Add pool/permit support.

2025-08-31 06:15:55 +00:00 · 1998-11-09 02:46:58 +00:00
parent 64e1dc1d5f
commit f63b49298d
2 changed files with 348 additions and 31 deletions
--- a/server/confpars.c
+++ b/server/confpars.c
@@ -42,7 +42,7 @@

 #ifndef lint
 static char copyright[] =
-"$Id: confpars.c,v 1.54 1998/11/06 02:58:17 mellon Exp $ Copyright (c) 1995, 1996 The Internet Software Consortium.  All rights reserved.\n";
+"$Id: confpars.c,v 1.55 1998/11/09 02:46:36 mellon Exp $ Copyright (c) 1995, 1996 The Internet Software Consortium.  All rights reserved.\n";
 #endif /* not lint */

 #include "dhcpd.h"
@@ -320,6 +320,14 @@ int parse_statement (cfile, group, type, host_decl, declaration)
 		}
 		break;

+	      case POOL:
+		next_token (&val, cfile);
+		if (type != SUBNET_DECL && type != SHARED_NET_DECL) {
+			parse_warn ("pool declared outside of network");
+		}
+		parse_pool_statement (cfile, group, type);
+		return declaration;
+
 	      case RANGE:
 		next_token (&val, cfile);
 		if (type != SUBNET_DECL || !group -> subnet) {
@@ -327,7 +335,7 @@ int parse_statement (cfile, group, type, host_decl, declaration)
 			skip_to_semi (cfile);
 			return declaration;
 		}
-		parse_address_range (cfile, group -> subnet);
+		parse_address_range (cfile, group, type, (struct pool *)0);
 		return declaration;

 	      case ALLOW:
@@ -420,6 +428,136 @@ int parse_statement (cfile, group, type, host_decl, declaration)
 	return 0;
 }

+void parse_pool_statement (cfile, group, type)
+	FILE *cfile;
+	struct group *group;
+	int type;
+{
+	enum dhcp_token token;
+	char *val;
+	int done = 0;
+	struct pool *pool, **p;
+	struct permit *permit;
+	struct permit **permit_head;
+
+	pool = new_pool ("parse_pool_statement");
+	if (!pool)
+		error ("no memory for pool.");
+
+	if (!parse_lbrace (cfile))
+		return;
+	do {
+		switch (peek_token (&val, cfile)) {
+		      case RANGE:
+			next_token (&val, cfile);
+			parse_address_range (cfile, group, type, pool);
+			break;
+		      case ALLOW:
+			permit_head = &pool -> permit_list;
+		      get_permit:
+			permit = new_permit ("parse_pool_statement");
+			if (!permit)
+				error ("no memory for permit");
+			next_token (&val, cfile);
+			token = next_token (&val, cfile);
+			switch (token) {
+			      case UNKNOWN:
+				permit -> type = permit_unknown_clients;
+			      get_clients:
+				if (next_token (&val, cfile) != CLIENTS) {
+					parse_warn ("expecting \"hosts\"");
+					skip_to_semi (cfile);
+					free_permit (permit,
+						     "parse_pool_statement");
+					continue;
+				}
+				break;
+				
+			      case KNOWN:
+				permit -> type = permit_known_clients;
+				goto get_clients;
+				
+			      case AUTHENTICATED:
+				permit -> type = permit_authenticated_clients;
+				goto get_clients;
+				
+			      case UNAUTHENTICATED:
+				permit -> type =
+					permit_unauthenticated_clients;
+				goto get_clients;
+
+			      case ALL:
+				permit -> type = permit_all_clients;
+				goto get_clients;
+				break;
+				
+			      case DYNAMIC:
+				permit -> type = permit_dynamic_bootp_clients;
+				if (next_token (&val, cfile) != BOOTP) {
+					parse_warn ("expecting \"bootp\"");
+					skip_to_semi (cfile);
+					free_permit (permit,
+						     "parse_pool_statement");
+					continue;
+				}
+				goto get_clients;
+				
+			      case MEMBERS:
+				if (next_token (&val, cfile) != OF) {
+					parse_warn ("expecting \"of\"");
+					skip_to_semi (cfile);
+					free_permit (permit,
+						     "parse_pool_statement");
+					continue;
+				}
+				if (next_token (&val, cfile) != STRING) {
+					parse_warn ("expecting class name.");
+					skip_to_semi (cfile);
+					free_permit (permit,
+						     "parse_pool_statement");
+					continue;
+				}
+				permit -> type = permit_class;
+				permit -> class = find_class (val);
+				if (!permit -> class)
+					parse_warn ("no such class: %s", val);
+			      default:
+				parse_warn ("expecting permit type.");
+				skip_to_semi (cfile);
+				break;
+			}
+			while (*permit_head)
+				permit_head = &((*permit_head) -> next);
+			*permit_head = permit;
+			break;
+
+		      case DENY:
+			permit_head = &pool -> prohibit_list;
+			goto get_permit;
+			
+		      case RBRACE:
+			next_token (&val, cfile);
+			done = 1;
+			break;
+
+		      default:
+			parse_warn ("expecting address range or permit list.");
+			skip_to_semi (cfile);
+			break;
+		}
+	} while (!done);
+
+	if (type == SUBNET_DECL)
+		pool -> shared_network = group -> subnet -> shared_network;
+	else
+		pool -> shared_network = group -> shared_network;
+
+	p = &pool -> shared_network -> pools;
+	for (; *p; p = &((*p) -> next))
+		;
+	*p = pool;
+}
+
 /* allow-deny-keyword :== BOOTP
   			| BOOTING
 			| DYNAMIC_BOOTP
@@ -807,9 +945,7 @@ void parse_shared_net_declaration (cfile, group)
 	share = new_shared_network ("parse_shared_net_declaration");
 	if (!share)
 		error ("No memory for shared subnet");
-	share -> leases = (struct lease *)0;
-	share -> last_lease = (struct lease *)0;
-	share -> insertion_point = (struct lease *)0;
+	share -> pools = (struct pool *)0;
 	share -> next = (struct shared_network *)0;
 	share -> interface = (struct interface_info *)0;
 	share -> group = clone_group (group, "parse_shared_net_declaration");
@@ -1229,16 +1365,21 @@ struct lease *parse_lease_declaration (cfile)
 /* address-range-declaration :== ip-address ip-address SEMI
 			       | DYNAMIC_BOOTP ip-address ip-address SEMI */

-void parse_address_range (cfile, subnet)
+void parse_address_range (cfile, group, type, pool)
 	FILE *cfile;
-	struct subnet *subnet;
+	struct group *group;
+	int type;
+	struct pool *pool;
 {
-	struct iaddr low, high;
+	struct iaddr low, high, net;
 	unsigned char addr [4];
 	int len = sizeof addr;
 	enum dhcp_token token;
 	char *val;
 	int dynamic = 0;
+	struct subnet *subnet;
+	struct shared_network *share;
+	struct pool *p;

 	if ((token = peek_token (&val, cfile)) == DYNAMIC_BOOTP) {
 		token = next_token (&val, cfile);
@@ -1270,7 +1411,65 @@ void parse_address_range (cfile, subnet)
 		return;
 	}

+	if (type == SUBNET_DECL) {
+		subnet = group -> subnet;
+		share = subnet -> shared_network;
+	} else {
+		share = group -> shared_network;
+		for (subnet = share -> subnets;
+		     subnet; subnet = subnet -> next_sibling) {
+			net = subnet_number (low, subnet -> netmask);
+			if (addr_eq (low, subnet -> net))
+				break;
+		}
+		if (!subnet) {
+			parse_warn ("address range not on network %s",
+				    group -> shared_network -> name);
+			return;
+		}
+	}
+
+	if (!pool) {
+		struct pool *last;
+		/* If we're permitting dynamic bootp for this range,
+		   then look for a pool with an empty prohibit list and
+		   a permit list with one entry which permits dynamic
+		   bootp. */
+		for (pool = share -> pools; pool; pool = pool -> next) {
+			if ((!dynamic &&
+			     !pool -> permit_list && !pool -> prohibit_list) ||
+			    (dynamic &&
+			     !pool -> prohibit_list &&
+			     pool -> permit_list &&
+			     !pool -> permit_list -> next &&
+			     (pool -> permit_list -> type ==
+			      permit_dynamic_bootp_clients))) {
+				break;
+			}
+			last = pool;
+		}
+
+		/* If we didn't get a pool, make one. */
+		if (!pool) {
+			pool = new_pool ("parse_address_range");
+			if (!pool)
+				error ("no memory for ad-hoc pool.");
+			if (dynamic) {
+				pool -> permit_list =
+					new_permit ("parse_address_range");
+				if (!pool -> permit_list)
+					error ("no memory for ad-hoc permit.");
+				pool -> permit_list -> type =
+					permit_dynamic_bootp_clients;
+			}
+			if (share -> pools)
+				last -> next = pool;
+			else
+				share -> pools = pool;
+		}
+	}
+
 	/* Create the new address range... */
-	new_address_range (low, high, subnet, dynamic);
+	new_address_range (low, high, subnet, pool);
 }

--- a/server/dhcp.c
+++ b/server/dhcp.c
@@ -42,7 +42,7 @@

 #ifndef lint
 static char copyright[] =
-"$Id: dhcp.c,v 1.70 1998/11/06 02:59:11 mellon Exp $ Copyright (c) 1995, 1996, 1997, 1998 The Internet Software Consortium.  All rights reserved.\n";
+"$Id: dhcp.c,v 1.71 1998/11/09 02:46:58 mellon Exp $ Copyright (c) 1995, 1996, 1997, 1998 The Internet Software Consortium.  All rights reserved.\n";
 #endif /* not lint */

 #include "dhcpd.h"
@@ -110,24 +110,16 @@ void dhcpdiscover (packet)

 	/* If we didn't find a lease, try to allocate one... */
 	if (!lease) {
-		lease = packet -> shared_network -> last_lease;
-
-		/* If there are no leases in that subnet that have
-		   expired, we have nothing to offer this client. */
-		if (!lease || lease -> ends > cur_time) {
-			note ("no free leases on subnet %s",
-			      packet -> shared_network -> name);
+		lease = allocate_lease (packet,
+					packet -> shared_network -> pools, 0);
+		if (!lease) {
+			note ("no free leases on network %s match %s",
+			      packet -> shared_network -> name,
+			      print_hw_addr (packet -> raw -> htype,
+					     packet -> raw -> hlen,
+					     packet -> raw -> chaddr));
 			return;
 		}
-
-		/* If we find an abandoned lease, take it, but print a
-		   warning message, so that if it continues to lose,
-		   the administrator will eventually investigate. */
-		if (lease -> flags & ABANDONED_LEASE) {
-			warn ("Reclaiming abandoned IP address %s.",
-			      piaddr (lease -> ip_addr));
-			lease -> flags &= ~ABANDONED_LEASE;
-		}
 	}

 	ack_lease (packet, lease, DHCPOFFER, cur_time + 120);
@@ -596,7 +588,7 @@ void ack_lease (packet, lease, offer, when)
 				     (struct group *)0);

 	/* Vendor and user classes are only supported for DHCP clients. */
-	if (state -> offer) {
+	if (offer) {
 		for (i = packet -> class_count; i > 0; i--) {
                        execute_statements_in_scope
 				(packet, &state -> options,
@@ -1376,6 +1368,8 @@ struct lease *find_lease (packet, share, ours)
 		hp = find_hosts_by_uid (client_identifier.data,
 					client_identifier.len);
 		if (hp) {
+			/* Remember if we know of this client. */
+			packet -> known = 1;
 			fixed_lease = mockup_lease (packet, share, hp);
 		} else
 			fixed_lease = (struct lease *)0;
@@ -1422,6 +1416,8 @@ struct lease *find_lease (packet, share, ours)
 					  packet -> raw -> chaddr,
 					  packet -> raw -> hlen);
 		if (hp) {
+			/* Remember if we know of this client. */
+			packet -> known = 1;
 			host = hp; /* Save it for later. */
 			fixed_lease = mockup_lease (packet, share, hp);
 #if defined (DEBUG_FIND_LEASE)
@@ -1443,10 +1439,13 @@ struct lease *find_lease (packet, share, ours)
 		if (hw_lease -> shared_network == share) {
 			if (hw_lease -> flags & ABANDONED_LEASE)
 				continue;
-			if (packet -> packet_type)
-				break;
-			if (hw_lease -> flags &
-			    (BOOTP_LEASE | DYNAMIC_BOOTP_OK))
+			/* If we're allowed to use this lease, do so. */
+			if (!((lease -> pool -> prohibit_list &&
+			       permitted (packet,
+					  lease -> pool -> prohibit_list)) ||
+			      (lease -> pool -> permit_list &&
+			       !permitted (packet,
+					   lease -> pool -> permit_list))))
 				break;
 		}
 	}
@@ -1743,3 +1742,122 @@ struct lease *mockup_lease (packet, share, hp)
 	mock.flags = STATIC_LEASE;
 	return &mock;
 }
+
+/* Look through all the pools in a list starting with the specified pool
+   for a free lease.   We try to find a virgin lease if we can.   If we
+   don't find a virgin lease, we try to find a non-virgin lease that's
+   free.   If we can't find one of those, we try to reclaim an abandoned
+   lease.   If all of these possibilities fail to pan out, we don't return
+   a lease at all. */
+
+struct lease *allocate_lease (packet, pool, ok)
+	struct packet *packet;
+	struct pool *pool;
+	int ok;
+{
+	struct lease *lease, *lp;
+	struct permit *permit;
+
+	if (!pool)
+		return (struct lease *)0;
+
+	/* If we aren't elegible to try this pool, try a subsequent one. */
+	if ((pool -> prohibit_list &&
+	     permitted (packet, pool -> prohibit_list)) ||
+	    (pool -> permit_list && !permitted (packet, pool -> permit_list)))
+		return allocate_lease (packet, pool -> next, ok);
+
+	lease = pool -> last_lease;
+
+	/* If there are no leases in the pool that have
+	   expired, try the next one. */
+	if (!lease || lease -> ends > cur_time)
+		return allocate_lease (packet, pool -> next, ok);
+
+	/* If we find an abandoned lease, and no other lease qualifies
+	   better, take it. */
+	if (lease -> flags & ABANDONED_LEASE) {
+		/* If we already have a non-abandoned lease that we didn't
+		   love, but that's okay, don't reclaim the abandoned lease. */
+		if (ok)
+			return allocate_lease (packet, pool -> next, ok);
+		lp = allocate_lease (packet, pool -> next, 0);
+		if (!lp) {
+			warn ("Reclaiming abandoned IP address %s.",
+			      piaddr (lease -> ip_addr));
+			lease -> flags &= ~ABANDONED_LEASE;
+			return lease;
+		}
+		return lp;
+	}
+
+	/* If there's a lease we could take, but it had previously been
+	   allocated to a different client, try for a virgin lease before
+	   stealing it. */
+	if (lease -> uid_len || lease -> hardware_addr.hlen) {
+		/* If we're already in that boat, no need to consider
+		   allocating this particular lease. */
+		if (ok)
+			return allocate_lease (packet, pool -> next, ok);
+
+		lp = allocate_lease (packet, pool -> next, 1);
+		if (lp)
+			return lp;
+		return lease;
+	}
+
+	return lease;
+}
+
+/* Determine whether or not a permit exists on a particular permit list
+   that matches the specified packet, returning nonzero if so, zero if
+   not. */
+
+int permitted (packet, permit_list)
+	struct packet *packet;
+	struct permit *permit_list;
+{
+	struct permit *p;
+	int i;
+
+	for (p = permit_list; p; p = p -> next) {
+		switch (p -> type) {
+		      case permit_unknown_clients:
+			if (!packet -> known)
+				return 1;
+			break;
+
+		      case permit_known_clients:
+			if (packet -> known)
+				return 1;
+			break;
+
+		      case permit_authenticated_clients:
+			if (packet -> authenticated)
+				return 1;
+			break;
+
+		      case permit_unauthenticated_clients:
+			if (!packet -> authenticated)
+				return 1;
+			break;
+
+		      case permit_all_clients:
+			return 1;
+
+		      case permit_dynamic_bootp_clients:
+			if (!packet -> options_valid ||
+			    !packet -> packet_type)
+				return 1;
+			break;
+			
+		      case permit_class:
+			for (i = 0; i < packet -> class_count; i++)
+				if (p -> class == packet -> classes [i])
+					return 1;
+			break;
+		}
+	}
+	return 0;
+}
+