ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/dhcpping/dhcping.c
Revision: 1.1
Committed: Mon Jul 26 00:46:09 2004 UTC (20 years, 2 months ago) by root
Content type: text/plain
Branch: MAIN
Log Message:
*** empty log message ***

File Contents

# User Rev Content
1 root 1.1 //
2     // $Id: dhcping.c,v 1.3 2002/01/27 01:57:15 mavetju Exp $
3     //
4    
5     /*
6     * Copyright 2000, 2001, 2002 by Edwin Groothuis, edwin@mavetju.org
7     *
8     * Redistribution and use in source and binary forms, with or without
9     * modification, are permitted provided that the following conditions
10     * are met:
11     * 1. Redistributions of source code must retain the above copyright
12     * notice, this list of conditions and the following disclaimer.
13     * 2. Redistributions in binary form must reproduce the above copyright
14     * notice, this list of conditions and the following disclaimer in the
15     * documentation and/or other materials provided with the distribution.
16     *
17     * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18     * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19     * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20     * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21     * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22     * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23     * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24     * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25     * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26     * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27     * SUCH DAMAGE.
28     *
29     */
30    
31     #include <sys/types.h>
32     #include <sys/socket.h>
33     #include <sys/time.h>
34     #include <sys/uio.h>
35     #include <netinet/in.h>
36     #include <unistd.h>
37     #include <netdb.h>
38     #include <stdio.h>
39     #include <stdlib.h>
40     #include <string.h>
41     #include <time.h>
42    
43     #include "dhcp_options.h"
44    
45     #define BUF_SIZ 256*256
46     #define MAX_OPTIONS 256
47     #define MAX_DATA 256
48    
49     int offset=0;
50     void addpacket(char *pktbuf,char *msgbuf,int size) {
51     memcpy(pktbuf+offset,msgbuf,size);
52     offset+=size;
53     }
54    
55     void dhcp_setup(char *);
56     int dhcp_read(void);
57     void dhcp_close(void);
58     void dhcp_dump(unsigned char *buffer,int size);
59     void dhcp_inform(char *ipaddr,char *gwaddr,char *hardware);
60     void dhcp_request(char *ipaddr,char *gwaddr,char *hardware);
61     void dhcp_release(char *ipaddr,char *gwaddr,char *hardware);
62     void dhcp_packet(int type,char *ciaddr,char *opt50,char *gwaddr,char *hardware);
63    
64     int dhcp_socket;
65     struct sockaddr_in dhcp_to;
66    
67     int _serveripaddress;
68    
69     int inform,request,verbose,VERBOSE,quiet;
70     char *ci,*gi,*server,*hw;
71     unsigned char serveridentifier[4];
72     int maxwait=3;
73    
74     typedef struct optpack cmdlineopt;
75    
76     struct optpack {
77     unsigned int option;
78     char data[MAX_DATA];
79     } cmdlineopts[MAX_OPTIONS];
80    
81     char sname[64];
82     unsigned int opt = 0;
83    
84     void doargs(int argc,char **argv) {
85     char ch;
86    
87     inform=request=verbose=VERBOSE=quiet=0;
88     ci=gi=server="0.0.0.0";
89     hw="00:00:00:00:00:00";
90    
91     if (argc==1) {
92     printf("dhcping -S sname -c ciaddr -g giaddr -h chaddr -r -s server -t maxwait -i -v -q -o option:data\n");
93     exit(1);
94     }
95    
96     while ((ch = getopt(argc,argv,"c:o:S:g:h:iqrs:t:vV"))>0) {
97     switch (ch) {
98     case 'c': ci=optarg;break;
99     case 'g': gi=optarg;break;
100     case 'h': hw=optarg;break;
101     case 'i': inform=1;break;
102     case 'q': quiet=1;break;
103     case 'r': request=1;break;
104     case 's': server=optarg;break;
105     case 't': maxwait=atoi(optarg);break;
106     case 'v': verbose=1;break;
107     case 'V': VERBOSE=1;break;
108     case 'o': if (opt > MAX_OPTIONS) {
109     printf ("Exceeded maximum options parameter(%d).\n", MAX_OPTIONS);
110     break;
111     }
112     char x[100+MAX_DATA];
113     sprintf (x, "%%d:%%%ds", MAX_DATA);
114     sscanf (optarg, x, &cmdlineopts[opt].option, cmdlineopts[opt].data);
115     printf ("optarg: %s, opt: %d, cmd1: %d, cmd2: %s, x: %s"
116     , optarg, opt, cmdlineopts[opt].option, cmdlineopts[opt++].data, x);
117     break;
118     case 'S': sscanf (optarg, "%63s", sname);break;
119     }
120     }
121    
122     if (request && inform) {
123     fprintf(stderr,"Error: -r and -i are mutally exclusive.\n");
124     exit(1);
125     }
126    
127     // DHCPREQUEST is by default.
128     if (!inform) request=1;
129     }
130    
131     int main(int argc,char **argv) {
132     fd_set read;
133     struct timeval timeout;
134     int foundpacket=0;
135     int returnvalue=0;
136    
137     if (geteuid()!=0) {
138     printf("This program should only be run by root or be installed as setuid root.\n");
139     exit(1);
140     }
141    
142     doargs(argc,argv);
143    
144     if (VERBOSE) puts("setup");
145     dhcp_setup(server);
146    
147     if (setuid(getuid())!=0) {
148     perror("setuid");
149     printf("Can't drop privileges back to normal user, program aborted.\n");
150     exit(1);
151     }
152    
153     if (inform) {
154     if (VERBOSE) puts("inform");
155     dhcp_inform(ci,gi,hw);
156     }
157     if (request) {
158     if (VERBOSE) puts("request");
159     dhcp_request(ci,gi,hw);
160     }
161    
162     while (!foundpacket) {
163     FD_ZERO(&read);
164     FD_SET(dhcp_socket,&read);
165     timeout.tv_sec=maxwait;
166     timeout.tv_usec=0;
167     if(select(dhcp_socket+1,&read,NULL,NULL,&timeout)<0) {
168     perror("select");
169     exit(0);
170     }
171     if (FD_ISSET(dhcp_socket,&read)) {
172     if (VERBOSE) puts("read");
173     /* If a expected packet was found, then also release it. */
174     if ((foundpacket=dhcp_read())!=0) {
175     if (request) {
176     if (VERBOSE) puts("release");
177     dhcp_release(ci,gi,hw);
178     }
179     }
180     } else {
181     if (!quiet)
182     fprintf(stderr,"no answer\n");
183     returnvalue=1;
184     foundpacket=1;
185     }
186     }
187     if (VERBOSE) puts("close");
188     dhcp_close();
189     return returnvalue;
190     }
191    
192    
193     void dhcp_setup(char *serveripaddress) {
194     struct servent *servent,*clientent;
195     struct hostent *hostent;
196     int flag;
197     struct sockaddr_in name;
198    
199     /*
200     // setup sending socket
201     */
202     if ((servent=getservbyname("bootps",0))==NULL) {
203     perror("getservbyname: bootps");
204     exit(1);
205     }
206     if ((hostent=gethostbyname(serveripaddress))==NULL) {
207     perror("gethostbyname");
208     exit(1);
209     }
210    
211     dhcp_to.sin_family=AF_INET;
212     bcopy(hostent->h_addr,&dhcp_to.sin_addr.s_addr,hostent->h_length);
213     _serveripaddress=ntohl(dhcp_to.sin_addr.s_addr);
214     /* dhcp_to.sin_addr.s_addr=INADDR_BROADCAST; */
215     dhcp_to.sin_port=servent->s_port;
216    
217     if ((dhcp_socket=socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP))==-1) {
218     perror("dhcp_socket/socket");
219     exit(1);
220     }
221    
222     flag=1;
223     if (setsockopt (dhcp_socket, SOL_SOCKET, SO_REUSEADDR, (char *)&flag, sizeof flag) < 0) {
224     perror("dhcp_socket/setsockopt: SO_REUSEADDR");
225     exit(1);
226     }
227    
228     if (setsockopt(dhcp_socket,SOL_SOCKET,SO_BROADCAST,(char *)&flag, sizeof flag) < 0) {
229     perror ("dhcp_socket/setsockopt: SO_BROADCAST");
230     exit(1);
231     }
232    
233     if ((clientent=getservbyname("bootpc",0))==NULL) {
234     perror("getservbyname: bootpc");
235     exit(1);
236     }
237     name.sin_family = AF_INET;
238     name.sin_port = clientent->s_port;
239     name.sin_addr.s_addr = INADDR_ANY;
240     /* name.sin_addr.s_addr = INADDR_NONE; */
241     memset (name.sin_zero, 0, sizeof (name.sin_zero));
242    
243     if (bind (dhcp_socket, (struct sockaddr *)&name, sizeof name) < 0) {
244     perror("bind");
245     exit(1);
246     }
247     }
248    
249     void dhcp_request(char *ipaddr,char *gwaddr,char *hardware) {
250     dhcp_packet(3,ipaddr,ipaddr,gwaddr,hardware);
251     }
252     void dhcp_release(char *ipaddr,char *gwaddr,char *hardware) {
253     dhcp_packet(7,ipaddr,NULL,gwaddr,hardware);
254     }
255     void dhcp_inform(char *ipaddr,char *gwaddr,char *hardware) {
256     dhcp_packet(8,ipaddr,NULL,gwaddr,hardware);
257     }
258    
259    
260     void dhcp_packet(int type,char *ipaddr,char *opt50,char *gwaddr,char *hardware) {
261     static time_t l=0;
262     unsigned char msgbuf[BUF_SIZ];
263     unsigned char pktbuf[BUF_SIZ];
264     int ip[4],gw[4],hw[16],ip50[4];
265     int hwcount;
266    
267     sscanf(ipaddr,"%d.%d.%d.%d",&ip[0],&ip[1],&ip[2],&ip[3]);
268     sscanf(gwaddr,"%d.%d.%d.%d",&gw[0],&gw[1],&gw[2],&gw[3]);
269     if (opt50)
270     sscanf(opt50,"%d.%d.%d.%d",&ip50[0],&ip50[1],&ip50[2],&ip50[3]);
271     memset(&hw,0,sizeof(hw));
272     hwcount=sscanf(hardware,"%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x:%x",
273     &hw[0],&hw[1],&hw[2],&hw[3],
274     &hw[4],&hw[5],&hw[6],&hw[7],
275     &hw[8],&hw[9],&hw[10],&hw[11],
276     &hw[12],&hw[13],&hw[14],&hw[15]);
277    
278     memset(msgbuf,0,sizeof(msgbuf));
279     sprintf(msgbuf,"\1\1%c%c",hwcount,0);
280     addpacket(pktbuf,msgbuf,4);
281    
282     /* xid */
283     if (l>time(NULL))
284     l++;
285     else
286     l=time(NULL);
287     memcpy(msgbuf,&l,4);
288     addpacket(pktbuf,msgbuf,4);
289    
290     /* secs and flags */
291     memset(msgbuf,0,4);
292     addpacket(pktbuf,msgbuf,4);
293     /* sprintf(msgbuf,"%c%c",0x80,0x00); */
294     /* sprintf(msgbuf,"%c%c",0x00,0x00); */
295     /* addpacket(pktbuf,msgbuf,2); */
296    
297     /* ciaddr */
298     memset(msgbuf,0,4);
299     sprintf(msgbuf,"%c%c%c%c",ip[0],ip[1],ip[2],ip[3]);
300     addpacket(pktbuf,msgbuf,4);
301    
302     /* yiaddr */
303     memset(msgbuf,0,4);
304     addpacket(pktbuf,msgbuf,4);
305    
306     /* siaddr */
307     memset(msgbuf,0,4);
308     addpacket(pktbuf,msgbuf,4);
309    
310     /* giaddr */
311     sprintf(msgbuf,"%c%c%c%c",gw[0],gw[1],gw[2],gw[3]);
312     addpacket(pktbuf,msgbuf,4);
313    
314     /* chaddr */
315     sprintf(msgbuf,"%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c",
316     hw[0],hw[1],hw[2],hw[3],hw[4],hw[5],hw[6],hw[7],
317     hw[8],hw[9],hw[10],hw[11],hw[12],hw[13],hw[14],hw[15]);
318     addpacket(pktbuf,msgbuf,16);
319    
320     /* sname */
321     memset(msgbuf,0,64);
322     printf("hallo!!!\n");
323     if (strlen (sname) > 0) {
324     sprintf (msgbuf, "%s", sname);
325     }
326     addpacket(pktbuf,msgbuf,64);
327    
328     /* file */
329     memset(msgbuf,0,128);
330     addpacket(pktbuf,msgbuf,128);
331    
332     /* options */
333     {
334     /* cookie */
335     sprintf(msgbuf,"%c%c%c%c",99,130,83,99);
336     addpacket(pktbuf,msgbuf,4);
337    
338     /* dhcp-type */
339     sprintf(msgbuf,"%c%c%c",53,1,type);
340     addpacket(pktbuf,msgbuf,3);
341    
342     /* Not for inform */
343     if (type!=8) {
344     /* requested IP address */
345     if (opt50) {
346     sprintf(msgbuf,"%c%c%c%c%c%c",50,4,ip50[0],ip50[1],ip50[2],ip50[3]);
347     addpacket(pktbuf,msgbuf,6);
348     }
349    
350     /* server-identifier */
351     if (serveridentifier[0]) {
352     sprintf(msgbuf,"%c%c%c%c%c%c",54,4,
353     serveridentifier[0],serveridentifier[1],
354     serveridentifier[2],serveridentifier[3]);
355     addpacket(pktbuf,msgbuf,6);
356     }
357     /* command line options */
358     while (opt--) {
359     sprintf (msgbuf, "%c%c%s", cmdlineopts[opt].option, (char *)(strlen (cmdlineopts[opt].data) + 1), cmdlineopts[opt].data);
360     addpacket(pktbuf, msgbuf, 2 + strlen (cmdlineopts[opt].data) + 1);
361     }
362     }
363    
364     /* client-identifier */
365     // sprintf(msgbuf,"%c%c%c%c%c%c%c%c",61,6,
366     // hw[0],hw[1],hw[2],hw[3],hw[4],hw[5]);
367     // addpacket(pktbuf,msgbuf,8);
368    
369     /* parameter request list */
370     if (type==8) {
371     sprintf(msgbuf,"%c%c%c",55,1,1);
372     addpacket(pktbuf,msgbuf,3);
373     }
374    
375     /* end of options */
376     sprintf(msgbuf,"%c",255);
377     addpacket(pktbuf,msgbuf,1);
378     }
379    
380     dhcp_dump(pktbuf,offset);
381    
382     sendto(dhcp_socket,pktbuf,offset,0,(struct sockaddr *)&dhcp_to,sizeof(dhcp_to));
383    
384     offset=0;
385     }
386    
387    
388     int dhcp_read(void) {
389     unsigned char msgbuf[BUF_SIZ];
390     struct sockaddr_in fromsock;
391     socklen_t fromlen=sizeof(fromsock);
392     int addr;
393     int i;
394    
395     i=recvfrom(dhcp_socket,msgbuf,BUF_SIZ,0,(struct sockaddr *)&fromsock,&fromlen);
396     addr=ntohl(fromsock.sin_addr.s_addr);
397    
398     if (!quiet) {
399     printf( "Got answer from: %d.%d.%d.%d\n",
400     ( addr >> 24 ) & 0xFF, ( addr >> 16 ) & 0xFF,
401     ( addr >> 8 ) & 0xFF, ( addr ) & 0xFF
402     );
403     }
404    
405     if (_serveripaddress!=addr) {
406     if (!quiet)
407     fprintf(stderr,"received from %d.%d.%d.%d, expected from %d.%d.%d.%d\n",
408     ( addr >> 24 ) & 0xFF, ( addr >> 16 ) & 0xFF,
409     ( addr >> 8 ) & 0xFF, ( addr ) & 0xFF,
410     ( _serveripaddress >> 24 )&0xFF,(_serveripaddress >> 16 )&0xFF,
411     ( _serveripaddress >> 8 )&0xFF,(_serveripaddress )&0xFF
412     );
413     return 0;
414    
415     }
416    
417    
418     dhcp_dump(msgbuf,i);
419     return 1;
420     }
421    
422    
423    
424     void dhcp_dump(unsigned char *buffer,int size) {
425     int j;
426    
427     if (VERBOSE)
428     printf("packet %d bytes\n",size);
429    
430     if (!VERBOSE)
431     return;
432    
433     //
434     // Are you sure you want to see this? Try dhcpdump, which is better
435     // suited for this kind of work... See http://www.mavetju.org
436     //
437     j=0;
438     while (j<size) {
439     printf("%02x ",buffer[j]);
440     if (j%16==15) printf("\n");
441     j++;
442     }
443     printf("\n");
444    
445     printf("op: %d\n",buffer[0]);
446     printf("htype: %d\n",buffer[1]);
447     printf("hlen: %d\n",buffer[2]);
448     printf("hops: %d\n",buffer[3]);
449    
450     printf("xid: %02x%02x%02x%02x\n",
451     buffer[4],buffer[5],buffer[6],buffer[7]);
452     printf("secs: %d\n",255*buffer[8]+buffer[9]);
453     printf("flags: %x\n",255*buffer[10]+buffer[11]);
454    
455     printf("ciaddr: %d.%d.%d.%d\n",
456     buffer[12],buffer[13],buffer[14],buffer[15]);
457     printf("yiaddr: %d.%d.%d.%d\n",
458     buffer[16],buffer[17],buffer[18],buffer[19]);
459     printf("siaddr: %d.%d.%d.%d\n",
460     buffer[20],buffer[21],buffer[22],buffer[23]);
461     printf("giaddr: %d.%d.%d.%d\n",
462     buffer[24],buffer[25],buffer[26],buffer[27]);
463     printf("chaddr: %02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x\n",
464     buffer[28],buffer[29],buffer[30],buffer[31],
465     buffer[32],buffer[33],buffer[34],buffer[35],
466     buffer[36],buffer[37],buffer[38],buffer[39],
467     buffer[40],buffer[41],buffer[42],buffer[43]);
468     printf("sname : %s.\n",buffer+44);
469     printf("fname : %s.\n",buffer+108);
470    
471     j=236;
472     j+=4; /* cookie */
473     while (j<size && buffer[j]!=255) {
474     printf("option %d %s\n",buffer[j],dhcp_options[buffer[j]]);
475    
476     switch (buffer[j]) {
477     case 1:
478     printf("\tSubnet mask: %d.%d.%d.%d\n",
479     buffer[j+2],buffer[j+3],buffer[j+4],buffer[j+5]);
480     break;
481     case 3:
482     printf("\tRouter: %d.%d.%d.%d\n",
483     buffer[j+2],buffer[j+3],buffer[j+4],buffer[j+5]);
484     break;
485     case 50:
486     printf("\tRequested IP address: %d.%d.%d.%d\n",
487     buffer[j+2],buffer[j+3],buffer[j+4],buffer[j+5]);
488     break;
489     case 53:
490     printf("\tDHCP message type: %d (%s)\n",
491     buffer[j+2],dhcp_message_types[buffer[j+2]]);
492     break;
493     case 54:
494     memcpy(serveridentifier,buffer+j+2,4);
495     printf("\tServer identifier: %d.%d.%d.%d\n",
496     serveridentifier[0],serveridentifier[1],
497     serveridentifier[2],serveridentifier[3]);
498     break;
499     case 61:
500     printf("\tClient identifier: %02x%02x%02x%02x%02x%02x\n",
501     buffer[j+2],buffer[j+3],buffer[j+4],
502     buffer[j+5],buffer[j+6],buffer[j+7]);
503     break;
504     }
505    
506     /*
507     // This might go wrong if a mallformed packet is received.
508     // Maybe from a bogus server which is instructed to reply
509     // with invalid data and thus causing an exploit.
510     // My head hurts... but I think it's solved by the checking
511     // for j<size at the begin of the while-loop.
512     */
513     j+=buffer[j+1]+2;
514     }
515     }
516    
517    
518     void dhcp_close(void) {
519     close(dhcp_socket);
520     }
521