summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--dhcp-4.1.1-P1-noprefixavail.patch140
-rw-r--r--dhcp.spec17
2 files changed, 156 insertions, 1 deletions
diff --git a/dhcp-4.1.1-P1-noprefixavail.patch b/dhcp-4.1.1-P1-noprefixavail.patch
new file mode 100644
index 0000000..7e9c48d
--- /dev/null
+++ b/dhcp-4.1.1-P1-noprefixavail.patch
@@ -0,0 +1,140 @@
+diff -up dhcp-4.1.1-P1/server/dhcpv6.c.noprefixavail dhcp-4.1.1-P1/server/dhcpv6.c
+--- dhcp-4.1.1-P1/server/dhcpv6.c.noprefixavail 2010-10-08 12:30:03.000000000 +0200
++++ dhcp-4.1.1-P1/server/dhcpv6.c 2010-10-12 17:17:12.000000000 +0200
+@@ -1133,7 +1133,7 @@ try_client_v6_prefix(struct iasubopt **p
+ return ISC_R_INVALIDARG;
+ }
+ tmp_plen = (int) requested_pref->data[0];
+- if ((tmp_plen < 3) || (tmp_plen > 128)) {
++ if ((tmp_plen < 3) || (tmp_plen > 128) ||((int)tmp_plen != pool->units)) {
+ return ISC_R_FAILURE;
+ }
+ memcpy(&tmp_pref, requested_pref->data + 1, sizeof(tmp_pref));
+@@ -1146,9 +1146,8 @@ try_client_v6_prefix(struct iasubopt **p
+ return ISC_R_FAILURE;
+ }
+
+- if (((int)tmp_plen != pool->units) ||
+- !ipv6_in_pool(&tmp_pref, pool)) {
+- return ISC_R_FAILURE;
++ if (!ipv6_in_pool(&tmp_pref, pool)) {
++ return ISC_R_ADDRNOTAVAIL;
+ }
+
+ if (prefix6_exists(pool, &tmp_pref, tmp_plen)) {
+@@ -1402,13 +1401,6 @@ lease_to_client(struct data_string *repl
+ if ((status != ISC_R_SUCCESS) &&
+ (status != ISC_R_NORESOURCES))
+ goto exit;
+-
+- /*
+- * If any prefix cannot be given to any IA_PD, then
+- * set the NoPrefixAvail status code.
+- */
+- if (reply.client_resources == 0)
+- no_resources_avail = ISC_TRUE;
+ }
+
+ /*
+@@ -1542,36 +1534,6 @@ lease_to_client(struct data_string *repl
+ reply.opt_state, reply.packet,
+ required_opts_NAA,
+ NULL);
+- } else if (no_resources_avail && (reply.ia_count == 0) &&
+- (reply.packet->dhcpv6_msg_type == DHCPV6_SOLICIT))
+- {
+- /* Set the NoPrefixAvail status code. */
+- if (!set_status_code(STATUS_NoPrefixAvail,
+- "No prefixes available for this "
+- "interface.", reply.opt_state)) {
+- log_error("lease_to_client: Unable to set "
+- "NoPrefixAvail status code.");
+- goto exit;
+- }
+-
+- /* Rewind the cursor to the start. */
+- reply.cursor = REPLY_OPTIONS_INDEX;
+-
+- /*
+- * Produce an advertise that includes only:
+- *
+- * Status code.
+- * Server DUID.
+- * Client DUID.
+- */
+- reply.buf.reply.msg_type = DHCPV6_ADVERTISE;
+- reply.cursor += store_options6((char *)reply.buf.data +
+- reply.cursor,
+- sizeof(reply.buf) -
+- reply.cursor,
+- reply.opt_state, reply.packet,
+- required_opts_NAA,
+- NULL);
+ } else {
+ /*
+ * Having stored the client's IA's, store any options that
+@@ -2782,16 +2744,18 @@ find_client_temporaries(struct reply_sta
+ */
+ static isc_result_t
+ reply_process_try_addr(struct reply_state *reply, struct iaddr *addr) {
+- isc_result_t status = ISC_R_NORESOURCES;
++ isc_result_t status = ISC_R_ADDRNOTAVAIL;
+ struct ipv6_pool *pool;
+ int i;
+ struct data_string data_addr;
+
+ if ((reply == NULL) || (reply->shared == NULL) ||
+- (reply->shared->ipv6_pools == NULL) || (addr == NULL) ||
+- (reply->lease != NULL))
++ (addr == NULL) || (reply->lease != NULL))
+ return ISC_R_INVALIDARG;
+
++ if (reply->shared->ipv6_pools == NULL)
++ return ISC_R_ADDRNOTAVAIL;
++
+ memset(&data_addr, 0, sizeof(data_addr));
+ data_addr.len = addr->len;
+ data_addr.data = addr->iabuf;
+@@ -3303,7 +3267,9 @@ reply_process_ia_pd(struct reply_state *
+ if (status == ISC_R_CANCELED)
+ break;
+
+- if ((status != ISC_R_SUCCESS) && (status != ISC_R_ADDRINUSE))
++ if ((status != ISC_R_SUCCESS) &&
++ (status != ISC_R_ADDRINUSE) &&
++ (status != ISC_R_ADDRNOTAVAIL))
+ goto cleanup;
+ }
+
+@@ -3583,7 +3549,8 @@ reply_process_prefix(struct reply_state
+
+ /* Either error out or skip this prefix. */
+ if ((status != ISC_R_SUCCESS) &&
+- (status != ISC_R_ADDRINUSE))
++ (status != ISC_R_ADDRINUSE) &&
++ (status != ISC_R_ADDRNOTAVAIL))
+ goto cleanup;
+
+ if (reply->lease == NULL) {
+@@ -3762,16 +3729,18 @@ prefix_is_owned(struct reply_state *repl
+ static isc_result_t
+ reply_process_try_prefix(struct reply_state *reply,
+ struct iaddrcidrnet *pref) {
+- isc_result_t status = ISC_R_NORESOURCES;
++ isc_result_t status = ISC_R_ADDRNOTAVAIL;
+ struct ipv6_pool *pool;
+ int i;
+ struct data_string data_pref;
+
+ if ((reply == NULL) || (reply->shared == NULL) ||
+- (reply->shared->ipv6_pools == NULL) || (pref == NULL) ||
+- (reply->lease != NULL))
++ (pref == NULL) || (reply->lease != NULL))
+ return ISC_R_INVALIDARG;
+
++ if (reply->shared->ipv6_pools == NULL)
++ return ISC_R_ADDRNOTAVAIL;
++
+ memset(&data_pref, 0, sizeof(data_pref));
+ data_pref.len = 17;
+ if (!buffer_allocate(&data_pref.buffer, data_pref.len, MDL)) {
diff --git a/dhcp.spec b/dhcp.spec
index daa65f0..9b9cca1 100644
--- a/dhcp.spec
+++ b/dhcp.spec
@@ -15,7 +15,7 @@
Summary: Dynamic host configuration protocol software
Name: dhcp
Version: 4.1.1
-Release: 25.%{patchver}%{?dist}
+Release: 26.%{patchver}%{?dist}
# NEVER CHANGE THE EPOCH on this package. The previous maintainer (prior to
# dcantrell maintaining the package) made incorrect use of the epoch and
# that's why it is at 12 now. It should have never been used, but it was.
@@ -63,6 +63,7 @@ Patch25: %{name}-4.1.1-release6-elapsed.patch
Patch26: %{name}-4.1.1-initialization-delay.patch
Patch27: %{name}-4.1.1-P1-parse_date.patch
Patch28: %{name}-4.1.1-P1-PIE-RELRO.patch
+Patch29: %{name}-4.1.1-P1-noprefixavail.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: autoconf
@@ -247,6 +248,16 @@ libdhcpctl and libomapi static libraries are also included in this package.
# Make dhcpd/dhcrelay/dhclient PIE and RELRO
%patch28 -p1 -b .PIE-RELRO
+# 1) When server has empty pool of addresses/prefixes it must send Advertise with
+# NoAddrsAvail/NoPrefixAvail status in response to clients Solicit.
+# Without this patch server having empty pool of addresses/prefixes ignored
+# client's' Solicit when client was also sending address in IA_NA or prefix in IA_PD as a preference.
+# 2) When client sends prefix in IA_NA as a preference and server doesn't have
+# this prefix in any pool the server should offer other free prefix.
+# Without this patch server ignored client's Solicit in which the client was sending
+# prefix in IA_PD (as a preference) and this prefix was not in any of server's pools.
+%patch29 -p1 -b .noprefixavail
+
# Copy in documentation and example scripts for LDAP patch to dhcpd
%{__install} -p -m 0755 ldap-for-dhcp-%{ldappatchver}/dhcpd-conf-to-ldap contrib/
@@ -532,6 +543,10 @@ fi
%attr(0644,root,root) %{_mandir}/man3/omapi.3.gz
%changelog
+* Wed Oct 13 2010 Jiri Popelka <jpopelka@redhat.com> - 12:4.1.1-26.P1
+- Server was ignoring client's
+ Solicit (where client included address/prefix as a preference) (#634842)
+
* Tue Sep 07 2010 Jiri Popelka <jpopelka@redhat.com> - 12:4.1.1-25.P1
- Hardening dhcpd/dhcrelay/dhclient by making them PIE & RELRO