1 /************************************************************************ 2 Copyright 1988, 1991 by Carnegie Mellon University 3 4 All Rights Reserved 5 6 Permission to use, copy, modify, and distribute this software and its 7 documentation for any purpose and without fee is hereby granted, provided 8 that the above copyright notice appear in all copies and that both that 9 copyright notice and this permission notice appear in supporting 10 documentation, and that the name of Carnegie Mellon University not be used 11 in advertising or publicity pertaining to distribution of the software 12 without specific, written prior permission. 13 14 CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS 15 SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. 16 IN NO EVENT SHALL CMU BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL 17 DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR 18 PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS 19 ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS 20 SOFTWARE. 21 22 ************************************************************************/ 23 24 /* 25 * BOOTP (bootstrap protocol) server daemon. 26 * 27 * Answers BOOTP request packets from booting client machines. 28 * See [SRI-NIC]<RFC>RFC951.TXT for a description of the protocol. 29 * See [SRI-NIC]<RFC>RFC1048.TXT for vendor-information extensions. 30 * See RFC 1395 for option tags 14-17. 31 * See accompanying man page -- bootpd.8 32 * 33 * HISTORY 34 * See ./Changes 35 * 36 * BUGS 37 * See ./ToDo 38 */ 39 40 #include <sys/cdefs.h> 41 __FBSDID("$FreeBSD$"); 42 43 #include <sys/types.h> 44 #include <sys/param.h> 45 #include <sys/socket.h> 46 #include <sys/ioctl.h> 47 #include <sys/file.h> 48 #include <sys/time.h> 49 #include <sys/stat.h> 50 #include <sys/utsname.h> 51 52 #include <net/if.h> 53 #include <netinet/in.h> 54 #include <arpa/inet.h> /* inet_ntoa */ 55 56 #ifndef NO_UNISTD 57 #include <unistd.h> 58 #endif 59 60 #include <stdlib.h> 61 #include <signal.h> 62 #include <stdio.h> 63 #include <string.h> 64 #include <errno.h> 65 #include <ctype.h> 66 #include <netdb.h> 67 #include <paths.h> 68 #include <syslog.h> 69 #include <assert.h> 70 71 #ifdef NO_SETSID 72 # include <fcntl.h> /* for O_RDONLY, etc */ 73 #endif 74 75 #ifndef USE_BFUNCS 76 # include <memory.h> 77 /* Yes, memcpy is OK here (no overlapped copies). */ 78 # define bcopy(a,b,c) memcpy(b,a,c) 79 # define bzero(p,l) memset(p,0,l) 80 # define bcmp(a,b,c) memcmp(a,b,c) 81 #endif 82 83 #include "bootp.h" 84 #include "hash.h" 85 #include "hwaddr.h" 86 #include "bootpd.h" 87 #include "dovend.h" 88 #include "getif.h" 89 #include "readfile.h" 90 #include "report.h" 91 #include "tzone.h" 92 #include "patchlevel.h" 93 94 #ifndef CONFIG_FILE 95 #define CONFIG_FILE "/etc/bootptab" 96 #endif 97 #ifndef DUMPTAB_FILE 98 #define DUMPTAB_FILE "/tmp/bootpd.dump" 99 #endif 100 101 102 103 /* 104 * Externals, forward declarations, and global variables 105 */ 106 107 extern void dumptab(char *); 108 109 PRIVATE void catcher(int); 110 PRIVATE int chk_access(char *, int32 *); 111 #ifdef VEND_CMU 112 PRIVATE void dovend_cmu(struct bootp *, struct host *); 113 #endif 114 PRIVATE void dovend_rfc1048(struct bootp *, struct host *, int32); 115 PRIVATE void handle_reply(void); 116 PRIVATE void handle_request(void); 117 PRIVATE void sendreply(int forward, int32 dest_override); 118 PRIVATE void usage(void); 119 120 /* 121 * IP port numbers for client and server obtained from /etc/services 122 */ 123 124 u_short bootps_port, bootpc_port; 125 126 127 /* 128 * Internet socket and interface config structures 129 */ 130 131 struct sockaddr_in bind_addr; /* Listening */ 132 struct sockaddr_in recv_addr; /* Packet source */ 133 struct sockaddr_in send_addr; /* destination */ 134 135 136 /* 137 * option defaults 138 */ 139 int debug = 0; /* Debugging flag (level) */ 140 struct timeval actualtimeout = 141 { /* fifteen minutes */ 142 15 * 60L, /* tv_sec */ 143 0 /* tv_usec */ 144 }; 145 146 /* 147 * General 148 */ 149 150 int s; /* Socket file descriptor */ 151 char *pktbuf; /* Receive packet buffer */ 152 int pktlen; 153 char *progname; 154 char *chdir_path; 155 struct in_addr my_ip_addr; 156 157 static const char *hostname; 158 static char default_hostname[MAXHOSTNAMELEN]; 159 160 /* Flags set by signal catcher. */ 161 PRIVATE int do_readtab = 0; 162 PRIVATE int do_dumptab = 0; 163 164 /* 165 * Globals below are associated with the bootp database file (bootptab). 166 */ 167 168 char *bootptab = CONFIG_FILE; 169 char *bootpd_dump = DUMPTAB_FILE; 170 171 172 173 /* 174 * Initialization such as command-line processing is done and then the 175 * main server loop is started. 176 */ 177 178 int 179 main(argc, argv) 180 int argc; 181 char **argv; 182 { 183 struct timeval *timeout; 184 struct bootp *bp; 185 struct servent *servp; 186 struct hostent *hep; 187 char *stmp; 188 int n, ba_len, ra_len; 189 int nfound, readfds; 190 int standalone; 191 #ifdef SA_NOCLDSTOP /* Have POSIX sigaction(2). */ 192 struct sigaction sa; 193 #endif 194 195 progname = strrchr(argv[0], '/'); 196 if (progname) progname++; 197 else progname = argv[0]; 198 199 /* 200 * Initialize logging. 201 */ 202 report_init(0); /* uses progname */ 203 204 /* 205 * Log startup 206 */ 207 report(LOG_INFO, "version %s.%d", VERSION, PATCHLEVEL); 208 209 /* Debugging for compilers with struct padding. */ 210 assert(sizeof(struct bootp) == BP_MINPKTSZ); 211 212 /* Get space for receiving packets and composing replies. */ 213 pktbuf = malloc(MAX_MSG_SIZE); 214 if (!pktbuf) { 215 report(LOG_ERR, "malloc failed"); 216 exit(1); 217 } 218 bp = (struct bootp *) pktbuf; 219 220 /* 221 * Check to see if a socket was passed to us from inetd. 222 * 223 * Use getsockname() to determine if descriptor 0 is indeed a socket 224 * (and thus we are probably a child of inetd) or if it is instead 225 * something else and we are running standalone. 226 */ 227 s = 0; 228 ba_len = sizeof(bind_addr); 229 bzero((char *) &bind_addr, ba_len); 230 errno = 0; 231 standalone = TRUE; 232 if (getsockname(s, (struct sockaddr *) &bind_addr, &ba_len) == 0) { 233 /* 234 * Descriptor 0 is a socket. Assume we are a child of inetd. 235 */ 236 if (bind_addr.sin_family == AF_INET) { 237 standalone = FALSE; 238 bootps_port = ntohs(bind_addr.sin_port); 239 } else { 240 /* Some other type of socket? */ 241 report(LOG_ERR, "getsockname: not an INET socket"); 242 } 243 } 244 245 /* 246 * Set defaults that might be changed by option switches. 247 */ 248 stmp = NULL; 249 timeout = &actualtimeout; 250 251 if (gethostname(default_hostname, sizeof(default_hostname) - 1) < 0) { 252 report(LOG_ERR, "bootpd: can't get hostname\n"); 253 exit(1); 254 } 255 default_hostname[sizeof(default_hostname) - 1] = '\0'; 256 hostname = default_hostname; 257 258 /* 259 * Read switches. 260 */ 261 for (argc--, argv++; argc > 0; argc--, argv++) { 262 if (argv[0][0] != '-') 263 break; 264 switch (argv[0][1]) { 265 266 case 'c': /* chdir_path */ 267 if (argv[0][2]) { 268 stmp = &(argv[0][2]); 269 } else { 270 argc--; 271 argv++; 272 stmp = argv[0]; 273 } 274 if (!stmp || (stmp[0] != '/')) { 275 report(LOG_ERR, 276 "bootpd: invalid chdir specification\n"); 277 break; 278 } 279 chdir_path = stmp; 280 break; 281 282 case 'd': /* debug level */ 283 if (argv[0][2]) { 284 stmp = &(argv[0][2]); 285 } else if (argv[1] && argv[1][0] == '-') { 286 /* 287 * Backwards-compatible behavior: 288 * no parameter, so just increment the debug flag. 289 */ 290 debug++; 291 break; 292 } else { 293 argc--; 294 argv++; 295 stmp = argv[0]; 296 } 297 if (!stmp || (sscanf(stmp, "%d", &n) != 1) || (n < 0)) { 298 report(LOG_ERR, 299 "%s: invalid debug level\n", progname); 300 break; 301 } 302 debug = n; 303 break; 304 305 case 'h': /* override hostname */ 306 if (argv[0][2]) { 307 stmp = &(argv[0][2]); 308 } else { 309 argc--; 310 argv++; 311 stmp = argv[0]; 312 } 313 if (!stmp) { 314 report(LOG_ERR, 315 "bootpd: missing hostname\n"); 316 break; 317 } 318 hostname = stmp; 319 break; 320 321 case 'i': /* inetd mode */ 322 standalone = FALSE; 323 break; 324 325 case 's': /* standalone mode */ 326 standalone = TRUE; 327 break; 328 329 case 't': /* timeout */ 330 if (argv[0][2]) { 331 stmp = &(argv[0][2]); 332 } else { 333 argc--; 334 argv++; 335 stmp = argv[0]; 336 } 337 if (!stmp || (sscanf(stmp, "%d", &n) != 1) || (n < 0)) { 338 report(LOG_ERR, 339 "%s: invalid timeout specification\n", progname); 340 break; 341 } 342 actualtimeout.tv_sec = (int32) (60 * n); 343 /* 344 * If the actual timeout is zero, pass a NULL pointer 345 * to select so it blocks indefinitely, otherwise, 346 * point to the actual timeout value. 347 */ 348 timeout = (n > 0) ? &actualtimeout : NULL; 349 break; 350 351 default: 352 report(LOG_ERR, "%s: unknown switch: -%c\n", 353 progname, argv[0][1]); 354 usage(); 355 break; 356 357 } /* switch */ 358 } /* for args */ 359 360 /* 361 * Override default file names if specified on the command line. 362 */ 363 if (argc > 0) 364 bootptab = argv[0]; 365 366 if (argc > 1) 367 bootpd_dump = argv[1]; 368 369 /* 370 * Get my hostname and IP address. 371 */ 372 373 hep = gethostbyname(hostname); 374 if (!hep) { 375 report(LOG_ERR, "Can not get my IP address\n"); 376 exit(1); 377 } 378 bcopy(hep->h_addr, (char *)&my_ip_addr, sizeof(my_ip_addr)); 379 380 if (standalone) { 381 /* 382 * Go into background and disassociate from controlling terminal. 383 */ 384 if (debug < 3) { 385 if (fork()) 386 exit(0); 387 #ifdef NO_SETSID 388 setpgrp(0,0); 389 #ifdef TIOCNOTTY 390 n = open(_PATH_TTY, O_RDWR); 391 if (n >= 0) { 392 ioctl(n, TIOCNOTTY, (char *) 0); 393 (void) close(n); 394 } 395 #endif /* TIOCNOTTY */ 396 #else /* SETSID */ 397 if (setsid() < 0) 398 perror("setsid"); 399 #endif /* SETSID */ 400 } /* if debug < 3 */ 401 402 /* 403 * Nuke any timeout value 404 */ 405 timeout = NULL; 406 407 } /* if standalone (1st) */ 408 409 /* Set the cwd (i.e. to /tftpboot) */ 410 if (chdir_path) { 411 if (chdir(chdir_path) < 0) 412 report(LOG_ERR, "%s: chdir failed", chdir_path); 413 } 414 415 /* Get the timezone. */ 416 tzone_init(); 417 418 /* Allocate hash tables. */ 419 rdtab_init(); 420 421 /* 422 * Read the bootptab file. 423 */ 424 readtab(1); /* force read */ 425 426 if (standalone) { 427 428 /* 429 * Create a socket. 430 */ 431 if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0) { 432 report(LOG_ERR, "socket: %s", get_network_errmsg()); 433 exit(1); 434 } 435 436 /* 437 * Get server's listening port number 438 */ 439 servp = getservbyname("bootps", "udp"); 440 if (servp) { 441 bootps_port = ntohs((u_short) servp->s_port); 442 } else { 443 bootps_port = (u_short) IPPORT_BOOTPS; 444 report(LOG_ERR, 445 "bootps/udp: unknown service -- using port %d", 446 bootps_port); 447 } 448 449 /* 450 * Bind socket to BOOTPS port. 451 */ 452 bind_addr.sin_family = AF_INET; 453 bind_addr.sin_addr.s_addr = INADDR_ANY; 454 bind_addr.sin_port = htons(bootps_port); 455 if (bind(s, (struct sockaddr *) &bind_addr, 456 sizeof(bind_addr)) < 0) 457 { 458 report(LOG_ERR, "bind: %s", get_network_errmsg()); 459 exit(1); 460 } 461 } /* if standalone (2nd)*/ 462 463 /* 464 * Get destination port number so we can reply to client 465 */ 466 servp = getservbyname("bootpc", "udp"); 467 if (servp) { 468 bootpc_port = ntohs(servp->s_port); 469 } else { 470 report(LOG_ERR, 471 "bootpc/udp: unknown service -- using port %d", 472 IPPORT_BOOTPC); 473 bootpc_port = (u_short) IPPORT_BOOTPC; 474 } 475 476 /* 477 * Set up signals to read or dump the table. 478 */ 479 #ifdef SA_NOCLDSTOP /* Have POSIX sigaction(2). */ 480 sa.sa_handler = catcher; 481 sigemptyset(&sa.sa_mask); 482 sa.sa_flags = 0; 483 if (sigaction(SIGHUP, &sa, NULL) < 0) { 484 report(LOG_ERR, "sigaction: %s", get_errmsg()); 485 exit(1); 486 } 487 if (sigaction(SIGUSR1, &sa, NULL) < 0) { 488 report(LOG_ERR, "sigaction: %s", get_errmsg()); 489 exit(1); 490 } 491 #else /* SA_NOCLDSTOP */ 492 /* Old-fashioned UNIX signals */ 493 if ((int) signal(SIGHUP, catcher) < 0) { 494 report(LOG_ERR, "signal: %s", get_errmsg()); 495 exit(1); 496 } 497 if ((int) signal(SIGUSR1, catcher) < 0) { 498 report(LOG_ERR, "signal: %s", get_errmsg()); 499 exit(1); 500 } 501 #endif /* SA_NOCLDSTOP */ 502 503 /* 504 * Process incoming requests. 505 */ 506 for (;;) { 507 struct timeval tv; 508 509 readfds = 1 << s; 510 if (timeout) 511 tv = *timeout; 512 513 nfound = select(s + 1, (fd_set *)&readfds, NULL, NULL, 514 (timeout) ? &tv : NULL); 515 if (nfound < 0) { 516 if (errno != EINTR) { 517 report(LOG_ERR, "select: %s", get_errmsg()); 518 } 519 /* 520 * Call readtab() or dumptab() here to avoid the 521 * dangers of doing I/O from a signal handler. 522 */ 523 if (do_readtab) { 524 do_readtab = 0; 525 readtab(1); /* force read */ 526 } 527 if (do_dumptab) { 528 do_dumptab = 0; 529 dumptab(bootpd_dump); 530 } 531 continue; 532 } 533 if (!(readfds & (1 << s))) { 534 if (debug > 1) 535 report(LOG_INFO, "exiting after %ld minutes of inactivity", 536 actualtimeout.tv_sec / 60); 537 exit(0); 538 } 539 ra_len = sizeof(recv_addr); 540 n = recvfrom(s, pktbuf, MAX_MSG_SIZE, 0, 541 (struct sockaddr *) &recv_addr, &ra_len); 542 if (n <= 0) { 543 continue; 544 } 545 if (debug > 1) { 546 report(LOG_INFO, "recvd pkt from IP addr %s", 547 inet_ntoa(recv_addr.sin_addr)); 548 } 549 if (n < sizeof(struct bootp)) { 550 if (debug) { 551 report(LOG_NOTICE, "received short packet"); 552 } 553 continue; 554 } 555 pktlen = n; 556 557 readtab(0); /* maybe re-read bootptab */ 558 559 switch (bp->bp_op) { 560 case BOOTREQUEST: 561 handle_request(); 562 break; 563 case BOOTREPLY: 564 handle_reply(); 565 break; 566 } 567 } 568 return 0; 569 } 570 571 572 573 574 /* 575 * Print "usage" message and exit 576 */ 577 578 PRIVATE void 579 usage() 580 { 581 fprintf(stderr, 582 "usage: bootpd [-d level] [-i] [-s] [-t timeout] [configfile [dumpfile]]\n"); 583 fprintf(stderr, "\t -c n\tset current directory\n"); 584 fprintf(stderr, "\t -d n\tset debug level\n"); 585 fprintf(stderr, "\t -i\tforce inetd mode (run as child of inetd)\n"); 586 fprintf(stderr, "\t -s\tforce standalone mode (run without inetd)\n"); 587 fprintf(stderr, "\t -t n\tset inetd exit timeout to n minutes\n"); 588 exit(1); 589 } 590 591 /* Signal catchers */ 592 PRIVATE void 593 catcher(sig) 594 int sig; 595 { 596 if (sig == SIGHUP) 597 do_readtab = 1; 598 if (sig == SIGUSR1) 599 do_dumptab = 1; 600 #if !defined(SA_NOCLDSTOP) && defined(SYSV) 601 /* For older "System V" derivatives with no sigaction(). */ 602 signal(sig, catcher); 603 #endif 604 } 605 606 607 608 /* 609 * Process BOOTREQUEST packet. 610 * 611 * Note: This version of the bootpd.c server never forwards 612 * a request to another server. That is the job of a gateway 613 * program such as the "bootpgw" program included here. 614 * 615 * (Also this version does not interpret the hostname field of 616 * the request packet; it COULD do a name->address lookup and 617 * forward the request there.) 618 */ 619 PRIVATE void 620 handle_request() 621 { 622 struct bootp *bp = (struct bootp *) pktbuf; 623 struct host *hp = NULL; 624 struct host dummyhost; 625 int32 bootsize = 0; 626 unsigned hlen, hashcode; 627 int32 dest; 628 char realpath[1024]; 629 char *clntpath; 630 char *homedir, *bootfile; 631 int n; 632 633 bp->bp_file[sizeof(bp->bp_file)-1] = '\0'; 634 635 /* XXX - SLIP init: Set bp_ciaddr = recv_addr here? */ 636 637 /* 638 * If the servername field is set, compare it against us. 639 * If we're not being addressed, ignore this request. 640 * If the server name field is null, throw in our name. 641 */ 642 if (strlen(bp->bp_sname)) { 643 if (strcmp(bp->bp_sname, hostname)) { 644 if (debug) 645 report(LOG_INFO, "\ 646 ignoring request for server %s from client at %s address %s", 647 bp->bp_sname, netname(bp->bp_htype), 648 haddrtoa(bp->bp_chaddr, bp->bp_hlen)); 649 /* XXX - Is it correct to ignore such a request? -gwr */ 650 return; 651 } 652 } else { 653 strcpy(bp->bp_sname, hostname); 654 } 655 656 /* Convert the request into a reply. */ 657 bp->bp_op = BOOTREPLY; 658 if (bp->bp_ciaddr.s_addr == 0) { 659 /* 660 * client doesnt know his IP address, 661 * search by hardware address. 662 */ 663 if (debug > 1) { 664 report(LOG_INFO, "request from %s address %s", 665 netname(bp->bp_htype), 666 haddrtoa(bp->bp_chaddr, bp->bp_hlen)); 667 } 668 hlen = haddrlength(bp->bp_htype); 669 if (hlen != bp->bp_hlen) { 670 report(LOG_NOTICE, "bad addr len from from %s address %s", 671 netname(bp->bp_htype), 672 haddrtoa(bp->bp_chaddr, hlen)); 673 } 674 dummyhost.htype = bp->bp_htype; 675 bcopy(bp->bp_chaddr, dummyhost.haddr, hlen); 676 hashcode = hash_HashFunction(bp->bp_chaddr, hlen); 677 hp = (struct host *) hash_Lookup(hwhashtable, hashcode, hwlookcmp, 678 &dummyhost); 679 if (hp == NULL && 680 bp->bp_htype == HTYPE_IEEE802) 681 { 682 /* Try again with address in "canonical" form. */ 683 haddr_conv802(bp->bp_chaddr, dummyhost.haddr, hlen); 684 if (debug > 1) { 685 report(LOG_INFO, "\ 686 HW addr type is IEEE 802. convert to %s and check again\n", 687 haddrtoa(dummyhost.haddr, bp->bp_hlen)); 688 } 689 hashcode = hash_HashFunction(dummyhost.haddr, hlen); 690 hp = (struct host *) hash_Lookup(hwhashtable, hashcode, 691 hwlookcmp, &dummyhost); 692 } 693 if (hp == NULL) { 694 /* 695 * XXX - Add dynamic IP address assignment? 696 */ 697 if (debug) 698 report(LOG_NOTICE, "unknown client %s address %s", 699 netname(bp->bp_htype), 700 haddrtoa(bp->bp_chaddr, bp->bp_hlen)); 701 return; /* not found */ 702 } 703 (bp->bp_yiaddr).s_addr = hp->iaddr.s_addr; 704 705 } else { 706 707 /* 708 * search by IP address. 709 */ 710 if (debug > 1) { 711 report(LOG_INFO, "request from IP addr %s", 712 inet_ntoa(bp->bp_ciaddr)); 713 } 714 dummyhost.iaddr.s_addr = bp->bp_ciaddr.s_addr; 715 hashcode = hash_HashFunction((u_char *) &(bp->bp_ciaddr.s_addr), 4); 716 hp = (struct host *) hash_Lookup(iphashtable, hashcode, iplookcmp, 717 &dummyhost); 718 if (hp == NULL) { 719 if (debug) { 720 report(LOG_NOTICE, "IP address not found: %s", 721 inet_ntoa(bp->bp_ciaddr)); 722 } 723 return; 724 } 725 } 726 727 if (debug) { 728 report(LOG_INFO, "found %s (%s)", inet_ntoa(hp->iaddr), 729 hp->hostname->string); 730 } 731 732 /* 733 * If there is a response delay threshold, ignore requests 734 * with a timestamp lower than the threshold. 735 */ 736 if (hp->flags.min_wait) { 737 u_int32 t = (u_int32) ntohs(bp->bp_secs); 738 if (t < hp->min_wait) { 739 if (debug > 1) 740 report(LOG_INFO, 741 "ignoring request due to timestamp (%d < %d)", 742 t, hp->min_wait); 743 return; 744 } 745 } 746 747 #ifdef YORK_EX_OPTION 748 /* 749 * The need for the "ex" tag arose out of the need to empty 750 * shared networked drives on diskless PCs. This solution is 751 * not very clean but it does work fairly well. 752 * Written by Edmund J. Sutcliffe <edmund@york.ac.uk> 753 * 754 * XXX - This could compromise security if a non-trusted user 755 * managed to write an entry in the bootptab with :ex=trojan: 756 * so I would leave this turned off unless you need it. -gwr 757 */ 758 /* Run a program, passing the client name as a parameter. */ 759 if (hp->flags.exec_file) { 760 char tst[100]; 761 /* XXX - Check string lengths? -gwr */ 762 strcpy (tst, hp->exec_file->string); 763 strcat (tst, " "); 764 strcat (tst, hp->hostname->string); 765 strcat (tst, " &"); 766 if (debug) 767 report(LOG_INFO, "executing %s", tst); 768 system(tst); /* Hope this finishes soon... */ 769 } 770 #endif /* YORK_EX_OPTION */ 771 772 /* 773 * If a specific TFTP server address was specified in the bootptab file, 774 * fill it in, otherwise zero it. 775 * XXX - Rather than zero it, should it be the bootpd address? -gwr 776 */ 777 (bp->bp_siaddr).s_addr = (hp->flags.bootserver) ? 778 hp->bootserver.s_addr : 0L; 779 780 #ifdef STANFORD_PROM_COMPAT 781 /* 782 * Stanford bootp PROMs (for a Sun?) have no way to leave 783 * the boot file name field blank (because the boot file 784 * name is automatically generated from some index). 785 * As a work-around, this little hack allows those PROMs to 786 * specify "sunboot14" with the same effect as a NULL name. 787 * (The user specifies boot device 14 or some such magic.) 788 */ 789 if (strcmp(bp->bp_file, "sunboot14") == 0) 790 bp->bp_file[0] = '\0'; /* treat it as unspecified */ 791 #endif 792 793 /* 794 * Fill in the client's proper bootfile. 795 * 796 * If the client specifies an absolute path, try that file with a 797 * ".host" suffix and then without. If the file cannot be found, no 798 * reply is made at all. 799 * 800 * If the client specifies a null or relative file, use the following 801 * table to determine the appropriate action: 802 * 803 * Homedir Bootfile Client's file 804 * specified? specified? specification Action 805 * ------------------------------------------------------------------- 806 * No No Null Send null filename 807 * No No Relative Discard request 808 * No Yes Null Send if absolute else null 809 * No Yes Relative Discard request *XXX 810 * Yes No Null Send null filename 811 * Yes No Relative Lookup with ".host" 812 * Yes Yes Null Send home/boot or bootfile 813 * Yes Yes Relative Lookup with ".host" *XXX 814 * 815 */ 816 817 /* 818 * XXX - I don't like the policy of ignoring a client when the 819 * boot file is not accessible. The TFTP server might not be 820 * running on the same machine as the BOOTP server, in which 821 * case checking accessibility of the boot file is pointless. 822 * 823 * Therefore, file accessibility is now demanded ONLY if you 824 * define CHECK_FILE_ACCESS in the Makefile options. -gwr 825 */ 826 827 /* 828 * The "real" path is as seen by the BOOTP daemon on this 829 * machine, while the client path is relative to the TFTP 830 * daemon chroot directory (i.e. /tftpboot). 831 */ 832 if (hp->flags.tftpdir) { 833 snprintf(realpath, sizeof(realpath), "%s", hp->tftpdir->string); 834 clntpath = &realpath[strlen(realpath)]; 835 } else { 836 realpath[0] = '\0'; 837 clntpath = realpath; 838 } 839 840 /* 841 * Determine client's requested homedir and bootfile. 842 */ 843 homedir = NULL; 844 bootfile = NULL; 845 if (bp->bp_file[0]) { 846 homedir = bp->bp_file; 847 bootfile = strrchr(homedir, '/'); 848 if (bootfile) { 849 if (homedir == bootfile) 850 homedir = NULL; 851 *bootfile++ = '\0'; 852 } else { 853 /* no "/" in the string */ 854 bootfile = homedir; 855 homedir = NULL; 856 } 857 if (debug > 2) { 858 report(LOG_INFO, "requested path=\"%s\" file=\"%s\"", 859 (homedir) ? homedir : "", 860 (bootfile) ? bootfile : ""); 861 } 862 } 863 864 /* 865 * Specifications in bootptab override client requested values. 866 */ 867 if (hp->flags.homedir) 868 homedir = hp->homedir->string; 869 if (hp->flags.bootfile) 870 bootfile = hp->bootfile->string; 871 872 /* 873 * Construct bootfile path. 874 */ 875 if (homedir) { 876 if (homedir[0] != '/') 877 strcat(clntpath, "/"); 878 strcat(clntpath, homedir); 879 homedir = NULL; 880 } 881 if (bootfile) { 882 if (bootfile[0] != '/') 883 strcat(clntpath, "/"); 884 strcat(clntpath, bootfile); 885 bootfile = NULL; 886 } 887 888 /* 889 * First try to find the file with a ".host" suffix 890 */ 891 n = strlen(clntpath); 892 strcat(clntpath, "."); 893 strcat(clntpath, hp->hostname->string); 894 if (chk_access(realpath, &bootsize) < 0) { 895 clntpath[n] = 0; /* Try it without the suffix */ 896 if (chk_access(realpath, &bootsize) < 0) { 897 /* neither "file.host" nor "file" was found */ 898 #ifdef CHECK_FILE_ACCESS 899 900 if (bp->bp_file[0]) { 901 /* 902 * Client wanted specific file 903 * and we didn't have it. 904 */ 905 report(LOG_NOTICE, 906 "requested file not found: \"%s\"", clntpath); 907 return; 908 } 909 /* 910 * Client didn't ask for a specific file and we couldn't 911 * access the default file, so just zero-out the bootfile 912 * field in the packet and continue processing the reply. 913 */ 914 bzero(bp->bp_file, sizeof(bp->bp_file)); 915 goto null_file_name; 916 917 #else /* CHECK_FILE_ACCESS */ 918 919 /* Complain only if boot file size was needed. */ 920 if (hp->flags.bootsize_auto) { 921 report(LOG_ERR, "can not determine size of file \"%s\"", 922 clntpath); 923 } 924 925 #endif /* CHECK_FILE_ACCESS */ 926 } 927 } 928 strncpy(bp->bp_file, clntpath, BP_FILE_LEN); 929 if (debug > 2) 930 report(LOG_INFO, "bootfile=\"%s\"", clntpath); 931 932 #ifdef CHECK_FILE_ACCESS 933 null_file_name: 934 #endif /* CHECK_FILE_ACCESS */ 935 936 937 /* 938 * Handle vendor options based on magic number. 939 */ 940 941 if (debug > 1) { 942 report(LOG_INFO, "vendor magic field is %d.%d.%d.%d", 943 (int) ((bp->bp_vend)[0]), 944 (int) ((bp->bp_vend)[1]), 945 (int) ((bp->bp_vend)[2]), 946 (int) ((bp->bp_vend)[3])); 947 } 948 /* 949 * If this host isn't set for automatic vendor info then copy the 950 * specific cookie into the bootp packet, thus forcing a certain 951 * reply format. Only force reply format if user specified it. 952 */ 953 if (hp->flags.vm_cookie) { 954 /* Slam in the user specified magic number. */ 955 bcopy(hp->vm_cookie, bp->bp_vend, 4); 956 } 957 /* 958 * Figure out the format for the vendor-specific info. 959 * Note that bp->bp_vend may have been set above. 960 */ 961 if (!bcmp(bp->bp_vend, vm_rfc1048, 4)) { 962 /* RFC1048 conformant bootp client */ 963 dovend_rfc1048(bp, hp, bootsize); 964 if (debug > 1) { 965 report(LOG_INFO, "sending reply (with RFC1048 options)"); 966 } 967 } 968 #ifdef VEND_CMU 969 else if (!bcmp(bp->bp_vend, vm_cmu, 4)) { 970 dovend_cmu(bp, hp); 971 if (debug > 1) { 972 report(LOG_INFO, "sending reply (with CMU options)"); 973 } 974 } 975 #endif 976 else { 977 if (debug > 1) { 978 report(LOG_INFO, "sending reply (with no options)"); 979 } 980 } 981 982 dest = (hp->flags.reply_addr) ? 983 hp->reply_addr.s_addr : 0L; 984 985 /* not forwarded */ 986 sendreply(0, dest); 987 } 988 989 990 /* 991 * Process BOOTREPLY packet. 992 */ 993 PRIVATE void 994 handle_reply() 995 { 996 if (debug) { 997 report(LOG_INFO, "processing boot reply"); 998 } 999 /* forwarded, no destination override */ 1000 sendreply(1, 0); 1001 } 1002 1003 1004 /* 1005 * Send a reply packet to the client. 'forward' flag is set if we are 1006 * not the originator of this reply packet. 1007 */ 1008 PRIVATE void 1009 sendreply(forward, dst_override) 1010 int forward; 1011 int32 dst_override; 1012 { 1013 struct bootp *bp = (struct bootp *) pktbuf; 1014 struct in_addr dst; 1015 u_short port = bootpc_port; 1016 unsigned char *ha; 1017 int len, haf; 1018 1019 /* 1020 * XXX - Should honor bp_flags "broadcast" bit here. 1021 * Temporary workaround: use the :ra=ADDR: option to 1022 * set the reply address to the broadcast address. 1023 */ 1024 1025 /* 1026 * If the destination address was specified explicitly 1027 * (i.e. the broadcast address for HP compatiblity) 1028 * then send the response to that address. Otherwise, 1029 * act in accordance with RFC951: 1030 * If the client IP address is specified, use that 1031 * else if gateway IP address is specified, use that 1032 * else make a temporary arp cache entry for the client's 1033 * NEW IP/hardware address and use that. 1034 */ 1035 if (dst_override) { 1036 dst.s_addr = dst_override; 1037 if (debug > 1) { 1038 report(LOG_INFO, "reply address override: %s", 1039 inet_ntoa(dst)); 1040 } 1041 } else if (bp->bp_ciaddr.s_addr) { 1042 dst = bp->bp_ciaddr; 1043 } else if (bp->bp_giaddr.s_addr && forward == 0) { 1044 dst = bp->bp_giaddr; 1045 port = bootps_port; 1046 if (debug > 1) { 1047 report(LOG_INFO, "sending reply to gateway %s", 1048 inet_ntoa(dst)); 1049 } 1050 } else { 1051 dst = bp->bp_yiaddr; 1052 ha = bp->bp_chaddr; 1053 len = bp->bp_hlen; 1054 if (len > MAXHADDRLEN) 1055 len = MAXHADDRLEN; 1056 haf = (int) bp->bp_htype; 1057 if (haf == 0) 1058 haf = HTYPE_ETHERNET; 1059 1060 if (debug > 1) 1061 report(LOG_INFO, "setarp %s - %s", 1062 inet_ntoa(dst), haddrtoa(ha, len)); 1063 setarp(s, &dst, haf, ha, len); 1064 } 1065 1066 if ((forward == 0) && 1067 (bp->bp_siaddr.s_addr == 0)) 1068 { 1069 struct ifreq *ifr; 1070 struct in_addr siaddr; 1071 /* 1072 * If we are originating this reply, we 1073 * need to find our own interface address to 1074 * put in the bp_siaddr field of the reply. 1075 * If this server is multi-homed, pick the 1076 * 'best' interface (the one on the same net 1077 * as the client). Of course, the client may 1078 * be on the other side of a BOOTP gateway... 1079 */ 1080 ifr = getif(s, &dst); 1081 if (ifr) { 1082 struct sockaddr_in *sip; 1083 sip = (struct sockaddr_in *) &(ifr->ifr_addr); 1084 siaddr = sip->sin_addr; 1085 } else { 1086 /* Just use my "official" IP address. */ 1087 siaddr = my_ip_addr; 1088 } 1089 1090 /* XXX - No need to set bp_giaddr here. */ 1091 1092 /* Finally, set the server address field. */ 1093 bp->bp_siaddr = siaddr; 1094 } 1095 /* Set up socket address for send. */ 1096 send_addr.sin_family = AF_INET; 1097 send_addr.sin_port = htons(port); 1098 send_addr.sin_addr = dst; 1099 1100 /* Send reply with same size packet as request used. */ 1101 if (sendto(s, pktbuf, pktlen, 0, 1102 (struct sockaddr *) &send_addr, 1103 sizeof(send_addr)) < 0) 1104 { 1105 report(LOG_ERR, "sendto: %s", get_network_errmsg()); 1106 } 1107 } /* sendreply */ 1108 1109 1110 /* nmatch() - now in getif.c */ 1111 /* setarp() - now in hwaddr.c */ 1112 1113 1114 /* 1115 * This call checks read access to a file. It returns 0 if the file given 1116 * by "path" exists and is publically readable. A value of -1 is returned if 1117 * access is not permitted or an error occurs. Successful calls also 1118 * return the file size in bytes using the long pointer "filesize". 1119 * 1120 * The read permission bit for "other" users is checked. This bit must be 1121 * set for tftpd(8) to allow clients to read the file. 1122 */ 1123 1124 PRIVATE int 1125 chk_access(path, filesize) 1126 char *path; 1127 int32 *filesize; 1128 { 1129 struct stat st; 1130 1131 if ((stat(path, &st) == 0) && (st.st_mode & (S_IREAD >> 6))) { 1132 *filesize = (int32) st.st_size; 1133 return 0; 1134 } else { 1135 return -1; 1136 } 1137 } 1138 1139 1140 /* 1141 * Now in dumptab.c : 1142 * dumptab() 1143 * dump_host() 1144 * list_ipaddresses() 1145 */ 1146 1147 #ifdef VEND_CMU 1148 1149 /* 1150 * Insert the CMU "vendor" data for the host pointed to by "hp" into the 1151 * bootp packet pointed to by "bp". 1152 */ 1153 1154 PRIVATE void 1155 dovend_cmu(bp, hp) 1156 struct bootp *bp; 1157 struct host *hp; 1158 { 1159 struct cmu_vend *vendp; 1160 struct in_addr_list *taddr; 1161 1162 /* 1163 * Initialize the entire vendor field to zeroes. 1164 */ 1165 bzero(bp->bp_vend, sizeof(bp->bp_vend)); 1166 1167 /* 1168 * Fill in vendor information. Subnet mask, default gateway, 1169 * domain name server, ien name server, time server 1170 */ 1171 vendp = (struct cmu_vend *) bp->bp_vend; 1172 strcpy(vendp->v_magic, (char *)vm_cmu); 1173 if (hp->flags.subnet_mask) { 1174 (vendp->v_smask).s_addr = hp->subnet_mask.s_addr; 1175 (vendp->v_flags) |= VF_SMASK; 1176 if (hp->flags.gateway) { 1177 (vendp->v_dgate).s_addr = hp->gateway->addr->s_addr; 1178 } 1179 } 1180 if (hp->flags.domain_server) { 1181 taddr = hp->domain_server; 1182 if (taddr->addrcount > 0) { 1183 (vendp->v_dns1).s_addr = (taddr->addr)[0].s_addr; 1184 if (taddr->addrcount > 1) { 1185 (vendp->v_dns2).s_addr = (taddr->addr)[1].s_addr; 1186 } 1187 } 1188 } 1189 if (hp->flags.name_server) { 1190 taddr = hp->name_server; 1191 if (taddr->addrcount > 0) { 1192 (vendp->v_ins1).s_addr = (taddr->addr)[0].s_addr; 1193 if (taddr->addrcount > 1) { 1194 (vendp->v_ins2).s_addr = (taddr->addr)[1].s_addr; 1195 } 1196 } 1197 } 1198 if (hp->flags.time_server) { 1199 taddr = hp->time_server; 1200 if (taddr->addrcount > 0) { 1201 (vendp->v_ts1).s_addr = (taddr->addr)[0].s_addr; 1202 if (taddr->addrcount > 1) { 1203 (vendp->v_ts2).s_addr = (taddr->addr)[1].s_addr; 1204 } 1205 } 1206 } 1207 /* Log message now done by caller. */ 1208 } /* dovend_cmu */ 1209 1210 #endif /* VEND_CMU */ 1211 1212 1213 1214 /* 1215 * Insert the RFC1048 vendor data for the host pointed to by "hp" into the 1216 * bootp packet pointed to by "bp". 1217 */ 1218 #define NEED(LEN, MSG) do \ 1219 if (bytesleft < (LEN)) { \ 1220 report(LOG_NOTICE, noroom, \ 1221 hp->hostname->string, MSG); \ 1222 return; \ 1223 } while (0) 1224 PRIVATE void 1225 dovend_rfc1048(bp, hp, bootsize) 1226 struct bootp *bp; 1227 struct host *hp; 1228 int32 bootsize; 1229 { 1230 int bytesleft, len; 1231 byte *vp; 1232 1233 static const char noroom[] = "%s: No room for \"%s\" option"; 1234 1235 vp = bp->bp_vend; 1236 1237 if (hp->flags.msg_size) { 1238 pktlen = hp->msg_size; 1239 } else { 1240 /* 1241 * If the request was longer than the official length, build 1242 * a response of that same length where the additional length 1243 * is assumed to be part of the bp_vend (options) area. 1244 */ 1245 if (pktlen > sizeof(*bp)) { 1246 if (debug > 1) 1247 report(LOG_INFO, "request message length=%d", pktlen); 1248 } 1249 /* 1250 * Check whether the request contains the option: 1251 * Maximum DHCP Message Size (RFC1533 sec. 9.8) 1252 * and if so, override the response length with its value. 1253 * This request must lie within the first BP_VEND_LEN 1254 * bytes of the option space. 1255 */ 1256 { 1257 byte *p, *ep; 1258 byte tag, len; 1259 short msgsz = 0; 1260 1261 p = vp + 4; 1262 ep = p + BP_VEND_LEN - 4; 1263 while (p < ep) { 1264 tag = *p++; 1265 /* Check for tags with no data first. */ 1266 if (tag == TAG_PAD) 1267 continue; 1268 if (tag == TAG_END) 1269 break; 1270 /* Now scan the length byte. */ 1271 len = *p++; 1272 switch (tag) { 1273 case TAG_MAX_MSGSZ: 1274 if (len == 2) { 1275 bcopy(p, (char*)&msgsz, 2); 1276 msgsz = ntohs(msgsz); 1277 } 1278 break; 1279 case TAG_SUBNET_MASK: 1280 /* XXX - Should preserve this if given... */ 1281 break; 1282 } /* swtich */ 1283 p += len; 1284 } 1285 1286 if (msgsz > sizeof(*bp) + BP_MSG_OVERHEAD) { 1287 if (debug > 1) 1288 report(LOG_INFO, "request has DHCP msglen=%d", msgsz); 1289 pktlen = msgsz - BP_MSG_OVERHEAD; 1290 } 1291 } 1292 } 1293 1294 if (pktlen < sizeof(*bp)) { 1295 report(LOG_ERR, "invalid response length=%d", pktlen); 1296 pktlen = sizeof(*bp); 1297 } 1298 bytesleft = ((byte*)bp + pktlen) - vp; 1299 if (pktlen > sizeof(*bp)) { 1300 if (debug > 1) 1301 report(LOG_INFO, "extended reply, length=%d, options=%d", 1302 pktlen, bytesleft); 1303 } 1304 1305 /* Copy in the magic cookie */ 1306 bcopy(vm_rfc1048, vp, 4); 1307 vp += 4; 1308 bytesleft -= 4; 1309 1310 if (hp->flags.subnet_mask) { 1311 /* always enough room here. */ 1312 *vp++ = TAG_SUBNET_MASK;/* -1 byte */ 1313 *vp++ = 4; /* -1 byte */ 1314 insert_u_long(hp->subnet_mask.s_addr, &vp); /* -4 bytes */ 1315 bytesleft -= 6; /* Fix real count */ 1316 if (hp->flags.gateway) { 1317 (void) insert_ip(TAG_GATEWAY, 1318 hp->gateway, 1319 &vp, &bytesleft); 1320 } 1321 } 1322 if (hp->flags.bootsize) { 1323 /* always enough room here */ 1324 bootsize = (hp->flags.bootsize_auto) ? 1325 ((bootsize + 511) / 512) : (hp->bootsize); /* Round up */ 1326 *vp++ = TAG_BOOT_SIZE; 1327 *vp++ = 2; 1328 *vp++ = (byte) ((bootsize >> 8) & 0xFF); 1329 *vp++ = (byte) (bootsize & 0xFF); 1330 bytesleft -= 4; /* Tag, length, and 16 bit blocksize */ 1331 } 1332 /* 1333 * This one is special: Remaining options go in the ext file. 1334 * Only the subnet_mask, bootsize, and gateway should precede. 1335 */ 1336 if (hp->flags.exten_file) { 1337 /* 1338 * Check for room for exten_file. Add 3 to account for 1339 * TAG_EXTEN_FILE, length, and TAG_END. 1340 */ 1341 len = strlen(hp->exten_file->string); 1342 NEED((len + 3), "ef"); 1343 *vp++ = TAG_EXTEN_FILE; 1344 *vp++ = (byte) (len & 0xFF); 1345 bcopy(hp->exten_file->string, vp, len); 1346 vp += len; 1347 *vp++ = TAG_END; 1348 bytesleft -= len + 3; 1349 return; /* no more options here. */ 1350 } 1351 /* 1352 * The remaining options are inserted by the following 1353 * function (which is shared with bootpef.c). 1354 * Keep back one byte for the TAG_END. 1355 */ 1356 len = dovend_rfc1497(hp, vp, bytesleft - 1); 1357 vp += len; 1358 bytesleft -= len; 1359 1360 /* There should be at least one byte left. */ 1361 NEED(1, "(end)"); 1362 *vp++ = TAG_END; 1363 bytesleft--; 1364 1365 /* Log message done by caller. */ 1366 if (bytesleft > 0) { 1367 /* 1368 * Zero out any remaining part of the vendor area. 1369 */ 1370 bzero(vp, bytesleft); 1371 } 1372 } /* dovend_rfc1048 */ 1373 #undef NEED 1374 1375 1376 /* 1377 * Now in readfile.c: 1378 * hwlookcmp() 1379 * iplookcmp() 1380 */ 1381 1382 /* haddrtoa() - now in hwaddr.c */ 1383 /* 1384 * Now in dovend.c: 1385 * insert_ip() 1386 * insert_generic() 1387 * insert_u_long() 1388 */ 1389 1390 /* get_errmsg() - now in report.c */ 1391 1392 /* 1393 * Local Variables: 1394 * tab-width: 4 1395 * c-indent-level: 4 1396 * c-argdecl-indent: 4 1397 * c-continued-statement-offset: 4 1398 * c-continued-brace-offset: -4 1399 * c-label-offset: -4 1400 * c-brace-offset: 0 1401 * End: 1402 */ 1403