Re: [Call for reviews] Support domain-search option in dhclient(8)

2011-11-13 Thread Jean-Sébastien Pédron 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 12.11.2011 21:01, Andrey V. Elsukov wrote:
> I have several questions after a quick view of your patch: 1.
> AFAIR, our dhclient was doing changes in the system configuration
> via dhclient-script, but i don't see that your changes touched it.

Yes, I forgot to include this in the patch. Here's a new version:
http://people.freebsd.org/~dumbbell/dhclient/dhclient-domain-search-b.patch

> 2. Your code handles compressed options. It's good. But it seems
> you don't check names correctness. There were some checks for
> "domain-name" option, probably you can use them.

This is a nice suggestion. I added it in the new version.

> 3. Also it would be good to update man pages :)

Also fixed in the new patch.

Thank you Andrey for your feedback!

- -- 
Jean-Sébastien Pédron
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.18 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk6/9JQACgkQa+xGJsFYOlNbzQCgnlpv8iEPsHlYmJXlBmFrD/CU
0pMAoLYrbwmtbnL9mmU3vIRgaP3bd0N2
=ykon
-END PGP SIGNATURE-
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: [Call for reviews] Support domain-search option in dhclient(8)

2011-11-12 Thread Andrey V. Elsukov 
On 12.11.2011 20:07, Jean-Sébastien Pédron wrote:
> Attached is a patch that adds support for "domain-search" option
> (#119) as defined in RFC 3397[1]. This allows a DHCP server to publish
> a list of domain names that should be used to search for non-fully
> qualified domain names.
> 
> There's already a PR opened about this:
> http://www.freebsd.org/cgi/query-pr.cgi?pr=151940
> 
> With this patch applied and a DHCP server configured to publish this
> option, dhclient(8) will add a line similar to the following one:
>   search example.org. foobar.com.
> 
> In the example, this indicates that the name "www" should be resolved
> first as "www.example.org", then as "www.foobar.com".
> 
> I prepared a regression test to be added to tools/regression (not
> included). However, I'm not knowledgeable enough to anticipate all
> security-related issues. I would appreciate a review especially with
> this in mind :)

Hi,

I have several questions after a quick view of your patch:
1. AFAIR, our dhclient was doing changes in the system configuration via
dhclient-script, but i don't see that your changes touched it.
2. Your code handles compressed options. It's good. But it seems you
don't check names correctness. There were some checks for "domain-name"
option, probably you can use them.
3. Also it would be good to update man pages :)

-- 
WBR, Andrey V. Elsukov



signature.asc
Description: OpenPGP digital signature

[Call for reviews] Support domain-search option in dhclient(8)

2011-11-12 Thread Jean-Sébastien Pédron 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi!

Attached is a patch that adds support for "domain-search" option
(#119) as defined in RFC 3397[1]. This allows a DHCP server to publish
a list of domain names that should be used to search for non-fully
qualified domain names.

There's already a PR opened about this:
http://www.freebsd.org/cgi/query-pr.cgi?pr=151940

With this patch applied and a DHCP server configured to publish this
option, dhclient(8) will add a line similar to the following one:
  search example.org. foobar.com.

In the example, this indicates that the name "www" should be resolved
first as "www.example.org", then as "www.foobar.com".

I prepared a regression test to be added to tools/regression (not
included). However, I'm not knowledgeable enough to anticipate all
security-related issues. I would appreciate a review especially with
this in mind :)

Thank you!

[1] http://www.faqs.org/rfcs/rfc3397.html

- -- 
Jean-Sébastien Pédron
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.18 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk6+macACgkQa+xGJsFYOlMRBACghVQ62JSyt8/yGOsV9jE661W/
PRoAoMsZnSYLfVSzCqZhxbukrbP4bI4q
=qEZg
-END PGP SIGNATURE-
Index: sbin/dhclient/dhcp.h
===
--- sbin/dhclient/dhcp.h(revision 227467)
+++ sbin/dhclient/dhcp.h(working copy)
@@ -169,6 +169,7 @@
 #defineDHO_STREETTALK_SERVER   75
 #defineDHO_STREETTALK_DA_SERVER76
 #define DHO_DHCP_USER_CLASS_ID 77
+#defineDHO_DOMAIN_SEARCH   119
 #define DHO_CLASSLESS_ROUTES   121
 #define DHO_END255
 
Index: sbin/dhclient/dhclient.c
===
--- sbin/dhclient/dhclient.c(revision 227467)
+++ sbin/dhclient/dhclient.c(working copy)
@@ -2453,6 +2453,7 @@
case DHO_DHCP_CLIENT_IDENTIFIER:
case DHO_BOOTFILE_NAME:
case DHO_DHCP_USER_CLASS_ID:
+   case DHO_DOMAIN_SEARCH:
case DHO_END:
return (1);
case DHO_CLASSLESS_ROUTES:
Index: sbin/dhclient/tables.c
===
--- sbin/dhclient/tables.c  (revision 227467)
+++ sbin/dhclient/tables.c  (working copy)
@@ -184,7 +184,7 @@
{ "option-116", "X",&dhcp_universe, 116 },
{ "option-117", "X",&dhcp_universe, 117 },
{ "option-118", "X",&dhcp_universe, 118 },
-   { "option-119", "X",&dhcp_universe, 119 },
+   { "domain-search", "t", &dhcp_universe, 119 },
{ "option-120", "X",&dhcp_universe, 120 },
{ "classless-routes", "BA", &dhcp_universe, 121 },
{ "option-122", "X",&dhcp_universe, 122 },
@@ -400,12 +400,13 @@
DHO_IRC_SERVER,
DHO_STREETTALK_SERVER,
DHO_STREETTALK_DA_SERVER,
+   DHO_DOMAIN_SEARCH,
 
/* Presently-undefined options... */
62, 63, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91,
92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105,
106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117,
-   118, 119, 120, 122, 123, 124, 125, 126, 127, 128, 129, 130,
+   118, 120, 122, 123, 124, 125, 126, 127, 128, 129, 130,
131, 132, 133, 134, 135, 136, 137, 138, 139, 140, 141, 142,
143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154,
155, 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, 166,
Index: sbin/dhclient/clparse.c
===
--- sbin/dhclient/clparse.c (revision 227467)
+++ sbin/dhclient/clparse.c (working copy)
@@ -100,6 +100,8 @@
DHO_DOMAIN_NAME_SERVERS;
top_level_config.requested_options
[top_level_config.requested_option_count++] = DHO_HOST_NAME;
+   top_level_config.requested_options
+   [top_level_config.requested_option_count++] = DHO_DOMAIN_SEARCH;
 
if ((cfile = fopen(path_dhclient_conf, "r")) != NULL) {
do {
Index: sbin/dhclient/options.c
===
--- sbin/dhclient/options.c (revision 227467)
+++ sbin/dhclient/options.c (working copy)
@@ -55,6 +55,10 @@
 void   parse_option_buffer(struct packet *, unsigned char *, int);
 intstore_options(unsigned char *, int, struct tree_cache **,
unsigned char *, int, int, int, int);
+void   expand_domain_search(struct packet *packet);
+intfind_search_domain_name_len(struct option_data *option, int *offset);
+void   expand_search_domain_name(struct option_data *option, int *offset,
+   unsigned char **domain_search);
 
 
 /*
@@ -94,