Fix for bug 10743

This adds in the option to have "deny known clients" in dhcpd.conf This is applied to the range command so applies to the dynamic addresses given. If you have just a range statement say in blue then if you are not using vlans you could have the situation where a known host in green might end up getting a lease from the blue range. Here a deny known-clients makes sense. Your range in this case would be limited to only unknown clients if deny known-clients was selected. dhcp WUI has been modified to add in this command. Error message has been added to check that a range has been specified if the deny unknown clients checkbox has been selected. Language files updated with additional items (English, German & Dutch). For more information on the history of this please see the bugzilla entry Signed-off-by: Adolf Belka <ahb.ipfire@gmail.com> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2026-04-09 18:45:54 +02:00 · 2020-12-16 13:33:22 +01:00
parent fef289cef7
commit 9dbf3c4936
12 changed files with 50 additions and 1 deletions
--- a/doc/language_issues.en
+++ b/doc/language_issues.en
@@ -574,6 +574,7 @@ WARNING: untranslated string: dhcp advopt value = Option value
 WARNING: untranslated string: dhcp allow bootp = Allow bootp clients
 WARNING: untranslated string: dhcp bootp pxe data = Enter optional bootp pxe data for this fixed lease
 WARNING: untranslated string: dhcp configuration = DHCP configuration
+WARNING: untranslated string: dhcp deny known clients: = Deny known clients:
 WARNING: untranslated string: dhcp dns enable update = Enable DNS Update (RFC2136):
 WARNING: untranslated string: dhcp dns key name = Key Name
 WARNING: untranslated string: dhcp dns update = DNS Update
@@ -582,6 +583,7 @@ WARNING: untranslated string: dhcp dns update secret = Secret
 WARNING: untranslated string: dhcp server = DHCP Server
 WARNING: untranslated string: dhcp server disabled = DHCP server disabled.  Stopped.
 WARNING: untranslated string: dhcp server enabled = DHCP server enabled.  Restarting.
+WARNING: untranslated string: dhcp valid range required when deny known clients checked = Valid range required when "Deny known clients:" is checked
 WARNING: untranslated string: dhcp-options = DHCP push options
 WARNING: untranslated string: dial = Connect
 WARNING: untranslated string: dial profile = Connect with profile
--- a/doc/language_issues.es
+++ b/doc/language_issues.es
@@ -886,11 +886,13 @@ WARNING: untranslated string: dh key move failed = Diffie-Hellman parameters mov
 WARNING: untranslated string: dh key warn = Creating DH-parameters with a length of 2048 bits takes up to several minutes. Lengths of 3072 or 4096 bits might needs several hours. Please be patient.
 WARNING: untranslated string: dh key warn1 = For weak systems or systems with little entropy, it is recommended to upload long Diffie-Hellman parameters by usage of the upload function.
 WARNING: untranslated string: dh parameter = Diffie-Hellman parameters
+WARNING: untranslated string: dhcp deny known clients: = Deny known clients:
 WARNING: untranslated string: dhcp dns enable update = Enable DNS Update (RFC2136):
 WARNING: untranslated string: dhcp dns key name = Key Name
 WARNING: untranslated string: dhcp dns update = DNS Update
 WARNING: untranslated string: dhcp dns update algo = Algorithm
 WARNING: untranslated string: dhcp dns update secret = Secret
+WARNING: untranslated string: dhcp valid range required when deny known clients checked = Valid range required when "Deny known clients:" is checked
 WARNING: untranslated string: disable = Disable
 WARNING: untranslated string: disconnected = Disconnected
 WARNING: untranslated string: dl client arch insecure = Download insecure Client Package (zip)
--- a/doc/language_issues.fr
+++ b/doc/language_issues.fr
@@ -879,6 +879,8 @@ WARNING: translation string unused: zoneconf val vlan tag assignment error
 WARNING: translation string unused: zoneconf val zoneslave amount error
 WARNING: untranslated string: asn lookup failed = AS lookup failed
 WARNING: untranslated string: autonomous system = Autonomous System
+WARNING: untranslated string: dhcp deny known clients: = Deny known clients:
+WARNING: untranslated string: dhcp valid range required when deny known clients checked = Valid range required when "Deny known clients:" is checked
 WARNING: untranslated string: dns enable safe-search youtube = Include YouTube in Safe Search
 WARNING: untranslated string: fwhost cust locationgrp = unknown string
 WARNING: untranslated string: fwhost err hostip = unknown string
--- a/doc/language_issues.it
+++ b/doc/language_issues.it
@@ -911,11 +911,13 @@ WARNING: untranslated string: crypto warning = Cryptographic warning
 WARNING: untranslated string: dangerous = Dangerous
 WARNING: untranslated string: default IP address = Default IP Address
 WARNING: untranslated string: desired = Desired
+WARNING: untranslated string: dhcp deny known clients: = Deny known clients:
 WARNING: untranslated string: dhcp dns enable update = Enable DNS Update (RFC2136):
 WARNING: untranslated string: dhcp dns key name = Key Name
 WARNING: untranslated string: dhcp dns update = DNS Update
 WARNING: untranslated string: dhcp dns update algo = Algorithm
 WARNING: untranslated string: dhcp dns update secret = Secret
+WARNING: untranslated string: dhcp valid range required when deny known clients checked = Valid range required when "Deny known clients:" is checked
 WARNING: untranslated string: disable = Disable
 WARNING: untranslated string: disconnected = Disconnected
 WARNING: untranslated string: dl client arch insecure = Download insecure Client Package (zip)
--- a/doc/language_issues.pl
+++ b/doc/language_issues.pl
@@ -886,11 +886,13 @@ WARNING: untranslated string: dh key move failed = Diffie-Hellman parameters mov
 WARNING: untranslated string: dh key warn = Creating DH-parameters with a length of 2048 bits takes up to several minutes. Lengths of 3072 or 4096 bits might needs several hours. Please be patient.
 WARNING: untranslated string: dh key warn1 = For weak systems or systems with little entropy, it is recommended to upload long Diffie-Hellman parameters by usage of the upload function.
 WARNING: untranslated string: dh parameter = Diffie-Hellman parameters
+WARNING: untranslated string: dhcp deny known clients: = Deny known clients:
 WARNING: untranslated string: dhcp dns enable update = Enable DNS Update (RFC2136):
 WARNING: untranslated string: dhcp dns key name = Key Name
 WARNING: untranslated string: dhcp dns update = DNS Update
 WARNING: untranslated string: dhcp dns update algo = Algorithm
 WARNING: untranslated string: dhcp dns update secret = Secret
+WARNING: untranslated string: dhcp valid range required when deny known clients checked = Valid range required when "Deny known clients:" is checked
 WARNING: untranslated string: disable = Disable
 WARNING: untranslated string: disconnected = Disconnected
 WARNING: untranslated string: dl client arch insecure = Download insecure Client Package (zip)
--- a/doc/language_issues.ru
+++ b/doc/language_issues.ru
@@ -888,11 +888,13 @@ WARNING: untranslated string: dh key move failed = Diffie-Hellman parameters mov
 WARNING: untranslated string: dh key warn = Creating DH-parameters with a length of 2048 bits takes up to several minutes. Lengths of 3072 or 4096 bits might needs several hours. Please be patient.
 WARNING: untranslated string: dh key warn1 = For weak systems or systems with little entropy, it is recommended to upload long Diffie-Hellman parameters by usage of the upload function.
 WARNING: untranslated string: dh parameter = Diffie-Hellman parameters
+WARNING: untranslated string: dhcp deny known clients: = Deny known clients:
 WARNING: untranslated string: dhcp dns enable update = Enable DNS Update (RFC2136):
 WARNING: untranslated string: dhcp dns key name = Key Name
 WARNING: untranslated string: dhcp dns update = DNS Update
 WARNING: untranslated string: dhcp dns update algo = Algorithm
 WARNING: untranslated string: dhcp dns update secret = Secret
+WARNING: untranslated string: dhcp valid range required when deny known clients checked = Valid range required when "Deny known clients:" is checked
 WARNING: untranslated string: disable = Disable
 WARNING: untranslated string: disconnected = Disconnected
 WARNING: untranslated string: disk access = Disk Access
--- a/doc/language_issues.tr
+++ b/doc/language_issues.tr
@@ -894,6 +894,8 @@ WARNING: untranslated string: crypto warning = Cryptographic warning
 WARNING: untranslated string: dangerous = Dangerous
 WARNING: untranslated string: default IP address = Default IP Address
 WARNING: untranslated string: desired = Desired
+WARNING: untranslated string: dhcp deny known clients: = Deny known clients:
+WARNING: untranslated string: dhcp valid range required when deny known clients checked = Valid range required when "Deny known clients:" is checked
 WARNING: untranslated string: disable = Disable
 WARNING: untranslated string: disconnected = Disconnected
 WARNING: untranslated string: dns check servers = Check DNS Servers
--- a/doc/language_missings
+++ b/doc/language_missings
@@ -222,11 +222,13 @@
 < desired
 < details
 < dh
+< dhcp deny known clients:
 < dhcp dns enable update
 < dhcp dns key name
 < dhcp dns update
 < dhcp dns update algo
 < dhcp dns update secret
+< dhcp valid range required when deny known clients checked
 < dh key move failed
 < dh key warn
 < dh key warn1
@@ -962,6 +964,8 @@
 < autonomous system
 < bewan adsl pci st
 < bewan adsl usb
+< dhcp deny known clients:
+< dhcp valid range required when deny known clients checked
 < dns enable safe-search youtube
 < g.dtm
 < g.lite
@@ -1061,11 +1065,13 @@
 < dangerous
 < default IP address
 < desired
+< dhcp deny known clients:
 < dhcp dns enable update
 < dhcp dns key name
 < dhcp dns update
 < dhcp dns update algo
 < dhcp dns update secret
+< dhcp valid range required when deny known clients checked
 < disable
 < Disabled
 < disconnected
@@ -1945,11 +1951,13 @@
 < desired
 < details
 < dh
+< dhcp deny known clients:
 < dhcp dns enable update
 < dhcp dns key name
 < dhcp dns update
 < dhcp dns update algo
 < dhcp dns update secret
+< dhcp valid range required when deny known clients checked
 < dh key move failed
 < dh key warn
 < dh key warn1
@@ -2822,11 +2830,13 @@
 < desired
 < details
 < dh
+< dhcp deny known clients:
 < dhcp dns enable update
 < dhcp dns key name
 < dhcp dns update
 < dhcp dns update algo
 < dhcp dns update secret
+< dhcp valid range required when deny known clients checked
 < dh key move failed
 < dh key warn
 < dh key warn1
@@ -3568,6 +3578,8 @@
 < dangerous
 < default IP address
 < desired
+< dhcp deny known clients:
+< dhcp valid range required when deny known clients checked
 < disable
 < Disabled
 < disconnected
--- a/html/cgi-bin/dhcp.cgi
+++ b/html/cgi-bin/dhcp.cgi
@@ -74,6 +74,7 @@ foreach my $itf (@ITFs) {
    $dhcpsettings{"DNS_UPDATE_KEY_NAME_${itf}"} = '';
    $dhcpsettings{"DNS_UPDATE_KEY_SECRET_${itf}"} = '';
    $dhcpsettings{"DNS_UPDATE_KEY_ALGO_${itf}"} = '';
+    $dhcpsettings{"DENY_KNOWN_CLIENTS_${itf}"} = 'off';
 }

 $dhcpsettings{'SORT_FLEASELIST'} = 'FIPADDR';
@@ -175,9 +176,16 @@ if ($dhcpsettings{'ACTION'} eq $Lang::tr{'save'}) {
 		}
 	    }

+	    if ($dhcpsettings{"DENY_KNOWN_CLIENTS_${itf}"} eq 'on') {
+		if (($dhcpsettings{"START_ADDR_${itf}"}) eq '' && ($dhcpsettings{"END_ADDR_${itf}"}) eq '') {
+			$errormessage = "DHCP on ${itf}: " . $Lang::tr{'dhcp valid range required when deny known clients checked'};
+			goto ERROR;
+	    }
+
 	    if (!($dhcpsettings{"DEFAULT_LEASE_TIME_${itf}"} =~ /^\d+$/)) {
 		$errormessage = "DHCP on ${itf}: " . $Lang::tr{'invalid default lease time'} . $dhcpsettings{'DEFAULT_LEASE_TIME_${itf}'};
 		goto ERROR;
+		}
 	    }

 	    if (!($dhcpsettings{"MAX_LEASE_TIME_${itf}"} =~ /^\d+$/)) {
@@ -548,6 +556,7 @@ foreach my $itf (@ITFs) {
    my %checked=();
    $checked{'ENABLE'}{'on'} = ( $dhcpsettings{"ENABLE_${itf}"} ne 'on') ? '' : "checked='checked'";
    $checked{'ENABLEBOOTP'}{'on'} = ( $dhcpsettings{"ENABLEBOOTP_${itf}"} ne 'on') ? '' : "checked='checked'";
+    $checked{'DENY_KNOWN_CLIENTS'}{'on'} = ( $dhcpsettings{"DENY_KNOWN_CLIENTS_${itf}"} ne 'on') ? '' : "checked='checked'";

    if ($netsettings{"${itf}_DEV"} ne '' ) { # Show only defined interface
 	my $lc_itf=lc($itf);
@@ -563,6 +572,9 @@ print <<END
    <td width='25%'><input type='text' name='START_ADDR_${itf}' value='$dhcpsettings{"START_ADDR_${itf}"}' /></td>
    <td width='25%' class='base'>$Lang::tr{'end address'}&nbsp;<img src='/blob.gif' alt='*' /></td>
    <td width='25%'><input type='text' name='END_ADDR_${itf}' value='$dhcpsettings{"END_ADDR_${itf}"}' /></td>
+</tr><tr>
+    <td class='base'>$Lang::tr{'dhcp deny known clients:'}</td>
+    <td><input type='checkbox' name='DENY_KNOWN_CLIENTS_${itf}' $checked{'DENY_KNOWN_CLIENTS'}{'on'} /></td>
 </tr><tr>
    <td class='base'>$Lang::tr{'default lease time'}&nbsp;<img src='/blob.gif' alt='*' /></td>
    <td><input type='text' name='DEFAULT_LEASE_TIME_${itf}' value='$dhcpsettings{"DEFAULT_LEASE_TIME_${itf}"}' /></td>
@@ -1264,7 +1276,12 @@ sub buildconf {
 	if ($dhcpsettings{"ENABLE_${itf}"} eq 'on' ){
 	    print FILE "subnet " . $netsettings{"${itf}_NETADDRESS"} . " netmask ". $netsettings{"${itf}_NETMASK"} . " #$itf\n";
 	    print FILE "{\n";
-	    print FILE "\trange " . $dhcpsettings{"START_ADDR_${itf}"} . ' ' . $dhcpsettings{"END_ADDR_${itf}"}.";\n" if ($dhcpsettings{"START_ADDR_${itf}"});
+	    if ($dhcpsettings{"START_ADDR_${itf}"}) {
+		print FILE "pool {\n";
+		print FILE "\trange " . $dhcpsettings{"START_ADDR_${itf}"} . ' ' . $dhcpsettings{"END_ADDR_${itf}"}.";\n";
+		print FILE "\tdeny known-clients;\n" if ($dhcpsettings{"DENY_KNOWN_CLIENTS_${itf}"} eq 'on');
+		print FILE "     }\n"; # pool
+	    }
 	    print FILE "\toption subnet-mask "   . $netsettings{"${itf}_NETMASK"} . ";\n";
 	    print FILE "\toption domain-name \"" . $dhcpsettings{"DOMAIN_NAME_${itf}"} . "\";\n";
 	    print FILE "\toption routers " . $netsettings{"${itf}_ADDRESS"} . ";\n";
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -781,6 +781,7 @@
 'dhcp bootp pxe data' => 'Geben Sie optionale BOOTP-PXE-Daten für diese feste Zuordnung ein',
 'dhcp configuration' => 'DHCP-Konfiguration',
 'dhcp create fixed leases' => 'Feste Zuordnungen erzeugen',
+'dhcp deny known clients:' => 'Bekannte Clients verweigern:',
 'dhcp dns enable update' => 'DNS-Update nach RFC 2136 aktivieren:',
 'dhcp dns key name' => 'Schlüsselname',
 'dhcp dns update' => 'DNS-Update',
@@ -792,6 +793,7 @@
 'dhcp server' => 'DHCP-Server',
 'dhcp server disabled' => 'DHCP-Server deaktiviert. Angehalten.',
 'dhcp server enabled' => 'DHCP-Server aktiviert. Starte neu.',
+'dhcp valid range required when deny known clients checked' => 'Gültiger Bereich erforderlich, wenn "Bekannte Clients verweigern:" aktiviert ist',
 'dhcp-options' => 'DHCP push Optionen',
 'dial' => 'Verbinden',
 'dial profile' => 'Verbinde mit Profil',
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -800,6 +800,7 @@
 'dhcp bootp pxe data' => 'Enter optional bootp pxe data for this fixed lease',
 'dhcp configuration' => 'DHCP configuration',
 'dhcp create fixed leases' => 'Create fixed leases',
+'dhcp deny known clients:' => 'Deny known clients:',
 'dhcp dns enable update' => 'Enable DNS Update (RFC2136):',
 'dhcp dns key name' => 'Key Name',
 'dhcp dns update' => 'DNS Update',
@@ -813,6 +814,7 @@
 'dhcp server disabled on blue interface' => 'DHCP server disabled on BLUE interface',
 'dhcp server enabled' => 'DHCP server enabled.  Restarting.',
 'dhcp server enabled on blue interface' => 'DHCP server enabled on BLUE interface',
+'dhcp valid range required when deny known clients checked' => 'Valid range required when "Deny known clients:" is checked',
 'dhcp-options' => 'DHCP push options',
 'dial' => 'Connect',
 'dial profile' => 'Connect with profile',
--- a/langs/nl/cgi-bin/nl.pl
+++ b/langs/nl/cgi-bin/nl.pl
@@ -702,6 +702,7 @@
 'dhcp bootp pxe data' => 'Voer optionele bootp pxe data in voor deze vaste lease',
 'dhcp configuration' => 'DHCP configuratie',
 'dhcp create fixed leases' => 'Aanmaken vaste leases',
+'dhcp deny known clients:' => 'Bekende clients weigeren:',
 'dhcp fixed lease err1' => 'Voor een vaste lease moet u het MAC-adres of de hostnaam invoeren, of beide.',
 'dhcp fixed lease help1' => 'IP-adressen mogen ook als FQDN worden ingevoerd',
 'dhcp mode' => 'DHCP',
@@ -710,6 +711,7 @@
 'dhcp server disabled on blue interface' => 'DHCP server uitgeschakeld op de BLAUWE interface',
 'dhcp server enabled' => 'DHCP server ingeschakeld. Herstarten.',
 'dhcp server enabled on blue interface' => 'DHCP server ingeschakeld op de BLAUWE interface',
+'dhcp valid range required when deny known clients checked' => 'Geldig bereik wanneer "Bekende clients weigeren:" is aangevinkt',
 'dhcp-options' => 'DHCP push opties',
 'dial' => 'Verbind',
 'dial profile' => 'Verbind met profile',