diff options
Diffstat (limited to 'contrib')
46 files changed, 3897 insertions, 0 deletions
diff --git a/contrib/CPE-WAN/README b/contrib/CPE-WAN/README new file mode 100644 index 0000000..4d56347 --- /dev/null +++ b/contrib/CPE-WAN/README @@ -0,0 +1,36 @@ +Dnsmasq from version 2.52 has a couple of rather application-specific +features designed to allow for implementation of the DHCP part of CPE +WAN management protocol. + +http://www.broadband-forum.org/technical/download/TR-069_Amendment-2.pdf +http://en.wikipedia.org/wiki/TR-069 + +The relevant sections are F.2.1 "Gateway Requirements" and F.2.5 "DHCP +Vendor Options". + +First, dnsmasq checks for DHCP requests which contain an option-125 +vendor-class option which in turn holds a vendor section for IANA +enterprise number 3561 which contains sub-options codes 1 and 2. If +this is present then the network-tag "cpewan-id" is set. +This allows dnsmasq to be configured to reply with the correct +GatewayManufacturerOUI, GatewaySerialNumber and GatewayProductClass like this: + +dhcp-option=cpewan-id,vi-encap:3561,4,"<GatewayManufacturerOUI>" +dhcp-option=cpewan-id,vi-encap:3561,5,"<SerialNumber>" +dhcp-option=cpewan-id,vi-encap:3561,6,"<ProductClass>" + +Second, the received sub-options 1, 2, and 3 are passed to the DHCP +lease-change script as the environment variables DNSMASQ_CPEWAN_OUI, +DNSMASQ_CPEWAN_SERIAL, and DNSMASQ_CPEWAN_CLASS respectively. This allows +the script to be used to maintain a ManageableDevice table as +specified in F.2.1. Note that this data is not retained in dnsmasq's +internal DHCP lease database, so it is not available on every call to +the script (this is the same as some other data such as vendor and +user classes). It will however be available for at least the "add" +call, and should be stored then against the IP address as primary +key for future use. + + +This feature was added to dnsmasq under sponsorship from Ericsson. + + diff --git a/contrib/MacOSX-launchd/launchd-README.txt b/contrib/MacOSX-launchd/launchd-README.txt new file mode 100644 index 0000000..4783221 --- /dev/null +++ b/contrib/MacOSX-launchd/launchd-README.txt @@ -0,0 +1,38 @@ +This is a launchd item for Mac OS X and Mac OS X Server. +For more information about launchd, the +"System wide and per-user daemon/agent manager", see the launchd +man page, or the wikipedia page: http://en.wikipedia.org/wiki/Launchd + +This launchd item uses the following flags: +--keep-in-foreground - this is crucial for use with launchd +--log-queries - this is optional and you can remove it +--log-facility=/var/log/dnsmasq.log - again optional instead of system.log + +To use this launchd item for dnsmasq: + +If you don't already have a folder /Library/LaunchDaemons, then create one: +sudo mkdir /Library/LaunchDaemons +sudo chown root:admin /Library/LaunchDaemons +sudo chmod 775 /Library/LaunchDaemons + +Copy uk.org.thekelleys.dnsmasq.plist there and then set ownership/permissions: +sudo cp uk.org.thekelleys.dnsmasq.plist /Library/LaunchDaemons/ +sudo chown root:admin /Library/LaunchDaemons/uk.org.thekelleys.dnsmasq.plist +sudo chmod 644 /Library/LaunchDaemons/uk.org.thekelleys.dnsmasq.plist + +Optionally, edit your dnsmasq configuration file to your liking. + +To start the launchd job, which starts dnsmaq, reboot or use the command: +sudo launchctl load /Library/LaunchDaemons/uk.org.thekelleys.dnsmasq.plist + +To stop the launchd job, which stops dnsmasq, use the command: +sudo launchctl unload /Library/LaunchDaemons/uk.org.thekelleys.dnsmasq.plist + +If you want to permanently stop the launchd job, so it doesn't start the job even after a reboot, use the following command: +sudo launchctl unload -w /Library/LaunchDaemons/uk.org.thekelleys.dnsmasq.plist + +If you make a change to the configuration file, you should relaunch dnsmasq; +to do this unload and then load again: + +sudo launchctl unload /Library/LaunchDaemons/uk.org.thekelleys.dnsmasq.plist +sudo launchctl load /Library/LaunchDaemons/uk.org.thekelleys.dnsmasq.plist diff --git a/contrib/MacOSX-launchd/uk.org.thekelleys.dnsmasq.plist b/contrib/MacOSX-launchd/uk.org.thekelleys.dnsmasq.plist new file mode 100644 index 0000000..87725b1 --- /dev/null +++ b/contrib/MacOSX-launchd/uk.org.thekelleys.dnsmasq.plist @@ -0,0 +1,15 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> +<plist version="1.0"> +<dict> + <key>Label</key> + <string>uk.org.thekelleys.dnsmasq</string> + <key>ProgramArguments</key> + <array> + <string>/usr/local/sbin/dnsmasq</string> + <string>--keep-in-foreground</string> + </array> + <key>RunAtLoad</key> + <true/> +</dict> +</plist> diff --git a/contrib/Solaris10/README b/contrib/Solaris10/README new file mode 100644 index 0000000..a035875 --- /dev/null +++ b/contrib/Solaris10/README @@ -0,0 +1,28 @@ +From: David Connelly <dconnelly@gmail.com> +Date: Mon, Apr 7, 2008 at 3:31 AM +Subject: Solaris 10 service manifest +To: dnsmasq-discuss@lists.thekelleys.org.uk + + +I've found dnsmasq much easier to set up on my home server running Solaris +10 than the stock dhcp/dns server, which is probably overkill anyway for my +simple home network needs. Since Solaris now uses SMF (Service Management +Facility) to manage services I thought I'd create a simple service manifest +for the dnsmasq service. The manifest currently assumes that dnsmasq has +been installed in '/usr/local/sbin/dnsmasq' and the configuration file in +'/usr/local/etc/dnsmasq.conf', so you may have to adjust these paths for +your local installation. Here are the steps I followed to install and enable +the dnsmasq service: + # svccfg import dnsmasq.xml + # svcadm enable dnsmasq + +To confirm that the service is enabled and online: + + # svcs -l dnsmasq + +I've just started learning about SMF so if anyone has any +corrections/feedback they are more than welcome. + +Thanks, +David + diff --git a/contrib/Solaris10/README-sparc b/contrib/Solaris10/README-sparc new file mode 100644 index 0000000..327b65c --- /dev/null +++ b/contrib/Solaris10/README-sparc @@ -0,0 +1,8 @@ +Hi Simon, + +I just wanted to let you know that I have built a Solaris .pkg install package of your dnsmasq utility for people to use. Feel free to point them in my direction if you have people who want this sort of thing. + +http://ejesconsulting.wordpress.com/2010/05/12/gnu-dnsmasq-for-opensolaris-sparc/ + +Thanks +-evan diff --git a/contrib/Solaris10/README.create_package b/contrib/Solaris10/README.create_package new file mode 100644 index 0000000..676899a --- /dev/null +++ b/contrib/Solaris10/README.create_package @@ -0,0 +1,25 @@ +Ok, script attached ... seems to be working ok for me, +tried to install and remove a few times. It does the +right thing with the smf when installing, you can then +simply enable the service. Upon removal it cleans up the +files but won't clean up the services (I think until +a reboot) ... I've only started looking at the new +packages stuff in the last day or two, so I could be +missing something, but I can't find any way to force + a proper cleanup. + +It requires that you have a writable repository setup +as per the docs on the opensolaris website and it will +create a dnsmasq package (package name is a variable +in the script). The script takes a version number for +the package and assumes that it's in the contrib/Solaris10 +directory, it then works out the base tree directory +from $0. + +i.e. $ contrib/Solaris10/create_package 2.52-1 +or $ cd contrib/Solaris10; ./create_package 2.52-1 + +It's a bit more complex than it could be because I +prefer putting the daemon in /usr/sbin and the config +in /etc, so the script will actually create a new +version of the existing contrib dnsmasq.xml. diff --git a/contrib/Solaris10/create_package b/contrib/Solaris10/create_package new file mode 100644 index 0000000..acfa2a1 --- /dev/null +++ b/contrib/Solaris10/create_package @@ -0,0 +1,87 @@ +#!/bin/sh + +# +# For our package, and for the SMF script, we need to define where we +# want things to go... +# +BIN_DIR="/usr/sbin" +CONF_DIR="/etc" +MAN_DIR="/usr/share/man/man8" + +PACKAGE_NAME="dnsmasq" + +# +# Since we know we are in the contrib directory we can work out where +# the rest of the tree is... +# +BASEDIR="`dirname $0`/../.." + +# +# We need a version number to use for the package creation... +# +if [ $# != 1 ]; then + echo "Usage: $0 <package_version_number>" >&2 + exit 1 +fi +VERSION="$1" + +# +# First thing we do is fix-up the smf file to use the paths we prefer... +# +if [ ! -f "${BASEDIR}/contrib/Solaris10/dnsmasq.xml" ]; then + echo "$0: unable to find contrib/Solaris10/dnsmasq.xml" >&2 + exit 1 +fi + +echo "Fixing up smf file ... \c" +cat "${BASEDIR}/contrib/Solaris10/dnsmasq.xml" | \ + sed -e "s%/usr/local/etc%${CONF_DIR}%" \ + -e "s%/usr/local/sbin%${BIN_DIR}%" \ + -e "s%/usr/local/man%${MAN_DIR}%" > ${BASEDIR}/contrib/Solaris10/dnsmasq-pkg.xml +echo "done." + +echo "Creating packaging file ... \c" +cat <<EOF >${BASEDIR}/contrib/Solaris10/dnsmasq_package.inc +# +# header +# +set name=pkg.name value="dnsmasq" +set name=pkg.description value="dnsmasq daemon - dns, dhcp, tftp etc" +set name=pkg.detailed_url value="http://www.thekelleys.org.uk/dnsmasq/doc.html" +set name=info.maintainer value="TBD (tbd@tbd.com)" +set name=info.upstream value="dnsmasq-discuss@lists.thekelleys.org.uk" +set name=info.upstream_url value="http://www.thekelleys.org.uk/dnsmasq/doc.html" +# +# dependencies ... none? +# + +# +# directories +# +dir mode=0755 owner=root group=bin path=${BIN_DIR}/ +dir mode=0755 owner=root group=sys path=${CONF_DIR}/ +dir mode=0755 owner=root group=sys path=${MAN_DIR}/ +dir mode=0755 owner=root group=sys path=/var/ +dir mode=0755 owner=root group=sys path=/var/svc +dir mode=0755 owner=root group=sys path=/var/svc/manifest +dir mode=0755 owner=root group=sys path=/var/svc/manifest/network + +# +# files +# +file ${BASEDIR}/src/dnsmasq mode=0555 owner=root group=bin path=${BIN_DIR}/dnsmasq +file ${BASEDIR}/man/dnsmasq.8 mode=0555 owner=root group=bin path=${MAN_DIR}/dnsmasq.8 +file ${BASEDIR}/dnsmasq.conf.example mode=0644 owner=root group=sys path=${CONF_DIR}/dnsmasq.conf preserve=strawberry +file ${BASEDIR}/contrib/Solaris10/dnsmasq-pkg.xml mode=0644 owner=root group=sys path=/var/svc/manifest/network/dnsmasq.xml restart_fmri=svc:/system/manifest-import:default + +EOF +echo "done." + +echo "Creating package..." +eval `pkgsend open ${PACKAGE_NAME}@${VERSION}` +pkgsend include ${BASEDIR}/contrib/Solaris10/dnsmasq_package.inc +if [ "$?" = 0 ]; then + pkgsend close +else + echo "Errors" +fi diff --git a/contrib/Solaris10/dnsmasq.xml b/contrib/Solaris10/dnsmasq.xml new file mode 100644 index 0000000..7da0253 --- /dev/null +++ b/contrib/Solaris10/dnsmasq.xml @@ -0,0 +1,65 @@ +<?xml version='1.0'?> +<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1"> + +<!-- Service manifest for dnsmasq --> + +<service_bundle type='manifest' name='dnsmasq'> + <service name='network/dnsmasq' type='service' version='1'> + + <create_default_instance enabled='false'/> + <single_instance/> + + <dependency name='multi-user' + grouping='require_all' + restart_on='refresh' + type='service'> + <service_fmri value='svc:/milestone/multi-user'/> + </dependency> + + <dependency name='config' + grouping='require_all' + restart_on='restart' + type='path'> + <service_fmri value='file:///usr/local/etc/dnsmasq.conf'/> + </dependency> + + <dependent name='dnsmasq_multi-user-server' + grouping='optional_all' + restart_on='none'> + <service_fmri value='svc:/milestone/multi-user-server' /> + </dependent> + + <exec_method type='method' name='start' + exec='/usr/local/sbin/dnsmasq -C /usr/local/etc/dnsmasq.conf' + timeout_seconds='60' > + <method_context> + <method_credential user='root' group='root' privileges='all'/> + </method_context> + </exec_method> + + <exec_method type='method' + name='stop' + exec=':kill' + timeout_seconds='60'/> + + <exec_method type='method' + name='refresh' + exec=':kill -HUP' + timeout_seconds='60' /> + + <template> + <common_name> + <loctext xml:lang='C'>dnsmasq server</loctext> + </common_name> + <description> + <loctext xml:lang='C'> +dnsmasq - A lightweight DHCP and caching DNS server. + </loctext> + </description> + <documentation> + <manpage title='dnsmasq' section='8' manpath='/usr/local/man'/> + </documentation> + </template> + + </service> +</service_bundle> diff --git a/contrib/Suse/README b/contrib/Suse/README new file mode 100644 index 0000000..3fdc186 --- /dev/null +++ b/contrib/Suse/README @@ -0,0 +1,6 @@ +This packaging is now unmaintained in the dnsmasq source: dnsmasq is +included in Suse proper, and up-to-date packages are now available +from + +ftp://ftp.suse.com/pub/people/ug/ + diff --git a/contrib/Suse/README.susefirewall b/contrib/Suse/README.susefirewall new file mode 100644 index 0000000..2f19ca6 --- /dev/null +++ b/contrib/Suse/README.susefirewall @@ -0,0 +1,27 @@ +This is a patch against SuSEfirewall2-3.1-206 (SuSE 9.x and older) +It fixes the depancy from the dns daemon name 'named' +After appending the patch, the SuSEfirewall is again able to autodetect +the dnsmasq named service. +This is a very old bug in the SuSEfirewall script. +The SuSE people think the name of the dns server will allways 'named' + + +--- /sbin/SuSEfirewall2.orig 2004-01-23 13:30:09.000000000 +0100 ++++ /sbin/SuSEfirewall2 2004-01-23 13:31:56.000000000 +0100 +@@ -764,7 +764,7 @@ + echo 'FW_ALLOW_INCOMING_HIGHPORTS_UDP should be set to yes, if you are running a DNS server!' + + test "$FW_SERVICE_AUTODETECT" = yes -o "$FW_SERVICE_AUTODETECT" = dmz -o "$FW_SERVICE_AUTODETECT" = ext && { +- test "$FW_SERVICE_DNS" = no -a '!' "$START_NAMED" = no && check_srv named && { ++ test "$FW_SERVICE_DNS" = no -a '!' "$START_NAMED" = no && check_srv dnsmasq && { + echo -e 'Warning: detected activated named, enabling FW_SERVICE_DNS! + You still have to allow tcp/udp port 53 on internal, dmz and/or external.' + FW_SERVICE_DNS=$FW_SERVICE_AUTODETECT +@@ -878,7 +878,7 @@ + test -e /etc/resolv.conf || echo "Warning: /etc/resolv.conf not found" + # Get ports/IP bindings of NAMED/SQUID + test "$FW_SERVICE_DNS" = yes -o "$FW_SERVICE_DNS" = dmz -o "$FW_SERVICE_DNS" = ext -o "$START_NAMED" = yes && DNS_PORT=`$LSOF -i -n -P | \ +- $AWK -F: '/^named .* UDP / {print $2}'| $GREP -vw 53 | $SORT -un` ++ $AWK -F: '/^dnsmasq .* UDP / {print $2}'| $GREP -vw 53 | $SORT -un` + test "$FW_SERVICE_SQUID" = yes -o "$FW_SERVICE_SQUID" = dmz -o "$FW_SERVICE_SQUID" = ext -o "$START_SQUID" = yes && SQUID_PORT=`$LSOF -i -n -P | \ + $AWK -F: '/^squid .* UDP/ {print $2}'| $SORT -un` diff --git a/contrib/Suse/dnsmasq-SuSE.patch b/contrib/Suse/dnsmasq-SuSE.patch new file mode 100644 index 0000000..626245f --- /dev/null +++ b/contrib/Suse/dnsmasq-SuSE.patch @@ -0,0 +1,23 @@ +--- man/dnsmasq.8 2004-08-08 20:57:56.000000000 +0200 ++++ man/dnsmasq.8 2004-08-12 00:40:01.000000000 +0200 +@@ -69,7 +69,7 @@ + .TP + .B \-g, --group=<groupname> + Specify the group which dnsmasq will run +-as. The defaults to "dip", if available, to facilitate access to ++as. The defaults to "dialout", if available, to facilitate access to + /etc/ppp/resolv.conf which is not normally world readable. + .TP + .B \-v, --version +--- src/config.h 2004-08-11 11:39:18.000000000 +0200 ++++ src/config.h 2004-08-12 00:40:01.000000000 +0200 +@@ -44,7 +44,7 @@ + #endif + #define DEFLEASE 3600 /* default lease time, 1 hour */ + #define CHUSER "nobody" +-#define CHGRP "dip" ++#define CHGRP "dialout" + #define DHCP_SERVER_PORT 67 + #define DHCP_CLIENT_PORT 68 + + diff --git a/contrib/Suse/dnsmasq-suse.spec b/contrib/Suse/dnsmasq-suse.spec new file mode 100644 index 0000000..ff8ba8f --- /dev/null +++ b/contrib/Suse/dnsmasq-suse.spec @@ -0,0 +1,111 @@ +############################################################################### +# +# General +# +############################################################################### + +Name: dnsmasq +Version: 2.33 +Release: 1 +Copyright: GPL +Group: Productivity/Networking/DNS/Servers +Vendor: Simon Kelley +Packager: Simon Kelley +URL: http://www.thekelleys.org.uk/dnsmasq +Provides: dns_daemon +Conflicts: bind bind8 bind9 +PreReq: %fillup_prereq %insserv_prereq +Autoreqprov: on +Source0: %{name}-%{version}.tar.bz2 +BuildRoot: /var/tmp/%{name}-%{version} +Summary: A lightweight caching nameserver + +%description +Dnsmasq is lightweight, easy to configure DNS forwarder and DHCP server. It +is designed to provide DNS and, optionally, DHCP, to a small network. It can +serve the names of local machines which are not in the global DNS. The DHCP +server integrates with the DNS server and allows machines with DHCP-allocated +addresses to appear in the DNS with names configured either in each host or +in a central configuration file. Dnsmasq supports static and dynamic DHCP +leases and BOOTP for network booting of diskless machines. + + + +############################################################################### +# +# Build +# +############################################################################### + +%prep +%setup -q +patch -p0 <rpm/%{name}-SuSE.patch + +%build +%{?suse_update_config:%{suse_update_config -f}} +make all-i18n DESTDIR=$RPM_BUILD_ROOT PREFIX=/usr + +############################################################################### +# +# Install +# +############################################################################### + +%install +rm -rf $RPM_BUILD_ROOT +mkdir -p ${RPM_BUILD_ROOT}/etc/init.d +make install-i18n DESTDIR=$RPM_BUILD_ROOT PREFIX=/usr +install -o root -g root -m 755 rpm/rc.dnsmasq-suse $RPM_BUILD_ROOT/etc/init.d/dnsmasq +install -o root -g root -m 644 dnsmasq.conf.example $RPM_BUILD_ROOT/etc/dnsmasq.conf +strip $RPM_BUILD_ROOT/usr/sbin/dnsmasq +ln -sf ../../etc/init.d/dnsmasq $RPM_BUILD_ROOT/usr/sbin/rcdnsmasq + +############################################################################### +# +# Clean up +# +############################################################################### + +%clean +rm -rf $RPM_BUILD_ROOT + +############################################################################### +# +# Post-install scriptlet +# +############################################################################### + +%post +%{fillup_and_insserv dnsmasq} + +############################################################################### +# +# Post-uninstall scriptlet +# +# The %postun script executes after the package has been removed. It is the +# last chance for a package to clean up after itself. +# +############################################################################### + +%postun +%{insserv_cleanup} + +############################################################################### +# +# File list +# +############################################################################### + +%files +%defattr(-,root,root) +%doc CHANGELOG COPYING FAQ doc.html setup.html UPGRADING_to_2.0 rpm/README.susefirewall +%doc contrib +%config /etc/init.d/dnsmasq +%config /etc/dnsmasq.conf +/usr/sbin/rcdnsmasq +/usr/sbin/dnsmasq +/usr/share/locale/*/LC_MESSAGES/* +%doc %{_mandir}/man8/dnsmasq.8.gz +%doc %{_mandir}/*/man8/dnsmasq.8.gz + + diff --git a/contrib/Suse/rc.dnsmasq-suse b/contrib/Suse/rc.dnsmasq-suse new file mode 100644 index 0000000..71f4c72 --- /dev/null +++ b/contrib/Suse/rc.dnsmasq-suse @@ -0,0 +1,79 @@ +#! /bin/sh +# +# init.d/dnsmasq +# +### BEGIN INIT INFO +# Provides: dnsmasq +# Required-Start: $network $remote_fs $syslog +# Required-Stop: +# Default-Start: 3 5 +# Default-Stop: +# Description: Starts internet name service masq caching server (DNS) +### END INIT INFO + +NAMED_BIN=/usr/sbin/dnsmasq +NAMED_PID=/var/run/dnsmasq.pid +NAMED_CONF=/etc/dnsmasq.conf + +if [ ! -x $NAMED_BIN ] ; then + echo -n "dnsmasq not installed ! " + exit 5 +fi + +. /etc/rc.status +rc_reset + +case "$1" in + start) + echo -n "Starting name service masq caching server " + checkproc -p $NAMED_PID $NAMED_BIN + if [ $? -eq 0 ] ; then + echo -n "- Warning: dnsmasq already running ! " + else + [ -e $NAMED_PID ] && echo -n "- Warning: $NAMED_PID exists ! " + fi + startproc -p $NAMED_PID $NAMED_BIN -u nobody + rc_status -v + ;; + stop) + echo -n "Shutting name service masq caching server " + checkproc -p $NAMED_PID $NAMED_BIN + [ $? -ne 0 ] && echo -n "- Warning: dnsmasq not running ! " + killproc -p $NAMED_PID -TERM $NAMED_BIN + rc_status -v + ;; + try-restart) + $0 stop && $0 start + rc_status + ;; + restart) + $0 stop + $0 start + rc_status + ;; + force-reload) + $0 reload + rc_status + ;; + reload) + echo -n "Reloading name service masq caching server " + checkproc -p $NAMED_PID $NAMED_BIN + [ $? -ne 0 ] && echo -n "- Warning: dnsmasq not running ! " + killproc -p $NAMED_PID -HUP $NAMED_BIN + rc_status -v + ;; + status) + echo -n "Checking for name service masq caching server " + checkproc -p $NAMED_PID $NAMED_BIN + rc_status -v + ;; + probe) + test $NAMED_CONF -nt $NAMED_PID && echo reload + ;; + *) + echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}" + exit 1 + ;; +esac +rc_exit + diff --git a/contrib/dns-loc/README b/contrib/dns-loc/README new file mode 100644 index 0000000..6f43a8d --- /dev/null +++ b/contrib/dns-loc/README @@ -0,0 +1,12 @@ +Hi Simon + +Here is a patch against dnsmasq 2.39 which provides support for LOC +entries in order to assign location information to dns records +(rfc1876). I tested it on OSX and on OpenWRT. + +Cheers +Lorenz + +More info: +http://www.ckdhr.com/dns-loc/ +http://www.faqs.org/rfcs/rfc1876.html diff --git a/contrib/dns-loc/dnsmasq2-loc-rfc1876.patch b/contrib/dns-loc/dnsmasq2-loc-rfc1876.patch new file mode 100644 index 0000000..d950321 --- /dev/null +++ b/contrib/dns-loc/dnsmasq2-loc-rfc1876.patch @@ -0,0 +1,522 @@ +diff -Nur dnsmasq-2.39-orig/bld/Makefile dnsmasq-2.39/bld/Makefile +--- dnsmasq-2.39-orig/bld/Makefile 2007-02-17 14:37:06.000000000 +0100 ++++ dnsmasq-2.39/bld/Makefile 2007-05-20 18:23:44.000000000 +0200 +@@ -2,7 +2,7 @@ + PKG_CONFIG ?= pkg-config + + +-OBJS = cache.o rfc1035.o util.o option.o forward.o isc.o network.o \ ++OBJS = cache.o rfc1035.o rfc1876.o util.o option.o forward.o isc.o network.o \ + dnsmasq.o dhcp.o lease.o rfc2131.o netlink.o dbus.o bpf.o \ + helper.o tftp.o log.o + +diff -Nur dnsmasq-2.39-orig/src/dnsmasq.h dnsmasq-2.39/src/dnsmasq.h +--- dnsmasq-2.39-orig/src/dnsmasq.h 2007-04-20 12:53:38.000000000 +0200 ++++ dnsmasq-2.39/src/dnsmasq.h 2007-05-20 19:50:37.000000000 +0200 +@@ -162,6 +162,12 @@ + struct interface_name *next; + }; + ++struct loc_record { ++ char *name, loc[16]; ++ unsigned short class; ++ struct loc_record *next; ++}; ++ + union bigname { + char name[MAXDNAME]; + union bigname *next; /* freelist */ +@@ -476,6 +482,7 @@ + struct mx_srv_record *mxnames; + struct txt_record *txt; + struct ptr_record *ptr; ++ struct loc_record *loc; + struct interface_name *int_names; + char *mxtarget; + char *lease_file; +@@ -725,3 +732,6 @@ + void tftp_request(struct listener *listen, struct daemon *daemon, time_t now); + void check_tftp_listeners(struct daemon *daemon, fd_set *rset, time_t now); + #endif ++ ++/* rfc1876 */ ++u_int32_t loc_aton(const char *ascii, u_char *binary); +diff -Nur dnsmasq-2.39-orig/src/option.c dnsmasq-2.39/src/option.c +--- dnsmasq-2.39-orig/src/option.c 2007-04-19 23:34:49.000000000 +0200 ++++ dnsmasq-2.39/src/option.c 2007-05-20 20:15:15.000000000 +0200 +@@ -43,6 +43,7 @@ + #define LOPT_REMOTE 269 + #define LOPT_SUBSCR 270 + #define LOPT_INTNAME 271 ++#define LOPT_LOC 272 + + #ifdef HAVE_GETOPT_LONG + static const struct option opts[] = +@@ -122,6 +123,7 @@ + {"tftp-root", 1, 0, LOPT_PREFIX }, + {"tftp-max", 1, 0, LOPT_TFTP_MAX }, + {"ptr-record", 1, 0, LOPT_PTR }, ++ {"loc-record", 1, 0, LOPT_LOC }, + #if defined(__FreeBSD__) || defined(__DragonFly__) + {"bridge-interface", 1, 0 , LOPT_BRIDGE }, + #endif +@@ -235,6 +237,7 @@ + { "-y, --localise-queries", gettext_noop("Answer DNS queries based on the interface a query was sent to."), NULL }, + { "-Y --txt-record=name,txt....", gettext_noop("Specify TXT DNS record."), NULL }, + { " --ptr-record=name,target", gettext_noop("Specify PTR DNS record."), NULL }, ++ { " --loc-record=name,lat lon alt", gettext_noop("Specify LOC DNS record."), NULL }, + { " --interface-name=name,interface", gettext_noop("Give DNS name to IPv4 address of interface."), NULL }, + { "-z, --bind-interfaces", gettext_noop("Bind only to interfaces in use."), NULL }, + { "-Z, --read-ethers", gettext_noop("Read DHCP static host information from %s."), ETHERSFILE }, +@@ -1835,6 +1838,37 @@ + new->intr = safe_string_alloc(comma); + break; + } ++ ++ case LOPT_LOC: ++ { ++ struct loc_record *new; ++ unsigned char *p, *q; ++ ++ comma = split(arg); ++ ++ if (!canonicalise_opt(arg)) ++ { ++ option = '?'; ++ problem = _("bad LOC record"); ++ break; ++ } ++ ++ new = safe_malloc(sizeof(struct loc_record)); ++ new->next = daemon->loc; ++ daemon->loc = new; ++ new->class = C_IN; ++ if (!comma || loc_aton(comma,new->loc)!=16) ++ { ++ option = '?'; ++ problem = _("bad LOC record"); ++ break; ++ } ++ ++ if (comma) ++ *comma = 0; ++ new->name = safe_string_alloc(arg); ++ break; ++ } + + case LOPT_PTR: /* --ptr-record */ + { +diff -Nur dnsmasq-2.39-orig/src/rfc1035.c dnsmasq-2.39/src/rfc1035.c +--- dnsmasq-2.39-orig/src/rfc1035.c 2007-04-20 12:54:26.000000000 +0200 ++++ dnsmasq-2.39/src/rfc1035.c 2007-05-20 18:22:46.000000000 +0200 +@@ -1112,6 +1112,27 @@ + } + } + ++ if (qtype == T_LOC || qtype == T_ANY) ++ { ++ struct loc_record *t; ++ for(t = daemon->loc; t ; t = t->next) ++ { ++ if (t->class == qclass && hostname_isequal(name, t->name)) ++ { ++ ans = 1; ++ if (!dryrun) ++ { ++ log_query(F_CNAME | F_FORWARD | F_CONFIG | F_NXDOMAIN, name, NULL, 0, NULL, 0); ++ if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, ++ daemon->local_ttl, NULL, ++ T_LOC, t->class, "t", 16, t->loc)) ++ anscount++; ++ ++ } ++ } ++ } ++ } ++ + if (qclass == C_IN) + { + if (qtype == T_PTR || qtype == T_ANY) +diff -Nur dnsmasq-2.39-orig/src/rfc1876.c dnsmasq-2.39/src/rfc1876.c +--- dnsmasq-2.39-orig/src/rfc1876.c 1970-01-01 01:00:00.000000000 +0100 ++++ dnsmasq-2.39/src/rfc1876.c 2007-05-20 19:50:10.000000000 +0200 +@@ -0,0 +1,379 @@ ++/* ++ * routines to convert between on-the-wire RR format and zone file ++ * format. Does not contain conversion to/from decimal degrees; ++ * divide or multiply by 60*60*1000 for that. ++ */ ++ ++#include "dnsmasq.h" ++ ++static unsigned int poweroften[10] = {1, 10, 100, 1000, 10000, 100000, ++ 1000000,10000000,100000000,1000000000}; ++ ++/* takes an XeY precision/size value, returns a string representation.*/ ++static const char * ++precsize_ntoa(u_int8_t prec) ++{ ++ static char retbuf[sizeof("90000000.00")]; ++ unsigned long val; ++ int mantissa, exponent; ++ ++ mantissa = (int)((prec >> 4) & 0x0f) % 10; ++ exponent = (int)((prec >> 0) & 0x0f) % 10; ++ ++ val = mantissa * poweroften[exponent]; ++ ++ (void) sprintf(retbuf,"%d.%.2d", val/100, val%100); ++ return (retbuf); ++} ++ ++/* converts ascii size/precision X * 10**Y(cm) to 0xXY. moves pointer.*/ ++static u_int8_t ++precsize_aton(char **strptr) ++{ ++ unsigned int mval = 0, cmval = 0; ++ u_int8_t retval = 0; ++ register char *cp; ++ register int exponent; ++ register int mantissa; ++ ++ cp = *strptr; ++ ++ while (isdigit(*cp)) ++ mval = mval * 10 + (*cp++ - '0'); ++ ++ if (*cp == '.') { /* centimeters */ ++ cp++; ++ if (isdigit(*cp)) { ++ cmval = (*cp++ - '0') * 10; ++ if (isdigit(*cp)) { ++ cmval += (*cp++ - '0'); ++ } ++ } ++ } ++ cmval = (mval * 100) + cmval; ++ ++ for (exponent = 0; exponent < 9; exponent++) ++ if (cmval < poweroften[exponent+1]) ++ break; ++ ++ mantissa = cmval / poweroften[exponent]; ++ if (mantissa > 9) ++ mantissa = 9; ++ ++ retval = (mantissa << 4) | exponent; ++ ++ *strptr = cp; ++ ++ return (retval); ++} ++ ++/* converts ascii lat/lon to unsigned encoded 32-bit number. ++ * moves pointer. */ ++static u_int32_t ++latlon2ul(char **latlonstrptr,int *which) ++{ ++ register char *cp; ++ u_int32_t retval; ++ int deg = 0, min = 0, secs = 0, secsfrac = 0; ++ ++ cp = *latlonstrptr; ++ ++ while (isdigit(*cp)) ++ deg = deg * 10 + (*cp++ - '0'); ++ ++ while (isspace(*cp)) ++ cp++; ++ ++ if (!(isdigit(*cp))) ++ goto fndhemi; ++ ++ while (isdigit(*cp)) ++ min = min * 10 + (*cp++ - '0'); ++ while (isspace(*cp)) ++ cp++; ++ ++ if (!(isdigit(*cp))) ++ goto fndhemi; ++ ++ while (isdigit(*cp)) ++ secs = secs * 10 + (*cp++ - '0'); ++ ++ if (*cp == '.') { /* decimal seconds */ ++ cp++; ++ if (isdigit(*cp)) { ++ secsfrac = (*cp++ - '0') * 100; ++ if (isdigit(*cp)) { ++ secsfrac += (*cp++ - '0') * 10; ++ if (isdigit(*cp)) { ++ secsfrac += (*cp++ - '0'); ++ } ++ } ++ } ++ } ++ ++ while (!isspace(*cp)) /* if any trailing garbage */ ++ cp++; ++ ++ while (isspace(*cp)) ++ cp++; ++ ++ fndhemi: ++ switch (*cp) { ++ case 'N': case 'n': ++ case 'E': case 'e': ++ retval = ((unsigned)1<<31) ++ + (((((deg * 60) + min) * 60) + secs) * 1000) ++ + secsfrac; ++ break; ++ case 'S': case 's': ++ case 'W': case 'w': ++ retval = ((unsigned)1<<31) ++ - (((((deg * 60) + min) * 60) + secs) * 1000) ++ - secsfrac; ++ break; ++ default: ++ retval = 0; /* invalid value -- indicates error */ ++ break; ++ } ++ ++ switch (*cp) { ++ case 'N': case 'n': ++ case 'S': case 's': ++ *which = 1; /* latitude */ ++ break; ++ case 'E': case 'e': ++ case 'W': case 'w': ++ *which = 2; /* longitude */ ++ break; ++ default: ++ *which = 0; /* error */ ++ break; ++ } ++ ++ cp++; /* skip the hemisphere */ ++ ++ while (!isspace(*cp)) /* if any trailing garbage */ ++ cp++; ++ ++ while (isspace(*cp)) /* move to next field */ ++ cp++; ++ ++ *latlonstrptr = cp; ++ ++ return (retval); ++} ++ ++/* converts a zone file representation in a string to an RDATA ++ * on-the-wire representation. */ ++u_int32_t ++loc_aton(const char *ascii, u_char *binary) ++{ ++ const char *cp, *maxcp; ++ u_char *bcp; ++ ++ u_int32_t latit = 0, longit = 0, alt = 0; ++ u_int32_t lltemp1 = 0, lltemp2 = 0; ++ int altmeters = 0, altfrac = 0, altsign = 1; ++ u_int8_t hp = 0x16; /* default = 1e6 cm = 10000.00m = 10km */ ++ u_int8_t vp = 0x13; /* default = 1e3 cm = 10.00m */ ++ u_int8_t siz = 0x12; /* default = 1e2 cm = 1.00m */ ++ int which1 = 0, which2 = 0; ++ ++ cp = ascii; ++ maxcp = cp + strlen(ascii); ++ ++ lltemp1 = latlon2ul(&cp, &which1); ++ lltemp2 = latlon2ul(&cp, &which2); ++ ++ switch (which1 + which2) { ++ case 3: /* 1 + 2, the only valid combination */ ++ if ((which1 == 1) && (which2 == 2)) { /* normal case */ ++ latit = lltemp1; ++ longit = lltemp2; ++ } else if ((which1 == 2) && (which2 == 1)) {/*reversed*/ ++ longit = lltemp1; ++ latit = lltemp2; ++ } else { /* some kind of brokenness */ ++ return 0; ++ } ++ break; ++ default: /* we didn't get one of each */ ++ return 0; ++ } ++ ++ /* altitude */ ++ if (*cp == '-') { ++ altsign = -1; ++ cp++; ++ } ++ ++ if (*cp == '+') ++ cp++; ++ ++ while (isdigit(*cp)) ++ altmeters = altmeters * 10 + (*cp++ - '0'); ++ ++ if (*cp == '.') { /* decimal meters */ ++ cp++; ++ if (isdigit(*cp)) { ++ altfrac = (*cp++ - '0') * 10; ++ if (isdigit(*cp)) { ++ altfrac += (*cp++ - '0'); ++ } ++ } ++ } ++ ++ alt = (10000000 + (altsign * (altmeters * 100 + altfrac))); ++ ++ while (!isspace(*cp) && (cp < maxcp)) ++ /* if trailing garbage or m */ ++ cp++; ++ ++ while (isspace(*cp) && (cp < maxcp)) ++ cp++; ++ if (cp >= maxcp) ++ goto defaults; ++ ++ siz = precsize_aton(&cp); ++ ++ while (!isspace(*cp) && (cp < maxcp))/*if trailing garbage or m*/ ++ cp++; ++ ++ while (isspace(*cp) && (cp < maxcp)) ++ cp++; ++ ++ if (cp >= maxcp) ++ goto defaults; ++ ++ hp = precsize_aton(&cp); ++ ++ while (!isspace(*cp) && (cp < maxcp))/*if trailing garbage or m*/ ++ cp++; ++ ++ while (isspace(*cp) && (cp < maxcp)) ++ cp++; ++ ++ if (cp >= maxcp) ++ goto defaults; ++ ++ vp = precsize_aton(&cp); ++ ++ defaults: ++ ++ bcp = binary; ++ *bcp++ = (u_int8_t) 0; /* version byte */ ++ *bcp++ = siz; ++ *bcp++ = hp; ++ *bcp++ = vp; ++ PUTLONG(latit,bcp); ++ PUTLONG(longit,bcp); ++ PUTLONG(alt,bcp); ++ ++ return (16); /* size of RR in octets */ ++} ++ ++/* takes an on-the-wire LOC RR and prints it in zone file ++ * (human readable) format. */ ++char * ++loc_ntoa(const u_char *binary,char *ascii) ++{ ++ static char tmpbuf[255*3]; ++ ++ register char *cp; ++ register const u_char *rcp; ++ ++ int latdeg, latmin, latsec, latsecfrac; ++ int longdeg, longmin, longsec, longsecfrac; ++ char northsouth, eastwest; ++ int altmeters, altfrac, altsign; ++ ++ const int referencealt = 100000 * 100; ++ ++ int32_t latval, longval, altval; ++ u_int32_t templ; ++ u_int8_t sizeval, hpval, vpval, versionval; ++ ++ char *sizestr, *hpstr, *vpstr; ++ ++ rcp = binary; ++ if (ascii) ++ cp = ascii; ++ else { ++ cp = tmpbuf; ++ } ++ ++ versionval = *rcp++; ++ ++ if (versionval) { ++ sprintf(cp,"; error: unknown LOC RR version"); ++ return (cp); ++ } ++ ++ sizeval = *rcp++; ++ ++ hpval = *rcp++; ++ vpval = *rcp++; ++ ++ GETLONG(templ,rcp); ++ latval = (templ - ((unsigned)1<<31)); ++ ++ GETLONG(templ,rcp); ++ longval = (templ - ((unsigned)1<<31)); ++ ++ GETLONG(templ,rcp); ++ if (templ < referencealt) { /* below WGS 84 spheroid */ ++ altval = referencealt - templ; ++ altsign = -1; ++ } else { ++ altval = templ - referencealt; ++ altsign = 1; ++ } ++ ++ if (latval < 0) { ++ northsouth = 'S'; ++ latval = -latval; ++ } ++ else ++ northsouth = 'N'; ++ ++ latsecfrac = latval % 1000; ++ latval = latval / 1000; ++ latsec = latval % 60; ++ latval = latval / 60; ++ latmin = latval % 60; ++ latval = latval / 60; ++ latdeg = latval; ++ ++ if (longval < 0) { ++ eastwest = 'W'; ++ longval = -longval; ++ } ++ else ++ eastwest = 'E'; ++ ++ longsecfrac = longval % 1000; ++ longval = longval / 1000; ++ longsec = longval % 60; ++ longval = longval / 60; ++ longmin = longval % 60; ++ longval = longval / 60; ++ longdeg = longval; ++ ++ altfrac = altval % 100; ++ altmeters = (altval / 100) * altsign; ++ ++ sizestr = strdup(precsize_ntoa(sizeval)); ++ hpstr = strdup(precsize_ntoa(hpval)); ++ vpstr = strdup(precsize_ntoa(vpval)); ++ ++ sprintf(cp, ++ "%d %.2d %.2d.%.3d %c %d %.2d %.2d.%.3d %c %d.%.2dm %sm %sm %sm", ++ latdeg, latmin, latsec, latsecfrac, northsouth, ++ longdeg, longmin, longsec, longsecfrac, eastwest, ++ altmeters, altfrac, sizestr, hpstr, vpstr); ++ free(sizestr); ++ free(hpstr); ++ free(vpstr); ++ ++ return (cp); ++} diff --git a/contrib/dnslist/dhcp.css b/contrib/dnslist/dhcp.css new file mode 100644 index 0000000..79cea39 --- /dev/null +++ b/contrib/dnslist/dhcp.css @@ -0,0 +1,57 @@ +body +{ + font-family: sans-serif; + color: #000; +} + +h1 +{ + font-size: medium; + font-weight: bold; +} + +h1 .updated +{ + color: #999; +} + +table +{ + border-collapse: collapse; + border-bottom: 2px solid #000; +} + +th +{ + background: #DDD; + border-top: 2px solid #000; + text-align: left; + font-weight: bold; +} + +/* Any row */ + +tr +{ + border-top: 2px solid #000; +} + +/* Any row but the first or second (overrides above rule) */ + +tr + tr + tr +{ + border-top: 2px solid #999; +} + +tr.offline td.hostname +{ + color: #999; +} + +.hostname { width: 10em; } +.ip_addr { width: 10em; background: #DDD; } +.ether_addr { width: 15em; } +.client_id { width: 15em; background: #DDD; } +.status { width: 5em; } +.since { width: 10em; background: #DDD; } +.lease { width: 10em; } diff --git a/contrib/dnslist/dnslist.pl b/contrib/dnslist/dnslist.pl new file mode 100755 index 0000000..7ce2720 --- /dev/null +++ b/contrib/dnslist/dnslist.pl @@ -0,0 +1,608 @@ +#!/usr/bin/perl + +# dnslist - Read state file from dnsmasq and create a nice web page to display +# a list of DHCP clients. +# +# Copyright (C) 2004 Thomas Tuttle +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTIBILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program*; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# +# * The license is in fact included at the end of this file, and can +# either be viewed by reading everything after "__DATA__" or by +# running dnslist with the '-l' option. +# +# Version: 0.2 +# Author: Thomas Tuttle +# Email: dnslist.20.thinkinginbinary@spamgourmet.org +# License: GNU General Public License, version 2.0 +# +# v. 0.0: Too ugly to publish, thrown out. +# +# v. 0.1: First rewrite. +# Added master host list so offline hosts can still be displayed. +# Fixed modification detection (a newer modification time is lower.) +# +# v. 0.2: Fixed Client ID = "*" => "None" +# Fixed HTML entities (a client ID of ????<? screwed it up) +# Fixed command-line argument processing (apparently, "shift @ARGV" != +# "$_ = shift @ARGV"...) +# Added license information. + +use Template; + +# Location of state file. (This is the dnsmasq default.) +# Change with -s <file> +my $dnsmasq_state_file = '/var/lib/misc/dnsmasq.leases'; +# Location of template. (Assumed to be in current directory.) +# Change with -t <file> +my $html_template_file = 'dnslist.tt2'; +# File to write HTML page to. (This is where Slackware puts WWW pages. It may +# be different on other systems. Make sure the permissions are set correctly +# for it.) +my $html_output_file = '/var/www/htdocs/dhcp.html'; +# Time to wait after each page update. (The state file is checked for changes +# before each update but is not read in each time, in case it is very big. The +# page is rewritten just so the "(updated __/__ __:__:__)" text changes ;-) +my $wait_time = 2; + +# Read command-line arguments. +while ($_ = shift @ARGV) { + if (/-s/) { $dnsmasq_state_file = shift; next; } + if (/-t/) { $html_template_file = shift; next; } + if (/-o/) { $html_output_file = shift; next; } + if (/-d/) { $wait_time = shift; next; } + if (/-l/) { show_license(); exit; } + die "usage: dnslist [-s state_file] [-t template_file] [-o output_file] [-d delay_time]\n"; +} + +# Master list of clients, offline and online. +my $list = {}; +# Sorted host list. (It's actually sorted by IP--the sub &byip() compares two +# IP addresses, octet by octet, and figures out which is higher.) +my @hosts = (); +# Last time the state file was changed. +my $last_state_change; + +# Check for a change to the state file. +sub check_state { + if (defined $last_state_change) { + if (-M $dnsmasq_state_file < $last_state_change) { + print "check_state: state file has been changed.\n"; + $last_state_change = -M $dnsmasq_state_file; + return 1; + } else { + return 0; + } + } else { + # Last change undefined, so we are running for the first time. + print "check_state: reading state file at startup.\n"; + read_state(); + $last_state_change = -M $dnsmasq_state_file; + return 1; + } +} + +# Read data in state file. +sub read_state { + my $old; + my $new; + # Open file. + unless (open STATE, $dnsmasq_state_file) { + warn "read_state: can't open $dnsmasq_state_file!\n"; + return 0; + } + # Mark all hosts as offline, saving old state. + foreach $ether (keys %{$list}) { + $list->{$ether}->{'old_online'} = $list->{$ether}->{'online'}; + $list->{$ether}->{'online'} = 0; + } + # Read hosts. + while (<STATE>) { + chomp; + @host{qw/raw_lease ether_addr ip_addr hostname raw_client_id/} = split /\s+/; + $ether = $host{ether_addr}; + # Mark each online host as online. + $list->{$ether}->{'online'} = 1; + # Copy data to master list. + foreach $key (keys %host) { + $list->{$ether}->{$key} = $host{$key}; + } + } + close STATE; + # Handle changes in offline/online state. (The sub &do_host() handles + # all of the extra stuff to do with a host's data once it is read. + foreach $ether (keys %{$list}) { + $old = $list->{$ether}->{'old_online'}; + $new = $list->{$ether}->{'online'}; + if (not $old) { + if (not $new) { + do_host($ether, 'offline'); + } else { + do_host($ether, 'join'); + } + } else { + if (not $new) { + do_host($ether, 'leave'); + } else { + do_host($ether, 'online'); + } + } + } + # Sort hosts by IP ;-) + @hosts = sort byip values %{$list}; + # Copy sorted list to template data store. + $data->{'hosts'} = [ @hosts ]; +} + +# Do stuff per host. +sub do_host { + my ($ether, $status) = @_; + + # Find textual representation of DHCP client ID. + if ($list->{$ether}->{'raw_client_id'} eq '*') { + $list->{$ether}->{'text_client_id'} = 'None'; + } else { + my $text = ""; + foreach $char (split /:/, $list->{$ether}->{'raw_client_id'}) { + $char = pack('H2', $char); + if (ord($char) >= 32 and ord($char) <= 127) { + $text .= $char; + } else { + $text .= "?"; + } + } + $list->{$ether}->{'text_client_id'} = $text; + } + + # Convert lease expiration date/time to text. + if ($list->{$ether}->{'raw_lease'} == 0) { + $list->{$ether}->{'text_lease'} = 'Never'; + } else { + $list->{$ether}->{'text_lease'} = nice_time($list->{$ether}->{'raw_lease'}); + } + + if ($status eq 'offline') { + # Nothing to do. + } elsif ($status eq 'online') { + # Nothing to do. + } elsif ($status eq 'join') { + # Update times for joining host. + print "do_host: $ether joined the network.\n"; + $list->{$ether}->{'join_time'} = time; + $list->{$ether}->{'since'} = nice_time(time); + } elsif ($status eq 'leave') { + # Update times for leaving host. + print "do_host: $ether left the network.\n"; + $list->{$ether}->{'leave_time'} = time; + $list->{$ether}->{'since'} = nice_time(time); + } + +} + +# Convert time to a string representation. +sub nice_time { + my $time = shift; + my ($sec, $min, $hour, $mday, $mon, $year, $wday, $yday, $dst) = localtime($time); + $sec = pad($sec, '0', 2); + $min = pad($min, '0', 2); + $hour = pad($hour, '0', 2); + $mon = pad($mon, '0', 2); + $mday = pad($mday, '0', 2); + return "$mon/$mday $hour:$min:$sec"; +} + +# Pad string to a certain length by repeatedly prepending another string. +sub pad { + my ($text, $pad, $length) = @_; + while (length($text) < $length) { + $text = "$pad$text"; + } + return $text; +} + +# Compare two IP addresses. (Uses $a and $b from sort.) +sub byip { + # Split into octets. + my @a = split /\./, $a->{ip_addr}; + my @b = split /\./, $b->{ip_addr}; + # Compare octets. + foreach $n (0..3) { + return $a[$n] <=> $b[$n] if ($a[$n] != $b[$n]); + } + # If we get here there is no difference. + return 0; +} + +# Output HTML file. +sub write_output { + # Create new template object. + my $template = Template->new( + { + ABSOLUTE => 1, # /var/www/... is an absolute path + OUTPUT => $html_output_file # put it here, not STDOUT + } + ); + $data->{'updated'} = nice_time(time); # add "(updated ...)" to file + unless ($template->process($html_template_file, $data)) { # do it + warn "write_output: Template Toolkit error: " . $template->error() . "\n"; + return 0; + } + print "write_output: page updated.\n"; + return 1; +} + +sub show_license { + while (<DATA>) { + print; + $line++; + if ($line == 24) { <>; $line = 1; } + } +} + +# Main loop. +while (1) { + # Check for state change. + if (check_state()) { + read_state(); + sleep 1; # Sleep for a second just so we don't wear anything + # out. (By not sleeping the whole time after a change + # we can detect rapid changes more easily--like if 300 + # hosts all come back online, they show up quicker.) + } else { + sleep $wait_time; # Take a nap. + } + write_output(); # Write the file anyway. +} +__DATA__ + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc. + 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Library General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + <one line to give the program's name and a brief idea of what it does.> + Copyright (C) <year> <name of author> + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) year name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + <signature of Ty Coon>, 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Library General +Public License instead of this License. diff --git a/contrib/dnslist/dnslist.tt2 b/contrib/dnslist/dnslist.tt2 new file mode 100644 index 0000000..1998e5f --- /dev/null +++ b/contrib/dnslist/dnslist.tt2 @@ -0,0 +1,32 @@ +<html> + <head> + <title>DHCP Clients</title> + <link rel="stylesheet" href="dhcp.css"/> + <meta http-equiv="Refresh" content="2"/> + </head> + <body> + <h1>DHCP Clients <span class="updated">(updated [% updated %])</span></h1> + <table cols="7"> + <tr> + <th class="hostname">Hostname</th> + <th class="ip_addr">IP Address</th> + <th class="ether_addr">Ethernet Address</th> + <th class="client_id">DHCP Client ID</th> + <th class="status">Status</th> + <th class="since">Since</th> + <th class="lease">Lease Expires</th> + </tr> + [% FOREACH host IN hosts %] + <tr class="[% IF host.online %]online[% ELSE %]offline[% END %]"> + <td class="hostname">[% host.hostname %]</td> + <td class="ip_addr">[% host.ip_addr %]</td> + <td class="ether_addr">[% host.ether_addr %]</td> + <td class="client_id">[% host.text_client_id %] ([% host.raw_client_id %])</td> + <td class="status">[% IF host.online %]Online[% ELSE %]Offline[% END %]</td> + <td class="since">[% host.since %]</td> + <td class="lease">[% host.text_lease %]</td> + </tr> + [% END %] + </table> + </body> +</html> diff --git a/contrib/dnsmasq_MacOSX-pre10.4/DNSmasq b/contrib/dnsmasq_MacOSX-pre10.4/DNSmasq new file mode 100755 index 0000000..6b62118 --- /dev/null +++ b/contrib/dnsmasq_MacOSX-pre10.4/DNSmasq @@ -0,0 +1,22 @@ +#!/bin/sh +. /etc/rc.common + +StartService() { + if [ "${DNSMASQ:=-NO-}" = "-YES-" ] ; then + /usr/local/sbin/dnsmasq -q -n + fi +} + +StopService() { + pid=`GetPID dnsmasq` + if [ $? -eq 0 ]; then + kill $pid + fi +} + +RestartService() { + StopService "$@" + StartService "$@" +} + +RunService "$1" diff --git a/contrib/dnsmasq_MacOSX-pre10.4/README.rtf b/contrib/dnsmasq_MacOSX-pre10.4/README.rtf new file mode 100644 index 0000000..da48411 --- /dev/null +++ b/contrib/dnsmasq_MacOSX-pre10.4/README.rtf @@ -0,0 +1,42 @@ +{\rtf1\mac\ansicpg10000\cocoartf824\cocoasubrtf100 +{\fonttbl\f0\fswiss\fcharset77 Helvetica;\f1\fnil\fcharset77 Monaco;} +{\colortbl;\red255\green255\blue255;} +\paperw11900\paperh16840\margl1440\margr1440\vieww11120\viewh10100\viewkind0 +\pard\tx566\tx1133\tx1700\tx2267\tx2834\tx3401\tx3968\tx4535\tx5102\tx5669\tx6236\tx6803\ql\qnatural\pardirnatural + +\f0\fs24 \cf0 1. If you've used DNSenabler, or if you're using Mac OS X Server, or if you have in any other way activated Mac OS X's built-in DHCP and/or DNS servers, disable them. This would usually involve checking that they are either set to -NO- or absent altogether in +\f1 /etc/hostconfig +\f0 . If you've never done anything to do with DNS or DHCP servers on a client version of MacOS X, you won't need to worry about this; it will already be configured for you.\ +\ +2. Add a configuration item to +\f1 /etc/hostconfig +\f0 as follows:\ +\ + +\f1 DNSMASQ=-YES- +\f0 \ +\ +3. Create a system-wide StartupItems directory for dnsmasq:\ +\ + +\f1 sudo mkdir -p /Library/StartupItems/DNSmasq\ + +\f0 \ +4. Copy the files +\f1 DNSmasq +\f0 and +\f1 StartupParameters.plist +\f0 into this directory, and make sure the former is executable:\ +\ + +\f1 sudo cp DNSmasq StartupParameters.plist /Library/StartupItems/DNSmasq\ +sudo chmod 755 /Library/StartupItems/DNSmasq/DNSmasq\ + +\f0 \ +5. Start the service:\ +\ + +\f1 sudo /Library/StartupItems/DNSmasq/DNSmasq start\ + +\f0 \cf0 \ +That should be all...}
\ No newline at end of file diff --git a/contrib/dnsmasq_MacOSX-pre10.4/StartupParameters.plist b/contrib/dnsmasq_MacOSX-pre10.4/StartupParameters.plist new file mode 100644 index 0000000..454bda0 --- /dev/null +++ b/contrib/dnsmasq_MacOSX-pre10.4/StartupParameters.plist @@ -0,0 +1,18 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> +<plist version="1.0"> +<dict> + <key>Description</key> + <string>DNSmasq</string> + <key>OrderPreference</key> + <string>None</string> + <key>Provides</key> + <array> + <string>DNSmasq</string> + </array> + <key>Uses</key> + <array> + <string>Network</string> + </array> + </dict> +</plist> diff --git a/contrib/dynamic-dnsmasq/dynamic-dnsmasq.pl b/contrib/dynamic-dnsmasq/dynamic-dnsmasq.pl new file mode 100755 index 0000000..3c4a1f1 --- /dev/null +++ b/contrib/dynamic-dnsmasq/dynamic-dnsmasq.pl @@ -0,0 +1,249 @@ +#!/usr/bin/perl +# dynamic-dnsmasq.pl - update dnsmasq's internal dns entries dynamically +# Copyright (C) 2004 Peter Willis +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# +# the purpose of this script is to be able to update dnsmasq's dns +# records from a remote dynamic dns client. +# +# basic use of this script: +# dynamic-dnsmasq.pl add testaccount 1234 testaccount.mydomain.com +# dynamic-dnsmasq.pl listen & +# +# this script tries to emulate DynDNS.org's dynamic dns service, so +# technically you should be able to use any DynDNS.org client to +# update the records here. tested and confirmed to work with ddnsu +# 1.3.1. just point the client's host to the IP of this machine, +# port 9020, and include the hostname, user and pass, and it should +# work. +# +# make sure "addn-hosts=/etc/dyndns-hosts" is in your /etc/dnsmasq.conf +# file and "nopoll" is commented out. + +use strict; +use IO::Socket; +use MIME::Base64; +use DB_File; +use Fcntl; + +my $accountdb = "accounts.db"; +my $recordfile = "/etc/dyndns-hosts"; +my $dnsmasqpidfile = "/var/run/dnsmasq.pid"; # if this doesn't exist, will look for process in /proc +my $listenaddress = "0.0.0.0"; +my $listenport = 9020; + +# no editing past this point should be necessary + +if ( @ARGV < 1 ) { + die "Usage: $0 ADD|DEL|LISTUSERS|WRITEHOSTSFILE|LISTEN\n"; +} elsif ( lc $ARGV[0] eq "add" ) { + die "Usage: $0 ADD USER PASS HOSTNAME\n" unless @ARGV == 4; + add_acct($ARGV[1], $ARGV[2], $ARGV[3]); +} elsif ( lc $ARGV[0] eq "del" ) { + die "Usage: $0 DEL USER\n" unless @ARGV == 2; + print "Are you sure you want to delete user \"$ARGV[1]\"? [N/y] "; + my $resp = <STDIN>; + chomp $resp; + if ( lc substr($resp,0,1) eq "y" ) { + del_acct($ARGV[1]); + } +} elsif ( lc $ARGV[0] eq "listusers" or lc $ARGV[0] eq "writehostsfile" ) { + my $X = tie my %h, "DB_File", $accountdb, O_RDWR|O_CREAT, 0600, $DB_HASH; + my $fh; + if ( lc $ARGV[0] eq "writehostsfile" ) { + open($fh, ">$recordfile") || die "Couldn't open recordfile \"$recordfile\": $!\n"; + flock($fh, 2); + seek($fh, 0, 0); + truncate($fh, 0); + } + while ( my ($key, $val) = each %h ) { + my ($pass, $domain, $ip) = split("\t",$val); + if ( lc $ARGV[0] eq "listusers" ) { + print "user $key, hostname $domain, ip $ip\n"; + } else { + if ( defined $ip ) { + print $fh "$ip\t$domain\n"; + } + } + } + if ( lc $ARGV[0] eq "writehostsfile" ) { + flock($fh, 8); + close($fh); + dnsmasq_rescan_configs(); + } + undef $X; + untie %h; +} elsif ( lc $ARGV[0] eq "listen" ) { + listen_for_updates(); +} + +sub listen_for_updates { + my $sock = IO::Socket::INET->new(Listen => 5, + LocalAddr => $listenaddress, LocalPort => $listenport, + Proto => 'tcp', ReuseAddr => 1, + MultiHomed => 1) || die "Could not open listening socket: $!\n"; + $SIG{'CHLD'} = 'IGNORE'; + while ( my $client = $sock->accept() ) { + my $p = fork(); + if ( $p != 0 ) { + next; + } + $SIG{'CHLD'} = 'DEFAULT'; + my @headers; + my %cgi; + while ( <$client> ) { + s/(\r|\n)//g; + last if $_ eq ""; + push @headers, $_; + } + foreach my $header (@headers) { + if ( $header =~ /^GET \/nic\/update\?([^\s].+) HTTP\/1\.[01]$/ ) { + foreach my $element (split('&', $1)) { + $cgi{(split '=', $element)[0]} = (split '=', $element)[1]; + } + } elsif ( $header =~ /^Authorization: basic (.+)$/ ) { + unless ( defined $cgi{'hostname'} ) { + print_http_response($client, undef, "badsys"); + exit(1); + } + if ( !exists $cgi{'myip'} ) { + $cgi{'myip'} = $client->peerhost(); + } + my ($user,$pass) = split ":", MIME::Base64::decode($1); + if ( authorize($user, $pass, $cgi{'hostname'}, $cgi{'myip'}) == 0 ) { + print_http_response($client, $cgi{'myip'}, "good"); + update_dns(\%cgi); + } else { + print_http_response($client, undef, "badauth"); + exit(1); + } + last; + } + } + exit(0); + } + return(0); +} + +sub add_acct { + my ($user, $pass, $hostname) = @_; + my $X = tie my %h, "DB_File", $accountdb, O_RDWR|O_CREAT, 0600, $DB_HASH; + $X->put($user, join("\t", ($pass, $hostname))); + undef $X; + untie %h; +} + +sub del_acct { + my ($user, $pass, $hostname) = @_; + my $X = tie my %h, "DB_File", $accountdb, O_RDWR|O_CREAT, 0600, $DB_HASH; + $X->del($user); + undef $X; + untie %h; +} + + +sub authorize { + my $user = shift; + my $pass = shift; + my $hostname = shift; + my $ip = shift;; + my $X = tie my %h, "DB_File", $accountdb, O_RDWR|O_CREAT, 0600, $DB_HASH; + my ($spass, $shost) = split("\t", $h{$user}); + if ( defined $h{$user} and ($spass eq $pass) and ($shost eq $hostname) ) { + $X->put($user, join("\t", $spass, $shost, $ip)); + undef $X; + untie %h; + return(0); + } + undef $X; + untie %h; + return(1); +} + +sub print_http_response { + my $sock = shift; + my $ip = shift; + my $response = shift; + print $sock "HTTP/1.0 200 OK\n"; + my @tmp = split /\s+/, scalar gmtime(); + print $sock "Date: $tmp[0], $tmp[2] $tmp[1] $tmp[4] $tmp[3] GMT\n"; + print $sock "Server: Peter's Fake DynDNS.org Server/1.0\n"; + print $sock "Content-Type: text/plain; charset=ISO-8859-1\n"; + print $sock "Connection: close\n"; + print $sock "Transfer-Encoding: chunked\n"; + print $sock "\n"; + #print $sock "12\n"; # this was part of the dyndns response but i'm not sure what it is + print $sock "$response", defined($ip)? " $ip" : "" . "\n"; +} + +sub update_dns { + my $hashref = shift; + my @records; + my $found = 0; + # update the addn-hosts file + open(FILE, "+<$recordfile") || die "Couldn't open recordfile \"$recordfile\": $!\n"; + flock(FILE, 2); + while ( <FILE> ) { + if ( /^(\d+\.\d+\.\d+\.\d+)\s+$$hashref{'hostname'}\n$/si ) { + if ( $1 ne $$hashref{'myip'} ) { + push @records, "$$hashref{'myip'}\t$$hashref{'hostname'}\n"; + $found = 1; + } + } else { + push @records, $_; + } + } + unless ( $found ) { + push @records, "$$hashref{'myip'}\t$$hashref{'hostname'}\n"; + } + sysseek(FILE, 0, 0); + truncate(FILE, 0); + syswrite(FILE, join("", @records)); + flock(FILE, 8); + close(FILE); + dnsmasq_rescan_configs(); + return(0); +} + +sub dnsmasq_rescan_configs { + # send the HUP signal to dnsmasq + if ( -r $dnsmasqpidfile ) { + open(PID,"<$dnsmasqpidfile") || die "Could not open PID file \"$dnsmasqpidfile\": $!\n"; + my $pid = <PID>; + close(PID); + chomp $pid; + if ( kill(0, $pid) ) { + kill(1, $pid); + } else { + goto LOOKFORDNSMASQ; + } + } else { + LOOKFORDNSMASQ: + opendir(DIR,"/proc") || die "Couldn't opendir /proc: $!\n"; + my @dirs = grep(/^\d+$/, readdir(DIR)); + closedir(DIR); + foreach my $process (@dirs) { + if ( open(FILE,"</proc/$process/cmdline") ) { + my $cmdline = <FILE>; + close(FILE); + if ( (split(/\0/,$cmdline))[0] =~ /dnsmasq/ ) { + kill(1, $process); + } + } + } + } + return(0); +} diff --git a/contrib/lease-access/README b/contrib/lease-access/README new file mode 100644 index 0000000..fc66bdf --- /dev/null +++ b/contrib/lease-access/README @@ -0,0 +1,20 @@ +Hello, + +For some specific application I needed to deny access to a MAC address +to a lease. For this reason I modified the dhcp-script behavior and is +called with an extra parameter "access" once a dhcp request or discover +is received. In that case if the exit code of the script is zero, +dnsmasq continues normally, and if non-zero the packet is ignored. + +This was not added as a security feature but as a mean to handle +differently some addresses. It is also quite intrusive since it requires +changes in several other subsystems. + +It attach the patch in case someone is interested. + +regards, +Nikos + +nmav@gennetsa.com + + diff --git a/contrib/lease-access/lease.access.patch b/contrib/lease-access/lease.access.patch new file mode 100644 index 0000000..ad76e25 --- /dev/null +++ b/contrib/lease-access/lease.access.patch @@ -0,0 +1,578 @@ +Index: src/dnsmasq.c +=================================================================== +--- src/dnsmasq.c (revision 696) ++++ src/dnsmasq.c (revision 821) +@@ -59,7 +59,6 @@ + static int set_dns_listeners(time_t now, fd_set *set, int *maxfdp); + static void check_dns_listeners(fd_set *set, time_t now); + static void sig_handler(int sig); +-static void async_event(int pipe, time_t now); + static void fatal_event(struct event_desc *ev); + static void poll_resolv(void); + +@@ -275,7 +274,7 @@ + piperead = pipefd[0]; + pipewrite = pipefd[1]; + /* prime the pipe to load stuff first time. */ +- send_event(pipewrite, EVENT_RELOAD, 0); ++ send_event(pipewrite, EVENT_RELOAD, 0, 0); + + err_pipe[1] = -1; + +@@ -340,7 +339,7 @@ + } + else if (getuid() == 0) + { +- send_event(err_pipe[1], EVENT_PIDFILE, errno); ++ send_event(err_pipe[1], EVENT_PIDFILE, errno, 0); + _exit(0); + } + } +@@ -372,7 +371,7 @@ + (setgroups(0, &dummy) == -1 || + setgid(gp->gr_gid) == -1)) + { +- send_event(err_pipe[1], EVENT_GROUP_ERR, errno); ++ send_event(err_pipe[1], EVENT_GROUP_ERR, errno, 0); + _exit(0); + } + +@@ -415,14 +414,14 @@ + + if (bad_capabilities != 0) + { +- send_event(err_pipe[1], EVENT_CAP_ERR, bad_capabilities); ++ send_event(err_pipe[1], EVENT_CAP_ERR, bad_capabilities, 0); + _exit(0); + } + + /* finally drop root */ + if (setuid(ent_pw->pw_uid) == -1) + { +- send_event(err_pipe[1], EVENT_USER_ERR, errno); ++ send_event(err_pipe[1], EVENT_USER_ERR, errno, 0); + _exit(0); + } + +@@ -434,7 +433,7 @@ + /* lose the setuid and setgid capbilities */ + if (capset(hdr, data) == -1) + { +- send_event(err_pipe[1], EVENT_CAP_ERR, errno); ++ send_event(err_pipe[1], EVENT_CAP_ERR, errno, 0); + _exit(0); + } + #endif +@@ -647,7 +646,7 @@ + } + + if (FD_ISSET(piperead, &rset)) +- async_event(piperead, now); ++ async_event(piperead, now, NULL, 0); + + #ifdef HAVE_LINUX_NETWORK + if (FD_ISSET(daemon->netlinkfd, &rset)) +@@ -674,7 +673,7 @@ + #endif + + if (daemon->dhcp && FD_ISSET(daemon->dhcpfd, &rset)) +- dhcp_packet(now); ++ dhcp_packet(piperead, now); + + #ifndef NO_FORK + if (daemon->helperfd != -1 && FD_ISSET(daemon->helperfd, &wset)) +@@ -719,17 +718,18 @@ + else + return; + +- send_event(pipewrite, event, 0); ++ send_event(pipewrite, event, 0, 0); + errno = errsave; + } + } + +-void send_event(int fd, int event, int data) ++void send_event(int fd, int event, int data, int priv) + { + struct event_desc ev; + + ev.event = event; + ev.data = data; ++ ev.priv = priv; + + /* error pipe, debug mode. */ + if (fd == -1) +@@ -771,14 +771,17 @@ + die(_("cannot open %s: %s"), daemon->log_file ? daemon->log_file : "log", EC_FILE); + } + } +- +-static void async_event(int pipe, time_t now) ++ ++/* returns the private data of the event ++ */ ++int async_event(int pipe, time_t now, struct event_desc* event, unsigned int secs) + { + pid_t p; + struct event_desc ev; + int i; + +- if (read_write(pipe, (unsigned char *)&ev, sizeof(ev), 1)) ++ if (read_timeout(pipe, (unsigned char *)&ev, sizeof(ev), now, secs) > 0) ++ { + switch (ev.event) + { + case EVENT_RELOAD: +@@ -872,6 +875,14 @@ + flush_log(); + exit(EC_GOOD); + } ++ } ++ else ++ return -1; /* timeout */ ++ ++ if (event) ++ memcpy( event, &ev, sizeof(ev)); ++ ++ return 0; + } + + static void poll_resolv() +Index: src/config.h +=================================================================== +--- src/config.h (revision 696) ++++ src/config.h (revision 821) +@@ -51,6 +51,8 @@ + #define TFTP_MAX_CONNECTIONS 50 /* max simultaneous connections */ + #define LOG_MAX 5 /* log-queue length */ + #define RANDFILE "/dev/urandom" ++#define SCRIPT_TIMEOUT 6 ++#define LEASE_CHECK_TIMEOUT 10 + + /* DBUS interface specifics */ + #define DNSMASQ_SERVICE "uk.org.thekelleys.dnsmasq" +Index: src/dnsmasq.h +=================================================================== +--- src/dnsmasq.h (revision 696) ++++ src/dnsmasq.h (revision 821) +@@ -116,6 +116,7 @@ + /* Async event queue */ + struct event_desc { + int event, data; ++ unsigned int priv; + }; + + #define EVENT_RELOAD 1 +@@ -390,6 +391,7 @@ + #define ACTION_OLD_HOSTNAME 2 + #define ACTION_OLD 3 + #define ACTION_ADD 4 ++#define ACTION_ACCESS 5 + + #define DHCP_CHADDR_MAX 16 + +@@ -709,6 +711,7 @@ + char *print_mac(char *buff, unsigned char *mac, int len); + void bump_maxfd(int fd, int *max); + int read_write(int fd, unsigned char *packet, int size, int rw); ++int read_timeout(int fd, unsigned char *packet, int size, time_t now, int secs); + + /* log.c */ + void die(char *message, char *arg1, int exit_code); +@@ -748,7 +751,7 @@ + + /* dhcp.c */ + void dhcp_init(void); +-void dhcp_packet(time_t now); ++void dhcp_packet(int piperead, time_t now); + + struct dhcp_context *address_available(struct dhcp_context *context, + struct in_addr addr, +@@ -792,14 +795,16 @@ + void rerun_scripts(void); + + /* rfc2131.c */ +-size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index, ++size_t dhcp_reply(int pipefd, struct dhcp_context *context, char *iface_name, int int_index, + size_t sz, time_t now, int unicast_dest, int *is_inform); + + /* dnsmasq.c */ + int make_icmp_sock(void); + int icmp_ping(struct in_addr addr); +-void send_event(int fd, int event, int data); ++void send_event(int fd, int event, int data, int priv); + void clear_cache_and_reload(time_t now); ++int wait_for_child(int pipe); ++int async_event(int pipe, time_t now, struct event_desc*, unsigned int timeout); + + /* isc.c */ + #ifdef HAVE_ISC_READER +@@ -832,9 +837,9 @@ + /* helper.c */ + #ifndef NO_FORK + int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd); +-void helper_write(void); ++int helper_write(void); + void queue_script(int action, struct dhcp_lease *lease, +- char *hostname, time_t now); ++ char *hostname, time_t now, unsigned int uid); + int helper_buf_empty(void); + #endif + +Index: src/util.c +=================================================================== +--- src/util.c (revision 696) ++++ src/util.c (revision 821) +@@ -444,3 +444,38 @@ + return 1; + } + ++int read_timeout(int fd, unsigned char *packet, int size, time_t now, int secs) ++{ ++ ssize_t n, done; ++ time_t expire; ++ ++ expire = now + secs; ++ ++ for (done = 0; done < size; done += n) ++ { ++ retry: ++ if (secs > 0) alarm(secs); ++ n = read(fd, &packet[done], (size_t)(size - done)); ++ ++ if (n == 0) ++ return 0; ++ else if (n == -1) ++ { ++ if (errno == EINTR) { ++ my_syslog(LOG_INFO, _("read timed out (errno %d)"), errno); ++ return 0; ++ } ++ ++ if (retry_send() || errno == ENOMEM || errno == ENOBUFS || errno == EAGAIN) ++ { ++ if (secs == 0 || (secs > 0 && dnsmasq_time() < expire)) ++ goto retry; ++ } ++ ++ my_syslog(LOG_INFO, _("error in read (timeout %d, errno %d)"), secs, errno); ++ return 0; ++ } ++ } ++ return 1; ++} ++ +Index: src/dhcp.c +=================================================================== +--- src/dhcp.c (revision 696) ++++ src/dhcp.c (revision 821) +@@ -103,7 +103,7 @@ + daemon->dhcp_packet.iov_base = safe_malloc(daemon->dhcp_packet.iov_len); + } + +-void dhcp_packet(time_t now) ++void dhcp_packet(int piperead, time_t now) + { + struct dhcp_packet *mess; + struct dhcp_context *context; +@@ -239,7 +239,8 @@ + if (!iface_enumerate(&parm, complete_context, NULL)) + return; + lease_prune(NULL, now); /* lose any expired leases */ +- iov.iov_len = dhcp_reply(parm.current, ifr.ifr_name, iface_index, (size_t)sz, ++ ++ iov.iov_len = dhcp_reply(piperead, parm.current, ifr.ifr_name, iface_index, (size_t)sz, + now, unicast_dest, &is_inform); + lease_update_file(now); + lease_update_dns(); +Index: src/helper.c +=================================================================== +--- src/helper.c (revision 696) ++++ src/helper.c (revision 821) +@@ -45,6 +45,7 @@ + #endif + unsigned char hwaddr[DHCP_CHADDR_MAX]; + char interface[IF_NAMESIZE]; ++ unsigned int uid; + }; + + static struct script_data *buf = NULL; +@@ -60,7 +61,7 @@ + then fork our process. */ + if (pipe(pipefd) == -1 || !fix_fd(pipefd[1]) || (pid = fork()) == -1) + { +- send_event(err_fd, EVENT_PIPE_ERR, errno); ++ send_event(err_fd, EVENT_PIPE_ERR, errno, 0); + _exit(0); + } + +@@ -87,13 +88,13 @@ + { + if (daemon->options & OPT_NO_FORK) + /* send error to daemon process if no-fork */ +- send_event(event_fd, EVENT_HUSER_ERR, errno); ++ send_event(event_fd, EVENT_HUSER_ERR, errno, 0); + else + { + /* kill daemon */ +- send_event(event_fd, EVENT_DIE, 0); ++ send_event(event_fd, EVENT_DIE, 0, 0); + /* return error */ +- send_event(err_fd, EVENT_HUSER_ERR, errno);; ++ send_event(err_fd, EVENT_HUSER_ERR, errno, 0); + } + _exit(0); + } +@@ -122,6 +123,8 @@ + action_str = "del"; + else if (data.action == ACTION_ADD) + action_str = "add"; ++ else if (data.action == ACTION_ACCESS) ++ action_str = "access"; + else if (data.action == ACTION_OLD || data.action == ACTION_OLD_HOSTNAME) + action_str = "old"; + else +@@ -178,9 +181,11 @@ + { + /* On error send event back to main process for logging */ + if (WIFSIGNALED(status)) +- send_event(event_fd, EVENT_KILLED, WTERMSIG(status)); +- else if (WIFEXITED(status) && WEXITSTATUS(status) != 0) +- send_event(event_fd, EVENT_EXITED, WEXITSTATUS(status)); ++ send_event(event_fd, EVENT_KILLED, WTERMSIG(status), data.uid); ++ else if (WIFEXITED(status)) ++ send_event(event_fd, EVENT_EXITED, WEXITSTATUS(status), data.uid); ++ else ++ send_event(event_fd, EVENT_EXITED, -1, data.uid); + break; + } + +@@ -263,7 +268,7 @@ + err = errno; + } + /* failed, send event so the main process logs the problem */ +- send_event(event_fd, EVENT_EXEC_ERR, err); ++ send_event(event_fd, EVENT_EXEC_ERR, err, data.uid); + _exit(0); + } + } +@@ -295,7 +300,7 @@ + } + + /* pack up lease data into a buffer */ +-void queue_script(int action, struct dhcp_lease *lease, char *hostname, time_t now) ++void queue_script(int action, struct dhcp_lease *lease, char *hostname, time_t now, unsigned int uid) + { + unsigned char *p; + size_t size; +@@ -332,6 +337,7 @@ + buf_size = size; + } + ++ buf->uid = uid; + buf->action = action; + buf->hwaddr_len = lease->hwaddr_len; + buf->hwaddr_type = lease->hwaddr_type; +@@ -393,12 +399,15 @@ + return bytes_in_buf == 0; + } + +-void helper_write(void) ++/* returns -1 if write failed for a reason, 1 if no data exist ++ * and 0 if everything was ok. ++ */ ++int helper_write(void) + { + ssize_t rc; + + if (bytes_in_buf == 0) +- return; ++ return 1; + + if ((rc = write(daemon->helperfd, buf, bytes_in_buf)) != -1) + { +@@ -409,9 +418,11 @@ + else + { + if (errno == EAGAIN || errno == EINTR) +- return; ++ return -1; + bytes_in_buf = 0; + } ++ ++ return 0; + } + + #endif +Index: src/rfc2131.c +=================================================================== +--- src/rfc2131.c (revision 696) ++++ src/rfc2131.c (revision 821) +@@ -100,8 +100,49 @@ + int clid_len, unsigned char *clid, int *len_out); + static void match_vendor_opts(unsigned char *opt, struct dhcp_opt *dopt); + ++static int check_access_script( int piperead, struct dhcp_lease *lease, struct dhcp_packet *mess, time_t now) ++{ ++#ifndef NO_FORK ++unsigned int uid; ++struct event_desc ev; ++int ret; ++struct dhcp_lease _lease; ++ ++ if (daemon->lease_change_command == NULL) return 0; /* ok */ ++ ++ if (!lease) { /* if host has not been seen before lease is NULL */ ++ memset(&_lease, 0, sizeof(_lease)); ++ lease = &_lease; ++ lease_set_hwaddr(lease, mess->chaddr, NULL, mess->hlen, mess->htype, 0); ++ } ++ ++ uid = rand16(); ++ queue_script(ACTION_ACCESS, lease, NULL, now, uid); ++ ++ /* send all data to helper process */ ++ do ++ { ++ helper_write(); ++ } while (helper_buf_empty() == 0); ++ ++ /* wait for our event */ ++ ret = 0; ++ do ++ { ++ ret = async_event( piperead, now, &ev, SCRIPT_TIMEOUT); ++ } ++ while(ev.priv != uid && ret >= 0); ++ ++ if (ret < 0 || ev.data != 0) /* timeout or error */ ++ { ++ return -1; ++ } ++ ++#endif ++ return 0; /* ok */ ++} + +-size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index, ++size_t dhcp_reply(int piperead, struct dhcp_context *context, char *iface_name, int int_index, + size_t sz, time_t now, int unicast_dest, int *is_inform) + { + unsigned char *opt, *clid = NULL; +@@ -252,7 +293,7 @@ + mac->netid.next = netid; + netid = &mac->netid; + } +- ++ + /* Determine network for this packet. Our caller will have already linked all the + contexts which match the addresses of the receiving interface but if the + machine has an address already, or came via a relay, or we have a subnet selector, +@@ -329,7 +370,7 @@ + my_syslog(LOG_INFO, _("Available DHCP range: %s -- %s"), daemon->namebuff, inet_ntoa(context_tmp->end)); + } + } +- ++ + mess->op = BOOTREPLY; + + config = find_config(daemon->dhcp_conf, context, clid, clid_len, +@@ -418,7 +459,7 @@ + else + mess->yiaddr = lease->addr; + } +- ++ + if (!message && + !lease && + (!(lease = lease_allocate(mess->yiaddr)))) +@@ -641,7 +682,14 @@ + memcpy(req_options, option_ptr(opt, 0), option_len(opt)); + req_options[option_len(opt)] = OPTION_END; + } +- ++ ++ if (mess_type == DHCPREQUEST || mess_type == DHCPDISCOVER) ++ if (check_access_script(piperead, lease, mess, now) < 0) ++ { ++ my_syslog(LOG_INFO, _("Ignoring client due to access script")); ++ return 0; ++ } ++ + switch (mess_type) + { + case DHCPDECLINE: +Index: src/log.c +=================================================================== +--- src/log.c (revision 696) ++++ src/log.c (revision 821) +@@ -73,7 +73,7 @@ + + if (!log_reopen(daemon->log_file)) + { +- send_event(errfd, EVENT_LOG_ERR, errno); ++ send_event(errfd, EVENT_LOG_ERR, errno, 0); + _exit(0); + } + +Index: src/lease.c +=================================================================== +--- src/lease.c (revision 696) ++++ src/lease.c (revision 821) +@@ -511,7 +511,7 @@ + if (lease->old_hostname) + { + #ifndef NO_FORK +- queue_script(ACTION_OLD_HOSTNAME, lease, lease->old_hostname, now); ++ queue_script(ACTION_OLD_HOSTNAME, lease, lease->old_hostname, now, 0); + #endif + free(lease->old_hostname); + lease->old_hostname = NULL; +@@ -520,7 +520,7 @@ + else + { + #ifndef NO_FORK +- queue_script(ACTION_DEL, lease, lease->hostname, now); ++ queue_script(ACTION_DEL, lease, lease->hostname, now, 0); + #endif + old_leases = lease->next; + +@@ -540,7 +540,7 @@ + if (lease->old_hostname) + { + #ifndef NO_FORK +- queue_script(ACTION_OLD_HOSTNAME, lease, lease->old_hostname, now); ++ queue_script(ACTION_OLD_HOSTNAME, lease, lease->old_hostname, now, 0); + #endif + free(lease->old_hostname); + lease->old_hostname = NULL; +@@ -552,7 +552,7 @@ + (lease->aux_changed && (daemon->options & OPT_LEASE_RO))) + { + #ifndef NO_FORK +- queue_script(lease->new ? ACTION_ADD : ACTION_OLD, lease, lease->hostname, now); ++ queue_script(lease->new ? ACTION_ADD : ACTION_OLD, lease, lease->hostname, now, 0); + #endif + lease->new = lease->changed = lease->aux_changed = 0; + +Index: man/dnsmasq.8 +=================================================================== +--- man/dnsmasq.8 (revision 696) ++++ man/dnsmasq.8 (revision 821) +@@ -724,12 +724,15 @@ + .B \-6 --dhcp-script=<path> + Whenever a new DHCP lease is created, or an old one destroyed, the + binary specified by this option is run. The arguments to the process +-are "add", "old" or "del", the MAC ++are "add", "old", "access" or "del", the MAC + address of the host (or "<null>"), the IP address, and the hostname, + if known. "add" means a lease has been created, "del" means it has + been destroyed, "old" is a notification of an existing lease when + dnsmasq starts or a change to MAC address or hostname of an existing + lease (also, lease length or expiry and client-id, if leasefile-ro is set). ++The "access" keyword means that a request was just received and depending ++on the script exit status request for address will be granted, if exit status ++is zero or not if it is non-zero. + The process is run as root (assuming that dnsmasq was originally run as + root) even if dnsmasq is configured to change UID to an unprivileged user. + The environment is inherited from the invoker of dnsmasq, and if the diff --git a/contrib/openvpn/README b/contrib/openvpn/README new file mode 100644 index 0000000..dd99600 --- /dev/null +++ b/contrib/openvpn/README @@ -0,0 +1,44 @@ +The patch I have attached lets me get the behavior I wish out of +dnsmasq. I also include my version of dhclient-enter-hooks as +required for the switchover from pre-dnsmasq and dhclient. + +On 8/16/05, Joseph Tate <dragonstrider@gmail.com> wrote: +> I'm trying to use dnsmasq on a laptop in order to facilitate openvpn +> connections. As such, the only configuration option I'm concerned +> about is a single server=3D/example.com/192.168.0.1 line. +> +> The way I currently have it set up is I modified dhclient to write its +> resolv.conf data to /etc/resolv.conf.dhclient and configured +> /etc/dnsmasq.conf to look there for its upstream dns servers. +> /etc/resolv.conf is set to nameserver 127.0.0.1 +> +> All of this works great. When I start the openvpn service, it the +> routes, and queries to the domain in the server=3D line work just fine. +> +> The only problem is that the hostname for my system doesn't get set +> correctly. With the resolv.conf data written to something other than +> /etc/resolv.conf, the ifup scripts don't have a valid dns server to do +> the ipcalc call to set the laptop's hostname. If I start dnsmasq +> before the network comes up, something gets fubar'd. I'm not sure how +> to describe it exactly, but network services are slow to load, and +> restarting networking and dnsmasq doesn't solve the problem. Perhaps +> dnsmasq is answering the dhcp request when the network starts? +> Certainly not desired behavior. +> +> Anyway, my question: is there a way to have the best of both worlds? +> DHCP requests to another server, and DNS lookups that work at all +> times? +> +> My current best idea on how to solve this problem is modifying the +> dnsmasq initscript to tweak /etc/dhclient-enter-hooks to change where +> dhclient writes resolv.conf data, and fixing up /etc/resolv.conf on +> the fly to set 127.0.0.1 to the nameserver (and somehow keep the +> search domains intact), but I'm hoping that I'm just missing some key +> piece of the puzzle and that this problem has been solved before. Any +> insights? +> +> -- +> Joseph Tate +> Personal e-mail: jtate AT dragonstrider DOT com +> Web: http://www.dragonstrider.com +> diff --git a/contrib/openvpn/dhclient-enter-hooks b/contrib/openvpn/dhclient-enter-hooks new file mode 100644 index 0000000..cb78e2a --- /dev/null +++ b/contrib/openvpn/dhclient-enter-hooks @@ -0,0 +1,30 @@ +#!/bin/bash + +function save_previous() { + if [ -e $1 -a ! -e $1.predhclient ]; then + mv $1 $1.predhclient + fi +} + +function write_resolv_conf() { + RESOLVCONF=$1 + if [ -n "$new_domain_name" ] || [ -n "$new_domain_name_servers" ]; then + save_previous $RESOLVCONF + echo '; generated by /etc/dhclient-enter-hooks' > $RESOLVCONF + if [ -n "$SEARCH" ]; then + echo search $SEARCH >> $RESOLVCONF + else + if [ -n "$new_domain_name" ]; then + echo search $new_domain_name >> $RESOLVCONF + fi + fi + chmod 644 $RESOLVCONF + for nameserver in $new_domain_name_servers; do + echo nameserver $nameserver >>$RESOLVCONF + done + fi +} + +make_resolv_conf() { + write_resolv_conf /etc/resolv.conf +} diff --git a/contrib/openvpn/dnsmasq.patch b/contrib/openvpn/dnsmasq.patch new file mode 100644 index 0000000..5c11881 --- /dev/null +++ b/contrib/openvpn/dnsmasq.patch @@ -0,0 +1,61 @@ +--- dnsmasq-2.22/rpm/dnsmasq.rh 2005-03-24 09:51:18.000000000 -0500 ++++ dnsmasq-2.22/rpm/dnsmasq.rh.new 2005-08-25 10:52:04.310568784 -0400 +@@ -2,7 +2,7 @@ + # + # Startup script for the DNS caching server + # +-# chkconfig: 2345 99 01 ++# chkconfig: 2345 07 89 + # description: This script starts your DNS caching server + # processname: dnsmasq + # pidfile: /var/run/dnsmasq.pid +@@ -10,6 +10,25 @@ + # Source function library. + . /etc/rc.d/init.d/functions + ++function setup_dhclient_enter_hooks() { ++ if [ -f /etc/dhclient-enter-hooks ]; then ++ . /etc/dhclient-enter-hooks ++ cp /etc/resolv.conf /etc/resolv.conf.dnsmasq ++ cp /etc/dhclient-enter-hooks /etc/dhclient-enter-hooks.dnsmasq ++ sed -e 's/resolv\.conf$/resolv.conf.dnsmasq/' /etc/dhclient-enter-hooks.dnsmasq > /etc/dhclient-enter-hooks ++ sed -e 's/\(nameserver[ tab]\+\)[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+$/\1127.0.0.1/' /etc/resolv.conf.dnsmasq > /etc/resolv.conf ++ fi ++} ++ ++function teardown_dhclient_enter_hooks() { ++ if [ -f /etc/dhclient-enter-hooks -a -f /etc/dhclient-enter-hooks.dnsmasq ]; then ++ if [ -f /etc/resolv.conf.dnsmasq ]; then ++ mv /etc/resolv.conf.dnsmasq /etc/resolv.conf ++ fi ++ mv /etc/dhclient-enter-hooks.dnsmasq /etc/dhclient-enter-hooks ++ fi ++} ++ + # Source networking configuration. + . /etc/sysconfig/network + +@@ -24,7 +43,7 @@ + MAILHOSTNAME="" + # change this line if you want dns to get its upstream servers from + # somewhere other that /etc/resolv.conf +-RESOLV_CONF="" ++RESOLV_CONF="/etc/resolv.conf.dnsmasq" + # change this if you want dnsmasq to cache any "hostname" or "client-hostname" from + # a dhcpd's lease file +@@ -54,6 +73,7 @@ + case "$1" in + start) + echo -n "Starting dnsmasq: " ++ setup_dhclient_enter_hooks + daemon $dnsmasq $OPTIONS + RETVAL=$? + echo +@@ -62,6 +82,7 @@ + stop) + if test "x`pidof dnsmasq`" != x; then + echo -n "Shutting down dnsmasq: " ++ teardown_dhclient_enter_hooks + killproc dnsmasq + fi + RETVAL=$? diff --git a/contrib/port-forward/dnsmasq-portforward b/contrib/port-forward/dnsmasq-portforward new file mode 100755 index 0000000..f9bb857 --- /dev/null +++ b/contrib/port-forward/dnsmasq-portforward @@ -0,0 +1,68 @@ +#!/bin/bash +# +# /usr/sbin/dnsmasq-portforward +# +# A script which gets run when the dnsmasq DHCP lease database changes. +# It logs to $LOGFILE, if it exists, and maintains port-forwards using +# IP-tables so that they always point to the correct host. See +# $PORTSFILE for details on configuring this. dnsmasq must be version 2.34 +# or later. +# +# To enable this script, add +# dhcp-script=/usr/sbin/dnsmasq-portforward +# to /etc/dnsmasq.conf +# +# To enable logging, touch $LOGFILE +# + +PORTSFILE=/etc/portforward +LOGFILE=/var/log/dhcp.log +IPTABLES=/sbin/iptables + +action=${1:-0} +hostname=${4} + +# log what's going on. +if [ -f ${LOGFILE} ] ; then + date +"%D %T $*" >>${LOGFILE} +fi + +# If a lease gets stripped of a name, we see that as an "old" action +# with DNSMASQ_OLD_HOSTNAME set, convert it into a "del" +if [ ${DNSMASQ_OLD_HOSTNAME} ] && [ ${action} = old ] ; then + action=del + hostname=${DNSMASQ_OLD_HOSTNAME} +fi + +# action init is not relevant, and will only be seen when leasefile-ro is set. +if [ ${action} = init ] ; then + exit 0 +fi + +if [ ${hostname} ]; then + ports=$(sed -n -e "/^${hostname}\ .*/ s/^.* //p" ${PORTSFILE}) + + for port in $ports; do + verb=removed + protocol=tcp + if [ ${port:0:1} = u ] ; then + protocol=udp + port=${port/u/} + fi + src=${port/:*/} + dst=${port/*:/} +# delete first, to avoid multiple copies of rules. + ${IPTABLES} -t nat -D PREROUTING -p $protocol --destination-port $src -j DNAT --to-destination ${3}:$dst + if [ ${action} != del ] ; then + ${IPTABLES} -t nat -A PREROUTING -p $protocol --destination-port $src -j DNAT --to-destination ${3}:$dst + verb=added + fi + if [ -f ${LOGFILE} ] ; then + echo " DNAT $protocol $src to ${3}:$dst ${verb}." >>${LOGFILE} + fi + done +fi + +exit 0 + + diff --git a/contrib/port-forward/portforward b/contrib/port-forward/portforward new file mode 100644 index 0000000..1a97c3a --- /dev/null +++ b/contrib/port-forward/portforward @@ -0,0 +1,28 @@ +# This file is read by /usr/sbin/dnsmasq-portforward and used to set up port +# forwarding to hostnames. If the dnsmasq-determined hostname matches the +# first column of this file, then a DNAT port-forward will be set up +# to the address which has just been allocated by DHCP . The second field +# is port number(s). If there is only one, then the port-forward goes to +# the same port on the DHCP-client, if there are two seperated with a +# colon, then the second number is the port to which the connection +# is forwarded on the DHCP-client. By default, forwarding is set up +# for TCP, but it can done for UDP instead by prefixing the port to "u". +# To forward both TCP and UDP, two lines are required. +# +# eg. +# wwwserver 80 +# will set up a port forward from port 80 on this host to port 80 +# at the address allocated to wwwserver whenever wwwserver gets a DHCP lease. +# +# wwwserver 8080:80 +# will set up a port forward from port 8080 on this host to port 80 +# on the DHCP-client. +# +# dnsserver 53 +# dnsserver u53 +# will port forward port 53 UDP and TCP from this host to port 53 on dnsserver. +# +# Port forwards will recreated when dnsmasq restarts after a reboot, and +# removed when DHCP leases expire. After editing this file, send +# SIGHUP to dnsmasq to install new iptables entries in the kernel. + diff --git a/contrib/slackware-dnsmasq/dnsmasq.SlackBuild b/contrib/slackware-dnsmasq/dnsmasq.SlackBuild new file mode 100755 index 0000000..c5ba083 --- /dev/null +++ b/contrib/slackware-dnsmasq/dnsmasq.SlackBuild @@ -0,0 +1,56 @@ +#!/bin/sh +CWD=`pwd` +PKG=/tmp/package-dnsmasq + +VERSION=2.24 +ARCH=${ARCH:-i486} +BUILD=${BUILD:-1} + +if [ "$ARCH" = "i386" ]; then + SLKCFLAGS="-O2 -march=i386 -mcpu=i686" +elif [ "$ARCH" = "i486" ]; then + SLKCFLAGS="-O2 -march=i486 -mcpu=i686" +elif [ "$ARCH" = "s390" ]; then + SLKCFLAGS="-O2" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2" +fi + +rm -rf $PKG +mkdir -p $PKG +cd /tmp +rm -rf dnsmasq-$VERSION +tar xzvf $CWD/dnsmasq-$VERSION.tar.gz +cd dnsmasq-$VERSION +zcat $CWD/dnsmasq.leasedir.diff.gz | patch -p1 --verbose --backup --suffix=.orig || exit +chown -R root.root . +make install-i18n PREFIX=/usr DESTDIR=$PKG MANDIR=/usr/man +chmod 755 $PKG/usr/sbin/dnsmasq +chown -R root.bin $PKG/usr/sbin +gzip -9 $PKG/usr/man/man8/dnsmasq.8 +for f in $PKG/usr/share/man/*; do + if [ -f $$f/man8/dnsmasq.8 ]; then + gzip -9 $$f/man8/dnsmasq.8 ; + fi +done +gzip -9 $PKG/usr/man/*/man8/dnsmasq.8 +mkdir -p $PKG/var/state/dnsmasq +( cd $PKG + find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null + find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null +) +mkdir $PKG/etc +cat dnsmasq.conf.example > $PKG/etc/dnsmasq.conf.new +mkdir $PKG/etc/rc.d +zcat $CWD/rc.dnsmasq.gz > $PKG/etc/rc.d/rc.dnsmasq.new +mkdir -p $PKG/usr/doc/dnsmasq-$VERSION +cp -a \ + CHANGELOG COPYING FAQ UPGRADING_to_2.0 doc.html setup.html \ + $PKG/usr/doc/dnsmasq-$VERSION +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc +zcat $CWD/doinst.sh.gz > $PKG/install/doinst.sh + +cd $PKG +makepkg -l y -c n ../dnsmasq-$VERSION-$ARCH-$BUILD.tgz + diff --git a/contrib/slackware-dnsmasq/dnsmasq.leasedir.diff.gz b/contrib/slackware-dnsmasq/dnsmasq.leasedir.diff.gz Binary files differnew file mode 100644 index 0000000..22fc32b --- /dev/null +++ b/contrib/slackware-dnsmasq/dnsmasq.leasedir.diff.gz diff --git a/contrib/slackware-dnsmasq/doinst.sh.gz b/contrib/slackware-dnsmasq/doinst.sh.gz Binary files differnew file mode 100644 index 0000000..3b44227 --- /dev/null +++ b/contrib/slackware-dnsmasq/doinst.sh.gz diff --git a/contrib/slackware-dnsmasq/rc.dnsmasq.gz b/contrib/slackware-dnsmasq/rc.dnsmasq.gz Binary files differnew file mode 100644 index 0000000..a86abbb --- /dev/null +++ b/contrib/slackware-dnsmasq/rc.dnsmasq.gz diff --git a/contrib/slackware-dnsmasq/slack-desc b/contrib/slackware-dnsmasq/slack-desc new file mode 100644 index 0000000..0a0c577 --- /dev/null +++ b/contrib/slackware-dnsmasq/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' on +# the right side marks the last column you can put a character in. You must make +# exactly 11 lines for the formatting to be correct. It's also customary to +# leave one space after the ':'. + + |-----handy-ruler------------------------------------------------------| +dnsmasq: dnsmasq (small DNS and DHCP server) +dnsmasq: +dnsmasq: Dnsmasq is a lightweight, easy to configure DNS forwarder and DHCP +dnsmasq: server. It is designed to provide DNS (and optionally DHCP) to a +dnsmasq: small network, and can serve the names of local machines which are not +dnsmasq: in the global DNS. +dnsmasq: +dnsmasq: Dnsmasq was written by Simon Kelley. +dnsmasq: +dnsmasq: +dnsmasq: diff --git a/contrib/static-arp/static-arp b/contrib/static-arp/static-arp new file mode 100644 index 0000000..82115b7 --- /dev/null +++ b/contrib/static-arp/static-arp @@ -0,0 +1,35 @@ +#!/bin/sh + +# Contributed by Darren Hoo <darren.hoo@gmail.com> + +# If you use dnsmasq as DHCP server on a router, you may have +# met with attackers trying ARP Poison Routing (APR) on your +# local area network. This script will setup a 'permanent' entry +# in the router's ARP table upon each DHCP transaction so as to +# make the attacker's efforts less successful. + +# Usage: +# edit /etc/dnsmasq.conf and specify the path of this script +# to dhcp-script, for example: +# dhcp-script=/usr/sbin/static-arp + +# if $1 is add or old, update the static arp table entry. +# if $1 is del, then delete the entry from the table +# if $1 is init which is called by dnsmasq at startup, it's ignored + +ARP=/usr/sbin/arp + +# Arguments. +# $1 is action (add, del, old) +# $2 is MAC +# $3 is address +# $4 is hostname (optional, may be unset) + +if [ ${1} = del ] ; then + ${ARP} -d $3 +fi + +if [ ${1} = old ] || [ ${1} = add ] ; then + ${ARP} -s $3 $2 +fi + diff --git a/contrib/try-all-ns/README b/contrib/try-all-ns/README new file mode 100644 index 0000000..224d554 --- /dev/null +++ b/contrib/try-all-ns/README @@ -0,0 +1,19 @@ +Date: Thu, 07 Dec 2006 00:41:43 -0500 +From: Bob Carroll <bob.carroll@rit.edu> +Subject: dnsmasq suggestion +To: simon@thekelleys.org.uk + + +Hello, + +I recently needed a feature in dnsmasq for a very bizarre situation. I +placed a list of name servers in a special resolve file and told dnsmasq +to use that. But I wanted it to try requests in order and treat NXDOMAIN +requests as a failed tcp connection. I wrote the feature into dnsmasq +and it seems to work. I prepared a patch in the event that others might +find it useful as well. + +Thanks and keep up the good work. + +--Bob + diff --git a/contrib/try-all-ns/README-2.47 b/contrib/try-all-ns/README-2.47 new file mode 100644 index 0000000..3ebec65 --- /dev/null +++ b/contrib/try-all-ns/README-2.47 @@ -0,0 +1,11 @@ +A remake of patch Bob Carroll had posted to dnsmasq, +now compatible with version 2.47. Hopefully he doesn't +mind (sending a copy of this mail to him too). + +Maybe the patch in question is not acceptible +as it doesn't add new switch, rather it binds itself to "strict-order". + +What it does is: if you have strict-order in the +dnsmasq config file and query a domain that would result +in NXDOMAIN, it iterates the whole given nameserver list +until the last one says NXDOMAIN. diff --git a/contrib/try-all-ns/dnsmasq-2.35-try-all-ns.patch b/contrib/try-all-ns/dnsmasq-2.35-try-all-ns.patch new file mode 100644 index 0000000..ec3f3e0 --- /dev/null +++ b/contrib/try-all-ns/dnsmasq-2.35-try-all-ns.patch @@ -0,0 +1,61 @@ +diff -Nau dnsmasq-2.35/src/dnsmasq.h dnsmasq/src/dnsmasq.h +--- dnsmasq-2.35/src/dnsmasq.h 2006-10-18 16:24:50.000000000 -0400 ++++ dnsmasq/src/dnsmasq.h 2006-11-16 22:06:31.000000000 -0500 +@@ -112,6 +112,7 @@ + #define OPT_NO_PING 2097152 + #define OPT_LEASE_RO 4194304 + #define OPT_RELOAD 8388608 ++#define OPT_TRY_ALL_NS 16777216 + + struct all_addr { + union { +diff -Nau dnsmasq-2.35/src/forward.c dnsmasq/src/forward.c +--- dnsmasq-2.35/src/forward.c 2006-10-18 16:24:50.000000000 -0400 ++++ dnsmasq/src/forward.c 2006-11-16 22:08:19.000000000 -0500 +@@ -445,6 +445,10 @@ + { + struct server *server = forward->sentto; + ++ // If strict-order and try-all-ns are set, treat NXDOMAIN as a failed request ++ if( (daemon->options & OPT_ORDER) && (daemon->options && OPT_TRY_ALL_NS) ++ && header->rcode == NXDOMAIN ) header->rcode = SERVFAIL; ++ + if ((header->rcode == SERVFAIL || header->rcode == REFUSED) && forward->forwardall == 0) + /* for broken servers, attempt to send to another one. */ + { +diff -Nau dnsmasq-2.35/src/option.c dnsmasq/src/option.c +--- dnsmasq-2.35/src/option.c 2006-10-18 16:24:50.000000000 -0400 ++++ dnsmasq/src/option.c 2006-11-16 22:10:36.000000000 -0500 +@@ -28,7 +28,7 @@ + + /* options which don't have a one-char version */ + #define LOPT_RELOAD 256 +- ++#define LOPT_TRY_ALL_NS 257 + + #ifdef HAVE_GETOPT_LONG + static const struct option opts[] = +@@ -102,6 +102,7 @@ + {"leasefile-ro", 0, 0, '9'}, + {"dns-forward-max", 1, 0, '0'}, + {"clear-on-reload", 0, 0, LOPT_RELOAD }, ++ {"try-all-ns", 0, 0, LOPT_TRY_ALL_NS }, + { NULL, 0, 0, 0 } + }; + +@@ -134,6 +135,7 @@ + { '5', OPT_NO_PING }, + { '9', OPT_LEASE_RO }, + { LOPT_RELOAD, OPT_RELOAD }, ++ { LOPT_TRY_ALL_NS,OPT_TRY_ALL_NS }, + { 'v', 0}, + { 'w', 0}, + { 0, 0 } +@@ -208,6 +210,7 @@ + { "-9, --leasefile-ro", gettext_noop("Read leases at startup, but never write the lease file."), NULL }, + { "-0, --dns-forward-max=<queries>", gettext_noop("Maximum number of concurrent DNS queries. (defaults to %s)"), "!" }, + { " --clear-on-reload", gettext_noop("Clear DNS cache when reloading %s."), RESOLVFILE }, ++ { " --try-all-ns", gettext_noop("Try all name servers in tandem on NXDOMAIN replies (use with strict-order)."), NULL }, + { NULL, NULL, NULL } + }; + diff --git a/contrib/try-all-ns/dnsmasq-2.47_no_nxdomain_until_end.patch b/contrib/try-all-ns/dnsmasq-2.47_no_nxdomain_until_end.patch new file mode 100644 index 0000000..7586003 --- /dev/null +++ b/contrib/try-all-ns/dnsmasq-2.47_no_nxdomain_until_end.patch @@ -0,0 +1,17 @@ +diff -ur dnsmasq-2.47/src/forward.c dnsmasq-2.47-patched/src/forward.c +--- dnsmasq-2.47/src/forward.c 2009-02-01 17:59:48.000000000 +0200 ++++ dnsmasq-2.47-patched/src/forward.c 2009-03-18 19:10:22.000000000 +0200 +@@ -488,9 +488,12 @@ + return; + + server = forward->sentto; ++ ++ if ( (header->rcode == NXDOMAIN) && ((daemon->options & OPT_ORDER) != 0) && (server->next != NULL) ) ++ header->rcode = SERVFAIL; + + if ((header->rcode == SERVFAIL || header->rcode == REFUSED) && +- !(daemon->options & OPT_ORDER) && ++ ((daemon->options & OPT_ORDER) != 0) && + forward->forwardall == 0) + /* for broken servers, attempt to send to another one. */ + { diff --git a/contrib/webmin/README b/contrib/webmin/README new file mode 100644 index 0000000..8a8f937 --- /dev/null +++ b/contrib/webmin/README @@ -0,0 +1,54 @@ + +This is the README for the DNSmasq webmin module. + +Problems: + +1) There's only basic error checking - if you enter some bad +addresses or names, they will go straight into the config file +although we do check for things like IP addresses being of +the correct form (no letters, 4 groups of up to 3 digits +separated by dots etc). One thing that ISN'T CHECKED FOR is +that IP dotted quads are all numbers < 256. Another is that +netmasks are logical (you could enter a netmask of 255.0.255.0 +for example). Essentially, if it'll pass the config file +regex scanner (and the above examples will), it won't be +flagged as "bad" even if it is a big no-no for dnsmasq itself. + +2) Code is ugly and a kludge - I ain't a programmer! There are probably +a lot of things that could be done to tidy up the code - eg, +it probably wouldn't hurt to move some common stuff into the lib file. + +3) I've used the %text hash and written an english lang file, but +I am mono-lingual so no other language support as yet. + +4) for reasons unknown to me, the icon does not appear properly +on the servers page of webmin (at least it doesn't for me!) + +5) icons have been shamelessly stolen from the ipfilter module, +specifically the up and down arrows. + +6) if you delete an item, the config file will contain +an otherwise empty, but commented line. This means that if +you add some new stuff, then delete it, the config file +will have a number of lines at the end that are just comments. +Therefore, the config file could possibly grow quite large. + +7) NO INCLUDE FILES! +if you use an include file, it'll be flagged as an error. +OK if the include file line is commented out though. + +8) deprecated lines not supported (eg user and group) - they +may produce an error! (user and group don't, but you can't change +them) + +IOW, it works, it's just not very elegant and not very robust. + +Hope you find it useful though - I do, as I prevents me having to ever +wade through the config file and man pages again. + +If you modify it, or add a language file, and you have a spare moment, +please e-mail me - I won't be upset at all if you fix my poor coding! +(rather the opposite - I'd be pleased someone found it usefull) + +Cheers, + Neil Fisher <neil@magnecor.com.au> diff --git a/contrib/webmin/dnsmasq.wbm b/contrib/webmin/dnsmasq.wbm Binary files differnew file mode 100644 index 0000000..7307e23 --- /dev/null +++ b/contrib/webmin/dnsmasq.wbm diff --git a/contrib/wrt/Makefile b/contrib/wrt/Makefile new file mode 100644 index 0000000..68e8d32 --- /dev/null +++ b/contrib/wrt/Makefile @@ -0,0 +1,6 @@ +CFLAGS?= -O2 -Wall -W + +all: dhcp_release dhcp_lease_time + +clean: + rm -f *~ *.o core dhcp_release dhcp_lease_time diff --git a/contrib/wrt/README b/contrib/wrt/README new file mode 100644 index 0000000..862046f --- /dev/null +++ b/contrib/wrt/README @@ -0,0 +1,81 @@ +This script can be used to implement persistent leases on openWRT, DD-WRT +etc. Persistent leases are good: if the lease database is lost on a +reboot, then it will eventually be restored as hosts renew their +leases. Until a host renews (which may take hours/days) it will +not exist in the DNS if dnsmasq's DDNS function is in use. + +*WRT systems remount all non-volatile fileystems read-only after boot, +so the normal leasefile will not work. They do, however have NV +storage, accessed with the nvram command: + +/usr/lib # nvram +usage: nvram [get name] [set name=value] [unset name] [show] + +The principle is that leases are kept in NV variable with data +corresponding to the line in a leasefile: + +dnsmasq_lease_192.168.1.56=3600 00:41:4a:05:80:74 192.168.1.56 * * + +By giving dnsmasq the leasefile-ro command, it no longer creates or writes a +leasefile; responsibility for maintaining the lease database transfers +to the lease change script. At startup, in leasefile-ro mode, +dnsmasq will run + +"<lease_change_script> init" + +and read whatever that command spits out, expecting it to +be in dnsmasq leasefile format. + +So the lease change script, given "init" as argv[1] will +suck existing leases out of the NVRAM and emit them from +stdout in the correct format. + +The second part of the problem is keeping the NVRAM up-to-date: this +is done by the lease-change script which dnsmasq runs when a lease is +updated. When it is called with argv[1] as "old", "add", or "del" +it updates the relevant nvram entry. + +So, dnsmasq should be run as : + +dnsmasq --leasefile-ro --dhcp-script=/path/to/lease_update.sh + +or the same flags added to /etc/dnsmasq.conf + + + +Notes: + +This needs dnsmasq-2.33 or later to work. + +This technique will work with, or without, compilation with +HAVE_BROKEN_RTC. Compiling with HAVE_BROKEN_RTC is +_highly_recommended_ for this application since is avoids problems +with the system clock being warped by NTP, and it vastly reduces the +number of writes to the NVRAM. With HAVE_BROKEN_RTC, NVRAM is updated +only when a lease is created or destroyed; without it, a write occurs +every time a lease is renewed. + +It probably makes sense to restrict the number of active DHCP leases +to an appropriate number using dhcp-lease-max. On a new DD_WRT system, +there are about 10K bytes free in the NVRAM. Each lease record is +about 100 bytes, so restricting the number of leases to 50 will limit +use to half that. (The default limit in the distributed source is 150) + +Any UI script which reads the dnsmasq leasefile will have to be +ammended, probably by changing it to read the output of +`lease_update init` instead. + + +Thanks: + +To Steve Horbachuk for checks on the script and debugging beyond the +call of duty. + + +Simon Kelley +Fri Jul 28 11:51:13 BST 2006 + + + + + diff --git a/contrib/wrt/dhcp_lease_time.c b/contrib/wrt/dhcp_lease_time.c new file mode 100644 index 0000000..2866bb5 --- /dev/null +++ b/contrib/wrt/dhcp_lease_time.c @@ -0,0 +1,214 @@ +/* Copyright (c) 2007 Simon Kelley + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 dated June, 1991. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. +*/ + +/* dhcp_lease_time <address> */ + +/* Send a DHCPINFORM message to a dnsmasq server running on the local host + and print (to stdout) the time remaining in any lease for the given + address. The time is given as string printed to stdout. + + If an error occurs or no lease exists for the given address, + nothing is sent to stdout a message is sent to stderr and a + non-zero error code is returned. + + Requires dnsmasq 2.40 or later. +*/ + +#include <sys/types.h> +#include <netinet/in.h> +#include <net/if.h> +#include <arpa/inet.h> +#include <sys/socket.h> +#include <unistd.h> +#include <stdio.h> +#include <string.h> +#include <stdlib.h> +#include <net/if_arp.h> +#include <sys/ioctl.h> +#include <linux/types.h> +#include <linux/netlink.h> +#include <linux/rtnetlink.h> +#include <errno.h> + +#define DHCP_CHADDR_MAX 16 +#define BOOTREQUEST 1 +#define DHCP_COOKIE 0x63825363 +#define OPTION_PAD 0 +#define OPTION_LEASE_TIME 51 +#define OPTION_OVERLOAD 52 +#define OPTION_MESSAGE_TYPE 53 +#define OPTION_END 255 +#define DHCPINFORM 8 +#define DHCP_SERVER_PORT 67 + +#define option_len(opt) ((int)(((unsigned char *)(opt))[1])) +#define option_ptr(opt) ((void *)&(((unsigned char *)(opt))[2])) + + +typedef unsigned char u8; +typedef unsigned short u16; +typedef unsigned int u32; + +struct dhcp_packet { + u8 op, htype, hlen, hops; + u32 xid; + u16 secs, flags; + struct in_addr ciaddr, yiaddr, siaddr, giaddr; + u8 chaddr[DHCP_CHADDR_MAX], sname[64], file[128]; + u32 cookie; + unsigned char options[308]; +}; + +static unsigned char *option_find1(unsigned char *p, unsigned char *end, int opt, int minsize) +{ + while (*p != OPTION_END) + { + if (p >= end) + return NULL; /* malformed packet */ + else if (*p == OPTION_PAD) + p++; + else + { + int opt_len; + if (p >= end - 2) + return NULL; /* malformed packet */ + opt_len = option_len(p); + if (p >= end - (2 + opt_len)) + return NULL; /* malformed packet */ + if (*p == opt && opt_len >= minsize) + return p; + p += opt_len + 2; + } + } + + return opt == OPTION_END ? p : NULL; +} + +static unsigned char *option_find(struct dhcp_packet *mess, size_t size, int opt_type, int minsize) +{ + unsigned char *ret, *overload; + + /* skip over DHCP cookie; */ + if ((ret = option_find1(&mess->options[0], ((unsigned char *)mess) + size, opt_type, minsize))) + return ret; + + /* look for overload option. */ + if (!(overload = option_find1(&mess->options[0], ((unsigned char *)mess) + size, OPTION_OVERLOAD, 1))) + return NULL; + + /* Can we look in filename area ? */ + if ((overload[2] & 1) && + (ret = option_find1(&mess->file[0], &mess->file[128], opt_type, minsize))) + return ret; + + /* finally try sname area */ + if ((overload[2] & 2) && + (ret = option_find1(&mess->sname[0], &mess->sname[64], opt_type, minsize))) + return ret; + + return NULL; +} + +static unsigned int option_uint(unsigned char *opt, int size) +{ + /* this worries about unaligned data and byte order */ + unsigned int ret = 0; + int i; + unsigned char *p = option_ptr(opt); + + for (i = 0; i < size; i++) + ret = (ret << 8) | *p++; + + return ret; +} + +int main(int argc, char **argv) +{ + struct in_addr lease; + struct dhcp_packet packet; + unsigned char *p = packet.options; + struct sockaddr_in dest; + int fd = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP); + ssize_t rc; + + if (argc < 2) + { + fprintf(stderr, "usage: dhcp_lease_time <address>\n"); + exit(1); + } + + if (fd == -1) + { + perror("cannot create socket"); + exit(1); + } + + lease.s_addr = inet_addr(argv[1]); + + memset(&packet, 0, sizeof(packet)); + + packet.hlen = 0; + packet.htype = 0; + + packet.op = BOOTREQUEST; + packet.ciaddr = lease; + packet.cookie = htonl(DHCP_COOKIE); + + *(p++) = OPTION_MESSAGE_TYPE; + *(p++) = 1; + *(p++) = DHCPINFORM; + + *(p++) = OPTION_END; + + dest.sin_family = AF_INET; + dest.sin_addr.s_addr = inet_addr("127.0.0.1"); + dest.sin_port = ntohs(DHCP_SERVER_PORT); + + if (sendto(fd, &packet, sizeof(packet), 0, + (struct sockaddr *)&dest, sizeof(dest)) == -1) + { + perror("sendto failed"); + exit(1); + } + + alarm(3); /* noddy timeout. */ + + rc = recv(fd, &packet, sizeof(packet), 0); + + if (rc < (ssize_t)(sizeof(packet) - sizeof(packet.options))) + { + perror("recv failed"); + exit(1); + } + + if ((p = option_find(&packet, (size_t)rc, OPTION_LEASE_TIME, 4))) + { + unsigned int t = option_uint(p, 4); + if (t == 0xffffffff) + printf("infinite"); + else + { + unsigned int x; + if ((x = t/86400)) + printf("%dd", x); + if ((x = (t/3600)%24)) + printf("%dh", x); + if ((x = (t/60)%60)) + printf("%dm", x); + if ((x = t%60)) + printf("%ds", x); + } + return 0; + } + + return 1; /* no lease */ +} diff --git a/contrib/wrt/dhcp_release.c b/contrib/wrt/dhcp_release.c new file mode 100644 index 0000000..c66d3a0 --- /dev/null +++ b/contrib/wrt/dhcp_release.c @@ -0,0 +1,331 @@ +/* Copyright (c) 2006 Simon Kelley + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 dated June, 1991. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. +*/ + +/* dhcp_release <interface> <address> <MAC address> <client_id> + MUST be run as root - will fail otherwise. */ + +/* Send a DHCPRELEASE message via the specified interface + to tell the local DHCP server to delete a particular lease. + + The interface argument is the interface in which a DHCP + request _would_ be received if it was coming from the client, + rather than being faked up here. + + The address argument is a dotted-quad IP addresses and mandatory. + + The MAC address is colon separated hex, and is mandatory. It may be + prefixed by an address-type byte followed by -, eg + + 10-11:22:33:44:55:66 + + but if the address-type byte is missing it is assumed to be 1, the type + for ethernet. This encoding is the one used in dnsmasq lease files. + + The client-id is optional. If it is "*" then it treated as being missing. +*/ + +#include <sys/types.h> +#include <netinet/in.h> +#include <net/if.h> +#include <arpa/inet.h> +#include <sys/socket.h> +#include <unistd.h> +#include <stdio.h> +#include <string.h> +#include <stdlib.h> +#include <net/if_arp.h> +#include <sys/ioctl.h> +#include <linux/types.h> +#include <linux/netlink.h> +#include <linux/rtnetlink.h> +#include <errno.h> + +#define DHCP_CHADDR_MAX 16 +#define BOOTREQUEST 1 +#define DHCP_COOKIE 0x63825363 +#define OPTION_SERVER_IDENTIFIER 54 +#define OPTION_CLIENT_ID 61 +#define OPTION_MESSAGE_TYPE 53 +#define OPTION_END 255 +#define DHCPRELEASE 7 +#define DHCP_SERVER_PORT 67 + +typedef unsigned char u8; +typedef unsigned short u16; +typedef unsigned int u32; + +struct dhcp_packet { + u8 op, htype, hlen, hops; + u32 xid; + u16 secs, flags; + struct in_addr ciaddr, yiaddr, siaddr, giaddr; + u8 chaddr[DHCP_CHADDR_MAX], sname[64], file[128]; + u32 cookie; + unsigned char options[308]; +}; + +static struct iovec iov; + +static int expand_buf(struct iovec *iov, size_t size) +{ + void *new; + + if (size <= iov->iov_len) + return 1; + + if (!(new = malloc(size))) + { + errno = ENOMEM; + return 0; + } + + if (iov->iov_base) + { + memcpy(new, iov->iov_base, iov->iov_len); + free(iov->iov_base); + } + + iov->iov_base = new; + iov->iov_len = size; + + return 1; +} + +static ssize_t netlink_recv(int fd) +{ + struct msghdr msg; + ssize_t rc; + + msg.msg_control = NULL; + msg.msg_controllen = 0; + msg.msg_name = NULL; + msg.msg_namelen = 0; + msg.msg_iov = &iov; + msg.msg_iovlen = 1; + + while (1) + { + msg.msg_flags = 0; + while ((rc = recvmsg(fd, &msg, MSG_PEEK)) == -1 && errno == EINTR); + + /* 2.2.x doesn't suport MSG_PEEK at all, returning EOPNOTSUPP, so we just grab a + big buffer and pray in that case. */ + if (rc == -1 && errno == EOPNOTSUPP) + { + if (!expand_buf(&iov, 2000)) + return -1; + break; + } + + if (rc == -1 || !(msg.msg_flags & MSG_TRUNC)) + break; + + if (!expand_buf(&iov, iov.iov_len + 100)) + return -1; + } + + /* finally, read it for real */ + while ((rc = recvmsg(fd, &msg, 0)) == -1 && errno == EINTR); + + return rc; +} + +static int parse_hex(char *in, unsigned char *out, int maxlen, int *mac_type) +{ + int i = 0; + char *r; + + if (mac_type) + *mac_type = 0; + + while (maxlen == -1 || i < maxlen) + { + for (r = in; *r != 0 && *r != ':' && *r != '-'; r++); + if (*r == 0) + maxlen = i; + + if (r != in ) + { + if (*r == '-' && i == 0 && mac_type) + { + *r = 0; + *mac_type = strtol(in, NULL, 16); + mac_type = NULL; + } + else + { + *r = 0; + out[i] = strtol(in, NULL, 16); + i++; + } + } + in = r+1; + } + return i; +} + +static int is_same_net(struct in_addr a, struct in_addr b, struct in_addr mask) +{ + return (a.s_addr & mask.s_addr) == (b.s_addr & mask.s_addr); +} + +static struct in_addr find_interface(struct in_addr client, int fd, int index) +{ + struct sockaddr_nl addr; + struct nlmsghdr *h; + ssize_t len; + + struct { + struct nlmsghdr nlh; + struct rtgenmsg g; + } req; + + addr.nl_family = AF_NETLINK; + addr.nl_pad = 0; + addr.nl_groups = 0; + addr.nl_pid = 0; /* address to kernel */ + + req.nlh.nlmsg_len = sizeof(req); + req.nlh.nlmsg_type = RTM_GETADDR; + req.nlh.nlmsg_flags = NLM_F_ROOT | NLM_F_MATCH | NLM_F_REQUEST | NLM_F_ACK; + req.nlh.nlmsg_pid = 0; + req.nlh.nlmsg_seq = 1; + req.g.rtgen_family = AF_INET; + + if (sendto(fd, (void *)&req, sizeof(req), 0, + (struct sockaddr *)&addr, sizeof(addr)) == -1) + { + perror("sendto failed"); + exit(1); + } + + while (1) + { + if ((len = netlink_recv(fd)) == -1) + { + perror("netlink"); + exit(1); + } + + for (h = (struct nlmsghdr *)iov.iov_base; NLMSG_OK(h, (size_t)len); h = NLMSG_NEXT(h, len)) + if (h->nlmsg_type == NLMSG_DONE) + exit(0); + else if (h->nlmsg_type == RTM_NEWADDR) + { + struct ifaddrmsg *ifa = NLMSG_DATA(h); + struct rtattr *rta; + unsigned int len1 = h->nlmsg_len - NLMSG_LENGTH(sizeof(*ifa)); + + if (ifa->ifa_index == index && ifa->ifa_family == AF_INET) + { + struct in_addr netmask, addr; + + netmask.s_addr = htonl(0xffffffff << (32 - ifa->ifa_prefixlen)); + addr.s_addr = 0; + + for (rta = IFA_RTA(ifa); RTA_OK(rta, len1); rta = RTA_NEXT(rta, len1)) + if (rta->rta_type == IFA_LOCAL) + addr = *((struct in_addr *)(rta+1)); + + if (addr.s_addr && is_same_net(addr, client, netmask)) + return addr; + } + } + } + + exit(0); +} + +int main(int argc, char **argv) +{ + struct in_addr server, lease; + int mac_type; + struct dhcp_packet packet; + unsigned char *p = packet.options; + struct sockaddr_in dest; + struct ifreq ifr; + int fd = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP); + int nl = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE); + struct iovec iov; + + iov.iov_len = 200; + iov.iov_base = malloc(iov.iov_len); + + if (argc < 4 || argc > 5) + { + fprintf(stderr, "usage: dhcp_release <interface> <addr> <mac> [<client_id>]\n"); + exit(1); + } + + if (fd == -1 || nl == -1) + { + perror("cannot create socket"); + exit(1); + } + + /* This voodoo fakes up a packet coming from the correct interface, which really matters for + a DHCP server */ + strcpy(ifr.ifr_name, argv[1]); + if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, &ifr, sizeof(ifr)) == -1) + { + perror("cannot setup interface"); + exit(1); + } + + + lease.s_addr = inet_addr(argv[2]); + server = find_interface(lease, nl, if_nametoindex(argv[1])); + + memset(&packet, 0, sizeof(packet)); + + packet.hlen = parse_hex(argv[3], packet.chaddr, DHCP_CHADDR_MAX, &mac_type); + if (mac_type == 0) + packet.htype = ARPHRD_ETHER; + else + packet.htype = mac_type; + + packet.op = BOOTREQUEST; + packet.ciaddr = lease; + packet.cookie = htonl(DHCP_COOKIE); + + *(p++) = OPTION_MESSAGE_TYPE; + *(p++) = 1; + *(p++) = DHCPRELEASE; + + *(p++) = OPTION_SERVER_IDENTIFIER; + *(p++) = sizeof(server); + memcpy(p, &server, sizeof(server)); + p += sizeof(server); + + if (argc == 5 && strcmp(argv[4], "*") != 0) + { + unsigned int clid_len = parse_hex(argv[4], p+2, 255, NULL); + *(p++) = OPTION_CLIENT_ID; + *(p++) = clid_len; + p += clid_len; + } + + *(p++) = OPTION_END; + + dest.sin_family = AF_INET; + dest.sin_port = ntohs(DHCP_SERVER_PORT); + dest.sin_addr = server; + + if (sendto(fd, &packet, sizeof(packet), 0, + (struct sockaddr *)&dest, sizeof(dest)) == -1) + { + perror("sendto failed"); + exit(1); + } + + return 0; +} diff --git a/contrib/wrt/lease_update.sh b/contrib/wrt/lease_update.sh new file mode 100755 index 0000000..46509b3 --- /dev/null +++ b/contrib/wrt/lease_update.sh @@ -0,0 +1,54 @@ +#!/bin/sh + +# Copyright (c) 2006 Simon Kelley +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 dated June, 1991. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + + +# if $1 is add del or old, this is a dnsmasq-called lease-change +# script, update the nvram database. if $1 is init, emit a +# dnsmasq-format lease file to stdout representing the current state of the +# database, this is called by dnsmasq at startup. + +NVRAM=/usr/sbin/nvram +PREFIX=dnsmasq_lease_ + +# Arguments. +# $1 is action (add, del, old) +# $2 is MAC +# $3 is address +# $4 is hostname (optional, may be unset) + +# env. +# DNSMASQ_LEASE_LENGTH or DNSMASQ_LEASE_EXPIRES (which depends on HAVE_BROKEN_RTC) +# DNSMASQ_CLIENT_ID (optional, may be unset) + +# File. +# length|expires MAC addr hostname|* CLID|* + +# Primary key is address. + +if [ ${1} = init ] ; then + ${NVRAM} show | sed -n -e "/^${PREFIX}.*/ s/^.*=//p" +else + if [ ${1} = del ] ; then + ${NVRAM} unset ${PREFIX}${3} + fi + + if [ ${1} = old ] || [ ${1} = add ] ; then + ${NVRAM} set ${PREFIX}${3}="${DNSMASQ_LEASE_LENGTH:-}${DNSMASQ_LEASE_EXPIRES:-} ${2} ${3} ${4:-*} ${DNSMASQ_CLIENT_ID:-*}" + fi + ${NVRAM} commit +fi + + + + + |