Commit Graph

215 Commits

Author SHA1 Message Date
sjg
65145fa4c8 Merge sync of head 2015-05-27 01:19:58 +00:00
joel
8ef635d30e mdoc: improvements to SEE ALSO. 2014-12-27 08:22:58 +00:00
bapt
6fdc031751 Convert sbin/ to LIBADD
Reduce overlinking
2014-11-25 11:23:12 +00:00
sjg
b137080f19 Merge from head@274682 2014-11-19 01:07:58 +00:00
glebius
0c2257eddc Since r270929 raw sockets expect network byte order.
Submitted by:	avg
2014-09-11 05:48:39 +00:00
sjg
d7cd1d425c Merge head from 7/28 2014-08-19 06:50:54 +00:00
ngie
a1f9f1210c Add LIBUTIL to DPADD
This will fix "make checkdpadd"

MFC after: 5 days
PR: 192759
Approved by: rpaulo (mentor)
2014-08-18 01:21:41 +00:00
pjd
64b5b5018d Remove duplicated includes.
Submitted by:	Mariusz Zaborski <oshogbo@FreeBSD.org>
2014-06-26 13:57:44 +00:00
bapt
42044eb342 use .Mt to mark up email addresses consistently (part1)
PR:		191174
Submitted by:	Franco Fichtner  <franco@lastsummer.de>
2014-06-20 09:40:43 +00:00
sjg
5860f0d106 Updated dependencies 2014-05-16 14:09:51 +00:00
sjg
1a7e48acf1 Updated dependencies 2014-05-10 05:16:28 +00:00
sjg
ed3fc70bf5 Merge from head 2014-05-08 23:54:15 +00:00
imp
2118f42afd Use src.opts.mk in preference to bsd.own.mk except where we need stuff
from the latter.
2014-05-06 04:22:01 +00:00
sjg
5e568154a0 Merge head 2014-04-28 07:50:45 +00:00
rwatson
a400e9c007 Update most userspace consumers of capability.h to use capsicum.h instead.
auditdistd is not updated as I will make the change upstream and then do a
vendor import sometime in the next week or two.

MFC after:	3 weeks
2014-03-16 11:04:44 +00:00
jmmv
f965a606e8 Migrate tools/regression/sbin/ to the new tests layout.
Pretty much all that this change does is shuffles the code around and hooks
it into the regular build.  The code of the old tests has not changed.
2014-03-16 02:07:08 +00:00
brueffer
543bcc0057 Use CAP_EVENT instead of the deprecated CAP_POLL_EVENT.
PR:		185382 (based on)
Submitted by:	Loganaden Velvindron
Reviewed by:	pjd
MFC after:	1 week
2014-02-06 21:36:14 +00:00
eadler
717aa228c5 dhclient: change the pidfile's permissions to 644
This change permits non-root users to determine if dhclient is running
('service dhclient status wlan0').

Discussed with: mjg, cperciva
2014-02-03 04:22:29 +00:00
sjg
62bb106222 Merge from head 2013-09-05 20:18:59 +00:00
pjd
029a6f5d92 Change the cap_rights_t type from uint64_t to a structure that we can extend
in the future in a backward compatible (API and ABI) way.

The cap_rights_t represents capability rights. We used to use one bit to
represent one right, but we are running out of spare bits. Currently the new
structure provides place for 114 rights (so 50 more than the previous
cap_rights_t), but it is possible to grow the structure to hold at least 285
rights, although we can make it even larger if 285 rights won't be enough.

The structure definition looks like this:

	struct cap_rights {
		uint64_t	cr_rights[CAP_RIGHTS_VERSION + 2];
	};

The initial CAP_RIGHTS_VERSION is 0.

The top two bits in the first element of the cr_rights[] array contain total
number of elements in the array - 2. This means if those two bits are equal to
0, we have 2 array elements.

The top two bits in all remaining array elements should be 0.
The next five bits in all array elements contain array index. Only one bit is
used and bit position in this five-bits range defines array index. This means
there can be at most five array elements in the future.

To define new right the CAPRIGHT() macro must be used. The macro takes two
arguments - an array index and a bit to set, eg.

	#define	CAP_PDKILL	CAPRIGHT(1, 0x0000000000000800ULL)

We still support aliases that combine few rights, but the rights have to belong
to the same array element, eg:

	#define	CAP_LOOKUP	CAPRIGHT(0, 0x0000000000000400ULL)
	#define	CAP_FCHMOD	CAPRIGHT(0, 0x0000000000002000ULL)

	#define	CAP_FCHMODAT	(CAP_FCHMOD | CAP_LOOKUP)

There is new API to manage the new cap_rights_t structure:

	cap_rights_t *cap_rights_init(cap_rights_t *rights, ...);
	void cap_rights_set(cap_rights_t *rights, ...);
	void cap_rights_clear(cap_rights_t *rights, ...);
	bool cap_rights_is_set(const cap_rights_t *rights, ...);

	bool cap_rights_is_valid(const cap_rights_t *rights);
	void cap_rights_merge(cap_rights_t *dst, const cap_rights_t *src);
	void cap_rights_remove(cap_rights_t *dst, const cap_rights_t *src);
	bool cap_rights_contains(const cap_rights_t *big, const cap_rights_t *little);

Capability rights to the cap_rights_init(), cap_rights_set(),
cap_rights_clear() and cap_rights_is_set() functions are provided by
separating them with commas, eg:

	cap_rights_t rights;

	cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_FSTAT);

There is no need to terminate the list of rights, as those functions are
actually macros that take care of the termination, eg:

	#define	cap_rights_set(rights, ...)				\
		__cap_rights_set((rights), __VA_ARGS__, 0ULL)
	void __cap_rights_set(cap_rights_t *rights, ...);

Thanks to using one bit as an array index we can assert in those functions that
there are no two rights belonging to different array elements provided
together. For example this is illegal and will be detected, because CAP_LOOKUP
belongs to element 0 and CAP_PDKILL to element 1:

	cap_rights_init(&rights, CAP_LOOKUP | CAP_PDKILL);

Providing several rights that belongs to the same array's element this way is
correct, but is not advised. It should only be used for aliases definition.

This commit also breaks compatibility with some existing Capsicum system calls,
but I see no other way to do that. This should be fine as Capsicum is still
experimental and this change is not going to 9.x.

Sponsored by:	The FreeBSD Foundation
2013-09-05 00:09:56 +00:00
pjd
e71a9f5bfa Fix dhclient for interfaces that are down. The discover_interfaces() function
that looks for interface skips interfaces that are not UP. We need to call
dhclient-script PREINIT before we call discover_interfaces(), so the script has
a chance to bring the interface UP.

Reported by:	alfred
2013-07-04 12:27:10 +00:00
pjd
85ce2c58ff MFp4 @229488:
Sandbox unprivileged process using capability mode.

Reviewed by:	brooks
Sponsored by:	The FreeBSD Foundation
2013-07-03 22:23:25 +00:00
pjd
b93b6961b0 MFp4 @229487:
Revoke all capability rights from STDIN and allow only for write to STDOUT and
STDERR. All those descriptors are redirected to /dev/null.

Reviewed by:	brooks
Sponsored by:	The FreeBSD Foundation
2013-07-03 22:22:29 +00:00
pjd
671bf2da43 MFp4 @229486:
Once PID is written to the pidfile, revoke all capability rights.
We just want to keep the pidfile open.

Reviewed by:	brooks
Sponsored by:	The FreeBSD Foundation
2013-07-03 22:21:11 +00:00
pjd
745563514b MFp4 @229485:
Only allow to overwrite lease file.

Reviewed by:	brooks
Sponsored by:	The FreeBSD Foundation
2013-07-03 22:19:43 +00:00
pjd
157b58cb30 MFp4 @229484:
Limit routing socket so only poll(2) and read(2) are allowed (CAP_POLL_EVENT
and CAP_READ). This prevents unprivileged process from adding, removing or
modifying system routes.

Reviewed by:	brooks
Sponsored by:	The FreeBSD Foundation
2013-07-03 22:18:40 +00:00
pjd
6526d2e66a MFp4 @229483:
Limit communication pipe with privileged process to CAP_READ and CAP_WRITE.

Reviewed by:	brooks
Sponsored by:	The FreeBSD Foundation
2013-07-03 22:17:29 +00:00
pjd
11d993e694 MFp4 @229482:
- Limit bpf descriptor in unprivileged process to CAP_POLL_EVENT, CAP_READ and
  allow for SIOCGIFFLAGS, SIOCGIFMEDIA ioctls.
- While here limit bpf descriptor in privileged process to only CAP_WRITE.

Reviewed by:	brooks
Sponsored by:	The FreeBSD Foundation
2013-07-03 22:16:02 +00:00
pjd
d5113e2f28 MFp4 @229481:
Currently it was allowed to send any UDP packets from unprivileged process and
possibly any packets because /dev/bpf was open for writing.

Move sending packets to privileged process. Unprivileged process has no longer
access to not connected UDP socket and has only access to /dev/bpf in read-only
mode.

Reviewed by:	brooks
Sponsored by:	The FreeBSD Foundation
2013-07-03 22:12:54 +00:00
pjd
f92ee0c897 MFp4 @229480:
Shutdown write direction of the routing socket. We only need to read from it.

Reviewed by:	brooks
Sponsored by:	The FreeBSD Foundation
2013-07-03 22:09:02 +00:00
pjd
c776076005 MFp4 @229479:
- Add new request (IMSG_SEND_PACKET) that will be handled by privileged process.
- Add $FreeBSD$.

Reviewed by:	brooks
Sponsored by:	The FreeBSD Foundation
2013-07-03 22:07:55 +00:00
pjd
696dccfa35 MFp4 @229477:
The gethostname(3) function won't work in capability mode, because reading
kern.hostname sysctl is not permitted there.  Cache hostname early and use
cached value later.

Reviewed by:	brooks
Sponsored by:	The FreeBSD Foundation
2013-07-03 22:05:36 +00:00
pjd
981cfd3abf Remove redundant white-spaces. 2013-07-03 22:03:19 +00:00
pjd
e538ac2c30 MFp4 @229476,229478:
Make use of two fields: rfdesc and wfdesc to keep bpf descriptor open for
reading only in rfdesc and bpf descriptor open for writing only in wfdesc.
In the end they will be used by two different processes.

Reviewed by:	brooks
Sponsored by:	The FreeBSD Foundation
2013-07-03 22:01:52 +00:00
pjd
837e9b7cac MFp4 @229474:
iov_base field is 'void *' in FreeBSD, no need to cast.

Reviewed by:	brooks
Sponsored by:	The FreeBSD Foundation
2013-07-03 21:58:26 +00:00
pjd
1bb08cf6ef MFp4 @229473:
No caller checks send_packet() return value, so make it void.

Reviewed by:	brooks
Sponsored by:	The FreeBSD Foundation
2013-07-03 21:57:24 +00:00
pjd
ca2a1d2a81 MFp4 @229472:
Use the same type for 'from' and 'to' argument in send_packet().

Reviewed by:	brooks
Sponsored by:	The FreeBSD Foundation
2013-07-03 21:53:54 +00:00
pjd
b1d67fde75 MFp4 @229471:
Remove unused argument from assemble_hw_header().

Reviewed by:	brooks
Sponsored by:	The FreeBSD Foundation
2013-07-03 21:49:10 +00:00
pjd
e5e94b7224 MFp4 @229470:
Remove unused argument from send_packet().

Reviewed by:	brooks
Sponsored by:	The FreeBSD Foundation
2013-07-03 21:45:29 +00:00
pjd
52ee09ff73 MFp4: @229469:
Garbage-collect dead prototypes.

Reviewed by:	brooks
Sponsored by:	The FreeBSD Foundation
2013-07-03 21:41:35 +00:00
bms
6529e87c61 When acquiring a lease, record the value of the BOOTP siaddr field
contained in the DHCP offer, and write it out to the lease file
as an unquoted value of the "next-server" keyword. The value is ignored
when the lease is read back by dhclient, however other applications
are free to parse it.

The intent behind this change is to allow easier interoperability
with automated installation systems e.g. Cobbler, Foreman, Razor;
FreeBSD installation kernels can automatically probe the network
to discover deployment servers.  There are no plans to MFC this
change unless a backport is specifically requested.

The syntax of the "next-server <ip>" lease keyword is intended to be
identical to that used by the ISC DHCPD server in its configuration files.
The required defines are already present in dhclient but were unused before
this change. (Note: This is NOT the same as Option 66, tftp-server-name).

It has been exercised in a university protocol testbed environment, with
Cobbler and an mfsBSD image containing pc-sysinstall (driven by Cobbler
Cheetah templates). The SYSLINUX memdisk driver is used to boot mfsBSD.
Currently this approach requires that a dedicated system profile has
been created for the node where FreeBSD is to be deployed. If this
is not present, the pc-sysinstall wrapper will be unable to obtain
a node configuration. There is code in progress to allow mfsBSD images
to obtain the required hints from the memdisk environment by parsing
the MBFT ACPI chunk.  This is non-standard as it is not linked into
the platform's ACPI RSDT.

Reviewed by:	des
2013-07-02 13:24:37 +00:00
jhb
4373fbb501 Use a higher TTL (128) for DHCP packets. This matches the ISC DHCP client.
PR:		bin/170279
MFC after:	1 week
2013-04-22 15:02:32 +00:00
sjg
6d37b86f2b Updated dependencies 2013-03-11 17:21:52 +00:00
sjg
0ee5295509 Updated dependencies 2013-02-16 01:23:54 +00:00
sjg
778e93c51a Sync from head 2012-11-04 02:52:03 +00:00
marcel
9dd41e3647 Sync FreeBSD's bmake branch with Juniper's internal bmake branch.
Requested by: Simon Gerraty <sjg@juniper.net>
2012-08-22 19:25:57 +00:00
jhb
3ef98be9d9 Revert r239356 and use an alternate algorithm.
First, don't exit when the link goes down on an interface.  Instead,
teach dhclient to track changes in link state and to enter the reboot
state when the link on an interface goes up causing dhclient to attempt
to renew its existing lease.

Second, remove the change I added to clear the old lease when dhclient
exits due to an error (such as ifconfig down).  If an interface is
using autoconfiguration it should keep its autoconfiguration as much as
possible.  If the next time it needs a configuration it is able to reuse
the previous autoconfiguration, then leaving the settings intact allows
existing connections to survive temporary outages, etc.

PR:		bin/166656
MFC after:	1 month
2012-08-22 13:53:37 +00:00
jhb
5acd808491 Fix dhclient to properly exit and teardown the configured lease when
link is lost.  devd will start a new dhclient instance when link is
restored.

PR:		bin/166656
Submitted by:	Peter Jeremy (mostly)
Reviewed by:	brooks (earlier version from Peter)
MFC after:	1 month
2012-08-17 15:53:43 +00:00
uqs
5f1ca9b982 Spelling fixes for sbin/ 2012-01-07 16:09:33 +00:00
dumbbell
74fbe7bc3b Set svn:executable on dhclient-script
Sponsored by:	Yakaz (http://www.yakaz.com)
2011-12-30 14:46:53 +00:00
dumbbell
5f51b7b385 Invalid Domain Search option isn't considered as a fatal error
In the original Domain Search option patch, an invalid option value
would cause the whole lease to be rejected. However, DHCP servers who
emit such an invalid value are more common than I thought. With this new
patch, just the option is rejected, not the entire lease.

PR:		bin/163431
Submitted by:	Fabian Keil <fk@fabiankeil.de> (earlier version)
Reviewed by:	Fabian Keil <fk@fabiankeil.de>
Sponsored by:	Yakaz (http://www.yakaz.com)
2011-12-30 14:33:08 +00:00
dim
7654ad9896 In sbin/dhclient, since we know the size of the source strings anyway,
we might as well use memcpy; strlcpy is really unnecessary here.

MFC after:	1 week
2011-12-17 01:29:46 +00:00
dim
b10871ad5b In sbin/dhclient, work around warnings about the size argument to
strlcpy appearing to be the size of the source buffer, instead of the
destination.

MFC after:	1 week
2011-12-17 01:19:07 +00:00
glebius
b87df3a8d3 dhclient-script relied on incorrect behavior of SIOCAIFADDR ioctl,
that changed 0.0.0.0/0.0.0.0 prefix to 0.0.0.0/255.0.0.0.

In the r228313 this behavior was fixed, and since dhclient-script
got broken.

I'm not sure this fix is a perfect one, it just changes
dhclient-script to set 0.0.0.0/255.0.0.0 explicitly.

PR:		kern/163206
2011-12-13 11:54:51 +00:00
dumbbell
ff8355fd0a Support domain-search in dhclient(8)
The "domain-search" option (option 119) allows a DHCP server to publish
a list of implicit domain suffixes used during name lookup. This option
is described in RFC 3397.

For instance, if the domain-search option says:
    ".example.org .example.com"
and one wants to resolve "foobar", the resolver will try:
    1. "foobar.example.org"
    2. "foobar.example.com"

The file /etc/resolv.conf is updated with a "search" directive if the
DHCP server provides "domain-search".

A regression test suite is included in this patch under
tools/regression/sbin/dhclient.

PR:		bin/151940
Sponsored by	Yakaz (http://www.yakaz.com)
2011-12-04 14:44:31 +00:00
des
ad844b42a2 Make dhclient use a pid file. Modify the rc script accordingly; while
there, clean it up and add some error checks.

Glanced at by:	brooks@
MFC after:	3 weeks
2011-10-13 17:20:45 +00:00
ume
b7b4bdf554 Use resolvconf(8) to update /etc/resolv.conf.
If you don't want to use resolvconf(8) to update /etc/resolv.conf,
you can put resolvconf_enable="NO" into /etc/dhclient-enter-hooks.
2011-03-18 12:23:20 +00:00
brian
4a62a5c343 Document dhclient-enter-hooks and dhclient-exit-hooks and mention
how to configure dhclient to clear the interface of IP numbers prior
to configuring it.

PR:		149351
MFC after:	2 weeks
2010-09-06 09:59:10 +00:00
brian
66f8be2c3a When dhclient obtains a lease, it runs dhclient-script and expects
it to configure the interface.  When the script is complete, dhclient
monitors the routing socket and will terminate if its address is
deleted or if its interface is removed or brought down.

Because the routing socket is already open when dhclient-script is
run, dhclient ignores address deletions for 10 seconds after the
script was run.

If the address that will be obtained is already configured on the
interface before dhclient starts, and if dhclient-script takes more
than 10 seconds (perhaps due to dhclient-*-hooks latencies), on script
completion, dhclient will immediately and silently exit when it sees
the RTM_DELADDR routing message resulting from the script reassigning
the address to the interface.

This change logs dhclient's reason for exiting and also changes the
10 second timeout to be effective from completion of dhclient-script
rather than from when it was started.

We now ignore RTM_DELADDR and RTM_NEWADDR messages when the message
contains no interface address (which should not happen) rather than
exiting.

Not reviewed by:	brooks (timeout)
MFC after:		3 weeks
2010-07-07 06:06:54 +00:00
philip
a72663b23b Make dhclient use bootpc (68) as the source port for unicast DHCPREQUEST
packets instead of allowing the protocol stack to pick a random source port.

This fixes the behaviour where dhclient would never transition from RENEWING
to BOUND without going through REBINDING in networks which are paranoid about
DHCP spoofing, such as most mainstream cable-broadband ISP networks.

Reviewed by:	brooks
Obtained from:	OpenBSD (partly - I'm not convinced their solution can work)
MFC after:	1 week (pending re approval)
2009-10-21 23:50:35 +00:00
ru
763b9ae1f8 Switch the default WARNS level for sbin/ to 6.
Submitted by:	Ulrich Spörlein
2009-10-19 16:00:24 +00:00
sam
681dc8671b Fix the logic to count the number of "live interfaces". With this change
dhclient now terminates when the underlying ifnet is destroyed (e.g.
on card eject).

Reviewed by:	brooks
Approved by:	re (kib)
2009-07-21 15:06:10 +00:00
brian
b5a9006bf0 Fix an off by one error when we limit append/prepend text sizes based on our
internal buffer sizes.

When we 'append', assume we're appending to text.  Some MS dhcp servers will
give us a string with the length including the trailing NUL.  when we 'append
domain-name', we get something like "search x.y\000 z" in resolv.conf :(

MFC after:	1 week
Security:	A buffer overflow (by one NUL byte) was possible.
2009-06-08 21:42:30 +00:00
brooks
a9d132d46a Support the remaining options listed in dhcp-options(5) and RFC 2132.
PR:		bin/127076
Submitted by:	jkim
MFC after:	1 week
2008-10-17 13:28:53 +00:00
ed
0637892261 Run the privileged dhclient process in its own session.
In the MPSAFE TTY branch, I noticed PTY's to be leaked, because
dhclient's privileged process was run inside the session of, say, the
login shell. Make sure we call setsid() here.

Approved by:	philip (mentor), brooks
2008-06-30 20:23:49 +00:00
brooks
675039c544 Use the -n flag to route(8) when calling "route get". Otherwise we hang
for a long time if we get a lease, but DNS isn't working.

MFC after:	1 week
2008-06-09 20:03:35 +00:00
brooks
c390aa9572 When sending packets directly to the DHCP server, use a socket and send
directly rather than bogusly sending it out as a link layer broadcast
(which fails to be received on some networks).

PR:		bin/96018
MFC after:	2 weeks
2008-04-15 22:48:56 +00:00
brooks
59722cbdc9 Add a new function is_default_interface() which determines if this
interface is one with the default route (or there isn't one).  Use it to
decide if we should adjust the default route and /etc/resolv.conf.

Fix the delete of the default route.  The if statement was totally bogus
and the delete only worked due to a typo. [1]

Reported by:	Jordan Coleman <jordan at JordanColeman dot com> [1]
MFC after:	1 week
2008-03-30 02:42:39 +00:00
sam
92ad9709eb Defer state change on disassociate to avoid unnecessarily dropping the
lease: track the current bssid and if it changes (as reported in an
assoc/reassoc) event only then kick the state machine.  This gives us
immediate response when roaming but otherwise causes us to fallback on
the normal state machine.

Reviewed by:	brooks, jhb
MFC after:	3 weeks
2008-03-22 16:24:02 +00:00
sam
ba857311dd correct syslog mask so LOG_DEBUG msgs are not lost
MFC after:	2 weeks
2008-03-22 16:18:07 +00:00
brooks
e3cf5b7e24 During PREINIT, when giving the interface the address 0.0.0.0, do it as an
alias to avoid distrubing other addresses.

PR:		bin/119255
Submitted by:	Jaakko Heinonen <jh at saunalahti dot fi>
2008-01-21 23:54:57 +00:00
jkim
bc9e265c9f Teach dhclient(8) about net80211 link (association) status.
Reviewed by:	brooks
MFC after:	3 days
2007-12-05 17:13:45 +00:00
gabor
115dee56e9 - Remove references to unexisting man pages
PR:		docs/116099
Submitted by:	Ben Kaduk <minimarmot@gmail.com>
Approved by:	re (bmah)
MFC after:	3 days
2007-09-20 10:46:25 +00:00
thompsa
a5a2c7551b Use the -n flag on ifconfig so that dhclient does not cause the kernel module
to be reloaded when the interface is torn down.

Reviewed by:	brooks
Approved by:	re (kensmith)
2007-07-03 17:49:32 +00:00
emaste
761c2b3c1d The minimum size of an RFC3442 destination descriptor is five bytes, so
correct test to -ge 5.  Without this change an RFC3442 encoded default
route would be ignored.

Reported by:	Cedric Jonas <cedric at decemplex dot net>
2007-04-13 15:07:10 +00:00
emaste
4d18a6391e Implement RFC3442, the Classless Static Route option.
The original DHCP specification includes a route option but it supports
only class-based routes.  RFC3442 adds support for specifying the netmask
width for each static route.  A variable length encoding is used to minimize
the size of this option.

PR:             bin/99534
Submitted by:   Andrey V. Elsukov <bu7cher@yandex.ru>
Reviewed by:    brooks
2007-02-09 17:50:26 +00:00
emaste
d6a37ef695 Add a $FreeBSD$ tag missing after the original import. Note that this
file isn't actually installed; the one in src/etc is.
2007-02-09 16:28:25 +00:00
brooks
68bfc5b678 Actually implement rev 1.12 for host names and NIS domain names. We
were removing the invalid option, but still rejecting the lease.

Reported by:	Yoshihiko Sarumaru <mistral at imasy dot or dot jp>
2007-01-29 15:55:13 +00:00
brooks
a0d200f631 It is possible for bpf to return a length such that:
length != BPF_WORDALIGN(length)

This meeans that it is possible for this to be true:

	interface->rbuf_offset > interface->rbuf_len

Handle this case in the test for running out of packets.  While
OpenBSD's solution of setting interface->rbuf_len to
BPF_WORDALIGN(length) is safe due to the size of the buffer, I think
this solution results in less hidden assumptions.

This should fix the problem of dhclient running away and consuming 100%
CPU.

PR:		bin/102226
Submitted by:	Joost Bekkers <joost at jodocus.org>
MFC after:	3 days
2006-09-26 01:02:02 +00:00
brian
1e80c6d4b6 Revert the addition of -p. It's flawed in that dhclient should not run
on an interface without carrier.  devd should be used instead to handle
link up/down events.

Put on the right path by:	brooks, sam
2006-08-21 16:31:31 +00:00
brian
768073acd7 Bump the document date. s/dhclient/.Nm/
Suggested by: ru
2006-08-17 20:11:21 +00:00
brian
68f1f47647 Correct usage() 2006-08-17 17:27:42 +00:00
brian
a3922ffaf6 Add a -p switch to dhclient. The switch tells dhclient to persist
despite the interface link status.

Add dhclient_flags_iface and background_dhclient_iface rc.conf options.
(where iface is a specific interface).  These can be used to give
interface specific flags to dhclient.

Reviewed by:	brooks@
2006-08-17 17:12:27 +00:00
jkim
47919b584b Send client identifier unconditionally. My ancient D-Link router response
with NACK if I don't set it.  Setting 'option dhcp-client-identifier' is
alternative but it is inconvenient because I have to keep the list of
all MAC addresses.  As bin/94743 pointed out, it is always sent from
Windows clients and I found Mac OS X does the same.

OK'd by:	brooks
2006-07-03 22:05:38 +00:00
imp
9f41dd8997 Remove 'n' from the getopt string. There's no -n option that is
parsed, so it winds up at usage anyway.

Add 'b' to the usage summary.  Noticed by Ben Mesander.
2006-05-23 16:57:47 +00:00
brooks
74f46cfedd Be more like Windows and Linux and send our hostname in the host-name
option if none is given in the config file.  Also add #ifdefd out
support for sending a client ID based on our MAC address.

PR:		bin/94743, bin/76401
Submitted by:	Frank Behrens <frank at pinky dot sax dot de>
X-MFC after:	6.1-RELEASE
2006-05-07 23:31:10 +00:00
jcamou
d3a1c26f55 Correct RFC for NTP.
PR:		docs/92629
Submitted by:	Daniel Gerzo <danger@rulez.sk>
Noticed by:	Michal F. Hanula <f@7f000001.org>
Approved by:	trhodes (mentor)
2006-02-06 19:22:34 +00:00
brooks
7ba1cf1d54 Fix rev 1.12.
/tmp may not be writeable yet when dhclient is first run via
/etc/rc.d/netif so using it may not work.  Also, writing to a
predictable file in /tmp as root is a really bad idea since a malicious
user may be able to win a race and insert a symlink which will allow
them to cause any file to be overwritten.  To solve these problems,
create the tempory file in /var/run which will exist this early and is
writable only by root.

Security:	Local risk if users can cause dhclient to run on demand
		(such as by unplugging and replugging the network cable).
2006-01-26 21:05:39 +00:00
brooks
003b8b204f Give the TIMEOUT case a chance to work by using -t # instead of the
OpenBSD -w # when invoking ping.

PR:		bin/92187
Submitted by:	"Shin'ya Kumabuchi" <kumabu at t3 dot rim dot or dot jp>
MFC After:	6 days
2006-01-24 06:11:55 +00:00
wes
e00a5cdab0 Make dhclient-script more agreeable with read-only /etc.
PR:		90518
Submitted by:	John E. Hein <jhein@timing.com>
MFC after:	3 days
2006-01-23 05:42:59 +00:00
brooks
058bf820d7 Mention the -b flag in the SYNOPSIS.
MFC after:	1 week
2006-01-10 05:44:11 +00:00
brooks
782a252f49 When we give up on an interface, use the arp(8) command to remove all
entries from the interface rather than using ifconfig's delete command.
This preserves non-dhclient configured addresses (though they are wiped
out when dhclient is restarted).

MFC after:	1 week
2006-01-10 05:33:33 +00:00
brooks
1c7bd4aed4 Allow users to add aliases to the interface.
PR:		bin/87465 (different solution used)
MFC after:	1 week
2006-01-10 04:53:20 +00:00
brooks
3354610e7d When we get a bogus hostname in an option, drop the option rather than
refusing the lease.  This allow obtaining leases on misadministered
networks that use host names with underscores in them.

MFC After: 3 days
2005-12-10 03:46:14 +00:00
brooks
29fd49dcdf Avoid updating resolv.conf when no changes have actually occured.
Submitted by:	ume
2005-09-08 22:49:17 +00:00
brooks
4384a74406 When we fail to aquire a lease, our lease expires without a sucessful
renewal, or we lose link, be more forceful about clearing interface
state so another interface that connects to the same network has a
chance of working.  This doesn't address attemping to connect to both at
once, but appears to allow unplugging from a wired interface and then
inserting a wireless card that associates with an AP bridged to the same
LAN.
2005-09-08 22:15:19 +00:00
brooks
d8570c33a3 When we supersed the subnet-mask, write the forced value to the lease
file.  This is what the ISC client does.

Submitted by:	Rostislav Krasny <rosti dot bsd at gmail dot com>
2005-09-02 17:35:35 +00:00
brooks
40d25976f1 Introduce a new helper function check_search() derived for res_hnok to
check the domain-name parameter according to the rules for "search"
strings as documented in resolv.conf(5).  Specifically, the string must
be no more than 256 bytes long and contain no more than six valid domain
names separated by white space.

The previous unchecked values could result in a mangled resolv.conf
file which could effectively deny access to local sites.  This is not
a security issue as rogue dhcp servers could already do this without
sending invalid strings.

Reviewed by:	cperciva
MFC After:	3 days
2005-08-30 18:20:46 +00:00
brooks
b9888c7410 The $medium string often contains quoted values with spaces in them (ssids,
for example).  Follow the example of the ISC script and wrap ifconfig
calls using $medium in eval "..." so this works.

Reported by:	iedowse
2005-08-26 20:31:04 +00:00
brooks
2263ae4a8d In read_string(), when the last character was a backslash, unincrement
the output index instead of keeping what ever trash was in the buffer.

Reported by:	iedowse
2005-08-26 01:25:59 +00:00