char **argv)
174 {
175 int timeout;
176 struct bootp *bp;
177 struct servent *servp;
178 struct hostent *hep;
179 char *stmp;
180 socklen_t ba_len, ra_len;
181 int n;
182 int nfound;
183 struct pollfd set[1];
184 int standalone;
185
186 progname = strrchr(argv[0], '/');
187 if (progname)
188 progname++;
189 else
190 progname = argv[0];
191
192 /*
193 * Initialize logging.
194 */
195 report_init(0); /* uses progname */
196
197 /*
198 * Log startup
199 */
200 report(LOG_INFO, "version %s.%d", VERSION, PATCHLEVEL);
201
202 /* Debugging for compilers with struct padding. */
203 assert(sizeof(struct bootp) == BP_MINPKTSZ);
204
205 /* Get space for receiving packets and composing replies. */
206 pktbuf = malloc(MAX_MSG_SIZE);
207 if (!pktbuf) {
208 report(LOG_ERR, "malloc failed");
209 exit(1);
210 }
211 bp = (struct bootp *) pktbuf;
212
213 /*
214 * Check to see if a socket was passed to us from inetd.
215 *
216 * Use getsockname() to determine if descriptor 0 is indeed a socket
217 * (and thus we are probably a child of inetd) or if it is instead
218 * something else and we are running standalone.
219 */
220 s = 0;
221 ba_len = sizeof(bind_addr);
222 bzero((char *) &bind_addr, ba_len);
223 errno = 0;
224 standalone = TRUE;
225 if (getsockname(s, (struct sockaddr *) &bind_addr, &ba_len) == 0) {
226 /*
227 * Descriptor 0 is a socket. Assume we are a child of inetd.
228 */
229 if (bind_addr.sin_family == AF_INET) {
230 standalone = FALSE;
231 bootps_port = ntohs(bind_addr.sin_port);
232 } else {
233 /* Some other type of socket? */
234 report(LOG_ERR, "getsockname: not an INET socket");
235 }
236 }
237
238 /*
239 * Set defaults that might be changed by option switches.
240 */
241 stmp = NULL;
242 timeout = actualtimeout;
243
244 /*
245 * Read switches.
246 */
247 for (argc--, argv++; argc > 0; argc--, argv++) {
248 if (argv[0][0] != '-')
249 break;
250 switch (argv[0][1]) {
251
252 case 'c': /* chdir_path */
253 if (argv[0][2]) {
254 stmp = &(argv[0][2]);
255 } else {
256 argc--;
257 argv++;
258 stmp = argv[0];
259 }
260 if (!stmp || (stmp[0] != '/')) {
261 fprintf(stderr,
262 "bootpd: invalid chdir specification\n");
263 break;
264 }
265 chdir_path = stmp;
266 break;
267
268 case 'd': /* debug level */
269 if (argv[0][2]) {
270 stmp = &(argv[0][2]);
271 } else if (argv[1] && argv[1][0] == '-') {
272 /*
273 * Backwards-compatible behavior:
274 * no parameter, so just increment the debug flag.
275 */
276 debug++;
277 break;
278 } else {
279 argc--;
280 argv++;
281 stmp = argv[0];
282 }
283 if (!stmp || (sscanf(stmp, "%d", &n) != 1) || (n < 0)) {
284 fprintf(stderr,
285 "%s: invalid debug level\n", progname);
286 break;
287 }
288 debug = n;
289 break;
290
291 case 'h': /* override hostname */
292 if (argv[0][2]) {
293 stmp = &(argv[0][2]);
294 } else {
295 argc--;
296 argv++;
297 stmp = argv[0];
298 }
299 if (!stmp) {
300 fprintf(stderr,
301 "bootpd: missing hostname\n");
302 break;
303 }
304 strlcpy(hostname, stmp, sizeof(hostname));
305 break;
306
307 case 'i': /* inetd mode */
308 standalone = FALSE;
309 break;
310
311 case 's': /* standalone mode */
312 standalone = TRUE;
313 break;
314
315 case 't': /* timeout */
316 if (argv[0][2]) {
317 stmp = &(argv[0][2]);
318 } else {
319 argc--;
320 argv++;
321 stmp = argv[0];
322 }
323 if (!stmp || (sscanf(stmp, "%d", &n) != 1) || (n < 0)) {
324 fprintf(stderr,
325 "%s: invalid timeout specification\n", progname);
326 break;
327 }
328 actualtimeout = n * 60000;
329 /*
330 * If the actual timeout is zero, pass INFTIM
331 * to poll so it blocks indefinitely, otherwise,
332 * use the actual timeout value.
333 */
334 timeout = (n > 0) ? actualtimeout : INFTIM;
335 break;
336
337 default:
338 fprintf(stderr, "%s: unknown switch: -%c\n",
339 progname, argv[0][1]);
340 usage();
341 break;
342
343 } /* switch */
344 } /* for args */
345
346 /*
347 * Override default file names if specified on the command line.
348 */
349 if (argc > 0)
350 bootptab = argv[0];
351
352 if (argc > 1)
353 bootpd_dump = argv[1];
354
355 /*
356 * Get my hostname and IP address.
357 */
358 if (hostname[0] == '\0') {
359 if (gethostname(hostname, sizeof(hostname)) == -1) {
360 fprintf(stderr, "bootpd: can't get hostname\n");
361 exit(1);
362 }
363 hostname[sizeof(hostname) - 1] = '\0';
364 }
365 hep = gethostbyname(hostname);
366 if (!hep) {
367 fprintf(stderr, "Can not get my IP address\n");
368 exit(1);
369 }
370 bcopy(hep->h_addr, (char *)&my_ip_addr, sizeof(my_ip_addr));
371
372 if (standalone) {
373 /*
374 * Go into background and disassociate from controlling terminal.
375 */
376 if (debug < 3) {
377 if (fork())
378 exit(0);
379 #ifdef NO_SETSID
380 setpgrp(0,0);
381 #ifdef TIOCNOTTY
382 n = open("/dev/tty", O_RDWR);
383 if (n >= 0) {
384 ioctl(n, TIOCNOTTY, (char *) 0);
385 (void) close(n);
386 }
387 #endif /* TIOCNOTTY */
388 #else /* SETSID */
389 if (setsid() < 0)
390 perror("setsid");
391 #endif /* SETSID */
392 } /* if debug < 3 */
393
394 /*
395 * Nuke any timeout value
396 */
397 timeout = INFTIM;
398
399 } /* if standalone (1st) */
400
401 /* Set the cwd (i.e. to /tftpboot) */
402 if (chdir_path) {
403 if (chdir(chdir_path) < 0)
404 report(LOG_ERR, "%s: chdir failed", chdir_path);
405 }
406
407 /* Get the timezone. */
408 tzone_init();
409
410 /* Allocate hash tables. */
411 rdtab_init();
412
413 /*
414 * Read the bootptab file.
415 */
416 readtab(1); /* force read */
417
418 if (standalone) {
419
420 /*
421 * Create a socket.
422 */
423 if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
424 report(LOG_ERR, "socket: %s", get_network_errmsg());
425 exit(1);
426 }
427
428 /*
429 * Get server's listening port number
430 */
431 servp = getservbyname("bootps", "udp");
432 if (servp) {
433 bootps_port = ntohs((u_short) servp->s_port);
434 } else {
435 bootps_port = (u_short) IPPORT_BOOTPS;
436 report(LOG_ERR,
437 "udp/bootps: unknown service -- assuming port %d",
438 bootps_port);
439 }
440
441 /*
442 * Bind socket to BOOTPS port.
443 */
444 bind_addr.sin_family = AF_INET;
445 bind_addr.sin_addr.s_addr = INADDR_ANY;
446 bind_addr.sin_port = htons(bootps_port);
447 if (bind(s, (struct sockaddr *) &bind_addr,
448 sizeof(bind_addr)) < 0)
449 {
450 report(LOG_ERR, "bind: %s", get_network_errmsg());
451 exit(1);
452 }
453 } /* if standalone (2nd)*/
454
455 /*
456 * Get destination port number so we can reply to client
457 */
458 servp = getservbyname("bootpc", "udp");
459 if (servp) {
460 bootpc_port = ntohs(servp->s_port);
461 } else {
462 report(LOG_ERR,
463 "udp/bootpc: unknown service -- assuming port %d",
464 IPPORT_BOOTPC);
465 bootpc_port = (u_short) IPPORT_BOOTPC;
466 }
467
468 /*
469 * Set up signals to read or dump the table.
470 */
471 if ((long) signal(SIGHUP, catcher) < 0) {
472 report(LOG_ERR, "signal: %s", get_errmsg());
473 exit(1);
474 }
475 if ((long) signal(SIGUSR1, catcher) < 0) {
476 report(LOG_ERR, "signal: %s", get_errmsg());
477 exit(1);
478 }
479
480 /*
481 * Process incoming requests.
482 */
483 set[0].fd = s;
484 set[0].events = POLLIN;
485 for (;;) {
486 nfound = poll(set, 1, timeout);
487 if (nfound < 0) {
488 if (errno != EINTR) {
489 report(LOG_ERR, "poll: %s", get_errmsg());
490 }
491 /*
492 * Call readtab() or dumptab() here to avoid the
493 * dangers of doing I/O from a signal handler.
494 */
495 if (do_readtab) {
496 do_readtab = 0;
497 readtab(1); /* force read */
498 }
499 if (do_dumptab) {
500 do_dumptab = 0;
501 dumptab(bootpd_dump);
502 }
503 continue;
504 }
505 if (nfound == 0) {
506 if (debug > 1)
507 report(LOG_INFO, "exiting after %d minute%s of inactivity",
508 actualtimeout / 60000,
509 actualtimeout == 60000 ? "" : "s");
510 exit(0);
511 }
512 ra_len = sizeof(recv_addr);
513 n = recvfrom(s, pktbuf, MAX_MSG_SIZE, 0,
514 (struct sockaddr *) &recv_addr, &ra_len);
515 if (n <= 0) {
516 continue;
517 }
518 if (debug > 1) {
519 report(LOG_INFO, "recvd pkt from IP addr %s",
520 inet_ntoa(recv_addr.sin_addr));
521 }
522 if (n < (int)sizeof(struct bootp)) {
523 if (debug) {
524 report(LOG_INFO, "received short packet");
525 }
526 continue;
527 }
528 pktlen = n;
529
530 readtab(0); /* maybe re-read bootptab */
531
532 switch (bp->bp_op) {
533 case BOOTREQUEST:
534 handle_request();
535 break;
536 case BOOTREPLY:
537 handle_reply();
538 break;
539 }
540 }
541 }
542
543 \f
544
545
546 /*
547 * Print "usage" message and exit
548 */
549
550 PRIVATE void
551 usage(void)
552 {
553 fprintf(stderr,
554 "usage: bootpd [-d level] [-i] [-s] [-t timeout] [configfile [dumpfile]]\n");
555 fprintf(stderr, "\t -c n\tset current directory\n");
556 fprintf(stderr, "\t -d n\tset debug level\n");
557 fprintf(stderr, "\t -i\tforce inetd mode (run as child of inetd)\n");
558 fprintf(stderr, "\t -s\tforce standalone mode (run without inetd)\n");
559 fprintf(stderr, "\t -t n\tset inetd exit timeout to n minutes\n");
560 exit(1);
561 }
562
563 /* Signal catchers */
564 PRIVATE void
565 catcher(int sig)
566 {
567 if (sig == SIGHUP)
568 do_readtab = 1;
569 if (sig == SIGUSR1)
570 do_dumptab = 1;
571 #ifdef SYSV
572 /* For older "System V" derivatives with no sigset(). */
573 /* XXX - Should just do it the POSIX way (sigaction). */
574 signal(sig, catcher);
575 #endif
576 }
577
578 \f
579
580 /*
581 * Process BOOTREQUEST packet.
582 *
583 * Note: This version of the bootpd.c server never forwards
584 * a request to another server. That is the job of a gateway
585 * program such as the "bootpgw" program included here.
586 *
587 * (Also this version does not interpret the hostname field of
588 * the request packet; it COULD do a name->address lookup and
589 * forward the request there.)
590 */
591 PRIVATE void
592 handle_request(void)
593 {
594 struct bootp *bp = (struct bootp *) pktbuf;
595 struct host *hp = NULL;
596 struct host dummyhost;
597 int32 bootsize = 0;
598 unsigned hlen, hashcode;
599 int32 dest;
600 char lrealpath[1024];
601 char *clntpath;
602 char *homedir, *bootfile;
603 int n;
604
605 /* XXX - SLIP init: Set bp_ciaddr = recv_addr here? */
606
607 /*
608 * If the servername field is set, compare it against us.
609 * If we're not being addressed, ignore this request.
610 * If the server name field is null, throw in our name.
611 */
612 if (strlen(bp->bp_sname)) {
613 if (strcmp(bp->bp_sname, hostname)) {
614 if (debug)
615 report(LOG_INFO, "\
616 ignoring request for server %s from client at %s address %s",
617 bp->bp_sname, netname(bp->bp_htype),
618 haddrtoa(bp->bp_chaddr, bp->bp_hlen));
619 /* XXX - Is it correct to ignore such a request? -gwr */
620 return;
621 }
622 } else {
623 strlcpy(bp->bp_sname, hostname, sizeof(bp->bp_sname));
624 }
625
626 /* If it uses an unknown network type, ignore the request. */
627 if (bp->bp_htype >= hwinfocnt) {
628 if (debug)
629 report(LOG_INFO,
630 "Request with unknown network type %u",
631 bp->bp_htype);
632 return;
633 }
634
635 /* Convert the request into a reply. */
636 bp->bp_op = BOOTREPLY;
637 if (bp->bp_ciaddr.s_addr == 0) {
638 /*
639 * client doesnt know his IP address,
640 * search by hardware address.
641 */
642 if (debug > 1) {
643 report(LOG_INFO, "request from %s address %s",
644 netname(bp->bp_htype),
645 haddrtoa(bp->bp_chaddr, bp->bp_hlen));
646 }
647 hlen = haddrlength(bp->bp_htype);
648 if (hlen != bp->bp_hlen) {
649 report(LOG_NOTICE, "bad addr len from %s address %s",
650 netname(bp->bp_htype),
651 haddrtoa(bp->bp_chaddr, hlen));
652 }
653 dummyhost.htype = bp->bp_htype;
654 bcopy(bp->bp_chaddr, dummyhost.haddr, hlen);
655 hashcode = hash_HashFunction(bp->bp_chaddr, hlen);
656 hp = (struct host *) hash_Lookup(hwhashtable, hashcode, hwlookcmp,
657 &dummyhost);
658 if (hp == NULL &&
659 bp->bp_htype == HTYPE_IEEE802)
660 {
661 /* Try again with address in "canonical" form. */
662 haddr_conv802(bp->bp_chaddr, dummyhost.haddr, hlen);
663 if (debug > 1) {
664 report(LOG_INFO, "\
665 HW addr type is IEEE 802. convert to %s and check again\n",
666 haddrtoa(dummyhost.haddr, bp->bp_hlen));
667 }
668 hashcode = hash_HashFunction(dummyhost.haddr, hlen);
669 hp = (struct host *) hash_Lookup(hwhashtable, hashcode,
670 hwlookcmp, &dummyhost);
671 }
672 if (hp == NULL) {
673 /*
674 * XXX - Add dynamic IP address assignment?
675 */
676 if (debug > 1)
677 report(LOG_INFO, "unknown client %s address %s",
678 netname(bp->bp_htype),
679 haddrtoa(bp->bp_chaddr, bp->bp_hlen));
680 return; /* not found */
681 }
682 (bp->bp_yiaddr).s_addr = hp->iaddr.s_addr;
683
684 } else {
685
686 /*
687 * search by IP address.
688 */
689 if (debug > 1) {
690 report(LOG_INFO, "request from IP addr %s",
691 inet_ntoa(bp->bp_ciaddr));
692 }
693 dummyhost.iaddr.s_addr = bp->bp_ciaddr.s_addr;
694 hashcode = hash_HashFunction((u_char *) &(bp->bp_ciaddr.s_addr), 4);
695 hp = (struct host *) hash_Lookup(iphashtable, hashcode, iplookcmp,
696 &dummyhost);
697 if (hp == NULL) {
698 if (debug > 1) {
699 report(LOG_NOTICE, "IP address not found: %s",
700 inet_ntoa(bp->bp_ciaddr));
701 }
702 return;
703 }
704 }
705
706 if (debug) {
707 report(LOG_INFO, "found %s (%s)", inet_ntoa(hp->iaddr),
708 hp->hostname->string);
709 }
710
711 /*
712 * If there is a response delay threshold, ignore requests
713 * with a timestamp lower than the threshold.
714 */
715 if (hp->flags.min_wait) {
716 u_int32 t = (u_int32) ntohs(bp->bp_secs);
717 if (t < hp->min_wait) {
718 if (debug > 1)
719 report(LOG_INFO,
720 "ignoring request due to timestamp (%d < %d)",
721 t, hp->min_wait);
722 return;
723 }
724 }
725
726 #ifdef YORK_EX_OPTION
727 /*
728 * The need for the "ex" tag arose out of the need to empty
729 * shared networked drives on diskless PCs. This solution is
730 * not very clean but it does work fairly well.
731 * Written by Edmund J. Sutcliffe <edmund@york.ac.uk>
732 *
733 * XXX - This could compromise security if a non-trusted user
734 * managed to write an entry in the bootptab with :ex=trojan:
735 * so I would leave this turned off unless you need it. -gwr
736 */
737 /* Run a program, passing the client name as a parameter. */
738 if (hp->flags.exec_file) {
739 char tst[100];
740 /* XXX - Check string lengths? -gwr */
741 strlcpy(tst, hp->exec_file->string, sizeof(tst));
742 strlcat(tst, " ", sizeof(tst));
743 strlcat(tst, hp->hostname->string, sizeof(tst));
744 strlcat(tst, " &", sizeof(tst));
745 if (debug)
746 report(LOG_INFO, "executing %s", tst);
747 system(tst); /* Hope this finishes soon... */
748 }
749 #endif /* YORK_EX_OPTION */
750
751 /*
752 * If a specific TFTP server address was specified in the bootptab file,
753 * fill it in, otherwise zero it.
754 * XXX - Rather than zero it, should it be the bootpd address? -gwr
755 */
756 (bp->bp_siaddr).s_addr = (hp->flags.bootserver) ?
757 hp->bootserver.s_addr : 0L;
758
759 #ifdef STANFORD_PROM_COMPAT
760 /*
761 * Stanford bootp PROMs (for a Sun?) have no way to leave
762 * the boot file name field blank (because the boot file
763 * name is automatically generated from some index).
764 * As a work-around, this little hack allows those PROMs to
765 * specify "sunboot14" with the same effect as a NULL name.
766 * (The user specifies boot device 14 or some such magic.)
767 */
768 if (strcmp(bp->bp_file, "sunboot14") == 0)
769 bp->bp_file[0] = '\0'; /* treat it as unspecified */
770 #endif
771
772 /*
773 * Fill in the client's proper bootfile.
774 *
775 * If the client specifies an absolute path, try that file with a
776 * ".host" suffix and then without. If the file cannot be found, no
777 * reply is made at all.
778 *
779 * If the client specifies a null or relative file, use the following
780 * table to determine the appropriate action:
781 *
782 * Homedir Bootfile Client's file
783 * specified? specified? specification Action
784 * -------------------------------------------------------------------
785 * No No Null Send null filename
786 * No No Relative Discard request
787 * No Yes Null Send if absolute else null
788 * No Yes Relative Discard request *XXX
789 * Yes No Null Send null filename
790 * Yes No Relative Lookup with ".host"
791 * Yes Yes Null Send home/boot or bootfile
792 * Yes Yes Relative Lookup with ".host" *XXX
793 *
794 */
795
796 /*
797 * XXX - I don't like the policy of ignoring a client when the
798 * boot file is not accessible. The TFTP server might not be
799 * running on the same machine as the BOOTP server, in which
800 * case checking accessibility of the boot file is pointless.
801 *
802 * Therefore, file accessibility is now demanded ONLY if you
803 * define CHECK_FILE_ACCESS in the Makefile options. -gwr
804 */
805
806 /*
807 * The "real" path is as seen by the BOOTP daemon on this
808 * machine, while the client path is relative to the TFTP
809 * daemon chroot directory (i.e. /tftpboot).
810 */
811 if (hp->flags.tftpdir) {
812 strlcpy(lrealpath, hp->tftpdir->string, sizeof(lrealpath));
813 clntpath = &lrealpath[strlen(lrealpath)];
814 } else {
815 lrealpath[0] = '\0';
816 clntpath = lrealpath;
817 }
818
819 /*
820 * Determine client's requested homedir and bootfile.
821 */
822 homedir = NULL;
823 bootfile = NULL;
824 if (bp->bp_file[0]) {
825 char *t;
826
827 homedir = bp->bp_file;
828
829 /* make sure that the file is nul terminated */
830 for (t = homedir; t - homedir < BP_FILE_LEN; t++)
831 if (*t == '\0')
832 break;
833 if (t - homedir < BP_FILE_LEN) {
834 report(LOG_INFO, "requested path length > BP_FILE_LEN file = \"%s\", nul terminating", homedir);
835 homedir[BP_FILE_LEN - 1] = '\0';
836 }
837
838 bootfile = strrchr(homedir, '/');
839 if (bootfile) {
840 if (homedir == bootfile)
841 homedir = NULL;
842 *bootfile++ = '\0';
843 } else {
844 /* no "/" in the string */
845 bootfile = homedir;
846 homedir = NULL;
847 }
848 if (debug > 2) {
849 report(LOG_INFO, "requested path=\"%s\" file=\"%s\"",
850 (homedir) ? homedir : "",
851 (bootfile) ? bootfile : "");
852 }
853 }
854
855 /*
856 * Specifications in bootptab override client requested values.
857 */
858 if (hp->flags.homedir)
859 homedir = hp->homedir->string;
860 if (hp->flags.bootfile)
861 bootfile = hp->bootfile->string;
862
863 /*
864 * Construct bootfile path.
865 */
866 if (homedir) {
867 if (homedir[0] != '/')
868 strlcat(lrealpath, "/", sizeof(lrealpath));
869 strlcat(lrealpath, homedir, sizeof(lrealpath));
870 homedir = NULL;
871 }
872 if (bootfile) {
873 if (bootfile[0] != '/') {
874 strlcat(lrealpath, "/", sizeof(lrealpath));
875 lrealpath[sizeof(lrealpath) - 1] = '\0';
876 }
877 strlcat(lrealpath, bootfile, sizeof(lrealpath));
878 lrealpath[sizeof(lrealpath) - 1] = '\0';
879 bootfile = NULL;
880 }
881
882 /*
883 * First try to find the file with a ".host" suffix
884 */
885 n = strlen(clntpath);
886 strlcat(clntpath, ".", sizeof(clntpath));
887 strlcat(clntpath, hp->hostname->string, sizeof(clntpath));
888 if (chk_access(lrealpath, &bootsize) < 0) {
889 clntpath[n] = 0; /* Try it without the suffix */
890 if (chk_access(lrealpath, &bootsize) < 0) {
891 /* neither "file.host" nor "file" was found */
892 #ifdef CHECK_FILE_ACCESS
893
894 if (bp->bp_file[0]) {
895 /*
896 * Client wanted specific file
897 * and we didn't have it.
898 */
899 report(LOG_NOTICE,
900 "requested file not found: \"%s\"", clntpath);
901 return;
902 }
903 /*
904 * Client didn't ask for a specific file and we couldn't
905 * access the default file, so just zero-out the bootfile
906 * field in the packet and continue processing the reply.
907 */
908 bzero(bp->bp_file, sizeof(bp->bp_file));
909 goto null_file_name;
910
911 #else /* CHECK_FILE_ACCESS */
912
913 /* Complain only if boot file size was needed. */
914 if (hp->flags.bootsize_auto) {
915 report(LOG_ERR, "can not determine size of file \"%s\"",
916 clntpath);
917 }
918
919 #endif /* CHECK_FILE_ACCESS */
920 }
921 }
922 strlcpy(bp->bp_file, clntpath, sizeof(bp->bp_file));
923 if (debug > 2)
924 report(LOG_INFO, "bootfile=\"%s\"", clntpath);
925
926 #ifdef CHECK_FILE_ACCESS
927 null_file_name:
928 #endif /* CHECK_FILE_ACCESS */
929
930 \f
931 /*
932 * Handle vendor options based on magic number.
933 */
934
935 if (debug > 1) {
936 report(LOG_INFO, "vendor magic field is %d.%d.%d.%d",
937 (int) ((bp->bp_vend)[0]),
938 (int) ((bp->bp_vend)[1]),
939 (int) ((bp->bp_vend)[2]),
940 (int) ((bp->bp_vend)[3]));
941 }
942 /*
943 * If this host isn't set for automatic vendor info then copy the
944 * specific cookie into the bootp packet, thus forcing a certain
945 * reply format. Only force reply format if user specified it.
946 */
947 if (hp->flags.vm_cookie) {
948 /* Slam in the user specified magic number. */
949 bcopy(hp->vm_cookie, bp->bp_vend, 4);
950 }
951 /*
952 * Figure out the format for the vendor-specific info.
953 * Note that bp->bp_vend may have been set above.
954 */
955 if (!bcmp(bp->bp_vend, vm_rfc1048, 4)) {
956 /* RFC1048 conformant bootp client */
957 dovend_rfc1048(bp, hp, bootsize);
958 if (debug > 1) {
959 report(LOG_INFO, "sending reply (with RFC1048 options)");
960 }
961 }
962 #ifdef VEND_CMU
963 else if (!bcmp(bp->bp_vend, vm_cmu, 4)) {
964 dovend_cmu(bp, hp);
965 if (debug > 1) {
966 report(LOG_INFO, "sending reply (with CMU options)");
967 }
968 }
969 #endif
970 else {
971 if (debug > 1) {
972 report(LOG_INFO, "sending reply (with no options)");
973 }
974 }
975
976 dest = (hp->flags.reply_addr) ?
977 hp->reply_addr.s_addr : 0L;
978
979 /* not forwarded */
980 sendreply(0, dest);
981 }
982
983
984 /*
985 * Process BOOTREPLY packet.
986 */
987 PRIVATE void
988 handle_reply(void)
989 {
990 if (debug) {
991 report(LOG_INFO, "processing boot reply");
992 }
993 /* forwarded, no destination override */
994 sendreply(1, 0);
995 }
996
997
998 /*
999 * Send a reply packet to the client. 'forward' flag is set if we are
1000 * not the originator of this reply packet.
1001 */
1002 PRIVATE void
1003 sendreply(int forward, int32 dst_override)
1004 {
1005 struct bootp *bp = (struct bootp *) pktbuf;
1006 struct in_addr dst;
1007 u_short port = bootpc_port;
1008 unsigned char *ha;
1009 int len;
1010
1011 /*
1012 * XXX - Should honor bp_flags "broadcast" bit here.
1013 * Temporary workaround: use the :ra=ADDR: option to
1014 * set the reply address to the broadcast address.
1015 */
1016
1017 /*
1018 * If the destination address was specified explicitly
1019 * (i.e. the broadcast address for HP compatibility)
1020 * then send the response to that address. Otherwise,
1021 * act in accordance with RFC951:
1022 * If the client IP address is specified, use that
1023 * else if gateway IP address is specified, use that
1024 * else make a temporary arp cache entry for the client's
1025 * NEW IP/hardware address and use that.
1026 */
1027 if (dst_override) {
1028 dst.s_addr = dst_override;
1029 if (debug > 1) {
1030 report(LOG_INFO, "reply address override: %s",
1031 inet_ntoa(dst));
1032 }
1033 } else if (bp->bp_ciaddr.s_addr) {
1034 dst = bp->bp_ciaddr;
1035 } else if (bp->bp_giaddr.s_addr && forward == 0) {
1036 dst = bp->bp_giaddr;
1037 port = bootps_port;
1038 if (debug > 1) {
1039 report(LOG_INFO, "sending reply to gateway %s",
1040 inet_ntoa(dst));
1041 }
1042 } else {
1043 dst = bp->bp_yiaddr;
1044 ha = bp->bp_chaddr;
1045 len = bp->bp_hlen;
1046 if (len > MAXHADDRLEN)
1047 len = MAXHADDRLEN;
1048
1049 if (debug > 1)
1050 report(LOG_INFO, "setarp %s - %s",
1051 inet_ntoa(dst), haddrtoa(ha, len));
1052 setarp(s, &dst, ha, len);
1053 }
1054
1055 if ((forward == 0) &&
1056 (bp->bp_siaddr.s_addr == 0))
1057 {
1058 struct ifreq *ifr;
1059 struct in_addr siaddr;
1060 /*
1061 * If we are originating this reply, we
1062 * need to find our own interface address to
1063 * put in the bp_siaddr field of the reply.
1064 * If this server is multi-homed, pick the
1065 * 'best' interface (the one on the same net
1066 * as the client). Of course, the client may
1067 * be on the other side of a BOOTP gateway...
1068 */
1069 ifr = getif(s, &dst);
1070 if (ifr) {
1071 struct sockaddr_in *sip;
1072 sip = (struct sockaddr_in *) &(ifr->ifr_addr);
1073 siaddr = sip->sin_addr;
1074 } else {
1075 /* Just use my "official" IP address. */
1076 siaddr = my_ip_addr;
1077 }
1078
1079 /* XXX - No need to set bp_giaddr here. */
1080
1081 /* Finally, set the server address field. */
1082 bp->bp_siaddr = siaddr;
1083 }
1084 /* Set up socket address for send. */
1085 send_addr.sin_family = AF_INET;
1086 send_addr.sin_port = htons(port);
1087 send_addr.sin_addr = dst;
1088
1089 /* Send reply with same size packet as request used. */
1090 if (sendto(s, pktbuf, pktlen, 0,
1091 (struct sockaddr *) &send_addr,
1092 sizeof(send_addr)) < 0)
1093 {
1094 report(LOG_ERR, "sendto: %s", get_network_errmsg());
1095 }
1096 } /* sendreply */
1097 \f
1098
1099 /* nmatch() - now in getif.c */
1100 /* setarp() - now in hwaddr.c */
1101
1102
1103 /*
1104 * This call checks read access to a file. It returns 0 if the file given
1105 * by "path" exists and is publically readable. A value of -1 is returned if
1106 * access is not permitted or an error occurs. Successful calls also
1107 * return the file size in bytes using the long pointer "filesize".
1108 *
1109 * The read permission bit for "other" users is checked. This bit must be
1110 * set for tftpd(8) to allow clients to read the file.
1111 */
1112
1113 PRIVATE int
1114 chk_access(char *path, int32 *filesize)
1115 {
1116 struct stat st;
1117
1118 if ((stat(path, &st) == 0) && (st.st_mode & (S_IREAD >> 6))) {
1119 *filesize = (int32) st.st_size;
1120 return 0;
1121 } else {
1122 return -1;
1123 }
1124 }
1125 \f
1126
1127 /*
1128 * Now in dumptab.c :
1129 * dumptab()
1130 * dump_host()
1131 * list_ipaddresses()
1132 */
1133
1134 #ifdef VEND_CMU
1135
1136 /*
1137 * Insert the CMU "vendor" data for the host pointed to by "hp" into the
1138 * bootp packet pointed to by "bp".
1139 */
1140
1141 PRIVATE void
1142 dovend_cmu(struct bootp *bp, struct host *hp)
1143 {
1144 struct cmu_vend *vendp;
1145 struct in_addr_list *taddr;
1146
1147 /*
1148 * Initialize the entire vendor field to zeroes.
1149 */
1150 bzero(bp->bp_vend, sizeof(bp->bp_vend));
1151
1152 /*
1153 * Fill in vendor information. Subnet mask, default gateway,
1154 * domain name server, ien name server, time server
1155 */
1156 vendp = (struct cmu_vend *) bp->bp_vend;
1157 strlcpy(vendp->v_magic, (char *)vm_cmu, sizeof(vendp->v_magic));
1158 if (hp->flags.subnet_mask) {
1159 (vendp->v_smask).s_addr = hp->subnet_mask.s_addr;
1160 (vendp->v_flags) |= VF_SMASK;
1161 if (hp->flags.gateway) {
1162 (vendp->v_dgate).s_addr = hp->gateway->addr->s_addr;
1163 }
1164 }
1165 if (hp->flags.domain_server) {
1166 taddr = hp->domain_server;
1167 if (taddr->addrcount > 0) {
1168 (vendp->v_dns1).s_addr = (taddr->addr)[0].s_addr;
1169 if (taddr->addrcount > 1) {
1170 (vendp->v_dns2).s_addr = (taddr->addr)[1].s_addr;
1171 }
1172 }
1173 }
1174 if (hp->flags.name_server) {
1175 taddr = hp->name_server;
1176 if (taddr->addrcount > 0) {
1177 (vendp->v_ins1).s_addr = (taddr->addr)[0].s_addr;
1178 if (taddr->addrcount > 1) {
1179 (vendp->v_ins2).s_addr = (taddr->addr)[1].s_addr;
1180 }
1181 }
1182 }
1183 if (hp->flags.time_server) {
1184 taddr = hp->time_server;
1185 if (taddr->addrcount > 0) {
1186 (vendp->v_ts1).s_addr = (taddr->addr)[0].s_addr;
1187 if (taddr->addrcount > 1) {
1188 (vendp->v_ts2).s_addr = (taddr->addr)[1].s_addr;
1189 }
1190 }
1191 }
1192 /* Log message now done by caller. */
1193 } /* dovend_cmu */
1194
1195 #endif /* VEND_CMU */
1196 \f
1197
1198
1199 /*
1200 * Insert the RFC1048 vendor data for the host pointed to by "hp" into the
1201 * bootp packet pointed to by "bp".
1202 */
1203 #define NEED(LEN, MSG) do \
1204 if (bytesleft < (LEN)) { \
1205 report(LOG_NOTICE, noroom, \
1206 hp->hostname->string, MSG); \
1207 return; \
1208 } while (0)
1209 PRIVATE void
1210 dovend_rfc1048(struct bootp *bp, struct host *hp, int32 bootsize)
1211 {
1212 int bytesleft, len;
1213 byte *vp;
1214
1215 static const char noroom[] = "%s: No room for \"%s\" option";
1216
1217 vp = bp->bp_vend;
1218
1219 if (hp->flags.msg_size) {
1220 pktlen = hp->msg_size;
1221 } else {
1222 /*
1223 * If the request was longer than the official length, build
1224 * a response of that same length where the additional length
1225 * is assumed to be part of the bp_vend (options) area.
1226 */
1227 if (pktlen > (int)sizeof(*bp)) {
1228 if (debug > 1)
1229 report(LOG_INFO, "request message length=%d", pktlen);
1230 }
1231 /*
1232 * Check whether the request contains the option:
1233 * Maximum DHCP Message Size (RFC1533 sec. 9.8)
1234 * and if so, override the response length with its value.
1235 * This request must lie within the first BP_VEND_LEN
1236 * bytes of the option space.
1237 */
1238 {
1239 byte *p, *ep;
1240 byte tag, llen;
1241 short msgsz = 0;
1242
1243 p = vp + 4;
1244 ep = p + BP_VEND_LEN - 4;
1245 while (p < ep) {
1246 tag = *p++;
1247 /* Check for tags with no data first. */
1248 if (tag == TAG_PAD)
1249 continue;
1250 if (tag == TAG_END)
1251 break;
1252 /* Now scan the length byte. */
1253 llen = *p++;
1254 switch (tag) {
1255 case TAG_MAX_MSGSZ:
1256 if (llen == 2) {
1257 bcopy(p, (char*)&msgsz, 2);
1258 msgsz = ntohs(msgsz);
1259 }
1260 break;
1261 case TAG_SUBNET_MASK:
1262 /* XXX - Should preserve this if given... */
1263 break;
1264 } /* swtich */
1265 p += llen;
1266 }
1267
1268 if (msgsz > (int)sizeof(*bp)) {
1269 if (debug > 1)
1270 report(LOG_INFO, "request has DHCP msglen=%d", msgsz);
1271 pktlen = msgsz;
1272 }
1273 }
1274 }
1275
1276 if (pktlen < (int)sizeof(*bp)) {
1277 report(LOG_ERR, "invalid response length=%d", pktlen);
1278 pktlen = sizeof(*bp);
1279 }
1280 bytesleft = ((byte*)bp + pktlen) - vp;
1281 if (pktlen > (int)sizeof(*bp)) {
1282 if (debug > 1)
1283 report(LOG_INFO, "extended reply, length=%d, options=%d",
1284 pktlen, bytesleft);
1285 }
1286
1287 /* Copy in the magic cookie */
1288 bcopy(vm_rfc1048, vp, 4);
1289 vp += 4;
1290 bytesleft -= 4;
1291
1292 if (hp->flags.subnet_mask) {
1293 /* always enough room here. */
1294 *vp++ = TAG_SUBNET_MASK;/* -1 byte */
1295 *vp++ = 4; /* -1 byte */
1296 insert_u_long(hp->subnet_mask.s_addr, &vp); /* -4 bytes */
1297 bytesleft -= 6; /* Fix real count */
1298 if (hp->flags.gateway) {
1299 (void) insert_ip(TAG_GATEWAY,
1300 hp->gateway,
1301 &vp, &bytesleft);
1302 }
1303 }
1304 if (hp->flags.bootsize) {
1305 /* always enough room here */
1306 bootsize = (hp->flags.bootsize_auto) ?
1307 ((bootsize + 511) / 512) : ((int32_t)hp->bootsize); /* Round up */
1308 *vp++ = TAG_BOOT_SIZE;
1309 *vp++ = 2;
1310 *vp++ = (byte) ((bootsize >> 8) & 0xFF);
1311 *vp++ = (byte) (bootsize & 0xFF);
1312 bytesleft -= 4; /* Tag, length, and 16 bit blocksize */
1313 }
1314 /*
1315 * This one is special: Remaining options go in the ext file.
1316 * Only the subnet_mask, bootsize, and gateway should precede.
1317 */
1318 if (hp->flags.exten_file) {
1319 /*
1320 * Check for room for exten_file. Add 3 to account for
1321 * TAG_EXTEN_FILE, length, and TAG_END.
1322 */
1323 len = strlen(hp->exten_file->string);
1324 NEED((len + 3), "ef");
1325 *vp++ = TAG_EXTEN_FILE;
1326 *vp++ = (byte) (len & 0xFF);
1327 bcopy(hp->exten_file->string, vp, len);
1328 vp += len;
1329 *vp++ = TAG_END;
1330 bytesleft -= len + 3;
1331 return; /* no more options here. */
1332 }
1333 /*
1334 * The remaining options are inserted by the following
1335 * function (which is shared with bootpef.c).
1336 * Keep back one byte for the TAG_END.
1337 */
1338 len = dovend_rfc1497(hp, vp, bytesleft - 1);
1339 vp += len;
1340 bytesleft -= len;
1341
1342 /* There should be at least one byte left. */
1343 NEED(1, "(end)");
1344 *vp++ = TAG_END;
1345 bytesleft--;
1346
1347 /* Log message done by caller. */
1348 if (bytesleft > 0) {
1349 /*
1350 * Zero out any remaining part of the vendor area.
1351 */
1352 bzero(vp, bytesleft);
1353 }
1354 } /* dovend_rfc1048 */
1355 #undef NEED
1356 \f
1357
1358 /*
1359 * Now in readfile.c:
1360 * hwlookcmp()
1361 * iplookcmp()
1362 */
1363
1364 /* haddrtoa() - now in hwaddr.c */
1365 /*
1366 * Now in dovend.c:
1367 * insert_ip()
1368 * insert_generic()
1369 * insert_u_long()
1370 */
1371
1372 /* get_errmsg() - now in report.c */
1373
1374 /*
1375 * Local Variables:
1376 * tab-width: 4
1377 * c-indent-level: 4
1378 * c-argdecl-indent: 4
1379 * c-continued-statement-offset: 4
1380 * c-continued-brace-offset: -4
1381 * c-label-offset: -4
1382 * c-brace-offset: 0
1383 * End:
1384 */
NetBSD on the FriendlyARM MINI2440