Make unveiling the lease directory a warning instead of a fatal error

when the lease directory does not exist.
This means that dhcpleased(8) will no longer request a previously
configured IP address from the dhcp server and will fall back to
DHCPDISCOVER which requests any IP address from the dhcp server.

This likely makes diskless(8) work with dhcpleased(8).

A normal diskless(8) setup has only / mounted via nfs when
dhcpleased(8) starts. /var exists but nothing is mounted there yet,
meaning /var/db/dhcpleased does not exist so lease files are disabled.
dhcpleased(8) sends a DHCPDISCOVER to request any IP address but since
the dhcp server has (very likely) a 'fixed-address' configured we get
the same IP back that is already configured.

If /var/db/dhcpleased/ exists on / (and /var is *NOT* mounted later)
in a diskless(8) setup, care must be taken that the root file system is
not shared between machines.

If /var/db/dhcpleased/ exists on / and /var on NFS is mounted over
this later bad things probably happen. This is a configuration error
and must befixed.

discussed with deraadt@

Actuall tests on existing diskless(8) setups would be appreciated.

diff --git a/sbin/dhcpleased/dhcpleased.c b/sbin/dhcpleased/dhcpleased.c
index 27b70e1..d2c936a 100644 (file)
--- a/sbin/dhcpleased/dhcpleased.c
+++ b/sbin/dhcpleased/dhcpleased.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: dhcpleased.c,v 1.5 2021/03/02 12:01:39 florian Exp $  */
+/*     $OpenBSD: dhcpleased.c,v 1.6 2021/03/02 12:03:50 florian Exp $  */
 
 /*
  * Copyright (c) 2017, 2021 Florian Obser <florian@openbsd.org>
@@ -90,7 +90,7 @@ static struct imsgev  *iev_engine;
 pid_t                   frontend_pid;
 pid_t                   engine_pid;
 
-int                     routesock, ioctl_sock, rtm_seq = 0;
+int                     routesock, ioctl_sock, rtm_seq, no_lease_files;
 
 void
 main_sig_handler(int sig, short event, void *arg)
@@ -267,8 +267,10 @@ main(int argc, char *argv[])
        if (unveil("/dev/bpf", "rw") == -1)
                fatal("unveil /dev/bpf");
 
-       if (unveil(_PATH_LEASE, "rwc") == -1)
-               fatal("unveil " _PATH_LEASE);
+       if (unveil(_PATH_LEASE, "rwc") == -1) {
+               no_lease_files = 1;
+               log_warn("disabling lease files, unveil " _PATH_LEASE);
+       }
 
        if (unveil(NULL, NULL) == -1)
                fatal("locking unveil");
@@ -714,6 +716,9 @@ configure_interface(struct imsg_configure_interface *imsg)
        main_imsg_compose_frontend(IMSG_UDPSOCK, udpsock,
            &imsg->if_index, sizeof(imsg->if_index));
 
+       if (no_lease_files)
+               return;
+
        if (inet_ntop(AF_INET, &imsg->addr, ntop_buf, sizeof(ntop_buf)) ==
            NULL) {
                log_warn("%s: inet_ntop", __func__);
@@ -965,6 +970,9 @@ read_lease_file(struct imsg_ifinfo *imsg_ifinfo)
        char     if_name[IF_NAMESIZE];
        char     lease_file_buf[sizeof(_PATH_LEASE) + IF_NAMESIZE];
 
+       if (no_lease_files)
+               return;
+
        memset(imsg_ifinfo->lease, 0, sizeof(imsg_ifinfo->lease));
 
        if (if_indextoname(imsg_ifinfo->if_index, if_name) == 0) {