provide a NO_AUTH option to strip auth for boot media; saves around 40K.

2016-09-18 15:37:23 +00:00 · 2016-09-18 15:37:23 +00:00 · 9acd45d4f4
parent 852d6b5660
commit 9acd45d4f4
3 changed files with 61 additions and 22 deletions
--- a/external/bsd/dhcpcd/dist/dhcp.c
+++ b/external/bsd/dhcpcd/dist/dhcp.c
@ -1,5 +1,5 @@
 #include <sys/cdefs.h>
- __RCSID("$NetBSD: dhcp.c,v 1.45 2016/08/15 11:04:53 roy Exp $");
+ __RCSID("$NetBSD: dhcp.c,v 1.46 2016/09/18 15:37:23 christos Exp $");

 /*
 * dhcpcd - DHCP client daemon
@ -729,8 +729,8 @@ static ssize_t
 make_message(struct bootp **bootpm, const struct interface *ifp, uint8_t type)
 {
 	struct bootp *bootp;
-	uint8_t *lp, *p, *e, *auth;
-	uint8_t *n_params = NULL, auth_len;
+	uint8_t *lp, *p, *e;
+	uint8_t *n_params = NULL;
 	uint32_t ul;
 	uint16_t sz;
 	size_t len, i;
@ -742,6 +742,9 @@ make_message(struct bootp **bootpm, const struct interface *ifp, uint8_t type)
 	const char *hostname;
 	const struct vivco *vivco;
 	int mtu;
+#ifndef NO_AUTH
+	uint8_t *auth, auth_len;
+#endif

 	if ((mtu = if_getmtu(ifp)) == -1)
 		logger(ifp->ctx, LOG_ERR,
@ -1056,6 +1059,7 @@ make_message(struct bootp **bootpm, const struct interface *ifp, uint8_t type)
 		*n_params = (uint8_t)(p - n_params - 1);
 	}

+#ifndef NO_AUTH
 	/* silence GCC */
 	auth_len = 0;
 	auth = NULL;
@ -1080,7 +1084,7 @@ make_message(struct bootp **bootpm, const struct interface *ifp, uint8_t type)
 			p += auth_len;
 		}
 	}
-
+#endif
 	*p++ = DHO_END;
 	len = (size_t)(p - (uint8_t *)bootp);

@ -1093,10 +1097,11 @@ make_message(struct bootp **bootpm, const struct interface *ifp, uint8_t type)
 		*p++ = DHO_PAD;
 		len++;
 	}
-
+#ifndef NO_AUTH
 	if (ifo->auth.options & DHCPCD_AUTH_SEND && auth_len != 0)
 		dhcp_auth_encode(&ifo->auth, state->auth.token,
 		    (uint8_t *)bootp, len, 4, type, auth, auth_len);
+#endif

 	return (ssize_t)len;

@ -1132,9 +1137,11 @@ read_lease(struct interface *ifp, struct bootp **bootp)
 	struct dhcp_state *state = D_STATE(ifp);
 	uint8_t *lease;
 	size_t bytes;
-	const uint8_t *auth;
 	uint8_t type;
+#ifndef NO_AUTH
 	size_t auth_len;
+	const uint8_t *auth;
+#endif

 	/* Safety */
 	*bootp = NULL;
@ -1187,6 +1194,7 @@ read_lease(struct interface *ifp, struct bootp **bootp)
 	    DHO_MESSAGETYPE) == -1)
 		type = 0;

+#ifndef NO_AUTH
 	/* Authenticate the message */
 	auth = get_option(ifp->ctx, (struct bootp *)lease, bytes,
 	    DHO_AUTHENTICATION, &auth_len);
@ -1214,7 +1222,7 @@ read_lease(struct interface *ifp, struct bootp **bootp)
 		free(lease);
 		return 0;
 	}
-
+#endif
 out:
 	*bootp = (struct bootp *)lease;
 	return bytes;
@ -2563,7 +2571,9 @@ dhcp_drop(struct interface *ifp, const char *reason)
 	}

 	eloop_timeout_delete(ifp->ctx->eloop, NULL, ifp);
+#ifndef NO_AUTH
 	dhcp_auth_reset(&state->auth);
+#endif
 	dhcp_close(ifp);

 	free(state->offer);
@ -2684,15 +2694,17 @@ dhcp_handledhcp(struct interface *ifp, struct bootp *bootp, size_t bootp_len,
 	struct if_options *ifo = ifp->options;
 	struct dhcp_lease *lease = &state->lease;
 	uint8_t type, tmp;
-	const uint8_t *auth;
 	struct in_addr addr;
 	unsigned int i;
-	size_t auth_len;
 	char *msg;
 	bool bootp_copied;
 #ifdef IN_IFF_DUPLICATED
 	struct ipv4_addr *ia;
 #endif
+#ifndef NO_AUTH
+	const uint8_t *auth;
+	size_t auth_len;
+#endif

 #define LOGDHCP0(l, m) \
 	log_dhcp((l), (m), ifp, bootp, bootp_len, from, 0)
@ -2730,6 +2742,7 @@ dhcp_handledhcp(struct interface *ifp, struct bootp *bootp, size_t bootp_len,
 	}

 	/* Authenticate the message */
+#ifndef NO_AUTH
 	auth = get_option(ifp->ctx, bootp, bootp_len,
 	    DHO_AUTHENTICATION, &auth_len);
 	if (auth) {
@ -2756,7 +2769,7 @@ dhcp_handledhcp(struct interface *ifp, struct bootp *bootp, size_t bootp_len,
 		}
 		LOGDHCP0(LOG_WARNING, "no authentication");
 	}
-
+#endif
 	/* RFC 3203 */
 	if (type == DHCP_FORCERENEW) {
 		if (from->s_addr == INADDR_ANY ||
@ -2765,11 +2778,13 @@ dhcp_handledhcp(struct interface *ifp, struct bootp *bootp, size_t bootp_len,
 			LOGDHCP(LOG_ERR, "discarding Force Renew");
 			return;
 		}
+#ifndef NO_AUTH
 		if (auth == NULL) {
 			LOGDHCP(LOG_ERR, "unauthenticated Force Renew");
 			if (ifo->auth.options & DHCPCD_AUTH_REQUIRE)
 				return;
 		}
+#endif
 		if (state->state != DHS_BOUND && state->state != DHS_INFORM) {
 			LOGDHCP(LOG_DEBUG, "not bound, ignoring Force Renew");
 			return;
--- a/external/bsd/dhcpcd/dist/dhcp6.c
+++ b/external/bsd/dhcpcd/dist/dhcp6.c
@ -1,5 +1,5 @@
 #include <sys/cdefs.h>
- __RCSID("$NetBSD: dhcp6.c,v 1.24 2016/08/15 11:04:53 roy Exp $");
+ __RCSID("$NetBSD: dhcp6.c,v 1.25 2016/09/18 15:37:23 christos Exp $");

 /*
 * dhcpcd - DHCP client daemon
@ -502,7 +502,7 @@ dhcp6_makemessage(struct interface *ifp)
 	const struct dhcp6_option *si, *unicast;
 	size_t l, n, len, ml;
 	uint8_t u8, type;
-	uint16_t u16, n_options, auth_len;
+	uint16_t u16, n_options;
 	struct if_options *ifo;
 	const struct dhcp_opt *opt, *opt2;
 	uint8_t IA, *p;
@ -514,6 +514,9 @@ dhcp6_makemessage(struct interface *ifp)
 	int fqdn;
 	struct dhcp6_ia_addr *iap;
 	struct dhcp6_pd_addr *pdp;
+#ifndef NO_AUTH
+	uint16_t auth_len;
+#endif

 	state = D6_STATE(ifp);
 	if (state->send) {
@ -692,6 +695,7 @@ dhcp6_makemessage(struct interface *ifp)
 		return -1;
 	}

+#ifndef NO_AUTH
 	auth_len = 0;
 	if (ifo->auth.options & DHCPCD_AUTH_SEND) {
 		ssize_t alen = dhcp_auth_encode(&ifo->auth,
@ -708,6 +712,7 @@ dhcp6_makemessage(struct interface *ifp)
 			len += sizeof(*o) + auth_len;
 		}
 	}
+#endif

 	state->send = malloc(len);
 	if (state->send == NULL)
@ -910,12 +915,14 @@ dhcp6_makemessage(struct interface *ifp)
 	}

 	/* This has to be the last option */
+#ifndef NO_AUTH
 	if (ifo->auth.options & DHCPCD_AUTH_SEND && auth_len != 0) {
 		o = D6_NEXT_OPTION(o);
 		o->code = htons(D6_OPTION_AUTH);
 		o->len = htons((uint16_t)auth_len);
 		/* data will be filled at send message time */
 	}
+#endif

 	return 0;
 }
@ -957,6 +964,7 @@ static void dhcp6_delete_delegates(struct interface *ifp)
 	}
 }

+#ifndef NO_AUTH
 static ssize_t
 dhcp6_update_auth(struct interface *ifp, struct dhcp6_message *m, size_t len)
 {
@ -976,6 +984,7 @@ dhcp6_update_auth(struct interface *ifp, struct dhcp6_message *m, size_t len)
 	    6, state->send->type,
 	    D6_OPTION_DATA(o), ntohs(o->len));
 }
+#endif

 static int
 dhcp6_sendmessage(struct interface *ifp, void (*callback)(void *))
@ -1115,6 +1124,7 @@ logsend:

 	/* Update the elapsed time */
 	dhcp6_updateelapsed(ifp, state->send, state->send_len);
+#ifndef NO_AUTH
 	if (ifp->options->auth.options & DHCPCD_AUTH_SEND &&
 	    dhcp6_update_auth(ifp, state->send, state->send_len) == -1)
 	{
@ -1123,6 +1133,7 @@ logsend:
 		if (errno != ESRCH)
 			return -1;
 	}
+#endif

 	ctx = ifp->ctx->ipv6;
 	dst.sin6_scope_id = ifp->index;
@ -2183,11 +2194,13 @@ dhcp6_readlease(struct interface *ifp, int validate)
 	struct stat st;
 	int fd;
 	uint8_t *lease;
-	const struct dhcp6_option *o;
 	struct timespec acquired;
 	time_t now;
 	int retval;
 	bool fd_opened;
+#ifndef NO_AUTH
+	const struct dhcp6_option *o;
+#endif

 	state = D6_STATE(ifp);
 	if (state->leasefile[0] == '\0') {
@ -2251,6 +2264,7 @@ dhcp6_readlease(struct interface *ifp, int validate)

 auth:
 	retval = 0;
+#ifndef NO_AUTH
 	/* Authenticate the message */
 	o = dhcp6_getmoption(D6_OPTION_AUTH, state->new, state->new_len);
 	if (o) {
@ -2278,7 +2292,7 @@ auth:
 		    "%s: authentication now required", ifp->name);
 		goto ex;
 	}
-
+#endif
 	return fd;

 ex:
@ -2639,13 +2653,16 @@ dhcp6_handledata(void *arg)
 	const char *op;
 	struct dhcp6_message *r;
 	struct dhcp6_state *state;
-	const struct dhcp6_option *o, *auth;
+	const struct dhcp6_option *o;
 	const struct dhcp_opt *opt;
 	const struct if_options *ifo;
 	struct ipv6_addr *ap;
 	uint8_t has_new;
 	int error;
 	uint32_t u32;
+#ifndef NO_AUTH
+	const struct dhcp6_option *auth;
+#endif

 	dctx = arg;
 	ctx = dctx->ipv6;
@ -2771,7 +2788,7 @@ dhcp6_handledata(void *arg)
 			return;
 		}
 	}
-
+#ifndef NO_AUTH
 	/* Authenticate the message */
 	auth = dhcp6_getmoption(D6_OPTION_AUTH, r, len);
 	if (auth) {
@ -2802,6 +2819,7 @@ dhcp6_handledata(void *arg)
 		logger(ifp->ctx, LOG_WARNING,
 		    "%s: no authentication from %s", ifp->name, ctx->sfrom);
 	}
+#endif

 	op = dhcp6_get_op(r->type);
 	switch(r->type) {
@ -2902,6 +2920,7 @@ dhcp6_handledata(void *arg)
 			return;
 		break;
 	case DHCP6_RECONFIGURE:
+#ifndef NO_AUTH
 		if (auth == NULL) {
 			logger(ifp->ctx, LOG_ERR,
 			    "%s: unauthenticated %s from %s",
@ -2909,6 +2928,7 @@ dhcp6_handledata(void *arg)
 			if (ifo->auth.options & DHCPCD_AUTH_REQUIRE)
 				return;
 		}
+#endif
 		logger(ifp->ctx, LOG_INFO, "%s: %s from %s",
 		    ifp->name, op, ctx->sfrom);
 		o = dhcp6_getmoption(D6_OPTION_RECONF_MSG, r, len);
--- a/external/bsd/dhcpcd/sbin/dhcpcd/Makefile
+++ b/external/bsd/dhcpcd/sbin/dhcpcd/Makefile
@ -1,20 +1,24 @@
-# $NetBSD: Makefile,v 1.31 2016/05/09 10:19:26 roy Exp $
+# $NetBSD: Makefile,v 1.32 2016/09/18 15:37:23 christos Exp $
 #

+WARNS?=		6
+USE_FORT?=	yes	# network client (local server)
+
+.include <bsd.init.mk>
+
 PROG=		dhcpcd
 SRCS=		common.c control.c dhcpcd.c duid.c eloop.c
 SRCS+=		if.c if-options.c script.c
 SRCS+=		dhcp-common.c dhcpcd-embedded.c
 SRCS+=		if-bsd.c

-WARNS?=		6
-USE_FORT?=	yes	# network client (local server)
-
 CPPFLAGS+=	-DHAVE_CONFIG_H -D_OPENBSD_SOURCE

-.include <bsd.own.mk>
-
+.if defined(SMALLPROG)
+CPPFLAGS+=	-DNO_AUTH
+.else
 SRCS+=		auth.c hmac_md5.c
+.endif

 USE_INET?=	yes
 .if (${USE_INET} != "no")