Fix for bug 10743

Message ID 20201216123322.9680-1-ahb.ipfire@gmail.com
State Accepted
Headers show
Series Fix for bug 10743 | expand

Commit Message

Adolf Belka Dec. 16, 2020, 12:33 p.m. UTC
This adds in the option to have "deny known clients" in dhcpd.conf
This is applied to the range command so applies to the dynamic addresses
given.
If you have just a range statement say in blue then if you are not using
vlans you could have the situation where a known host in green might end
up getting a lease from the blue range. Here a deny known-clients makes
sense. Your range in this case would be limited to only unknown clients if
deny known-clients was selected.
dhcp WUI has been modified to add in this command. Error message has been
added to check that a range has been specified if the deny unknown clients
checkbox has been selected.
Language files updated with additional items (English, German & Dutch).

For more information on the history of this please see the bugzilla entry
Signed-off-by: Adolf Belka <ahb.ipfire@gmail.com>
---
 doc/language_issues.en |  2 ++
 doc/language_issues.es |  2 ++
 doc/language_issues.fr |  2 ++
 doc/language_issues.it |  2 ++
 doc/language_issues.pl |  2 ++
 doc/language_issues.ru |  2 ++
 doc/language_issues.tr |  2 ++
 doc/language_missings  | 12 ++++++++++++
 html/cgi-bin/dhcp.cgi  | 19 ++++++++++++++++++-
 langs/de/cgi-bin/de.pl |  2 ++
 langs/en/cgi-bin/en.pl |  2 ++
 langs/nl/cgi-bin/nl.pl |  2 ++
 12 files changed, 50 insertions(+), 1 deletion(-)

Patch

diff --git a/doc/language_issues.en b/doc/language_issues.en
index b3c46de5e..3955d3ae7 100644
--- a/doc/language_issues.en
+++ b/doc/language_issues.en
@@ -574,6 +574,7 @@  WARNING: untranslated string: dhcp advopt value = Option value
 WARNING: untranslated string: dhcp allow bootp = Allow bootp clients
 WARNING: untranslated string: dhcp bootp pxe data = Enter optional bootp pxe data for this fixed lease
 WARNING: untranslated string: dhcp configuration = DHCP configuration
+WARNING: untranslated string: dhcp deny known clients: = Deny known clients:
 WARNING: untranslated string: dhcp dns enable update = Enable DNS Update (RFC2136):
 WARNING: untranslated string: dhcp dns key name = Key Name
 WARNING: untranslated string: dhcp dns update = DNS Update
@@ -582,6 +583,7 @@  WARNING: untranslated string: dhcp dns update secret = Secret
 WARNING: untranslated string: dhcp server = DHCP Server
 WARNING: untranslated string: dhcp server disabled = DHCP server disabled.  Stopped.
 WARNING: untranslated string: dhcp server enabled = DHCP server enabled.  Restarting.
+WARNING: untranslated string: dhcp valid range required when deny known clients checked = Valid range required when "Deny known clients:" is checked
 WARNING: untranslated string: dhcp-options = DHCP push options
 WARNING: untranslated string: dial = Connect
 WARNING: untranslated string: dial profile = Connect with profile
diff --git a/doc/language_issues.es b/doc/language_issues.es
index 9f62f03f2..2cd36a5a1 100644
--- a/doc/language_issues.es
+++ b/doc/language_issues.es
@@ -886,11 +886,13 @@  WARNING: untranslated string: dh key move failed = Diffie-Hellman parameters mov
 WARNING: untranslated string: dh key warn = Creating DH-parameters with a length of 2048 bits takes up to several minutes. Lengths of 3072 or 4096 bits might needs several hours. Please be patient.
 WARNING: untranslated string: dh key warn1 = For weak systems or systems with little entropy, it is recommended to upload long Diffie-Hellman parameters by usage of the upload function.
 WARNING: untranslated string: dh parameter = Diffie-Hellman parameters
+WARNING: untranslated string: dhcp deny known clients: = Deny known clients:
 WARNING: untranslated string: dhcp dns enable update = Enable DNS Update (RFC2136):
 WARNING: untranslated string: dhcp dns key name = Key Name
 WARNING: untranslated string: dhcp dns update = DNS Update
 WARNING: untranslated string: dhcp dns update algo = Algorithm
 WARNING: untranslated string: dhcp dns update secret = Secret
+WARNING: untranslated string: dhcp valid range required when deny known clients checked = Valid range required when "Deny known clients:" is checked
 WARNING: untranslated string: disable = Disable
 WARNING: untranslated string: disconnected = Disconnected
 WARNING: untranslated string: dl client arch insecure = Download insecure Client Package (zip)
diff --git a/doc/language_issues.fr b/doc/language_issues.fr
index 90a745360..279e1ba37 100644
--- a/doc/language_issues.fr
+++ b/doc/language_issues.fr
@@ -879,6 +879,8 @@  WARNING: translation string unused: zoneconf val vlan tag assignment error
 WARNING: translation string unused: zoneconf val zoneslave amount error
 WARNING: untranslated string: asn lookup failed = AS lookup failed
 WARNING: untranslated string: autonomous system = Autonomous System
+WARNING: untranslated string: dhcp deny known clients: = Deny known clients:
+WARNING: untranslated string: dhcp valid range required when deny known clients checked = Valid range required when "Deny known clients:" is checked
 WARNING: untranslated string: dns enable safe-search youtube = Include YouTube in Safe Search
 WARNING: untranslated string: fwhost cust locationgrp = unknown string
 WARNING: untranslated string: fwhost err hostip = unknown string
diff --git a/doc/language_issues.it b/doc/language_issues.it
index 62e4f9953..4ac4754dc 100644
--- a/doc/language_issues.it
+++ b/doc/language_issues.it
@@ -911,11 +911,13 @@  WARNING: untranslated string: crypto warning = Cryptographic warning
 WARNING: untranslated string: dangerous = Dangerous
 WARNING: untranslated string: default IP address = Default IP Address
 WARNING: untranslated string: desired = Desired
+WARNING: untranslated string: dhcp deny known clients: = Deny known clients:
 WARNING: untranslated string: dhcp dns enable update = Enable DNS Update (RFC2136):
 WARNING: untranslated string: dhcp dns key name = Key Name
 WARNING: untranslated string: dhcp dns update = DNS Update
 WARNING: untranslated string: dhcp dns update algo = Algorithm
 WARNING: untranslated string: dhcp dns update secret = Secret
+WARNING: untranslated string: dhcp valid range required when deny known clients checked = Valid range required when "Deny known clients:" is checked
 WARNING: untranslated string: disable = Disable
 WARNING: untranslated string: disconnected = Disconnected
 WARNING: untranslated string: dl client arch insecure = Download insecure Client Package (zip)
diff --git a/doc/language_issues.pl b/doc/language_issues.pl
index 9f62f03f2..2cd36a5a1 100644
--- a/doc/language_issues.pl
+++ b/doc/language_issues.pl
@@ -886,11 +886,13 @@  WARNING: untranslated string: dh key move failed = Diffie-Hellman parameters mov
 WARNING: untranslated string: dh key warn = Creating DH-parameters with a length of 2048 bits takes up to several minutes. Lengths of 3072 or 4096 bits might needs several hours. Please be patient.
 WARNING: untranslated string: dh key warn1 = For weak systems or systems with little entropy, it is recommended to upload long Diffie-Hellman parameters by usage of the upload function.
 WARNING: untranslated string: dh parameter = Diffie-Hellman parameters
+WARNING: untranslated string: dhcp deny known clients: = Deny known clients:
 WARNING: untranslated string: dhcp dns enable update = Enable DNS Update (RFC2136):
 WARNING: untranslated string: dhcp dns key name = Key Name
 WARNING: untranslated string: dhcp dns update = DNS Update
 WARNING: untranslated string: dhcp dns update algo = Algorithm
 WARNING: untranslated string: dhcp dns update secret = Secret
+WARNING: untranslated string: dhcp valid range required when deny known clients checked = Valid range required when "Deny known clients:" is checked
 WARNING: untranslated string: disable = Disable
 WARNING: untranslated string: disconnected = Disconnected
 WARNING: untranslated string: dl client arch insecure = Download insecure Client Package (zip)
diff --git a/doc/language_issues.ru b/doc/language_issues.ru
index 5d16e0b18..a333d9939 100644
--- a/doc/language_issues.ru
+++ b/doc/language_issues.ru
@@ -888,11 +888,13 @@  WARNING: untranslated string: dh key move failed = Diffie-Hellman parameters mov
 WARNING: untranslated string: dh key warn = Creating DH-parameters with a length of 2048 bits takes up to several minutes. Lengths of 3072 or 4096 bits might needs several hours. Please be patient.
 WARNING: untranslated string: dh key warn1 = For weak systems or systems with little entropy, it is recommended to upload long Diffie-Hellman parameters by usage of the upload function.
 WARNING: untranslated string: dh parameter = Diffie-Hellman parameters
+WARNING: untranslated string: dhcp deny known clients: = Deny known clients:
 WARNING: untranslated string: dhcp dns enable update = Enable DNS Update (RFC2136):
 WARNING: untranslated string: dhcp dns key name = Key Name
 WARNING: untranslated string: dhcp dns update = DNS Update
 WARNING: untranslated string: dhcp dns update algo = Algorithm
 WARNING: untranslated string: dhcp dns update secret = Secret
+WARNING: untranslated string: dhcp valid range required when deny known clients checked = Valid range required when "Deny known clients:" is checked
 WARNING: untranslated string: disable = Disable
 WARNING: untranslated string: disconnected = Disconnected
 WARNING: untranslated string: disk access = Disk Access
diff --git a/doc/language_issues.tr b/doc/language_issues.tr
index 26530a923..a080ee54f 100644
--- a/doc/language_issues.tr
+++ b/doc/language_issues.tr
@@ -894,6 +894,8 @@  WARNING: untranslated string: crypto warning = Cryptographic warning
 WARNING: untranslated string: dangerous = Dangerous
 WARNING: untranslated string: default IP address = Default IP Address
 WARNING: untranslated string: desired = Desired
+WARNING: untranslated string: dhcp deny known clients: = Deny known clients:
+WARNING: untranslated string: dhcp valid range required when deny known clients checked = Valid range required when "Deny known clients:" is checked
 WARNING: untranslated string: disable = Disable
 WARNING: untranslated string: disconnected = Disconnected
 WARNING: untranslated string: dns check servers = Check DNS Servers
diff --git a/doc/language_missings b/doc/language_missings
index 12e341402..ad70d5241 100644
--- a/doc/language_missings
+++ b/doc/language_missings
@@ -222,11 +222,13 @@ 
 < desired
 < details
 < dh
+< dhcp deny known clients:
 < dhcp dns enable update
 < dhcp dns key name
 < dhcp dns update
 < dhcp dns update algo
 < dhcp dns update secret
+< dhcp valid range required when deny known clients checked
 < dh key move failed
 < dh key warn
 < dh key warn1
@@ -962,6 +964,8 @@ 
 < autonomous system
 < bewan adsl pci st
 < bewan adsl usb
+< dhcp deny known clients:
+< dhcp valid range required when deny known clients checked
 < dns enable safe-search youtube
 < g.dtm
 < g.lite
@@ -1061,11 +1065,13 @@ 
 < dangerous
 < default IP address
 < desired
+< dhcp deny known clients:
 < dhcp dns enable update
 < dhcp dns key name
 < dhcp dns update
 < dhcp dns update algo
 < dhcp dns update secret
+< dhcp valid range required when deny known clients checked
 < disable
 < Disabled
 < disconnected
@@ -1945,11 +1951,13 @@ 
 < desired
 < details
 < dh
+< dhcp deny known clients:
 < dhcp dns enable update
 < dhcp dns key name
 < dhcp dns update
 < dhcp dns update algo
 < dhcp dns update secret
+< dhcp valid range required when deny known clients checked
 < dh key move failed
 < dh key warn
 < dh key warn1
@@ -2822,11 +2830,13 @@ 
 < desired
 < details
 < dh
+< dhcp deny known clients:
 < dhcp dns enable update
 < dhcp dns key name
 < dhcp dns update
 < dhcp dns update algo
 < dhcp dns update secret
+< dhcp valid range required when deny known clients checked
 < dh key move failed
 < dh key warn
 < dh key warn1
@@ -3568,6 +3578,8 @@ 
 < dangerous
 < default IP address
 < desired
+< dhcp deny known clients:
+< dhcp valid range required when deny known clients checked
 < disable
 < Disabled
 < disconnected
diff --git a/html/cgi-bin/dhcp.cgi b/html/cgi-bin/dhcp.cgi
index 8c57c675d..2ebdde818 100644
--- a/html/cgi-bin/dhcp.cgi
+++ b/html/cgi-bin/dhcp.cgi
@@ -74,6 +74,7 @@  foreach my $itf (@ITFs) {
     $dhcpsettings{"DNS_UPDATE_KEY_NAME_${itf}"} = '';
     $dhcpsettings{"DNS_UPDATE_KEY_SECRET_${itf}"} = '';
     $dhcpsettings{"DNS_UPDATE_KEY_ALGO_${itf}"} = '';
+    $dhcpsettings{"DENY_KNOWN_CLIENTS_${itf}"} = 'off';
 }
 
 $dhcpsettings{'SORT_FLEASELIST'} = 'FIPADDR';
@@ -175,9 +176,16 @@  if ($dhcpsettings{'ACTION'} eq $Lang::tr{'save'}) {
 		}
 	    }
 
+	    if ($dhcpsettings{"DENY_KNOWN_CLIENTS_${itf}"} eq 'on') {
+		if (($dhcpsettings{"START_ADDR_${itf}"}) eq '' && ($dhcpsettings{"END_ADDR_${itf}"}) eq '') {
+			$errormessage = "DHCP on ${itf}: " . $Lang::tr{'dhcp valid range required when deny known clients checked'};
+			goto ERROR;
+	    }
+
 	    if (!($dhcpsettings{"DEFAULT_LEASE_TIME_${itf}"} =~ /^\d+$/)) {
 		$errormessage = "DHCP on ${itf}: " . $Lang::tr{'invalid default lease time'} . $dhcpsettings{'DEFAULT_LEASE_TIME_${itf}'};
 		goto ERROR;
+		}
 	    }
 
 	    if (!($dhcpsettings{"MAX_LEASE_TIME_${itf}"} =~ /^\d+$/)) {
@@ -548,6 +556,7 @@  foreach my $itf (@ITFs) {
     my %checked=();
     $checked{'ENABLE'}{'on'} = ( $dhcpsettings{"ENABLE_${itf}"} ne 'on') ? '' : "checked='checked'";
     $checked{'ENABLEBOOTP'}{'on'} = ( $dhcpsettings{"ENABLEBOOTP_${itf}"} ne 'on') ? '' : "checked='checked'";
+    $checked{'DENY_KNOWN_CLIENTS'}{'on'} = ( $dhcpsettings{"DENY_KNOWN_CLIENTS_${itf}"} ne 'on') ? '' : "checked='checked'";
 
     if ($netsettings{"${itf}_DEV"} ne '' ) { # Show only defined interface
 	my $lc_itf=lc($itf);
@@ -563,6 +572,9 @@  print <<END
     <td width='25%'><input type='text' name='START_ADDR_${itf}' value='$dhcpsettings{"START_ADDR_${itf}"}' /></td>
     <td width='25%' class='base'>$Lang::tr{'end address'}&nbsp;<img src='/blob.gif' alt='*' /></td>
     <td width='25%'><input type='text' name='END_ADDR_${itf}' value='$dhcpsettings{"END_ADDR_${itf}"}' /></td>
+</tr><tr>
+    <td class='base'>$Lang::tr{'dhcp deny known clients:'}</td>
+    <td><input type='checkbox' name='DENY_KNOWN_CLIENTS_${itf}' $checked{'DENY_KNOWN_CLIENTS'}{'on'} /></td>
 </tr><tr>
     <td class='base'>$Lang::tr{'default lease time'}&nbsp;<img src='/blob.gif' alt='*' /></td>
     <td><input type='text' name='DEFAULT_LEASE_TIME_${itf}' value='$dhcpsettings{"DEFAULT_LEASE_TIME_${itf}"}' /></td>
@@ -1264,7 +1276,12 @@  sub buildconf {
 	if ($dhcpsettings{"ENABLE_${itf}"} eq 'on' ){
 	    print FILE "subnet " . $netsettings{"${itf}_NETADDRESS"} . " netmask ". $netsettings{"${itf}_NETMASK"} . " #$itf\n";
 	    print FILE "{\n";
-	    print FILE "\trange " . $dhcpsettings{"START_ADDR_${itf}"} . ' ' . $dhcpsettings{"END_ADDR_${itf}"}.";\n" if ($dhcpsettings{"START_ADDR_${itf}"});
+	    if ($dhcpsettings{"START_ADDR_${itf}"}) {
+		print FILE "pool {\n";
+		print FILE "\trange " . $dhcpsettings{"START_ADDR_${itf}"} . ' ' . $dhcpsettings{"END_ADDR_${itf}"}.";\n";
+		print FILE "\tdeny known-clients;\n" if ($dhcpsettings{"DENY_KNOWN_CLIENTS_${itf}"} eq 'on');
+		print FILE "     }\n"; # pool
+	    }
 	    print FILE "\toption subnet-mask "   . $netsettings{"${itf}_NETMASK"} . ";\n";
 	    print FILE "\toption domain-name \"" . $dhcpsettings{"DOMAIN_NAME_${itf}"} . "\";\n";
 	    print FILE "\toption routers " . $netsettings{"${itf}_ADDRESS"} . ";\n";
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index 2fb46e741..38c9783f8 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -781,6 +781,7 @@ 
 'dhcp bootp pxe data' => 'Geben Sie optionale BOOTP-PXE-Daten für diese feste Zuordnung ein',
 'dhcp configuration' => 'DHCP-Konfiguration',
 'dhcp create fixed leases' => 'Feste Zuordnungen erzeugen',
+'dhcp deny known clients:' => 'Bekannte Clients verweigern:',
 'dhcp dns enable update' => 'DNS-Update nach RFC 2136 aktivieren:',
 'dhcp dns key name' => 'Schlüsselname',
 'dhcp dns update' => 'DNS-Update',
@@ -792,6 +793,7 @@ 
 'dhcp server' => 'DHCP-Server',
 'dhcp server disabled' => 'DHCP-Server deaktiviert. Angehalten.',
 'dhcp server enabled' => 'DHCP-Server aktiviert. Starte neu.',
+'dhcp valid range required when deny known clients checked' => 'Gültiger Bereich erforderlich, wenn "Bekannte Clients verweigern:" aktiviert ist',
 'dhcp-options' => 'DHCP push Optionen',
 'dial' => 'Verbinden',
 'dial profile' => 'Verbinde mit Profil',
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index b5284effa..500913240 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -800,6 +800,7 @@ 
 'dhcp bootp pxe data' => 'Enter optional bootp pxe data for this fixed lease',
 'dhcp configuration' => 'DHCP configuration',
 'dhcp create fixed leases' => 'Create fixed leases',
+'dhcp deny known clients:' => 'Deny known clients:',
 'dhcp dns enable update' => 'Enable DNS Update (RFC2136):',
 'dhcp dns key name' => 'Key Name',
 'dhcp dns update' => 'DNS Update',
@@ -813,6 +814,7 @@ 
 'dhcp server disabled on blue interface' => 'DHCP server disabled on BLUE interface',
 'dhcp server enabled' => 'DHCP server enabled.  Restarting.',
 'dhcp server enabled on blue interface' => 'DHCP server enabled on BLUE interface',
+'dhcp valid range required when deny known clients checked' => 'Valid range required when "Deny known clients:" is checked',
 'dhcp-options' => 'DHCP push options',
 'dial' => 'Connect',
 'dial profile' => 'Connect with profile',
diff --git a/langs/nl/cgi-bin/nl.pl b/langs/nl/cgi-bin/nl.pl
index 53341a6f8..191a16927 100644
--- a/langs/nl/cgi-bin/nl.pl
+++ b/langs/nl/cgi-bin/nl.pl
@@ -702,6 +702,7 @@ 
 'dhcp bootp pxe data' => 'Voer optionele bootp pxe data in voor deze vaste lease',
 'dhcp configuration' => 'DHCP configuratie',
 'dhcp create fixed leases' => 'Aanmaken vaste leases',
+'dhcp deny known clients:' => 'Bekende clients weigeren:',
 'dhcp fixed lease err1' => 'Voor een vaste lease moet u het MAC-adres of de hostnaam invoeren, of beide.',
 'dhcp fixed lease help1' => 'IP-adressen mogen ook als FQDN worden ingevoerd',
 'dhcp mode' => 'DHCP',
@@ -710,6 +711,7 @@ 
 'dhcp server disabled on blue interface' => 'DHCP server uitgeschakeld op de BLAUWE interface',
 'dhcp server enabled' => 'DHCP server ingeschakeld. Herstarten.',
 'dhcp server enabled on blue interface' => 'DHCP server ingeschakeld op de BLAUWE interface',
+'dhcp valid range required when deny known clients checked' => 'Geldig bereik wanneer "Bekende clients weigeren:" is aangevinkt',
 'dhcp-options' => 'DHCP push opties',
 'dial' => 'Verbind',
 'dial profile' => 'Verbind met profile',